From 4f26d7f755a7684edb195326f595382cc0638b46 Mon Sep 17 00:00:00 2001
From: Sumit Madan <sumit.madan@pantheon.io>
Date: Wed, 30 Jun 2021 11:22:58 +0530
Subject: [PATCH] Added pubsubConfig and webhookConfig support to the cloud
 build resource.

---
 mmv1/products/cloudbuild/api.yaml             |  55 ++++
 mmv1/products/cloudbuild/terraform.yaml       |  12 +-
 .../tests/resource_cloudbuild_trigger_test.go | 244 ++++++++++++++++++
 3 files changed, 309 insertions(+), 2 deletions(-)

diff --git a/mmv1/products/cloudbuild/api.yaml b/mmv1/products/cloudbuild/api.yaml
index c5bb38fd05e4..8c613a1c46b8 100644
--- a/mmv1/products/cloudbuild/api.yaml
+++ b/mmv1/products/cloudbuild/api.yaml
@@ -111,6 +111,11 @@ objects:
           Branch and tag names in trigger templates are interpreted as regular
           expressions. Any branch or tag change that matches that regular
           expression will trigger a build.
+        exactly_one_of:
+          - trigger_template
+          - github
+          - pubsub_config
+          - webhook_config
         properties:
           - !ruby/object:Api::Type::String
             name: 'projectId'
@@ -168,6 +173,8 @@ objects:
         exactly_one_of:
           - trigger_template
           - github
+          - pubsub_config
+          - webhook_config
         properties:
           - !ruby/object:Api::Type::String
             name: 'owner'
@@ -230,6 +237,54 @@ objects:
                 exactly_one_of:
                   - github.0.push.0.branch
                   - github.0.push.0.tag
+      - !ruby/object:Api::Type::NestedObject
+        name: 'pubsubConfig'
+        description: |
+          PubsubConfig describes the configuration of a trigger that creates 
+          a build whenever a Pub/Sub message is published.
+        exactly_one_of:
+          - trigger_template
+          - github
+          - pubsub_config
+          - webhook_config
+        properties:
+          - !ruby/object:Api::Type::String
+            name: 'subscription'
+            description: |
+              Output only. Name of the subscription.
+          - !ruby/object:Api::Type::String
+            name: 'topic'
+            description: |
+              The name of the topic from which this subscription is receiving messages.
+          - !ruby/object:Api::Type::String
+            name: 'service_account_email'
+            description: |
+              Service account that will make the push request.
+          - !ruby/object:Api::Type::String
+            name: 'state'
+            description: |
+              Potential issues with the underlying Pub/Sub subscription configuration.
+              Only populated on get requests.
+      - !ruby/object:Api::Type::NestedObject
+        name: 'webhookConfig'
+        description: |
+          WebhookConfig describes the configuration of a trigger that creates 
+          a build whenever a webhook is sent to a trigger's webhook URL.
+        exactly_one_of:
+          - trigger_template
+          - github
+          - pubsub_config
+          - webhook_config
+        properties:
+          - !ruby/object:Api::Type::String
+            name: 'secret'
+            description: |
+              Resource name for the secret required as a URL parameter.
+          - !ruby/object:Api::Type::String
+            name: 'state'
+            description: |
+              Potential issues with the underlying Pub/Sub subscription configuration.
+              Only populated on get requests.
       - !ruby/object:Api::Type::NestedObject
         name: 'build'
         exactly_one_of:
diff --git a/mmv1/products/cloudbuild/terraform.yaml b/mmv1/products/cloudbuild/terraform.yaml
index ad36455b0ffc..49269548a527 100644
--- a/mmv1/products/cloudbuild/terraform.yaml
+++ b/mmv1/products/cloudbuild/terraform.yaml
@@ -45,11 +45,19 @@ overrides: !ruby/object:Overrides::ResourceOverrides
       triggerTemplate: !ruby/object:Overrides::Terraform::PropertyOverride
         description: |
           {{description}}
-          One of `trigger_template` or `github` must be provided.
+          One of `trigger_template`, `github`, `pubsub_config` or `webhook_config` must be provided.
       github: !ruby/object:Overrides::Terraform::PropertyOverride
         description: |
           {{description}}
-          One of `trigger_template` or `github` must be provided.
+          One of `trigger_template`, `github`, `pubsub_config` or `webhook_config` must be provided.
+      pubsubConfig: !ruby/object:Overrides::Terraform::PropertyOverride
+        description: |
+          {{description}}
+          One of `trigger_template`, `github`, `pubsub_config` or `webhook_config` must be provided.
+      webhookConfig: !ruby/object:Overrides::Terraform::PropertyOverride
+        description: |
+          {{description}}
+          One of `trigger_template`, `github`, `pubsub_config` or `webhook_config` must be provided.
       triggerTemplate.projectId: !ruby/object:Overrides::Terraform::PropertyOverride
         default_from_api: true
     custom_code: !ruby/object:Provider::Terraform::CustomCode
diff --git a/mmv1/third_party/terraform/tests/resource_cloudbuild_trigger_test.go b/mmv1/third_party/terraform/tests/resource_cloudbuild_trigger_test.go
index 8fb8596a044f..986516e53048 100644
--- a/mmv1/third_party/terraform/tests/resource_cloudbuild_trigger_test.go
+++ b/mmv1/third_party/terraform/tests/resource_cloudbuild_trigger_test.go
@@ -37,6 +37,64 @@ func TestAccCloudBuildTrigger_basic(t *testing.T) {
 	})
 }
 
+func TestAccCloudBuildTrigger_pubsub_config(t *testing.T) {
+	t.Parallel()
+	name := fmt.Sprintf("tf-test-%d", randInt(t))
+
+	vcrTest(t, resource.TestCase{
+		PreCheck:     func() { testAccPreCheck(t) },
+		Providers:    testAccProviders,
+		CheckDestroy: testAccCheckCloudBuildTriggerDestroyProducer(t),
+		Steps: []resource.TestStep{
+			{
+				Config: testAccCloudBuildTrigger_pubsub_config(name),
+			},
+			{
+				ResourceName:      "google_cloudbuild_trigger.build_trigger",
+				ImportState:       true,
+				ImportStateVerify: true,
+			},
+			{
+				Config: testAccCloudBuildTrigger_pubsub_config_update(name),
+			},
+			{
+				ResourceName:      "google_cloudbuild_trigger.build_trigger",
+				ImportState:       true,
+				ImportStateVerify: true,
+			},
+		},
+	})
+}
+
+func TestAccCloudBuildTrigger_webhook_config(t *testing.T) {
+	t.Parallel()
+	name := fmt.Sprintf("tf-test-%d", randInt(t))
+
+	vcrTest(t, resource.TestCase{
+		PreCheck:     func() { testAccPreCheck(t) },
+		Providers:    testAccProviders,
+		CheckDestroy: testAccCheckCloudBuildTriggerDestroyProducer(t),
+		Steps: []resource.TestStep{
+			{
+				Config: testAccCloudBuildTrigger_webhook_config(name),
+			},
+			{
+				ResourceName:      "google_cloudbuild_trigger.build_trigger",
+				ImportState:       true,
+				ImportStateVerify: true,
+			},
+			{
+				Config: testAccCloudBuildTrigger_webhook_config_update(name),
+			},
+			{
+				ResourceName:      "google_cloudbuild_trigger.build_trigger",
+				ImportState:       true,
+				ImportStateVerify: true,
+			},
+		},
+	})
+}
+
 func TestAccCloudBuildTrigger_customizeDiffTimeoutSum(t *testing.T) {
 	t.Parallel()
 
@@ -281,6 +339,192 @@ resource "google_cloudbuild_trigger" "build_trigger" {
   `, name)
 }
 
+func testAccCloudBuildTrigger_pubsub_config(name string) string {
+	return fmt.Sprintf(`
+resource "google_pubsub_topic" "build-trigger" {
+  name = "topic-name"
+}
+
+resource "google_cloudbuild_trigger" "build_trigger" {
+  name        = "%s"
+  description = "acceptance test build trigger"
+  pubsub_config {
+    topic = "${google_pubsub_topic.build-trigger.id}"
+  }
+  build {
+    tags   = ["team-a", "service-b"]
+    timeout = "1800s"
+    step {
+      name = "gcr.io/cloud-builders/gsutil"
+      args = ["cp", "gs://mybucket/remotefile.zip", "localfile.zip"]
+      timeout = "300s"
+    }
+  }
+  depends_on = [
+    google_pubsub_topic.build-trigger
+  ]
+}
+`, name)
+}
+
+func testAccCloudBuildTrigger_pubsub_config_update(name string) string {
+	return fmt.Sprintf(`
+resource "google_pubsub_topic" "build-trigger" {
+  name = "topic-name"
+}
+
+resource "google_cloudbuild_trigger" "build_trigger" {
+  name        = "%s"
+  description = "acceptance test build trigger updated"
+  pubsub_config {
+    topic = "${google_pubsub_topic.build-trigger.id}"
+  }
+  build {
+    tags   = ["team-a", "service-b"]
+    timeout = "1800s"
+    step {
+      name = "gcr.io/cloud-builders/gsutil"
+      args = ["cp", "gs://mybucket/remotefile.zip", "localfile.zip"]
+      timeout = "300s"
+    }
+  }
+  depends_on = [
+    google_pubsub_topic.build-trigger
+  ]
+}
+`, name)
+}
+
+func testAccCloudBuildTrigger_webhook_config(name string) string {
+	return fmt.Sprintf(`
+resource "google_secret_manager_secret" "webhook_trigger_secret_key" {
+  secret_id = "webhook_trigger-secret-key"
+
+  replication {
+    user_managed {
+      replicas {
+        location = "us-central1"
+      }
+    }
+  }
+}
+
+resource "google_secret_manager_secret_version" "webhook_trigger_secret_key_data" {
+  secret = google_secret_manager_secret.webhook_trigger_secret_key.id
+
+  secret_data = "secretkeygoeshere"
+}
+
+data "google_project" "project" {}
+
+data "google_iam_policy" "secret_accessor" {
+  binding {
+    role = "roles/secretmanager.secretAccessor"
+    members = [
+      "serviceAccount:service-${data.google_project.project.number}@gcp-sa-cloudbuild.iam.gserviceaccount.com",
+    ]
+  }
+}
+
+resource "google_secret_manager_secret_iam_policy" "policy" {
+  project = google_secret_manager_secret.webhook_trigger_secret_key.project
+  secret_id = google_secret_manager_secret.webhook_trigger_secret_key.secret_id
+  policy_data = data.google_iam_policy.secret_accessor.policy_data
+}
+
+resource "google_cloudbuild_trigger" "build_trigger" {
+  name        = "%s"
+
+  webhook_config {
+    secret = "${google_secret_manager_secret_version.webhook_trigger_secret_key_data.id}"
+  }
+
+  build {
+    step {
+      name = "ubuntu"
+      args = [
+        "-c", 
+        <<EOT
+          echo data
+        EOT
+      ]
+      entrypoint = "bash"
+    }
+  }
+
+  depends_on = [
+    google_secret_manager_secret_version.webhook_trigger_secret_key_data,
+    google_secret_manager_secret_iam_policy.policy
+  ]
+}
+`, name)
+}
+
+func testAccCloudBuildTrigger_webhook_config_update(name string) string {
+	return fmt.Sprintf(`
+resource "google_secret_manager_secret" "webhook_trigger_secret_key" {
+  secret_id = "webhook_trigger-secret-key"
+
+  replication {
+    user_managed {
+      replicas {
+        location = "us-central1"
+      }
+    }
+  }
+}
+
+resource "google_secret_manager_secret_version" "webhook_trigger_secret_key_data" {
+  secret = google_secret_manager_secret.webhook_trigger_secret_key.id
+
+  secret_data = "secretkeygoeshere"
+}
+
+data "google_project" "project" {}
+
+data "google_iam_policy" "secret_accessor" {
+  binding {
+    role = "roles/secretmanager.secretAccessor"
+    members = [
+      "serviceAccount:service-${data.google_project.project.number}@gcp-sa-cloudbuild.iam.gserviceaccount.com",
+    ]
+  }
+}
+
+resource "google_secret_manager_secret_iam_policy" "policy" {
+  project = google_secret_manager_secret.webhook_trigger_secret_key.project
+  secret_id = google_secret_manager_secret.webhook_trigger_secret_key.secret_id
+  policy_data = data.google_iam_policy.secret_accessor.policy_data
+}
+
+resource "google_cloudbuild_trigger" "build_trigger" {
+  name        = "%s"
+
+  webhook_config {
+    secret = "${google_secret_manager_secret_version.webhook_trigger_secret_key_data.id}"
+  }
+
+  build {
+    step {
+      name = "ubuntu"
+      args = [
+        "-c", 
+        <<EOT
+          echo data-updated
+        EOT
+      ]
+      entrypoint = "bash"
+    }
+  }
+
+  depends_on = [
+    google_secret_manager_secret_version.webhook_trigger_secret_key_data,
+    google_secret_manager_secret_iam_policy.policy
+  ]
+}
+`, name)
+}
+
 func testAccCloudBuildTrigger_customizeDiffTimeoutSum(name string) string {
 	return fmt.Sprintf(`
 resource "google_cloudbuild_trigger" "build_trigger" {