Expand Terraform for Developer Connect (GoogleCloudPlatform#12391)

Author: ihnarayanan

mmv1/products/developerconnect/Connection.yaml

@@ -14,7 +14,6 @@
 ---
 name: 'GitRepositoryLink'
 description: "A git repository link to a parent connection."
-min_version: 'beta'
 docs:
 id_format: 'projects/{{project}}/locations/{{location}}/connections/{{parent_connection}}/gitRepositoryLinks/{{git_repository_link_id}}'
 base_url: 'projects/{{project}}/locations/{{location}}/connections/{{parent_connection}}/gitRepositoryLinks'
@@ -41,13 +40,11 @@ examples:
   # to show them in the docs.
   - name: 'developer_connect_git_repository_link_github'
     primary_resource_id: 'primary'
-    min_version: 'beta'
     vars:
       connection_name: 'my-connection'
       git_repository_link_name: 'my-repository'
     exclude_docs: true
   - name: 'developer_connect_git_repository_link_github_doc'
-    min_version: 'beta'
     exclude_test: true
 parameters:
   - name: 'location'
@@ -56,7 +53,6 @@ parameters:
       "Resource ID segment making up resource `name`. It identifies the resource
       within its parent collection as described in https://google.aip.dev/122. See documentation
       for resource type `developerconnect.googleapis.com/GitRepositoryLink`. "
-    min_version: 'beta'
     url_param_only: true
     required: true
     immutable: true
@@ -66,7 +62,6 @@ parameters:
       "Resource ID segment making up resource `name`. It identifies the resource
       within its parent collection as described in https://google.aip.dev/122. See documentation
       for resource type `developerconnect.googleapis.com/GitRepositoryLink`. "
-    min_version: 'beta'
     url_param_only: true
     required: true
     immutable: true
@@ -76,60 +71,49 @@ parameters:
       "Required. The ID to use for the repository, which will become the
       final component of\nthe repository's resource name. This ID should be unique in
       the connection.\nAllows alphanumeric characters and any of -._~%!$&'()*+,;=@. "
-    min_version: 'beta'
     url_param_only: true
     required: true
     immutable: true
 properties:
   - name: 'name'
     type: String
     description: "Identifier. Resource name of the repository, in the format\n`projects/*/locations/*/connections/*/gitRepositoryLinks/*`. "
-    min_version: 'beta'
     output: true
   - name: 'cloneUri'
     type: String
     description: "Required. Git Clone URI. "
-    min_version: 'beta'
     required: true
   - name: 'createTime'
     type: String
     description: "Output only. [Output only] Create timestamp "
-    min_version: 'beta'
     output: true
   - name: 'updateTime'
     type: String
     description: "Output only. [Output only] Update timestamp "
-    min_version: 'beta'
     output: true
   - name: 'deleteTime'
     type: String
     description: "Output only. [Output only] Delete timestamp "
-    min_version: 'beta'
     output: true
   - name: 'labels'
     type: KeyValueLabels
     description: "Optional. Labels as key value pairs "
-    min_version: 'beta'
   - name: 'etag'
     type: String
     description:
       "Optional. This checksum is computed by the server based on the value
       of other\nfields, and may be sent on update and delete requests to ensure the\nclient
       has an up-to-date value before proceeding. "
-    min_version: 'beta'
   - name: 'reconciling'
     type: Boolean
     description:
       "Output only. Set to true when the connection is being set up or updated
       in the\nbackground. "
-    min_version: 'beta'
     output: true
   - name: 'annotations'
     type: KeyValueAnnotations
     description: "Optional. Allows clients to store small amounts of arbitrary data. "
-    min_version: 'beta'
   - name: 'uid'
     type: String
     description: "Output only. A system-assigned unique identifier for a the GitRepositoryLink. "
-    min_version: 'beta'
     output: true

mmv1/products/developerconnect/GitRepositoryLink.yaml

@@ -12,10 +12,11 @@
 # limitations under the License.
 
 ---
-name: 'DeveloperConnect'
-display_name: 'Developer Connect'
-versions:
-  - name: 'beta'
-    base_url: 'https://developerconnect.googleapis.com/v1/'
+name: DeveloperConnect
+display_name: Developer Connect
 scopes:
   - 'https://www.googleapis.com/auth/cloud-platform'
+versions:
+  - base_url: 'https://developerconnect.googleapis.com/v1/'
+    name: ga
+caibaseurl: ""

mmv1/products/developerconnect/product.yaml

@@ -1,5 +1,4 @@
 resource "google_developer_connect_connection" "{{$.PrimaryResourceId}}" {
-  provider = google-beta
   location = "us-central1"
   connection_id = "{{index $.Vars "connection_name"}}"
 
@@ -15,4 +14,4 @@ resource "google_developer_connect_connection" "{{$.PrimaryResourceId}}" {
 output "next_steps" {
   description = "Follow the action_uri if present to continue setup"
   value = google_developer_connect_connection.{{$.PrimaryResourceId}}.installation_state
-}
+}

mmv1/templates/terraform/examples/developer_connect_connection_existing_credentials.tf.tmpl

@@ -1,6 +1,5 @@
 resource "google_secret_manager_secret" "github-token-secret" {
 
-  provider = google-beta
   secret_id = "github-token-secret"
 
   replication {
@@ -9,15 +8,11 @@ resource "google_secret_manager_secret" "github-token-secret" {
 }
 
 resource "google_secret_manager_secret_version" "github-token-secret-version" {
-
-  provider = google-beta
   secret = google_secret_manager_secret.github-token-secret.id
   secret_data = file("my-github-token.txt")
 }
 
 resource "google_project_service_identity" "devconnect-p4sa" {
-  provider = google-beta
-
   service = "developerconnect.googleapis.com"
 }
 
@@ -31,14 +26,12 @@ data "google_iam_policy" "p4sa-secretAccessor" {
 
 resource "google_secret_manager_secret_iam_policy" "policy" {
 
-  provider = google-beta
   secret_id = google_secret_manager_secret.github-token-secret.secret_id
   policy_data = data.google_iam_policy.p4sa-secretAccessor.policy_data
 }
 
 resource "google_developer_connect_connection" "my-connection" {
 
-  provider = google-beta
   location = "us-central1"
   connection_id = "my-connection"
 

mmv1/templates/terraform/examples/developer_connect_connection_existing_installation.tf.tmpl

@@ -0,0 +1,12 @@
+resource "google_developer_connect_connection" "{{$.PrimaryResourceId}}" {
+  location = "us-central1"
+  connection_id = "{{index $.Vars "connection_name"}}"
+
+  github_config {
+    github_app = "DEVELOPER_CONNECT"
+
+    authorizer_credential {
+      oauth_token_secret_version = "projects/devconnect-terraform-creds/secrets/tf-test-do-not-change-github-oauthtoken-e0b9e7/versions/1"
+    }
+  }
+}

mmv1/templates/terraform/examples/developer_connect_connection_github.tf.tmpl

@@ -0,0 +1,42 @@
+resource "google_secret_manager_secret" "github-token-secret" {
+
+  secret_id = "github-token-secret"
+
+  replication {
+    auto {}
+  }
+}
+
+resource "google_secret_manager_secret_version" "github-token-secret-version" {
+
+  secret = google_secret_manager_secret.github-token-secret.id
+  secret_data = file("my-github-token.txt")
+}
+
+data "google_iam_policy" "p4sa-secretAccessor" {
+  binding {
+    role = "roles/secretmanager.secretAccessor"
+    // Here, 123456789 is the Google Cloud project number for the project that contains the connection.
+    members = ["serviceAccount:[email protected]"]
+  }
+}
+
+resource "google_secret_manager_secret_iam_policy" "policy" {
+  
+  secret_id = google_secret_manager_secret.github-token-secret.secret_id
+  policy_data = data.google_iam_policy.p4sa-secretAccessor.policy_data
+}
+
+resource "google_developer_connect_connection" "my-connection" {
+
+  location = "us-central1"
+  connection_id = "my-connection"
+
+  github_config {
+    github_app = "DEVELOPER_CONNECT"
+    app_installation_id = 123123
+    authorizer_credential {
+      oauth_token_secret_version = google_secret_manager_secret_version.github-token-secret-version.id
+    }
+  }
+}

mmv1/templates/terraform/examples/developer_connect_connection_github_doc.tf.tmpl

@@ -0,0 +1,12 @@
+resource "google_developer_connect_connection" "{{$.PrimaryResourceId}}" {
+  location = "us-central1"
+  connection_id = "{{index $.Vars "connection_name"}}"
+
+  github_enterprise_config {
+    host_uri = "https://ghe.proctor-staging-test.com"
+    app_id = 864434
+    private_key_secret_version = "projects/devconnect-terraform-creds/secrets/tf-test-ghe-do-not-change-ghe-private-key-f522d2/versions/latest"
+    webhook_secret_secret_version = "projects/devconnect-terraform-creds/secrets/tf-test-ghe-do-not-change-ghe-webhook-secret-3c806f/versions/latest"
+    app_installation_id = 837537
+  }
+}

mmv1/templates/terraform/examples/developer_connect_connection_github_enterprise.tf.tmpl

@@ -0,0 +1,61 @@
+resource "google_secret_manager_secret" "private-key-secret" {
+  secret_id = "ghe-pk-secret"
+
+  replication {
+    auto {}
+  }
+}
+
+resource "google_secret_manager_secret_version" "private-key-secret-version" {
+  secret = google_secret_manager_secret.private-key-secret.id
+  secret_data = file("private-key.pem")
+}
+
+resource "google_secret_manager_secret" "webhook-secret-secret" {
+  secret_id = "ghe-token-secret"
+
+  replication {
+    auto {}
+  }
+}
+
+resource "google_secret_manager_secret_version" "webhook-secret-secret-version" {
+  secret = google_secret_manager_secret.webhook-secret-secret.id
+  secret_data = "<webhook-secret-data>"
+}
+
+data "google_iam_policy" "p4sa-secretAccessor" {
+  binding {
+    role = "roles/secretmanager.secretAccessor"
+    // Here, 123456789 is the Google Cloud project number for the project that contains the connection.
+    members = ["serviceAccount:[email protected]"]
+  }
+}
+
+resource "google_secret_manager_secret_iam_policy" "policy-pk" {
+  secret_id = google_secret_manager_secret.private-key-secret.secret_id
+  policy_data = data.google_iam_policy.p4sa-secretAccessor.policy_data
+}
+
+resource "google_secret_manager_secret_iam_policy" "policy-whs" {
+  secret_id = google_secret_manager_secret.webhook-secret-secret.secret_id
+  policy_data = data.google_iam_policy.p4sa-secretAccessor.policy_data
+}
+
+resource "google_developer_connect_connection" "my-connection" {
+  location = "us-central1"
+  connection_id = "my-connection"
+
+  github_enterprise_config {
+    host_uri = "https://ghe.com"
+    private_key_secret_version = google_secret_manager_secret_version.private-key-secret-version.id
+    webhook_secret_secret_version = google_secret_manager_secret_version.webhook-secret-secret-version.id
+    app_id = 100
+    app_installation_id = 123123
+  }
+
+  depends_on = [
+    google_secret_manager_secret_iam_policy.policy-pk,
+    google_secret_manager_secret_iam_policy.policy-whs
+  ]
+}

mmv1/templates/terraform/examples/developer_connect_connection_github_enterprise_doc.tf.tmpl

@@ -0,0 +1,16 @@
+resource "google_developer_connect_connection" "{{$.PrimaryResourceId}}" {
+  location = "us-central1"
+  connection_id = "{{index $.Vars "connection_name"}}"
+
+  gitlab_config {
+    webhook_secret_secret_version = "projects/devconnect-terraform-creds/secrets/gitlab-webhook/versions/latest"
+    
+    read_authorizer_credential {
+      user_token_secret_version = "projects/devconnect-terraform-creds/secrets/gitlab-read-cred/versions/latest"
+    }
+    
+    authorizer_credential {
+      user_token_secret_version = "projects/devconnect-terraform-creds/secrets/gitlab-auth-cred/versions/latest"
+    }
+  }
+}

mmv1/templates/terraform/examples/developer_connect_connection_gitlab.tf.tmpl

@@ -0,0 +1,81 @@
+resource "google_secret_manager_secret" "gitlab-read-cred-secret" {
+  secret_id = "gitlab-read-cred"
+  replication {
+    auto {}
+  }
+}
+
+resource "google_secret_manager_secret_version" "gitlab-read-cred-secret-version" {
+  secret = google_secret_manager_secret.gitlab-read-cred-secret.id
+  secret_data = file("my-gitlab-read-cred.txt")
+}
+
+resource "google_secret_manager_secret" "gitlab-auth-cred-secret" {
+  secret_id = "gitlab-auth-cred"
+  replication {
+    auto {}
+  }
+}
+
+resource "google_secret_manager_secret_version" "gitlab-auth-cred-secret-version" {
+  secret = google_secret_manager_secret.gitlab-auth-cred-secret.id
+  secret_data = file("my-gitlab-auth-cred.txt")
+}
+
+resource "google_secret_manager_secret" "gitlab-webhook-secret-secret" {
+  secret_id = "gitlab-webhook-secret"
+  replication {
+    auto {}
+  }
+}
+
+resource "google_secret_manager_secret_version" "gitlab-webhook-secret-secret-version" {
+  secret = google_secret_manager_secret.gitlab-webhook-secret-secret.id
+  secret_data = file("my-gitlab-webhook-secret.txt")
+
+data "google_iam_policy" "p4sa-secretAccessor" {
+  binding {
+    role = "roles/secretmanager.secretAccessor"
+    // Here, 123456789 is the Google Cloud project number for the project that contains the connection.
+    members = ["serviceAccount:[email protected]"]
+  }
+}
+
+resource "google_secret_manager_secret_iam_policy" "policy-rc" {
+  secret_id = google_secret_manager_secret.gitlab-read-cred-secret.secret_id
+  policy_data = data.google_iam_policy.p4sa-secretAccessor.policy_data
+}
+
+resource "google_secret_manager_secret_iam_policy" "policy-ac" {
+  secret_id = google_secret_manager_secret.gitlab-auth-cred-secret.secret_id
+  policy_data = data.google_iam_policy.p4sa-secretAccessor.policy_data
+}
+
+resource "google_secret_manager_secret_iam_policy" "policy-wh" {
+  secret_id = google_secret_manager_secret.gitlab-webhook-secret-secret.secret_id
+  policy_data = data.google_iam_policy.p4sa-secretAccessor.policy_data
+}
+
+resource "google_developer_connect_connection" "my-connection" {
+
+  location = "us-central1"
+  connection_id = "my-connection"
+
+  gitlab_config {
+    webhook_secret_secret_version = google_secret_manager_secret_version.gitlab-webhook-secret-secret-version.id
+  
+    read_authorizer_credential {
+      user_token_secret_version = google_secret_manager_secret_version.gitlab-read-cred-secret-version.id
+    }
+
+    authorizer_credential {
+      user_token_secret_version = google_secret_manager_secret_version.gitlab-auth-cred-secret-version.id
+    }    
+  }
+ 
+  depends_on = [
+    google_secret_manager_secret_iam_policy.policy-rc,
+    google_secret_manager_secret_iam_policy.policy-ac,
+    google_secret_manager_secret_iam_policy.policy-wh
+  ]
+}