google_cloudbuildv2_connection

A connection to a SCM like GitHub, GitHub Enterprise, Bitbucket Data Center or GitLab.

To get more information about Connection, see:

Open in Cloud Shell

Example Usage - Cloudbuildv2 Connection

resource "google_cloudbuildv2_connection" "my-connection" {
  location = "us-central1"
  name = "tf-test-connection"

  github_config {
    app_installation_id = 0

    authorizer_credential {
      oauth_token_secret_version = "projects/gcb-terraform-creds/secrets/github-pat/versions/1"
    }
  }
}

Example Usage - Cloudbuildv2 Connection Ghe

resource "google_secret_manager_secret" "private-key-secret" {
  secret_id = "ghe-pk-secret"

  replication {
    auto {}
  }
}

resource "google_secret_manager_secret_version" "private-key-secret-version" {
  secret = google_secret_manager_secret.private-key-secret.id
  secret_data = file("private-key.pem")
}

resource "google_secret_manager_secret" "webhook-secret-secret" {
  secret_id = "github-token-secret"

  replication {
    auto {}
  }
}

resource "google_secret_manager_secret_version" "webhook-secret-secret-version" {
  secret = google_secret_manager_secret.webhook-secret-secret.id
  secret_data = "<webhook-secret-data>"
}

data "google_iam_policy" "p4sa-secretAccessor" {
  binding {
    role = "roles/secretmanager.secretAccessor"
    // Here, 123456789 is the Google Cloud project number for the project that contains the connection.
    members = ["serviceAccount:service-123456789@gcp-sa-cloudbuild.iam.gserviceaccount.com"]
  }
}

resource "google_secret_manager_secret_iam_policy" "policy-pk" {
  secret_id = google_secret_manager_secret.private-key-secret.secret_id
  policy_data = data.google_iam_policy.p4sa-secretAccessor.policy_data
}

resource "google_secret_manager_secret_iam_policy" "policy-whs" {
  secret_id = google_secret_manager_secret.webhook-secret-secret.secret_id
  policy_data = data.google_iam_policy.p4sa-secretAccessor.policy_data
}

resource "google_cloudbuildv2_connection" "my-connection" {
  location = "us-central1"
  name = "my-terraform-ghe-connection"

  github_enterprise_config {
    host_uri = "https://ghe.com"
    private_key_secret_version = google_secret_manager_secret_version.private-key-secret-version.id
    webhook_secret_secret_version = google_secret_manager_secret_version.webhook-secret-secret-version.id
    app_id = 200
    app_slug = "gcb-app"
    app_installation_id = 300
  }

  depends_on = [
    google_secret_manager_secret_iam_policy.policy-pk,
    google_secret_manager_secret_iam_policy.policy-whs
  ]
}

Example Usage - Cloudbuildv2 Connection Github

resource "google_secret_manager_secret" "github-token-secret" {
  secret_id = "github-token-secret"

  replication {
    auto {}
  }
}

resource "google_secret_manager_secret_version" "github-token-secret-version" {
  secret = google_secret_manager_secret.github-token-secret.id
  secret_data = file("my-github-token.txt")
}

data "google_iam_policy" "p4sa-secretAccessor" {
  binding {
    role = "roles/secretmanager.secretAccessor"
    // Here, 123456789 is the Google Cloud project number for the project that contains the connection.
    members = ["serviceAccount:service-123456789@gcp-sa-cloudbuild.iam.gserviceaccount.com"]
  }
}

resource "google_secret_manager_secret_iam_policy" "policy" {
  secret_id = google_secret_manager_secret.github-token-secret.secret_id
  policy_data = data.google_iam_policy.p4sa-secretAccessor.policy_data
}

resource "google_cloudbuildv2_connection" "my-connection" {
  location = "us-central1"
  name = "my-connection"

  github_config {
    app_installation_id = 123123
    authorizer_credential {
      oauth_token_secret_version = google_secret_manager_secret_version.github-token-secret-version.id
    }
  }
}

Argument Reference

The following arguments are supported:


The github_config block supports:

The authorizer_credential block supports:

The github_enterprise_config block supports:

The service_directory_config block supports:

The gitlab_config block supports:

The read_authorizer_credential block supports:

The authorizer_credential block supports:

The service_directory_config block supports:

Attributes Reference

In addition to the arguments listed above, the following computed attributes are exported:

The installation_state block contains:

Timeouts

This resource provides the following Timeouts configuration options:

Import

Connection can be imported using any of these accepted formats:

In Terraform v1.5.0 and later, use an import block to import Connection using one of the formats above. For example:

import {
  id = "projects/{{project}}/locations/{{location}}/connections/{{name}}"
  to = google_cloudbuildv2_connection.default
}

When using the terraform import command, Connection can be imported using one of the formats above. For example:

$ terraform import google_cloudbuildv2_connection.default projects/{{project}}/locations/{{location}}/connections/{{name}}
$ terraform import google_cloudbuildv2_connection.default {{project}}/{{location}}/{{name}}
$ terraform import google_cloudbuildv2_connection.default {{location}}/{{name}}
$ terraform import google_cloudbuildv2_connection.default {{name}}

User Project Overrides

This resource supports User Project Overrides.