Add support for google_cloudbuildv2_connection and google_cloudbuildv2_repository
#6756
Conversation
rileykarson
changed the title
google_cloudbuildv2_connection and google_cloudbuildv2_repository
|
This is failing |
|
@rileykarson we also want to wait for our cloudbuild API to go into public preview before we merge this, so we have 3 dependency checkpoints before merging:
One other PR is based on this change, and so this blocks it: |
|
Hi there, I'm the Modular magician. I've detected the following information about your changes: Diff reportYour PR generated some diffs in downstreams - here they are. Terraform GA: Diff ( 3 files changed, 512 insertions(+)) |
Tests analyticsTotal tests: Action takenTriggering VCR tests in RECORDING mode for the tests that failed during VCR. Click here to see the failed testsTestAccContainerCluster_withInvalidGatewayApiConfigChannel|TestAccRegionInstanceGroupManager_stateful|TestAccCloudbuildv2Repository_GithubRepository|TestAccCloudbuildv2Repository_GheRepository|TestAccCloudbuildv2Connection_GithubConnection|TestAccCloudbuildv2Connection_GhePrivUpdateConnection|TestAccCloudbuildv2Connection_GhePrivConnection|TestAccCloudbuildv2Connection_GheConnection|TestAccCloudbuildv2Connection_GheCompleteConnection|TestAccBigtableAppProfile_bigtableAppProfileMulticlusterExample |
|
Tests passed during RECORDING mode: Tests failed during RECORDING mode: Please fix these to complete your PR |
rileykarson
left a comment
rileykarson
left a comment
There was a problem hiding this comment.
I've done an initial pass through the connection resource, although not a complete one yet. It looked reasonable so far. I haven't reviewed the trigger and repository changes in much detail yet.
It looks like all the tests are failing; we'll need to fix those up to move forward. It seems like they're referencing pre-created resources, which we'll need to work out a strategy for. Are there details about what infrastructure was already set up for the DCL in a doc or comment somewhere?
Additionally, I'd recommend splitting this into three PRs, and sending them one-by-one:
- the connection resource
- the repository resource
- the changes to trigger
Smaller changes tend to go exponentially faster- as a single unit re-verifying this entire change takes a substantial amount of time, so complete review passes may take days to get the free time for.
We can merge them as we go, which means pieces may get released in isolation. If that's undesirable we can use a branch to manage the changes, although an additional review pass will be needed at merge time to correct any drift from HEAD (if any).
| name: "cloudbuild_trigger_repo" | ||
| min_version: beta | ||
| primary_resource_id: "repo-trigger" | ||
| skip_test: true |
There was a problem hiding this comment.
Can we amend this configuration to generate a working test? If that's impossible, what's the blocker?
|
|
||
| provider "google-beta" {} | ||
|
|
||
| resource "google_secret_manager_secret" "github-token-secret" { |
There was a problem hiding this comment.
Within an example, we use the same provider version throughout. Here, that should be provider = google-beta (This applies to all HCL files)
| @@ -0,0 +1,72 @@ | |||
| terraform { | |||
There was a problem hiding this comment.
This block & the provider definition on L8 should be superfluous & can be removed. (This applies to all HCL files)
|
|
||
| - type: PRODUCT_DOCS_SECTION | ||
| details: | ||
| docssection: Cloud Build |
There was a problem hiding this comment.
We map our docs sections to the endpoints being hit, rather than a subjective grouping of what a product or service is. We'll want to use the natural name "Cloud Build v2", or override to something like "Cloud Build (v2 API)" or similar. See Cloud Functions and Cloud Run & their v2s for reference.
| @@ -0,0 +1,50 @@ | |||
| terraform { | |||
There was a problem hiding this comment.
Same comments as the MMv1 example.
| } | ||
|
|
||
| resource "google_secret_manager_secret_iam_policy" "policy" { | ||
| project = google_secret_manager_secret.github-token-secret.project |
There was a problem hiding this comment.
We supply a project automatically, and you can omit the field unless the project is defined within the same configuration (same for all occurrences)
| "name": "{{connection}}", | ||
| "githubEnterpriseConfig": { | ||
| "hostUri": "https://ghe.proctor-staging-test.com", | ||
| "privateKeySecretVersion":"projects/1033762898806/secrets/gcbrepos-dcltest-private-key/versions/1", |
There was a problem hiding this comment.
What project do the referenced secrets live in? Are they publicly accessible?
We're likely to need to do a permissions grant within the test, create the secrets we reference, or similar.
There was a problem hiding this comment.
Moved to a separate PR: #7157
Adjusted to use a separate project as agreed offline.
|
Comments addressed in new PR: #7157 |
|
Superseded w/ #7157 |
4 participants
Adds CloudBuildv2 Repos API support to Beta provider. Also adds a field to CloudBuild (v1) trigger resource to be used with the Repos API.
These changes were already in the private providers:
https://cloud-internal-review.git.corp.google.com/c/cloud-graphite-eng/magic-modules-private-overrides/+/40250
https://cloud-internal-review.git.corp.google.com/c/cloud-graphite-eng/magic-modules-private-overrides/+/40350
Depends on DCL changes: cl/484273201
No testing is included. As secrets are needed for these resources, only manual testing will be done. (As advised on October 25th, 2022 office hours)
If this PR is for Terraform, I acknowledge that I have:
make testandmake lintto ensure it passes unit and linter tests.Release Note Template for Downstream PRs (will be copied)