From 6ee4178219fd1e74987c80913c61b3c337eabeb6 Mon Sep 17 00:00:00 2001 From: Modular Magician Date: Thu, 11 Sep 2025 17:27:08 +0000 Subject: [PATCH] Add google secure source manager hook resource (#15050) [upstream:e0452656352b8ffb16aa2a8651ecadb6f072cc21] Signed-off-by: Modular Magician --- .../backing_file.tf | 15 ++++ secure_source_manager_hook_basic/main.tf | 25 ++++++ secure_source_manager_hook_basic/motd | 7 ++ secure_source_manager_hook_basic/tutorial.md | 79 +++++++++++++++++++ .../backing_file.tf | 15 ++++ .../main.tf | 29 +++++++ secure_source_manager_hook_with_fields/motd | 7 ++ .../tutorial.md | 79 +++++++++++++++++++ 8 files changed, 256 insertions(+) create mode 100644 secure_source_manager_hook_basic/backing_file.tf create mode 100644 secure_source_manager_hook_basic/main.tf create mode 100644 secure_source_manager_hook_basic/motd create mode 100644 secure_source_manager_hook_basic/tutorial.md create mode 100644 secure_source_manager_hook_with_fields/backing_file.tf create mode 100644 secure_source_manager_hook_with_fields/main.tf create mode 100644 secure_source_manager_hook_with_fields/motd create mode 100644 secure_source_manager_hook_with_fields/tutorial.md diff --git a/secure_source_manager_hook_basic/backing_file.tf b/secure_source_manager_hook_basic/backing_file.tf new file mode 100644 index 00000000..c60b1199 --- /dev/null +++ b/secure_source_manager_hook_basic/backing_file.tf @@ -0,0 +1,15 @@ +# This file has some scaffolding to make sure that names are unique and that +# a region and zone are selected when you try to create your Terraform resources. + +locals { + name_suffix = "${random_pet.suffix.id}" +} + +resource "random_pet" "suffix" { + length = 2 +} + +provider "google" { + region = "us-central1" + zone = "us-central1-c" +} diff --git a/secure_source_manager_hook_basic/main.tf b/secure_source_manager_hook_basic/main.tf new file mode 100644 index 00000000..4481e241 --- /dev/null +++ b/secure_source_manager_hook_basic/main.tf @@ -0,0 +1,25 @@ +resource "google_secure_source_manager_instance" "instance" { + location = "us-central1" + instance_id = "my-basic-instance-${local.name_suffix}" + + # Prevent accidental deletions. + deletion_policy = ""DELETE"" +} + +resource "google_secure_source_manager_repository" "repository" { + repository_id = "my-basic-repository-${local.name_suffix}" + location = google_secure_source_manager_instance.instance.location + instance = google_secure_source_manager_instance.instance.name + + # Prevent accidental deletions. + deletion_policy = ""DELETE"" +} + +resource "google_secure_source_manager_hook" "basic" { + hook_id = "my-basic-hook-${local.name_suffix}" + repository_id = google_secure_source_manager_repository.repository.repository_id + location = google_secure_source_manager_repository.repository.location + target_uri = "https://www.example.com" + # default event + events = ["PUSH"] +} diff --git a/secure_source_manager_hook_basic/motd b/secure_source_manager_hook_basic/motd new file mode 100644 index 00000000..45a906e8 --- /dev/null +++ b/secure_source_manager_hook_basic/motd @@ -0,0 +1,7 @@ +=== + +These examples use real resources that will be billed to the +Google Cloud Platform project you use - so make sure that you +run "terraform destroy" before quitting! + +=== diff --git a/secure_source_manager_hook_basic/tutorial.md b/secure_source_manager_hook_basic/tutorial.md new file mode 100644 index 00000000..427bbbc3 --- /dev/null +++ b/secure_source_manager_hook_basic/tutorial.md @@ -0,0 +1,79 @@ +# Secure Source Manager Hook Basic - Terraform + +## Setup + + + +Welcome to Terraform in Google Cloud Shell! We need you to let us know what project you'd like to use with Terraform. + + + +Terraform provisions real GCP resources, so anything you create in this session will be billed against this project. + +## Terraforming! + +Let's use {{project-id}} with Terraform! Click the Cloud Shell icon below to copy the command +to your shell, and then run it from the shell by pressing Enter/Return. Terraform will pick up +the project name from the environment variable. + +```bash +export GOOGLE_CLOUD_PROJECT={{project-id}} +``` + +After that, let's get Terraform started. Run the following to pull in the providers. + +```bash +terraform init +``` + +With the providers downloaded and a project set, you're ready to use Terraform. Go ahead! + +```bash +terraform apply +``` + +Terraform will show you what it plans to do, and prompt you to accept. Type "yes" to accept the plan. + +```bash +yes +``` + + +## Post-Apply + +### Editing your config + +Now you've provisioned your resources in GCP! If you run a "plan", you should see no changes needed. + +```bash +terraform plan +``` + +So let's make a change! Try editing a number, or appending a value to the name in the editor. Then, +run a 'plan' again. + +```bash +terraform plan +``` + +Afterwards you can run an apply, which implicitly does a plan and shows you the intended changes +at the 'yes' prompt. + +```bash +terraform apply +``` + +```bash +yes +``` + +## Cleanup + +Run the following to remove the resources Terraform provisioned: + +```bash +terraform destroy +``` +```bash +yes +``` diff --git a/secure_source_manager_hook_with_fields/backing_file.tf b/secure_source_manager_hook_with_fields/backing_file.tf new file mode 100644 index 00000000..c60b1199 --- /dev/null +++ b/secure_source_manager_hook_with_fields/backing_file.tf @@ -0,0 +1,15 @@ +# This file has some scaffolding to make sure that names are unique and that +# a region and zone are selected when you try to create your Terraform resources. + +locals { + name_suffix = "${random_pet.suffix.id}" +} + +resource "random_pet" "suffix" { + length = 2 +} + +provider "google" { + region = "us-central1" + zone = "us-central1-c" +} diff --git a/secure_source_manager_hook_with_fields/main.tf b/secure_source_manager_hook_with_fields/main.tf new file mode 100644 index 00000000..b7f001b3 --- /dev/null +++ b/secure_source_manager_hook_with_fields/main.tf @@ -0,0 +1,29 @@ +resource "google_secure_source_manager_instance" "instance" { + location = "us-central1" + instance_id = "my-initial-instance-${local.name_suffix}" + + # Prevent accidental deletions. + deletion_policy = ""DELETE"" +} + +resource "google_secure_source_manager_repository" "repository" { + repository_id = "my-initial-repository-${local.name_suffix}" + instance = google_secure_source_manager_instance.instance.name + location = google_secure_source_manager_instance.instance.location + + # Prevent accidental deletions. + deletion_policy = ""DELETE"" +} + +resource "google_secure_source_manager_hook" "default" { + hook_id = "my-initial-hook-${local.name_suffix}" + location = google_secure_source_manager_repository.repository.location + repository_id = google_secure_source_manager_repository.repository.repository_id + target_uri = "https://www.example.com" + sensitive_query_string = "auth=fake_token" + disabled = false + push_option { + branch_filter = "main" + } + events = ["PUSH", "PULL_REQUEST"] +} diff --git a/secure_source_manager_hook_with_fields/motd b/secure_source_manager_hook_with_fields/motd new file mode 100644 index 00000000..45a906e8 --- /dev/null +++ b/secure_source_manager_hook_with_fields/motd @@ -0,0 +1,7 @@ +=== + +These examples use real resources that will be billed to the +Google Cloud Platform project you use - so make sure that you +run "terraform destroy" before quitting! + +=== diff --git a/secure_source_manager_hook_with_fields/tutorial.md b/secure_source_manager_hook_with_fields/tutorial.md new file mode 100644 index 00000000..a08a5064 --- /dev/null +++ b/secure_source_manager_hook_with_fields/tutorial.md @@ -0,0 +1,79 @@ +# Secure Source Manager Hook With Fields - Terraform + +## Setup + + + +Welcome to Terraform in Google Cloud Shell! We need you to let us know what project you'd like to use with Terraform. + + + +Terraform provisions real GCP resources, so anything you create in this session will be billed against this project. + +## Terraforming! + +Let's use {{project-id}} with Terraform! Click the Cloud Shell icon below to copy the command +to your shell, and then run it from the shell by pressing Enter/Return. Terraform will pick up +the project name from the environment variable. + +```bash +export GOOGLE_CLOUD_PROJECT={{project-id}} +``` + +After that, let's get Terraform started. Run the following to pull in the providers. + +```bash +terraform init +``` + +With the providers downloaded and a project set, you're ready to use Terraform. Go ahead! + +```bash +terraform apply +``` + +Terraform will show you what it plans to do, and prompt you to accept. Type "yes" to accept the plan. + +```bash +yes +``` + + +## Post-Apply + +### Editing your config + +Now you've provisioned your resources in GCP! If you run a "plan", you should see no changes needed. + +```bash +terraform plan +``` + +So let's make a change! Try editing a number, or appending a value to the name in the editor. Then, +run a 'plan' again. + +```bash +terraform plan +``` + +Afterwards you can run an apply, which implicitly does a plan and shows you the intended changes +at the 'yes' prompt. + +```bash +terraform apply +``` + +```bash +yes +``` + +## Cleanup + +Run the following to remove the resources Terraform provisioned: + +```bash +terraform destroy +``` +```bash +yes +```