This module allows managing a single Cloud Source Repository, including IAM bindings and basic Cloud Build triggers.
Original Module from Cloud-Foundation-Fabric
This Module creates a GCP Source Repository
provider "google" {
}
resource "random_string" "repo_name" {
length = 8
special = false
upper = false
numeric = false
}
resource "google_project_service" "sourcerepo" {
project = var.project_id
service = "sourcerepo.googleapis.com"
disable_on_destroy = false
disable_dependent_services = false
}
module "repo" {
depends_on = [google_project_service.sourcerepo]
source = "../.."
project_id = var.project_id
name = random_string.repo_name.result
}
variable "project_id" {
type = string
}
This Module creates a GCP Source Repository with IAM
provider "google" {
project = var.project_id
}
resource "random_string" "repo_name" {
length = 8
special = false
upper = false
numeric = false
}
resource "random_string" "serivce_account_name" {
length = 8
special = false
upper = false
numeric = false
}
resource "google_project_service" "sourcerepo" {
project = var.project_id
service = "sourcerepo.googleapis.com"
disable_on_destroy = false
disable_dependent_services = false
}
resource "google_service_account" "default" {
account_id = random_string.serivce_account_name.result
}
module "repo" {
depends_on = [google_project_service.sourcerepo]
source = "../.."
project_id = var.project_id
name = random_string.repo_name.result
iam = {
"roles/source.reader" = ["serviceAccount:${google_service_account.default.email}"]
}
}
variable "project_id" {
type = string
}
This Module creates a GCP Source Repository with a Cloud Build Trigger
provider "google" {
project = var.project_id
}
resource "random_string" "repo_name" {
length = 8
special = false
upper = false
numeric = false
}
resource "google_project_service" "sourcerepo" {
for_each = toset(["sourcerepo.googleapis.com", "cloudbuild.googleapis.com"])
project = var.project_id
service = each.value
disable_on_destroy = false
disable_dependent_services = false
}
module "repo" {
depends_on = [google_project_service.sourcerepo]
source = "../.."
project_id = var.project_id
name = random_string.repo_name.result
triggers = {
fooahjsduashduasd = {
filename = "ci/workflow-foo.yaml"
included_files = ["**/*tf"]
service_account = null
substitutions = {}
template = {
branch_name = "main"
project_id = var.project_id
tag_name = null
}
}
}
}
variable "project_id" {
type = string
}
Name | Version |
---|---|
terraform | >= 1.3.1 |
>= 4.40.0 | |
google-beta | >= 4.40.0 |
Name | Description | Type | Default | Required |
---|---|---|---|---|
name | Repository name. | string |
n/a | yes |
project_id | Project used for resources. | string |
n/a | yes |
group_iam | Authoritative IAM binding for organization groups, in {GROUP_EMAIL => [ROLES]} format. Group emails need to be static. Can be used in combination with the iam variable. |
map(list(string)) |
{} |
no |
iam | IAM bindings in {ROLE => [MEMBERS]} format. | map(list(string)) |
{} |
no |
iam_additive | IAM additive bindings in {ROLE => [MEMBERS]} format. | map(list(string)) |
{} |
no |
iam_additive_members | IAM additive bindings in {MEMBERS => [ROLE]} format. This might break if members are dynamic values. | map(list(string)) |
{} |
no |
triggers | Cloud Build triggers. | map(object({ |
{} |
no |
Name | Description |
---|---|
id | Repository id. |
name | Repository name. |
url | Repository URL. |
Type | Used |
---|---|
google_cloudbuild_trigger | 1 |
google_sourcerepo_repository | 1 |
google_sourcerepo_repository_iam_binding | 1 |
google_sourcerepo_repository_iam_member | 1 |
Used only includes resource blocks. for_each and count meta arguments, as well as resource blocks of modules are not considered. |
No modules.
Name | Type |
---|---|
google_sourcerepo_repository_iam_binding.authoritative | resource |
google_sourcerepo_repository_iam_member.additive | resource |
Name | Type |
---|---|
google_cloudbuild_trigger.default | resource |
google_sourcerepo_repository.default | resource |
This module is derived from google cloud foundation fabric module source-repository
v19.
It is designed to be able to integrate new changes from the base repository.
Refer to guide in terraform-google-landing-zone
repository for information on integrating changes.