google.cloud.gcp_cloudbuildv2_connection module – Creates a GCP Cloudbuildv2.Connection resource

Note

This module is part of the google.cloud collection (version 1.12.0).

You might already have this collection installed if you are using the ansible package. It is not included in ansible-core. To check whether it is installed, run ansible-galaxy collection list.

To install it, use: ansible-galaxy collection install google.cloud. You need further requirements to be able to use this module, see Requirements for details.

To use it in a playbook, specify: google.cloud.gcp_cloudbuildv2_connection.

Synopsis

• A connection to a SCM like GitHub, GitHub Enterprise, Bitbucket Data Center/Cloud or GitLab.

Requirements

The below requirements are needed on the host that executes this module.

• python >= 3.8

• requests >= 2.18.4

• google-auth >= 2.25.1

Parameters

Parameter	Comments
access_token string	The access token used to authenticate.
annotations dictionary	Allows clients to store small amounts of arbitrary data.
auth_kind string / required	The type of credential used. Choices: "accesstoken" "application" "machineaccount" "serviceaccount"
bitbucket_cloud_config dictionary	Configuration for connections to Bitbucket Cloud.
authorizer_credential dictionary / required	An access token with the `webhook`, `repository`, `repository:admin` and `pullrequest` scope access. It can be either a workspace, project or repository access token. It’s recommended to use a system account to generate these credentials.
user_token_secret_version string / required	A SecretManager resource containing the user token that authorizes the Cloud Build connection. Format: `projects/*/secrets/*/versions/*`.
username string	Output only. The username associated to this token.
read_authorizer_credential dictionary / required	An access token with the `repository` access. It can be either a workspace, project or repository access token. It’s recommended to use a system account to generate the credentials.
user_token_secret_version string / required	A SecretManager resource containing the user token that authorizes the Cloud Build connection. Format: `projects/*/secrets/*/versions/*`.
username string	Output only. The username associated to this token.
webhook_secret_secret_version string / required	SecretManager resource containing the webhook secret used to verify webhook events, formatted as `projects/*/secrets/*/versions/*`. This property is immutable, to change it, you must delete and recreate the resource.
workspace string / required	The Bitbucket Cloud Workspace ID to be connected to Google Cloud Platform.
bitbucket_data_center_config dictionary	Configuration for connections to Bitbucket Data Center.
authorizer_credential dictionary / required	A http access token with the `REPO_ADMIN` scope access.
user_token_secret_version string / required	A SecretManager resource containing the user token that authorizes the Cloud Build connection. Format: `projects/*/secrets/*/versions/*`.
username string	Output only. The username associated to this token.
host_uri string / required	The URI of the Bitbucket Data Center host this connection is for.
read_authorizer_credential dictionary / required	A http access token with the `REPO_READ` access.
user_token_secret_version string / required	A SecretManager resource containing the user token that authorizes the Cloud Build connection. Format: `projects/*/secrets/*/versions/*`.
username string	Output only. The username associated to this token.
server_version string	Output only. Version of the Bitbucket Data Center running on the `host_uri`.
service_directory_config dictionary	Configuration for using Service Directory to privately connect to a Bitbucket Data Center. This should only be set if the Bitbucket Data Center is hosted on-premises and not reachable by public internet. If this field is left empty, calls to the Bitbucket Data Center will be made over the public internet.
service string / required	The Service Directory service name. Format: projects/{project}/locations/{location}/namespaces/{namespace}/services/{service}.
ssl_ca string	SSL certificate to use for requests to the Bitbucket Data Center.
webhook_secret_secret_version string / required	SecretManager resource containing the webhook secret used to verify webhook events, formatted as `projects/*/secrets/*/versions/*`. This property is immutable, to change it, you must delete and recreate the resource.
disabled boolean	If disabled is set to true, functionality is disabled for this connection. Repository based API methods and webhooks processing for repositories in this connection will be disabled. Choices: false true
env_type string	Specifies which Ansible environment you’re running this module within. This should not be set unless you know what you’re doing. This only alters the User Agent string for any API requests.
github_config dictionary	Configuration for connections to github.com.
app_installation_id integer	GitHub App installation id.
authorizer_credential dictionary	OAuth credential of the account that authorized the Cloud Build GitHub App. It is recommended to use a robot account instead of a human user account. The OAuth token must be tied to the Cloud Build GitHub App.
oauth_token_secret_version string	A SecretManager resource containing the OAuth token that authorizes the Cloud Build connection. Format: `projects/*/secrets/*/versions/*`.
username string	Output only. The username associated to this token.
github_enterprise_config dictionary	Configuration for connections to an instance of GitHub Enterprise.
app_id integer	Id of the GitHub App created from the manifest.
app_installation_id integer	ID of the installation of the GitHub App.
app_slug string	The URL-friendly name of the GitHub App.
host_uri string / required	The URI of the GitHub Enterprise host this connection is for.
private_key_secret_version string	SecretManager resource containing the private key of the GitHub App, formatted as `projects/*/secrets/*/versions/*`.
service_directory_config dictionary	Configuration for using Service Directory to privately connect to a GitHub Enterprise server. This should only be set if the GitHub Enterprise server is hosted on-premises and not reachable by public internet. If this field is left empty, calls to the GitHub Enterprise server will be made over the public internet.
service string / required	The Service Directory service name. Format: projects/{project}/locations/{location}/namespaces/{namespace}/services/{service}.
ssl_ca string	SSL certificate to use for requests to GitHub Enterprise.
webhook_secret_secret_version string	SecretManager resource containing the webhook secret of the GitHub App, formatted as `projects/*/secrets/*/versions/*`.
gitlab_config dictionary	Configuration for connections to gitlab.com or an instance of GitLab Enterprise.
authorizer_credential dictionary / required	A GitLab personal access token with the `api` scope access.
user_token_secret_version string / required	A SecretManager resource containing the user token that authorizes the Cloud Build connection. Format: `projects/*/secrets/*/versions/*`.
username string	Output only. The username associated to this token.
host_uri string	The URI of the GitLab Enterprise host this connection is for. If not specified, the default value is https://gitlab.com.
read_authorizer_credential dictionary / required	A GitLab personal access token with the minimum `read_api` scope access.
user_token_secret_version string / required	A SecretManager resource containing the user token that authorizes the Cloud Build connection. Format: `projects/*/secrets/*/versions/*`.
username string	Output only. The username associated to this token.
server_version string	Output only. Version of the GitLab Enterprise server running on the `host_uri`.
service_directory_config dictionary	Configuration for using Service Directory to privately connect to a GitLab Enterprise server. This should only be set if the GitLab Enterprise server is hosted on-premises and not reachable by public internet. If this field is left empty, calls to the GitLab Enterprise server will be made over the public internet.
service string / required	The Service Directory service name. Format: projects/{project}/locations/{location}/namespaces/{namespace}/services/{service}.
ssl_ca string	SSL certificate to use for requests to GitLab Enterprise.
webhook_secret_secret_version string / required	SecretManager resource containing the webhook secret of a GitLab Enterprise project, formatted as `projects/*/secrets/*/versions/*`. This property is immutable, to change it, you must delete and recreate the resource.
location string / required	The location for the resource.
name string / required	The resource name of the connection. This property is immutable, to change it, you must delete and recreate the resource.
project string	The Google Cloud Platform project to use.
scopes list / elements=string	Array of scopes to be used.
service_account_contents jsonarg	The contents of a Service Account JSON file, either in a dictionary or as a JSON string that represents it.
service_account_email string	An optional service account email address if machineaccount is selected and the user does not wish to use the default email.
service_account_file path	The path of a Service Account JSON file if serviceaccount is selected as type.
state string	Whether the resource should exist in GCP. Choices: "present" ← (default) "absent"

Notes

Note

• API Reference: https://cloud.google.com/build/docs/api/reference/rest

• Official Documentation Guide: https://cloud.google.com/build/docs

• For authentication, you can set auth_kind using the GCP_AUTH_KIND env variable.

• For authentication, you can set service_account_file using the GCP_SERVICE_ACCOUNT_FILE env variable.

• For authentication, you can set service_account_contents using the GCP_SERVICE_ACCOUNT_CONTENTS env variable.

• For authentication, you can set service_account_email using the GCP_SERVICE_ACCOUNT_EMAIL env variable.

• For authentication, you can set access_token using the GCP_ACCESS_TOKEN env variable.

• For authentication, you can set scopes using the GCP_SCOPES env variable.

• Environment variables values will only be used if the playbook values are not set.

• The service_account_email, service_account_file, service_account_file and access_token options are mutually exclusive.

Examples

- name: Create github enterprise connection
  google.cloud.gcp_cloudbuildv2_connection:
    name: ghe_conn
    state: present
    location: us-central1
    github_enterprise_config:
      host_uri: https://github.example.com
      app_id: 12345
      app_installation_id: 67890
      app_slug: my-app
      private_key_secret_version: "projects/{{ gcp_project }}/secrets/github-pk/versions/1"
      webhook_secret_secret_version: "projects/{{ gcp_project }}/secrets/github-webhook/versions/1"
    project: "{{ gcp_project }}"
    auth_kind: "{{ gcp_cred_kind }}"
    service_account_file: "{{ gcp_cred_file }}"

################################################################################

- name: Create github connection
  google.cloud.gcp_cloudbuildv2_connection:
    name: github_conn
    state: present
    location: us-central1
    github_config:
      app_installation_id: 123456
      authorizer_credential:
        oauth_token_secret_version: "projects/{{ gcp_project }}/secrets/github-oauth-token/versions/1"
    project: "{{ gcp_project }}"
    auth_kind: "{{ gcp_cred_kind }}"
    service_account_file: "{{ gcp_cred_file }}"

################################################################################

- name: Create gitlab connection
  google.cloud.gcp_cloudbuildv2_connection:
    name: gitlab_conn
    state: present
    location: us-central1
    gitlab_config:
      authorizer_credential:
        user_token_secret_version: "projects/{{ gcp_project }}/secrets/gitlab-api-token/versions/3"
      read_authorizer_credential:
        user_token_secret_version: "projects/{{ gcp_project }}/secrets/gitlab-read-api-token/versions/1"
      webhook_secret_secret_version: "projects/{{ gcp_project }}/secrets/gitlab-webhook/versions/4"
      host_uri: https://gitlab.example.com  # if unset, defaults to gitlab.com
    project: "{{ gcp_project }}"
    auth_kind: "{{ gcp_cred_kind }}"
    service_account_file: "{{ gcp_cred_file }}"

Return Values

Common return values are documented here, the following are the fields unique to this module:

Key	Description
changed boolean	Whether the resource was changed. Returned: always
createTime string	Output only. Server assigned timestamp for when the connection was created. Returned: success
etag string	This checksum is computed by the server based on the value of other fields, and may be sent on update and delete requests to ensure the client has an up-to-date value before proceeding. Returned: success
installationState dictionary	Output only. Installation state of the Connection. Returned: success
actionUri string	Output only. Link to follow for next action. Empty string if the installation is already complete. Returned: success
message string	Output only. Message of what the user should do next to continue the installation. Empty string if the installation is already complete. Returned: success
stage string	Output only. Current step of the installation process. Returned: success
reconciling boolean	Output only. Set to true when the connection is being set up or updated in the background. Returned: success
state string	The current state of the resource. Returned: always
updateTime string	Output only. Server assigned timestamp for when the connection was updated. Returned: success

Authors

• Google Inc. (@googlecloudplatform)

Collection links

• Issue Tracker
• Homepage
• Repository (Sources)