google_cloudbuild_trigger can't create a real manual invocation

yerb-loreal commented 8 months ago

Community Note

Please vote on this issue by adding a 👍 reaction to the original issue to help the community and maintainers prioritize this request
Please do not leave "+1" or "me too" comments, they generate extra noise for issue followers and do not help prioritize the request
If you are interested in working on this issue or have submitted a pull request, please leave a comment. If the issue is assigned to the "modular-magician" user, it is either in the process of being autogenerated, or is planned to be autogenerated soon. If the issue is assigned to a user, that user is claiming responsibility for the issue. If the issue is assigned to "hashibot", a community member has claimed the issue already.

Description

Hi,

The context

Our project uses two types of triggers:

"build" triggers to create artifacts (npm modules or Docker images) from from various Git repositories
"deploy" triggers to deploy Docker images to Cloud Run

We use distinct GCP project for environments (dev, integration, production). Docker images are generated by a single project and this one has "build" triggers (and "deploy" triggers). Other projects have only "deploy" triggers (and constraints over images that can be deployed) but no "build" triggers. So it makes no sense for these projects to declare Git repositories as all they need is an access to an artifact registry repository. However...

The problem

As far as I know, event with the latest version of the provider (5.2.0 today, beta or not), google_cloudbuild_trigger can't be used to create a real manual invocation trigger because

one of bitbucket_server_trigger_config,github,pubsub_config,repository_event_config,source_to_build,trigger_template,webhook_config must be specified`

Here is a screenshot of what I'd like to obtain.

google_cloudbuild_trigger_manual

Here are trigger definitions obtained with gcloud builds triggers list.

What I can create with GCP Console (useless but kept simple):

build:
  steps:
  - args:
    - echo
    - hello world
    name: ubuntu
createTime: whatever
id: whatever
name: manual-invocation
resourceName: whatever

What I can create with google_cloudbuild_trigger using trigger_template

build:
  steps:
  - args:
    - echo
    - hello world
    name: ubuntu
createTime: whatever
id: whatever
name: not-a-manual-invocation
resourceName: whatever
triggerTemplate:
  branchName: main
  projectId: whatever
  repoName: default

using source_to_build

build:
  steps:
  - args:
    - echo
    - hello world
    name: ubuntu
createTime: whatever
id: whatever
name: not-a-manual-invocation
resourceName: whatever
sourceToBuild:
  ref: refs/heads/main
  repoType: GITHUB
  uri: whatever

So, the current workaround is to define "deploy" triggers with trigger_template or source_to_build but it requires to declare a source repository in every project, even if it's not used.

New or Affected Resource(s)

google_cloudbuild_trigger

Potential Terraform Configuration

resource "google_cloudbuild_trigger" "manual_invocation" {
  location = var.region
  name     = "manual-invocation"
  build {
    step {
      name = "ubuntu"
      args = ["echo", "hello world"]
    }
  }
  # trigger_template {
  #   branch_name = "main"
  # }
}

References

https://github.com/GoogleCloudPlatform/magic-modules/pull/5738

b/307910874

rileykarson commented 8 months ago

As far as I know, event with the latest version of the provider (5.2.0 today, beta or not), google_cloudbuild_trigger can't be used to create a real manual invocation trigger because

@yerb-loreal was this newly impossible in 5.2.0 due to a new validation or other change or has this been the case in prior versions as well?

yerb-loreal commented 8 months ago

It's been the case in v4 too.

SarahFrench commented 8 months ago

I haven't had a go reproducing this, but from the error mentioned above:

one of bitbucket_server_trigger_config,github,pubsub_config,repository_event_config,source_to_build,trigger_template,webhook_config must be specified`

it sounds like the AtLeastOneOf provider-side validation misses a use cases/combinations of fields when using manual approval via approval_config and needs to be updated, i.e is a bug.

jlenuffgsoi commented 7 months ago

I encounter the same issue.

After manually creating a manuel Cloud Build trigger, I've imported it.

When I write the same TF code from the state, I have these errors :

╷
│ Error: Missing required argument
│ 
│   with google_cloudbuild_trigger.main,
│   on trigger.tf line 1, in resource "google_cloudbuild_trigger" "main":
│    1: resource "google_cloudbuild_trigger" "main" {
│ 
│ "pubsub_config": one of `bitbucket_server_trigger_config,github,pubsub_config,repository_event_config,source_to_build,trigger_template,webhook_config` must be specified
╵

When I add the following block (for example) :

  webhook_config {
    secret = var.secret
  }

the plan is "successful" :

  # google_cloudbuild_trigger.main will be updated in-place
  ~ resource "google_cloudbuild_trigger" "main" {
        id             = "projects/xxxxxxxxx/locations/yyyyyyyyy/triggers/zzzzzzzzzzzzzzzzzzzzzzzz"
        name           = "mongo-ha-restore"
        tags           = []
        # (8 unchanged attributes hidden)

      ~ build {
            tags          = []
          + timeout       = "600s"
            # (2 unchanged attributes hidden)

            # (4 unchanged blocks hidden)
        }

      - timeouts {}

      + webhook_config {
          + secret = "toto"
        }

        # (1 unchanged block hidden)
    }

Plan: 0 to add, 1 to change, 0 to destroy.

jlenuffgsoi commented 6 months ago

Hi,

I've found a little trick.

Based on what the error message says, we need, at least, one of these elements :

bitbucket_server_trigger_config
github
pubsub_config
repository_event_config
source_to_build
trigger_template
webhook_config

After differents tries, I've used the repository_event_config coupled with the correct lifecycle association.

So, simply adding this block does the trick :

...
  repository_event_config {}

  lifecycle {
    ignore_changes = [
      repository_event_config
    ]
  }
...

yerb-loreal commented 6 months ago

Hi,

I've found a little trick.

Based on what the error message says, we need, at least, one of these elements :
bitbucket_server_trigger_config
github
pubsub_config
repository_event_config
source_to_build
trigger_template
webhook_config
After differents tries, I've used the repository_event_config coupled with the correct lifecycle association.

So, simply adding this block does the trick :
...
  repository_event_config {}

  lifecycle {
    ignore_changes = [
      repository_event_config
    ]
  }
...

it works, thanks

mhebrard-bigid commented 6 months ago

it also works with:

 webhook_config {
    secret = ""
 }
 lifecycle {
    ignore_changes = [ webhook_config ]
 }

hashicorp / terraform-provider-google