search

hashicorp / terraform-provider-google

Terraform Provider for Google Cloud Platform
https://registry.terraform.io/providers/hashicorp/google/latest/docs
Mozilla Public License 2.0
2.33k stars 1.73k forks source link

cloud build example to use custom log bucket - defaultLogsBucketBehavior #19957

Open sandygvs opened 1 week ago

sandygvs commented 1 week ago

Community Note

Terraform Version & Provider Version(s)

terraform version: 1.8.4 GCP provider version : 6.3.0

The build is running, and logs are being written to the default logs bucket. However I'm trying to configure the cloud build to store the logs in user-owned and and regionalized bucket as per https://cloud.google.com/build/docs/securing-builds/store-manage-build-logs#store_build_logs_in_a_user-owned_and_regionalized_bucket

Affected Resource(s)

google_cloudbuild_trigger

Terraform Configuration

resource "google_cloudbuild_trigger" "trigger" {
  name = "my-trigger"
  location = "global"

  trigger_template {
    branch_name = "main"
    repo_name   = "my-repo"
  }

  build {
    step {
      name = "ubuntu"
      args = ["-c", "exit 1"]
      allow_failure = true
    }
 .
.
.
.
    }
    options {
      **default_log_bucket_behavior = "REGIONAL_USER_OWNED_BUCKET"**
      worker_pool = "pool"
      }
    }
  }
}

Debug Output

Error: Unsupported argument │ │ on inf_trigger/main.tf line 93, in resource "google_cloudbuild_trigger" "inf_build_trigger": │ 93: default_log_bucket_behavior = "REGIONAL_USER_OWNED_BUCKET" │ │ An argument named "default_log_bucket_behavior" is not expected here.

Expected Behavior

Tf should execute and update the cloud build trigger with options as below,

options:
  defaultLogsBucketBehavior: REGIONAL_USER_OWNED_BUCKET

Actual Behavior

Error: Unsupported argument │ │ on inf_trigger/main.tf line 93, in resource "google_cloudbuild_trigger" "inf_build_trigger": │ 93: default_log_bucket_behavior = "REGIONAL_USER_OWNED_BUCKET" │ │ An argument named "default_log_bucket_behavior" is not expected here.

Steps to reproduce

  1. terraform apply

Important Factoids

No response

References

https://cloud.google.com/build/docs/securing-builds/store-manage-build-logs#store_build_logs_in_a_user-owned_and_regionalized_bucket

b/376524368

ggtisc commented 2 days ago

Hi @sandygvs!

According to terraform registry there is no argument called default_log_bucket_behavior for the options block of the google_cloudbuild_trigger resource. Likewise in the API documentation there is nothing similar. If this is an enhancement proposal you need to argue the purpose of this new argument with solid bases and we can review the proposal. Otherwise if you have an official documentation link which supports the existence of this argument please share it with us.

sandygvs commented 2 days ago

@ggtisc Thanks for looking into it. I'm trying to configure cloud build to store the build logs in a regionalized, user-managed bucket instead of storing in the Google managed bucket as defined here https://cloud.google.com/build/docs/securing-builds/store-manage-build-logs#store_build_logs_in_a_user-owned_and_regionalized_bucket to have more control over the build logs of my projects. I'm finding a way to apply this change to the 100+ build triggers which I'm managing via terraform. This doc says the cloud schema does support it, https://cloud.google.com/build/docs/build-config-file-schema#structure_of_a_build_config_file. However not finding an option to do it via terraform, it would be good to have this supported as part of google_cloudbuild_trigger resource.

ggtisc commented 2 days ago

Thanks for clarifying @sandygvs!

I'm forwarding this issue for a more in-depth review and taking actions as soon as possible to improve our terraform resources with the objective of provide you with better configuration options according to your needs