search

pulumi / pulumi-aws

An Amazon Web Services (AWS) Pulumi resource package, providing multi-language access to AWS
Apache License 2.0
464 stars 155 forks source link

ProjectSourceArgs missing 'auth' property #4685

Open claesjonsson opened 2 weeks ago

claesjonsson commented 2 weeks ago

When creating an aws.codebuild.Project, the ProjectSourceArgs used for the source argument is missing the auth property that both CloudFormation and Terraform have in their corresponding resource definitions.
As far as I can tell, this makes it impossible to use a self-managed GitLab instance as source, as this requires the use of a aws.codestarconnection.Connection, that would be referenced in the missing auth property.

Any workaround runs afoul of one or more validation errors; such as the suggested use of an aws.codestarconnection.SourceCredentials with the server_type GITHUB, which will throw an error when referenced in the project due to invalid github URL. Similar problems for all other suggested workarounds. Pulumi AI eventually suggests defining a CloudFormation and create an aws.cloudformation.Stack, which does not feel ideal.

A simple example highlighting the missing property could be: 

gitlab_host = aws.codestarconnections.Host(
    "GitLabHost",
    name="GitLabHost",
    provider_type="GitLabSelfManaged",
    provider_endpoint="https://gitlab.example.com",
    vpc_configuration={
        "securityGroupIds": [my_sec_group.id],
        "subnetIds": [mysubnet1.id, mysubnet2.id],
        "vpcId": my_vpc.id,
    })

gitlab_connection = aws.codestarconnections.Connection(
    "GitLabConnection",
    name="GitLabConnection",
    host_arn=gitlab_host.arn,
)

aws.codebuild.Project(
    "MyProject",
    name="MyProject",
    service_role=service_role.arn,
    environment={
        "computeType": "BUILD_GENERAL1_SMALL",
        "image": my_image,
        "type": "LINUX_CONTAINER",
        "image_pull_credentials_type": "CODEBUILD",
    },
    artifacts={
        "type": "NO_ARTIFACTS",
    },
    source={
        "type": "GITLAB_SELF_MANAGED",
        "location": "https://gitlab.example.com/mynamespace/myproject.git",
        "git_clone_depth": 1,
        "buildspec": "buildspec.yml",
        "auth": {                                       # <--- This property is missing in the ProjectSourceArgs
            "type": "CODECONNECTIONS",
            "resource": gitlab_connection.arn,
        },
    },
    source_version="main",
    vpc_config={
        "security_group_ids": [my_sec_group.id],
        "subnets": [mysubnet1.id, mysubnet2.id],
        "vpc_id": my_vpc.id,
    },
)
t0yv0 commented 1 week ago

Hi @claesjonsson thanks for reporting this limitation.

both CloudFormation and Terraform have in their corresponding resource definitions.

Can you point out which Terraform resource has this property available?

This Pulumi provider is based directly on terraform-provider-aws which currently does not seem to advertise the auth property:

https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/codebuild_project#source