terraform-google-modules · apeabody · Dec 5, 2024 · Nov 22, 2024 · Dec 2, 2024 · Dec 2, 2024
diff --git a/modules/cloudbuild_repo_connection/README.md b/modules/cloudbuild_repo_connection/README.md
@@ -13,7 +13,7 @@ Users will provide the required secrets through the `connection_config` variable
 |------|-------------|------|---------|:--------:|
 | cloud\_build\_repositories | Cloud Build repositories configuration:<br>  - repository\_name: The name of the repository to be used in Cloud Build.<br>  - repository\_url: The HTTPS clone URL for the repository. This URL must end with '.git' and be a valid HTTPS URL.<br><br>Each entry in this map must contain both `repository_name` and `repository_url` to properly integrate with the Cloud Build service. | <pre>map(object({<br>    repository_name = string,<br>    repository_url  = string,<br>  }))</pre> | n/a | yes |
 | cloudbuild\_connection\_name | Cloudbuild Connection Name. | `string` | `"generic-cloudbuild-connection"` | no |
-| connection\_config | Connection configuration options:<br>  - connection\_type: Specifies the type of connection being used. Supported types are 'GITHUBv2' and 'GITLABv2'.<br>  - github\_secret\_id: (Optional) The secret ID for GitHub credentials.<br>  - github\_app\_id\_secret\_id: (Optional) The secret ID for the application ID for a GitHub App used for authentication. For app installation, follow this link: https://github.com/apps/google-cloud-build<br>  - gitlab\_read\_authorizer\_credential\_secret\_id: (Optional) The secret ID for the GitLab read authorizer credential.<br>  - gitlab\_authorizer\_credential\_secret\_id: (Optional) The secret ID for the GitLab authorizer credential.<br>  - gitlab\_webhook\_secret\_id: (Optional) The secret ID for the GitLab WebHook. | <pre>object({<br>    connection_type                             = string<br>    github_secret_id                            = optional(string)<br>    github_app_id_secret_id                     = optional(string)<br>    gitlab_read_authorizer_credential_secret_id = optional(string)<br>    gitlab_authorizer_credential_secret_id      = optional(string)<br>    gitlab_webhook_secret_id                    = optional(string)<br>  })</pre> | n/a | yes |
+| connection\_config | Connection configuration options:<br>  - connection\_type: Specifies the type of connection being used. Supported types are 'GITHUBv2' and 'GITLABv2'.<br>  - github\_secret\_id: (Optional) The secret ID for GitHub credentials.<br>  - github\_app\_id\_secret\_id: (Optional) The secret ID for the application ID for a GitHub App used for authentication. For app installation, follow this link: https://github.com/apps/google-cloud-build<br>  - gitlab\_read\_authorizer\_credential\_secret\_id: (Optional) The secret ID for the GitLab read authorizer credential.<br>  - gitlab\_authorizer\_credential\_secret\_id: (Optional) The secret ID for the GitLab authorizer credential.<br>  - gitlab\_webhook\_secret\_id: (Optional) The secret ID for the GitLab WebHook.<br>  - gitlab\_enterprise\_host\_uri: (Optional) The URI of the GitLab Enterprise host this connection is for. If not specified, the default value is https://gitlab.com.<br>  - gitlab\_enterprise\_service\_directory: (Optional) Configuration for using Service Directory to privately connect to a GitLab Enterprise server. This should only be set if the GitLab Enterprise server is hosted on-premises and not reachable by public internet. If this field is left empty, calls to the GitLab Enterprise server will be made over the public internet. Format: projects/{project}/locations/{location}/namespaces/{namespace}/services/{service}.<br>  - gitlab\_enterprise\_ca\_certificate: (Optional) SSL certificate to use for requests to GitLab Enterprise. | <pre>object({<br>    connection_type                             = string<br>    github_secret_id                            = optional(string)<br>    github_app_id_secret_id                     = optional(string)<br>    gitlab_read_authorizer_credential_secret_id = optional(string)<br>    gitlab_authorizer_credential_secret_id      = optional(string)<br>    gitlab_webhook_secret_id                    = optional(string)<br>    gitlab_enterprise_host_uri                  = optional(string)<br>    gitlab_enterprise_service_directory         = optional(string)<br>    gitlab_enterprise_ca_certificate            = optional(string)<br>  })</pre> | n/a | yes |
 | location | Resources location. | `string` | `"us-central1"` | no |
 | project\_id | The project id to create the secret and assign cloudbuild service account permissions. | `string` | n/a | yes |
 

diff --git a/modules/cloudbuild_repo_connection/main.tf b/modules/cloudbuild_repo_connection/main.tf
@@ -57,7 +57,14 @@ resource "google_cloudbuildv2_connection" "connection" {
   dynamic "gitlab_config" {
     for_each = local.is_gitlab ? [1] : []
     content {
-      host_uri = null
+      host_uri = var.connection_config.gitlab_enterprise_host_uri
+      ssl_ca   = var.connection_config.gitlab_enterprise_ca_certificate
+      dynamic "service_directory_config" {
+        for_each = var.connection_config.gitlab_enterprise_service_directory == null ? [] : [1]
+        content {
+          service = var.connection_config.gitlab_enterprise_service_directory
+        }
+      }
       authorizer_credential {
         user_token_secret_version = "${var.connection_config.gitlab_authorizer_credential_secret_id}/versions/latest"
       }

diff --git a/modules/cloudbuild_repo_connection/variables.tf b/modules/cloudbuild_repo_connection/variables.tf
@@ -28,6 +28,9 @@ variable "connection_config" {
     - gitlab_read_authorizer_credential_secret_id: (Optional) The secret ID for the GitLab read authorizer credential.
     - gitlab_authorizer_credential_secret_id: (Optional) The secret ID for the GitLab authorizer credential.
     - gitlab_webhook_secret_id: (Optional) The secret ID for the GitLab WebHook.
+    - gitlab_enterprise_host_uri: (Optional) The URI of the GitLab Enterprise host this connection is for. If not specified, the default value is https://gitlab.com.
+    - gitlab_enterprise_service_directory: (Optional) Configuration for using Service Directory to privately connect to a GitLab Enterprise server. This should only be set if the GitLab Enterprise server is hosted on-premises and not reachable by public internet. If this field is left empty, calls to the GitLab Enterprise server will be made over the public internet. Format: projects/{project}/locations/{location}/namespaces/{namespace}/services/{service}.
+    - gitlab_enterprise_ca_certificate: (Optional) SSL certificate to use for requests to GitLab Enterprise.
   EOT
   type = object({
     connection_type                             = string
@@ -36,6 +39,9 @@ variable "connection_config" {
     gitlab_read_authorizer_credential_secret_id = optional(string)
     gitlab_authorizer_credential_secret_id      = optional(string)
     gitlab_webhook_secret_id                    = optional(string)
+    gitlab_enterprise_host_uri                  = optional(string)
+    gitlab_enterprise_service_directory         = optional(string)
+    gitlab_enterprise_ca_certificate            = optional(string)
   })
 
   validation {