Add google secure source manager hook resource (#15050)

Author: ericzzzzzzz

mmv1/products/securesourcemanager/Hook.yaml

@@ -0,0 +1,158 @@
+# Copyright 2025 Google Inc.
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+---
+name: Hook
+description: Hook is a user-defined HTTP callback triggered by an event.
+references:
+  guides:
+    Official Documentation: https://cloud.google.com/secure-source-manager/docs/overview
+docs: null
+id_format: projects/{{project}}/locations/{{location}}/repositories/{{repository_id}}/hooks/{{hook_id}}
+base_url: projects/{{project}}/locations/{{location}}/repositories/{{repository_id}}/hooks?hook_id={{hook_id}}
+self_link: projects/{{project}}/locations/{{location}}/repositories/{{repository_id}}/hooks/{{hook_id}}
+import_format:
+  - projects/{{project}}/locations/{{location}}/repositories/{{repository_id}}/hooks/{{hook_id}}
+  - "{{hook_id}}"
+timeouts:
+  insert_minutes: 20
+  update_minutes: 20
+  delete_minutes: 20
+autogen_async: true
+update_verb: PATCH
+update_mask: true
+async:
+  actions:
+    - create
+    - delete
+  type: OpAsync
+  operation:
+    base_url: "{{op_id}}"
+  result:
+    resource_inside_response: false
+custom_code: null
+examples:
+  - name: secure_source_manager_hook_basic
+    primary_resource_id: basic
+    vars:
+      hook_id: my-basic-hook
+      repository_id: my-basic-repository
+      instance_id: my-basic-instance
+      prevent_destroy: "true"
+      deletion_policy: '"PREVENT"'
+    test_vars_overrides:
+      prevent_destroy: "false"
+      'deletion_policy': '"DELETE"'
+    oics_vars_overrides:
+      prevent_destroy: "false"
+      'deletion_policy': '"DELETE"'
+    ignore_read_extra:
+      - 'deletion_policy'
+  - name: secure_source_manager_hook_with_fields
+    primary_resource_id: default
+    vars:
+      hook_id: my-initial-hook
+      repository_id: my-initial-repository
+      instance_id: my-initial-instance
+      prevent_destroy: "true"
+      deletion_policy: '"PREVENT"'
+    test_vars_overrides:
+      prevent_destroy: "false"
+      'deletion_policy': '"DELETE"'
+    oics_vars_overrides:
+      prevent_destroy: "false"
+      'deletion_policy': '"DELETE"'
+    ignore_read_extra:
+      - 'deletion_policy'
+parameters:
+  - name: hook_id
+    type: String
+    description: |
+      The ID for the Hook.
+    url_param_only: true
+    required: true
+  - name: location
+    type: String
+    description: |
+      The location for the Repository.
+    url_param_only: true
+    required: true
+  - name: repository_id
+    type: String
+    description: |
+      The ID for the Repository.
+    url_param_only: true
+    required: true
+properties:
+  - name: name
+    type: String
+    description: |
+      A unique identifier for a Hook. The name should be of the format:
+      `projects/{project}/locations/{location_id}/repositories/{repository_id}/hooks/{hook_id}`
+    output: true
+  - name: targetUri
+    type: String
+    description: |
+      The target URI to which the payloads will be delivered.
+    required: true
+  - name: disabled
+    type: Boolean
+    description: |
+      Determines if the hook disabled or not.
+      Set to true to stop sending traffic.
+  - name: events
+    type: Array
+    description: |
+      The events that trigger hook on.
+    item_type:
+      type: Enum
+      enum_values:
+        - PUSH
+        - PULL_REQUEST
+    default_from_api: true
+  - name: createTime
+    type: Time
+    description: |
+      Create timestamp.
+    output: true
+  - name: updateTime
+    type: Time
+    description: |
+      Update timestamp.
+    output: true
+  - name: uid
+    type: String
+    description: |
+      Unique identifier of the hook.
+    output: true
+  - name: sensitiveQueryString
+    type: String
+    sensitive: true
+    ignore_read: true
+    description: |
+      The sensitive query string to be appended to the target URI.
+  - name: pushOption
+    type: NestedObject
+    allow_empty_object: true
+    send_empty_value: true
+    default_from_api: true
+    description: |
+      The trigger option for push events.
+    properties:
+      - name: branchFilter
+        type: String
+        description: |
+          Trigger hook for matching branches only.
+          Specified as glob pattern. If empty or *, events for all branches are
+          reported. Examples: main, {main,release*}.
+          See https://pkg.go.dev/github.com/gobwas/glob documentation.

mmv1/templates/terraform/examples/secure_source_manager_hook_basic.tf.tmpl

@@ -0,0 +1,25 @@
+resource "google_secure_source_manager_instance" "instance" {
+    location = "us-central1"
+    instance_id = "{{index $.Vars "instance_id"}}"
+
+    # Prevent accidental deletions.
+    deletion_policy = "{{index $.Vars "deletion_policy"}}"
+}
+
+resource "google_secure_source_manager_repository" "repository" {
+    repository_id = "{{index $.Vars "repository_id"}}"
+    location = google_secure_source_manager_instance.instance.location
+    instance = google_secure_source_manager_instance.instance.name
+
+    # Prevent accidental deletions.
+    deletion_policy = "{{index $.Vars "deletion_policy"}}"
+}
+
+resource "google_secure_source_manager_hook" "basic" {
+    hook_id = "{{index $.Vars "hook_id"}}"
+    repository_id = google_secure_source_manager_repository.repository.repository_id
+    location = google_secure_source_manager_repository.repository.location
+    target_uri = "https://www.example.com"
+    # default event
+    events = ["PUSH"]
+}

mmv1/templates/terraform/examples/secure_source_manager_hook_pushoption_empty.tf.tmpl

@@ -0,0 +1,27 @@
+resource "google_secure_source_manager_instance" "instance" {
+    location = "us-central1"
+    instance_id = "{{index $.Vars "instance_id"}}"
+
+    # Prevent accidental deletions.
+    deletion_policy = "{{index $.Vars "deletion_policy"}}"
+}
+
+resource "google_secure_source_manager_repository" "repository" {
+    repository_id = "{{index $.Vars "repository_id"}}"
+    location = google_secure_source_manager_instance.instance.location
+    instance = google_secure_source_manager_instance.instance.name
+
+    # Prevent accidental deletions.
+    deletion_policy = "{{index $.Vars "deletion_policy"}}"
+}
+
+resource "google_secure_source_manager_hook" "push_option_empty" {
+    hook_id = "{{index $.Vars "hook_id"}}"
+    repository_id = google_secure_source_manager_repository.repository.repository_id
+    location = google_secure_source_manager_repository.repository.location
+    target_uri = "https://www.example.com"
+    # default event
+    events = ["PUSH"]
+    push_option {
+    }
+}

mmv1/templates/terraform/examples/secure_source_manager_hook_with_fields.tf.tmpl

@@ -0,0 +1,29 @@
+resource "google_secure_source_manager_instance" "instance" {
+    location = "us-central1"
+    instance_id = "{{index $.Vars "instance_id"}}"
+
+    # Prevent accidental deletions.
+    deletion_policy = "{{index $.Vars "deletion_policy"}}"
+}
+
+resource "google_secure_source_manager_repository" "repository" {
+    repository_id = "{{index $.Vars "repository_id"}}"
+    instance = google_secure_source_manager_instance.instance.name
+    location = google_secure_source_manager_instance.instance.location
+
+    # Prevent accidental deletions.
+    deletion_policy = "{{index $.Vars "deletion_policy"}}"
+}
+
+resource "google_secure_source_manager_hook" "default" {
+    hook_id = "{{index $.Vars "hook_id"}}"
+    location = google_secure_source_manager_repository.repository.location
+    repository_id = google_secure_source_manager_repository.repository.repository_id
+    target_uri = "https://www.example.com"
+    sensitive_query_string = "auth=fake_token"
+    disabled = false
+    push_option {
+        branch_filter = "main"
+    }
+    events = ["PUSH", "PULL_REQUEST"]
+}

mmv1/third_party/terraform/services/securesourcemanager/resource_secure_source_manager_hook_update_test.go

@@ -0,0 +1,109 @@
+package securesourcemanager_test
+
+import (
+	"testing"
+
+	"github.com/hashicorp/terraform-plugin-testing/helper/resource"
+	"github.com/hashicorp/terraform-provider-google/google/acctest"
+)
+
+func TestAccSecureSourceManagerHook_secureSourceManagerHookWithFieldsExample_update(t *testing.T) {
+	t.Parallel()
+
+	context := map[string]interface{}{
+		"deletion_policy": "DELETE",
+		"random_suffix":   acctest.RandString(t, 10),
+	}
+
+	acctest.VcrTest(t, resource.TestCase{
+		PreCheck:                 func() { acctest.AccTestPreCheck(t) },
+		ProtoV5ProviderFactories: acctest.ProtoV5ProviderFactories(t),
+		Steps: []resource.TestStep{
+			{
+				Config: testAccSecureSourceManagerHook_secureSourceManagerHookWithFieldsExample_full(context),
+			},
+			{
+				ResourceName:            "google_secure_source_manager_hook.default",
+				ImportState:             true,
+				ImportStateVerify:       true,
+				ImportStateVerifyIgnore: []string{"hook_id", "location", "repository_id", "sensitive_query_string"},
+			},
+			{
+				Config: testAccSecureSourceManagerHook_secureSourceManagerHookWithFieldsExample_update(context),
+			},
+			{
+				ResourceName:            "google_secure_source_manager_hook.default",
+				ImportState:             true,
+				ImportStateVerify:       true,
+				ImportStateVerifyIgnore: []string{"hook_id", "location", "repository_id", "sensitive_query_string"},
+			},
+		},
+	})
+}
+
+func testAccSecureSourceManagerHook_secureSourceManagerHookWithFieldsExample_full(context map[string]interface{}) string {
+	return acctest.Nprintf(`
+resource "google_secure_source_manager_instance" "instance" {
+    location = "us-central1"
+    instance_id = "tf-test-my-initial-instance%{random_suffix}"
+
+    # Prevent accidental deletions.
+    deletion_policy = "%{deletion_policy}"
+}
+
+resource "google_secure_source_manager_repository" "repository" {
+    repository_id = "tf-test-my-initial-repository%{random_suffix}"
+    instance = google_secure_source_manager_instance.instance.name
+    location = google_secure_source_manager_instance.instance.location
+
+    # Prevent accidental deletions.
+    deletion_policy = "%{deletion_policy}"
+}
+
+resource "google_secure_source_manager_hook" "default" {
+    hook_id = "tf-test-my-initial-hook%{random_suffix}"
+    location = google_secure_source_manager_repository.repository.location
+    repository_id = google_secure_source_manager_repository.repository.repository_id
+    events = ["PUSH", "PULL_REQUEST"]
+    push_option {
+        branch_filter = "main"
+    }
+    target_uri = "https://www.example.com"
+    sensitive_query_string = "auth=fake_token"
+    disabled = false
+}
+`, context)
+}
+
+func testAccSecureSourceManagerHook_secureSourceManagerHookWithFieldsExample_update(context map[string]interface{}) string {
+	return acctest.Nprintf(`
+resource "google_secure_source_manager_instance" "instance" {
+    location = "us-central1"
+    instance_id = "tf-test-my-initial-instance%{random_suffix}"
+
+    # Prevent accidental deletions.
+    deletion_policy = "%{deletion_policy}"
+}
+
+resource "google_secure_source_manager_repository" "repository" {
+    repository_id = "tf-test-my-initial-repository%{random_suffix}"
+    instance = google_secure_source_manager_instance.instance.name
+    location = google_secure_source_manager_instance.instance.location
+
+    # Prevent accidental deletions.
+    deletion_policy = "%{deletion_policy}"
+}
+
+resource "google_secure_source_manager_hook" "default" {
+    hook_id = "tf-test-my-initial-hook%{random_suffix}"
+    location = google_secure_source_manager_repository.repository.location
+    repository_id = google_secure_source_manager_repository.repository.repository_id
+    events = ["PUSH", "PULL_REQUEST"]
+    push_option {
+    }
+    target_uri = "https://www.update.com"
+    sensitive_query_string = "auth=fake_token"
+    disabled = true
+}
+`, context)
+}