Added Cloud Build v2 connection module (#3346)

* Added Cloud Build v2 connection module * Removed prefix as it is not necessary * Corrected mistake with comment_control * Corrected trigger name and updated README
2025-09-22 15:42:13 +02:00
parent d0e2a54948
commit e23edb46fd
15 changed files with 2266 additions and 1 deletions
--- a/tests/modules/cloud_build_v2_connection/examples/bitbucket-cloud.yaml
+++ b/tests/modules/cloud_build_v2_connection/examples/bitbucket-cloud.yaml
@@ -0,0 +1,246 @@
+# Copyright 2025 Google LLC
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#      http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+values:
+  module.cb_connection.google_cloudbuild_trigger.triggers["my-repository-my-trigger"]:
+    bitbucket_server_trigger_config: []
+    build: []
+    description: null
+    developer_connect_event_config: []
+    disabled: false
+    filename: cloudbuild.yaml
+    filter: null
+    git_file_source: []
+    github: []
+    ignored_files: null
+    include_build_logs: null
+    included_files: null
+    location: europe-west8
+    name: my-repository-my-trigger
+    project: test-my-project
+    pubsub_config: []
+    repository_event_config:
+    - pull_request: []
+      push:
+      - branch: main
+        invert_regex: null
+        tag: null
+    service_account: null
+    source_to_build: []
+    substitutions: null
+    tags: null
+    timeouts: null
+    trigger_template: []
+    webhook_config: []
+  module.cb_connection.google_cloudbuildv2_connection.connection[0]:
+    annotations: null
+    bitbucket_cloud_config:
+    - authorizer_credential:
+      - {}
+      read_authorizer_credential:
+      - {}
+      workspace: my-workspace
+    bitbucket_data_center_config: []
+    disabled: false
+    github_config: []
+    github_enterprise_config: []
+    gitlab_config: []
+    location: europe-west8
+    name: my-connection
+    project: test-my-project
+    timeouts: null
+  module.cb_connection.google_cloudbuildv2_connection_iam_binding.authoritative["roles/cloudbuild.connectionViewer"]:
+    condition: []
+    location: europe-west8
+    members:
+    - group:organization-admins@example.org
+    name: my-connection
+    project: test-my-project
+    role: roles/cloudbuild.connectionViewer
+  module.cb_connection.google_cloudbuildv2_repository.repositories["my-repository"]:
+    annotations: null
+    location: europe-west8
+    name: my-repository
+    parent_connection: my-connection
+    project: test-my-project
+    remote_uri: https://bitbucket.org/my-workspace/my-repository.git
+    timeouts: null
+  module.cb_service_account.google_service_account.service_account[0]:
+    account_id: cloudbuild
+    create_ignore_already_exists: null
+    description: null
+    disabled: false
+    display_name: Terraform-managed.
+    email: cloudbuild@test-my-project.iam.gserviceaccount.com
+    member: serviceAccount:cloudbuild@test-my-project.iam.gserviceaccount.com
+    project: test-my-project
+    timeouts: null
+  module.project.google_project.project[0]:
+    auto_create_network: false
+    billing_account: 123456-123456-123456
+    deletion_policy: DELETE
+    effective_labels:
+      goog-terraform-provisioned: 'true'
+    folder_id: '1122334455'
+    labels: null
+    name: test-my-project
+    org_id: null
+    project_id: test-my-project
+    tags: null
+    terraform_labels:
+      goog-terraform-provisioned: 'true'
+    timeouts: null
+  module.project.google_project_iam_binding.authoritative["roles/logging.logWriter"]:
+    condition: []
+    members:
+    - serviceAccount:cloudbuild@test-my-project.iam.gserviceaccount.com
+    project: test-my-project
+    role: roles/logging.logWriter
+  module.project.google_project_iam_member.service_agents["cloudbuild"]:
+    condition: []
+    project: test-my-project
+    role: roles/cloudbuild.serviceAgent
+  module.project.google_project_iam_member.service_agents["cloudbuild-sa"]:
+    condition: []
+    project: test-my-project
+    role: roles/cloudbuild.builds.builder
+  module.project.google_project_service.project_services["cloudbuild.googleapis.com"]:
+    disable_dependent_services: false
+    disable_on_destroy: false
+    project: test-my-project
+    service: cloudbuild.googleapis.com
+    timeouts: null
+  module.project.google_project_service.project_services["secretmanager.googleapis.com"]:
+    disable_dependent_services: false
+    disable_on_destroy: false
+    project: test-my-project
+    service: secretmanager.googleapis.com
+    timeouts: null
+  module.project.google_project_service_identity.default["secretmanager.googleapis.com"]:
+    project: test-my-project
+    service: secretmanager.googleapis.com
+    timeouts: null
+  module.secret_manager.google_secret_manager_secret.default["authorizer-credential"]:
+    annotations: null
+    deletion_protection: false
+    effective_labels:
+      goog-terraform-provisioned: 'true'
+    labels: null
+    project: test-my-project
+    replication:
+    - auto:
+      - customer_managed_encryption: []
+      user_managed: []
+    rotation: []
+    secret_id: authorizer-credential
+    tags: null
+    terraform_labels:
+      goog-terraform-provisioned: 'true'
+    timeouts: null
+    topics: []
+    ttl: null
+    version_aliases: null
+    version_destroy_ttl: null
+  module.secret_manager.google_secret_manager_secret.default["read-authorizer-credential"]:
+    annotations: null
+    deletion_protection: false
+    effective_labels:
+      goog-terraform-provisioned: 'true'
+    labels: null
+    project: test-my-project
+    replication:
+    - auto:
+      - customer_managed_encryption: []
+      user_managed: []
+    rotation: []
+    secret_id: read-authorizer-credential
+    tags: null
+    terraform_labels:
+      goog-terraform-provisioned: 'true'
+    timeouts: null
+    topics: []
+    ttl: null
+    version_aliases: null
+    version_destroy_ttl: null
+  module.secret_manager.google_secret_manager_secret.default["webhook-secret"]:
+    annotations: null
+    deletion_protection: false
+    effective_labels:
+      goog-terraform-provisioned: 'true'
+    labels: null
+    project: test-my-project
+    replication:
+    - auto:
+      - customer_managed_encryption: []
+      user_managed: []
+    rotation: []
+    secret_id: webhook-secret
+    tags: null
+    terraform_labels:
+      goog-terraform-provisioned: 'true'
+    timeouts: null
+    topics: []
+    ttl: null
+    version_aliases: null
+    version_destroy_ttl: null
+  ? module.secret_manager.google_secret_manager_secret_iam_binding.authoritative["authorizer-credential.roles/secretmanager.secretAccessor"]
+  : condition: []
+    role: roles/secretmanager.secretAccessor
+  ? module.secret_manager.google_secret_manager_secret_iam_binding.authoritative["read-authorizer-credential.roles/secretmanager.secretAccessor"]
+  : condition: []
+    role: roles/secretmanager.secretAccessor
+  ? module.secret_manager.google_secret_manager_secret_iam_binding.authoritative["webhook-secret.roles/secretmanager.secretAccessor"]
+  : condition: []
+    role: roles/secretmanager.secretAccessor
+  module.secret_manager.google_secret_manager_secret_version.default["authorizer-credential/v1"]:
+    deletion_policy: DELETE
+    enabled: true
+    is_secret_data_base64: false
+    secret_data: null
+    secret_data_wo: null
+    secret_data_wo_version: 1
+    timeouts: null
+  module.secret_manager.google_secret_manager_secret_version.default["read-authorizer-credential/v1"]:
+    deletion_policy: DELETE
+    enabled: true
+    is_secret_data_base64: false
+    secret_data: null
+    secret_data_wo: null
+    secret_data_wo_version: 1
+    timeouts: null
+  module.secret_manager.google_secret_manager_secret_version.default["webhook-secret/v1"]:
+    deletion_policy: DELETE
+    enabled: true
+    is_secret_data_base64: false
+    secret_data: null
+    secret_data_wo: null
+    secret_data_wo_version: 1
+    timeouts: null
+
+counts:
+  google_cloudbuild_trigger: 1
+  google_cloudbuildv2_connection: 1
+  google_cloudbuildv2_connection_iam_binding: 1
+  google_cloudbuildv2_repository: 1
+  google_project: 1
+  google_project_iam_binding: 1
+  google_project_iam_member: 2
+  google_project_service: 2
+  google_project_service_identity: 1
+  google_secret_manager_secret: 3
+  google_secret_manager_secret_iam_binding: 3
+  google_secret_manager_secret_version: 3
+  google_service_account: 1
+  modules: 4
+  resources: 21
--- a/tests/modules/cloud_build_v2_connection/examples/bitbucket-data-center.yaml
+++ b/tests/modules/cloud_build_v2_connection/examples/bitbucket-data-center.yaml
@@ -0,0 +1,248 @@
+# Copyright 2025 Google LLC
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#      http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+values:
+  module.cb_connection.google_cloudbuild_trigger.triggers["my-repository-my-trigger"]:
+    bitbucket_server_trigger_config: []
+    build: []
+    description: null
+    developer_connect_event_config: []
+    disabled: false
+    filename: cloudbuild.yaml
+    filter: null
+    git_file_source: []
+    github: []
+    ignored_files: null
+    include_build_logs: null
+    included_files: null
+    location: europe-west8
+    name: my-repository-my-trigger
+    project: test-my-project
+    pubsub_config: []
+    repository_event_config:
+    - pull_request: []
+      push:
+      - branch: main
+        invert_regex: null
+        tag: null
+    service_account: null
+    source_to_build: []
+    substitutions: null
+    tags: null
+    timeouts: null
+    trigger_template: []
+    webhook_config: []
+  module.cb_connection.google_cloudbuildv2_connection.connection[0]:
+    annotations: null
+    bitbucket_cloud_config: []
+    bitbucket_data_center_config:
+    - authorizer_credential:
+      - {}
+      host_uri: https://bbdc-host.com
+      read_authorizer_credential:
+      - {}
+      service_directory_config: []
+      ssl_ca: null
+    disabled: false
+    github_config: []
+    github_enterprise_config: []
+    gitlab_config: []
+    location: europe-west8
+    name: my-connection
+    project: test-my-project
+    timeouts: null
+  module.cb_connection.google_cloudbuildv2_connection_iam_binding.authoritative["roles/cloudbuild.connectionViewer"]:
+    condition: []
+    location: europe-west8
+    members:
+    - group:organization-admins@example.org
+    name: my-connection
+    project: test-my-project
+    role: roles/cloudbuild.connectionViewer
+  module.cb_connection.google_cloudbuildv2_repository.repositories["my-repository"]:
+    annotations: null
+    location: europe-west8
+    name: my-repository
+    parent_connection: my-connection
+    project: test-my-project
+    remote_uri: https://bbdc-host.com/scm/my-project/my-repository.git.
+    timeouts: null
+  module.cb_service_account.google_service_account.service_account[0]:
+    account_id: cloudbuild
+    create_ignore_already_exists: null
+    description: null
+    disabled: false
+    display_name: Terraform-managed.
+    email: cloudbuild@test-my-project.iam.gserviceaccount.com
+    member: serviceAccount:cloudbuild@test-my-project.iam.gserviceaccount.com
+    project: test-my-project
+    timeouts: null
+  module.project.google_project.project[0]:
+    auto_create_network: false
+    billing_account: 123456-123456-123456
+    deletion_policy: DELETE
+    effective_labels:
+      goog-terraform-provisioned: 'true'
+    folder_id: '1122334455'
+    labels: null
+    name: test-my-project
+    org_id: null
+    project_id: test-my-project
+    tags: null
+    terraform_labels:
+      goog-terraform-provisioned: 'true'
+    timeouts: null
+  module.project.google_project_iam_binding.authoritative["roles/logging.logWriter"]:
+    condition: []
+    members:
+    - serviceAccount:cloudbuild@test-my-project.iam.gserviceaccount.com
+    project: test-my-project
+    role: roles/logging.logWriter
+  module.project.google_project_iam_member.service_agents["cloudbuild"]:
+    condition: []
+    project: test-my-project
+    role: roles/cloudbuild.serviceAgent
+  module.project.google_project_iam_member.service_agents["cloudbuild-sa"]:
+    condition: []
+    project: test-my-project
+    role: roles/cloudbuild.builds.builder
+  module.project.google_project_service.project_services["cloudbuild.googleapis.com"]:
+    disable_dependent_services: false
+    disable_on_destroy: false
+    project: test-my-project
+    service: cloudbuild.googleapis.com
+    timeouts: null
+  module.project.google_project_service.project_services["secretmanager.googleapis.com"]:
+    disable_dependent_services: false
+    disable_on_destroy: false
+    project: test-my-project
+    service: secretmanager.googleapis.com
+    timeouts: null
+  module.project.google_project_service_identity.default["secretmanager.googleapis.com"]:
+    project: test-my-project
+    service: secretmanager.googleapis.com
+    timeouts: null
+  module.secret_manager.google_secret_manager_secret.default["authorizer-credential"]:
+    annotations: null
+    deletion_protection: false
+    effective_labels:
+      goog-terraform-provisioned: 'true'
+    labels: null
+    project: test-my-project
+    replication:
+    - auto:
+      - customer_managed_encryption: []
+      user_managed: []
+    rotation: []
+    secret_id: authorizer-credential
+    tags: null
+    terraform_labels:
+      goog-terraform-provisioned: 'true'
+    timeouts: null
+    topics: []
+    ttl: null
+    version_aliases: null
+    version_destroy_ttl: null
+  module.secret_manager.google_secret_manager_secret.default["read-authorizer-credential"]:
+    annotations: null
+    deletion_protection: false
+    effective_labels:
+      goog-terraform-provisioned: 'true'
+    labels: null
+    project: test-my-project
+    replication:
+    - auto:
+      - customer_managed_encryption: []
+      user_managed: []
+    rotation: []
+    secret_id: read-authorizer-credential
+    tags: null
+    terraform_labels:
+      goog-terraform-provisioned: 'true'
+    timeouts: null
+    topics: []
+    ttl: null
+    version_aliases: null
+    version_destroy_ttl: null
+  module.secret_manager.google_secret_manager_secret.default["webhook-secret"]:
+    annotations: null
+    deletion_protection: false
+    effective_labels:
+      goog-terraform-provisioned: 'true'
+    labels: null
+    project: test-my-project
+    replication:
+    - auto:
+      - customer_managed_encryption: []
+      user_managed: []
+    rotation: []
+    secret_id: webhook-secret
+    tags: null
+    terraform_labels:
+      goog-terraform-provisioned: 'true'
+    timeouts: null
+    topics: []
+    ttl: null
+    version_aliases: null
+    version_destroy_ttl: null
+  ? module.secret_manager.google_secret_manager_secret_iam_binding.authoritative["authorizer-credential.roles/secretmanager.secretAccessor"]
+  : condition: []
+    role: roles/secretmanager.secretAccessor
+  ? module.secret_manager.google_secret_manager_secret_iam_binding.authoritative["read-authorizer-credential.roles/secretmanager.secretAccessor"]
+  : condition: []
+    role: roles/secretmanager.secretAccessor
+  ? module.secret_manager.google_secret_manager_secret_iam_binding.authoritative["webhook-secret.roles/secretmanager.secretAccessor"]
+  : condition: []
+    role: roles/secretmanager.secretAccessor
+  module.secret_manager.google_secret_manager_secret_version.default["authorizer-credential/v1"]:
+    deletion_policy: DELETE
+    enabled: true
+    is_secret_data_base64: false
+    secret_data: null
+    secret_data_wo: null
+    secret_data_wo_version: 1
+    timeouts: null
+  module.secret_manager.google_secret_manager_secret_version.default["read-authorizer-credential/v1"]:
+    deletion_policy: DELETE
+    enabled: true
+    is_secret_data_base64: false
+    secret_data: null
+    secret_data_wo: null
+    secret_data_wo_version: 1
+    timeouts: null
+  module.secret_manager.google_secret_manager_secret_version.default["webhook-secret/v1"]:
+    deletion_policy: DELETE
+    enabled: true
+    is_secret_data_base64: false
+    secret_data: null
+    secret_data_wo: null
+    secret_data_wo_version: 1
+    timeouts: null
+
+counts:
+  google_cloudbuild_trigger: 1
+  google_cloudbuildv2_connection: 1
+  google_cloudbuildv2_connection_iam_binding: 1
+  google_cloudbuildv2_repository: 1
+  google_project: 1
+  google_project_iam_binding: 1
+  google_project_iam_member: 2
+  google_project_service: 2
+  google_project_service_identity: 1
+  google_secret_manager_secret: 3
+  google_secret_manager_secret_iam_binding: 3
+  google_secret_manager_secret_version: 3
+  google_service_account: 1
+  modules: 4
+  resources: 21
--- a/tests/modules/cloud_build_v2_connection/examples/github-enterprise.yaml
+++ b/tests/modules/cloud_build_v2_connection/examples/github-enterprise.yaml
@@ -0,0 +1,215 @@
+# Copyright 2025 Google LLC
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#      http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+values:
+  module.cb_connection.google_cloudbuild_trigger.triggers["my-repository-my-trigger"]:
+    bitbucket_server_trigger_config: []
+    build: []
+    description: null
+    developer_connect_event_config: []
+    disabled: false
+    filename: cloudbuild.yaml
+    filter: null
+    git_file_source: []
+    github: []
+    ignored_files: null
+    include_build_logs: null
+    included_files: null
+    location: europe-west8
+    name: my-repository-my-trigger
+    project: test-my-project
+    pubsub_config: []
+    repository_event_config:
+      - pull_request: []
+        push:
+          - branch: main
+            invert_regex: null
+            tag: null
+    service_account: null
+    source_to_build: []
+    substitutions: null
+    tags: null
+    timeouts: null
+    trigger_template: []
+    webhook_config: []
+  module.cb_connection.google_cloudbuildv2_connection.connection[0]:
+    annotations: null
+    bitbucket_cloud_config: []
+    bitbucket_data_center_config: []
+    disabled: false
+    github_config: []
+    github_enterprise_config:
+      - app_id: 1234567
+        app_installation_id: 123456789
+        app_slug: https://my-ghe-server.net/settings/apps/app-slug
+        host_uri: https://mmy-ghe-server.net.
+        service_directory_config: []
+        ssl_ca: null
+    gitlab_config: []
+    location: europe-west8
+    name: my-connection
+    project: test-my-project
+    timeouts: null
+  module.cb_connection.google_cloudbuildv2_connection_iam_binding.authoritative["roles/cloudbuild.connectionViewer"]:
+    condition: []
+    location: europe-west8
+    members:
+      - group:organization-admins@example.org
+    name: my-connection
+    project: test-my-project
+    role: roles/cloudbuild.connectionViewer
+  module.cb_connection.google_cloudbuildv2_repository.repositories["my-repository"]:
+    annotations: null
+    location: europe-west8
+    name: my-repository
+    parent_connection: my-connection
+    project: test-my-project
+    remote_uri: https://github.com/my-user/my-repo.git
+    timeouts: null
+  module.cb_service_account.google_service_account.service_account[0]:
+    account_id: cloudbuild
+    create_ignore_already_exists: null
+    description: null
+    disabled: false
+    display_name: Terraform-managed.
+    email: cloudbuild@test-my-project.iam.gserviceaccount.com
+    member: serviceAccount:cloudbuild@test-my-project.iam.gserviceaccount.com
+    project: test-my-project
+    timeouts: null
+  module.project.google_project.project[0]:
+    auto_create_network: false
+    billing_account: 123456-123456-123456
+    deletion_policy: DELETE
+    effective_labels:
+      goog-terraform-provisioned: "true"
+    folder_id: "1122334455"
+    labels: null
+    name: test-my-project
+    org_id: null
+    project_id: test-my-project
+    tags: null
+    terraform_labels:
+      goog-terraform-provisioned: "true"
+    timeouts: null
+  module.project.google_project_iam_binding.authoritative["roles/logging.logWriter"]:
+    condition: []
+    members:
+      - serviceAccount:cloudbuild@test-my-project.iam.gserviceaccount.com
+    project: test-my-project
+    role: roles/logging.logWriter
+  module.project.google_project_iam_member.service_agents["cloudbuild"]:
+    condition: []
+    project: test-my-project
+    role: roles/cloudbuild.serviceAgent
+  module.project.google_project_iam_member.service_agents["cloudbuild-sa"]:
+    condition: []
+    project: test-my-project
+    role: roles/cloudbuild.builds.builder
+  module.project.google_project_service.project_services["cloudbuild.googleapis.com"]:
+    disable_dependent_services: false
+    disable_on_destroy: false
+    project: test-my-project
+    service: cloudbuild.googleapis.com
+    timeouts: null
+  module.project.google_project_service.project_services["secretmanager.googleapis.com"]:
+    disable_dependent_services: false
+    disable_on_destroy: false
+    project: test-my-project
+    service: secretmanager.googleapis.com
+    timeouts: null
+  module.project.google_project_service_identity.default["secretmanager.googleapis.com"]:
+    project: test-my-project
+    service: secretmanager.googleapis.com
+    timeouts: null
+  module.secret_manager.google_secret_manager_secret.default["private-key-secret"]:
+    annotations: null
+    deletion_protection: false
+    effective_labels:
+      goog-terraform-provisioned: "true"
+    labels: null
+    project: test-my-project
+    replication:
+      - auto:
+          - customer_managed_encryption: []
+        user_managed: []
+    rotation: []
+    secret_id: private-key-secret
+    tags: null
+    terraform_labels:
+      goog-terraform-provisioned: "true"
+    timeouts: null
+    topics: []
+    ttl: null
+    version_aliases: null
+    version_destroy_ttl: null
+  module.secret_manager.google_secret_manager_secret.default["webhook-secret"]:
+    annotations: null
+    deletion_protection: false
+    effective_labels:
+      goog-terraform-provisioned: "true"
+    labels: null
+    project: test-my-project
+    replication:
+      - auto:
+          - customer_managed_encryption: []
+        user_managed: []
+    rotation: []
+    secret_id: webhook-secret
+    tags: null
+    terraform_labels:
+      goog-terraform-provisioned: "true"
+    timeouts: null
+    topics: []
+    ttl: null
+    version_aliases: null
+    version_destroy_ttl: null
+  module.secret_manager.google_secret_manager_secret_iam_binding.authoritative["private-key-secret.roles/secretmanager.secretAccessor"]:
+    condition: []
+    role: roles/secretmanager.secretAccessor
+  module.secret_manager.google_secret_manager_secret_iam_binding.authoritative["webhook-secret.roles/secretmanager.secretAccessor"]:
+    condition: []
+    role: roles/secretmanager.secretAccessor
+  module.secret_manager.google_secret_manager_secret_version.default["private-key-secret/v1"]:
+    deletion_policy: DELETE
+    enabled: true
+    is_secret_data_base64: false
+    secret_data: null
+    secret_data_wo: null
+    secret_data_wo_version: 1
+    timeouts: null
+  module.secret_manager.google_secret_manager_secret_version.default["webhook-secret/v1"]:
+    deletion_policy: DELETE
+    enabled: true
+    is_secret_data_base64: false
+    secret_data: null
+    secret_data_wo: null
+    secret_data_wo_version: 1
+    timeouts: null
+
+counts:
+  google_cloudbuild_trigger: 1
+  google_cloudbuildv2_connection: 1
+  google_cloudbuildv2_connection_iam_binding: 1
+  google_cloudbuildv2_repository: 1
+  google_project: 1
+  google_project_iam_binding: 1
+  google_project_iam_member: 2
+  google_project_service: 2
+  google_project_service_identity: 1
+  google_secret_manager_secret: 2
+  google_secret_manager_secret_iam_binding: 2
+  google_secret_manager_secret_version: 2
+  google_service_account: 1
+  modules: 4
+  resources: 18
--- a/tests/modules/cloud_build_v2_connection/examples/github.yaml
+++ b/tests/modules/cloud_build_v2_connection/examples/github.yaml
@@ -0,0 +1,180 @@
+# Copyright 2025 Google LLC
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#      http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+values:
+  module.cb_connection.google_cloudbuild_trigger.triggers["my-repository-my-trigger"]:
+    bitbucket_server_trigger_config: []
+    build: []
+    description: null
+    developer_connect_event_config: []
+    disabled: false
+    filename: cloudbuild.yaml
+    filter: null
+    git_file_source: []
+    github: []
+    ignored_files: null
+    include_build_logs: null
+    included_files: null
+    location: europe-west8
+    name: my-repository-my-trigger
+    project: test-my-project
+    pubsub_config: []
+    repository_event_config:
+      - pull_request: []
+        push:
+          - branch: main
+            invert_regex: null
+            tag: null
+    service_account: null
+    source_to_build: []
+    substitutions: null
+    tags: null
+    timeouts: null
+    trigger_template: []
+    webhook_config: []
+  module.cb_connection.google_cloudbuildv2_connection.connection[0]:
+    annotations: null
+    bitbucket_cloud_config: []
+    bitbucket_data_center_config: []
+    disabled: false
+    github_config:
+      - app_installation_id: null
+        authorizer_credential:
+          - {}
+    github_enterprise_config: []
+    gitlab_config: []
+    location: europe-west8
+    name: my-connection
+    project: test-my-project
+    timeouts: null
+  module.cb_connection.google_cloudbuildv2_connection_iam_binding.authoritative["roles/cloudbuild.connectionViewer"]:
+    condition: []
+    location: europe-west8
+    members:
+      - group:organization-admins@example.org
+    name: my-connection
+    project: test-my-project
+    role: roles/cloudbuild.connectionViewer
+  module.cb_connection.google_cloudbuildv2_repository.repositories["my-repository"]:
+    annotations: null
+    location: europe-west8
+    name: my-repository
+    parent_connection: my-connection
+    project: test-my-project
+    remote_uri: https://github.com/my-user/my-repo.git
+    timeouts: null
+  module.cb_service_account.google_service_account.service_account[0]:
+    account_id: cloudbuild
+    create_ignore_already_exists: null
+    description: null
+    disabled: false
+    display_name: Terraform-managed.
+    email: cloudbuild@test-my-project.iam.gserviceaccount.com
+    member: serviceAccount:cloudbuild@test-my-project.iam.gserviceaccount.com
+    project: test-my-project
+    timeouts: null
+  module.project.google_project.project[0]:
+    auto_create_network: false
+    billing_account: 123456-123456-123456
+    deletion_policy: DELETE
+    effective_labels:
+      goog-terraform-provisioned: "true"
+    folder_id: "1122334455"
+    labels: null
+    name: test-my-project
+    org_id: null
+    project_id: test-my-project
+    tags: null
+    terraform_labels:
+      goog-terraform-provisioned: "true"
+    timeouts: null
+  module.project.google_project_iam_binding.authoritative["roles/logging.logWriter"]:
+    condition: []
+    members:
+      - serviceAccount:cloudbuild@test-my-project.iam.gserviceaccount.com
+    project: test-my-project
+    role: roles/logging.logWriter
+  module.project.google_project_iam_member.service_agents["cloudbuild"]:
+    condition: []
+    project: test-my-project
+    role: roles/cloudbuild.serviceAgent
+  module.project.google_project_iam_member.service_agents["cloudbuild-sa"]:
+    condition: []
+    project: test-my-project
+    role: roles/cloudbuild.builds.builder
+  module.project.google_project_service.project_services["cloudbuild.googleapis.com"]:
+    disable_dependent_services: false
+    disable_on_destroy: false
+    project: test-my-project
+    service: cloudbuild.googleapis.com
+    timeouts: null
+  module.project.google_project_service.project_services["secretmanager.googleapis.com"]:
+    disable_dependent_services: false
+    disable_on_destroy: false
+    project: test-my-project
+    service: secretmanager.googleapis.com
+    timeouts: null
+  module.project.google_project_service_identity.default["secretmanager.googleapis.com"]:
+    project: test-my-project
+    service: secretmanager.googleapis.com
+    timeouts: null
+  module.secret_manager.google_secret_manager_secret.default["authorizer-credential"]:
+    annotations: null
+    deletion_protection: false
+    effective_labels:
+      goog-terraform-provisioned: "true"
+    labels: null
+    project: test-my-project
+    replication:
+      - auto:
+          - customer_managed_encryption: []
+        user_managed: []
+    rotation: []
+    secret_id: authorizer-credential
+    tags: null
+    terraform_labels:
+      goog-terraform-provisioned: "true"
+    timeouts: null
+    topics: []
+    ttl: null
+    version_aliases: null
+    version_destroy_ttl: null
+  module.secret_manager.google_secret_manager_secret_iam_binding.authoritative["authorizer-credential.roles/secretmanager.secretAccessor"]:
+    condition: []
+    role: roles/secretmanager.secretAccessor
+  module.secret_manager.google_secret_manager_secret_version.default["authorizer-credential/v1"]:
+    deletion_policy: DELETE
+    enabled: true
+    is_secret_data_base64: false
+    secret_data: null
+    secret_data_wo: null
+    secret_data_wo_version: 1
+    timeouts: null
+
+counts:
+  google_cloudbuild_trigger: 1
+  google_cloudbuildv2_connection: 1
+  google_cloudbuildv2_connection_iam_binding: 1
+  google_cloudbuildv2_repository: 1
+  google_project: 1
+  google_project_iam_binding: 1
+  google_project_iam_member: 2
+  google_project_service: 2
+  google_project_service_identity: 1
+  google_secret_manager_secret: 1
+  google_secret_manager_secret_iam_binding: 1
+  google_secret_manager_secret_version: 1
+  google_service_account: 1
+  modules: 4
+  resources: 15
--- a/tests/modules/cloud_build_v2_connection/examples/gitlab.yaml
+++ b/tests/modules/cloud_build_v2_connection/examples/gitlab.yaml
@@ -0,0 +1,243 @@
+# Copyright 2025 Google LLC
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#      http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+values:
+  module.cb_connection.google_cloudbuild_trigger.triggers["my-repository-my-trigger"]:
+    bitbucket_server_trigger_config: []
+    build: []
+    description: null
+    developer_connect_event_config: []
+    disabled: false
+    filename: cloudbuild.yaml
+    filter: null
+    git_file_source: []
+    github: []
+    ignored_files: null
+    include_build_logs: null
+    included_files: null
+    location: europe-west8
+    name: my-repository-my-trigger
+    project: test-my-project
+    pubsub_config: []
+    repository_event_config:
+      - pull_request: []
+        push:
+          - branch: main
+            invert_regex: null
+            tag: null
+    service_account: null
+    source_to_build: []
+    substitutions: null
+    tags: null
+    timeouts: null
+    trigger_template: []
+    webhook_config: []
+  module.cb_connection.google_cloudbuildv2_connection.connection[0]:
+    annotations: null
+    bitbucket_cloud_config: []
+    bitbucket_data_center_config: []
+    disabled: false
+    github_config: []
+    github_enterprise_config: []
+    gitlab_config:
+      - service_directory_config: []
+        ssl_ca: null
+    location: europe-west8
+    name: my-connection
+    project: test-my-project
+    timeouts: null
+  module.cb_connection.google_cloudbuildv2_connection_iam_binding.authoritative["roles/cloudbuild.connectionViewer"]:
+    condition: []
+    location: europe-west8
+    members:
+      - group:organization-admins@example.org
+    name: my-connection
+    project: test-my-project
+    role: roles/cloudbuild.connectionViewer
+  module.cb_connection.google_cloudbuildv2_repository.repositories["my-repository"]:
+    annotations: null
+    location: europe-west8
+    name: my-repository
+    parent_connection: my-connection
+    project: test-my-project
+    remote_uri: https://github.com/my-user/my-repo.git
+    timeouts: null
+  module.cb_service_account.google_service_account.service_account[0]:
+    account_id: cloudbuild
+    create_ignore_already_exists: null
+    description: null
+    disabled: false
+    display_name: Terraform-managed.
+    email: cloudbuild@test-my-project.iam.gserviceaccount.com
+    member: serviceAccount:cloudbuild@test-my-project.iam.gserviceaccount.com
+    project: test-my-project
+    timeouts: null
+  module.project.google_project.project[0]:
+    auto_create_network: false
+    billing_account: 123456-123456-123456
+    deletion_policy: DELETE
+    effective_labels:
+      goog-terraform-provisioned: "true"
+    folder_id: "1122334455"
+    labels: null
+    name: test-my-project
+    org_id: null
+    project_id: test-my-project
+    tags: null
+    terraform_labels:
+      goog-terraform-provisioned: "true"
+    timeouts: null
+  module.project.google_project_iam_binding.authoritative["roles/logging.logWriter"]:
+    condition: []
+    members:
+      - serviceAccount:cloudbuild@test-my-project.iam.gserviceaccount.com
+    project: test-my-project
+    role: roles/logging.logWriter
+  module.project.google_project_iam_member.service_agents["cloudbuild"]:
+    condition: []
+    project: test-my-project
+    role: roles/cloudbuild.serviceAgent
+  module.project.google_project_iam_member.service_agents["cloudbuild-sa"]:
+    condition: []
+    project: test-my-project
+    role: roles/cloudbuild.builds.builder
+  module.project.google_project_service.project_services["cloudbuild.googleapis.com"]:
+    disable_dependent_services: false
+    disable_on_destroy: false
+    project: test-my-project
+    service: cloudbuild.googleapis.com
+    timeouts: null
+  module.project.google_project_service.project_services["secretmanager.googleapis.com"]:
+    disable_dependent_services: false
+    disable_on_destroy: false
+    project: test-my-project
+    service: secretmanager.googleapis.com
+    timeouts: null
+  module.project.google_project_service_identity.default["secretmanager.googleapis.com"]:
+    project: test-my-project
+    service: secretmanager.googleapis.com
+    timeouts: null
+  module.secret_manager.google_secret_manager_secret.default["authorizer-credential"]:
+    annotations: null
+    deletion_protection: false
+    effective_labels:
+      goog-terraform-provisioned: "true"
+    labels: null
+    project: test-my-project
+    replication:
+      - auto:
+          - customer_managed_encryption: []
+        user_managed: []
+    rotation: []
+    secret_id: authorizer-credential
+    tags: null
+    terraform_labels:
+      goog-terraform-provisioned: "true"
+    timeouts: null
+    topics: []
+    ttl: null
+    version_aliases: null
+    version_destroy_ttl: null
+  module.secret_manager.google_secret_manager_secret.default["read-authorizer-credential"]:
+    annotations: null
+    deletion_protection: false
+    effective_labels:
+      goog-terraform-provisioned: "true"
+    labels: null
+    project: test-my-project
+    replication:
+      - auto:
+          - customer_managed_encryption: []
+        user_managed: []
+    rotation: []
+    secret_id: read-authorizer-credential
+    tags: null
+    terraform_labels:
+      goog-terraform-provisioned: "true"
+    timeouts: null
+    topics: []
+    ttl: null
+    version_aliases: null
+    version_destroy_ttl: null
+  module.secret_manager.google_secret_manager_secret.default["webhook-secret"]:
+    annotations: null
+    deletion_protection: false
+    effective_labels:
+      goog-terraform-provisioned: "true"
+    labels: null
+    project: test-my-project
+    replication:
+      - auto:
+          - customer_managed_encryption: []
+        user_managed: []
+    rotation: []
+    secret_id: webhook-secret
+    tags: null
+    terraform_labels:
+      goog-terraform-provisioned: "true"
+    timeouts: null
+    topics: []
+    ttl: null
+    version_aliases: null
+    version_destroy_ttl: null
+  module.secret_manager.google_secret_manager_secret_iam_binding.authoritative["authorizer-credential.roles/secretmanager.secretAccessor"]:
+    condition: []
+    role: roles/secretmanager.secretAccessor
+  module.secret_manager.google_secret_manager_secret_iam_binding.authoritative["read-authorizer-credential.roles/secretmanager.secretAccessor"]:
+    condition: []
+    role: roles/secretmanager.secretAccessor
+  module.secret_manager.google_secret_manager_secret_iam_binding.authoritative["webhook-secret.roles/secretmanager.secretAccessor"]:
+    condition: []
+    role: roles/secretmanager.secretAccessor
+  module.secret_manager.google_secret_manager_secret_version.default["authorizer-credential/v1"]:
+    deletion_policy: DELETE
+    enabled: true
+    is_secret_data_base64: false
+    secret_data: null
+    secret_data_wo: null
+    secret_data_wo_version: 1
+    timeouts: null
+  module.secret_manager.google_secret_manager_secret_version.default["read-authorizer-credential/v1"]:
+    deletion_policy: DELETE
+    enabled: true
+    is_secret_data_base64: false
+    secret_data: null
+    secret_data_wo: null
+    secret_data_wo_version: 1
+    timeouts: null
+  module.secret_manager.google_secret_manager_secret_version.default["webhook-secret/v1"]:
+    deletion_policy: DELETE
+    enabled: true
+    is_secret_data_base64: false
+    secret_data: null
+    secret_data_wo: null
+    secret_data_wo_version: 1
+    timeouts: null
+
+counts:
+  google_cloudbuild_trigger: 1
+  google_cloudbuildv2_connection: 1
+  google_cloudbuildv2_connection_iam_binding: 1
+  google_cloudbuildv2_repository: 1
+  google_project: 1
+  google_project_iam_binding: 1
+  google_project_iam_member: 2
+  google_project_service: 2
+  google_project_service_identity: 1
+  google_secret_manager_secret: 3
+  google_secret_manager_secret_iam_binding: 3
+  google_secret_manager_secret_version: 3
+  google_service_account: 1
+  modules: 4
+  resources: 21