adding new google_secure_source_manager_branch_rule resource (#11709)

Co-authored-by: Zhenhua Li <[email protected]>

mmv1/products/securesourcemanager/BranchRule.yaml

@@ -0,0 +1,142 @@
+# Copyright 2024 Google Inc.
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+---
+name: 'BranchRule'
+description: 'BranchRule is the protection rule to enforce pre-defined rules on designated branches within a repository.'
+references:
+  guides:
+    'Official Documentation': 'https://cloud.google.com/secure-source-manager/docs/overview'
+docs:
+id_format: 'projects/{{project}}/locations/{{location}}/repositories/{{repository_id}}/branchRules/{{branch_rule_id}}'
+base_url: 'projects/{{project}}/locations/{{location}}/repositories/{{repository_id}}/branchRules?branch_rule_id={{branch_rule_id}}'
+self_link: 'projects/{{project}}/locations/{{location}}/repositories/{{repository_id}}/branchRules/{{branch_rule_id}}'
+import_format:
+  - 'projects/{{project}}/locations/{{location}}/repositories/{{repository_id}}/branchRules/{{branch_rule_id}}'
+  - '{{branch_rule_id}}'
+timeouts:
+  insert_minutes: 20
+  update_minutes: 20
+  delete_minutes: 20
+autogen_async: true
+update_verb: 'PATCH'
+update_mask: true
+async:
+  actions: ['create', 'delete']
+  type: 'OpAsync'
+  operation:
+    base_url: '{{op_id}}'
+    wait_ms: 1000
+  result:
+    path: 'response'
+    resource_inside_response: false
+  error:
+    path: 'error'
+    message: 'message'
+custom_code:
+examples:
+  - name: 'secure_source_manager_branch_rule_basic'
+    primary_resource_id: 'basic'
+    vars:
+      branch_rule_id: 'my-basic-branchrule'
+      repository_id: 'my-basic-repository'
+      instance_id: 'my-basic-instance'
+      prevent_destroy: 'true'
+    test_vars_overrides:
+      'prevent_destroy': 'false'
+    oics_vars_overrides:
+      'prevent_destroy': 'false'
+  - name: 'secure_source_manager_branch_rule_with_fields'
+    primary_resource_id: 'default'
+    vars:
+      branch_rule_id: 'my-initial-branchrule'
+      repository_id: 'my-initial-repository'
+      instance_id: 'my-initial-instance'
+      prevent_destroy: 'true'
+    test_vars_overrides:
+      'prevent_destroy': 'false'
+    oics_vars_overrides:
+      'prevent_destroy': 'false'
+parameters:
+  - name: 'branch_rule_id'
+    type: String
+    description: |
+      The ID for the BranchRule.
+    url_param_only: true
+    required: true
+  - name: 'location'
+    type: String
+    description: |
+      The location for the Repository.
+    url_param_only: true
+    required: true
+  - name: 'repository_id'
+    type: String
+    description: |
+      The ID for the Repository.
+    url_param_only: true
+    required: true
+properties:
+  - name: 'name'
+    type: String
+    description: |
+      The resource name for the BranchRule.
+    output: true
+  - name: 'uid'
+    type: String
+    description: |
+      Unique identifier of the BranchRule.
+    output: true
+  - name: 'createTime'
+    type: Time
+    description: |
+      Time the BranchRule was created in UTC.
+    output: true
+  - name: 'updateTime'
+    type: Time
+    description: |
+      Time the BranchRule was updated in UTC.
+    output: true
+  - name: 'includePattern'
+    type: String
+    description: |
+      The BranchRule matches branches based on the specified regular expression. Use .* to match all branches.
+    required: true
+  - name: 'disabled'
+    type: Boolean
+    description: |
+      Determines if the branch rule is disabled or not.
+  - name: 'requirePullRequest'
+    type: Boolean
+    description: |
+      Determines if the branch rule requires a pull request or not.
+  - name: 'minimumReviewsCount'
+    type: Integer
+    description: |
+      The minimum number of reviews required for the branch rule to be matched.
+  - name: 'minimumApprovalsCount'
+    type: Integer
+    description: |
+      The minimum number of approvals required for the branch rule to be matched.
+  - name: 'requireCommentsResolved'
+    type: Boolean
+    description: |
+      Determines if require comments resolved before merging to the branch.
+  - name: 'allowStaleReviews'
+    type: Boolean
+    description: |
+      Determines if allow stale reviews or approvals before merging to the branch.
+  - name: 'requireLinearHistory'
+    type: Boolean
+    description: |
+      Determines if require linear history before merging to the branch.

mmv1/templates/terraform/examples/secure_source_manager_branch_rule_basic.tf.tmpl

@@ -0,0 +1,26 @@
+resource "google_secure_source_manager_instance" "instance" {
+    location = "us-central1"
+    instance_id = "{{index $.Vars "instance_id"}}"
+    # Prevent accidental deletions.
+    lifecycle {
+        prevent_destroy = "{{index $.Vars "prevent_destroy"}}"
+    }
+}
+
+resource "google_secure_source_manager_repository" "repository" {
+    repository_id = "{{index $.Vars "repository_id"}}"
+    location = google_secure_source_manager_instance.instance.location
+    instance = google_secure_source_manager_instance.instance.name
+    # Prevent accidental deletions.
+    lifecycle {
+        prevent_destroy = "{{index $.Vars "prevent_destroy"}}"
+    }
+}
+
+resource "google_secure_source_manager_branch_rule" "basic" {
+    branch_rule_id = "{{index $.Vars "branch_rule_id"}}"
+    repository_id = google_secure_source_manager_repository.repository.repository_id
+    location = google_secure_source_manager_repository.repository.location
+    # This field is required for BranchRule creation
+    include_pattern = "main"
+}

mmv1/templates/terraform/examples/secure_source_manager_branch_rule_with_fields.tf.tmpl

@@ -0,0 +1,32 @@
+resource "google_secure_source_manager_instance" "instance" {
+    location = "us-central1"
+    instance_id = "{{index $.Vars "instance_id"}}"
+    # Prevent accidental deletions.
+    lifecycle {
+        prevent_destroy = "{{index $.Vars "prevent_destroy"}}"
+    }
+}
+
+resource "google_secure_source_manager_repository" "repository" {
+    repository_id = "{{index $.Vars "repository_id"}}"
+    instance = google_secure_source_manager_instance.instance.name
+    location = google_secure_source_manager_instance.instance.location
+    # Prevent accidental deletions.
+    lifecycle {
+        prevent_destroy = "{{index $.Vars "prevent_destroy"}}"
+    }
+}
+
+resource "google_secure_source_manager_branch_rule" "default" {
+    branch_rule_id = "{{index $.Vars "branch_rule_id"}}"
+    location = google_secure_source_manager_repository.repository.location
+    repository_id = google_secure_source_manager_repository.repository.repository_id
+    include_pattern = "test"
+    minimum_approvals_count   = 2
+    minimum_reviews_count     = 2
+    require_comments_resolved = true
+    require_linear_history    = true
+    require_pull_request      = true
+    disabled = false
+    allow_stale_reviews = false
+}

mmv1/third_party/terraform/services/securesourcemanager/resource_secure_source_manager_branch_rule_update_test.go

@@ -0,0 +1,112 @@
+package securesourcemanager_test
+
+import (
+	"testing"
+
+	"github.com/hashicorp/terraform-plugin-testing/helper/resource"
+	"github.com/hashicorp/terraform-provider-google/google/acctest"
+)
+
+func TestAccSecureSourceManagerBranchRule_secureSourceManagerBranchRuleWithFieldsExample_update(t *testing.T) {
+	t.Parallel()
+
+	context := map[string]interface{}{
+		"prevent_destroy": false,
+		"random_suffix":   acctest.RandString(t, 10),
+	}
+
+	acctest.VcrTest(t, resource.TestCase{
+		PreCheck:                 func() { acctest.AccTestPreCheck(t) },
+		ProtoV5ProviderFactories: acctest.ProtoV5ProviderFactories(t),
+		Steps: []resource.TestStep{
+			{
+				Config: testAccSecureSourceManagerBranchRule_secureSourceManagerBranchRuleWithFieldsExample_full(context),
+			},
+			{
+				ResourceName:            "google_secure_source_manager_branch_rule.default",
+				ImportState:             true,
+				ImportStateVerify:       true,
+				ImportStateVerifyIgnore: []string{"branch_rule_id", "location", "repository_id"},
+			},
+			{
+				Config: testAccSecureSourceManagerBranchRule_secureSourceManagerBranchRuleWithFieldsExample_update(context),
+			},
+			{
+				ResourceName:            "google_secure_source_manager_branch_rule.default",
+				ImportState:             true,
+				ImportStateVerify:       true,
+				ImportStateVerifyIgnore: []string{"branch_rule_id", "location", "repository_id"},
+			},
+		},
+	})
+}
+
+func testAccSecureSourceManagerBranchRule_secureSourceManagerBranchRuleWithFieldsExample_full(context map[string]interface{}) string {
+	return acctest.Nprintf(`
+resource "google_secure_source_manager_instance" "instance" {
+    location = "us-central1"
+    instance_id = "tf-test-my-initial-instance%{random_suffix}"
+    # Prevent accidental deletions.
+    lifecycle {
+        prevent_destroy = "%{prevent_destroy}"
+    }
+}
+
+resource "google_secure_source_manager_repository" "repository" {
+    repository_id = "tf-test-my-initial-repository%{random_suffix}"
+    instance = google_secure_source_manager_instance.instance.name
+    location = google_secure_source_manager_instance.instance.location
+    # Prevent accidental deletions.
+    lifecycle {
+        prevent_destroy = "%{prevent_destroy}"
+    }
+}
+
+resource "google_secure_source_manager_branch_rule" "default" {
+    branch_rule_id = "tf-test-my-initial-branchrule%{random_suffix}"
+    location = google_secure_source_manager_repository.repository.location
+    repository_id = google_secure_source_manager_repository.repository.repository_id
+    include_pattern = "test"
+    minimum_approvals_count   = 2
+    minimum_reviews_count     = 2
+    require_comments_resolved = true
+    require_linear_history    = true
+    require_pull_request      = true
+    disabled = false
+    allow_stale_reviews = false
+}
+`, context)
+}
+
+func testAccSecureSourceManagerBranchRule_secureSourceManagerBranchRuleWithFieldsExample_update(context map[string]interface{}) string {
+	return acctest.Nprintf(`
+resource "google_secure_source_manager_instance" "instance" {
+	location = "us-central1"
+	instance_id = "tf-test-my-initial-instance%{random_suffix}"
+	# Prevent accidental deletions.
+	lifecycle {
+		prevent_destroy = "%{prevent_destroy}"
+	}
+}
+
+resource "google_secure_source_manager_repository" "repository" {
+    repository_id = "tf-test-my-initial-repository%{random_suffix}"
+    instance = google_secure_source_manager_instance.instance.name
+    location = google_secure_source_manager_instance.instance.location
+    # Prevent accidental deletions.
+    lifecycle {
+        prevent_destroy = "%{prevent_destroy}"
+    }
+}
+
+resource "google_secure_source_manager_branch_rule" "default" {
+    branch_rule_id = "tf-test-my-initial-branchrule%{random_suffix}"
+	location = google_secure_source_manager_repository.repository.location
+    repository_id = google_secure_source_manager_repository.repository.repository_id
+    include_pattern = "test"
+    minimum_approvals_count   = 1
+    minimum_reviews_count     = 1
+    require_linear_history    = false
+}
+`, context)
+}