Google Cloud Source Repository Module
This module allows managing a single Cloud Source Repository, including IAM bindings and basic Cloud Build triggers.
module "repo" {
source = " ./fabric/modules/source-repository"
project_id = " my-project"
name = " my-repo"
iam = {
" roles/source.reader" = [" user:foo@example.com" ]
}
iam_bindings_additive = {
am1-reader = {
member = " user:am1@example.com"
role = " roles/source.reader"
}
}
}
# tftest modules=1 resources=3 inventory=simple.yaml
Repository with Cloud Build trigger
module "repo" {
source = " ./fabric/modules/source-repository"
project_id = " my-project"
name = " my-repo"
triggers = {
foo = {
filename = " ci/workflow-foo.yaml"
included_files = [" **/*tf" ]
service_account = null
substitutions = {
BAR = 1
}
template = {
branch_name = " main"
project_id = null
tag_name = null
}
}
}
}
# tftest modules=1 resources=2 inventory=trigger.yaml
name
description
resources
iam.tf
IAM bindings.
google_sourcerepo_repository_iam_binding
· google_sourcerepo_repository_iam_member
main.tf
Module-level locals and resources.
google_cloudbuild_trigger
· google_sourcerepo_repository
outputs.tf
Module outputs.
variables-iam.tf
None
variables.tf
Module variables.
versions.tf
Version pins.
name
description
type
required
default
name
Repository name.
string
✓
project_id
Project used for resources.
string
✓
iam
IAM bindings in {ROLE => [MEMBERS]} format.
map(list(string))
{}
iam_bindings
Authoritative IAM bindings in {KEY => {role = ROLE, members = [], condition = {}}}. Keys are arbitrary.
map(object({…}))
{}
iam_bindings_additive
Individual additive IAM bindings. Keys are arbitrary.
map(object({…}))
{}
iam_by_principals
Authoritative IAM binding in {PRINCIPAL => [ROLES]} format. Principals need to be statically defined to avoid cycle errors. Merged internally with the iam
variable.
map(list(string))
{}
triggers
Cloud Build triggers.
map(object({…}))
{}
name
description
sensitive
id
Fully qualified repository id.
name
Repository name.
url
Repository URL.