From 2c08e3c28009860b49e893f48b67b29619c8c3f8 Mon Sep 17 00:00:00 2001
From: Lingkai Shen <lingkai@google.com>
Date: Thu, 19 Dec 2024 13:40:41 -0500
Subject: [PATCH] Allow brand new setup for google_developer_connect_connection
 (#12493)

---
 .../products/developerconnect/Connection.yaml | 21 ++++++++++---
 ...t_connection_existing_credentials.tf.tmpl} |  7 ++++-
 ..._connection_existing_installation.tf.tmpl} |  8 ++++-
 .../developer_connect_connection_new.tf.tmpl  | 31 +++++++++++++++++++
 4 files changed, 61 insertions(+), 6 deletions(-)
 rename mmv1/templates/terraform/examples/{developer_connect_connection_basic.tf.tmpl => developer_connect_connection_existing_credentials.tf.tmpl} (52%)
 rename mmv1/templates/terraform/examples/{developer_connect_connection_github_doc.tf.tmpl => developer_connect_connection_existing_installation.tf.tmpl} (85%)
 create mode 100644 mmv1/templates/terraform/examples/developer_connect_connection_new.tf.tmpl

diff --git a/mmv1/products/developerconnect/Connection.yaml b/mmv1/products/developerconnect/Connection.yaml
index 7fd9d60c8f18..32cc8383038b 100644
--- a/mmv1/products/developerconnect/Connection.yaml
+++ b/mmv1/products/developerconnect/Connection.yaml
@@ -39,13 +39,24 @@ async:
     resource_inside_response: true
 custom_code:
 examples:
-  - name: 'developer_connect_connection_basic'
+  - name: 'developer_connect_connection_new'
     primary_resource_id: 'my-connection'
-    primary_resource_name: 'fmt.Sprintf("tf-test-connection%s", context["random_suffix"])'
+    primary_resource_name: 'fmt.Sprintf("tf-test-connection-new%s", context["random_suffix"])'
     min_version: 'beta'
     vars:
-      connection_name: 'tf-test-connection'
-  - name: 'developer_connect_connection_github_doc'
+      connection_name: 'tf-test-connection-new'
+    test_env_vars:
+      project: 'PROJECT_NAME'
+  - name: 'developer_connect_connection_existing_credentials'
+    primary_resource_id: 'my-connection'
+    primary_resource_name: 'fmt.Sprintf("tf-test-connection-cred%s", context["random_suffix"])'
+    min_version: 'beta'
+    vars:
+      connection_name: 'tf-test-connection-cred'
+      secret_name: "projects/your-project/secrets/your-secret-id/versions/latest"
+    test_vars_overrides:
+      secret_name: '"projects/devconnect-terraform-creds/secrets/tf-test-do-not-change-github-oauthtoken-e0b9e7/versions/1"'
+  - name: 'developer_connect_connection_existing_installation'
     min_version: 'beta'
     exclude_test: true
 parameters:
@@ -93,6 +104,7 @@ properties:
           Represents an OAuth token of the account that authorized the Connection,and
           associated metadata.
         min_version: 'beta'
+        default_from_api: true
         properties:
           - name: 'oauthTokenSecretVersion'
             type: String
@@ -113,6 +125,7 @@ properties:
         description: |
           Optional. GitHub App installation id.
         min_version: 'beta'
+        default_from_api: true
       - name: 'installationUri'
         type: String
         description: |
diff --git a/mmv1/templates/terraform/examples/developer_connect_connection_basic.tf.tmpl b/mmv1/templates/terraform/examples/developer_connect_connection_existing_credentials.tf.tmpl
similarity index 52%
rename from mmv1/templates/terraform/examples/developer_connect_connection_basic.tf.tmpl
rename to mmv1/templates/terraform/examples/developer_connect_connection_existing_credentials.tf.tmpl
index 693baf83874b..90886cce18ef 100644
--- a/mmv1/templates/terraform/examples/developer_connect_connection_basic.tf.tmpl
+++ b/mmv1/templates/terraform/examples/developer_connect_connection_existing_credentials.tf.tmpl
@@ -7,7 +7,12 @@ resource "google_developer_connect_connection" "{{$.PrimaryResourceId}}" {
     github_app = "DEVELOPER_CONNECT"
 
     authorizer_credential {
-      oauth_token_secret_version = "projects/devconnect-terraform-creds/secrets/tf-test-do-not-change-github-oauthtoken-e0b9e7/versions/1"
+      oauth_token_secret_version = "{{index $.Vars "secret_name"}}"
     }
   }
 }
+
+output "next_steps" {
+  description = "Follow the action_uri if present to continue setup"
+  value = google_developer_connect_connection.{{$.PrimaryResourceId}}.installation_state
+}
\ No newline at end of file
diff --git a/mmv1/templates/terraform/examples/developer_connect_connection_github_doc.tf.tmpl b/mmv1/templates/terraform/examples/developer_connect_connection_existing_installation.tf.tmpl
similarity index 85%
rename from mmv1/templates/terraform/examples/developer_connect_connection_github_doc.tf.tmpl
rename to mmv1/templates/terraform/examples/developer_connect_connection_existing_installation.tf.tmpl
index 07933b8641b4..de83625203c3 100644
--- a/mmv1/templates/terraform/examples/developer_connect_connection_github_doc.tf.tmpl
+++ b/mmv1/templates/terraform/examples/developer_connect_connection_existing_installation.tf.tmpl
@@ -15,11 +15,17 @@ resource "google_secret_manager_secret_version" "github-token-secret-version" {
   secret_data = file("my-github-token.txt")
 }
 
+resource "google_project_service_identity" "devconnect-p4sa" {
+  provider = google-beta
+
+  service = "developerconnect.googleapis.com"
+}
+
 data "google_iam_policy" "p4sa-secretAccessor" {
   binding {
     role = "roles/secretmanager.secretAccessor"
     // Here, 123456789 is the Google Cloud project number for the project that contains the connection.
-    members = ["serviceAccount:service-123456789@gcp-sa-devconnect.iam.gserviceaccount.com"]
+    members = [google_project_service_identity.devconnect-p4sa.member]
   }
 }
 
diff --git a/mmv1/templates/terraform/examples/developer_connect_connection_new.tf.tmpl b/mmv1/templates/terraform/examples/developer_connect_connection_new.tf.tmpl
new file mode 100644
index 000000000000..9c6dede4321f
--- /dev/null
+++ b/mmv1/templates/terraform/examples/developer_connect_connection_new.tf.tmpl
@@ -0,0 +1,31 @@
+resource "google_developer_connect_connection" "{{$.PrimaryResourceId}}" {
+  provider = google-beta
+  location = "us-central1"
+  connection_id = "{{index $.Vars "connection_name"}}"
+
+  github_config {
+    github_app = "FIREBASE"
+  }
+
+  depends_on = [google_project_iam_member.devconnect-secret]
+}
+
+output "next_steps" {
+  description = "Follow the action_uri if present to continue setup"
+  value = google_developer_connect_connection.{{$.PrimaryResourceId}}.installation_state
+}
+
+# Setup permissions. Only needed once per project
+resource "google_project_service_identity" "devconnect-p4sa" {
+  provider = google-beta
+
+  service = "developerconnect.googleapis.com"
+}
+
+resource "google_project_iam_member" "devconnect-secret" {
+  provider = google-beta
+
+  project  = "{{index $.TestEnvVars "project"}}"
+  role     = "roles/secretmanager.admin"
+  member   = google_project_service_identity.devconnect-p4sa.member
+}
\ No newline at end of file