Allow manual triggers without source configuration

[hisomura]

Description

This PR removes the AtLeastOneOf validation from source configuration fields in google_cloudbuild_trigger, allowing manual triggers to be created without any source configuration (such as trigger_template, github, pubsub_config, webhook_config, or source_to_build).

Background

The GCP Console and gcloud builds triggers create manual command support creating triggers without source configuration, but Terraform's validation was blocking this use case. These manual triggers can only be invoked via the Cloud Build API or GCP Console.

Changes

• Remove at_least_one_of validation from source-related fields in Trigger.yaml
• Remove AtLeastOneOf from state migration schema in cloud_build_trigger.go.tmpl
• Add acceptance test TestAccCloudBuildTrigger_manualTriggerNoSource

Related Issues

Fixes hashicorp/terraform-provider-google#16295

References

• Original PR (closed, redirected to magic-modules): fix issue #16295: allow manual triggers without source configuration hashicorp/terraform-provider-google#25828

[github-actions]

Hello! I am a robot. Tests will require approval from a repository maintainer to run.

Googlers: For automatic test runs see go/terraform-auto-test-runs.

@BBBmau, a repository maintainer, has been assigned to review your changes. If you have not received review feedback within 2 business days, please leave a comment on this PR asking them to take a look.

You can help make sure that review is quick by doing a self-review and by running impacted tests locally.

[modular-magician]

Hi there, I'm the Modular magician. I've detected the following information about your changes:

Diff report

Your PR generated some diffs in downstreams - here they are.

google provider: Diff ( 3 files changed, 87 insertions(+), 53 deletions(-))
google-beta provider: Diff ( 3 files changed, 87 insertions(+), 53 deletions(-))

[modular-magician]

Tests analytics

Total tests: 33
Passed tests: 30
Skipped tests: 2
Affected tests: 1

Click here to see the affected service packages

• cloudbuild

Action taken

Found 1 affected test(s) by replaying old test recordings. Starting RECORDING based on the most recent commit. Click here to see the affected tests

• TestAccCloudBuildTrigger_manualTriggerNoSource

Get to know how VCR tests work

[modular-magician]

🟢 Tests passed during RECORDING mode:
TestAccCloudBuildTrigger_manualTriggerNoSource [Debug log]

🟢 No issues found for passed tests after REPLAYING rerun.

---

🟢 All tests passed!

View the build log or the debug log for each test

[BBBmau]

After reviewing the original issue. (as well as coming across this comment) it would be best to include approval_config as part of the at_least_one_of in order to require it be explicit when wanting to create a manual trigger.

[hisomura]

Thank you for the suggestion. However, approval_config is a completely unrelated concept to manual triggers.

approval_config controls whether an additional approval step is required — when enabled, a user with the roles/cloudbuild.builds.approver role must approve the build before it starts. This applies independently of how the trigger is configured and has nothing to do with whether
a source is specified.

For example, with a manual trigger where approval_config.approval_required = true, after clicking the manual run button, a user must then click the approve button before the build actually executes. In contrast, with approval_config.approval_required = false, clicking the manual
run button immediately starts the build. As you can see, these two concepts are independent of each other.

Manual triggers are typically expected to have source_to_build configured, but they can also work without it. The intent of this change is to allow manual triggers to be executed without setting source_to_build, which the Cloud Build API already supports.