Terraform-provider-aws: aws_codebuild_project: support github token

This affects GitHub Enterprise support as well, not just github.com.

A recommended workflow would be to store the personal access token material in a Parameter Store parameter, which is protected by KMS and accessible via the aws_ssm_parameter in Terraform.

A temporary workaround might be to add a local-exec provisioner with when = "create" that runs the aws codebuild import-source-credentials command.

Refs:
https://docs.aws.amazon.com/codebuild/latest/userguide/sample-access-tokens.html

This could potentially be implemented as a separate aws_codebuild_auth_token resource and data source pair, since it looks like the CLI essentially supports CRUD.

Not to take away from the primary objective of this request, which is to have the additional value of PERSONAL_ACCESS_TOKEN supported for the aws_codebuild_project resource. Currently the documentation states:

The only valid value is OAUTH

Refs:
https://docs.aws.amazon.com/codebuild/latest/userguide/sample-access-tokens.html#sample-access-tokens-cli
https://www.terraform.io/docs/providers/aws/r/codebuild_project.html#type-5

This feature would really help!

another vote for terraform codebuild github token use (@erikpaasonen 's suggestion of additionally plugging in parameter store would be great as well)

A new aws_codebuild_source_credential resource has been merged, which can be used to manage these credentials within CodeBuild. It will release with version 2.22.0 of the Terraform AWS Provider, tomorrow. 👍 Thanks to @kterada0509 for the implementation.

This has been released in version 2.22.0 of the Terraform AWS provider. Please see the Terraform documentation on provider versioning or reach out if you need any assistance upgrading.

For further feature requests or bug reports with this functionality, please create a new GitHub issue following the template for triage. Thanks!

@bflad Any guidance how does it work? If connected with a token, webhook resource is not created:

Error: error creating CodeBuild Webhook:
OAuthProviderException: Unable to create webhook at this time. Please try again later.

i would like to see a working example with a terraform aws_codebuild_project resource. The current documentation for aws_codebuild_project states:

auth supports the following:

type - (Required) The authorization type to use. The only valid value is OAUTH
resource - (Optional) The resource value that applies to the specified authorization type.

@rishia555 and others coming here wondering: I managed to get it working with the following config:

resource "aws_codebuild_source_credential" "_" {
  auth_type   = "PERSONAL_ACCESS_TOKEN"
  server_type = "GITHUB"
  token       = var.github_oauth_token
}


resource "aws_codebuild_project" "_" {
  # lots of required properties redacted for brevity
  source {
    type            = "GITHUB"
    auth {
      type     = "OAUTH"
      resource = aws_codebuild_source_credential._.arn
    }
  }
}

I'm going to lock this issue because it has been closed for _30 days_ ⏳. This helps our maintainers find and focus on the active issues.

If you feel this issue should be reopened, we encourage creating a new issue linking back to this one for added context. Thanks!