rename iam variables in pubsub module
This commit is contained in:
Ludovico Magnocavallo
parent
ca931181fc
commit
3a4938874b
|
|
@ -63,7 +63,7 @@ module "pubsub" {
|
|||
project_id = module.project.project_id
|
||||
name = var.name
|
||||
subscriptions = { "${var.name}-default" = null }
|
||||
iam_members = {
|
||||
iam = {
|
||||
"roles/pubsub.publisher" = [
|
||||
"serviceAccount:${module.project.service_accounts.robots.cloudasset}"
|
||||
]
|
||||
|
|
|
|||
|
|
@ -12,7 +12,7 @@ module "pubsub" {
|
|||
source = "./modules/pubsub"
|
||||
project_id = "my-project"
|
||||
name = "my-topic"
|
||||
iam_members = {
|
||||
iam = {
|
||||
"roles/pubsub.viewer" = ["group:foo@example.com"]
|
||||
"roles/pubsub.subscriber" = ["user:user1@example.com"]
|
||||
}
|
||||
|
|
@ -76,7 +76,7 @@ module "pubsub" {
|
|||
test-1 = null
|
||||
test-1 = null
|
||||
}
|
||||
subscription_iam_members = {
|
||||
subscription_iam = {
|
||||
test-1 = {
|
||||
"roles/pubsub.subscriber" = ["user:user1@ludomagno.net"]
|
||||
}
|
||||
|
|
@ -93,12 +93,12 @@ module "pubsub" {
|
|||
| project_id | Project used for resources. | <code title="">string</code> | ✓ | |
|
||||
| *dead_letter_configs* | Per-subscription dead letter policy configuration. | <code title="map(object({ topic = string max_delivery_attemps = number }))">map(object({...}))</code> | | <code title="">{}</code> |
|
||||
| *defaults* | Subscription defaults for options. | <code title="object({ ack_deadline_seconds = number message_retention_duration = number retain_acked_messages = bool expiration_policy_ttl = string })">object({...})</code> | | <code title="{ ack_deadline_seconds = null message_retention_duration = null retain_acked_messages = null expiration_policy_ttl = null }">...</code> |
|
||||
| *iam_members* | IAM members for each topic role. | <code title="map(set(string))">map(set(string))</code> | | <code title="">{}</code> |
|
||||
| *iam* | IAM bindings for topic in {ROLE => [MEMBERS]} format. | <code title="map(list(string))">map(list(string))</code> | | <code title="">{}</code> |
|
||||
| *kms_key* | KMS customer managed encryption key. | <code title="">string</code> | | <code title="">null</code> |
|
||||
| *labels* | Labels. | <code title="map(string)">map(string)</code> | | <code title="">{}</code> |
|
||||
| *push_configs* | Push subscription configurations. | <code title="map(object({ attributes = map(string) endpoint = string oidc_token = object({ audience = string service_account_email = string }) }))">map(object({...}))</code> | | <code title="">{}</code> |
|
||||
| *regions* | List of regions used to set persistence policy. | <code title="list(string)">list(string)</code> | | <code title="">[]</code> |
|
||||
| *subscription_iam_members* | IAM members for each subscription and role. | <code title="map(map(set(string)))">map(map(set(string)))</code> | | <code title="">{}</code> |
|
||||
| *subscription_iam* | IAM bindings for subscriptions in {SUBSCRIPTION => {ROLE => [MEMBERS]}} format. | <code title="map(map(list(string)))">map(map(list(string)))</code> | | <code title="">{}</code> |
|
||||
| *subscriptions* | Topic subscriptions. Also define push configs for push subscriptions. If options is set to null subscription defaults will be used. Labels default to topic labels if set to null. | <code title="map(object({ labels = map(string) options = object({ ack_deadline_seconds = number message_retention_duration = number retain_acked_messages = bool expiration_policy_ttl = string }) }))">map(object({...}))</code> | | <code title="">{}</code> |
|
||||
|
||||
## Outputs
|
||||
|
|
|
|||
|
|
@ -16,7 +16,7 @@
|
|||
|
||||
locals {
|
||||
sub_iam_members = flatten([
|
||||
for sub, roles in var.subscription_iam_members : [
|
||||
for sub, roles in var.subscription_iam : [
|
||||
for role, members in roles : {
|
||||
sub = sub
|
||||
role = role
|
||||
|
|
@ -50,7 +50,7 @@ resource "google_pubsub_topic" "default" {
|
|||
}
|
||||
|
||||
resource "google_pubsub_topic_iam_binding" "default" {
|
||||
for_each = var.iam_members
|
||||
for_each = var.iam
|
||||
project = var.project_id
|
||||
topic = google_pubsub_topic.default.name
|
||||
role = each.key
|
||||
|
|
|
|||
|
|
@ -39,9 +39,9 @@ variable "defaults" {
|
|||
}
|
||||
}
|
||||
|
||||
variable "iam_members" {
|
||||
description = "IAM members for each topic role."
|
||||
type = map(set(string))
|
||||
variable "iam" {
|
||||
description = "IAM bindings for topic in {ROLE => [MEMBERS]} format."
|
||||
type = map(list(string))
|
||||
default = {}
|
||||
}
|
||||
|
||||
|
|
@ -101,8 +101,8 @@ variable "subscriptions" {
|
|||
default = {}
|
||||
}
|
||||
|
||||
variable "subscription_iam_members" {
|
||||
description = "IAM members for each subscription and role."
|
||||
type = map(map(set(string)))
|
||||
variable "subscription_iam" {
|
||||
description = "IAM bindings for subscriptions in {SUBSCRIPTION => {ROLE => [MEMBERS]}} format."
|
||||
type = map(map(list(string)))
|
||||
default = {}
|
||||
}
|
||||
|
|
|
|||
|
|
@ -0,0 +1,13 @@
|
|||
# Copyright 2020 Google LLC
|
||||
#
|
||||
# Licensed under the Apache License, Version 2.0 (the "License");
|
||||
# you may not use this file except in compliance with the License.
|
||||
# You may obtain a copy of the License at
|
||||
#
|
||||
# http://www.apache.org/licenses/LICENSE-2.0
|
||||
#
|
||||
# Unless required by applicable law or agreed to in writing, software
|
||||
# distributed under the License is distributed on an "AS IS" BASIS,
|
||||
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
# See the License for the specific language governing permissions and
|
||||
# limitations under the License.
|
||||
|
|
@ -0,0 +1,34 @@
|
|||
/**
|
||||
* Copyright 2020 Google LLC
|
||||
*
|
||||
* Licensed under the Apache License, Version 2.0 (the "License");
|
||||
* you may not use this file except in compliance with the License.
|
||||
* You may obtain a copy of the License at
|
||||
*
|
||||
* http://www.apache.org/licenses/LICENSE-2.0
|
||||
*
|
||||
* Unless required by applicable law or agreed to in writing, software
|
||||
* distributed under the License is distributed on an "AS IS" BASIS,
|
||||
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
* See the License for the specific language governing permissions and
|
||||
* limitations under the License.
|
||||
*/
|
||||
|
||||
module "test" {
|
||||
source = "../../../../modules/pubsub"
|
||||
project_id = "my-project"
|
||||
regions = ["europe-west1"]
|
||||
name = "test"
|
||||
iam = {
|
||||
"roles/pubsub.publisher" = ["user:me@example.com"]
|
||||
}
|
||||
subscriptions = {
|
||||
test = null
|
||||
}
|
||||
subscription_iam = {
|
||||
test = {
|
||||
"roles/pubsub.subscriber" = ["user:me@example.com"]
|
||||
}
|
||||
}
|
||||
labels = var.labels
|
||||
}
|
||||
|
|
@ -0,0 +1,20 @@
|
|||
/**
|
||||
* Copyright 2020 Google LLC
|
||||
*
|
||||
* Licensed under the Apache License, Version 2.0 (the "License");
|
||||
* you may not use this file except in compliance with the License.
|
||||
* You may obtain a copy of the License at
|
||||
*
|
||||
* http://www.apache.org/licenses/LICENSE-2.0
|
||||
*
|
||||
* Unless required by applicable law or agreed to in writing, software
|
||||
* distributed under the License is distributed on an "AS IS" BASIS,
|
||||
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
* See the License for the specific language governing permissions and
|
||||
* limitations under the License.
|
||||
*/
|
||||
|
||||
variable "labels" {
|
||||
type = map(string)
|
||||
default = {}
|
||||
}
|
||||
|
|
@ -0,0 +1,55 @@
|
|||
# Copyright 2020 Google LLC
|
||||
#
|
||||
# Licensed under the Apache License, Version 2.0 (the "License");
|
||||
# you may not use this file except in compliance with the License.
|
||||
# You may obtain a copy of the License at
|
||||
#
|
||||
# http://www.apache.org/licenses/LICENSE-2.0
|
||||
#
|
||||
# Unless required by applicable law or agreed to in writing, software
|
||||
# distributed under the License is distributed on an "AS IS" BASIS,
|
||||
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
# See the License for the specific language governing permissions and
|
||||
# limitations under the License.
|
||||
|
||||
|
||||
import os
|
||||
import pytest
|
||||
|
||||
|
||||
FIXTURES_DIR = os.path.join(os.path.dirname(__file__), 'fixture')
|
||||
|
||||
|
||||
@pytest.fixture
|
||||
def resources(plan_runner):
|
||||
_, resources = plan_runner(FIXTURES_DIR)
|
||||
return resources
|
||||
|
||||
|
||||
def test_resource_count(resources):
|
||||
"Test number of resources created."
|
||||
assert len(resources) == 4
|
||||
|
||||
|
||||
def test_iam(resources):
|
||||
"Test IAM binding resources."
|
||||
bindings = [r['values'] for r in resources if r['type']
|
||||
== 'google_pubsub_topic_iam_binding']
|
||||
assert len(bindings) == 1
|
||||
assert bindings[0]['role'] == 'roles/pubsub.publisher'
|
||||
|
||||
|
||||
def test_subscriptions(resources):
|
||||
"Test subscription resources."
|
||||
subs = [r['values'] for r in resources if r['type']
|
||||
== 'google_pubsub_subscription']
|
||||
assert len(subs) == 1
|
||||
assert set(s['name'] for s in subs) == set(['test'])
|
||||
|
||||
|
||||
def test_subscription_iam(resources):
|
||||
"Test subscription IAM binding resources."
|
||||
bindings = [r['values'] for r in resources if r['type']
|
||||
== 'google_pubsub_subscription_iam_binding']
|
||||
assert len(bindings) == 1
|
||||
assert set(b['role'] for b in bindings) == set(['roles/pubsub.subscriber'])
|
||||
Loading…
Reference in New Issue