Merge branch 'master' into fast/gke2

modules/net-vpc/subnets.tf

@@ -30,9 +30,9 @@ locals {
       subnet = k
       role   = "roles/compute.networkUser"
       members = concat(
-        formatlist("group:%s", try(v.iam_groups, [])),
-        formatlist("user:%s", try(v.iam_users, [])),
-        formatlist("serviceAccount:%s", try(v.iam_service_accounts, []))
+        formatlist("group:%s", lookup(v, "iam_groups", [])),
+        formatlist("user:%s", lookup(v, "iam_users", [])),
+        formatlist("serviceAccount:%s", lookup(v, "iam_service_accounts", []))
       )
     }
   ]
@@ -73,7 +73,8 @@ locals {
     local._factory_descriptions, var.subnet_descriptions
   )
   subnet_iam_members = concat(
-    local._factory_iam_members, local._subnet_iam_members
+    [for k in local._factory_iam_members : k if length(k.members) > 0],
+    local._subnet_iam_members
   )
   subnet_flow_logs = merge(
     local._factory_flow_logs, local._subnet_flow_logs

modules/pubsub/README.md

@@ -94,17 +94,18 @@ module "pubsub" {
 
 | name | description | type | required | default |
 |---|---|:---:|:---:|:---:|
-| [name](variables.tf#L62) | PubSub topic name. | <code>string</code> | ✓ |  |
-| [project_id](variables.tf#L67) | Project used for resources. | <code>string</code> | ✓ |  |
+| [name](variables.tf#L68) | PubSub topic name. | <code>string</code> | ✓ |  |
+| [project_id](variables.tf#L73) | Project used for resources. | <code>string</code> | ✓ |  |
 | [dead_letter_configs](variables.tf#L17) | Per-subscription dead letter policy configuration. | <code title="map&#40;object&#40;&#123;&#10;  topic                 &#61; string&#10;  max_delivery_attempts &#61; number&#10;&#125;&#41;&#41;">map&#40;object&#40;&#123;&#8230;&#125;&#41;&#41;</code> |  | <code>&#123;&#125;</code> |
 | [defaults](variables.tf#L26) | Subscription defaults for options. | <code title="object&#40;&#123;&#10;  ack_deadline_seconds       &#61; number&#10;  message_retention_duration &#61; string&#10;  retain_acked_messages      &#61; bool&#10;  expiration_policy_ttl      &#61; string&#10;  filter                     &#61; string&#10;&#125;&#41;">object&#40;&#123;&#8230;&#125;&#41;</code> |  | <code title="&#123;&#10;  ack_deadline_seconds       &#61; null&#10;  message_retention_duration &#61; null&#10;  retain_acked_messages      &#61; null&#10;  expiration_policy_ttl      &#61; null&#10;  filter                     &#61; null&#10;&#125;">&#123;&#8230;&#125;</code> |
 | [iam](variables.tf#L44) | IAM bindings for topic in {ROLE => [MEMBERS]} format. | <code>map&#40;list&#40;string&#41;&#41;</code> |  | <code>&#123;&#125;</code> |
 | [kms_key](variables.tf#L50) | KMS customer managed encryption key. | <code>string</code> |  | <code>null</code> |
 | [labels](variables.tf#L56) | Labels. | <code>map&#40;string&#41;</code> |  | <code>&#123;&#125;</code> |
-| [push_configs](variables.tf#L72) | Push subscription configurations. | <code title="map&#40;object&#40;&#123;&#10;  attributes &#61; map&#40;string&#41;&#10;  endpoint   &#61; string&#10;  oidc_token &#61; object&#40;&#123;&#10;    audience              &#61; string&#10;    service_account_email &#61; string&#10;  &#125;&#41;&#10;&#125;&#41;&#41;">map&#40;object&#40;&#123;&#8230;&#125;&#41;&#41;</code> |  | <code>&#123;&#125;</code> |
-| [regions](variables.tf#L85) | List of regions used to set persistence policy. | <code>list&#40;string&#41;</code> |  | <code>&#91;&#93;</code> |
-| [subscription_iam](variables.tf#L91) | IAM bindings for subscriptions in {SUBSCRIPTION => {ROLE => [MEMBERS]}} format. | <code>map&#40;map&#40;list&#40;string&#41;&#41;&#41;</code> |  | <code>&#123;&#125;</code> |
-| [subscriptions](variables.tf#L97) | Topic subscriptions. Also define push configs for push subscriptions. If options is set to null subscription defaults will be used. Labels default to topic labels if set to null. | <code title="map&#40;object&#40;&#123;&#10;  labels &#61; map&#40;string&#41;&#10;  options &#61; object&#40;&#123;&#10;    ack_deadline_seconds       &#61; number&#10;    message_retention_duration &#61; string&#10;    retain_acked_messages      &#61; bool&#10;    expiration_policy_ttl      &#61; string&#10;    filter                     &#61; string&#10;  &#125;&#41;&#10;&#125;&#41;&#41;">map&#40;object&#40;&#123;&#8230;&#125;&#41;&#41;</code> |  | <code>&#123;&#125;</code> |
+| [message_retention_duration](variables.tf#L62) | Minimum duration to retain a message after it is published to the topic. | <code>string</code> |  | <code>null</code> |
+| [push_configs](variables.tf#L78) | Push subscription configurations. | <code title="map&#40;object&#40;&#123;&#10;  attributes &#61; map&#40;string&#41;&#10;  endpoint   &#61; string&#10;  oidc_token &#61; object&#40;&#123;&#10;    audience              &#61; string&#10;    service_account_email &#61; string&#10;  &#125;&#41;&#10;&#125;&#41;&#41;">map&#40;object&#40;&#123;&#8230;&#125;&#41;&#41;</code> |  | <code>&#123;&#125;</code> |
+| [regions](variables.tf#L91) | List of regions used to set persistence policy. | <code>list&#40;string&#41;</code> |  | <code>&#91;&#93;</code> |
+| [subscription_iam](variables.tf#L97) | IAM bindings for subscriptions in {SUBSCRIPTION => {ROLE => [MEMBERS]}} format. | <code>map&#40;map&#40;list&#40;string&#41;&#41;&#41;</code> |  | <code>&#123;&#125;</code> |
+| [subscriptions](variables.tf#L103) | Topic subscriptions. Also define push configs for push subscriptions. If options is set to null subscription defaults will be used. Labels default to topic labels if set to null. | <code title="map&#40;object&#40;&#123;&#10;  labels &#61; map&#40;string&#41;&#10;  options &#61; object&#40;&#123;&#10;    ack_deadline_seconds       &#61; number&#10;    message_retention_duration &#61; string&#10;    retain_acked_messages      &#61; bool&#10;    expiration_policy_ttl      &#61; string&#10;    filter                     &#61; string&#10;  &#125;&#41;&#10;&#125;&#41;&#41;">map&#40;object&#40;&#123;&#8230;&#125;&#41;&#41;</code> |  | <code>&#123;&#125;</code> |
 
 ## Outputs
 

modules/pubsub/main.tf

@@ -36,10 +36,11 @@ locals {
 }
 
 resource "google_pubsub_topic" "default" {
-  project      = var.project_id
-  name         = var.name
-  kms_key_name = var.kms_key
-  labels       = var.labels
+  project                    = var.project_id
+  name                       = var.name
+  kms_key_name               = var.kms_key
+  labels                     = var.labels
+  message_retention_duration = var.message_retention_duration
 
   dynamic "message_storage_policy" {
     for_each = length(var.regions) > 0 ? [var.regions] : []

modules/pubsub/variables.tf

@@ -59,6 +59,12 @@ variable "labels" {
   default     = {}
 }
 
+variable "message_retention_duration" {
+  description = "Minimum duration to retain a message after it is published to the topic."
+  type        = string
+  default     = null
+}
+
 variable "name" {
   description = "PubSub topic name."
   type        = string

tests/modules/net_vpc/test_plan_subnets.py

@@ -20,8 +20,7 @@ _VAR_SUBNETS = (
     '   secondary_ip_range=null},'
     '{name = "c", region = "europe-west1", ip_cidr_range = "10.0.2.0/24",'
     '   secondary_ip_range={a="192.168.0.0/24", b="192.168.1.0/24"}},'
-    ']'
-)
+    ']')
 
 _VAR_DATA_FOLDER = "data"
 
@@ -29,9 +28,10 @@ _VAR_DATA_FOLDER = "data"
 def test_subnet_factory(plan_runner):
   "Test subnet factory."
   _, resources = plan_runner(data_folder=_VAR_DATA_FOLDER)
-  assert len(resources) == 5
-  subnets = [r['values']
-             for r in resources if r['type'] == 'google_compute_subnetwork']
+  assert len(resources) == 3
+  subnets = [
+      r['values'] for r in resources if r['type'] == 'google_compute_subnetwork'
+  ]
   assert {s['name'] for s in subnets} == {'factory-subnet', 'factory-subnet2'}
   assert {len(s['secondary_ip_range']) for s in subnets} == {0, 1}
 
@@ -40,8 +40,9 @@ def test_subnets_simple(plan_runner):
   "Test subnets variable."
   _, resources = plan_runner(subnets=_VAR_SUBNETS)
   assert len(resources) == 4
-  subnets = [r['values']
-             for r in resources if r['type'] == 'google_compute_subnetwork']
+  subnets = [
+      r['values'] for r in resources if r['type'] == 'google_compute_subnetwork'
+  ]
   assert {s['name'] for s in subnets} == {'a', 'b', 'c'}
   assert {len(s['secondary_ip_range']) for s in subnets} == {0, 0, 2}
 
@@ -51,11 +52,9 @@ def test_subnet_log_configs(plan_runner):
   log_config = '{"europe-west1/a" = { flow_sampling = 0.1 }}'
   log_config_defaults = (
       '{aggregation_interval = "INTERVAL_10_MIN", flow_sampling = 0.5, '
-      'metadata = "INCLUDE_ALL_METADATA"}'
-  )
+      'metadata = "INCLUDE_ALL_METADATA"}')
   subnet_flow_logs = '{"europe-west1/a"=true, "europe-west1/b"=true}'
-  _, resources = plan_runner(subnets=_VAR_SUBNETS,
-                             log_configs=log_config,
+  _, resources = plan_runner(subnets=_VAR_SUBNETS, log_configs=log_config,
                              log_config_defaults=log_config_defaults,
                              subnet_flow_logs=subnet_flow_logs)
   assert len(resources) == 4
@@ -63,9 +62,10 @@ def test_subnet_log_configs(plan_runner):
   for r in resources:
     if r['type'] != 'google_compute_subnetwork':
       continue
-    flow_logs[r['values']['name']] = [{key: config[key] for key in config.keys()
-                                       & {'aggregation_interval', 'flow_sampling', 'metadata'}}
-                                      for config in r['values']['log_config']]
+    flow_logs[r['values']['name']] = [{
+        key: config[key] for key in config.keys() &
+        {'aggregation_interval', 'flow_sampling', 'metadata'}
+    } for config in r['values']['log_config']]
   assert flow_logs == {
       # enable, override one default option
       'a': [{