73 lines
4.0 KiB
Markdown
73 lines
4.0 KiB
Markdown
# Google Cloud Dataform Repository module
|
|
|
|
This module allows managing a dataform repository, allows adding IAM permissions. Also enables attaching a remote repository.
|
|
|
|
## TODO
|
|
[] Add validation rules to variable.
|
|
|
|
## Examples
|
|
|
|
### Simple dataform repository with access configration
|
|
|
|
Simple dataform repository and specifying repository access via the IAM variable.
|
|
|
|
```hcl
|
|
module "dataform" {
|
|
source = "./fabric/modules/dataform-repository"
|
|
project_id = "my-project"
|
|
name = "my-repository"
|
|
region = "europe-west1"
|
|
iam = {
|
|
"roles/dataform.editor" = ["user:user1@example.org"]
|
|
}
|
|
}
|
|
# tftest modules=1 resources=2
|
|
```
|
|
|
|
### Repository with an attached remote repository
|
|
|
|
This creates a dataform repository with a remote repository attached to it. In order to enable dataform to communicate with a 3P GIT provider, an access token must be generated and stored as a secret on GCP. For that, we utilize the existing [secret-manager module](https://github.com/GoogleCloudPlatform/cloud-foundation-fabric/tree/master/modules/secret-manager).
|
|
|
|
```hcl
|
|
module "secret" {
|
|
source = "./fabric/modules/secret-manager"
|
|
project_id = "fast-bi-fabric"
|
|
secrets = {
|
|
my-secret = {
|
|
}
|
|
}
|
|
versions = {
|
|
my-secret = {
|
|
v1 = { enabled = true, data = "MYTOKEN" }
|
|
}
|
|
}
|
|
}
|
|
|
|
module "dataform" {
|
|
source = "./fabric/modules/dataform-repository"
|
|
project_id = "fast-bi-fabric"
|
|
name = "my-repository"
|
|
region = "europe-west1"
|
|
remote_repository_settings = {
|
|
url = "my-url"
|
|
secret_name = "my-secret"
|
|
token = module.secret.version_ids["my-secret:v1"]
|
|
}
|
|
}
|
|
# tftest modules=2 resources=3
|
|
```
|
|
<!-- BEGIN TFDOC -->
|
|
## Variables
|
|
|
|
| name | description | type | required | default |
|
|
|---|---|:---:|:---:|:---:|
|
|
| [name](variables.tf#L54) | Name of the dataform repository. | <code>string</code> | ✓ | |
|
|
| [project_id](variables.tf#L59) | Id of the project where resources will be created. | <code>string</code> | ✓ | |
|
|
| [region](variables.tf#L64) | The repository's region. | <code>string</code> | ✓ | |
|
|
| [iam](variables.tf#L17) | IAM bindings in {ROLE => [MEMBERS]} format. Mutually exclusive with the access_* variables used for basic roles. | <code>map(list(string))</code> | | <code>{}</code> |
|
|
| [iam_bindings](variables.tf#L24) | Authoritative IAM bindings in {KEY => {role = ROLE, members = [], condition = {}}}. Keys are arbitrary. | <code title="map(object({ members = list(string) role = string condition = optional(object({ expression = string title = string description = optional(string) })) }))">map(object({…}))</code> | | <code>{}</code> |
|
|
| [iam_bindings_additive](variables.tf#L39) | Keyring individual additive IAM bindings. Keys are arbitrary. | <code title="map(object({ member = string role = string condition = optional(object({ expression = string title = string description = optional(string) })) }))">map(object({…}))</code> | | <code>{}</code> |
|
|
| [remote_repository_settings](variables.tf#L69) | Remote settings required to attach the repository to a remote repository. | <code title="object({ url = optional(string) branch = optional(string, "main") secret_name = optional(string) secret_version = optional(string, "v1") token = optional(string) })">object({…})</code> | | <code>null</code> |
|
|
| [service_account](variables.tf#L81) | Service account used to execute the dataform workflow. | <code>string</code> | | <code>""</code> |
|
|
<!-- END TFDOC -->
|