This module makes it easy to create Google Cloud Pub/Sub topic and subscriptions associated with the topic.
This is a simple usage of the module. Please see also a simple setup provided in the example directory.
resource "google_project_service" "pubsub" {
project = var.base_project_id
service = "pubsub.googleapis.com"
}
module "pubsub" {
source = "app.terraform.io/Seagen/pubsub/google"
version = "3.2.0-sg.101"
topic = "tf-topic"
project_id = local.project_id
schema = {
name = "pubsub-payload"
type = "PROTOCOL_BUFFER"
definition = file("pubsub.proto")
encoding = "BINARY"
}
push_subscriptions = [
{
name = "push" // required
ack_deadline_seconds = 20 // optional
push_endpoint = "https://example.com" // required
x-goog-version = "v1beta1" // optional
oidc_service_account_email = "sa@example.com" // optional
audience = "example" // optional
expiration_policy = "1209600s" // optional
dead_letter_topic = "projects/my-pubsub-project/topics/example-dl-topic" // optional
max_delivery_attempts = 5 // optional
maximum_backoff = "600s" // optional
minimum_backoff = "300s" // optional
filter = "attributes.domain = \"com\"" // optional
enable_message_ordering = true // optional
}
]
pull_subscriptions = [
{
name = "pull" // required
ack_deadline_seconds = 20 // optional
dead_letter_topic = "projects/my-pubsub-project/topics/example-dl-topic" // optional
max_delivery_attempts = 5 // optional
maximum_backoff = "600s" // optional
minimum_backoff = "300s" // optional
filter = "attributes.domain = \"com\"" // optional
enable_message_ordering = true // optional
service_account = "service2@project2.iam.gserviceaccount.com" // optional
}
]
}| Name | Description | Type | Default | Required |
|---|---|---|---|---|
| create_subscriptions | Specify true if you want to create subscriptions | bool |
true |
no |
| create_topic | Specify true if you want to create a topic | bool |
true |
no |
| grant_token_creator | Specify true if you want to add token creator role to the default Pub/Sub SA | bool |
true |
no |
| message_storage_policy | A map of storage policies. Default - inherit from organization's Resource Location Restriction policy. | map(any) |
{} |
no |
| project_id | The project ID to manage the Pub/Sub resources | string |
n/a | yes |
| pull_subscriptions | The list of the pull subscriptions | list(map(string)) |
[] |
no |
| push_subscriptions | The list of the push subscriptions | list(map(string)) |
[] |
no |
| schema | Schema for the topic | object({ |
null |
no |
| subscription_labels | A map of labels to assign to every Pub/Sub subscription | map(string) |
{} |
no |
| topic | The Pub/Sub topic name | string |
n/a | yes |
| topic_kms_key_name | The resource name of the Cloud KMS CryptoKey to be used to protect access to messages published on this topic. | string |
null |
no |
| topic_labels | A map of labels to assign to the Pub/Sub topic | map(string) |
{} |
no |
| Name | Description |
|---|---|
| id | The ID of the Pub/Sub topic |
| subscription_names | The name list of Pub/Sub subscriptions |
| subscription_paths | The path list of Pub/Sub subscriptions |
| topic | The name of the Pub/Sub topic |
| topic_labels | Labels assigned to the Pub/Sub topic |
| uri | The URI of the Pub/Sub topic |
- Terraform >= 0.13.0
- terraform-provider-google plugin >= v2.13
In order to execute this module you must have a Service Account with the following:
roles/pubsub.admin
In order to operate with the Service Account you must activate the following APIs on the project where the Service Account was created:
- Cloud Pub/Sub API
You can pass the service account credentials into this module by setting the following environment variables:
GOOGLE_CREDENTIALSGOOGLE_CLOUD_KEYFILE_JSONGCLOUD_KEYFILE_JSON
See more details.