diff --git a/5-app-infra/source_repos/service-catalog/modules/bigquery/README.md b/5-app-infra/source_repos/service-catalog/modules/bigquery/README.md index 8e898e26..38b68a6d 100644 --- a/5-app-infra/source_repos/service-catalog/modules/bigquery/README.md +++ b/5-app-infra/source_repos/service-catalog/modules/bigquery/README.md @@ -64,9 +64,10 @@ No outputs. | default\_partition\_expiration\_ms | The default partition expiration for all partitioned tables in the dataset, in milliseconds. Once this property is set, all newly-created partitioned tables in the dataset will have an expirationMs property in the timePartitioning settings set to this value, and changing the value will only affect new tables, not existing ones. The storage in a partition will have an expiration time of its partition time plus this value. | `number` | `null` | no | | default\_table\_expiration\_ms | The default lifetime of all tables in the dataset, in milliseconds. The minimum value is 3600000 milliseconds (one hour). Once this property is set, all newly-created tables in the dataset will have an expirationTime property set to the creation time plus the value in this property, and changing the value will only affect new tables, not existing ones. When the expirationTime for a given table is reached, that table will be deleted automatically. If a table's expirationTime is modified or removed before the table expires, or if you provide an explicit expirationTime when creating a table, that value takes precedence over the default expiration time indicated by this property. | `number` | `null` | no | | delete\_contents\_on\_destroy | If true, delete all the tables in the dataset when destroying the dataset; otherwise, destroying the dataset does not affect the tables in the dataset. If you try to delete a dataset that contains tables, and you set delete\_contents\_on\_destroy to false when you created the dataset, the request will fail. Always use this flag with caution. A missing value is treated as false. | `bool` | `false` | no | -| description | A user-friendly description of the dataset | `string` | `""` | no | -| friendly\_name | A descriptive name for the dataset | `string` | `""` | no | -| project\_id | Optional Project ID. | `string` | `null` | no | +| description | A user-friendly description of the dataset. | `string` | `""` | no | +| friendly\_name | A descriptive name for the dataset. | `string` | `""` | no | +| kms\_keyring | The KMS keyring that will be used when selecting the KMS key, preferably this should be on the same region as the other resources and the same environment.
This value can be obtained by running "gcloud kms keyrings list --project=KMS\_PROJECT\_ID --location=REGION." | `string` | n/a | yes | +| project\_id | Project ID. | `string` | n/a | yes | | region | The resource region, one of [us-central1, us-east4]. | `string` | `"us-central1"` | no | ## Outputs diff --git a/5-app-infra/source_repos/service-catalog/modules/bigquery/data.tf b/5-app-infra/source_repos/service-catalog/modules/bigquery/data.tf index 035a39b9..b45bc6cd 100644 --- a/5-app-infra/source_repos/service-catalog/modules/bigquery/data.tf +++ b/5-app-infra/source_repos/service-catalog/modules/bigquery/data.tf @@ -18,17 +18,7 @@ data "google_project" "project" { project_id = var.project_id } -data "google_projects" "kms" { - filter = "labels.application_name:env-kms labels.environment:${data.google_project.project.labels.environment} lifecycleState:ACTIVE" -} - -data "google_kms_key_ring" "kms" { - name = local.keyring_name - location = var.region - project = data.google_projects.kms.projects.0.project_id -} - data "google_kms_crypto_key" "key" { name = data.google_project.project.name - key_ring = data.google_kms_key_ring.kms.id + key_ring = var.kms_keyring } diff --git a/5-app-infra/source_repos/service-catalog/modules/bigquery/locals.tf b/5-app-infra/source_repos/service-catalog/modules/bigquery/locals.tf index 543a3276..af32650b 100644 --- a/5-app-infra/source_repos/service-catalog/modules/bigquery/locals.tf +++ b/5-app-infra/source_repos/service-catalog/modules/bigquery/locals.tf @@ -17,5 +17,4 @@ locals { project_hash = substr(sha256(data.google_project.project.project_id), 0, 6) name_var = "bq-${var.dataset_id}-${data.google_project.project.labels.env_code}-${local.project_hash}" - keyring_name = "sample-keyring" } diff --git a/5-app-infra/source_repos/service-catalog/modules/bigquery/variables.tf b/5-app-infra/source_repos/service-catalog/modules/bigquery/variables.tf index ba671067..699817d4 100644 --- a/5-app-infra/source_repos/service-catalog/modules/bigquery/variables.tf +++ b/5-app-infra/source_repos/service-catalog/modules/bigquery/variables.tf @@ -16,13 +16,12 @@ variable "project_id" { type = string - description = "Optional Project ID." - default = null + description = "Project ID." } variable "dataset_id" { - description = "A unique ID for this dataset, without the project name. The ID must contain only letters (a-z, A-Z), numbers (0-9), or underscores (_). The maximum length is 1,024 characters." type = string + description = "A unique ID for this dataset, without the project name. The ID must contain only letters (a-z, A-Z), numbers (0-9), or underscores (_). The maximum length is 1,024 characters." } variable "region" { @@ -36,31 +35,39 @@ variable "region" { } variable "friendly_name" { - description = "A descriptive name for the dataset" type = string + description = "A descriptive name for the dataset." default = "" } variable "description" { - description = "A user-friendly description of the dataset" type = string + description = "A user-friendly description of the dataset." default = "" } variable "default_partition_expiration_ms" { - description = "The default partition expiration for all partitioned tables in the dataset, in milliseconds. Once this property is set, all newly-created partitioned tables in the dataset will have an expirationMs property in the timePartitioning settings set to this value, and changing the value will only affect new tables, not existing ones. The storage in a partition will have an expiration time of its partition time plus this value." type = number + description = "The default partition expiration for all partitioned tables in the dataset, in milliseconds. Once this property is set, all newly-created partitioned tables in the dataset will have an expirationMs property in the timePartitioning settings set to this value, and changing the value will only affect new tables, not existing ones. The storage in a partition will have an expiration time of its partition time plus this value." default = null } variable "default_table_expiration_ms" { - description = "The default lifetime of all tables in the dataset, in milliseconds. The minimum value is 3600000 milliseconds (one hour). Once this property is set, all newly-created tables in the dataset will have an expirationTime property set to the creation time plus the value in this property, and changing the value will only affect new tables, not existing ones. When the expirationTime for a given table is reached, that table will be deleted automatically. If a table's expirationTime is modified or removed before the table expires, or if you provide an explicit expirationTime when creating a table, that value takes precedence over the default expiration time indicated by this property." type = number + description = "The default lifetime of all tables in the dataset, in milliseconds. The minimum value is 3600000 milliseconds (one hour). Once this property is set, all newly-created tables in the dataset will have an expirationTime property set to the creation time plus the value in this property, and changing the value will only affect new tables, not existing ones. When the expirationTime for a given table is reached, that table will be deleted automatically. If a table's expirationTime is modified or removed before the table expires, or if you provide an explicit expirationTime when creating a table, that value takes precedence over the default expiration time indicated by this property." default = null } variable "delete_contents_on_destroy" { - description = "If true, delete all the tables in the dataset when destroying the dataset; otherwise, destroying the dataset does not affect the tables in the dataset. If you try to delete a dataset that contains tables, and you set delete_contents_on_destroy to false when you created the dataset, the request will fail. Always use this flag with caution. A missing value is treated as false." type = bool + description = "If true, delete all the tables in the dataset when destroying the dataset; otherwise, destroying the dataset does not affect the tables in the dataset. If you try to delete a dataset that contains tables, and you set delete_contents_on_destroy to false when you created the dataset, the request will fail. Always use this flag with caution. A missing value is treated as false." default = false } + +variable "kms_keyring" { + type = string + description = <