diff --git a/Makefile b/Makefile index 975c6b1..bc7200d 100644 --- a/Makefile +++ b/Makefile @@ -18,7 +18,7 @@ # Make will use bash instead of sh SHELL := /usr/bin/env bash -DOCKER_TAG_VERSION_DEVELOPER_TOOLS := 1.5 +DOCKER_TAG_VERSION_DEVELOPER_TOOLS := 1.10 DOCKER_IMAGE_DEVELOPER_TOOLS := cft/developer-tools REGISTRY_URL := gcr.io/cloud-foundation-cicd diff --git a/build/int.cloudbuild.yaml b/build/int.cloudbuild.yaml index 888cada..7e3ae71 100644 --- a/build/int.cloudbuild.yaml +++ b/build/int.cloudbuild.yaml @@ -38,4 +38,4 @@ tags: - 'integration' substitutions: _DOCKER_IMAGE_DEVELOPER_TOOLS: 'cft/developer-tools' - _DOCKER_TAG_VERSION_DEVELOPER_TOOLS: '1.5' + _DOCKER_TAG_VERSION_DEVELOPER_TOOLS: '1.10' diff --git a/build/lint.cloudbuild.yaml b/build/lint.cloudbuild.yaml index abcee8b..fcbcdcd 100644 --- a/build/lint.cloudbuild.yaml +++ b/build/lint.cloudbuild.yaml @@ -21,4 +21,4 @@ tags: - 'lint' substitutions: _DOCKER_IMAGE_DEVELOPER_TOOLS: 'cft/developer-tools' - _DOCKER_TAG_VERSION_DEVELOPER_TOOLS: '1.5' + _DOCKER_TAG_VERSION_DEVELOPER_TOOLS: '1.10' diff --git a/examples/kms/README.md b/examples/kms/README.md index 44fc124..229c537 100644 --- a/examples/kms/README.md +++ b/examples/kms/README.md @@ -7,8 +7,6 @@ This example illustrates how to use the `pubsub` module with a custom `kms` key. | Name | Description | Type | Default | Required | |------|-------------|------|---------|:--------:| -| kms\_key\_name | Name of KMS key to use for pubsub topic | `string` | n/a | yes | -| kms\_keyring\_name | Name of KMS key ring to use for pubsub topic | `string` | n/a | yes | | project\_id | The project ID to manage the Pub/Sub resources | `string` | n/a | yes | | topic\_labels | A map of labels to assign to the Pub/Sub topic | `map(string)` | `{}` | no | | topic\_name | The name for the Pub/Sub topic | `string` | n/a | yes | diff --git a/examples/kms/variables.tf b/examples/kms/variables.tf index 51e3def..4dc599e 100644 --- a/examples/kms/variables.tf +++ b/examples/kms/variables.tf @@ -29,13 +29,3 @@ variable "topic_labels" { description = "A map of labels to assign to the Pub/Sub topic" default = {} } - -variable "kms_key_name" { - type = string - description = "Name of KMS key to use for pubsub topic" -} - -variable "kms_keyring_name" { - type = string - description = "Name of KMS key ring to use for pubsub topic" -} diff --git a/main.tf b/main.tf index 1749087..3223355 100644 --- a/main.tf +++ b/main.tf @@ -132,7 +132,7 @@ resource "google_pubsub_subscription" "push_subscriptions" { for_each = var.create_subscriptions ? { for i in var.push_subscriptions : i.name => i } : {} name = each.value.name - topic = var.create_topic ? google_pubsub_topic.topic.0.name : var.topic + topic = var.create_topic ? google_pubsub_topic.topic[0].name : var.topic project = var.project_id labels = var.subscription_labels ack_deadline_seconds = lookup( @@ -205,7 +205,7 @@ resource "google_pubsub_subscription" "pull_subscriptions" { for_each = var.create_subscriptions ? { for i in var.pull_subscriptions : i.name => i } : {} name = each.value.name - topic = var.create_topic ? google_pubsub_topic.topic.0.name : var.topic + topic = var.create_topic ? google_pubsub_topic.topic[0].name : var.topic project = var.project_id labels = var.subscription_labels enable_exactly_once_delivery = lookup( @@ -271,7 +271,7 @@ resource "google_pubsub_subscription" "bigquery_subscriptions" { for_each = var.create_subscriptions ? { for i in var.bigquery_subscriptions : i.name => i } : {} name = each.value.name - topic = var.create_topic ? google_pubsub_topic.topic.0.name : var.topic + topic = var.create_topic ? google_pubsub_topic.topic[0].name : var.topic project = var.project_id labels = var.subscription_labels ack_deadline_seconds = lookup( diff --git a/metadata.yaml b/metadata.yaml new file mode 100644 index 0000000..e12ecc4 --- /dev/null +++ b/metadata.yaml @@ -0,0 +1,141 @@ +# Copyright 2022 Google LLC +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: blueprints.cloud.google.com/v1alpha1 +kind: BlueprintMetadata +metadata: + name: terraform-google-pubsub + annotations: + config.kubernetes.io/local-config: "true" +spec: + title: terraform-google-pubsub + source: + repo: https://github.com/terraform-google-modules/terraform-google-pubsub + sourceType: git + version: 4.0.1 + actuationTool: + type: Terraform + version: '>= 0.13' + subBlueprints: + - name: cloudiot + location: modules/cloudiot + examples: + - name: bigquery + location: examples/bigquery + - name: cloudiot + location: examples/cloudiot + - name: kms + location: examples/kms + - name: simple + location: examples/simple + - name: subscriptions_only + location: examples/subscriptions_only + variables: + - name: bigquery_subscriptions + description: The list of the bigquery push subscriptions. + type: list(map(string)) + default: [] + required: false + - name: create_subscriptions + description: Specify true if you want to create subscriptions. + type: bool + default: true + required: false + - name: create_topic + description: Specify true if you want to create a topic. + type: bool + default: true + required: false + - name: grant_token_creator + description: Specify true if you want to add token creator role to the default Pub/Sub SA. + type: bool + default: true + required: false + - name: message_storage_policy + description: A map of storage policies. Default - inherit from organization's Resource Location Restriction policy. + type: map(any) + default: {} + required: false + - name: project_id + description: The project ID to manage the Pub/Sub resources. + type: string + required: true + - name: pull_subscriptions + description: The list of the pull subscriptions. + type: list(map(string)) + default: [] + required: false + - name: push_subscriptions + description: The list of the push subscriptions. + type: list(map(string)) + default: [] + required: false + - name: schema + description: Schema for the topic. + type: |- + object({ + name = string + type = string + definition = string + encoding = string + }) + required: false + - name: subscription_labels + description: A map of labels to assign to every Pub/Sub subscription. + type: map(string) + default: {} + required: false + - name: topic + description: The Pub/Sub topic name. + type: string + required: true + - name: topic_kms_key_name + description: The resource name of the Cloud KMS CryptoKey to be used to protect access to messages published on this topic. + type: string + required: false + - name: topic_labels + description: A map of labels to assign to the Pub/Sub topic. + type: map(string) + default: {} + required: false + - name: topic_message_retention_duration + description: The minimum duration in seconds to retain a message after it is published to the topic. + type: string + required: false + outputs: + - name: id + description: The ID of the Pub/Sub topic + - name: subscription_names + description: The name list of Pub/Sub subscriptions + - name: subscription_paths + description: The path list of Pub/Sub subscriptions + - name: topic + description: The name of the Pub/Sub topic + - name: topic_labels + description: Labels assigned to the Pub/Sub topic + - name: uri + description: The URI of the Pub/Sub topic + roles: + - level: Project + roles: + - roles/cloudiot.admin + - roles/pubsub.admin + - roles/resourcemanager.projectIamAdmin + - roles/bigquery.admin + services: + - cloudiot.googleapis.com + - cloudresourcemanager.googleapis.com + - pubsub.googleapis.com + - serviceusage.googleapis.com + - bigquery.googleapis.com diff --git a/modules/cloudiot/metadata.yaml b/modules/cloudiot/metadata.yaml new file mode 100644 index 0000000..376feaf --- /dev/null +++ b/modules/cloudiot/metadata.yaml @@ -0,0 +1,140 @@ +# Copyright 2022 Google LLC +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: blueprints.cloud.google.com/v1alpha1 +kind: BlueprintMetadata +metadata: + name: terraform-google-pubsub + annotations: + config.kubernetes.io/local-config: "true" +spec: + title: terraform-google-pubsub for Cloud IoT + source: + repo: https://github.com/terraform-google-modules/terraform-google-pubsub + sourceType: git + version: 4.0.1 + actuationTool: + type: Terraform + version: '>= 0.13' + examples: + - name: bigquery + location: examples/bigquery + - name: cloudiot + location: examples/cloudiot + - name: kms + location: examples/kms + - name: simple + location: examples/simple + - name: subscriptions_only + location: examples/subscriptions_only + variables: + - name: event_notification_config + description: The event notification configuration for the Cloud IoT registry. This contains `topic`, `topic_labels`, `pull_subscriptions` and `push_subscriptions` and `create_topic`. + type: |- + object({ + topic = string + topic_labels = map(string) + push_subscriptions = list(map(string)) + pull_subscriptions = list(map(string)) + create_topic = bool + }) + default: + create_topic: false + pull_subscriptions: [] + push_subscriptions: [] + topic: "" + topic_labels: {} + required: false + - name: http_enabled_state + description: The field allows HTTP_ENABLED or HTTP_DISABLED + type: string + default: HTTP_DISABLED + required: false + - name: mqtt_enabled_state + description: The field allows MQTT_ENABLED or MQTT_DISABLED + type: string + default: MQTT_ENABLED + required: false + - name: name + description: The Cloud IoT registry name + type: string + required: true + - name: project_id + description: The project ID to manage the Cloud IoT resources + type: string + required: true + - name: public_key_certificates + description: The list for public key certificates + type: list(object({ format = string, certificate = string })) + default: [] + required: false + - name: region + description: The region to host the registry + type: string + required: true + - name: state_notification_config + description: The state notification configuration for the Cloud IoT registry. This contains `topic`, `topic_labels`, `pull_subscriptions` and `push_subscriptions` and `create_topic`. + type: |- + object({ + topic = string + topic_labels = map(string) + push_subscriptions = list(map(string)) + pull_subscriptions = list(map(string)) + create_topic = bool + }) + default: + create_topic: false + pull_subscriptions: [] + push_subscriptions: [] + topic: "" + topic_labels: {} + required: false + outputs: + - name: credentials + description: The credentials for Cloud IoT registry + - name: event_notification_subscription_names + description: The name list of Pub/Sub subscriptions associated with the registry + - name: event_notification_subscription_paths + description: The path list of Pub/Sub subscriptions associated with the registry + - name: event_notification_topic + description: The name of the Pub/Sub topic associated with the registry + - name: event_notification_topic_id + description: The id of the Pub/Sub topic associated with the registry + - name: name + description: The name of the Cloud IoT registry + - name: region + description: The region of the Cloud IoT registry + - name: registry + description: The registry being created by this module + - name: state_notification_subscription_names + description: The name list of Pub/Sub subscriptions associated with the registry + - name: state_notification_subscription_paths + description: The path list of Pub/Sub subscriptions associated with the registry + - name: state_notification_topic + description: The name of the Pub/Sub topic associated with the registry + - name: state_notification_topic_id + description: The id of the Pub/Sub topic associated with the registry + roles: + - level: Project + roles: + - roles/cloudiot.admin + - roles/pubsub.admin + - roles/resourcemanager.projectIamAdmin + - roles/bigquery.admin + services: + - cloudiot.googleapis.com + - cloudresourcemanager.googleapis.com + - pubsub.googleapis.com + - serviceusage.googleapis.com + - bigquery.googleapis.com diff --git a/outputs.tf b/outputs.tf index 3aed968..9ad7fa0 100644 --- a/outputs.tf +++ b/outputs.tf @@ -15,22 +15,22 @@ */ output "topic" { - value = length(google_pubsub_topic.topic) > 0 ? google_pubsub_topic.topic.0.name : "" + value = length(google_pubsub_topic.topic) > 0 ? google_pubsub_topic.topic[0].name : "" description = "The name of the Pub/Sub topic" } output "topic_labels" { - value = length(google_pubsub_topic.topic) > 0 ? google_pubsub_topic.topic.0.labels : {} + value = length(google_pubsub_topic.topic) > 0 ? google_pubsub_topic.topic[0].labels : {} description = "Labels assigned to the Pub/Sub topic" } output "id" { - value = length(google_pubsub_topic.topic) > 0 ? google_pubsub_topic.topic.0.id : "" + value = length(google_pubsub_topic.topic) > 0 ? google_pubsub_topic.topic[0].id : "" description = "The ID of the Pub/Sub topic" } output "uri" { - value = length(google_pubsub_topic.topic) > 0 ? "pubsub.googleapis.com/${google_pubsub_topic.topic.0.id}" : "" + value = length(google_pubsub_topic.topic) > 0 ? "pubsub.googleapis.com/${google_pubsub_topic.topic[0].id}" : "" description = "The URI of the Pub/Sub topic" }