Skip to content

Latest commit

 

History

History
306 lines (232 loc) · 11 KB

pubsub_topic.html.markdown

File metadata and controls

306 lines (232 loc) · 11 KB
Raw
subcategory description
Cloud Pub/Sub
A named resource to which messages are sent by publishers.

google_pubsub_topic

A named resource to which messages are sent by publishers.

To get more information about Topic, see:

~> Note: You can retrieve the email of the Google Managed Pub/Sub Service Account used for forwarding by using the google_project_service_identity resource.

## Example Usage - Pubsub Topic Basic 
resource "google_pubsub_topic" "example" {
  name = "example-topic"

  labels = {
    foo = "bar"
  }

  message_retention_duration = "86600s"
}

Example Usage - Pubsub Topic Cmek

resource "google_pubsub_topic" "example" {
  name         = "example-topic"
  kms_key_name = google_kms_crypto_key.crypto_key.id
}

resource "google_kms_crypto_key" "crypto_key" {
  name     = "example-key"
  key_ring = google_kms_key_ring.key_ring.id
}

resource "google_kms_key_ring" "key_ring" {
  name     = "example-keyring"
  location = "global"
}
## Example Usage - Pubsub Topic Geo Restricted 
resource "google_pubsub_topic" "example" {
  name = "example-topic"

  message_storage_policy {
    allowed_persistence_regions = [
      "europe-west3",
    ]
  }
}

Example Usage - Pubsub Topic Schema Settings

resource "google_pubsub_schema" "example" {
  name = "example"
  type = "AVRO"
  definition = "{\n  \"type\" : \"record\",\n  \"name\" : \"Avro\",\n  \"fields\" : [\n    {\n      \"name\" : \"StringField\",\n      \"type\" : \"string\"\n    },\n    {\n      \"name\" : \"IntField\",\n      \"type\" : \"int\"\n    }\n  ]\n}\n"
}

resource "google_pubsub_topic" "example" {
  name = "example-topic"

  depends_on = [google_pubsub_schema.example]
  schema_settings {
    schema = "projects/my-project-name/schemas/example"
    encoding = "JSON"
  }
}
## Example Usage - Pubsub Topic Ingestion Kinesis 
resource "google_pubsub_topic" "example" {
  name = "example-topic"

  # Outside of automated terraform-provider-google CI tests, these values must be of actual AWS resources for the test to pass.
  ingestion_data_source_settings {
    aws_kinesis {
        stream_arn = "arn:aws:kinesis:us-west-2:111111111111:stream/fake-stream-name"
        consumer_arn = "arn:aws:kinesis:us-west-2:111111111111:stream/fake-stream-name/consumer/consumer-1:1111111111"
        aws_role_arn = "arn:aws:iam::111111111111:role/fake-role-name"
        gcp_service_account = "fake-service-account@fake-gcp-project.iam.gserviceaccount.com"
    }
  }
}

Argument Reference

The following arguments are supported:

  • name - (Required) Name of the topic.

  • kms_key_name - (Optional) The resource name of the Cloud KMS CryptoKey to be used to protect access to messages published on this topic. Your project's PubSub service account (service-{{PROJECT_NUMBER}}@gcp-sa-pubsub.iam.gserviceaccount.com) must have roles/cloudkms.cryptoKeyEncrypterDecrypter to use this feature. The expected format is projects/*/locations/*/keyRings/*/cryptoKeys/*

  • labels - (Optional) A set of key/value label pairs to assign to this Topic.

    Note: This field is non-authoritative, and will only manage the labels present in your configuration. Please refer to the field effective_labels for all of the labels present on the resource.

  • message_storage_policy - (Optional) Policy constraining the set of Google Cloud Platform regions where messages published to the topic may be stored. If not present, then no constraints are in effect. Structure is documented below.

  • schema_settings - (Optional) Settings for validating messages published against a schema. Structure is documented below.

  • message_retention_duration - (Optional) Indicates the minimum duration to retain a message after it is published to the topic. If this field is set, messages published to the topic in the last messageRetentionDuration are always available to subscribers. For instance, it allows any attached subscription to seek to a timestamp that is up to messageRetentionDuration in the past. If this field is not set, message retention is controlled by settings on individual subscriptions. The rotation period has the format of a decimal number, followed by the letter s (seconds). Cannot be more than 31 days or less than 10 minutes.

  • ingestion_data_source_settings - (Optional) Settings for ingestion from a data source into this topic. Structure is documented below.

  • project - (Optional) The ID of the project in which the resource belongs. If it is not provided, the provider project is used.

The message_storage_policy block supports:

  • allowed_persistence_regions - (Required) A list of IDs of GCP regions where messages that are published to the topic may be persisted in storage. Messages published by publishers running in non-allowed GCP regions (or running outside of GCP altogether) will be routed for storage in one of the allowed regions. An empty list means that no regions are allowed, and is not a valid configuration.

The schema_settings block supports:

  • schema - (Required) The name of the schema that messages published should be validated against. Format is projects/{project}/schemas/{schema}. The value of this field will be deleted-schema if the schema has been deleted.

  • encoding - (Optional) The encoding of messages validated against schema. Default value is ENCODING_UNSPECIFIED. Possible values are: ENCODING_UNSPECIFIED, JSON, BINARY.

The ingestion_data_source_settings block supports:

  • aws_kinesis - (Optional) Settings for ingestion from Amazon Kinesis Data Streams. Structure is documented below.

The aws_kinesis block supports:

  • stream_arn - (Required) The Kinesis stream ARN to ingest data from.

  • consumer_arn - (Required) The Kinesis consumer ARN to used for ingestion in Enhanced Fan-Out mode. The consumer must be already created and ready to be used.

  • aws_role_arn - (Required) AWS role ARN to be used for Federated Identity authentication with Kinesis. Check the Pub/Sub docs for how to set up this role and the required permissions that need to be attached to it.

  • gcp_service_account - (Required) The GCP service account to be used for Federated Identity authentication with Kinesis (via a AssumeRoleWithWebIdentity call for the provided role). The awsRoleArn must be set up with accounts.google.com:sub equals to this service account number.

Attributes Reference

In addition to the arguments listed above, the following computed attributes are exported:

  • id - an identifier for the resource with format projects/{{project}}/topics/{{name}}

  • terraform_labels - The combination of labels configured directly on the resource and default labels configured on the provider.

  • effective_labels - All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Terraform, other clients and services.

Timeouts

This resource provides the following Timeouts configuration options:

  • create - Default is 20 minutes.
  • update - Default is 20 minutes.
  • delete - Default is 20 minutes.

Import

Topic can be imported using any of these accepted formats:

  • projects/{{project}}/topics/{{name}}
  • {{project}}/{{name}}
  • {{name}}

In Terraform v1.5.0 and later, use an import block to import Topic using one of the formats above. For example:

import {
  id = "projects/{{project}}/topics/{{name}}"
  to = google_pubsub_topic.default
}

When using the terraform import command, Topic can be imported using one of the formats above. For example:

$ terraform import google_pubsub_topic.default projects/{{project}}/topics/{{name}}
$ terraform import google_pubsub_topic.default {{project}}/{{name}}
$ terraform import google_pubsub_topic.default {{name}}

User Project Overrides

This resource supports User Project Overrides.