Extend support for tag bindings to more modules (#2307)
* fix kms tag bindings * bigquery dataset * fix bigquery * cloud run * normalize variable type * rename gcs heading * kms example test * fix bigquery * fix cloud run * cloud run v2
This commit is contained in:
Ludovico Magnocavallo
committed by
GitHub
GitHub
parent
735fd79cce
commit
c80af8de66
@@ -2,14 +2,19 @@
|
||||
|
||||
This module allows managing a single BigQuery dataset, including access configuration, tables and views.
|
||||
|
||||
## TODO
|
||||
<!-- BEGIN TOC -->
|
||||
- [Simple dataset with access configuration](#simple-dataset-with-access-configuration)
|
||||
- [IAM roles](#iam-roles)
|
||||
- [Authorized Views, Datasets, and Routines](#authorized-views-datasets-and-routines)
|
||||
- [Dataset options](#dataset-options)
|
||||
- [Tables and views](#tables-and-views)
|
||||
- [Tag bindings](#tag-bindings)
|
||||
- [TODO](#todo)
|
||||
- [Variables](#variables)
|
||||
- [Outputs](#outputs)
|
||||
<!-- END TOC -->
|
||||
|
||||
- [ ] check for dynamic values in tables and views
|
||||
- [ ] add support for external tables
|
||||
|
||||
## Examples
|
||||
|
||||
### Simple dataset with access configuration
|
||||
## Simple dataset with access configuration
|
||||
|
||||
Access configuration defaults to using the separate `google_bigquery_dataset_access` resource, so as to leave the default dataset access rules untouched.
|
||||
|
||||
@@ -38,7 +43,7 @@ module "bigquery-dataset" {
|
||||
# tftest modules=1 resources=5 inventory=simple.yaml
|
||||
```
|
||||
|
||||
### IAM roles
|
||||
## IAM roles
|
||||
|
||||
Access configuration can also be specified via IAM instead of basic roles via the `iam` variable. When using IAM, basic roles cannot be used via the `access` family variables.
|
||||
|
||||
@@ -54,7 +59,7 @@ module "bigquery-dataset" {
|
||||
# tftest modules=1 resources=2 inventory=iam.yaml
|
||||
```
|
||||
|
||||
### Authorized Views, Datasets, and Routines
|
||||
## Authorized Views, Datasets, and Routines
|
||||
|
||||
You can specify authorized [views](https://cloud.google.com/bigquery/docs/authorized-views), [datasets](https://cloud.google.com/bigquery/docs/authorized-datasets?hl=en), and [routines](https://cloud.google.com/bigquery/docs/authorized-routines) via the `authorized_views`, `authorized_datasets` and `authorized_routines` variables, respectively.
|
||||
|
||||
@@ -168,7 +173,7 @@ module "bigquery-dataset" {
|
||||
# tftest modules=1 resources=4 inventory=authorized_resources_views.yaml
|
||||
```
|
||||
|
||||
### Dataset options
|
||||
## Dataset options
|
||||
|
||||
Dataset options are set via the `options` variable. all options must be specified, but a `null` value can be set to options that need to use defaults.
|
||||
|
||||
@@ -187,7 +192,7 @@ module "bigquery-dataset" {
|
||||
# tftest modules=1 resources=1 inventory=options.yaml
|
||||
```
|
||||
|
||||
### Tables and views
|
||||
## Tables and views
|
||||
|
||||
Tables are created via the `tables` variable, or the `view` variable for views. Support for external tables will be added in a future release.
|
||||
|
||||
@@ -275,6 +280,42 @@ module "bigquery-dataset" {
|
||||
|
||||
# tftest modules=1 resources=3 inventory=views.yaml
|
||||
```
|
||||
|
||||
## Tag bindings
|
||||
|
||||
Refer to the [Creating and managing tags](https://cloud.google.com/resource-manager/docs/tags/tags-creating-and-managing) documentation for details on usage.
|
||||
|
||||
```hcl
|
||||
module "org" {
|
||||
source = "./fabric/modules/organization"
|
||||
organization_id = var.organization_id
|
||||
tags = {
|
||||
environment = {
|
||||
description = "Environment specification."
|
||||
values = {
|
||||
dev = {}
|
||||
prod = {}
|
||||
sandbox = {}
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
module "bigquery-dataset" {
|
||||
source = "./fabric/modules/bigquery-dataset"
|
||||
project_id = "my-project"
|
||||
id = "my_dataset"
|
||||
tag_bindings = {
|
||||
env-sandbox = module.org.tag_values["environment/sandbox"].id
|
||||
}
|
||||
}
|
||||
# tftest modules=2 resources=6
|
||||
```
|
||||
|
||||
## TODO
|
||||
|
||||
- [ ] check for dynamic values in tables and views
|
||||
- [ ] add support for external tables
|
||||
<!-- BEGIN TFDOC -->
|
||||
## Variables
|
||||
|
||||
@@ -297,7 +338,8 @@ module "bigquery-dataset" {
|
||||
| [materialized_views](variables.tf#L115) | Materialized views definitions. | <code title="map(object({ query = string allow_non_incremental_definition = optional(bool) deletion_protection = optional(bool) description = optional(string, "Terraform managed.") enable_refresh = optional(bool) friendly_name = optional(string) labels = optional(map(string), {}) refresh_interval_ms = optional(bool) require_partition_filter = optional(bool) options = optional(object({ clustering = optional(list(string)) expiration_time = optional(number) }), {}) partitioning = optional(object({ field = optional(string) range = optional(object({ end = number interval = number start = number })) time = optional(object({ type = string expiration_ms = optional(number) field = optional(string) })) })) }))">map(object({…}))</code> | | <code>{}</code> |
|
||||
| [options](variables.tf#L148) | Dataset options. | <code title="object({ default_collation = optional(string) default_table_expiration_ms = optional(number) default_partition_expiration_ms = optional(number) delete_contents_on_destroy = optional(bool, false) is_case_insensitive = optional(bool) max_time_travel_hours = optional(number, 168) storage_billing_model = optional(string) })">object({…})</code> | | <code>{}</code> |
|
||||
| [tables](variables.tf#L167) | Table definitions. Options and partitioning default to null. Partitioning can only use `range` or `time`, set the unused one to null. | <code title="map(object({ deletion_protection = optional(bool) description = optional(string, "Terraform managed.") friendly_name = optional(string) labels = optional(map(string), {}) require_partition_filter = optional(bool) schema = optional(string) external_data_configuration = optional(object({ autodetect = bool source_uris = list(string) avro_logical_types = optional(bool) compression = optional(string) connection_id = optional(string) file_set_spec_type = optional(string) ignore_unknown_values = optional(bool) metadata_cache_mode = optional(string) object_metadata = optional(string) json_options_encoding = optional(string) reference_file_schema_uri = optional(string) schema = optional(string) source_format = optional(string) max_bad_records = optional(number) csv_options = optional(object({ quote = string allow_jagged_rows = optional(bool) allow_quoted_newlines = optional(bool) encoding = optional(string) field_delimiter = optional(string) skip_leading_rows = optional(number) })) google_sheets_options = optional(object({ range = optional(string) skip_leading_rows = optional(number) })) hive_partitioning_options = optional(object({ mode = optional(string) require_partition_filter = optional(bool) source_uri_prefix = optional(string) })) parquet_options = optional(object({ enum_as_string = optional(bool) enable_list_inference = optional(bool) })) })) options = optional(object({ clustering = optional(list(string)) encryption_key = optional(string) expiration_time = optional(number) max_staleness = optional(string) }), {}) partitioning = optional(object({ field = optional(string) range = optional(object({ end = number interval = number start = number })) time = optional(object({ type = string expiration_ms = optional(number) field = optional(string) })) })) table_constraints = optional(object({ primary_key_columns = optional(list(string)) foreign_keys = optional(object({ referenced_table = object({ project_id = string dataset_id = string table_id = string }) column_references = object({ referencing_column = string referenced_column = string }) name = optional(string) })) })) }))">map(object({…}))</code> | | <code>{}</code> |
|
||||
| [views](variables.tf#L252) | View definitions. | <code title="map(object({ query = string deletion_protection = optional(bool) description = optional(string, "Terraform managed.") friendly_name = optional(string) labels = optional(map(string), {}) use_legacy_sql = optional(bool) }))">map(object({…}))</code> | | <code>{}</code> |
|
||||
| [tag_bindings](variables.tf#L252) | Tag bindings for this dataset, in key => tag value id format. | <code>map(string)</code> | | <code>{}</code> |
|
||||
| [views](variables.tf#L259) | View definitions. | <code title="map(object({ query = string deletion_protection = optional(bool) description = optional(string, "Terraform managed.") friendly_name = optional(string) labels = optional(map(string), {}) use_legacy_sql = optional(bool) }))">map(object({…}))</code> | | <code>{}</code> |
|
||||
|
||||
## Outputs
|
||||
|
||||
|
||||
22
modules/bigquery-dataset/tags.tf
Normal file
22
modules/bigquery-dataset/tags.tf
Normal file
@@ -0,0 +1,22 @@
|
||||
/**
|
||||
* Copyright 2023 Google LLC
|
||||
*
|
||||
* Licensed under the Apache License, Version 2.0 (the "License");
|
||||
* you may not use this file except in compliance with the License.
|
||||
* You may obtain a copy of the License at
|
||||
*
|
||||
* http://www.apache.org/licenses/LICENSE-2.0
|
||||
*
|
||||
* Unless required by applicable law or agreed to in writing, software
|
||||
* distributed under the License is distributed on an "AS IS" BASIS,
|
||||
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
* See the License for the specific language governing permissions and
|
||||
* limitations under the License.
|
||||
*/
|
||||
|
||||
resource "google_tags_location_tag_binding" "binding" {
|
||||
for_each = var.tag_bindings
|
||||
parent = "//bigquery.googleapis.com/${google_bigquery_dataset.default.id}"
|
||||
tag_value = each.value
|
||||
location = var.location
|
||||
}
|
||||
@@ -249,6 +249,13 @@ variable "tables" {
|
||||
default = {}
|
||||
}
|
||||
|
||||
variable "tag_bindings" {
|
||||
description = "Tag bindings for this dataset, in key => tag value id format."
|
||||
type = map(string)
|
||||
nullable = false
|
||||
default = {}
|
||||
}
|
||||
|
||||
variable "views" {
|
||||
description = "View definitions."
|
||||
type = map(object({
|
||||
|
||||
Reference in New Issue
Block a user