New FAST data platform (#3066)
* copy from broken dp dev branch * remove extra excalidraw file * fix networking yaml * tfdoc * tfdoc * nuke old data platform * fix tests * tests * tflint * high level diagram * make location optional in composer schema * add composer outputs * docs * remove schema docs * tfdoc * update service agent encryption composer def for composer 3 * encryption keys * typo * typo * fix security IAM * inventory * tflint * Fix roles and diagram. * Fix tflint * Fix test DP. * Fix test * Diagrams excalidraw gz --------- Co-authored-by: lcaggio <lorenzo.caggioni@gmail.com>
This commit is contained in:
Ludovico Magnocavallo
committed by
GitHub
GitHub
parent
4c7ff3381e
commit
cb7bed50e3
@@ -69,12 +69,19 @@ module "aspect-types" {
|
||||
|
||||
Aspect types can also be defined via a resource factory, where the file name will be used as the aspect type id. The resulting data is then internally combined with the `aspect_types` variable.
|
||||
|
||||
IAM attributes can leverage substitutions for principals, which need to be defined via the `factories_configs.context.iam_principals` variable as shown in the example below.
|
||||
|
||||
```hcl
|
||||
module "aspect-types" {
|
||||
source = "./fabric/modules/dataplex-aspect-types"
|
||||
project_id = "test-project"
|
||||
factories_config = {
|
||||
aspect_types = "data/aspect-types"
|
||||
context = {
|
||||
iam_principals = {
|
||||
test-sa = "serviceAccount:sa-0@test-project.iam.gserviceaccount.com"
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
# tftest modules=1 resources=4 files=aspect-0,aspect-1
|
||||
@@ -83,8 +90,8 @@ module "aspect-types" {
|
||||
```yaml
|
||||
display_name: "Test template 0."
|
||||
iam:
|
||||
roles/dataplex.aspectTypeOwner:
|
||||
- "group:data-owners@example.com"
|
||||
"roles/dataplex.aspectTypeOwner":
|
||||
- group:data-owners@example.com
|
||||
metadata_template: |
|
||||
{
|
||||
"name": "tf-test-template-0",
|
||||
@@ -117,8 +124,8 @@ metadata_template: |
|
||||
display_name: "Test template 1."
|
||||
iam_bindings_additive:
|
||||
user:
|
||||
role: "roles/dataplex.aspectTypeUser"
|
||||
member: "serviceAccount:sa-0@test-project.iam.gserviceaccount.com"
|
||||
role: roles/dataplex.aspectTypeUser
|
||||
member: test-sa
|
||||
metadata_template: |
|
||||
{
|
||||
"name": "tf-test-template-1",
|
||||
@@ -151,10 +158,10 @@ metadata_template: |
|
||||
|
||||
| name | description | type | required | default |
|
||||
|---|---|:---:|:---:|:---:|
|
||||
| [project_id](variables.tf#L64) | Project id where resources will be created. | <code>string</code> | ✓ | |
|
||||
| [project_id](variables.tf#L67) | Project id where resources will be created. | <code>string</code> | ✓ | |
|
||||
| [aspect_types](variables.tf#L17) | Aspect templates. Merged with those defined via the factory. | <code title="map(object({ description = optional(string) display_name = optional(string) labels = optional(map(string), {}) metadata_template = optional(string) iam = optional(map(list(string)), {}) iam_bindings = optional(map(object({ members = list(string) role = string condition = optional(object({ expression = string title = string description = optional(string) })) })), {}) iam_bindings_additive = optional(map(object({ member = string role = string condition = optional(object({ expression = string title = string description = optional(string) })) })), {}) }))">map(object({…}))</code> | | <code>{}</code> |
|
||||
| [factories_config](variables.tf#L48) | Paths to folders for the optional factories. | <code title="object({ aspect_types = optional(string) })">object({…})</code> | | <code>{}</code> |
|
||||
| [location](variables.tf#L57) | Location for aspect types. | <code>string</code> | | <code>"global"</code> |
|
||||
| [factories_config](variables.tf#L48) | Paths to folders for the optional factories. | <code title="object({ aspect_types = optional(string) context = optional(object({ iam_principals = optional(map(string), {}) }), {}) })">object({…})</code> | | <code>{}</code> |
|
||||
| [location](variables.tf#L60) | Location for aspect types. | <code>string</code> | | <code>"global"</code> |
|
||||
|
||||
## Outputs
|
||||
|
||||
|
||||
@@ -55,14 +55,20 @@ resource "google_dataplex_aspect_type_iam_binding" "authoritative" {
|
||||
}
|
||||
role = each.value.role
|
||||
aspect_type_id = google_dataplex_aspect_type.default[each.value.aspect_type_id].id
|
||||
members = each.value.members
|
||||
members = [
|
||||
for v in each.value.members :
|
||||
lookup(var.factories_config.context.iam_principals, v, v)
|
||||
]
|
||||
}
|
||||
|
||||
resource "google_dataplex_aspect_type_iam_binding" "bindings" {
|
||||
for_each = local.iam_bindings
|
||||
role = each.value.role
|
||||
aspect_type_id = google_dataplex_aspect_type.default[each.value.aspect_type_id].id
|
||||
members = each.value.members
|
||||
members = [
|
||||
for v in each.value.members :
|
||||
lookup(var.factories_config.context.iam_principals, v, v)
|
||||
]
|
||||
dynamic "condition" {
|
||||
for_each = each.value.condition == null ? [] : [""]
|
||||
content {
|
||||
@@ -77,7 +83,9 @@ resource "google_dataplex_aspect_type_iam_member" "members" {
|
||||
for_each = local.iam_bindings_additive
|
||||
aspect_type_id = google_dataplex_aspect_type.default[each.value.aspect_type_id].id
|
||||
role = each.value.role
|
||||
member = each.value.member
|
||||
member = lookup(
|
||||
var.factories_config.context.iam_principals, each.value.member, each.value.member
|
||||
)
|
||||
dynamic "condition" {
|
||||
for_each = each.value.condition == null ? [] : [""]
|
||||
content {
|
||||
|
||||
@@ -49,6 +49,9 @@ variable "factories_config" {
|
||||
description = "Paths to folders for the optional factories."
|
||||
type = object({
|
||||
aspect_types = optional(string)
|
||||
context = optional(object({
|
||||
iam_principals = optional(map(string), {})
|
||||
}), {})
|
||||
})
|
||||
nullable = false
|
||||
default = {}
|
||||
|
||||
Reference in New Issue
Block a user