Add missing context interpolations (#3659)
This commit is contained in:
Julio Castillo
@@ -80,7 +80,6 @@ module "organization" {
|
||||
source = "../../../modules/organization"
|
||||
count = local.organization_id != null ? 1 : 0
|
||||
organization_id = "organizations/${local.organization_id}"
|
||||
asset_feeds = lookup(local.organization, "asset_feeds", {})
|
||||
logging_settings = lookup(local.organization, "logging", null)
|
||||
context = {
|
||||
condition_vars = {
|
||||
@@ -110,6 +109,7 @@ module "organization-iam" {
|
||||
source = "../../../modules/organization"
|
||||
count = local.organization.id != null ? 1 : 0
|
||||
organization_id = module.organization[0].id
|
||||
asset_feeds = lookup(local.organization, "asset_feeds", {})
|
||||
context = merge(local.ctx, {
|
||||
condition_vars = merge(
|
||||
local.ctx_condition_vars,
|
||||
|
||||
@@ -15,11 +15,15 @@
|
||||
*/
|
||||
|
||||
resource "google_cloud_asset_folder_feed" "default" {
|
||||
for_each = var.asset_feeds
|
||||
billing_project = each.value.billing_project
|
||||
folder = local.folder_id
|
||||
feed_id = each.key
|
||||
content_type = each.value.content_type
|
||||
for_each = var.asset_feeds
|
||||
billing_project = lookup(
|
||||
local.ctx.project_ids,
|
||||
each.value.billing_project,
|
||||
each.value.billing_project
|
||||
)
|
||||
folder = local.folder_id
|
||||
feed_id = each.key
|
||||
content_type = each.value.content_type
|
||||
|
||||
asset_types = each.value.asset_types
|
||||
asset_names = each.value.asset_names
|
||||
|
||||
@@ -15,11 +15,15 @@
|
||||
*/
|
||||
|
||||
resource "google_cloud_asset_organization_feed" "default" {
|
||||
for_each = var.asset_feeds
|
||||
billing_project = each.value.billing_project
|
||||
org_id = var.organization_id
|
||||
feed_id = each.key
|
||||
content_type = each.value.content_type
|
||||
for_each = var.asset_feeds
|
||||
billing_project = lookup(
|
||||
local.ctx.project_ids,
|
||||
each.value.billing_project,
|
||||
each.value.billing_project
|
||||
)
|
||||
org_id = local.organization_id_numeric
|
||||
feed_id = each.key
|
||||
content_type = each.value.content_type
|
||||
|
||||
asset_types = each.value.asset_types
|
||||
asset_names = each.value.asset_names
|
||||
|
||||
@@ -58,7 +58,6 @@ module "folder-1" {
|
||||
for k, v in local.folders_input : k => v if v.level == 1
|
||||
}
|
||||
deletion_protection = lookup(each.value, "deletion_protection", false)
|
||||
asset_feeds = lookup(each.value, "asset_feeds", {})
|
||||
parent = coalesce(each.value.parent, "$folder_ids:default")
|
||||
name = each.value.name
|
||||
factories_config = {
|
||||
@@ -76,7 +75,8 @@ module "folder-1-iam" {
|
||||
for_each = {
|
||||
for k, v in local.folders_input : k => v if v.level == 1
|
||||
}
|
||||
id = module.folder-1[each.key].id
|
||||
id = module.folder-1[each.key].id
|
||||
asset_feeds = lookup(each.value, "asset_feeds", {})
|
||||
factories_config = {
|
||||
# we do anything that can refer to IAM and custom roles in this call
|
||||
pam_entitlements = try(each.value.factories_config.pam_entitlements, null)
|
||||
@@ -102,7 +102,6 @@ module "folder-2" {
|
||||
for k, v in local.folders_input : k => v if v.level == 2
|
||||
}
|
||||
deletion_protection = lookup(each.value, "deletion_protection", false)
|
||||
asset_feeds = lookup(each.value, "asset_feeds", {})
|
||||
parent = coalesce(
|
||||
each.value.parent, "$folder_ids:${each.value.parent_key}"
|
||||
)
|
||||
@@ -127,7 +126,8 @@ module "folder-2-iam" {
|
||||
for_each = {
|
||||
for k, v in local.folders_input : k => v if v.level == 2
|
||||
}
|
||||
id = module.folder-2[each.key].id
|
||||
asset_feeds = lookup(each.value, "asset_feeds", {})
|
||||
id = module.folder-2[each.key].id
|
||||
factories_config = {
|
||||
# we do anything that can refer to IAM and custom roles in this call
|
||||
pam_entitlements = try(each.value.factories_config.pam_entitlements, null)
|
||||
@@ -156,7 +156,6 @@ module "folder-3" {
|
||||
for k, v in local.folders_input : k => v if v.level == 3
|
||||
}
|
||||
deletion_protection = lookup(each.value, "deletion_protection", false)
|
||||
asset_feeds = lookup(each.value, "asset_feeds", {})
|
||||
parent = coalesce(
|
||||
each.value.parent, "$folder_ids:${each.value.parent_key}"
|
||||
)
|
||||
@@ -181,7 +180,8 @@ module "folder-3-iam" {
|
||||
for_each = {
|
||||
for k, v in local.folders_input : k => v if v.level == 3
|
||||
}
|
||||
id = module.folder-3[each.key].id
|
||||
id = module.folder-3[each.key].id
|
||||
asset_feeds = lookup(each.value, "asset_feeds", {})
|
||||
factories_config = {
|
||||
# we do anything that can refer to IAM and custom roles in this call
|
||||
pam_entitlements = try(each.value.factories_config.pam_entitlements, null)
|
||||
@@ -210,7 +210,6 @@ module "folder-4" {
|
||||
for k, v in local.folders_input : k => v if v.level == 4
|
||||
}
|
||||
deletion_protection = lookup(each.value, "deletion_protection", false)
|
||||
asset_feeds = lookup(each.value, "asset_feeds", {})
|
||||
parent = coalesce(
|
||||
each.value.parent, "$folder_ids:${each.value.parent_key}"
|
||||
)
|
||||
@@ -235,7 +234,8 @@ module "folder-4-iam" {
|
||||
for_each = {
|
||||
for k, v in local.folders_input : k => v if v.level == 4
|
||||
}
|
||||
id = module.folder-4[each.key].id
|
||||
id = module.folder-4[each.key].id
|
||||
asset_feeds = lookup(each.value, "asset_feeds", {})
|
||||
factories_config = {
|
||||
# we do anything that can refer to IAM and custom roles in this call
|
||||
pam_entitlements = try(each.value.factories_config.pam_entitlements, null)
|
||||
|
||||
@@ -15,11 +15,15 @@
|
||||
*/
|
||||
|
||||
resource "google_cloud_asset_project_feed" "default" {
|
||||
for_each = var.asset_feeds
|
||||
project = local.project.project_id
|
||||
billing_project = coalesce(each.value.billing_project, local.project.project_id)
|
||||
feed_id = each.key
|
||||
content_type = each.value.content_type
|
||||
for_each = var.asset_feeds
|
||||
project = local.project.project_id
|
||||
billing_project = lookup(
|
||||
local.ctx.project_ids,
|
||||
coalesce(each.value.billing_project, local.project.project_id),
|
||||
coalesce(each.value.billing_project, local.project.project_id)
|
||||
)
|
||||
feed_id = each.key
|
||||
content_type = each.value.content_type
|
||||
|
||||
asset_types = each.value.asset_types
|
||||
asset_names = each.value.asset_names
|
||||
|
||||
@@ -228,19 +228,19 @@ module "pubsub" {
|
||||
|
||||
| name | description | type | required | default |
|
||||
|---|---|:---:|:---:|:---:|
|
||||
| [name](variables.tf#L48) | PubSub topic name. | <code>string</code> | ✓ | |
|
||||
| [project_id](variables.tf#L53) | Project used for resources. | <code>string</code> | ✓ | |
|
||||
| [context](variables.tf#L17) | Context-specific interpolations. | <code title="object({ custom_roles = optional(map(string), {}) iam_principals = optional(map(string), {}) locations = optional(map(string), {}) project_ids = optional(map(string), {}) })">object({…})</code> | | <code>{}</code> |
|
||||
| [name](variables.tf#L49) | PubSub topic name. | <code>string</code> | ✓ | |
|
||||
| [project_id](variables.tf#L54) | Project used for resources. | <code>string</code> | ✓ | |
|
||||
| [context](variables.tf#L17) | Context-specific interpolations. | <code title="object({ custom_roles = optional(map(string), {}) iam_principals = optional(map(string), {}) kms_keys = optional(map(string), {}) locations = optional(map(string), {}) project_ids = optional(map(string), {}) })">object({…})</code> | | <code>{}</code> |
|
||||
| [iam](variables-iam.tf#L17) | IAM bindings for topic in {ROLE => [MEMBERS]} format. | <code>map(list(string))</code> | | <code>{}</code> |
|
||||
| [iam_bindings](variables-iam.tf#L24) | Authoritative IAM bindings in {KEY => {role = ROLE, members = [], condition = {}}}. Keys are arbitrary. | <code title="map(object({ members = list(string) role = string condition = optional(object({ expression = string title = string description = optional(string) })) }))">map(object({…}))</code> | | <code>{}</code> |
|
||||
| [iam_bindings_additive](variables-iam.tf#L39) | Keyring individual additive IAM bindings. Keys are arbitrary. | <code title="map(object({ member = string role = string condition = optional(object({ expression = string title = string description = optional(string) })) }))">map(object({…}))</code> | | <code>{}</code> |
|
||||
| [iam_by_principals](variables-iam.tf#L54) | Authoritative IAM binding in {PRINCIPAL => [ROLES]} format. Principals need to be statically defined to avoid cycle errors. Merged internally with the `iam` variable. | <code>map(list(string))</code> | | <code>{}</code> |
|
||||
| [kms_key](variables.tf#L29) | KMS customer managed encryption key. | <code>string</code> | | <code>null</code> |
|
||||
| [labels](variables.tf#L35) | Labels. | <code>map(string)</code> | | <code>{}</code> |
|
||||
| [message_retention_duration](variables.tf#L42) | Minimum duration to retain a message after it is published to the topic. | <code>string</code> | | <code>null</code> |
|
||||
| [regions](variables.tf#L58) | List of regions used to set persistence policy. | <code>list(string)</code> | | <code>[]</code> |
|
||||
| [schema](variables.tf#L65) | Topic schema. If set, all messages in this topic should follow this schema. | <code title="object({ definition = string msg_encoding = optional(string, "ENCODING_UNSPECIFIED") schema_type = string })">object({…})</code> | | <code>null</code> |
|
||||
| [subscriptions](variables.tf#L75) | Topic subscriptions. Also define push configs for push subscriptions. If options is set to null subscription defaults will be used. Labels default to topic labels if set to null. | <code title="map(object({ ack_deadline_seconds = optional(number) enable_exactly_once_delivery = optional(bool, false) enable_message_ordering = optional(bool, false) expiration_policy_ttl = optional(string) filter = optional(string) iam = optional(map(list(string)), {}) labels = optional(map(string)) message_retention_duration = optional(string) retain_acked_messages = optional(bool, false) bigquery = optional(object({ table = string drop_unknown_fields = optional(bool, false) service_account_email = optional(string) use_table_schema = optional(bool, false) use_topic_schema = optional(bool, false) write_metadata = optional(bool, false) })) cloud_storage = optional(object({ bucket = string filename_prefix = optional(string) filename_suffix = optional(string) max_duration = optional(string) max_bytes = optional(number) avro_config = optional(object({ write_metadata = optional(bool, false) })) })) dead_letter_policy = optional(object({ topic = string max_delivery_attempts = optional(number) })) iam_bindings = optional(map(object({ members = list(string) role = string condition = optional(object({ expression = string title = string description = optional(string) })) })), {}) iam_bindings_additive = optional(map(object({ member = string role = string condition = optional(object({ expression = string title = string description = optional(string) })) })), {}) push = optional(object({ endpoint = string attributes = optional(map(string)) no_wrapper = optional(object({ write_metadata = optional(bool, false) })) oidc_token = optional(object({ audience = optional(string) service_account_email = string })) })) retry_policy = optional(object({ minimum_backoff = optional(number) maximum_backoff = optional(number) })) }))">map(object({…}))</code> | | <code>{}</code> |
|
||||
| [kms_key](variables.tf#L30) | KMS customer managed encryption key. | <code>string</code> | | <code>null</code> |
|
||||
| [labels](variables.tf#L36) | Labels. | <code>map(string)</code> | | <code>{}</code> |
|
||||
| [message_retention_duration](variables.tf#L43) | Minimum duration to retain a message after it is published to the topic. | <code>string</code> | | <code>null</code> |
|
||||
| [regions](variables.tf#L59) | List of regions used to set persistence policy. | <code>list(string)</code> | | <code>[]</code> |
|
||||
| [schema](variables.tf#L66) | Topic schema. If set, all messages in this topic should follow this schema. | <code title="object({ definition = string msg_encoding = optional(string, "ENCODING_UNSPECIFIED") schema_type = string })">object({…})</code> | | <code>null</code> |
|
||||
| [subscriptions](variables.tf#L76) | Topic subscriptions. Also define push configs for push subscriptions. If options is set to null subscription defaults will be used. Labels default to topic labels if set to null. | <code title="map(object({ ack_deadline_seconds = optional(number) enable_exactly_once_delivery = optional(bool, false) enable_message_ordering = optional(bool, false) expiration_policy_ttl = optional(string) filter = optional(string) iam = optional(map(list(string)), {}) labels = optional(map(string)) message_retention_duration = optional(string) retain_acked_messages = optional(bool, false) bigquery = optional(object({ table = string drop_unknown_fields = optional(bool, false) service_account_email = optional(string) use_table_schema = optional(bool, false) use_topic_schema = optional(bool, false) write_metadata = optional(bool, false) })) cloud_storage = optional(object({ bucket = string filename_prefix = optional(string) filename_suffix = optional(string) max_duration = optional(string) max_bytes = optional(number) avro_config = optional(object({ write_metadata = optional(bool, false) })) })) dead_letter_policy = optional(object({ topic = string max_delivery_attempts = optional(number) })) iam_bindings = optional(map(object({ members = list(string) role = string condition = optional(object({ expression = string title = string description = optional(string) })) })), {}) iam_bindings_additive = optional(map(object({ member = string role = string condition = optional(object({ expression = string title = string description = optional(string) })) })), {}) push = optional(object({ endpoint = string attributes = optional(map(string)) no_wrapper = optional(object({ write_metadata = optional(bool, false) })) oidc_token = optional(object({ audience = optional(string) service_account_email = string })) })) retry_policy = optional(object({ minimum_backoff = optional(number) maximum_backoff = optional(number) })) }))">map(object({…}))</code> | | <code>{}</code> |
|
||||
|
||||
## Outputs
|
||||
|
||||
|
||||
@@ -1,5 +1,5 @@
|
||||
/**
|
||||
* Copyright 2023 Google LLC
|
||||
* Copyright 2026 Google LLC
|
||||
*
|
||||
* Licensed under the Apache License, Version 2.0 (the "License");
|
||||
* you may not use this file except in compliance with the License.
|
||||
@@ -34,9 +34,13 @@ resource "google_pubsub_schema" "default" {
|
||||
}
|
||||
|
||||
resource "google_pubsub_topic" "default" {
|
||||
project = local.project_id
|
||||
name = var.name
|
||||
kms_key_name = var.kms_key
|
||||
project = local.project_id
|
||||
name = var.name
|
||||
kms_key_name = (
|
||||
var.kms_key == null
|
||||
? null
|
||||
: lookup(local.ctx.kms_keys, var.kms_key, var.kms_key)
|
||||
)
|
||||
labels = var.labels
|
||||
message_retention_duration = var.message_retention_duration
|
||||
dynamic "message_storage_policy" {
|
||||
|
||||
@@ -1,5 +1,5 @@
|
||||
/**
|
||||
* Copyright 2023 Google LLC
|
||||
* Copyright 2026 Google LLC
|
||||
*
|
||||
* Licensed under the Apache License, Version 2.0 (the "License");
|
||||
* you may not use this file except in compliance with the License.
|
||||
@@ -19,6 +19,7 @@ variable "context" {
|
||||
type = object({
|
||||
custom_roles = optional(map(string), {})
|
||||
iam_principals = optional(map(string), {})
|
||||
kms_keys = optional(map(string), {})
|
||||
locations = optional(map(string), {})
|
||||
project_ids = optional(map(string), {})
|
||||
})
|
||||
|
||||
@@ -28,7 +28,7 @@ values:
|
||||
feed_output_config:
|
||||
- pubsub_destination:
|
||||
- topic: projects/test-prod-audit-logs-0/topics/audit-logs
|
||||
org_id: organizations/1234567890
|
||||
org_id: "1234567890"
|
||||
timeouts: null
|
||||
google_essential_contacts_contact.contact["$email_addresses:default"]:
|
||||
email: foo@example.com
|
||||
|
||||
@@ -23,7 +23,7 @@ values:
|
||||
feed_output_config:
|
||||
- pubsub_destination:
|
||||
- topic: projects/project-id/topics/org-asset-feed
|
||||
org_id: organizations/1122334455
|
||||
org_id: "1122334455"
|
||||
timeouts: null
|
||||
module.pubsub.google_pubsub_topic.default:
|
||||
effective_labels:
|
||||
|
||||
@@ -213,11 +213,11 @@ values:
|
||||
display_name: Test
|
||||
tags: null
|
||||
timeouts: null
|
||||
? module.project-factory.module.folder-4["team-c/apps/test/app-x"].google_cloud_asset_folder_feed.default["compute-instances"]
|
||||
? module.project-factory.module.folder-4-iam["team-c/apps/test/app-x"].google_cloud_asset_folder_feed.default["compute-instances"]
|
||||
: asset_names: null
|
||||
asset_types:
|
||||
- compute.googleapis.com/Instance
|
||||
billing_project: $project_ids:feeds-project
|
||||
billing_project: my-cai-feeds-project
|
||||
condition: []
|
||||
content_type: RESOURCE
|
||||
feed_id: compute-instances
|
||||
@@ -841,7 +841,6 @@ values:
|
||||
output: null
|
||||
triggers_replace: null
|
||||
|
||||
|
||||
counts:
|
||||
google_billing_budget: 1
|
||||
google_cloud_asset_folder_feed: 1
|
||||
@@ -876,6 +875,6 @@ counts:
|
||||
google_tags_tag_key: 1
|
||||
google_tags_tag_value: 2
|
||||
google_tags_tag_value_iam_binding: 1
|
||||
modules: 29
|
||||
modules: 30
|
||||
resources: 108
|
||||
terraform_data: 2
|
||||
|
||||
Reference in New Issue
Block a user