Add asset_feeds to resman modules (#3658)

* Add asset_feeds to resman modules * Add examples and update readmes * Extend pubsub_topic context to project and folder modules * Use pubsub_topic context for pubsub_destination * Update readmes and add project-factory asset_feed example * Update context tests * Update schemas
2026-01-20 15:37:35 +01:00
parent 558e552b5e
commit d9e1b924a1
43 changed files with 1935 additions and 126 deletions
--- a/tests/modules/organization/context.tfvars
+++ b/tests/modules/organization/context.tfvars
@@ -41,6 +41,16 @@ context = {
    "test/one" = "tagValues/1234567890"
  }
 }
+asset_feeds = {
+  test = {
+    billing_project = "test-project"
+    feed_output_config = {
+      pubsub_destination = {
+        topic = "$pubsub_topics:test"
+      }
+    }
+  }
+}
 contacts = {
  "$email_addresses:default" = ["ALL"]
 }
--- a/tests/modules/organization/context.yaml
+++ b/tests/modules/organization/context.yaml
@@ -18,15 +18,29 @@ values:
    dataset_id: logs
    project: test-prod-audit-logs-0
    role: roles/bigquery.dataEditor
+  google_cloud_asset_organization_feed.default["test"]:
+    asset_names: null
+    asset_types: null
+    billing_project: test-project
+    condition: []
+    content_type: null
+    feed_id: test
+    feed_output_config:
+    - pubsub_destination:
+      - topic: projects/test-prod-audit-logs-0/topics/audit-logs
+    org_id: organizations/1234567890
+    timeouts: null
  google_essential_contacts_contact.contact["$email_addresses:default"]:
    email: foo@example.com
    language_tag: en
    notification_category_subscriptions:
    - ALL
    parent: organizations/1234567890
+    timeouts: null
  google_logging_organization_settings.default[0]:
    organization: '1234567890'
    storage_location: europe-west8
+    timeouts: null
  google_logging_organization_sink.sink["test-bq"]:
    bigquery_options:
    - use_partitioned_tables: false
@@ -182,6 +196,7 @@ values:
    - not_mandatory: []
      unstructured:
      - {}
+    timeouts: null
  google_project_iam_member.bucket-sinks-binding["test-logging"]:
    condition:
    - expression: resource.name.endsWith('projects/test-prod-audit-logs-0/locations/europe-west8/buckets/audit-logs')
@@ -201,9 +216,11 @@ values:
    bucket: test-prod-logs-audit-0
    condition: []
    role: roles/storage.objectCreator
+    timeouts: null
  google_tags_tag_binding.binding["foo"]:
    parent: //cloudresourcemanager.googleapis.com/organizations/1234567890
    tag_value: tagValues/1234567890
+    timeouts: null
  google_tags_tag_key_iam_binding.bindings["test:tag_user"]:
    condition: []
    members:
@@ -241,6 +258,7 @@ values:

 counts:
  google_bigquery_dataset_iam_member: 1
+  google_cloud_asset_organization_feed: 1
  google_essential_contacts_contact: 1
  google_logging_organization_settings: 1
  google_logging_organization_sink: 5
@@ -257,4 +275,4 @@ counts:
  google_tags_tag_value_iam_binding: 2
  google_tags_tag_value_iam_member: 1
  modules: 0
-  resources: 29
+  resources: 30
--- a/tests/modules/organization/examples/feeds.yaml
+++ b/tests/modules/organization/examples/feeds.yaml
@@ -0,0 +1,50 @@
+# Copyright 2026 Google LLC
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#      http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+values:
+  module.org.google_cloud_asset_organization_feed.default["security-monitoring"]:
+    asset_names: null
+    asset_types: null
+    billing_project: project-id
+    condition: []
+    content_type: IAM_POLICY
+    feed_id: security-monitoring
+    feed_output_config:
+    - pubsub_destination:
+      - topic: projects/project-id/topics/org-asset-feed
+    org_id: organizations/1122334455
+    timeouts: null
+  module.pubsub.google_pubsub_topic.default:
+    effective_labels:
+      goog-terraform-provisioned: 'true'
+    ingestion_data_source_settings: []
+    kms_key_name: null
+    labels: null
+    message_retention_duration: null
+    message_transforms: []
+    name: org-asset-feed
+    project: project-id
+    schema_settings: []
+    tags: null
+    terraform_labels:
+      goog-terraform-provisioned: 'true'
+    timeouts: null
+
+counts:
+  google_cloud_asset_organization_feed: 1
+  google_pubsub_topic: 1
+  modules: 2
+  resources: 2
+
+outputs: {}