-
Notifications
You must be signed in to change notification settings - Fork 2
/
variables.tf
128 lines (108 loc) · 5.25 KB
/
variables.tf
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
# ----------------------------------------------------------------------------------------------------------------------
# REQUIRED PARAMETERS
# These variables must be set when using this module.
# ----------------------------------------------------------------------------------------------------------------------
variable "name" {
type = string
description = "(Required) The name of the Pub/Sub topic."
}
variable "project" {
description = "(Required) The ID of the project in which the resources belong."
type = string
}
# ----------------------------------------------------------------------------------------------------------------------
# OPTIONAL PARAMETERS
# These variables have defaults, but may be overridden.
# ----------------------------------------------------------------------------------------------------------------------
variable "labels" {
type = map(string)
description = "(Optional) A map of labels to assign to the Pub/Sub topic. Default is '{}'."
#
# Example:
#
# labels = {
# CreatedAt = "2021-03-31",
# foo = "bar"
# }
#
default = {}
}
variable "message_retention_duration" {
type = string
description = "(Optional) Indicates the minimum duration to retain a message after it is published to the topic. If this field is set, messages published to the topic in the last messageRetentionDuration are always available to subscribers. For instance, it allows any attached subscription to seek to a timestamp that is up to messageRetentionDuration in the past. If this field is not set, message retention is controlled by settings on individual subscriptions. Cannot be more than 7 days or less than 10 minutes."
default = null
}
variable "kms_key_name" {
type = string
description = "(Optional) The resource name of the Cloud KMS CryptoKey to be used to protect access to messages published on this topic. Default is 'null'."
default = null
}
variable "allowed_persistence_regions" {
type = set(string)
description = "(Optional) A list of persistence regions. Default inherits from organization's Resource Location Restriction policy. Default is '{}'."
default = null
}
# IAM
variable "iam" {
description = "(Optional) A list of IAM access."
type = any
default = []
# validate required keys in each object
validation {
condition = alltrue([for x in var.iam : length(setintersection(keys(x), ["role", "roles", "members"])) == 2])
error_message = "Each object in var.iam must at least specify a role or a set of roles, and a set of members."
}
# validate no invalid keys are in each object
validation {
condition = alltrue([for x in var.iam : length(setsubtract(keys(x), ["role", "roles", "members", "authoritative"])) == 0])
error_message = "Each object in var.iam does only support role, roles, members, and authoritative attributes."
}
}
variable "policy_bindings" {
description = "(Optional) A list of IAM policy bindings."
type = any
default = null
# validate required keys in each object
validation {
condition = var.policy_bindings == null ? true : alltrue([for x in var.policy_bindings : length(setintersection(keys(x), ["role", "members"])) == 2])
error_message = "Each object in var.policy_bindings must specify a role and a set of members."
}
# validate no invalid keys are in each object
validation {
condition = var.policy_bindings == null ? true : alltrue([for x in var.policy_bindings : length(setsubtract(keys(x), ["role", "members", "condition"])) == 0])
error_message = "Each object in var.policy_bindings does only support role, members and condition attributes."
}
}
variable "computed_members_map" {
type = map(string)
description = "(Optional) A map of members to replace in 'members' to handle terraform computed values. Will be ignored when policy bindings are used."
default = {}
validation {
condition = alltrue([for k, v in var.computed_members_map : can(regex("^(allUsers|allAuthenticatedUsers|(user|serviceAccount|group|domain):)", v))])
error_message = "The value must be a non-empty string being a valid principal type identified with `allUsers`, `allAuthenticatedUsers` or prefixed with `user:`, `serviceAccount:`, `group:`, or `domain:`."
}
}
variable "subscriptions" {
description = "(Optional) A list of subscriptions for the PubSub topic."
type = any
default = []
}
variable "schema" {
type = any
description = "(Optional) A schema is a format that messages must follow, creating a contract between publisher and subscriber that Pub/Sub will enforce."
default = null
}
# ----------------------------------------------------------------------------------------------------------------------
# MODULE CONFIGURATION PARAMETERS
# These variables are used to configure the module.
# ----------------------------------------------------------------------------------------------------------------------
variable "module_enabled" {
type = bool
description = "(Optional) Whether or not to create resources within the module."
default = true
}
variable "module_depends_on" {
type = any
description = "(Optional) A list of external resources the module depends on."
default = []
}