confluent_schema Resource

General Availability

confluent_schema provides a Schema resource that enables creating, evolving, and deleting Schemas on a Schema Registry cluster on Confluent Cloud.

Example Usage

Option #1: Manage multiple Schema Registry clusters in the same Terraform workspace

provider "confluent" {
  cloud_api_key    = var.confluent_cloud_api_key    # optionally use CONFLUENT_CLOUD_API_KEY env var
  cloud_api_secret = var.confluent_cloud_api_secret # optionally use CONFLUENT_CLOUD_API_SECRET env var
}

resource "confluent_schema" "avro-purchase" {
  schema_registry_cluster {
    id = confluent_schema_registry_cluster.essentials.id
  }
  rest_endpoint = confluent_schema_registry_cluster.essentials.rest_endpoint
  subject_name = "avro-purchase-value"
  format = "AVRO"
  schema = file("./schemas/avro/purchase.avsc")
  credentials {
    key    = "<Schema Registry API Key for confluent_schema_registry_cluster.essentials>"
    secret = "<Schema Registry API Secret for confluent_schema_registry_cluster.essentials>"
  }

  lifecycle {
    prevent_destroy = true
  }
}

Option #2: Manage a single Schema Registry cluster in the same Terraform workspace

provider "confluent" {
  schema_registry_id            = var.schema_registry_id            # optionally use SCHEMA_REGISTRY_ID env var
  schema_registry_rest_endpoint = var.schema_registry_rest_endpoint # optionally use SCHEMA_REGISTRY_REST_ENDPOINT env var
  schema_registry_api_key       = var.schema_registry_api_key       # optionally use SCHEMA_REGISTRY_API_KEY env var
  schema_registry_api_secret    = var.schema_registry_api_secret    # optionally use SCHEMA_REGISTRY_API_SECRET env var
}

resource "confluent_schema" "avro-purchase" {
  subject_name = "avro-purchase-value"
  format = "AVRO"
  schema = file("./schemas/avro/purchase.avsc")

  lifecycle {
    prevent_destroy = true
  }
}

Argument Reference

The following arguments are supported:

Attributes Reference

In addition to the preceding arguments, the following attributes are exported:

Import

You can import a Schema by using the Schema Registry cluster ID, Subject name, and unique identifier (or latest when recreate_on_update = false) of the Schema in the format <Schema Registry cluster ID>/<Subject name>/<Schema identifier>, for example:

# Option A: recreate_on_update = false (by default)
$ export IMPORT_SCHEMA_REGISTRY_API_KEY="<schema_registry_api_key>"
$ export IMPORT_SCHEMA_REGISTRY_API_SECRET="<schema_registry_api_secret>"
$ export IMPORT_SCHEMA_REGISTRY_REST_ENDPOINT="<schema_registry_rest_endpoint>"
$ terraform import confluent_schema.my_schema_1 lsrc-abc123/test-subject/latest

# Option B: recreate_on_update = true
$ export IMPORT_SCHEMA_REGISTRY_API_KEY="<schema_registry_api_key>"
$ export IMPORT_SCHEMA_REGISTRY_API_SECRET="<schema_registry_api_secret>"
$ export IMPORT_SCHEMA_REGISTRY_REST_ENDPOINT="<schema_registry_rest_endpoint>"
$ terraform import confluent_schema.my_schema_1 lsrc-abc123/test-subject/100003

Getting Started

The following end-to-end examples might help to get started with confluent_schema resource:

Additional Examples

Default Option #1: Manage the latest schema version only. The resource instance always points to the latest schema version by supporting in-place updates

# Step #1: Run 'terraform plan' and 'terraform apply' to create
# v1 of avro-purchase schema.
provider "confluent" {
  schema_registry_id            = var.schema_registry_id            # optionally use SCHEMA_REGISTRY_ID env var
  schema_registry_rest_endpoint = var.schema_registry_rest_endpoint # optionally use SCHEMA_REGISTRY_REST_ENDPOINT env var
  schema_registry_api_key       = var.schema_registry_api_key       # optionally use SCHEMA_REGISTRY_API_KEY env var
  schema_registry_api_secret    = var.schema_registry_api_secret    # optionally use SCHEMA_REGISTRY_API_SECRET env var
}

# confluent_schema.avro-purchase points to v1.
resource "confluent_schema" "avro-purchase" {
  subject_name = "avro-purchase-value"
  format = "AVRO"
  schema = file("./schemas/avro/purchase.avsc")

  // additional metadata
  metadata {
    properties = {
      "owner": "Bob Jones",
      "email": "bob@acme.com"
    }
    sensitive = ["s1", "s2"]
    tags {
      key = "tag1"
      value = ["PII"]
    }
    tags {
      key = "tag2"
      value = ["PIIIII"]
    }
  }

  // additional rules:
  ruleset {
    domain_rules {
      name = "encryptPII"
      kind = "TRANSFORM"
      type = "ENCRYPT"
      mode = "WRITEREAD"
      tags = ["PII"]
      params = {
          "encrypt.kek.name" = "testkek2"
      }
    }
    domain_rules  {
      name = "encrypt"
      kind = "TRANSFORM"
      type = "ENCRYPT"
      mode = "WRITEREAD"
      tags = ["PIIIII"]
      params = {
          "encrypt.kek.name" = "testkek2"
      }
    }
  }

  lifecycle {
    prevent_destroy = true
  }
}

# Step #2: Evolve schema by updating schemas/avro/purchase.avsc.

# Step #3: Run 'terraform plan' and 'terraform apply' to update
# confluent_schema.avro-purchase in-place to evolve avro-purchase 
# schema from v1 to v2.

# Note: after running 'terraform destroy' just v2 (the latest version) will
# be soft-deleted by default (set hard_delete=true for a hard deletion).

Option #2: Manage different schema versions using different resource instances

# Before
# Step #1: Run 'terraform plan' and 'terraform apply'
# to create v1 of avro-purchase schema.
provider "confluent" {
  schema_registry_id            = var.schema_registry_id            # optionally use SCHEMA_REGISTRY_ID env var
  schema_registry_rest_endpoint = var.schema_registry_rest_endpoint # optionally use SCHEMA_REGISTRY_REST_ENDPOINT env var
  schema_registry_api_key       = var.schema_registry_api_key       # optionally use SCHEMA_REGISTRY_API_KEY env var
  schema_registry_api_secret    = var.schema_registry_api_secret    # optionally use SCHEMA_REGISTRY_API_SECRET env var
}

# confluent_schema.avro-purchase-v1 manages v1.
resource "confluent_schema" "avro-purchase-v1" {
  subject_name = "avro-purchase-value"
  format = "AVRO"
  schema = file("./schemas/avro/purchase_v1.avsc")
  recreate_on_update = true

  lifecycle {
    prevent_destroy = true
  }
}

# After
# Step #2: Create schemas/avro/purchase_v2.avsc.

# Step #3: Run 'terraform plan' and 'terraform apply'
# to create confluent_schema.avro-purchase-v2.

provider "confluent" {
  schema_registry_id            = var.schema_registry_id            # optionally use SCHEMA_REGISTRY_ID env var
  schema_registry_rest_endpoint = var.schema_registry_rest_endpoint # optionally use SCHEMA_REGISTRY_REST_ENDPOINT env var
  schema_registry_api_key       = var.schema_registry_api_key       # optionally use SCHEMA_REGISTRY_API_KEY env var
  schema_registry_api_secret    = var.schema_registry_api_secret    # optionally use SCHEMA_REGISTRY_API_SECRET env var
}

# confluent_schema.avro-purchase-v1 manages v1.
resource "confluent_schema" "avro-purchase-v1" {
  subject_name = "avro-purchase-value"
  format = "AVRO"
  schema = file("./schemas/avro/purchase_v1.avsc")
  recreate_on_update = true

  lifecycle {
    prevent_destroy = true
  }
}

# confluent_schema.avro-purchase-v2 manages v2. 
resource "confluent_schema" "avro-purchase-v2" {
  subject_name = "avro-purchase-value"
  format = "AVRO"
  schema = file("./schemas/avro/purchase_v2.avsc")
  recreate_on_update = true

  lifecycle {
    prevent_destroy = true
  }
}

# Note: after running 'terraform destroy' both v1 and v2 will
# be soft deleted by default. Set hard_delete=true for a hard deletion.