A named resource to which messages are sent by publishers.
To get more information about Topic, see:
resource "google_pubsub_topic" "example" {
name = "example-topic"
labels = {
foo = "bar"
}
message_retention_duration = "86600s"
}
resource "google_pubsub_topic" "example" {
name = "example-topic"
kms_key_name = google_kms_crypto_key.crypto_key.id
}
resource "google_kms_crypto_key" "crypto_key" {
name = "example-key"
key_ring = google_kms_key_ring.key_ring.id
}
resource "google_kms_key_ring" "key_ring" {
name = "example-keyring"
location = "global"
}
resource "google_pubsub_topic" "example" {
name = "example-topic"
message_storage_policy {
allowed_persistence_regions = [
"europe-west3",
]
}
}
resource "google_pubsub_schema" "example" {
name = "example"
type = "AVRO"
definition = "{\n \"type\" : \"record\",\n \"name\" : \"Avro\",\n \"fields\" : [\n {\n \"name\" : \"StringField\",\n \"type\" : \"string\"\n },\n {\n \"name\" : \"IntField\",\n \"type\" : \"int\"\n }\n ]\n}\n"
}
resource "google_pubsub_topic" "example" {
name = "example-topic"
depends_on = [google_pubsub_schema.example]
schema_settings {
schema = "projects/my-project-name/schemas/example"
encoding = "JSON"
}
}
resource "google_pubsub_topic" "example" {
name = "example-topic"
# Outside of automated terraform-provider-google CI tests, these values must be of actual AWS resources for the test to pass.
ingestion_data_source_settings {
aws_kinesis {
stream_arn = "arn:aws:kinesis:us-west-2:111111111111:stream/fake-stream-name"
consumer_arn = "arn:aws:kinesis:us-west-2:111111111111:stream/fake-stream-name/consumer/consumer-1:1111111111"
aws_role_arn = "arn:aws:iam::111111111111:role/fake-role-name"
gcp_service_account = "fake-service-account@fake-gcp-project.iam.gserviceaccount.com"
}
}
}
The following arguments are supported:
name
-
(Required)
Name of the topic.kms_key_name
-
(Optional)
The resource name of the Cloud KMS CryptoKey to be used to protect access
to messages published on this topic. Your project's PubSub service account
(service-{{PROJECT_NUMBER}}@gcp-sa-pubsub.iam.gserviceaccount.com
) must have
roles/cloudkms.cryptoKeyEncrypterDecrypter
to use this feature.
The expected format is projects/*/locations/*/keyRings/*/cryptoKeys/*
labels
-
(Optional)
A set of key/value label pairs to assign to this Topic.
Note: This field is non-authoritative, and will only manage the labels present in your configuration.
Please refer to the field effective_labels
for all of the labels present on the resource.
message_storage_policy
-
(Optional)
Policy constraining the set of Google Cloud Platform regions where
messages published to the topic may be stored. If not present, then no
constraints are in effect.
Structure is documented below.
schema_settings
-
(Optional)
Settings for validating messages published against a schema.
Structure is documented below.
message_retention_duration
-
(Optional)
Indicates the minimum duration to retain a message after it is published
to the topic. If this field is set, messages published to the topic in
the last messageRetentionDuration are always available to subscribers.
For instance, it allows any attached subscription to seek to a timestamp
that is up to messageRetentionDuration in the past. If this field is not
set, message retention is controlled by settings on individual subscriptions.
The rotation period has the format of a decimal number, followed by the
letter s
(seconds). Cannot be more than 31 days or less than 10 minutes.
ingestion_data_source_settings
-
(Optional)
Settings for ingestion from a data source into this topic.
Structure is documented below.
project
- (Optional) The ID of the project in which the resource belongs.
If it is not provided, the provider project is used.
The message_storage_policy
block supports:
allowed_persistence_regions
-
(Required)
A list of IDs of GCP regions where messages that are published to
the topic may be persisted in storage. Messages published by
publishers running in non-allowed GCP regions (or running outside
of GCP altogether) will be routed for storage in one of the
allowed regions. An empty list means that no regions are allowed,
and is not a valid configuration.The schema_settings
block supports:
schema
-
(Required)
The name of the schema that messages published should be
validated against. Format is projects/{project}/schemas/{schema}.
The value of this field will be _deleted-schema_
if the schema has been deleted.
encoding
-
(Optional)
The encoding of messages validated against schema.
Default value is ENCODING_UNSPECIFIED
.
Possible values are: ENCODING_UNSPECIFIED
, JSON
, BINARY
.
The ingestion_data_source_settings
block supports:
aws_kinesis
-
(Optional)
Settings for ingestion from Amazon Kinesis Data Streams.
Structure is documented below.The aws_kinesis
block supports:
stream_arn
-
(Required)
The Kinesis stream ARN to ingest data from.
consumer_arn
-
(Required)
The Kinesis consumer ARN to used for ingestion in
Enhanced Fan-Out mode. The consumer must be already
created and ready to be used.
aws_role_arn
-
(Required)
AWS role ARN to be used for Federated Identity authentication with
Kinesis. Check the Pub/Sub docs for how to set up this role and the
required permissions that need to be attached to it.
gcp_service_account
-
(Required)
The GCP service account to be used for Federated Identity authentication
with Kinesis (via a AssumeRoleWithWebIdentity
call for the provided
role). The awsRoleArn
must be set up with accounts.google.com:sub
equals to this service account number.
In addition to the arguments listed above, the following computed attributes are exported:
id
- an identifier for the resource with format projects/{{project}}/topics/{{name}}
terraform_labels
-
The combination of labels configured directly on the resource
and default labels configured on the provider.
effective_labels
-
All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Terraform, other clients and services.
This resource provides the following Timeouts configuration options:
create
- Default is 20 minutes.update
- Default is 20 minutes.delete
- Default is 20 minutes.Topic can be imported using any of these accepted formats:
projects/{{project}}/topics/{{name}}
{{project}}/{{name}}
{{name}}
In Terraform v1.5.0 and later, use an import
block to import Topic using one of the formats above. For example:
import {
id = "projects/{{project}}/topics/{{name}}"
to = google_pubsub_topic.default
}
When using the terraform import
command, Topic can be imported using one of the formats above. For example:
$ terraform import google_pubsub_topic.default projects/{{project}}/topics/{{name}}
$ terraform import google_pubsub_topic.default {{project}}/{{name}}
$ terraform import google_pubsub_topic.default {{name}}
This resource supports User Project Overrides.