Mode message_storage_policy-block dynamic

terraform-google-modules · Oct 30, 2019 · baa66c2 · baa66c2
1 parent 6089d4e
commit baa66c2
Show file tree

Hide file tree

Showing 4 changed files with 10 additions and 14 deletions.
diff --git a/README.md b/README.md
@@ -40,7 +40,7 @@ module "pubsub" {
 
 | Name | Description | Type | Default | Required |
 |------|-------------|:----:|:-----:|:-----:|
-| allowed\_persistence\_regions | A list of IDs of GCP regions where messages that are published to the topic may be persisted in storage. Default - all available regions. | list(string) | `"null"` | no |
+| message\_storage\_policy | A map of storage policies. Default - inherit from organization's Resource Location Restriction policy. | map | `<map>` | no |
 | project\_id | The project ID to manage the Pub/Sub resources | string | n/a | yes |
 | pull\_subscriptions | The list of the pull subscriptions | list(map(string)) | `<list>` | no |
 | push\_subscriptions | The list of the push subscriptions | list(map(string)) | `<list>` | no |
@@ -74,7 +74,6 @@ In order to execute this module you must have a Service Account with the followi
 #### Roles
 
 - `roles/pubsub.editor`
-- `roles/dataproc.viewer` or simular, that allows `compute.regions.list`
 
 ### Enable APIs
 

diff --git a/main.tf b/main.tf
@@ -16,20 +16,18 @@
 
 locals {
   default_ack_deadline_seconds = 10
-  allowed_persistence_regions  = var.allowed_persistence_regions == null ? data.google_compute_regions.available.names : var.allowed_persistence_regions
-}
-
-data "google_compute_regions" "available" {
-  project = var.project_id
 }
 
 resource "google_pubsub_topic" "topic" {
   project = var.project_id
   name    = var.topic
   labels  = var.topic_labels
 
-  message_storage_policy {
-    allowed_persistence_regions = local.allowed_persistence_regions
+  dynamic "message_storage_policy" {
+    for_each = var.message_storage_policy
+    content {
+      allowed_persistence_regions = message_storage_policy.value
+    }
   }
 }
 

diff --git a/test/setup/iam.tf b/test/setup/iam.tf
@@ -17,7 +17,6 @@
 locals {
   int_required_roles = [
     "roles/pubsub.editor",
-    "roles/dataproc.viewer", // Required to get avaible regions
   ]
 }
 

diff --git a/variables.tf b/variables.tf
@@ -42,8 +42,8 @@ variable "pull_subscriptions" {
   default     = []
 }
 
-variable "allowed_persistence_regions" {
-  type        = list(string)
-  description = "A list of IDs of GCP regions where messages that are published to the topic may be persisted in storage. Default - all available regions."
-  default     = null
+variable "message_storage_policy" {
+  type        = map
+  description = "A map of storage policies. Default - inherit from organization's Resource Location Restriction policy."
+  default     = {}
 }