feat(data-ingestor-iam): Add module (#57)

New module to configure IAM policies for the data ingestor, allowing it to subscribe to a Pub/Sub topic for ingestion
NandosUK · Mar 1, 2024 · 4df9111 · 4df9111
1 parent a93b55b
commit 4df9111
Show file tree

Hide file tree

Showing 2 changed files with 27 additions and 0 deletions.
diff --git a/gcp/data-ingestor-iam/main.tf b/gcp/data-ingestor-iam/main.tf
@@ -0,0 +1,13 @@
+locals {
+  data_ingestor_subscriber = {
+    preview = "serviceAccount:[email protected]",
+    preprod = "serviceAccount:[email protected]",
+    prod    = "serviceAccount:[email protected]",
+  }
+}
+
+resource "google_pubsub_topic_iam_member" "data_ingestor_subscriber" {
+  topic  = var.topic
+  role   = "roles/pubsub.subscriber"
+  member = local.data_ingestor_subscriber[var.environment]
+}
diff --git a/gcp/data-ingestor-iam/variables.tf b/gcp/data-ingestor-iam/variables.tf
@@ -0,0 +1,14 @@
+variable "environment" {
+  type        = string
+  description = "Environment that can be preview, preprod, dev or prod"
+
+  validation {
+    condition     = contains(["preview", "preprod", "prod", "dev"], var.environment)
+    error_message = "The environment must be one of: preview, preprod, dev or prod."
+  }
+}
+
+variable "topic" {
+  type        = string
+  description = "The Pub/Sub topic ID in projects/{{PROJECT_ID}}/topics/{{TOPIC_NAME}} format"
+}