Skip to content

Latest commit

 

History

History
 
 

dataform-repository

Folders and files

NameName
Last commit message
Last commit date

parent directory

..
README.md
README.md
 
 
iam.tf
iam.tf
 
 
main.tf
main.tf
 
 
variables.tf
variables.tf
 
 
versions.tf
versions.tf
 
 

README.md

Google Cloud Dataform Repository module

This module allows managing a dataform repository, allows adding IAM permissions. Also enables attaching a remote repository.

TODO

[] Add validation rules to variable.

Examples

Simple dataform repository with access configuration

Simple dataform repository and specifying repository access via the IAM variable.

module "dataform" {
  source     = "./fabric/modules/dataform-repository"
  project_id = "my-project"
  name       = "my-repository"
  region     = "europe-west1"
  iam = {
    "roles/dataform.editor" = ["user:[email protected]"]
  }
}
# tftest modules=1 resources=2

Repository with an attached remote repository

This creates a dataform repository with a remote repository attached to it. In order to enable dataform to communicate with a 3P GIT provider, an access token must be generated and stored as a secret on GCP. For that, we utilize the existing secret-manager module.

module "secret" {
  source     = "./fabric/modules/secret-manager"
  project_id = "fast-bi-fabric"
  secrets = {
    my-secret = {
    }
  }
  versions = {
    my-secret = {
      v1 = { enabled = true, data = "MYTOKEN" }
    }
  }
}

module "dataform" {
  source     = "./fabric/modules/dataform-repository"
  project_id = "fast-bi-fabric"
  name       = "my-repository"
  region     = "europe-west1"
  remote_repository_settings = {
    url         = "my-url"
    secret_name = "my-secret"
    token       = module.secret.version_ids["my-secret:v1"]
  }
}
# tftest modules=2 resources=3

Variables

name description type required default
name Name of the dataform repository. string
project_id Id of the project where resources will be created. string
region The repository's region. string
iam IAM bindings in {ROLE => [MEMBERS]} format. Mutually exclusive with the access_* variables used for basic roles. map(list(string)) {}
iam_bindings Authoritative IAM bindings in {KEY => {role = ROLE, members = [], condition = {}}}. Keys are arbitrary. map(object({…})) {}
iam_bindings_additive Keyring individual additive IAM bindings. Keys are arbitrary. map(object({…})) {}
remote_repository_settings Remote settings required to attach the repository to a remote repository. object({…}) null
service_account Service account used to execute the dataform workflow. string ""