diff --git a/README.md b/README.md
index 180d347..128cf2e 100644
--- a/README.md
+++ b/README.md
@@ -4,46 +4,70 @@ This module create a Google PubSub Subscription as as well as a Topic/Subscripti
We found that in order to follow the documentation for the provider, we were constantly having to create a ton of resources which increased the potential for mistakes. This module helps make sure it's more streamlined in our environment.
-# Terraform-Docs
+## Usage
-## Requirements
+### Basic Configuration:
-| Name | Version |
-|------|---------|
-| [google](#requirement\_google) | ~> 6.0 |
+```hcl
+module "ddm-pubsub-subscription" {
+ source = "deseretdigital/ddm-pubsub-subscription/google"
+ version = "1.0.0"
+
+ # Required
+ pubsub_service_account = {GKE_PUBSUB_SA_EMAIL}
+ subscription_name = {YOUR_SUBSCRIPTION_NAME}
+ topic_id = {PARENT_TOPIC_ID}
+ topic_name = {PARENT_TOPIC_NAME}
-## Providers
+ # Optional
+ labels = {
+ env = "prod"
+ region = {REGION}
+ # etc...
+ }
-| Name | Version |
-|------|---------|
-| [google](#provider\_google) | ~> 6.0 |
+ max_delivery_attempts = {DEFAULT_100}
+ message_retention_duration = {DEFAULT_2678400s}
+}
+```
-## Modules
+This module creates a Google PubSub Subscription, a Google PubSub Topic for the dead letter messages, and a Google PubSub Subscription for the dead letters. It also applies the correct IAM bindings for the dead letter topic and subscription.
-No modules.
+#### Example Usage
-## Resources
+```hcl
+terraform {
+ required_providers {
+ google = {
+ source = "hashicorp/google"
+ version = "~> 6.0"
+ }
+ }
+}
-| Name | Type |
-|------|------|
-| [google_pubsub_subscription.dead_letter_subscription](https://registry.terraform.io/providers/hashicorp/google/latest/docs/resources/pubsub_subscription) | resource |
-| [google_pubsub_subscription.subscription](https://registry.terraform.io/providers/hashicorp/google/latest/docs/resources/pubsub_subscription) | resource |
-| [google_pubsub_topic.dead_letter_subscription_topic](https://registry.terraform.io/providers/hashicorp/google/latest/docs/resources/pubsub_topic) | resource |
+provider "google" {
+ # Configuration options
+}
-## Inputs
+resource "google_pubsub_topic" "example" {
+ name = "Example_TopicName"
+}
-| Name | Description | Type | Default | Required |
-|------|-------------|------|---------|:--------:|
-| [labels](#input\_labels) | A set of key/value label pairs to assign to this Topic. | `map(string)` | n/a | yes |
-| [max\_delivery\_attempts](#input\_max\_delivery\_attempts) | The maximum number of delivery attempts for any message. The value must be between 5 and 100. | `number` | `5` | no |
-| [message\_retention\_duration](#input\_message\_retention\_duration) | Indicates the minimum duration to retain a message after it is published to the topic. If this field is set, messages published to the topic in the last messageRetentionDuration are always available to subscribers. For instance, it allows any attached subscription to seek to a timestamp that is up to messageRetentionDuration in the past. If this field is not set, message retention is controlled by settings on individual subscriptions. | `string` | `null` | no |
-| [subscription\_name](#input\_subscription\_name) | The name of the subscription. | `string` | n/a | yes |
-| [topic\_id](#input\_topic\_id) | A reference to a Topic resource, of the form projects/{project}/topics/{{name}} (as in the id property of a google\_pubsub\_topic), or just a topic name if the topic is in the same project as the subscription. | `string` | n/a | yes |
-| [topic\_name](#input\_topic\_name) | The name of the topic. | `string` | n/a | yes |
+module "pubsub_subscription_module" {
+ source = "deseretdigital/ddm-pubsub-subscription/google"
+ version = "~> 1.0.0"
+ pubsub_service_account = "service-{NUMBERS}@gcp-sa-pubsub.iam.gserviceaccount.com"
+ subscription_name = "Example_SubscriptionName"
+ topic_name = google_pubsub_topic.example.name
+ topic_id = google_pubsub_topic.example.id
+
+ labels = {
+ date = "2024-10-08"
+ region = "us-west3"
+ env = "prod"
+ }
-## Outputs
-
-| Name | Description |
-|------|-------------|
-| [subscription\_id](#output\_subscription\_id) | n/a |
-| [subscription\_name](#output\_subscription\_name) | n/a |
\ No newline at end of file
+ max_delivery_attempts = 10
+ message_retention_duration = "84000s"
+}
+```
diff --git a/resources.tf b/resources.tf
index b65bb74..1f9cbac 100644
--- a/resources.tf
+++ b/resources.tf
@@ -13,6 +13,22 @@ resource "google_pubsub_topic" "dead_letter_subscription_topic" {
labels = var.labels
}
+resource "google_pubsub_topic_iam_binding" "assign_pubsub_publisher" {
+ topic = google_pubsub_topic.dead_letter_subscription_topic.id
+ role = "roles/pubsub.publisher"
+ members = [
+ "serviceAccount:${var.pubsub_service_account}",
+ ]
+}
+
+resource "google_pubsub_topic_iam_binding" "assign_pubsub_subscriber" {
+ topic = google_pubsub_topic.dead_letter_subscription_topic.id
+ role = "roles/pubsub.subscriber"
+ members = [
+ "serviceAccount:${var.pubsub_service_account}",
+ ]
+}
+
resource "google_pubsub_subscription" "dead_letter_subscription" {
name = "${var.subscription_name}_DeadLetter"
topic = google_pubsub_topic.dead_letter_subscription_topic.id
diff --git a/terraform-docs.md b/terraform-docs.md
new file mode 100644
index 0000000..3e25dca
--- /dev/null
+++ b/terraform-docs.md
@@ -0,0 +1,46 @@
+# Terraform-Docs
+
+## Requirements
+
+| Name | Version |
+|------|---------|
+| [google](#requirement\_google) | ~> 6.0 |
+
+## Providers
+
+| Name | Version |
+|------|---------|
+| [google](#provider\_google) | ~> 6.0 |
+
+## Modules
+
+No modules.
+
+## Resources
+
+| Name | Type |
+|------|------|
+| [google_pubsub_subscription.dead_letter_subscription](https://registry.terraform.io/providers/hashicorp/google/latest/docs/resources/pubsub_subscription) | resource |
+| [google_pubsub_subscription.subscription](https://registry.terraform.io/providers/hashicorp/google/latest/docs/resources/pubsub_subscription) | resource |
+| [google_pubsub_topic.dead_letter_subscription_topic](https://registry.terraform.io/providers/hashicorp/google/latest/docs/resources/pubsub_topic) | resource |
+| [google_pubsub_topic_iam_binding.assign_pubsub_publisher](https://registry.terraform.io/providers/hashicorp/google/latest/docs/resources/pubsub_topic_iam_binding) | resource |
+| [google_pubsub_topic_iam_binding.assign_pubsub_subscriber](https://registry.terraform.io/providers/hashicorp/google/latest/docs/resources/pubsub_topic_iam_binding) | resource |
+
+## Inputs
+
+| Name | Description | Type | Default | Required |
+|------|-------------|------|---------|:--------:|
+| [labels](#input\_labels) | A set of key/value label pairs to assign to this Topic. | `map(string)` | `{}` | no |
+| [max\_delivery\_attempts](#input\_max\_delivery\_attempts) | The maximum number of delivery attempts for any message. The value must be between 5 and 100. | `number` | `100` | no |
+| [message\_retention\_duration](#input\_message\_retention\_duration) | Indicates the minimum duration to retain a message after it is published to the topic. If this field is set, messages published to the topic in the last messageRetentionDuration are always available to subscribers. For instance, it allows any attached subscription to seek to a timestamp that is up to messageRetentionDuration in the past. If this field is not set, message retention is controlled by settings on individual subscriptions. | `string` | `"2678400s"` | no |
+| [pubsub\_service\_account](#input\_pubsub\_service\_account) | The service account to be used by the Pub/Sub system. Looks like 'service-@gcp-sa-pubsub.iam.gserviceaccount.com'. | `string` | n/a | yes |
+| [subscription\_name](#input\_subscription\_name) | The name of the subscription. | `string` | n/a | yes |
+| [topic\_id](#input\_topic\_id) | A reference to a Topic resource, of the form projects/{project}/topics/{{name}} (as in the id property of a google\_pubsub\_topic), or just a topic name if the topic is in the same project as the subscription. | `string` | n/a | yes |
+| [topic\_name](#input\_topic\_name) | The name of the topic. | `string` | n/a | yes |
+
+## Outputs
+
+| Name | Description |
+|------|-------------|
+| [subscription\_id](#output\_subscription\_id) | n/a |
+| [subscription\_name](#output\_subscription\_name) | n/a |
\ No newline at end of file
diff --git a/variables.tf b/variables.tf
index c8b775d..3175422 100644
--- a/variables.tf
+++ b/variables.tf
@@ -1,10 +1,11 @@
variable "labels" {
description = "A set of key/value label pairs to assign to this Topic."
type = map(string)
+ default = {}
}
variable "max_delivery_attempts" {
- default = 5
+ default = 100
description = "The maximum number of delivery attempts for any message. The value must be between 5 and 100."
type = number
@@ -25,6 +26,15 @@ variable "message_retention_duration" {
}
}
+variable "pubsub_service_account" {
+ description = "The service account to be used by the Pub/Sub system. Looks like 'service-@gcp-sa-pubsub.iam.gserviceaccount.com'."
+ type = string
+ validation {
+ condition = can(regex("^service-\\d+@gcp-sa-pubsub\\.iam\\.gserviceaccount\\.com$", var.pubsub_service_account))
+ error_message = "value must be a valid service account email address."
+ }
+}
+
variable "subscription_name" {
description = "The name of the subscription."
type = string