Skip to content

Commit d752f3e

Browse files
tas50tas50
authored
⭐ Add additional fields to the GCP pub/sub resources (#6655)
* Add additional fields to the GCP pub/sub resources New security checks enabled: - Ensure Pub/Sub topics are not publicly accessible (via iamPolicy) - Ensure Pub/Sub subscriptions are not publicly accessible (via iamPolicy) New fields on topic: - iamPolicy: IAM policy bindings for the topic - config.state: topic state (ACTIVE, INGESTION_RESOURCE_ERROR) New fields on subscription: - iamPolicy: IAM policy bindings for the subscription - config.enableMessageOrdering: whether ordered key delivery is enabled - config.enableExactlyOnceDelivery: whether exactly-once delivery is enabled - config.filter: message filter expression - config.detached: whether the subscription is detached from its topic - config.state: subscription state (ACTIVE, RESOURCE_ERROR) Signed-off-by: Tim Smith <tsmith84@gmail.com> * Review fixes Signed-off-by: Tim Smith <tsmith84@gmail.com> * Update the generated code Signed-off-by: Tim Smith <tsmith84@gmail.com> * Address review concerns Signed-off-by: Tim Smith <tsmith84@gmail.com> --------- Signed-off-by: Tim Smith <tsmith84@gmail.com>
1 parent 9e7ba90 commit d752f3e

File tree

4 files changed

+301
-18
lines changed

4 files changed

+301
-18
lines changed

providers/gcp/resources/gcp.lr

Lines changed: 16 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -2216,6 +2216,8 @@ private gcp.project.pubsubService.topic @defaults("name") {
22162216
name string
22172217
// Topic configuration
22182218
config() gcp.project.pubsubService.topic.config
2219+
// IAM policy for this topic
2220+
iamPolicy() []gcp.resourcemanager.binding
22192221
}
22202222

22212223
// Google Cloud (GCP) Pub/Sub topic configuration
@@ -2230,6 +2232,8 @@ private gcp.project.pubsubService.topic.config @defaults("kmsKeyName messageStor
22302232
kmsKeyName string
22312233
// Message storage policy
22322234
messageStoragePolicy gcp.project.pubsubService.topic.config.messagestoragepolicy
2235+
// State of the topic (STATE_UNSPECIFIED, ACTIVE, INGESTION_RESOURCE_ERROR)
2236+
state string
22332237
}
22342238

22352239
// Google Cloud (GCP) Pub/Sub topic message storage policy
@@ -2248,6 +2252,8 @@ private gcp.project.pubsubService.subscription @defaults("name") {
22482252
name string
22492253
// Subscription configuration
22502254
config() gcp.project.pubsubService.subscription.config
2255+
// IAM policy for this subscription
2256+
iamPolicy() []gcp.resourcemanager.binding
22512257
}
22522258

22532259
// Google Cloud (GCP) Pub/Sub subscription configuration
@@ -2270,6 +2276,16 @@ private gcp.project.pubsubService.subscription.config @defaults("topic.name ackD
22702276
expirationPolicy time
22712277
// The labels associated with this subscription
22722278
labels map[string]string
2279+
// Whether message ordering is enabled
2280+
enableMessageOrdering bool
2281+
// Whether exactly-once delivery is enabled
2282+
enableExactlyOnceDelivery bool
2283+
// Filter expression for the subscription
2284+
filter string
2285+
// Whether the subscription is detached from its topic
2286+
detached bool
2287+
// State of the subscription (STATE_UNSPECIFIED, ACTIVE, RESOURCE_ERROR)
2288+
state string
22732289
}
22742290

22752291
// GCP Pub/Sub configuration for subscriptions that operate in push mode

providers/gcp/resources/gcp.lr.go

Lines changed: 129 additions & 9 deletions
Some generated files are not rendered by default. Learn more about customizing how changed files appear on GitHub.

providers/gcp/resources/gcp.lr.versions

Lines changed: 8 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -1088,7 +1088,11 @@ gcp.project.pubsubService.snapshots 9.0.0
10881088
gcp.project.pubsubService.subscription 9.0.0
10891089
gcp.project.pubsubService.subscription.config 9.0.0
10901090
gcp.project.pubsubService.subscription.config.ackDeadline 9.0.0
1091+
gcp.project.pubsubService.subscription.config.detached 11.0.146
1092+
gcp.project.pubsubService.subscription.config.enableExactlyOnceDelivery 11.0.146
1093+
gcp.project.pubsubService.subscription.config.enableMessageOrdering 11.0.146
10911094
gcp.project.pubsubService.subscription.config.expirationPolicy 9.0.0
1095+
gcp.project.pubsubService.subscription.config.filter 11.0.146
10921096
gcp.project.pubsubService.subscription.config.labels 9.0.0
10931097
gcp.project.pubsubService.subscription.config.projectId 9.0.0
10941098
gcp.project.pubsubService.subscription.config.pushConfig 9.0.0
@@ -1098,8 +1102,10 @@ gcp.project.pubsubService.subscription.config.pushconfig.configId 9.0.0
10981102
gcp.project.pubsubService.subscription.config.pushconfig.endpoint 9.0.0
10991103
gcp.project.pubsubService.subscription.config.retainAckedMessages 9.0.0
11001104
gcp.project.pubsubService.subscription.config.retentionDuration 9.0.0
1105+
gcp.project.pubsubService.subscription.config.state 11.0.146
11011106
gcp.project.pubsubService.subscription.config.subscriptionName 9.0.0
11021107
gcp.project.pubsubService.subscription.config.topic 9.0.0
1108+
gcp.project.pubsubService.subscription.iamPolicy 11.0.146
11031109
gcp.project.pubsubService.subscription.name 9.0.0
11041110
gcp.project.pubsubService.subscription.projectId 9.0.0
11051111
gcp.project.pubsubService.subscriptions 9.0.0
@@ -1112,7 +1118,9 @@ gcp.project.pubsubService.topic.config.messagestoragepolicy 9.0.0
11121118
gcp.project.pubsubService.topic.config.messagestoragepolicy.allowedPersistenceRegions 9.0.0
11131119
gcp.project.pubsubService.topic.config.messagestoragepolicy.configId 9.0.0
11141120
gcp.project.pubsubService.topic.config.projectId 9.0.0
1121+
gcp.project.pubsubService.topic.config.state 11.0.146
11151122
gcp.project.pubsubService.topic.config.topicName 9.0.0
1123+
gcp.project.pubsubService.topic.iamPolicy 11.0.146
11161124
gcp.project.pubsubService.topic.name 9.0.0
11171125
gcp.project.pubsubService.topic.projectId 9.0.0
11181126
gcp.project.pubsubService.topics 9.0.0

0 commit comments

Comments
 (0)