gcp-cloudrun-pubsub-trigger/trigger.tf at master · nullstone-modules/gcp-cloudrun-pubsub-trigger · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
# Job target only: a Cloud Run Job cannot be invoked over plain HTTP, so the
# Pub/Sub message is routed through Eventarc → Workflow, and the workflow calls
# the Jobs API. (The Service target skips both of these — see subscription.tf.)
resource "google_eventarc_trigger" "this" {
  count = local.target_type == "job" ? 1 : 0

  name            = local.resource_name
  location        = local.region
  labels          = local.labels
  service_account = google_service_account.trigger.email

  matching_criteria {
    attribute = "type"
    value     = "google.cloud.pubsub.topic.v1.messagePublished"
  }

  transport {
    pubsub {
      topic = local.topic_id
    }
  }

  destination {
    workflow = google_workflows_workflow.this[0].id
  }

  depends_on = [google_project_service.eventarc]
}

resource "google_workflows_workflow" "this" {
  count = local.target_type == "job" ? 1 : 0

  name                = "${local.resource_name}-trigger"
  region              = local.region
  description         = "Triggered by Pub/Sub message via Eventarc; runs Cloud Run Job"
  service_account     = google_service_account.trigger.email
  labels              = local.labels
  deletion_protection = false

  # The job is started with PUBSUB_MESSAGE / PUBSUB_ATTRIBUTES env-var overrides.
  # PUBSUB_MESSAGE is the base64-encoded message data; PUBSUB_ATTRIBUTES is the
  # JSON-encoded attribute map (or "{}" when the message carries no attributes).
  source_contents = <<EOF
main:
  params: [event]
  steps:
    - init:
        assign:
          # Pub/Sub event payload (CloudEvent style):
          # event.data.message.data = base64-encoded string
          # event.data.message.attributes = map of attributes
          - msg: $${event.data.message}
          - attributes_json: $${if("attributes" in msg, json.encode(map.get(msg, "attributes")), "{}")}
    - run_job:
        call: googleapis.run.v2.projects.locations.jobs.run
        args:
          name: "${local.job_id}"
          body:
            overrides:
              containerOverrides:
                env:
                  - name: PUBSUB_MESSAGE
                    value: $${msg.data}
                  - name: PUBSUB_ATTRIBUTES
                    value: $${attributes_json}
        result: job_execution
    - done:
        return: $${job_execution}
EOF

  depends_on = [google_project_service.workflows]
}