pubsub-subscription
This package creates a pubsub subscription and configures permissions for it by creating an IAMPolicyMember resource.
Download the package using kpt:
kpt pkg get https://github.com/GoogleCloudPlatform/cloud-foundation-toolkit.git/config-connector/solutions/iam/kpt/pubsub-subscription pubsub-subscription
- A working Config Connector instance using the "cnrm-system" service
account with either
roles/pubsub.adminorroles/ownerin the project managed by Config Connector - Cloud Pub/Sub API enabled in the project where Config Connector is installed
- Cloud Pub/Sub API enabled in the project managed by Config Connector if it is a different project
| NAME | VALUE | SET BY | DESCRIPTION | COUNT |
|---|---|---|---|---|
| iam-member | ${IAM_MEMBER?} | PLACEHOLDER | IAM member to grant role | 1 |
| role | roles/pubsub.viewer | package-default | IAM role to grant | 1 |
| subscription-name | allowed-subscription | package-default | name of PubSub subscription | 2 |
| topic-name | allowed-topic | package-default | name of PubSub topic | 2 |
Set the iam-member to grant a role to.
kpt cfg set . iam-member user:[email protected]
Optionally set the role to grant. The default role is roles/pubsub.viewer.
kpt cfg set . role roles/pubsub.editor
Optionally set topic-name and subscription-name in the same manner. Defaults are allowed-topic and allowed-subscription.
Once the configuration is satisfactory, apply:
kubectl apply -f .
Apache 2.0 - See LICENSE for more information.