googlePubsubSubscription

A named resource representing the stream of messages from a single, specific topic, to be delivered to the subscribing application.

To get more information about Subscription, see:

\~> Note: You can retrieve the email of the Google Managed Pub/Sub Service Account used for forwarding by using the googleProjectServiceIdentity resource.

Example Usage - Pubsub Subscription Push

/*Provider bindings are generated by running cdktf get.
See https://cdk.tf/provider-generation for more details.*/
import * as google from "./.gen/providers/google";
/*The following providers are missing schema information and might need manual adjustments to synthesize correctly: google.
For a more precise conversion please use the --provider flag in convert.*/
const googlePubsubTopicExample = new google.pubsubTopic.PubsubTopic(
  this,
  "example",
  {
    name: "example-topic",
  }
);
const googlePubsubSubscriptionExample =
  new google.pubsubSubscription.PubsubSubscription(this, "example_1", {
    ack_deadline_seconds: 20,
    labels: [
      {
        foo: "bar",
      },
    ],
    name: "example-subscription",
    push_config: [
      {
        attributes: [
          {
            "x-goog-version": "v1",
          },
        ],
        push_endpoint: "https://example.com/push",
      },
    ],
    topic: googlePubsubTopicExample.name,
  });
/*This allows the Terraform resource name to match the original name. You can remove the call if you don't need them to match.*/
googlePubsubSubscriptionExample.overrideLogicalId("example");

Example Usage - Pubsub Subscription Pull

/*Provider bindings are generated by running cdktf get.
See https://cdk.tf/provider-generation for more details.*/
import * as google from "./.gen/providers/google";
/*The following providers are missing schema information and might need manual adjustments to synthesize correctly: google.
For a more precise conversion please use the --provider flag in convert.*/
const googlePubsubTopicExample = new google.pubsubTopic.PubsubTopic(
  this,
  "example",
  {
    name: "example-topic",
  }
);
const googlePubsubSubscriptionExample =
  new google.pubsubSubscription.PubsubSubscription(this, "example_1", {
    ack_deadline_seconds: 20,
    enable_message_ordering: false,
    expiration_policy: [
      {
        ttl: "300000.5s",
      },
    ],
    labels: [
      {
        foo: "bar",
      },
    ],
    message_retention_duration: "1200s",
    name: "example-subscription",
    retain_acked_messages: true,
    retry_policy: [
      {
        minimum_backoff: "10s",
      },
    ],
    topic: googlePubsubTopicExample.name,
  });
/*This allows the Terraform resource name to match the original name. You can remove the call if you don't need them to match.*/
googlePubsubSubscriptionExample.overrideLogicalId("example");

Example Usage - Pubsub Subscription Different Project

/*Provider bindings are generated by running cdktf get.
See https://cdk.tf/provider-generation for more details.*/
import * as google from "./.gen/providers/google";
/*The following providers are missing schema information and might need manual adjustments to synthesize correctly: google.
For a more precise conversion please use the --provider flag in convert.*/
const googlePubsubTopicExample = new google.pubsubTopic.PubsubTopic(
  this,
  "example",
  {
    name: "example-topic",
    project: "topic-project",
  }
);
const googlePubsubSubscriptionExample =
  new google.pubsubSubscription.PubsubSubscription(this, "example_1", {
    name: "example-subscription",
    project: "subscription-project",
    topic: googlePubsubTopicExample.name,
  });
/*This allows the Terraform resource name to match the original name. You can remove the call if you don't need them to match.*/
googlePubsubSubscriptionExample.overrideLogicalId("example");

Example Usage - Pubsub Subscription Dead Letter

/*Provider bindings are generated by running cdktf get.
See https://cdk.tf/provider-generation for more details.*/
import * as google from "./.gen/providers/google";
/*The following providers are missing schema information and might need manual adjustments to synthesize correctly: google.
For a more precise conversion please use the --provider flag in convert.*/
const googlePubsubTopicExample = new google.pubsubTopic.PubsubTopic(
  this,
  "example",
  {
    name: "example-topic",
  }
);
const googlePubsubTopicExampleDeadLetter = new google.pubsubTopic.PubsubTopic(
  this,
  "example_dead_letter",
  {
    name: "example-topic-dead-letter",
  }
);
const googlePubsubSubscriptionExample =
  new google.pubsubSubscription.PubsubSubscription(this, "example_2", {
    dead_letter_policy: [
      {
        dead_letter_topic: googlePubsubTopicExampleDeadLetter.id,
        max_delivery_attempts: 10,
      },
    ],
    name: "example-subscription",
    topic: googlePubsubTopicExample.name,
  });
/*This allows the Terraform resource name to match the original name. You can remove the call if you don't need them to match.*/
googlePubsubSubscriptionExample.overrideLogicalId("example");

Example Usage - Pubsub Subscription Push Bq

/*Provider bindings are generated by running cdktf get.
See https://cdk.tf/provider-generation for more details.*/
import * as google from "./.gen/providers/google";
/*The following providers are missing schema information and might need manual adjustments to synthesize correctly: google.
For a more precise conversion please use the --provider flag in convert.*/
const googleBigqueryDatasetTest = new google.bigqueryDataset.BigqueryDataset(
  this,
  "test",
  {
    dataset_id: "example_dataset",
  }
);
const googleBigqueryTableTest = new google.bigqueryTable.BigqueryTable(
  this,
  "test_1",
  {
    dataset_id: googleBigqueryDatasetTest.datasetId,
    deletion_protection: false,
    schema:
      '[\n  {\n    "name": "data",\n    "type": "STRING",\n    "mode": "NULLABLE",\n    "description": "The data"\n  }\n]\n',
    table_id: "example_table",
  }
);
/*This allows the Terraform resource name to match the original name. You can remove the call if you don't need them to match.*/
googleBigqueryTableTest.overrideLogicalId("test");
const googlePubsubTopicExample = new google.pubsubTopic.PubsubTopic(
  this,
  "example",
  {
    name: "example-topic",
  }
);
const dataGoogleProjectProject = new google.dataGoogleProject.DataGoogleProject(
  this,
  "project",
  {}
);
const googleProjectIamMemberEditor =
  new google.projectIamMember.ProjectIamMember(this, "editor", {
    member: `serviceAccount:service-\${${dataGoogleProjectProject.number}}@gcp-sa-pubsub.iam.gserviceaccount.com`,
    project: dataGoogleProjectProject.projectId,
    role: "roles/bigquery.dataEditor",
  });
const googleProjectIamMemberViewer =
  new google.projectIamMember.ProjectIamMember(this, "viewer", {
    member: `serviceAccount:service-\${${dataGoogleProjectProject.number}}@gcp-sa-pubsub.iam.gserviceaccount.com`,
    project: dataGoogleProjectProject.projectId,
    role: "roles/bigquery.metadataViewer",
  });
const googlePubsubSubscriptionExample =
  new google.pubsubSubscription.PubsubSubscription(this, "example_6", {
    bigquery_config: [
      {
        table: `\${${googleBigqueryTableTest.project}}.\${${googleBigqueryTableTest.datasetId}}.\${${googleBigqueryTableTest.tableId}}`,
      },
    ],
    depends_on: [
      `\${${googleProjectIamMemberViewer.fqn}}`,
      `\${${googleProjectIamMemberEditor.fqn}}`,
    ],
    name: "example-subscription",
    topic: googlePubsubTopicExample.name,
  });
/*This allows the Terraform resource name to match the original name. You can remove the call if you don't need them to match.*/
googlePubsubSubscriptionExample.overrideLogicalId("example");

Argument Reference

The following arguments are supported:

name - (Required) Name of the subscription.
topic - (Required) A reference to a Topic resource.

labels - (Optional) A set of key/value label pairs to assign to this Subscription.
bigqueryConfig - (Optional) If delivery to BigQuery is used with this subscription, this field is used to configure it. Either pushConfig or bigQueryConfig can be set, but not both. If both are empty, then the subscriber will pull and ack messages using API methods. Structure is documented below.
pushConfig - (Optional) If push delivery is used with this subscription, this field is used to configure it. An empty pushConfig signifies that the subscriber will pull and ack messages using API methods. Structure is documented below.
ackDeadlineSeconds - (Optional) This value is the maximum time after a subscriber receives a message before the subscriber should acknowledge the message. After message delivery but before the ack deadline expires and before the message is acknowledged, it is an outstanding message and will not be delivered again during that time (on a best-effort basis). For pull subscriptions, this value is used as the initial value for the ack deadline. To override this value for a given message, call subscriptions.modifyAckDeadline with the corresponding ackId if using pull. The minimum custom deadline you can specify is 10 seconds. The maximum custom deadline you can specify is 600 seconds (10 minutes). If this parameter is 0, a default value of 10 seconds is used. For push delivery, this value is also used to set the request timeout for the call to the push endpoint. If the subscriber never acknowledges the message, the Pub/Sub system will eventually redeliver the message.
messageRetentionDuration - (Optional) How long to retain unacknowledged messages in the subscription's backlog, from the moment a message is published. If retain_acked_messages is true, then this also configures the retention of acknowledged messages, and thus configures how far back in time a subscriptions.seek can be done. Defaults to 7 days. Cannot be more than 7 days ("604800S") or less than 10 minutes ("600S"). A duration in seconds with up to nine fractional digits, terminated by 's'. Example: "6005S".
retainAckedMessages - (Optional) Indicates whether to retain acknowledged messages. If true, then messages are not expunged from the subscription's backlog, even if they are acknowledged, until they fall out of the messageRetentionDuration window.
expirationPolicy - (Optional) A policy that specifies the conditions for this subscription's expiration. A subscription is considered active as long as any connected subscriber is successfully consuming messages from the subscription or is issuing operations on the subscription. If expirationPolicy is not set, a default policy with ttl of 31 days will be used. If it is set but ttl is "", the resource never expires. The minimum allowed value for expirationPolicy.ttl is 1 day. Structure is documented below.
filter - (Optional) The subscription only delivers the messages that match the filter. Pub/Sub automatically acknowledges the messages that don't match the filter. You can filter messages by their attributes. The maximum length of a filter is 256 bytes. After creating the subscription, you can't modify the filter.
deadLetterPolicy - (Optional) A policy that specifies the conditions for dead lettering messages in this subscription. If dead_letter_policy is not set, dead lettering is disabled. The Cloud Pub/Sub service account associated with this subscription's parent project (i.e., service-{project_number}@gcp-sa-pubsub.iam.gserviceaccount.com) must have permission to Acknowledge() messages on this subscription. Structure is documented below.
retryPolicy - (Optional) A policy that specifies how Pub/Sub retries message delivery for this subscription. If not set, the default retry policy is applied. This generally implies that messages will be retried as soon as possible for healthy subscribers. RetryPolicy will be triggered on NACKs or acknowledgement deadline exceeded events for a given message Structure is documented below.
enableMessageOrdering - (Optional) If true, messages published with the same orderingKey in PubsubMessage will be delivered to the subscribers in the order in which they are received by the Pub/Sub system. Otherwise, they may be delivered in any order.
enableExactlyOnceDelivery - (Optional) If true, Pub/Sub provides the following guarantees for the delivery of a message with a given value of messageId on this Subscriptions':
- The message sent to a subscriber is guaranteed not to be resent before the message's acknowledgement deadline expires.
- An acknowledged message will not be resent to a subscriber. Note that subscribers may still receive multiple copies of a message when enableExactlyOnceDelivery is true if the message was published multiple times by a publisher client. These copies are considered distinct by Pub/Sub and have distinct messageId values
project - (Optional) The ID of the project in which the resource belongs. If it is not provided, the provider project is used.

The bigqueryConfig block supports:

table - (Required) The name of the table to which to write data, of the form {projectId}:{datasetId}.{tableId}
useTopicSchema - (Optional) When true, use the topic's schema as the columns to write to in BigQuery, if it exists.
writeMetadata - (Optional) When true, write the subscription name, messageId, publishTime, attributes, and orderingKey to additional columns in the table. The subscription name, messageId, and publishTime fields are put in their own columns while all other message properties (other than data) are written to a JSON object in the attributes column.
dropUnknownFields - (Optional) When true and useTopicSchema is true, any fields that are a part of the topic schema that are not part of the BigQuery table schema are dropped when writing to BigQuery. Otherwise, the schemas must be kept in sync and any messages with extra fields are not written and remain in the subscription's backlog.

The pushConfig block supports:

oidcToken - (Optional) If specified, Pub/Sub will generate and attach an OIDC JWT token as an Authorization header in the HTTP request for every pushed message. Structure is documented below.
pushEndpoint - (Required) A URL locating the endpoint to which messages should be pushed. For example, a Webhook endpoint might use "https://example.com/push".
attributes - (Optional) Endpoint configuration attributes. Every endpoint has a set of API supported attributes that can be used to control different aspects of the message delivery. The currently supported attribute is x-goog-version, which you can use to change the format of the pushed message. This attribute indicates the version of the data expected by the endpoint. This controls the shape of the pushed message (i.e., its fields and metadata). The endpoint version is based on the version of the Pub/Sub API. If not present during the subscriptions.create call, it will default to the version of the API used to make such call. If not present during a subscriptions.modifyPushConfig call, its value will not be changed. subscriptions.get calls will always return a valid version, even if the subscription was created without this attribute. The possible values for this attribute are:
- v1beta1: uses the push format defined in the v1beta1 Pub/Sub API.
- v1 or v1beta2: uses the push format defined in the v1 Pub/Sub API.

The oidcToken block supports:

serviceAccountEmail - (Required) Service account email to be used for generating the OIDC token. The caller (for subscriptions.create, subscriptions.patch, and subscriptions.modifyPushConfig RPCs) must have the iam.serviceAccounts.actAs permission for the service account.
audience - (Optional) Audience to be used when generating OIDC token. The audience claim identifies the recipients that the JWT is intended for. The audience value is a single case-sensitive string. Having multiple values (array) for the audience field is not supported. More info about the OIDC JWT token audience here: https://tools.ietf.org/html/rfc7519#section-4.1.3 Note: if not specified, the Push endpoint URL will be used.

The expirationPolicy block supports:

ttl - (Required) Specifies the "time-to-live" duration for an associated resource. The resource expires if it is not active for a period of ttl. If ttl is not set, the associated resource never expires. A duration in seconds with up to nine fractional digits, terminated by 's'. Example - "3.5s".

The deadLetterPolicy block supports:

deadLetterTopic - (Optional) The name of the topic to which dead letter messages should be published. Format is projects/{project}/topics/{topic}. The Cloud Pub/Sub service account associated with the enclosing subscription's parent project (i.e., service-{project_number}@gcp-sa-pubsub.iam.gserviceaccount.com) must have permission to Publish() to this topic. The operation will fail if the topic does not exist. Users should ensure that there is a subscription attached to this topic since messages published to a topic with no subscriptions are lost.
maxDeliveryAttempts - (Optional) The maximum number of delivery attempts for any message. The value must be between 5 and 100. The number of delivery attempts is defined as 1 + (the sum of number of NACKs and number of times the acknowledgement deadline has been exceeded for the message). A NACK is any call to ModifyAckDeadline with a 0 deadline. Note that client libraries may automatically extend ack_deadlines. This field will be honored on a best effort basis. If this parameter is 0, a default value of 5 is used.

The retryPolicy block supports:

minimumBackoff - (Optional) The minimum delay between consecutive deliveries of a given message. Value should be between 0 and 600 seconds. Defaults to 10 seconds. A duration in seconds with up to nine fractional digits, terminated by 's'. Example: "3.5s".
maximumBackoff - (Optional) The maximum delay between consecutive deliveries of a given message. Value should be between 0 and 600 seconds. Defaults to 600 seconds. A duration in seconds with up to nine fractional digits, terminated by 's'. Example: "3.5s".

Attributes Reference

In addition to the arguments listed above, the following computed attributes are exported:

id - an identifier for the resource with format projects/{{project}}/subscriptions/{{name}}

Timeouts

This resource provides the following Timeouts configuration options:

create - Default is 20 minutes.
update - Default is 20 minutes.
delete - Default is 20 minutes.

Import

Subscription can be imported using any of these accepted formats:

$ terraform import google_pubsub_subscription.default projects/{{project}}/subscriptions/{{name}}
$ terraform import google_pubsub_subscription.default {{project}}/{{name}}
$ terraform import google_pubsub_subscription.default {{name}}

User Project Overrides

This resource supports User Project Overrides.