Skip to content

Identity/Identity-Engine - Data plane Terraform module

Notifications You must be signed in to change notification settings

LiveRamp/terraform-google-identity-engine-data-plane

Repository files navigation

Requirements

No requirements.

Providers

Name Version
google n/a
google-beta n/a
random n/a

Modules

Name Source Version
cloud_router terraform-google-modules/cloud-router/google ~> 6.0
dataproc-firewall-rules terraform-google-modules/network/google//modules/firewall-rules 6.0.1
kms_crypto_key-iam-bindings terraform-google-modules/iam/google//modules/kms_crypto_keys_iam n/a

Resources

Name Type
google-beta_google_storage_bucket.tenant_build_bucket resource
google-beta_google_storage_bucket.tenant_input_bucket resource
google-beta_google_storage_bucket.tenant_output_bucket resource
google_bigquery_connection.bq_spark_connection resource
google_bigquery_connection_iam_member.member resource
google_bigquery_dataset.tenant_dataset resource
google_compute_address.cloud_nat_static_ip_address resource
google_compute_firewall.allow_idapi_egress resource
google_compute_firewall.allow_metastore_egress resource
google_compute_network.vpc_network resource
google_compute_subnetwork.dataproc_subnet resource
google_compute_subnetwork_iam_member.vpc_subnetwork_user resource
google_kms_crypto_key.tenant_crypto_key resource
google_kms_key_ring.kms resource
google_project_iam_member.allow_bq_connector_push_down resource
google_project_iam_member.bigquery_job_creator resource
google_project_iam_member.bigquery_job_user resource
google_project_iam_member.dataproc_editor resource
google_project_iam_member.dataproc_worker resource
google_project_iam_member.groups_log_viewers resource
google_project_iam_member.serviceAccount_user resource
google_project_iam_member.users_log_viewers resource
google_project_service.enable_api resource
google_service_account.tenant_data_access resource
google_service_account_iam_member.tenant_orchestration_impersonate_tenant_data_access_sa resource
google_storage_bucket_iam_policy.tenant_build_bucket resource
google_storage_bucket_iam_policy.tenant_input_bucket resource
google_storage_bucket_iam_policy.tenant_output_bucket resource
random_id.generator resource
google_iam_policy.tenant_build_bucket data source
google_iam_policy.tenant_input_bucket data source
google_iam_policy.tenant_output_bucket data source
google_project.data_plane_project data source
google_storage_project_service_account.data_plane_gcs_account data source

Inputs

Name Description Type Default Required
bigquery_dataset_name BigQuery Dataset name string "" no
build_bucket_name GCS Build bucket name string "" no
country_code The ISO 3166-1 two character country code (https://en.wikipedia.org/wiki/List_of_ISO_3166_country_codes) string n/a yes
create_input_output_buckets Create managed input and output buckets bool true no
data_editors The users, groups & service accounts that should have read & write access to this customers data
object({
service_accounts = list(string)
groups = list(string)
users = list(string)
})
n/a yes
data_plane_project The GCP project in which customer data will be stored. string n/a yes
data_retention_period_days The number of days this customers data will be stored before its automatically deleted number 0 no
data_viewers The users, groups & service accounts that should have read only access to this customers data
object({
service_accounts = list(string)
groups = list(string)
users = list(string)
})
n/a yes
dataproc_subnet_ip4_cidr Subnet used for Dataproc clusters string n/a yes
enable_dataproc_network Configure network bits for Dataproc - VPC, firewall rules etc bool true no
enable_kms Configure KMS to encrypt build, input and output buckets bool true no
environment The environment this infrastructure is supported (eg.: dev, staging or prod) string n/a yes
gcp_region The GCP region to be used string n/a yes
idapi_cidr_ip_addresses Portrait Engine ID-API instance CIDR IP addresses list(string) [] no
input_bucket_name GCS Input bucket name string "" no
installation_name n/a string "identity-engine" no
key_management_location The key management location for KMS string n/a yes
key_rotation_period_days The frequency at which the crypto key will automatically rotate (days) number 90 no
metastore_cidr_ip_address Portrait Engine Metastore CloudSQL instance CIDR IP address string n/a yes
name The human readable customer name string n/a yes
organisation_id Liveramp CAC/Organisation-id string n/a yes
output_bucket_name GCS Output bucket name string "" no
storage_location The storage location for BigQuery and GCS. string n/a yes
tenant_orchestration_sa Tenant Orchestration ServiceAccount for remote execution string n/a yes
tenant_service_account_name Service Account name string "" no

Outputs

Name Description
build_bucket_name The name of the GCS bucket that will be used to store the build files
cloud_nat_static_ip_address_0 The first static IP address for Cloud NAT
cloud_nat_static_ip_address_1 The second static IP address for Cloud NAT
dataproc_subnet The ID of the Dataproc subnet
tenant_bigquery_dataset_name The name of the BigQuery dataset that will be used to store the tenant data
tenant_data_access_svc_account The service account object that will be used to access the tenant data
tenant_name The tenant name
tenant_organisation_id The tenant organisation ID
tenant_project The tenant project object