diff --git a/plugins/modules/gcp_pubsub_topic.py b/plugins/modules/gcp_pubsub_topic.py index 35297020fbcc20..46038c6a229355 100644 --- a/plugins/modules/gcp_pubsub_topic.py +++ b/plugins/modules/gcp_pubsub_topic.py @@ -51,6 +51,14 @@ description: - Name of the topic. required: true + kms_key_name: + description: + - The resource name of the Cloud KMS CryptoKey to be used to protect access to + messsages published on this topic. Your project's PubSub service account (`service-{{PROJECT_NUMBER}}@gcp-sa-pubsub.iam.gserviceaccount.com`) + must have `roles/cloudkms.cryptoKeyEncrypterDecrypter` to use this feature. + - The expected format is `projects/*/locations/*/keyRings/*/cryptoKeys/*` . + required: false + version_added: 2.9 labels: description: - A set of key/value label pairs to assign to this Topic. @@ -78,6 +86,14 @@ - Name of the topic. returned: success type: str +kmsKeyName: + description: + - The resource name of the Cloud KMS CryptoKey to be used to protect access to messsages + published on this topic. Your project's PubSub service account (`service-{{PROJECT_NUMBER}}@gcp-sa-pubsub.iam.gserviceaccount.com`) + must have `roles/cloudkms.cryptoKeyEncrypterDecrypter` to use this feature. + - The expected format is `projects/*/locations/*/keyRings/*/cryptoKeys/*` . + returned: success + type: str labels: description: - A set of key/value label pairs to assign to this Topic. @@ -102,7 +118,10 @@ def main(): module = GcpModule( argument_spec=dict( - state=dict(default='present', choices=['present', 'absent'], type='str'), name=dict(required=True, type='str'), labels=dict(type='dict') + state=dict(default='present', choices=['present', 'absent'], type='str'), + name=dict(required=True, type='str'), + kms_key_name=dict(type='str'), + labels=dict(type='dict'), ) ) @@ -162,7 +181,7 @@ def delete(module, link): def resource_to_request(module): - request = {u'name': module.params.get('name'), u'labels': module.params.get('labels')} + request = {u'name': module.params.get('name'), u'kmsKeyName': module.params.get('kms_key_name'), u'labels': module.params.get('labels')} request = encode_request(request, module) return_vals = {} for k, v in request.items(): @@ -230,7 +249,7 @@ def is_different(module, response): # Remove unnecessary properties from the response. # This is for doing comparisons with Ansible's current parameters. def response_to_hash(module, response): - return {u'name': module.params.get('name'), u'labels': response.get(u'labels')} + return {u'name': module.params.get('name'), u'kmsKeyName': module.params.get('kms_key_name'), u'labels': response.get(u'labels')} def decode_request(response, module): diff --git a/plugins/modules/gcp_pubsub_topic_facts.py b/plugins/modules/gcp_pubsub_topic_facts.py index 8e3edf53c9227d..7b794fc8ec821e 100644 --- a/plugins/modules/gcp_pubsub_topic_facts.py +++ b/plugins/modules/gcp_pubsub_topic_facts.py @@ -63,6 +63,15 @@ - Name of the topic. returned: success type: str + kmsKeyName: + description: + - The resource name of the Cloud KMS CryptoKey to be used to protect access + to messsages published on this topic. Your project's PubSub service account + (`service-{{PROJECT_NUMBER}}@gcp-sa-pubsub.iam.gserviceaccount.com`) must + have `roles/cloudkms.cryptoKeyEncrypterDecrypter` to use this feature. + - The expected format is `projects/*/locations/*/keyRings/*/cryptoKeys/*` . + returned: success + type: str labels: description: - A set of key/value label pairs to assign to this Topic.