google.cloud.gcp_pubsub_subscription module – Creates a GCP Subscription

Note

This module is part of the google.cloud collection (version 1.4.1).

You might already have this collection installed if you are using the ansible package. It is not included in ansible-core. To check whether it is installed, run ansible-galaxy collection list.

To install it, use: ansible-galaxy collection install google.cloud. You need further requirements to be able to use this module, see Requirements for details.

To use it in a playbook, specify: google.cloud.gcp_pubsub_subscription.

Synopsis

  • A named resource representing the stream of messages from a single, specific topic, to be delivered to the subscribing application.

Requirements

The below requirements are needed on the host that executes this module.

  • python >= 2.6

  • requests >= 2.18.4

  • google-auth >= 1.3.0

Parameters

Parameter

Comments

access_token

string

An OAuth2 access token if credential type is accesstoken.

ack_deadline_seconds

integer

This value is the maximum time after a subscriber receives a message before the subscriber should acknowledge the message. After message delivery but before the ack deadline expires and before the message is acknowledged, it is an outstanding message and will not be delivered again during that time (on a best-effort basis).

For pull subscriptions, this value is used as the initial value for the ack deadline. To override this value for a given message, call subscriptions.modifyAckDeadline with the corresponding ackId if using pull. The minimum custom deadline you can specify is 10 seconds. The maximum custom deadline you can specify is 600 seconds (10 minutes).

If this parameter is 0, a default value of 10 seconds is used.

For push delivery, this value is also used to set the request timeout for the call to the push endpoint.

If the subscriber never acknowledges the message, the Pub/Sub system will eventually redeliver the message.

auth_kind

string / required

The type of credential used.

Choices:

  • "application"

  • "machineaccount"

  • "serviceaccount"

  • "accesstoken"

dead_letter_policy

dictionary

A policy that specifies the conditions for dead lettering messages in this subscription. If dead_letter_policy is not set, dead lettering is disabled.

The Cloud Pub/Sub service account associated with this subscription’s parent project (i.e., service-{project_number}@gcp-sa-pubsub.iam.gserviceaccount.com) must have permission to Acknowledge() messages on this subscription.

dead_letter_topic

string

The name of the topic to which dead letter messages should be published.

Format is `projects/{project}/topics/{topic}`.

The Cloud Pub/Sub service account associated with the enclosing subscription’s parent project (i.e., service-{project_number}@gcp-sa-pubsub.iam.gserviceaccount.com) must have permission to Publish() to this topic.

The operation will fail if the topic does not exist.

Users should ensure that there is a subscription attached to this topic since messages published to a topic with no subscriptions are lost.

max_delivery_attempts

integer

The maximum number of delivery attempts for any message. The value must be between 5 and 100.

The number of delivery attempts is defined as 1 + (the sum of number of NACKs and number of times the acknowledgement deadline has been exceeded for the message).

A NACK is any call to ModifyAckDeadline with a 0 deadline. Note that client libraries may automatically extend ack_deadlines.

This field will be honored on a best effort basis.

If this parameter is 0, a default value of 5 is used.

enable_message_ordering

boolean

If `true`, messages published with the same orderingKey in PubsubMessage will be delivered to the subscribers in the order in which they are received by the Pub/Sub system. Otherwise, they may be delivered in any order.

Choices:

  • false

  • true

env_type

string

Specifies which Ansible environment you’re running this module within.

This should not be set unless you know what you’re doing.

This only alters the User Agent string for any API requests.

expiration_policy

dictionary

A policy that specifies the conditions for this subscription’s expiration.

A subscription is considered active as long as any connected subscriber is successfully consuming messages from the subscription or is issuing operations on the subscription. If expirationPolicy is not set, a default policy with ttl of 31 days will be used. If it is set but ttl is “”, the resource never expires. The minimum allowed value for expirationPolicy.ttl is 1 day.

ttl

string / required

Specifies the “time-to-live” duration for an associated resource. The resource expires if it is not active for a period of ttl.

If ttl is not set, the associated resource never expires.

A duration in seconds with up to nine fractional digits, terminated by ‘s’.

Example - “3.5s”.

filter

string

The subscription only delivers the messages that match the filter. Pub/Sub automatically acknowledges the messages that don’t match the filter. You can filter messages by their attributes. The maximum length of a filter is 256 bytes. After creating the subscription, you can’t modify the filter.

labels

dictionary

A set of key/value label pairs to assign to this Subscription.

message_retention_duration

string

How long to retain unacknowledged messages in the subscription’s backlog, from the moment a message is published. If retainAckedMessages is true, then this also configures the retention of acknowledged messages, and thus configures how far back in time a subscriptions.seek can be done. Defaults to 7 days. Cannot be more than 7 days (`”604800s”`) or less than 10 minutes (`”600s”`).

A duration in seconds with up to nine fractional digits, terminated by ‘s’. Example: `”600.5s”`.

Default: "604800s"

name

string / required

Name of the subscription.

project

string

The Google Cloud Platform project to use.

push_config

dictionary

If push delivery is used with this subscription, this field is used to configure it. An empty pushConfig signifies that the subscriber will pull and ack messages using API methods.

attributes

dictionary

Endpoint configuration attributes.

Every endpoint has a set of API supported attributes that can be used to control different aspects of the message delivery.

The currently supported attribute is x-goog-version, which you can use to change the format of the pushed message. This attribute indicates the version of the data expected by the endpoint. This controls the shape of the pushed message (i.e., its fields and metadata). The endpoint version is based on the version of the Pub/Sub API.

If not present during the subscriptions.create call, it will default to the version of the API used to make such call. If not present during a subscriptions.modifyPushConfig call, its value will not be changed. subscriptions.get calls will always return a valid version, even if the subscription was created without this attribute.

The possible values for this attribute are: - v1beta1: uses the push format defined in the v1beta1 Pub/Sub API.

  • v1 or v1beta2: uses the push format defined in the v1 Pub/Sub API.

oidc_token

dictionary

If specified, Pub/Sub will generate and attach an OIDC JWT token as an Authorization header in the HTTP request for every pushed message.

audience

string

Audience to be used when generating OIDC token. The audience claim identifies the recipients that the JWT is intended for. The audience value is a single case-sensitive string. Having multiple values (array) for the audience field is not supported. More info about the OIDC JWT token audience here: https://tools.ietf.org/html/rfc7519#section-4.1.3 Note: if not specified, the Push endpoint URL will be used.

service_account_email

string / required

Service account email to be used for generating the OIDC token.

The caller (for subscriptions.create, subscriptions.patch, and subscriptions.modifyPushConfig RPCs) must have the iam.serviceAccounts.actAs permission for the service account.

push_endpoint

string / required

A URL locating the endpoint to which messages should be pushed.

For example, a Webhook endpoint might use “https://example.com/push”.

retain_acked_messages

boolean

Indicates whether to retain acknowledged messages. If `true`, then messages are not expunged from the subscription’s backlog, even if they are acknowledged, until they fall out of the messageRetentionDuration window.

Choices:

  • false

  • true

retry_policy

dictionary

A policy that specifies how Pub/Sub retries message delivery for this subscription.

If not set, the default retry policy is applied. This generally implies that messages will be retried as soon as possible for healthy subscribers. RetryPolicy will be triggered on NACKs or acknowledgement deadline exceeded events for a given message .

maximum_backoff

string

The maximum delay between consecutive deliveries of a given message. Value should be between 0 and 600 seconds. Defaults to 600 seconds. A duration in seconds with up to nine fractional digits, terminated by ‘s’. Example: “3.5s”.

minimum_backoff

string

The minimum delay between consecutive deliveries of a given message. Value should be between 0 and 600 seconds. Defaults to 10 seconds.

A duration in seconds with up to nine fractional digits, terminated by ‘s’. Example: “3.5s”.

scopes

list / elements=string

Array of scopes to be used

service_account_contents

jsonarg

The contents of a Service Account JSON file, either in a dictionary or as a JSON string that represents it.

service_account_email

string

An optional service account email address if machineaccount is selected and the user does not wish to use the default email.

service_account_file

path

The path of a Service Account JSON file if serviceaccount is selected as type.

state

string

Whether the given object should exist in GCP

Choices:

  • "present" ← (default)

  • "absent"

topic

dictionary / required

A reference to a Topic resource.

This field represents a link to a Topic resource in GCP. It can be specified in two ways. First, you can place a dictionary with key ‘name’ and value of your resource’s name Alternatively, you can add `register: name-of-resource` to a gcp_pubsub_topic task and then set this topic field to “{{ name-of-resource }}”

Notes

Note

  • API Reference: https://cloud.google.com/pubsub/docs/reference/rest/v1/projects.subscriptions

  • Managing Subscriptions: https://cloud.google.com/pubsub/docs/admin#managing_subscriptions

  • for authentication, you can set service_account_file using the GCP_SERVICE_ACCOUNT_FILE env variable.

  • for authentication, you can set service_account_contents using the GCP_SERVICE_ACCOUNT_CONTENTS env variable.

  • For authentication, you can set service_account_email using the GCP_SERVICE_ACCOUNT_EMAIL env variable.

  • For authentication, you can set access_token using the GCP_ACCESS_TOKEN env variable.

  • For authentication, you can set auth_kind using the GCP_AUTH_KIND env variable.

  • For authentication, you can set scopes using the GCP_SCOPES env variable.

  • Environment variables values will only be used if the playbook values are not set.

  • The service_account_email and service_account_file options are mutually exclusive.

Examples

- name: create a topic
  google.cloud.gcp_pubsub_topic:
    name: topic-subscription
    project: "{{ gcp_project }}"
    auth_kind: "{{ gcp_cred_kind }}"
    service_account_file: "{{ gcp_cred_file }}"
    state: present
  register: topic

- name: create a subscription
  google.cloud.gcp_pubsub_subscription:
    name: test_object
    topic: "{{ topic }}"
    ack_deadline_seconds: 300
    project: test_project
    auth_kind: serviceaccount
    service_account_file: "/tmp/auth.pem"
    state: present

Return Values

Common return values are documented here, the following are the fields unique to this module:

Key

Description

ackDeadlineSeconds

integer

This value is the maximum time after a subscriber receives a message before the subscriber should acknowledge the message. After message delivery but before the ack deadline expires and before the message is acknowledged, it is an outstanding message and will not be delivered again during that time (on a best-effort basis).

For pull subscriptions, this value is used as the initial value for the ack deadline. To override this value for a given message, call subscriptions.modifyAckDeadline with the corresponding ackId if using pull. The minimum custom deadline you can specify is 10 seconds. The maximum custom deadline you can specify is 600 seconds (10 minutes).

If this parameter is 0, a default value of 10 seconds is used.

For push delivery, this value is also used to set the request timeout for the call to the push endpoint.

If the subscriber never acknowledges the message, the Pub/Sub system will eventually redeliver the message.

Returned: success

deadLetterPolicy

complex

A policy that specifies the conditions for dead lettering messages in this subscription. If dead_letter_policy is not set, dead lettering is disabled.

The Cloud Pub/Sub service account associated with this subscription’s parent project (i.e., service-{project_number}@gcp-sa-pubsub.iam.gserviceaccount.com) must have permission to Acknowledge() messages on this subscription.

Returned: success

deadLetterTopic

string

The name of the topic to which dead letter messages should be published.

Format is `projects/{project}/topics/{topic}`.

The Cloud Pub/Sub service account associated with the enclosing subscription’s parent project (i.e., service-{project_number}@gcp-sa-pubsub.iam.gserviceaccount.com) must have permission to Publish() to this topic.

The operation will fail if the topic does not exist.

Users should ensure that there is a subscription attached to this topic since messages published to a topic with no subscriptions are lost.

Returned: success

maxDeliveryAttempts

integer

The maximum number of delivery attempts for any message. The value must be between 5 and 100.

The number of delivery attempts is defined as 1 + (the sum of number of NACKs and number of times the acknowledgement deadline has been exceeded for the message).

A NACK is any call to ModifyAckDeadline with a 0 deadline. Note that client libraries may automatically extend ack_deadlines.

This field will be honored on a best effort basis.

If this parameter is 0, a default value of 5 is used.

Returned: success

enableMessageOrdering

boolean

If `true`, messages published with the same orderingKey in PubsubMessage will be delivered to the subscribers in the order in which they are received by the Pub/Sub system. Otherwise, they may be delivered in any order.

Returned: success

expirationPolicy

complex

A policy that specifies the conditions for this subscription’s expiration.

A subscription is considered active as long as any connected subscriber is successfully consuming messages from the subscription or is issuing operations on the subscription. If expirationPolicy is not set, a default policy with ttl of 31 days will be used. If it is set but ttl is “”, the resource never expires. The minimum allowed value for expirationPolicy.ttl is 1 day.

Returned: success

ttl

string

Specifies the “time-to-live” duration for an associated resource. The resource expires if it is not active for a period of ttl.

If ttl is not set, the associated resource never expires.

A duration in seconds with up to nine fractional digits, terminated by ‘s’.

Example - “3.5s”.

Returned: success

filter

string

The subscription only delivers the messages that match the filter. Pub/Sub automatically acknowledges the messages that don’t match the filter. You can filter messages by their attributes. The maximum length of a filter is 256 bytes. After creating the subscription, you can’t modify the filter.

Returned: success

labels

dictionary

A set of key/value label pairs to assign to this Subscription.

Returned: success

messageRetentionDuration

string

How long to retain unacknowledged messages in the subscription’s backlog, from the moment a message is published. If retainAckedMessages is true, then this also configures the retention of acknowledged messages, and thus configures how far back in time a subscriptions.seek can be done. Defaults to 7 days. Cannot be more than 7 days (`”604800s”`) or less than 10 minutes (`”600s”`).

A duration in seconds with up to nine fractional digits, terminated by ‘s’. Example: `”600.5s”`.

Returned: success

name

string

Name of the subscription.

Returned: success

pushConfig

complex

If push delivery is used with this subscription, this field is used to configure it. An empty pushConfig signifies that the subscriber will pull and ack messages using API methods.

Returned: success

attributes

dictionary

Endpoint configuration attributes.

Every endpoint has a set of API supported attributes that can be used to control different aspects of the message delivery.

The currently supported attribute is x-goog-version, which you can use to change the format of the pushed message. This attribute indicates the version of the data expected by the endpoint. This controls the shape of the pushed message (i.e., its fields and metadata). The endpoint version is based on the version of the Pub/Sub API.

If not present during the subscriptions.create call, it will default to the version of the API used to make such call. If not present during a subscriptions.modifyPushConfig call, its value will not be changed. subscriptions.get calls will always return a valid version, even if the subscription was created without this attribute.

The possible values for this attribute are: - v1beta1: uses the push format defined in the v1beta1 Pub/Sub API.

  • v1 or v1beta2: uses the push format defined in the v1 Pub/Sub API.

Returned: success

oidcToken

complex

If specified, Pub/Sub will generate and attach an OIDC JWT token as an Authorization header in the HTTP request for every pushed message.

Returned: success

audience

string

Audience to be used when generating OIDC token. The audience claim identifies the recipients that the JWT is intended for. The audience value is a single case-sensitive string. Having multiple values (array) for the audience field is not supported. More info about the OIDC JWT token audience here: https://tools.ietf.org/html/rfc7519#section-4.1.3 Note: if not specified, the Push endpoint URL will be used.

Returned: success

serviceAccountEmail

string

Service account email to be used for generating the OIDC token.

The caller (for subscriptions.create, subscriptions.patch, and subscriptions.modifyPushConfig RPCs) must have the iam.serviceAccounts.actAs permission for the service account.

Returned: success

pushEndpoint

string

A URL locating the endpoint to which messages should be pushed.

For example, a Webhook endpoint might use “https://example.com/push”.

Returned: success

retainAckedMessages

boolean

Indicates whether to retain acknowledged messages. If `true`, then messages are not expunged from the subscription’s backlog, even if they are acknowledged, until they fall out of the messageRetentionDuration window.

Returned: success

retryPolicy

complex

A policy that specifies how Pub/Sub retries message delivery for this subscription.

If not set, the default retry policy is applied. This generally implies that messages will be retried as soon as possible for healthy subscribers. RetryPolicy will be triggered on NACKs or acknowledgement deadline exceeded events for a given message .

Returned: success

maximumBackoff

string

The maximum delay between consecutive deliveries of a given message. Value should be between 0 and 600 seconds. Defaults to 600 seconds. A duration in seconds with up to nine fractional digits, terminated by ‘s’. Example: “3.5s”.

Returned: success

minimumBackoff

string

The minimum delay between consecutive deliveries of a given message. Value should be between 0 and 600 seconds. Defaults to 10 seconds.

A duration in seconds with up to nine fractional digits, terminated by ‘s’. Example: “3.5s”.

Returned: success

topic

dictionary

A reference to a Topic resource.

Returned: success

Authors

  • Google Inc. (@googlecloudplatform)