Google Cloud Pub/Sub source

This event source subscribes to messages sent to a Google Cloud Pub/Sub topic.

With tmctl:

tmctl create source googlecloudpubsub --topic <topic> --serviceAccountKey $(cat ./key.txt)

On Kubernetes:

apiVersion: sources.triggermesh.io/v1alpha1
kind: GoogleCloudPubSubSource
metadata:
  name: sample
spec:
  topic: projects/my-project/topics/my-topic

  serviceAccountKey:
    value: >-
      {
        "type": "service_account",
        "project_id": "my-project",
        "private_key_id": "0000000000000000000000000000000000000000",
        "private_key": "-----BEGIN PRIVATE KEY-----\nMIIE...\n-----END PRIVATE KEY-----\n",
        "client_email": "triggermesh-pubsub-source@my-project.iam.gserviceaccount.com",
        "client_id": "000000000000000000000",
        "auth_uri": "https://accounts.google.com/o/oauth2/auth",
        "token_uri": "https://oauth2.googleapis.com/token",
        "auth_provider_x509_cert_url": "https://www.googleapis.com/oauth2/v1/certs",
        "client_x509_cert_url": "https://www.googleapis.com/robot/v1/metadata/x509/triggermesh-pubsub-source%40my-project.iam.gserviceaccount.com"
      }
  sink:
    ref:
      apiVersion: eventing.knative.dev/v1
      kind: Broker
      name: default

Events produced have the following attributes:

type com.google.cloud.pubsub.message
Schema of the data attribute: com.google.cloud.pubsub.message.json

See the Kubernetes object reference for more details.

Prerequisite(s)

Service Account
Pub/Sub Topic
Pub/Sub Subscription (optional)

Service Account

A Service Account is required to authenticate the event source and allow it to interact with Google Cloud Pub/Sub. You can create a service account by following the instructions at Creating and managing service accounts.

The service account must be granted an IAM Role with at least the following permissions:

pubsub.subscriptions.consume
pubsub.subscriptions.get

The following set of permissions is also required if you delegate the management of the Pub/Sub subscription to the event source. In case you prefer to manage the subscription yourself, these can be safely be omitted. More details on that topic are provided in the Pub/Sub Subscription section below.

pubsub.subscriptions.create
pubsub.subscriptions.delete
pubsub.topics.attachSubscription

The predefined roles/pubsub.editor role is one example of role that is suitable for use with the TriggerMesh event source for Google Cloud Pub/Sub.

Service account

Create a key for this service account and save it. This key must be in JSON format. It is required to be able to run an instance of the Google Cloud Pub/Sub event source.

Pub/Sub Topic

If you don't already have a Pub/Sub topic to subscribe to, create one by following the instructions at Managing topics and subscriptions.

Take note of the full topic name, it is a required input to be able to run an instance of the Google Cloud Pub/Sub event source.

Topic

Pub/Sub Subscription (optional)

A subscription is required in order to allow the TriggerMesh event source for Google Cloud Pub/Sub to pull messages from a Pub/Sub topic.

This section can be skipped if you would like to let the event source manage its own subscription, which is the default behaviour. In this case, please simply ensure you granted all necessary permissions to the service account in the previous section.

If, however, you prefer messages to be pulled using a subscription which you manage yourself, please ensure that subscription is a "pull" subscription as described in the documentation page Managing topics and subscriptions.

Subscription