diff --git a/modules/folder/README.md b/modules/folder/README.md
index dede3fd28..9cc273c62 100644
--- a/modules/folder/README.md
+++ b/modules/folder/README.md
@@ -72,19 +72,19 @@ module "folder-sink" {
type = "gcs"
destination = module.gcs.name
filter = "severity=WARNING"
- grant = false
+ iam = false
}
info = {
type = "bigquery"
destination = module.dataset.id
filter = "severity=INFO"
- grant = false
+ iam = false
}
notice = {
type = "pubsub"
destination = module.pubsub.id
filter = "severity=NOTICE"
- grant = true
+ iam = true
}
}
logging_exclusions = {
@@ -147,7 +147,7 @@ module "folder2" {
| *iam* | IAM bindings in {ROLE => [MEMBERS]} format. | map(set(string)) | | {} |
| *id* | Folder ID in case you use folder_create=false | string | | null |
| *logging_exclusions* | Logging exclusions for this folder in the form {NAME -> FILTER}. | map(string) | | {} |
-| *logging_sinks* | Logging sinks to create for this folder. | map(object({...})) | | {} |
+| *logging_sinks* | Logging sinks to create for this folder. | map(object({...})) | | {} |
| *name* | Folder name. | string | | null |
| *parent* | Parent in folders/folder_id or organizations/org_id format. | string | | ... |
| *policy_boolean* | Map of boolean org policies and enforcement value, set value to null for policy restore. | map(bool) | | {} |
diff --git a/modules/folder/main.tf b/modules/folder/main.tf
index b46eed4f4..39a1afd08 100644
--- a/modules/folder/main.tf
+++ b/modules/folder/main.tf
@@ -38,7 +38,7 @@ locals {
type => {
for name, sink in local.logging_sinks :
name => sink
- if sink.grant && sink.type == type
+ if sink.iam && sink.type == type
}
}
folder = (
@@ -216,13 +216,6 @@ resource "google_pubsub_topic_iam_binding" "pubsub-sinks-binding" {
members = [google_logging_folder_sink.sink[each.key].writer_identity]
}
-# resource "google_storage_bucket_iam_binding" "gcs-sinks-bindings" {
-# for_each = local.sink_grants["gcs"]
-# bucket = each.value.destination
-# role = "roles/storage.objectCreator"
-# members = [google_logging_folder_sink.sink[each.key].writer_identity]
-# }
-
resource "google_logging_folder_exclusion" "logging-exclusion" {
for_each = coalesce(var.logging_exclusions, {})
name = each.key
diff --git a/modules/folder/variables.tf b/modules/folder/variables.tf
index fc5ff7eba..060ca33a3 100644
--- a/modules/folder/variables.tf
+++ b/modules/folder/variables.tf
@@ -81,7 +81,7 @@ variable "logging_sinks" {
destination = string
type = string
filter = string
- grant = bool
+ iam = bool
}))
default = {}
}
diff --git a/modules/organization/README.md b/modules/organization/README.md
index f8b500fba..0d95bc909 100644
--- a/modules/organization/README.md
+++ b/modules/organization/README.md
@@ -89,19 +89,19 @@ module "org" {
type = "gcs"
destination = module.gcs.name
filter = "severity=WARNING"
- grant = false
+ iam = false
}
info = {
type = "bigquery"
destination = module.dataset.id
filter = "severity=INFO"
- grant = false
+ iam = false
}
notice = {
type = "pubsub"
destination = module.pubsub.id
filter = "severity=NOTICE"
- grant = true
+ iam = true
}
}
logging_exclusions = {
@@ -126,7 +126,7 @@ module "org" {
| *iam_additive_members* | IAM additive bindings in {MEMBERS => [ROLE]} format. This might break if members are dynamic values. | map(list(string)) | | {} |
| *iam_audit_config* | Service audit logging configuration. Service as key, map of log permission (eg DATA_READ) and excluded members as value for each service. | map(map(list(string))) | | {} |
| *logging_exclusions* | Logging exclusions for this organization in the form {NAME -> FILTER}. | map(string) | | {} |
-| *logging_sinks* | Logging sinks to create for this organization. | map(object({...})) | | {} |
+| *logging_sinks* | Logging sinks to create for this organization. | map(object({...})) | | {} |
| *policy_boolean* | Map of boolean org policies and enforcement value, set value to null for policy restore. | map(bool) | | {} |
| *policy_list* | Map of list org policies, status is true for allow, false for deny, null for restore. Values can only be used for allow or deny. | map(object({...})) | | {} |
diff --git a/modules/organization/main.tf b/modules/organization/main.tf
index a764710c9..cfe21b368 100644
--- a/modules/organization/main.tf
+++ b/modules/organization/main.tf
@@ -53,7 +53,7 @@ locals {
type => {
for name, sink in local.logging_sinks :
name => sink
- if sink.grant && sink.type == type
+ if sink.iam && sink.type == type
}
}
}
@@ -249,13 +249,6 @@ resource "google_pubsub_topic_iam_binding" "pubsub-sinks-binding" {
members = [google_logging_organization_sink.sink[each.key].writer_identity]
}
-# resource "google_storage_bucket_iam_binding" "gcs-sinks-bindings" {
-# for_each = local.sink_grants["gcs"]
-# bucket = each.value.destination
-# role = "roles/storage.objectCreator"
-# members = [google_logging_organization_sink.sink[each.key].writer_identity]
-# }
-
resource "google_logging_organization_exclusion" "logging-exclusion" {
for_each = coalesce(var.logging_exclusions, {})
name = each.key
diff --git a/modules/organization/variables.tf b/modules/organization/variables.tf
index 5c426cf8a..74b7cfed4 100644
--- a/modules/organization/variables.tf
+++ b/modules/organization/variables.tf
@@ -105,7 +105,7 @@ variable "logging_sinks" {
destination = string
type = string
filter = string
- grant = bool
+ iam = bool
}))
default = {}
}
diff --git a/modules/project/README.md b/modules/project/README.md
index f8d238d1f..402cee0bc 100644
--- a/modules/project/README.md
+++ b/modules/project/README.md
@@ -115,19 +115,19 @@ module "project-host" {
type = "gcs"
destination = module.gcs.name
filter = "severity=WARNING"
- grant = false
+ iam = false
}
info = {
type = "bigquery"
destination = module.dataset.id
filter = "severity=INFO"
- grant = false
+ iam = false
}
notice = {
type = "pubsub"
destination = module.pubsub.id
filter = "severity=NOTICE"
- grant = true
+ iam = true
}
}
logging_exclusions = {
@@ -153,7 +153,7 @@ module "project-host" {
| *labels* | Resource labels. | map(string) | | {} |
| *lien_reason* | If non-empty, creates a project lien with this description. | string | | map(string) | | {} |
-| *logging_sinks* | Logging sinks to create for this project. | map(object({...})) | | {} |
+| *logging_sinks* | Logging sinks to create for this project. | map(object({...})) | | {} |
| *oslogin* | Enable OS Login. | bool | | false |
| *oslogin_admins* | List of IAM-style identities that will be granted roles necessary for OS Login administrators. | list(string) | | [] |
| *oslogin_users* | List of IAM-style identities that will be granted roles necessary for OS Login users. | list(string) | | [] |
diff --git a/modules/project/main.tf b/modules/project/main.tf
index 0606fa24e..0a4d9b725 100644
--- a/modules/project/main.tf
+++ b/modules/project/main.tf
@@ -50,7 +50,7 @@ locals {
type => {
for name, sink in local.logging_sinks :
name => sink
- if sink.grant && sink.type == type
+ if sink.iam && sink.type == type
}
}
}
@@ -291,13 +291,6 @@ resource "google_pubsub_topic_iam_binding" "pubsub-sinks-binding" {
members = [google_logging_project_sink.sink[each.key].writer_identity]
}
-# resource "google_storage_bucket_iam_binding" "gcs-sinks-bindings" {
-# for_each = local.sink_grants["gcs"]
-# bucket = each.value.destination
-# role = "roles/storage.objectCreator"
-# members = [google_logging_project_sink.sink[each.key].writer_identity]
-# }
-
resource "google_logging_project_exclusion" "logging-exclusion" {
for_each = coalesce(var.logging_exclusions, {})
name = each.key
diff --git a/modules/project/variables.tf b/modules/project/variables.tf
index d8e06a9ee..b180ebdc4 100644
--- a/modules/project/variables.tf
+++ b/modules/project/variables.tf
@@ -172,7 +172,7 @@ variable "logging_sinks" {
destination = string
type = string
filter = string
- grant = bool
+ iam = bool
}))
default = {}
}