Allow projects as destinations for log sinks (#2102)

* Add project log sink destination to project module * Add project log sink destination to folder module * Add project log sink destination to organization module * Fix typos * Add project log sink destination to billing-account module * Make filter field optional * Update READMEs --------- Co-authored-by: Ludovico Magnocavallo <ludomagno@google.com>
2024-02-21 08:41:13 +01:00
parent b72f7d34b5
commit 5197d5ca8d
14 changed files with 424 additions and 35 deletions
--- a/tests/modules/folder/examples/logging.yaml
+++ b/tests/modules/folder/examples/logging.yaml
@@ -13,16 +13,62 @@
 # limitations under the License.

 values:
+  module.bucket.google_logging_project_bucket_config.bucket[0]:
+    bucket_id: test-bucket
+    cmek_settings: []
+    enable_analytics: false
+    index_configs: []
+    location: global
+    locked: null
+    project: project-id
+    retention_days: 30
+  module.dataset.google_bigquery_dataset.default:
+    dataset_id: bq_sink
+    default_encryption_configuration: []
+    default_partition_expiration_ms: null
+    default_table_expiration_ms: null
+    delete_contents_on_destroy: false
+    description: Terraform managed.
+    friendly_name: null
+    labels: null
+    location: EU
+    max_time_travel_hours: '168'
+    project: project-id
+  module.destination-project.google_project.project[0]:
+    auto_create_network: false
+    billing_account: 123456-123456-123456
+    folder_id: '1122334455'
+    labels: null
+    name: test-destination-project
+    org_id: null
+    project_id: test-destination-project
+    skip_delete: false
+  module.destination-project.google_project_service.project_services["logging.googleapis.com"]:
+    disable_dependent_services: false
+    disable_on_destroy: false
+    project: test-destination-project
+    service: logging.googleapis.com
  module.folder-sink.google_bigquery_dataset_iam_member.bq-sinks-binding["info"]:
+    condition: []
    role: roles/bigquery.dataEditor
  module.folder-sink.google_folder.folder[0]:
    display_name: Folder name
    parent: folders/1122334455
  module.folder-sink.google_logging_folder_exclusion.logging-exclusion["no-gce-instances"]:
    description: no-gce-instances (Terraform-managed).
+    disabled: null
    filter: resource.type=gce_instance
    name: no-gce-instances
+  module.folder-sink.google_logging_folder_sink.sink["alert"]:
+    description: alert (Terraform-managed).
+    destination: logging.googleapis.com/projects/test-destination-project
+    disabled: false
+    exclusions: []
+    filter: severity=ALERT
+    include_children: true
+    name: alert
  module.folder-sink.google_logging_folder_sink.sink["debug"]:
+    description: debug (Terraform-managed).
    disabled: false
    exclusions:
    - description: null
@@ -34,13 +80,16 @@ values:
    name: debug
  module.folder-sink.google_logging_folder_sink.sink["info"]:
    bigquery_options:
-      - use_partitioned_tables: false
+    - use_partitioned_tables: false
+    description: info (Terraform-managed).
    disabled: false
    exclusions: []
    filter: severity=INFO
    include_children: true
    name: info
  module.folder-sink.google_logging_folder_sink.sink["notice"]:
+    description: notice (Terraform-managed).
+    destination: pubsub.googleapis.com/projects/project-id/topics/pubsub_sink
    disabled: false
    exclusions: []
    filter: severity=NOTICE
@@ -58,20 +107,62 @@ values:
    condition:
    - title: debug bucket writer
    role: roles/logging.bucketWriter
+  module.folder-sink.google_project_iam_member.project-sinks-binding["alert"]:
+    condition: []
+    project: test-destination-project
+    role: roles/logging.logWriter
  module.folder-sink.google_pubsub_topic_iam_member.pubsub-sinks-binding["notice"]:
    condition: []
+    project: project-id
    role: roles/pubsub.publisher
+    topic: pubsub_sink
  module.folder-sink.google_storage_bucket_iam_member.gcs-sinks-binding["warnings"]:
    bucket: test-gcs_sink
    condition: []
    role: roles/storage.objectCreator
+  module.gcs.google_storage_bucket.bucket:
+    autoclass:
+    - enabled: false
+    cors: []
+    custom_placement_config: []
+    default_event_based_hold: null
+    enable_object_retention: null
+    encryption: []
+    force_destroy: true
+    labels: null
+    lifecycle_rule: []
+    location: EU
+    logging: []
+    name: test-gcs_sink
+    project: project-id
+    requester_pays: null
+    retention_policy: []
+    storage_class: MULTI_REGIONAL
+    uniform_bucket_level_access: true
+    versioning:
+    - enabled: false
+  module.pubsub.google_pubsub_topic.default:
+    kms_key_name: null
+    labels: null
+    message_retention_duration: null
+    name: pubsub_sink
+    project: project-id

 counts:
+  google_bigquery_dataset: 1
  google_bigquery_dataset_iam_member: 1
  google_folder: 1
  google_logging_folder_exclusion: 1
-  google_logging_folder_sink: 4
+  google_logging_folder_sink: 5
  google_logging_project_bucket_config: 1
-  google_project_iam_member: 1
+  google_project: 1
+  google_project_iam_member: 2
+  google_project_service: 1
+  google_pubsub_topic: 1
  google_pubsub_topic_iam_member: 1
+  google_storage_bucket: 1
  google_storage_bucket_iam_member: 1
+  modules: 6
+  resources: 18
+
+
--- a/tests/modules/organization/examples/logging.yaml
+++ b/tests/modules/organization/examples/logging.yaml
@@ -13,15 +13,82 @@
 # limitations under the License.

 values:
+  module.bucket.google_logging_project_bucket_config.bucket[0]:
+    bucket_id: test-bucket
+    cmek_settings: []
+    enable_analytics: false
+    index_configs: []
+    location: global
+    locked: null
+    project: project-id
+    retention_days: 30
+  module.dataset.google_bigquery_dataset.default:
+    dataset_id: bq_sink
+    default_encryption_configuration: []
+    default_partition_expiration_ms: null
+    default_table_expiration_ms: null
+    delete_contents_on_destroy: false
+    description: Terraform managed.
+    friendly_name: null
+    labels: null
+    location: EU
+    max_time_travel_hours: '168'
+    project: project-id
+  module.destination-project.google_project.project[0]:
+    auto_create_network: false
+    billing_account: 123456-123456-123456
+    folder_id: '1122334455'
+    labels: null
+    name: test-destination-project
+    org_id: null
+    project_id: test-destination-project
+    skip_delete: false
+  module.destination-project.google_project_service.project_services["logging.googleapis.com"]:
+    disable_dependent_services: false
+    disable_on_destroy: false
+    project: test-destination-project
+    service: logging.googleapis.com
+  module.gcs.google_storage_bucket.bucket:
+    autoclass:
+    - enabled: false
+    cors: []
+    custom_placement_config: []
+    default_event_based_hold: null
+    enable_object_retention: null
+    encryption: []
+    force_destroy: true
+    labels: null
+    lifecycle_rule: []
+    location: EU
+    logging: []
+    name: test-gcs_sink
+    project: project-id
+    requester_pays: null
+    retention_policy: []
+    storage_class: MULTI_REGIONAL
+    uniform_bucket_level_access: true
+    versioning:
+    - enabled: false
  module.org.google_bigquery_dataset_iam_member.bq-sinks-binding["info"]:
    condition: []
    role: roles/bigquery.dataEditor
  module.org.google_logging_organization_exclusion.logging-exclusion["no-gce-instances"]:
+    description: no-gce-instances (Terraform-managed).
    disabled: null
    filter: resource.type=gce_instance
    name: no-gce-instances
    org_id: '1122334455'
+  module.org.google_logging_organization_sink.sink["alert"]:
+    description: alert (Terraform-managed).
+    destination: logging.googleapis.com/projects/test-destination-project
+    disabled: false
+    exclusions: []
+    filter: severity=ALERT
+    include_children: true
+    name: alert
+    org_id: '1122334455'
  module.org.google_logging_organization_sink.sink["debug"]:
+    description: debug (Terraform-managed).
    disabled: false
    exclusions:
    - description: null
@@ -34,7 +101,8 @@ values:
    org_id: '1122334455'
  module.org.google_logging_organization_sink.sink["info"]:
    bigquery_options:
-      - use_partitioned_tables: true
+    - use_partitioned_tables: true
+    description: info (Terraform-managed).
    disabled: false
    exclusions: []
    filter: severity=INFO
@@ -42,6 +110,8 @@ values:
    name: info
    org_id: '1122334455'
  module.org.google_logging_organization_sink.sink["notice"]:
+    description: notice (Terraform-managed).
+    destination: pubsub.googleapis.com/projects/project-id/topics/pubsub_sink
    disabled: false
    exclusions: []
    filter: severity=NOTICE
@@ -49,6 +119,7 @@ values:
    name: notice
    org_id: '1122334455'
  module.org.google_logging_organization_sink.sink["warnings"]:
+    description: warnings (Terraform-managed).
    destination: storage.googleapis.com/test-gcs_sink
    disabled: false
    exclusions: []
@@ -56,6 +127,23 @@ values:
    include_children: true
    name: warnings
    org_id: '1122334455'
+  module.org.google_project_iam_member.bucket-sinks-binding["debug"]:
+    condition:
+    - title: debug bucket writer
+    role: roles/logging.bucketWriter
+  module.org.google_project_iam_member.project-sinks-binding["alert"]:
+    condition: []
+    project: test-destination-project
+    role: roles/logging.logWriter
+  module.org.google_pubsub_topic_iam_member.pubsub-sinks-binding["notice"]:
+    condition: []
+    project: project-id
+    role: roles/pubsub.publisher
+    topic: pubsub_sink
+  module.org.google_storage_bucket_iam_member.storage-sinks-binding["warnings"]:
+    bucket: test-gcs_sink
+    condition: []
+    role: roles/storage.objectCreator
  module.pubsub.google_pubsub_topic.default:
    kms_key_name: null
    labels: null
@@ -64,9 +152,18 @@ values:
    project: project-id

 counts:
+  google_bigquery_dataset: 1
  google_bigquery_dataset_iam_member: 1
  google_logging_organization_exclusion: 1
-  google_logging_organization_sink: 4
-  google_project_iam_member: 1
+  google_logging_organization_sink: 5
+  google_logging_project_bucket_config: 1
+  google_project: 1
+  google_project_iam_member: 2
+  google_project_service: 1
+  google_pubsub_topic: 1
  google_pubsub_topic_iam_member: 1
+  google_storage_bucket: 1
  google_storage_bucket_iam_member: 1
+  modules: 6
+  resources: 17
+
--- a/tests/modules/project/examples/logging.yaml
+++ b/tests/modules/project/examples/logging.yaml
@@ -13,6 +13,62 @@
 # limitations under the License.

 values:
+  module.bucket.google_logging_project_bucket_config.bucket[0]:
+    bucket_id: test-bucket
+    cmek_settings: []
+    enable_analytics: false
+    index_configs: []
+    location: global
+    locked: null
+    project: project-id
+    retention_days: 30
+  module.dataset.google_bigquery_dataset.default:
+    dataset_id: bq_sink
+    default_encryption_configuration: []
+    default_partition_expiration_ms: null
+    default_table_expiration_ms: null
+    delete_contents_on_destroy: true
+    description: Terraform managed.
+    friendly_name: null
+    labels: null
+    location: EU
+    max_time_travel_hours: '168'
+    project: project-id
+  module.destination-project.google_project.project[0]:
+    auto_create_network: false
+    billing_account: 123456-123456-123456
+    folder_id: '1122334455'
+    labels: null
+    name: test-destination-project
+    org_id: null
+    project_id: test-destination-project
+    skip_delete: false
+  module.destination-project.google_project_service.project_services["logging.googleapis.com"]:
+    disable_dependent_services: false
+    disable_on_destroy: false
+    project: test-destination-project
+    service: logging.googleapis.com
+  module.gcs.google_storage_bucket.bucket:
+    autoclass:
+    - enabled: false
+    cors: []
+    custom_placement_config: []
+    default_event_based_hold: null
+    enable_object_retention: null
+    encryption: []
+    force_destroy: true
+    labels: null
+    lifecycle_rule: []
+    location: EU
+    logging: []
+    name: test-gcs_sink
+    project: project-id
+    requester_pays: null
+    retention_policy: []
+    storage_class: MULTI_REGIONAL
+    uniform_bucket_level_access: true
+    versioning:
+    - enabled: false
  module.project-host.google_bigquery_dataset_iam_member.bq-sinks-binding["info"]:
    condition: []
    role: roles/bigquery.dataEditor
@@ -22,7 +78,18 @@ values:
    filter: resource.type=gce_instance
    name: no-gce-instances
    project: test-project
+  module.project-host.google_logging_project_sink.sink["alert"]:
+    custom_writer_identity: null
+    description: alert (Terraform-managed).
+    destination: logging.googleapis.com/projects/test-destination-project
+    disabled: false
+    exclusions: []
+    filter: severity=ALERT
+    name: alert
+    project: test-project
+    unique_writer_identity: true
  module.project-host.google_logging_project_sink.sink["debug"]:
+    custom_writer_identity: null
    description: debug (Terraform-managed).
    disabled: false
    exclusions:
@@ -36,7 +103,8 @@ values:
    unique_writer_identity: true
  module.project-host.google_logging_project_sink.sink["info"]:
    bigquery_options:
-      - use_partitioned_tables: false
+    - use_partitioned_tables: false
+    custom_writer_identity: null
    description: info (Terraform-managed).
    disabled: false
    exclusions: []
@@ -45,7 +113,9 @@ values:
    project: test-project
    unique_writer_identity: true
  module.project-host.google_logging_project_sink.sink["notice"]:
+    custom_writer_identity: null
    description: notice (Terraform-managed).
+    destination: pubsub.googleapis.com/projects/project-id/topics/pubsub_sink
    disabled: false
    exclusions: []
    filter: severity=NOTICE
@@ -53,6 +123,7 @@ values:
    project: test-project
    unique_writer_identity: true
  module.project-host.google_logging_project_sink.sink["warnings"]:
+    custom_writer_identity: null
    description: warnings (Terraform-managed).
    destination: storage.googleapis.com/test-gcs_sink
    disabled: false
@@ -74,23 +145,45 @@ values:
    condition:
    - title: debug bucket writer
    role: roles/logging.bucketWriter
+  module.project-host.google_project_iam_member.project-sinks-binding["alert"]:
+    condition: []
+    project: test-destination-project
+    role: roles/logging.logWriter
+  module.project-host.google_project_service.project_services["logging.googleapis.com"]:
+    disable_dependent_services: false
+    disable_on_destroy: false
+    project: test-project
+    service: logging.googleapis.com
  module.project-host.google_pubsub_topic_iam_member.pubsub-sinks-binding["notice"]:
    condition: []
+    project: project-id
    role: roles/pubsub.publisher
+    topic: pubsub_sink
  module.project-host.google_storage_bucket_iam_member.gcs-sinks-binding["warnings"]:
    bucket: test-gcs_sink
    condition: []
    role: roles/storage.objectCreator
+  module.pubsub.google_pubsub_topic.default:
+    kms_key_name: null
+    labels: null
+    message_retention_duration: null
+    name: pubsub_sink
+    project: project-id

 counts:
  google_bigquery_dataset: 1
  google_bigquery_dataset_iam_member: 1
  google_logging_project_bucket_config: 1
  google_logging_project_exclusion: 1
-  google_logging_project_sink: 4
-  google_project: 1
-  google_project_iam_member: 1
+  google_logging_project_sink: 5
+  google_project: 2
+  google_project_iam_member: 2
+  google_project_service: 2
  google_pubsub_topic: 1
  google_pubsub_topic_iam_member: 1
  google_storage_bucket: 1
  google_storage_bucket_iam_member: 1
+  modules: 6
+  resources: 19
+
+