kovagoadi/hunfabric
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

feat(logging-bucket): support locked parameter for project parent types (#3650)

Browse Source 
* feat(logging-bucket): support locked parameter for project parent types
- Add locked parameter to project bucket resources with default value of false.

* fixed the linting error, added the validation for project level bucket only and removed the nullable constraint
This commit is contained in:
Suryansh Singhal
2026-01-15 16:16:32 +05:30
committed by GitHub
parent ca7e437d60
commit 620551cbb1
3 changed files with 19 additions and 7 deletions
Download Patch File Download Diff File Expand all files Collapse all files

15
modules/logging-bucket/README.md
View File

@@ -118,17 +118,18 @@ module "bucket" {
| name | description | type | required | default |
|---|---|:---:|:---:|:---:|
| [name](variables.tf#L61) | Name of the logging bucket. | <code>string</code> | ✓ | |
| [parent](variables.tf#L66) | ID of the parent resource containing the bucket in the format 'project_id' 'folders/folder_id', 'organizations/organization_id' or 'billing_account_id'. | <code>string</code> | ✓ | |
| [name](variables.tf#L71) | Name of the logging bucket. | <code>string</code> | ✓ | |
| [parent](variables.tf#L76) | ID of the parent resource containing the bucket in the format 'project_id' 'folders/folder_id', 'organizations/organization_id' or 'billing_account_id'. | <code>string</code> | ✓ | |
| [context](variables.tf#L17) | Context-specific interpolations. | <code title="object&#40;&#123;&#10; custom_roles &#61; optional&#40;map&#40;string&#41;, &#123;&#125;&#41;&#10; folder_ids &#61; optional&#40;map&#40;string&#41;, &#123;&#125;&#41;&#10; iam_principals &#61; optional&#40;map&#40;string&#41;, &#123;&#125;&#41;&#10; kms_keys &#61; optional&#40;map&#40;string&#41;, &#123;&#125;&#41;&#10; locations &#61; optional&#40;map&#40;string&#41;, &#123;&#125;&#41;&#10; project_ids &#61; optional&#40;map&#40;string&#41;, &#123;&#125;&#41;&#10; tag_values &#61; optional&#40;map&#40;string&#41;, &#123;&#125;&#41;&#10;&#125;&#41;">object&#40;&#123;&#8230;&#125;&#41;</code> | | <code>&#123;&#125;</code> |
| [description](variables.tf#L32) | Human-readable description for the logging bucket. | <code>string</code> | | <code>null</code> |
| [kms_key_name](variables.tf#L38) | To enable CMEK for a project logging bucket, set this field to a valid name. The associated service account requires cloudkms.cryptoKeyEncrypterDecrypter roles assigned for the key. | <code>string</code> | | <code>null</code> |
| [location](variables.tf#L44) | Location of the bucket. | <code>string</code> | | <code>&#34;global&#34;</code> |
| [log_analytics](variables.tf#L50) | Enable and configure Analytics Log. | <code title="object&#40;&#123;&#10; enable &#61; optional&#40;bool, false&#41;&#10; dataset_link_id &#61; optional&#40;string&#41;&#10; description &#61; optional&#40;string, &#34;Log Analytics Dataset&#34;&#41;&#10;&#125;&#41;">object&#40;&#123;&#8230;&#125;&#41;</code> | | <code>&#123;&#125;</code> |
| [parent_type](variables.tf#L74) | Parent object type for the bucket (project, folder, organization, billing_account). | <code>string</code> | | <code>&#34;project&#34;</code> |
| [retention](variables.tf#L81) | Retention time in days for the logging bucket. | <code>number</code> | | <code>30</code> |
| [tag_bindings](variables.tf#L87) | Tag bindings for this bucket, in key => tag value id format. | <code>map&#40;string&#41;</code> | | <code>&#123;&#125;</code> |
| [views](variables.tf#L94) | Log views for this bucket. | <code title="map&#40;object&#40;&#123;&#10; filter &#61; string&#10; location &#61; optional&#40;string&#41;&#10; description &#61; optional&#40;string&#41;&#10; iam &#61; optional&#40;map&#40;list&#40;string&#41;&#41;, &#123;&#125;&#41;&#10; iam_bindings &#61; optional&#40;map&#40;object&#40;&#123;&#10; members &#61; list&#40;string&#41;&#10; condition &#61; optional&#40;object&#40;&#123;&#10; expression &#61; string&#10; title &#61; string&#10; description &#61; optional&#40;string&#41;&#10; &#125;&#41;&#41;&#10; &#125;&#41;&#41;, &#123;&#125;&#41;&#10; iam_bindings_additive &#61; optional&#40;map&#40;object&#40;&#123;&#10; member &#61; string&#10; role &#61; string&#10; condition &#61; optional&#40;object&#40;&#123;&#10; expression &#61; string&#10; title &#61; string&#10; description &#61; optional&#40;string&#41;&#10; &#125;&#41;&#41;&#10; &#125;&#41;&#41;, &#123;&#125;&#41;&#10;&#125;&#41;&#41;">map&#40;object&#40;&#123;&#8230;&#125;&#41;&#41;</code> | | <code>&#123;&#125;</code> |
| [locked](variables.tf#L50) | Whether the bucket is locked. Locked buckets may only be deleted if they are empty. This can only be set for project-level buckets. | <code>bool</code> | | <code>null</code> |
| [log_analytics](variables.tf#L60) | Enable and configure Analytics Log. | <code title="object&#40;&#123;&#10; enable &#61; optional&#40;bool, false&#41;&#10; dataset_link_id &#61; optional&#40;string&#41;&#10; description &#61; optional&#40;string, &#34;Log Analytics Dataset&#34;&#41;&#10;&#125;&#41;">object&#40;&#123;&#8230;&#125;&#41;</code> | | <code>&#123;&#125;</code> |
| [parent_type](variables.tf#L84) | Parent object type for the bucket (project, folder, organization, billing_account). | <code>string</code> | | <code>&#34;project&#34;</code> |
| [retention](variables.tf#L91) | Retention time in days for the logging bucket. | <code>number</code> | | <code>30</code> |
| [tag_bindings](variables.tf#L97) | Tag bindings for this bucket, in key => tag value id format. | <code>map&#40;string&#41;</code> | | <code>&#123;&#125;</code> |
| [views](variables.tf#L104) | Log views for this bucket. | <code title="map&#40;object&#40;&#123;&#10; filter &#61; string&#10; location &#61; optional&#40;string&#41;&#10; description &#61; optional&#40;string&#41;&#10; iam &#61; optional&#40;map&#40;list&#40;string&#41;&#41;, &#123;&#125;&#41;&#10; iam_bindings &#61; optional&#40;map&#40;object&#40;&#123;&#10; members &#61; list&#40;string&#41;&#10; condition &#61; optional&#40;object&#40;&#123;&#10; expression &#61; string&#10; title &#61; string&#10; description &#61; optional&#40;string&#41;&#10; &#125;&#41;&#41;&#10; &#125;&#41;&#41;, &#123;&#125;&#41;&#10; iam_bindings_additive &#61; optional&#40;map&#40;object&#40;&#123;&#10; member &#61; string&#10; role &#61; string&#10; condition &#61; optional&#40;object&#40;&#123;&#10; expression &#61; string&#10; title &#61; string&#10; description &#61; optional&#40;string&#41;&#10; &#125;&#41;&#41;&#10; &#125;&#41;&#41;, &#123;&#125;&#41;&#10;&#125;&#41;&#41;">map&#40;object&#40;&#123;&#8230;&#125;&#41;&#41;</code> | | <code>&#123;&#125;</code> |
## Outputs

1
modules/logging-bucket/main.tf
View File

@@ -51,6 +51,7 @@ resource "google_logging_project_bucket_config" "bucket" {
bucket_id = var.name
description = var.description
enable_analytics = var.log_analytics.enable
locked = var.locked
dynamic "cmek_settings" {
for_each = var.kms_key_name == null ? [] : [""]
content {

10
modules/logging-bucket/variables.tf
View File

@@ -47,6 +47,16 @@ variable "location" {
default = "global"
}
variable "locked" {
description = "Whether the bucket is locked. Locked buckets may only be deleted if they are empty. This can only be set for project-level buckets."
type = bool
default = null
validation {
condition = var.parent_type == "project" || var.locked == null
error_message = "The 'locked' attribute can only be set for project-level buckets."
}
}
variable "log_analytics" {
description = "Enable and configure Analytics Log."
type = object({