kovagoadi/hunfabric
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

removed boolean flag used to authorize the sink writer identity on the destination

Browse Source
This commit is contained in:
apichick
2022-01-26 23:40:32 +01:00
committed by Julio Castillo
parent bd9fb3208b
commit 6dbb7fc6b2
6 changed files with 13 additions and 23 deletions
Download Patch File Download Diff File Expand all files Collapse all files

16
modules/folder/README.md
View File

@@ -143,7 +143,6 @@ module "folder-sink" {
type = "gcs"
destination = module.gcs.name
filter = "severity=WARNING"
iam = false
include_children = true
exclusions = {}
}
@@ -151,7 +150,6 @@ module "folder-sink" {
type = "bigquery"
destination = module.dataset.id
filter = "severity=INFO"
iam = false
include_children = true
exclusions = {}
}
@@ -159,7 +157,6 @@ module "folder-sink" {
type = "pubsub"
destination = module.pubsub.id
filter = "severity=NOTICE"
iam = true
include_children = true
exclusions = {}
}
@@ -167,7 +164,6 @@ module "folder-sink" {
type = "logging"
destination = module.bucket.id
filter = "severity=DEBUG"
iam = true
include_children = true
exclusions = {
no-compute = "logName:compute"
@@ -178,7 +174,7 @@ module "folder-sink" {
no-gce-instances = "resource.type=gce_instance"
}
}
# tftest:modules=5:resources=12
# tftest:modules=5:resources=14
```
### Hierarchical firewall policies
@@ -234,11 +230,11 @@ module "folder2" {
| [iam](variables.tf#L67) | IAM bindings in {ROLE => [MEMBERS]} format. | <code>map&#40;list&#40;string&#41;&#41;</code> | | <code>&#123;&#125;</code> |
| [id](variables.tf#L73) | Folder ID in case you use folder_create=false | <code>string</code> | | <code>null</code> |
| [logging_exclusions](variables.tf#L79) | Logging exclusions for this folder in the form {NAME -> FILTER}. | <code>map&#40;string&#41;</code> | | <code>&#123;&#125;</code> |
| [logging_sinks](variables.tf#L85) | Logging sinks to create for this folder. | <code title="map&#40;object&#40;&#123;&#10; destination &#61; string&#10; type &#61; string&#10; filter &#61; string&#10; iam &#61; bool&#10; include_children &#61; bool&#10; exclusions &#61; map&#40;string&#41;&#10;&#125;&#41;&#41;">map&#40;object&#40;&#123;&#8230;&#125;&#41;&#41;</code> | | <code>&#123;&#125;</code> |
| [name](variables.tf#L99) | Folder name. | <code>string</code> | | <code>null</code> |
| [parent](variables.tf#L105) | Parent in folders/folder_id or organizations/org_id format. | <code>string</code> | | <code>null</code> |
| [policy_boolean](variables.tf#L115) | Map of boolean org policies and enforcement value, set value to null for policy restore. | <code>map&#40;bool&#41;</code> | | <code>&#123;&#125;</code> |
| [policy_list](variables.tf#L121) | Map of list org policies, status is true for allow, false for deny, null for restore. Values can only be used for allow or deny. | <code title="map&#40;object&#40;&#123;&#10; inherit_from_parent &#61; bool&#10; suggested_value &#61; string&#10; status &#61; bool&#10; values &#61; list&#40;string&#41;&#10;&#125;&#41;&#41;">map&#40;object&#40;&#123;&#8230;&#125;&#41;&#41;</code> | | <code>&#123;&#125;</code> |
| [logging_sinks](variables.tf#L85) | Logging sinks to create for this folder. | <code title="map&#40;object&#40;&#123;&#10; destination &#61; string&#10; type &#61; string&#10; filter &#61; string&#10; include_children &#61; bool&#10; exclusions &#61; map&#40;string&#41;&#10;&#125;&#41;&#41;">map&#40;object&#40;&#123;&#8230;&#125;&#41;&#41;</code> | | <code>&#123;&#125;</code> |
| [name](variables.tf#L98) | Folder name. | <code>string</code> | | <code>null</code> |
| [parent](variables.tf#L104) | Parent in folders/folder_id or organizations/org_id format. | <code>string</code> | | <code>null</code> |
| [policy_boolean](variables.tf#L114) | Map of boolean org policies and enforcement value, set value to null for policy restore. | <code>map&#40;bool&#41;</code> | | <code>&#123;&#125;</code> |
| [policy_list](variables.tf#L120) | Map of list org policies, status is true for allow, false for deny, null for restore. Values can only be used for allow or deny. | <code title="map&#40;object&#40;&#123;&#10; inherit_from_parent &#61; bool&#10; suggested_value &#61; string&#10; status &#61; bool&#10; values &#61; list&#40;string&#41;&#10;&#125;&#41;&#41;">map&#40;object&#40;&#123;&#8230;&#125;&#41;&#41;</code> | | <code>&#123;&#125;</code> |
## Outputs

2
modules/folder/main.tf
View File

@@ -40,7 +40,7 @@ locals {
type => {
for name, sink in local.logging_sinks :
name => sink
if sink.iam && sink.type == type
if sink.type == type
}
}
folder = (

1
modules/folder/variables.tf
View File

@@ -88,7 +88,6 @@ variable "logging_sinks" {
destination = string
type = string
filter = string
iam = bool
include_children = bool
# TODO exclusions also support description and disabled
exclusions = map(string)