Update logging_data_access type (#2816)

* Update logging_data_access variables to use types

* Fix dependencies

* fix schema

* Add missing comma

* Fix try

modules/folder/variables-logging.tf

@@ -15,18 +15,14 @@
  */
 
 variable "logging_data_access" {
-  description = "Control activation of data access logs. Format is service => { log type => [exempted members]}. The special 'allServices' key denotes configuration for all services."
-  type        = map(map(list(string)))
-  nullable    = false
-  default     = {}
-  validation {
-    condition = alltrue(flatten([
-      for k, v in var.logging_data_access : [
-        for kk, vv in v : contains(["DATA_READ", "DATA_WRITE", "ADMIN_READ"], kk)
-      ]
-    ]))
-    error_message = "Log type keys for each service can only be one of 'DATA_READ', 'DATA_WRITE', 'ADMIN_READ'."
-  }
+  description = "Control activation of data access logs. The special 'allServices' key denotes configuration for all services."
+  type = map(object({
+    ADMIN_READ = optional(object({ exempted_members = optional(list(string)) })),
+    DATA_READ  = optional(object({ exempted_members = optional(list(string)) })),
+    DATA_WRITE = optional(object({ exempted_members = optional(list(string)) }))
+  }))
+  default  = {}
+  nullable = false
 }
 
 variable "logging_exclusions" {