Add support for bucket logging configuration in module gcs and project-factory (#3699)

2026-02-06 14:14:46 +07:00
parent 06da98fac6
commit d499dc6928
20 changed files with 294 additions and 53 deletions
--- a/modules/project-factory/README.md
+++ b/modules/project-factory/README.md
--- a/modules/project-factory/automation.tf
+++ b/modules/project-factory/automation.tf
@@ -46,6 +46,7 @@ locals {
      lifecycle_rules       = lookup(v.bucket, "lifecycle_rules", {})
      retention_policy      = lookup(v.bucket, "retention_policy", null)
      soft_delete_retention = lookup(v.bucket, "soft_delete_retention", null)
+      logging_config        = lookup(v.bucket, "logging_config", null)
      prefix = try(coalesce(
        local.data_defaults.overrides.prefix,
        v.prefix,
@@ -95,8 +96,9 @@ module "automation-bucket" {
    local.data_defaults.defaults.force_destroy,
  ), null)
  context = merge(local.ctx, {
-    project_ids    = local.ctx_project_ids
-    iam_principals = local.ctx_iam_principals
+    project_ids     = local.ctx_project_ids
+    iam_principals  = local.ctx_iam_principals
+    storage_buckets = local.ctx.storage_buckets
  })
  iam                   = lookup(each.value, "iam", {})
  iam_bindings          = lookup(each.value, "iam_bindings", {})
@@ -120,6 +122,7 @@ module "automation-bucket" {
  )
  retention_policy      = each.value.retention_policy
  soft_delete_retention = each.value.soft_delete_retention
+  logging_config        = each.value.logging_config
 }

 module "automation-service-accounts" {
--- a/modules/project-factory/projects-buckets.tf
+++ b/modules/project-factory/projects-buckets.tf
@@ -53,6 +53,7 @@ locals {
        retention_policy        = lookup(opts, "retention_policy", null)
        soft_delete_retention   = lookup(opts, "soft_delete_retention", null)
        lifecycle_rules         = lookup(opts, "lifecycle_rules", {})
+        logging_config          = lookup(opts, "logging_config", null)
        enable_object_retention = lookup(opts, "enable_object_retention", null)
      }
    ]
@@ -77,9 +78,10 @@ module "buckets" {
      local.automation_sas_iam_emails,
      lookup(local.self_sas_iam_emails, each.value.project_key, {})
    )
-    kms_keys    = merge(local.ctx.kms_keys, local.kms_keys, local.kms_autokeys)
-    locations   = local.ctx.locations
-    project_ids = local.ctx_project_ids
+    kms_keys        = merge(local.ctx.kms_keys, local.kms_keys, local.kms_autokeys)
+    locations       = local.ctx.locations
+    project_ids     = local.ctx_project_ids
+    storage_buckets = local.ctx.storage_buckets
  })
  iam                   = each.value.iam
  iam_bindings          = each.value.iam_bindings
@@ -98,5 +100,6 @@ module "buckets" {
  versioning                  = each.value.versioning
  retention_policy            = each.value.retention_policy
  soft_delete_retention       = each.value.soft_delete_retention
+  logging_config              = each.value.logging_config
  enable_object_retention     = each.value.enable_object_retention
 }
--- a/modules/project-factory/schemas/project.schema.json
+++ b/modules/project-factory/schemas/project.schema.json
@@ -1121,6 +1121,21 @@
            }
          }
        },
+        "logging_config": {
+          "type": "object",
+          "additionalProperties": false,
+          "properties": {
+            "log_bucket": {
+              "type": "string"
+            },
+            "log_object_prefix": {
+              "type": "string"
+            }
+          },
+          "required": [
+            "log_bucket"
+          ]
+        },
        "location": {
          "type": "string"
        },
--- a/modules/project-factory/schemas/project.schema.md
+++ b/modules/project-factory/schemas/project.schema.md
@@ -308,6 +308,10 @@
        - **num_newer_versions**: *number*
        - **with_state**: *string*
          <br>*enum: ['LIVE', 'ARCHIVED', 'ANY']*
+  - **logging_config**: *object*
+    <br>*additional properties: false*
+    - **log_bucket**: *string*
+    - **log_object_prefix**: *string*
  - **location**: *string*
  - **managed_folders**: *object*
    <br>*additional properties: false*
--- a/modules/project-factory/variables-projects.tf
+++ b/modules/project-factory/variables-projects.tf
@@ -105,6 +105,10 @@ variable "projects" {
            with_state                 = optional(string)
          })
        })), {})
+        logging_config = optional(object({
+          log_bucket        = string
+          log_object_prefix = optional(string)
+        }), null)
        retention_policy = optional(object({
          retention_period = string
          is_locked        = optional(bool)
@@ -211,6 +215,10 @@ variable "projects" {
          with_state                 = optional(string)
        })
      })), {})
+      logging_config = optional(object({
+        log_bucket        = string
+        log_object_prefix = optional(string)
+      }), null)
      retention_policy = optional(object({
        retention_period = string
        is_locked        = optional(bool)
--- a/modules/project-factory/variables.tf
+++ b/modules/project-factory/variables.tf
@@ -29,6 +29,7 @@ variable "context" {
    project_ids           = optional(map(string), {})
    project_numbers       = optional(map(string), {})
    pubsub_topics         = optional(map(string), {})
+    storage_buckets       = optional(map(string), {})
    tag_values            = optional(map(string), {})
    vpc_host_projects     = optional(map(string), {})
    vpc_sc_perimeters     = optional(map(string), {})