From e8c227fdd616a125df48ffbf1d68d9820b3de5e9 Mon Sep 17 00:00:00 2001
From: vanessabodard-voi <63779321+vanessabodard-voi@users.noreply.github.com>
Date: Thu, 3 Sep 2020 19:06:35 +0200
Subject: [PATCH] Add bucket logging (#134)
* Add logging
* Improve syntax
* Add example
* Improve type for retention policy
---
modules/gcs/README.md | 10 ++++++++--
modules/gcs/main.tf | 11 ++++++++++-
modules/gcs/variables.tf | 14 +++++++++++++-
3 files changed, 31 insertions(+), 4 deletions(-)
diff --git a/modules/gcs/README.md b/modules/gcs/README.md
index d5f793f5d..fdba89e60 100644
--- a/modules/gcs/README.md
+++ b/modules/gcs/README.md
@@ -73,7 +73,12 @@ module "buckets" {
retention_policies = {
bucket-one = { retention_period = 100 , is_locked = true}
- bucket-two = { retention_period = 900 }
+ bucket-two = { retention_period = 900 , is_locked = false}
+ }
+
+ logging_config = {
+ bucket-one = { log_bucket = bucket_name_for_logging , log_object_prefix = null}
+ bucket-two = { log_bucket = bucket_name_for_logging , log_object_prefix = "logs_for_bucket_two"}
}
}
```
@@ -92,8 +97,9 @@ module "buckets" {
| *iam_roles* | IAM roles keyed by bucket name. | map(list(string)) | | {} |
| *labels* | Labels to be attached to all buckets. | map(string) | | {} |
| *location* | Bucket location. | string | | EU |
+| *logging* | Per-bucket logging. | map(object) | | {} |
| *prefix* | Prefix used to generate the bucket name. | string | | null |
-| *retention_policies* | Per-bucket retention policy. | map(map(string)) | | {} |
+| *retention_policies* | Per-bucket retention policy. | map(object) | | {} |
| *storage_class* | Bucket storage class. | string | | MULTI_REGIONAL |
| *versioning* | Optional map to set versioning keyed by name, defaults to false. | map(bool) | | {} |
diff --git a/modules/gcs/main.tf b/modules/gcs/main.tf
index d2d8616a9..44feda5fb 100644
--- a/modules/gcs/main.tf
+++ b/modules/gcs/main.tf
@@ -38,6 +38,7 @@ locals {
)
kms_keys = { for name in var.names : name => lookup(var.encryption_keys, name, null) }
retention_policy = { for name in var.names : name => lookup(var.retention_policies, name, null) }
+ logging_config = { for name in var.names : name => lookup(var.logging_config, name, null) }
}
resource "google_storage_bucket" "buckets" {
@@ -69,7 +70,15 @@ resource "google_storage_bucket" "buckets" {
for_each = local.retention_policy[each.key] == null ? [] : [""]
content {
retention_period = local.retention_policy[each.key]["retention_period"]
- is_locked = lookup(local.retention_policy[each.key], "is_locked", false)
+ is_locked = local.retention_policy[each.key]["is_locked"]
+ }
+ }
+
+ dynamic logging {
+ for_each = local.logging_config[each.key] == null ? [] : [""]
+ content {
+ log_bucket = local.logging_config[each.key]["log_bucket"]
+ log_object_prefix = local.logging_config[each.key]["log_object_prefix"]
}
}
}
diff --git a/modules/gcs/variables.tf b/modules/gcs/variables.tf
index c3e3360f2..790381659 100644
--- a/modules/gcs/variables.tf
+++ b/modules/gcs/variables.tf
@@ -86,6 +86,18 @@ variable "versioning" {
variable "retention_policies" {
description = "Per-bucket retention policy."
- type = map(map(string))
+ type = map(object({
+ retention_period = number
+ is_locked = bool
+ }))
+ default = {}
+}
+
+variable "logging_config" {
+ description = "Per-bucket logging."
+ type = map(object({
+ log_bucket = string
+ log_object_prefix = string
+ }))
default = {}
}