Add support for log views and log scopes (#2776)

* Add views and tags to logging bucket * Add logs scopes to project * Add missing inventory
2024-12-18 18:29:44 +01:00
parent e241624040
commit f1acc92864
11 changed files with 492 additions and 92 deletions
--- a/modules/project/logging.tf
+++ b/modules/project/logging.tf
@@ -1,5 +1,5 @@
 /**
- * Copyright 2022 Google LLC
+ * Copyright 2024 Google LLC
 *
 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
@@ -32,6 +32,17 @@ locals {
      name => sink if sink.iam && sink.type == type
    }
  }
+
+  log_scopes = {
+    for k, v in var.log_scopes :
+    k => merge(v, {
+      # process all resource_names to allow bare project ids
+      resource_names = [
+        for r in v.resource_names :
+        startswith(r, "projects/") ? r : "projects/${r}"
+      ]
+    })
+  }
 }

 resource "google_project_iam_audit_config" "default" {
@@ -132,3 +143,12 @@ resource "google_logging_project_exclusion" "logging-exclusion" {
  description = "${each.key} (Terraform-managed)."
  filter      = each.value
 }
+
+resource "google_logging_log_scope" "log-scopes" {
+  for_each       = local.log_scopes
+  parent         = "projects/${local.project.project_id}"
+  location       = "global"
+  name           = each.key
+  resource_names = each.value.resource_names
+  description    = each.value.description
+}