Bring back firewall logging

2020-10-07 10:30:26 +02:00 · 2020-10-07 10:30:26 +02:00 · 0b34b9fa71
parent 09301cf7bd
commit 0b34b9fa71
3 changed files with 20 additions and 3 deletions
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@ -7,6 +7,8 @@ All notable changes to this project will be documented in this file.
 - end to end example for scheduled Cloud Asset Inventory export to Bigquery
 - decouple Cloud Run from Istio in GKE cluster module
 - depend views on tables in bigquery dataset module
+- bring back logging options for firewall rules in `net-vpc-firewall` module
+- removed interpolation-only expressions causing terraform warnings

 ## [3.4.0] - 2020-09-24

--- a/modules/compute-vm/main.tf
+++ b/modules/compute-vm/main.tf
@ -30,7 +30,7 @@ locals {
    "${pair.0}/${pair.1}" => { role = pair.0, name = pair.1 }
  }
  names = (
-    var.use_instance_template ? { "${var.name}" = 0 } : {
+    var.use_instance_template ? { (var.name) = 0 } : {
      for i in range(0, var.instance_count) : "${var.name}-${i + 1}" => i
    }
  )
--- a/modules/net-vpc-firewall/main.tf
+++ b/modules/net-vpc-firewall/main.tf
@ -103,7 +103,15 @@ resource "google_compute_firewall" "custom_allow" {
  target_service_accounts = each.value.use_service_accounts ? each.value.targets : null
  disabled                = lookup(each.value.extra_attributes, "disabled", false)
  priority                = lookup(each.value.extra_attributes, "priority", 1000)
-  # enable_logging          = lookup(each.value.extra_attributes, "enable_logging", false)
+
+  dynamic "log_config" {
+    for_each = lookup(each.value.extra_attributes, "logging", null) != null ? [each.value.extra_attributes.logging] : []
+    iterator = logging_config
+    content {
+      metadata = logging_config.value
+    }
+  }
+
  dynamic "allow" {
    for_each = each.value.rules
    iterator = rule
@ -130,7 +138,14 @@ resource "google_compute_firewall" "custom_deny" {
  target_service_accounts = each.value.use_service_accounts ? each.value.targets : null
  disabled                = lookup(each.value.extra_attributes, "disabled", false)
  priority                = lookup(each.value.extra_attributes, "priority", 1000)
-  # enable_logging          = lookup(each.value.extra_attributes, "enable_logging", false)
+
+  dynamic "log_config" {
+    for_each = lookup(each.value.extra_attributes, "logging", null) != null ? [each.value.extra_attributes.logging] : []
+    iterator = logging_config
+    content {
+      metadata = logging_config.value
+    }
+  }

  dynamic "deny" {
    for_each = each.value.rules