From 0b34b9fa7195fef859831ab2480d8d5bf5528c2c Mon Sep 17 00:00:00 2001
From: Julio Castillo <jccb@google.com>
Date: Wed, 7 Oct 2020 10:30:26 +0200
Subject: [PATCH] Bring back firewall logging

---
 CHANGELOG.md                     |  2 ++
 modules/compute-vm/main.tf       |  2 +-
 modules/net-vpc-firewall/main.tf | 19 +++++++++++++++++--
 3 files changed, 20 insertions(+), 3 deletions(-)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index bda2618b..2d1e9ab1 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -7,6 +7,8 @@ All notable changes to this project will be documented in this file.
 - end to end example for scheduled Cloud Asset Inventory export to Bigquery
 - decouple Cloud Run from Istio in GKE cluster module
 - depend views on tables in bigquery dataset module
+- bring back logging options for firewall rules in `net-vpc-firewall` module
+- removed interpolation-only expressions causing terraform warnings
 
 ## [3.4.0] - 2020-09-24
 
diff --git a/modules/compute-vm/main.tf b/modules/compute-vm/main.tf
index e9bdcf55..0ea116d2 100644
--- a/modules/compute-vm/main.tf
+++ b/modules/compute-vm/main.tf
@@ -30,7 +30,7 @@ locals {
     "${pair.0}/${pair.1}" => { role = pair.0, name = pair.1 }
   }
   names = (
-    var.use_instance_template ? { "${var.name}" = 0 } : {
+    var.use_instance_template ? { (var.name) = 0 } : {
       for i in range(0, var.instance_count) : "${var.name}-${i + 1}" => i
     }
   )
diff --git a/modules/net-vpc-firewall/main.tf b/modules/net-vpc-firewall/main.tf
index 88147d04..d67ea972 100644
--- a/modules/net-vpc-firewall/main.tf
+++ b/modules/net-vpc-firewall/main.tf
@@ -103,7 +103,15 @@ resource "google_compute_firewall" "custom_allow" {
   target_service_accounts = each.value.use_service_accounts ? each.value.targets : null
   disabled                = lookup(each.value.extra_attributes, "disabled", false)
   priority                = lookup(each.value.extra_attributes, "priority", 1000)
-  # enable_logging          = lookup(each.value.extra_attributes, "enable_logging", false)
+
+  dynamic "log_config" {
+    for_each = lookup(each.value.extra_attributes, "logging", null) != null ? [each.value.extra_attributes.logging] : []
+    iterator = logging_config
+    content {
+      metadata = logging_config.value
+    }
+  }
+
   dynamic "allow" {
     for_each = each.value.rules
     iterator = rule
@@ -130,7 +138,14 @@ resource "google_compute_firewall" "custom_deny" {
   target_service_accounts = each.value.use_service_accounts ? each.value.targets : null
   disabled                = lookup(each.value.extra_attributes, "disabled", false)
   priority                = lookup(each.value.extra_attributes, "priority", 1000)
-  # enable_logging          = lookup(each.value.extra_attributes, "enable_logging", false)
+
+  dynamic "log_config" {
+    for_each = lookup(each.value.extra_attributes, "logging", null) != null ? [each.value.extra_attributes.logging] : []
+    iterator = logging_config
+    content {
+      metadata = logging_config.value
+    }
+  }
 
   dynamic "deny" {
     for_each = each.value.rules