Rename "grant" to "iam" in sink variables
This commit is contained in:
parent
a926214229
commit
1af70c748c
|
@ -72,19 +72,19 @@ module "folder-sink" {
|
|||
type = "gcs"
|
||||
destination = module.gcs.name
|
||||
filter = "severity=WARNING"
|
||||
grant = false
|
||||
iam = false
|
||||
}
|
||||
info = {
|
||||
type = "bigquery"
|
||||
destination = module.dataset.id
|
||||
filter = "severity=INFO"
|
||||
grant = false
|
||||
iam = false
|
||||
}
|
||||
notice = {
|
||||
type = "pubsub"
|
||||
destination = module.pubsub.id
|
||||
filter = "severity=NOTICE"
|
||||
grant = true
|
||||
iam = true
|
||||
}
|
||||
}
|
||||
logging_exclusions = {
|
||||
|
@ -147,7 +147,7 @@ module "folder2" {
|
|||
| *iam* | IAM bindings in {ROLE => [MEMBERS]} format. | <code title="map(set(string))">map(set(string))</code> | | <code title="">{}</code> |
|
||||
| *id* | Folder ID in case you use folder_create=false | <code title="">string</code> | | <code title="">null</code> |
|
||||
| *logging_exclusions* | Logging exclusions for this folder in the form {NAME -> FILTER}. | <code title="map(string)">map(string)</code> | | <code title="">{}</code> |
|
||||
| *logging_sinks* | Logging sinks to create for this folder. | <code title="map(object({ destination = string type = string filter = string grant = bool }))">map(object({...}))</code> | | <code title="">{}</code> |
|
||||
| *logging_sinks* | Logging sinks to create for this folder. | <code title="map(object({ destination = string type = string filter = string iam = bool }))">map(object({...}))</code> | | <code title="">{}</code> |
|
||||
| *name* | Folder name. | <code title="">string</code> | | <code title="">null</code> |
|
||||
| *parent* | Parent in folders/folder_id or organizations/org_id format. | <code title="">string</code> | | <code title="null validation { condition = var.parent == null || can(regex("(organizations|folders)/[0-9]+", var.parent)) error_message = "Parent must be of the form folders/folder_id or organizations/organization_id." }">...</code> |
|
||||
| *policy_boolean* | Map of boolean org policies and enforcement value, set value to null for policy restore. | <code title="map(bool)">map(bool)</code> | | <code title="">{}</code> |
|
||||
|
|
|
@ -38,7 +38,7 @@ locals {
|
|||
type => {
|
||||
for name, sink in local.logging_sinks :
|
||||
name => sink
|
||||
if sink.grant && sink.type == type
|
||||
if sink.iam && sink.type == type
|
||||
}
|
||||
}
|
||||
folder = (
|
||||
|
@ -216,13 +216,6 @@ resource "google_pubsub_topic_iam_binding" "pubsub-sinks-binding" {
|
|||
members = [google_logging_folder_sink.sink[each.key].writer_identity]
|
||||
}
|
||||
|
||||
# resource "google_storage_bucket_iam_binding" "gcs-sinks-bindings" {
|
||||
# for_each = local.sink_grants["gcs"]
|
||||
# bucket = each.value.destination
|
||||
# role = "roles/storage.objectCreator"
|
||||
# members = [google_logging_folder_sink.sink[each.key].writer_identity]
|
||||
# }
|
||||
|
||||
resource "google_logging_folder_exclusion" "logging-exclusion" {
|
||||
for_each = coalesce(var.logging_exclusions, {})
|
||||
name = each.key
|
||||
|
|
|
@ -81,7 +81,7 @@ variable "logging_sinks" {
|
|||
destination = string
|
||||
type = string
|
||||
filter = string
|
||||
grant = bool
|
||||
iam = bool
|
||||
}))
|
||||
default = {}
|
||||
}
|
||||
|
|
|
@ -89,19 +89,19 @@ module "org" {
|
|||
type = "gcs"
|
||||
destination = module.gcs.name
|
||||
filter = "severity=WARNING"
|
||||
grant = false
|
||||
iam = false
|
||||
}
|
||||
info = {
|
||||
type = "bigquery"
|
||||
destination = module.dataset.id
|
||||
filter = "severity=INFO"
|
||||
grant = false
|
||||
iam = false
|
||||
}
|
||||
notice = {
|
||||
type = "pubsub"
|
||||
destination = module.pubsub.id
|
||||
filter = "severity=NOTICE"
|
||||
grant = true
|
||||
iam = true
|
||||
}
|
||||
}
|
||||
logging_exclusions = {
|
||||
|
@ -126,7 +126,7 @@ module "org" {
|
|||
| *iam_additive_members* | IAM additive bindings in {MEMBERS => [ROLE]} format. This might break if members are dynamic values. | <code title="map(list(string))">map(list(string))</code> | | <code title="">{}</code> |
|
||||
| *iam_audit_config* | Service audit logging configuration. Service as key, map of log permission (eg DATA_READ) and excluded members as value for each service. | <code title="map(map(list(string)))">map(map(list(string)))</code> | | <code title="">{}</code> |
|
||||
| *logging_exclusions* | Logging exclusions for this organization in the form {NAME -> FILTER}. | <code title="map(string)">map(string)</code> | | <code title="">{}</code> |
|
||||
| *logging_sinks* | Logging sinks to create for this organization. | <code title="map(object({ destination = string type = string filter = string grant = bool }))">map(object({...}))</code> | | <code title="">{}</code> |
|
||||
| *logging_sinks* | Logging sinks to create for this organization. | <code title="map(object({ destination = string type = string filter = string iam = bool }))">map(object({...}))</code> | | <code title="">{}</code> |
|
||||
| *policy_boolean* | Map of boolean org policies and enforcement value, set value to null for policy restore. | <code title="map(bool)">map(bool)</code> | | <code title="">{}</code> |
|
||||
| *policy_list* | Map of list org policies, status is true for allow, false for deny, null for restore. Values can only be used for allow or deny. | <code title="map(object({ inherit_from_parent = bool suggested_value = string status = bool values = list(string) }))">map(object({...}))</code> | | <code title="">{}</code> |
|
||||
|
||||
|
|
|
@ -53,7 +53,7 @@ locals {
|
|||
type => {
|
||||
for name, sink in local.logging_sinks :
|
||||
name => sink
|
||||
if sink.grant && sink.type == type
|
||||
if sink.iam && sink.type == type
|
||||
}
|
||||
}
|
||||
}
|
||||
|
@ -249,13 +249,6 @@ resource "google_pubsub_topic_iam_binding" "pubsub-sinks-binding" {
|
|||
members = [google_logging_organization_sink.sink[each.key].writer_identity]
|
||||
}
|
||||
|
||||
# resource "google_storage_bucket_iam_binding" "gcs-sinks-bindings" {
|
||||
# for_each = local.sink_grants["gcs"]
|
||||
# bucket = each.value.destination
|
||||
# role = "roles/storage.objectCreator"
|
||||
# members = [google_logging_organization_sink.sink[each.key].writer_identity]
|
||||
# }
|
||||
|
||||
resource "google_logging_organization_exclusion" "logging-exclusion" {
|
||||
for_each = coalesce(var.logging_exclusions, {})
|
||||
name = each.key
|
||||
|
|
|
@ -105,7 +105,7 @@ variable "logging_sinks" {
|
|||
destination = string
|
||||
type = string
|
||||
filter = string
|
||||
grant = bool
|
||||
iam = bool
|
||||
}))
|
||||
default = {}
|
||||
}
|
||||
|
|
|
@ -115,19 +115,19 @@ module "project-host" {
|
|||
type = "gcs"
|
||||
destination = module.gcs.name
|
||||
filter = "severity=WARNING"
|
||||
grant = false
|
||||
iam = false
|
||||
}
|
||||
info = {
|
||||
type = "bigquery"
|
||||
destination = module.dataset.id
|
||||
filter = "severity=INFO"
|
||||
grant = false
|
||||
iam = false
|
||||
}
|
||||
notice = {
|
||||
type = "pubsub"
|
||||
destination = module.pubsub.id
|
||||
filter = "severity=NOTICE"
|
||||
grant = true
|
||||
iam = true
|
||||
}
|
||||
}
|
||||
logging_exclusions = {
|
||||
|
@ -153,7 +153,7 @@ module "project-host" {
|
|||
| *labels* | Resource labels. | <code title="map(string)">map(string)</code> | | <code title="">{}</code> |
|
||||
| *lien_reason* | If non-empty, creates a project lien with this description. | <code title="">string</code> | | <code title=""></code> |
|
||||
| *logging_exclusions* | Logging exclusions for this project in the form {NAME -> FILTER}. | <code title="map(string)">map(string)</code> | | <code title="">{}</code> |
|
||||
| *logging_sinks* | Logging sinks to create for this project. | <code title="map(object({ destination = string type = string filter = string grant = bool }))">map(object({...}))</code> | | <code title="">{}</code> |
|
||||
| *logging_sinks* | Logging sinks to create for this project. | <code title="map(object({ destination = string type = string filter = string iam = bool }))">map(object({...}))</code> | | <code title="">{}</code> |
|
||||
| *oslogin* | Enable OS Login. | <code title="">bool</code> | | <code title="">false</code> |
|
||||
| *oslogin_admins* | List of IAM-style identities that will be granted roles necessary for OS Login administrators. | <code title="list(string)">list(string)</code> | | <code title="">[]</code> |
|
||||
| *oslogin_users* | List of IAM-style identities that will be granted roles necessary for OS Login users. | <code title="list(string)">list(string)</code> | | <code title="">[]</code> |
|
||||
|
|
|
@ -50,7 +50,7 @@ locals {
|
|||
type => {
|
||||
for name, sink in local.logging_sinks :
|
||||
name => sink
|
||||
if sink.grant && sink.type == type
|
||||
if sink.iam && sink.type == type
|
||||
}
|
||||
}
|
||||
}
|
||||
|
@ -291,13 +291,6 @@ resource "google_pubsub_topic_iam_binding" "pubsub-sinks-binding" {
|
|||
members = [google_logging_project_sink.sink[each.key].writer_identity]
|
||||
}
|
||||
|
||||
# resource "google_storage_bucket_iam_binding" "gcs-sinks-bindings" {
|
||||
# for_each = local.sink_grants["gcs"]
|
||||
# bucket = each.value.destination
|
||||
# role = "roles/storage.objectCreator"
|
||||
# members = [google_logging_project_sink.sink[each.key].writer_identity]
|
||||
# }
|
||||
|
||||
resource "google_logging_project_exclusion" "logging-exclusion" {
|
||||
for_each = coalesce(var.logging_exclusions, {})
|
||||
name = each.key
|
||||
|
|
|
@ -172,7 +172,7 @@ variable "logging_sinks" {
|
|||
destination = string
|
||||
type = string
|
||||
filter = string
|
||||
grant = bool
|
||||
iam = bool
|
||||
}))
|
||||
default = {}
|
||||
}
|
||||
|
|
Loading…
Reference in New Issue