zecfoundation
/
cloud-foundation-fabric
mirror of https://github.com/ZcashFoundation/cloud-foundation-fabric.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #1386 from GoogleCloudPlatform/afda16/logging-bucket-cmek 

Support CMEK encryption in logging-bucket module
This commit is contained in:
Ana Fernandez 2023-05-22 15:28:15 +01:00 committed by GitHub
parent e0911c6291 a5bbd09776
commit 8254303dc3
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
3 changed files with 18 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
modules/logging-bucket/README.md
View File

@ -64,11 +64,12 @@ module "bucket-billing-account" {
| name | description | type | required | default |
|---|---|:---:|:---:|:---:|
| [id](variables.tf#L23) | Name of the logging bucket. | <code>string</code> | ✓ | |
| [parent](variables.tf#L34) | ID of the parentresource containing the bucket in the format 'project_id' 'folders/folder_id', 'organizations/organization_id' or 'billing_account_id'. | <code>string</code> | ✓ | |
| [parent_type](variables.tf#L39) | Parent object type for the bucket (project, folder, organization, billing_account). | <code>string</code> | ✓ | |
| [parent](variables.tf#L40) | ID of the parentresource containing the bucket in the format 'project_id' 'folders/folder_id', 'organizations/organization_id' or 'billing_account_id'. | <code>string</code> | ✓ | |
| [parent_type](variables.tf#L45) | Parent object type for the bucket (project, folder, organization, billing_account). | <code>string</code> | ✓ | |
| [description](variables.tf#L17) | Human-readable description for the logging bucket. | <code>string</code> | | <code>null</code> |
| [location](variables.tf#L28) | Location of the bucket. | <code>string</code> | | <code>&#34;global&#34;</code> |
| [retention](variables.tf#L44) | Retention time in days for the logging bucket. | <code>number</code> | | <code>30</code> |
| [kms_key_name](variables.tf#L28) | To enable CMEK for a project logging bucket, set this field to a valid name. The associated service account requires cloudkms.cryptoKeyEncrypterDecrypter roles assigned for the key. | <code>string</code> | | <code>null</code> |
| [location](variables.tf#L34) | Location of the bucket. | <code>string</code> | | <code>&#34;global&#34;</code> |
| [retention](variables.tf#L50) | Retention time in days for the logging bucket. | <code>number</code> | | <code>30</code> |
## Outputs

7
modules/logging-bucket/main.tf
View File

@ -21,6 +21,13 @@ resource "google_logging_project_bucket_config" "bucket" {
retention_days = var.retention
bucket_id = var.id
description = var.description
dynamic "cmek_settings" {
for_each = var.kms_key_name == null ? [] : [""]
content {
kms_key_name = var.kms_key_name
}
}
}
resource "google_logging_folder_bucket_config" "bucket" {

6
modules/logging-bucket/variables.tf
View File

@ -25,6 +25,12 @@ variable "id" {
type = string
}
variable "kms_key_name" {
description = "To enable CMEK for a project logging bucket, set this field to a valid name. The associated service account requires cloudkms.cryptoKeyEncrypterDecrypter roles assigned for the key."
type = string
default = null
}
variable "location" {
description = "Location of the bucket."
type = string