Merge pull request #1386 from GoogleCloudPlatform/afda16/logging-bucket-cmek
Support CMEK encryption in logging-bucket module
This commit is contained in:
commit
8254303dc3
|
@ -64,11 +64,12 @@ module "bucket-billing-account" {
|
||||||
| name | description | type | required | default |
|
| name | description | type | required | default |
|
||||||
|---|---|:---:|:---:|:---:|
|
|---|---|:---:|:---:|:---:|
|
||||||
| [id](variables.tf#L23) | Name of the logging bucket. | <code>string</code> | ✓ | |
|
| [id](variables.tf#L23) | Name of the logging bucket. | <code>string</code> | ✓ | |
|
||||||
| [parent](variables.tf#L34) | ID of the parentresource containing the bucket in the format 'project_id' 'folders/folder_id', 'organizations/organization_id' or 'billing_account_id'. | <code>string</code> | ✓ | |
|
| [parent](variables.tf#L40) | ID of the parentresource containing the bucket in the format 'project_id' 'folders/folder_id', 'organizations/organization_id' or 'billing_account_id'. | <code>string</code> | ✓ | |
|
||||||
| [parent_type](variables.tf#L39) | Parent object type for the bucket (project, folder, organization, billing_account). | <code>string</code> | ✓ | |
|
| [parent_type](variables.tf#L45) | Parent object type for the bucket (project, folder, organization, billing_account). | <code>string</code> | ✓ | |
|
||||||
| [description](variables.tf#L17) | Human-readable description for the logging bucket. | <code>string</code> | | <code>null</code> |
|
| [description](variables.tf#L17) | Human-readable description for the logging bucket. | <code>string</code> | | <code>null</code> |
|
||||||
| [location](variables.tf#L28) | Location of the bucket. | <code>string</code> | | <code>"global"</code> |
|
| [kms_key_name](variables.tf#L28) | To enable CMEK for a project logging bucket, set this field to a valid name. The associated service account requires cloudkms.cryptoKeyEncrypterDecrypter roles assigned for the key. | <code>string</code> | | <code>null</code> |
|
||||||
| [retention](variables.tf#L44) | Retention time in days for the logging bucket. | <code>number</code> | | <code>30</code> |
|
| [location](variables.tf#L34) | Location of the bucket. | <code>string</code> | | <code>"global"</code> |
|
||||||
|
| [retention](variables.tf#L50) | Retention time in days for the logging bucket. | <code>number</code> | | <code>30</code> |
|
||||||
|
|
||||||
## Outputs
|
## Outputs
|
||||||
|
|
||||||
|
|
|
@ -21,6 +21,13 @@ resource "google_logging_project_bucket_config" "bucket" {
|
||||||
retention_days = var.retention
|
retention_days = var.retention
|
||||||
bucket_id = var.id
|
bucket_id = var.id
|
||||||
description = var.description
|
description = var.description
|
||||||
|
|
||||||
|
dynamic "cmek_settings" {
|
||||||
|
for_each = var.kms_key_name == null ? [] : [""]
|
||||||
|
content {
|
||||||
|
kms_key_name = var.kms_key_name
|
||||||
|
}
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
resource "google_logging_folder_bucket_config" "bucket" {
|
resource "google_logging_folder_bucket_config" "bucket" {
|
||||||
|
|
|
@ -25,6 +25,12 @@ variable "id" {
|
||||||
type = string
|
type = string
|
||||||
}
|
}
|
||||||
|
|
||||||
|
variable "kms_key_name" {
|
||||||
|
description = "To enable CMEK for a project logging bucket, set this field to a valid name. The associated service account requires cloudkms.cryptoKeyEncrypterDecrypter roles assigned for the key."
|
||||||
|
type = string
|
||||||
|
default = null
|
||||||
|
}
|
||||||
|
|
||||||
variable "location" {
|
variable "location" {
|
||||||
description = "Location of the bucket."
|
description = "Location of the bucket."
|
||||||
type = string
|
type = string
|
||||||
|
|
Loading…
Reference in New Issue