foundations/environments: move log filter to a variable, use org for xpn by default
This commit is contained in:
parent
253c51d07c
commit
9877cb1b0b
|
@ -130,7 +130,7 @@ module "bq-audit-export" {
|
|||
module "log-sink-audit" {
|
||||
source = "terraform-google-modules/log-export/google"
|
||||
version = "3.2.0"
|
||||
filter = "logName: \"/logs/cloudaudit.googleapis.com%2Factivity\" OR logName: \"/logs/cloudaudit.googleapis.com%2Fsystem_event\""
|
||||
filter = var.audit_filter
|
||||
log_sink_name = "logs-audit-${var.environments[0]}"
|
||||
parent_resource_type = "folder"
|
||||
parent_resource_id = split("/", module.folders-top-level.ids_list[0])[1]
|
||||
|
|
|
@ -12,6 +12,16 @@
|
|||
# See the License for the specific language governing permissions and
|
||||
# limitations under the License.
|
||||
|
||||
variable "audit_filter" {
|
||||
description = "Audit log filter used for the log sink."
|
||||
type = string
|
||||
default = <<END
|
||||
logName: "/logs/cloudaudit.googleapis.com%2Factivity"
|
||||
OR
|
||||
logName: "/logs/cloudaudit.googleapis.com%2Fsystem_event"
|
||||
END
|
||||
}
|
||||
|
||||
variable "audit_viewers" {
|
||||
description = "Audit project viewers, in IAM format."
|
||||
type = list(string)
|
||||
|
@ -43,13 +53,13 @@ variable "gcs_location" {
|
|||
variable "grant_xpn_org_roles" {
|
||||
description = "Grant roles needed for Shared VPC creation to service accounts at the organization level."
|
||||
type = bool
|
||||
default = false
|
||||
default = true
|
||||
}
|
||||
|
||||
variable "grant_xpn_folder_roles" {
|
||||
description = "Grant roles needed for Shared VPC creation to service accounts at the environment folder level."
|
||||
type = bool
|
||||
default = true
|
||||
default = false
|
||||
}
|
||||
|
||||
variable "organization_id" {
|
||||
|
|
Loading…
Reference in New Issue