Merge pull request #3 from mineiros-io/thiesen/add-folder-and-org-sinks

feat: add support for `folder` and `organization` sinks

README.md

@@ -47,9 +47,9 @@ Most common usage of the module:
 
 ```hcl
 module "terraform-google-logging-sink" {
-  source = "git@github.com:mineiros-io/terraform-google-logging-sink.git?ref=v0.0.1"
+  source      = "git@github.com:mineiros-io/terraform-google-logging-sink.git?ref=v0.0.1"
 
-  name = "my-pubsub-instance-sink"
+  name        = "my-pubsub-instance-sink"
   destination = "pubsub.googleapis.com/projects/my-project/topics/instance-activity"
 }
 ```
@@ -96,7 +96,9 @@ See [variables.tf] and [examples/] for details and use-cases.
 
   The ID of the project to create the sink in.
 
-  If omitted, the project associated with the provider is used.
+  If omitted and either `var.organization` or `var.folder` are present, no project logging sink is created.
+
+  If omitted and both `var.organization` and `var.folder` are omitted, the project associated with the provider is used.
 
 - [**`unique_writer_identity`**](#var-unique_writer_identity): *(Optional `bool`)*<a name="var-unique_writer_identity"></a>
 
@@ -106,7 +108,7 @@ See [variables.tf] and [examples/] for details and use-cases.
 
   If `true`, then a unique service account is created and used for this sink. If you wish to publish logs across projects or utilize `bigquery_options`, you must set `unique_writer_identity` to true.
 
-  Default is `false`.
+  Default is `null`.
 
 - [**`use_partitioned_tables`**](#var-use_partitioned_tables): *(Optional `bool`)*<a name="var-use_partitioned_tables"></a>
 
@@ -148,6 +150,36 @@ See [variables.tf] and [examples/] for details and use-cases.
 
       If set to `true`, then this exclusion is disabled and it does not exclude any log entries.
 
+- [**`folder`**](#var-folder): *(Optional `string`)*<a name="var-folder"></a>
+
+  The ID of the folder to create the sink in.
+
+  If omitted, no folder logging sink is created.
+
+  If provided along with `var.project`, only the project logging sink is created.
+
+  Default is `null`.
+
+- [**`organization`**](#var-organization): *(Optional `string`)*<a name="var-organization"></a>
+
+  The ID of the organization to create the sink in.
+
+  If omitted, no organization logging sink is created.
+
+  If provided along with `var.project`, only the project logging sink is created.
+
+  If provided along with `var.folder`, the folder logging sink is created instead.
+
+  Default is `null`.
+
+- [**`include_children`**](#var-include_children): *(Optional `bool`)*<a name="var-include_children"></a>
+
+  Whether or not to include child projects in the sink export.
+
+  If `true`, logs associated with child projects are also exported; otherwise only logs relating to the provided folder or organization are included.
+
+  Default is `null`.
+
 ### Module Configuration
 
 - [**`module_enabled`**](#var-module_enabled): *(Optional `bool`)*<a name="var-module_enabled"></a>

README.tfdoc.hcl

@@ -63,9 +63,9 @@ section {
 
       ```hcl
       module "terraform-google-logging-sink" {
-        source = "git@github.com:mineiros-io/terraform-google-logging-sink.git?ref=v0.0.1"
+        source      = "git@github.com:mineiros-io/terraform-google-logging-sink.git?ref=v0.0.1"
 
-        name = "my-pubsub-instance-sink"
+        name        = "my-pubsub-instance-sink"
         destination = "pubsub.googleapis.com/projects/my-project/topics/instance-activity"
       }
       ```
@@ -129,7 +129,9 @@ section {
         description = <<-END
           The ID of the project to create the sink in.
 
-          If omitted, the project associated with the provider is used.
+          If omitted and either `var.organization` or `var.folder` are present, no project logging sink is created.
+
+          If omitted and both `var.organization` and `var.folder` are omitted, the project associated with the provider is used.
         END
       }
 
@@ -142,24 +144,9 @@ section {
 
           If `true`, then a unique service account is created and used for this sink. If you wish to publish logs across projects or utilize `bigquery_options`, you must set `unique_writer_identity` to true.
         END
-        default     = false
+        default     = null
       }
 
-      # TODO: remove if we decide to go with `var.use_partitioned_tables` instead
-      # variable "bigquery_options" {
-      #   type        = object(option)
-      #   description = "Options that affect sinks exporting data to BigQuery."
-
-      #   attribute "use_partitioned_tables" {
-      #     required    = true
-      #     type        = bool
-      #     description = <<-END
-      #       Whether to use [BigQuery's partition tables](https://cloud.google.com/bigquery/docs/partitioned-tables).
-
-      #       By default, Logging creates dated tables based on the log entries' timestamps, e.g. syslog_20170523. With partitioned tables the date suffix is no longer present and [special query syntax](https://cloud.google.com/bigquery/docs/querying-partitioned-tables)  has to be used instead. In both cases, tables are sharded based on UTC timezone.
-      #     END
-      #   }
-      # }
       variable "use_partitioned_tables" {
         type        = bool
         description = <<-END
@@ -209,6 +196,44 @@ section {
           }
         }
       }
+
+      variable "folder" {
+        type        = string
+        description = <<-END
+          The ID of the folder to create the sink in.
+
+          If omitted, no folder logging sink is created.
+
+          If provided along with `var.project`, only the project logging sink is created.
+        END
+        default     = null
+      }
+
+      variable "organization" {
+        type        = string
+        description = <<-END
+          The ID of the organization to create the sink in.
+
+          If omitted, no organization logging sink is created.
+
+          If provided along with `var.project`, only the project logging sink is created.
+
+          If provided along with `var.folder`, the folder logging sink is created instead.
+        END
+        default     = null
+      }
+
+
+
+      variable "include_children" {
+        type        = bool
+        description = <<-END
+          Whether or not to include child projects in the sink export.
+
+          If `true`, logs associated with child projects are also exported; otherwise only logs relating to the provided folder or organization are included.
+        END
+        default     = null
+      }
     }
 
     # section {

main.tf

@@ -4,16 +4,24 @@
 # We might add more than one line for additional information
 # ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
-resource "google_logging_project_sink" "sink" {
-  count = var.module_enabled ? 1 : 0
+locals {
+  create_project_sink      = var.project != null || (var.folder == null && var.organization == null)
+  create_folder_sink       = var.project == null && var.folder != null
+  create_organization_sink = var.project == null && var.folder == null && var.organization != null
+}
+
+resource "google_logging_project_sink" "project_sink" {
+  count = local.create_project_sink ? 1 : 0
+
+  project = var.project
 
   name        = var.name
   destination = var.destination
 
-  filter                 = var.filter
-  description            = var.description
-  disabled               = var.disabled
-  project                = var.project
+  filter      = var.filter
+  description = var.description
+  disabled    = var.disabled
+
   unique_writer_identity = var.unique_writer_identity
 
   dynamic "bigquery_options" {
@@ -37,3 +45,75 @@ resource "google_logging_project_sink" "sink" {
 
   depends_on = [var.module_depends_on]
 }
+
+resource "google_logging_folder_sink" "folder_sink" {
+  count = local.create_folder_sink ? 1 : 0
+
+  folder = var.folder
+
+  name        = var.name
+  destination = var.destination
+
+  filter      = var.filter
+  description = var.description
+  disabled    = var.disabled
+
+  include_children = var.include_children
+
+  dynamic "bigquery_options" {
+    for_each = var.use_partitioned_tables != null ? [1] : []
+
+    content {
+      use_partitioned_tables = var.use_partitioned_tables
+    }
+  }
+
+  dynamic "exclusions" {
+    for_each = var.exclusions
+    iterator = exclusion
+
+    content {
+      name        = exclusion.value.name
+      filter      = exclusion.value.filter
+      description = try(exclusion.value.description, null)
+    }
+  }
+
+  depends_on = [var.module_depends_on]
+}
+
+resource "google_logging_organization_sink" "organization_sink" {
+  count = local.create_organization_sink ? 1 : 0
+
+  org_id = var.organization
+
+  name        = var.name
+  destination = var.destination
+
+  filter      = var.filter
+  description = var.description
+  disabled    = var.disabled
+
+  include_children = var.include_children
+
+  dynamic "bigquery_options" {
+    for_each = var.use_partitioned_tables != null ? [1] : []
+
+    content {
+      use_partitioned_tables = var.use_partitioned_tables
+    }
+  }
+
+  dynamic "exclusions" {
+    for_each = var.exclusions
+    iterator = exclusion
+
+    content {
+      name        = exclusion.value.name
+      filter      = exclusion.value.filter
+      description = try(exclusion.value.description, null)
+    }
+  }
+
+  depends_on = [var.module_depends_on]
+}

outputs.tf

@@ -2,11 +2,20 @@
 # OUTPUT CALCULATED VARIABLES (prefer full objects)
 # ----------------------------------------------------------------------------------------------------------------------
 
-output "sink" {
+output "project_sink" {
   description = "All attributes of the created `google_logging_project_sink` resource."
-  value       = try(google_logging_project_sink.sink[0], null)
+  value       = try(google_logging_project_sink.project_sink[0], null)
 }
 
+output "folder_sink" {
+  description = "All attributes of the created `google_logging_folder_sink` resource."
+  value       = try(google_logging_folder_sink.folder_sink[0], null)
+}
+
+output "organization_sink" {
+  description = "All attributes of the created `google_logging_organization_sink` resource."
+  value       = try(google_logging_organization_sink.organization_sink[0], null)
+}
 
 # ----------------------------------------------------------------------------------------------------------------------
 # OUTPUT ALL RESOURCES AS FULL OBJECTS

variables.tf

@@ -48,9 +48,11 @@ variable "disabled" {
   default     = null
 }
 
+# PROJECT
+
 variable "project" {
   type        = string
-  description = "(Optional) The ID of the project to create the sink in. If omitted, the project associated with the provider is used."
+  description = "(Optional) The ID of the project to create the sink in. If omitted and either `var.organization` or `var.folder` are present, no project logging sink is created. If omitted and both `var.organization` and `var.folder` are omitted, the project associated with the provider is used."
   default     = null
 }
 
@@ -66,6 +68,12 @@ variable "unique_writer_identity" {
   default     = null
 }
 
+variable "include_children" {
+  type        = bool
+  description = "(Optional) Whether or not to include child projects in the sink export. If true, logs associated with child projects are also exported; otherwise only logs relating to the provided folder or organization are included."
+  default     = null
+}
+
 # TODO: is this a good way for dealing with `bigquery_options` attribute?
 variable "use_partitioned_tables" {
   type        = bool
@@ -101,6 +109,22 @@ variable "exclusions" {
   default     = []
 }
 
+# FOLDER
+
+variable "folder" {
+  type        = string
+  description = "(Optional) The ID of the folder to create the sink in. Ignored if `var.project` is also set."
+  default     = null
+}
+
+
+# ORGANIZATION
+
+variable "organization" {
+  type        = string
+  description = "(Optional) The ID of the organization to create the sink in. Ignored if `var.project` or `var.folder` are also set."
+  default     = null
+}
 
 # ----------------------------------------------------------------------------------------------------------------------
 # MODULE CONFIGURATION PARAMETERS