diff --git a/README.md b/README.md
index a53f4b2..e3ea63d 100644
--- a/README.md
+++ b/README.md
@@ -47,9 +47,9 @@ Most common usage of the module:
```hcl
module "terraform-google-logging-sink" {
- source = "git@github.com:mineiros-io/terraform-google-logging-sink.git?ref=v0.0.1"
+ source = "git@github.com:mineiros-io/terraform-google-logging-sink.git?ref=v0.0.1"
- name = "my-pubsub-instance-sink"
+ name = "my-pubsub-instance-sink"
destination = "pubsub.googleapis.com/projects/my-project/topics/instance-activity"
}
```
@@ -96,7 +96,9 @@ See [variables.tf] and [examples/] for details and use-cases.
The ID of the project to create the sink in.
- If omitted, the project associated with the provider is used.
+ If omitted and either `var.organization` or `var.folder` are present, no project logging sink is created.
+
+ If omitted and both `var.organization` and `var.folder` are omitted, the project associated with the provider is used.
- [**`unique_writer_identity`**](#var-unique_writer_identity): *(Optional `bool`)*
@@ -106,7 +108,7 @@ See [variables.tf] and [examples/] for details and use-cases.
If `true`, then a unique service account is created and used for this sink. If you wish to publish logs across projects or utilize `bigquery_options`, you must set `unique_writer_identity` to true.
- Default is `false`.
+ Default is `null`.
- [**`use_partitioned_tables`**](#var-use_partitioned_tables): *(Optional `bool`)*
@@ -148,6 +150,36 @@ See [variables.tf] and [examples/] for details and use-cases.
If set to `true`, then this exclusion is disabled and it does not exclude any log entries.
+- [**`folder`**](#var-folder): *(Optional `string`)*
+
+ The ID of the folder to create the sink in.
+
+ If omitted, no folder logging sink is created.
+
+ If provided along with `var.project`, only the project logging sink is created.
+
+ Default is `null`.
+
+- [**`organization`**](#var-organization): *(Optional `string`)*
+
+ The ID of the organization to create the sink in.
+
+ If omitted, no organization logging sink is created.
+
+ If provided along with `var.project`, only the project logging sink is created.
+
+ If provided along with `var.folder`, the folder logging sink is created instead.
+
+ Default is `null`.
+
+- [**`include_children`**](#var-include_children): *(Optional `bool`)*
+
+ Whether or not to include child projects in the sink export.
+
+ If `true`, logs associated with child projects are also exported; otherwise only logs relating to the provided folder or organization are included.
+
+ Default is `null`.
+
### Module Configuration
- [**`module_enabled`**](#var-module_enabled): *(Optional `bool`)*
diff --git a/README.tfdoc.hcl b/README.tfdoc.hcl
index 92dd562..7104a93 100644
--- a/README.tfdoc.hcl
+++ b/README.tfdoc.hcl
@@ -63,9 +63,9 @@ section {
```hcl
module "terraform-google-logging-sink" {
- source = "git@github.com:mineiros-io/terraform-google-logging-sink.git?ref=v0.0.1"
+ source = "git@github.com:mineiros-io/terraform-google-logging-sink.git?ref=v0.0.1"
- name = "my-pubsub-instance-sink"
+ name = "my-pubsub-instance-sink"
destination = "pubsub.googleapis.com/projects/my-project/topics/instance-activity"
}
```
@@ -129,7 +129,9 @@ section {
description = <<-END
The ID of the project to create the sink in.
- If omitted, the project associated with the provider is used.
+ If omitted and either `var.organization` or `var.folder` are present, no project logging sink is created.
+
+ If omitted and both `var.organization` and `var.folder` are omitted, the project associated with the provider is used.
END
}
@@ -142,24 +144,9 @@ section {
If `true`, then a unique service account is created and used for this sink. If you wish to publish logs across projects or utilize `bigquery_options`, you must set `unique_writer_identity` to true.
END
- default = false
+ default = null
}
- # TODO: remove if we decide to go with `var.use_partitioned_tables` instead
- # variable "bigquery_options" {
- # type = object(option)
- # description = "Options that affect sinks exporting data to BigQuery."
-
- # attribute "use_partitioned_tables" {
- # required = true
- # type = bool
- # description = <<-END
- # Whether to use [BigQuery's partition tables](https://cloud.google.com/bigquery/docs/partitioned-tables).
-
- # By default, Logging creates dated tables based on the log entries' timestamps, e.g. syslog_20170523. With partitioned tables the date suffix is no longer present and [special query syntax](https://cloud.google.com/bigquery/docs/querying-partitioned-tables) has to be used instead. In both cases, tables are sharded based on UTC timezone.
- # END
- # }
- # }
variable "use_partitioned_tables" {
type = bool
description = <<-END
@@ -209,6 +196,44 @@ section {
}
}
}
+
+ variable "folder" {
+ type = string
+ description = <<-END
+ The ID of the folder to create the sink in.
+
+ If omitted, no folder logging sink is created.
+
+ If provided along with `var.project`, only the project logging sink is created.
+ END
+ default = null
+ }
+
+ variable "organization" {
+ type = string
+ description = <<-END
+ The ID of the organization to create the sink in.
+
+ If omitted, no organization logging sink is created.
+
+ If provided along with `var.project`, only the project logging sink is created.
+
+ If provided along with `var.folder`, the folder logging sink is created instead.
+ END
+ default = null
+ }
+
+
+
+ variable "include_children" {
+ type = bool
+ description = <<-END
+ Whether or not to include child projects in the sink export.
+
+ If `true`, logs associated with child projects are also exported; otherwise only logs relating to the provided folder or organization are included.
+ END
+ default = null
+ }
}
# section {
diff --git a/main.tf b/main.tf
index 0ecc7df..244418e 100644
--- a/main.tf
+++ b/main.tf
@@ -4,16 +4,24 @@
# We might add more than one line for additional information
# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-resource "google_logging_project_sink" "sink" {
- count = var.module_enabled ? 1 : 0
+locals {
+ create_project_sink = var.project != null || (var.folder == null && var.organization == null)
+ create_folder_sink = var.project == null && var.folder != null
+ create_organization_sink = var.project == null && var.folder == null && var.organization != null
+}
+
+resource "google_logging_project_sink" "project_sink" {
+ count = local.create_project_sink ? 1 : 0
+
+ project = var.project
name = var.name
destination = var.destination
- filter = var.filter
- description = var.description
- disabled = var.disabled
- project = var.project
+ filter = var.filter
+ description = var.description
+ disabled = var.disabled
+
unique_writer_identity = var.unique_writer_identity
dynamic "bigquery_options" {
@@ -37,3 +45,75 @@ resource "google_logging_project_sink" "sink" {
depends_on = [var.module_depends_on]
}
+
+resource "google_logging_folder_sink" "folder_sink" {
+ count = local.create_folder_sink ? 1 : 0
+
+ folder = var.folder
+
+ name = var.name
+ destination = var.destination
+
+ filter = var.filter
+ description = var.description
+ disabled = var.disabled
+
+ include_children = var.include_children
+
+ dynamic "bigquery_options" {
+ for_each = var.use_partitioned_tables != null ? [1] : []
+
+ content {
+ use_partitioned_tables = var.use_partitioned_tables
+ }
+ }
+
+ dynamic "exclusions" {
+ for_each = var.exclusions
+ iterator = exclusion
+
+ content {
+ name = exclusion.value.name
+ filter = exclusion.value.filter
+ description = try(exclusion.value.description, null)
+ }
+ }
+
+ depends_on = [var.module_depends_on]
+}
+
+resource "google_logging_organization_sink" "organization_sink" {
+ count = local.create_organization_sink ? 1 : 0
+
+ org_id = var.organization
+
+ name = var.name
+ destination = var.destination
+
+ filter = var.filter
+ description = var.description
+ disabled = var.disabled
+
+ include_children = var.include_children
+
+ dynamic "bigquery_options" {
+ for_each = var.use_partitioned_tables != null ? [1] : []
+
+ content {
+ use_partitioned_tables = var.use_partitioned_tables
+ }
+ }
+
+ dynamic "exclusions" {
+ for_each = var.exclusions
+ iterator = exclusion
+
+ content {
+ name = exclusion.value.name
+ filter = exclusion.value.filter
+ description = try(exclusion.value.description, null)
+ }
+ }
+
+ depends_on = [var.module_depends_on]
+}
diff --git a/outputs.tf b/outputs.tf
index 940de94..37c5d21 100644
--- a/outputs.tf
+++ b/outputs.tf
@@ -2,11 +2,20 @@
# OUTPUT CALCULATED VARIABLES (prefer full objects)
# ----------------------------------------------------------------------------------------------------------------------
-output "sink" {
+output "project_sink" {
description = "All attributes of the created `google_logging_project_sink` resource."
- value = try(google_logging_project_sink.sink[0], null)
+ value = try(google_logging_project_sink.project_sink[0], null)
}
+output "folder_sink" {
+ description = "All attributes of the created `google_logging_folder_sink` resource."
+ value = try(google_logging_folder_sink.folder_sink[0], null)
+}
+
+output "organization_sink" {
+ description = "All attributes of the created `google_logging_organization_sink` resource."
+ value = try(google_logging_organization_sink.organization_sink[0], null)
+}
# ----------------------------------------------------------------------------------------------------------------------
# OUTPUT ALL RESOURCES AS FULL OBJECTS
diff --git a/variables.tf b/variables.tf
index dda067e..4dfdf29 100644
--- a/variables.tf
+++ b/variables.tf
@@ -48,9 +48,11 @@ variable "disabled" {
default = null
}
+# PROJECT
+
variable "project" {
type = string
- description = "(Optional) The ID of the project to create the sink in. If omitted, the project associated with the provider is used."
+ description = "(Optional) The ID of the project to create the sink in. If omitted and either `var.organization` or `var.folder` are present, no project logging sink is created. If omitted and both `var.organization` and `var.folder` are omitted, the project associated with the provider is used."
default = null
}
@@ -66,6 +68,12 @@ variable "unique_writer_identity" {
default = null
}
+variable "include_children" {
+ type = bool
+ description = "(Optional) Whether or not to include child projects in the sink export. If true, logs associated with child projects are also exported; otherwise only logs relating to the provided folder or organization are included."
+ default = null
+}
+
# TODO: is this a good way for dealing with `bigquery_options` attribute?
variable "use_partitioned_tables" {
type = bool
@@ -101,6 +109,22 @@ variable "exclusions" {
default = []
}
+# FOLDER
+
+variable "folder" {
+ type = string
+ description = "(Optional) The ID of the folder to create the sink in. Ignored if `var.project` is also set."
+ default = null
+}
+
+
+# ORGANIZATION
+
+variable "organization" {
+ type = string
+ description = "(Optional) The ID of the organization to create the sink in. Ignored if `var.project` or `var.folder` are also set."
+ default = null
+}
# ----------------------------------------------------------------------------------------------------------------------
# MODULE CONFIGURATION PARAMETERS