├── .github
├── release-please.yml
├── renovate.json
├── trusted-contribution.yml
└── workflows
│ ├── lint.yaml
│ └── stale.yml
├── .gitignore
├── .kitchen.yml
├── CHANGELOG.md
├── CODEOWNERS
├── CONTRIBUTING.md
├── LICENSE
├── Makefile
├── README.md
├── build
├── int.cloudbuild.yaml
└── lint.cloudbuild.yaml
├── docs
├── upgrading_to_v10.0.md
├── upgrading_to_v5.0.md
├── upgrading_to_v7.0.md
└── upgrading_to_v9.0.md
├── examples
├── bigquery
│ ├── billing_account
│ │ ├── README.md
│ │ ├── main.tf
│ │ ├── outputs.tf
│ │ ├── variables.tf
│ │ └── versions.tf
│ ├── folder
│ │ ├── README.md
│ │ ├── main.tf
│ │ ├── outputs.tf
│ │ ├── variables.tf
│ │ └── versions.tf
│ ├── organization
│ │ ├── README.md
│ │ ├── main.tf
│ │ ├── outputs.tf
│ │ ├── variables.tf
│ │ └── versions.tf
│ └── project
│ │ ├── README.md
│ │ ├── main.tf
│ │ ├── outputs.tf
│ │ ├── variables.tf
│ │ └── versions.tf
├── bq-log-alerting
│ ├── README.md
│ ├── main.tf
│ ├── outputs.tf
│ ├── variables.tf
│ └── versions.tf
├── datadog-sink
│ ├── README.md
│ ├── main.tf
│ ├── outputs.tf
│ ├── screenshots
│ │ └── Screen Shot 2019-12-09 at 4.44.11 PM.png
│ ├── terraform.tfvars.sample
│ ├── variables.tf
│ └── versions.tf
├── logbucket
│ ├── folder
│ │ ├── README.md
│ │ ├── main.tf
│ │ ├── outputs.tf
│ │ ├── variables.tf
│ │ └── versions.tf
│ ├── organization
│ │ ├── README.md
│ │ ├── main.tf
│ │ ├── outputs.tf
│ │ ├── variables.tf
│ │ └── versions.tf
│ └── project
│ │ ├── README.md
│ │ ├── main.tf
│ │ ├── outputs.tf
│ │ ├── providers.tf
│ │ ├── variables.tf
│ │ └── versions.tf
├── project
│ └── project
│ │ ├── README.md
│ │ ├── main.tf
│ │ ├── outputs.tf
│ │ ├── variables.tf
│ │ └── versions.tf
├── pubsub
│ ├── billing_account
│ │ ├── README.md
│ │ ├── main.tf
│ │ ├── outputs.tf
│ │ ├── variables.tf
│ │ └── versions.tf
│ ├── folder
│ │ ├── README.md
│ │ ├── main.tf
│ │ ├── outputs.tf
│ │ ├── variables.tf
│ │ └── versions.tf
│ ├── organization
│ │ ├── README.md
│ │ ├── main.tf
│ │ ├── outputs.tf
│ │ ├── variables.tf
│ │ └── versions.tf
│ └── project
│ │ ├── README.md
│ │ ├── main.tf
│ │ ├── outputs.tf
│ │ ├── variables.tf
│ │ └── versions.tf
├── splunk-sink
│ ├── README.md
│ ├── main.tf
│ ├── outputs.tf
│ ├── terraform.tfvars.sample
│ ├── variables.tf
│ └── versions.tf
├── storage
│ ├── billing_account
│ │ ├── README.md
│ │ ├── main.tf
│ │ ├── outputs.tf
│ │ ├── variables.tf
│ │ └── versions.tf
│ ├── folder
│ │ ├── README.md
│ │ ├── main.tf
│ │ ├── outputs.tf
│ │ ├── variables.tf
│ │ └── versions.tf
│ ├── organization
│ │ ├── README.md
│ │ ├── main.tf
│ │ ├── outputs.tf
│ │ ├── variables.tf
│ │ └── versions.tf
│ └── project
│ │ ├── README.md
│ │ ├── main.tf
│ │ ├── outputs.tf
│ │ ├── variables.tf
│ │ └── versions.tf
└── terraform.tfvars.sample
├── main.tf
├── metadata.yaml
├── modules
├── bigquery
│ ├── README.md
│ ├── main.tf
│ ├── metadata.yaml
│ ├── outputs.tf
│ ├── variables.tf
│ └── versions.tf
├── bq-log-alerting
│ ├── .gitignore
│ ├── README.md
│ ├── logging
│ │ └── cloud_function
│ │ │ ├── index.js
│ │ │ └── package.json
│ ├── main.tf
│ ├── metadata.yaml
│ ├── outputs.tf
│ ├── use-cases
│ │ ├── README.md
│ │ ├── add_remove_routes.sql
│ │ ├── anomalous_terraform_sa_usage.sql
│ │ ├── bytes_sent.sql
│ │ ├── disable_vpc_flow_logs.sql
│ │ ├── iam_role_add.sql
│ │ ├── ingress_from_external_ip.sql
│ │ ├── logging_changes.sql
│ │ ├── non_allowlisted_services.sql
│ │ └── superadmin_login.sql
│ ├── variables.tf
│ └── versions.tf
├── logbucket
│ ├── README.md
│ ├── main.tf
│ ├── metadata.yaml
│ ├── outputs.tf
│ ├── variables.tf
│ └── versions.tf
├── project
│ ├── README.md
│ ├── main.tf
│ ├── outputs.tf
│ ├── variables.tf
│ └── versions.tf
├── pubsub
│ ├── README.md
│ ├── main.tf
│ ├── metadata.yaml
│ ├── outputs.tf
│ ├── variables.tf
│ └── versions.tf
└── storage
│ ├── README.md
│ ├── main.tf
│ ├── metadata.yaml
│ ├── outputs.tf
│ ├── variables.tf
│ └── versions.tf
├── outputs.tf
├── test
├── .gitignore
├── fixtures
│ ├── bigquery
│ │ ├── folder
│ │ │ ├── main.tf
│ │ │ ├── outputs.tf
│ │ │ └── variables.tf
│ │ ├── organization
│ │ │ ├── main.tf
│ │ │ ├── outputs.tf
│ │ │ ├── variables.tf
│ │ │ └── versions.tf
│ │ └── project
│ │ │ ├── main.tf
│ │ │ ├── outputs.tf
│ │ │ ├── variables.tf
│ │ │ └── versions.tf
│ ├── bq-log-alerting
│ │ ├── main.tf
│ │ ├── outputs.tf
│ │ ├── variables.tf
│ │ └── versions.tf
│ ├── computed_values
│ │ ├── main.tf
│ │ ├── outputs.tf
│ │ ├── variables.tf
│ │ └── versions.tf
│ ├── pubsub
│ │ ├── folder
│ │ │ ├── main.tf
│ │ │ ├── outputs.tf
│ │ │ ├── variables.tf
│ │ │ └── versions.tf
│ │ ├── organization
│ │ │ ├── main.tf
│ │ │ ├── outputs.tf
│ │ │ ├── variables.tf
│ │ │ └── versions.tf
│ │ └── project
│ │ │ ├── main.tf
│ │ │ ├── outputs.tf
│ │ │ ├── variables.tf
│ │ │ └── versions.tf
│ └── storage
│ │ ├── folder
│ │ ├── main.tf
│ │ ├── outputs.tf
│ │ ├── variables.tf
│ │ └── versions.tf
│ │ ├── organization
│ │ ├── main.tf
│ │ ├── outputs.tf
│ │ ├── variables.tf
│ │ └── versions.tf
│ │ └── project
│ │ ├── main.tf
│ │ ├── outputs.tf
│ │ └── variables.tf
├── integration
│ ├── bigquery
│ │ ├── folder
│ │ │ ├── controls
│ │ │ │ ├── gcloud.rb
│ │ │ │ └── gcp.rb
│ │ │ └── inspec.yml
│ │ ├── organization
│ │ │ ├── controls
│ │ │ │ ├── gcloud.rb
│ │ │ │ └── gcp.rb
│ │ │ └── inspec.yml
│ │ └── project
│ │ │ ├── controls
│ │ │ └── gcp.rb
│ │ │ └── inspec.yml
│ ├── bq-log-alerting
│ │ ├── controls
│ │ │ ├── gcloud.rb
│ │ │ └── gcp.rb
│ │ └── inspec.yml
│ ├── computed_values
│ │ ├── controls
│ │ │ └── gcp.rb
│ │ └── inspec.yml
│ ├── discover_test.go
│ ├── go.mod
│ ├── go.sum
│ ├── logbucket-folder
│ │ └── logbucket_folder_test.go
│ ├── logbucket-org
│ │ └── logbucket_org_test.go
│ ├── logbucket-project
│ │ └── logbucket_project_test.go
│ ├── pubsub
│ │ ├── folder
│ │ │ ├── controls
│ │ │ │ ├── gcloud.rb
│ │ │ │ └── gcp.rb
│ │ │ └── inspec.yml
│ │ ├── organization
│ │ │ ├── controls
│ │ │ │ ├── gcloud.rb
│ │ │ │ └── gcp.rb
│ │ │ └── inspec.yml
│ │ └── project
│ │ │ ├── controls
│ │ │ ├── gcloud.rb
│ │ │ └── gcp.rb
│ │ │ └── inspec.yml
│ └── storage
│ │ ├── folder
│ │ ├── controls
│ │ │ ├── gcloud.rb
│ │ │ └── gcp.rb
│ │ └── inspec.yml
│ │ ├── organization
│ │ ├── controls
│ │ │ ├── gcloud.rb
│ │ │ └── gcp.rb
│ │ └── inspec.yml
│ │ └── project
│ │ ├── controls
│ │ └── gcp.rb
│ │ └── inspec.yml
└── setup
│ ├── .gitignore
│ ├── iam.tf
│ ├── main.tf
│ ├── outputs.tf
│ ├── variables.tf
│ └── versions.tf
├── variables.tf
└── versions.tf
/.github/release-please.yml:
--------------------------------------------------------------------------------
1 | # Copyright 2021 Google LLC
2 | #
3 | # Licensed under the Apache License, Version 2.0 (the "License");
4 | # you may not use this file except in compliance with the License.
5 | # You may obtain a copy of the License at
6 | #
7 | # http://www.apache.org/licenses/LICENSE-2.0
8 | #
9 | # Unless required by applicable law or agreed to in writing, software
10 | # distributed under the License is distributed on an "AS IS" BASIS,
11 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 | # See the License for the specific language governing permissions and
13 | # limitations under the License.
14 |
15 | releaseType: terraform-module
16 | handleGHRelease: true
17 |
--------------------------------------------------------------------------------
/.github/renovate.json:
--------------------------------------------------------------------------------
1 | {
2 | "$schema": "https://docs.renovatebot.com/renovate-schema.json",
3 | "extends": ["github>GoogleCloudPlatform/cloud-foundation-toolkit//infra/terraform/test-org/github/resources/renovate"]
4 | }
5 |
--------------------------------------------------------------------------------
/.github/trusted-contribution.yml:
--------------------------------------------------------------------------------
1 | # Copyright 2023-2025 Google LLC
2 | #
3 | # Licensed under the Apache License, Version 2.0 (the "License");
4 | # you may not use this file except in compliance with the License.
5 | # You may obtain a copy of the License at
6 | #
7 | # http://www.apache.org/licenses/LICENSE-2.0
8 | #
9 | # Unless required by applicable law or agreed to in writing, software
10 | # distributed under the License is distributed on an "AS IS" BASIS,
11 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 | # See the License for the specific language governing permissions and
13 | # limitations under the License.
14 |
15 | # NOTE: This file is automatically generated from:
16 | # https://github.com/GoogleCloudPlatform/cloud-foundation-toolkit/blob/main/infra/terraform/test-org/github
17 |
18 | annotations:
19 | - type: comment
20 | text: "/gcbrun"
21 | trustedContributors:
22 | - release-please[bot]
23 | - renovate[bot]
24 | - renovate-bot
25 | - forking-renovate[bot]
26 | - dependabot[bot]
27 |
--------------------------------------------------------------------------------
/.github/workflows/stale.yml:
--------------------------------------------------------------------------------
1 | # Copyright 2022-2025 Google LLC
2 | #
3 | # Licensed under the Apache License, Version 2.0 (the "License");
4 | # you may not use this file except in compliance with the License.
5 | # You may obtain a copy of the License at
6 | #
7 | # http://www.apache.org/licenses/LICENSE-2.0
8 | #
9 | # Unless required by applicable law or agreed to in writing, software
10 | # distributed under the License is distributed on an "AS IS" BASIS,
11 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 | # See the License for the specific language governing permissions and
13 | # limitations under the License.
14 |
15 | # NOTE: This file is automatically generated from:
16 | # https://github.com/GoogleCloudPlatform/cloud-foundation-toolkit/blob/main/infra/terraform/test-org/github
17 |
18 | name: "Close stale issues"
19 | on:
20 | schedule:
21 | - cron: "0 23 * * *"
22 |
23 | jobs:
24 | stale:
25 | if: github.repository_owner == 'GoogleCloudPlatform' || github.repository_owner == 'terraform-google-modules'
26 | runs-on: ubuntu-latest
27 | steps:
28 | - uses: actions/stale@v9
29 | with:
30 | repo-token: ${{ secrets.GITHUB_TOKEN }}
31 | stale-issue-message: 'This issue is stale because it has been open 60 days with no activity. Remove stale label or comment or this will be closed in 7 days'
32 | stale-pr-message: 'This PR is stale because it has been open 60 days with no activity. Remove stale label or comment or this will be closed in 7 days'
33 | exempt-issue-labels: 'triaged'
34 | exempt-pr-labels: 'dependencies,autorelease: pending'
35 |
--------------------------------------------------------------------------------
/.gitignore:
--------------------------------------------------------------------------------
1 | # OSX leaves these everywhere on SMB shares
2 | ._*
3 |
4 | # OSX trash
5 | .DS_Store
6 |
7 | # Python
8 | *.pyc
9 |
10 | # Emacs save files
11 | *~
12 | \#*\#
13 | .\#*
14 |
15 | # Vim-related files
16 | [._]*.s[a-w][a-z]
17 | [._]s[a-w][a-z]
18 | *.un~
19 | Session.vim
20 | .netrwhist
21 |
22 | ### https://raw.github.com/github/gitignore/90f149de451a5433aebd94d02d11b0e28843a1af/Terraform.gitignore
23 |
24 | # Local .terraform directories
25 | **/.terraform/*
26 |
27 | # .tfstate files
28 | *.tfstate
29 | *.tfstate.*
30 |
31 | # Crash log files
32 | crash.log
33 |
34 | # Kitchen files
35 | **/inspec.lock
36 | **/.kitchen
37 | **/.kitchen.local.yml
38 | **/Gemfile.lock
39 |
40 | # Ignore any .tfvars files that are generated automatically for each Terraform run. Most
41 | # .tfvars files are managed as part of configuration and so should be included in
42 | # version control.
43 | #
44 | # example.tfvars
45 | test/fixtures/shared/terraform.tfvars
46 |
47 | credentials.json
48 |
49 | .idea
50 |
51 |
52 | # tf lock file
53 | .terraform.lock.hcl
54 |
--------------------------------------------------------------------------------
/CODEOWNERS:
--------------------------------------------------------------------------------
1 | # NOTE: This file is automatically generated from values at:
2 | # https://github.com/GoogleCloudPlatform/cloud-foundation-toolkit/blob/main/infra/terraform/test-org/org/locals.tf
3 |
4 | * @terraform-google-modules/cft-admins @imrannayer
5 |
6 | # NOTE: GitHub CODEOWNERS locations:
7 | # https://docs.github.com/en/repositories/managing-your-repositorys-settings-and-features/customizing-your-repository/about-code-owners#codeowners-and-branch-protection
8 |
9 | CODEOWNERS @terraform-google-modules/cft-admins
10 | .github/CODEOWNERS @terraform-google-modules/cft-admins
11 | docs/CODEOWNERS @terraform-google-modules/cft-admins
12 |
13 |
--------------------------------------------------------------------------------
/build/lint.cloudbuild.yaml:
--------------------------------------------------------------------------------
1 | # Copyright 2019 Google LLC
2 | #
3 | # Licensed under the Apache License, Version 2.0 (the "License");
4 | # you may not use this file except in compliance with the License.
5 | # You may obtain a copy of the License at
6 | #
7 | # https://www.apache.org/licenses/LICENSE-2.0
8 | #
9 | # Unless required by applicable law or agreed to in writing, software
10 | # distributed under the License is distributed on an "AS IS" BASIS,
11 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 | # See the License for the specific language governing permissions and
13 | # limitations under the License.
14 |
15 | steps:
16 | - name: 'gcr.io/cloud-foundation-cicd/cft/developer-tools:$_DOCKER_TAG_VERSION_DEVELOPER_TOOLS'
17 | id: 'lint'
18 | args: ['/usr/local/bin/test_lint.sh']
19 | tags:
20 | - 'ci'
21 | - 'lint'
22 | substitutions:
23 | _DOCKER_IMAGE_DEVELOPER_TOOLS: 'cft/developer-tools'
24 | _DOCKER_TAG_VERSION_DEVELOPER_TOOLS: '1.25'
25 |
--------------------------------------------------------------------------------
/docs/upgrading_to_v10.0.md:
--------------------------------------------------------------------------------
1 | # Upgrading to Log Export v10.0
2 |
3 | ## Provider version
4 | - The v10.0 release of Log Export is a backwards incompatible release and features a new feature `intercept_children` for folder and organization logging sinks. Minimum provider version `5.27` ia required.
5 | - Allows maximum provider version 6+
6 |
7 | ## Terraform version
8 | - Terraform version 1.3+ required
9 |
--------------------------------------------------------------------------------
/docs/upgrading_to_v5.0.md:
--------------------------------------------------------------------------------
1 | # Upgrading to Log Export v5.0
2 |
3 | The v5.0 release of Log Export is a backwards incompatible release and features many quality of life improvements.
4 | Breaking changes have only been made to the storage and bigquery submodules.
5 | Other modules can safely update the version without needing any changes.
6 |
7 | ## Migration Instructions
8 |
9 | NOTE: Users should prefer to let Terraform update their resources to the newer defaults.
10 | To preserve the existing defaults, see below:
11 |
12 | ```diff
13 | module "bq" {
14 | source = "terraform-google-modules/log-export/google//modules/bigquery"
15 | - version = "v4.0"
16 | + version = "v5.0"
17 |
18 | + delete_contents_on_destroy = true
19 |
20 | - default_table_expiration_ms = 3600000 # 1 hour
21 | + expiration_days = 1 # 1 day
22 | }
23 | ```
24 |
25 | ```diff
26 | module "gcs" {
27 | source = "terraform-google-modules/log-export/google//modules/storage"
28 | - version = "v4.0"
29 | + version = "v5.0"
30 |
31 | + force_destroy = true
32 | + storage_class = "MULTI_REGIONAL"
33 |
34 | - bucket_policy_only = false
35 | + uniform_bucket_access_level = false
36 | }
37 | ```
38 |
--------------------------------------------------------------------------------
/docs/upgrading_to_v7.0.md:
--------------------------------------------------------------------------------
1 | # Upgrading to Log Export v7.0
2 |
3 | The v7.0 release of Log Export is a backwards incompatible release and features few additional features for log retenions and bucket policy lifecycles.
4 |
5 | Breaking changes have only been made to the storage module.
6 | Other modules can safely update the version without needing any changes.
7 |
8 | ## Migration Instructions
9 |
10 | NOTE: Users should prefer to let Terraform update their resources to the newer defaults.
11 | To preserve the existing defaults, see below:
12 |
13 | ```diff
14 | module "gcs" {
15 | source = "terraform-google-modules/log-export/google//modules/storage"
16 | - version = "v6.0"
17 | + version = "v7.0"
18 |
19 | - expiration_days = 365
20 | + lifecycle_rules = [{
21 | + action = {
22 | + type = "Delete"
23 | + }
24 | + condition = {
25 | + age = 365
26 | + with_state = "ANY"
27 | + }
28 | + }]
29 | }
30 | ```
31 |
--------------------------------------------------------------------------------
/docs/upgrading_to_v9.0.md:
--------------------------------------------------------------------------------
1 | # Upgrading to Log Export v9.0
2 |
3 | The v9.0 release of Log Export is a backwards incompatible release and features a new feature `soft_delete_policy` for storage bucket. Minimum provider version `5.22` ia required.
4 |
--------------------------------------------------------------------------------
/examples/bigquery/billing_account/README.md:
--------------------------------------------------------------------------------
1 | # Log Export: BigQuery destination at Billing Account level
2 |
3 | This example configures a billing-account-level log sink that feeds a bigquery dataset destination
4 |
5 |
6 | ## Inputs
7 |
8 | | Name | Description | Type | Default | Required |
9 | |------|-------------|------|---------|:--------:|
10 | | parent\_resource\_id | The ID of the project in which BigQuery dataset destination will be created. | `string` | n/a | yes |
11 | | project\_id | The ID of the project in which the log export will be created. | `string` | n/a | yes |
12 |
13 | ## Outputs
14 |
15 | | Name | Description |
16 | |------|-------------|
17 | | destination\_map | Outputs from the destination module |
18 | | log\_export\_map | Outputs from the log export module |
19 |
20 |
21 |
--------------------------------------------------------------------------------
/examples/bigquery/billing_account/main.tf:
--------------------------------------------------------------------------------
1 | /**
2 | * Copyright 2024 Google LLC
3 | *
4 | * Licensed under the Apache License, Version 2.0 (the "License");
5 | * you may not use this file except in compliance with the License.
6 | * You may obtain a copy of the License at
7 | *
8 | * http://www.apache.org/licenses/LICENSE-2.0
9 | *
10 | * Unless required by applicable law or agreed to in writing, software
11 | * distributed under the License is distributed on an "AS IS" BASIS,
12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 | * See the License for the specific language governing permissions and
14 | * limitations under the License.
15 | */
16 |
17 | module "log_export" {
18 | source = "terraform-google-modules/log-export/google"
19 | version = "~> 11.0"
20 |
21 | destination_uri = module.destination.destination_uri
22 | log_sink_name = "bigquery_example_logsink"
23 | parent_resource_id = var.parent_resource_id
24 | parent_resource_type = "billing_account"
25 | unique_writer_identity = true
26 | }
27 |
28 | module "destination" {
29 | source = "terraform-google-modules/log-export/google//modules/bigquery"
30 | version = "~> 11.0"
31 |
32 | project_id = var.project_id
33 | dataset_name = "bigquery_example"
34 | log_sink_writer_identity = module.log_export.writer_identity
35 | }
36 |
--------------------------------------------------------------------------------
/examples/bigquery/billing_account/outputs.tf:
--------------------------------------------------------------------------------
1 | /**
2 | * Copyright 2024 Google LLC
3 | *
4 | * Licensed under the Apache License, Version 2.0 (the "License");
5 | * you may not use this file except in compliance with the License.
6 | * You may obtain a copy of the License at
7 | *
8 | * http://www.apache.org/licenses/LICENSE-2.0
9 | *
10 | * Unless required by applicable law or agreed to in writing, software
11 | * distributed under the License is distributed on an "AS IS" BASIS,
12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 | * See the License for the specific language governing permissions and
14 | * limitations under the License.
15 | */
16 |
17 | output "log_export_map" {
18 | description = "Outputs from the log export module"
19 |
20 | value = {
21 | filter = module.log_export.filter
22 | log_sink_resource_id = module.log_export.log_sink_resource_id
23 | log_sink_resource_name = module.log_export.log_sink_resource_name
24 | parent_resource_id = module.log_export.parent_resource_id
25 | writer_identity = module.log_export.writer_identity
26 | }
27 | }
28 |
29 | output "destination_map" {
30 | description = "Outputs from the destination module"
31 |
32 | value = {
33 | console_link = module.destination.console_link
34 | project = module.destination.project
35 | resource_name = module.destination.resource_name
36 | resource_id = module.destination.resource_id
37 | self_link = module.destination.self_link
38 | destination_uri = module.destination.destination_uri
39 | }
40 | }
41 |
--------------------------------------------------------------------------------
/examples/bigquery/billing_account/variables.tf:
--------------------------------------------------------------------------------
1 | /**
2 | * Copyright 2024 Google LLC
3 | *
4 | * Licensed under the Apache License, Version 2.0 (the "License");
5 | * you may not use this file except in compliance with the License.
6 | * You may obtain a copy of the License at
7 | *
8 | * http://www.apache.org/licenses/LICENSE-2.0
9 | *
10 | * Unless required by applicable law or agreed to in writing, software
11 | * distributed under the License is distributed on an "AS IS" BASIS,
12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 | * See the License for the specific language governing permissions and
14 | * limitations under the License.
15 | */
16 |
17 | variable "project_id" {
18 | description = "The ID of the project in which the log export will be created."
19 | type = string
20 | }
21 |
22 | variable "parent_resource_id" {
23 | description = "The ID of the project in which BigQuery dataset destination will be created."
24 | type = string
25 | }
26 |
--------------------------------------------------------------------------------
/examples/bigquery/billing_account/versions.tf:
--------------------------------------------------------------------------------
1 | /**
2 | * Copyright 2024 Google LLC
3 | *
4 | * Licensed under the Apache License, Version 2.0 (the "License");
5 | * you may not use this file except in compliance with the License.
6 | * You may obtain a copy of the License at
7 | *
8 | * http://www.apache.org/licenses/LICENSE-2.0
9 | *
10 | * Unless required by applicable law or agreed to in writing, software
11 | * distributed under the License is distributed on an "AS IS" BASIS,
12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 | * See the License for the specific language governing permissions and
14 | * limitations under the License.
15 | */
16 |
17 | terraform {
18 | required_version = ">= 1.3"
19 | required_providers {
20 | google = {
21 | source = "hashicorp/google"
22 | }
23 | }
24 | }
25 |
--------------------------------------------------------------------------------
/examples/bigquery/folder/README.md:
--------------------------------------------------------------------------------
1 | # Log Export: BigQuery destination at Folder level
2 |
3 | This example configures a folder-level log sink that feeds a bigquery dataset destination
4 |
5 |
6 | ## Inputs
7 |
8 | | Name | Description | Type | Default | Required |
9 | |------|-------------|------|---------|:--------:|
10 | | parent\_resource\_id | The ID of the project in which BigQuery dataset destination will be created. | `string` | n/a | yes |
11 | | project\_id | The ID of the project in which the log export will be created. | `string` | n/a | yes |
12 |
13 | ## Outputs
14 |
15 | | Name | Description |
16 | |------|-------------|
17 | | destination\_map | Outputs from the destination module |
18 | | log\_export\_map | Outputs from the log export module |
19 |
20 |
21 |
--------------------------------------------------------------------------------
/examples/bigquery/folder/main.tf:
--------------------------------------------------------------------------------
1 | /**
2 | * Copyright 2024 Google LLC
3 | *
4 | * Licensed under the Apache License, Version 2.0 (the "License");
5 | * you may not use this file except in compliance with the License.
6 | * You may obtain a copy of the License at
7 | *
8 | * http://www.apache.org/licenses/LICENSE-2.0
9 | *
10 | * Unless required by applicable law or agreed to in writing, software
11 | * distributed under the License is distributed on an "AS IS" BASIS,
12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 | * See the License for the specific language governing permissions and
14 | * limitations under the License.
15 | */
16 |
17 | resource "random_string" "suffix" {
18 | length = 4
19 | upper = false
20 | special = false
21 | }
22 |
23 | module "log_export" {
24 | source = "terraform-google-modules/log-export/google"
25 | version = "~> 11.0"
26 |
27 | destination_uri = module.destination.destination_uri
28 | filter = "resource.type = gce_instance"
29 | log_sink_name = "bigquery_folder_${random_string.suffix.result}"
30 | parent_resource_id = var.parent_resource_id
31 | parent_resource_type = "folder"
32 | unique_writer_identity = true
33 | }
34 |
35 | module "destination" {
36 | source = "terraform-google-modules/log-export/google//modules/bigquery"
37 | version = "~> 11.0"
38 |
39 | project_id = var.project_id
40 | dataset_name = "bq_folder_${random_string.suffix.result}"
41 | log_sink_writer_identity = module.log_export.writer_identity
42 | }
43 |
--------------------------------------------------------------------------------
/examples/bigquery/folder/outputs.tf:
--------------------------------------------------------------------------------
1 | /**
2 | * Copyright 2024 Google LLC
3 | *
4 | * Licensed under the Apache License, Version 2.0 (the "License");
5 | * you may not use this file except in compliance with the License.
6 | * You may obtain a copy of the License at
7 | *
8 | * http://www.apache.org/licenses/LICENSE-2.0
9 | *
10 | * Unless required by applicable law or agreed to in writing, software
11 | * distributed under the License is distributed on an "AS IS" BASIS,
12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 | * See the License for the specific language governing permissions and
14 | * limitations under the License.
15 | */
16 |
17 | output "log_export_map" {
18 | description = "Outputs from the log export module"
19 |
20 | value = {
21 | filter = module.log_export.filter
22 | log_sink_resource_id = module.log_export.log_sink_resource_id
23 | log_sink_resource_name = module.log_export.log_sink_resource_name
24 | parent_resource_id = module.log_export.parent_resource_id
25 | writer_identity = module.log_export.writer_identity
26 | }
27 | }
28 |
29 | output "destination_map" {
30 | description = "Outputs from the destination module"
31 |
32 | value = {
33 | console_link = module.destination.console_link
34 | project = module.destination.project
35 | resource_name = module.destination.resource_name
36 | resource_id = module.destination.resource_id
37 | self_link = module.destination.self_link
38 | destination_uri = module.destination.destination_uri
39 | }
40 | }
41 |
--------------------------------------------------------------------------------
/examples/bigquery/folder/variables.tf:
--------------------------------------------------------------------------------
1 | /**
2 | * Copyright 2024 Google LLC
3 | *
4 | * Licensed under the Apache License, Version 2.0 (the "License");
5 | * you may not use this file except in compliance with the License.
6 | * You may obtain a copy of the License at
7 | *
8 | * http://www.apache.org/licenses/LICENSE-2.0
9 | *
10 | * Unless required by applicable law or agreed to in writing, software
11 | * distributed under the License is distributed on an "AS IS" BASIS,
12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 | * See the License for the specific language governing permissions and
14 | * limitations under the License.
15 | */
16 |
17 | variable "project_id" {
18 | description = "The ID of the project in which the log export will be created."
19 | type = string
20 | }
21 |
22 | variable "parent_resource_id" {
23 | description = "The ID of the project in which BigQuery dataset destination will be created."
24 | type = string
25 | }
26 |
--------------------------------------------------------------------------------
/examples/bigquery/folder/versions.tf:
--------------------------------------------------------------------------------
1 | /**
2 | * Copyright 2024 Google LLC
3 | *
4 | * Licensed under the Apache License, Version 2.0 (the "License");
5 | * you may not use this file except in compliance with the License.
6 | * You may obtain a copy of the License at
7 | *
8 | * http://www.apache.org/licenses/LICENSE-2.0
9 | *
10 | * Unless required by applicable law or agreed to in writing, software
11 | * distributed under the License is distributed on an "AS IS" BASIS,
12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 | * See the License for the specific language governing permissions and
14 | * limitations under the License.
15 | */
16 |
17 |
18 | terraform {
19 | required_version = ">= 1.3"
20 | required_providers {
21 | google = {
22 | source = "hashicorp/google"
23 | }
24 | random = {
25 | source = "hashicorp/random"
26 | }
27 | }
28 | }
29 |
--------------------------------------------------------------------------------
/examples/bigquery/organization/README.md:
--------------------------------------------------------------------------------
1 | # Log Export: BigQuery destination at Organization level
2 |
3 | This example configures a organization-level log sink that feeds a bigquery dataset destination
4 |
5 |
6 | ## Inputs
7 |
8 | | Name | Description | Type | Default | Required |
9 | |------|-------------|------|---------|:--------:|
10 | | parent\_resource\_id | The ID of the project in which BigQuery dataset destination will be created. | `string` | n/a | yes |
11 | | project\_id | The ID of the project in which the log export will be created. | `string` | n/a | yes |
12 |
13 | ## Outputs
14 |
15 | | Name | Description |
16 | |------|-------------|
17 | | destination\_map | Outputs from the destination module |
18 | | log\_export\_map | Outputs from the log export module |
19 |
20 |
21 |
--------------------------------------------------------------------------------
/examples/bigquery/organization/main.tf:
--------------------------------------------------------------------------------
1 | /**
2 | * Copyright 2024 Google LLC
3 | *
4 | * Licensed under the Apache License, Version 2.0 (the "License");
5 | * you may not use this file except in compliance with the License.
6 | * You may obtain a copy of the License at
7 | *
8 | * http://www.apache.org/licenses/LICENSE-2.0
9 | *
10 | * Unless required by applicable law or agreed to in writing, software
11 | * distributed under the License is distributed on an "AS IS" BASIS,
12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 | * See the License for the specific language governing permissions and
14 | * limitations under the License.
15 | */
16 |
17 | resource "random_string" "suffix" {
18 | length = 4
19 | upper = false
20 | special = false
21 | }
22 |
23 | module "log_export" {
24 | source = "terraform-google-modules/log-export/google"
25 | version = "~> 11.0"
26 |
27 | destination_uri = module.destination.destination_uri
28 | filter = "resource.type = gce_instance"
29 | log_sink_name = "bigquery_org_${random_string.suffix.result}"
30 | parent_resource_id = var.parent_resource_id
31 | parent_resource_type = "organization"
32 | unique_writer_identity = true
33 | }
34 |
35 | module "destination" {
36 | source = "terraform-google-modules/log-export/google//modules/bigquery"
37 | version = "~> 11.0"
38 |
39 | project_id = var.project_id
40 | dataset_name = "bq_org_${random_string.suffix.result}"
41 | log_sink_writer_identity = module.log_export.writer_identity
42 | }
43 |
44 |
--------------------------------------------------------------------------------
/examples/bigquery/organization/outputs.tf:
--------------------------------------------------------------------------------
1 | /**
2 | * Copyright 2024 Google LLC
3 | *
4 | * Licensed under the Apache License, Version 2.0 (the "License");
5 | * you may not use this file except in compliance with the License.
6 | * You may obtain a copy of the License at
7 | *
8 | * http://www.apache.org/licenses/LICENSE-2.0
9 | *
10 | * Unless required by applicable law or agreed to in writing, software
11 | * distributed under the License is distributed on an "AS IS" BASIS,
12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 | * See the License for the specific language governing permissions and
14 | * limitations under the License.
15 | */
16 |
17 | output "log_export_map" {
18 | description = "Outputs from the log export module"
19 |
20 | value = {
21 | filter = module.log_export.filter
22 | log_sink_resource_id = module.log_export.log_sink_resource_id
23 | log_sink_resource_name = module.log_export.log_sink_resource_name
24 | parent_resource_id = module.log_export.parent_resource_id
25 | writer_identity = module.log_export.writer_identity
26 | }
27 | }
28 |
29 | output "destination_map" {
30 | description = "Outputs from the destination module"
31 |
32 | value = {
33 | console_link = module.destination.console_link
34 | project = module.destination.project
35 | resource_name = module.destination.resource_name
36 | resource_id = module.destination.resource_id
37 | self_link = module.destination.self_link
38 | destination_uri = module.destination.destination_uri
39 | }
40 | }
41 |
42 |
--------------------------------------------------------------------------------
/examples/bigquery/organization/variables.tf:
--------------------------------------------------------------------------------
1 | /**
2 | * Copyright 2024 Google LLC
3 | *
4 | * Licensed under the Apache License, Version 2.0 (the "License");
5 | * you may not use this file except in compliance with the License.
6 | * You may obtain a copy of the License at
7 | *
8 | * http://www.apache.org/licenses/LICENSE-2.0
9 | *
10 | * Unless required by applicable law or agreed to in writing, software
11 | * distributed under the License is distributed on an "AS IS" BASIS,
12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 | * See the License for the specific language governing permissions and
14 | * limitations under the License.
15 | */
16 |
17 | variable "project_id" {
18 | description = "The ID of the project in which the log export will be created."
19 | type = string
20 | }
21 |
22 | variable "parent_resource_id" {
23 | description = "The ID of the project in which BigQuery dataset destination will be created."
24 | type = string
25 | }
26 |
27 |
--------------------------------------------------------------------------------
/examples/bigquery/organization/versions.tf:
--------------------------------------------------------------------------------
1 | /**
2 | * Copyright 2024 Google LLC
3 | *
4 | * Licensed under the Apache License, Version 2.0 (the "License");
5 | * you may not use this file except in compliance with the License.
6 | * You may obtain a copy of the License at
7 | *
8 | * http://www.apache.org/licenses/LICENSE-2.0
9 | *
10 | * Unless required by applicable law or agreed to in writing, software
11 | * distributed under the License is distributed on an "AS IS" BASIS,
12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 | * See the License for the specific language governing permissions and
14 | * limitations under the License.
15 | */
16 |
17 |
18 | terraform {
19 | required_version = ">= 1.3"
20 | required_providers {
21 | google = {
22 | source = "hashicorp/google"
23 | }
24 | random = {
25 | source = "hashicorp/random"
26 | }
27 | }
28 | }
29 |
--------------------------------------------------------------------------------
/examples/bigquery/project/README.md:
--------------------------------------------------------------------------------
1 | # Log Export: BigQuery destination at Project level
2 |
3 | This example configures a project-level log sink that feeds a bigquery dataset destination
4 |
5 |
6 | ## Inputs
7 |
8 | | Name | Description | Type | Default | Required |
9 | |------|-------------|------|---------|:--------:|
10 | | bigquery\_options | (Optional) Options that affect sinks exporting data to BigQuery. use\_partitioned\_tables - (Required) Whether to use BigQuery's partition tables. | object({
use_partitioned_tables = bool
}) | `null` | no |
11 | | parent\_resource\_id | The ID of the project in which BigQuery dataset destination will be created. | `string` | n/a | yes |
12 | | project\_id | The ID of the project in which the log export will be created. | `string` | n/a | yes |
13 |
14 | ## Outputs
15 |
16 | | Name | Description |
17 | |------|-------------|
18 | | destination\_map | Outputs from the destination module |
19 | | log\_export\_map | Outputs from the log export module |
20 |
21 |
22 |
--------------------------------------------------------------------------------
/examples/bigquery/project/main.tf:
--------------------------------------------------------------------------------
1 | /**
2 | * Copyright 2024 Google LLC
3 | *
4 | * Licensed under the Apache License, Version 2.0 (the "License");
5 | * you may not use this file except in compliance with the License.
6 | * You may obtain a copy of the License at
7 | *
8 | * http://www.apache.org/licenses/LICENSE-2.0
9 | *
10 | * Unless required by applicable law or agreed to in writing, software
11 | * distributed under the License is distributed on an "AS IS" BASIS,
12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 | * See the License for the specific language governing permissions and
14 | * limitations under the License.
15 | */
16 |
17 | resource "random_string" "suffix" {
18 | length = 4
19 | upper = false
20 | special = false
21 | }
22 |
23 | module "log_export" {
24 | source = "terraform-google-modules/log-export/google"
25 | version = "~> 11.0"
26 |
27 | destination_uri = module.destination.destination_uri
28 | filter = "resource.type = gce_instance"
29 | log_sink_name = "bigquery_project_${random_string.suffix.result}"
30 | parent_resource_id = var.parent_resource_id
31 | parent_resource_type = "project"
32 | bigquery_options = var.bigquery_options
33 | }
34 |
35 | module "destination" {
36 | source = "terraform-google-modules/log-export/google//modules/bigquery"
37 | version = "~> 11.0"
38 |
39 | project_id = var.project_id
40 | dataset_name = "bq_project_${random_string.suffix.result}"
41 | log_sink_writer_identity = module.log_export.writer_identity
42 | }
43 |
44 |
--------------------------------------------------------------------------------
/examples/bigquery/project/outputs.tf:
--------------------------------------------------------------------------------
1 | /**
2 | * Copyright 2024 Google LLC
3 | *
4 | * Licensed under the Apache License, Version 2.0 (the "License");
5 | * you may not use this file except in compliance with the License.
6 | * You may obtain a copy of the License at
7 | *
8 | * http://www.apache.org/licenses/LICENSE-2.0
9 | *
10 | * Unless required by applicable law or agreed to in writing, software
11 | * distributed under the License is distributed on an "AS IS" BASIS,
12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 | * See the License for the specific language governing permissions and
14 | * limitations under the License.
15 | */
16 |
17 | output "log_export_map" {
18 | description = "Outputs from the log export module"
19 |
20 | value = {
21 | filter = module.log_export.filter
22 | log_sink_resource_id = module.log_export.log_sink_resource_id
23 | log_sink_resource_name = module.log_export.log_sink_resource_name
24 | parent_resource_id = module.log_export.parent_resource_id
25 | writer_identity = module.log_export.writer_identity
26 | }
27 | }
28 |
29 | output "destination_map" {
30 | description = "Outputs from the destination module"
31 |
32 | value = {
33 | console_link = module.destination.console_link
34 | project = module.destination.project
35 | resource_name = module.destination.resource_name
36 | resource_id = module.destination.resource_id
37 | self_link = module.destination.self_link
38 | destination_uri = module.destination.destination_uri
39 | }
40 | }
41 |
42 |
--------------------------------------------------------------------------------
/examples/bigquery/project/variables.tf:
--------------------------------------------------------------------------------
1 | /**
2 | * Copyright 2024 Google LLC
3 | *
4 | * Licensed under the Apache License, Version 2.0 (the "License");
5 | * you may not use this file except in compliance with the License.
6 | * You may obtain a copy of the License at
7 | *
8 | * http://www.apache.org/licenses/LICENSE-2.0
9 | *
10 | * Unless required by applicable law or agreed to in writing, software
11 | * distributed under the License is distributed on an "AS IS" BASIS,
12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 | * See the License for the specific language governing permissions and
14 | * limitations under the License.
15 | */
16 |
17 | variable "project_id" {
18 | description = "The ID of the project in which the log export will be created."
19 | type = string
20 | }
21 |
22 | variable "parent_resource_id" {
23 | description = "The ID of the project in which BigQuery dataset destination will be created."
24 | type = string
25 | }
26 |
27 | variable "bigquery_options" {
28 | default = null
29 | description = "(Optional) Options that affect sinks exporting data to BigQuery. use_partitioned_tables - (Required) Whether to use BigQuery's partition tables."
30 | type = object({
31 | use_partitioned_tables = bool
32 | })
33 | }
34 |
--------------------------------------------------------------------------------
/examples/bigquery/project/versions.tf:
--------------------------------------------------------------------------------
1 | /**
2 | * Copyright 2019 Google LLC
3 | *
4 | * Licensed under the Apache License, Version 2.0 (the "License");
5 | * you may not use this file except in compliance with the License.
6 | * You may obtain a copy of the License at
7 | *
8 | * http://www.apache.org/licenses/LICENSE-2.0
9 | *
10 | * Unless required by applicable law or agreed to in writing, software
11 | * distributed under the License is distributed on an "AS IS" BASIS,
12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 | * See the License for the specific language governing permissions and
14 | * limitations under the License.
15 | */
16 |
17 |
18 | terraform {
19 | required_version = ">= 1.3"
20 | required_providers {
21 | google = {
22 | source = "hashicorp/google"
23 | }
24 | random = {
25 | source = "hashicorp/random"
26 | }
27 | }
28 | }
29 |
--------------------------------------------------------------------------------
/examples/bq-log-alerting/main.tf:
--------------------------------------------------------------------------------
1 | /**
2 | * Copyright 2024 Google LLC
3 | *
4 | * Licensed under the Apache License, Version 2.0 (the "License");
5 | * you may not use this file except in compliance with the License.
6 | * You may obtain a copy of the License at
7 | *
8 | * http://www.apache.org/licenses/LICENSE-2.0
9 | *
10 | * Unless required by applicable law or agreed to in writing, software
11 | * distributed under the License is distributed on an "AS IS" BASIS,
12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 | * See the License for the specific language governing permissions and
14 | * limitations under the License.
15 | */
16 |
17 | module "bq-log-alerting" {
18 | source = "terraform-google-modules/log-export/google//modules/bq-log-alerting"
19 | version = "~> 11.0"
20 |
21 | logging_project = var.logging_project
22 | bigquery_location = var.bigquery_location
23 | function_region = var.function_region
24 | org_id = var.org_id
25 | source_name = var.source_name
26 | dry_run = false
27 | }
28 |
--------------------------------------------------------------------------------
/examples/bq-log-alerting/outputs.tf:
--------------------------------------------------------------------------------
1 | /**
2 | * Copyright 2024 Google LLC
3 | *
4 | * Licensed under the Apache License, Version 2.0 (the "License");
5 | * you may not use this file except in compliance with the License.
6 | * You may obtain a copy of the License at
7 | *
8 | * http://www.apache.org/licenses/LICENSE-2.0
9 | *
10 | * Unless required by applicable law or agreed to in writing, software
11 | * distributed under the License is distributed on an "AS IS" BASIS,
12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 | * See the License for the specific language governing permissions and
14 | * limitations under the License.
15 | */
16 |
17 | output "cloud_scheduler_job_name" {
18 | value = module.bq-log-alerting.cloud_scheduler_job_name
19 | description = "The name of the Cloud Scheduler job created"
20 | }
21 |
22 | output "pubsub_topic_name" {
23 | value = module.bq-log-alerting.pubsub_topic_name
24 | description = "PubSub topic name"
25 | }
26 |
27 | output "cloud_scheduler_job" {
28 | value = module.bq-log-alerting.cloud_scheduler_job
29 | description = "The Cloud Scheduler job instance"
30 | }
31 |
32 | output "source_name" {
33 | value = module.bq-log-alerting.source_name
34 | description = "The Security Command Center Source name for the \"BQ Log Alerts\" Source"
35 | }
36 |
37 | output "cloud_function_service_account_email" {
38 | value = module.bq-log-alerting.cloud_function_service_account_email
39 | description = "The email of the service account created to be used by the cloud function"
40 | }
41 |
42 | output "bq_views_dataset_id" {
43 | value = module.bq-log-alerting.bq_views_dataset_id
44 | description = "The ID of the BigQuery Views dataset"
45 | }
46 |
--------------------------------------------------------------------------------
/examples/bq-log-alerting/variables.tf:
--------------------------------------------------------------------------------
1 | /**
2 | * Copyright 2024 Google LLC
3 | *
4 | * Licensed under the Apache License, Version 2.0 (the "License");
5 | * you may not use this file except in compliance with the License.
6 | * You may obtain a copy of the License at
7 | *
8 | * http://www.apache.org/licenses/LICENSE-2.0
9 | *
10 | * Unless required by applicable law or agreed to in writing, software
11 | * distributed under the License is distributed on an "AS IS" BASIS,
12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 | * See the License for the specific language governing permissions and
14 | * limitations under the License.
15 | */
16 |
17 | variable "org_id" {
18 | description = "The organization ID for the associated services"
19 | type = string
20 | }
21 |
22 | variable "function_region" {
23 | description = "Region for the Cloud function resources. See https://cloud.google.com/functions/docs/locations for valid values."
24 | type = string
25 | }
26 |
27 | variable "bigquery_location" {
28 | description = "Location for BigQuery resources. See https://cloud.google.com/bigquery/docs/locations for valid values."
29 | type = string
30 | default = "US"
31 | }
32 |
33 | variable "source_name" {
34 | description = "The Security Command Center Source name for the \"BQ Log Alerts\" Source if the source had been created before. The format is `organizations//sources/`"
35 | type = string
36 | default = ""
37 | }
38 |
39 | variable "logging_project" {
40 | description = "The project to deploy the submodule"
41 | type = string
42 | }
43 |
--------------------------------------------------------------------------------
/examples/bq-log-alerting/versions.tf:
--------------------------------------------------------------------------------
1 | /**
2 | * Copyright 2024 Google LLC
3 | *
4 | * Licensed under the Apache License, Version 2.0 (the "License");
5 | * you may not use this file except in compliance with the License.
6 | * You may obtain a copy of the License at
7 | *
8 | * http://www.apache.org/licenses/LICENSE-2.0
9 | *
10 | * Unless required by applicable law or agreed to in writing, software
11 | * distributed under the License is distributed on an "AS IS" BASIS,
12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 | * See the License for the specific language governing permissions and
14 | * limitations under the License.
15 | */
16 |
17 | terraform {
18 | required_version = ">= 1.3"
19 | required_providers {
20 | google = {
21 | source = "hashicorp/google"
22 | }
23 | }
24 | }
25 |
--------------------------------------------------------------------------------
/examples/datadog-sink/outputs.tf:
--------------------------------------------------------------------------------
1 | /**
2 | * Copyright 2024 Google LLC
3 | *
4 | * Licensed under the Apache License, Version 2.0 (the "License");
5 | * you may not use this file except in compliance with the License.
6 | * You may obtain a copy of the License at
7 | *
8 | * http://www.apache.org/licenses/LICENSE-2.0
9 | *
10 | * Unless required by applicable law or agreed to in writing, software
11 | * distributed under the License is distributed on an "AS IS" BASIS,
12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 | * See the License for the specific language governing permissions and
14 | * limitations under the License.
15 | */
16 |
17 | output "pubsub_topic_name" {
18 | description = "Pub/Sub topic name"
19 | value = module.destination.resource_id
20 | }
21 |
22 | output "pubsub_topic_project" {
23 | description = "Pub/Sub topic project id"
24 | value = module.destination.project
25 | }
26 |
27 | output "pubsub_subscription_name" {
28 | description = "Pub/Sub topic subscription name"
29 | value = module.destination.pubsub_push_subscription
30 | }
31 |
32 | output "datadog_service_account" {
33 | description = "Datadog service account email"
34 | value = local.datadog_svc
35 | }
36 |
37 | output "log_writer" {
38 | value = local.log_writ
39 | }
40 |
--------------------------------------------------------------------------------
/examples/datadog-sink/screenshots/Screen Shot 2019-12-09 at 4.44.11 PM.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/terraform-google-modules/terraform-google-log-export/a405bf69cc9138be55905ab82cb047ba0269724d/examples/datadog-sink/screenshots/Screen Shot 2019-12-09 at 4.44.11 PM.png
--------------------------------------------------------------------------------
/examples/datadog-sink/terraform.tfvars.sample:
--------------------------------------------------------------------------------
1 | project_id = "smb-dd-lab"
2 |
3 | parent_resource_id = "smb-dd-lab"
4 |
5 | push_endpoint = "https://gcp-intake.logs.datadoghq.eu/v1/input//"
6 |
7 | key_output_path = "/home/sbreslow/terraform-google-log-export/examples/datadog-sink/sa-key.json"
8 |
--------------------------------------------------------------------------------
/examples/datadog-sink/variables.tf:
--------------------------------------------------------------------------------
1 | /**
2 | * Copyright 2024 Google LLC
3 | *
4 | * Licensed under the Apache License, Version 2.0 (the "License");
5 | * you may not use this file except in compliance with the License.
6 | * You may obtain a copy of the License at
7 | *
8 | * http://www.apache.org/licenses/LICENSE-2.0
9 | *
10 | * Unless required by applicable law or agreed to in writing, software
11 | * distributed under the License is distributed on an "AS IS" BASIS,
12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 | * See the License for the specific language governing permissions and
14 | * limitations under the License.
15 | */
16 |
17 | variable "project_id" {
18 | description = "The ID of the project in which the log export will be created."
19 | type = string
20 | }
21 |
22 | variable "parent_resource_id" {
23 | description = "The ID of the project in which pubsub topic destination will be created."
24 | type = string
25 | }
26 |
27 | variable "push_endpoint" {
28 | description = "The URL locating the endpoint to which messages should be pushed."
29 | type = string
30 | }
31 |
32 | variable "key_output_path" {
33 | description = "The path to a directory where the JSON private key of the new Datadog service account will be created."
34 | type = string
35 | default = "../datadog-sink/datadog-sa-key.json"
36 | }
37 |
--------------------------------------------------------------------------------
/examples/datadog-sink/versions.tf:
--------------------------------------------------------------------------------
1 | /**
2 | * Copyright 2024 Google LLC
3 | *
4 | * Licensed under the Apache License, Version 2.0 (the "License");
5 | * you may not use this file except in compliance with the License.
6 | * You may obtain a copy of the License at
7 | *
8 | * http://www.apache.org/licenses/LICENSE-2.0
9 | *
10 | * Unless required by applicable law or agreed to in writing, software
11 | * distributed under the License is distributed on an "AS IS" BASIS,
12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 | * See the License for the specific language governing permissions and
14 | * limitations under the License.
15 | */
16 |
17 |
18 | terraform {
19 | required_version = ">= 1.3"
20 | required_providers {
21 | google = {
22 | source = "hashicorp/google"
23 | }
24 | local = {
25 | source = "hashicorp/local"
26 | }
27 | }
28 | }
29 |
--------------------------------------------------------------------------------
/examples/logbucket/folder/README.md:
--------------------------------------------------------------------------------
1 | # Log Export: Log Bucket destination at Folder level
2 |
3 | This example configures a folder-level log sink that feeds a logging log bucket destination
4 |
5 |
6 | ## Inputs
7 |
8 | | Name | Description | Type | Default | Required |
9 | |------|-------------|------|---------|:--------:|
10 | | parent\_resource\_folder | The ID of the folder in which the log export will be created. | `string` | n/a | yes |
11 | | project\_id | The ID of the project in which log bucket destination will be created. | `string` | n/a | yes |
12 |
13 | ## Outputs
14 |
15 | | Name | Description |
16 | |------|-------------|
17 | | log\_bucket\_name | The name for the log bucket. |
18 | | log\_bucket\_project | The project where the log bucket is created. |
19 | | log\_sink\_destination\_uri | A fully qualified URI for the log sink. |
20 | | log\_sink\_folder\_id | The folder id where the log sink is created. |
21 | | log\_sink\_writer\_identity | Writer identity for the log sink that writes to the log bucket. |
22 |
23 |
24 |
--------------------------------------------------------------------------------
/examples/logbucket/folder/main.tf:
--------------------------------------------------------------------------------
1 | /**
2 | * Copyright 2024 Google LLC
3 | *
4 | * Licensed under the Apache License, Version 2.0 (the "License");
5 | * you may not use this file except in compliance with the License.
6 | * You may obtain a copy of the License at
7 | *
8 | * http://www.apache.org/licenses/LICENSE-2.0
9 | *
10 | * Unless required by applicable law or agreed to in writing, software
11 | * distributed under the License is distributed on an "AS IS" BASIS,
12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 | * See the License for the specific language governing permissions and
14 | * limitations under the License.
15 | */
16 |
17 | resource "random_string" "suffix" {
18 | length = 4
19 | upper = false
20 | special = false
21 | }
22 |
23 | module "log_export" {
24 | source = "terraform-google-modules/log-export/google"
25 | version = "~> 11.0"
26 |
27 | destination_uri = module.destination.destination_uri
28 | filter = "resource.type = gce_instance"
29 | log_sink_name = "logbucket_folder_${random_string.suffix.result}"
30 | parent_resource_id = var.parent_resource_folder
31 | parent_resource_type = "folder"
32 | unique_writer_identity = true
33 | }
34 |
35 | module "destination" {
36 | source = "terraform-google-modules/log-export/google//modules/logbucket"
37 | version = "~> 11.0"
38 |
39 | project_id = var.project_id
40 | name = "logbucket_folder_${random_string.suffix.result}"
41 | location = "global"
42 | log_sink_writer_identity = module.log_export.writer_identity
43 | }
44 |
--------------------------------------------------------------------------------
/examples/logbucket/folder/outputs.tf:
--------------------------------------------------------------------------------
1 | /**
2 | * Copyright 2024 Google LLC
3 | *
4 | * Licensed under the Apache License, Version 2.0 (the "License");
5 | * you may not use this file except in compliance with the License.
6 | * You may obtain a copy of the License at
7 | *
8 | * http://www.apache.org/licenses/LICENSE-2.0
9 | *
10 | * Unless required by applicable law or agreed to in writing, software
11 | * distributed under the License is distributed on an "AS IS" BASIS,
12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 | * See the License for the specific language governing permissions and
14 | * limitations under the License.
15 | */
16 |
17 | output "log_bucket_project" {
18 | description = "The project where the log bucket is created."
19 | value = module.destination.project
20 | }
21 |
22 | output "log_bucket_name" {
23 | description = "The name for the log bucket."
24 | value = module.destination.resource_name
25 | }
26 |
27 | output "log_sink_folder_id" {
28 | description = "The folder id where the log sink is created."
29 | value = module.log_export.parent_resource_id
30 | }
31 |
32 | output "log_sink_destination_uri" {
33 | description = "A fully qualified URI for the log sink."
34 | value = module.destination.destination_uri
35 | }
36 |
37 | output "log_sink_writer_identity" {
38 | description = "Writer identity for the log sink that writes to the log bucket."
39 | value = module.log_export.writer_identity
40 | }
41 |
--------------------------------------------------------------------------------
/examples/logbucket/folder/variables.tf:
--------------------------------------------------------------------------------
1 | /**
2 | * Copyright 2024 Google LLC
3 | *
4 | * Licensed under the Apache License, Version 2.0 (the "License");
5 | * you may not use this file except in compliance with the License.
6 | * You may obtain a copy of the License at
7 | *
8 | * http://www.apache.org/licenses/LICENSE-2.0
9 | *
10 | * Unless required by applicable law or agreed to in writing, software
11 | * distributed under the License is distributed on an "AS IS" BASIS,
12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 | * See the License for the specific language governing permissions and
14 | * limitations under the License.
15 | */
16 |
17 | variable "project_id" {
18 | description = "The ID of the project in which log bucket destination will be created."
19 | type = string
20 | }
21 |
22 | variable "parent_resource_folder" {
23 | description = "The ID of the folder in which the log export will be created."
24 | type = string
25 | }
26 |
--------------------------------------------------------------------------------
/examples/logbucket/folder/versions.tf:
--------------------------------------------------------------------------------
1 | /**
2 | * Copyright 2024 Google LLC
3 | *
4 | * Licensed under the Apache License, Version 2.0 (the "License");
5 | * you may not use this file except in compliance with the License.
6 | * You may obtain a copy of the License at
7 | *
8 | * http://www.apache.org/licenses/LICENSE-2.0
9 | *
10 | * Unless required by applicable law or agreed to in writing, software
11 | * distributed under the License is distributed on an "AS IS" BASIS,
12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 | * See the License for the specific language governing permissions and
14 | * limitations under the License.
15 | */
16 |
17 |
18 | terraform {
19 | required_version = ">= 1.3"
20 | required_providers {
21 | google = {
22 | source = "hashicorp/google"
23 | }
24 | random = {
25 | source = "hashicorp/random"
26 | }
27 | }
28 | }
29 |
--------------------------------------------------------------------------------
/examples/logbucket/organization/README.md:
--------------------------------------------------------------------------------
1 | # Log Export: Log Bucket destination at Organization level
2 |
3 | This example configures a organization-level log sink that feeds a Cloud Log Bucket destination.
4 |
5 |
6 | ## Inputs
7 |
8 | | Name | Description | Type | Default | Required |
9 | |------|-------------|------|---------|:--------:|
10 | | parent\_resource\_organization | The ID of the organization in which the log export will be created. | `string` | n/a | yes |
11 | | project\_id | The ID of the project in which storage bucket destination will be created. | `string` | n/a | yes |
12 |
13 | ## Outputs
14 |
15 | | Name | Description |
16 | |------|-------------|
17 | | log\_bucket\_name | The name for the log bucket. |
18 | | log\_bucket\_project | The project where the log bucket is created. |
19 | | log\_sink\_destination\_uri | A fully qualified URI for the log sink. |
20 | | log\_sink\_organization\_id | The organization id where the log sink is created. |
21 | | log\_sink\_writer\_identity | Writer identity for the log sink that writes to the log bucket. |
22 |
23 |
24 |
--------------------------------------------------------------------------------
/examples/logbucket/organization/main.tf:
--------------------------------------------------------------------------------
1 | /**
2 | * Copyright 2024 Google LLC
3 | *
4 | * Licensed under the Apache License, Version 2.0 (the "License");
5 | * you may not use this file except in compliance with the License.
6 | * You may obtain a copy of the License at
7 | *
8 | * http://www.apache.org/licenses/LICENSE-2.0
9 | *
10 | * Unless required by applicable law or agreed to in writing, software
11 | * distributed under the License is distributed on an "AS IS" BASIS,
12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 | * See the License for the specific language governing permissions and
14 | * limitations under the License.
15 | */
16 |
17 | resource "random_string" "suffix" {
18 | length = 4
19 | upper = false
20 | special = false
21 | }
22 |
23 | module "log_export" {
24 | source = "terraform-google-modules/log-export/google"
25 | version = "~> 11.0"
26 |
27 | destination_uri = module.destination.destination_uri
28 | filter = "resource.type = gce_instance"
29 | log_sink_name = "logbucket_org_${random_string.suffix.result}"
30 | parent_resource_id = var.parent_resource_organization
31 | parent_resource_type = "organization"
32 | unique_writer_identity = true
33 | }
34 |
35 | module "destination" {
36 | source = "terraform-google-modules/log-export/google//modules/logbucket"
37 | version = "~> 11.0"
38 |
39 | project_id = var.project_id
40 | name = "logbucket_org_${random_string.suffix.result}"
41 | location = "global"
42 | log_sink_writer_identity = module.log_export.writer_identity
43 | }
44 |
--------------------------------------------------------------------------------
/examples/logbucket/organization/outputs.tf:
--------------------------------------------------------------------------------
1 | /**
2 | * Copyright 2024 Google LLC
3 | *
4 | * Licensed under the Apache License, Version 2.0 (the "License");
5 | * you may not use this file except in compliance with the License.
6 | * You may obtain a copy of the License at
7 | *
8 | * http://www.apache.org/licenses/LICENSE-2.0
9 | *
10 | * Unless required by applicable law or agreed to in writing, software
11 | * distributed under the License is distributed on an "AS IS" BASIS,
12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 | * See the License for the specific language governing permissions and
14 | * limitations under the License.
15 | */
16 |
17 | output "log_bucket_project" {
18 | description = "The project where the log bucket is created."
19 | value = module.destination.project
20 | }
21 |
22 | output "log_bucket_name" {
23 | description = "The name for the log bucket."
24 | value = module.destination.resource_name
25 | }
26 |
27 | output "log_sink_organization_id" {
28 | description = "The organization id where the log sink is created."
29 | value = module.log_export.parent_resource_id
30 | }
31 |
32 | output "log_sink_destination_uri" {
33 | description = "A fully qualified URI for the log sink."
34 | value = module.destination.destination_uri
35 | }
36 |
37 | output "log_sink_writer_identity" {
38 | description = "Writer identity for the log sink that writes to the log bucket."
39 | value = module.log_export.writer_identity
40 | }
41 |
--------------------------------------------------------------------------------
/examples/logbucket/organization/variables.tf:
--------------------------------------------------------------------------------
1 | /**
2 | * Copyright 2024 Google LLC
3 | *
4 | * Licensed under the Apache License, Version 2.0 (the "License");
5 | * you may not use this file except in compliance with the License.
6 | * You may obtain a copy of the License at
7 | *
8 | * http://www.apache.org/licenses/LICENSE-2.0
9 | *
10 | * Unless required by applicable law or agreed to in writing, software
11 | * distributed under the License is distributed on an "AS IS" BASIS,
12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 | * See the License for the specific language governing permissions and
14 | * limitations under the License.
15 | */
16 |
17 | variable "project_id" {
18 | description = "The ID of the project in which storage bucket destination will be created."
19 | type = string
20 | }
21 |
22 | variable "parent_resource_organization" {
23 | description = "The ID of the organization in which the log export will be created."
24 | type = string
25 | }
26 |
--------------------------------------------------------------------------------
/examples/logbucket/organization/versions.tf:
--------------------------------------------------------------------------------
1 | /**
2 | * Copyright 2024 Google LLC
3 | *
4 | * Licensed under the Apache License, Version 2.0 (the "License");
5 | * you may not use this file except in compliance with the License.
6 | * You may obtain a copy of the License at
7 | *
8 | * http://www.apache.org/licenses/LICENSE-2.0
9 | *
10 | * Unless required by applicable law or agreed to in writing, software
11 | * distributed under the License is distributed on an "AS IS" BASIS,
12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 | * See the License for the specific language governing permissions and
14 | * limitations under the License.
15 | */
16 |
17 |
18 | terraform {
19 | required_version = ">= 1.3"
20 | required_providers {
21 | google = {
22 | source = "hashicorp/google"
23 | }
24 | random = {
25 | source = "hashicorp/random"
26 | }
27 | }
28 | }
29 |
--------------------------------------------------------------------------------
/examples/logbucket/project/providers.tf:
--------------------------------------------------------------------------------
1 | /**
2 | * Copyright 2024 Google LLC
3 | *
4 | * Licensed under the Apache License, Version 2.0 (the "License");
5 | * you may not use this file except in compliance with the License.
6 | * You may obtain a copy of the License at
7 | *
8 | * http://www.apache.org/licenses/LICENSE-2.0
9 | *
10 | * Unless required by applicable law or agreed to in writing, software
11 | * distributed under the License is distributed on an "AS IS" BASIS,
12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 | * See the License for the specific language governing permissions and
14 | * limitations under the License.
15 | */
16 |
17 | /******************************************
18 | Provider request timeout configuration
19 | *****************************************/
20 | provider "google" {
21 | request_timeout = "5m"
22 | }
23 |
--------------------------------------------------------------------------------
/examples/logbucket/project/variables.tf:
--------------------------------------------------------------------------------
1 | /**
2 | * Copyright 2024 Google LLC
3 | *
4 | * Licensed under the Apache License, Version 2.0 (the "License");
5 | * you may not use this file except in compliance with the License.
6 | * You may obtain a copy of the License at
7 | *
8 | * http://www.apache.org/licenses/LICENSE-2.0
9 | *
10 | * Unless required by applicable law or agreed to in writing, software
11 | * distributed under the License is distributed on an "AS IS" BASIS,
12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 | * See the License for the specific language governing permissions and
14 | * limitations under the License.
15 | */
16 |
17 | variable "project_destination_logbkt_id" {
18 | description = "The ID of the project in which log bucket destination will be created."
19 | type = string
20 | }
21 |
22 | variable "parent_resource_project" {
23 | description = "The ID of the project in which the log export will be created."
24 | type = string
25 | }
26 |
--------------------------------------------------------------------------------
/examples/logbucket/project/versions.tf:
--------------------------------------------------------------------------------
1 | /**
2 | * Copyright 2024 Google LLC
3 | *
4 | * Licensed under the Apache License, Version 2.0 (the "License");
5 | * you may not use this file except in compliance with the License.
6 | * You may obtain a copy of the License at
7 | *
8 | * http://www.apache.org/licenses/LICENSE-2.0
9 | *
10 | * Unless required by applicable law or agreed to in writing, software
11 | * distributed under the License is distributed on an "AS IS" BASIS,
12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 | * See the License for the specific language governing permissions and
14 | * limitations under the License.
15 | */
16 |
17 |
18 | terraform {
19 | required_version = ">= 1.3"
20 | required_providers {
21 | google = {
22 | source = "hashicorp/google"
23 | }
24 | random = {
25 | source = "hashicorp/random"
26 | }
27 | }
28 | }
29 |
--------------------------------------------------------------------------------
/examples/project/project/README.md:
--------------------------------------------------------------------------------
1 | # Log Export: Storage destination at Project level
2 |
3 | This example configures a project-level log sink that feeds a storage bucket destination
4 |
5 |
6 | ## Inputs
7 |
8 | | Name | Description | Type | Default | Required |
9 | |------|-------------|------|---------|:--------:|
10 | | parent\_resource\_id | The ID of the project to which logs will be routed. | `string` | n/a | yes |
11 | | project\_id | The ID of the project in which the log export will be created. | `string` | n/a | yes |
12 |
13 | ## Outputs
14 |
15 | | Name | Description |
16 | |------|-------------|
17 | | destination\_map | Outputs from the destination module |
18 | | log\_export\_map | Outputs from the log export module |
19 |
20 |
21 |
--------------------------------------------------------------------------------
/examples/project/project/main.tf:
--------------------------------------------------------------------------------
1 | /**
2 | * Copyright 2024 Google LLC
3 | *
4 | * Licensed under the Apache License, Version 2.0 (the "License");
5 | * you may not use this file except in compliance with the License.
6 | * You may obtain a copy of the License at
7 | *
8 | * http://www.apache.org/licenses/LICENSE-2.0
9 | *
10 | * Unless required by applicable law or agreed to in writing, software
11 | * distributed under the License is distributed on an "AS IS" BASIS,
12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 | * See the License for the specific language governing permissions and
14 | * limitations under the License.
15 | */
16 |
17 | resource "random_string" "suffix" {
18 | length = 4
19 | upper = false
20 | special = false
21 | }
22 |
23 | module "log_export" {
24 | source = "terraform-google-modules/log-export/google"
25 | version = "~> 11.0"
26 |
27 | destination_uri = module.destination.destination_uri
28 | filter = "resource.type = gce_instance"
29 | log_sink_name = "project_${random_string.suffix.result}"
30 | parent_resource_id = var.parent_resource_id
31 | parent_resource_type = "project"
32 | unique_writer_identity = true
33 | }
34 |
35 | module "destination" {
36 | source = "terraform-google-modules/log-export/google//modules/project"
37 | version = "~> 11.0"
38 |
39 | project_id = var.project_id
40 | log_sink_writer_identity = module.log_export.writer_identity
41 | }
42 |
43 |
--------------------------------------------------------------------------------
/examples/project/project/outputs.tf:
--------------------------------------------------------------------------------
1 | /**
2 | * Copyright 2024 Google LLC
3 | *
4 | * Licensed under the Apache License, Version 2.0 (the "License");
5 | * you may not use this file except in compliance with the License.
6 | * You may obtain a copy of the License at
7 | *
8 | * http://www.apache.org/licenses/LICENSE-2.0
9 | *
10 | * Unless required by applicable law or agreed to in writing, software
11 | * distributed under the License is distributed on an "AS IS" BASIS,
12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 | * See the License for the specific language governing permissions and
14 | * limitations under the License.
15 | */
16 |
17 | output "log_export_map" {
18 | description = "Outputs from the log export module"
19 |
20 | value = {
21 | filter = module.log_export.filter
22 | parent_resource_id = module.log_export.parent_resource_id
23 | writer_identity = module.log_export.writer_identity
24 | }
25 | }
26 |
27 | output "destination_map" {
28 | description = "Outputs from the destination module"
29 |
30 | value = {
31 | project = module.destination.project
32 | destination_uri = module.destination.destination_uri
33 | }
34 | }
35 |
36 |
--------------------------------------------------------------------------------
/examples/project/project/variables.tf:
--------------------------------------------------------------------------------
1 | /**
2 | * Copyright 2024 Google LLC
3 | *
4 | * Licensed under the Apache License, Version 2.0 (the "License");
5 | * you may not use this file except in compliance with the License.
6 | * You may obtain a copy of the License at
7 | *
8 | * http://www.apache.org/licenses/LICENSE-2.0
9 | *
10 | * Unless required by applicable law or agreed to in writing, software
11 | * distributed under the License is distributed on an "AS IS" BASIS,
12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 | * See the License for the specific language governing permissions and
14 | * limitations under the License.
15 | */
16 |
17 | variable "project_id" {
18 | description = "The ID of the project in which the log export will be created."
19 | type = string
20 | }
21 |
22 | variable "parent_resource_id" {
23 | description = "The ID of the project to which logs will be routed."
24 | type = string
25 | }
26 |
27 |
--------------------------------------------------------------------------------
/examples/project/project/versions.tf:
--------------------------------------------------------------------------------
1 | /**
2 | * Copyright 2024 Google LLC
3 | *
4 | * Licensed under the Apache License, Version 2.0 (the "License");
5 | * you may not use this file except in compliance with the License.
6 | * You may obtain a copy of the License at
7 | *
8 | * http://www.apache.org/licenses/LICENSE-2.0
9 | *
10 | * Unless required by applicable law or agreed to in writing, software
11 | * distributed under the License is distributed on an "AS IS" BASIS,
12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 | * See the License for the specific language governing permissions and
14 | * limitations under the License.
15 | */
16 |
17 |
18 | terraform {
19 | required_version = ">= 1.3"
20 | required_providers {
21 | google = {
22 | source = "hashicorp/google"
23 | }
24 | random = {
25 | source = "hashicorp/random"
26 | }
27 | }
28 | }
29 |
--------------------------------------------------------------------------------
/examples/pubsub/billing_account/README.md:
--------------------------------------------------------------------------------
1 | # Log Export: PubSub destination at Billing Account level
2 |
3 | This example configures a billing-account-level log sink that feeds a pubsub topic destination
4 |
5 |
6 | ## Inputs
7 |
8 | | Name | Description | Type | Default | Required |
9 | |------|-------------|------|---------|:--------:|
10 | | parent\_resource\_id | The ID of the project in which pubsub topic destination will be created. | `string` | n/a | yes |
11 | | project\_id | The ID of the project in which the log export will be created. | `string` | n/a | yes |
12 |
13 | ## Outputs
14 |
15 | | Name | Description |
16 | |------|-------------|
17 | | destination\_map | Outputs from the destination module |
18 | | log\_export\_map | Outputs from the log export module |
19 |
20 |
21 |
--------------------------------------------------------------------------------
/examples/pubsub/billing_account/main.tf:
--------------------------------------------------------------------------------
1 | /**
2 | * Copyright 2024 Google LLC
3 | *
4 | * Licensed under the Apache License, Version 2.0 (the "License");
5 | * you may not use this file except in compliance with the License.
6 | * You may obtain a copy of the License at
7 | *
8 | * http://www.apache.org/licenses/LICENSE-2.0
9 | *
10 | * Unless required by applicable law or agreed to in writing, software
11 | * distributed under the License is distributed on an "AS IS" BASIS,
12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 | * See the License for the specific language governing permissions and
14 | * limitations under the License.
15 | */
16 |
17 | module "log_export" {
18 | source = "terraform-google-modules/log-export/google"
19 | version = "~> 11.0"
20 |
21 | destination_uri = module.destination.destination_uri
22 | log_sink_name = "pubsub_example_logsink"
23 | parent_resource_id = var.parent_resource_id
24 | parent_resource_type = "billing_account"
25 | unique_writer_identity = true
26 | }
27 |
28 | module "destination" {
29 | source = "terraform-google-modules/log-export/google//modules/pubsub"
30 | version = "~> 11.0"
31 |
32 | project_id = var.project_id
33 | topic_name = "pubsub-example"
34 | log_sink_writer_identity = module.log_export.writer_identity
35 | create_subscriber = true
36 | }
37 |
38 |
--------------------------------------------------------------------------------
/examples/pubsub/billing_account/outputs.tf:
--------------------------------------------------------------------------------
1 | /**
2 | * Copyright 2024 Google LLC
3 | *
4 | * Licensed under the Apache License, Version 2.0 (the "License");
5 | * you may not use this file except in compliance with the License.
6 | * You may obtain a copy of the License at
7 | *
8 | * http://www.apache.org/licenses/LICENSE-2.0
9 | *
10 | * Unless required by applicable law or agreed to in writing, software
11 | * distributed under the License is distributed on an "AS IS" BASIS,
12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 | * See the License for the specific language governing permissions and
14 | * limitations under the License.
15 | */
16 |
17 | output "log_export_map" {
18 | description = "Outputs from the log export module"
19 |
20 | value = {
21 | filter = module.log_export.filter
22 | log_sink_resource_id = module.log_export.log_sink_resource_id
23 | log_sink_resource_name = module.log_export.log_sink_resource_name
24 | parent_resource_id = module.log_export.parent_resource_id
25 | writer_identity = module.log_export.writer_identity
26 | }
27 | }
28 |
29 | output "destination_map" {
30 | description = "Outputs from the destination module"
31 |
32 | value = {
33 | console_link = module.destination.console_link
34 | project = module.destination.project
35 | resource_name = module.destination.resource_name
36 | resource_id = module.destination.resource_id
37 | destination_uri = module.destination.destination_uri
38 | pubsub_subscriber = module.destination.pubsub_subscriber
39 | pubsub_subscription = module.destination.pubsub_subscription
40 | }
41 | }
42 |
43 |
--------------------------------------------------------------------------------
/examples/pubsub/billing_account/variables.tf:
--------------------------------------------------------------------------------
1 | /**
2 | * Copyright 2024 Google LLC
3 | *
4 | * Licensed under the Apache License, Version 2.0 (the "License");
5 | * you may not use this file except in compliance with the License.
6 | * You may obtain a copy of the License at
7 | *
8 | * http://www.apache.org/licenses/LICENSE-2.0
9 | *
10 | * Unless required by applicable law or agreed to in writing, software
11 | * distributed under the License is distributed on an "AS IS" BASIS,
12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 | * See the License for the specific language governing permissions and
14 | * limitations under the License.
15 | */
16 |
17 | variable "project_id" {
18 | description = "The ID of the project in which the log export will be created."
19 | type = string
20 | }
21 |
22 | variable "parent_resource_id" {
23 | description = "The ID of the project in which pubsub topic destination will be created."
24 | type = string
25 | }
26 |
27 |
--------------------------------------------------------------------------------
/examples/pubsub/billing_account/versions.tf:
--------------------------------------------------------------------------------
1 | /**
2 | * Copyright 2024 Google LLC
3 | *
4 | * Licensed under the Apache License, Version 2.0 (the "License");
5 | * you may not use this file except in compliance with the License.
6 | * You may obtain a copy of the License at
7 | *
8 | * http://www.apache.org/licenses/LICENSE-2.0
9 | *
10 | * Unless required by applicable law or agreed to in writing, software
11 | * distributed under the License is distributed on an "AS IS" BASIS,
12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 | * See the License for the specific language governing permissions and
14 | * limitations under the License.
15 | */
16 |
17 |
18 | terraform {
19 | required_version = ">= 1.3"
20 | required_providers {
21 | google = {
22 | source = "hashicorp/google"
23 | }
24 | }
25 | }
26 |
--------------------------------------------------------------------------------
/examples/pubsub/folder/README.md:
--------------------------------------------------------------------------------
1 | # Log Export: PubSub destination at Folder level
2 |
3 | This example configures a folder-level log sink that feeds a pubsub topic destination
4 |
5 |
6 | ## Inputs
7 |
8 | | Name | Description | Type | Default | Required |
9 | |------|-------------|------|---------|:--------:|
10 | | parent\_resource\_id | The ID of the project in which pubsub topic destination will be created. | `string` | n/a | yes |
11 | | project\_id | The ID of the project in which the log export will be created. | `string` | n/a | yes |
12 |
13 | ## Outputs
14 |
15 | | Name | Description |
16 | |------|-------------|
17 | | destination\_map | Outputs from the destination module |
18 | | log\_export\_map | Outputs from the log export module |
19 |
20 |
21 |
--------------------------------------------------------------------------------
/examples/pubsub/folder/main.tf:
--------------------------------------------------------------------------------
1 | /**
2 | * Copyright 2024 Google LLC
3 | *
4 | * Licensed under the Apache License, Version 2.0 (the "License");
5 | * you may not use this file except in compliance with the License.
6 | * You may obtain a copy of the License at
7 | *
8 | * http://www.apache.org/licenses/LICENSE-2.0
9 | *
10 | * Unless required by applicable law or agreed to in writing, software
11 | * distributed under the License is distributed on an "AS IS" BASIS,
12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 | * See the License for the specific language governing permissions and
14 | * limitations under the License.
15 | */
16 |
17 | resource "random_string" "suffix" {
18 | length = 4
19 | upper = false
20 | special = false
21 | }
22 |
23 | module "log_export" {
24 | source = "terraform-google-modules/log-export/google"
25 | version = "~> 11.0"
26 |
27 | destination_uri = module.destination.destination_uri
28 | filter = "resource.type = gce_instance"
29 | log_sink_name = "pubsub_folder_${random_string.suffix.result}"
30 | parent_resource_id = var.parent_resource_id
31 | parent_resource_type = "folder"
32 | unique_writer_identity = true
33 | }
34 |
35 | module "destination" {
36 | source = "terraform-google-modules/log-export/google//modules/pubsub"
37 | version = "~> 11.0"
38 |
39 | project_id = var.project_id
40 | topic_name = "pubsub-folder-${random_string.suffix.result}"
41 | log_sink_writer_identity = module.log_export.writer_identity
42 | create_subscriber = true
43 | }
44 |
45 |
--------------------------------------------------------------------------------
/examples/pubsub/folder/outputs.tf:
--------------------------------------------------------------------------------
1 | /**
2 | * Copyright 2024 Google LLC
3 | *
4 | * Licensed under the Apache License, Version 2.0 (the "License");
5 | * you may not use this file except in compliance with the License.
6 | * You may obtain a copy of the License at
7 | *
8 | * http://www.apache.org/licenses/LICENSE-2.0
9 | *
10 | * Unless required by applicable law or agreed to in writing, software
11 | * distributed under the License is distributed on an "AS IS" BASIS,
12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 | * See the License for the specific language governing permissions and
14 | * limitations under the License.
15 | */
16 |
17 | output "log_export_map" {
18 | description = "Outputs from the log export module"
19 |
20 | value = {
21 | filter = module.log_export.filter
22 | log_sink_resource_id = module.log_export.log_sink_resource_id
23 | log_sink_resource_name = module.log_export.log_sink_resource_name
24 | parent_resource_id = module.log_export.parent_resource_id
25 | writer_identity = module.log_export.writer_identity
26 | }
27 | }
28 |
29 | output "destination_map" {
30 | description = "Outputs from the destination module"
31 |
32 | value = {
33 | console_link = module.destination.console_link
34 | project = module.destination.project
35 | resource_name = module.destination.resource_name
36 | resource_id = module.destination.resource_id
37 | destination_uri = module.destination.destination_uri
38 | pubsub_subscriber = module.destination.pubsub_subscriber
39 | pubsub_subscription = module.destination.pubsub_subscription
40 | }
41 | }
42 |
43 |
--------------------------------------------------------------------------------
/examples/pubsub/folder/variables.tf:
--------------------------------------------------------------------------------
1 | /**
2 | * Copyright 2024 Google LLC
3 | *
4 | * Licensed under the Apache License, Version 2.0 (the "License");
5 | * you may not use this file except in compliance with the License.
6 | * You may obtain a copy of the License at
7 | *
8 | * http://www.apache.org/licenses/LICENSE-2.0
9 | *
10 | * Unless required by applicable law or agreed to in writing, software
11 | * distributed under the License is distributed on an "AS IS" BASIS,
12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 | * See the License for the specific language governing permissions and
14 | * limitations under the License.
15 | */
16 |
17 | variable "project_id" {
18 | description = "The ID of the project in which the log export will be created."
19 | type = string
20 | }
21 |
22 | variable "parent_resource_id" {
23 | description = "The ID of the project in which pubsub topic destination will be created."
24 | type = string
25 | }
26 |
27 |
--------------------------------------------------------------------------------
/examples/pubsub/folder/versions.tf:
--------------------------------------------------------------------------------
1 | /**
2 | * Copyright 2024 Google LLC
3 | *
4 | * Licensed under the Apache License, Version 2.0 (the "License");
5 | * you may not use this file except in compliance with the License.
6 | * You may obtain a copy of the License at
7 | *
8 | * http://www.apache.org/licenses/LICENSE-2.0
9 | *
10 | * Unless required by applicable law or agreed to in writing, software
11 | * distributed under the License is distributed on an "AS IS" BASIS,
12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 | * See the License for the specific language governing permissions and
14 | * limitations under the License.
15 | */
16 |
17 |
18 | terraform {
19 | required_version = ">= 1.3"
20 | required_providers {
21 | google = {
22 | source = "hashicorp/google"
23 | }
24 | random = {
25 | source = "hashicorp/random"
26 | }
27 | }
28 | }
29 |
--------------------------------------------------------------------------------
/examples/pubsub/organization/README.md:
--------------------------------------------------------------------------------
1 | # Log Export: PubSub destination at Organization level
2 |
3 | This example configures a organization-level log sink that feeds a pubsub topic destination
4 |
5 |
6 | ## Inputs
7 |
8 | | Name | Description | Type | Default | Required |
9 | |------|-------------|------|---------|:--------:|
10 | | parent\_resource\_id | The ID of the project in which pubsub topic destination will be created. | `string` | n/a | yes |
11 | | project\_id | The ID of the project in which the log export will be created. | `string` | n/a | yes |
12 |
13 | ## Outputs
14 |
15 | | Name | Description |
16 | |------|-------------|
17 | | destination\_map | Outputs from the destination module |
18 | | log\_export\_map | Outputs from the log export module |
19 |
20 |
21 |
--------------------------------------------------------------------------------
/examples/pubsub/organization/main.tf:
--------------------------------------------------------------------------------
1 | /**
2 | * Copyright 2024 Google LLC
3 | *
4 | * Licensed under the Apache License, Version 2.0 (the "License");
5 | * you may not use this file except in compliance with the License.
6 | * You may obtain a copy of the License at
7 | *
8 | * http://www.apache.org/licenses/LICENSE-2.0
9 | *
10 | * Unless required by applicable law or agreed to in writing, software
11 | * distributed under the License is distributed on an "AS IS" BASIS,
12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 | * See the License for the specific language governing permissions and
14 | * limitations under the License.
15 | */
16 |
17 | resource "random_string" "suffix" {
18 | length = 4
19 | upper = false
20 | special = false
21 | }
22 |
23 | module "log_export" {
24 | source = "terraform-google-modules/log-export/google"
25 | version = "~> 11.0"
26 |
27 | destination_uri = module.destination.destination_uri
28 | filter = "resource.type = gce_instance"
29 | log_sink_name = "pubsub_org_${random_string.suffix.result}"
30 | parent_resource_id = var.parent_resource_id
31 | parent_resource_type = "organization"
32 | unique_writer_identity = true
33 | }
34 |
35 | module "destination" {
36 | source = "terraform-google-modules/log-export/google//modules/pubsub"
37 | version = "~> 11.0"
38 |
39 | project_id = var.project_id
40 | topic_name = "pubsub-org-${random_string.suffix.result}"
41 | log_sink_writer_identity = module.log_export.writer_identity
42 | create_subscriber = true
43 | }
44 |
45 |
--------------------------------------------------------------------------------
/examples/pubsub/organization/outputs.tf:
--------------------------------------------------------------------------------
1 | /**
2 | * Copyright 2024 Google LLC
3 | *
4 | * Licensed under the Apache License, Version 2.0 (the "License");
5 | * you may not use this file except in compliance with the License.
6 | * You may obtain a copy of the License at
7 | *
8 | * http://www.apache.org/licenses/LICENSE-2.0
9 | *
10 | * Unless required by applicable law or agreed to in writing, software
11 | * distributed under the License is distributed on an "AS IS" BASIS,
12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 | * See the License for the specific language governing permissions and
14 | * limitations under the License.
15 | */
16 |
17 | output "log_export_map" {
18 | description = "Outputs from the log export module"
19 |
20 | value = {
21 | filter = module.log_export.filter
22 | log_sink_resource_id = module.log_export.log_sink_resource_id
23 | log_sink_resource_name = module.log_export.log_sink_resource_name
24 | parent_resource_id = module.log_export.parent_resource_id
25 | writer_identity = module.log_export.writer_identity
26 | }
27 | }
28 |
29 | output "destination_map" {
30 | description = "Outputs from the destination module"
31 |
32 | value = {
33 | console_link = module.destination.console_link
34 | project = module.destination.project
35 | resource_name = module.destination.resource_name
36 | resource_id = module.destination.resource_id
37 | destination_uri = module.destination.destination_uri
38 | pubsub_subscriber = module.destination.pubsub_subscriber
39 | pubsub_subscription = module.destination.pubsub_subscription
40 | }
41 | }
42 |
43 |
--------------------------------------------------------------------------------
/examples/pubsub/organization/variables.tf:
--------------------------------------------------------------------------------
1 | /**
2 | * Copyright 2024 Google LLC
3 | *
4 | * Licensed under the Apache License, Version 2.0 (the "License");
5 | * you may not use this file except in compliance with the License.
6 | * You may obtain a copy of the License at
7 | *
8 | * http://www.apache.org/licenses/LICENSE-2.0
9 | *
10 | * Unless required by applicable law or agreed to in writing, software
11 | * distributed under the License is distributed on an "AS IS" BASIS,
12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 | * See the License for the specific language governing permissions and
14 | * limitations under the License.
15 | */
16 |
17 | variable "project_id" {
18 | description = "The ID of the project in which the log export will be created."
19 | type = string
20 | }
21 |
22 | variable "parent_resource_id" {
23 | description = "The ID of the project in which pubsub topic destination will be created."
24 | type = string
25 | }
26 |
27 |
--------------------------------------------------------------------------------
/examples/pubsub/organization/versions.tf:
--------------------------------------------------------------------------------
1 | /**
2 | * Copyright 2024 Google LLC
3 | *
4 | * Licensed under the Apache License, Version 2.0 (the "License");
5 | * you may not use this file except in compliance with the License.
6 | * You may obtain a copy of the License at
7 | *
8 | * http://www.apache.org/licenses/LICENSE-2.0
9 | *
10 | * Unless required by applicable law or agreed to in writing, software
11 | * distributed under the License is distributed on an "AS IS" BASIS,
12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 | * See the License for the specific language governing permissions and
14 | * limitations under the License.
15 | */
16 |
17 |
18 | terraform {
19 | required_version = ">= 1.3"
20 | required_providers {
21 | google = {
22 | source = "hashicorp/google"
23 | }
24 | random = {
25 | source = "hashicorp/random"
26 | }
27 | }
28 | }
29 |
--------------------------------------------------------------------------------
/examples/pubsub/project/README.md:
--------------------------------------------------------------------------------
1 | # Log Export: PubSub destination at Project level
2 |
3 | This example configures a project-level log sink that feeds a pubsub topic destination
4 |
5 |
6 | ## Inputs
7 |
8 | | Name | Description | Type | Default | Required |
9 | |------|-------------|------|---------|:--------:|
10 | | parent\_resource\_id | The ID of the project in which pubsub topic destination will be created. | `string` | n/a | yes |
11 | | project\_id | The ID of the project in which the log export will be created. | `string` | n/a | yes |
12 |
13 | ## Outputs
14 |
15 | | Name | Description |
16 | |------|-------------|
17 | | destination\_map | Outputs from the destination module |
18 | | log\_export\_map | Outputs from the log export module |
19 |
20 |
21 |
--------------------------------------------------------------------------------
/examples/pubsub/project/outputs.tf:
--------------------------------------------------------------------------------
1 | /**
2 | * Copyright 2024 Google LLC
3 | *
4 | * Licensed under the Apache License, Version 2.0 (the "License");
5 | * you may not use this file except in compliance with the License.
6 | * You may obtain a copy of the License at
7 | *
8 | * http://www.apache.org/licenses/LICENSE-2.0
9 | *
10 | * Unless required by applicable law or agreed to in writing, software
11 | * distributed under the License is distributed on an "AS IS" BASIS,
12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 | * See the License for the specific language governing permissions and
14 | * limitations under the License.
15 | */
16 |
17 | output "log_export_map" {
18 | description = "Outputs from the log export module"
19 |
20 | value = {
21 | filter = module.log_export.filter
22 | log_sink_resource_id = module.log_export.log_sink_resource_id
23 | log_sink_resource_name = module.log_export.log_sink_resource_name
24 | parent_resource_id = module.log_export.parent_resource_id
25 | writer_identity = module.log_export.writer_identity
26 | }
27 | }
28 |
29 | output "destination_map" {
30 | description = "Outputs from the destination module"
31 |
32 | value = {
33 | console_link = module.destination.console_link
34 | project = module.destination.project
35 | resource_name = module.destination.resource_name
36 | resource_id = module.destination.resource_id
37 | destination_uri = module.destination.destination_uri
38 | pubsub_subscriber = module.destination.pubsub_subscriber
39 | pubsub_subscription = module.destination.pubsub_subscription
40 | }
41 | }
42 |
43 |
--------------------------------------------------------------------------------
/examples/pubsub/project/variables.tf:
--------------------------------------------------------------------------------
1 | /**
2 | * Copyright 2024 Google LLC
3 | *
4 | * Licensed under the Apache License, Version 2.0 (the "License");
5 | * you may not use this file except in compliance with the License.
6 | * You may obtain a copy of the License at
7 | *
8 | * http://www.apache.org/licenses/LICENSE-2.0
9 | *
10 | * Unless required by applicable law or agreed to in writing, software
11 | * distributed under the License is distributed on an "AS IS" BASIS,
12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 | * See the License for the specific language governing permissions and
14 | * limitations under the License.
15 | */
16 |
17 | variable "project_id" {
18 | description = "The ID of the project in which the log export will be created."
19 | type = string
20 | }
21 |
22 | variable "parent_resource_id" {
23 | description = "The ID of the project in which pubsub topic destination will be created."
24 | type = string
25 | }
26 |
27 |
--------------------------------------------------------------------------------
/examples/pubsub/project/versions.tf:
--------------------------------------------------------------------------------
1 | /**
2 | * Copyright 2024 Google LLC
3 | *
4 | * Licensed under the Apache License, Version 2.0 (the "License");
5 | * you may not use this file except in compliance with the License.
6 | * You may obtain a copy of the License at
7 | *
8 | * http://www.apache.org/licenses/LICENSE-2.0
9 | *
10 | * Unless required by applicable law or agreed to in writing, software
11 | * distributed under the License is distributed on an "AS IS" BASIS,
12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 | * See the License for the specific language governing permissions and
14 | * limitations under the License.
15 | */
16 |
17 |
18 | terraform {
19 | required_version = ">= 1.3"
20 | required_providers {
21 | google = {
22 | source = "hashicorp/google"
23 | }
24 | random = {
25 | source = "hashicorp/random"
26 | }
27 | }
28 | }
29 |
--------------------------------------------------------------------------------
/examples/splunk-sink/outputs.tf:
--------------------------------------------------------------------------------
1 | /**
2 | * Copyright 2024 Google LLC
3 | *
4 | * Licensed under the Apache License, Version 2.0 (the "License");
5 | * you may not use this file except in compliance with the License.
6 | * You may obtain a copy of the License at
7 | *
8 | * http://www.apache.org/licenses/LICENSE-2.0
9 | *
10 | * Unless required by applicable law or agreed to in writing, software
11 | * distributed under the License is distributed on an "AS IS" BASIS,
12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 | * See the License for the specific language governing permissions and
14 | * limitations under the License.
15 | */
16 |
17 | output "pubsub_topic_name" {
18 | description = "Pub/Sub topic name"
19 | value = module.destination.resource_id
20 | }
21 |
22 | output "pubsub_topic_project" {
23 | description = "Pub/Sub topic project id"
24 | value = module.destination.project
25 | }
26 |
27 | output "pubsub_subscription_name" {
28 | description = "Pub/Sub topic subscription name"
29 | value = module.destination.pubsub_subscription
30 | }
31 |
32 | output "pubsub_subscriber" {
33 | description = "Pub/Sub topic subscriber email"
34 | value = module.destination.pubsub_subscriber
35 | }
36 |
37 |
--------------------------------------------------------------------------------
/examples/splunk-sink/terraform.tfvars.sample:
--------------------------------------------------------------------------------
1 | ../terraform.tfvars.sample
--------------------------------------------------------------------------------
/examples/splunk-sink/variables.tf:
--------------------------------------------------------------------------------
1 | /**
2 | * Copyright 2024 Google LLC
3 | *
4 | * Licensed under the Apache License, Version 2.0 (the "License");
5 | * you may not use this file except in compliance with the License.
6 | * You may obtain a copy of the License at
7 | *
8 | * http://www.apache.org/licenses/LICENSE-2.0
9 | *
10 | * Unless required by applicable law or agreed to in writing, software
11 | * distributed under the License is distributed on an "AS IS" BASIS,
12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 | * See the License for the specific language governing permissions and
14 | * limitations under the License.
15 | */
16 |
17 | variable "project_id" {
18 | description = "The ID of the project in which the log export will be created."
19 | type = string
20 | }
21 |
22 | variable "parent_resource_id" {
23 | description = "The ID of the project in which pubsub topic destination will be created."
24 | type = string
25 | }
26 |
27 |
--------------------------------------------------------------------------------
/examples/splunk-sink/versions.tf:
--------------------------------------------------------------------------------
1 | /**
2 | * Copyright 2024 Google LLC
3 | *
4 | * Licensed under the Apache License, Version 2.0 (the "License");
5 | * you may not use this file except in compliance with the License.
6 | * You may obtain a copy of the License at
7 | *
8 | * http://www.apache.org/licenses/LICENSE-2.0
9 | *
10 | * Unless required by applicable law or agreed to in writing, software
11 | * distributed under the License is distributed on an "AS IS" BASIS,
12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 | * See the License for the specific language governing permissions and
14 | * limitations under the License.
15 | */
16 |
17 |
18 | terraform {
19 | required_version = ">= 1.3"
20 | required_providers {
21 | google = {
22 | source = "hashicorp/google"
23 | }
24 | }
25 | }
26 |
--------------------------------------------------------------------------------
/examples/storage/billing_account/README.md:
--------------------------------------------------------------------------------
1 | # Log Export: Storage destination at Billing Account level
2 |
3 | This example configures a billing-account-level log sink that feeds a storage bucket destination. Storage bucket versioning is turned on to mitigate possible modify or delete log events.
4 |
5 |
6 | ## Inputs
7 |
8 | | Name | Description | Type | Default | Required |
9 | |------|-------------|------|---------|:--------:|
10 | | parent\_resource\_id | The ID of the project in which storage bucket destination will be created. | `string` | n/a | yes |
11 | | project\_id | The ID of the project in which the log export will be created. | `string` | n/a | yes |
12 |
13 | ## Outputs
14 |
15 | | Name | Description |
16 | |------|-------------|
17 | | destination\_map | Outputs from the destination module |
18 | | log\_export\_map | Outputs from the log export module |
19 |
20 |
21 |
--------------------------------------------------------------------------------
/examples/storage/billing_account/main.tf:
--------------------------------------------------------------------------------
1 | /**
2 | * Copyright 2024 Google LLC
3 | *
4 | * Licensed under the Apache License, Version 2.0 (the "License");
5 | * you may not use this file except in compliance with the License.
6 | * You may obtain a copy of the License at
7 | *
8 | * http://www.apache.org/licenses/LICENSE-2.0
9 | *
10 | * Unless required by applicable law or agreed to in writing, software
11 | * distributed under the License is distributed on an "AS IS" BASIS,
12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 | * See the License for the specific language governing permissions and
14 | * limitations under the License.
15 | */
16 |
17 | module "log_export" {
18 | source = "terraform-google-modules/log-export/google"
19 | version = "~> 11.0"
20 |
21 | destination_uri = module.destination.destination_uri
22 | log_sink_name = "storage_example_logsink"
23 | parent_resource_id = var.parent_resource_id
24 | parent_resource_type = "billing_account"
25 | unique_writer_identity = true
26 | }
27 |
28 | module "destination" {
29 | source = "terraform-google-modules/log-export/google//modules/storage"
30 | version = "~> 11.0"
31 |
32 | project_id = var.project_id
33 | storage_bucket_name = "storage_example_bucket"
34 | log_sink_writer_identity = module.log_export.writer_identity
35 | versioning = true
36 | }
37 |
38 |
--------------------------------------------------------------------------------
/examples/storage/billing_account/outputs.tf:
--------------------------------------------------------------------------------
1 | /**
2 | * Copyright 2024 Google LLC
3 | *
4 | * Licensed under the Apache License, Version 2.0 (the "License");
5 | * you may not use this file except in compliance with the License.
6 | * You may obtain a copy of the License at
7 | *
8 | * http://www.apache.org/licenses/LICENSE-2.0
9 | *
10 | * Unless required by applicable law or agreed to in writing, software
11 | * distributed under the License is distributed on an "AS IS" BASIS,
12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 | * See the License for the specific language governing permissions and
14 | * limitations under the License.
15 | */
16 |
17 | output "log_export_map" {
18 | description = "Outputs from the log export module"
19 |
20 | value = {
21 | filter = module.log_export.filter
22 | log_sink_resource_id = module.log_export.log_sink_resource_id
23 | log_sink_resource_name = module.log_export.log_sink_resource_name
24 | parent_resource_id = module.log_export.parent_resource_id
25 | writer_identity = module.log_export.writer_identity
26 | }
27 | }
28 |
29 | output "destination_map" {
30 | description = "Outputs from the destination module"
31 |
32 | value = {
33 | console_link = module.destination.console_link
34 | project = module.destination.project
35 | resource_name = module.destination.resource_name
36 | resource_id = module.destination.resource_id
37 | self_link = module.destination.self_link
38 | destination_uri = module.destination.destination_uri
39 | }
40 | }
41 |
42 |
--------------------------------------------------------------------------------
/examples/storage/billing_account/variables.tf:
--------------------------------------------------------------------------------
1 | /**
2 | * Copyright 2024 Google LLC
3 | *
4 | * Licensed under the Apache License, Version 2.0 (the "License");
5 | * you may not use this file except in compliance with the License.
6 | * You may obtain a copy of the License at
7 | *
8 | * http://www.apache.org/licenses/LICENSE-2.0
9 | *
10 | * Unless required by applicable law or agreed to in writing, software
11 | * distributed under the License is distributed on an "AS IS" BASIS,
12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 | * See the License for the specific language governing permissions and
14 | * limitations under the License.
15 | */
16 |
17 | variable "project_id" {
18 | description = "The ID of the project in which the log export will be created."
19 | type = string
20 | }
21 |
22 | variable "parent_resource_id" {
23 | description = "The ID of the project in which storage bucket destination will be created."
24 | type = string
25 | }
26 |
27 |
--------------------------------------------------------------------------------
/examples/storage/billing_account/versions.tf:
--------------------------------------------------------------------------------
1 | /**
2 | * Copyright 2024 Google LLC
3 | *
4 | * Licensed under the Apache License, Version 2.0 (the "License");
5 | * you may not use this file except in compliance with the License.
6 | * You may obtain a copy of the License at
7 | *
8 | * http://www.apache.org/licenses/LICENSE-2.0
9 | *
10 | * Unless required by applicable law or agreed to in writing, software
11 | * distributed under the License is distributed on an "AS IS" BASIS,
12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 | * See the License for the specific language governing permissions and
14 | * limitations under the License.
15 | */
16 |
17 |
18 | terraform {
19 | required_version = ">= 1.3"
20 | required_providers {
21 | google = {
22 | source = "hashicorp/google"
23 | }
24 | }
25 | }
26 |
--------------------------------------------------------------------------------
/examples/storage/folder/README.md:
--------------------------------------------------------------------------------
1 | # Log Export: Storage destination at Folder level
2 |
3 | This example configures a folder-level log sink that feeds a storage bucket destination
4 |
5 |
6 | ## Inputs
7 |
8 | | Name | Description | Type | Default | Required |
9 | |------|-------------|------|---------|:--------:|
10 | | parent\_resource\_id | The ID of the project in which storage bucket destination will be created. | `string` | n/a | yes |
11 | | project\_id | The ID of the project in which the log export will be created. | `string` | n/a | yes |
12 |
13 | ## Outputs
14 |
15 | | Name | Description |
16 | |------|-------------|
17 | | destination\_map | Outputs from the destination module |
18 | | log\_export\_map | Outputs from the log export module |
19 |
20 |
21 |
--------------------------------------------------------------------------------
/examples/storage/folder/main.tf:
--------------------------------------------------------------------------------
1 | /**
2 | * Copyright 2024 Google LLC
3 | *
4 | * Licensed under the Apache License, Version 2.0 (the "License");
5 | * you may not use this file except in compliance with the License.
6 | * You may obtain a copy of the License at
7 | *
8 | * http://www.apache.org/licenses/LICENSE-2.0
9 | *
10 | * Unless required by applicable law or agreed to in writing, software
11 | * distributed under the License is distributed on an "AS IS" BASIS,
12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 | * See the License for the specific language governing permissions and
14 | * limitations under the License.
15 | */
16 |
17 |
18 | resource "random_string" "suffix" {
19 | length = 4
20 | upper = false
21 | special = false
22 | }
23 |
24 | module "log_export" {
25 | source = "terraform-google-modules/log-export/google"
26 | version = "~> 11.0"
27 |
28 | destination_uri = module.destination.destination_uri
29 | filter = "resource.type = gce_instance"
30 | log_sink_name = "storage_folder_${random_string.suffix.result}"
31 | parent_resource_id = var.parent_resource_id
32 | parent_resource_type = "folder"
33 | unique_writer_identity = true
34 | }
35 |
36 | module "destination" {
37 | source = "terraform-google-modules/log-export/google//modules/storage"
38 | version = "~> 11.0"
39 |
40 | project_id = var.project_id
41 | storage_bucket_name = "storage_folder_${random_string.suffix.result}"
42 | log_sink_writer_identity = module.log_export.writer_identity
43 | }
44 |
45 |
--------------------------------------------------------------------------------
/examples/storage/folder/outputs.tf:
--------------------------------------------------------------------------------
1 | /**
2 | * Copyright 2024 Google LLC
3 | *
4 | * Licensed under the Apache License, Version 2.0 (the "License");
5 | * you may not use this file except in compliance with the License.
6 | * You may obtain a copy of the License at
7 | *
8 | * http://www.apache.org/licenses/LICENSE-2.0
9 | *
10 | * Unless required by applicable law or agreed to in writing, software
11 | * distributed under the License is distributed on an "AS IS" BASIS,
12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 | * See the License for the specific language governing permissions and
14 | * limitations under the License.
15 | */
16 |
17 | output "log_export_map" {
18 | description = "Outputs from the log export module"
19 |
20 | value = {
21 | filter = module.log_export.filter
22 | log_sink_resource_id = module.log_export.log_sink_resource_id
23 | log_sink_resource_name = module.log_export.log_sink_resource_name
24 | parent_resource_id = module.log_export.parent_resource_id
25 | writer_identity = module.log_export.writer_identity
26 | }
27 | }
28 |
29 | output "destination_map" {
30 | description = "Outputs from the destination module"
31 |
32 | value = {
33 | console_link = module.destination.console_link
34 | project = module.destination.project
35 | resource_name = module.destination.resource_name
36 | resource_id = module.destination.resource_id
37 | self_link = module.destination.self_link
38 | destination_uri = module.destination.destination_uri
39 | }
40 | }
41 |
42 |
--------------------------------------------------------------------------------
/examples/storage/folder/variables.tf:
--------------------------------------------------------------------------------
1 | /**
2 | * Copyright 2024 Google LLC
3 | *
4 | * Licensed under the Apache License, Version 2.0 (the "License");
5 | * you may not use this file except in compliance with the License.
6 | * You may obtain a copy of the License at
7 | *
8 | * http://www.apache.org/licenses/LICENSE-2.0
9 | *
10 | * Unless required by applicable law or agreed to in writing, software
11 | * distributed under the License is distributed on an "AS IS" BASIS,
12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 | * See the License for the specific language governing permissions and
14 | * limitations under the License.
15 | */
16 |
17 | variable "project_id" {
18 | description = "The ID of the project in which the log export will be created."
19 | type = string
20 | }
21 |
22 | variable "parent_resource_id" {
23 | description = "The ID of the project in which storage bucket destination will be created."
24 | type = string
25 | }
26 |
27 |
--------------------------------------------------------------------------------
/examples/storage/folder/versions.tf:
--------------------------------------------------------------------------------
1 | /**
2 | * Copyright 2024 Google LLC
3 | *
4 | * Licensed under the Apache License, Version 2.0 (the "License");
5 | * you may not use this file except in compliance with the License.
6 | * You may obtain a copy of the License at
7 | *
8 | * http://www.apache.org/licenses/LICENSE-2.0
9 | *
10 | * Unless required by applicable law or agreed to in writing, software
11 | * distributed under the License is distributed on an "AS IS" BASIS,
12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 | * See the License for the specific language governing permissions and
14 | * limitations under the License.
15 | */
16 |
17 |
18 | terraform {
19 | required_version = ">= 1.3"
20 | required_providers {
21 | google = {
22 | source = "hashicorp/google"
23 | }
24 | random = {
25 | source = "hashicorp/random"
26 | }
27 | }
28 | }
29 |
--------------------------------------------------------------------------------
/examples/storage/organization/README.md:
--------------------------------------------------------------------------------
1 | # Log Export: Storage destination at Organization level
2 |
3 | This example configures a organization-level log sink that feeds a storage bucket destination. Storage bucket versioning is turned on to mitigate possible modify or delete log events.
4 |
5 |
6 | ## Inputs
7 |
8 | | Name | Description | Type | Default | Required |
9 | |------|-------------|------|---------|:--------:|
10 | | parent\_resource\_id | The ID of the project in which storage bucket destination will be created. | `string` | n/a | yes |
11 | | project\_id | The ID of the project in which the log export will be created. | `string` | n/a | yes |
12 |
13 | ## Outputs
14 |
15 | | Name | Description |
16 | |------|-------------|
17 | | destination\_map | Outputs from the destination module |
18 | | log\_export\_map | Outputs from the log export module |
19 |
20 |
21 |
--------------------------------------------------------------------------------
/examples/storage/organization/main.tf:
--------------------------------------------------------------------------------
1 | /**
2 | * Copyright 2024 Google LLC
3 | *
4 | * Licensed under the Apache License, Version 2.0 (the "License");
5 | * you may not use this file except in compliance with the License.
6 | * You may obtain a copy of the License at
7 | *
8 | * http://www.apache.org/licenses/LICENSE-2.0
9 | *
10 | * Unless required by applicable law or agreed to in writing, software
11 | * distributed under the License is distributed on an "AS IS" BASIS,
12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 | * See the License for the specific language governing permissions and
14 | * limitations under the License.
15 | */
16 |
17 |
18 | resource "random_string" "suffix" {
19 | length = 4
20 | upper = false
21 | special = false
22 | }
23 |
24 | module "log_export" {
25 | source = "terraform-google-modules/log-export/google"
26 | version = "~> 11.0"
27 |
28 | destination_uri = module.destination.destination_uri
29 | filter = "resource.type = gce_instance"
30 | log_sink_name = "storage_org_${random_string.suffix.result}"
31 | parent_resource_id = var.parent_resource_id
32 | parent_resource_type = "organization"
33 | unique_writer_identity = true
34 | }
35 |
36 | module "destination" {
37 | source = "terraform-google-modules/log-export/google//modules/storage"
38 | version = "~> 11.0"
39 |
40 | project_id = var.project_id
41 | storage_bucket_name = "storage_org_${random_string.suffix.result}"
42 | log_sink_writer_identity = module.log_export.writer_identity
43 | versioning = true
44 | }
45 |
46 |
--------------------------------------------------------------------------------
/examples/storage/organization/outputs.tf:
--------------------------------------------------------------------------------
1 | /**
2 | * Copyright 2024 Google LLC
3 | *
4 | * Licensed under the Apache License, Version 2.0 (the "License");
5 | * you may not use this file except in compliance with the License.
6 | * You may obtain a copy of the License at
7 | *
8 | * http://www.apache.org/licenses/LICENSE-2.0
9 | *
10 | * Unless required by applicable law or agreed to in writing, software
11 | * distributed under the License is distributed on an "AS IS" BASIS,
12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 | * See the License for the specific language governing permissions and
14 | * limitations under the License.
15 | */
16 |
17 | output "log_export_map" {
18 | description = "Outputs from the log export module"
19 |
20 | value = {
21 | filter = module.log_export.filter
22 | log_sink_resource_id = module.log_export.log_sink_resource_id
23 | log_sink_resource_name = module.log_export.log_sink_resource_name
24 | parent_resource_id = module.log_export.parent_resource_id
25 | writer_identity = module.log_export.writer_identity
26 | }
27 | }
28 |
29 | output "destination_map" {
30 | description = "Outputs from the destination module"
31 |
32 | value = {
33 | console_link = module.destination.console_link
34 | project = module.destination.project
35 | resource_name = module.destination.resource_name
36 | resource_id = module.destination.resource_id
37 | self_link = module.destination.self_link
38 | destination_uri = module.destination.destination_uri
39 | }
40 | }
41 |
42 |
--------------------------------------------------------------------------------
/examples/storage/organization/variables.tf:
--------------------------------------------------------------------------------
1 | /**
2 | * Copyright 2024 Google LLC
3 | *
4 | * Licensed under the Apache License, Version 2.0 (the "License");
5 | * you may not use this file except in compliance with the License.
6 | * You may obtain a copy of the License at
7 | *
8 | * http://www.apache.org/licenses/LICENSE-2.0
9 | *
10 | * Unless required by applicable law or agreed to in writing, software
11 | * distributed under the License is distributed on an "AS IS" BASIS,
12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 | * See the License for the specific language governing permissions and
14 | * limitations under the License.
15 | */
16 |
17 | variable "project_id" {
18 | description = "The ID of the project in which the log export will be created."
19 | type = string
20 | }
21 |
22 | variable "parent_resource_id" {
23 | description = "The ID of the project in which storage bucket destination will be created."
24 | type = string
25 | }
26 |
27 |
--------------------------------------------------------------------------------
/examples/storage/organization/versions.tf:
--------------------------------------------------------------------------------
1 | /**
2 | * Copyright 2024 Google LLC
3 | *
4 | * Licensed under the Apache License, Version 2.0 (the "License");
5 | * you may not use this file except in compliance with the License.
6 | * You may obtain a copy of the License at
7 | *
8 | * http://www.apache.org/licenses/LICENSE-2.0
9 | *
10 | * Unless required by applicable law or agreed to in writing, software
11 | * distributed under the License is distributed on an "AS IS" BASIS,
12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 | * See the License for the specific language governing permissions and
14 | * limitations under the License.
15 | */
16 |
17 |
18 | terraform {
19 | required_version = ">= 1.3"
20 | required_providers {
21 | google = {
22 | source = "hashicorp/google"
23 | }
24 | random = {
25 | source = "hashicorp/random"
26 | }
27 | }
28 | }
29 |
--------------------------------------------------------------------------------
/examples/storage/project/README.md:
--------------------------------------------------------------------------------
1 | # Log Export: Storage destination at Project level
2 |
3 | This example configures a project-level log sink that feeds a storage bucket destination
4 |
5 |
6 | ## Inputs
7 |
8 | | Name | Description | Type | Default | Required |
9 | |------|-------------|------|---------|:--------:|
10 | | parent\_resource\_id | The ID of the project in which storage bucket destination will be created. | `string` | n/a | yes |
11 | | project\_id | The ID of the project in which the log export will be created. | `string` | n/a | yes |
12 |
13 | ## Outputs
14 |
15 | | Name | Description |
16 | |------|-------------|
17 | | destination\_map | Outputs from the destination module |
18 | | log\_export\_map | Outputs from the log export module |
19 |
20 |
21 |
--------------------------------------------------------------------------------
/examples/storage/project/outputs.tf:
--------------------------------------------------------------------------------
1 | /**
2 | * Copyright 2024 Google LLC
3 | *
4 | * Licensed under the Apache License, Version 2.0 (the "License");
5 | * you may not use this file except in compliance with the License.
6 | * You may obtain a copy of the License at
7 | *
8 | * http://www.apache.org/licenses/LICENSE-2.0
9 | *
10 | * Unless required by applicable law or agreed to in writing, software
11 | * distributed under the License is distributed on an "AS IS" BASIS,
12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 | * See the License for the specific language governing permissions and
14 | * limitations under the License.
15 | */
16 |
17 | output "log_export_map" {
18 | description = "Outputs from the log export module"
19 |
20 | value = {
21 | filter = module.log_export.filter
22 | log_sink_resource_id = module.log_export.log_sink_resource_id
23 | log_sink_resource_name = module.log_export.log_sink_resource_name
24 | parent_resource_id = module.log_export.parent_resource_id
25 | writer_identity = module.log_export.writer_identity
26 | }
27 | }
28 |
29 | output "destination_map" {
30 | description = "Outputs from the destination module"
31 |
32 | value = {
33 | console_link = module.destination.console_link
34 | project = module.destination.project
35 | resource_name = module.destination.resource_name
36 | resource_id = module.destination.resource_id
37 | self_link = module.destination.self_link
38 | destination_uri = module.destination.destination_uri
39 | }
40 | }
41 |
42 |
--------------------------------------------------------------------------------
/examples/storage/project/variables.tf:
--------------------------------------------------------------------------------
1 | /**
2 | * Copyright 2024 Google LLC
3 | *
4 | * Licensed under the Apache License, Version 2.0 (the "License");
5 | * you may not use this file except in compliance with the License.
6 | * You may obtain a copy of the License at
7 | *
8 | * http://www.apache.org/licenses/LICENSE-2.0
9 | *
10 | * Unless required by applicable law or agreed to in writing, software
11 | * distributed under the License is distributed on an "AS IS" BASIS,
12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 | * See the License for the specific language governing permissions and
14 | * limitations under the License.
15 | */
16 |
17 | variable "project_id" {
18 | description = "The ID of the project in which the log export will be created."
19 | type = string
20 | }
21 |
22 | variable "parent_resource_id" {
23 | description = "The ID of the project in which storage bucket destination will be created."
24 | type = string
25 | }
26 |
27 |
--------------------------------------------------------------------------------
/examples/storage/project/versions.tf:
--------------------------------------------------------------------------------
1 | /**
2 | * Copyright 2024 Google LLC
3 | *
4 | * Licensed under the Apache License, Version 2.0 (the "License");
5 | * you may not use this file except in compliance with the License.
6 | * You may obtain a copy of the License at
7 | *
8 | * http://www.apache.org/licenses/LICENSE-2.0
9 | *
10 | * Unless required by applicable law or agreed to in writing, software
11 | * distributed under the License is distributed on an "AS IS" BASIS,
12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 | * See the License for the specific language governing permissions and
14 | * limitations under the License.
15 | */
16 |
17 |
18 | terraform {
19 | required_version = ">= 1.3"
20 | required_providers {
21 | google = {
22 | source = "hashicorp/google"
23 | }
24 | random = {
25 | source = "hashicorp/random"
26 | }
27 | }
28 | }
29 |
--------------------------------------------------------------------------------
/examples/terraform.tfvars.sample:
--------------------------------------------------------------------------------
1 | project_id = ""
2 |
3 | parent_resource_id = ""
4 |
--------------------------------------------------------------------------------
/modules/bigquery/outputs.tf:
--------------------------------------------------------------------------------
1 | /**
2 | * Copyright 2024 Google LLC
3 | *
4 | * Licensed under the Apache License, Version 2.0 (the "License");
5 | * you may not use this file except in compliance with the License.
6 | * You may obtain a copy of the License at
7 | *
8 | * http://www.apache.org/licenses/LICENSE-2.0
9 | *
10 | * Unless required by applicable law or agreed to in writing, software
11 | * distributed under the License is distributed on an "AS IS" BASIS,
12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 | * See the License for the specific language governing permissions and
14 | * limitations under the License.
15 | */
16 |
17 | output "console_link" {
18 | description = "The console link to the destination bigquery dataset"
19 | value = "https://bigquery.cloud.google.com/dataset/${var.project_id}:${local.dataset_name}"
20 | }
21 |
22 | output "project" {
23 | description = "The project in which the bigquery dataset was created."
24 | value = google_bigquery_dataset.dataset.project
25 | }
26 |
27 | output "resource_name" {
28 | description = "The resource name for the destination bigquery dataset"
29 | value = local.dataset_name
30 | }
31 |
32 | output "resource_id" {
33 | description = "The resource id for the destination bigquery dataset"
34 | value = google_bigquery_dataset.dataset.id
35 | }
36 |
37 | output "self_link" {
38 | description = "The self_link URI for the destination bigquery dataset"
39 | value = google_bigquery_dataset.dataset.self_link
40 | }
41 |
42 | output "destination_uri" {
43 | description = "The destination URI for the bigquery dataset."
44 | value = local.destination_uri
45 | }
46 |
47 |
--------------------------------------------------------------------------------
/modules/bigquery/versions.tf:
--------------------------------------------------------------------------------
1 | /**
2 | * Copyright 2024 Google LLC
3 | *
4 | * Licensed under the Apache License, Version 2.0 (the "License");
5 | * you may not use this file except in compliance with the License.
6 | * You may obtain a copy of the License at
7 | *
8 | * http://www.apache.org/licenses/LICENSE-2.0
9 | *
10 | * Unless required by applicable law or agreed to in writing, software
11 | * distributed under the License is distributed on an "AS IS" BASIS,
12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 | * See the License for the specific language governing permissions and
14 | * limitations under the License.
15 | */
16 |
17 | terraform {
18 | required_version = ">= 1.3"
19 | required_providers {
20 |
21 | google = {
22 | source = "hashicorp/google"
23 | version = ">= 3.53, < 8"
24 | }
25 | }
26 |
27 | provider_meta "google" {
28 | module_name = "blueprints/terraform/terraform-google-log-export:bigquery/v11.1.0"
29 | }
30 |
31 | }
32 |
--------------------------------------------------------------------------------
/modules/bq-log-alerting/.gitignore:
--------------------------------------------------------------------------------
1 | logging/cloud_function.zip
2 |
--------------------------------------------------------------------------------
/modules/bq-log-alerting/logging/cloud_function/package.json:
--------------------------------------------------------------------------------
1 | {
2 | "dependencies": {
3 | "@google-cloud/bigquery": "^7.0.0",
4 | "@google-cloud/security-center": ">=3.0.1",
5 | "crypto-js": "^4.2.0"
6 | }
7 | }
8 |
--------------------------------------------------------------------------------
/modules/bq-log-alerting/outputs.tf:
--------------------------------------------------------------------------------
1 | /**
2 | * Copyright 2024 Google LLC
3 | *
4 | * Licensed under the Apache License, Version 2.0 (the "License");
5 | * you may not use this file except in compliance with the License.
6 | * You may obtain a copy of the License at
7 | *
8 | * http://www.apache.org/licenses/LICENSE-2.0
9 | *
10 | * Unless required by applicable law or agreed to in writing, software
11 | * distributed under the License is distributed on an "AS IS" BASIS,
12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 | * See the License for the specific language governing permissions and
14 | * limitations under the License.
15 | */
16 |
17 | output "cloud_scheduler_job_name" {
18 | value = module.bq-log-alerting.name
19 | description = "The name of the Cloud Scheduler job created"
20 | }
21 |
22 | output "pubsub_topic_name" {
23 | value = module.bq-log-alerting.pubsub_topic_name
24 | description = "Pub/Sub topic name"
25 | }
26 |
27 | output "cloud_scheduler_job" {
28 | value = module.bq-log-alerting.scheduler_job
29 | description = "The Cloud Scheduler job instance"
30 | }
31 |
32 | output "source_name" {
33 | value = local.actual_source_name
34 | description = "The Security Command Center Source name for the \"BQ Log Alerts\" Source"
35 | }
36 |
37 | output "cloud_function_service_account_email" {
38 | value = google_service_account.gcf_service_account.email
39 | description = "The email of the service account created to be used by the Cloud Function"
40 | }
41 |
42 | output "bq_views_dataset_id" {
43 | value = google_bigquery_dataset.views_dataset.id
44 | description = "The ID of the BigQuery Views dataset"
45 | }
46 |
--------------------------------------------------------------------------------
/modules/bq-log-alerting/use-cases/add_remove_routes.sql:
--------------------------------------------------------------------------------
1 | # Copyright 2020 Google Inc.
2 | #
3 | # Licensed under the Apache License, Version 2.0 (the "License");
4 | # you may not use this file except in compliance with the License.
5 | # You may obtain a copy of the License at
6 | #
7 | # https://www.apache.org/licenses/LICENSE-2.0
8 | #
9 | # Unless required by applicable law or agreed to in writing, software
10 | # distributed under the License is distributed on an "AS IS" BASIS,
11 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 | # See the License for the specific language governing permissions and
13 | # limitations under the License.
14 |
15 | SELECT
16 | log_table.receiveTimestamp,
17 | log_table.timestamp AS eventTimestamp,
18 | log_table.protopayload_auditlog.requestMetadata.callerIp,
19 | log_table.protopayload_auditlog.authenticationInfo.principalEmail,
20 | log_table.protopayload_auditlog.serviceName,
21 | log_table.resource.labels.project_id,
22 | CONCAT('//', log_table.protopayload_auditlog.serviceName, '/projects/', log_table.resource.labels.project_id, '/global/routes/', log_table.resource.labels.route_id) as resourceName,
23 | log_table.insertId
24 | FROM
25 | `${project}.${dataset}.cloudaudit_googleapis_com_activity_*` AS log_table
26 | WHERE
27 | log_table.resource.type = 'gce_route'
28 | AND log_table.operation.last = TRUE # Route insertion can be a long-running operation, so this prevents us from double-counting.
29 | AND log_table.protopayload_auditlog.methodName IN (
30 | 'v1.compute.routes.insert',
31 | 'beta.compute.routes.insert',
32 | 'v1.compute.routes.delete',
33 | 'beta.compute.routes.delete'
34 | );
35 |
--------------------------------------------------------------------------------
/modules/bq-log-alerting/use-cases/disable_vpc_flow_logs.sql:
--------------------------------------------------------------------------------
1 | # Copyright 2020 Google LLC
2 | #
3 | # Licensed under the Apache License, Version 2.0 (the "License");
4 | # you may not use this file except in compliance with the License.
5 | # You may obtain a copy of the License at
6 | #
7 | # https://www.apache.org/licenses/LICENSE-2.0
8 | #
9 | # Unless required by applicable law or agreed to in writing, software
10 | # distributed under the License is distributed on an "AS IS" BASIS,
11 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 | # See the License for the specific language governing permissions and
13 | # limitations under the License.
14 |
15 | SELECT
16 | receiveTimestamp,
17 | timestamp as eventTimestamp,
18 | protopayload_auditlog.requestMetadata.callerIp,
19 | protopayload_auditlog.authenticationInfo.principalEmail,
20 | protopayload_auditlog.serviceName,
21 | resource.labels.project_id,
22 | resource.labels.location,
23 | resource.labels.subnetwork_id,
24 | resource.labels.subnetwork_name,
25 | CONCAT('//', protopayload_auditlog.serviceName, '/projects/', resource.labels.project_id, '/regions/', resource.labels.location, '/subnetworks/', resource.labels.subnetwork_id) as resourceName,
26 | insertId,
27 | FROM
28 | `${project}.${dataset}.cloudaudit_googleapis_com_activity_*`
29 | WHERE
30 | resource.type = "gce_subnetwork"
31 | AND (
32 | JSON_EXTRACT(
33 | protopayload_auditlog.requestJson,
34 | '$.enableFlowLogs'
35 | ) = "false"
36 | OR JSON_EXTRACT(
37 | protopayload_auditlog.requestJson,
38 | '$.logConfig.enable'
39 | ) = "false"
40 | );
41 |
--------------------------------------------------------------------------------
/modules/bq-log-alerting/use-cases/iam_role_add.sql:
--------------------------------------------------------------------------------
1 | # Copyright 2020 Google LLC
2 | #
3 | # Licensed under the Apache License, Version 2.0 (the "License");
4 | # you may not use this file except in compliance with the License.
5 | # You may obtain a copy of the License at
6 | #
7 | # https://www.apache.org/licenses/LICENSE-2.0
8 | #
9 | # Unless required by applicable law or agreed to in writing, software
10 | # distributed under the License is distributed on an "AS IS" BASIS,
11 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 | # See the License for the specific language governing permissions and
13 | # limitations under the License.
14 |
15 | SELECT
16 | receiveTimestamp,
17 | timestamp AS eventTimestamp,
18 | protopayload_auditlog.requestMetadata.callerIp,
19 | protopayload_auditlog.authenticationInfo.principalEmail,
20 | protopayload_auditlog.resourceName as resource_name,
21 | protopayload_auditlog.serviceName,
22 | CONCAT('//', protopayload_auditlog.serviceName, '/projects/', resource.labels.project_id) as resourceName,
23 | bindings.role,
24 | bindings.member,
25 | insertId
26 | FROM
27 | `${project}.${dataset}.cloudaudit_googleapis_com_activity_*`
28 | CROSS JOIN UNNEST(
29 | protopayload_auditlog.servicedata_v1_iam.policyDelta.bindingDeltas
30 | ) AS bindings
31 | WHERE
32 | protopayload_auditlog.methodName = 'SetIamPolicy'
33 | AND bindings.action = 'ADD'
34 | AND JSON_EXTRACT(
35 | TO_JSON_STRING(
36 | protopayload_auditlog.servicedata_v1_iam.policyDelta
37 | ),
38 | '$.bindingDeltas[0].member'
39 | ) NOT LIKE '%domain1.com%'
40 | AND JSON_EXTRACT(
41 | TO_JSON_STRING(
42 | protopayload_auditlog.servicedata_v1_iam.policyDelta
43 | ),
44 | '$.bindingDeltas[0].member'
45 | ) NOT LIKE '%domain2.com%';
46 |
--------------------------------------------------------------------------------
/modules/bq-log-alerting/use-cases/logging_changes.sql:
--------------------------------------------------------------------------------
1 | # Copyright 2020 Google LLC
2 | #
3 | # Licensed under the Apache License, Version 2.0 (the "License");
4 | # you may not use this file except in compliance with the License.
5 | # You may obtain a copy of the License at
6 | #
7 | # https://www.apache.org/licenses/LICENSE-2.0
8 | #
9 | # Unless required by applicable law or agreed to in writing, software
10 | # distributed under the License is distributed on an "AS IS" BASIS,
11 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 | # See the License for the specific language governing permissions and
13 | # limitations under the License.
14 |
15 | SELECT
16 | receiveTimestamp,
17 | timestamp AS eventTimestamp,
18 | protopayload_auditlog.requestMetadata.callerIp,
19 | protopayload_auditlog.authenticationInfo.principalEmail,
20 | protopayload_auditlog.resourceName,
21 | protopayload_auditlog.methodName
22 | FROM
23 | `${project}.${dataset}.cloudaudit_googleapis_com_activity_*`
24 | WHERE
25 | protopayload_auditlog.serviceName = "logging.googleapis.com";
26 |
--------------------------------------------------------------------------------
/modules/bq-log-alerting/use-cases/superadmin_login.sql:
--------------------------------------------------------------------------------
1 | # Copyright 2020 Google LLC
2 | #
3 | # Licensed under the Apache License, Version 2.0 (the "License");
4 | # you may not use this file except in compliance with the License.
5 | # You may obtain a copy of the License at
6 | #
7 | # https://www.apache.org/licenses/LICENSE-2.0
8 | #
9 | # Unless required by applicable law or agreed to in writing, software
10 | # distributed under the License is distributed on an "AS IS" BASIS,
11 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 | # See the License for the specific language governing permissions and
13 | # limitations under the License.
14 |
15 | SELECT
16 | timestamp AS eventTimestamp,
17 | receiveTimestamp,
18 | log_table.insertId,
19 | log_table.protopayload_auditlog.serviceName,
20 | log_table.protopayload_auditlog.requestmetadata.callerip AS callerIp,
21 | log_table.protopayload_auditlog.authenticationinfo.principalemail AS principalEmail,
22 | log_table.protopayload_auditlog.resourceName,
23 | log_table.protopayload_auditlog.methodname as methodName
24 | FROM `${project}.${dataset}.cloudaudit_googleapis_com_data_access_*` as log_table
25 | WHERE protopayload_auditlog.authenticationinfo.principalemail IN
26 | (
27 | '@',
28 | '@'
29 | )
30 | AND protopayload_auditlog.methodname IN
31 | (
32 | 'google.login.LoginService.loginSuccess',
33 | 'google.login.LoginService.loginVerification',
34 | 'google.login.LoginService.loginFailure',
35 | 'google.login.LoginService.loginSuspicious'
36 | );
37 |
--------------------------------------------------------------------------------
/modules/bq-log-alerting/versions.tf:
--------------------------------------------------------------------------------
1 | /**
2 | * Copyright 2024 Google LLC
3 | *
4 | * Licensed under the Apache License, Version 2.0 (the "License");
5 | * you may not use this file except in compliance with the License.
6 | * You may obtain a copy of the License at
7 | *
8 | * http://www.apache.org/licenses/LICENSE-2.0
9 | *
10 | * Unless required by applicable law or agreed to in writing, software
11 | * distributed under the License is distributed on an "AS IS" BASIS,
12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 | * See the License for the specific language governing permissions and
14 | * limitations under the License.
15 | */
16 |
17 | terraform {
18 | required_version = ">= 1.3"
19 | required_providers {
20 |
21 | google = {
22 | source = "hashicorp/google"
23 | version = ">= 3.53, < 8"
24 | }
25 | random = {
26 | source = "hashicorp/random"
27 | version = ">= 2.1"
28 | }
29 | }
30 | }
31 |
--------------------------------------------------------------------------------
/modules/logbucket/outputs.tf:
--------------------------------------------------------------------------------
1 | /**
2 | * Copyright 2024 Google LLC
3 | *
4 | * Licensed under the Apache License, Version 2.0 (the "License");
5 | * you may not use this file except in compliance with the License.
6 | * You may obtain a copy of the License at
7 | *
8 | * http://www.apache.org/licenses/LICENSE-2.0
9 | *
10 | * Unless required by applicable law or agreed to in writing, software
11 | * distributed under the License is distributed on an "AS IS" BASIS,
12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 | * See the License for the specific language governing permissions and
14 | * limitations under the License.
15 | */
16 |
17 | output "console_link" {
18 | description = "The console link to the destination log buckets"
19 | value = "https://console.cloud.google.com/logs/storage?project=${var.project_id}"
20 | }
21 |
22 | output "project" {
23 | description = "The project in which the log bucket was created."
24 | value = google_logging_project_bucket_config.bucket.project
25 | }
26 |
27 | output "resource_name" {
28 | description = "The resource name for the destination log bucket"
29 | value = google_logging_project_bucket_config.bucket.bucket_id
30 | }
31 |
32 | output "destination_uri" {
33 | description = "The destination URI for the log bucket."
34 | value = local.destination_uri
35 | }
36 |
37 | output "linked_dataset_name" {
38 | description = "The resource name of the linked BigQuery dataset."
39 | value = var.linked_dataset_id != null ? google_logging_linked_dataset.linked_dataset[0].name : ""
40 | }
41 |
--------------------------------------------------------------------------------
/modules/logbucket/versions.tf:
--------------------------------------------------------------------------------
1 | /**
2 | * Copyright 2024 Google LLC
3 | *
4 | * Licensed under the Apache License, Version 2.0 (the "License");
5 | * you may not use this file except in compliance with the License.
6 | * You may obtain a copy of the License at
7 | *
8 | * http://www.apache.org/licenses/LICENSE-2.0
9 | *
10 | * Unless required by applicable law or agreed to in writing, software
11 | * distributed under the License is distributed on an "AS IS" BASIS,
12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 | * See the License for the specific language governing permissions and
14 | * limitations under the License.
15 | */
16 |
17 | terraform {
18 | required_version = ">= 1.3"
19 | required_providers {
20 |
21 | google = {
22 | source = "hashicorp/google"
23 | version = ">= 4.59, < 8"
24 | }
25 | }
26 |
27 | provider_meta "google" {
28 | module_name = "blueprints/terraform/terraform-google-log-export:logbucket/v11.1.0"
29 | }
30 |
31 | }
32 |
--------------------------------------------------------------------------------
/modules/project/main.tf:
--------------------------------------------------------------------------------
1 | /**
2 | * Copyright 2024 Google LLC
3 | *
4 | * Licensed under the Apache License, Version 2.0 (the "License");
5 | * you may not use this file except in compliance with the License.
6 | * You may obtain a copy of the License at
7 | *
8 | * http://www.apache.org/licenses/LICENSE-2.0
9 | *
10 | * Unless required by applicable law or agreed to in writing, software
11 | * distributed under the License is distributed on an "AS IS" BASIS,
12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 | * See the License for the specific language governing permissions and
14 | * limitations under the License.
15 | */
16 |
17 | locals {
18 | destination_uri = "logging.googleapis.com/projects/${var.project_id}"
19 | }
20 |
21 |
22 | #--------------------------------#
23 | # Service account IAM membership #
24 | #--------------------------------#
25 |
26 | resource "google_project_iam_member" "log_sink_member" {
27 | project = var.project_id
28 | role = "roles/logging.logWriter"
29 | member = var.log_sink_writer_identity
30 | }
31 |
--------------------------------------------------------------------------------
/modules/project/outputs.tf:
--------------------------------------------------------------------------------
1 | /**
2 | * Copyright 2024 Google LLC
3 | *
4 | * Licensed under the Apache License, Version 2.0 (the "License");
5 | * you may not use this file except in compliance with the License.
6 | * You may obtain a copy of the License at
7 | *
8 | * http://www.apache.org/licenses/LICENSE-2.0
9 | *
10 | * Unless required by applicable law or agreed to in writing, software
11 | * distributed under the License is distributed on an "AS IS" BASIS,
12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 | * See the License for the specific language governing permissions and
14 | * limitations under the License.
15 | */
16 |
17 | output "project" {
18 | description = "The ID of the project to which logs will be routed."
19 | value = var.project_id
20 | }
21 |
22 | output "destination_uri" {
23 | description = "The destination URI for project."
24 | value = local.destination_uri
25 | }
26 |
27 |
--------------------------------------------------------------------------------
/modules/project/variables.tf:
--------------------------------------------------------------------------------
1 | /**
2 | * Copyright 2024 Google LLC
3 | *
4 | * Licensed under the Apache License, Version 2.0 (the "License");
5 | * you may not use this file except in compliance with the License.
6 | * You may obtain a copy of the License at
7 | *
8 | * http://www.apache.org/licenses/LICENSE-2.0
9 | *
10 | * Unless required by applicable law or agreed to in writing, software
11 | * distributed under the License is distributed on an "AS IS" BASIS,
12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 | * See the License for the specific language governing permissions and
14 | * limitations under the License.
15 | */
16 |
17 | variable "log_sink_writer_identity" {
18 | description = "The service account that logging uses to write log entries to the destination. (This is available as an output coming from the root module)."
19 | type = string
20 | }
21 |
22 | variable "project_id" {
23 | description = "The ID of the project to which logs will be routed."
24 | type = string
25 | }
26 |
--------------------------------------------------------------------------------
/modules/project/versions.tf:
--------------------------------------------------------------------------------
1 | /**
2 | * Copyright 2024 Google LLC
3 | *
4 | * Licensed under the Apache License, Version 2.0 (the "License");
5 | * you may not use this file except in compliance with the License.
6 | * You may obtain a copy of the License at
7 | *
8 | * http://www.apache.org/licenses/LICENSE-2.0
9 | *
10 | * Unless required by applicable law or agreed to in writing, software
11 | * distributed under the License is distributed on an "AS IS" BASIS,
12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 | * See the License for the specific language governing permissions and
14 | * limitations under the License.
15 | */
16 |
17 | terraform {
18 | required_version = ">= 1.3"
19 | required_providers {
20 |
21 | google = {
22 | source = "hashicorp/google"
23 | version = ">= 3.53, < 8"
24 | }
25 | }
26 |
27 | provider_meta "google" {
28 | module_name = "blueprints/terraform/terraform-google-log-export:project/v11.1.0"
29 | }
30 |
31 | }
32 |
--------------------------------------------------------------------------------
/modules/pubsub/versions.tf:
--------------------------------------------------------------------------------
1 | /**
2 | * Copyright 2024 Google LLC
3 | *
4 | * Licensed under the Apache License, Version 2.0 (the "License");
5 | * you may not use this file except in compliance with the License.
6 | * You may obtain a copy of the License at
7 | *
8 | * http://www.apache.org/licenses/LICENSE-2.0
9 | *
10 | * Unless required by applicable law or agreed to in writing, software
11 | * distributed under the License is distributed on an "AS IS" BASIS,
12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 | * See the License for the specific language governing permissions and
14 | * limitations under the License.
15 | */
16 |
17 | terraform {
18 | required_version = ">= 1.3"
19 | required_providers {
20 |
21 | google = {
22 | source = "hashicorp/google"
23 | version = ">= 3.53, < 8"
24 | }
25 | }
26 |
27 | provider_meta "google" {
28 | module_name = "blueprints/terraform/terraform-google-log-export:pubsub/v11.1.0"
29 | }
30 |
31 | }
32 |
--------------------------------------------------------------------------------
/modules/storage/outputs.tf:
--------------------------------------------------------------------------------
1 | /**
2 | * Copyright 2024 Google LLC
3 | *
4 | * Licensed under the Apache License, Version 2.0 (the "License");
5 | * you may not use this file except in compliance with the License.
6 | * You may obtain a copy of the License at
7 | *
8 | * http://www.apache.org/licenses/LICENSE-2.0
9 | *
10 | * Unless required by applicable law or agreed to in writing, software
11 | * distributed under the License is distributed on an "AS IS" BASIS,
12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 | * See the License for the specific language governing permissions and
14 | * limitations under the License.
15 | */
16 |
17 | output "console_link" {
18 | description = "The console link to the destination storage bucket"
19 | value = "https://console.cloud.google.com/storage/browser/${local.storage_bucket_name}?project=${var.project_id}"
20 | }
21 |
22 | output "project" {
23 | description = "The project in which the storage bucket was created."
24 | value = google_storage_bucket.bucket.project
25 | }
26 |
27 | output "resource_name" {
28 | description = "The resource name for the destination storage bucket"
29 | value = local.storage_bucket_name
30 | }
31 |
32 | output "resource_id" {
33 | description = "The resource id for the destination storage bucket"
34 | value = google_storage_bucket.bucket.id
35 | }
36 |
37 | output "self_link" {
38 | description = "The self_link URI for the destination storage bucket"
39 | value = google_storage_bucket.bucket.self_link
40 | }
41 |
42 | output "destination_uri" {
43 | description = "The destination URI for the storage bucket."
44 | value = local.destination_uri
45 | }
46 |
47 |
--------------------------------------------------------------------------------
/modules/storage/versions.tf:
--------------------------------------------------------------------------------
1 | /**
2 | * Copyright 2024 Google LLC
3 | *
4 | * Licensed under the Apache License, Version 2.0 (the "License");
5 | * you may not use this file except in compliance with the License.
6 | * You may obtain a copy of the License at
7 | *
8 | * http://www.apache.org/licenses/LICENSE-2.0
9 | *
10 | * Unless required by applicable law or agreed to in writing, software
11 | * distributed under the License is distributed on an "AS IS" BASIS,
12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 | * See the License for the specific language governing permissions and
14 | * limitations under the License.
15 | */
16 |
17 | terraform {
18 | required_version = ">= 1.3"
19 | required_providers {
20 |
21 | google = {
22 | source = "hashicorp/google"
23 | version = ">= 5.22, < 8"
24 | }
25 | }
26 |
27 | provider_meta "google" {
28 | module_name = "blueprints/terraform/terraform-google-log-export:storage/v11.1.0"
29 | }
30 |
31 | }
32 |
--------------------------------------------------------------------------------
/outputs.tf:
--------------------------------------------------------------------------------
1 | /**
2 | * Copyright 2024 Google LLC
3 | *
4 | * Licensed under the Apache License, Version 2.0 (the "License");
5 | * you may not use this file except in compliance with the License.
6 | * You may obtain a copy of the License at
7 | *
8 | * http://www.apache.org/licenses/LICENSE-2.0
9 | *
10 | * Unless required by applicable law or agreed to in writing, software
11 | * distributed under the License is distributed on an "AS IS" BASIS,
12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 | * See the License for the specific language governing permissions and
14 | * limitations under the License.
15 | */
16 |
17 | output "filter" {
18 | description = "The filter to be applied when exporting logs."
19 | value = var.filter
20 | }
21 |
22 | output "log_sink_resource_id" {
23 | description = "The resource ID of the log sink that was created."
24 | value = local.log_sink_resource_id
25 | }
26 |
27 | output "log_sink_resource_name" {
28 | description = "The resource name of the log sink that was created."
29 | value = local.log_sink_resource_name
30 | }
31 |
32 | output "parent_resource_id" {
33 | description = "The ID of the GCP resource in which you create the log sink."
34 | value = local.log_sink_parent_id
35 | }
36 |
37 | output "writer_identity" {
38 | description = "The service account that logging uses to write log entries to the destination."
39 | value = local.log_sink_writer_identity
40 | }
41 |
42 |
--------------------------------------------------------------------------------
/test/.gitignore:
--------------------------------------------------------------------------------
1 | source.sh
2 |
--------------------------------------------------------------------------------
/test/fixtures/bigquery/folder/main.tf:
--------------------------------------------------------------------------------
1 | /**
2 | * Copyright 2019 Google LLC
3 | *
4 | * Licensed under the Apache License, Version 2.0 (the "License");
5 | * you may not use this file except in compliance with the License.
6 | * You may obtain a copy of the License at
7 | *
8 | * http://www.apache.org/licenses/LICENSE-2.0
9 | *
10 | * Unless required by applicable law or agreed to in writing, software
11 | * distributed under the License is distributed on an "AS IS" BASIS,
12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 | * See the License for the specific language governing permissions and
14 | * limitations under the License.
15 | */
16 |
17 | module "log_export" {
18 | source = "../../../../examples/bigquery/folder"
19 | parent_resource_id = var.parent_resource_folder
20 | project_id = var.project_id
21 | }
22 |
--------------------------------------------------------------------------------
/test/fixtures/bigquery/folder/outputs.tf:
--------------------------------------------------------------------------------
1 | /**
2 | * Copyright 2019 Google LLC
3 | *
4 | * Licensed under the Apache License, Version 2.0 (the "License");
5 | * you may not use this file except in compliance with the License.
6 | * You may obtain a copy of the License at
7 | *
8 | * http://www.apache.org/licenses/LICENSE-2.0
9 | *
10 | * Unless required by applicable law or agreed to in writing, software
11 | * distributed under the License is distributed on an "AS IS" BASIS,
12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 | * See the License for the specific language governing permissions and
14 | * limitations under the License.
15 | */
16 |
17 | output "log_export_map" {
18 | description = "Outputs from the log export module"
19 | value = module.log_export.log_export_map
20 | }
21 |
22 | output "destination_map" {
23 | description = "Outputs from the destination module"
24 | value = module.log_export.destination_map
25 | }
26 |
27 |
--------------------------------------------------------------------------------
/test/fixtures/bigquery/folder/variables.tf:
--------------------------------------------------------------------------------
1 | /**
2 | * Copyright 2019 Google LLC
3 | *
4 | * Licensed under the Apache License, Version 2.0 (the "License");
5 | * you may not use this file except in compliance with the License.
6 | * You may obtain a copy of the License at
7 | *
8 | * http://www.apache.org/licenses/LICENSE-2.0
9 | *
10 | * Unless required by applicable law or agreed to in writing, software
11 | * distributed under the License is distributed on an "AS IS" BASIS,
12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 | * See the License for the specific language governing permissions and
14 | * limitations under the License.
15 | */
16 |
17 | variable "project_id" {
18 | description = "The ID of the project in which the log export will be created."
19 | type = string
20 | }
21 |
22 | variable "parent_resource_folder" {
23 | description = "The ID of the parent resource folder in which the destination will be created."
24 | type = string
25 | }
26 |
27 |
--------------------------------------------------------------------------------
/test/fixtures/bigquery/organization/main.tf:
--------------------------------------------------------------------------------
1 | /**
2 | * Copyright 2019 Google LLC
3 | *
4 | * Licensed under the Apache License, Version 2.0 (the "License");
5 | * you may not use this file except in compliance with the License.
6 | * You may obtain a copy of the License at
7 | *
8 | * http://www.apache.org/licenses/LICENSE-2.0
9 | *
10 | * Unless required by applicable law or agreed to in writing, software
11 | * distributed under the License is distributed on an "AS IS" BASIS,
12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 | * See the License for the specific language governing permissions and
14 | * limitations under the License.
15 | */
16 |
17 | module "log_export" {
18 | source = "../../../../examples/bigquery/organization"
19 | parent_resource_id = var.parent_resource_organization
20 | project_id = var.project_id
21 | }
22 |
--------------------------------------------------------------------------------
/test/fixtures/bigquery/organization/outputs.tf:
--------------------------------------------------------------------------------
1 | /**
2 | * Copyright 2019 Google LLC
3 | *
4 | * Licensed under the Apache License, Version 2.0 (the "License");
5 | * you may not use this file except in compliance with the License.
6 | * You may obtain a copy of the License at
7 | *
8 | * http://www.apache.org/licenses/LICENSE-2.0
9 | *
10 | * Unless required by applicable law or agreed to in writing, software
11 | * distributed under the License is distributed on an "AS IS" BASIS,
12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 | * See the License for the specific language governing permissions and
14 | * limitations under the License.
15 | */
16 |
17 | output "log_export_map" {
18 | description = "Outputs from the log export module"
19 | value = module.log_export.log_export_map
20 | }
21 |
22 | output "destination_map" {
23 | description = "Outputs from the destination module"
24 | value = module.log_export.destination_map
25 | }
26 |
27 |
--------------------------------------------------------------------------------
/test/fixtures/bigquery/organization/variables.tf:
--------------------------------------------------------------------------------
1 | /**
2 | * Copyright 2019 Google LLC
3 | *
4 | * Licensed under the Apache License, Version 2.0 (the "License");
5 | * you may not use this file except in compliance with the License.
6 | * You may obtain a copy of the License at
7 | *
8 | * http://www.apache.org/licenses/LICENSE-2.0
9 | *
10 | * Unless required by applicable law or agreed to in writing, software
11 | * distributed under the License is distributed on an "AS IS" BASIS,
12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 | * See the License for the specific language governing permissions and
14 | * limitations under the License.
15 | */
16 |
17 | variable "project_id" {
18 | description = "The ID of the project in which the log export will be created."
19 | type = string
20 | }
21 |
22 | variable "parent_resource_organization" {
23 | description = "The ID of the parent resource organization in which the destination will be created."
24 | type = string
25 | }
26 |
27 |
--------------------------------------------------------------------------------
/test/fixtures/bigquery/organization/versions.tf:
--------------------------------------------------------------------------------
1 | /**
2 | * Copyright 2019 Google LLC
3 | *
4 | * Licensed under the Apache License, Version 2.0 (the "License");
5 | * you may not use this file except in compliance with the License.
6 | * You may obtain a copy of the License at
7 | *
8 | * http://www.apache.org/licenses/LICENSE-2.0
9 | *
10 | * Unless required by applicable law or agreed to in writing, software
11 | * distributed under the License is distributed on an "AS IS" BASIS,
12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 | * See the License for the specific language governing permissions and
14 | * limitations under the License.
15 | */
16 |
17 | terraform {
18 | required_version = ">=0.12.6"
19 | }
20 |
--------------------------------------------------------------------------------
/test/fixtures/bigquery/project/main.tf:
--------------------------------------------------------------------------------
1 | /**
2 | * Copyright 2019 Google LLC
3 | *
4 | * Licensed under the Apache License, Version 2.0 (the "License");
5 | * you may not use this file except in compliance with the License.
6 | * You may obtain a copy of the License at
7 | *
8 | * http://www.apache.org/licenses/LICENSE-2.0
9 | *
10 | * Unless required by applicable law or agreed to in writing, software
11 | * distributed under the License is distributed on an "AS IS" BASIS,
12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 | * See the License for the specific language governing permissions and
14 | * limitations under the License.
15 | */
16 |
17 | module "log_export" {
18 | source = "../../../../examples/bigquery/project"
19 | parent_resource_id = var.parent_resource_project
20 | project_id = var.project_id
21 | }
22 |
23 |
--------------------------------------------------------------------------------
/test/fixtures/bigquery/project/outputs.tf:
--------------------------------------------------------------------------------
1 | /**
2 | * Copyright 2019 Google LLC
3 | *
4 | * Licensed under the Apache License, Version 2.0 (the "License");
5 | * you may not use this file except in compliance with the License.
6 | * You may obtain a copy of the License at
7 | *
8 | * http://www.apache.org/licenses/LICENSE-2.0
9 | *
10 | * Unless required by applicable law or agreed to in writing, software
11 | * distributed under the License is distributed on an "AS IS" BASIS,
12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 | * See the License for the specific language governing permissions and
14 | * limitations under the License.
15 | */
16 |
17 | output "log_export_map" {
18 | description = "Outputs from the log export module"
19 | value = module.log_export.log_export_map
20 | }
21 |
22 | output "destination_map" {
23 | description = "Outputs from the destination module"
24 | value = module.log_export.destination_map
25 | }
26 |
27 |
--------------------------------------------------------------------------------
/test/fixtures/bigquery/project/variables.tf:
--------------------------------------------------------------------------------
1 | /**
2 | * Copyright 2019 Google LLC
3 | *
4 | * Licensed under the Apache License, Version 2.0 (the "License");
5 | * you may not use this file except in compliance with the License.
6 | * You may obtain a copy of the License at
7 | *
8 | * http://www.apache.org/licenses/LICENSE-2.0
9 | *
10 | * Unless required by applicable law or agreed to in writing, software
11 | * distributed under the License is distributed on an "AS IS" BASIS,
12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 | * See the License for the specific language governing permissions and
14 | * limitations under the License.
15 | */
16 |
17 | variable "project_id" {
18 | description = "The ID of the project in which the log export will be created."
19 | type = string
20 | }
21 |
22 | variable "parent_resource_project" {
23 | description = "The ID of the parent resource project in which the destination will be created."
24 | type = string
25 | }
26 |
27 |
--------------------------------------------------------------------------------
/test/fixtures/bigquery/project/versions.tf:
--------------------------------------------------------------------------------
1 | /**
2 | * Copyright 2019 Google LLC
3 | *
4 | * Licensed under the Apache License, Version 2.0 (the "License");
5 | * you may not use this file except in compliance with the License.
6 | * You may obtain a copy of the License at
7 | *
8 | * http://www.apache.org/licenses/LICENSE-2.0
9 | *
10 | * Unless required by applicable law or agreed to in writing, software
11 | * distributed under the License is distributed on an "AS IS" BASIS,
12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 | * See the License for the specific language governing permissions and
14 | * limitations under the License.
15 | */
16 |
17 | terraform {
18 | required_version = ">=0.12.6"
19 | }
20 |
--------------------------------------------------------------------------------
/test/fixtures/bq-log-alerting/main.tf:
--------------------------------------------------------------------------------
1 | /**
2 | * Copyright 2020 Google LLC
3 | *
4 | * Licensed under the Apache License, Version 2.0 (the "License");
5 | * you may not use this file except in compliance with the License.
6 | * You may obtain a copy of the License at
7 | *
8 | * http://www.apache.org/licenses/LICENSE-2.0
9 | *
10 | * Unless required by applicable law or agreed to in writing, software
11 | * distributed under the License is distributed on an "AS IS" BASIS,
12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 | * See the License for the specific language governing permissions and
14 | * limitations under the License.
15 | */
16 |
17 | module "bq-log-alerting" {
18 | source = "../../../modules/bq-log-alerting"
19 | org_id = var.parent_resource_organization
20 | function_region = var.function_region
21 | bigquery_location = var.bigquery_location
22 | source_name = var.source_name
23 | logging_project = var.project_id
24 | job_schedule = var.job_schedule
25 | time_window_unit = var.time_window_unit
26 | time_window_quantity = var.time_window_quantity
27 | dry_run = var.dry_run
28 | function_timeout = var.function_timeout
29 | function_memory = var.function_memory
30 | }
31 |
--------------------------------------------------------------------------------
/test/fixtures/bq-log-alerting/versions.tf:
--------------------------------------------------------------------------------
1 | /**
2 | * Copyright 2020 Google LLC
3 | *
4 | * Licensed under the Apache License, Version 2.0 (the "License");
5 | * you may not use this file except in compliance with the License.
6 | * You may obtain a copy of the License at
7 | *
8 | * http://www.apache.org/licenses/LICENSE-2.0
9 | *
10 | * Unless required by applicable law or agreed to in writing, software
11 | * distributed under the License is distributed on an "AS IS" BASIS,
12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 | * See the License for the specific language governing permissions and
14 | * limitations under the License.
15 | */
16 |
17 | terraform {
18 | required_version = ">=0.13.0"
19 | }
20 |
--------------------------------------------------------------------------------
/test/fixtures/computed_values/main.tf:
--------------------------------------------------------------------------------
1 | /**
2 | * Copyright 2019 Google LLC
3 | *
4 | * Licensed under the Apache License, Version 2.0 (the "License");
5 | * you may not use this file except in compliance with the License.
6 | * You may obtain a copy of the License at
7 | *
8 | * http://www.apache.org/licenses/LICENSE-2.0
9 | *
10 | * Unless required by applicable law or agreed to in writing, software
11 | * distributed under the License is distributed on an "AS IS" BASIS,
12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 | * See the License for the specific language governing permissions and
14 | * limitations under the License.
15 | */
16 |
17 | resource "random_string" "suffix" {
18 | length = 4
19 | upper = false
20 | special = false
21 | }
22 |
23 | resource "google_project" "computed" {
24 | name = "log-exports-computed-${random_string.suffix.result}"
25 | folder_id = var.parent_resource_folder
26 | project_id = "log-exports-computed-${random_string.suffix.result}"
27 | billing_account = var.parent_resource_billing_account
28 | deletion_policy = "DELETE"
29 |
30 | }
31 |
32 | resource "google_project_service" "project" {
33 | project = google_project.computed.id
34 | service = "logging.googleapis.com"
35 |
36 | disable_dependent_services = false
37 | disable_on_destroy = false
38 | }
39 |
40 | module "log_export" {
41 | source = "../../../examples/storage/project"
42 | parent_resource_id = google_project.computed.project_id
43 | project_id = google_project.computed.project_id
44 | }
45 |
--------------------------------------------------------------------------------
/test/fixtures/computed_values/outputs.tf:
--------------------------------------------------------------------------------
1 | /**
2 | * Copyright 2019 Google LLC
3 | *
4 | * Licensed under the Apache License, Version 2.0 (the "License");
5 | * you may not use this file except in compliance with the License.
6 | * You may obtain a copy of the License at
7 | *
8 | * http://www.apache.org/licenses/LICENSE-2.0
9 | *
10 | * Unless required by applicable law or agreed to in writing, software
11 | * distributed under the License is distributed on an "AS IS" BASIS,
12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 | * See the License for the specific language governing permissions and
14 | * limitations under the License.
15 | */
16 |
17 | output "log_export_map" {
18 | description = "Outputs from the log export module"
19 | value = module.log_export.log_export_map
20 | }
21 |
22 | output "destination_map" {
23 | description = "Outputs from the destination module"
24 | value = module.log_export.destination_map
25 | }
26 |
27 |
--------------------------------------------------------------------------------
/test/fixtures/computed_values/variables.tf:
--------------------------------------------------------------------------------
1 | /**
2 | * Copyright 2019 Google LLC
3 | *
4 | * Licensed under the Apache License, Version 2.0 (the "License");
5 | * you may not use this file except in compliance with the License.
6 | * You may obtain a copy of the License at
7 | *
8 | * http://www.apache.org/licenses/LICENSE-2.0
9 | *
10 | * Unless required by applicable law or agreed to in writing, software
11 | * distributed under the License is distributed on an "AS IS" BASIS,
12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 | * See the License for the specific language governing permissions and
14 | * limitations under the License.
15 | */
16 |
17 | variable "project_id" {
18 | description = "The ID of the project in which the log export will be created."
19 | type = string
20 | }
21 |
22 | variable "parent_resource_folder" {
23 | description = "The ID of the parent resource folder in which the destination and the test project will be created."
24 | type = string
25 | }
26 |
27 | variable "parent_resource_billing_account" {
28 | description = "The ID of the billing account in which the test project will be created."
29 | type = string
30 | }
31 |
32 |
--------------------------------------------------------------------------------
/test/fixtures/computed_values/versions.tf:
--------------------------------------------------------------------------------
1 | /**
2 | * Copyright 2019 Google LLC
3 | *
4 | * Licensed under the Apache License, Version 2.0 (the "License");
5 | * you may not use this file except in compliance with the License.
6 | * You may obtain a copy of the License at
7 | *
8 | * http://www.apache.org/licenses/LICENSE-2.0
9 | *
10 | * Unless required by applicable law or agreed to in writing, software
11 | * distributed under the License is distributed on an "AS IS" BASIS,
12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 | * See the License for the specific language governing permissions and
14 | * limitations under the License.
15 | */
16 |
17 | terraform {
18 | required_version = ">=0.12.6"
19 | }
20 |
--------------------------------------------------------------------------------
/test/fixtures/pubsub/folder/main.tf:
--------------------------------------------------------------------------------
1 | /**
2 | * Copyright 2019 Google LLC
3 | *
4 | * Licensed under the Apache License, Version 2.0 (the "License");
5 | * you may not use this file except in compliance with the License.
6 | * You may obtain a copy of the License at
7 | *
8 | * http://www.apache.org/licenses/LICENSE-2.0
9 | *
10 | * Unless required by applicable law or agreed to in writing, software
11 | * distributed under the License is distributed on an "AS IS" BASIS,
12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 | * See the License for the specific language governing permissions and
14 | * limitations under the License.
15 | */
16 |
17 | module "log_export" {
18 | source = "../../../../examples/pubsub/folder"
19 | parent_resource_id = var.parent_resource_folder
20 | project_id = var.project_id
21 | }
22 |
23 |
--------------------------------------------------------------------------------
/test/fixtures/pubsub/folder/outputs.tf:
--------------------------------------------------------------------------------
1 | /**
2 | * Copyright 2019 Google LLC
3 | *
4 | * Licensed under the Apache License, Version 2.0 (the "License");
5 | * you may not use this file except in compliance with the License.
6 | * You may obtain a copy of the License at
7 | *
8 | * http://www.apache.org/licenses/LICENSE-2.0
9 | *
10 | * Unless required by applicable law or agreed to in writing, software
11 | * distributed under the License is distributed on an "AS IS" BASIS,
12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 | * See the License for the specific language governing permissions and
14 | * limitations under the License.
15 | */
16 |
17 | output "log_export_map" {
18 | description = "Outputs from the log export module"
19 | value = module.log_export.log_export_map
20 | }
21 |
22 | output "destination_map" {
23 | description = "Outputs from the destination module"
24 | value = module.log_export.destination_map
25 | }
26 |
27 |
--------------------------------------------------------------------------------
/test/fixtures/pubsub/folder/variables.tf:
--------------------------------------------------------------------------------
1 | /**
2 | * Copyright 2019 Google LLC
3 | *
4 | * Licensed under the Apache License, Version 2.0 (the "License");
5 | * you may not use this file except in compliance with the License.
6 | * You may obtain a copy of the License at
7 | *
8 | * http://www.apache.org/licenses/LICENSE-2.0
9 | *
10 | * Unless required by applicable law or agreed to in writing, software
11 | * distributed under the License is distributed on an "AS IS" BASIS,
12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 | * See the License for the specific language governing permissions and
14 | * limitations under the License.
15 | */
16 |
17 | variable "project_id" {
18 | description = "The ID of the project in which the log export will be created."
19 | type = string
20 | }
21 |
22 | variable "parent_resource_folder" {
23 | description = "The ID of the parent resource folder in which the destination will be created."
24 | type = string
25 | }
26 |
27 |
--------------------------------------------------------------------------------
/test/fixtures/pubsub/folder/versions.tf:
--------------------------------------------------------------------------------
1 | /**
2 | * Copyright 2019 Google LLC
3 | *
4 | * Licensed under the Apache License, Version 2.0 (the "License");
5 | * you may not use this file except in compliance with the License.
6 | * You may obtain a copy of the License at
7 | *
8 | * http://www.apache.org/licenses/LICENSE-2.0
9 | *
10 | * Unless required by applicable law or agreed to in writing, software
11 | * distributed under the License is distributed on an "AS IS" BASIS,
12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 | * See the License for the specific language governing permissions and
14 | * limitations under the License.
15 | */
16 |
17 | terraform {
18 | required_version = ">=0.12.6"
19 | }
20 |
--------------------------------------------------------------------------------
/test/fixtures/pubsub/organization/main.tf:
--------------------------------------------------------------------------------
1 | /**
2 | * Copyright 2019 Google LLC
3 | *
4 | * Licensed under the Apache License, Version 2.0 (the "License");
5 | * you may not use this file except in compliance with the License.
6 | * You may obtain a copy of the License at
7 | *
8 | * http://www.apache.org/licenses/LICENSE-2.0
9 | *
10 | * Unless required by applicable law or agreed to in writing, software
11 | * distributed under the License is distributed on an "AS IS" BASIS,
12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 | * See the License for the specific language governing permissions and
14 | * limitations under the License.
15 | */
16 |
17 | module "log_export" {
18 | source = "../../../../examples/pubsub/organization"
19 | parent_resource_id = var.parent_resource_organization
20 | project_id = var.project_id
21 | }
22 |
23 |
--------------------------------------------------------------------------------
/test/fixtures/pubsub/organization/outputs.tf:
--------------------------------------------------------------------------------
1 | /**
2 | * Copyright 2019 Google LLC
3 | *
4 | * Licensed under the Apache License, Version 2.0 (the "License");
5 | * you may not use this file except in compliance with the License.
6 | * You may obtain a copy of the License at
7 | *
8 | * http://www.apache.org/licenses/LICENSE-2.0
9 | *
10 | * Unless required by applicable law or agreed to in writing, software
11 | * distributed under the License is distributed on an "AS IS" BASIS,
12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 | * See the License for the specific language governing permissions and
14 | * limitations under the License.
15 | */
16 |
17 | output "log_export_map" {
18 | description = "Outputs from the log export module"
19 | value = module.log_export.log_export_map
20 | }
21 |
22 | output "destination_map" {
23 | description = "Outputs from the destination module"
24 | value = module.log_export.destination_map
25 | }
26 |
27 |
--------------------------------------------------------------------------------
/test/fixtures/pubsub/organization/variables.tf:
--------------------------------------------------------------------------------
1 | /**
2 | * Copyright 2019 Google LLC
3 | *
4 | * Licensed under the Apache License, Version 2.0 (the "License");
5 | * you may not use this file except in compliance with the License.
6 | * You may obtain a copy of the License at
7 | *
8 | * http://www.apache.org/licenses/LICENSE-2.0
9 | *
10 | * Unless required by applicable law or agreed to in writing, software
11 | * distributed under the License is distributed on an "AS IS" BASIS,
12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 | * See the License for the specific language governing permissions and
14 | * limitations under the License.
15 | */
16 |
17 | variable "project_id" {
18 | description = "The ID of the project in which the log export will be created."
19 | type = string
20 | }
21 |
22 | variable "parent_resource_organization" {
23 | description = "The ID of the parent resource organization in which the destination will be created."
24 | type = string
25 | }
26 |
27 |
--------------------------------------------------------------------------------
/test/fixtures/pubsub/organization/versions.tf:
--------------------------------------------------------------------------------
1 | /**
2 | * Copyright 2019 Google LLC
3 | *
4 | * Licensed under the Apache License, Version 2.0 (the "License");
5 | * you may not use this file except in compliance with the License.
6 | * You may obtain a copy of the License at
7 | *
8 | * http://www.apache.org/licenses/LICENSE-2.0
9 | *
10 | * Unless required by applicable law or agreed to in writing, software
11 | * distributed under the License is distributed on an "AS IS" BASIS,
12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 | * See the License for the specific language governing permissions and
14 | * limitations under the License.
15 | */
16 |
17 | terraform {
18 | required_version = ">=0.12.6"
19 | }
20 |
--------------------------------------------------------------------------------
/test/fixtures/pubsub/project/main.tf:
--------------------------------------------------------------------------------
1 | /**
2 | * Copyright 2019 Google LLC
3 | *
4 | * Licensed under the Apache License, Version 2.0 (the "License");
5 | * you may not use this file except in compliance with the License.
6 | * You may obtain a copy of the License at
7 | *
8 | * http://www.apache.org/licenses/LICENSE-2.0
9 | *
10 | * Unless required by applicable law or agreed to in writing, software
11 | * distributed under the License is distributed on an "AS IS" BASIS,
12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 | * See the License for the specific language governing permissions and
14 | * limitations under the License.
15 | */
16 |
17 | module "log_export" {
18 | source = "../../../../examples/pubsub/project"
19 | parent_resource_id = var.parent_resource_project
20 | project_id = var.project_id
21 | }
22 |
23 |
--------------------------------------------------------------------------------
/test/fixtures/pubsub/project/outputs.tf:
--------------------------------------------------------------------------------
1 | /**
2 | * Copyright 2019 Google LLC
3 | *
4 | * Licensed under the Apache License, Version 2.0 (the "License");
5 | * you may not use this file except in compliance with the License.
6 | * You may obtain a copy of the License at
7 | *
8 | * http://www.apache.org/licenses/LICENSE-2.0
9 | *
10 | * Unless required by applicable law or agreed to in writing, software
11 | * distributed under the License is distributed on an "AS IS" BASIS,
12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 | * See the License for the specific language governing permissions and
14 | * limitations under the License.
15 | */
16 |
17 | output "log_export_map" {
18 | description = "Outputs from the log export module"
19 | value = module.log_export.log_export_map
20 | }
21 |
22 | output "destination_map" {
23 | description = "Outputs from the destination module"
24 | value = module.log_export.destination_map
25 | }
26 |
27 |
--------------------------------------------------------------------------------
/test/fixtures/pubsub/project/variables.tf:
--------------------------------------------------------------------------------
1 | /**
2 | * Copyright 2019 Google LLC
3 | *
4 | * Licensed under the Apache License, Version 2.0 (the "License");
5 | * you may not use this file except in compliance with the License.
6 | * You may obtain a copy of the License at
7 | *
8 | * http://www.apache.org/licenses/LICENSE-2.0
9 | *
10 | * Unless required by applicable law or agreed to in writing, software
11 | * distributed under the License is distributed on an "AS IS" BASIS,
12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 | * See the License for the specific language governing permissions and
14 | * limitations under the License.
15 | */
16 |
17 | variable "project_id" {
18 | description = "The ID of the project in which the log export will be created."
19 | type = string
20 | }
21 |
22 | variable "parent_resource_project" {
23 | description = "The ID of the parent resource project in which the destination will be created."
24 | type = string
25 | }
26 |
27 |
--------------------------------------------------------------------------------
/test/fixtures/pubsub/project/versions.tf:
--------------------------------------------------------------------------------
1 | /**
2 | * Copyright 2019 Google LLC
3 | *
4 | * Licensed under the Apache License, Version 2.0 (the "License");
5 | * you may not use this file except in compliance with the License.
6 | * You may obtain a copy of the License at
7 | *
8 | * http://www.apache.org/licenses/LICENSE-2.0
9 | *
10 | * Unless required by applicable law or agreed to in writing, software
11 | * distributed under the License is distributed on an "AS IS" BASIS,
12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 | * See the License for the specific language governing permissions and
14 | * limitations under the License.
15 | */
16 |
17 | terraform {
18 | required_version = ">=0.12.6"
19 | }
20 |
--------------------------------------------------------------------------------
/test/fixtures/storage/folder/main.tf:
--------------------------------------------------------------------------------
1 | /**
2 | * Copyright 2019 Google LLC
3 | *
4 | * Licensed under the Apache License, Version 2.0 (the "License");
5 | * you may not use this file except in compliance with the License.
6 | * You may obtain a copy of the License at
7 | *
8 | * http://www.apache.org/licenses/LICENSE-2.0
9 | *
10 | * Unless required by applicable law or agreed to in writing, software
11 | * distributed under the License is distributed on an "AS IS" BASIS,
12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 | * See the License for the specific language governing permissions and
14 | * limitations under the License.
15 | */
16 |
17 | module "log_export" {
18 | source = "../../../../examples/storage/folder"
19 | parent_resource_id = var.parent_resource_folder
20 | project_id = var.project_id
21 | }
22 |
23 |
--------------------------------------------------------------------------------
/test/fixtures/storage/folder/outputs.tf:
--------------------------------------------------------------------------------
1 | /**
2 | * Copyright 2019 Google LLC
3 | *
4 | * Licensed under the Apache License, Version 2.0 (the "License");
5 | * you may not use this file except in compliance with the License.
6 | * You may obtain a copy of the License at
7 | *
8 | * http://www.apache.org/licenses/LICENSE-2.0
9 | *
10 | * Unless required by applicable law or agreed to in writing, software
11 | * distributed under the License is distributed on an "AS IS" BASIS,
12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 | * See the License for the specific language governing permissions and
14 | * limitations under the License.
15 | */
16 |
17 | output "log_export_map" {
18 | description = "Outputs from the log export module"
19 | value = module.log_export.log_export_map
20 | }
21 |
22 | output "destination_map" {
23 | description = "Outputs from the destination module"
24 | value = module.log_export.destination_map
25 | }
26 |
27 |
--------------------------------------------------------------------------------
/test/fixtures/storage/folder/variables.tf:
--------------------------------------------------------------------------------
1 | /**
2 | * Copyright 2019 Google LLC
3 | *
4 | * Licensed under the Apache License, Version 2.0 (the "License");
5 | * you may not use this file except in compliance with the License.
6 | * You may obtain a copy of the License at
7 | *
8 | * http://www.apache.org/licenses/LICENSE-2.0
9 | *
10 | * Unless required by applicable law or agreed to in writing, software
11 | * distributed under the License is distributed on an "AS IS" BASIS,
12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 | * See the License for the specific language governing permissions and
14 | * limitations under the License.
15 | */
16 |
17 | variable "project_id" {
18 | description = "The ID of the project in which the log export will be created."
19 | type = string
20 | }
21 |
22 | variable "parent_resource_folder" {
23 | description = "The ID of the parent resource folder in which the destination will be created."
24 | type = string
25 | }
26 |
27 |
--------------------------------------------------------------------------------
/test/fixtures/storage/folder/versions.tf:
--------------------------------------------------------------------------------
1 | /**
2 | * Copyright 2019 Google LLC
3 | *
4 | * Licensed under the Apache License, Version 2.0 (the "License");
5 | * you may not use this file except in compliance with the License.
6 | * You may obtain a copy of the License at
7 | *
8 | * http://www.apache.org/licenses/LICENSE-2.0
9 | *
10 | * Unless required by applicable law or agreed to in writing, software
11 | * distributed under the License is distributed on an "AS IS" BASIS,
12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 | * See the License for the specific language governing permissions and
14 | * limitations under the License.
15 | */
16 |
17 | terraform {
18 | required_version = ">=0.12.6"
19 | }
20 |
--------------------------------------------------------------------------------
/test/fixtures/storage/organization/main.tf:
--------------------------------------------------------------------------------
1 | /**
2 | * Copyright 2019 Google LLC
3 | *
4 | * Licensed under the Apache License, Version 2.0 (the "License");
5 | * you may not use this file except in compliance with the License.
6 | * You may obtain a copy of the License at
7 | *
8 | * http://www.apache.org/licenses/LICENSE-2.0
9 | *
10 | * Unless required by applicable law or agreed to in writing, software
11 | * distributed under the License is distributed on an "AS IS" BASIS,
12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 | * See the License for the specific language governing permissions and
14 | * limitations under the License.
15 | */
16 |
17 | module "log_export" {
18 | source = "../../../../examples/storage/organization"
19 | parent_resource_id = var.parent_resource_organization
20 | project_id = var.project_id
21 | }
22 |
23 |
--------------------------------------------------------------------------------
/test/fixtures/storage/organization/outputs.tf:
--------------------------------------------------------------------------------
1 | /**
2 | * Copyright 2019 Google LLC
3 | *
4 | * Licensed under the Apache License, Version 2.0 (the "License");
5 | * you may not use this file except in compliance with the License.
6 | * You may obtain a copy of the License at
7 | *
8 | * http://www.apache.org/licenses/LICENSE-2.0
9 | *
10 | * Unless required by applicable law or agreed to in writing, software
11 | * distributed under the License is distributed on an "AS IS" BASIS,
12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 | * See the License for the specific language governing permissions and
14 | * limitations under the License.
15 | */
16 |
17 | output "log_export_map" {
18 | description = "Outputs from the log export module"
19 | value = module.log_export.log_export_map
20 | }
21 |
22 | output "destination_map" {
23 | description = "Outputs from the destination module"
24 | value = module.log_export.destination_map
25 | }
26 |
27 |
--------------------------------------------------------------------------------
/test/fixtures/storage/organization/variables.tf:
--------------------------------------------------------------------------------
1 | /**
2 | * Copyright 2019 Google LLC
3 | *
4 | * Licensed under the Apache License, Version 2.0 (the "License");
5 | * you may not use this file except in compliance with the License.
6 | * You may obtain a copy of the License at
7 | *
8 | * http://www.apache.org/licenses/LICENSE-2.0
9 | *
10 | * Unless required by applicable law or agreed to in writing, software
11 | * distributed under the License is distributed on an "AS IS" BASIS,
12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 | * See the License for the specific language governing permissions and
14 | * limitations under the License.
15 | */
16 |
17 | variable "project_id" {
18 | description = "The ID of the project in which the log export will be created."
19 | type = string
20 | }
21 |
22 | variable "parent_resource_organization" {
23 | description = "The ID of the parent resource organization in which the destination will be created."
24 | type = string
25 | }
26 |
27 |
--------------------------------------------------------------------------------
/test/fixtures/storage/organization/versions.tf:
--------------------------------------------------------------------------------
1 | /**
2 | * Copyright 2019 Google LLC
3 | *
4 | * Licensed under the Apache License, Version 2.0 (the "License");
5 | * you may not use this file except in compliance with the License.
6 | * You may obtain a copy of the License at
7 | *
8 | * http://www.apache.org/licenses/LICENSE-2.0
9 | *
10 | * Unless required by applicable law or agreed to in writing, software
11 | * distributed under the License is distributed on an "AS IS" BASIS,
12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 | * See the License for the specific language governing permissions and
14 | * limitations under the License.
15 | */
16 |
17 | terraform {
18 | required_version = ">=0.12.6"
19 | }
20 |
--------------------------------------------------------------------------------
/test/fixtures/storage/project/main.tf:
--------------------------------------------------------------------------------
1 | /**
2 | * Copyright 2019 Google LLC
3 | *
4 | * Licensed under the Apache License, Version 2.0 (the "License");
5 | * you may not use this file except in compliance with the License.
6 | * You may obtain a copy of the License at
7 | *
8 | * http://www.apache.org/licenses/LICENSE-2.0
9 | *
10 | * Unless required by applicable law or agreed to in writing, software
11 | * distributed under the License is distributed on an "AS IS" BASIS,
12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 | * See the License for the specific language governing permissions and
14 | * limitations under the License.
15 | */
16 |
17 | module "log_export" {
18 | source = "../../../../examples/storage/project"
19 | parent_resource_id = var.parent_resource_project
20 | project_id = var.project_id
21 | }
22 |
--------------------------------------------------------------------------------
/test/fixtures/storage/project/outputs.tf:
--------------------------------------------------------------------------------
1 | /**
2 | * Copyright 2019 Google LLC
3 | *
4 | * Licensed under the Apache License, Version 2.0 (the "License");
5 | * you may not use this file except in compliance with the License.
6 | * You may obtain a copy of the License at
7 | *
8 | * http://www.apache.org/licenses/LICENSE-2.0
9 | *
10 | * Unless required by applicable law or agreed to in writing, software
11 | * distributed under the License is distributed on an "AS IS" BASIS,
12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 | * See the License for the specific language governing permissions and
14 | * limitations under the License.
15 | */
16 |
17 | output "log_export_map" {
18 | description = "Outputs from the log export module"
19 | value = module.log_export.log_export_map
20 | }
21 |
22 | output "destination_map" {
23 | description = "Outputs from the destination module"
24 | value = module.log_export.destination_map
25 | }
26 |
--------------------------------------------------------------------------------
/test/fixtures/storage/project/variables.tf:
--------------------------------------------------------------------------------
1 | /**
2 | * Copyright 2019 Google LLC
3 | *
4 | * Licensed under the Apache License, Version 2.0 (the "License");
5 | * you may not use this file except in compliance with the License.
6 | * You may obtain a copy of the License at
7 | *
8 | * http://www.apache.org/licenses/LICENSE-2.0
9 | *
10 | * Unless required by applicable law or agreed to in writing, software
11 | * distributed under the License is distributed on an "AS IS" BASIS,
12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 | * See the License for the specific language governing permissions and
14 | * limitations under the License.
15 | */
16 |
17 | variable "project_id" {
18 | description = "The ID of the project in which the log export will be created."
19 | type = string
20 | }
21 |
22 | variable "parent_resource_project" {
23 | description = "The ID of the parent resource project in which the destination will be created."
24 | type = string
25 | }
26 |
--------------------------------------------------------------------------------
/test/integration/bigquery/folder/controls/gcp.rb:
--------------------------------------------------------------------------------
1 | # Copyright 2019 Google LLC
2 | #
3 | # Licensed under the Apache License, Version 2.0 (the "License");
4 | # you may not use this file except in compliance with the License.
5 | # You may obtain a copy of the License at
6 | #
7 | # https://www.apache.org/licenses/LICENSE-2.0
8 | #
9 | # Unless required by applicable law or agreed to in writing, software
10 | # distributed under the License is distributed on an "AS IS" BASIS,
11 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 | # See the License for the specific language governing permissions and
13 | # limitations under the License.
14 |
15 | log_export_map = attribute('log_export_map')
16 | destination_map = attribute('destination_map')
17 |
18 | control "gcp" do
19 | title "Log exports - folder level bigquery destination - native resources"
20 |
21 | describe google_bigquery_dataset(
22 | project: destination_map[:project],
23 | name: destination_map[:resource_name],
24 | ) do
25 | it { should exist }
26 | end
27 |
28 | describe google_project_iam_binding(
29 | project: destination_map[:project],
30 | role: 'roles/bigquery.dataEditor',
31 | ) do
32 | it { should exist }
33 | its('members') { should include log_export_map[:writer_identity] }
34 | end
35 | end
36 |
--------------------------------------------------------------------------------
/test/integration/bigquery/folder/inspec.yml:
--------------------------------------------------------------------------------
1 | # Copyright 2021 Google LLC
2 | #
3 | # Licensed under the Apache License, Version 2.0 (the "License");
4 | # you may not use this file except in compliance with the License.
5 | # You may obtain a copy of the License at
6 | #
7 | # http://www.apache.org/licenses/LICENSE-2.0
8 | #
9 | # Unless required by applicable law or agreed to in writing, software
10 | # distributed under the License is distributed on an "AS IS" BASIS,
11 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 | # See the License for the specific language governing permissions and
13 | # limitations under the License.
14 |
15 | name: bigquery_folder
16 | depends:
17 | - name: inspec-gcp
18 | git: https://github.com/inspec/inspec-gcp.git
19 | tag: v1.8.0
20 | attributes:
21 | - name: log_export_map
22 | required: true
23 | type: hash
24 | - name: destination_map
25 | required: true
26 | type: hash
27 |
--------------------------------------------------------------------------------
/test/integration/bigquery/organization/controls/gcp.rb:
--------------------------------------------------------------------------------
1 | # Copyright 2019 Google LLC
2 | #
3 | # Licensed under the Apache License, Version 2.0 (the "License");
4 | # you may not use this file except in compliance with the License.
5 | # You may obtain a copy of the License at
6 | #
7 | # https://www.apache.org/licenses/LICENSE-2.0
8 | #
9 | # Unless required by applicable law or agreed to in writing, software
10 | # distributed under the License is distributed on an "AS IS" BASIS,
11 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 | # See the License for the specific language governing permissions and
13 | # limitations under the License.
14 |
15 | log_export_map = attribute('log_export_map')
16 | destination_map = attribute('destination_map')
17 |
18 | control "gcp" do
19 | title "Log exports - organization level bigquery destination - native resources"
20 |
21 | describe google_bigquery_dataset(
22 | project: destination_map[:project],
23 | name: destination_map[:resource_name],
24 | ) do
25 | it { should exist }
26 | end
27 |
28 | describe google_project_iam_binding(
29 | project: destination_map[:project],
30 | role: 'roles/bigquery.dataEditor',
31 | ) do
32 | it { should exist }
33 | its('members') { should include log_export_map[:writer_identity] }
34 | end
35 | end
36 |
--------------------------------------------------------------------------------
/test/integration/bigquery/organization/inspec.yml:
--------------------------------------------------------------------------------
1 | # Copyright 2021 Google LLC
2 | #
3 | # Licensed under the Apache License, Version 2.0 (the "License");
4 | # you may not use this file except in compliance with the License.
5 | # You may obtain a copy of the License at
6 | #
7 | # http://www.apache.org/licenses/LICENSE-2.0
8 | #
9 | # Unless required by applicable law or agreed to in writing, software
10 | # distributed under the License is distributed on an "AS IS" BASIS,
11 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 | # See the License for the specific language governing permissions and
13 | # limitations under the License.
14 |
15 | name: bigquery_organization
16 | depends:
17 | - name: inspec-gcp
18 | git: https://github.com/inspec/inspec-gcp.git
19 | tag: v1.8.0
20 | attributes:
21 | - name: log_export_map
22 | required: true
23 | type: hash
24 | - name: destination_map
25 | required: true
26 | type: hash
27 |
--------------------------------------------------------------------------------
/test/integration/bigquery/project/controls/gcp.rb:
--------------------------------------------------------------------------------
1 | # Copyright 2019 Google LLC
2 | #
3 | # Licensed under the Apache License, Version 2.0 (the "License");
4 | # you may not use this file except in compliance with the License.
5 | # You may obtain a copy of the License at
6 | #
7 | # https://www.apache.org/licenses/LICENSE-2.0
8 | #
9 | # Unless required by applicable law or agreed to in writing, software
10 | # distributed under the License is distributed on an "AS IS" BASIS,
11 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 | # See the License for the specific language governing permissions and
13 | # limitations under the License.
14 |
15 | log_export_map = attribute('log_export_map')
16 | destination_map = attribute('destination_map')
17 |
18 | control "gcp" do
19 | title "Log exports - project level bigquery destination - native resources"
20 |
21 | describe google_bigquery_dataset(
22 | project: destination_map[:project],
23 | name: destination_map[:resource_name],
24 | ) do
25 | it { should exist }
26 | end
27 |
28 | describe google_logging_project_sink(
29 | project: log_export_map[:parent_resource_id],
30 | name: log_export_map[:log_sink_resource_name]
31 | ) do
32 | it { should exist }
33 | its('destination') { should eq destination_map[:destination_uri] }
34 | its('filter') { should eq log_export_map[:filter] }
35 | its('writer_identity') { should eq log_export_map[:writer_identity] }
36 | end
37 |
38 | describe google_project_iam_binding(
39 | project: log_export_map[:parent_resource_id],
40 | role: 'roles/bigquery.dataEditor',
41 | ) do
42 | it { should exist }
43 | its('members') { should include log_export_map[:writer_identity] }
44 | end
45 | end
46 |
--------------------------------------------------------------------------------
/test/integration/bigquery/project/inspec.yml:
--------------------------------------------------------------------------------
1 | # Copyright 2021 Google LLC
2 | #
3 | # Licensed under the Apache License, Version 2.0 (the "License");
4 | # you may not use this file except in compliance with the License.
5 | # You may obtain a copy of the License at
6 | #
7 | # http://www.apache.org/licenses/LICENSE-2.0
8 | #
9 | # Unless required by applicable law or agreed to in writing, software
10 | # distributed under the License is distributed on an "AS IS" BASIS,
11 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 | # See the License for the specific language governing permissions and
13 | # limitations under the License.
14 |
15 | name: bigquery_project
16 | depends:
17 | - name: inspec-gcp
18 | git: https://github.com/inspec/inspec-gcp.git
19 | tag: v1.8.0
20 | attributes:
21 | - name: log_export_map
22 | required: true
23 | type: hash
24 | - name: destination_map
25 | required: true
26 | type: hash
27 |
--------------------------------------------------------------------------------
/test/integration/bq-log-alerting/inspec.yml:
--------------------------------------------------------------------------------
1 | # Copyright 2021 Google LLC
2 | #
3 | # Licensed under the Apache License, Version 2.0 (the "License");
4 | # you may not use this file except in compliance with the License.
5 | # You may obtain a copy of the License at
6 | #
7 | # http://www.apache.org/licenses/LICENSE-2.0
8 | #
9 | # Unless required by applicable law or agreed to in writing, software
10 | # distributed under the License is distributed on an "AS IS" BASIS,
11 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 | # See the License for the specific language governing permissions and
13 | # limitations under the License.
14 |
15 | name: bq_log_alert
16 | depends:
17 | - name: inspec-gcp
18 | git: https://github.com/inspec/inspec-gcp.git
19 | tag: v1.8.0
20 | attributes:
21 | - name: cloud_scheduler_job_name
22 | required: true
23 | type: string
24 | - name: pubsub_topic_name
25 | required: true
26 | type: string
27 | - name: source_name
28 | required: true
29 | type: string
30 | - name: cf_service_account_email
31 | required: true
32 | type: string
33 | - name: logging_project
34 | required: true
35 | type: string
36 | - name: dry_run
37 | required: true
38 | type: boolean
39 | - name: function_region
40 | required: true
41 | type: string
42 | - name: org_id
43 | required: true
44 | type: string
45 | - name: job_schedule
46 | required: true
47 | type: string
48 |
--------------------------------------------------------------------------------
/test/integration/computed_values/controls/gcp.rb:
--------------------------------------------------------------------------------
1 | # Copyright 2019 Google LLC
2 | #
3 | # Licensed under the Apache License, Version 2.0 (the "License");
4 | # you may not use this file except in compliance with the License.
5 | # You may obtain a copy of the License at
6 | #
7 | # https://www.apache.org/licenses/LICENSE-2.0
8 | #
9 | # Unless required by applicable law or agreed to in writing, software
10 | # distributed under the License is distributed on an "AS IS" BASIS,
11 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 | # See the License for the specific language governing permissions and
13 | # limitations under the License.
14 |
15 | log_export_map = attribute('log_export_map')
16 | destination_map = attribute('destination_map')
17 |
18 | control "gcp" do
19 | title "Log exports - testing computed values for parent_resource_id and project"
20 |
21 | describe google_storage_bucket(
22 | name: destination_map[:resource_name]
23 | ) do
24 | it { should exist }
25 | end
26 |
27 | describe google_logging_project_sink(
28 | project: log_export_map[:parent_resource_id],
29 | name: log_export_map[:log_sink_resource_name]
30 | ) do
31 | it { should exist }
32 | its('destination') { should eq destination_map[:destination_uri] }
33 | its('filter') { should eq log_export_map[:filter] }
34 | its('writer_identity') { should eq log_export_map[:writer_identity] }
35 | end
36 |
37 | describe google_storage_bucket_iam_binding(
38 | bucket: destination_map[:resource_name],
39 | role: "roles/storage.objectCreator",
40 | ) do
41 | it { should exist }
42 | its('members') { should include log_export_map[:writer_identity] }
43 | end
44 | end
45 |
--------------------------------------------------------------------------------
/test/integration/computed_values/inspec.yml:
--------------------------------------------------------------------------------
1 | # Copyright 2021 Google LLC
2 | #
3 | # Licensed under the Apache License, Version 2.0 (the "License");
4 | # you may not use this file except in compliance with the License.
5 | # You may obtain a copy of the License at
6 | #
7 | # http://www.apache.org/licenses/LICENSE-2.0
8 | #
9 | # Unless required by applicable law or agreed to in writing, software
10 | # distributed under the License is distributed on an "AS IS" BASIS,
11 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 | # See the License for the specific language governing permissions and
13 | # limitations under the License.
14 |
15 | name: computed_values
16 | depends:
17 | - name: inspec-gcp
18 | git: https://github.com/inspec/inspec-gcp.git
19 | tag: v1.8.0
20 | attributes:
21 | - name: log_export_map
22 | required: true
23 | type: hash
24 | - name: destination_map
25 | required: true
26 | type: hash
27 |
--------------------------------------------------------------------------------
/test/integration/discover_test.go:
--------------------------------------------------------------------------------
1 | // Copyright 2022 Google LLC
2 | //
3 | // Licensed under the Apache License, Version 2.0 (the "License");
4 | // you may not use this file except in compliance with the License.
5 | // You may obtain a copy of the License at
6 | //
7 | // http://www.apache.org/licenses/LICENSE-2.0
8 | //
9 | // Unless required by applicable law or agreed to in writing, software
10 | // distributed under the License is distributed on an "AS IS" BASIS,
11 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 | // See the License for the specific language governing permissions and
13 | // limitations under the License.
14 |
15 | package test
16 |
17 | import (
18 | // should be imported to enable testing for GO modules
19 | "testing"
20 |
21 | // should be imported to use terraform helpers in blueprints test framework
22 | "github.com/GoogleCloudPlatform/cloud-foundation-toolkit/infra/blueprint-test/pkg/tft"
23 | )
24 |
25 | // entry function for the test; can be named as Test*
26 | func TestAll(t *testing.T) {
27 | // the helper to autodiscover and test blueprint examples
28 | tft.AutoDiscoverAndTest(t)
29 | }
30 |
--------------------------------------------------------------------------------
/test/integration/pubsub/folder/controls/gcp.rb:
--------------------------------------------------------------------------------
1 | # Copyright 2019 Google LLC
2 | #
3 | # Licensed under the Apache License, Version 2.0 (the "License");
4 | # you may not use this file except in compliance with the License.
5 | # You may obtain a copy of the License at
6 | #
7 | # https://www.apache.org/licenses/LICENSE-2.0
8 | #
9 | # Unless required by applicable law or agreed to in writing, software
10 | # distributed under the License is distributed on an "AS IS" BASIS,
11 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 | # See the License for the specific language governing permissions and
13 | # limitations under the License.
14 |
15 | log_export_map = attribute('log_export_map')
16 | destination_map = attribute('destination_map')
17 |
18 | control "gcp" do
19 | title "Log exports - folder level pubsub destination - native resources"
20 |
21 | describe google_pubsub_topic(
22 | project: destination_map[:project],
23 | name: destination_map[:resource_name],
24 | ) do
25 | it { should exist }
26 | end
27 | end
28 |
--------------------------------------------------------------------------------
/test/integration/pubsub/folder/inspec.yml:
--------------------------------------------------------------------------------
1 | # Copyright 2021 Google LLC
2 | #
3 | # Licensed under the Apache License, Version 2.0 (the "License");
4 | # you may not use this file except in compliance with the License.
5 | # You may obtain a copy of the License at
6 | #
7 | # http://www.apache.org/licenses/LICENSE-2.0
8 | #
9 | # Unless required by applicable law or agreed to in writing, software
10 | # distributed under the License is distributed on an "AS IS" BASIS,
11 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 | # See the License for the specific language governing permissions and
13 | # limitations under the License.
14 |
15 | name: pubsub_folder
16 | depends:
17 | - name: inspec-gcp
18 | git: https://github.com/inspec/inspec-gcp.git
19 | tag: v1.8.0
20 | attributes:
21 | - name: log_export_map
22 | required: true
23 | type: hash
24 | - name: destination_map
25 | required: true
26 | type: hash
27 |
--------------------------------------------------------------------------------
/test/integration/pubsub/organization/controls/gcp.rb:
--------------------------------------------------------------------------------
1 | # Copyright 2019 Google LLC
2 | #
3 | # Licensed under the Apache License, Version 2.0 (the "License");
4 | # you may not use this file except in compliance with the License.
5 | # You may obtain a copy of the License at
6 | #
7 | # https://www.apache.org/licenses/LICENSE-2.0
8 | #
9 | # Unless required by applicable law or agreed to in writing, software
10 | # distributed under the License is distributed on an "AS IS" BASIS,
11 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 | # See the License for the specific language governing permissions and
13 | # limitations under the License.
14 |
15 | log_export_map = attribute('log_export_map')
16 | destination_map = attribute('destination_map')
17 |
18 | control "gcp" do
19 | title "Log exports - organization level pubsub destination - native resources"
20 |
21 | describe google_pubsub_topic(
22 | project: destination_map[:project],
23 | name: destination_map[:resource_name],
24 | ) do
25 | it { should exist }
26 | end
27 | end
28 |
--------------------------------------------------------------------------------
/test/integration/pubsub/organization/inspec.yml:
--------------------------------------------------------------------------------
1 | # Copyright 2021 Google LLC
2 | #
3 | # Licensed under the Apache License, Version 2.0 (the "License");
4 | # you may not use this file except in compliance with the License.
5 | # You may obtain a copy of the License at
6 | #
7 | # http://www.apache.org/licenses/LICENSE-2.0
8 | #
9 | # Unless required by applicable law or agreed to in writing, software
10 | # distributed under the License is distributed on an "AS IS" BASIS,
11 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 | # See the License for the specific language governing permissions and
13 | # limitations under the License.
14 |
15 | name: pubsub_organization
16 | depends:
17 | - name: inspec-gcp
18 | git: https://github.com/inspec/inspec-gcp.git
19 | tag: v1.8.0
20 | attributes:
21 | - name: log_export_map
22 | required: true
23 | type: hash
24 | - name: destination_map
25 | required: true
26 | type: hash
27 |
--------------------------------------------------------------------------------
/test/integration/pubsub/project/controls/gcloud.rb:
--------------------------------------------------------------------------------
1 | # Copyright 2019 Google LLC
2 | #
3 | # Licensed under the Apache License, Version 2.0 (the "License");
4 | # you may not use this file except in compliance with the License.
5 | # You may obtain a copy of the License at
6 | #
7 | # https://www.apache.org/licenses/LICENSE-2.0
8 | #
9 | # Unless required by applicable law or agreed to in writing, software
10 | # distributed under the License is distributed on an "AS IS" BASIS,
11 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 | # See the License for the specific language governing permissions and
13 | # limitations under the License.
14 |
15 | log_export_map = attribute('log_export_map')
16 | destination_map = attribute('destination_map')
17 |
18 | control "gcloud" do
19 | title "Log exports - project level pubsub destination - gcloud commands"
20 |
21 | describe command("gcloud beta pubsub topics get-iam-policy #{destination_map[:resource_name]} --project #{destination_map[:project]} --format json") do
22 | its('exit_status') { should eq 0 }
23 | its('stderr') { should eq '' }
24 | let(:bindings) do
25 | if subject.exit_status == 0
26 | JSON.parse(subject.stdout, symbolize_names: true)[:bindings]
27 | else
28 | []
29 | end
30 | end
31 |
32 | it "does include #{log_export_map[:writer_identity]} in the roles/pubsub.publisher IAM binding" do
33 | expect(bindings).to include(
34 | members: including("#{log_export_map[:writer_identity]}"),
35 | role: "roles/pubsub.publisher"
36 | )
37 | end
38 | end
39 | end
40 |
--------------------------------------------------------------------------------
/test/integration/pubsub/project/controls/gcp.rb:
--------------------------------------------------------------------------------
1 | # Copyright 2019 Google LLC
2 | #
3 | # Licensed under the Apache License, Version 2.0 (the "License");
4 | # you may not use this file except in compliance with the License.
5 | # You may obtain a copy of the License at
6 | #
7 | # https://www.apache.org/licenses/LICENSE-2.0
8 | #
9 | # Unless required by applicable law or agreed to in writing, software
10 | # distributed under the License is distributed on an "AS IS" BASIS,
11 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 | # See the License for the specific language governing permissions and
13 | # limitations under the License.
14 |
15 | log_export_map = attribute('log_export_map')
16 | destination_map = attribute('destination_map')
17 |
18 | control "gcp" do
19 | title "Log exports - project level pubsub destination - native resources"
20 |
21 | describe google_pubsub_topic(
22 | project: destination_map[:project],
23 | name: destination_map[:resource_name],
24 | ) do
25 | it { should exist }
26 | end
27 |
28 | describe google_logging_project_sink(
29 | project: log_export_map[:parent_resource_id],
30 | name: log_export_map[:log_sink_resource_name]
31 | ) do
32 | it { should exist }
33 | its('destination') { should eq destination_map[:destination_uri] }
34 | its('filter') { should eq log_export_map[:filter] }
35 | its('writer_identity') { should eq log_export_map[:writer_identity] }
36 | end
37 | end
38 |
--------------------------------------------------------------------------------
/test/integration/pubsub/project/inspec.yml:
--------------------------------------------------------------------------------
1 | # Copyright 2021 Google LLC
2 | #
3 | # Licensed under the Apache License, Version 2.0 (the "License");
4 | # you may not use this file except in compliance with the License.
5 | # You may obtain a copy of the License at
6 | #
7 | # http://www.apache.org/licenses/LICENSE-2.0
8 | #
9 | # Unless required by applicable law or agreed to in writing, software
10 | # distributed under the License is distributed on an "AS IS" BASIS,
11 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 | # See the License for the specific language governing permissions and
13 | # limitations under the License.
14 |
15 | name: pubsub_project
16 | depends:
17 | - name: inspec-gcp
18 | git: https://github.com/inspec/inspec-gcp.git
19 | tag: v1.8.0
20 | attributes:
21 | - name: log_export_map
22 | required: true
23 | type: hash
24 | - name: destination_map
25 | required: true
26 | type: hash
27 |
--------------------------------------------------------------------------------
/test/integration/storage/folder/controls/gcp.rb:
--------------------------------------------------------------------------------
1 | # Copyright 2019 Google LLC
2 | #
3 | # Licensed under the Apache License, Version 2.0 (the "License");
4 | # you may not use this file except in compliance with the License.
5 | # You may obtain a copy of the License at
6 | #
7 | # https://www.apache.org/licenses/LICENSE-2.0
8 | #
9 | # Unless required by applicable law or agreed to in writing, software
10 | # distributed under the License is distributed on an "AS IS" BASIS,
11 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 | # See the License for the specific language governing permissions and
13 | # limitations under the License.
14 |
15 | log_export_map = attribute('log_export_map')
16 | destination_map = attribute('destination_map')
17 |
18 | control "gcp" do
19 | title "Log exports - folder level storage destination - native resources"
20 |
21 | describe google_storage_bucket(
22 | name: destination_map[:resource_name]
23 | ) do
24 | it { should exist }
25 | end
26 |
27 | describe google_storage_bucket_iam_binding(
28 | bucket: destination_map[:resource_name],
29 | role: "roles/storage.objectCreator",
30 | ) do
31 | it { should exist }
32 | its('members') { should include log_export_map[:writer_identity] }
33 | end
34 | end
35 |
--------------------------------------------------------------------------------
/test/integration/storage/folder/inspec.yml:
--------------------------------------------------------------------------------
1 | # Copyright 2021 Google LLC
2 | #
3 | # Licensed under the Apache License, Version 2.0 (the "License");
4 | # you may not use this file except in compliance with the License.
5 | # You may obtain a copy of the License at
6 | #
7 | # http://www.apache.org/licenses/LICENSE-2.0
8 | #
9 | # Unless required by applicable law or agreed to in writing, software
10 | # distributed under the License is distributed on an "AS IS" BASIS,
11 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 | # See the License for the specific language governing permissions and
13 | # limitations under the License.
14 |
15 | name: storage_folder
16 | depends:
17 | - name: inspec-gcp
18 | git: https://github.com/inspec/inspec-gcp.git
19 | tag: v1.8.0
20 | attributes:
21 | - name: log_export_map
22 | required: true
23 | type: hash
24 | - name: destination_map
25 | required: true
26 | type: hash
27 |
--------------------------------------------------------------------------------
/test/integration/storage/organization/controls/gcp.rb:
--------------------------------------------------------------------------------
1 | # Copyright 2019 Google LLC
2 | #
3 | # Licensed under the Apache License, Version 2.0 (the "License");
4 | # you may not use this file except in compliance with the License.
5 | # You may obtain a copy of the License at
6 | #
7 | # https://www.apache.org/licenses/LICENSE-2.0
8 | #
9 | # Unless required by applicable law or agreed to in writing, software
10 | # distributed under the License is distributed on an "AS IS" BASIS,
11 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 | # See the License for the specific language governing permissions and
13 | # limitations under the License.
14 |
15 | log_export_map = attribute('log_export_map')
16 | destination_map = attribute('destination_map')
17 |
18 | control "gcp" do
19 | title "Log exports - organization level storage destination - native resources"
20 |
21 | describe google_storage_bucket(
22 | name: destination_map[:resource_name]
23 | ) do
24 | it { should exist }
25 | end
26 |
27 | describe google_storage_bucket_iam_binding(
28 | bucket: destination_map[:resource_name],
29 | role: "roles/storage.objectCreator",
30 | ) do
31 | it { should exist }
32 | its('members') { should include log_export_map[:writer_identity] }
33 | end
34 | end
35 |
--------------------------------------------------------------------------------
/test/integration/storage/organization/inspec.yml:
--------------------------------------------------------------------------------
1 | # Copyright 2021 Google LLC
2 | #
3 | # Licensed under the Apache License, Version 2.0 (the "License");
4 | # you may not use this file except in compliance with the License.
5 | # You may obtain a copy of the License at
6 | #
7 | # http://www.apache.org/licenses/LICENSE-2.0
8 | #
9 | # Unless required by applicable law or agreed to in writing, software
10 | # distributed under the License is distributed on an "AS IS" BASIS,
11 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 | # See the License for the specific language governing permissions and
13 | # limitations under the License.
14 |
15 | name: storage_organization
16 | depends:
17 | - name: inspec-gcp
18 | git: https://github.com/inspec/inspec-gcp.git
19 | tag: v1.8.0
20 | attributes:
21 | - name: log_export_map
22 | required: true
23 | type: hash
24 | - name: destination_map
25 | required: true
26 | type: hash
27 |
--------------------------------------------------------------------------------
/test/integration/storage/project/controls/gcp.rb:
--------------------------------------------------------------------------------
1 | # Copyright 2019 Google LLC
2 | #
3 | # Licensed under the Apache License, Version 2.0 (the "License");
4 | # you may not use this file except in compliance with the License.
5 | # You may obtain a copy of the License at
6 | #
7 | # https://www.apache.org/licenses/LICENSE-2.0
8 | #
9 | # Unless required by applicable law or agreed to in writing, software
10 | # distributed under the License is distributed on an "AS IS" BASIS,
11 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 | # See the License for the specific language governing permissions and
13 | # limitations under the License.
14 |
15 | log_export_map = attribute('log_export_map')
16 | destination_map = attribute('destination_map')
17 |
18 | control "gcp" do
19 | title "Log exports - project level storage destination"
20 |
21 | describe google_storage_bucket(
22 | name: destination_map[:resource_name]
23 | ) do
24 | it { should exist }
25 | end
26 |
27 | describe google_logging_project_sink(
28 | project: log_export_map[:parent_resource_id],
29 | name: log_export_map[:log_sink_resource_name]
30 | ) do
31 | it { should exist }
32 | its('destination') { should eq destination_map[:destination_uri] }
33 | its('filter') { should eq log_export_map[:filter] }
34 | its('writer_identity') { should eq log_export_map[:writer_identity] }
35 | end
36 |
37 | describe google_storage_bucket_iam_binding(
38 | bucket: destination_map[:resource_name],
39 | role: "roles/storage.objectCreator",
40 | ) do
41 | it { should exist }
42 | its('members') { should include log_export_map[:writer_identity] }
43 | end
44 | end
45 |
--------------------------------------------------------------------------------
/test/integration/storage/project/inspec.yml:
--------------------------------------------------------------------------------
1 | # Copyright 2021 Google LLC
2 | #
3 | # Licensed under the Apache License, Version 2.0 (the "License");
4 | # you may not use this file except in compliance with the License.
5 | # You may obtain a copy of the License at
6 | #
7 | # http://www.apache.org/licenses/LICENSE-2.0
8 | #
9 | # Unless required by applicable law or agreed to in writing, software
10 | # distributed under the License is distributed on an "AS IS" BASIS,
11 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 | # See the License for the specific language governing permissions and
13 | # limitations under the License.
14 |
15 | name: storage_project
16 | depends:
17 | - name: inspec-gcp
18 | git: https://github.com/inspec/inspec-gcp.git
19 | tag: v1.8.0
20 | attributes:
21 | - name: log_export_map
22 | required: true
23 | type: hash
24 | - name: destination_map
25 | required: true
26 | type: hash
27 |
--------------------------------------------------------------------------------
/test/setup/.gitignore:
--------------------------------------------------------------------------------
1 | terraform.tfvars
2 |
--------------------------------------------------------------------------------
/test/setup/outputs.tf:
--------------------------------------------------------------------------------
1 | /**
2 | * Copyright 2024 Google LLC
3 | *
4 | * Licensed under the Apache License, Version 2.0 (the "License");
5 | * you may not use this file except in compliance with the License.
6 | * You may obtain a copy of the License at
7 | *
8 | * http://www.apache.org/licenses/LICENSE-2.0
9 | *
10 | * Unless required by applicable law or agreed to in writing, software
11 | * distributed under the License is distributed on an "AS IS" BASIS,
12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 | * See the License for the specific language governing permissions and
14 | * limitations under the License.
15 | */
16 |
17 | output "project_id" {
18 | value = module.project.project_id
19 | }
20 |
21 | output "sa_key" {
22 | value = google_service_account_key.int_test.private_key
23 | sensitive = true
24 | }
25 |
26 | output "parent_resource_project" {
27 | value = module.project.project_id
28 | }
29 |
30 | output "parent_resource_folder" {
31 | value = var.folder_id
32 | }
33 |
34 | output "parent_resource_billing_account" {
35 | value = var.billing_account
36 | }
37 |
38 | output "parent_resource_organization" {
39 | value = var.org_id
40 | }
41 |
42 | output "project_destination_logbkt_id" {
43 | value = module.project_destination_logbkt.project_id
44 | }
45 |
--------------------------------------------------------------------------------
/test/setup/variables.tf:
--------------------------------------------------------------------------------
1 | /**
2 | * Copyright 2024 Google LLC
3 | *
4 | * Licensed under the Apache License, Version 2.0 (the "License");
5 | * you may not use this file except in compliance with the License.
6 | * You may obtain a copy of the License at
7 | *
8 | * http://www.apache.org/licenses/LICENSE-2.0
9 | *
10 | * Unless required by applicable law or agreed to in writing, software
11 | * distributed under the License is distributed on an "AS IS" BASIS,
12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 | * See the License for the specific language governing permissions and
14 | * limitations under the License.
15 | */
16 | variable "org_id" {
17 | description = "The numeric organization id"
18 | type = string
19 | }
20 |
21 | variable "folder_id" {
22 | description = "The folder to deploy in"
23 | type = string
24 | }
25 |
26 | variable "billing_account" {
27 | description = "The billing account id associated with the project, e.g. XXXXXX-YYYYYY-ZZZZZZ"
28 | type = string
29 | }
30 |
--------------------------------------------------------------------------------
/test/setup/versions.tf:
--------------------------------------------------------------------------------
1 | /**
2 | * Copyright 2024 Google LLC
3 | *
4 | * Licensed under the Apache License, Version 2.0 (the "License");
5 | * you may not use this file except in compliance with the License.
6 | * You may obtain a copy of the License at
7 | *
8 | * http://www.apache.org/licenses/LICENSE-2.0
9 | *
10 | * Unless required by applicable law or agreed to in writing, software
11 | * distributed under the License is distributed on an "AS IS" BASIS,
12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 | * See the License for the specific language governing permissions and
14 | * limitations under the License.
15 | */
16 |
17 | terraform {
18 | required_version = ">= 1.3"
19 | required_providers {
20 | google = {
21 | source = "hashicorp/google"
22 | version = ">= 3.53.0, < 8"
23 | }
24 | google-beta = {
25 | source = "hashicorp/google-beta"
26 | version = ">= 3.53.0, < 8"
27 | }
28 | null = {
29 | source = "hashicorp/null"
30 | }
31 | }
32 | }
33 |
--------------------------------------------------------------------------------
/versions.tf:
--------------------------------------------------------------------------------
1 | /**
2 | * Copyright 2024 Google LLC
3 | *
4 | * Licensed under the Apache License, Version 2.0 (the "License");
5 | * you may not use this file except in compliance with the License.
6 | * You may obtain a copy of the License at
7 | *
8 | * http://www.apache.org/licenses/LICENSE-2.0
9 | *
10 | * Unless required by applicable law or agreed to in writing, software
11 | * distributed under the License is distributed on an "AS IS" BASIS,
12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 | * See the License for the specific language governing permissions and
14 | * limitations under the License.
15 | */
16 |
17 | terraform {
18 | required_version = ">= 1.3"
19 | required_providers {
20 |
21 | google = {
22 | source = "hashicorp/google"
23 | version = ">= 5.27, < 8"
24 | }
25 | }
26 |
27 | provider_meta "google" {
28 | module_name = "blueprints/terraform/terraform-google-log-export/v11.1.0"
29 | }
30 |
31 | }
32 |
--------------------------------------------------------------------------------