Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

feat: add support for Log Analytics in log bucket destination #179

3 changes: 3 additions & 0 deletions modules/logbucket/README.md
Original file line number Diff line number Diff line change
Expand Up @@ -37,7 +37,10 @@ module "destination" {

| Name | Description | Type | Default | Required |
|------|-------------|------|---------|:--------:|
| enable\_analytics | (Optional) Whether or not Log Analytics is enabled. A Log bucket with Log Analytics enabled can be queried in the Log Analytics page using SQL queries. Cannot be disabled once enabled. | `bool` | `false` | no |
| grant\_write\_permission\_on\_bkt | (Optional) Indicates whether the module is responsible for granting write permission on the logbucket. This permission will be given by default, but if the user wants, this module can skip this step. This is the case when the sink route logs to a log bucket in the same Cloud project, no new service account will be created and this module will need to bypass granting permissions. | `bool` | `true` | no |
| link\_analytics\_dataset | (Optional) Whether or not to link a BigQuery dataset to the Log Analytics | `bool` | `false` | no |
| linked\_dataset\_id | The ID of the linked BigQuery dataset. | `string` | `"log_analytics_dataset"` | no |
| location | The location of the log bucket. | `string` | `"global"` | no |
| log\_sink\_writer\_identity | The service account that logging uses to write log entries to the destination. (This is available as an output coming from the root module). | `string` | n/a | yes |
| name | The name of the log bucket to be created and used for log entries matching the filter. | `string` | n/a | yes |
Expand Down
21 changes: 17 additions & 4 deletions modules/logbucket/main.tf
Original file line number Diff line number Diff line change
Expand Up @@ -33,10 +33,23 @@ resource "google_project_service" "enable_destination_api" {
#------------#

resource "google_logging_project_bucket_config" "bucket" {
project = google_project_service.enable_destination_api.project
location = var.location
retention_days = var.retention_days
bucket_id = var.name
project = google_project_service.enable_destination_api.project
location = var.location
retention_days = var.retention_days
enable_analytics = var.enable_analytics
bucket_id = var.name
}

#-------------------------#
# Linked BigQuery dataset #
#-------------------------#

resource "google_logging_linked_dataset" "linked_dataset" {
daniel-cit marked this conversation as resolved.
Show resolved Hide resolved
count = var.enable_analytics && var.link_analytics_dataset ? 1 : 0

link_id = var.linked_dataset_id
bucket = google_logging_project_bucket_config.bucket.id
location = var.location
}

#--------------------------------#
Expand Down
15 changes: 15 additions & 0 deletions modules/logbucket/metadata.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -65,11 +65,26 @@ spec:
- name: splunk-sink
location: examples/splunk-sink
variables:
- name: enable_analytics
description: (Optional) Whether or not Log Analytics is enabled. A Log bucket with Log Analytics enabled can be queried in the Log Analytics page using SQL queries. Cannot be disabled once enabled.
type: bool
default: false
required: false
- name: grant_write_permission_on_bkt
description: (Optional) Indicates whether the module is responsible for granting write permission on the logbucket. This permission will be given by default, but if the user wants, this module can skip this step. This is the case when the sink route logs to a log bucket in the same Cloud project, no new service account will be created and this module will need to bypass granting permissions.
type: bool
default: true
required: false
- name: link_analytics_dataset
description: (Optional) Whether or not to link a BigQuery dataset to the Log Analytics
type: bool
default: false
required: false
- name: linked_dataset_id
description: The ID of the linked BigQuery dataset.
type: string
default: log_analytics_dataset
required: false
- name: location
description: The location of the log bucket.
type: string
Expand Down
18 changes: 18 additions & 0 deletions modules/logbucket/variables.tf
Original file line number Diff line number Diff line change
Expand Up @@ -46,3 +46,21 @@ variable "grant_write_permission_on_bkt" {
type = bool
default = true
}

variable "enable_analytics" {
description = "(Optional) Whether or not Log Analytics is enabled. A Log bucket with Log Analytics enabled can be queried in the Log Analytics page using SQL queries. Cannot be disabled once enabled."
type = bool
default = false
}

variable "link_analytics_dataset" {
daniel-cit marked this conversation as resolved.
Show resolved Hide resolved
description = "(Optional) Whether or not to link a BigQuery dataset to the Log Analytics"
type = bool
default = false
}

variable "linked_dataset_id" {
description = "The ID of the linked BigQuery dataset."
type = string
default = "log_analytics_dataset"
}
2 changes: 1 addition & 1 deletion modules/logbucket/versions.tf
Original file line number Diff line number Diff line change
Expand Up @@ -20,7 +20,7 @@ terraform {

google = {
source = "hashicorp/google"
version = ">= 3.53, < 6"
version = ">= 4.59, < 6"
}
}

Expand Down