Add doc and example for google_organization_iam_audit_config. (#2788)

Merged PR #2788.
GoogleCloudPlatform · Dec 6, 2019 · 2a66927 · 2a66927
1 parent abb754d
commit 2a66927
Show file tree

Hide file tree

Showing 5 changed files with 62 additions and 4 deletions.
diff --git a/build/terraform b/build/terraform
diff --git a/build/terraform-beta b/build/terraform-beta
diff --git a/third_party/terraform/tests/resource_google_organization_iam_audit_config_test.go b/third_party/terraform/tests/resource_google_organization_iam_audit_config_test.go
@@ -247,7 +247,7 @@ resource "google_organization_iam_audit_config" "acceptance" {
   audit_log_config {
     log_type = "DATA_READ"
     exempted_members = [
-		  "user:paddy@hashicorp.com",
+      "user:paddy@hashicorp.com",
       "user:paddy@carvers.co",
     ]
   }
@@ -263,7 +263,7 @@ resource "google_organization_iam_audit_config" "acceptance" {
   audit_log_config {
     log_type = "DATA_READ"
     exempted_members = [
-		  "user:paddy@hashicorp.com",
+      "user:paddy@hashicorp.com",
       "user:paddy@carvers.co",
     ]
   }

diff --git a/third_party/terraform/website-compiled/google.erb b/third_party/terraform/website-compiled/google.erb
@@ -398,6 +398,9 @@
       <li<%%= sidebar_current("docs-google-organization-policy") %>>
         <a href="/docs/providers/google/r/google_organization_policy.html">google_organization_policy</a>
       </li>
+      <li<%%= sidebar_current("docs-google-organization-iam-audit-config") %>>
+        <a href="/docs/providers/google/r/google_organization_iam_audit_config.html">google_organization_iam_audit_config</a>
+      </li>
       <li<%%= sidebar_current("docs-google-organization-iam-binding") %>>
         <a href="/docs/providers/google/r/google_organization_iam_binding.html">google_organization_iam_binding</a>
       </li>

diff --git a/...rty/terraform/website/docs/r/google_organization_iam_audit_config.html.markdown b/...rty/terraform/website/docs/r/google_organization_iam_audit_config.html.markdown
@@ -0,0 +1,55 @@
+---
+subcategory: "Cloud Platform"
+layout: "google"
+page_title: "Google: google_organization_iam_audit_config"
+sidebar_current: "docs-google-organization-iam-audit-config"
+description: |-
+ Allows management of audit logging config for a given service for a Google Cloud Platform Organization.
+---
+
+## google\_organization\_iam\_audit\_config
+
+Allows management of audit logging config for a given service for a Google Cloud Platform Organization.
+
+```hcl
+resource "google_organization_iam_audit_config" "config" {
+  org_id = "your-organization-id"
+  service = "allServices"
+  audit_log_config {
+    log_type = "DATA_READ"
+    exempted_members = [
+      "user:joebloggs@hashicorp.com",
+    ]
+  }
+}
+```
+
+## Argument Reference
+
+The following arguments are supported:
+
+* `org_id` - (Required) The numeric ID of the organization in which you want to manage the audit logging config.
+
+* `service` - (Required) Service which will be enabled for audit logging.  The special value `allServices` covers all services.  Note that if there are google\_organization\_iam\_audit\_config resources covering both `allServices` and a specific service then the union of the two AuditConfigs is used for that service: the `log_types` specified in each `audit_log_config` are enabled, and the `exempted_members` in each `audit_log_config` are exempted.
+
+* `audit_log_config` - (Required) The configuration for logging of each type of permission.  This can be specified multiple times.  Structure is documented below.
+
+---
+
+The `audit_log_config` block supports:
+
+* `log_type` - (Required) Permission type for which logging is to be configured.  Must be one of `DATA_READ`, `DATA_WRITE`, or `ADMIN_READ`.
+
+* `exempted_members` - (Optional) Identities that do not cause logging for this type of permission.
+  Each entry can have one of the following values:
+  * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.
+  * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.
+  * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.
+  * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.
+
+## Import
+IAM audit config imports use the identifier of the resource in question and the service, e.g.
+
+```
+terraform import google_organization_iam_audit_config.config "your-organization-id foo.googleapis.com"
+```