From 2a66927a6c656e6f60202126646a24431ffa2e70 Mon Sep 17 00:00:00 2001 From: Xin Date: Thu, 5 Dec 2019 19:30:13 -0500 Subject: [PATCH] Add doc and example for google_organization_iam_audit_config. (#2788) Merged PR #2788. --- build/terraform | 2 +- build/terraform-beta | 2 +- ...ogle_organization_iam_audit_config_test.go | 4 +- .../terraform/website-compiled/google.erb | 3 + ...rganization_iam_audit_config.html.markdown | 55 +++++++++++++++++++ 5 files changed, 62 insertions(+), 4 deletions(-) create mode 100644 third_party/terraform/website/docs/r/google_organization_iam_audit_config.html.markdown diff --git a/build/terraform b/build/terraform index d7aad474f65f..0473ea081b92 160000 --- a/build/terraform +++ b/build/terraform @@ -1 +1 @@ -Subproject commit d7aad474f65f206eda91a19e9b28894cd7546260 +Subproject commit 0473ea081b9200f0606258f097a535875eb37802 diff --git a/build/terraform-beta b/build/terraform-beta index 4cdc2cffbf75..2655373eed4a 160000 --- a/build/terraform-beta +++ b/build/terraform-beta @@ -1 +1 @@ -Subproject commit 4cdc2cffbf75756286a705961b2b77204d4b1cc4 +Subproject commit 2655373eed4a29caa67805d41f6e2faa51542564 diff --git a/third_party/terraform/tests/resource_google_organization_iam_audit_config_test.go b/third_party/terraform/tests/resource_google_organization_iam_audit_config_test.go index dc54f8b12837..e5416da6cd14 100644 --- a/third_party/terraform/tests/resource_google_organization_iam_audit_config_test.go +++ b/third_party/terraform/tests/resource_google_organization_iam_audit_config_test.go @@ -247,7 +247,7 @@ resource "google_organization_iam_audit_config" "acceptance" { audit_log_config { log_type = "DATA_READ" exempted_members = [ - "user:paddy@hashicorp.com", + "user:paddy@hashicorp.com", "user:paddy@carvers.co", ] } @@ -263,7 +263,7 @@ resource "google_organization_iam_audit_config" "acceptance" { audit_log_config { log_type = "DATA_READ" exempted_members = [ - "user:paddy@hashicorp.com", + "user:paddy@hashicorp.com", "user:paddy@carvers.co", ] } diff --git a/third_party/terraform/website-compiled/google.erb b/third_party/terraform/website-compiled/google.erb index 77ead74d1f5c..154a695487cd 100644 --- a/third_party/terraform/website-compiled/google.erb +++ b/third_party/terraform/website-compiled/google.erb @@ -398,6 +398,9 @@ > google_organization_policy + > + google_organization_iam_audit_config + > google_organization_iam_binding diff --git a/third_party/terraform/website/docs/r/google_organization_iam_audit_config.html.markdown b/third_party/terraform/website/docs/r/google_organization_iam_audit_config.html.markdown new file mode 100644 index 000000000000..3dc2559f891b --- /dev/null +++ b/third_party/terraform/website/docs/r/google_organization_iam_audit_config.html.markdown @@ -0,0 +1,55 @@ +--- +subcategory: "Cloud Platform" +layout: "google" +page_title: "Google: google_organization_iam_audit_config" +sidebar_current: "docs-google-organization-iam-audit-config" +description: |- + Allows management of audit logging config for a given service for a Google Cloud Platform Organization. +--- + +## google\_organization\_iam\_audit\_config + +Allows management of audit logging config for a given service for a Google Cloud Platform Organization. + +```hcl +resource "google_organization_iam_audit_config" "config" { + org_id = "your-organization-id" + service = "allServices" + audit_log_config { + log_type = "DATA_READ" + exempted_members = [ + "user:joebloggs@hashicorp.com", + ] + } +} +``` + +## Argument Reference + +The following arguments are supported: + +* `org_id` - (Required) The numeric ID of the organization in which you want to manage the audit logging config. + +* `service` - (Required) Service which will be enabled for audit logging. The special value `allServices` covers all services. Note that if there are google\_organization\_iam\_audit\_config resources covering both `allServices` and a specific service then the union of the two AuditConfigs is used for that service: the `log_types` specified in each `audit_log_config` are enabled, and the `exempted_members` in each `audit_log_config` are exempted. + +* `audit_log_config` - (Required) The configuration for logging of each type of permission. This can be specified multiple times. Structure is documented below. + +--- + +The `audit_log_config` block supports: + +* `log_type` - (Required) Permission type for which logging is to be configured. Must be one of `DATA_READ`, `DATA_WRITE`, or `ADMIN_READ`. + +* `exempted_members` - (Optional) Identities that do not cause logging for this type of permission. + Each entry can have one of the following values: + * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + +## Import +IAM audit config imports use the identifier of the resource in question and the service, e.g. + +``` +terraform import google_organization_iam_audit_config.config "your-organization-id foo.googleapis.com" +```