From c50b261842d1912d579ff892071e120199b73afa Mon Sep 17 00:00:00 2001 From: Zach Berger Date: Mon, 27 Nov 2023 13:03:44 -0800 Subject: [PATCH 1/4] Add Logging Settings datasources. --- .../provider/provider_mmv1_resources.go.erb | 3 + ...a_source_google_logging_folder_settings.go | 100 ++++++++++++++++++ ...rce_google_logging_folder_settings_test.go | 46 ++++++++ ...ce_google_logging_organization_settings.go | 100 ++++++++++++++++++ ...ogle_logging_organization_settings_test.go | 40 +++++++ ..._source_google_logging_project_settings.go | 99 +++++++++++++++++ ...ce_google_logging_project_settings_test.go | 54 ++++++++++ 7 files changed, 442 insertions(+) create mode 100644 mmv1/third_party/terraform/services/logging/data_source_google_logging_folder_settings.go create mode 100644 mmv1/third_party/terraform/services/logging/data_source_google_logging_folder_settings_test.go create mode 100644 mmv1/third_party/terraform/services/logging/data_source_google_logging_organization_settings.go create mode 100644 mmv1/third_party/terraform/services/logging/data_source_google_logging_organization_settings_test.go create mode 100644 mmv1/third_party/terraform/services/logging/data_source_google_logging_project_settings.go create mode 100644 mmv1/third_party/terraform/services/logging/data_source_google_logging_project_settings_test.go diff --git a/mmv1/third_party/terraform/provider/provider_mmv1_resources.go.erb b/mmv1/third_party/terraform/provider/provider_mmv1_resources.go.erb index 6a06e716b915..95f4ff856111 100644 --- a/mmv1/third_party/terraform/provider/provider_mmv1_resources.go.erb +++ b/mmv1/third_party/terraform/provider/provider_mmv1_resources.go.erb @@ -139,7 +139,10 @@ var handwrittenDatasources = map[string]*schema.Resource{ "google_folder": resourcemanager.DataSourceGoogleFolder(), "google_folders": resourcemanager.DataSourceGoogleFolders(), "google_folder_organization_policy": resourcemanager.DataSourceGoogleFolderOrganizationPolicy(), + "google_logging_folder_settings": logging.DataSourceGoogleLoggingFolderSettings(), + "google_logging_organization_settings": logging.DataSourceGoogleLoggingOrganizationSettings(), "google_logging_project_cmek_settings": logging.DataSourceGoogleLoggingProjectCmekSettings(), + "google_logging_project_settings": logging.DataSourceGoogleLoggingProjectSettings(), "google_logging_sink": logging.DataSourceGoogleLoggingSink(), "google_monitoring_notification_channel": monitoring.DataSourceMonitoringNotificationChannel(), "google_monitoring_cluster_istio_service": monitoring.DataSourceMonitoringServiceClusterIstio(), diff --git a/mmv1/third_party/terraform/services/logging/data_source_google_logging_folder_settings.go b/mmv1/third_party/terraform/services/logging/data_source_google_logging_folder_settings.go new file mode 100644 index 000000000000..7fa967e213bf --- /dev/null +++ b/mmv1/third_party/terraform/services/logging/data_source_google_logging_folder_settings.go @@ -0,0 +1,100 @@ +package logging + +import ( + "fmt" + + "github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema" + "github.com/hashicorp/terraform-provider-google/google/tpgresource" + transport_tpg "github.com/hashicorp/terraform-provider-google/google/transport" +) + +func DataSourceGoogleLoggingFolderSettings() *schema.Resource { + return &schema.Resource{ + Read: dataSourceGoogleLoggingFolderSettingsRead, + Schema: map[string]*schema.Schema{ + "folder": { + Type: schema.TypeString, + Required: true, + Description: `The folder for which to retrieve settings.`, + }, + "disable_default_sink": { + Type: schema.TypeBool, + Computed: true, + Description: `If set to true, the _Default sink in newly created projects and folders will created in a disabled state. This can be used to automatically disable log storage if there is already an aggregated sink configured in the hierarchy. The _Default sink can be re-enabled manually if needed.`, + }, + "kms_key_name": { + Type: schema.TypeString, + Optional: true, + Description: `The resource name for the configured Cloud KMS key. + KMS key name format: + "projects/[PROJECT_ID]/locations/[LOCATION]/keyRings/[KEYRING]/cryptoKeys/[KEY]" + To enable CMEK for the bucket, set this field to a valid kmsKeyName for which the associated service account has the required cloudkms.cryptoKeyEncrypterDecrypter roles assigned for the key. + The Cloud KMS key used by the bucket can be updated by changing the kmsKeyName to a new valid key name. Encryption operations that are in progress will be completed with the key that was in use when they started. Decryption operations will be completed using the key that was used at the time of encryption unless access to that key has been revoked. + See [Enabling CMEK for Logging Buckets](https://cloud.google.com/logging/docs/routing/managed-encryption-storage) for more information.`, + }, + "storage_location": { + Type: schema.TypeString, + Computed: true, + Description: `The storage location that Cloud Logging will use to create new resources when a location is needed but not explicitly provided.`, + }, + "kms_service_account_id": { + Type: schema.TypeString, + Computed: true, + Description: `The service account associated with a project for which CMEK will apply. + Before enabling CMEK for a logging bucket, you must first assign the cloudkms.cryptoKeyEncrypterDecrypter role to the service account associated with the project for which CMEK will apply. Use [v2.getCmekSettings](https://cloud.google.com/logging/docs/reference/v2/rest/v2/TopLevel/getCmekSettings#google.logging.v2.ConfigServiceV2.GetCmekSettings) to obtain the service account ID. + See [Enabling CMEK for Logging Buckets](https://cloud.google.com/logging/docs/routing/managed-encryption-storage) for more information.`, + }, + "logging_service_account_id": { + Type: schema.TypeString, + Computed: true, + Description: `The service account for the given container. Sinks use this service account as their writerIdentity if no custom service account is provided.`, + }, + "name": { + Type: schema.TypeString, + Computed: true, + Description: `The resource name of the CMEK settings.`, + }, + }, + } +} + +func dataSourceGoogleLoggingFolderSettingsRead(d *schema.ResourceData, meta interface{}) error { + config := meta.(*transport_tpg.Config) + userAgent, err := tpgresource.GenerateUserAgentString(d, config.UserAgent) + if err != nil { + return err + } + + folder := d.Get("folder").(string) + res, err := config.NewLoggingClient(userAgent).Folders.GetSettings(fmt.Sprintf("folders/%s", folder)).Do() + if err != nil { + return transport_tpg.HandleDataSourceNotFoundError(err, d, fmt.Sprintf("LoggingFolderSettings %q", d.Id()), d.Id()) + } + + d.SetId(fmt.Sprintf("folders/%s/settings", folder)) + + if err := d.Set("folder", folder); err != nil { + return fmt.Errorf("Error reading FolderSettings: %s", err) + } + + if err := d.Set("name", res.Name); err != nil { + return fmt.Errorf("Error reading FolderSettings: %s", err) + } + if err := d.Set("disable_default_sink", res.DisableDefaultSink); err != nil { + return fmt.Errorf("Error reading FolderSettings: %s", err) + } + if err := d.Set("kms_key_name", res.KmsKeyName); err != nil { + return fmt.Errorf("Error reading FolderSettings: %s", err) + } + if err := d.Set("storage_location", res.StorageLocation); err != nil { + return fmt.Errorf("Error reading FolderSettings: %s", err) + } + if err := d.Set("kms_service_account_id", res.KmsServiceAccountId); err != nil { + return fmt.Errorf("Error reading FolderSettings: %s", err) + } + if err := d.Set("logging_service_account_id", res.LoggingServiceAccountId); err != nil { + return fmt.Errorf("Error reading FolderSettings: %s", err) + } + + return nil +} diff --git a/mmv1/third_party/terraform/services/logging/data_source_google_logging_folder_settings_test.go b/mmv1/third_party/terraform/services/logging/data_source_google_logging_folder_settings_test.go new file mode 100644 index 000000000000..fb2595b2eb9f --- /dev/null +++ b/mmv1/third_party/terraform/services/logging/data_source_google_logging_folder_settings_test.go @@ -0,0 +1,46 @@ +package logging_test + +import ( + "testing" + + "github.com/hashicorp/terraform-plugin-sdk/v2/helper/resource" + "github.com/hashicorp/terraform-provider-google/google/acctest" + "github.com/hashicorp/terraform-provider-google/google/envvar" +) + +func TestAccLoggingFolderSettings_datasource(t *testing.T) { + t.Parallel() + + context := map[string]interface{}{ + "folder_name": "tf-test-" + acctest.RandString(t, 10), + "org_id": envvar.GetTestOrgFromEnv(t), + } + resourceName := "data.google_logging_folder_settings.settings" + + acctest.VcrTest(t, resource.TestCase{ + PreCheck: func() { acctest.AccTestPreCheck(t) }, + ProtoV5ProviderFactories: acctest.ProtoV5ProviderFactories(t), + Steps: []resource.TestStep{ + { + Config: testAccLoggingFolderSettings_datasource(context), + Check: resource.ComposeTestCheckFunc( + resource.TestCheckResourceAttrSet(resourceName, "kms_service_account_id"), + resource.TestCheckResourceAttrSet(resourceName, "logging_service_account_id"), + ), + }, + }, + }) +} + +func testAccLoggingFolderSettings_datasource(context map[string]interface{}) string { + return acctest.Nprintf(` +resource "google_folder" "default" { + display_name = "%{folder_name}" + parent = "organizations/%{org_id}" +} + +data "google_logging_folder_settings" "settings" { + folder = google_folder.default.folder_id +} +`, context) +} diff --git a/mmv1/third_party/terraform/services/logging/data_source_google_logging_organization_settings.go b/mmv1/third_party/terraform/services/logging/data_source_google_logging_organization_settings.go new file mode 100644 index 000000000000..361c15e66c0d --- /dev/null +++ b/mmv1/third_party/terraform/services/logging/data_source_google_logging_organization_settings.go @@ -0,0 +1,100 @@ +package logging + +import ( + "fmt" + + "github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema" + "github.com/hashicorp/terraform-provider-google/google/tpgresource" + transport_tpg "github.com/hashicorp/terraform-provider-google/google/transport" +) + +func DataSourceGoogleLoggingOrganizationSettings() *schema.Resource { + return &schema.Resource{ + Read: dataSourceGoogleLoggingOrganizationSettingsRead, + Schema: map[string]*schema.Schema{ + "organization": { + Type: schema.TypeString, + Required: true, + Description: `The organization for which to retrieve settings.`, + }, + "disable_default_sink": { + Type: schema.TypeBool, + Computed: true, + Description: `If set to true, the _Default sink in newly created projects and folders will created in a disabled state. This can be used to automatically disable log storage if there is already an aggregated sink configured in the hierarchy. The _Default sink can be re-enabled manually if needed.`, + }, + "kms_key_name": { + Type: schema.TypeString, + Optional: true, + Description: `The resource name for the configured Cloud KMS key. + KMS key name format: + "projects/[PROJECT_ID]/locations/[LOCATION]/keyRings/[KEYRING]/cryptoKeys/[KEY]" + To enable CMEK for the bucket, set this field to a valid kmsKeyName for which the associated service account has the required cloudkms.cryptoKeyEncrypterDecrypter roles assigned for the key. + The Cloud KMS key used by the bucket can be updated by changing the kmsKeyName to a new valid key name. Encryption operations that are in progress will be completed with the key that was in use when they started. Decryption operations will be completed using the key that was used at the time of encryption unless access to that key has been revoked. + See [Enabling CMEK for Logging Buckets](https://cloud.google.com/logging/docs/routing/managed-encryption-storage) for more information.`, + }, + "storage_location": { + Type: schema.TypeString, + Computed: true, + Description: `The storage location that Cloud Logging will use to create new resources when a location is needed but not explicitly provided.`, + }, + "kms_service_account_id": { + Type: schema.TypeString, + Computed: true, + Description: `The service account associated with a project for which CMEK will apply. + Before enabling CMEK for a logging bucket, you must first assign the cloudkms.cryptoKeyEncrypterDecrypter role to the service account associated with the project for which CMEK will apply. Use [v2.getCmekSettings](https://cloud.google.com/logging/docs/reference/v2/rest/v2/TopLevel/getCmekSettings#google.logging.v2.ConfigServiceV2.GetCmekSettings) to obtain the service account ID. + See [Enabling CMEK for Logging Buckets](https://cloud.google.com/logging/docs/routing/managed-encryption-storage) for more information.`, + }, + "logging_service_account_id": { + Type: schema.TypeString, + Computed: true, + Description: `The service account for the given container. Sinks use this service account as their writerIdentity if no custom service account is provided.`, + }, + "name": { + Type: schema.TypeString, + Computed: true, + Description: `The resource name of the CMEK settings.`, + }, + }, + } +} + +func dataSourceGoogleLoggingOrganizationSettingsRead(d *schema.ResourceData, meta interface{}) error { + config := meta.(*transport_tpg.Config) + userAgent, err := tpgresource.GenerateUserAgentString(d, config.UserAgent) + if err != nil { + return err + } + + organization := d.Get("organization").(string) + res, err := config.NewLoggingClient(userAgent).Organizations.GetSettings(fmt.Sprintf("organizations/%s", organization)).Do() + if err != nil { + return transport_tpg.HandleDataSourceNotFoundError(err, d, fmt.Sprintf("LoggingOrganizationSettings %q", d.Id()), d.Id()) + } + + d.SetId(fmt.Sprintf("organizations/%s/settings", organization)) + + if err := d.Set("organization", organization); err != nil { + return fmt.Errorf("Error reading OrganizationSettings: %s", err) + } + + if err := d.Set("name", res.Name); err != nil { + return fmt.Errorf("Error reading OrganizationSettings: %s", err) + } + if err := d.Set("disable_default_sink", res.DisableDefaultSink); err != nil { + return fmt.Errorf("Error reading OrganizationSettings: %s", err) + } + if err := d.Set("kms_key_name", res.KmsKeyName); err != nil { + return fmt.Errorf("Error reading OrganizationSettings: %s", err) + } + if err := d.Set("storage_location", res.StorageLocation); err != nil { + return fmt.Errorf("Error reading OrganizationSettings: %s", err) + } + if err := d.Set("kms_service_account_id", res.KmsServiceAccountId); err != nil { + return fmt.Errorf("Error reading OrganizationSettings: %s", err) + } + if err := d.Set("logging_service_account_id", res.LoggingServiceAccountId); err != nil { + return fmt.Errorf("Error reading OrganizationSettings: %s", err) + } + + return nil +} diff --git a/mmv1/third_party/terraform/services/logging/data_source_google_logging_organization_settings_test.go b/mmv1/third_party/terraform/services/logging/data_source_google_logging_organization_settings_test.go new file mode 100644 index 000000000000..23c003dcb501 --- /dev/null +++ b/mmv1/third_party/terraform/services/logging/data_source_google_logging_organization_settings_test.go @@ -0,0 +1,40 @@ +package logging_test + +import ( + "testing" + + "github.com/hashicorp/terraform-plugin-sdk/v2/helper/resource" + "github.com/hashicorp/terraform-provider-google/google/acctest" + "github.com/hashicorp/terraform-provider-google/google/envvar" +) + +func TestAccLoggingOrganizationSettings_datasource(t *testing.T) { + t.Parallel() + + context := map[string]interface{}{ + "org_id": envvar.GetTestOrgFromEnv(t), + } + resourceName := "data.google_logging_organization_settings.settings" + + acctest.VcrTest(t, resource.TestCase{ + PreCheck: func() { acctest.AccTestPreCheck(t) }, + ProtoV5ProviderFactories: acctest.ProtoV5ProviderFactories(t), + Steps: []resource.TestStep{ + { + Config: testAccLoggingOrganizationSettings_datasource(context), + Check: resource.ComposeTestCheckFunc( + resource.TestCheckResourceAttrSet(resourceName, "kms_service_account_id"), + resource.TestCheckResourceAttrSet(resourceName, "logging_service_account_id"), + ), + }, + }, + }) +} + +func testAccLoggingOrganizationSettings_datasource(context map[string]interface{}) string { + return acctest.Nprintf(` +data "google_logging_organization_settings" "settings" { + organization = "%{org_id}" +} +`, context) +} diff --git a/mmv1/third_party/terraform/services/logging/data_source_google_logging_project_settings.go b/mmv1/third_party/terraform/services/logging/data_source_google_logging_project_settings.go new file mode 100644 index 000000000000..542d390bf870 --- /dev/null +++ b/mmv1/third_party/terraform/services/logging/data_source_google_logging_project_settings.go @@ -0,0 +1,99 @@ +package logging + +import ( + "fmt" + + "github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema" + "github.com/hashicorp/terraform-provider-google/google/tpgresource" + transport_tpg "github.com/hashicorp/terraform-provider-google/google/transport" +) + +func DataSourceGoogleLoggingProjectSettings() *schema.Resource { + return &schema.Resource{ + Read: dataSourceGoogleLoggingProjectSettingsRead, + Schema: map[string]*schema.Schema{ + "project": { + Type: schema.TypeString, + Required: true, + Description: `The project for which to retrieve settings.`, + }, + "disable_default_sink": { + Type: schema.TypeBool, + Computed: true, + Description: `If set to true, the _Default sink in newly created projects and folders will created in a disabled state. This can be used to automatically disable log storage if there is already an aggregated sink configured in the hierarchy. The _Default sink can be re-enabled manually if needed.`, + }, + "kms_key_name": { + Type: schema.TypeString, + Optional: true, + Description: `The resource name for the configured Cloud KMS key. + KMS key name format: + "projects/[PROJECT_ID]/locations/[LOCATION]/keyRings/[KEYRING]/cryptoKeys/[KEY]" + To enable CMEK for the bucket, set this field to a valid kmsKeyName for which the associated service account has the required cloudkms.cryptoKeyEncrypterDecrypter roles assigned for the key. + The Cloud KMS key used by the bucket can be updated by changing the kmsKeyName to a new valid key name. Encryption operations that are in progress will be completed with the key that was in use when they started. Decryption operations will be completed using the key that was used at the time of encryption unless access to that key has been revoked. + See [Enabling CMEK for Logging Buckets](https://cloud.google.com/logging/docs/routing/managed-encryption-storage) for more information.`, + }, + "storage_location": { + Type: schema.TypeString, + Computed: true, + Description: `The storage location that Cloud Logging will use to create new resources when a location is needed but not explicitly provided.`, + }, + "kms_service_account_id": { + Type: schema.TypeString, + Computed: true, + Description: `The service account associated with a project for which CMEK will apply. + Before enabling CMEK for a logging bucket, you must first assign the cloudkms.cryptoKeyEncrypterDecrypter role to the service account associated with the project for which CMEK will apply. Use [v2.getCmekSettings](https://cloud.google.com/logging/docs/reference/v2/rest/v2/TopLevel/getCmekSettings#google.logging.v2.ConfigServiceV2.GetCmekSettings) to obtain the service account ID. + See [Enabling CMEK for Logging Buckets](https://cloud.google.com/logging/docs/routing/managed-encryption-storage) for more information.`, + }, + "logging_service_account_id": { + Type: schema.TypeString, + Computed: true, + Description: `The service account for the given container. Sinks use this service account as their writerIdentity if no custom service account is provided.`, + }, + "name": { + Type: schema.TypeString, + Computed: true, + Description: `The resource name of the CMEK settings.`, + }, + }, + } +} + +func dataSourceGoogleLoggingProjectSettingsRead(d *schema.ResourceData, meta interface{}) error { + config := meta.(*transport_tpg.Config) + userAgent, err := tpgresource.GenerateUserAgentString(d, config.UserAgent) + if err != nil { + return err + } + + project := d.Get("project").(string) + res, err := config.NewLoggingClient(userAgent).Projects.GetSettings(fmt.Sprintf("projects/%s", project)).Do() + if err != nil { + return transport_tpg.HandleDataSourceNotFoundError(err, d, fmt.Sprintf("LoggingProjectSettings %q", d.Id()), d.Id()) + } + + d.SetId(fmt.Sprintf("projects/%s/settings", project)) + + if err := d.Set("project", project); err != nil { + return fmt.Errorf("Error reading ProjectSettings: %s", err) + } + + if err := d.Set("name", res.Name); err != nil { + return fmt.Errorf("Error reading ProjectSettings: %s", err) + } + if err := d.Set("disable_default_sink", res.DisableDefaultSink); err != nil { + return fmt.Errorf("Error reading ProjectSettings: %s", err) + } + if err := d.Set("kms_key_name", res.KmsKeyName); err != nil { + return fmt.Errorf("Error reading ProjectSettings: %s", err) + } + if err := d.Set("storage_location", res.StorageLocation); err != nil { + return fmt.Errorf("Error reading ProjectSettings: %s", err) + } + if err := d.Set("kms_service_account_id", res.KmsServiceAccountId); err != nil { + return fmt.Errorf("Error reading ProjectSettings: %s", err) + } + if err := d.Set("logging_service_account_id", res.LoggingServiceAccountId); err != nil { + return fmt.Errorf("Error reading ProjectSettings: %s", err) + } + return nil +} diff --git a/mmv1/third_party/terraform/services/logging/data_source_google_logging_project_settings_test.go b/mmv1/third_party/terraform/services/logging/data_source_google_logging_project_settings_test.go new file mode 100644 index 000000000000..22f088030a28 --- /dev/null +++ b/mmv1/third_party/terraform/services/logging/data_source_google_logging_project_settings_test.go @@ -0,0 +1,54 @@ +package logging_test + +import ( + "testing" + + "github.com/hashicorp/terraform-plugin-sdk/v2/helper/resource" + "github.com/hashicorp/terraform-provider-google/google/acctest" + "github.com/hashicorp/terraform-provider-google/google/envvar" +) + +func TestAccLoggingProjectSettings_datasource(t *testing.T) { + t.Parallel() + + context := map[string]interface{}{ + "project_name": "tf-test-" + acctest.RandString(t, 10), + "org_id": envvar.GetTestOrgFromEnv(t), + "billing_account": envvar.GetTestBillingAccountFromEnv(t), + } + resourceName := "data.google_logging_project_settings.settings" + + acctest.VcrTest(t, resource.TestCase{ + PreCheck: func() { acctest.AccTestPreCheck(t) }, + ProtoV5ProviderFactories: acctest.ProtoV5ProviderFactories(t), + Steps: []resource.TestStep{ + { + Config: testAccLoggingProjectSettings_datasource(context), + Check: resource.ComposeTestCheckFunc( + resource.TestCheckResourceAttrSet(resourceName, "kms_service_account_id"), + resource.TestCheckResourceAttrSet(resourceName, "logging_service_account_id"), + ), + }, + }, + }) +} + +func testAccLoggingProjectSettings_datasource(context map[string]interface{}) string { + return acctest.Nprintf(` + resource "google_project" "default" { + project_id = "%{project_name}" + name = "%{project_name}" + org_id = "%{org_id}" + billing_account = "%{billing_account}" + } + + resource "google_project_service" "logging_service" { + project = google_project.default.project_id + service = "logging.googleapis.com" + } + + data "google_logging_project_settings" "settings" { + project = google_project_service.logging_service.project + } +`, context) +} From d8fb8f44f930d1f1c4491a6fbac8e745148e3e91 Mon Sep 17 00:00:00 2001 From: Zach Berger Date: Wed, 29 Nov 2023 11:05:59 -0800 Subject: [PATCH 2/4] Fix kms_key_name property type. --- .../logging/data_source_google_logging_folder_settings.go | 2 +- .../logging/data_source_google_logging_organization_settings.go | 2 +- .../logging/data_source_google_logging_project_settings.go | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/mmv1/third_party/terraform/services/logging/data_source_google_logging_folder_settings.go b/mmv1/third_party/terraform/services/logging/data_source_google_logging_folder_settings.go index 7fa967e213bf..f269d4e226cf 100644 --- a/mmv1/third_party/terraform/services/logging/data_source_google_logging_folder_settings.go +++ b/mmv1/third_party/terraform/services/logging/data_source_google_logging_folder_settings.go @@ -24,7 +24,7 @@ func DataSourceGoogleLoggingFolderSettings() *schema.Resource { }, "kms_key_name": { Type: schema.TypeString, - Optional: true, + Computed: true, Description: `The resource name for the configured Cloud KMS key. KMS key name format: "projects/[PROJECT_ID]/locations/[LOCATION]/keyRings/[KEYRING]/cryptoKeys/[KEY]" diff --git a/mmv1/third_party/terraform/services/logging/data_source_google_logging_organization_settings.go b/mmv1/third_party/terraform/services/logging/data_source_google_logging_organization_settings.go index 361c15e66c0d..ec8974fce840 100644 --- a/mmv1/third_party/terraform/services/logging/data_source_google_logging_organization_settings.go +++ b/mmv1/third_party/terraform/services/logging/data_source_google_logging_organization_settings.go @@ -24,7 +24,7 @@ func DataSourceGoogleLoggingOrganizationSettings() *schema.Resource { }, "kms_key_name": { Type: schema.TypeString, - Optional: true, + Computed: true, Description: `The resource name for the configured Cloud KMS key. KMS key name format: "projects/[PROJECT_ID]/locations/[LOCATION]/keyRings/[KEYRING]/cryptoKeys/[KEY]" diff --git a/mmv1/third_party/terraform/services/logging/data_source_google_logging_project_settings.go b/mmv1/third_party/terraform/services/logging/data_source_google_logging_project_settings.go index 542d390bf870..c1ea05795889 100644 --- a/mmv1/third_party/terraform/services/logging/data_source_google_logging_project_settings.go +++ b/mmv1/third_party/terraform/services/logging/data_source_google_logging_project_settings.go @@ -24,7 +24,7 @@ func DataSourceGoogleLoggingProjectSettings() *schema.Resource { }, "kms_key_name": { Type: schema.TypeString, - Optional: true, + Computed: true, Description: `The resource name for the configured Cloud KMS key. KMS key name format: "projects/[PROJECT_ID]/locations/[LOCATION]/keyRings/[KEYRING]/cryptoKeys/[KEY]" From d25e4b8b3ad30f4fd1363766e981cdec41727fc3 Mon Sep 17 00:00:00 2001 From: Zach Berger Date: Wed, 29 Nov 2023 12:34:19 -0800 Subject: [PATCH 3/4] Add documentation. --- .../d/logging_folder_settings.html.markdown | 61 +++++++++++++++++++ ...ogging_organization_settings.html.markdown | 61 +++++++++++++++++++ .../d/logging_project_settings.html.markdown | 61 +++++++++++++++++++ 3 files changed, 183 insertions(+) create mode 100644 mmv1/third_party/terraform/website/docs/d/logging_folder_settings.html.markdown create mode 100644 mmv1/third_party/terraform/website/docs/d/logging_organization_settings.html.markdown create mode 100644 mmv1/third_party/terraform/website/docs/d/logging_project_settings.html.markdown diff --git a/mmv1/third_party/terraform/website/docs/d/logging_folder_settings.html.markdown b/mmv1/third_party/terraform/website/docs/d/logging_folder_settings.html.markdown new file mode 100644 index 000000000000..6e4b15b568e0 --- /dev/null +++ b/mmv1/third_party/terraform/website/docs/d/logging_folder_settings.html.markdown @@ -0,0 +1,61 @@ +--- +subcategory: "Cloud (Stackdriver) Logging" +description: |- + Describes the settings associated with a folder. +--- + +# google\_logging\_folder\_settings + +Describes the settings associated with a folder. + +To get more information about Service, see: + +* [API documentation](https://cloud.google.com/logging/docs/reference/v2/rest/v2/folders/getSettings) +* [Configure default settings for organizations and folders](https://cloud.google.com/logging/docs/default-settings). + +## Example Usage - Logging Folder Settings Basic + +```hcl +data "google_logging_folder_settings" "settings" { + folder = "my-folder-name" +} +``` + +## Argument Reference + +The following arguments are supported: + +- - - + +* `folder` - (Required) The ID of the folder for which to retrieve settings. + +## Attributes Reference + +In addition to the arguments listed above, the following computed attributes are exported: + +* `id` - an identifier for the resource with format `folders/{{folder}}/settings` + +* `name` - The resource name of the settings. + +* `kms_key_name` - The resource name for the configured Cloud KMS key. +KMS key name format: +`'projects/[PROJECT_ID]/locations/[LOCATION]/keyRings/[KEYRING]/cryptoKeys/[KEY]'` +To enable CMEK for the bucket, set this field to a valid kmsKeyName for which the associated service account has the required cloudkms.cryptoKeyEncrypterDecrypter roles assigned for the key. +The Cloud KMS key used by the bucket can be updated by changing the kmsKeyName to a new valid key name. Encryption operations that are in progress will be completed with the key that was in use when they started. Decryption operations will be completed using the key that was used at the time of encryption unless access to that key has been revoked. +See [Enabling CMEK for Logging Buckets](https://cloud.google.com/logging/docs/routing/managed-encryption-storage) for more information. + +* `kms_key_version_name` - The CryptoKeyVersion resource name for the configured Cloud KMS key. +KMS key name format: +`'projects/[PROJECT_ID]/locations/[LOCATION]/keyRings/[KEYRING]/cryptoKeys/[KEY]/cryptoKeyVersions/[VERSION]'` +For example: +"projects/my-project/locations/us-central1/keyRings/my-ring/cryptoKeys/my-key/cryptoKeyVersions/1" +This is a read-only field used to convey the specific configured CryptoKeyVersion of kms_key that has been configured. It will be populated in cases where the CMEK settings are bound to a single key version. + +* `kms_service_account_id` - The service account associated with a project for which CMEK will apply. +Before enabling CMEK for a logging bucket, you must first assign the cloudkms.cryptoKeyEncrypterDecrypter role to the service account associated with the project for which CMEK will apply. See [Enabling CMEK for Logging Buckets](https://cloud.google.com/logging/docs/routing/managed-encryption-storage) for more information. + +* `logging_service_account_id` - The service account for the given container. Sinks use this service account as their writerIdentity if no custom service account is provided. + +* `disable_default_sink` - If set to true, the _Default sink in newly created projects and folders will created in a disabled state. This can be used to automatically disable log storage if there is already an aggregated sink configured in the hierarchy. The _Default sink can be re-enabled manually if needed. + +* `storage_location` - The storage location that Cloud Logging will use to create new resources when a location is needed but not explicitly provided. diff --git a/mmv1/third_party/terraform/website/docs/d/logging_organization_settings.html.markdown b/mmv1/third_party/terraform/website/docs/d/logging_organization_settings.html.markdown new file mode 100644 index 000000000000..52ccb5cb3b8d --- /dev/null +++ b/mmv1/third_party/terraform/website/docs/d/logging_organization_settings.html.markdown @@ -0,0 +1,61 @@ +--- +subcategory: "Cloud (Stackdriver) Logging" +description: |- + Describes the settings associated with a organization. +--- + +# google\_logging\_organization\_settings + +Describes the settings associated with a organization. + +To get more information about Service, see: + +* [API documentation](https://cloud.google.com/logging/docs/reference/v2/rest/v2/organizations/getSettings) +* [Configure default settings for organizations and folders](https://cloud.google.com/logging/docs/default-settings). + +## Example Usage - Logging Organization Settings Basic + +```hcl +data "google_logging_organization_settings" "settings" { + organization = "my-organization-name" +} +``` + +## Argument Reference + +The following arguments are supported: + +- - - + +* `organization` - (Required) The ID of the organization for which to retrieve settings. + +## Attributes Reference + +In addition to the arguments listed above, the following computed attributes are exported: + +* `id` - an identifier for the resource with format `organizations/{{organization}}/settings` + +* `name` - The resource name of the settings. + +* `kms_key_name` - The resource name for the configured Cloud KMS key. +KMS key name format: +`'projects/[PROJECT_ID]/locations/[LOCATION]/keyRings/[KEYRING]/cryptoKeys/[KEY]'` +To enable CMEK for the bucket, set this field to a valid kmsKeyName for which the associated service account has the required cloudkms.cryptoKeyEncrypterDecrypter roles assigned for the key. +The Cloud KMS key used by the bucket can be updated by changing the kmsKeyName to a new valid key name. Encryption operations that are in progress will be completed with the key that was in use when they started. Decryption operations will be completed using the key that was used at the time of encryption unless access to that key has been revoked. +See [Enabling CMEK for Logging Buckets](https://cloud.google.com/logging/docs/routing/managed-encryption-storage) for more information. + +* `kms_key_version_name` - The CryptoKeyVersion resource name for the configured Cloud KMS key. +KMS key name format: +`'projects/[PROJECT_ID]/locations/[LOCATION]/keyRings/[KEYRING]/cryptoKeys/[KEY]/cryptoKeyVersions/[VERSION]'` +For example: +"projects/my-project/locations/us-central1/keyRings/my-ring/cryptoKeys/my-key/cryptoKeyVersions/1" +This is a read-only field used to convey the specific configured CryptoKeyVersion of kms_key that has been configured. It will be populated in cases where the CMEK settings are bound to a single key version. + +* `kms_service_account_id` - The service account associated with a project for which CMEK will apply. +Before enabling CMEK for a logging bucket, you must first assign the cloudkms.cryptoKeyEncrypterDecrypter role to the service account associated with the project for which CMEK will apply. See [Enabling CMEK for Logging Buckets](https://cloud.google.com/logging/docs/routing/managed-encryption-storage) for more information. + +* `logging_service_account_id` - The service account for the given container. Sinks use this service account as their writerIdentity if no custom service account is provided. + +* `disable_default_sink` - If set to true, the _Default sink in newly created projects and folders will created in a disabled state. This can be used to automatically disable log storage if there is already an aggregated sink configured in the hierarchy. The _Default sink can be re-enabled manually if needed. + +* `storage_location` - The storage location that Cloud Logging will use to create new resources when a location is needed but not explicitly provided. diff --git a/mmv1/third_party/terraform/website/docs/d/logging_project_settings.html.markdown b/mmv1/third_party/terraform/website/docs/d/logging_project_settings.html.markdown new file mode 100644 index 000000000000..dc8af0a2b548 --- /dev/null +++ b/mmv1/third_party/terraform/website/docs/d/logging_project_settings.html.markdown @@ -0,0 +1,61 @@ +--- +subcategory: "Cloud (Stackdriver) Logging" +description: |- + Describes the settings associated with a project. +--- + +# google\_logging\_project\_settings + +Describes the settings associated with a project. + +To get more information about Service, see: + +* [API documentation](https://cloud.google.com/logging/docs/reference/v2/rest/v2/projects/getSettings) +* [Configure default settings for organizations and folders](https://cloud.google.com/logging/docs/default-settings). + +## Example Usage - Logging Project Settings Basic + +```hcl +data "google_logging_project_settings" "settings" { + project = "my-project-name" +} +``` + +## Argument Reference + +The following arguments are supported: + +- - - + +* `project` - (Required) The ID of the project for which to retrieve settings. + +## Attributes Reference + +In addition to the arguments listed above, the following computed attributes are exported: + +* `id` - an identifier for the resource with format `projects/{{project}}/settings` + +* `name` - The resource name of the settings. + +* `kms_key_name` - The resource name for the configured Cloud KMS key. +KMS key name format: +`'projects/[PROJECT_ID]/locations/[LOCATION]/keyRings/[KEYRING]/cryptoKeys/[KEY]'` +To enable CMEK for the bucket, set this field to a valid kmsKeyName for which the associated service account has the required cloudkms.cryptoKeyEncrypterDecrypter roles assigned for the key. +The Cloud KMS key used by the bucket can be updated by changing the kmsKeyName to a new valid key name. Encryption operations that are in progress will be completed with the key that was in use when they started. Decryption operations will be completed using the key that was used at the time of encryption unless access to that key has been revoked. +See [Enabling CMEK for Logging Buckets](https://cloud.google.com/logging/docs/routing/managed-encryption-storage) for more information. + +* `kms_key_version_name` - The CryptoKeyVersion resource name for the configured Cloud KMS key. +KMS key name format: +`'projects/[PROJECT_ID]/locations/[LOCATION]/keyRings/[KEYRING]/cryptoKeys/[KEY]/cryptoKeyVersions/[VERSION]'` +For example: +"projects/my-project/locations/us-central1/keyRings/my-ring/cryptoKeys/my-key/cryptoKeyVersions/1" +This is a read-only field used to convey the specific configured CryptoKeyVersion of kms_key that has been configured. It will be populated in cases where the CMEK settings are bound to a single key version. + +* `kms_service_account_id` - The service account associated with a project for which CMEK will apply. +Before enabling CMEK for a logging bucket, you must first assign the cloudkms.cryptoKeyEncrypterDecrypter role to the service account associated with the project for which CMEK will apply. See [Enabling CMEK for Logging Buckets](https://cloud.google.com/logging/docs/routing/managed-encryption-storage) for more information. + +* `logging_service_account_id` - The service account for the given container. Sinks use this service account as their writerIdentity if no custom service account is provided. + +* `disable_default_sink` - If set to true, the _Default sink in newly created projects and folders will created in a disabled state. This can be used to automatically disable log storage if there is already an aggregated sink configured in the hierarchy. The _Default sink can be re-enabled manually if needed. + +* `storage_location` - The storage location that Cloud Logging will use to create new resources when a location is needed but not explicitly provided. From 80de3c6f429402cdefba1b775d46f0b029af44ee Mon Sep 17 00:00:00 2001 From: Riley Karson Date: Fri, 1 Dec 2023 12:11:07 -0800 Subject: [PATCH 4/4] Apply suggestions from code review --- .../website/docs/d/logging_folder_settings.html.markdown | 2 +- .../website/docs/d/logging_organization_settings.html.markdown | 2 +- .../website/docs/d/logging_project_settings.html.markdown | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/mmv1/third_party/terraform/website/docs/d/logging_folder_settings.html.markdown b/mmv1/third_party/terraform/website/docs/d/logging_folder_settings.html.markdown index 6e4b15b568e0..bf97e1c52019 100644 --- a/mmv1/third_party/terraform/website/docs/d/logging_folder_settings.html.markdown +++ b/mmv1/third_party/terraform/website/docs/d/logging_folder_settings.html.markdown @@ -8,7 +8,7 @@ description: |- Describes the settings associated with a folder. -To get more information about Service, see: +To get more information about LoggingFolderSettings, see: * [API documentation](https://cloud.google.com/logging/docs/reference/v2/rest/v2/folders/getSettings) * [Configure default settings for organizations and folders](https://cloud.google.com/logging/docs/default-settings). diff --git a/mmv1/third_party/terraform/website/docs/d/logging_organization_settings.html.markdown b/mmv1/third_party/terraform/website/docs/d/logging_organization_settings.html.markdown index 52ccb5cb3b8d..bb3f82828da0 100644 --- a/mmv1/third_party/terraform/website/docs/d/logging_organization_settings.html.markdown +++ b/mmv1/third_party/terraform/website/docs/d/logging_organization_settings.html.markdown @@ -8,7 +8,7 @@ description: |- Describes the settings associated with a organization. -To get more information about Service, see: +To get more information about LoggingOrganizationSettings, see: * [API documentation](https://cloud.google.com/logging/docs/reference/v2/rest/v2/organizations/getSettings) * [Configure default settings for organizations and folders](https://cloud.google.com/logging/docs/default-settings). diff --git a/mmv1/third_party/terraform/website/docs/d/logging_project_settings.html.markdown b/mmv1/third_party/terraform/website/docs/d/logging_project_settings.html.markdown index dc8af0a2b548..615929c5fbaa 100644 --- a/mmv1/third_party/terraform/website/docs/d/logging_project_settings.html.markdown +++ b/mmv1/third_party/terraform/website/docs/d/logging_project_settings.html.markdown @@ -8,7 +8,7 @@ description: |- Describes the settings associated with a project. -To get more information about Service, see: +To get more information about LoggingProjectSettings, see: * [API documentation](https://cloud.google.com/logging/docs/reference/v2/rest/v2/projects/getSettings) * [Configure default settings for organizations and folders](https://cloud.google.com/logging/docs/default-settings).