Merge pull request #28 from nick4fake/fix/27

morgante · web-flow · commit 41a3a13d3fbc · 2019-09-02T09:27:33.000-04:00
Fixes #27: Add support for folder log entries
diff --git a/modules/event-folder-log-entry/README.md b/modules/event-folder-log-entry/README.md
@@ -0,0 +1,73 @@
+# Event Folder Log Entry
+
+This submodule configures a folder-level Stackdriver Logging export to
+act as an event which will trigger a Cloud Functions function configured
+by the [root module][root-module] or the
+[repository-function submodule][repository-function].
+
+The export uses a provided filter to identify events of interest and
+publishes them to a dedicated Pub/Sub topic. The target function
+must be configured to subscribe to the topic in order to process each
+export event.
+
+## Usage
+
+The
+[automatic-labelling-from-localhost example][a7c-l7g-from-l7t-example]
+is a tested reference of how to use this submodule with the
+[root module].
+
+<!-- BEGINNING OF PRE-COMMIT-TERRAFORM DOCS HOOK -->
+## Inputs
+
+| Name | Description | Type | Default | Required |
+|------|-------------|:----:|:-----:|:-----:|
+| filter | The filter to apply when exporting logs. | string | n/a | yes |
+| folder\_id | The ID of the folder to look for changes. | string | n/a | yes |
+| labels | A set of key/value label pairs to assign to any labelable resources. | map(string) | `<map>` | no |
+| name | The name to apply to any nameable resources. | string | n/a | yes |
+| project\_id | The ID of the project to which resources will be applied. | string | n/a | yes |
+
+## Outputs
+
+| Name | Description |
+|------|-------------|
+| function\_event\_trigger | The information used to trigger the function when a log entry is exported to the topic. |
+
+<!-- END OF PRE-COMMIT-TERRAFORM DOCS HOOK -->
+
+## Requirements
+
+The following sections describe the requirements which must be met in
+order to invoke this module.
+
+### Software Dependencies
+
+The following software dependencies must be installed on the system
+from which this module will be invoked:
+
+- [Terraform][terraform-site] v0.11.Z
+- [Terraform Provider for Google Cloud Platform][t7m-provider-gcp-site]
+  v2.1.Z
+
+### IAM Roles
+
+The Service Account which will be used to invoke this module must have
+the following IAM roles:
+
+- Logs Configuration Writer: `roles/logging.configWriter`
+- Pub/Sub Admin: `roles/pubsub.admin`
+- Service Account User: `roles/iam.serviceAccountUser`
+
+### APIs
+
+The project against which this module will be invoked must have the
+following APIs enabled:
+
+- Cloud Pub/Sub API: `pubsub.googleapis.com`
+- Stackdriver Logging API: `logging.googleapis.com`
+
+[automatic-labelling-example]: ../../examples/automatic_labelling
+[repository-function]: ../repository-function
+[root-module]: ../..
+[terraform-site]: https://www.terraform.io/
diff --git a/modules/event-folder-log-entry/main.tf b/modules/event-folder-log-entry/main.tf
@@ -0,0 +1,45 @@
+/**
+ * Copyright 2019 Google LLC
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+locals {
+  destination_uri = "pubsub.googleapis.com/projects/${var.project_id}/topics/${local.topic_name}"
+  topic_name      = element(concat(google_pubsub_topic.main.*.name, [""]), 0)
+}
+
+module "log_export" {
+  source  = "terraform-google-modules/log-export/google"
+  version = "3.0.0"
+
+  destination_uri        = local.destination_uri
+  filter                 = var.filter
+  log_sink_name          = var.name
+  parent_resource_id     = var.folder_id
+  parent_resource_type   = "folder"
+  unique_writer_identity = "true"
+}
+
+resource "google_pubsub_topic" "main" {
+  name    = var.name
+  labels  = var.labels
+  project = var.project_id
+}
+
+resource "google_pubsub_topic_iam_member" "main" {
+  topic   = google_pubsub_topic.main.name
+  project = var.project_id
+  member  = module.log_export.writer_identity
+  role    = "roles/pubsub.publisher"
+}
diff --git a/modules/event-folder-log-entry/outputs.tf b/modules/event-folder-log-entry/outputs.tf
@@ -0,0 +1,23 @@
+/**
+ * Copyright 2019 Google LLC
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+output "function_event_trigger" {
+  description = "The information used to trigger the function when a log entry is exported to the topic."
+  value = {
+    "event_type" = "google.pubsub.topic.publish"
+    "resource"   = google_pubsub_topic.main.name
+  }
+}
diff --git a/modules/event-folder-log-entry/variables.tf b/modules/event-folder-log-entry/variables.tf
@@ -0,0 +1,41 @@
+/**
+ * Copyright 2019 Google LLC
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+variable "filter" {
+  type        = string
+  description = "The filter to apply when exporting logs."
+}
+
+variable "labels" {
+  type        = map(string)
+  default     = {}
+  description = "A set of key/value label pairs to assign to any labelable resources."
+}
+
+variable "name" {
+  type        = string
+  description = "The name to apply to any nameable resources."
+}
+
+variable "project_id" {
+  type        = string
+  description = "The ID of the project to which resources will be applied."
+}
+
+variable "folder_id" {
+  type        = string
+  description = "The ID of the folder to look for changes."
+}
diff --git a/modules/event-folder-log-entry/versions.tf b/modules/event-folder-log-entry/versions.tf
@@ -0,0 +1,19 @@
+/**
+ * Copyright 2019 Google LLC
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+terraform {
+  required_version = ">= 0.12"
+}
