feat(TPG >= 5.27)!: Add intercept_children support for log sinks

README.md

@@ -20,6 +20,7 @@ Current version is 9.X. Upgrade guides:
 - [4.X -> 5.0](/docs/upgrading_to_v5.0.md)
 - [6.X -> 7.0](/docs/upgrading_to_v7.0.md)
 - [8.X -> 9.0](/docs/upgrading_to_v9.0.md)
+- [9.X -> 10.0](/docs/upgrading_to_v10.0.md)
 
 ## Usage
 
@@ -29,7 +30,7 @@ example that will configure a Cloud Storage destination and a log export at the
 ```hcl
 module "log_export" {
   source                 = "terraform-google-modules/log-export/google"
-  version                = "~> 9.0"
+  version                = "~> 10.0"
   destination_uri        = "${module.destination.destination_uri}"
   filter                 = "severity >= ERROR"
   log_sink_name          = "storage_example_logsink"
@@ -40,7 +41,7 @@ module "log_export" {
 
 module "destination" {
   source                   = "terraform-google-modules/log-export/google//modules/storage"
-  version                  = "~> 9.0"
+  version                  = "~> 10.0"
   project_id               = "sample-project"
   storage_bucket_name      = "storage_example_bucket"
   log_sink_writer_identity = "${module.log_export.writer_identity}"
@@ -63,6 +64,7 @@ so that all dependencies are met.
 | exclusions | (Optional) A list of sink exclusion filters. | <pre>list(object({<br>    name        = string,<br>    description = string,<br>    filter      = string,<br>    disabled    = bool<br>  }))</pre> | `[]` | no |
 | filter | The filter to apply when exporting logs. Only log entries that match the filter are exported. Default is '' which exports all logs. | `string` | `""` | no |
 | include\_children | Only valid if 'organization' or 'folder' is chosen as var.parent\_resource.type. Determines whether or not to include children organizations/folders in the sink export. If true, logs associated with child projects are also exported; otherwise only logs relating to the provided organization/folder are included. | `bool` | `false` | no |
+| intercept\_children | Only valid if 'organization' or 'folder' is chosen as var.parent\_resource.type. Whether or not to intercept logs from child projects. If true, matching logs will not match with sinks in child resources, except \_Required sinks. This sink will be visible to child resources when listing sinks. | `bool` | `false` | no |
 | log\_sink\_name | The name of the log sink to be created. | `string` | n/a | yes |
 | parent\_resource\_id | The ID of the GCP resource in which you create the log sink. If var.parent\_resource\_type is set to 'project', then this is the Project ID (and etc). | `string` | n/a | yes |
 | parent\_resource\_type | The GCP resource in which you create the log sink. The value must not be computed, and must be one of the following: 'project', 'folder', 'billing\_account', or 'organization'. | `string` | `"project"` | no |

docs/upgrading_to_v10.0.md

@@ -0,0 +1,3 @@
+# Upgrading to Log Export v10.0
+
+The v10.0 release of Log Export is a backwards incompatible release and features a new feature `intercept_children` for folder and oraganization logging sinks. Minimum provider version `5.27` ia required.

examples/storage/billing_account/main.tf

@@ -16,7 +16,7 @@
 
 module "log_export" {
   source  = "terraform-google-modules/log-export/google"
-  version = "~> 9.0"
+  version = "~> 10.0"
 
   destination_uri        = module.destination.destination_uri
   log_sink_name          = "storage_example_logsink"
@@ -27,7 +27,7 @@ module "log_export" {
 
 module "destination" {
   source  = "terraform-google-modules/log-export/google//modules/storage"
-  version = "~> 9.0"
+  version = "~> 10.0"
 
   project_id               = var.project_id
   storage_bucket_name      = "storage_example_bucket"

examples/storage/folder/main.tf

@@ -23,7 +23,7 @@ resource "random_string" "suffix" {
 
 module "log_export" {
   source  = "terraform-google-modules/log-export/google"
-  version = "~> 9.0"
+  version = "~> 10.0"
 
   destination_uri        = module.destination.destination_uri
   filter                 = "resource.type = gce_instance"
@@ -35,7 +35,7 @@ module "log_export" {
 
 module "destination" {
   source  = "terraform-google-modules/log-export/google//modules/storage"
-  version = "~> 9.0"
+  version = "~> 10.0"
 
   project_id               = var.project_id
   storage_bucket_name      = "storage_folder_${random_string.suffix.result}"

examples/storage/organization/main.tf

@@ -23,7 +23,7 @@ resource "random_string" "suffix" {
 
 module "log_export" {
   source  = "terraform-google-modules/log-export/google"
-  version = "~> 9.0"
+  version = "~> 10.0"
 
   destination_uri        = module.destination.destination_uri
   filter                 = "resource.type = gce_instance"
@@ -35,7 +35,7 @@ module "log_export" {
 
 module "destination" {
   source  = "terraform-google-modules/log-export/google//modules/storage"
-  version = "~> 9.0"
+  version = "~> 10.0"
 
   project_id               = var.project_id
   storage_bucket_name      = "storage_org_${random_string.suffix.result}"

examples/storage/project/main.tf

@@ -22,7 +22,7 @@ resource "random_string" "suffix" {
 
 module "log_export" {
   source  = "terraform-google-modules/log-export/google"
-  version = "~> 9.0"
+  version = "~> 10.0"
 
   destination_uri        = module.destination.destination_uri
   filter                 = "resource.type = gce_instance"
@@ -34,7 +34,7 @@ module "log_export" {
 
 module "destination" {
   source  = "terraform-google-modules/log-export/google//modules/storage"
-  version = "~> 9.0"
+  version = "~> 10.0"
 
   project_id               = var.project_id
   storage_bucket_name      = "storage_project_${random_string.suffix.result}"

main.tf

@@ -67,14 +67,15 @@ resource "google_logging_project_sink" "sink" {
 
 # Folder-level
 resource "google_logging_folder_sink" "sink" {
-  count            = local.is_folder_level ? 1 : 0
-  name             = var.log_sink_name
-  description      = var.description
-  folder           = var.parent_resource_id
-  filter           = var.filter
-  include_children = var.include_children
-  destination      = var.destination_uri
-  disabled         = var.disabled
+  count              = local.is_folder_level ? 1 : 0
+  name               = var.log_sink_name
+  description        = var.description
+  folder             = var.parent_resource_id
+  filter             = var.filter
+  include_children   = var.include_children
+  intercept_children = var.intercept_children
+  destination        = var.destination_uri
+  disabled           = var.disabled
   dynamic "bigquery_options" {
     for_each = local.bigquery_options
     content {
@@ -95,14 +96,15 @@ resource "google_logging_folder_sink" "sink" {
 
 # Org-level
 resource "google_logging_organization_sink" "sink" {
-  count            = local.is_org_level ? 1 : 0
-  name             = var.log_sink_name
-  description      = var.description
-  org_id           = var.parent_resource_id
-  filter           = var.filter
-  include_children = var.include_children
-  destination      = var.destination_uri
-  disabled         = var.disabled
+  count              = local.is_org_level ? 1 : 0
+  name               = var.log_sink_name
+  description        = var.description
+  org_id             = var.parent_resource_id
+  filter             = var.filter
+  include_children   = var.include_children
+  intercept_children = var.intercept_children
+  destination        = var.destination_uri
+  disabled           = var.disabled
   dynamic "bigquery_options" {
     for_each = local.bigquery_options
     content {

variables.tf

@@ -31,6 +31,12 @@ variable "include_children" {
   default     = false
 }
 
+variable "intercept_children" {
+  description = "Only valid if 'organization' or 'folder' is chosen as var.parent_resource.type. Whether or not to intercept logs from child projects. If true, matching logs will not match with sinks in child resources, except _Required sinks. This sink will be visible to child resources when listing sinks."
+  type        = bool
+  default     = false
+}
+
 variable "log_sink_name" {
   description = "The name of the log sink to be created."
   type        = string

versions.tf

@@ -20,7 +20,7 @@ terraform {
 
     google = {
       source  = "hashicorp/google"
-      version = ">= 3.53, < 6"
+      version = ">= 5.27, < 6"
     }
   }