feat: add filter_expr control in subnet log_config (#360)

* Test commit * feat: adding logging filter_expr control Added filter_expr control to provide control over VPC log filtering * feat: added subnet_flow_filter_expr control * feat: added subnet_flow_logs_filter_expr control * feat: Changed test to non-default filterExpr value * chore: reverted changes on .gitignore
terraform-google-modules · May 16, 2022 · 5f7e227 · 5f7e227
1 parent bf5dd7f
commit 5f7e227
Show file tree

Hide file tree

Showing 4 changed files with 13 additions and 8 deletions.
diff --git a/examples/simple_project/main.tf b/examples/simple_project/main.tf
@@ -49,6 +49,7 @@ module "test-vpc-module" {
       subnet_flow_logs_interval = "INTERVAL_10_MIN"
       subnet_flow_logs_sampling = 0.7
       subnet_flow_logs_metadata = "INCLUDE_ALL_METADATA"
+      subnet_flow_logs_filter   = "false"
     }
   ]
 }

diff --git a/modules/subnets/README.md b/modules/subnets/README.md
@@ -33,13 +33,14 @@ module "vpc" {
             description           = "This subnet has a description"
         },
         {
-            subnet_name               = "subnet-03"
-            subnet_ip                 = "10.10.30.0/24"
-            subnet_region             = "us-west1"
-            subnet_flow_logs          = "true"
-            subnet_flow_logs_interval = "INTERVAL_10_MIN"
-            subnet_flow_logs_sampling = 0.7
-            subnet_flow_logs_metadata = "INCLUDE_ALL_METADATA"
+            subnet_name                  = "subnet-03"
+            subnet_ip                    = "10.10.30.0/24"
+            subnet_region                = "us-west1"
+            subnet_flow_logs             = "true"
+            subnet_flow_logs_interval    = "INTERVAL_10_MIN"
+            subnet_flow_logs_sampling    = 0.7
+            subnet_flow_logs_metadata    = "INCLUDE_ALL_METADATA"
+            subnet_flow_logs_filter_expr = "true"
         }
     ]
 
@@ -88,3 +89,4 @@ The subnets list contains maps, where each object represents a subnet. Each map
 | subnet\_flow\_logs\_interval | If subnet\_flow\_logs is true, sets the aggregation interval for collecting flow logs                           | string |    `"INTERVAL_5_SEC"`    |    no    |
 | subnet\_flow\_logs\_sampling | If subnet\_flow\_logs is true, set the sampling rate of VPC flow logs within the subnetwork                     | string |         `"0.5"`          |    no    |
 | subnet\_flow\_logs\_metadata | If subnet\_flow\_logs is true, configures whether metadata fields should be added to the reported VPC flow logs | string | `"INCLUDE_ALL_METADATA"` |    no    |
+| subnet\_flow\_logs\_filter_expr | Export filter defining which VPC flow logs should be logged, see https://cloud.google.com/vpc/docs/flow-logs#filtering for formatting details  | string | `"true"` |    no    |
diff --git a/modules/subnets/main.tf b/modules/subnets/main.tf
@@ -36,11 +36,13 @@ resource "google_compute_subnetwork" "subnetwork" {
       aggregation_interval = lookup(each.value, "subnet_flow_logs_interval", "INTERVAL_5_SEC")
       flow_sampling        = lookup(each.value, "subnet_flow_logs_sampling", "0.5")
       metadata             = lookup(each.value, "subnet_flow_logs_metadata", "INCLUDE_ALL_METADATA")
+      filter_expr          = lookup(each.value, "subnet_flow_logs_filter", "true")
     }] : []
     content {
       aggregation_interval = log_config.value.aggregation_interval
       flow_sampling        = log_config.value.flow_sampling
       metadata             = log_config.value.metadata
+      filter_expr          = log_config.value.filter_expr
     }
   }
   network     = var.network_name

diff --git a/test/integration/simple_project/simple_project_test.go b/test/integration/simple_project/simple_project_test.go
@@ -48,7 +48,7 @@ func TestSimpleProject(t *testing.T) {
 			subnet3 := gcloud.Run(t, "compute networks subnets describe subnet-03", gcOpts)
 			assert.Equal("10.10.30.0/24", subnet3.Get("ipCidrRange").String(), "should have the right CIDR")
 			assert.False(subnet3.Get("privateIpGoogleAccess").Bool(), "should not have Private Google Access")
-			expectedLogConfig = `{"aggregationInterval": "INTERVAL_10_MIN","enable": true,"filterExpr": "true","flowSampling": 0.7,"metadata": "INCLUDE_ALL_METADATA"}`
+			expectedLogConfig = `{"aggregationInterval": "INTERVAL_10_MIN","enable": true,"filterExpr": "false","flowSampling": 0.7,"metadata": "INCLUDE_ALL_METADATA"}`
 			assert.JSONEq(expectedLogConfig, subnet3.Get("logConfig").String(), "log config should be correct")
 		})
 	net.Test()