From 5f7e22782c8f22e5d4f1a6ed448ae70e91a26b8d Mon Sep 17 00:00:00 2001
From: Jamie Mitchell <95890357+MitchellJamie@users.noreply.github.com>
Date: Mon, 16 May 2022 19:51:32 -0400
Subject: [PATCH] feat: add filter_expr control in subnet log_config (#360)

* Test commit

* feat: adding logging filter_expr control

Added filter_expr control to provide control over VPC log filtering

* feat: added subnet_flow_filter_expr control

* feat: added subnet_flow_logs_filter_expr control

* feat: Changed test to non-default filterExpr value

* chore: reverted changes on .gitignore
---
 examples/simple_project/main.tf                  |  1 +
 modules/subnets/README.md                        | 16 +++++++++-------
 modules/subnets/main.tf                          |  2 ++
 .../simple_project/simple_project_test.go        |  2 +-
 4 files changed, 13 insertions(+), 8 deletions(-)

diff --git a/examples/simple_project/main.tf b/examples/simple_project/main.tf
index 94be300b..4054e405 100644
--- a/examples/simple_project/main.tf
+++ b/examples/simple_project/main.tf
@@ -49,6 +49,7 @@ module "test-vpc-module" {
       subnet_flow_logs_interval = "INTERVAL_10_MIN"
       subnet_flow_logs_sampling = 0.7
       subnet_flow_logs_metadata = "INCLUDE_ALL_METADATA"
+      subnet_flow_logs_filter   = "false"
     }
   ]
 }
diff --git a/modules/subnets/README.md b/modules/subnets/README.md
index 2509f750..039c15c5 100644
--- a/modules/subnets/README.md
+++ b/modules/subnets/README.md
@@ -33,13 +33,14 @@ module "vpc" {
             description           = "This subnet has a description"
         },
         {
-            subnet_name               = "subnet-03"
-            subnet_ip                 = "10.10.30.0/24"
-            subnet_region             = "us-west1"
-            subnet_flow_logs          = "true"
-            subnet_flow_logs_interval = "INTERVAL_10_MIN"
-            subnet_flow_logs_sampling = 0.7
-            subnet_flow_logs_metadata = "INCLUDE_ALL_METADATA"
+            subnet_name                  = "subnet-03"
+            subnet_ip                    = "10.10.30.0/24"
+            subnet_region                = "us-west1"
+            subnet_flow_logs             = "true"
+            subnet_flow_logs_interval    = "INTERVAL_10_MIN"
+            subnet_flow_logs_sampling    = 0.7
+            subnet_flow_logs_metadata    = "INCLUDE_ALL_METADATA"
+            subnet_flow_logs_filter_expr = "true"
         }
     ]
 
@@ -88,3 +89,4 @@ The subnets list contains maps, where each object represents a subnet. Each map
 | subnet\_flow\_logs\_interval | If subnet\_flow\_logs is true, sets the aggregation interval for collecting flow logs                           | string |    `"INTERVAL_5_SEC"`    |    no    |
 | subnet\_flow\_logs\_sampling | If subnet\_flow\_logs is true, set the sampling rate of VPC flow logs within the subnetwork                     | string |         `"0.5"`          |    no    |
 | subnet\_flow\_logs\_metadata | If subnet\_flow\_logs is true, configures whether metadata fields should be added to the reported VPC flow logs | string | `"INCLUDE_ALL_METADATA"` |    no    |
+| subnet\_flow\_logs\_filter_expr | Export filter defining which VPC flow logs should be logged, see https://cloud.google.com/vpc/docs/flow-logs#filtering for formatting details  | string | `"true"` |    no    |
diff --git a/modules/subnets/main.tf b/modules/subnets/main.tf
index 3e9d81b1..509bc015 100644
--- a/modules/subnets/main.tf
+++ b/modules/subnets/main.tf
@@ -36,11 +36,13 @@ resource "google_compute_subnetwork" "subnetwork" {
       aggregation_interval = lookup(each.value, "subnet_flow_logs_interval", "INTERVAL_5_SEC")
       flow_sampling        = lookup(each.value, "subnet_flow_logs_sampling", "0.5")
       metadata             = lookup(each.value, "subnet_flow_logs_metadata", "INCLUDE_ALL_METADATA")
+      filter_expr          = lookup(each.value, "subnet_flow_logs_filter", "true")
     }] : []
     content {
       aggregation_interval = log_config.value.aggregation_interval
       flow_sampling        = log_config.value.flow_sampling
       metadata             = log_config.value.metadata
+      filter_expr          = log_config.value.filter_expr
     }
   }
   network     = var.network_name
diff --git a/test/integration/simple_project/simple_project_test.go b/test/integration/simple_project/simple_project_test.go
index 03f969ed..b56e6415 100644
--- a/test/integration/simple_project/simple_project_test.go
+++ b/test/integration/simple_project/simple_project_test.go
@@ -48,7 +48,7 @@ func TestSimpleProject(t *testing.T) {
 			subnet3 := gcloud.Run(t, "compute networks subnets describe subnet-03", gcOpts)
 			assert.Equal("10.10.30.0/24", subnet3.Get("ipCidrRange").String(), "should have the right CIDR")
 			assert.False(subnet3.Get("privateIpGoogleAccess").Bool(), "should not have Private Google Access")
-			expectedLogConfig = `{"aggregationInterval": "INTERVAL_10_MIN","enable": true,"filterExpr": "true","flowSampling": 0.7,"metadata": "INCLUDE_ALL_METADATA"}`
+			expectedLogConfig = `{"aggregationInterval": "INTERVAL_10_MIN","enable": true,"filterExpr": "false","flowSampling": 0.7,"metadata": "INCLUDE_ALL_METADATA"}`
 			assert.JSONEq(expectedLogConfig, subnet3.Get("logConfig").String(), "log config should be correct")
 		})
 	net.Test()