Merge pull request #108 from joshua9519/joshua9519/log_config

Removing deprecated `enable_flow_logs` setting in favour of log_config

README.md

@@ -38,6 +38,15 @@ module "vpc" {
             subnet_flow_logs      = "true"
             description           = "This subnet has a description"
         },
+        {
+            subnet_name               = "subnet-03"
+            subnet_ip                 = "10.10.30.0/24"
+            subnet_region             = "us-west1"
+            subnet_flow_logs          = "true"
+            subnet_flow_logs_interval = "INTERVAL_10_MIN"
+            subnet_flow_logs_sampling = 0.7
+            subnet_flow_logs_metadata = "INCLUDE_ALL_METADATA"
+        }
     ]
 
     secondary_ranges = {
@@ -142,7 +151,7 @@ The routes list contains maps, where each object represents a route. For the nex
 ## Requirements
 ### Installed Software
 - [Terraform](https://www.terraform.io/downloads.html) ~> 0.12.0
-- [Terraform Provider for GCP][terraform-provider-google] ~> 2.10.0
+- [Terraform Provider for GCP][terraform-provider-google] ~> 2.19.0
 - [gcloud](https://cloud.google.com/sdk/gcloud/) >243.0.0
 
 ### Configure a Service Account

examples/delete_default_gateway_routes/main.tf

@@ -15,7 +15,7 @@
  */
 
 provider "google" {
-  version = "~> 2.10.0"
+  version = "~> 2.19.0"
 }
 
 provider "null" {

examples/multi_vpc/main.tf

@@ -15,7 +15,7 @@
  */
 
 provider "google" {
-  version = "~> 2.10.0"
+  version = "~> 2.19.0"
 }
 
 provider "null" {

examples/secondary_ranges/main.tf

@@ -15,7 +15,7 @@
  */
 
 provider "google" {
-  version = "~> 2.10.0"
+  version = "~> 2.19.0"
 }
 
 provider "null" {

examples/simple_project/main.tf

@@ -15,7 +15,7 @@
  */
 
 provider "google" {
-  version = "~> 2.10.0"
+  version = "~> 2.19.0"
 }
 
 provider "null" {
@@ -25,6 +25,7 @@ provider "null" {
 locals {
   subnet_01 = "${var.network_name}-subnet-01"
   subnet_02 = "${var.network_name}-subnet-02"
+  subnet_03 = "${var.network_name}-subnet-03"
 }
 
 module "test-vpc-module" {
@@ -45,5 +46,14 @@ module "test-vpc-module" {
       subnet_private_access = "true"
       subnet_flow_logs      = "true"
     },
+    {
+      subnet_name               = "${local.subnet_03}"
+      subnet_ip                 = "10.10.30.0/24"
+      subnet_region             = "us-west1"
+      subnet_flow_logs          = "true"
+      subnet_flow_logs_interval = "INTERVAL_10_MIN"
+      subnet_flow_logs_sampling = 0.7
+      subnet_flow_logs_metadata = "INCLUDE_ALL_METADATA"
+    }
   ]
 }

examples/simple_project_with_regional_network/main.tf

@@ -15,7 +15,7 @@
  */
 
 provider "google" {
-  version = "~> 2.10.0"
+  version = "~> 2.19.0"
 }
 
 provider "null" {

examples/submodule_firewall/main.tf

@@ -15,7 +15,7 @@
  */
 
 provider "google" {
-  version = "~> 2.10.0"
+  version = "~> 2.19.0"
 }
 
 provider "null" {

main.tf

@@ -50,10 +50,21 @@ resource "google_compute_subnetwork" "subnetwork" {
   ip_cidr_range            = each.value.subnet_ip
   region                   = each.value.subnet_region
   private_ip_google_access = lookup(each.value, "subnet_private_access", "false")
-  enable_flow_logs         = lookup(each.value, "subnet_flow_logs", "false")
-  network                  = google_compute_network.network.name
-  project                  = var.project_id
-  description              = lookup(each.value, "description", null)
+  dynamic "log_config" {
+    for_each = lookup(each.value, "subnet_flow_logs", false) ? [{
+      aggregation_interval = lookup(each.value, "subnet_flow_logs_interval", null)
+      flow_sampling        = lookup(each.value, "subnet_flow_logs_sampling", null)
+      metadata             = lookup(each.value, "subnet_flow_logs_metadata", null)
+    }] : []
+    content {
+      aggregation_interval = log_config.value.aggregation_interval
+      flow_sampling        = log_config.value.flow_sampling
+      metadata             = log_config.value.metadata
+    }
+  }
+  network     = google_compute_network.network.name
+  project     = var.project_id
+  description = lookup(each.value, "description", null)
   secondary_ip_range = [
     for i in range(
       length(

test/integration/simple_project/controls/gcloud.rb

@@ -30,12 +30,10 @@
       end
     end
 
-    describe "enableFlowLogs" do
-      it "should be false" do
-        expect(data).to include(
-          "enableFlowLogs" => false
-        )
-      end
+    it "logConfig should not exist" do
+      expect(data).to_not include(
+        "logConfig"
+      )
     end
   end
 
@@ -51,12 +49,39 @@
       end
     end
 
-    describe "enableFlowLogs" do
-      it "should be true" do
-        expect(data).to include(
-          "enableFlowLogs" => true
-        )
+    it "Log config should be correct" do
+      expect(data).to include(
+        "logConfig" => {
+          "aggregationInterval" => "INTERVAL_5_SEC",
+          "enable" => true,
+          "flowSampling" => 0.5,
+          "metadata" => "INCLUDE_ALL_METADATA"
+        }
+      )
+    end
+  end
+
+  describe  command("gcloud compute networks subnets describe #{network_name}-subnet-03 --project=#{project_id} --region=us-west1 --format=json") do
+    its(:exit_status) { should eq 0 }
+    its(:stderr) { should eq '' }
+
+    let(:data) do
+      if subject.exit_status == 0
+        JSON.parse(subject.stdout)
+      else
+        {}
       end
     end
+
+    it "Log config should be correct" do
+      expect(data).to include(
+        "logConfig" => {
+          "aggregationInterval" => "INTERVAL_10_MIN",
+          "enable" => true,
+          "flowSampling" => 0.7,
+          "metadata" => "INCLUDE_ALL_METADATA"
+        }
+      )
+    end
   end
 end

test/integration/simple_project/controls/gcp.rb

@@ -44,4 +44,14 @@
     its('ip_cidr_range') { should eq "10.10.20.0/24" }
     its('private_ip_google_access') { should be true }
   end
+
+  describe google_compute_subnetwork(
+    project: project_id,
+    name: "#{network_name}-subnet-03",
+    region: "us-west1"
+  ) do
+    it { should exist }
+    its('ip_cidr_range') { should eq "10.10.30.0/24" }
+    its('private_ip_google_access') { should be false }
+  end
 end