Modify script to accept inclusion and exclustion filters as variables (…

…#3422)
grafana · Mar 3, 2021 · 071fd5b · 071fd5b
1 parent 20ef66d
commit 071fd5b
Show file tree

Hide file tree

Showing 2 changed files with 55 additions and 17 deletions.
diff --git a/scripts/gcplog/README.md b/scripts/gcplog/README.md
@@ -43,7 +43,9 @@ Terraform will prompt for following variables.
 2. zone - GCP zone (e.g: `us-central1-b`)
 3. region - GCP region (e.g: `us-central1`)
 4. project - GCP Project ID
-5. logname - Logname is the name we use to create pubsub topics, log router and pubsub subscription.
+5. name - name we use to create pubsub topics, log router and pubsub subscription.
+6. inclusion_filter - To include cloud resources to export.
+7. exclusions - Ignore these logs while exporting.
 
 you can pass these variables via CLI.
 

diff --git a/scripts/gcplog/main.tf b/scripts/gcplog/main.tf
@@ -7,34 +7,70 @@ terraform {
   }
 }
 
-variable "credentials_file" {}
-variable "zone" {}
-variable "region" {}
-variable "project" {}
-variable "logname" {
-  default = "cloud-logs"
-}
-
 provider "google" {
   credentials = file(var.credentials_file)
   project = var.project
   zone = var.zone
   region= var.region
-
 }
 
 resource "google_pubsub_topic" "cloud-logs" {
-  name= var.logname
+  name = var.name
 }
 
-resource "google_logging_project_sink" "cloud-logs" {
-  name = var.logname
-  destination = "pubsub.googleapis.com/projects/${var.project}/topics/${var.logname}"
-  filter = "resource.type = http_load_balancer AND httpRequest.status >= 200"
+resource "google_logging_project_sink" "main" {
+  name        = var.name
+  destination = "pubsub.googleapis.com/projects/${var.project}/topics/${var.name}"
+  filter      = var.inclusion_filter
+  dynamic "exclusions" {
+    for_each = var.exclusions
+    content {
+      name   = exclusions.value.name
+      filter = exclusions.value.filter
+    }
+  }
   unique_writer_identity = true
 }
 
-resource "google_pubsub_subscription" "coud-logs" {
-  name = var.logname
+resource "google_pubsub_subscription" "main" {
+  name  = var.name
+  topic = google_pubsub_topic.cloud-logs.name
+}
+
+resource "google_pubsub_topic_iam_binding" "log-writer" {
   topic = google_pubsub_topic.cloud-logs.name
+  role  = "roles/pubsub.publisher"
+  members = [
+    google_logging_project_sink.main.writer_identity,
+  ]
+}
+
+# Variables
+
+variable "credentials_file" {}
+variable "zone" {}
+variable "region" {}
+variable "project" {}
+
+variable "name" {
+  description = "Name of the gcplog setup"
+  default     = "cloud-logs"
+}
+
+variable "project" {
+  description = "Google cloud project name"
+}
+
+variable "inclusion_filter" {
+  description = "Logs inclusion filter that tells what kind of logs should be ingested into pubsub topic"
+  default     = "" // default no logs should be ingested
+}
+
+variable "exclusions" {
+  default     = []
+  description = "Logs exclusion filter that tells what kind of logs should be ignored"
+  type = list(object({
+    name   = string
+    filter = string
+  }))
 }