sink for billing account #128
Conversation
romanini-ciandt
left a comment
romanini-ciandt
left a comment
There was a problem hiding this comment.
To be honest, I didn't understand exactly which is the change implemented here.
Is it ok for us to make a quick review call, so I can make some more questions?
1-org/envs/shared/log_sinks.tf
Outdated
| parent_resource_id = local.parent_folder != "" ? local.parent_folder : local.org_id | ||
| parent_resource_type = local.parent_folder != "" ? "folder" : "organization" | ||
| #parent_resource_id = local.parent_folder != "" ? local.parent_folder : local.org_id | ||
| parent_resource_id = local.parent_folder != "" ? local.parent_folder : local.billing_account != "" ? local.billing_account : local.org_id |
There was a problem hiding this comment.
I'm not sure if I got the intention of this expression right...
You're saying that terraform should use:
local.parent_folderif provided;- if not, check for
local.billing_accountand use it if provided; - if not, use
local.org_id.
But as far as I understood from your reports in our standups, shouldn't the billing account logs sinks in parallel of organization logs, and not instead of organization logs?
| # Log Bucket Service account IAM membership billing account # | ||
| #-----------------------------------------------------------# | ||
|
|
||
| resource "google_project_iam_member" "billing_account_member_logbucket" { |
There was a problem hiding this comment.
Since this 3 google_project_iam_member resources are granting the same role, with same dependencies for different identities, how about make a for_each iterating by the logbucket, storage and pubsub writer_identity?
No description provided.