Skip to content

Audit log sink management terraform #380

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 9 commits into
base: main
Choose a base branch
from
Open

Audit log sink management terraform #380

wants to merge 9 commits into from
+1,333 −2

Conversation

@david049
Copy link

@david049 david049 commented Nov 3, 2025
edited by cursor bot
Loading

What was changed

Adds terraform for audit log sink crud

Why?

Checklist

  1. Closes

  2. How was this tested:

locally tested
3. Any docs updates needed?

Note

Add Terraform resource and data source to manage and read account audit log sinks (Kinesis/PubSub), with docs, examples, tests, and provider wiring.

  • Resources:
    • temporalcloud_account_audit_log_sink: full CRUD with import, timeouts, and validation; supports kinesis and pubsub configurations.
  • Data Sources:
    • temporalcloud_account_audit_log_sink: fetches sink details (incl. state, kinesis, pubsub).
  • Provider:
    • Registers new resource and data source.
  • Types:
    • Add KinesisSpecModel and PubSubSpecModel attr types and models in internal/types/sink.go.
  • Docs & Examples:
    • New resource docs and example usage for Kinesis and PubSub.
  • Tests:
    • Acceptance tests for resource and data source covering Kinesis and PubSub flows.
  • Dependencies:
    • Update to use github.com/temporalio/cloud-sdk-go via replace in go.mod/go.sum.

Written by Cursor Bugbot for commit a98f32d. This will update automatically on new commits. Configure here.

@david049 david049 requested a review from a team as a code owner November 3, 2025 19:46
david049
david049 commented Nov 3, 2025
View reviewed changes
go.mod
gopkg.in/yaml.v3 v3.0.1 // indirect
)

replace go.temporal.io/cloud-sdk => github.com/temporalio/cloud-sdk-go v0.6.1-0.20251031194819-5117604c8a4f
Copy link
Author

@david049 david049 Nov 3, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

TODO: remove this after API update

alice-yin
alice-yin reviewed Nov 20, 2025
View reviewed changes
internal/provider/account_audit_log_sink_resource.go Outdated
}, nil
}

diags.AddError("Invalid sink configuration", "Either Kinesis or PubSub must be configured")
Copy link
Contributor

@alice-yin alice-yin Nov 20, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This can be removed as it should not be hitting here.

alice-yin
alice-yin reviewed Nov 20, 2025
View reviewed changes
internal/provider/account_audit_log_sink_resource.go
Comment on lines +373 to +377
pubsubSinkSpec := &sinkv1.PubSubSpec{
ServiceAccountId: pubsubSpec.ServiceAccountId.ValueString(),
TopicName: pubsubSpec.TopicName.ValueString(),
GcpProjectId: pubsubSpec.GcpProjectId.ValueString(),
}
Copy link
Contributor

@alice-yin alice-yin Nov 20, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

You may hit a similar ask that customer wants sa email other than saId and gcp project. I got a customer ask for gcp and I added https://github.com/temporalio/terraform-provider-temporalcloud/pull/305/files#diff-0f9ac5989d3371aad25f7ab3f9c8663c66551ffc889f50f3a3cc96c9385d6456

@anekkanti
Copy link
Member

anekkanti commented Nov 21, 2025

cursor review

cursor[bot]
cursor bot reviewed Nov 21, 2025
View reviewed changes
Copy link

@cursor cursor bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

✅ Bugbot reviewed your changes and found no bugs!

cursor[bot]
cursor bot reviewed Nov 21, 2025
View reviewed changes
@david049 david049 force-pushed the dliu/auditlogsinktf branch from dc778fa to 7d01344 Compare November 21, 2025 15:52
@temporalio temporalio deleted a comment from cursor bot Nov 21, 2025
cursor[bot]
cursor bot reviewed Nov 21, 2025
View reviewed changes
anekkanti
anekkanti approved these changes Nov 21, 2025
View reviewed changes
internal/provider/account_audit_log_sink_datasource.go
Description: "The unique identifier of the account audit log sink.",
}

switch idRequired {
Copy link
Member

@anekkanti anekkanti Nov 21, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Whats the idRequired for? Seems like its not really used.

internal/provider/account_audit_log_sink_datasource.go
}

return map[string]schema.Attribute{
"id": idAttribute,
Copy link
Member

@anekkanti anekkanti Nov 21, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Do we need this id seems like its always the same as sink_name.

Copy link
Author

@david049 david049 Nov 21, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I'll remove it since it is the same

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@alice-yin alice-yin alice-yin left review comments

@cursor cursor[bot] cursor[bot] left review comments

@anekkanti anekkanti anekkanti approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

4 participants

@david049 @anekkanti @alice-yin