feat: add filter_expr control in subnet log_config (#360)

mitchelljamie · web-flow · commit 5f7e22782c8f · 2022-05-16T18:51:32.000-05:00
* Test commit

* feat: adding logging filter_expr control

Added filter_expr control to provide control over VPC log filtering

* feat: added subnet_flow_filter_expr control

* feat: added subnet_flow_logs_filter_expr control

* feat: Changed test to non-default filterExpr value

* chore: reverted changes on .gitignore
diff --git a/examples/simple_project/main.tf b/examples/simple_project/main.tf
@@ -49,6 +49,7 @@ module "test-vpc-module" {
       subnet_flow_logs_interval = "INTERVAL_10_MIN"
       subnet_flow_logs_sampling = 0.7
       subnet_flow_logs_metadata = "INCLUDE_ALL_METADATA"
+      subnet_flow_logs_filter   = "false"
     }
   ]
 }
diff --git a/modules/subnets/README.md b/modules/subnets/README.md
@@ -33,13 +33,14 @@ module "vpc" {
             description           = "This subnet has a description"
         },
         {
-            subnet_name               = "subnet-03"
-            subnet_ip                 = "10.10.30.0/24"
-            subnet_region             = "us-west1"
-            subnet_flow_logs          = "true"
-            subnet_flow_logs_interval = "INTERVAL_10_MIN"
-            subnet_flow_logs_sampling = 0.7
-            subnet_flow_logs_metadata = "INCLUDE_ALL_METADATA"
+            subnet_name                  = "subnet-03"
+            subnet_ip                    = "10.10.30.0/24"
+            subnet_region                = "us-west1"
+            subnet_flow_logs             = "true"
+            subnet_flow_logs_interval    = "INTERVAL_10_MIN"
+            subnet_flow_logs_sampling    = 0.7
+            subnet_flow_logs_metadata    = "INCLUDE_ALL_METADATA"
+            subnet_flow_logs_filter_expr = "true"
         }
     ]
 
@@ -88,3 +89,4 @@ The subnets list contains maps, where each object represents a subnet. Each map
 | subnet\_flow\_logs\_interval | If subnet\_flow\_logs is true, sets the aggregation interval for collecting flow logs                           | string |    `"INTERVAL_5_SEC"`    |    no    |
 | subnet\_flow\_logs\_sampling | If subnet\_flow\_logs is true, set the sampling rate of VPC flow logs within the subnetwork                     | string |         `"0.5"`          |    no    |
 | subnet\_flow\_logs\_metadata | If subnet\_flow\_logs is true, configures whether metadata fields should be added to the reported VPC flow logs | string | `"INCLUDE_ALL_METADATA"` |    no    |
+| subnet\_flow\_logs\_filter_expr | Export filter defining which VPC flow logs should be logged, see https://cloud.google.com/vpc/docs/flow-logs#filtering for formatting details  | string | `"true"` |    no    |
diff --git a/modules/subnets/main.tf b/modules/subnets/main.tf
@@ -36,11 +36,13 @@ resource "google_compute_subnetwork" "subnetwork" {
       aggregation_interval = lookup(each.value, "subnet_flow_logs_interval", "INTERVAL_5_SEC")
       flow_sampling        = lookup(each.value, "subnet_flow_logs_sampling", "0.5")
       metadata             = lookup(each.value, "subnet_flow_logs_metadata", "INCLUDE_ALL_METADATA")
+      filter_expr          = lookup(each.value, "subnet_flow_logs_filter", "true")
     }] : []
     content {
       aggregation_interval = log_config.value.aggregation_interval
       flow_sampling        = log_config.value.flow_sampling
       metadata             = log_config.value.metadata
+      filter_expr          = log_config.value.filter_expr
     }
   }
   network     = var.network_name
diff --git a/test/integration/simple_project/simple_project_test.go b/test/integration/simple_project/simple_project_test.go
@@ -48,7 +48,7 @@ func TestSimpleProject(t *testing.T) {
 			subnet3 := gcloud.Run(t, "compute networks subnets describe subnet-03", gcOpts)
 			assert.Equal("10.10.30.0/24", subnet3.Get("ipCidrRange").String(), "should have the right CIDR")
 			assert.False(subnet3.Get("privateIpGoogleAccess").Bool(), "should not have Private Google Access")
-			expectedLogConfig = `{"aggregationInterval": "INTERVAL_10_MIN","enable": true,"filterExpr": "true","flowSampling": 0.7,"metadata": "INCLUDE_ALL_METADATA"}`
+			expectedLogConfig = `{"aggregationInterval": "INTERVAL_10_MIN","enable": true,"filterExpr": "false","flowSampling": 0.7,"metadata": "INCLUDE_ALL_METADATA"}`
 			assert.JSONEq(expectedLogConfig, subnet3.Get("logConfig").String(), "log config should be correct")
 		})
 	net.Test()

Original file line number	Diff line number	Diff line change
`@@ -49,6 +49,7 @@ module "test-vpc-module" {`
`49`	`49`	`subnet_flow_logs_interval = "INTERVAL_10_MIN"`
`50`	`50`	`subnet_flow_logs_sampling = 0.7`
`51`	`51`	`subnet_flow_logs_metadata = "INCLUDE_ALL_METADATA"`
	`52`	`+ subnet_flow_logs_filter = "false"`
`52`	`53`	`}`
`53`	`54`	`]`
`54`	`55`	`}`
Original file line number	Diff line number	Diff line change
`@@ -36,11 +36,13 @@ resource "google_compute_subnetwork" "subnetwork" {`
`36`	`36`	`aggregation_interval = lookup(each.value, "subnet_flow_logs_interval", "INTERVAL_5_SEC")`
`37`	`37`	`flow_sampling = lookup(each.value, "subnet_flow_logs_sampling", "0.5")`
`38`	`38`	`metadata = lookup(each.value, "subnet_flow_logs_metadata", "INCLUDE_ALL_METADATA")`
	`39`	`+ filter_expr = lookup(each.value, "subnet_flow_logs_filter", "true")`
`39`	`40`	`}] : []`
`40`	`41`	`content {`
`41`	`42`	`aggregation_interval = log_config.value.aggregation_interval`
`42`	`43`	`flow_sampling = log_config.value.flow_sampling`
`43`	`44`	`metadata = log_config.value.metadata`
	`45`	`+ filter_expr = log_config.value.filter_expr`
`44`	`46`	`}`
`45`	`47`	`}`
`46`	`48`	`network = var.network_name`