@pulumi/gcp/logging/projectSink.js

A Pulumi package for creating and managing Google Cloud Platform resources.

"use strict";
// *** WARNING: this file was generated by pulumi-language-nodejs. ***
// *** Do not edit by hand unless you're certain you know what you are doing! ***
var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
    if (k2 === undefined) k2 = k;
    var desc = Object.getOwnPropertyDescriptor(m, k);
    if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
      desc = { enumerable: true, get: function() { return m[k]; } };
    }
    Object.defineProperty(o, k2, desc);
}) : (function(o, m, k, k2) {
    if (k2 === undefined) k2 = k;
    o[k2] = m[k];
}));
var __setModuleDefault = (this && this.__setModuleDefault) || (Object.create ? (function(o, v) {
    Object.defineProperty(o, "default", { enumerable: true, value: v });
}) : function(o, v) {
    o["default"] = v;
});
var __importStar = (this && this.__importStar) || function (mod) {
    if (mod && mod.__esModule) return mod;
    var result = {};
    if (mod != null) for (var k in mod) if (k !== "default" && Object.prototype.hasOwnProperty.call(mod, k)) __createBinding(result, mod, k);
    __setModuleDefault(result, mod);
    return result;
};
Object.defineProperty(exports, "__esModule", { value: true });
exports.ProjectSink = void 0;
const pulumi = __importStar(require("@pulumi/pulumi"));
const utilities = __importStar(require("../utilities"));
/**
 * Manages a project-level logging sink. For more information see:
 *
 * * [API documentation](https://cloud.google.com/logging/docs/reference/v2/rest/v2/projects.sinks)
 * * How-to Guides
 *     * [Exporting Logs](https://cloud.google.com/logging/docs/export)
 *
 * > You can specify exclusions for log sinks created by terraform by using the exclusions field of `gcp.logging.FolderSink`
 *
 * > **Note:** You must have [granted the "Logs Configuration Writer"](https://cloud.google.com/logging/docs/access-control) IAM role (`roles/logging.configWriter`) to the credentials used with this provider.
 *
 * > **Note** You must [enable the Cloud Resource Manager API](https://console.cloud.google.com/apis/library/cloudresourcemanager.googleapis.com)
 *
 * > **Note:** The `_Default` and `_Required` logging sinks are automatically created for a given project and cannot be deleted. Creating a resource of this type will acquire and update the resource that already exists at the desired location. These sinks cannot be removed so deleting this resource will remove the sink config from your terraform state but will leave the logging sink unchanged. The sinks that are currently automatically created are "_Default" and "_Required".
 *
 * ## Example Usage
 *
 * ### Basic Sink
 *
 * ```typescript
 * import * as pulumi from "@pulumi/pulumi";
 * import * as gcp from "@pulumi/gcp";
 *
 * const my_sink = new gcp.logging.ProjectSink("my-sink", {
 *     name: "my-pubsub-instance-sink",
 *     destination: "pubsub.googleapis.com/projects/my-project/topics/instance-activity",
 *     filter: "resource.type = gce_instance AND severity >= WARNING",
 *     uniqueWriterIdentity: true,
 * });
 * ```
 *
 * ### Cloud Storage Bucket Destination
 *
 * A more complete example follows: this creates a compute instance, as well as a log sink that logs all activity to a
 * cloud storage bucket. Because we are using `uniqueWriterIdentity`, we must grant it access to the bucket.
 *
 * Note that this grant requires the "Project IAM Admin" IAM role (`roles/resourcemanager.projectIamAdmin`) granted to the
 * credentials used with Terraform.
 *
 * ```typescript
 * import * as pulumi from "@pulumi/pulumi";
 * import * as gcp from "@pulumi/gcp";
 *
 * // Our logged compute instance
 * const my_logged_instance = new gcp.compute.Instance("my-logged-instance", {
 *     networkInterfaces: [{
 *         accessConfigs: [{}],
 *         network: "default",
 *     }],
 *     name: "my-instance",
 *     machineType: "e2-medium",
 *     zone: "us-central1-a",
 *     bootDisk: {
 *         initializeParams: {
 *             image: "debian-cloud/debian-11",
 *         },
 *     },
 * });
 * // A gcs bucket to store logs in
 * const gcs_bucket = new gcp.storage.Bucket("gcs-bucket", {
 *     name: "my-unique-logging-bucket",
 *     location: "US",
 * });
 * // Our sink; this logs all activity related to our "my-logged-instance" instance
 * const instance_sink = new gcp.logging.ProjectSink("instance-sink", {
 *     name: "my-instance-sink",
 *     description: "some explanation on what this is",
 *     destination: pulumi.interpolate`storage.googleapis.com/${gcs_bucket.name}`,
 *     filter: pulumi.interpolate`resource.type = gce_instance AND resource.labels.instance_id = "${my_logged_instance.instanceId}"`,
 *     uniqueWriterIdentity: true,
 * });
 * // Because our sink uses a unique_writer, we must grant that writer access to the bucket.
 * const gcs_bucket_writer = new gcp.projects.IAMBinding("gcs-bucket-writer", {
 *     project: "your-project-id",
 *     role: "roles/storage.objectCreator",
 *     members: [instance_sink.writerIdentity],
 * });
 * ```
 *
 * ### User-Managed Service Account
 *
 * The following example creates a sink that are configured with user-managed service accounts, by specifying
 * the `customWriterIdentity` field.
 *
 * Note that you can only create a sink that uses a user-managed service account when the sink destination
 * is a log bucket.
 *
 * ```typescript
 * import * as pulumi from "@pulumi/pulumi";
 * import * as gcp from "@pulumi/gcp";
 *
 * const custom_sa = new gcp.serviceaccount.Account("custom-sa", {
 *     project: "other-project-id",
 *     accountId: "gce-log-bucket-sink",
 *     displayName: "gce-log-bucket-sink",
 * });
 * // Create a sink that uses user-managed service account
 * const my_sink = new gcp.logging.ProjectSink("my-sink", {
 *     name: "other-project-log-bucket-sink",
 *     destination: "logging.googleapis.com/projects/other-project-id/locations/global/buckets/gce-logs",
 *     filter: "resource.type = gce_instance AND severity >= WARNING",
 *     uniqueWriterIdentity: true,
 *     customWriterIdentity: custom_sa.email,
 * });
 * // grant writer access to the user-managed service account
 * const custom_sa_logbucket_binding = new gcp.projects.IAMMember("custom-sa-logbucket-binding", {
 *     project: "destination-project-id",
 *     role: "roles/logging.bucketWriter",
 *     member: pulumi.interpolate`serviceAccount:${custom_sa.email}`,
 * });
 * ```
 *
 * The above example will create a log sink that route logs to destination GCP project using
 * an user-managed service account.
 *
 * ### Sink Exclusions
 *
 * The following example uses `exclusions` to filter logs that will not be exported. In this example logs are exported to a [log bucket](https://cloud.google.com/logging/docs/buckets) and there are 2 exclusions configured
 *
 * ```typescript
 * import * as pulumi from "@pulumi/pulumi";
 * import * as gcp from "@pulumi/gcp";
 *
 * const log_bucket = new gcp.logging.ProjectSink("log-bucket", {
 *     name: "my-logging-sink",
 *     destination: "logging.googleapis.com/projects/my-project/locations/global/buckets/_Default",
 *     exclusions: [
 *         {
 *             name: "nsexcllusion1",
 *             description: "Exclude logs from namespace-1 in k8s",
 *             filter: "resource.type = k8s_container resource.labels.namespace_name=\"namespace-1\" ",
 *         },
 *         {
 *             name: "nsexcllusion2",
 *             description: "Exclude logs from namespace-2 in k8s",
 *             filter: "resource.type = k8s_container resource.labels.namespace_name=\"namespace-2\" ",
 *         },
 *     ],
 *     uniqueWriterIdentity: true,
 * });
 * ```
 *
 * ## Import
 *
 * Project-level logging sinks can be imported using their URI, e.g.
 *
 * * `projects/{{project_id}}/sinks/{{name}}`
 *
 * When using the `pulumi import` command, project-level logging sinks can be imported using one of the formats above. For example:
 *
 * ```sh
 * $ pulumi import gcp:logging/projectSink:ProjectSink default projects/{{project_id}}/sinks/{{name}}
 * ```
 */
class ProjectSink extends pulumi.CustomResource {
    /**
     * Get an existing ProjectSink resource's state with the given name, ID, and optional extra
     * properties used to qualify the lookup.
     *
     * @param name The _unique_ name of the resulting resource.
     * @param id The _unique_ provider ID of the resource to lookup.
     * @param state Any extra arguments used during the lookup.
     * @param opts Optional settings to control the behavior of the CustomResource.
     */
    static get(name, id, state, opts) {
        return new ProjectSink(name, state, { ...opts, id: id });
    }
    /** @internal */
    static __pulumiType = 'gcp:logging/projectSink:ProjectSink';
    /**
     * Returns true if the given object is an instance of ProjectSink.  This is designed to work even
     * when multiple copies of the Pulumi SDK have been loaded into the same process.
     */
    static isInstance(obj) {
        if (obj === undefined || obj === null) {
            return false;
        }
        return obj['__pulumiType'] === ProjectSink.__pulumiType;
    }
    constructor(name, argsOrState, opts) {
        let resourceInputs = {};
        opts = opts || {};
        if (opts.id) {
            const state = argsOrState;
            resourceInputs["bigqueryOptions"] = state?.bigqueryOptions;
            resourceInputs["customWriterIdentity"] = state?.customWriterIdentity;
            resourceInputs["deletionPolicy"] = state?.deletionPolicy;
            resourceInputs["description"] = state?.description;
            resourceInputs["destination"] = state?.destination;
            resourceInputs["disabled"] = state?.disabled;
            resourceInputs["exclusions"] = state?.exclusions;
            resourceInputs["filter"] = state?.filter;
            resourceInputs["name"] = state?.name;
            resourceInputs["project"] = state?.project;
            resourceInputs["uniqueWriterIdentity"] = state?.uniqueWriterIdentity;
            resourceInputs["writerIdentity"] = state?.writerIdentity;
        }
        else {
            const args = argsOrState;
            if (args?.destination === undefined && !opts.urn) {
                throw new Error("Missing required property 'destination'");
            }
            resourceInputs["bigqueryOptions"] = args?.bigqueryOptions;
            resourceInputs["customWriterIdentity"] = args?.customWriterIdentity;
            resourceInputs["deletionPolicy"] = args?.deletionPolicy;
            resourceInputs["description"] = args?.description;
            resourceInputs["destination"] = args?.destination;
            resourceInputs["disabled"] = args?.disabled;
            resourceInputs["exclusions"] = args?.exclusions;
            resourceInputs["filter"] = args?.filter;
            resourceInputs["name"] = args?.name;
            resourceInputs["project"] = args?.project;
            resourceInputs["uniqueWriterIdentity"] = args?.uniqueWriterIdentity;
            resourceInputs["writerIdentity"] = undefined /*out*/;
        }
        opts = pulumi.mergeOptions(utilities.resourceOptsDefaults(), opts);
        super(ProjectSink.__pulumiType, name, resourceInputs, opts);
    }
}
exports.ProjectSink = ProjectSink;
//# sourceMappingURL=projectSink.js.map