Commit 1b7fe43a authored by Kenny Moore's avatar Kenny Moore
Browse files

Fixed mistake in auditing (after backup)

parent d2dfe9f8
......@@ -44,18 +44,27 @@ resource "google_logging_project_sink" "audit_logs_bq" {
unique_writer_identity = true
}
resource "null_resource" "sink_writer_bq_access" {
for_each = { for v in local.all_projects : v => v }
triggers = {
writer_identity = google_logging_project_sink.audit_logs_bq[each.key].writer_identity
}
resource "google_bigquery_dataset_access" "sink_writer_bq_access" {
for_each = { for v in local.all_projects : v => v }
project = google_project.hipaa_project["audit"].project_id
# dataset_id = "${google_project.hipaa_project["audit"].project_id}/datasets/${google_bigquery_dataset.audit_logs[each.key].dataset_id}"
dataset_id = "${google_bigquery_dataset.audit_logs[each.key].dataset_id}"
role = "WRITER"
user_by_email = split(":", google_logging_project_sink.audit_logs_bq[each.key].writer_identity)[1]
}
provisioner "local-exec" {
command = "${path.module}/set-sink-writer-bq-access.sh ${google_project.hipaa_project["audit"].project_id} ${google_bigquery_dataset.audit_logs[each.key].dataset_id} ${google_logging_project_sink.audit_logs_bq[each.key].writer_identity}"
}
# resource "null_resource" "sink_writer_bq_access" {
# for_each = { for v in local.all_projects : v => v }
# triggers = {
# writer_identity = google_logging_project_sink.audit_logs_bq[each.key].writer_identity
# }
depends_on = [ null_resource.install_gcloud_cli ]
}
# provisioner "local-exec" {
# command = "${path.module}/set-sink-writer-bq-access.sh ${google_project.hipaa_project["audit"].project_id} ${google_bigquery_dataset.audit_logs[each.key].dataset_id} ${google_logging_project_sink.audit_logs_bq[each.key].writer_identity}"
# }
# depends_on = [ null_resource.install_gcloud_cli ]
# }
resource "google_logging_project_sink" "audit_logs_gcs" {
for_each = { for v in local.all_projects : v => v }
......@@ -132,4 +141,4 @@ resource "google_storage_bucket_iam_binding" "audit_log_reader" {
members = [
"group:${local.auditor_group_email}",
]
}
}
\ No newline at end of file
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment