Skip to main content

google_logging_folder_log_sink resource

Syntax

A google_logging_folder_log_sink is used to test a Google FolderLogSink resource

Examples

# Getting folder sinks is complicated due to the name being generated by the server.
# This can be drastically simplified if you have the folder name when writing the test
describe.one do
  google_resourcemanager_folders(parent: 'organizations/12345').names.each do |folder_name|
    # name on a folder is in the form `folders/12345`
    describe google_logging_folder_log_sink(folder: folder_name.split('/')[1], name: 'inspec-gcp-folder-sink') do
      it { should exist }
      its('filter') { should cmp 'resource.type = gce_instance AND severity >= ERROR' }
    end
  end
end

Properties

Properties that can be accessed from the google_logging_folder_log_sink resource:

folder
Id of the folder that this sink belongs to
name
Name of the log sink.
filter
An advanced logs filter. The only exported log entries are those that are in the resource owning the sink and that match the filter.
destination
The export destination.
writer_identity
An IAM identity—a service account or group—under which Logging writes the exported log entries to the sink’s destination. This field is set by sinks.create and sinks.update based on the value of uniqueWriterIdentity in those methods.
include_children
If the field is false, the default, only the logs owned by the sink’s parent resource are available for export. If the field is true, then logs from all the projects, folders, and billing accounts contained in the sink’s parent resource are also available for export. Whether a particular log entry from the children is exported depends on the sink’s filter expression.

GCP Permissions

Ensure the Stackdriver Logging API is enabled for the current project.

Edit this page on GitHub

Thank you for your feedback!

×