Merge pull request #10 from DNXLabs/configuring_logs

Configuring logs
DNXLabs · Aug 11, 2023 · 2ff78ee · 2ff78ee
2 parents 54e54ee + e5a90d2
commit 2ff78ee
Show file tree

Hide file tree

Showing 3 changed files with 35 additions and 10 deletions.
diff --git a/README.md b/README.md
@@ -92,6 +92,8 @@ Here is a working example of using this Terraform module:
 
 | Name | Description | Type | Default | Required |
 |------|-------------|------|---------|:--------:|
+| allow\_cidrs | List of CIDR to allow connection to this Cluster | <pre>list(object({<br>    name        = string<br>    description = string<br>    cidr        = list(string)<br>    from_port   = number<br>    to_port     = number<br>    protocol    = string<br>  }))</pre> | `[]` | no |
+| allow\_security\_group\_ids | List of Security Group IDs to allow connection to this Cluster | <pre>list(object({<br>    name              = string<br>    description       = string<br>    security_group_id = string<br>    from_port         = number<br>    to_port           = number<br>    protocol          = string<br>  }))</pre> | `[]` | no |
 | availability\_zones | The number of availability zones for the OpenSearch cluster. Valid values: 1, 2 or 3. | `number` | `1` | no |
 | cluster\_domain | The hosted zone name of the OpenSearch cluster. | `string` | n/a | yes |
 | cluster\_hostname | The hostname name of the OpenSearch cluster. | `string` | n/a | yes |
@@ -102,9 +104,11 @@ Here is a working example of using this Terraform module:
 | ebs\_iops | n/a | `number` | `null` | no |
 | ebs\_volume\_size | n/a | `number` | `10` | no |
 | ebs\_volume\_type | n/a | `string` | `null` | no |
+| enable\_saml\_options | Enable or not saml options | `string` | `true` | no |
 | encrypt\_kms\_key\_id | The KMS key ID to encrypt the OpenSearch cluster with. If not specified, then it defaults to using the AWS OpenSearch Service KMS key. | `string` | `""` | no |
 | hot\_instance\_count | The number of dedicated hot nodes in the cluster. | `number` | `1` | no |
 | hot\_instance\_type | The type of EC2 instances to run for each hot node. A list of available instance types can you find at https://aws.amazon.com/en/opensearch-service/pricing/#On-Demand_instance_pricing | `string` | `"r6gd.large.elasticsearch"` | no |
+| log\_publishing\_options | A list of maps containing log publishing options. | <pre>list(object({<br>    enable                   = bool<br>    cloudwatch_log_group_arn = string<br>    log_type                 = string<br>  }))</pre> | `[]` | no |
 | log\_publishing\_options\_cloudwatch\_log\_group\_arn | n/a | `string` | `null` | no |
 | log\_publishing\_options\_enable | n/a | `bool` | `null` | no |
 | log\_publishing\_options\_log\_type | n/a | `string` | `null` | no |

diff --git a/_variables.tf b/_variables.tf
@@ -116,6 +116,12 @@ variable "saml_roles_key" {
   default     = ""
 }
 
+variable "enable_saml_options" {
+  description = "Enable or not saml options"
+  type        = string
+  default     = true
+}
+
 variable "saml_entity_id" {
   description = "The unique Entity ID of the application in SAML Identity Provider."
   type        = string
@@ -200,13 +206,23 @@ variable "allow_security_group_ids" {
 
 variable "allow_cidrs" {
   type = list(object({
-    name              = string
-    description       = string
-    cidr              = list(string)
-    from_port         = number
-    to_port           = number
-    protocol          = string
+    name        = string
+    description = string
+    cidr        = list(string)
+    from_port   = number
+    to_port     = number
+    protocol    = string
   }))
   description = "List of CIDR to allow connection to this Cluster"
   default     = []
+}
+
+variable "log_publishing_options" {
+  description = "A list of maps containing log publishing options."
+  type = list(object({
+    enable                   = bool
+    cloudwatch_log_group_arn = string
+    log_type                 = string
+  }))
+  default = []
 }
diff --git a/main.tf b/main.tf
@@ -77,10 +77,14 @@ resource "aws_elasticsearch_domain" "opensearch" {
     iops        = var.ebs_iops
   }
 
-  log_publishing_options {
-    enabled                   = var.log_publishing_options_enable
-    cloudwatch_log_group_arn  = var.log_publishing_options_cloudwatch_log_group_arn
-    log_type                  = var.log_publishing_options_log_type
+  dynamic "log_publishing_options" {
+    for_each = var.log_publishing_options
+
+    content {
+      enabled                  = log_publishing_options.value.enable
+      cloudwatch_log_group_arn = log_publishing_options.value.cloudwatch_log_group_arn
+      log_type                 = log_publishing_options.value.log_type
+    }
   }
 
   tags = var.tags
@@ -89,6 +93,7 @@ resource "aws_elasticsearch_domain" "opensearch" {
 }
 
 resource "aws_elasticsearch_domain_saml_options" "opensearch" {
+  count       = var.enable_saml_options ? 1 : 0
   domain_name = aws_elasticsearch_domain.opensearch.domain_name
 
   saml_options {