Setting field-level access control in logging buckets

[TomBAMU]

Community Note

• Please vote on this issue by adding a 👍 reaction to the original issue to help the community and maintainers prioritize this request
• Please do not leave "+1" or "me too" comments, they generate extra noise for issue followers and do not help prioritize the request
• If you are interested in working on this issue or have submitted a pull request, please leave a comment. If the issue is assigned to the "modular-magician" user, it is either in the process of being autogenerated, or is planned to be autogenerated soon. If the issue is assigned to a user, that user is claiming responsibility for the issue. If the issue is assigned to "hashibot", a community member has claimed the issue already.

Description

The feature of field-level access control should be supported via terraform provider. It is possible to restrict the access control of certain logging fields to a minimum of individuals . Especially for sensitive data, this option is very useful. Unfortunately the provider does not offer a functionality to do so for the logging bucket. My desired enhancement would be a equivalent to the gcloud command:

gcloud alpha logging buckets update myLoggingBucketWithSensitiveData --location=global \
--restricted-fields="jsonPayload.mySensitiveLoggingData,jsonPayload.anotherSensitiveInformation"

New or Affected Resource(s)

• google_logging_project_bucket_config

Potential Terraform Configuration

resource "google_logging_project_bucket_config" "basic" {
    project    = google_project.default.name
    location  = "global"
    retention_days = 30
    bucket_id = "myLoggingBucketWithSensitiveData"
    restricted_fields = "jsonPayload.mySensitiveLoggingData,jsonPayload.anotherSensitiveInformation"
}

References

GCP Documentation - logging field-level access control

b/312911398

[nbrys]

Is there any plan into supporting this?