gcp_logging_log_bucket

analytics_enabled

Type: BOOLEAN
Provider name: analyticsEnabled
Description: Whether log analytics is enabled for this bucket.Once enabled, log analytics features cannot be disabled.

ancestors

Type: UNORDERED_LIST_STRING

cmek_settings

Type: STRUCT
Provider name: cmekSettings
Description: Optional. The CMEK settings of the log bucket. If present, new log entries written to this log bucket are encrypted using the CMEK key provided in this configuration. If a log bucket has CMEK settings, the CMEK settings cannot be disabled later by updating the log bucket. Changing the KMS key is allowed.

  • kms_key_name
    Type: STRING
    Provider name: kmsKeyName
    Description: Optional. The resource name for the configured Cloud KMS key.KMS key name format: “projects/[PROJECT_ID]/locations/[LOCATION]/keyRings/[KEYRING]/cryptoKeys/[KEY]” For example:“projects/my-project/locations/us-central1/keyRings/my-ring/cryptoKeys/my-key"To enable CMEK for the Log Router, set this field to a valid kms_key_name for which the associated service account has the needed cloudkms.cryptoKeyEncrypterDecrypter roles assigned for the key.The Cloud KMS key used by the Log Router can be updated by changing the kms_key_name to a new valid key name or disabled by setting the key name to an empty string. Encryption operations that are in progress will be completed with the key that was in use when they started. Decryption operations will be completed using the key that was used at the time of encryption unless access to that key has been revoked.To disable CMEK for the Log Router, set this field to an empty string.See Enabling CMEK for Log Router (https://cloud.google.com/logging/docs/routing/managed-encryption) for more information.
  • kms_key_version_name
    Type: STRING
    Provider name: kmsKeyVersionName
    Description: Output only. The CryptoKeyVersion resource name for the configured Cloud KMS key.KMS key name format: “projects/[PROJECT_ID]/locations/[LOCATION]/keyRings/[KEYRING]/cryptoKeys/[KEY]/cryptoKeyVersions/[VERSION]” For example:“projects/my-project/locations/us-central1/keyRings/my-ring/cryptoKeys/my-key/cryptoKeyVersions/1"This is a read-only field used to convey the specific configured CryptoKeyVersion of kms_key that has been configured. It will be populated in cases where the CMEK settings are bound to a single key version.If this field is populated, the kms_key is tied to a specific CryptoKeyVersion.
  • name
    Type: STRING
    Provider name: name
    Description: Output only. The resource name of the CMEK settings.
  • service_account_id
    Type: STRING
    Provider name: serviceAccountId
    Description: Output only. The service account that will be used by the Log Router to access your Cloud KMS key.Before enabling CMEK for Log Router, you must first assign the cloudkms.cryptoKeyEncrypterDecrypter role to the service account that the Log Router will use to access your Cloud KMS key. Use GetCmekSettings to obtain the service account ID.See Enabling CMEK for Log Router (https://cloud.google.com/logging/docs/routing/managed-encryption) for more information.

create_time

Type: TIMESTAMP
Provider name: createTime
Description: Output only. The creation timestamp of the bucket. This is not set for any of the default buckets.

description

Type: STRING
Provider name: description
Description: Optional. Describes this bucket.

index_configs

Type: UNORDERED_LIST_STRUCT
Provider name: indexConfigs
Description: Optional. A list of indexed fields and related configuration data.

  • create_time
    Type: TIMESTAMP
    Provider name: createTime
    Description: Output only. The timestamp when the index was last modified.This is used to return the timestamp, and will be ignored if supplied during update.
  • field_path
    Type: STRING
    Provider name: fieldPath
    Description: Required. The LogEntry field path to index.Note that some paths are automatically indexed, and other paths are not eligible for indexing. See indexing documentation( https://cloud.google.com/logging/docs/view/advanced-queries#indexed-fields) for details.For example: jsonPayload.request.status
  • type
    Type: STRING
    Provider name: type
    Description: Required. The type of data in this index.
    Possible values:
    • INDEX_TYPE_UNSPECIFIED - The index’s type is unspecified.
    • INDEX_TYPE_STRING - The index is a string-type index.
    • INDEX_TYPE_INTEGER - The index is a integer-type index.

labels

Type: UNORDERED_LIST_STRING

lifecycle_state

Type: STRING
Provider name: lifecycleState
Description: Output only. The bucket lifecycle state.
Possible values:

  • LIFECYCLE_STATE_UNSPECIFIED - Unspecified state. This is only used/useful for distinguishing unset values.
  • ACTIVE - The normal and active state.
  • DELETE_REQUESTED - The resource has been marked for deletion by the user. For some resources (e.g. buckets), this can be reversed by an un-delete operation.
  • UPDATING - The resource has been marked for an update by the user. It will remain in this state until the update is complete.
  • CREATING - The resource has been marked for creation by the user. It will remain in this state until the creation is complete.
  • FAILED - The resource is in an INTERNAL error state.

locked

Type: BOOLEAN
Provider name: locked
Description: Optional. Whether the bucket is locked.The retention period on a locked bucket cannot be changed. Locked buckets may only be deleted if they are empty.

name

Type: STRING
Provider name: name
Description: Output only. The resource name of the bucket.For example:projects/my-project/locations/global/buckets/my-bucketFor a list of supported locations, see Supported Regions (https://cloud.google.com/logging/docs/region-support)For the location of global it is unspecified where log entries are actually stored.After a bucket has been created, the location cannot be changed.

organization_id

Type: STRING

parent

Type: STRING

project_id

Type: STRING

project_number

Type: STRING

resource_name

Type: STRING

restricted_fields

Type: UNORDERED_LIST_STRING
Provider name: restrictedFields
Description: Optional. Log entry field paths that are denied access in this bucket.The following fields and their children are eligible: textPayload, jsonPayload, protoPayload, httpRequest, labels, sourceLocation.Restricting a repeated field will restrict all values. Adding a parent will block all child fields. (e.g. foo.bar will block foo.bar.baz)

retention_days

Type: INT32
Provider name: retentionDays
Description: Optional. Logs will be retained by default for this amount of time, after which they will automatically be deleted. The minimum retention period is 1 day. If this value is set to zero at bucket creation time, the default time of 30 days will be used.

tags

Type: UNORDERED_LIST_STRING

update_time

Type: TIMESTAMP
Provider name: updateTime
Description: Output only. The last update timestamp of the bucket.