257 lines
9.4 KiB
Python
257 lines
9.4 KiB
Python
# -*- coding: utf-8 -*- #
|
|
# Copyright 2014 Google LLC. All Rights Reserved.
|
|
#
|
|
# Licensed under the Apache License, Version 2.0 (the "License");
|
|
# you may not use this file except in compliance with the License.
|
|
# You may obtain a copy of the License at
|
|
#
|
|
# http://www.apache.org/licenses/LICENSE-2.0
|
|
#
|
|
# Unless required by applicable law or agreed to in writing, software
|
|
# distributed under the License is distributed on an "AS IS" BASIS,
|
|
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
|
# See the License for the specific language governing permissions and
|
|
# limitations under the License.
|
|
"""'logging sinks create' command."""
|
|
|
|
from __future__ import absolute_import
|
|
from __future__ import division
|
|
from __future__ import unicode_literals
|
|
|
|
from googlecloudsdk.api_lib.logging import util
|
|
from googlecloudsdk.calliope import arg_parsers
|
|
from googlecloudsdk.calliope import base
|
|
from googlecloudsdk.core import log
|
|
from googlecloudsdk.core.console import console_io
|
|
|
|
|
|
@base.UniverseCompatible
|
|
@base.ReleaseTracks(
|
|
base.ReleaseTrack.GA, base.ReleaseTrack.BETA, base.ReleaseTrack.ALPHA
|
|
)
|
|
class Create(base.CreateCommand):
|
|
# pylint: disable=line-too-long
|
|
"""Create a log sink.
|
|
|
|
Create a log sink used to route log entries to a destination. The sink routes
|
|
all log entries that match its *--log-filter* flag.
|
|
|
|
An empty filter matches all logs.
|
|
|
|
Detailed information about filters can be found at:
|
|
[](https://cloud.google.com/logging/docs/view/logging-query-language)
|
|
|
|
The sink's destination can be a Cloud Logging log bucket, a Cloud Storage
|
|
bucket, a BigQuery dataset, a Cloud Pub/Sub topic, or a Google Cloud project.
|
|
|
|
The destination must already exist.
|
|
|
|
If creating a log sink to route logs to a destination outside of Cloud Logging
|
|
or to a Cloud Logging log bucket in another project, the log sink's service
|
|
account must be granted permission to write to the destination.
|
|
|
|
For more information about destination permissions, see:
|
|
https://cloud.google.com/logging/docs/export/configure_export_v2#dest-auth
|
|
|
|
Matching log entries are routed to the destination after the sink is created.
|
|
|
|
## EXAMPLES
|
|
|
|
To route all Google Compute Engine logs to BigQuery, run:
|
|
|
|
$ {command} my-bq-sink
|
|
bigquery.googleapis.com/projects/my-project/datasets/my_dataset --log-filter='resource.type="gce_instance"'
|
|
|
|
To route "syslog" from App Engine Flexible to a Cloud Storage bucket, run:
|
|
|
|
$ {command} my-gcs-sink storage.googleapis.com/my-bucket --log-filter='logName="projects/my-project/appengine.googleapis.com%2Fsyslog"'
|
|
|
|
To route Google App Engine logs with ERROR severity, run:
|
|
|
|
$ {command} my-error-logs
|
|
bigquery.googleapis.com/projects/my-project/datasets/my_dataset --log-filter='resource.type="gae_app" AND severity=ERROR'
|
|
|
|
To route all logs to a log bucket in a different project, run:
|
|
|
|
$ {command} my-sink
|
|
logging.googleapis.com/projects/my-central-project/locations/global/buckets/my-central-bucket
|
|
|
|
To route all logs to another project, run:
|
|
|
|
$ {command} my-sink
|
|
logging.googleapis.com/projects/my-destination-project
|
|
"""
|
|
# pylint: enable=line-too-long
|
|
|
|
@staticmethod
|
|
def Args(parser):
|
|
"""Register flags for this command."""
|
|
parser.add_argument('sink_name', help='The name for the sink.')
|
|
parser.add_argument(
|
|
'destination',
|
|
help=arg_parsers.UniverseHelpText(
|
|
default='The destination for the sink.',
|
|
universe_help='Some destination types are not supported\n.',
|
|
),
|
|
)
|
|
parser.add_argument(
|
|
'--log-filter',
|
|
required=False,
|
|
help=('A filter expression for the sink. If present, the filter '
|
|
'specifies which log entries to export.'))
|
|
parser.add_argument(
|
|
'--include-children',
|
|
required=False,
|
|
action='store_true',
|
|
help=('Whether to export logs from all child projects and folders. '
|
|
'Only applies to sinks for organizations and folders.'))
|
|
parser.add_argument(
|
|
'--intercept-children',
|
|
required=False,
|
|
action='store_true',
|
|
help=(
|
|
'Whether to intercept logs from all child projects and folders. '
|
|
'Only applies to sinks for organizations and folders.'
|
|
),
|
|
)
|
|
parser.add_argument(
|
|
'--custom-writer-identity',
|
|
metavar='SERVICE_ACCOUNT_EMAIL',
|
|
help=(
|
|
'Writer identity for the sink. This flag can only be used if the '
|
|
'destination is a log bucket in a different project. The writer '
|
|
'identity is automatically generated when it is not provided for '
|
|
'a sink.'
|
|
),
|
|
)
|
|
bigquery_group = parser.add_argument_group(
|
|
help='Settings for sink exporting data to BigQuery.')
|
|
bigquery_group.add_argument(
|
|
'--use-partitioned-tables',
|
|
required=False,
|
|
action='store_true',
|
|
help=('If specified, use BigQuery\'s partitioned tables. By default, '
|
|
'Logging creates dated tables based on the log entries\' '
|
|
'timestamps, e.g. \'syslog_20170523\'. Partitioned tables remove '
|
|
'the suffix and special query syntax '
|
|
'(https://cloud.google.com/bigquery/docs/'
|
|
'querying-partitioned-tables) must be used.'))
|
|
parser.add_argument(
|
|
'--exclusion',
|
|
action='append',
|
|
type=arg_parsers.ArgDict(
|
|
spec={
|
|
'name': str,
|
|
'description': str,
|
|
'filter': str,
|
|
'disabled': bool
|
|
},
|
|
required_keys=['name', 'filter']),
|
|
help=('Specify an exclusion filter for a log entry that is not to be '
|
|
'exported. This flag can be repeated.\n\n'
|
|
'The ``name\'\' and ``filter\'\' attributes are required. The '
|
|
'following keys are accepted:\n\n'
|
|
'*name*::: An identifier, such as ``load-balancer-exclusion\'\'. '
|
|
'Identifiers are limited to 100 characters and can include only '
|
|
'letters, digits, underscores, hyphens, and periods.\n\n'
|
|
'*description*::: A description of this exclusion.\n\n'
|
|
'*filter*::: An advanced log filter that matches the log entries '
|
|
'to be excluded.\n\n'
|
|
'*disabled*::: If this exclusion should be disabled and not '
|
|
'exclude the log entries.'))
|
|
|
|
parser.add_argument('--description', help='Description of the sink.')
|
|
|
|
parser.add_argument(
|
|
'--disabled',
|
|
action='store_true',
|
|
help=('Sink will be disabled. Disabled sinks do not export logs.'))
|
|
|
|
util.AddParentArgs(parser, 'sink to create')
|
|
parser.display_info.AddCacheUpdater(None)
|
|
|
|
def CreateSink(self, parent, sink_data, custom_writer_identity):
|
|
"""Creates a v2 sink specified by the arguments."""
|
|
messages = util.GetMessages()
|
|
return util.GetClient().projects_sinks.Create(
|
|
messages.LoggingProjectsSinksCreateRequest(
|
|
parent=parent,
|
|
logSink=messages.LogSink(**sink_data),
|
|
uniqueWriterIdentity=True,
|
|
customWriterIdentity=custom_writer_identity))
|
|
|
|
def _Run(self, args):
|
|
if not args.log_filter:
|
|
# Attempt to create a sink with an empty filter.
|
|
console_io.PromptContinue(
|
|
'Sink with empty filter matches all entries.', cancel_on_no=True)
|
|
|
|
if not (args.organization or args.folder):
|
|
if args.include_children:
|
|
log.warning(
|
|
'include-children only has an effect for sinks at the folder '
|
|
'or organization level'
|
|
)
|
|
if args.intercept_children:
|
|
log.warning(
|
|
'intercept-children only has an effect for sinks at the folder '
|
|
'or organization level'
|
|
)
|
|
|
|
sink_ref = util.GetSinkReference(args.sink_name, args)
|
|
|
|
sink_data = {
|
|
'name': sink_ref.sinksId,
|
|
'destination': args.destination,
|
|
}
|
|
|
|
if args.IsSpecified('include_children'):
|
|
sink_data['includeChildren'] = args.include_children
|
|
|
|
if args.IsSpecified('intercept_children'):
|
|
sink_data['interceptChildren'] = args.intercept_children
|
|
|
|
if args.IsSpecified('log_filter'):
|
|
sink_data['filter'] = args.log_filter
|
|
|
|
if args.IsSpecified('use_partitioned_tables'):
|
|
bigquery_options = {}
|
|
bigquery_options['usePartitionedTables'] = args.use_partitioned_tables
|
|
sink_data['bigqueryOptions'] = bigquery_options
|
|
|
|
if args.IsSpecified('exclusion'):
|
|
sink_data['exclusions'] = args.exclusion
|
|
|
|
if args.IsSpecified('description'):
|
|
sink_data['description'] = args.description
|
|
|
|
if args.IsSpecified('disabled'):
|
|
sink_data['disabled'] = args.disabled
|
|
|
|
custom_writer_identity = None
|
|
if args.IsSpecified('custom_writer_identity'):
|
|
custom_writer_identity = args.custom_writer_identity
|
|
result = self.CreateSink(
|
|
util.GetParentFromArgs(args), sink_data, custom_writer_identity)
|
|
|
|
log.CreatedResource(sink_ref)
|
|
self._epilog_result_destination = result.destination
|
|
self._epilog_writer_identity = result.writerIdentity
|
|
return result
|
|
|
|
def Run(self, args):
|
|
"""This is what gets called when the user runs this command.
|
|
|
|
Args:
|
|
args: an argparse namespace. All the arguments that were provided to this
|
|
command invocation.
|
|
|
|
Returns:
|
|
The created sink with its destination.
|
|
"""
|
|
return self._Run(args)
|
|
|
|
def Epilog(self, unused_resources_were_displayed):
|
|
util.PrintPermissionInstructions(self._epilog_result_destination,
|
|
self._epilog_writer_identity)
|