logging_settings
Creates, updates, deletes, gets or lists a logging_settings resource.
Overview
| Name | logging_settings |
| Type | Resource |
| Id | google.logging.logging_settings |
Fields
The following fields are returned by SELECT queries:
- get_settings
Successful response
| Name | Datatype | Description |
|---|---|---|
name | string | Output only. The resource name of the settings. |
defaultSinkConfig | object | Optional. Overrides the built-in configuration for _Default sink. (id: DefaultSinkConfig) |
disableDefaultSink | boolean | Optional. If set to true, the _Default sink in newly created projects and folders will created in a disabled state. This can be used to automatically disable log storage if there is already an aggregated sink configured in the hierarchy. The _Default sink can be re-enabled manually if needed. |
kmsKeyName | string | Optional. The resource name for the configured Cloud KMS key.KMS key name format: "projects/[PROJECT_ID]/locations/[LOCATION]/keyRings/[KEYRING]/cryptoKeys/[KEY]" For example:"projects/my-project/locations/us-central1/keyRings/my-ring/cryptoKeys/my-key"To enable CMEK, set this field to a valid kms_key_name for which the associated service account has the required roles/cloudkms.cryptoKeyEncrypterDecrypter role assigned for the key.The Cloud KMS key used by the Log Router can be updated by changing the kms_key_name to a new valid key name.To disable CMEK for the Log Router, set this field to an empty string.See Enabling CMEK for Log Router (https://cloud.google.com/logging/docs/routing/managed-encryption) for more information. |
kmsServiceAccountId | string | Output only. The service account that will be used by the Log Router to access your Cloud KMS key.Before enabling CMEK, you must first assign the role roles/cloudkms.cryptoKeyEncrypterDecrypter to the service account that will be used to access your Cloud KMS key. Use GetSettings to obtain the service account ID.See Enabling CMEK for Log Router (https://cloud.google.com/logging/docs/routing/managed-encryption) for more information. |
loggingServiceAccountId | string | Output only. The service account for the given resource container, such as project or folder. Log sinks use this service account as their writer_identity if no custom service account is provided in the request when calling the create sink method. |
storageLocation | string | Optional. The storage location for the _Default and _Required log buckets of newly created projects and folders, unless the storage location is explicitly provided.Example value: europe-west1.Note: this setting does not affect the location of resources where a location is explicitly provided when created, such as custom log buckets. |
Methods
The following methods are available for this resource:
| Name | Accessible by | Required Params | Optional Params | Description |
|---|---|---|---|---|
get_settings | select | name | Gets the settings for the given resource.Note: Settings can be retrieved for Google Cloud projects, folders, organizations, and billing accounts.See View default resource settings for Logging (https://cloud.google.com/logging/docs/default-settings#view-org-settings) for more information. | |
update_settings | update | name | updateMask | Updates the settings for the given resource. This method applies to all feature configurations for organization and folders.UpdateSettings fails when any of the following are true: The value of storage_location either isn't supported by Logging or violates the location OrgPolicy. The default_sink_config field is set, but it has an unspecified filter write mode. The value of kms_key_name is invalid. The associated service account doesn't have the required roles/cloudkms.cryptoKeyEncrypterDecrypter role assigned for the key. Access to the key is disabled.See Configure default settings for organizations and folders (https://cloud.google.com/logging/docs/default-settings) for more information. |
Parameters
Parameters can be passed in the WHERE clause of a query. Check the Methods section to see which parameters are required or optional for each operation.
| Name | Datatype | Description |
|---|---|---|
name | string | |
updateMask | string (google-fieldmask) |
SELECT examples
- get_settings
Gets the settings for the given resource.Note: Settings can be retrieved for Google Cloud projects, folders, organizations, and billing accounts.See View default resource settings for Logging (https://cloud.google.com/logging/docs/default-settings#view-org-settings) for more information.
SELECT
name,
defaultSinkConfig,
disableDefaultSink,
kmsKeyName,
kmsServiceAccountId,
loggingServiceAccountId,
storageLocation
FROM google.logging.logging_settings
WHERE name = '{{ name }}' -- required;
UPDATE examples
- update_settings
Updates the settings for the given resource. This method applies to all feature configurations for organization and folders.UpdateSettings fails when any of the following are true: The value of storage_location either isn't supported by Logging or violates the location OrgPolicy. The default_sink_config field is set, but it has an unspecified filter write mode. The value of kms_key_name is invalid. The associated service account doesn't have the required roles/cloudkms.cryptoKeyEncrypterDecrypter role assigned for the key. Access to the key is disabled.See Configure default settings for organizations and folders (https://cloud.google.com/logging/docs/default-settings) for more information.
UPDATE google.logging.logging_settings
SET
data__kmsKeyName = '{{ kmsKeyName }}',
data__storageLocation = '{{ storageLocation }}',
data__disableDefaultSink = {{ disableDefaultSink }},
data__defaultSinkConfig = '{{ defaultSinkConfig }}'
WHERE
name = '{{ name }}' --required
AND updateMask = '{{ updateMask}}'
RETURNING
name,
defaultSinkConfig,
disableDefaultSink,
kmsKeyName,
kmsServiceAccountId,
loggingServiceAccountId,
storageLocation;