added PAM to default audit logging (#255)

tcotav · web-flow · commit 94d25ced4b96 · 2025-02-03T10:35:46.000-08:00
diff --git a/google_project/locals.tf b/google_project/locals.tf
@@ -35,6 +35,6 @@ locals {
   ]
   all_project_services = setunion(local.default_project_services, var.project_services)
 
-  default_data_access_logs = ["iam.googleapis.com", "secretmanager.googleapis.com", "sts.googleapis.com"]
+  default_data_access_logs = ["iam.googleapis.com", "secretmanager.googleapis.com", "sts.googleapis.com", "privilegedaccessmanager.googleapis.com"]
   data_access_logs_filter  = join("\n", toset([for v in concat(local.default_data_access_logs, var.additional_data_access_logs) : "AND NOT protoPayload.serviceName=\"${v}\""]))
 }

Original file line number	Diff line number	Diff line change
`@@ -35,6 +35,6 @@ locals {`
`35`	`35`	`]`
`36`	`36`	`all_project_services = setunion(local.default_project_services, var.project_services)`
`37`	`37`
`38`		`- default_data_access_logs = ["iam.googleapis.com", "secretmanager.googleapis.com", "sts.googleapis.com"]`
	`38`	`+ default_data_access_logs = ["iam.googleapis.com", "secretmanager.googleapis.com", "sts.googleapis.com", "privilegedaccessmanager.googleapis.com"]`
`39`	`39`	`data_access_logs_filter = join("\n", toset([for v in concat(local.default_data_access_logs, var.additional_data_access_logs) : "AND NOT protoPayload.serviceName=\"${v}\""]))`
`40`	`40`	`}`