Skip to content

Audit log sink management terraform #380

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 13 commits into
base: main
Choose a base branch
from
Open

Audit log sink management terraform #380

wants to merge 13 commits into from

Conversation

@david049
Copy link

@david049 david049 commented Nov 3, 2025
edited by cursor bot
Loading

What was changed

Adds terraform for audit log sink crud

Why?

Checklist

  1. Closes

  2. How was this tested:

locally tested
3. Any docs updates needed?

Note

Adds Terraform resource and data source to manage account audit log sinks (Kinesis/PubSub), with docs, examples, tests, and provider registration; updates deps.

  • Resources:
    • temporalcloud_account_audit_log_sink added with CRUD, enabled (default true), timeouts, and mutually exclusive kinesis/pubsub configs.
  • Data Sources:
    • temporalcloud_account_audit_log_sink to read sink details (enabled, state, kinesis/pubsub).
  • Provider:
    • Registers new resource and data source.
  • Types:
    • Add KinesisSpecModel and PubSubSpecModel with attribute type maps.
  • Docs & Examples:
    • New resource docs and example configs for Kinesis and PubSub.
  • Tests:
    • Acceptance tests for resource and data source (Kinesis and PubSub) plus schema validation.
  • Dependencies:
    • Bump go.temporal.io/api to v1.53.0, go.temporal.io/sdk to v1.36.0, and minor grpc/protobuf updates.

Written by Cursor Bugbot for commit 1ba9d9c. This will update automatically on new commits. Configure here.

@david049 david049 requested a review from a team as a code owner November 3, 2025 19:46
david049
david049 commented Nov 3, 2025
View reviewed changes
go.mod Outdated
gopkg.in/yaml.v3 v3.0.1 // indirect
)

replace go.temporal.io/cloud-sdk => github.com/temporalio/cloud-sdk-go v0.6.1-0.20251031194819-5117604c8a4f
Copy link
Author

@david049 david049 Nov 3, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

TODO: remove this after API update

alice-yin
alice-yin reviewed Nov 20, 2025
View reviewed changes
internal/provider/account_audit_log_sink_resource.go Outdated
}, nil
}

diags.AddError("Invalid sink configuration", "Either Kinesis or PubSub must be configured")
Copy link
Contributor

@alice-yin alice-yin Nov 20, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This can be removed as it should not be hitting here.

alice-yin
alice-yin reviewed Nov 20, 2025
View reviewed changes
internal/provider/account_audit_log_sink_resource.go
Comment on lines +373 to +377
pubsubSinkSpec := &sinkv1.PubSubSpec{
ServiceAccountId: pubsubSpec.ServiceAccountId.ValueString(),
TopicName: pubsubSpec.TopicName.ValueString(),
GcpProjectId: pubsubSpec.GcpProjectId.ValueString(),
}
Copy link
Contributor

@alice-yin alice-yin Nov 20, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

You may hit a similar ask that customer wants sa email other than saId and gcp project. I got a customer ask for gcp and I added https://github.com/temporalio/terraform-provider-temporalcloud/pull/305/files#diff-0f9ac5989d3371aad25f7ab3f9c8663c66551ffc889f50f3a3cc96c9385d6456

@anekkanti
Copy link
Member

anekkanti commented Nov 21, 2025

cursor review

cursor[bot]
cursor bot reviewed Nov 21, 2025
View reviewed changes
Copy link

@cursor cursor bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

✅ Bugbot reviewed your changes and found no bugs!

cursor[bot]
cursor bot reviewed Nov 21, 2025
View reviewed changes
@david049 david049 force-pushed the dliu/auditlogsinktf branch from dc778fa to 7d01344 Compare November 21, 2025 15:52
@temporalio temporalio deleted a comment from cursor bot Nov 21, 2025
cursor[bot]
cursor bot reviewed Nov 21, 2025
View reviewed changes
anekkanti
anekkanti approved these changes Nov 21, 2025
View reviewed changes
cursor[bot]
cursor bot reviewed Nov 24, 2025
View reviewed changes
internal/provider/account_audit_log_sink_resource.go
}

ctx, cancel := context.WithTimeout(ctx, deleteTimeout)
defer cancel()
Copy link

@cursor cursor bot Nov 24, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Bug: Delete timeout applied after pre-deletion API call

The delete timeout context is created after the GetAccountAuditLogSink call on line 288, but it's only applied to the context starting at line 305. This means if the pre-deletion check hangs or is slow, it won't be subject to the configured delete timeout. The timeout should be applied to the context before line 288 to ensure all delete-related operations respect the timeout configuration.

Fix in Cursor Fix in Web

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@alice-yin alice-yin alice-yin left review comments

@cursor cursor[bot] cursor[bot] left review comments

@anekkanti anekkanti anekkanti approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

4 participants

@david049 @anekkanti @alice-yin