Removes filter for sinks

[amandakarina]

Hey folks

This pull request closes #258 issue.

Could you, please, take a look?

Thanks!

[rjerrems]

Hi @amandakarina - would be good to understand some extra context on what we are trying to achieve here, I have commented on the linked bug

[amandakarina]

Hi @amandakarina - would be good to understand some extra context on what we are trying to achieve here, I have commented on the linked bug

Hey @rjerrems
The SHA scanner detected this finding after deploy CFT in a clean organization. The SHA Scanner checks if the sink has a empty filter, if so, no finding is generated, otherwise, a LOG_NOT_EXPORTED finding is created.

[rjerrems]

Yep - I suppose the question I have is: are we recommending that people export all logs? Are we confident the SHA finding is representative of best practice here? It doesn't seem to stack up with my experience where specific log types are usually targeted. It will also increase cost, particularly in our case where we are creating three copies of the exported logs to GCS, BigQuery & PubSub.

[amandakarina]

Hey @rjerrems, I remove the filter only for bucket export. Could you, please take a look?

[rjerrems]

Thanks @amandakarina - can we add some brief docs that explain the difference, then we should be good to go.

Just to confirm also, that the SHA scanner result is fixed by this change?

[amandakarina]

Thanks @amandakarina - can we add some brief docs that explain the difference, then we should be good to go.

Just to confirm also, that the SHA scanner result is fixed by this change?

Hey Rohan!

Based on my test, yes!
I inactivated all findings for LOG_NOT_EXPORTED and create a new project under my folder.
After SHA Scanner was executed no new finding was created and no finding for my folder was re-activated.

[rjerrems]

LGTM

[rjerrems]

FYI Merging because test failure is due to name collision & healthy test run on prior commit