feat(google_project): Data access logging (#86)

* added a resource for enabling data access logs on all projects with a risk level label of high

* fixed missing double quote

* terraform fmt

* switched risk_level from a variable to a local

* switched risk_level back to variable

* fixed variable for risk level

google_project/main.tf

@@ -29,4 +29,20 @@ resource "google_project_service" "project" {
   project            = local.project_id
   service            = each.key
   disable_on_destroy = false
+}
+
+resource "google_project_iam_audit_config" "data_access_high" {
+  count = var.risk_level == "high" ? 1 : 0
+
+  project = local.project_id
+  service = "allServices"
+  audit_log_config {
+    log_type = "ADMIN_READ"
+  }
+  audit_log_config {
+    log_type = "DATA_READ"
+  }
+  audit_log_config {
+    log_type = "DATA_WRITE"
+  }
 }