Logs for Firewall policies for safer cluster update variant are not configurable

[ebeltramo96]

TL;DR

Log config for the firewall rules created by the module doesn't seem to be configurable, plus if we enable the logs via GUI and excluding the metadata the TF plan tries to roll it back

Terraform Resources

https://registry.terraform.io/providers/hashicorp/google/latest/docs/resources/compute_firewall#nested_log_config

Detailed design

Cause of security reasons we need to enable logs for the existing firewall rules created by the safer cluster update variant module, by checking the configuration of those rules in the code it doesn't seem to be supported yet:

https://github.com/terraform-google-modules/terraform-google-kubernetes-engine/blob/master/firewall.tf

I temporary enabled the Logs via GUI but, in both cases of including or excluding the metadata, the TF plan will try to reset the configuration to `null` without the possibility to change it.

- log_config {
          - metadata = "EXCLUDE_ALL_METADATA" -> null
        }

- log_config {
          - metadata = "INCLUDE_ALL_METADATA" -> null
        }

Additional information

No response