Skip to content

Commit 0631890

Browse files
committed
feat: create k8s config base on binary scanner use
1 parent 22d6c7c commit 0631890

File tree

1 file changed

+29
-14
lines changed

1 file changed

+29
-14
lines changed

examples/single-account-k8s/cloud-connector.tf

Lines changed: 29 additions & 14 deletions
Original file line numberDiff line numberDiff line change
@@ -1,5 +1,10 @@
11
locals {
2-
deploy_image_scanning = var.deploy_image_scanning_ecr || var.deploy_image_scanning_ecs
2+
deploy_image_scanning = var.deploy_image_scanning_ecr || var.deploy_image_scanning_ecs
3+
deploy_scanning_infra = local.deploy_image_scanning && !var.use_standalone_scanner
4+
ecr_standalone_scanning = var.deploy_image_scanning_ecr && var.use_standalone_scanner
5+
ecs_standalone_scanning = var.deploy_image_scanning_ecs && var.use_standalone_scanner
6+
ecr_scanning_with_infra = var.deploy_image_scanning_ecr && !var.use_standalone_scanner
7+
ecs_scanning_with_infra = var.deploy_image_scanning_ecs && !var.use_standalone_scanner
38
}
49

510
#-------------------------------------
@@ -14,13 +19,13 @@ module "cloud_connector_sqs" {
1419
}
1520

1621
module "codebuild" {
17-
count = local.deploy_image_scanning ? 1 : 0
22+
count = local.deploy_scanning_infra ? 1 : 0
1823
source = "../../modules/infrastructure/codebuild"
1924

2025
name = var.name
2126
secure_api_token_secret_name = module.ssm.secure_api_token_secret_name
2227

23-
tags = var.tags
28+
tags = var.tags
2429
# note. this is required to avoid race conditions
2530
depends_on = [module.ssm]
2631
}
@@ -66,29 +71,39 @@ resource "helm_release" "cloud_connector" {
6671
value = "terraform_aws_k8s_single"
6772
}
6873

69-
values = [
74+
values = [
7075
yamlencode({
76+
logging = "info"
77+
rules = []
7178
ingestors = [
7279
{
7380
cloudtrail-sns-sqs = {
7481
queueURL = module.cloud_connector_sqs.cloudtrail_sns_subscribed_sqs_url
7582
}
7683
}
7784
]
78-
scanners = local.deploy_image_scanning ? [
79-
merge(var.deploy_image_scanning_ecr ? {
85+
scanners = [
86+
merge(
87+
local.ecr_scanning_with_infra ? {
8088
aws-ecr = {
8189
codeBuildProject = module.codebuild[0].project_name
8290
secureAPITokenSecretName = module.ssm.secure_api_token_secret_name
8391
}
84-
} : {},
85-
var.deploy_image_scanning_ecs ? {
86-
aws-ecs = {
87-
codeBuildProject = module.codebuild[0].project_name
88-
secureAPITokenSecretName = module.ssm.secure_api_token_secret_name
89-
}
90-
} : {})
91-
] : []
92+
} : {},
93+
local.ecs_scanning_with_infra ? {
94+
aws-ecs = {
95+
codeBuildProject = module.codebuild[0].project_name
96+
secureAPITokenSecretName = module.ssm.secure_api_token_secret_name
97+
}
98+
} : {},
99+
local.ecr_standalone_scanning ? {
100+
aws-ecr-inline = {},
101+
} : {},
102+
local.ecs_standalone_scanning ? {
103+
aws-ecs-inline = {}
104+
} : {},
105+
)
106+
]
92107
})
93108
]
94109
depends_on = [module.iam_user]

0 commit comments

Comments
 (0)