Skip to content

Commit 26d85de

Browse files
committed
feat: org cloud connector based on binary scanner
1 parent 4b77cf5 commit 26d85de

File tree

3 files changed

+22
-12
lines changed

3 files changed

+22
-12
lines changed

examples/organizational/main.tf

Lines changed: 13 additions & 8 deletions
Original file line numberDiff line numberDiff line change
@@ -1,3 +1,7 @@
1+
locals {
2+
deploy_image_scanning = var.deploy_image_scanning_ecr || var.deploy_image_scanning_ecs
3+
deploy_scanning_infra = local.deploy_image_scanning && !var.use_standalone_scanner
4+
}
15
#-------------------------------------
26
# resources deployed always in management account
37
# with default provider
@@ -13,16 +17,16 @@ module "resource_group_secure_for_cloud_member" {
1317
providers = {
1418
aws = aws.member
1519
}
16-
source = "../../modules/infrastructure/resource-group"
17-
name = var.name
18-
tags = var.tags
20+
source = "../../modules/infrastructure/resource-group"
21+
name = var.name
22+
tags = var.tags
1923
}
2024

2125
#-------------------------------------
2226
# secure-for-cloud member account workload
2327
#-------------------------------------
2428
module "ssm" {
25-
providers = {
29+
providers = {
2630
aws = aws.member
2731
}
2832
source = "../../modules/infrastructure/ssm"
@@ -36,16 +40,16 @@ module "ssm" {
3640
# cloud-connector
3741
#-------------------------------------
3842
module "codebuild" {
39-
count = var.deploy_image_scanning_ecr || var.deploy_image_scanning_ecs ? 1 : 0
43+
count = local.deploy_scanning_infra ? 1 : 0
4044

41-
providers = {
45+
providers = {
4246
aws = aws.member
4347
}
4448
source = "../../modules/infrastructure/codebuild"
4549
name = var.name
4650
secure_api_token_secret_name = module.ssm.secure_api_token_secret_name
4751

48-
tags = var.tags
52+
tags = var.tags
4953
# note. this is required to avoid race conditions
5054
depends_on = [module.ssm]
5155
}
@@ -62,8 +66,9 @@ module "cloud_connector" {
6266

6367
deploy_image_scanning_ecr = var.deploy_image_scanning_ecr
6468
deploy_image_scanning_ecs = var.deploy_image_scanning_ecs
69+
use_standalone_scanner = var.use_standalone_scanner
6570

66-
is_organizational = true
71+
is_organizational = true
6772
organizational_config = {
6873
sysdig_secure_for_cloud_role_arn = module.secure_for_cloud_role.sysdig_secure_for_cloud_role_arn
6974
organizational_role_per_account = var.organizational_member_default_admin_role

examples/organizational/variables.tf

Lines changed: 5 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -69,7 +69,11 @@ variable "deploy_image_scanning_ecs" {
6969
default = false
7070
}
7171

72-
72+
variable "use_standalone_scanner" {
73+
type = bool
74+
description = "true/false whether use inline scanner or not"
75+
default = false
76+
}
7377
#
7478
# benchmark configuration
7579
#

test/fixtures/organizational/main.tf

Lines changed: 4 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -1,6 +1,6 @@
11
terraform {
22
required_providers {
3-
aws = {
3+
aws = {
44
version = ">= 4.0.0"
55
configuration_aliases = [aws.member]
66
}
@@ -34,10 +34,11 @@ module "cloudvision_aws_organizational" {
3434
providers = {
3535
aws.member = aws.member
3636
}
37-
source = "../../../examples/organizational"
38-
name = var.name
37+
source = "../../../examples/organizational"
38+
name = var.name
3939

4040
sysdig_secure_for_cloud_member_account_id = var.sysdig_secure_for_cloud_member_account_id
4141
deploy_image_scanning_ecr = true
4242
deploy_image_scanning_ecs = true
43+
use_standalone_scanner = false
4344
}

0 commit comments

Comments
 (0)