feat: org cloud connector based on binary scanner

Author: hayk99

examples/organizational/main.tf

@@ -1,3 +1,7 @@
+locals {
+  deploy_image_scanning   = var.deploy_image_scanning_ecr || var.deploy_image_scanning_ecs
+  deploy_scanning_infra   = local.deploy_image_scanning && !var.use_standalone_scanner
+}
 #-------------------------------------
 # resources deployed always in management account
 # with default provider
@@ -13,16 +17,16 @@ module "resource_group_secure_for_cloud_member" {
   providers = {
     aws = aws.member
   }
-  source = "../../modules/infrastructure/resource-group"
-  name   = var.name
-  tags   = var.tags
+  source    = "../../modules/infrastructure/resource-group"
+  name      = var.name
+  tags      = var.tags
 }
 
 #-------------------------------------
 # secure-for-cloud member account workload
 #-------------------------------------
 module "ssm" {
-  providers = {
+  providers               = {
     aws = aws.member
   }
   source                  = "../../modules/infrastructure/ssm"
@@ -36,16 +40,16 @@ module "ssm" {
 # cloud-connector
 #-------------------------------------
 module "codebuild" {
-  count = var.deploy_image_scanning_ecr || var.deploy_image_scanning_ecs ? 1 : 0
+  count = local.deploy_scanning_infra ? 1 : 0
 
-  providers = {
+  providers                    = {
     aws = aws.member
   }
   source                       = "../../modules/infrastructure/codebuild"
   name                         = var.name
   secure_api_token_secret_name = module.ssm.secure_api_token_secret_name
 
-  tags = var.tags
+  tags       = var.tags
   # note. this is required to avoid race conditions
   depends_on = [module.ssm]
 }
@@ -62,8 +66,9 @@ module "cloud_connector" {
 
   deploy_image_scanning_ecr = var.deploy_image_scanning_ecr
   deploy_image_scanning_ecs = var.deploy_image_scanning_ecs
+  use_standalone_scanner    = var.use_standalone_scanner
 
-  is_organizational = true
+  is_organizational     = true
   organizational_config = {
     sysdig_secure_for_cloud_role_arn = module.secure_for_cloud_role.sysdig_secure_for_cloud_role_arn
     organizational_role_per_account  = var.organizational_member_default_admin_role

examples/organizational/variables.tf

@@ -69,7 +69,11 @@ variable "deploy_image_scanning_ecs" {
   default     = false
 }
 
-
+variable "use_standalone_scanner" {
+  type        = bool
+  description = "true/false whether use inline scanner or not"
+  default     = false
+}
 #
 # benchmark configuration
 #

test/fixtures/organizational/main.tf

@@ -1,6 +1,6 @@
 terraform {
   required_providers {
-    aws = {
+    aws    = {
       version               = ">= 4.0.0"
       configuration_aliases = [aws.member]
     }
@@ -34,10 +34,11 @@ module "cloudvision_aws_organizational" {
   providers = {
     aws.member = aws.member
   }
-  source = "../../../examples/organizational"
-  name   = var.name
+  source    = "../../../examples/organizational"
+  name      = var.name
 
   sysdig_secure_for_cloud_member_account_id = var.sysdig_secure_for_cloud_member_account_id
   deploy_image_scanning_ecr                 = true
   deploy_image_scanning_ecs                 = true
+  use_standalone_scanner                    = false
 }