Skip to content

Commit 97c7c2c

Browse files
committed
chore: fix precommit errors
1 parent 9efb2da commit 97c7c2c

File tree

40 files changed

+518
-93
lines changed

40 files changed

+518
-93
lines changed

modules/infrastructure/cloudtrail/README.md

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -12,7 +12,7 @@
1212

1313
| Name | Version |
1414
|------|---------|
15-
| <a name="provider_aws"></a> [aws](#provider\_aws) | 4.18.0 |
15+
| <a name="provider_aws"></a> [aws](#provider\_aws) | 4.19.0 |
1616

1717
## Modules
1818

modules/infrastructure/cloudtrail_s3-sns-sqs/README.md

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -46,7 +46,7 @@ EVENT FILTER/fine-tunning, regarding what we want to send to Sysdig Cloud-Connec
4646

4747
| Name | Version |
4848
|------|---------|
49-
| <a name="provider_aws"></a> [aws](#provider\_aws) | 4.18.0 |
49+
| <a name="provider_aws"></a> [aws](#provider\_aws) | 4.19.0 |
5050

5151
## Modules
5252

modules/infrastructure/codebuild/README.md

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -12,7 +12,7 @@
1212

1313
| Name | Version |
1414
|------|---------|
15-
| <a name="provider_aws"></a> [aws](#provider\_aws) | 4.18.0 |
15+
| <a name="provider_aws"></a> [aws](#provider\_aws) | 4.19.0 |
1616

1717
## Modules
1818

modules/infrastructure/ecs-vpc/README.md

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -13,7 +13,7 @@
1313

1414
| Name | Version |
1515
|------|---------|
16-
| <a name="provider_aws"></a> [aws](#provider\_aws) | 4.18.0 |
16+
| <a name="provider_aws"></a> [aws](#provider\_aws) | 4.19.0 |
1717

1818
## Modules
1919

modules/infrastructure/permissions/cloud-connector/README.md

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -12,7 +12,7 @@
1212

1313
| Name | Version |
1414
|------|---------|
15-
| <a name="provider_aws"></a> [aws](#provider\_aws) | 4.18.0 |
15+
| <a name="provider_aws"></a> [aws](#provider\_aws) | 4.19.0 |
1616

1717
## Modules
1818

modules/infrastructure/permissions/cloud-scanning/README.md

Lines changed: 2 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -12,7 +12,7 @@
1212

1313
| Name | Version |
1414
|------|---------|
15-
| <a name="provider_aws"></a> [aws](#provider\_aws) | 4.18.0 |
15+
| <a name="provider_aws"></a> [aws](#provider\_aws) | 4.19.0 |
1616

1717
## Modules
1818

@@ -34,6 +34,7 @@ No modules.
3434
| <a name="input_scanning_codebuild_project_arn"></a> [scanning\_codebuild\_project\_arn](#input\_scanning\_codebuild\_project\_arn) | ARN of codebuild to launch the image scanning process | `string` | n/a | yes |
3535
| <a name="input_sfc_user_name"></a> [sfc\_user\_name](#input\_sfc\_user\_name) | Name of the IAM user to provision permissions | `string` | n/a | yes |
3636
| <a name="input_name"></a> [name](#input\_name) | Name to be assigned to all child resources. A suffix may be added internally when required. Use default value unless you need to install multiple instances | `string` | `"sfc"` | no |
37+
| <a name="input_use_standalone_scanner"></a> [use\_standalone\_scanner](#input\_use\_standalone\_scanner) | true/false whether use inline scanner or not | `bool` | `false` | no |
3738

3839
## Outputs
3940

modules/infrastructure/permissions/general/README.md

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -15,7 +15,7 @@ General permissions that apply to both cloud-connector and cloud-scanning module
1515

1616
| Name | Version |
1717
|------|---------|
18-
| <a name="provider_aws"></a> [aws](#provider\_aws) | 4.18.0 |
18+
| <a name="provider_aws"></a> [aws](#provider\_aws) | 4.19.0 |
1919

2020
## Modules
2121

modules/infrastructure/permissions/iam-user/README.md

Lines changed: 2 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -45,7 +45,7 @@ Note: Contact us if this authentication system does not match your requirement.
4545

4646
| Name | Version |
4747
|------|---------|
48-
| <a name="provider_aws"></a> [aws](#provider\_aws) | 4.18.0 |
48+
| <a name="provider_aws"></a> [aws](#provider\_aws) | 4.19.0 |
4949

5050
## Modules
5151

@@ -72,6 +72,7 @@ Note: Contact us if this authentication system does not match your requirement.
7272
| <a name="input_name"></a> [name](#input\_name) | Name to be assigned to all child resources. A suffix may be added internally when required. Use default value unless you need to install multiple instances | `string` | `"sfc"` | no |
7373
| <a name="input_scanning_codebuild_project_arn"></a> [scanning\_codebuild\_project\_arn](#input\_scanning\_codebuild\_project\_arn) | ARN of codebuild to launch the image scanning process | `string` | `"*"` | no |
7474
| <a name="input_ssm_secure_api_token_arn"></a> [ssm\_secure\_api\_token\_arn](#input\_ssm\_secure\_api\_token\_arn) | ARN of the security credentials for the secure\_api\_token | `string` | `"*"` | no |
75+
| <a name="input_use_standalone_scanner"></a> [use\_standalone\_scanner](#input\_use\_standalone\_scanner) | true/false whether use inline scanner or not | `bool` | `false` | no |
7576

7677
## Outputs
7778

modules/infrastructure/permissions/org-role-ecs/README.md

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -31,8 +31,8 @@ The aim of this module is to manage the organizational **managed account** requi
3131

3232
| Name | Version |
3333
|------|---------|
34-
| <a name="provider_aws"></a> [aws](#provider\_aws) | 4.18.0 |
35-
| <a name="provider_aws.member"></a> [aws.member](#provider\_aws.member) | 4.18.0 |
34+
| <a name="provider_aws"></a> [aws](#provider\_aws) | 4.19.0 |
35+
| <a name="provider_aws.member"></a> [aws.member](#provider\_aws.member) | 4.19.0 |
3636

3737
## Modules
3838

modules/infrastructure/permissions/org-role-eks/README.md

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -29,7 +29,7 @@ The aim of this module is to manage the organizational **managed account** requi
2929

3030
| Name | Version |
3131
|------|---------|
32-
| <a name="provider_aws"></a> [aws](#provider\_aws) | 4.18.0 |
32+
| <a name="provider_aws"></a> [aws](#provider\_aws) | 4.19.0 |
3333

3434
## Modules
3535

modules/infrastructure/resource-group/README.md

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -13,7 +13,7 @@
1313

1414
| Name | Version |
1515
|------|---------|
16-
| <a name="provider_aws"></a> [aws](#provider\_aws) | 4.18.0 |
16+
| <a name="provider_aws"></a> [aws](#provider\_aws) | 4.19.0 |
1717

1818
## Modules
1919

modules/infrastructure/sqs-sns-subscription/README.md

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -12,7 +12,7 @@
1212

1313
| Name | Version |
1414
|------|---------|
15-
| <a name="provider_aws"></a> [aws](#provider\_aws) | 4.18.0 |
15+
| <a name="provider_aws"></a> [aws](#provider\_aws) | 4.19.0 |
1616

1717
## Modules
1818

modules/infrastructure/ssm/README.md

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -16,7 +16,7 @@ and pass it, in a safe way, to all the modules that require it.
1616

1717
| Name | Version |
1818
|------|---------|
19-
| <a name="provider_aws"></a> [aws](#provider\_aws) | 4.18.0 |
19+
| <a name="provider_aws"></a> [aws](#provider\_aws) | 4.19.0 |
2020

2121
## Modules
2222

modules/services/cloud-bench/README.md

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -26,7 +26,7 @@ Deployed on **Sysdig Backend**
2626

2727
| Name | Version |
2828
|------|---------|
29-
| <a name="provider_aws"></a> [aws](#provider\_aws) | 4.18.0 |
29+
| <a name="provider_aws"></a> [aws](#provider\_aws) | 4.19.0 |
3030
| <a name="provider_random"></a> [random](#provider\_random) | 3.3.1 |
3131
| <a name="provider_sysdig"></a> [sysdig](#provider\_sysdig) | 0.5.37 |
3232

Lines changed: 29 additions & 29 deletions
Original file line numberDiff line numberDiff line change
@@ -1,39 +1,39 @@
11
locals {
22
default_config = yamlencode(merge({
3-
logging = "info"
4-
rules = []
3+
logging = "info"
4+
rules = []
55
ingestors = [
66
{
77
cloudtrail-sns-sqs = merge(
8-
{
9-
queueURL = module.cloud_connector_sqs.cloudtrail_sns_subscribed_sqs_url
10-
}
8+
{
9+
queueURL = module.cloud_connector_sqs.cloudtrail_sns_subscribed_sqs_url
10+
}
1111
)
1212
}
1313
]
14-
},
15-
{
16-
scanners = local.deploy_image_scanning ? [
17-
merge(
18-
local.ecr_scanning_with_infra ? {
19-
aws-ecr = {
20-
codeBuildProject = var.build_project_name
21-
secureAPITokenSecretName = var.secure_api_token_secret_name
22-
}
23-
} : {},
24-
local.ecs_scanning_with_infra ? {
25-
aws-ecs = {
26-
codeBuildProject = var.build_project_name
27-
secureAPITokenSecretName = var.secure_api_token_secret_name
28-
}
29-
} : {}),
30-
local.ecs_standalone_scanning ? {
31-
aws-ecs-inline = {}
32-
} : {},
33-
local.ecr_standalone_scanning ? {
34-
aws-ecr-inline = {},
35-
} : {}
36-
] : []
37-
}
14+
},
15+
{
16+
scanners = local.deploy_image_scanning ? [
17+
merge(
18+
local.ecr_scanning_with_infra ? {
19+
aws-ecr = {
20+
codeBuildProject = var.build_project_name
21+
secureAPITokenSecretName = var.secure_api_token_secret_name
22+
}
23+
} : {},
24+
local.ecs_scanning_with_infra ? {
25+
aws-ecs = {
26+
codeBuildProject = var.build_project_name
27+
secureAPITokenSecretName = var.secure_api_token_secret_name
28+
}
29+
} : {}),
30+
local.ecs_standalone_scanning ? {
31+
aws-ecs-inline = {}
32+
} : {},
33+
local.ecr_standalone_scanning ? {
34+
aws-ecr-inline = {},
35+
} : {}
36+
] : []
37+
}
3838
))
3939
}

modules/services/cloud-connector-apprunner/main.tf

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -1,6 +1,6 @@
11
locals {
2-
verify_ssl = var.verify_ssl == "auto" ? length(regexall("https://.*?\\.sysdig(cloud)?.com/?", data.sysdig_secure_connection.current.secure_url)) == 1 : var.verify_ssl == "true"
3-
deploy_image_scanning = var.deploy_image_scanning_ecs || var.deploy_image_scanning_ecr
2+
verify_ssl = var.verify_ssl == "auto" ? length(regexall("https://.*?\\.sysdig(cloud)?.com/?", data.sysdig_secure_connection.current.secure_url)) == 1 : var.verify_ssl == "true"
3+
deploy_image_scanning = var.deploy_image_scanning_ecs || var.deploy_image_scanning_ecr
44
deploy_scanning_infra = local.deploy_image_scanning && !var.use_standalone_scanner
55
ecr_standalone_scanning = var.deploy_image_scanning_ecr && var.use_standalone_scanner
66
ecs_standalone_scanning = var.deploy_image_scanning_ecs && var.use_standalone_scanner

modules/services/cloud-connector-ecs/README.md

Lines changed: 3 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -15,7 +15,7 @@ A task deployed on an **ECS deployment** will detect events in your infrastructu
1515

1616
| Name | Version |
1717
|------|---------|
18-
| <a name="provider_aws"></a> [aws](#provider\_aws) | 4.18.0 |
18+
| <a name="provider_aws"></a> [aws](#provider\_aws) | 4.19.0 |
1919
| <a name="provider_sysdig"></a> [sysdig](#provider\_sysdig) | 0.5.37 |
2020

2121
## Modules
@@ -71,13 +71,14 @@ A task deployed on an **ECS deployment** will detect events in your infrastructu
7171
| <a name="input_deploy_image_scanning_ecr"></a> [deploy\_image\_scanning\_ecr](#input\_deploy\_image\_scanning\_ecr) | true/false whether to deploy the image scanning on ECR pushed images | `bool` | `false` | no |
7272
| <a name="input_deploy_image_scanning_ecs"></a> [deploy\_image\_scanning\_ecs](#input\_deploy\_image\_scanning\_ecs) | true/false whether to deploy the image scanning on ECS running images | `bool` | `false` | no |
7373
| <a name="input_ecs_task_cpu"></a> [ecs\_task\_cpu](#input\_ecs\_task\_cpu) | Amount of CPU (in CPU units) to reserve for cloud-connector task | `string` | `"256"` | no |
74-
| <a name="input_ecs_task_memory"></a> [ecs\_task\_memory](#input\_ecs\_task\_memory) | Amount of memory (in megabytes) to reserve for cloud-connector task | `string` | `"512"` | no |
74+
| <a name="input_ecs_task_memory"></a> [ecs\_task\_memory](#input\_ecs\_task\_memory) | Amount of memory (in megabytes) to reserve for cloud-connector task | `string` | `"2000"` | no |
7575
| <a name="input_extra_env_vars"></a> [extra\_env\_vars](#input\_extra\_env\_vars) | Extra environment variables for the Cloud Connector deployment | `map(string)` | `{}` | no |
7676
| <a name="input_image"></a> [image](#input\_image) | Image of the cloud connector to deploy | `string` | `"quay.io/sysdig/cloud-connector:latest"` | no |
7777
| <a name="input_is_organizational"></a> [is\_organizational](#input\_is\_organizational) | whether secure-for-cloud should be deployed in an organizational setup | `bool` | `false` | no |
7878
| <a name="input_name"></a> [name](#input\_name) | Name to be assigned to all child resources. A suffix may be added internally when required. Use default value unless you need to install multiple instances | `string` | `"sfc-cloudconnector"` | no |
7979
| <a name="input_organizational_config"></a> [organizational\_config](#input\_organizational\_config) | organizational\_config. following attributes must be given<br><ul><br> <li>`sysdig_secure_for_cloud_role_arn` for cloud-connector assumeRole in order to read cloudtrail s3 events</li><br> <li>`connector_ecs_task_role_name` which has been granted trusted-relationship over the secure\_for\_cloud\_role</li><br> <li>`organizational_role_per_account` is the name of the organizational role deployed by AWS in each account of the organization. used for image-scanning only</li><br></ul> | <pre>object({<br> sysdig_secure_for_cloud_role_arn = string<br> organizational_role_per_account = string<br> connector_ecs_task_role_name = string<br> })</pre> | <pre>{<br> "connector_ecs_task_role_name": null,<br> "organizational_role_per_account": null,<br> "sysdig_secure_for_cloud_role_arn": null<br>}</pre> | no |
8080
| <a name="input_tags"></a> [tags](#input\_tags) | sysdig secure-for-cloud tags. always include 'product' default tag for resource-group proper functioning | `map(string)` | <pre>{<br> "product": "sysdig-secure-for-cloud"<br>}</pre> | no |
81+
| <a name="input_use_standalone_scanner"></a> [use\_standalone\_scanner](#input\_use\_standalone\_scanner) | true/false whether use inline scanner or not | `bool` | `false` | no |
8182
| <a name="input_verify_ssl"></a> [verify\_ssl](#input\_verify\_ssl) | true/false to determine ssl verification for sysdig\_secure\_url | `bool` | `true` | no |
8283

8384
## Outputs
Lines changed: 40 additions & 40 deletions
Original file line numberDiff line numberDiff line change
@@ -1,50 +1,50 @@
11
locals {
22
default_config = yamlencode(merge({
3-
logging = "info"
4-
rules = []
3+
logging = "info"
4+
rules = []
55
ingestors = [
66
{
77
cloudtrail-sns-sqs = merge(
8-
{
9-
queueURL = module.cloud_connector_sqs.cloudtrail_sns_subscribed_sqs_url
10-
},
11-
var.is_organizational ? {
12-
assumeRole = var.organizational_config.sysdig_secure_for_cloud_role_arn
13-
} : {}
8+
{
9+
queueURL = module.cloud_connector_sqs.cloudtrail_sns_subscribed_sqs_url
10+
},
11+
var.is_organizational ? {
12+
assumeRole = var.organizational_config.sysdig_secure_for_cloud_role_arn
13+
} : {}
1414
)
1515
}
1616
]
17-
},
18-
{
19-
scanners = local.deploy_image_scanning ? [
20-
merge(
21-
local.ecs_scanning_with_infra ? {
22-
aws-ecr = merge({
23-
codeBuildProject = var.build_project_name
24-
secureAPITokenSecretName = var.secure_api_token_secret_name
25-
},
26-
var.is_organizational ? {
27-
masterOrganizationRole = var.organizational_config.sysdig_secure_for_cloud_role_arn
28-
organizationalRolePerAccount = var.organizational_config.organizational_role_per_account
29-
} : {})
30-
} : {},
31-
local.ecs_scanning_with_infra ? {
32-
aws-ecs = merge({
33-
codeBuildProject = var.build_project_name
34-
secureAPITokenSecretName = var.secure_api_token_secret_name
35-
},
36-
var.is_organizational ? {
37-
masterOrganizationRole = var.organizational_config.sysdig_secure_for_cloud_role_arn
38-
organizationalRolePerAccount = var.organizational_config.organizational_role_per_account
39-
} : {})
40-
} : {}),
41-
local.ecr_standalone_scanning ? {
42-
aws-ecr-inline = {},
43-
} : {},
44-
local.ecs_standalone_scanning ? {
45-
aws-ecs-inline = {},
46-
} : {}
47-
] : []
48-
}
17+
},
18+
{
19+
scanners = local.deploy_image_scanning ? [
20+
merge(
21+
local.ecs_scanning_with_infra ? {
22+
aws-ecr = merge({
23+
codeBuildProject = var.build_project_name
24+
secureAPITokenSecretName = var.secure_api_token_secret_name
25+
},
26+
var.is_organizational ? {
27+
masterOrganizationRole = var.organizational_config.sysdig_secure_for_cloud_role_arn
28+
organizationalRolePerAccount = var.organizational_config.organizational_role_per_account
29+
} : {})
30+
} : {},
31+
local.ecs_scanning_with_infra ? {
32+
aws-ecs = merge({
33+
codeBuildProject = var.build_project_name
34+
secureAPITokenSecretName = var.secure_api_token_secret_name
35+
},
36+
var.is_organizational ? {
37+
masterOrganizationRole = var.organizational_config.sysdig_secure_for_cloud_role_arn
38+
organizationalRolePerAccount = var.organizational_config.organizational_role_per_account
39+
} : {})
40+
} : {}),
41+
local.ecr_standalone_scanning ? {
42+
aws-ecr-inline = {},
43+
} : {},
44+
local.ecs_standalone_scanning ? {
45+
aws-ecs-inline = {},
46+
} : {}
47+
] : []
48+
}
4949
))
5050
}

modules/services/cloud-connector-ecs/locals.tf

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -1,5 +1,5 @@
11
locals {
2-
deploy_image_scanning = var.deploy_image_scanning_ecs || var.deploy_image_scanning_ecr
2+
deploy_image_scanning = var.deploy_image_scanning_ecs || var.deploy_image_scanning_ecr
33
deploy_scanning_infra = local.deploy_image_scanning && !var.use_standalone_scanner
44
ecr_standalone_scanning = var.deploy_image_scanning_ecr && var.use_standalone_scanner
55
ecs_standalone_scanning = var.deploy_image_scanning_ecs && var.use_standalone_scanner
Lines changed: 9 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,9 @@
1+
# Terraform state storage backend
2+
terraform {
3+
backend "s3" {
4+
bucket = "secure-cloud-terraform-tests-org" # need to append '-org' to avoid conflict
5+
key = "aws-organizational-k8s-reuse_cloudtrail/terraform.tfstate"
6+
dynamodb_table = "secure-cloud-terraform-tests"
7+
region = "eu-west-3"
8+
}
9+
}

0 commit comments

Comments
 (0)