Make rekor and ctlog optional in monitoring

gcp/modules/monitoring/fulcio/fulcio_alerts.tf

@@ -54,6 +54,7 @@ resource "google_monitoring_alert_policy" "fulcio_uptime_alert" {
 
 // Alert if we see a failure every minute for 5 consecutive minutes
 resource "google_monitoring_alert_policy" "ctlog_uptime_alert" {
+  count = var.ctlog_enabled ? 1 : 0
   # In the absence of data, incident will auto-close in 7 days
   alert_strategy {
     auto_close = "604800s"
@@ -71,7 +72,7 @@ resource "google_monitoring_alert_policy" "ctlog_uptime_alert" {
 
       comparison      = "COMPARISON_GT"
       duration        = "300s"
-      filter          = format("metric.type=\"monitoring.googleapis.com/uptime_check/check_passed\" resource.type=\"uptime_url\" metric.label.\"check_id\"=\"%s\"", google_monitoring_uptime_check_config.uptime_ct_log.uptime_check_id)
+      filter          = format("metric.type=\"monitoring.googleapis.com/uptime_check/check_passed\" resource.type=\"uptime_url\" metric.label.\"check_id\"=\"%s\"", google_monitoring_uptime_check_config.uptime_ct_log[count.index].uptime_check_id)
       threshold_value = "1"
 
       trigger {

gcp/modules/monitoring/fulcio/uptime.tf

@@ -41,6 +41,8 @@ resource "google_monitoring_uptime_check_config" "uptime_fulcio" {
 }
 
 resource "google_monitoring_uptime_check_config" "uptime_ct_log" {
+  count = var.ctlog_enabled ? 1 : 0
+
   display_name = "CT Log Uptime"
 
   http_check {

gcp/modules/monitoring/fulcio/variables.tf

@@ -77,6 +77,12 @@ variable "ctlog_url" {
   default     = "ctfe.sigstore.dev"
 }
 
+variable "ctlog_enabled" {
+  description = "Enable ctlog monitoring"
+  type        = bool
+  default     = true
+}
+
 // Set-up for notification channel for alerting
 variable "notification_channel_ids" {
   type        = list(string)

gcp/modules/monitoring/sigstore.tf

@@ -34,6 +34,8 @@ resource "google_project_service" "service" {
 module "rekor" {
   source = "./rekor"
 
+  count = var.rekor_enabled ? 1 : 0
+
   project_id               = var.project_id
   project_number           = var.project_number
   notification_channel_ids = var.notification_channel_ids
@@ -57,6 +59,7 @@ module "fulcio" {
   project_number           = var.project_number
   notification_channel_ids = var.notification_channel_ids
   ctlog_url                = var.ctlog_url
+  ctlog_enabled            = var.ctlog_enabled
   fulcio_url               = var.fulcio_url
   cluster_name             = var.cluster_name
   cluster_location         = var.cluster_location

gcp/modules/monitoring/variables.tf

@@ -123,6 +123,18 @@ variable "timestamp_enabled" {
   default     = false
 }
 
+variable "ctlog_enabled" {
+  description = "Enable ctlog monitoring"
+  type        = bool
+  default     = true
+}
+
+variable "rekor_enabled" {
+  description = "Enable rekor v1 monitoring"
+  type        = bool
+  default     = true
+}
+
 variable "enable_k8s_cpu_utilization_alert" {
   type        = string
   description = "whether to enable or disable the K8s CPU utilization alert"

gcp/modules/sigstore/sigstore.tf

@@ -110,6 +110,8 @@ module "monitoring" {
   notification_channel_ids         = var.monitoring.notification_channel_ids
   create_slos                      = var.create_slos
   timestamp_enabled                = var.monitoring.timestamp_enabled
+  rekor_enabled                    = var.monitoring.rekor_enabled
+  ctlog_enabled                    = var.monitoring.ctlog_enabled
   enable_k8s_cpu_utilization_alert = var.enable_k8s_cpu_utilization_alert
   uptime_check_period              = var.monitoring.uptime_check_period
 

gcp/modules/sigstore/variables.tf

@@ -141,13 +141,15 @@ variable "monitoring" {
   type = object({
     enabled                  = bool
     fulcio_url               = string
-    rekor_url                = string
+    rekor_url                = optional(string, "")
     timestamp_url            = string
     dex_url                  = string
     tuf_url                  = string
-    ctlog_url                = string
+    ctlog_url                = optional(string, "")
     notification_channel_ids = list(string)
     timestamp_enabled        = bool
+    ctlog_enabled            = optional(bool, true)
+    rekor_enabled            = optional(bool, true)
     uptime_check_period      = optional(string, "60s")
   })
   default = {
@@ -160,6 +162,8 @@ variable "monitoring" {
     ctlog_url                = "ctlog.example.com"
     notification_channel_ids = []
     timestamp_enabled        = false
+    ctlog_enabled            = true
+    rekor_enabled            = true
     uptime_check_period      = "60s"
   }
 }