Skip to content

Commit 698aee6

Browse files
jose-pablo-camachojose-pablo-camacho
authored
SSPROD-48664 - update(org): include/exclude optional fields (#35)
* update(org): include/exclude optional fields * update(org): include/exclude optional fields * update(org): include/exclude optional fields * update(org): include/exclude optional fields * update(org): include/exclude optional fields
1 parent 280abc7 commit 698aee6

File tree

9 files changed

+195
-92
lines changed

9 files changed

+195
-92
lines changed

modules/config-posture/README.md

+39-35
Original file line numberDiff line numberDiff line change
@@ -15,16 +15,16 @@ If instrumenting an AWS Gov account/organization, IAM policies and resources wil
1515
<!-- BEGINNING OF PRE-COMMIT-TERRAFORM DOCS HOOK -->
1616
## Requirements
1717

18-
| Name | Version |
19-
|------|---------|
20-
| <a name="requirement_terraform"></a> [terraform](#requirement\_terraform) | >= 1.0.0 |
21-
| <a name="requirement_aws"></a> [aws](#requirement\_aws) | >= 5.60.0 |
22-
| <a name="requirement_sysdig"></a> [sysdig](#requirement\_sysdig) | ~>1.39 |
18+
| Name | Version |
19+
|---------------------------------------------------------------------------|-----------|
20+
| <a name="requirement_terraform"></a> [terraform](#requirement\_terraform) | >= 1.0.0 |
21+
| <a name="requirement_aws"></a> [aws](#requirement\_aws) | >= 5.60.0 |
22+
| <a name="requirement_sysdig"></a> [sysdig](#requirement\_sysdig) | ~>1.39 |
2323

2424
## Providers
2525

26-
| Name | Version |
27-
|------|---------|
26+
| Name | Version |
27+
|---------------------------------------------------|-----------|
2828
| <a name="provider_aws"></a> [aws](#provider\_aws) | >= 5.60.0 |
2929

3030
## Modules
@@ -33,40 +33,44 @@ No modules.
3333

3434
## Resources
3535

36-
| Name | Type |
37-
|------|------|
38-
| [random_id.suffix](https://registry.terraform.io/providers/hashicorp/random/latest/docs/resources/id) | resource |
39-
| [aws_iam_role.cspm_role](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_role) | resource |
40-
| [aws_iam_role_policy_attachments_exclusive.cspm_role_managed_policy](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_role_policy_attachments_exclusive) | resource |
41-
| [aws_iam_role_policy.cspm_role_policy](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_role_policy) | resource |
42-
| [sysdig_secure_cloud_auth_account_component.config_posture_role](https://registry.terraform.io/providers/sysdiglabs/sysdig/latest/docs/resources/secure_cloud_auth_account_component) | resource |
43-
| [aws_cloudformation_stack_set.stackset](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/cloudformation_stack_set) | resource |
44-
| [aws_cloudformation_stack_set_instance.stackset_instance](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/cloudformation_stack_set_instance) | resource |
45-
| [sysdig_secure_trusted_cloud_identity.trusted_identity](https://registry.terraform.io/providers/sysdiglabs/sysdig/latest/docs/data-sources/secure_trusted_cloud_identity) | data source |
46-
| [sysdig_secure_tenant_external_id.external_id](https://registry.terraform.io/providers/sysdiglabs/sysdig/latest/docs/data-sources/secure_tenant_external_id) | data source |
47-
| [aws_organizations_organization.org](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/organizations_organization) | data source |
36+
| Name | Type |
37+
|-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|-------------|
38+
| [random_id.suffix](https://registry.terraform.io/providers/hashicorp/random/latest/docs/resources/id) | resource |
39+
| [aws_iam_role.cspm_role](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_role) | resource |
40+
| [aws_iam_role_policy_attachments_exclusive.cspm_role_managed_policy](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_role_policy_attachments_exclusive) | resource |
41+
| [aws_iam_role_policy.cspm_role_policy](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_role_policy) | resource |
42+
| [sysdig_secure_cloud_auth_account_component.config_posture_role](https://registry.terraform.io/providers/sysdiglabs/sysdig/latest/docs/resources/secure_cloud_auth_account_component) | resource |
43+
| [aws_cloudformation_stack_set.stackset](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/cloudformation_stack_set) | resource |
44+
| [aws_cloudformation_stack_set_instance.stackset_instance](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/cloudformation_stack_set_instance) | resource |
45+
| [sysdig_secure_trusted_cloud_identity.trusted_identity](https://registry.terraform.io/providers/sysdiglabs/sysdig/latest/docs/data-sources/secure_trusted_cloud_identity) | data source |
46+
| [sysdig_secure_tenant_external_id.external_id](https://registry.terraform.io/providers/sysdiglabs/sysdig/latest/docs/data-sources/secure_tenant_external_id) | data source |
47+
| [aws_organizations_organization.org](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/organizations_organization) | data source |
4848

4949
## Inputs
5050

51-
| Name | Description | Type | Default | Required |
52-
|------|-------------|------|---------|:--------:|
53-
| <a name="input_failure_tolerance_percentage"></a> [failure\_tolerance\_percentage](#input\_failure\_tolerance\_percentage) | The percentage of accounts, per Region, for which stack operations can fail before AWS CloudFormation stops the operation in that Region | `number` | `90` | no |
54-
| <a name="input_is_organizational"></a> [is\_organizational](#input\_is\_organizational) | true/false whether secure-for-cloud should be deployed in an organizational setup (all accounts of org) or not (only on default aws provider account) | `bool` | `false` | no |
55-
| <a name="input_org_units"></a> [org\_units](#input\_org\_units) | Org unit id to install cspm | `set(string)` | `[]` | no |
56-
| <a name="input_region"></a> [region](#input\_region) | Default region for resource creation in organization mode | `string` | `""` | no |
57-
| <a name="input_tags"></a> [tags](#input\_tags) | sysdig secure-for-cloud tags. always include 'product' default tag for resource-group proper functioning | `map(string)` | <pre>{<br> "product": "sysdig-secure-for-cloud"<br>}</pre> | no |
58-
| <a name="input_timeout"></a> [timeout](#input\_timeout) | Default timeout values for create, update, and delete operations | `string` | `"30m"` | no |
59-
| <a name="input_sysdig_secure_account_id"></a> [sysdig\_secure\_account\_id](#input\_sysdig\_secure\_account\_id) | (Required) The GUID of the management project or single project per sysdig representation | `string` | n/a | yes |
60-
| <a name="input_is_gov_cloud_onboarding"></a> [is\_gov\_cloud\_onboarding](#input\_is\_gov\_cloud\_onboarding) | true/false whether secure-for-cloud should be deployed in a govcloud account/org or not | `bool` | `false` | no |
51+
| Name | Description | Type | Default | Required |
52+
|----------------------------------------------------------------------------------------------------------------------------|-------------------------------------------------------------------------------------------------------------------------------------------------------|---------------|-------------------------------------------------------------|:--------:|
53+
| <a name="input_failure_tolerance_percentage"></a> [failure\_tolerance\_percentage](#input\_failure\_tolerance\_percentage) | The percentage of accounts, per Region, for which stack operations can fail before AWS CloudFormation stops the operation in that Region | `number` | `90` | no |
54+
| <a name="input_is_organizational"></a> [is\_organizational](#input\_is\_organizational) | true/false whether secure-for-cloud should be deployed in an organizational setup (all accounts of org) or not (only on default aws provider account) | `bool` | `false` | no |
55+
| <a name="input_org_units"></a> [org\_units](#input\_org\_units) | Org unit id to install cspm | `set(string)` | `[]` | no |
56+
| <a name="input_region"></a> [region](#input\_region) | Default region for resource creation in organization mode | `string` | `""` | no |
57+
| <a name="input_tags"></a> [tags](#input\_tags) | sysdig secure-for-cloud tags. always include 'product' default tag for resource-group proper functioning | `map(string)` | <pre>{<br> "product": "sysdig-secure-for-cloud"<br>}</pre> | no |
58+
| <a name="input_timeout"></a> [timeout](#input\_timeout) | Default timeout values for create, update, and delete operations | `string` | `"30m"` | no |
59+
| <a name="input_sysdig_secure_account_id"></a> [sysdig\_secure\_account\_id](#input\_sysdig\_secure\_account\_id) | (Required) The GUID of the management project or single project per sysdig representation | `string` | n/a | yes |
60+
| <a name="input_is_gov_cloud_onboarding"></a> [is\_gov\_cloud\_onboarding](#input\_is\_gov\_cloud\_onboarding) | true/false whether secure-for-cloud should be deployed in a govcloud account/org or not | `bool` | `false` | no |
61+
| <a name="input_include_ouids"></a> [include\_ouids](#input\_include\_ouids) | ouids to include for organization | `set(string)` | `[]` | no |
62+
| <a name="input_exclude_ouids"></a> [exclude\_ouids](#input\_exclude\_ouids) | ouids to exclude for organization | `set(string)` | `[]` | no |
63+
| <a name="input_include_accounts"></a> [include\_accounts](#input\_include\_accounts) | accounts to include for organization | `set(string)` | `[]` | no |
64+
| <a name="input_exclude_accounts"></a> [exclude\_accounts](#input\_exclude\_accounts) | accounts to exclude for organization | `set(string)` | `[]` | no |
6165

6266
## Outputs
6367

64-
| Name | Description |
65-
|------|-------------|
66-
| <a name="output_config_posture_component_id"></a> [config_posture_component_id](#output_config_posture_component_id) | Component identifier of trusted identity created in Sysdig Backend for Config Posture |
67-
| <a name="output_cspm_role_arn"></a> [cspm_role_arn](#output_cspm_role_arn) | The ARN of the CSPM role |
68-
| <a name="output_sysdig_secure_account_id"></a> [sysdig_secure_account_id](#output_sysdig_secure_account_id) | ID of the Sysdig Cloud Account to enable Config Posture for (in case of organization, ID of the Sysdig management account) |
69-
| <a name="output_config_posture_component_id"></a> [config\_posture\_component\_id](#output\_config\_posture\_component\_id) | The component id of the config posture trusted identity |
68+
| Name | Description |
69+
|-----------------------------------------------------------------------------------------------------------------------------|----------------------------------------------------------------------------------------------------------------------------|
70+
| <a name="output_config_posture_component_id"></a> [config_posture_component_id](#output_config_posture_component_id) | Component identifier of trusted identity created in Sysdig Backend for Config Posture |
71+
| <a name="output_cspm_role_arn"></a> [cspm_role_arn](#output_cspm_role_arn) | The ARN of the CSPM role |
72+
| <a name="output_sysdig_secure_account_id"></a> [sysdig_secure_account_id](#output_sysdig_secure_account_id) | ID of the Sysdig Cloud Account to enable Config Posture for (in case of organization, ID of the Sysdig management account) |
73+
| <a name="output_config_posture_component_id"></a> [config\_posture\_component\_id](#output\_config\_posture\_component\_id) | The component id of the config posture trusted identity |
7074
<!-- END OF PRE-COMMIT-TERRAFORM DOCS HOOK -->
7175

7276
## Authors

modules/config-posture/variables.tf

+28-1
Original file line numberDiff line numberDiff line change
@@ -9,7 +9,10 @@ variable "is_organizational" {
99
}
1010

1111
variable "org_units" {
12-
description = "Org unit id to install cspm"
12+
description = <<-EOF
13+
DEPRECATED: Defaults to `[]`, use `include_ouids` instead.
14+
When set, org units to install cspm."
15+
EOF
1316
type = set(string)
1417
default = []
1518
}
@@ -50,4 +53,28 @@ variable "is_gov_cloud_onboarding" {
5053
type = bool
5154
default = false
5255
description = "true/false whether secure-for-cloud should be deployed in a govcloud account/org or not"
56+
}
57+
58+
variable "include_ouids" {
59+
description = "(Optional) ouids to include for organization"
60+
type = set(string)
61+
default = []
62+
}
63+
64+
variable "exclude_ouids" {
65+
description = "(Optional) ouids to exclude for organization"
66+
type = set(string)
67+
default = []
68+
}
69+
70+
variable "include_accounts" {
71+
description = "(Optional) accounts to include for organization"
72+
type = set(string)
73+
default = []
74+
}
75+
76+
variable "exclude_accounts" {
77+
description = "(Optional) accounts to exclude for organization"
78+
type = set(string)
79+
default = []
5380
}

modules/config-posture/versions.tf

+1-1
Original file line numberDiff line numberDiff line change
@@ -7,7 +7,7 @@ terraform {
77
}
88
sysdig = {
99
source = "sysdiglabs/sysdig"
10-
version = "~> 1.39"
10+
version = "~> 1.47"
1111
}
1212
}
1313
}

0 commit comments

Comments
 (0)