From f6e8803777e3e2b4cfe2e87bdad47546c86f401d Mon Sep 17 00:00:00 2001 From: Haresh Suresh Date: Tue, 21 Mar 2023 10:52:08 -0700 Subject: [PATCH 1/4] fix: Remove legacy benchmark task creation --- .../organization-org_compliance/README.md | 2 -- examples/organization-org_compliance/main.tf | 1 - .../organization-org_compliance/variables.tf | 6 ----- examples/organization/README.md | 1 - examples/organization/benchmark.tf | 1 - examples/organization/variables.tf | 6 ----- examples/single-project-k8s/README.md | 1 - examples/single-project-k8s/benchmark.tf | 1 - examples/single-project-k8s/variables.tf | 6 ----- examples/single-project/README.md | 1 - examples/single-project/benchmark.tf | 1 - examples/single-project/variables.tf | 6 ----- examples/trigger-events/README.md | 1 - examples/trigger-events/versions.tf | 4 --- .../cloud-bench-workload-identity/README.md | 1 - .../task/main.tf | 27 ------------------- .../cloud-bench-workload-identity/versions.tf | 4 --- modules/services/cloud-bench/README.md | 1 - modules/services/cloud-bench/task/main.tf | 27 ------------------- modules/services/cloud-bench/versions.tf | 4 --- modules/services/cloud-connector/README.md | 1 - 21 files changed, 103 deletions(-) diff --git a/examples/organization-org_compliance/README.md b/examples/organization-org_compliance/README.md index a9993fd..2010abb 100644 --- a/examples/organization-org_compliance/README.md +++ b/examples/organization-org_compliance/README.md @@ -147,7 +147,6 @@ module "secure-for-cloud_example_organization" { |------|-------------|------|---------|:--------:| | [organization\_domain](#input\_organization\_domain) | Organization domain. e.g. sysdig.com | `string` | n/a | yes | | [benchmark\_project\_ids](#input\_benchmark\_project\_ids) | Google cloud project IDs to run Benchmarks on. It will create a trust-relationship on each, to allow Sysdig usage. If empty, all organization projects will be defaulted. | `list(string)` | `[]` | no | -| [benchmark\_regions](#input\_benchmark\_regions) | List of regions in which to run the benchmark. If empty, the task will contain all regions by default. | `list(string)` | `[]` | no | | [benchmark\_role\_name](#input\_benchmark\_role\_name) | The name of the Service Account that will be created. | `string` | `"sysdigcloudbench"` | no | | [deploy\_benchmark](#input\_deploy\_benchmark) | whether benchmark module is to be deployed | `bool` | `true` | no | | [deploy\_scanning](#input\_deploy\_scanning) | true/false whether scanning module is to be deployed | `bool` | `false` | no | @@ -213,7 +212,6 @@ Apache 2 Licensed. See LICENSE for full details. | Name | Description | Type | Default | Required | |------|-------------|------|---------|:--------:| | [benchmark\_project\_ids](#input\_benchmark\_project\_ids) | Google cloud project IDs to run Benchmarks on. It will create a trust-relationship on each, to allow Sysdig usage. If empty, all organization projects will be defaulted. | `list(string)` | `[]` | no | -| [benchmark\_regions](#input\_benchmark\_regions) | List of regions in which to run the benchmark. If empty, the task will contain all regions by default. | `list(string)` | `[]` | no | | [benchmark\_role\_name](#input\_benchmark\_role\_name) | The name of the Service Account that will be created. | `string` | `"sysdigcloudbench"` | no | | [deploy\_benchmark](#input\_deploy\_benchmark) | whether benchmark module is to be deployed | `bool` | `true` | no | | [deploy\_scanning](#input\_deploy\_scanning) | true/false whether scanning module is to be deployed | `bool` | `false` | no | diff --git a/examples/organization-org_compliance/main.tf b/examples/organization-org_compliance/main.tf index e454289..f3aed85 100644 --- a/examples/organization-org_compliance/main.tf +++ b/examples/organization-org_compliance/main.tf @@ -128,7 +128,6 @@ module "cloud_bench_workload_identity" { organization_domain = var.organization_domain role_name = var.benchmark_role_name - regions = var.benchmark_regions project_ids = var.benchmark_project_ids project_id = data.google_client_config.current.project } diff --git a/examples/organization-org_compliance/variables.tf b/examples/organization-org_compliance/variables.tf index 11b938d..ddfc52e 100644 --- a/examples/organization-org_compliance/variables.tf +++ b/examples/organization-org_compliance/variables.tf @@ -40,12 +40,6 @@ variable "deploy_benchmark" { default = true } -variable "benchmark_regions" { - type = list(string) - description = "List of regions in which to run the benchmark. If empty, the task will contain all regions by default." - default = [] -} - variable "benchmark_project_ids" { default = [] type = list(string) diff --git a/examples/organization/README.md b/examples/organization/README.md index ff64200..4434bf4 100644 --- a/examples/organization/README.md +++ b/examples/organization/README.md @@ -141,7 +141,6 @@ module "secure-for-cloud_example_organization" { |------|-------------|------|---------|:--------:| | [organization\_domain](#input\_organization\_domain) | Organization domain. e.g. sysdig.com | `string` | n/a | yes | | [benchmark\_project\_ids](#input\_benchmark\_project\_ids) | Google cloud project IDs to run Benchmarks on. It will create a trust-relationship on each, to allow Sysdig usage. If empty, all organization projects will be defaulted. | `list(string)` | `[]` | no | -| [benchmark\_regions](#input\_benchmark\_regions) | List of regions in which to run the benchmark. If empty, the task will contain all regions by default. | `list(string)` | `[]` | no | | [benchmark\_role\_name](#input\_benchmark\_role\_name) | The name of the Service Account that will be created. | `string` | `"sysdigcloudbench"` | no | | [deploy\_benchmark](#input\_deploy\_benchmark) | whether benchmark module is to be deployed | `bool` | `true` | no | | [deploy\_scanning](#input\_deploy\_scanning) | true/false whether scanning module is to be deployed | `bool` | `false` | no | diff --git a/examples/organization/benchmark.tf b/examples/organization/benchmark.tf index ba61717..3e0a275 100644 --- a/examples/organization/benchmark.tf +++ b/examples/organization/benchmark.tf @@ -14,6 +14,5 @@ module "cloud_bench" { is_organizational = true organization_domain = var.organization_domain role_name = "${var.name}${var.benchmark_role_name}" - regions = var.benchmark_regions project_ids = local.benchmark_projects_ids } diff --git a/examples/organization/variables.tf b/examples/organization/variables.tf index 34513d1..898a493 100644 --- a/examples/organization/variables.tf +++ b/examples/organization/variables.tf @@ -41,12 +41,6 @@ variable "deploy_benchmark" { default = true } -variable "benchmark_regions" { - type = list(string) - description = "List of regions in which to run the benchmark. If empty, the task will contain all regions by default." - default = [] -} - variable "benchmark_project_ids" { default = [] type = list(string) diff --git a/examples/single-project-k8s/README.md b/examples/single-project-k8s/README.md index 92d737d..a7ab0c7 100644 --- a/examples/single-project-k8s/README.md +++ b/examples/single-project-k8s/README.md @@ -111,7 +111,6 @@ See [inputs summary](#inputs) or module module [`variables.tf`](./variables.tf) | Name | Description | Type | Default | Required | |------|-------------|------|---------|:--------:| -| [benchmark\_regions](#input\_benchmark\_regions) | List of regions in which to run the benchmark. If empty, the task will contain all regions by default. | `list(string)` | `[]` | no | | [benchmark\_role\_name](#input\_benchmark\_role\_name) | The name of the Service Account that will be created. | `string` | `"sysdigcloudbench"` | no | | [cloud\_connector\_image](#input\_cloud\_connector\_image) | Cloud-connector image to deploy | `string` | `"quay.io/sysdig/cloud-connector"` | no | | [deploy\_benchmark](#input\_deploy\_benchmark) | whether benchmark module is to be deployed | `bool` | `true` | no | diff --git a/examples/single-project-k8s/benchmark.tf b/examples/single-project-k8s/benchmark.tf index 3892138..eefa3a8 100644 --- a/examples/single-project-k8s/benchmark.tf +++ b/examples/single-project-k8s/benchmark.tf @@ -5,6 +5,5 @@ module "cloud_bench" { is_organizational = false role_name = "${var.name}${var.benchmark_role_name}" project_id = data.google_client_config.current.project - regions = var.benchmark_regions reuse_workload_identity_pool = var.reuse_workload_identity_pool } diff --git a/examples/single-project-k8s/variables.tf b/examples/single-project-k8s/variables.tf index 52cf4f5..5ba39f8 100644 --- a/examples/single-project-k8s/variables.tf +++ b/examples/single-project-k8s/variables.tf @@ -16,12 +16,6 @@ variable "deploy_benchmark" { default = true } -variable "benchmark_regions" { - type = list(string) - description = "List of regions in which to run the benchmark. If empty, the task will contain all regions by default." - default = [] -} - variable "benchmark_role_name" { type = string description = "The name of the Service Account that will be created." diff --git a/examples/single-project/README.md b/examples/single-project/README.md index 22c9597..49630f7 100644 --- a/examples/single-project/README.md +++ b/examples/single-project/README.md @@ -108,7 +108,6 @@ module "secure-for-cloud_example_single-project" { | Name | Description | Type | Default | Required | |------|-------------|------|---------|:--------:| -| [benchmark\_regions](#input\_benchmark\_regions) | List of regions in which to run the benchmark. If empty, the task will contain all regions by default. | `list(string)` | `[]` | no | | [benchmark\_role\_name](#input\_benchmark\_role\_name) | The name of the Service Account that will be created. | `string` | `"sysdigcloudbench"` | no | | [cloud\_connector\_image](#input\_cloud\_connector\_image) | The image to use for the Cloud Connector. | `string` | `"us-docker.pkg.dev/sysdig-public-registry/secure-for-cloud/cloud-connector:latest"` | no | | [deploy\_benchmark](#input\_deploy\_benchmark) | whether benchmark module is to be deployed | `bool` | `true` | no | diff --git a/examples/single-project/benchmark.tf b/examples/single-project/benchmark.tf index 3892138..eefa3a8 100644 --- a/examples/single-project/benchmark.tf +++ b/examples/single-project/benchmark.tf @@ -5,6 +5,5 @@ module "cloud_bench" { is_organizational = false role_name = "${var.name}${var.benchmark_role_name}" project_id = data.google_client_config.current.project - regions = var.benchmark_regions reuse_workload_identity_pool = var.reuse_workload_identity_pool } diff --git a/examples/single-project/variables.tf b/examples/single-project/variables.tf index 627afa3..3144335 100644 --- a/examples/single-project/variables.tf +++ b/examples/single-project/variables.tf @@ -19,12 +19,6 @@ variable "deploy_benchmark" { default = true } -variable "benchmark_regions" { - type = list(string) - description = "List of regions in which to run the benchmark. If empty, the task will contain all regions by default." - default = [] -} - variable "benchmark_role_name" { type = string description = "The name of the Service Account that will be created." diff --git a/examples/trigger-events/README.md b/examples/trigger-events/README.md index 8898acf..1bd24b5 100644 --- a/examples/trigger-events/README.md +++ b/examples/trigger-events/README.md @@ -31,7 +31,6 @@ module "secure-for-cloud_trigger_events" { | [terraform](#requirement\_terraform) | >= 0.15.0 | | [google](#requirement\_google) | >= 4.21.0 | | [google-beta](#requirement\_google-beta) | >= 4.21.0 | -| [random](#requirement\_random) | >= 3.1.0 | | [sysdig](#requirement\_sysdig) | >= 0.5.21 | ## Providers diff --git a/examples/trigger-events/versions.tf b/examples/trigger-events/versions.tf index d41f0de..801dd7e 100644 --- a/examples/trigger-events/versions.tf +++ b/examples/trigger-events/versions.tf @@ -2,10 +2,6 @@ terraform { required_version = ">= 0.15.0" required_providers { - random = { - source = "hashicorp/random" - version = ">= 3.1.0" - } google = { source = "hashicorp/google" version = ">= 4.21.0" diff --git a/modules/services/cloud-bench-workload-identity/README.md b/modules/services/cloud-bench-workload-identity/README.md index ac3f2ea..e94a383 100644 --- a/modules/services/cloud-bench-workload-identity/README.md +++ b/modules/services/cloud-bench-workload-identity/README.md @@ -6,7 +6,6 @@ | [terraform](#requirement\_terraform) | >= 0.15.0 | | [google](#requirement\_google) | >= 4.21.0 | | [google-beta](#requirement\_google-beta) | >= 4.21.0 | -| [random](#requirement\_random) | >= 3.1.0 | | [sysdig](#requirement\_sysdig) | >= 0.5.46 | ## Providers diff --git a/modules/services/cloud-bench-workload-identity/task/main.tf b/modules/services/cloud-bench-workload-identity/task/main.tf index 35a30c8..e196a2d 100644 --- a/modules/services/cloud-bench-workload-identity/task/main.tf +++ b/modules/services/cloud-bench-workload-identity/task/main.tf @@ -19,30 +19,3 @@ data "google_organization" "organization" { count = var.organization_domain == "" ? 0 : 1 domain = var.organization_domain } - -locals { - benchmark_task_name = var.is_organizational ? "Organization: ${data.google_organization.organization[0].org_id}" : trimprefix(data.google_project.project[0].id, "projects/") - accounts_scope_clause = var.is_organizational ? "gcp.projectId in (\"${join("\", \"", local.project_numbers)}\")" : "gcp.projectId = \"${local.project_numbers[0]}\"" - regions_scope_clause = length(var.regions) == 0 ? "" : " and gcp.region in (\"${join("\", \"", var.regions)}\")" -} - -################################################### -# Configure Sysdig Backend -################################################### - -resource "random_integer" "minute" { - max = 59 - min = 0 -} - -resource "random_integer" "hour" { - max = 23 - min = 0 -} - -resource "sysdig_secure_benchmark_task" "benchmark_task" { - name = "Sysdig Secure for Cloud (GCP) - ${local.benchmark_task_name}" - schedule = "${random_integer.minute.result} ${random_integer.hour.result} * * *" - schema = "gcp_foundations_bench-1.2.0" - scope = "${local.accounts_scope_clause}${local.regions_scope_clause}" -} diff --git a/modules/services/cloud-bench-workload-identity/versions.tf b/modules/services/cloud-bench-workload-identity/versions.tf index 4fd6997..62874d0 100644 --- a/modules/services/cloud-bench-workload-identity/versions.tf +++ b/modules/services/cloud-bench-workload-identity/versions.tf @@ -2,10 +2,6 @@ terraform { required_version = ">= 0.15.0" required_providers { - random = { - source = "hashicorp/random" - version = ">= 3.1.0" - } google = { source = "hashicorp/google" version = ">= 4.21.0" diff --git a/modules/services/cloud-bench/README.md b/modules/services/cloud-bench/README.md index 9ec3e54..2f735a3 100644 --- a/modules/services/cloud-bench/README.md +++ b/modules/services/cloud-bench/README.md @@ -15,7 +15,6 @@ Deployed on **Sysdig Backend** | [terraform](#requirement\_terraform) | >= 0.15.0 | | [google](#requirement\_google) | >= 4.21.0 | | [google-beta](#requirement\_google-beta) | >= 4.21.0 | -| [random](#requirement\_random) | >= 3.1.0 | | [sysdig](#requirement\_sysdig) | >= 0.5.21 | ## Providers diff --git a/modules/services/cloud-bench/task/main.tf b/modules/services/cloud-bench/task/main.tf index 35a30c8..e196a2d 100644 --- a/modules/services/cloud-bench/task/main.tf +++ b/modules/services/cloud-bench/task/main.tf @@ -19,30 +19,3 @@ data "google_organization" "organization" { count = var.organization_domain == "" ? 0 : 1 domain = var.organization_domain } - -locals { - benchmark_task_name = var.is_organizational ? "Organization: ${data.google_organization.organization[0].org_id}" : trimprefix(data.google_project.project[0].id, "projects/") - accounts_scope_clause = var.is_organizational ? "gcp.projectId in (\"${join("\", \"", local.project_numbers)}\")" : "gcp.projectId = \"${local.project_numbers[0]}\"" - regions_scope_clause = length(var.regions) == 0 ? "" : " and gcp.region in (\"${join("\", \"", var.regions)}\")" -} - -################################################### -# Configure Sysdig Backend -################################################### - -resource "random_integer" "minute" { - max = 59 - min = 0 -} - -resource "random_integer" "hour" { - max = 23 - min = 0 -} - -resource "sysdig_secure_benchmark_task" "benchmark_task" { - name = "Sysdig Secure for Cloud (GCP) - ${local.benchmark_task_name}" - schedule = "${random_integer.minute.result} ${random_integer.hour.result} * * *" - schema = "gcp_foundations_bench-1.2.0" - scope = "${local.accounts_scope_clause}${local.regions_scope_clause}" -} diff --git a/modules/services/cloud-bench/versions.tf b/modules/services/cloud-bench/versions.tf index d41f0de..801dd7e 100644 --- a/modules/services/cloud-bench/versions.tf +++ b/modules/services/cloud-bench/versions.tf @@ -2,10 +2,6 @@ terraform { required_version = ">= 0.15.0" required_providers { - random = { - source = "hashicorp/random" - version = ">= 3.1.0" - } google = { source = "hashicorp/google" version = ">= 4.21.0" diff --git a/modules/services/cloud-connector/README.md b/modules/services/cloud-connector/README.md index a760cc9..df9764d 100644 --- a/modules/services/cloud-connector/README.md +++ b/modules/services/cloud-connector/README.md @@ -26,7 +26,6 @@ module "cloud_connector_gcp" { |------|---------| | [terraform](#requirement\_terraform) | >= 0.15.0 | | [google](#requirement\_google) | >= 4.21.0 | -| [random](#requirement\_random) | >= 3.1.0 | ## Providers From cf60296cd489bf0bc8f7e59e1e4c08e8bdc281c7 Mon Sep 17 00:00:00 2001 From: Noah Kraemer Date: Tue, 21 Mar 2023 12:02:23 -0700 Subject: [PATCH 2/4] Remove task submodules, fix lint errors --- examples/trigger-events/README.md | 3 +- examples/trigger-events/versions.tf | 4 +++ .../cloud-bench-workload-identity/main.tf | 11 ------- .../task/main.tf | 21 ------------- .../task/outputs.tf | 0 .../task/variables.tf | 31 ------------------- .../task/versions.tf | 17 ---------- .../variables.tf | 6 ---- modules/services/cloud-bench/README.md | 2 -- modules/services/cloud-bench/main.tf | 11 ------- modules/services/cloud-bench/task/main.tf | 21 ------------- modules/services/cloud-bench/task/outputs.tf | 0 .../services/cloud-bench/task/variables.tf | 31 ------------------- modules/services/cloud-bench/task/versions.tf | 17 ---------- modules/services/cloud-bench/variables.tf | 6 ---- 15 files changed, 6 insertions(+), 175 deletions(-) delete mode 100644 modules/services/cloud-bench-workload-identity/task/main.tf delete mode 100644 modules/services/cloud-bench-workload-identity/task/outputs.tf delete mode 100644 modules/services/cloud-bench-workload-identity/task/variables.tf delete mode 100644 modules/services/cloud-bench-workload-identity/task/versions.tf delete mode 100644 modules/services/cloud-bench/task/main.tf delete mode 100644 modules/services/cloud-bench/task/outputs.tf delete mode 100644 modules/services/cloud-bench/task/variables.tf delete mode 100644 modules/services/cloud-bench/task/versions.tf diff --git a/examples/trigger-events/README.md b/examples/trigger-events/README.md index 1bd24b5..1b6e8f3 100644 --- a/examples/trigger-events/README.md +++ b/examples/trigger-events/README.md @@ -31,13 +31,14 @@ module "secure-for-cloud_trigger_events" { | [terraform](#requirement\_terraform) | >= 0.15.0 | | [google](#requirement\_google) | >= 4.21.0 | | [google-beta](#requirement\_google-beta) | >= 4.21.0 | +| [random](#requirement\_random) | >= 3.1.0 | | [sysdig](#requirement\_sysdig) | >= 0.5.21 | ## Providers | Name | Version | |------|---------| -| [google](#provider\_google) | >= 4.21.0 | +| [google](#provider\_google) | 4.58.0 | ## Modules diff --git a/examples/trigger-events/versions.tf b/examples/trigger-events/versions.tf index 801dd7e..d41f0de 100644 --- a/examples/trigger-events/versions.tf +++ b/examples/trigger-events/versions.tf @@ -2,6 +2,10 @@ terraform { required_version = ">= 0.15.0" required_providers { + random = { + source = "hashicorp/random" + version = ">= 3.1.0" + } google = { source = "hashicorp/google" version = ">= 4.21.0" diff --git a/modules/services/cloud-bench-workload-identity/main.tf b/modules/services/cloud-bench-workload-identity/main.tf index 0b9ef04..1d18b2a 100644 --- a/modules/services/cloud-bench-workload-identity/main.tf +++ b/modules/services/cloud-bench-workload-identity/main.tf @@ -22,14 +22,3 @@ module "trust_relationship" { project_ids = local.project_ids project_id_number_map = local.project_id_to_number_map } - -module "task" { - source = "./task" - project_id = var.project_id - project_ids = local.project_ids - regions = var.regions - is_organizational = true - organization_domain = var.organization_domain - - depends_on = [module.trust_relationship] -} diff --git a/modules/services/cloud-bench-workload-identity/task/main.tf b/modules/services/cloud-bench-workload-identity/task/main.tf deleted file mode 100644 index e196a2d..0000000 --- a/modules/services/cloud-bench-workload-identity/task/main.tf +++ /dev/null @@ -1,21 +0,0 @@ -################################################### -# Fetch & compute required data -################################################### - -locals { - project_ids = var.is_organizational ? var.project_ids : [var.project_id] -} - -data "google_project" "project" { - count = length(local.project_ids) - project_id = local.project_ids[count.index] -} - -locals { - project_numbers = [for p in data.google_project.project : p.number] -} - -data "google_organization" "organization" { - count = var.organization_domain == "" ? 0 : 1 - domain = var.organization_domain -} diff --git a/modules/services/cloud-bench-workload-identity/task/outputs.tf b/modules/services/cloud-bench-workload-identity/task/outputs.tf deleted file mode 100644 index e69de29..0000000 diff --git a/modules/services/cloud-bench-workload-identity/task/variables.tf b/modules/services/cloud-bench-workload-identity/task/variables.tf deleted file mode 100644 index 98fb9d3..0000000 --- a/modules/services/cloud-bench-workload-identity/task/variables.tf +++ /dev/null @@ -1,31 +0,0 @@ -variable "regions" { - type = list(string) - description = "List of regions in which to run the benchmark. If empty, the task will contain all regions by default." - default = [] -} - -# For single project -variable "project_id" { - type = string - description = "ID of project to run the benchmark on" - default = "" -} - -# For organizational -variable "project_ids" { - type = list(string) - description = "IDs of projects to run the benchmark on" - default = [] -} - -variable "is_organizational" { - type = bool - description = "Whether this task is being created at the org or project level" - default = false -} - -variable "organization_domain" { - type = string - description = "Organization domain. e.g. sysdig.com" - default = "" -} diff --git a/modules/services/cloud-bench-workload-identity/task/versions.tf b/modules/services/cloud-bench-workload-identity/task/versions.tf deleted file mode 100644 index 93bf52a..0000000 --- a/modules/services/cloud-bench-workload-identity/task/versions.tf +++ /dev/null @@ -1,17 +0,0 @@ -terraform { - required_version = ">= 0.15.0" - - required_providers { - google = { - source = "hashicorp/google" - version = ">= 4.21.0" - } - sysdig = { - source = "sysdiglabs/sysdig" - version = ">= 0.5.46" - } - random = { - version = ">= 3.1.0" - } - } -} diff --git a/modules/services/cloud-bench-workload-identity/variables.tf b/modules/services/cloud-bench-workload-identity/variables.tf index 87c24a7..8a98014 100644 --- a/modules/services/cloud-bench-workload-identity/variables.tf +++ b/modules/services/cloud-bench-workload-identity/variables.tf @@ -1,9 +1,3 @@ -variable "regions" { - type = list(string) - description = "List of regions in which to run the benchmark. If empty, the task will contain all regions by default." - default = [] -} - variable "role_name" { type = string description = "The name of the Service Account that will be created." diff --git a/modules/services/cloud-bench/README.md b/modules/services/cloud-bench/README.md index 2f735a3..0caef86 100644 --- a/modules/services/cloud-bench/README.md +++ b/modules/services/cloud-bench/README.md @@ -25,7 +25,6 @@ No providers. | Name | Source | Version | |------|--------|---------| -| [task](#module\_task) | ./task | n/a | | [trust\_relationship](#module\_trust\_relationship) | ./trust_relationship | n/a | ## Resources @@ -40,7 +39,6 @@ No resources. | [organization\_domain](#input\_organization\_domain) | Organization domain. e.g. sysdig.com | `string` | `""` | no | | [project\_id](#input\_project\_id) | Google cloud project ID to run Benchmarks on. It will create a trust-relationship, to allow Sysdig usage. | `string` | `""` | no | | [project\_ids](#input\_project\_ids) | Google cloud project IDs to run Benchmarks on. It will create a trust-relationship on each, to allow Sysdig usage. If empty, all organization projects will be defaulted. | `list(string)` | `[]` | no | -| [regions](#input\_regions) | List of regions in which to run the benchmark. If empty, the task will contain all regions by default. | `list(string)` | `[]` | no | | [reuse\_workload\_identity\_pool](#input\_reuse\_workload\_identity\_pool) | Reuse existing workload identity pool, from previous deployment, with name 'sysdigcloud'.
Will help overcome redeploying error due to GCP softdelete
| `bool` | `false` | no | | [role\_name](#input\_role\_name) | The name of the Service Account/Role that will be created. Modify this value in case of conflict / 409 error to bypass Google soft delete | `string` | `"sysdigcloudbench"` | no | diff --git a/modules/services/cloud-bench/main.tf b/modules/services/cloud-bench/main.tf index 5d26c47..bf79704 100644 --- a/modules/services/cloud-bench/main.tf +++ b/modules/services/cloud-bench/main.tf @@ -10,14 +10,3 @@ module "trust_relationship" { role_name = var.role_name reuse_workload_identity_pool = var.reuse_workload_identity_pool } - -module "task" { - source = "./task" - project_id = var.project_id - project_ids = local.project_ids - regions = var.regions - is_organizational = var.is_organizational - organization_domain = var.organization_domain - - depends_on = [module.trust_relationship] -} diff --git a/modules/services/cloud-bench/task/main.tf b/modules/services/cloud-bench/task/main.tf deleted file mode 100644 index e196a2d..0000000 --- a/modules/services/cloud-bench/task/main.tf +++ /dev/null @@ -1,21 +0,0 @@ -################################################### -# Fetch & compute required data -################################################### - -locals { - project_ids = var.is_organizational ? var.project_ids : [var.project_id] -} - -data "google_project" "project" { - count = length(local.project_ids) - project_id = local.project_ids[count.index] -} - -locals { - project_numbers = [for p in data.google_project.project : p.number] -} - -data "google_organization" "organization" { - count = var.organization_domain == "" ? 0 : 1 - domain = var.organization_domain -} diff --git a/modules/services/cloud-bench/task/outputs.tf b/modules/services/cloud-bench/task/outputs.tf deleted file mode 100644 index e69de29..0000000 diff --git a/modules/services/cloud-bench/task/variables.tf b/modules/services/cloud-bench/task/variables.tf deleted file mode 100644 index 98fb9d3..0000000 --- a/modules/services/cloud-bench/task/variables.tf +++ /dev/null @@ -1,31 +0,0 @@ -variable "regions" { - type = list(string) - description = "List of regions in which to run the benchmark. If empty, the task will contain all regions by default." - default = [] -} - -# For single project -variable "project_id" { - type = string - description = "ID of project to run the benchmark on" - default = "" -} - -# For organizational -variable "project_ids" { - type = list(string) - description = "IDs of projects to run the benchmark on" - default = [] -} - -variable "is_organizational" { - type = bool - description = "Whether this task is being created at the org or project level" - default = false -} - -variable "organization_domain" { - type = string - description = "Organization domain. e.g. sysdig.com" - default = "" -} diff --git a/modules/services/cloud-bench/task/versions.tf b/modules/services/cloud-bench/task/versions.tf deleted file mode 100644 index 22bca6b..0000000 --- a/modules/services/cloud-bench/task/versions.tf +++ /dev/null @@ -1,17 +0,0 @@ -terraform { - required_version = ">= 0.15.0" - - required_providers { - google = { - source = "hashicorp/google" - version = ">= 4.21.0" - } - sysdig = { - source = "sysdiglabs/sysdig" - version = ">= 0.5.21" - } - random = { - version = ">= 3.1.0" - } - } -} diff --git a/modules/services/cloud-bench/variables.tf b/modules/services/cloud-bench/variables.tf index dfc16a4..852c1ea 100644 --- a/modules/services/cloud-bench/variables.tf +++ b/modules/services/cloud-bench/variables.tf @@ -1,9 +1,3 @@ -variable "regions" { - type = list(string) - description = "List of regions in which to run the benchmark. If empty, the task will contain all regions by default." - default = [] -} - variable "role_name" { type = string description = "The name of the Service Account/Role that will be created. Modify this value in case of conflict / 409 error to bypass Google soft delete" From d6a90ee7d611e466a8bc202474c0a0a5a804c452 Mon Sep 17 00:00:00 2001 From: Noah Kraemer Date: Tue, 21 Mar 2023 12:30:02 -0700 Subject: [PATCH 3/4] Fix linting errors --- examples/organization-org_compliance/README.md | 4 ++-- examples/organization/README.md | 4 ++-- examples/single-project-k8s/README.md | 6 +++--- examples/single-project/README.md | 4 ++-- modules/infrastructure/organization_sink/README.md | 2 +- modules/infrastructure/project_sink/README.md | 2 +- modules/infrastructure/pubsub_subscription/README.md | 2 +- modules/infrastructure/secrets/README.md | 2 +- modules/services/cloud-bench/variables.tf | 2 ++ modules/services/cloud-connector/README.md | 3 ++- 10 files changed, 17 insertions(+), 14 deletions(-) diff --git a/examples/organization-org_compliance/README.md b/examples/organization-org_compliance/README.md index 2010abb..554437a 100644 --- a/examples/organization-org_compliance/README.md +++ b/examples/organization-org_compliance/README.md @@ -115,8 +115,8 @@ module "secure-for-cloud_example_organization" { | Name | Version | |------|---------| -| [google](#provider\_google) | >= 4.21.0 | -| [sysdig](#provider\_sysdig) | >= 0.5.46 | +| [google](#provider\_google) | 4.58.0 | +| [sysdig](#provider\_sysdig) | 0.7.4 | ## Modules diff --git a/examples/organization/README.md b/examples/organization/README.md index 4434bf4..14fa06e 100644 --- a/examples/organization/README.md +++ b/examples/organization/README.md @@ -109,8 +109,8 @@ module "secure-for-cloud_example_organization" { | Name | Version | |------|---------| -| [google](#provider\_google) | >= 4.21.0 | -| [sysdig](#provider\_sysdig) | >= 0.5.21 | +| [google](#provider\_google) | 4.58.0 | +| [sysdig](#provider\_sysdig) | 0.7.4 | ## Modules diff --git a/examples/single-project-k8s/README.md b/examples/single-project-k8s/README.md index a7ab0c7..ee7c548 100644 --- a/examples/single-project-k8s/README.md +++ b/examples/single-project-k8s/README.md @@ -81,9 +81,9 @@ See [inputs summary](#inputs) or module module [`variables.tf`](./variables.tf) | Name | Version | |------|---------| -| [google](#provider\_google) | >= 4.21.0 | -| [helm](#provider\_helm) | >=2.3.0 | -| [sysdig](#provider\_sysdig) | >= 0.5.21 | +| [google](#provider\_google) | 4.58.0 | +| [helm](#provider\_helm) | 2.9.0 | +| [sysdig](#provider\_sysdig) | 0.7.4 | ## Modules diff --git a/examples/single-project/README.md b/examples/single-project/README.md index 49630f7..8c940e5 100644 --- a/examples/single-project/README.md +++ b/examples/single-project/README.md @@ -82,8 +82,8 @@ module "secure-for-cloud_example_single-project" { | Name | Version | |------|---------| -| [google](#provider\_google) | >= 4.21.0 | -| [sysdig](#provider\_sysdig) | >= 0.5.21 | +| [google](#provider\_google) | 4.58.0 | +| [sysdig](#provider\_sysdig) | 0.7.4 | ## Modules diff --git a/modules/infrastructure/organization_sink/README.md b/modules/infrastructure/organization_sink/README.md index 7ce638c..8d0de9d 100644 --- a/modules/infrastructure/organization_sink/README.md +++ b/modules/infrastructure/organization_sink/README.md @@ -12,7 +12,7 @@ | Name | Version | |------|---------| -| [google](#provider\_google) | >= 4.21.0 | +| [google](#provider\_google) | 4.58.0 | ## Modules diff --git a/modules/infrastructure/project_sink/README.md b/modules/infrastructure/project_sink/README.md index c7db184..9a061fe 100644 --- a/modules/infrastructure/project_sink/README.md +++ b/modules/infrastructure/project_sink/README.md @@ -12,7 +12,7 @@ | Name | Version | |------|---------| -| [google](#provider\_google) | >= 4.21.0 | +| [google](#provider\_google) | 4.58.0 | ## Modules diff --git a/modules/infrastructure/pubsub_subscription/README.md b/modules/infrastructure/pubsub_subscription/README.md index 86837a7..1e73e51 100644 --- a/modules/infrastructure/pubsub_subscription/README.md +++ b/modules/infrastructure/pubsub_subscription/README.md @@ -15,7 +15,7 @@ already exists in the project. It will create the topic if it doesn't exist. | Name | Version | |------|---------| -| [google](#provider\_google) | >= 4.21.0 | +| [google](#provider\_google) | 4.58.0 | ## Modules diff --git a/modules/infrastructure/secrets/README.md b/modules/infrastructure/secrets/README.md index 797821a..66b2811 100644 --- a/modules/infrastructure/secrets/README.md +++ b/modules/infrastructure/secrets/README.md @@ -12,7 +12,7 @@ | Name | Version | |------|---------| -| [google](#provider\_google) | >= 4.21.0 | +| [google](#provider\_google) | 4.58.0 | ## Modules diff --git a/modules/services/cloud-bench/variables.tf b/modules/services/cloud-bench/variables.tf index 852c1ea..f0ff3e9 100644 --- a/modules/services/cloud-bench/variables.tf +++ b/modules/services/cloud-bench/variables.tf @@ -24,6 +24,8 @@ variable "is_organizational" { default = false } +# Linting ignored as published snippets still reference this param, and will fail if it is removed. +# tflint-ignore: terraform_unused_declarations variable "organization_domain" { type = string description = "Organization domain. e.g. sysdig.com" diff --git a/modules/services/cloud-connector/README.md b/modules/services/cloud-connector/README.md index df9764d..a5e7f88 100644 --- a/modules/services/cloud-connector/README.md +++ b/modules/services/cloud-connector/README.md @@ -26,12 +26,13 @@ module "cloud_connector_gcp" { |------|---------| | [terraform](#requirement\_terraform) | >= 0.15.0 | | [google](#requirement\_google) | >= 4.21.0 | +| [random](#requirement\_random) | >= 3.1.0 | ## Providers | Name | Version | |------|---------| -| [google](#provider\_google) | >= 4.21.0 | +| [google](#provider\_google) | 4.58.0 | ## Modules From 85be8535dd1a36e60163952fcd5082352b3f1382 Mon Sep 17 00:00:00 2001 From: Noah Kraemer Date: Tue, 21 Mar 2023 13:53:08 -0700 Subject: [PATCH 4/4] Lint fixes --- examples/organization-org_compliance/README.md | 4 ++-- examples/organization/README.md | 4 ++-- examples/single-project-k8s/README.md | 6 +++--- examples/single-project/README.md | 4 ++-- examples/trigger-events/README.md | 2 +- modules/infrastructure/organization_sink/README.md | 2 +- modules/infrastructure/project_sink/README.md | 2 +- modules/infrastructure/pubsub_subscription/README.md | 2 +- modules/infrastructure/secrets/README.md | 2 +- modules/services/cloud-connector/README.md | 2 +- 10 files changed, 15 insertions(+), 15 deletions(-) diff --git a/examples/organization-org_compliance/README.md b/examples/organization-org_compliance/README.md index 554437a..2010abb 100644 --- a/examples/organization-org_compliance/README.md +++ b/examples/organization-org_compliance/README.md @@ -115,8 +115,8 @@ module "secure-for-cloud_example_organization" { | Name | Version | |------|---------| -| [google](#provider\_google) | 4.58.0 | -| [sysdig](#provider\_sysdig) | 0.7.4 | +| [google](#provider\_google) | >= 4.21.0 | +| [sysdig](#provider\_sysdig) | >= 0.5.46 | ## Modules diff --git a/examples/organization/README.md b/examples/organization/README.md index 14fa06e..4434bf4 100644 --- a/examples/organization/README.md +++ b/examples/organization/README.md @@ -109,8 +109,8 @@ module "secure-for-cloud_example_organization" { | Name | Version | |------|---------| -| [google](#provider\_google) | 4.58.0 | -| [sysdig](#provider\_sysdig) | 0.7.4 | +| [google](#provider\_google) | >= 4.21.0 | +| [sysdig](#provider\_sysdig) | >= 0.5.21 | ## Modules diff --git a/examples/single-project-k8s/README.md b/examples/single-project-k8s/README.md index ee7c548..a7ab0c7 100644 --- a/examples/single-project-k8s/README.md +++ b/examples/single-project-k8s/README.md @@ -81,9 +81,9 @@ See [inputs summary](#inputs) or module module [`variables.tf`](./variables.tf) | Name | Version | |------|---------| -| [google](#provider\_google) | 4.58.0 | -| [helm](#provider\_helm) | 2.9.0 | -| [sysdig](#provider\_sysdig) | 0.7.4 | +| [google](#provider\_google) | >= 4.21.0 | +| [helm](#provider\_helm) | >=2.3.0 | +| [sysdig](#provider\_sysdig) | >= 0.5.21 | ## Modules diff --git a/examples/single-project/README.md b/examples/single-project/README.md index 8c940e5..49630f7 100644 --- a/examples/single-project/README.md +++ b/examples/single-project/README.md @@ -82,8 +82,8 @@ module "secure-for-cloud_example_single-project" { | Name | Version | |------|---------| -| [google](#provider\_google) | 4.58.0 | -| [sysdig](#provider\_sysdig) | 0.7.4 | +| [google](#provider\_google) | >= 4.21.0 | +| [sysdig](#provider\_sysdig) | >= 0.5.21 | ## Modules diff --git a/examples/trigger-events/README.md b/examples/trigger-events/README.md index 1b6e8f3..8898acf 100644 --- a/examples/trigger-events/README.md +++ b/examples/trigger-events/README.md @@ -38,7 +38,7 @@ module "secure-for-cloud_trigger_events" { | Name | Version | |------|---------| -| [google](#provider\_google) | 4.58.0 | +| [google](#provider\_google) | >= 4.21.0 | ## Modules diff --git a/modules/infrastructure/organization_sink/README.md b/modules/infrastructure/organization_sink/README.md index 8d0de9d..7ce638c 100644 --- a/modules/infrastructure/organization_sink/README.md +++ b/modules/infrastructure/organization_sink/README.md @@ -12,7 +12,7 @@ | Name | Version | |------|---------| -| [google](#provider\_google) | 4.58.0 | +| [google](#provider\_google) | >= 4.21.0 | ## Modules diff --git a/modules/infrastructure/project_sink/README.md b/modules/infrastructure/project_sink/README.md index 9a061fe..c7db184 100644 --- a/modules/infrastructure/project_sink/README.md +++ b/modules/infrastructure/project_sink/README.md @@ -12,7 +12,7 @@ | Name | Version | |------|---------| -| [google](#provider\_google) | 4.58.0 | +| [google](#provider\_google) | >= 4.21.0 | ## Modules diff --git a/modules/infrastructure/pubsub_subscription/README.md b/modules/infrastructure/pubsub_subscription/README.md index 1e73e51..86837a7 100644 --- a/modules/infrastructure/pubsub_subscription/README.md +++ b/modules/infrastructure/pubsub_subscription/README.md @@ -15,7 +15,7 @@ already exists in the project. It will create the topic if it doesn't exist. | Name | Version | |------|---------| -| [google](#provider\_google) | 4.58.0 | +| [google](#provider\_google) | >= 4.21.0 | ## Modules diff --git a/modules/infrastructure/secrets/README.md b/modules/infrastructure/secrets/README.md index 66b2811..797821a 100644 --- a/modules/infrastructure/secrets/README.md +++ b/modules/infrastructure/secrets/README.md @@ -12,7 +12,7 @@ | Name | Version | |------|---------| -| [google](#provider\_google) | 4.58.0 | +| [google](#provider\_google) | >= 4.21.0 | ## Modules diff --git a/modules/services/cloud-connector/README.md b/modules/services/cloud-connector/README.md index a5e7f88..a760cc9 100644 --- a/modules/services/cloud-connector/README.md +++ b/modules/services/cloud-connector/README.md @@ -32,7 +32,7 @@ module "cloud_connector_gcp" { | Name | Version | |------|---------| -| [google](#provider\_google) | 4.58.0 | +| [google](#provider\_google) | >= 4.21.0 | ## Modules