Skip to content

Commit e076522

Browse files
alannix-lwalannix-lw
authored
fix: inherit region from Google provider configuration (#9)
* fix: inherit region from Google provider configuration * docs: corrections to README
1 parent 28094db commit e076522

File tree

3 files changed

+14
-16
lines changed

3 files changed

+14
-16
lines changed

README.md

Lines changed: 4 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -19,8 +19,8 @@ A Terraform Module to configure the Lacework Agentless Scanner.
1919

2020
| Name | Version |
2121
| --------------------------------------------------------------- | ------- |
22-
| <a name="provider_google"></a> [google](#provider_google) | 4.46.0 |
23-
| <a name="provider_lacework"></a> [lacework](#provider_lacework) | 1.3.0 |
22+
| <a name="provider_google"></a> [google](#provider_google) | 4.47.0 |
23+
| <a name="provider_lacework"></a> [lacework](#provider_lacework) | 1.4.0 |
2424
| <a name="provider_random"></a> [random](#provider_random) | 3.4.3 |
2525

2626
## Modules
@@ -57,6 +57,7 @@ A Terraform Module to configure the Lacework Agentless Scanner.
5757
| [google_storage_bucket_iam_binding.lacework_bucket](https://registry.terraform.io/providers/hashicorp/google/latest/docs/resources/storage_bucket_iam_binding) | resource |
5858
| [lacework_integration_gcp_agentless_scanning.lacework_cloud_account](https://registry.terraform.io/providers/lacework/lacework/latest/docs/resources/integration_gcp_agentless_scanning) | resource |
5959
| [random_id.uniq](https://registry.terraform.io/providers/hashicorp/random/latest/docs/resources/id) | resource |
60+
| [google_client_config.default](https://registry.terraform.io/providers/hashicorp/google/latest/docs/data-sources/client_config) | data source |
6061
| [google_compute_default_service_account.default](https://registry.terraform.io/providers/hashicorp/google/latest/docs/data-sources/compute_default_service_account) | data source |
6162
| [google_project.selected](https://registry.terraform.io/providers/hashicorp/google/latest/docs/data-sources/project) | data source |
6263
| [lacework_user_profile.current](https://registry.terraform.io/providers/lacework/lacework/latest/docs/data-sources/user_profile) | data source |
@@ -73,7 +74,7 @@ A Terraform Module to configure the Lacework Agentless Scanner.
7374
| <a name="input_bucket_lifecycle_rule_age"></a> [bucket_lifecycle_rule_age](#input_bucket_lifecycle_rule_age) | Number of days to keep agentless scan objects in bucket before deletion. | `number` | `30` | no |
7475
| <a name="input_global"></a> [global](#input_global) | Whether or not to create global resources. Defaults to `false`. | `bool` | `false` | no |
7576
| <a name="input_global_module_reference"></a> [global_module_reference](#input_global_module_reference) | A reference to the global lacework_gcp_agentless_scanning module for this account. | <pre>object({<br> agentless_orchestrate_service_account_email = string<br> agentless_scan_service_account_email = string<br> agentless_scan_secret_id = string<br> lacework_account = string<br> lacework_domain = string<br> prefix = string<br> suffix = string<br> })</pre> | <pre>{<br> "agentless_orchestrate_service_account_email": "",<br> "agentless_scan_secret_id": "",<br> "agentless_scan_service_account_email": "",<br> "lacework_account": "",<br> "lacework_domain": "",<br> "prefix": "",<br> "suffix": ""<br>}</pre> | no |
76-
| <a name="input_image_url"></a> [image_url](#input_image_url) | The container image url for Lacework Agentless Workload Scanning. | `string` | `"us-docker.pkg.dev/cloudrun/container/hello"` | no |
77+
| <a name="input_image_url"></a> [image_url](#input_image_url) | The container image url for Lacework Agentless Workload Scanning. | `string` | `"us-docker.pkg.dev/agentless-sidekick-images-tl48/sidekick/sidekick"` | no |
7778
| <a name="input_integration_type"></a> [integration_type](#input_integration_type) | Specify the integration type. Can only be PROJECT or ORGANIZATION. Defaults to PROJECT | `string` | `"PROJECT"` | no |
7879
| <a name="input_labels"></a> [labels](#input_labels) | Set of labels which will be added to the resources managed by the module. | `map(string)` | `{}` | no |
7980
| <a name="input_lacework_account"></a> [lacework_account](#input_lacework_account) | The name of the Lacework account with which to integrate. | `string` | `""` | no |
@@ -82,7 +83,6 @@ A Terraform Module to configure the Lacework Agentless Scanner.
8283
| <a name="input_organization_id"></a> [organization_id](#input_organization_id) | The organization ID, required if integration_type is set to ORGANIZATION | `string` | `""` | no |
8384
| <a name="input_prefix"></a> [prefix](#input_prefix) | A string to be prefixed to the name of all new resources. | `string` | `"lacework-awls"` | no |
8485
| <a name="input_project_filter_list"></a> [project_filter_list](#input_project_filter_list) | A list of projects to include/exclude for integration. | `list(any)` | `[]` | no |
85-
| <a name="input_region"></a> [region](#input_region) | The region in which to create resources. | `string` | `"us-central1"` | no |
8686
| <a name="input_regional"></a> [regional](#input_regional) | Whether or not to create regional resources. Defaults to `false`. | `bool` | `false` | no |
8787
| <a name="input_required_apis"></a> [required_apis](#input_required_apis) | n/a | `map(any)` | <pre>{<br> "cloudscheduler": "cloudscheduler.googleapis.com",<br> "compute": "compute.googleapis.com",<br> "iam": "iam.googleapis.com",<br> "run": "run.googleapis.com",<br> "secretmanager": "secretmanager.googleapis.com"<br>}</pre> | no |
8888
| <a name="input_scan_containers"></a> [scan_containers](#input_scan_containers) | Whether to includes scanning for containers. Defaults to `true`. | `bool` | `true` | no |

main.tf

Lines changed: 10 additions & 6 deletions
Original file line numberDiff line numberDiff line change
@@ -12,6 +12,8 @@ locals {
1212
suffix = length(var.global_module_reference.suffix) > 0 ? var.global_module_reference.suffix : (length(var.suffix) > 0 ? var.suffix : random_id.uniq.hex)
1313
prefix = length(var.global_module_reference.prefix) > 0 ? var.global_module_reference.prefix : var.prefix
1414

15+
region = data.google_client_config.default.region
16+
1517
service_account_name = var.global ? (length(var.service_account_name) > 0 ? var.service_account_name : "${var.prefix}-sa-${local.suffix}") : ""
1618
service_account_json_key = var.global ? jsondecode(base64decode(module.lacework_agentless_scan_svc_account[0].private_key)) : jsondecode("{}")
1719
service_account_permissions = var.global ? toset([
@@ -45,6 +47,8 @@ resource "random_id" "uniq" {
4547

4648
data "lacework_user_profile" "current" {}
4749

50+
data "google_client_config" "default" {}
51+
4852
data "google_project" "selected" {}
4953

5054
resource "google_project_service" "required_apis" {
@@ -89,7 +93,7 @@ resource "google_secret_manager_secret" "agentless_orchestrate" {
8993
replication {
9094
user_managed {
9195
replicas {
92-
location = var.region
96+
location = local.region
9397
}
9498
}
9599
}
@@ -128,7 +132,7 @@ resource "google_storage_bucket" "lacework_bucket" {
128132
project = local.scanning_project_id
129133
name = "${var.prefix}-bucket-${local.suffix}"
130134
force_destroy = var.bucket_force_destroy
131-
location = var.region
135+
location = local.region
132136

133137
uniform_bucket_level_access = var.bucket_enable_ubla
134138

@@ -363,7 +367,7 @@ resource "google_cloud_run_v2_job" "agentless_orchestrate" {
363367
count = var.regional ? 1 : 0
364368

365369
name = "${var.prefix}-service-${local.suffix}"
366-
location = var.region
370+
location = local.region
367371
launch_stage = "BETA"
368372
project = local.scanning_project_id
369373

@@ -409,7 +413,7 @@ resource "google_cloud_run_v2_job" "agentless_orchestrate" {
409413
}
410414
env {
411415
name = "SIDEKICK_REGION"
412-
value = var.region
416+
value = local.region
413417
}
414418
env {
415419
name = "GCP_SCANNER_PROJECT_ID"
@@ -450,13 +454,13 @@ resource "google_cloud_scheduler_job" "agentless_orchestrate" {
450454
name = "${var.prefix}-periodic-trigger-${local.suffix}"
451455
description = "Invoke Lacework Agentless Workload Scanning on a schedule."
452456
project = local.scanning_project_id
453-
region = var.region
457+
region = local.region
454458
schedule = "0 * * * *"
455459
time_zone = "Etc/UTC"
456460

457461
http_target {
458462
http_method = "POST"
459-
uri = "https://${var.region}-run.googleapis.com/apis/run.googleapis.com/v1/namespaces/${local.scanning_project_id}/jobs/${var.prefix}-service-${local.suffix}:run"
463+
uri = "https://${local.region}-run.googleapis.com/apis/run.googleapis.com/v1/namespaces/${local.scanning_project_id}/jobs/${var.prefix}-service-${local.suffix}:run"
460464

461465
oauth_token {
462466
service_account_email = data.google_compute_default_service_account.default.email

variables.tf

Lines changed: 0 additions & 6 deletions
Original file line numberDiff line numberDiff line change
@@ -165,12 +165,6 @@ variable "service_account_name" {
165165
description = "The name of the service account Lacework will use to access scan results."
166166
}
167167

168-
variable "region" {
169-
type = string
170-
default = "us-central1"
171-
description = "The region in which to create resources."
172-
}
173-
174168
variable "global_module_reference" {
175169
type = object({
176170
agentless_orchestrate_service_account_email = string

0 commit comments

Comments
 (0)