Merge pull request #14 from aquasecurity/support_custom_names

Add support for custom resource names

Author: Noamstrauss

.github/workflows/pr-checks.yaml

@@ -16,7 +16,18 @@ jobs:
         with:
           terraform_version: ${{ vars.TERRAFORM_VERSION }}
 
+      - name: Setup TFLint
+        uses: terraform-linters/setup-tflint@v1
+        with:
+          tflint_version: ${{ vars.TFLINT_VERSION }}
+
+      - name: Run TFLint
+        id: tflint
+        run: tflint --config .tflint.hcl -f compact
+        continue-on-error: true
+
       - name: Run tests for each example folder
+        id: terraform-checks
         run: |
           TEST_CASES=(
             examples/single-dedicated-project
@@ -27,6 +38,10 @@ jobs:
             examples/organization-dedicated-project
           )
 
+          format_check=true
+          init_check=true
+          validate_check=true
+
           for tcase in ${TEST_CASES[@]}; do
             echo "--> Running tests at $tcase"
             (
@@ -38,28 +53,35 @@ jobs:
                 sed -i 's/<REPLACE_ME>/dummy_value/g' *.tf
               fi
               echo "Terraform Format Check"
-              terraform fmt -check
+              terraform fmt -check || format_check=false
               echo "Terraform Init"
-              terraform init
+              terraform init || init_check=false
               echo "Terraform Validate"
-              terraform validate
+              terraform validate || validate_check=false
             ) || exit 1
           done
 
+          echo "format_check=$format_check" >> $GITHUB_OUTPUT
+          echo "init_check=$init_check" >> $GITHUB_OUTPUT
+          echo "validate_check=$validate_check" >> $GITHUB_OUTPUT
+
       - name: Comment PR with Terraform status
+        if: always()
         uses: actions/github-script@v7
         env:
-          FORMAT_CHECK: "Terraform Format Check"
-          INIT_CHECK: "Terraform Init"
-          VALIDATE_CHECK: "Terraform Validate"
+          FORMAT_CHECK: ${{ steps.terraform-checks.outputs.format_check == 'true' && '✅' || '❌' }}
+          INIT_CHECK: ${{ steps.terraform-checks.outputs.init_check == 'true' && '✅' || '❌' }}
+          VALIDATE_CHECK: ${{ steps.terraform-checks.outputs.validate_check == 'true' && '✅' || '❌' }}
+          TFLINT_CHECK: ${{ steps.tflint.outcome == 'success' && '✅' || '❌' }}
         with:
           github-token: ${{ secrets.GITHUB_TOKEN }}
           script: |
             const output = `#### Terraform Validation Results:
 
-            ${{ env.FORMAT_CHECK }} ✅
-            ${{ env.INIT_CHECK }} ✅
-            ${{ env.VALIDATE_CHECK }} ✅
+            Terraform Format Check ${{ env.FORMAT_CHECK }}
+            Terraform Init ${{ env.INIT_CHECK }}
+            Terraform Validate ${{ env.VALIDATE_CHECK }}
+            TFLint Check ${{ env.TFLINT_CHECK }}
 
             *Pusher: @${{ github.actor }}, Action: \`${{ github.event_name }}\`, Working Directory: \`${{ env.tf_actions_working_dir }}\`, Workflow: \`${{ github.workflow }}\`*`;
 
@@ -68,4 +90,15 @@ jobs:
               owner: context.repo.owner,
               repo: context.repo.repo,
               body: output
-            })
+            })
+
+      - name: Fail if any checks failed
+        if: always()
+        run: |
+          if [[ "${{ steps.terraform-checks.outputs.format_check }}" != "true" || \
+                "${{ steps.terraform-checks.outputs.init_check }}" != "true" || \
+                "${{ steps.terraform-checks.outputs.validate_check }}" != "true" || \
+                "${{ steps.tflint.outcome }}" != "success" ]]; then
+            echo "One or more Terraform checks failed"
+            exit 1
+          fi

.tflint.hcl

@@ -0,0 +1,9 @@
+rule "terraform_required_providers" {
+  enabled = false
+  source = false
+  version = false
+}
+
+rule "terraform_required_version" {
+  enabled = false
+}

README.md

@@ -123,6 +123,8 @@ module "aqua_gcp_projects_attachment" {
   onboarding_workload_identity_pool_provider_id = module.aqua_gcp_onboarding.workload_identity_pool_provider_id # Referencing outputs from the onboarding module
   onboarding_project_number                     = module.aqua_gcp_onboarding.project_number                     # Referencing outputs from the onboarding module
   onboarding_project_id                         = module.aqua_gcp_onboarding.project_id                         # Referencing outputs from the onboarding module
+  onboarding_firewall_name                      = module.aqua_gcp_onboarding.custom_firewall_name               # Referencing outputs from the onboarding module
+  onboarding_dedicated_project_name             = module.aqua_gcp_dedicated_project.project_id                  # Referencing outputs from the dedicated_project module
   depends_on                                    = [module.aqua_gcp_onboarding]
 }
 

examples/organization-dedicated-project/main.tf

@@ -97,6 +97,7 @@ module "aqua_gcp_projects_attachment" {
   onboarding_workload_identity_pool_id          = module.aqua_gcp_onboarding[each.value].workload_identity_pool_id          # Referencing outputs from the onboarding module
   onboarding_workload_identity_pool_provider_id = module.aqua_gcp_onboarding[each.value].workload_identity_pool_provider_id # Referencing outputs from the onboarding module
   onboarding_project_number                     = module.aqua_gcp_onboarding[each.value].project_number                     # Referencing outputs from the onboarding module
+  onboarding_firewall_name                      = module.aqua_gcp_onboarding[each.value].custom_firewall_name               # Referencing outputs from the onboarding module
   onboarding_project_id                         = local.project_id
   depends_on                                    = [module.aqua_gcp_onboarding, module.aqua_gcp_cspm_iam]
 }

examples/organization-same-project-list/main.tf

@@ -113,6 +113,7 @@ module "aqua_gcp_projects_attachment" {
   onboarding_workload_identity_pool_id          = module.aqua_gcp_onboarding[each.value].workload_identity_pool_id          # Referencing outputs from the onboarding module
   onboarding_workload_identity_pool_provider_id = module.aqua_gcp_onboarding[each.value].workload_identity_pool_provider_id # Referencing outputs from the onboarding module
   onboarding_project_number                     = module.aqua_gcp_onboarding[each.value].project_number                     # Referencing outputs from the onboarding module
+  onboarding_firewall_name                      = module.aqua_gcp_onboarding[each.value].custom_firewall_name               # Referencing outputs from the onboarding module
   onboarding_project_id                         = local.project_id
   depends_on                                    = [module.aqua_gcp_onboarding, module.aqua_gcp_cspm_iam]
 }

examples/organization-same-project/main.tf

@@ -96,6 +96,8 @@ module "aqua_gcp_project_attachment" {
   onboarding_workload_identity_pool_provider_id = module.aqua_gcp_onboarding.workload_identity_pool_provider_id # Referencing outputs from the onboarding module
   onboarding_project_number                     = module.aqua_gcp_onboarding.project_number                     # Referencing outputs from the onboarding module
   onboarding_project_id                         = module.aqua_gcp_onboarding.project_id                         # Referencing outputs from the onboarding module
+  onboarding_firewall_name                      = module.aqua_gcp_onboarding.custom_firewall_name               # Referencing outputs from the onboarding module
+  onboarding_dedicated_project_name             = module.aqua_gcp_dedicated_project.project_id                  # Referencing outputs from the dedicated_project module
   depends_on                                    = [module.aqua_gcp_onboarding]
 }
 
@@ -136,6 +138,8 @@ module "aqua_gcp_additional_project_attachment" {
   onboarding_workload_identity_pool_id          = module.aqua_gcp_onboarding.workload_identity_pool_id          # Referencing outputs from the onboarding module
   onboarding_workload_identity_pool_provider_id = module.aqua_gcp_onboarding.workload_identity_pool_provider_id # Referencing outputs from the onboarding module
   onboarding_project_number                     = module.aqua_gcp_onboarding.project_number                     # Referencing outputs from the onboarding module
+  onboarding_firewall_name                      = module.aqua_gcp_onboarding.custom_firewall_name               # Referencing outputs from the onboarding module
+  onboarding_dedicated_project_name             = module.aqua_gcp_dedicated_project.project_id                  # Referencing outputs from the dedicated_project module
   onboarding_project_id                         = module.aqua_gcp_onboarding.project_id                         # Referencing outputs from the onboarding module
   depends_on                                    = [module.aqua_gcp_onboarding]
 }

examples/single-dedicated-project-addition/main.tf

@@ -96,6 +96,8 @@ module "aqua_gcp_project_attachment" {
   onboarding_workload_identity_pool_provider_id = module.aqua_gcp_onboarding.workload_identity_pool_provider_id # Referencing outputs from the onboarding module
   onboarding_project_number                     = module.aqua_gcp_onboarding.project_number                     # Referencing outputs from the onboarding module
   onboarding_project_id                         = module.aqua_gcp_onboarding.project_id                         # Referencing outputs from the onboarding module
+  onboarding_firewall_name                      = module.aqua_gcp_onboarding.custom_firewall_name               # Referencing outputs from the onboarding module
+  onboarding_dedicated_project_name             = module.aqua_gcp_dedicated_project.project_id                  # Referencing outputs from the dedicated_project module
   depends_on                                    = [module.aqua_gcp_onboarding]
 }
 

examples/single-dedicated-project/main.tf

@@ -75,6 +75,7 @@ module "aqua_gcp_project_attachment" {
   onboarding_workload_identity_pool_provider_id = module.aqua_gcp_onboarding.workload_identity_pool_provider_id # Referencing outputs from the onboarding module
   onboarding_project_number                     = module.aqua_gcp_onboarding.project_number                     # Referencing outputs from the onboarding module
   onboarding_project_id                         = module.aqua_gcp_onboarding.project_id                         # Referencing outputs from the onboarding module
+  onboarding_firewall_name                      = module.aqua_gcp_onboarding.custom_firewall_name               # Referencing outputs from the onboarding module
   depends_on                                    = [module.aqua_gcp_onboarding]
 }
 

examples/single-same-project/main.tf

@@ -9,14 +9,14 @@ locals {
   project_id     = data.google_project.project.project_id
 
   # Resource naming locals
-  identity_pool_name          = var.identity_pool_name != null ? var.identity_pool_name : "aqua-agentless-pool-${var.aqua_tenant_id}"
-  identity_pool_provider_name = var.identity_pool_provider_name != null ? var.identity_pool_provider_name : "agentless-provider-${var.aqua_tenant_id}"
-  service_account_name        = var.service_account_name != null ? var.service_account_name : "aqua-agentless-sa-${var.aqua_tenant_id}"
-  cspm_service_account_name   = var.cspm_service_account_name != null ? var.cspm_service_account_name : "aqua-cspm-scanner-${var.aqua_tenant_id}"
-  firewall_name               = var.dedicated_project ? "${local.project_id}--rules-aqua-aas" : "${local.project_id}-rules-${var.aqua_tenant_id}-aqua-aas"
-  network_name                = var.dedicated_project ? "${local.project_id}-network" : "${local.project_id}-network-${var.aqua_tenant_id}"
-  topic_name                  = var.topic_name != null ? var.topic_name : (var.dedicated_project ? "${local.project_id}-topic" : "${local.project_id}-topic-${var.aqua_tenant_id}")
-  sink_name                   = var.sink_name != null ? var.sink_name : (var.dedicated_project ? "${local.project_id}-sink" : "${local.project_id}-sink-${var.aqua_tenant_id}")
-  workflow_name               = var.workflow_name != null ? var.workflow_name : (var.dedicated_project ? "${local.project_id}-workflow" : "${local.project_id}-workflow-${var.aqua_tenant_id}")
-  trigger_name                = var.trigger_name != null ? var.trigger_name : (var.dedicated_project ? "${local.project_id}-trigger" : "${local.project_id}-trigger-${var.aqua_tenant_id}")
+  identity_pool_name          = var.identity_pool_name != "" ? var.identity_pool_name : "aqua-agentless-pool-${var.aqua_tenant_id}"
+  identity_pool_provider_name = var.identity_pool_provider_name != "" ? var.identity_pool_provider_name : "agentless-provider-${var.aqua_tenant_id}"
+  service_account_name        = var.service_account_name != "" ? var.service_account_name : "aqua-agentless-sa-${var.aqua_tenant_id}"
+  cspm_service_account_name   = var.cspm_service_account_name != "" ? var.cspm_service_account_name : "aqua-cspm-scanner-${var.aqua_tenant_id}"
+  firewall_name               = var.firewall_name != "" ? var.firewall_name : (var.dedicated_project ? "${local.project_id}--rules-aqua-aas" : "${local.project_id}-rules-${var.aqua_tenant_id}-aqua-aas")
+  network_name                = var.network_name != "" ? var.network_name : (var.dedicated_project ? "${local.project_id}-network" : "${local.project_id}-network-${var.aqua_tenant_id}")
+  topic_name                  = var.topic_name != "" ? var.topic_name : (var.dedicated_project ? "${local.project_id}-topic" : "${local.project_id}-topic-${var.aqua_tenant_id}")
+  sink_name                   = var.sink_name != "" ? var.sink_name : (var.dedicated_project ? "${local.project_id}-sink" : "${local.project_id}-sink-${var.aqua_tenant_id}")
+  workflow_name               = var.workflow_name != "" ? var.workflow_name : (var.dedicated_project ? "${local.project_id}-workflow" : "${local.project_id}-workflow-${var.aqua_tenant_id}")
+  trigger_name                = var.trigger_name != "" ? var.trigger_name : (var.dedicated_project ? "${local.project_id}-trigger" : "${local.project_id}-trigger-${var.aqua_tenant_id}")
 }