feat: Addition of optional user supplied exclusion filters (#18)

djmctavish · web-flow · commit f4b059dc755d · 2023-04-25T13:52:47.000+01:00
diff --git a/README.md b/README.md
@@ -82,6 +82,7 @@ cloudresourcemanager.googleapis.com
 | Name | Description | Type | Default | Required |
 |------|-------------|------|---------|:--------:|
 | <a name="input_existing_sink_name"></a> [existing\_sink\_name](#input\_existing\_sink\_name) | The name of an existing sink to be re-used for this integration | `string` | `""` | no |
+ <a name="input_exclusion_filters"></a> [exclusion\_filters](#input\_exclusion\_filters) | Optional list of exclusion filters that can be passed to the integration to reduce logs | <pre>list(object({<br>  filter = string<br>  name  = string<br>  description = string<br>}))</pre> | `[]` | no |
 | <a name="input_integration_type"></a> [integration\_type](#input\_integration\_type) | Specify the integration type. Can only be PROJECT or ORGANIZATION. Defaults to PROJECT | `string` | `"PROJECT"` | no |
 | <a name="input_labels"></a> [labels](#input\_labels) | Set of labels which will be added to the resources managed by the module | `map(string)` | `{}` | no |
 | <a name="input_lacework_integration_name"></a> [lacework\_integration\_name](#input\_lacework\_integration\_name) | n/a | `string` | `"TF gke_audit_log"` | no |
diff --git a/examples/organization-level-gke-audit_with_filters/README.md b/examples/organization-level-gke-audit_with_filters/README.md
@@ -0,0 +1,37 @@
+# Integrate GCP Organization GKE Audit logs with Lacework
+The following provides an example of integrating a Google Cloud Project GKE Audit Logs with 
+Lacework for analysis.
+
+```hcl
+terraform {
+  required_providers {
+    lacework = {
+      source = "lacework/lacework"
+    }
+  }
+}
+
+provider "google" {}
+
+provider "lacework" {}
+
+module "gcp_organization_level_gke_audit_log" {
+  source           = "lacework/gke-audit-log/gcp"
+  version          = "~> 0.1"
+  integration_type = "ORGANIZATION"
+  project_id       = "example-project-123"
+  organization_id  = "example-org-123"
+  exclusion_filters = [
+    {
+      name        = "filter-1"
+      filter      = "protoPayload.resourceName=\"readyz\""
+      description = "Test Exclusion Filter 1 for readyz"
+    },
+    {
+      name        = "filter-2"
+      filter      = "protoPayload.resourceName=\"livez\""
+      description = "Test Exclusion Filter 2 for livez"
+    }
+  ]  
+}
+```
diff --git a/examples/organization-level-gke-audit_with_filters/main.tf b/examples/organization-level-gke-audit_with_filters/main.tf
@@ -0,0 +1,25 @@
+provider "google" {}
+
+provider "lacework" {}
+
+variable "organization_id" {
+  default = "my-organization-id"
+}
+
+module "gcp_organization_level_gke_audit_log" {
+  source     = "../../"
+  integration_type = "ORGANIZATION"
+  organization_id = var.organization_id
+  exclusion_filters = [
+    {
+      name        = "filter-1"
+      filter      = "protoPayload.resourceName=\"readyz\""
+      description = "Test Exclusion Filter 1 for readyz"
+    },
+    {
+      name        = "filter-2"
+      filter      = "protoPayload.resourceName=\"livez\""
+      description = "Test Exclusion Filter 2 for livez"
+    }
+  ]
+}
diff --git a/examples/organization-level-gke-audit_with_filters/versions.tf b/examples/organization-level-gke-audit_with_filters/versions.tf
@@ -0,0 +1,8 @@
+# required for Terraform 13
+terraform {
+  required_providers {
+    lacework = {
+      source = "lacework/lacework"
+    }
+  }
+}
diff --git a/examples/project-level-gke-audit_with_filters/README.md b/examples/project-level-gke-audit_with_filters/README.md
@@ -0,0 +1,36 @@
+# Integrate GCP Project GKE Audit logs with Lacework
+The following provides an example of integrating a Google Cloud Project GKE Audit Logs with 
+Lacework for analysis.
+
+```hcl
+terraform {
+  required_providers {
+    lacework = {
+      source = "lacework/lacework"
+    }
+  }
+}
+
+provider "google" {}
+
+provider "lacework" {}
+
+module "gcp_project_level_gke_audit" {
+  source           = "lacework/gke-audit-log/gcp"
+  version          = "~> 0.1"
+  integration_type = "PROJECT"
+  project_id       = "example-project-123"
+  exclusion_filters = [
+    {
+      name        = "filter-1"
+      filter      = "protoPayload.resourceName=\"readyz\""
+      description = "Test Exclusion Filter 1 for readyz"
+    },
+    {
+      name        = "filter-2"
+      filter      = "protoPayload.resourceName=\"livez\""
+      description = "Test Exclusion Filter 2 for livez"
+    }
+  ]  
+}
+```
diff --git a/examples/project-level-gke-audit_with_filters/main.tf b/examples/project-level-gke-audit_with_filters/main.tf
@@ -0,0 +1,21 @@
+provider "google" {}
+
+provider "lacework" {}
+
+module "gcp_project_level_gke_audit_log" {
+  source     = "../../"
+  integration_type = "PROJECT"
+  # project_id is set using GOOGLE_PROJECT env var
+  exclusion_filters = [
+    {
+      name        = "filter-1" 
+      filter      = "protoPayload.resourceName=\"readyz\""
+      description = "Test Exclusion Filter 1 for readyz"
+    },
+    {
+      name        = "filter-2" 
+      filter      = "protoPayload.resourceName=\"livez\""
+      description = "Test Exclusion Filter 2 for livez"
+    }
+  ]
+}
diff --git a/examples/project-level-gke-audit_with_filters/versions.tf b/examples/project-level-gke-audit_with_filters/versions.tf
@@ -0,0 +1,8 @@
+# required for Terraform 13
+terraform {
+  required_providers {
+    lacework = {
+      source = "lacework/lacework"
+    }
+  }
+}
diff --git a/main.tf b/main.tf
@@ -86,7 +86,8 @@ resource "google_logging_project_sink" "lacework_project_sink" {
   unique_writer_identity = true
 
   filter = local.log_filter
-
+  
+  # Standard exclusion filters
   exclusions {
     name        = "livezexclusion"
     description = "Exclude livez logs"
@@ -111,6 +112,16 @@ resource "google_logging_project_sink" "lacework_project_sink" {
     filter      = "protoPayload.resourceName=\"core/v1/namespaces/kube-system/configmaps/clustermetrics\" "
   }
 
+  # Additional user defined filters to exclude
+  dynamic "exclusions" {
+    for_each = var.exclusion_filters      
+    content {
+        name        = exclusions.value["name"]
+        description = exclusions.value["description"]
+        filter      = exclusions.value["filter"]
+    }
+  }
+
   depends_on = [google_pubsub_topic.lacework_topic]
 }
 
@@ -147,6 +158,17 @@ resource "google_logging_organization_sink" "lacework_organization_sink" {
     filter      = "protoPayload.resourceName=\"core/v1/namespaces/kube-system/configmaps/clustermetrics\" "
   }
 
+# Additional user defined filters to exclude
+  dynamic "exclusions" {
+    for_each = var.exclusion_filters      
+    content {
+        name        = exclusions.value["name"]
+        description = exclusions.value["description"]
+        filter      = exclusions.value["filter"]
+    }
+  }
+
+
   depends_on = [google_pubsub_topic.lacework_topic]
 }
 
diff --git a/variables.tf b/variables.tf
@@ -92,3 +92,13 @@ variable "pubsub_subscription_labels" {
   default     = {}
   description = "Set of labels which will be added to the subscription"
 }
+
+variable "exclusion_filters" {
+  type = list(object({
+    filter      = string
+    name        = string
+    description = string
+  }))
+  default     = []
+  description = "Set of filters that will be excluded from the audit log"
+} 
