fix(routing-key): enable routing key generation in a deterministic way

jose-pablo-camacho · jose-pablo-camacho · commit 5898506e995c · 2024-10-09T12:58:55.000-06:00
diff --git a/modules/integrations/pub-sub/main.tf b/modules/integrations/pub-sub/main.tf
@@ -22,14 +22,17 @@ data "google_project" "project" {
 
 data "sysdig_secure_tenant_external_id" "external_id" {}
 
-data "sysdig_secure_cloud_ingestion_assets" "assets" {}
+# data "sysdig_secure_cloud_ingestion_assets" "assets" {}
 
+data "sysdig_current_user" "user" {}
 #-----------------------------------------------------------------------------------------
 # These locals indicate the suffix to create unique name for resources
 #-----------------------------------------------------------------------------------------
 locals {
   suffix    = var.suffix == null ? random_id.suffix[0].hex : var.suffix
   role_name = "SysdigIngestionAuthRole"
+  key_name = "${var.project_id}-${data.sysdig_current_user.user.id}"
+  routing_key = uuidv5("oid", local.key_name)
 }
 
 
@@ -143,7 +146,8 @@ resource "google_pubsub_subscription" "ingestion_topic_push_subscription" {
   project                    = var.project_id
 
   push_config {
-    push_endpoint = data.sysdig_secure_cloud_ingestion_assets.assets.gcp_metadata.ingestionURL
+    push_endpoint = "https://app-staging.sysdigcloud.com/api/cloudingestion/gcp/v2/${local.routing_key}"
+#   push_endpoint = data.sysdig_secure_cloud_ingestion_assets.assets.gcp_metadata.ingestionURL
     attributes = {
       x-goog-version = "v1"
     }
@@ -256,7 +260,8 @@ resource "sysdig_secure_cloud_auth_account_component" "gcp_pubsub_datasource" {
         sink_name              = var.is_organizational ? google_logging_organization_sink.ingestion_sink[0].name : google_logging_project_sink.ingestion_sink[0].name
         push_subscription_name = google_pubsub_subscription.ingestion_topic_push_subscription.name
         push_endpoint          = google_pubsub_subscription.ingestion_topic_push_subscription.push_config[0].push_endpoint
-        routing_key            = data.sysdig_secure_cloud_ingestion_assets.assets.gcp_routing_key
+        routing_key            = local.routing_key
+#       routing_key            = data.sysdig_secure_cloud_ingestion_assets.assets.gcp_routing_key
       }
       service_principal = {
         workload_identity_federation = {
diff --git a/modules/integrations/pub-sub/outputs.tf b/modules/integrations/pub-sub/outputs.tf
@@ -2,4 +2,9 @@ output "pubsub_datasource_component_id" {
   value       = "${sysdig_secure_cloud_auth_account_component.gcp_pubsub_datasource.type}/${sysdig_secure_cloud_auth_account_component.gcp_pubsub_datasource.instance}"
   description = "Component identifier of Webhook Datasource integration created in Sysdig Backend for Log Ingestion"
   depends_on  = [sysdig_secure_cloud_auth_account_component.gcp_pubsub_datasource]
+}
+
+output "pubsub_datasource_routing_key" {
+  value = local.routing_key
+  description = "Component routing key identifier of Webhook Datasource"
 }
