Skip to content

Commit 5e85d6a

Browse files
jose-pablo-camachojose-pablo-camacho
authored
SSPROD-56865 - add dynamic org support (#66)
1 parent bb2119e commit 5e85d6a

File tree

4 files changed

+26
-12
lines changed

4 files changed

+26
-12
lines changed

modules/onboarding/README.md

Lines changed: 12 additions & 11 deletions
Original file line numberDiff line numberDiff line change
@@ -72,17 +72,18 @@ resource |
7272

7373
## Inputs
7474

75-
| Name | Description | Type | Default | Required |
76-
|-----------------------------------------------------------------------------------------------|----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|---------------|---------|:--------:|
77-
| <a name="input_is_organizational"></a> [is\_organizational](#input\_is\_organizational) | (Optional) Set this field to 'true' to deploy secure-for-cloud to a GCP Organization. | `bool` | `false` | no |
78-
| <a name="input_organization_domain"></a> [organization\_domain](#input\_organization\_domain) | Organization domain. e.g. sysdig.com | `string` | `""` | no |
79-
| <a name="input_project_id"></a> [project\_id](#input\_project\_id) | (Required) Target Project identifier provided by the customer | `string` | n/a | yes |
80-
| <a name="input_suffix"></a> [suffix](#input\_suffix) | (Optional) Suffix to uniquely identify resources during multiple installs. If not provided, random value is autogenerated | `string` | `null` | no |
81-
| <a name="input_management_group_ids"></a> [suffix](#input\_management\_group\_ids) | TO BE DEPRECATED on 30th November, 2025: Please work with Sysdig to migrate to using `include_folders` instead.<br>List of management group ids w.r.t an org install. If not provided, set to empty by default | `set(string)` | `[]` | no |
82-
| <a name="input_include_folders"></a> [suffix](#input\_include\_folders) | folders to include for organization in the format 'folders/{folder_id}'. i.e: folders/123456789012 | `set(string)` | `[]` | no |
83-
| <a name="input_exclude_folders"></a> [suffix](#input\_exclude\_folders) | folders to exclude for organization in the format 'folders/{folder_id}'. i.e: folders/123456789012 | `set(string)` | `[]` | no |
84-
| <a name="input_include_projects"></a> [suffix](#input\_include\_projects) | projects to include for organization. i.e: my-project-id | `set(string)` | `[]` | no |
85-
| <a name="input_exclude_projects"></a> [suffix](#input\_exclude\_projects) | projects to exclude for organization. i.e: my-project-id | `set(string)` | `[]` | no |
75+
| Name | Description | Type | Default | Required |
76+
|-------------------------------------------------------------------------------------------------------------------------|----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|---------------|---------|:--------:|
77+
| <a name="input_is_organizational"></a> [is\_organizational](#input\_is\_organizational) | (Optional) Set this field to 'true' to deploy secure-for-cloud to a GCP Organization. | `bool` | `false` | no |
78+
| <a name="input_organization_domain"></a> [organization\_domain](#input\_organization\_domain) | Organization domain. e.g. sysdig.com | `string` | `""` | no |
79+
| <a name="input_project_id"></a> [project\_id](#input\_project\_id) | (Required) Target Project identifier provided by the customer | `string` | n/a | yes |
80+
| <a name="input_suffix"></a> [suffix](#input\_suffix) | (Optional) Suffix to uniquely identify resources during multiple installs. If not provided, random value is autogenerated | `string` | `null` | no |
81+
| <a name="input_management_group_ids"></a> [suffix](#input\_management\_group\_ids) | TO BE DEPRECATED on 30th November, 2025: Please work with Sysdig to migrate to using `include_folders` instead.<br>List of management group ids w.r.t an org install. If not provided, set to empty by default | `set(string)` | `[]` | no |
82+
| <a name="input_include_folders"></a> [suffix](#input\_include\_folders) | folders to include for organization in the format 'folders/{folder_id}'. i.e: folders/123456789012 | `set(string)` | `[]` | no |
83+
| <a name="input_exclude_folders"></a> [suffix](#input\_exclude\_folders) | folders to exclude for organization in the format 'folders/{folder_id}'. i.e: folders/123456789012 | `set(string)` | `[]` | no |
84+
| <a name="input_include_projects"></a> [suffix](#input\_include\_projects) | projects to include for organization. i.e: my-project-id | `set(string)` | `[]` | no |
85+
| <a name="input_exclude_projects"></a> [suffix](#input\_exclude\_projects) | projects to exclude for organization. i.e: my-project-id | `set(string)` | `[]` | no |
86+
| <a name="input_enable_automatic_onboarding"></a> [enable\_automatic\_onboarding](#input\_enable\_automatic\_onboarding) | true/false whether whether Sysdig should automatically discover latest set of accounts in onboarded organization or not | `bool` | `false` | no |
8687

8788
## Outputs
8889

modules/onboarding/organizational.tf

Lines changed: 4 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -36,8 +36,12 @@ resource "sysdig_secure_organization" "google_organization" {
3636
excluded_organizational_groups = local.check_old_management_group_ids_param ? [] : local.prefixed_exclude_folders
3737
included_cloud_accounts = local.check_old_management_group_ids_param ? [] : var.include_projects
3838
excluded_cloud_accounts = local.check_old_management_group_ids_param ? [] : var.exclude_projects
39+
automatic_onboarding = var.enable_automatic_onboarding
3940
depends_on = [
4041
google_organization_iam_member.browser,
4142
sysdig_secure_cloud_auth_account.google_account
4243
]
44+
lifecycle {
45+
ignore_changes = [automatic_onboarding]
46+
}
4347
}

modules/onboarding/variables.tf

Lines changed: 7 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -53,4 +53,10 @@ variable "exclude_projects" {
5353
description = "(Optional) projects id to exclude for organization i.e: my-project-id"
5454
type = set(string)
5555
default = []
56-
}
56+
}
57+
58+
variable "enable_automatic_onboarding" {
59+
type = bool
60+
default = false
61+
description = "true/false whether Sysdig should automatically discover latest set of accounts in onboarded organization or not"
62+
}

test/examples/modular_organization/onboarding_with_posture.tf

Lines changed: 3 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -31,6 +31,9 @@ module "onboarding" {
3131
exclude_folders = []
3232
include_projects = ["<project-id-1>", "<project-id-2>"]
3333
exclude_projects = ["<project-id-3>", "<project-id-4>"]
34+
35+
# optionally pass automatic onboarding for orgs (defaults to false)
36+
enable_automatic_onboarding = false
3437
}
3538

3639
module "config-posture" {

0 commit comments

Comments
 (0)