Skip to content

Commit 86b1dc6

Browse files
jose-pablo-camachojose-pablo-camacho
committed
SSPROD-55652 - feat: add support for include/exclude params
1 parent e2e70e7 commit 86b1dc6

File tree

10 files changed

+6
-149
lines changed

10 files changed

+6
-149
lines changed

modules/agentless-scan/README.md

Lines changed: 0 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -78,10 +78,6 @@ No modules.
7878
| <a name="input_organization_domain"></a> [organization\_domain](#input\_organization\_domain) | Optional. If `is_organizational=true` is set, its mandatory to specify this value, with the GCP Organization domain. e.g. sysdig.com | `string` | `null` | no |
7979
| <a name="input_sysdig_secure_account_id"></a> [sysdig\_secure\_account\_id](#input\_sysdig\_secure\_account\_id) | ID of the Sysdig Cloud Account to enable Agentless Scanning integration for (in case of organization, ID of the Sysdig management account) | `string` | `null` | no |
8080
| <a name="input_suffix"></a> [suffix](#input\_suffix) | Optional. Suffix word to enable multiple deployments with different naming<br/>(Workload Identity Pool and Providers have a soft deletion on Google Platform that will disallow name re-utilization)<br/>By default a random value will be autogenerated. | `string` | `null` | no |
81-
| <a name="input_include_folders"></a> [suffix](#input\_include\_folders) | folders to include for organization | `set(string)` | `[]` | no |
82-
| <a name="input_exclude_folders"></a> [suffix](#input\_exclude\_folders) | folders to exclude for organization | `set(string)` | `[]` | no |
83-
| <a name="input_include_projects"></a> [suffix](#input\_include\_projects) | projects to include for organization | `set(string)` | `[]` | no |
84-
| <a name="input_exclude_projects"></a> [suffix](#input\_exclude\_projects) | projects to exclude for organization | `set(string)` | `[]` | no |
8581

8682
## Outputs
8783

modules/agentless-scan/variables.tf

Lines changed: 0 additions & 24 deletions
Original file line numberDiff line numberDiff line change
@@ -25,27 +25,3 @@ variable "suffix" {
2525
description = "Suffix to uniquely identify resources during multiple installs. If not provided, random value is autogenerated."
2626
default = null
2727
}
28-
29-
variable "include_folders" {
30-
description = "(Optional) folders to include for organization"
31-
type = set(string)
32-
default = []
33-
}
34-
35-
variable "exclude_folders" {
36-
description = "(Optional) folders to exclude for organization"
37-
type = set(string)
38-
default = []
39-
}
40-
41-
variable "include_projects" {
42-
description = "(Optional) projects to include for organization"
43-
type = set(string)
44-
default = []
45-
}
46-
47-
variable "exclude_projects" {
48-
description = "(Optional) projects to exclude for organization"
49-
type = set(string)
50-
default = []
51-
}

modules/config-posture/README.md

Lines changed: 0 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -62,10 +62,6 @@ No modules.
6262
| <a name="input_project_id"></a> [project\_id](#input\_project\_id) | (Required) Target Project identifier provided by the customer | `string` | n/a | yes |
6363
| <a name="input_suffix"></a> [suffix](#input\_suffix) | (Optional) Suffix to uniquely identify resources during multiple installs. If not provided, random value is autogenerated | `string` | `null` | no |
6464
| <a name="input_sysdig_secure_account_id"></a> [sysdig\_secure\_account\_id](#input\_sysdig\_secure\_account\_id) | (Required) The GUID of the management project or single project per sysdig representation | `string` | n/a | yes |
65-
| <a name="input_include_folders"></a> [suffix](#input\_include\_folders) | folders to include for organization | `set(string)` | `[]` | no |
66-
| <a name="input_exclude_folders"></a> [suffix](#input\_exclude\_folders) | folders to exclude for organization | `set(string)` | `[]` | no |
67-
| <a name="input_include_projects"></a> [suffix](#input\_include\_projects) | projects to include for organization | `set(string)` | `[]` | no |
68-
| <a name="input_exclude_projects"></a> [suffix](#input\_exclude\_projects) | projects to exclude for organization | `set(string)` | `[]` | no |
6965

7066
## Outputs
7167

modules/config-posture/variables.tf

Lines changed: 0 additions & 24 deletions
Original file line numberDiff line numberDiff line change
@@ -25,27 +25,3 @@ variable "sysdig_secure_account_id" {
2525
type = string
2626
description = "ID of the Sysdig Cloud Account to enable Config Posture for (in case of organization, ID of the Sysdig management account)"
2727
}
28-
29-
variable "include_folders" {
30-
description = "(Optional) folders to include for organization"
31-
type = set(string)
32-
default = []
33-
}
34-
35-
variable "exclude_folders" {
36-
description = "(Optional) folders to exclude for organization"
37-
type = set(string)
38-
default = []
39-
}
40-
41-
variable "include_projects" {
42-
description = "(Optional) projects to include for organization"
43-
type = set(string)
44-
default = []
45-
}
46-
47-
variable "exclude_projects" {
48-
description = "(Optional) projects to exclude for organization"
49-
type = set(string)
50-
default = []
51-
}

modules/integrations/pub-sub/README.md

Lines changed: 0 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -90,10 +90,6 @@ No modules.
9090
| <a name="ingestion_sink_filter"></a> [ingestion\_sink\_filter](#input\_ingestion\_sink\_filter) | Filter the Sink is set up with. Ingests AuditLogs by default. | `string` | `protoPayload.@type = "type.googleapis.com/google.cloud.audit.AuditLog"` | no |
9191
| <a name="input_exclude_logs_filter"></a> [exclude\_logs\_filter](#input\_exclude\_logs\_filter) | Filter to exclude logs from ingestion. Default is to ingest all google.cloud.audit.AuditLog logs. with no exclusions. | <pre>list(object({<br> name = string,<br> description = optional(string),<br> filter = string,<br> disabled = optional(bool)<br> }))</pre> | `[]` | no |
9292
| <a name="input_sysdig_secure_account_id"></a> [sysdig\_secure\_account\_id](#input\_sysdig\_secure\_account\_id) | ID of the Sysdig Cloud Account to enable Event Bridge integration for (incase of organization, ID of the Sysdig management account) | `string` | `""` | no |
93-
| <a name="input_include_folders"></a> [suffix](#input\_include\_folders) | folders to include for organization | `set(string)` | `[]` | no |
94-
| <a name="input_exclude_folders"></a> [suffix](#input\_exclude\_folders) | folders to exclude for organization | `set(string)` | `[]` | no |
95-
| <a name="input_include_projects"></a> [suffix](#input\_include\_projects) | projects to include for organization | `set(string)` | `[]` | no |
96-
| <a name="input_exclude_projects"></a> [suffix](#input\_exclude\_projects) | projects to exclude for organization | `set(string)` | `[]` | no |
9793

9894
## Outputs
9995

modules/integrations/pub-sub/test.log

Lines changed: 0 additions & 30 deletions
This file was deleted.

modules/integrations/pub-sub/variables.tf

Lines changed: 0 additions & 24 deletions
Original file line numberDiff line numberDiff line change
@@ -101,27 +101,3 @@ variable "sysdig_secure_account_id" {
101101
type = string
102102
description = "ID of the Sysdig Cloud Account to enable to enable Pub Sub integration for (incase of organization, ID of the Sysdig management account)"
103103
}
104-
105-
variable "include_folders" {
106-
description = "(Optional) folders to include for organization"
107-
type = set(string)
108-
default = []
109-
}
110-
111-
variable "exclude_folders" {
112-
description = "(Optional) folders to exclude for organization"
113-
type = set(string)
114-
default = []
115-
}
116-
117-
variable "include_projects" {
118-
description = "(Optional) projects to include for organization"
119-
type = set(string)
120-
default = []
121-
}
122-
123-
variable "exclude_projects" {
124-
description = "(Optional) projects to exclude for organization"
125-
type = set(string)
126-
default = []
127-
}

modules/onboarding/locals.tf

Lines changed: 6 additions & 6 deletions
Original file line numberDiff line numberDiff line change
@@ -1,10 +1,10 @@
11
locals {
22
# check if both old and new include/exclude org parameters are used, we fail early
33
both_org_configuration_params = var.is_organizational && length(var.management_group_ids) > 0 && (
4-
length(var.include_folders) > 0 ||
5-
length(var.exclude_folders) > 0 ||
6-
length(var.include_projects) > 0 ||
7-
length(var.exclude_projects) > 0
4+
length(var.include_folders) > 0 ||
5+
length(var.exclude_folders) > 0 ||
6+
length(var.include_projects) > 0 ||
7+
length(var.exclude_projects) > 0
88
)
99

1010
# check if old management_group_ids parameter is provided, for backwards compatibility we will always give preference to it
@@ -16,14 +16,14 @@ locals {
1616

1717
check "validate_org_configuration_params" {
1818
assert {
19-
condition = length(var.management_group_ids) == 0 # if this condition is false we throw warning
19+
condition = length(var.management_group_ids) == 0 # if this condition is false we throw warning
2020
error_message = <<-EOT
2121
WARNING: TO BE DEPRECATED 'management_group_ids': Please work with Sysdig to migrate your Terraform installs to use 'include_folders' instead.
2222
EOT
2323
}
2424

2525
assert {
26-
condition = !local.both_org_configuration_params # if this condition is false we throw error
26+
condition = !local.both_org_configuration_params # if this condition is false we throw error
2727
error_message = <<-EOT
2828
ERROR: If both management_group_ids and include_folders/exclude_folders/include_projects/exclude_projects variables are populated,
2929
ONLY management_group_ids will be considered. Please use only one of the two methods.

modules/vm-workload-scanning/README.md

Lines changed: 0 additions & 5 deletions
Original file line numberDiff line numberDiff line change
@@ -48,11 +48,6 @@ No modules.
4848
| organization_domain | (Optional) Organization domain. e.g. sysdig.com | string | "" | no |
4949
| role_name | Name for the Worker Role on the Customer infrastructure | string | "SysdigAgentlessWorkloadRole" | no |
5050
| sysdig_secure_account_id | ID of the Sysdig Cloud Account to enable VM Workload Scanning for (in case of organization, ID of the Sysdig management account) | string | n/a | yes |
51-
| <a name="input_include_folders"></a> [suffix](#input\_include\_folders) | folders to include for organization | `set(string)` | `[]` | no |
52-
| <a name="input_exclude_folders"></a> [suffix](#input\_exclude\_folders) | folders to exclude for organization | `set(string)` | `[]` | no |
53-
| <a name="input_include_projects"></a> [suffix](#input\_include\_projects) | projects to include for organization | `set(string)` | `[]` | no |
54-
| <a name="input_exclude_projects"></a> [suffix](#input\_exclude\_projects) | projects to exclude for organization | `set(string)` | `[]` | no |
55-
5651

5752
### Outputs
5853

modules/vm-workload-scanning/variables.tf

Lines changed: 0 additions & 24 deletions
Original file line numberDiff line numberDiff line change
@@ -26,27 +26,3 @@ variable "sysdig_secure_account_id" {
2626
type = string
2727
description = "ID of the Sysdig Cloud Account to enable Config Posture for (in case of organization, ID of the Sysdig management account)"
2828
}
29-
30-
variable "include_folders" {
31-
description = "(Optional) folders to include for organization"
32-
type = set(string)
33-
default = []
34-
}
35-
36-
variable "exclude_folders" {
37-
description = "(Optional) folders to exclude for organization"
38-
type = set(string)
39-
default = []
40-
}
41-
42-
variable "include_projects" {
43-
description = "(Optional) projects to include for organization"
44-
type = set(string)
45-
default = []
46-
}
47-
48-
variable "exclude_projects" {
49-
description = "(Optional) projects to exclude for organization"
50-
type = set(string)
51-
default = []
52-
}

0 commit comments

Comments
 (0)