Skip to content

Commit e055db1

Browse files
miguelpaismiguelpais
committed
Fixing bugs
1 parent f26768d commit e055db1

File tree

1 file changed

+10
-11
lines changed
  • modules/vm-workload-scanning

1 file changed

+10
-11
lines changed

modules/vm-workload-scanning/main.tf

Lines changed: 10 additions & 11 deletions
Original file line numberDiff line numberDiff line change
@@ -55,11 +55,11 @@ resource "google_project_iam_binding" "controller_binding" {
5555
}
5656

5757
resource "google_iam_workload_identity_pool" "agentless" {
58-
workload_identity_pool_id = "sysdig-wl-${local.suffix}"
58+
workload_identity_pool_id = "sysdig-${local.suffix}"
5959
}
6060

6161
resource "google_iam_workload_identity_pool_provider" "agentless" {
62-
count = data.sysdig_secure_agentless_scanning_assets.assets.backend == "aws" ? 1 : 0
62+
count = data.sysdig_secure_agentless_scanning_assets.assets.backend.type == "aws" ? 1 : 0
6363

6464
project = var.project_id
6565
workload_identity_pool_id = google_iam_workload_identity_pool.agentless.workload_identity_pool_id
@@ -83,23 +83,23 @@ resource "google_iam_workload_identity_pool_provider" "agentless" {
8383
}
8484

8585
resource "google_service_account_iam_member" "controller_binding" {
86-
count = data.sysdig_secure_agentless_scanning_assets.assets.backend == "aws" ? 1 : 0
86+
count = data.sysdig_secure_agentless_scanning_assets.assets.backend.type == "aws" ? 1 : 0
8787

8888
service_account_id = google_service_account.controller.name
8989
role = "roles/iam.workloadIdentityUser"
9090
member = "principalSet://iam.googleapis.com/${google_iam_workload_identity_pool.agentless.name}/attribute.aws_account/${data.sysdig_secure_trusted_cloud_identity.trusted_identity.aws_account_id}"
9191
}
9292

9393
resource "google_iam_workload_identity_pool_provider" "agentless_gcp" {
94-
count = data.sysdig_secure_agentless_scanning_assets.assets.backend == "gcp" ? 1 : 0
94+
count = data.sysdig_secure_agentless_scanning_assets.assets.backend.type == "gcp" ? 1 : 0
9595

9696
workload_identity_pool_id = google_iam_workload_identity_pool.agentless.workload_identity_pool_id
97-
workload_identity_pool_provider_id = "sysdig-ws-${local.suffix}-gcp"
98-
display_name = "Sysdig Agentless Workload Controller"
97+
workload_identity_pool_provider_id = "sysdig-${local.suffix}"
98+
display_name = "Sysdig Agentless Workload"
9999
description = "GCP identity pool provider for Sysdig Secure Agentless Workload Scanning"
100100
disabled = false
101101

102-
attribute_condition = "google.subject == \"${data.sysdig_secure_agentless_scanning_assets.assets.backend.cloudId}\""
102+
attribute_condition = "google.subject == \"${data.sysdig_secure_agentless_scanning_assets.assets.backend.cloud_id}\""
103103

104104
attribute_mapping = {
105105
"google.subject" = "assertion.sub"
@@ -112,14 +112,13 @@ resource "google_iam_workload_identity_pool_provider" "agentless_gcp" {
112112
}
113113

114114
resource "google_service_account_iam_member" "controller_binding_gcp" {
115-
count = data.sysdig_secure_agentless_scanning_assets.assets.backend == "gcp" ? 1 : 0
115+
count = data.sysdig_secure_agentless_scanning_assets.assets.backend.type == "gcp" ? 1 : 0
116116

117117
service_account_id = google_service_account.controller.name
118118
role = "roles/iam.workloadIdentityUser"
119-
member = "principalSet://iam.googleapis.com/${google_iam_workload_identity_pool.agentless.name}/attribute.sa_id/${data.sysdig_secure_agentless_scanning_assets.assets.backend.cloudId}"
119+
member = "principalSet://iam.googleapis.com/${google_iam_workload_identity_pool.agentless.name}/attribute.sa_id/${data.sysdig_secure_agentless_scanning_assets.assets.backend.cloud_id}"
120120
}
121121

122-
123122
#--------------------------------------------------------------------------------------------------------------
124123
# Call Sysdig Backend to add the service-principal integration for VM Workload Scanning to the Sysdig Cloud Account
125124
#--------------------------------------------------------------------------------------------------------------
@@ -132,7 +131,7 @@ resource "sysdig_secure_cloud_auth_account_component" "google_service_principal"
132131
gcp = {
133132
workload_identity_federation = {
134133
pool_id = google_iam_workload_identity_pool.agentless.workload_identity_pool_id
135-
pool_provider_id = google_iam_workload_identity_pool_provider.agentless.workload_identity_pool_provider_id
134+
pool_provider_id = data.sysdig_secure_agentless_scanning_assets.assets.backend == "aws" ? google_iam_workload_identity_pool_provider.agentless[0].workload_identity_pool_provider_id : google_iam_workload_identity_pool_provider.agentless_gcp[0].workload_identity_pool_provider_id
136135
project_number = data.google_project.project.number
137136
}
138137
email = google_service_account.controller.email

0 commit comments

Comments
 (0)