Skip to content

Commit e2e70e7

Browse files
jose-pablo-camachojose-pablo-camacho
committed
SSPROD-55652 - feat: add support for include/exclude params
1 parent 2842f17 commit e2e70e7

File tree

14 files changed

+270
-31
lines changed

14 files changed

+270
-31
lines changed

modules/agentless-scan/README.md

Lines changed: 11 additions & 7 deletions
Original file line numberDiff line numberDiff line change
@@ -71,13 +71,17 @@ No modules.
7171

7272
## Inputs
7373

74-
| Name | Description | Type | Default | Required |
75-
|----------------------------------------------------------------------------------------------------------------------|-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|----------------|-----------------------------|:--------:|
76-
| <a name="input_project_id"></a> [project\_id](#input\_project\_id) | GCP Project ID | `string` | n/a | yes |
77-
| <a name="input_is_organizational"></a> [is\_organizational](#input\_is\_organizational) | Optional. Determines whether module must scope whole organization. Otherwise single project will be scoped | `bool` | `false` | no |
78-
| <a name="input_organization_domain"></a> [organization\_domain](#input\_organization\_domain) | Optional. If `is_organizational=true` is set, its mandatory to specify this value, with the GCP Organization domain. e.g. sysdig.com | `string` | `null` | no |
79-
| <a name="input_sysdig_secure_account_id"></a> [sysdig\_secure\_account\_id](#input\_sysdig\_secure\_account\_id) | ID of the Sysdig Cloud Account to enable Agentless Scanning integration for (in case of organization, ID of the Sysdig management account) | `string` | `null` | no |
80-
| <a name="input_suffix"></a> [suffix](#input\_suffix) | Optional. Suffix word to enable multiple deployments with different naming<br/>(Workload Identity Pool and Providers have a soft deletion on Google Platform that will disallow name re-utilization)<br/>By default a random value will be autogenerated. | `string` | `null` | no |
74+
| Name | Description | Type | Default | Required |
75+
|------------------------------------------------------------------------------------------------------------------|-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|---------------|---------|:--------:|
76+
| <a name="input_project_id"></a> [project\_id](#input\_project\_id) | GCP Project ID | `string` | n/a | yes |
77+
| <a name="input_is_organizational"></a> [is\_organizational](#input\_is\_organizational) | Optional. Determines whether module must scope whole organization. Otherwise single project will be scoped | `bool` | `false` | no |
78+
| <a name="input_organization_domain"></a> [organization\_domain](#input\_organization\_domain) | Optional. If `is_organizational=true` is set, its mandatory to specify this value, with the GCP Organization domain. e.g. sysdig.com | `string` | `null` | no |
79+
| <a name="input_sysdig_secure_account_id"></a> [sysdig\_secure\_account\_id](#input\_sysdig\_secure\_account\_id) | ID of the Sysdig Cloud Account to enable Agentless Scanning integration for (in case of organization, ID of the Sysdig management account) | `string` | `null` | no |
80+
| <a name="input_suffix"></a> [suffix](#input\_suffix) | Optional. Suffix word to enable multiple deployments with different naming<br/>(Workload Identity Pool and Providers have a soft deletion on Google Platform that will disallow name re-utilization)<br/>By default a random value will be autogenerated. | `string` | `null` | no |
81+
| <a name="input_include_folders"></a> [suffix](#input\_include\_folders) | folders to include for organization | `set(string)` | `[]` | no |
82+
| <a name="input_exclude_folders"></a> [suffix](#input\_exclude\_folders) | folders to exclude for organization | `set(string)` | `[]` | no |
83+
| <a name="input_include_projects"></a> [suffix](#input\_include\_projects) | projects to include for organization | `set(string)` | `[]` | no |
84+
| <a name="input_exclude_projects"></a> [suffix](#input\_exclude\_projects) | projects to exclude for organization | `set(string)` | `[]` | no |
8185

8286
## Outputs
8387

modules/agentless-scan/variables.tf

Lines changed: 24 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -25,3 +25,27 @@ variable "suffix" {
2525
description = "Suffix to uniquely identify resources during multiple installs. If not provided, random value is autogenerated."
2626
default = null
2727
}
28+
29+
variable "include_folders" {
30+
description = "(Optional) folders to include for organization"
31+
type = set(string)
32+
default = []
33+
}
34+
35+
variable "exclude_folders" {
36+
description = "(Optional) folders to exclude for organization"
37+
type = set(string)
38+
default = []
39+
}
40+
41+
variable "include_projects" {
42+
description = "(Optional) projects to include for organization"
43+
type = set(string)
44+
default = []
45+
}
46+
47+
variable "exclude_projects" {
48+
description = "(Optional) projects to exclude for organization"
49+
type = set(string)
50+
default = []
51+
}

modules/config-posture/README.md

Lines changed: 11 additions & 7 deletions
Original file line numberDiff line numberDiff line change
@@ -55,13 +55,17 @@ No modules.
5555

5656
## Inputs
5757

58-
| Name | Description | Type | Default | Required |
59-
|------------------------------------------------------------------------------------------------------------------|---------------------------------------------------------------------------------------------------------------------------|------|-----------------------------------------------|:--------:|
60-
| <a name="input_is_organizational"></a> [is\_organizational](#input\_is\_organizational) | (Optional) Set this field to 'true' to deploy secure-for-cloud to a GCP Organization. | `bool` | `false` | no |
61-
| <a name="input_organization_domain"></a> [organization\_domain](#input\_organization\_domain) | Organization domain. e.g. sysdig.com | `string` | `""` | no |
62-
| <a name="input_project_id"></a> [project\_id](#input\_project\_id) | (Required) Target Project identifier provided by the customer | `string` | n/a | yes |
63-
| <a name="input_suffix"></a> [suffix](#input\_suffix) | (Optional) Suffix to uniquely identify resources during multiple installs. If not provided, random value is autogenerated | `string` | `null` | no |
64-
| <a name="input_sysdig_secure_account_id"></a> [sysdig\_secure\_account\_id](#input\_sysdig\_secure\_account\_id) | (Required) The GUID of the management project or single project per sysdig representation | `string` | n/a | yes |
58+
| Name | Description | Type | Default | Required |
59+
|------------------------------------------------------------------------------------------------------------------|---------------------------------------------------------------------------------------------------------------------------|---------------|---------|:--------:|
60+
| <a name="input_is_organizational"></a> [is\_organizational](#input\_is\_organizational) | (Optional) Set this field to 'true' to deploy secure-for-cloud to a GCP Organization. | `bool` | `false` | no |
61+
| <a name="input_organization_domain"></a> [organization\_domain](#input\_organization\_domain) | Organization domain. e.g. sysdig.com | `string` | `""` | no |
62+
| <a name="input_project_id"></a> [project\_id](#input\_project\_id) | (Required) Target Project identifier provided by the customer | `string` | n/a | yes |
63+
| <a name="input_suffix"></a> [suffix](#input\_suffix) | (Optional) Suffix to uniquely identify resources during multiple installs. If not provided, random value is autogenerated | `string` | `null` | no |
64+
| <a name="input_sysdig_secure_account_id"></a> [sysdig\_secure\_account\_id](#input\_sysdig\_secure\_account\_id) | (Required) The GUID of the management project or single project per sysdig representation | `string` | n/a | yes |
65+
| <a name="input_include_folders"></a> [suffix](#input\_include\_folders) | folders to include for organization | `set(string)` | `[]` | no |
66+
| <a name="input_exclude_folders"></a> [suffix](#input\_exclude\_folders) | folders to exclude for organization | `set(string)` | `[]` | no |
67+
| <a name="input_include_projects"></a> [suffix](#input\_include\_projects) | projects to include for organization | `set(string)` | `[]` | no |
68+
| <a name="input_exclude_projects"></a> [suffix](#input\_exclude\_projects) | projects to exclude for organization | `set(string)` | `[]` | no |
6569

6670
## Outputs
6771

modules/config-posture/variables.tf

Lines changed: 24 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -24,4 +24,28 @@ variable "suffix" {
2424
variable "sysdig_secure_account_id" {
2525
type = string
2626
description = "ID of the Sysdig Cloud Account to enable Config Posture for (in case of organization, ID of the Sysdig management account)"
27+
}
28+
29+
variable "include_folders" {
30+
description = "(Optional) folders to include for organization"
31+
type = set(string)
32+
default = []
33+
}
34+
35+
variable "exclude_folders" {
36+
description = "(Optional) folders to exclude for organization"
37+
type = set(string)
38+
default = []
39+
}
40+
41+
variable "include_projects" {
42+
description = "(Optional) projects to include for organization"
43+
type = set(string)
44+
default = []
45+
}
46+
47+
variable "exclude_projects" {
48+
description = "(Optional) projects to exclude for organization"
49+
type = set(string)
50+
default = []
2751
}

modules/integrations/pub-sub/README.md

Lines changed: 4 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -90,6 +90,10 @@ No modules.
9090
| <a name="ingestion_sink_filter"></a> [ingestion\_sink\_filter](#input\_ingestion\_sink\_filter) | Filter the Sink is set up with. Ingests AuditLogs by default. | `string` | `protoPayload.@type = "type.googleapis.com/google.cloud.audit.AuditLog"` | no |
9191
| <a name="input_exclude_logs_filter"></a> [exclude\_logs\_filter](#input\_exclude\_logs\_filter) | Filter to exclude logs from ingestion. Default is to ingest all google.cloud.audit.AuditLog logs. with no exclusions. | <pre>list(object({<br> name = string,<br> description = optional(string),<br> filter = string,<br> disabled = optional(bool)<br> }))</pre> | `[]` | no |
9292
| <a name="input_sysdig_secure_account_id"></a> [sysdig\_secure\_account\_id](#input\_sysdig\_secure\_account\_id) | ID of the Sysdig Cloud Account to enable Event Bridge integration for (incase of organization, ID of the Sysdig management account) | `string` | `""` | no |
93+
| <a name="input_include_folders"></a> [suffix](#input\_include\_folders) | folders to include for organization | `set(string)` | `[]` | no |
94+
| <a name="input_exclude_folders"></a> [suffix](#input\_exclude\_folders) | folders to exclude for organization | `set(string)` | `[]` | no |
95+
| <a name="input_include_projects"></a> [suffix](#input\_include\_projects) | projects to include for organization | `set(string)` | `[]` | no |
96+
| <a name="input_exclude_projects"></a> [suffix](#input\_exclude\_projects) | projects to exclude for organization | `set(string)` | `[]` | no |
9397

9498
## Outputs
9599

0 commit comments

Comments
 (0)