example:organizational consolidation

README.md

@@ -101,15 +101,15 @@ Notice that:
 
   Workaround: Need to restore the identity pool/provider and then import them into terraform with
  ```bash
-# re-activate 
+# re-activate
 $ gcloud iam workload-identity-pools undelete sysdigcloud  --location=global
 
 # import to terraform state
 $ terraform import module.secure-for-cloud_example_single-project.module.cloud_bench.google_iam_workload_identity_pool.pool sysdigcloud
 $ terraform import module.secure-for-cloud_example_single-project.module.cloud_bench.google_iam_workload_identity_pool_provider.pool_provider sysdigcloud/sysdigcloud
  ```
-  
-  
+
+
 
 <br/><br/>
 ## Authors

examples/organization/README.md

@@ -87,7 +87,7 @@ module "secure-for-cloud_example_organization" {
 | <a name="input_create_gcr_topic"></a> [create\_gcr\_topic](#input\_create\_gcr\_topic) | Deploys a PubSub topic called `gcr` as part of this stack, which is needed for GCR scanning. Set to `true` only if it doesn't exist yet. If this is not deployed, and no existing `gcr` topic is found, the GCR scanning is ommited and won't be deployed. For more info see [GCR PubSub topic](https://cloud.google.com/container-registry/docs/configuring-notifications#create_a_topic). | `bool` | `true` | no |
 | <a name="input_location"></a> [location](#input\_location) | Zone where the stack will be deployed | `string` | `"us-central1"` | no |
 | <a name="input_max_instances"></a> [max\_instances](#input\_max\_instances) | Max number of instances for the workloads | `number` | `1` | no |
-| <a name="input_naming_prefix"></a> [naming\_prefix](#input\_naming\_prefix) | Naming prefix for all the resources created | `string` | `"secure-for-cloud"` | no |
+| <a name="input_naming_prefix"></a> [naming\_prefix](#input\_naming\_prefix) | Naming prefix for all the resources created | `string` | `"sfc"` | no |
 | <a name="input_sysdig_secure_endpoint"></a> [sysdig\_secure\_endpoint](#input\_sysdig\_secure\_endpoint) | Sysdig Secure API endpoint | `string` | `"https://secure.sysdig.com"` | no |
 
 ## Outputs

examples/organization/main.tf

@@ -132,5 +132,6 @@ module "cloud_bench" {
   for_each = toset(local.benchmark_projects_ids)
   source   = "../../modules/services/cloud-bench"
 
-  project_id = each.key
+  naming_prefix = var.naming_prefix
+  project_id    = each.key
 }

examples/organization/variables.tf

@@ -14,7 +14,9 @@ variable "project_id" {
   description = "organizational member project ID where the secure-for-cloud workload is going to be deployed"
 }
 
-# Vars with defaults
+# --------------------------
+# optionals, with defaults
+# --------------------------
 variable "location" {
   type        = string
   default     = "us-central1"
@@ -31,6 +33,11 @@ variable "naming_prefix" {
   type        = string
   description = "Naming prefix for all the resources created"
   default     = "sfc"
+
+  validation {
+    condition     = can(regex("^[a-z0-9_]+$", var.naming_prefix))
+    error_message = "ERROR: Invalid naming_prefix. must contain only lowercase letters (a-z) and numbers (0-9)."
+  }
 }
 
 variable "max_instances" {

examples/single-project/variables.tf

@@ -9,7 +9,9 @@ variable "project_id" {
   description = "Project ID"
 }
 
-# Vars with defaults
+# --------------------------
+# optionals, with defaults
+# --------------------------
 variable "location" {
   type        = string
   default     = "us-central1"
@@ -26,6 +28,11 @@ variable "naming_prefix" {
   type        = string
   description = "Naming prefix for all the resources created"
   default     = "sfc"
+
+  validation {
+    condition     = can(regex("^[a-z0-9_]+$", var.naming_prefix))
+    error_message = "ERROR: Invalid naming_prefix. must contain only lowercase letters (a-z) and numbers (0-9)."
+  }
 }
 
 variable "create_gcr_topic" {

modules/infrastructure/organization_sink/variables.tf

@@ -9,9 +9,16 @@ variable "organization_id" {
   description = "Numeric ID of the organization to be exported to the sink"
 }
 
-# Vars with defaults
+# --------------------------
+# optionals, with defaults
+# --------------------------
 variable "naming_prefix" {
   type        = string
   description = "Naming prefix for all the resources created"
   default     = "sfc"
+
+  validation {
+    condition     = can(regex("^[a-z0-9_]+$", var.naming_prefix))
+    error_message = "ERROR: Invalid naming_prefix. must contain only lowercase letters (a-z) and numbers (0-9)."
+  }
 }

modules/infrastructure/project_sink/variables.tf

@@ -4,9 +4,16 @@ variable "filter" {
   description = "Filter for project sink"
 }
 
-# Vars with defaults
+# --------------------------
+# optionals, with defaults
+# --------------------------
 variable "naming_prefix" {
   type        = string
   description = "Naming prefix for all the resources created"
   default     = "sfc"
+
+  validation {
+    condition     = can(regex("^[a-z0-9_]+$", var.naming_prefix))
+    error_message = "ERROR: Invalid naming_prefix. must contain only lowercase letters (a-z) and numbers (0-9)."
+  }
 }

modules/infrastructure/secrets/variables.tf

@@ -10,10 +10,16 @@ variable "sysdig_secure_api_token" {
   sensitive   = true
 }
 
-# Default vars
-
+# --------------------------
+# optionals, with defaults
+# --------------------------
 variable "naming_prefix" {
   type        = string
   description = "Naming prefix for all the resources created"
   default     = "sfc"
+
+  validation {
+    condition     = can(regex("^[a-z0-9_]+$", var.naming_prefix))
+    error_message = "ERROR: Invalid naming_prefix. must contain only lowercase letters (a-z) and numbers (0-9)."
+  }
 }

modules/services/cloud-bench/README.md

@@ -53,6 +53,7 @@ No modules.
 
 | Name | Description | Type | Default | Required |
 |------|-------------|------|---------|:--------:|
+| <a name="input_naming_prefix"></a> [naming\_prefix](#input\_naming\_prefix) | Naming prefix for all the resources created | `string` | `"sfc"` | no |
 | <a name="input_project_id"></a> [project\_id](#input\_project\_id) | ID of project to run the benchmark on | `string` | `""` | no |
 | <a name="input_regions"></a> [regions](#input\_regions) | List of regions in which to run the benchmark. If empty, the task will contain all regions by default. | `list(string)` | `[]` | no |
 | <a name="input_role_name"></a> [role\_name](#input\_role\_name) | The name of the Service Account that will be created. | `string` | `"sysdigcloudbench"` | no |

modules/services/cloud-bench/main.tf

@@ -98,15 +98,16 @@ resource "google_iam_workload_identity_pool" "pool" {
   project = var.project_id
 
   provider                  = google-beta
-  workload_identity_pool_id = "sysdigcloud"
+  workload_identity_pool_id = "${var.naming_prefix}-sysdigcloud"
+  display_name              = "sysdigcloud"
 }
 
 resource "google_iam_workload_identity_pool_provider" "pool_provider" {
   project = var.project_id
 
   provider                           = google-beta
   workload_identity_pool_id          = google_iam_workload_identity_pool.pool.workload_identity_pool_id
-  workload_identity_pool_provider_id = "sysdigcloud"
+  workload_identity_pool_provider_id = "${var.naming_prefix}-sysdigcloud"
   display_name                       = "Sysdigcloud"
   description                        = "Sysdig Secure for Cloud"
   disabled                           = false

modules/services/cloud-bench/variables.tf

@@ -15,3 +15,18 @@ variable "role_name" {
   description = "The name of the Service Account that will be created."
   default     = "sysdigcloudbench"
 }
+
+
+# --------------------------
+# optionals, with defaults
+# --------------------------
+variable "naming_prefix" {
+  type        = string
+  description = "Naming prefix for all the resources created"
+  default     = "sfc"
+
+  validation {
+    condition     = can(regex("^[a-z0-9_]+$", var.naming_prefix))
+    error_message = "ERROR: Invalid naming_prefix. must contain only lowercase letters (a-z) and numbers (0-9)."
+  }
+}

modules/services/cloud-connector/variables.tf

@@ -25,7 +25,9 @@ variable "project_id" {
   description = "organizational member project ID where the secure-for-cloud workload is going to be deployed"
 }
 
-# Vars with defaults
+# --------------------------
+# optionals, with defaults
+# --------------------------
 
 variable "verify_ssl" {
   type        = bool
@@ -55,6 +57,11 @@ variable "naming_prefix" {
   type        = string
   description = "Naming prefix for all the resources created"
   default     = "sfc"
+
+  validation {
+    condition     = can(regex("^[a-z0-9_]+$", var.naming_prefix))
+    error_message = "ERROR: Invalid naming_prefix. must contain only lowercase letters (a-z) and numbers (0-9)."
+  }
 }
 
 variable "max_instances" {

modules/services/cloud-scanning/variables.tf

@@ -35,7 +35,10 @@ variable "project_id" {
   description = "organizational member project ID where the secure-for-cloud workload is going to be deployed"
 }
 
-# vars with defaults
+
+# --------------------------
+# optionals, with defaults
+# --------------------------
 
 variable "verify_ssl" {
   type        = bool
@@ -65,6 +68,11 @@ variable "naming_prefix" {
   type        = string
   description = "Naming prefix for all the resources created"
   default     = "sfc"
+
+  validation {
+    condition     = can(regex("^[a-z0-9_]+$", var.naming_prefix))
+    error_message = "ERROR: Invalid naming_prefix. must contain only lowercase letters (a-z) and numbers (0-9)."
+  }
 }
 
 variable "max_instances" {