From ebd7b44e5e4550a0a162290ca2c032427911c00c Mon Sep 17 00:00:00 2001 From: Jose Pablo Camacho Date: Thu, 9 Jan 2025 13:14:13 -0600 Subject: [PATCH 1/3] add(oci): support home region --- modules/config-posture/README.md | 21 ++++++++++--------- modules/config-posture/main.tf | 1 + modules/config-posture/variables.tf | 5 +++++ modules/onboarding/README.md | 20 ++++++++++-------- modules/onboarding/main.tf | 1 + modules/onboarding/outputs.tf | 5 +++++ modules/onboarding/variables.tf | 5 +++++ .../onboarding_cspm_compartment.tf | 2 ++ .../onboarding_cspm_tenancy.tf | 2 ++ 9 files changed, 43 insertions(+), 19 deletions(-) diff --git a/modules/config-posture/README.md b/modules/config-posture/README.md index 6abfb3f..ea2d761 100644 --- a/modules/config-posture/README.md +++ b/modules/config-posture/README.md @@ -13,11 +13,11 @@ The following resources will be created in each instrumented compartment/tenancy ## Requirements -| Name | Version | -|---------------------------------------------------------------------------|---------| -| [terraform](#requirement\_terraform) | >= 1.0.0 | +| Name | Version | +|---------------------------------------------------------------------------|-----------| +| [terraform](#requirement\_terraform) | >= 1.0.0 | | [oci](#requirement\_oci) | >= 6.19.0 | -| [sysdig](#requirement\_sysdig) | ~> 1.42 | +| [sysdig](#requirement\_sysdig) | ~> 1.42 | ## Providers @@ -42,12 +42,13 @@ resource | ## Inputs -| Name | Description | Type | Default | Required | -|------------------------------------------------------------------------------------------------------------------|---------------------------------------------------------------------------------------------------------------------------------------|----------|------------------|:--------:| -| [is\_organizational](#input\_is\_organizational) | (Optional) True/False whether secure-for-cloud should be deployed in an organizational setup | `bool` | `false` | no | -| [tenancy\_ocid](#input\_tenancy\_ocid) | (Required) Customer tenant OCID | `string` | n/a | yes | -| [compartment\_ocid](#input\_compartment\_ocid) | (Optional) Customer compartment OCID | `string` | `""` | no | -| [sysdig\_secure\_account\_id](#input\_sysdig\_secure\_account\_id) | (Required) ID of the Sysdig Cloud Account to enable Config Posture for (in case of organization, ID of the Sysdig management account) | `string` | n/a | yes | +| Name | Description | Type | Default | Required | +|------------------------------------------------------------------------------------------------------------------|---------------------------------------------------------------------------------------------------------------------------------------|----------|---------|:--------:| +| [is\_organizational](#input\_is\_organizational) | (Optional) True/False whether secure-for-cloud should be deployed in an organizational setup | `bool` | `false` | no | +| [tenancy\_ocid](#input\_tenancy\_ocid) | (Required) Customer tenant OCID | `string` | n/a | yes | +| [compartment\_ocid](#input\_compartment\_ocid) | (Optional) Customer compartment OCID | `string` | `""` | no | +| [sysdig\_secure\_account\_id](#input\_sysdig\_secure\_account\_id) | (Required) ID of the Sysdig Cloud Account to enable Config Posture for (in case of organization, ID of the Sysdig management account) | `string` | n/a | yes | +| [region](#input\_region) | (Required) Customer home region | `string` | n/a | yes | ## Outputs diff --git a/modules/config-posture/main.tf b/modules/config-posture/main.tf index 531986d..7b3412e 100644 --- a/modules/config-posture/main.tf +++ b/modules/config-posture/main.tf @@ -45,6 +45,7 @@ resource "sysdig_secure_cloud_auth_account_component" "oracle_service_principal" oci = { api_key = { user_id = data.sysdig_secure_trusted_oracle_app.config_posture.user_ocid + region = var.region } policy = { policy_id = oci_identity_policy.admit_cspm_policy.id diff --git a/modules/config-posture/variables.tf b/modules/config-posture/variables.tf index 8c8bc7d..ef92443 100644 --- a/modules/config-posture/variables.tf +++ b/modules/config-posture/variables.tf @@ -18,4 +18,9 @@ variable "compartment_ocid" { variable "sysdig_secure_account_id" { type = string description = "(Required) ID of the Sysdig Cloud Account to enable Config Posture for (in case of organization, ID of the Sysdig management account)" +} + +variable "region" { + type = string + description = "(Required) Customer home region" } \ No newline at end of file diff --git a/modules/onboarding/README.md b/modules/onboarding/README.md index 0b33807..d700734 100644 --- a/modules/onboarding/README.md +++ b/modules/onboarding/README.md @@ -20,11 +20,11 @@ Note: ## Requirements -| Name | Version | -|---------------------------------------------------------------------------|---------| -| [terraform](#requirement\_terraform) | >= 1.0.0 | +| Name | Version | +|---------------------------------------------------------------------------|-----------| +| [terraform](#requirement\_terraform) | >= 1.0.0 | | [oci](#requirement\_oci) | >= 6.19.0 | -| [sysdig](#requirement\_sysdig) | ~> 1.42 | +| [sysdig](#requirement\_sysdig) | ~> 1.42 | ## Providers @@ -51,11 +51,12 @@ resource | ## Inputs -| Name | Description | Type | Default | Required | -|-----------------------------------------------------------------------------------------|----------------------------------------------------------------------------------------------|----------|------------------|:--------:| -| [is\_organizational](#input\_is\_organizational) | (Optional) True/False whether secure-for-cloud should be deployed in an organizational setup | `bool` | `false` | no | -| [tenancy\_ocid](#input\_tenancy\_ocid) | (Required) Customer tenant OCID | `string` | n/a | yes | -| [compartment\_ocid](#input\_compartment\_ocid) | (Optional) Customer compartment OCID | `string` | `""` | no | +| Name | Description | Type | Default | Required | +|-----------------------------------------------------------------------------------------|----------------------------------------------------------------------------------------------|----------|---------|:--------:| +| [is\_organizational](#input\_is\_organizational) | (Optional) True/False whether secure-for-cloud should be deployed in an organizational setup | `bool` | `false` | no | +| [tenancy\_ocid](#input\_tenancy\_ocid) | (Required) Customer tenant OCID | `string` | n/a | yes | +| [compartment\_ocid](#input\_compartment\_ocid) | (Optional) Customer compartment OCID | `string` | `""` | no | +| [region](#input\_region) | (Required) Customer home region | `string` | n/a | yes | ## Outputs @@ -65,6 +66,7 @@ resource | | [is\_organizational](#output\_is\_organizational) | Boolean value to indicate if secure-for-cloud is deployed as an organization | | [tenancy\_ocid](#output\_tenancy\_ocid) | Customer tenant OCID | | [compartment\_ocid](#output_compartment\_ocid) | Customer compartment OCID | +| [region](#output\_region) | Customer home region | diff --git a/modules/onboarding/main.tf b/modules/onboarding/main.tf index bf97f0e..6c068a8 100644 --- a/modules/onboarding/main.tf +++ b/modules/onboarding/main.tf @@ -61,6 +61,7 @@ resource "sysdig_secure_cloud_auth_account" "oracle_account" { oci = { api_key = { user_id = data.sysdig_secure_trusted_oracle_app.onboarding.user_ocid + region = var.region } policy = { policy_id = oci_identity_policy.admit_onboarding_policy.id diff --git a/modules/onboarding/outputs.tf b/modules/onboarding/outputs.tf index 333e42c..717ec33 100644 --- a/modules/onboarding/outputs.tf +++ b/modules/onboarding/outputs.tf @@ -17,3 +17,8 @@ output "is_organizational" { value = var.is_organizational description = "Boolean value to indicate if secure-for-cloud is deployed to an entire Oracle organization or not" } + +output "region" { + value = var.region + description = "Customer home region" +} diff --git a/modules/onboarding/variables.tf b/modules/onboarding/variables.tf index b6d70e9..9bd4472 100644 --- a/modules/onboarding/variables.tf +++ b/modules/onboarding/variables.tf @@ -15,3 +15,8 @@ variable "compartment_ocid" { description = "(Optional) Customer compartment OCID" } +variable "region" { + type = string + description = "(Required) Customer home region" +} + diff --git a/tests/examples/modular_organization/onboarding_cspm_compartment.tf b/tests/examples/modular_organization/onboarding_cspm_compartment.tf index c4c6e02..eb3b39c 100644 --- a/tests/examples/modular_organization/onboarding_cspm_compartment.tf +++ b/tests/examples/modular_organization/onboarding_cspm_compartment.tf @@ -28,6 +28,7 @@ module "onboarding" { tenancy_ocid = "" compartment_ocid = "" is_organizational = true + region = "" } module "config-posture" { @@ -36,6 +37,7 @@ module "config-posture" { tenancy_ocid = module.onboarding.tenancy_ocid compartment_ocid = module.onboarding.compartment_ocid is_organizational = module.onboarding.is_organizational + region = module.onboarding.region } resource "sysdig_secure_cloud_auth_account_feature" "config_posture" { diff --git a/tests/examples/modular_organization/onboarding_cspm_tenancy.tf b/tests/examples/modular_organization/onboarding_cspm_tenancy.tf index 92baa33..a80bb00 100644 --- a/tests/examples/modular_organization/onboarding_cspm_tenancy.tf +++ b/tests/examples/modular_organization/onboarding_cspm_tenancy.tf @@ -27,6 +27,7 @@ module "onboarding" { source = "../../../modules/onboarding" tenancy_ocid = "" is_organizational = true + region = "" } module "config-posture" { @@ -35,6 +36,7 @@ module "config-posture" { tenancy_ocid = module.onboarding.tenancy_ocid compartment_ocid = module.onboarding.compartment_ocid is_organizational = module.onboarding.is_organizational + region = module.onboarding.region } resource "sysdig_secure_cloud_auth_account_feature" "config_posture" { From e1cd5dd2f84489c33fd03e54aa76f028c33ca215 Mon Sep 17 00:00:00 2001 From: Jose Pablo Camacho Date: Thu, 9 Jan 2025 18:00:59 -0600 Subject: [PATCH 2/3] add(oci): support home region --- modules/onboarding/main.tf | 15 ++++++++++++++- modules/onboarding/outputs.tf | 2 +- modules/onboarding/variables.tf | 5 ----- .../onboarding_cspm_compartment.tf | 1 - .../onboarding_cspm_tenancy.tf | 1 - 5 files changed, 15 insertions(+), 9 deletions(-) diff --git a/modules/onboarding/main.tf b/modules/onboarding/main.tf index 6c068a8..d1fb4b0 100644 --- a/modules/onboarding/main.tf +++ b/modules/onboarding/main.tf @@ -1,3 +1,11 @@ +locals { + home_region = [ + for subscription in data.oci_identity_region_subscriptions.test_region_subscriptions.region_subscriptions : + subscription.region_name + if subscription.is_home_region == true + ] +} + #----------------------------------------------------------------------------------------- # Fetch the data sources #----------------------------------------------------------------------------------------- @@ -18,6 +26,11 @@ data "oci_identity_tenancy" "tenancy" { tenancy_id = var.tenancy_ocid } +// tenancy region data +data "oci_identity_region_subscriptions" "test_region_subscriptions" { + tenancy_id = var.tenancy_ocid +} + // random suffix for policy name resource "random_id" "suffix" { @@ -61,7 +74,7 @@ resource "sysdig_secure_cloud_auth_account" "oracle_account" { oci = { api_key = { user_id = data.sysdig_secure_trusted_oracle_app.onboarding.user_ocid - region = var.region + region = local.home_region[0] } policy = { policy_id = oci_identity_policy.admit_onboarding_policy.id diff --git a/modules/onboarding/outputs.tf b/modules/onboarding/outputs.tf index 717ec33..fa0f399 100644 --- a/modules/onboarding/outputs.tf +++ b/modules/onboarding/outputs.tf @@ -19,6 +19,6 @@ output "is_organizational" { } output "region" { - value = var.region + value = local.home_region[0] description = "Customer home region" } diff --git a/modules/onboarding/variables.tf b/modules/onboarding/variables.tf index 9bd4472..b6d70e9 100644 --- a/modules/onboarding/variables.tf +++ b/modules/onboarding/variables.tf @@ -15,8 +15,3 @@ variable "compartment_ocid" { description = "(Optional) Customer compartment OCID" } -variable "region" { - type = string - description = "(Required) Customer home region" -} - diff --git a/tests/examples/modular_organization/onboarding_cspm_compartment.tf b/tests/examples/modular_organization/onboarding_cspm_compartment.tf index eb3b39c..08ebc5b 100644 --- a/tests/examples/modular_organization/onboarding_cspm_compartment.tf +++ b/tests/examples/modular_organization/onboarding_cspm_compartment.tf @@ -28,7 +28,6 @@ module "onboarding" { tenancy_ocid = "" compartment_ocid = "" is_organizational = true - region = "" } module "config-posture" { diff --git a/tests/examples/modular_organization/onboarding_cspm_tenancy.tf b/tests/examples/modular_organization/onboarding_cspm_tenancy.tf index a80bb00..d6531db 100644 --- a/tests/examples/modular_organization/onboarding_cspm_tenancy.tf +++ b/tests/examples/modular_organization/onboarding_cspm_tenancy.tf @@ -27,7 +27,6 @@ module "onboarding" { source = "../../../modules/onboarding" tenancy_ocid = "" is_organizational = true - region = "" } module "config-posture" { From 69367d7b2004b2e424e407bfb017d102a69549ab Mon Sep 17 00:00:00 2001 From: Jose Pablo Camacho Date: Thu, 9 Jan 2025 18:02:04 -0600 Subject: [PATCH 3/3] add(oci): support home region --- modules/config-posture/README.md | 1 - modules/onboarding/README.md | 2 -- 2 files changed, 3 deletions(-) diff --git a/modules/config-posture/README.md b/modules/config-posture/README.md index ea2d761..735bcb0 100644 --- a/modules/config-posture/README.md +++ b/modules/config-posture/README.md @@ -48,7 +48,6 @@ resource | | [tenancy\_ocid](#input\_tenancy\_ocid) | (Required) Customer tenant OCID | `string` | n/a | yes | | [compartment\_ocid](#input\_compartment\_ocid) | (Optional) Customer compartment OCID | `string` | `""` | no | | [sysdig\_secure\_account\_id](#input\_sysdig\_secure\_account\_id) | (Required) ID of the Sysdig Cloud Account to enable Config Posture for (in case of organization, ID of the Sysdig management account) | `string` | n/a | yes | -| [region](#input\_region) | (Required) Customer home region | `string` | n/a | yes | ## Outputs diff --git a/modules/onboarding/README.md b/modules/onboarding/README.md index d700734..1394262 100644 --- a/modules/onboarding/README.md +++ b/modules/onboarding/README.md @@ -56,7 +56,6 @@ resource | | [is\_organizational](#input\_is\_organizational) | (Optional) True/False whether secure-for-cloud should be deployed in an organizational setup | `bool` | `false` | no | | [tenancy\_ocid](#input\_tenancy\_ocid) | (Required) Customer tenant OCID | `string` | n/a | yes | | [compartment\_ocid](#input\_compartment\_ocid) | (Optional) Customer compartment OCID | `string` | `""` | no | -| [region](#input\_region) | (Required) Customer home region | `string` | n/a | yes | ## Outputs @@ -66,7 +65,6 @@ resource | | [is\_organizational](#output\_is\_organizational) | Boolean value to indicate if secure-for-cloud is deployed as an organization | | [tenancy\_ocid](#output\_tenancy\_ocid) | Customer tenant OCID | | [compartment\_ocid](#output_compartment\_ocid) | Customer compartment OCID | -| [region](#output\_region) | Customer home region |