feat: add ability to change Lacework Server URL (#9)

* feat: added ability to change Lacework server URL * docs: fixed Terraform 'required_version' constraint * docs: improved example for `lacework_server_url` variable * refactor: made `secrets` and `environments` code comprehensible * refactor: JSON flatten environments (#10) * refactor: JSON flatten environments * refactor: made 'secrets' variable agnostic for potential future re-use * docs: updated 'server-url' example to realistic URL Co-authored-by: Alan Nix <alan.nix@lacework.net> Co-authored-by: Salim Afiune <afiune@lacework.net>
lacework · May 19, 2021 · a901333 · a901333
1 parent 28cbc1c
commit a901333
Show file tree

Hide file tree

Showing 12 changed files with 59 additions and 23 deletions.
diff --git a/README.md b/README.md
@@ -19,7 +19,7 @@ The `main.tf` file will configure a daemon Service within the specified ECS Clus
 
 | Name      | Version    |
 | --------- | ---------- |
-| terraform | >= 0.12.26 |
+| terraform | >= 0.12.31 |
 
 ## Providers
 
@@ -39,6 +39,7 @@ The `main.tf` file will configure a daemon Service within the specified ECS Clus
 | iam_role_name           | The IAM role name to use when `use_existing_iam_role` is `false`                    | `string`      | `""`                       |    no    |
 | iam_role_tags           | The tags to apply to a created IAM role                                             | `map(string)` | `{}`                       |    no    |
 | lacework_access_token   | The access token for the Lacework agent                                             | `string`      | n/a                        |   yes    |
+| lacework_server_url     | The server URL for the Lacework agent                                               | `string`      | `""`                       |    no    |
 | lacework_task_cpu       | The quantity of CPU units to assign to the task                                     | `string`      | `"512"`                    |    no    |
 | lacework_task_mem       | The quantity of Memory (MiB) to assign to the task                                  | `string`      | `"512"`                    |    no    |
 | resource_prefix         | A prefix that will be use at the beginning of every generated resource              | `string`      | `"lacework-ecs"`           |    no    |

diff --git a/examples/default/versions.tf b/examples/default/versions.tf
@@ -1,3 +1,3 @@
 terraform {
-  required_version = ">= 0.12.26"
+  required_version = ">= 0.12.31"
 }
diff --git a/examples/existing-iam-role/versions.tf b/examples/existing-iam-role/versions.tf
@@ -1,3 +1,3 @@
 terraform {
-  required_version = ">= 0.12.26"
+  required_version = ">= 0.12.31"
 }
diff --git a/examples/existing-ssm-parameter-kms/versions.tf b/examples/existing-ssm-parameter-kms/versions.tf
@@ -1,3 +1,3 @@
 terraform {
-  required_version = ">= 0.12.26"
+  required_version = ">= 0.12.31"
 }
diff --git a/examples/existing-ssm-parameter/versions.tf b/examples/existing-ssm-parameter/versions.tf
@@ -1,3 +1,3 @@
 terraform {
-  required_version = ">= 0.12.26"
+  required_version = ">= 0.12.31"
 }
diff --git a/examples/server-url/README.md b/examples/server-url/README.md
@@ -0,0 +1,14 @@
+# Elastic Container Service (ECS) Deployment w/ SSM Parameter
+
+```hcl
+provider "aws" {}
+
+module "lacework_ecs_datacollector" {
+  source = "lacework/ecs-agent/aws"
+  version = "~> 0.1"
+
+  ecs_cluster_arn       = "arn:aws:ecs:us-east-1:123456789012:cluster/example-cluster"
+  lacework_access_token = "0123456789ABCDEF0123456789ABCDEF"
+  lacework_server_url   = "https://api.fra.lacework.net"
+}
+```
diff --git a/examples/server-url/main.tf b/examples/server-url/main.tf
@@ -0,0 +1,9 @@
+provider "aws" {}
+
+module "lacework_ecs_datacollector" {
+  source = "../../"
+
+  ecs_cluster_arn       = "arn:aws:ecs:us-east-1:123456789012:cluster/example-cluster"
+  lacework_access_token = "0123456789ABCDEF0123456789ABCDEF"
+  lacework_server_url   = "https://api.fra.lacework.net"
+}
diff --git a/examples/server-url/versions.tf b/examples/server-url/versions.tf
@@ -0,0 +1,3 @@
+terraform {
+  required_version = ">= 0.12.31"
+}
diff --git a/examples/ssm-parameter-kms/versions.tf b/examples/ssm-parameter-kms/versions.tf
@@ -1,3 +1,3 @@
 terraform {
-  required_version = ">= 0.12.26"
+  required_version = ">= 0.12.31"
 }
diff --git a/examples/ssm-parameter/versions.tf b/examples/ssm-parameter/versions.tf
@@ -1,3 +1,3 @@
 terraform {
-  required_version = ">= 0.12.26"
+  required_version = ">= 0.12.31"
 }
diff --git a/main.tf b/main.tf
@@ -1,21 +1,24 @@
 locals {
-  access_token_json = var.use_ssm_parameter_store ? (
-    {
-      "secrets" : [{
-        "name" : "LaceworkAccessToken",
-        "valueFrom" : local.ssm_parameter_arn
-      }]
-    }
-    ) : (
-    {
-      "environment" : [{
-        "name" : "LaceworkAccessToken",
-        "value" : var.lacework_access_token
-      }]
-    }
-  )
+  secrets_json = var.use_ssm_parameter_store ? ({
+    "secrets" : [
+      { "name" : "LaceworkAccessToken", "valueFrom" : local.ssm_parameter_arn }
+    ]
+  }) : ({})
+
+  environment_json = {
+    "environment" : flatten([
+      (!var.use_ssm_parameter_store) ? ([{
+        "name" : "LaceworkAccessToken", "value" : var.lacework_access_token
+      }]) : ([]),
+      length(var.lacework_server_url) > 0 ? ([{
+        "name" : "LaceworkServerUrl", "value" : var.lacework_server_url
+      }]) : ([]),
+    ])
+  }
+
   container_definition_json = jsonencode([merge(
-    local.access_token_json,
+    local.secrets_json,
+    local.environment_json,
     {
       "essential" : true,
       "image" : "lacework/datacollector",

diff --git a/variables.tf b/variables.tf
@@ -38,6 +38,12 @@ variable "lacework_access_token" {
   description = "The access token for the Lacework agent"
 }
 
+variable "lacework_server_url" {
+  type        = string
+  default     = ""
+  description = "The server URL for the Lacework agent"
+}
+
 variable "lacework_task_cpu" {
   type        = string
   description = "The quantity of CPU units to assign to the task"