From a901333cee4c01478c2f7c582ce6eb1ef8a40915 Mon Sep 17 00:00:00 2001
From: Alan Nix <65611624+alannix-lw@users.noreply.github.com>
Date: Wed, 19 May 2021 15:40:33 -0400
Subject: [PATCH] feat: add ability to change Lacework Server URL (#9)

* feat: added ability to change Lacework server URL
* docs: fixed Terraform 'required_version' constraint
* docs: improved example for `lacework_server_url` variable
* refactor: made `secrets` and `environments` code comprehensible
* refactor: JSON flatten environments (#10)
* refactor: JSON flatten environments
* refactor: made 'secrets' variable agnostic for potential future re-use
* docs: updated 'server-url' example to realistic URL

Co-authored-by: Alan Nix <alan.nix@lacework.net>
Co-authored-by: Salim Afiune <afiune@lacework.net>
---
 README.md                                     |  3 +-
 examples/default/versions.tf                  |  2 +-
 examples/existing-iam-role/versions.tf        |  2 +-
 .../existing-ssm-parameter-kms/versions.tf    |  2 +-
 examples/existing-ssm-parameter/versions.tf   |  2 +-
 examples/server-url/README.md                 | 14 ++++++++
 examples/server-url/main.tf                   |  9 +++++
 examples/server-url/versions.tf               |  3 ++
 examples/ssm-parameter-kms/versions.tf        |  2 +-
 examples/ssm-parameter/versions.tf            |  2 +-
 main.tf                                       | 35 ++++++++++---------
 variables.tf                                  |  6 ++++
 12 files changed, 59 insertions(+), 23 deletions(-)
 create mode 100644 examples/server-url/README.md
 create mode 100644 examples/server-url/main.tf
 create mode 100644 examples/server-url/versions.tf

diff --git a/README.md b/README.md
index 97ff488..5c71106 100644
--- a/README.md
+++ b/README.md
@@ -19,7 +19,7 @@ The `main.tf` file will configure a daemon Service within the specified ECS Clus
 
 | Name      | Version    |
 | --------- | ---------- |
-| terraform | >= 0.12.26 |
+| terraform | >= 0.12.31 |
 
 ## Providers
 
@@ -39,6 +39,7 @@ The `main.tf` file will configure a daemon Service within the specified ECS Clus
 | iam_role_name           | The IAM role name to use when `use_existing_iam_role` is `false`                    | `string`      | `""`                       |    no    |
 | iam_role_tags           | The tags to apply to a created IAM role                                             | `map(string)` | `{}`                       |    no    |
 | lacework_access_token   | The access token for the Lacework agent                                             | `string`      | n/a                        |   yes    |
+| lacework_server_url     | The server URL for the Lacework agent                                               | `string`      | `""`                       |    no    |
 | lacework_task_cpu       | The quantity of CPU units to assign to the task                                     | `string`      | `"512"`                    |    no    |
 | lacework_task_mem       | The quantity of Memory (MiB) to assign to the task                                  | `string`      | `"512"`                    |    no    |
 | resource_prefix         | A prefix that will be use at the beginning of every generated resource              | `string`      | `"lacework-ecs"`           |    no    |
diff --git a/examples/default/versions.tf b/examples/default/versions.tf
index 51de421..7ca0ad3 100644
--- a/examples/default/versions.tf
+++ b/examples/default/versions.tf
@@ -1,3 +1,3 @@
 terraform {
-  required_version = ">= 0.12.26"
+  required_version = ">= 0.12.31"
 }
diff --git a/examples/existing-iam-role/versions.tf b/examples/existing-iam-role/versions.tf
index 51de421..7ca0ad3 100644
--- a/examples/existing-iam-role/versions.tf
+++ b/examples/existing-iam-role/versions.tf
@@ -1,3 +1,3 @@
 terraform {
-  required_version = ">= 0.12.26"
+  required_version = ">= 0.12.31"
 }
diff --git a/examples/existing-ssm-parameter-kms/versions.tf b/examples/existing-ssm-parameter-kms/versions.tf
index 51de421..7ca0ad3 100644
--- a/examples/existing-ssm-parameter-kms/versions.tf
+++ b/examples/existing-ssm-parameter-kms/versions.tf
@@ -1,3 +1,3 @@
 terraform {
-  required_version = ">= 0.12.26"
+  required_version = ">= 0.12.31"
 }
diff --git a/examples/existing-ssm-parameter/versions.tf b/examples/existing-ssm-parameter/versions.tf
index 51de421..7ca0ad3 100644
--- a/examples/existing-ssm-parameter/versions.tf
+++ b/examples/existing-ssm-parameter/versions.tf
@@ -1,3 +1,3 @@
 terraform {
-  required_version = ">= 0.12.26"
+  required_version = ">= 0.12.31"
 }
diff --git a/examples/server-url/README.md b/examples/server-url/README.md
new file mode 100644
index 0000000..e9bf3bf
--- /dev/null
+++ b/examples/server-url/README.md
@@ -0,0 +1,14 @@
+# Elastic Container Service (ECS) Deployment w/ SSM Parameter
+
+```hcl
+provider "aws" {}
+
+module "lacework_ecs_datacollector" {
+  source = "lacework/ecs-agent/aws"
+  version = "~> 0.1"
+
+  ecs_cluster_arn       = "arn:aws:ecs:us-east-1:123456789012:cluster/example-cluster"
+  lacework_access_token = "0123456789ABCDEF0123456789ABCDEF"
+  lacework_server_url   = "https://api.fra.lacework.net"
+}
+```
diff --git a/examples/server-url/main.tf b/examples/server-url/main.tf
new file mode 100644
index 0000000..3f69ba1
--- /dev/null
+++ b/examples/server-url/main.tf
@@ -0,0 +1,9 @@
+provider "aws" {}
+
+module "lacework_ecs_datacollector" {
+  source = "../../"
+
+  ecs_cluster_arn       = "arn:aws:ecs:us-east-1:123456789012:cluster/example-cluster"
+  lacework_access_token = "0123456789ABCDEF0123456789ABCDEF"
+  lacework_server_url   = "https://api.fra.lacework.net"
+}
diff --git a/examples/server-url/versions.tf b/examples/server-url/versions.tf
new file mode 100644
index 0000000..7ca0ad3
--- /dev/null
+++ b/examples/server-url/versions.tf
@@ -0,0 +1,3 @@
+terraform {
+  required_version = ">= 0.12.31"
+}
diff --git a/examples/ssm-parameter-kms/versions.tf b/examples/ssm-parameter-kms/versions.tf
index 51de421..7ca0ad3 100644
--- a/examples/ssm-parameter-kms/versions.tf
+++ b/examples/ssm-parameter-kms/versions.tf
@@ -1,3 +1,3 @@
 terraform {
-  required_version = ">= 0.12.26"
+  required_version = ">= 0.12.31"
 }
diff --git a/examples/ssm-parameter/versions.tf b/examples/ssm-parameter/versions.tf
index 51de421..7ca0ad3 100644
--- a/examples/ssm-parameter/versions.tf
+++ b/examples/ssm-parameter/versions.tf
@@ -1,3 +1,3 @@
 terraform {
-  required_version = ">= 0.12.26"
+  required_version = ">= 0.12.31"
 }
diff --git a/main.tf b/main.tf
index 9773b9b..6ce8b01 100644
--- a/main.tf
+++ b/main.tf
@@ -1,21 +1,24 @@
 locals {
-  access_token_json = var.use_ssm_parameter_store ? (
-    {
-      "secrets" : [{
-        "name" : "LaceworkAccessToken",
-        "valueFrom" : local.ssm_parameter_arn
-      }]
-    }
-    ) : (
-    {
-      "environment" : [{
-        "name" : "LaceworkAccessToken",
-        "value" : var.lacework_access_token
-      }]
-    }
-  )
+  secrets_json = var.use_ssm_parameter_store ? ({
+    "secrets" : [
+      { "name" : "LaceworkAccessToken", "valueFrom" : local.ssm_parameter_arn }
+    ]
+  }) : ({})
+
+  environment_json = {
+    "environment" : flatten([
+      (!var.use_ssm_parameter_store) ? ([{
+        "name" : "LaceworkAccessToken", "value" : var.lacework_access_token
+      }]) : ([]),
+      length(var.lacework_server_url) > 0 ? ([{
+        "name" : "LaceworkServerUrl", "value" : var.lacework_server_url
+      }]) : ([]),
+    ])
+  }
+
   container_definition_json = jsonencode([merge(
-    local.access_token_json,
+    local.secrets_json,
+    local.environment_json,
     {
       "essential" : true,
       "image" : "lacework/datacollector",
diff --git a/variables.tf b/variables.tf
index a2aeb03..53f2ae1 100644
--- a/variables.tf
+++ b/variables.tf
@@ -38,6 +38,12 @@ variable "lacework_access_token" {
   description = "The access token for the Lacework agent"
 }
 
+variable "lacework_server_url" {
+  type        = string
+  default     = ""
+  description = "The server URL for the Lacework agent"
+}
+
 variable "lacework_task_cpu" {
   type        = string
   description = "The quantity of CPU units to assign to the task"