From 2b0927aa4b66a8f9d3f82f559f56b71ddde0ce4b Mon Sep 17 00:00:00 2001 From: Alan Nix Date: Tue, 18 May 2021 13:02:52 -0400 Subject: [PATCH 1/6] feat: added ability to change Lacework server URL --- README.md | 3 ++- examples/server-url/README.md | 14 ++++++++++++ examples/server-url/main.tf | 9 ++++++++ examples/server-url/versions.tf | 3 +++ main.tf | 39 ++++++++++++++++++++------------- variables.tf | 6 +++++ 6 files changed, 58 insertions(+), 16 deletions(-) create mode 100644 examples/server-url/README.md create mode 100644 examples/server-url/main.tf create mode 100644 examples/server-url/versions.tf diff --git a/README.md b/README.md index 97ff488..5c71106 100644 --- a/README.md +++ b/README.md @@ -19,7 +19,7 @@ The `main.tf` file will configure a daemon Service within the specified ECS Clus | Name | Version | | --------- | ---------- | -| terraform | >= 0.12.26 | +| terraform | >= 0.12.31 | ## Providers @@ -39,6 +39,7 @@ The `main.tf` file will configure a daemon Service within the specified ECS Clus | iam_role_name | The IAM role name to use when `use_existing_iam_role` is `false` | `string` | `""` | no | | iam_role_tags | The tags to apply to a created IAM role | `map(string)` | `{}` | no | | lacework_access_token | The access token for the Lacework agent | `string` | n/a | yes | +| lacework_server_url | The server URL for the Lacework agent | `string` | `""` | no | | lacework_task_cpu | The quantity of CPU units to assign to the task | `string` | `"512"` | no | | lacework_task_mem | The quantity of Memory (MiB) to assign to the task | `string` | `"512"` | no | | resource_prefix | A prefix that will be use at the beginning of every generated resource | `string` | `"lacework-ecs"` | no | diff --git a/examples/server-url/README.md b/examples/server-url/README.md new file mode 100644 index 0000000..c799b6d --- /dev/null +++ b/examples/server-url/README.md @@ -0,0 +1,14 @@ +# Elastic Container Service (ECS) Deployment w/ SSM Parameter + +```hcl +provider "aws" {} + +module "lacework_ecs_datacollector" { + source = "lacework/ecs-agent/aws" + version = "~> 0.1" + + ecs_cluster_arn = "arn:aws:ecs:us-east-1:123456789012:cluster/example-cluster" + lacework_access_token = "0123456789ABCDEF0123456789ABCDEF" + lacework_server_url = "api.lacework.net" +} +``` diff --git a/examples/server-url/main.tf b/examples/server-url/main.tf new file mode 100644 index 0000000..7d47a3f --- /dev/null +++ b/examples/server-url/main.tf @@ -0,0 +1,9 @@ +provider "aws" {} + +module "lacework_ecs_datacollector" { + source = "../../" + + ecs_cluster_arn = "arn:aws:ecs:us-east-1:123456789012:cluster/example-cluster" + lacework_access_token = "0123456789ABCDEF0123456789ABCDEF" + lacework_server_url = "api.lacework.net" +} diff --git a/examples/server-url/versions.tf b/examples/server-url/versions.tf new file mode 100644 index 0000000..7ca0ad3 --- /dev/null +++ b/examples/server-url/versions.tf @@ -0,0 +1,3 @@ +terraform { + required_version = ">= 0.12.31" +} diff --git a/main.tf b/main.tf index 9773b9b..1c4e1d1 100644 --- a/main.tf +++ b/main.tf @@ -1,21 +1,30 @@ locals { - access_token_json = var.use_ssm_parameter_store ? ( - { - "secrets" : [{ - "name" : "LaceworkAccessToken", - "valueFrom" : local.ssm_parameter_arn - }] - } - ) : ( - { - "environment" : [{ - "name" : "LaceworkAccessToken", - "value" : var.lacework_access_token - }] - } - ) + access_token_json = var.use_ssm_parameter_store ? ({ + "secrets" : [ + { "name" : "LaceworkAccessToken", "valueFrom" : local.ssm_parameter_arn } + ] + }) : ({ + "environment" : [ + { "name" : "LaceworkAccessToken", "value" : var.lacework_access_token } + ] + }) + + server_url_json = length(var.lacework_server_url) > 0 ? ( + var.use_ssm_parameter_store ? ({ + "environment" : [ + { "name" : "LaceworkServerUrl", "value" : var.lacework_server_url } + ] + }) : ({ + "environment" : [ + { "name" : "LaceworkAccessToken", "value" : var.lacework_access_token }, + { "name" : "LaceworkServerUrl", "value" : var.lacework_server_url } + ] + }) + ) : ({}) + container_definition_json = jsonencode([merge( local.access_token_json, + local.server_url_json, { "essential" : true, "image" : "lacework/datacollector", diff --git a/variables.tf b/variables.tf index a2aeb03..53f2ae1 100644 --- a/variables.tf +++ b/variables.tf @@ -38,6 +38,12 @@ variable "lacework_access_token" { description = "The access token for the Lacework agent" } +variable "lacework_server_url" { + type = string + default = "" + description = "The server URL for the Lacework agent" +} + variable "lacework_task_cpu" { type = string description = "The quantity of CPU units to assign to the task" From d1d5143b005d2850ecd632305415468d9a8ee160 Mon Sep 17 00:00:00 2001 From: Alan Nix Date: Tue, 18 May 2021 13:03:50 -0400 Subject: [PATCH 2/6] docs: fixed Terraform 'required_version' constraint --- examples/default/versions.tf | 2 +- examples/existing-iam-role/versions.tf | 2 +- examples/existing-ssm-parameter-kms/versions.tf | 2 +- examples/existing-ssm-parameter/versions.tf | 2 +- examples/ssm-parameter-kms/versions.tf | 2 +- examples/ssm-parameter/versions.tf | 2 +- 6 files changed, 6 insertions(+), 6 deletions(-) diff --git a/examples/default/versions.tf b/examples/default/versions.tf index 51de421..7ca0ad3 100644 --- a/examples/default/versions.tf +++ b/examples/default/versions.tf @@ -1,3 +1,3 @@ terraform { - required_version = ">= 0.12.26" + required_version = ">= 0.12.31" } diff --git a/examples/existing-iam-role/versions.tf b/examples/existing-iam-role/versions.tf index 51de421..7ca0ad3 100644 --- a/examples/existing-iam-role/versions.tf +++ b/examples/existing-iam-role/versions.tf @@ -1,3 +1,3 @@ terraform { - required_version = ">= 0.12.26" + required_version = ">= 0.12.31" } diff --git a/examples/existing-ssm-parameter-kms/versions.tf b/examples/existing-ssm-parameter-kms/versions.tf index 51de421..7ca0ad3 100644 --- a/examples/existing-ssm-parameter-kms/versions.tf +++ b/examples/existing-ssm-parameter-kms/versions.tf @@ -1,3 +1,3 @@ terraform { - required_version = ">= 0.12.26" + required_version = ">= 0.12.31" } diff --git a/examples/existing-ssm-parameter/versions.tf b/examples/existing-ssm-parameter/versions.tf index 51de421..7ca0ad3 100644 --- a/examples/existing-ssm-parameter/versions.tf +++ b/examples/existing-ssm-parameter/versions.tf @@ -1,3 +1,3 @@ terraform { - required_version = ">= 0.12.26" + required_version = ">= 0.12.31" } diff --git a/examples/ssm-parameter-kms/versions.tf b/examples/ssm-parameter-kms/versions.tf index 51de421..7ca0ad3 100644 --- a/examples/ssm-parameter-kms/versions.tf +++ b/examples/ssm-parameter-kms/versions.tf @@ -1,3 +1,3 @@ terraform { - required_version = ">= 0.12.26" + required_version = ">= 0.12.31" } diff --git a/examples/ssm-parameter/versions.tf b/examples/ssm-parameter/versions.tf index 51de421..7ca0ad3 100644 --- a/examples/ssm-parameter/versions.tf +++ b/examples/ssm-parameter/versions.tf @@ -1,3 +1,3 @@ terraform { - required_version = ">= 0.12.26" + required_version = ">= 0.12.31" } From 70cc1ec7f6c439e44663a803fed5f7cd17e96dfd Mon Sep 17 00:00:00 2001 From: Alan Nix Date: Tue, 18 May 2021 13:26:33 -0400 Subject: [PATCH 3/6] docs: improved example for `lacework_server_url` variable --- examples/server-url/README.md | 2 +- examples/server-url/main.tf | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/examples/server-url/README.md b/examples/server-url/README.md index c799b6d..a86bd49 100644 --- a/examples/server-url/README.md +++ b/examples/server-url/README.md @@ -9,6 +9,6 @@ module "lacework_ecs_datacollector" { ecs_cluster_arn = "arn:aws:ecs:us-east-1:123456789012:cluster/example-cluster" lacework_access_token = "0123456789ABCDEF0123456789ABCDEF" - lacework_server_url = "api.lacework.net" + lacework_server_url = "https://api.lacework.net" } ``` diff --git a/examples/server-url/main.tf b/examples/server-url/main.tf index 7d47a3f..b0fbd8c 100644 --- a/examples/server-url/main.tf +++ b/examples/server-url/main.tf @@ -5,5 +5,5 @@ module "lacework_ecs_datacollector" { ecs_cluster_arn = "arn:aws:ecs:us-east-1:123456789012:cluster/example-cluster" lacework_access_token = "0123456789ABCDEF0123456789ABCDEF" - lacework_server_url = "api.lacework.net" + lacework_server_url = "https://api.lacework.net" } From 3ad2095154f8a19bff960a7684bbb78871a70285 Mon Sep 17 00:00:00 2001 From: Alan Nix Date: Tue, 18 May 2021 22:11:55 -0400 Subject: [PATCH 4/6] refactor: made `secrets` and `environments` code comprehensible --- main.tf | 30 +++++++++++++++--------------- 1 file changed, 15 insertions(+), 15 deletions(-) diff --git a/main.tf b/main.tf index 1c4e1d1..82469be 100644 --- a/main.tf +++ b/main.tf @@ -1,30 +1,30 @@ locals { - access_token_json = var.use_ssm_parameter_store ? ({ + secrets_json = var.use_ssm_parameter_store ? ({ "secrets" : [ { "name" : "LaceworkAccessToken", "valueFrom" : local.ssm_parameter_arn } ] - }) : ({ - "environment" : [ - { "name" : "LaceworkAccessToken", "value" : var.lacework_access_token } - ] - }) + }) : ({}) - server_url_json = length(var.lacework_server_url) > 0 ? ( - var.use_ssm_parameter_store ? ({ - "environment" : [ - { "name" : "LaceworkServerUrl", "value" : var.lacework_server_url } - ] - }) : ({ + environment_json = (!var.use_ssm_parameter_store) ? ( + length(var.lacework_server_url) > 0 ? ({ "environment" : [ { "name" : "LaceworkAccessToken", "value" : var.lacework_access_token }, { "name" : "LaceworkServerUrl", "value" : var.lacework_server_url } ] + }) : ({ + "environment" : [{ "name" : "LaceworkAccessToken", "value" : var.lacework_access_token }] + }) + ) : ( + length(var.lacework_server_url) > 0 ? ({ + "environment" : [{ "name" : "LaceworkServerUrl", "value" : var.lacework_server_url }] + }) : ({ + "environment" : [] }) - ) : ({}) + ) container_definition_json = jsonencode([merge( - local.access_token_json, - local.server_url_json, + local.secrets_json, + local.environment_json, { "essential" : true, "image" : "lacework/datacollector", From b8cabcb66bb7bb8d3cdd53a4a7dd69ff2284ad13 Mon Sep 17 00:00:00 2001 From: Salim Afiune Date: Wed, 19 May 2021 12:16:17 -0500 Subject: [PATCH 5/6] refactor: JSON flatten environments (#10) * refactor: JSON flatten environments Signed-off-by: Salim Afiune Maya * refactor: made 'secrets' variable agnostic for potential future re-use Co-authored-by: Alan Nix Co-authored-by: Alan Nix <65611624+alannix-lw@users.noreply.github.com> --- main.tf | 26 ++++++++++---------------- 1 file changed, 10 insertions(+), 16 deletions(-) diff --git a/main.tf b/main.tf index 82469be..6ce8b01 100644 --- a/main.tf +++ b/main.tf @@ -5,22 +5,16 @@ locals { ] }) : ({}) - environment_json = (!var.use_ssm_parameter_store) ? ( - length(var.lacework_server_url) > 0 ? ({ - "environment" : [ - { "name" : "LaceworkAccessToken", "value" : var.lacework_access_token }, - { "name" : "LaceworkServerUrl", "value" : var.lacework_server_url } - ] - }) : ({ - "environment" : [{ "name" : "LaceworkAccessToken", "value" : var.lacework_access_token }] - }) - ) : ( - length(var.lacework_server_url) > 0 ? ({ - "environment" : [{ "name" : "LaceworkServerUrl", "value" : var.lacework_server_url }] - }) : ({ - "environment" : [] - }) - ) + environment_json = { + "environment" : flatten([ + (!var.use_ssm_parameter_store) ? ([{ + "name" : "LaceworkAccessToken", "value" : var.lacework_access_token + }]) : ([]), + length(var.lacework_server_url) > 0 ? ([{ + "name" : "LaceworkServerUrl", "value" : var.lacework_server_url + }]) : ([]), + ]) + } container_definition_json = jsonencode([merge( local.secrets_json, From d7516418d9ce771cde4423d6ffd098dbb60ce7b9 Mon Sep 17 00:00:00 2001 From: Alan Nix Date: Wed, 19 May 2021 14:57:40 -0400 Subject: [PATCH 6/6] docs: updated 'server-url' example to realistic URL --- examples/server-url/README.md | 2 +- examples/server-url/main.tf | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/examples/server-url/README.md b/examples/server-url/README.md index a86bd49..e9bf3bf 100644 --- a/examples/server-url/README.md +++ b/examples/server-url/README.md @@ -9,6 +9,6 @@ module "lacework_ecs_datacollector" { ecs_cluster_arn = "arn:aws:ecs:us-east-1:123456789012:cluster/example-cluster" lacework_access_token = "0123456789ABCDEF0123456789ABCDEF" - lacework_server_url = "https://api.lacework.net" + lacework_server_url = "https://api.fra.lacework.net" } ``` diff --git a/examples/server-url/main.tf b/examples/server-url/main.tf index b0fbd8c..3f69ba1 100644 --- a/examples/server-url/main.tf +++ b/examples/server-url/main.tf @@ -5,5 +5,5 @@ module "lacework_ecs_datacollector" { ecs_cluster_arn = "arn:aws:ecs:us-east-1:123456789012:cluster/example-cluster" lacework_access_token = "0123456789ABCDEF0123456789ABCDEF" - lacework_server_url = "https://api.lacework.net" + lacework_server_url = "https://api.fra.lacework.net" }