feat: pass environment variables to cloud task via provider

lacework · Mar 25, 2024 · 29c3da9 · 29c3da9
1 parent 4c44fe8
commit 29c3da9
Show file tree

Hide file tree

Showing 5 changed files with 15 additions and 3 deletions.
diff --git a/README.md b/README.md
@@ -73,6 +73,7 @@ No modules.
 
 | Name | Description | Type | Default | Required |
 |------|-------------|------|---------|:--------:|
+| <a name="input_additional_environment_variables"></a> [additional\_environment\_variables](#input\_additional\_environment\_variables) | Optional list of additional environment variables passed to the task. | <pre>list(object({<br>    name  = string<br>    value = string<br>  }))</pre> | `[]` | no |
 | <a name="input_blob_container_name"></a> [blob\_container\_name](#input\_blob\_container\_name) | name of the blob container used for storing analysis artifacts. Leave blank to generate one | `string` | `""` | no |
 | <a name="input_create_log_analytics_workspace"></a> [create\_log\_analytics\_workspace](#input\_create\_log\_analytics\_workspace) | Creates a log analytics workspace to see container logs. Defaults to false to avoid charging | `bool` | `false` | no |
 | <a name="input_custom_network"></a> [custom\_network](#input\_custom\_network) | The name of the custom Azure Virtual Network subnet. Make sure it allows egress traffic on port 443. Leave empty to create a new one. | `string` | `""` | no |

diff --git a/examples/tenant-single-region/main.tf b/examples/tenant-single-region/main.tf
@@ -9,4 +9,5 @@ module "lacework_azure_agentless_scanning_single_tenant" {
   create_log_analytics_workspace = true
   integration_level              = "tenant"
   tags                           = { "lw-example-tf" : "true" }
+  additional_environment_variables = [{name="EXAMPLE_ENV_VAR", value="some_value"}]
 }
diff --git a/main.tf b/main.tf
@@ -102,7 +102,8 @@ locals {
     AZURE_KEY_VAULT_SECRET_NAME       = local.key_vault_secret_name
     AZURE_KEY_VAULT_URI               = local.key_vault_uri
   }
-  environment_variables_as_list = [for key, val in local.environment_variables : { name = key, value = val }]
+  environment_variables_as_list =  concat([for key, val in local.environment_variables : { name = key, value = val }],
+   [for obj in var.additional_environment_variables : { name = obj["name"], value = obj["value"] }])
 
   key_vault_id = var.global ? azurerm_key_vault.lw_orchestrate[0].id : (
     length(var.global_module_reference.key_vault_id) > 0 ? var.global_module_reference.key_vault_id : var.key_vault_id

diff --git a/output.tf b/output.tf
@@ -92,4 +92,4 @@ output "sidekick_principal_id" {
 output "subscriptions_list" {
   value = local.subscriptions_list_local
   description = "The subscriptions list in global module reference"
-}
+}
diff --git a/variables.tf b/variables.tf
@@ -302,4 +302,13 @@ variable "global_module_reference" {
     subscriptions_list                        = []
   }
   description = "A reference to the global lacework_azure_agentless_scanning module for this account."
-}
+}
+
+variable "additional_environment_variables" {
+  type = list(object({
+    name  = string
+    value = string
+  }))
+  default     = []
+  description = "Optional list of additional environment variables passed to the task."
+}