Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

feat(eventhub): Org case #17

Merged
merged 29 commits into from
Dec 14, 2023
Merged

feat(eventhub): Org case #17

Show file tree
Hide file tree
Changes from 21 commits
Commits
Show all changes
29 commits
Select commit Hold shift + click to select a range
5202743
First implementation of terraform event hub for cling
matteopasa Nov 14, 2023
eab5ff9
remove sub and tenant from tf
matteopasa Nov 15, 2023
2fd4f43
add some variables and org case first draft
matteopasa Nov 16, 2023
ec80a15
Introduce var for message retention days
gi-erre Nov 15, 2023
0acbd62
Introduce var for location
gi-erre Nov 15, 2023
17dd47e
Refactor
gi-erre Nov 15, 2023
039fd1b
Refactor names
gi-erre Nov 16, 2023
f3ecede
Add subscription_id variable and use it in the module
gi-erre Nov 16, 2023
f438b8f
Revamp vars
gi-erre Nov 16, 2023
964c469
Update versions.tf
gi-erre Nov 16, 2023
130db73
Refactor main.tf
gi-erre Nov 16, 2023
25ebf3b
Add module README.md (WIP)
gi-erre Nov 16, 2023
7331bfe
Update README.md
gi-erre Nov 17, 2023
4009990
General cleanup
gi-erre Nov 17, 2023
03dd0bc
Fix bad subscription reference
gi-erre Nov 17, 2023
d9d7406
WIP
gi-erre Nov 17, 2023
160d5b2
add organizational file
matteopasa Nov 20, 2023
267d3e9
Use list of mgmt groups
matteopasa Nov 20, 2023
2f3ce3f
remove logs not needed for secure
matteopasa Nov 27, 2023
a7ab242
Merge branch 'main' into jojo-pasa/event-hub-data-source-multisub
matteopasa Dec 5, 2023
6580d24
use same variables as sp module
matteopasa Dec 5, 2023
460a53d
Merge branch 'main' into jojo-pasa/event-hub-data-source-multisub
matteopasa Dec 11, 2023
687e343
get tenant if from azurerm config
matteopasa Dec 11, 2023
eb2eba2
Merge branch 'main' into jojo-pasa/event-hub-data-source-multisub
matteopasa Dec 11, 2023
f289c03
Merge branch 'main' into jojo-pasa/event-hub-data-source-multisub
matteopasa Dec 12, 2023
039dd35
add service principal outputs
matteopasa Dec 13, 2023
e14ac7d
Merge branch 'jojo-pasa/event-hub-data-source-multisub' of github.com…
matteopasa Dec 13, 2023
494ae7c
remove outputs
matteopasa Dec 13, 2023
a05d741
Use variable for orf diagnostics settings name
matteopasa Dec 14, 2023
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
43 changes: 43 additions & 0 deletions modules/services/event-hub-data-source/organizational.tf
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,43 @@
data "azurerm_management_group" "onboarded_management_group" {
for_each = length(var.management_group_ids) > 0 ? toset(var.management_group_ids) : toset([var.tenant_id])
name = each.value
}

locals {
all_mg_subscription_ids = flatten([
for mg in data.azurerm_management_group.onboarded_management_group : mg.all_subscription_ids
])
}

data "azurerm_subscription" "onboarded_subscriptions" {
for_each = toset(local.all_mg_subscription_ids)
subscription_id = each.value
}

locals {
enabled_subscriptions = var.is_organizational ? [for s in data.azurerm_subscription.onboarded_subscriptions : s if s.state == "Enabled"] : []
}

#---------------------------------------------------------------------------------------------
# Create diagnostic settings for the tenant
#---------------------------------------------------------------------------------------------
resource "azurerm_monitor_diagnostic_setting" "sysdig_org_diagnostic_setting" {
count = var.is_organizational ? length(local.enabled_subscriptions) : 0

name = "sysdig-diagnostic-setting"
matteopasa marked this conversation as resolved.
Show resolved Hide resolved
target_resource_id = local.enabled_subscriptions[count.index].id
ravinadhruve10 marked this conversation as resolved.
Show resolved Hide resolved
eventhub_authorization_rule_id = azurerm_eventhub_namespace_authorization_rule.sysdig_rule.id
eventhub_name = azurerm_eventhub.sysdig_event_hub.name

enabled_log {
category = "Administrative"
}

enabled_log {
category = "Security"
}

enabled_log {
category = "Policy"
}
}
12 changes: 12 additions & 0 deletions modules/services/event-hub-data-source/variables.tf
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -53,3 +53,15 @@ variable "namespace_sku" {
description = "SKU (Plan) for the namespace that will be created"
default = "Standard"
}

variable "is_organizational" {
description = "(Optional) Set this field to 'true' to deploy secure-for-cloud to an Azure Tenant."
type = bool
default = false
}

variable "management_group_ids" {
description = "(Optional) List of Azure Management Group IDs. secure-for-cloud will be deployed to all the subscriptions under these management groups."
type = set(string)
default = []
}