From 53574df3c2fd621695da3eead82f58ebdad4d52e Mon Sep 17 00:00:00 2001 From: jose-pablo-camacho Date: Fri, 18 Oct 2024 08:59:06 -0600 Subject: [PATCH] fix(routing-key): enable routing key generation in a deterministic way (#44) * fix(routing-key): enable routing key generation in a deterministic way * fix(routing-key): enable routing key generation in a deterministic way * fix(routing-key): enable routing key generation in a deterministic way * fix(routing-key): enable routing key generation in a deterministic way * fix(routing-key): enable routing key generation in a deterministic way --- modules/integrations/pub-sub/main.tf | 17 ++++++++++++----- 1 file changed, 12 insertions(+), 5 deletions(-) diff --git a/modules/integrations/pub-sub/main.tf b/modules/integrations/pub-sub/main.tf index f3d717a..a02c6d7 100644 --- a/modules/integrations/pub-sub/main.tf +++ b/modules/integrations/pub-sub/main.tf @@ -28,11 +28,12 @@ data "sysdig_secure_cloud_ingestion_assets" "assets" {} # These locals indicate the suffix to create unique name for resources #----------------------------------------------------------------------------------------- locals { - suffix = var.suffix == null ? random_id.suffix[0].hex : var.suffix - role_name = "SysdigIngestionAuthRole" + suffix = var.suffix == null ? random_id.suffix[0].hex : var.suffix + role_name = "SysdigIngestionAuthRole" + routing_key = random_uuid.routing_key.result + ingestion_url = "${regex("^(.*)/[^/]+$", data.sysdig_secure_cloud_ingestion_assets.assets.gcp_metadata.ingestionURL)[0]}/${local.routing_key}" } - #----------------------------------------------------------------------------------------------------------------------- # A random resource is used to generate unique Pub Sub name suffix for resources. # This prevents conflicts when recreating a Pub Sub resources with the same name. @@ -42,6 +43,12 @@ resource "random_id" "suffix" { byte_length = 3 } + +#----------------------------------------------------------------------------------------------------------------------- +# A random UUID is used to generate a unique identifier for the routing key per onboarded entity. +#----------------------------------------------------------------------------------------------------------------------- +resource "random_uuid" "routing_key" {} + #----------------------------------------------------------------------------------------- # Audit Logs #----------------------------------------------------------------------------------------- @@ -143,7 +150,7 @@ resource "google_pubsub_subscription" "ingestion_topic_push_subscription" { project = var.project_id push_config { - push_endpoint = data.sysdig_secure_cloud_ingestion_assets.assets.gcp_metadata.ingestionURL + push_endpoint = local.ingestion_url attributes = { x-goog-version = "v1" } @@ -256,7 +263,7 @@ resource "sysdig_secure_cloud_auth_account_component" "gcp_pubsub_datasource" { sink_name = var.is_organizational ? google_logging_organization_sink.ingestion_sink[0].name : google_logging_project_sink.ingestion_sink[0].name push_subscription_name = google_pubsub_subscription.ingestion_topic_push_subscription.name push_endpoint = google_pubsub_subscription.ingestion_topic_push_subscription.push_config[0].push_endpoint - routing_key = data.sysdig_secure_cloud_ingestion_assets.assets.gcp_routing_key + routing_key = local.routing_key } service_principal = { workload_identity_federation = {