chore: clarify existing_registries desription and restore defaults …

…for `deploy_benchmark` and `deploy_active_directory` to true (#80) * chore: clarify `existing_registries` desription and restore defaults for `deploy_benchmark` and `deploy_active_directory` to true * chore: fix pre-commit issues * chore: set right default values * chore: enhance `existing_registries` description * ci: bump + lint Co-authored-by: iru <[email protected]>
sysdiglabs · Sep 5, 2022 · 51777c4 · 51777c4
1 parent 61e84b3
commit 51777c4
Show file tree

Hide file tree

Showing 17 changed files with 35 additions and 35 deletions.
diff --git a/README.md b/README.md
@@ -25,7 +25,7 @@ For other Cloud providers check: [AWS](https://github.com/sysdiglabs/terraform-a
 
 ## Usage
 
-There are several ways to deploy Secure for Cloud in you AWS infrastructure, 
+There are several ways to deploy Secure for Cloud in you AWS infrastructure,
 - **[`/examples`](https://github.com/sysdiglabs/terraform-azurerm-secure-for-cloud/tree/master/examples)** for the most common scenarios
   - [Single Subscription](https://github.com/sysdiglabs/terraform-azurerm-secure-for-cloud/tree/master/examples/single-subscription/README.md)
   - [Single Subscription with a pre-existing Kubernetes Cluster](https://github.com/sysdiglabs/terraform-azurerm-secure-for-cloud/tree/master/examples/single-subscription-k8s/README.md)
@@ -37,7 +37,7 @@ Find specific overall service arquitecture diagrams attached to each example/use
 
 <!--
 In the long-term our purpose is to evaluate those use-cases and if they're common enough, convert them into examples to make their usage easier.
---> 
+-->
 
 If you're unsure about what/how to use this module, please fill the [questionnaire](https://github.com/sysdiglabs/terraform-aws-secure-for-cloud/blob/master/use-cases/_questionnaire.md) report as an issue and let us know your context, we will be happy to help.
 

diff --git a/examples/single-subscription-k8s/README.md b/examples/single-subscription-k8s/README.md
@@ -79,7 +79,7 @@ See [inputs summary](#inputs) or module module [`variables.tf`](./variables.tf)
 
 | Name | Version |
 |------|---------|
-| <a name="provider_azurerm"></a> [azurerm](#provider\_azurerm) | 3.20.0 |
+| <a name="provider_azurerm"></a> [azurerm](#provider\_azurerm) | 3.21.1 |
 | <a name="provider_helm"></a> [helm](#provider\_helm) | 2.6.0 |
 | <a name="provider_sysdig"></a> [sysdig](#provider\_sysdig) | 0.5.40 |
 
@@ -108,9 +108,9 @@ See [inputs summary](#inputs) or module module [`variables.tf`](./variables.tf)
 |------|-------------|------|---------|:--------:|
 | <a name="input_cloud_connector_image"></a> [cloud\_connector\_image](#input\_cloud\_connector\_image) | Cloud-connector image to deploy | `string` | `"quay.io/sysdig/cloud-connector"` | no |
 | <a name="input_deploy_active_directory"></a> [deploy\_active\_directory](#input\_deploy\_active\_directory) | whether the Active Directory features are to be deployed | `bool` | `true` | no |
-| <a name="input_deploy_benchmark"></a> [deploy\_benchmark](#input\_deploy\_benchmark) | whether benchmark module is to be deployed | `bool` | `false` | no |
+| <a name="input_deploy_benchmark"></a> [deploy\_benchmark](#input\_deploy\_benchmark) | whether benchmark module is to be deployed | `bool` | `true` | no |
 | <a name="input_deploy_scanning"></a> [deploy\_scanning](#input\_deploy\_scanning) | whether scanning module is to be deployed | `bool` | `false` | no |
-| <a name="input_existing_registries"></a> [existing\_registries](#input\_existing\_registries) | The existing Container Registry names to be included to scan by resource group { resource\_group = ["reg1"]} | `map(list(string))` | `{}` | no |
+| <a name="input_existing_registries"></a> [existing\_registries](#input\_existing\_registries) | existing  Azure Container Registry names to be included to  scan by resource group { resource\_group\_1 =  ["registry\_name\_11","registry\_name\_12"],resource\_group\_2 =  ["registry\_name\_21","registry\_name\_22"]}. By default it will create a new ACR | `map(list(string))` | `{}` | no |
 | <a name="input_location"></a> [location](#input\_location) | Zone where the stack will be deployed | `string` | `"westus"` | no |
 | <a name="input_name"></a> [name](#input\_name) | Name to be assigned to all child resources. A suffix may be added internally when required. Use default value unless you need to install multiple instances | `string` | `"sfc"` | no |
 | <a name="input_region"></a> [region](#input\_region) | Region in which to run benchmarks. Azure accepts one of [AzureCloud, AzureChinaCloud, AzureGermanCloud, AzureUSGovernment]. | `string` | `"AzureCloud"` | no |

diff --git a/examples/single-subscription-k8s/variables.tf b/examples/single-subscription-k8s/variables.tf
@@ -20,7 +20,7 @@ variable "deploy_scanning" {
 variable "deploy_benchmark" {
   type        = bool
   description = "whether benchmark module is to be deployed"
-  default     = false
+  default     = true
 }
 
 variable "region" {
@@ -54,7 +54,7 @@ variable "resource_group_name" {
 variable "existing_registries" {
   type        = map(list(string))
   default     = {}
-  description = "The existing Container Registry names to be included to scan by resource group { resource_group = [\"reg1\"]}"
+  description = "existing  Azure Container Registry names to be included to  scan by resource group { resource_group_1 =  [\"registry_name_11\",\"registry_name_12\"],resource_group_2 =  [\"registry_name_21\",\"registry_name_22\"]}. By default it will create a new ACR"
 }
 
 variable "cloud_connector_image" {

diff --git a/examples/single-subscription/README.md b/examples/single-subscription/README.md
@@ -75,7 +75,7 @@ $ terraform apply
 
 | Name | Version |
 |------|---------|
-| <a name="provider_azurerm"></a> [azurerm](#provider\_azurerm) | 3.20.0 |
+| <a name="provider_azurerm"></a> [azurerm](#provider\_azurerm) | 3.21.1 |
 | <a name="provider_sysdig"></a> [sysdig](#provider\_sysdig) | 0.5.40 |
 
 ## Modules
@@ -102,10 +102,10 @@ $ terraform apply
 | Name | Description | Type | Default | Required |
 |------|-------------|------|---------|:--------:|
 | <a name="input_cpu"></a> [cpu](#input\_cpu) | Number of CPU cores of the containers | `string` | `"0.5"` | no |
-| <a name="input_deploy_active_directory"></a> [deploy\_active\_directory](#input\_deploy\_active\_directory) | whether the Active Directory features are to be deployed | `bool` | `false` | no |
-| <a name="input_deploy_benchmark"></a> [deploy\_benchmark](#input\_deploy\_benchmark) | whether benchmark module is to be deployed | `bool` | `false` | no |
+| <a name="input_deploy_active_directory"></a> [deploy\_active\_directory](#input\_deploy\_active\_directory) | whether the Active Directory features are to be deployed | `bool` | `true` | no |
+| <a name="input_deploy_benchmark"></a> [deploy\_benchmark](#input\_deploy\_benchmark) | whether benchmark module is to be deployed | `bool` | `true` | no |
 | <a name="input_deploy_scanning"></a> [deploy\_scanning](#input\_deploy\_scanning) | true/false, whether scanning module is to be deployed | `bool` | `true` | no |
-| <a name="input_existing_registries"></a> [existing\_registries](#input\_existing\_registries) | The existing Container Registry names to be included to scan by resource group { resource\_group = ["reg1"]} | `map(list(string))` | `{}` | no |
+| <a name="input_existing_registries"></a> [existing\_registries](#input\_existing\_registries) | existing  Azure Container Registry names to be included to  scan by resource group { resource\_group\_1 =  ["registry\_name\_11","registry\_name\_12"],resource\_group\_2 =  ["registry\_name\_21","registry\_name\_22"]}. By default it will create a new ACR | `map(list(string))` | `{}` | no |
 | <a name="input_location"></a> [location](#input\_location) | Zone where the stack will be deployed | `string` | `"westus"` | no |
 | <a name="input_memory"></a> [memory](#input\_memory) | Number of CPU cores of the containers | `string` | `"1"` | no |
 | <a name="input_name"></a> [name](#input\_name) | Name to be assigned to all child resources. A suffix may be added internally when required. Use default value unless you need to install multiple instances | `string` | `"sfc"` | no |

diff --git a/examples/single-subscription/variables.tf b/examples/single-subscription/variables.tf
@@ -29,7 +29,7 @@ variable "memory" {
 
 variable "deploy_active_directory" {
   type        = bool
-  default     = false
+  default     = true
   description = "whether the Active Directory features are to be deployed"
 }
 
@@ -46,7 +46,7 @@ variable "deploy_scanning" {
 variable "existing_registries" {
   type        = map(list(string))
   default     = {}
-  description = "The existing Container Registry names to be included to scan by resource group { resource_group = [\"reg1\"]}"
+  description = "existing  Azure Container Registry names to be included to  scan by resource group { resource_group_1 =  [\"registry_name_11\",\"registry_name_12\"],resource_group_2 =  [\"registry_name_21\",\"registry_name_22\"]}. By default it will create a new ACR"
 }
 
 #
@@ -56,7 +56,7 @@ variable "existing_registries" {
 variable "deploy_benchmark" {
   type        = bool
   description = "whether benchmark module is to be deployed"
-  default     = false
+  default     = true
 }
 
 variable "region" {

diff --git a/examples/tenant-subscriptions-k8s/README.md b/examples/tenant-subscriptions-k8s/README.md
@@ -78,7 +78,7 @@ See [inputs summary](#inputs) or module module [`variables.tf`](./variables.tf)
 
 | Name | Version |
 |------|---------|
-| <a name="provider_azurerm"></a> [azurerm](#provider\_azurerm) | 3.20.0 |
+| <a name="provider_azurerm"></a> [azurerm](#provider\_azurerm) | 3.21.1 |
 | <a name="provider_helm"></a> [helm](#provider\_helm) | 2.6.0 |
 | <a name="provider_sysdig"></a> [sysdig](#provider\_sysdig) | 0.5.40 |
 
@@ -109,9 +109,9 @@ See [inputs summary](#inputs) or module module [`variables.tf`](./variables.tf)
 | <a name="input_benchmark_subscription_ids"></a> [benchmark\_subscription\_ids](#input\_benchmark\_subscription\_ids) | Azure subscription IDs to run Benchmarks on. If no subscriptions are specified, all of the tenant will be used. | `list(string)` | `[]` | no |
 | <a name="input_cloud_connector_image"></a> [cloud\_connector\_image](#input\_cloud\_connector\_image) | Cloud-connector image to deploy | `string` | `"quay.io/sysdig/cloud-connector"` | no |
 | <a name="input_deploy_active_directory"></a> [deploy\_active\_directory](#input\_deploy\_active\_directory) | whether the Active Directory features are to be deployed | `bool` | `true` | no |
-| <a name="input_deploy_benchmark"></a> [deploy\_benchmark](#input\_deploy\_benchmark) | whether benchmark module is to be deployed | `bool` | `false` | no |
+| <a name="input_deploy_benchmark"></a> [deploy\_benchmark](#input\_deploy\_benchmark) | whether benchmark module is to be deployed | `bool` | `true` | no |
 | <a name="input_deploy_scanning"></a> [deploy\_scanning](#input\_deploy\_scanning) | whether scanning module is to be deployed | `bool` | `false` | no |
-| <a name="input_existing_registries"></a> [existing\_registries](#input\_existing\_registries) | The existing Container Registry names to be included to scan by resource group { resource\_group = ["reg1"]} | `map(list(string))` | `{}` | no |
+| <a name="input_existing_registries"></a> [existing\_registries](#input\_existing\_registries) | existing  Azure Container Registry names to be included to  scan by resource group { resource\_group\_1 =  ["registry\_name\_11","registry\_name\_12"],resource\_group\_2 =  ["registry\_name\_21","registry\_name\_22"]}. By default it will create a new ACR | `map(list(string))` | `{}` | no |
 | <a name="input_location"></a> [location](#input\_location) | Zone where the stack will be deployed | `string` | `"westus"` | no |
 | <a name="input_name"></a> [name](#input\_name) | Name to be assigned to all child resources. A suffix may be added internally when required. Use default value unless you need to install multiple instances | `string` | `"sfc"` | no |
 | <a name="input_region"></a> [region](#input\_region) | Region in which to run benchmarks. Azure accepts one of [AzureCloud, AzureChinaCloud, AzureGermanCloud, AzureUSGovernment]. | `string` | `"AzureCloud"` | no |

diff --git a/examples/tenant-subscriptions-k8s/variables.tf b/examples/tenant-subscriptions-k8s/variables.tf
@@ -32,7 +32,7 @@ variable "deploy_scanning" {
 variable "deploy_benchmark" {
   type        = bool
   description = "whether benchmark module is to be deployed"
-  default     = false
+  default     = true
 }
 
 variable "region" {
@@ -60,7 +60,7 @@ variable "tags" {
 variable "existing_registries" {
   type        = map(list(string))
   default     = {}
-  description = "The existing Container Registry names to be included to scan by resource group { resource_group = [\"reg1\"]}"
+  description = "existing  Azure Container Registry names to be included to  scan by resource group { resource_group_1 =  [\"registry_name_11\",\"registry_name_12\"],resource_group_2 =  [\"registry_name_21\",\"registry_name_22\"]}. By default it will create a new ACR"
 }
 
 variable "resource_group_name" {

diff --git a/examples/tenant-subscriptions/README.md b/examples/tenant-subscriptions/README.md
@@ -84,7 +84,7 @@ $ terraform apply
 
 | Name | Version |
 |------|---------|
-| <a name="provider_azurerm"></a> [azurerm](#provider\_azurerm) | 3.20.0 |
+| <a name="provider_azurerm"></a> [azurerm](#provider\_azurerm) | 3.21.1 |
 | <a name="provider_sysdig"></a> [sysdig](#provider\_sysdig) | 0.5.40 |
 
 ## Modules
@@ -116,7 +116,7 @@ $ terraform apply
 | <a name="input_deploy_active_directory"></a> [deploy\_active\_directory](#input\_deploy\_active\_directory) | whether the Active Directory features are to be deployed | `bool` | `true` | no |
 | <a name="input_deploy_benchmark"></a> [deploy\_benchmark](#input\_deploy\_benchmark) | whether benchmark module is to be deployed | `bool` | `true` | no |
 | <a name="input_deploy_scanning"></a> [deploy\_scanning](#input\_deploy\_scanning) | whether scanning module is to be deployed | `bool` | `false` | no |
-| <a name="input_existing_registries"></a> [existing\_registries](#input\_existing\_registries) | The existing Container Registry names to be included to scan by resource group { resource\_group = ["reg1"]} | `map(list(string))` | `{}` | no |
+| <a name="input_existing_registries"></a> [existing\_registries](#input\_existing\_registries) | existing  Azure Container Registry names to be included to  scan by resource group { resource\_group\_1 =  ["registry\_name\_11","registry\_name\_12"],resource\_group\_2 =  ["registry\_name\_21","registry\_name\_22"]}. By default it will create a new ACR | `map(list(string))` | `{}` | no |
 | <a name="input_location"></a> [location](#input\_location) | Zone where the stack will be deployed | `string` | `"westus"` | no |
 | <a name="input_memory"></a> [memory](#input\_memory) | Number of CPU cores of the containers | `string` | `"1"` | no |
 | <a name="input_name"></a> [name](#input\_name) | Name to be assigned to all child resources. A suffix may be added internally when required. Use default value unless you need to install multiple instances | `string` | `"sfc"` | no |

diff --git a/examples/tenant-subscriptions/variables.tf b/examples/tenant-subscriptions/variables.tf
@@ -52,7 +52,7 @@ variable "deploy_scanning" {
 variable "existing_registries" {
   type        = map(list(string))
   default     = {}
-  description = "The existing Container Registry names to be included to scan by resource group { resource_group = [\"reg1\"]}"
+  description = "existing  Azure Container Registry names to be included to  scan by resource group { resource_group_1 =  [\"registry_name_11\",\"registry_name_12\"],resource_group_2 =  [\"registry_name_21\",\"registry_name_22\"]}. By default it will create a new ACR"
 }
 
 #

diff --git a/examples/trigger-events/README.md b/examples/trigger-events/README.md
@@ -62,8 +62,8 @@ Notice that:
 
 | Name | Version |
 |------|---------|
-| <a name="provider_azurerm"></a> [azurerm](#provider\_azurerm) | 3.20.0 |
-| <a name="provider_random"></a> [random](#provider\_random) | 3.4.1 |
+| <a name="provider_azurerm"></a> [azurerm](#provider\_azurerm) | 3.21.1 |
+| <a name="provider_random"></a> [random](#provider\_random) | 3.4.2 |
 
 ## Modules
 

diff --git a/modules/infrastructure/container_registry/README.md b/modules/infrastructure/container_registry/README.md
@@ -16,8 +16,8 @@ Deploys a container registry and creates an Event Grid to send Image Push and Ch
 
 | Name | Version |
 |------|---------|
-| <a name="provider_azurerm"></a> [azurerm](#provider\_azurerm) | 3.20.0 |
-| <a name="provider_random"></a> [random](#provider\_random) | 3.4.1 |
+| <a name="provider_azurerm"></a> [azurerm](#provider\_azurerm) | 3.21.1 |
+| <a name="provider_random"></a> [random](#provider\_random) | 3.4.2 |
 
 ## Modules
 
@@ -40,7 +40,7 @@ No modules.
 |------|-------------|------|---------|:--------:|
 | <a name="input_eventhub_endpoint_id"></a> [eventhub\_endpoint\_id](#input\_eventhub\_endpoint\_id) | Specifies the id where the Event Hub is located | `string` | n/a | yes |
 | <a name="input_resource_group_name"></a> [resource\_group\_name](#input\_resource\_group\_name) | The resource group name where the stack has been deployed | `string` | n/a | yes |
-| <a name="input_existing_registries"></a> [existing\_registries](#input\_existing\_registries) | Azure Container Registries to scan, by resource name | `map(list(string))` | `{}` | no |
+| <a name="input_existing_registries"></a> [existing\_registries](#input\_existing\_registries) | existing  Azure Container Registry names to be included to  scan by resource group { resource\_group\_1 =  ["registry\_name\_11","registry\_name\_12"],resource\_group\_2 =  ["registry\_name\_21","registry\_name\_22"]}. By default it will create a new ACR | `map(list(string))` | `{}` | no |
 | <a name="input_location"></a> [location](#input\_location) | Zone where the stack will be deployed | `string` | `"westus"` | no |
 | <a name="input_name"></a> [name](#input\_name) | Name to be assigned to all child resources. A suffix may be added internally when required. Use default value unless you need to install multiple instances | `string` | `"sfc"` | no |
 | <a name="input_sku"></a> [sku](#input\_sku) | Pricing tier plan [Basic, Standard, Premium] | `string` | `"Standard"` | no |

diff --git a/modules/infrastructure/container_registry/variables.tf b/modules/infrastructure/container_registry/variables.tf
@@ -24,7 +24,7 @@ variable "resource_group_name" {
 variable "existing_registries" {
   type        = map(list(string))
   default     = {}
-  description = "Azure Container Registries to scan, by resource name"
+  description = "existing  Azure Container Registry names to be included to  scan by resource group { resource_group_1 =  [\"registry_name_11\",\"registry_name_12\"],resource_group_2 =  [\"registry_name_21\",\"registry_name_22\"]}. By default it will create a new ACR"
 }
 
 variable "name" {

diff --git a/modules/infrastructure/enterprise_app/README.md b/modules/infrastructure/enterprise_app/README.md
@@ -18,7 +18,7 @@ Creates an enterprise application as contributor role to run the inline scanning
 | Name | Version |
 |------|---------|
 | <a name="provider_azuread"></a> [azuread](#provider\_azuread) | 2.7.0 |
-| <a name="provider_azurerm"></a> [azurerm](#provider\_azurerm) | 3.20.0 |
+| <a name="provider_azurerm"></a> [azurerm](#provider\_azurerm) | 3.21.1 |
 
 ## Modules
 

diff --git a/modules/infrastructure/eventhub/README.md b/modules/infrastructure/eventhub/README.md
@@ -16,8 +16,8 @@ Deploys an Event Hub and a diagnostic setting.
 
 | Name | Version |
 |------|---------|
-| <a name="provider_azurerm"></a> [azurerm](#provider\_azurerm) | 3.20.0 |
-| <a name="provider_random"></a> [random](#provider\_random) | 3.4.1 |
+| <a name="provider_azurerm"></a> [azurerm](#provider\_azurerm) | 3.21.1 |
+| <a name="provider_random"></a> [random](#provider\_random) | 3.4.2 |
 
 ## Modules
 

diff --git a/modules/infrastructure/resource_group/README.md b/modules/infrastructure/resource_group/README.md
@@ -15,7 +15,7 @@ Deploys a resource group where deploy all the stack. If the name variable is not
 
 | Name | Version |
 |------|---------|
-| <a name="provider_azurerm"></a> [azurerm](#provider\_azurerm) | 3.20.0 |
+| <a name="provider_azurerm"></a> [azurerm](#provider\_azurerm) | 3.21.1 |
 
 ## Modules
 

diff --git a/modules/services/cloud-bench/trust_relationship/README.md b/modules/services/cloud-bench/trust_relationship/README.md
@@ -11,7 +11,7 @@
 
 | Name | Version |
 |------|---------|
-| <a name="provider_azurerm"></a> [azurerm](#provider\_azurerm) | 3.20.0 |
+| <a name="provider_azurerm"></a> [azurerm](#provider\_azurerm) | 3.21.1 |
 | <a name="provider_sysdig"></a> [sysdig](#provider\_sysdig) | 0.5.40 |
 
 ## Modules

diff --git a/modules/services/cloud-connector/README.md b/modules/services/cloud-connector/README.md
@@ -15,8 +15,8 @@ A **Container instance** deployment that will detect events in your infrastructu
 
 | Name | Version |
 |------|---------|
-| <a name="provider_azurerm"></a> [azurerm](#provider\_azurerm) | 3.20.0 |
-| <a name="provider_random"></a> [random](#provider\_random) | 3.4.1 |
+| <a name="provider_azurerm"></a> [azurerm](#provider\_azurerm) | 3.21.1 |
+| <a name="provider_random"></a> [random](#provider\_random) | 3.4.2 |
 
 ## Modules