Merge pull request SumoLogic#1 from nytimes/role

Add a role module
psaia · Jun 23, 2020 · b35a07d · b35a07d
2 parents 3d1a234 + c09566b
commit b35a07d
Show file tree

Hide file tree

Showing 8 changed files with 61 additions and 18 deletions.
diff --git a/collectors/providers.tf b/collectors/providers.tf
@@ -0,0 +1,5 @@
+provider "sumologic" {
+    # access_id   =  this is set through SUMOLOGIC_ACCESSID
+    # access_key  = this is set through SUMOLOGIC_ACCESSKEY
+    environment = "us1"
+}
diff --git a/modules/collector/main.tf b/modules/collector/main.tf
@@ -3,24 +3,20 @@ resource "sumologic_collector" "collector" {
   description = "${var.name} collector (Managed by Terraform)"
 }
 
+# Provision sources [defaulting to dev, stg, prd] for this collector
 resource "sumologic_http_source" "sources" {
   for_each = var.sources
 
-  name                = "${var.name}-${each.value}"
-  description         = "${var.name}-${each.value} source (Managed by Terraform)"
-  category            = var.name
-  collector_id        = sumologic_collector.collector.id
+  name         = "${var.name}-${each.value}"
+  description  = "${var.name}-${each.value} source (Managed by Terraform)"
+  category     = var.name
+  collector_id = sumologic_collector.collector.id
 }
 
-resource "sumologic_role" "role" {
-  name        = var.name
-  description = "${var.name} role (Managed by Terraform)"
-
-  filter_predicate = join(" OR ", concat([for src in sumologic_http_source.sources : "_source=${src.name}"], ["_sourceCategory=${var.name}"]))
+# Role for this specific collector
+module "collector_role" {
+  source = "../role"
 
-  lifecycle {
-    ignore_changes = [
-      capabilities,
-    ]
-  }
-}
+  name          = var.name
+  search_filter = join(" OR ", concat([for src in sumologic_http_source.sources : "_source=${src.name}"], ["_sourceCategory=${var.name}"]))
+}
diff --git a/modules/collector/outputs.tf b/modules/collector/outputs.tf
@@ -1,3 +1,7 @@
 output "http_endpoints" {
-  value = {for src in sumologic_http_source.sources : src.name => src.url}
+  value = { for src in sumologic_http_source.sources : src.name => src.url }
+}
+
+output "search_filter" {
+  value = join(" OR ", concat([for src in sumologic_http_source.sources : "_source=${src.name}"], ["_sourceCategory=${var.name}"]))
 }
diff --git a/modules/role/main.tf b/modules/role/main.tf
@@ -0,0 +1,14 @@
+resource "sumologic_role" "sumo-role" {
+  name             = var.name
+  description      = "${var.name} collector (Managed by Terraform)"
+  filter_predicate = var.search_filter
+  capabilities     = var.capabilities
+}
+
+# Lay the framework for this for now--not working yet
+# resource "ad_group_to_ou" "ad-group" {
+#   ou_distinguished_name = "OU=SumoLogic RBAC,OU=2fA Objects, OU=NYTMG, DC-ent, DC=nytint, DC=com"
+#   group_name            = var.name
+#   description           = "AD Group for Sumo Logic RBAC group ${var.name}"
+#   auto_gid              = true
+# }
diff --git a/modules/role/variables.tf b/modules/role/variables.tf
@@ -0,0 +1,19 @@
+variable "name" {
+  type = string
+}
+
+variable "search_filter" {
+  type    = string
+  default = ""
+}
+
+variable "capabilities" {
+  type    = list(string)
+  default = []
+}
+
+variable "owners" {
+  # unimplemented at the moment, needs more exploration
+  type = list(string)
+  default = []
+}
diff --git a/modules/slack-connection/main.tf b/modules/slack-connection/main.tf
@@ -5,4 +5,4 @@ resource "sumologic_connection" "connection" {
   url         = var.webhook
   default_payload = var.default_payload
   webhook_type    = "Slack"
-}
+}
diff --git a/modules/slack-connection/variables.tf b/modules/slack-connection/variables.tf
@@ -28,4 +28,4 @@ variable "default_payload" {
   "search_results" : "{{AggregateResultsJson}}"
 }
 JSON
-}
+}
diff --git a/roles/teams.tf b/roles/teams.tf
@@ -0,0 +1,5 @@
+module "dv" {
+  source = "../modules/role"
+
+  name = "dv"
+}