Skip to content

Commit

Permalink
docs: mention new GAR and GCR Modules (#229)
Browse files Browse the repository at this point in the history
Signed-off-by: Salim Afiune Maya <afiune@lacework.net>
  • Loading branch information
afiune authored Nov 16, 2021
1 parent bd4ee0c commit 30d1c0a
Show file tree
Hide file tree
Showing 2 changed files with 29 additions and 28 deletions.
18 changes: 17 additions & 1 deletion website/docs/r/integration_gar.html.markdown
Original file line number Diff line number Diff line change
Expand Up @@ -27,6 +27,22 @@ resource "lacework_integration_gar" "example" {
}
```

## Example GAR Module Usage

Lacework maintains a Terraform module that can be used to create and manage the necessary
resources required for both, the cloud provider platform as well as the Lacework platform.

Here is a basic usage of this module:

```hcl
module "gar" {
source = "lacework/gar/gcp"
version = "~> 0.1"
}
```

To see the list of inputs, outputs and dependencies, visit the [Terraform registry page of this module](https://registry.terraform.io/modules/lacework/gar/gcp/latest).

## Example Loading Credentials from Local File

Alternatively, this example shows how to load a [service account key created](https://cloud.google.com/iam/docs/creating-managing-service-account-keys#creating_service_account_keys)
Expand Down Expand Up @@ -110,7 +126,7 @@ The `limit_by_label` block can be defined multiple times to define multiple labe
* `private_key_id` - (Required) The service account private key ID.
* `private_key` - (Required) The service account private key.

~> **Note:** The service account used for this integration requires the `storage.objectViewer` role for access to the Google project that contains the Google Artifact Registry (GAR). The role can be granted at the project level or the bucket level. If granting the role at the bucket level, you must grant the role to the default bucket called `artifacts.[YourProjectID].appspot.com`. In addition, the client must have access to the Google Artifact Registry API, Cloud Resource Manager API, and billing must be enabled.
~> **Note:** The service account used for this integration requires the `roles/artifactRegistry.reader` role for access to the Google project that contains the Google Artifact Registry (GAR). In addition, the client must have access to the Google Artifact Registry API, Cloud Resource Manager API, and billing must be enabled. Lacework maintains a [Terraform GAR module](https://registry.terraform.io/modules/lacework/gar/gcp/latest) that can be used to create and manage the necessary resources required for both, the cloud provider platform as well as the Lacework platform.

### Supported Registry Domains

Expand Down
39 changes: 12 additions & 27 deletions website/docs/r/integration_gcr.html.markdown
Original file line number Diff line number Diff line change
Expand Up @@ -3,7 +3,7 @@ subcategory: "Container Registry Integrations"
layout: "lacework"
page_title: "Lacework: lacework_integration_gcr"
description: |-
Create and manage GCR integrations
Create and manage Google Container Registry (GCR) integrations
---

# lacework\_integration\_gcr
Expand All @@ -27,37 +27,22 @@ resource "lacework_integration_gcr" "example" {
}
```

## Example Creating a Service Account
## Example GCR Module Usage

This example shows how to create a new service account using the [Lacework service-account module](https://registry.terraform.io/modules/lacework/service-account/gcp/latest)
and use it to create a new GCR integration:
Lacework maintains a Terraform module that can be used to create and manage the necessary
resources required for both, the cloud provider platform as well as the Lacework platform.

```hcl
locals {
gcr_credentials = jsondecode(base64decode(module.lacework_gcr_svc_account.private_key))
}
module "lacework_gcr_svc_account" {
source = "lacework/service-account/gcp"
version = "~> 0.1.4"
for_gcr = true
for_compliance = false
Here is a basic usage of this module:

# Optionally, a project ID can be specified with the input 'project_id'
}
resource "lacework_integration_gcr" "example" {
name = "GRC Integration with Module"
registry_domain = "gcr.io"
credentials {
client_id = local.gcr_credentials.client_id
client_email = local.gcr_credentials.client_email
private_key_id = local.gcr_credentials.private_key_id
private_key = local.gcr_credentials.private_key
}
```hcl
module "gcr" {
source = "lacework/gcr/gcp"
version = "~> 1.0"
}
```

To see the list of inputs, outputs and dependencies, visit the [Terraform registry page of this module](https://registry.terraform.io/modules/lacework/gcr/gcp/latest).

## Example Loading Credentials from Local File

Alternatively, this example shows how to load a [service account key created](https://cloud.google.com/iam/docs/creating-managing-service-account-keys#creating_service_account_keys)
Expand Down Expand Up @@ -106,7 +91,7 @@ The following arguments are supported:
* `private_key_id` - (Required) The service account private key ID.
* `private_key` - (Required) The service account private key.

~> **Note:** The service account used for this integration requires the `storage.objectViewer` role for access to the Google project that contains the Google Container Registry (GCR). The role can be granted at the project level or the bucket level. If granting the role at the bucket level, you must grant the role to the default bucket called `artifacts.[YourProjectID].appspot.com`. In addition, the client must have access to the Google Container Registry API and billing must be enabled.
~> **Note:** The service account used for this integration requires the `storage.objectViewer` role for access to the Google project that contains the Google Container Registry (GCR). The role can be granted at the project level or the bucket level. If granting the role at the bucket level, you must grant the role to the default bucket called `artifacts.[YourProjectID].appspot.com`. In addition, the client must have access to the Google Container Registry API and billing must be enabled. Lacework maintains a [Terraform GCR module](https://registry.terraform.io/modules/lacework/gcr/gcp/latest) that can be used to create and manage the necessary resources required for both, the cloud provider platform as well as the Lacework platform.

## Import

Expand Down

0 comments on commit 30d1c0a

Please sign in to comment.