From 30d1c0a8b5e305ccf27ffc8e31f9b541ad78033a Mon Sep 17 00:00:00 2001 From: Salim Afiune Date: Tue, 16 Nov 2021 09:28:05 -0600 Subject: [PATCH] docs: mention new GAR and GCR Modules (#229) Signed-off-by: Salim Afiune Maya --- website/docs/r/integration_gar.html.markdown | 18 ++++++++- website/docs/r/integration_gcr.html.markdown | 39 ++++++-------------- 2 files changed, 29 insertions(+), 28 deletions(-) diff --git a/website/docs/r/integration_gar.html.markdown b/website/docs/r/integration_gar.html.markdown index 7bc4bf93..5f9d212f 100644 --- a/website/docs/r/integration_gar.html.markdown +++ b/website/docs/r/integration_gar.html.markdown @@ -27,6 +27,22 @@ resource "lacework_integration_gar" "example" { } ``` +## Example GAR Module Usage + +Lacework maintains a Terraform module that can be used to create and manage the necessary +resources required for both, the cloud provider platform as well as the Lacework platform. + +Here is a basic usage of this module: + +```hcl +module "gar" { + source = "lacework/gar/gcp" + version = "~> 0.1" +} +``` + +To see the list of inputs, outputs and dependencies, visit the [Terraform registry page of this module](https://registry.terraform.io/modules/lacework/gar/gcp/latest). + ## Example Loading Credentials from Local File Alternatively, this example shows how to load a [service account key created](https://cloud.google.com/iam/docs/creating-managing-service-account-keys#creating_service_account_keys) @@ -110,7 +126,7 @@ The `limit_by_label` block can be defined multiple times to define multiple labe * `private_key_id` - (Required) The service account private key ID. * `private_key` - (Required) The service account private key. -~> **Note:** The service account used for this integration requires the `storage.objectViewer` role for access to the Google project that contains the Google Artifact Registry (GAR). The role can be granted at the project level or the bucket level. If granting the role at the bucket level, you must grant the role to the default bucket called `artifacts.[YourProjectID].appspot.com`. In addition, the client must have access to the Google Artifact Registry API, Cloud Resource Manager API, and billing must be enabled. +~> **Note:** The service account used for this integration requires the `roles/artifactRegistry.reader` role for access to the Google project that contains the Google Artifact Registry (GAR). In addition, the client must have access to the Google Artifact Registry API, Cloud Resource Manager API, and billing must be enabled. Lacework maintains a [Terraform GAR module](https://registry.terraform.io/modules/lacework/gar/gcp/latest) that can be used to create and manage the necessary resources required for both, the cloud provider platform as well as the Lacework platform. ### Supported Registry Domains diff --git a/website/docs/r/integration_gcr.html.markdown b/website/docs/r/integration_gcr.html.markdown index afbc1012..142bce48 100644 --- a/website/docs/r/integration_gcr.html.markdown +++ b/website/docs/r/integration_gcr.html.markdown @@ -3,7 +3,7 @@ subcategory: "Container Registry Integrations" layout: "lacework" page_title: "Lacework: lacework_integration_gcr" description: |- - Create and manage GCR integrations + Create and manage Google Container Registry (GCR) integrations --- # lacework\_integration\_gcr @@ -27,37 +27,22 @@ resource "lacework_integration_gcr" "example" { } ``` -## Example Creating a Service Account +## Example GCR Module Usage -This example shows how to create a new service account using the [Lacework service-account module](https://registry.terraform.io/modules/lacework/service-account/gcp/latest) -and use it to create a new GCR integration: +Lacework maintains a Terraform module that can be used to create and manage the necessary +resources required for both, the cloud provider platform as well as the Lacework platform. -```hcl -locals { - gcr_credentials = jsondecode(base64decode(module.lacework_gcr_svc_account.private_key)) -} - -module "lacework_gcr_svc_account" { - source = "lacework/service-account/gcp" - version = "~> 0.1.4" - for_gcr = true - for_compliance = false +Here is a basic usage of this module: - # Optionally, a project ID can be specified with the input 'project_id' -} - -resource "lacework_integration_gcr" "example" { - name = "GRC Integration with Module" - registry_domain = "gcr.io" - credentials { - client_id = local.gcr_credentials.client_id - client_email = local.gcr_credentials.client_email - private_key_id = local.gcr_credentials.private_key_id - private_key = local.gcr_credentials.private_key - } +```hcl +module "gcr" { + source = "lacework/gcr/gcp" + version = "~> 1.0" } ``` +To see the list of inputs, outputs and dependencies, visit the [Terraform registry page of this module](https://registry.terraform.io/modules/lacework/gcr/gcp/latest). + ## Example Loading Credentials from Local File Alternatively, this example shows how to load a [service account key created](https://cloud.google.com/iam/docs/creating-managing-service-account-keys#creating_service_account_keys) @@ -106,7 +91,7 @@ The following arguments are supported: * `private_key_id` - (Required) The service account private key ID. * `private_key` - (Required) The service account private key. -~> **Note:** The service account used for this integration requires the `storage.objectViewer` role for access to the Google project that contains the Google Container Registry (GCR). The role can be granted at the project level or the bucket level. If granting the role at the bucket level, you must grant the role to the default bucket called `artifacts.[YourProjectID].appspot.com`. In addition, the client must have access to the Google Container Registry API and billing must be enabled. +~> **Note:** The service account used for this integration requires the `storage.objectViewer` role for access to the Google project that contains the Google Container Registry (GCR). The role can be granted at the project level or the bucket level. If granting the role at the bucket level, you must grant the role to the default bucket called `artifacts.[YourProjectID].appspot.com`. In addition, the client must have access to the Google Container Registry API and billing must be enabled. Lacework maintains a [Terraform GCR module](https://registry.terraform.io/modules/lacework/gcr/gcp/latest) that can be used to create and manage the necessary resources required for both, the cloud provider platform as well as the Lacework platform. ## Import