From a8601201949405576fcf7640a5382d6b342b2fc1 Mon Sep 17 00:00:00 2001 From: Salim Afiune Date: Fri, 24 Jul 2020 14:30:08 -0600 Subject: [PATCH] fix(gcp): improve stability (#51) Signed-off-by: Salim Afiune Maya --- gcp/modules/audit_log/main.tf | 8 +++++--- gcp/modules/service_account/main.tf | 20 +++++++++----------- 2 files changed, 14 insertions(+), 14 deletions(-) diff --git a/gcp/modules/audit_log/main.tf b/gcp/modules/audit_log/main.tf index 5f1d9dc..fe0a936 100644 --- a/gcp/modules/audit_log/main.tf +++ b/gcp/modules/audit_log/main.tf @@ -1,7 +1,9 @@ locals { resource_level = var.org_integration ? "ORGANIZATION" : "PROJECT" resource_id = var.org_integration ? var.organization_id : module.lacework_at_svc_account.project_id - bucket_name = length(var.existing_bucket_name) > 0 ? var.existing_bucket_name : google_storage_bucket.lacework_bucket[0].name + bucket_name = length(var.existing_bucket_name) > 0 ? var.existing_bucket_name : ( + length(google_storage_bucket.lacework_bucket) > 0 ? google_storage_bucket.lacework_bucket[0].name : var.existing_bucket_name + ) project_id = data.google_project.selected.project_id project_number = data.google_project.selected.number logging_sink_writer_identity = var.org_integration ? ( @@ -126,8 +128,8 @@ resource "google_storage_notification" "lacework_notification" { # wait for 5 seconds for things to settle down in the GCP side # before trying to create the Lacework external integration -resource "time_sleep" "wait_5_seconds" { - create_duration = "5s" +resource "time_sleep" "wait_10_seconds" { + create_duration = "10s" depends_on = [ google_storage_notification.lacework_notification, google_pubsub_subscription_iam_binding.lacework, diff --git a/gcp/modules/service_account/main.tf b/gcp/modules/service_account/main.tf index 1e8b047..37301a6 100644 --- a/gcp/modules/service_account/main.tf +++ b/gcp/modules/service_account/main.tf @@ -11,8 +11,12 @@ locals { project_roles = var.org_integration ? [] : (var.create ? local.default_project_roles : []) organization_roles = var.create && var.org_integration ? local.default_organization_roles : [] project_id = data.google_project.selected.project_id - service_account_name = var.create ? google_service_account.lacework[0].display_name : data.google_service_account.selected.display_name - service_account_email = var.create ? google_service_account.lacework[0].email : data.google_service_account.selected.email + service_account_name = var.create ? ( + length(google_service_account.lacework) > 0 ? google_service_account.lacework[0].display_name : "" + ) : data.google_service_account.selected[0].display_name + service_account_email = var.create ? ( + length(google_service_account.lacework) > 0 ? google_service_account.lacework[0].email : "" + ) : data.google_service_account.selected[0].email } data "google_project" "selected" { @@ -29,6 +33,7 @@ resource "google_project_service" "required_apis" { resource "google_service_account" "lacework" { count = var.create ? 1 : 0 + project = local.project_id account_id = var.service_account_name display_name = var.service_account_name depends_on = [google_project_service.required_apis] @@ -52,21 +57,14 @@ resource "google_organization_iam_member" "for_lacework_service_account" { resource "google_service_account_key" "lacework" { count = var.create ? 1 : 0 - service_account_id = local.service_account_name + service_account_id = google_service_account.lacework[count.index].name depends_on = [ google_organization_iam_member.for_lacework_service_account, google_project_iam_member.for_lacework_service_account ] } -# wait for 5 seconds for the role to be created before trying to query it -resource "time_sleep" "wait_5_seconds" { - count = var.create ? 1 : 0 - create_duration = "5s" - depends_on = [google_service_account.lacework] -} - data "google_service_account" "selected" { + count = var.create ? 0 : 1 account_id = var.service_account_name - depends_on = [time_sleep.wait_5_seconds] }