forked from mkhanal1/connector_terraform_templates
-
Notifications
You must be signed in to change notification settings - Fork 1
/
Copy pathgcp_connector_terraform.tf
130 lines (110 loc) · 4.26 KB
/
gcp_connector_terraform.tf
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
######################################################################################################
# THIS SCRIPT IS PROVIDED TO YOU "AS IS." TO THE EXTENT PERMITTED BY LAW, QUALYS HEREBY DISCLAIMS ALL WARRANTIES AND LIABILITY
# FOR THE PROVISION OR USE OF THIS SCRIPT. IN NO EVENT SHALL THESE SCRIPTS BE DEEMED TO BE CLOUD SERVICES AS PROVIDED BY QUALYS
#
# Author: Mikesh Khanal
#
# INPUT THE FOLLOWING PARAMETERS
#
# project_id : GCP project to be onboarded to Qualys CloudView
# username: Username to login to Qualys CloudView
# Password: Password to login to Qualys CloudView
# baseurl: Qualys CloudView URL
######################################################################################################
variable "project_id" {
type = string
description = "The id of the GCP Project which you want to Onboard to Qualys CloudView."
}
variable "username" {
type = string
description = "The username for Qualys CloudView."
}
variable "password" {
type = string
description = "The password for Qualys CloudView."
}
variable "baseurl" {
type = string
description = "The API server for Qualys CloudView."
}
#############################
# Initializing the provider
##############################
terraform {
required_providers {
google = "~> 2.17"
}
}
provider "google" {}
############################################################
# Creating the service account and the associated key
############################################################
resource "random_id" "unique_id" {
byte_length = 8
}
resource "google_service_account" "qualys_cloudview_service_account" {
account_id = "cv-sa-${random_id.unique_id.dec}"
display_name = "Qualys CloudView Service Account"
project = var.project_id
}
resource "google_service_account_key" "qualys_cloudview_service_account_key" {
service_account_id = google_service_account.qualys_cloudview_service_account.name
}
########################################
# Role Assignment to the service account
########################################
resource "google_project_iam_member" "assign_viewer" {
project = var.project_id
role = "roles/viewer"
member = "serviceAccount:${google_service_account.qualys_cloudview_service_account.email}"
}
resource "google_project_iam_member" "assign_security-reviewer" {
project = var.project_id
role = "roles/iam.securityReviewer"
member = "serviceAccount:${google_service_account.qualys_cloudview_service_account.email}"
}
#################################
# Enable APIs
# Compute Engine API
# Cloud Resource Manager API
# Kubernetes Engine API
# Cloud SQL Admin API
#################################
resource "google_project_service" "enable_cloudresourcemanager" {
project = var.project_id
service = "cloudresourcemanager.googleapis.com"
disable_on_destroy = false
}
resource "google_project_service" "enable_service_compute" {
project = var.project_id
service = "compute.googleapis.com"
disable_on_destroy = false
}
resource "google_project_service" "enable_service_kubernetes" {
project = var.project_id
service = "container.googleapis.com"
disable_on_destroy = false
}
resource "google_project_service" "enable_service_sql" {
project = var.project_id
service = "sql-component.googleapis.com"
disable_on_destroy = false
}
#######################################################
# Qualys API Call to create CloudView Azure Connector
#######################################################
resource "local_file" "authentication_key" {
content = base64decode(google_service_account_key.qualys_cloudview_service_account_key.private_key)
filename = "${path.module}/authentication_key1.json"
depends_on = [google_project_service.enable_service_sql]
}
module "files" {
source = "matti/resource/shell"
command = "curl -u '${var.username}:${var.password}' -X POST --header 'Content-Type: multipart/form-data' --header 'Accept: application/json' -F name=${var.project_id} -F configFile=@authentication_key1.json ${var.baseurl}/cloudview-api/rest/v1/gcp/connectors"
depends = [local_file.authentication_key]
}
####################
## OUTPUT
####################
output "OUTPUT" { value = module.files.stdout }
output "EXIT-STATUS" { value = module.files.exitstatus }