add(oci): support home region (#7)

* add(oci): support home region * add(oci): support home region * add(oci): support home region
sysdiglabs · Jan 10, 2025 · a6d143b · a6d143b
1 parent a986372
commit a6d143b
Show file tree

Hide file tree

Showing 8 changed files with 46 additions and 19 deletions.
diff --git a/modules/config-posture/README.md b/modules/config-posture/README.md
@@ -13,11 +13,11 @@ The following resources will be created in each instrumented compartment/tenancy
 
 ## Requirements
 
-| Name                                                                      | Version |
-|---------------------------------------------------------------------------|---------|
-| <a name="requirement_terraform"></a> [terraform](#requirement\_terraform) | >= 1.0.0 |
+| Name                                                                      | Version   |
+|---------------------------------------------------------------------------|-----------|
+| <a name="requirement_terraform"></a> [terraform](#requirement\_terraform) | >= 1.0.0  |
 | <a name="requirement_oci"></a> [oci](#requirement\_oci)                   | >= 6.19.0 |
-| <a name="requirement_sysdig"></a> [sysdig](#requirement\_sysdig)          | ~> 1.42 |
+| <a name="requirement_sysdig"></a> [sysdig](#requirement\_sysdig)          | ~> 1.42   |
 
 ## Providers
 
@@ -42,12 +42,12 @@ resource |
 
 ## Inputs
 
-| Name                                                                                                             | Description                                                                                                                           | Type     | Default          | Required |
-|------------------------------------------------------------------------------------------------------------------|---------------------------------------------------------------------------------------------------------------------------------------|----------|------------------|:--------:|
-| <a name="input_is_organizational"></a> [is\_organizational](#input\_is\_organizational)                          | (Optional) True/False whether secure-for-cloud should be deployed in an organizational setup                                          | `bool`   | `false`          |    no    |
-| <a name="input_tenancy_ocid"></a> [tenancy\_ocid](#input\_tenancy\_ocid)                                         | (Required) Customer tenant OCID                                                                                                       | `string` | n/a              |   yes    |
-| <a name="input_compartment_ocid"></a> [compartment\_ocid](#input\_compartment\_ocid)                             | (Optional) Customer compartment OCID                                                                                                  | `string` | `""`             |    no    |
-| <a name="input_sysdig_secure_account_id"></a> [sysdig\_secure\_account\_id](#input\_sysdig\_secure\_account\_id) | (Required) ID of the Sysdig Cloud Account to enable Config Posture for (in case of organization, ID of the Sysdig management account) | `string` | n/a              |   yes    |
+| Name                                                                                                             | Description                                                                                                                           | Type     | Default | Required |
+|------------------------------------------------------------------------------------------------------------------|---------------------------------------------------------------------------------------------------------------------------------------|----------|---------|:--------:|
+| <a name="input_is_organizational"></a> [is\_organizational](#input\_is\_organizational)                          | (Optional) True/False whether secure-for-cloud should be deployed in an organizational setup                                          | `bool`   | `false` |    no    |
+| <a name="input_tenancy_ocid"></a> [tenancy\_ocid](#input\_tenancy\_ocid)                                         | (Required) Customer tenant OCID                                                                                                       | `string` | n/a     |   yes    |
+| <a name="input_compartment_ocid"></a> [compartment\_ocid](#input\_compartment\_ocid)                             | (Optional) Customer compartment OCID                                                                                                  | `string` | `""`    |    no    |
+| <a name="input_sysdig_secure_account_id"></a> [sysdig\_secure\_account\_id](#input\_sysdig\_secure\_account\_id) | (Required) ID of the Sysdig Cloud Account to enable Config Posture for (in case of organization, ID of the Sysdig management account) | `string` | n/a     |   yes    |
 
 ## Outputs
 

diff --git a/modules/config-posture/main.tf b/modules/config-posture/main.tf
@@ -45,6 +45,7 @@ resource "sysdig_secure_cloud_auth_account_component" "oracle_service_principal"
     oci = {
       api_key = {
         user_id = data.sysdig_secure_trusted_oracle_app.config_posture.user_ocid
+        region = var.region
       }
       policy = {
         policy_id = oci_identity_policy.admit_cspm_policy.id

diff --git a/modules/config-posture/variables.tf b/modules/config-posture/variables.tf
@@ -18,4 +18,9 @@ variable "compartment_ocid" {
 variable "sysdig_secure_account_id" {
   type        = string
   description = "(Required) ID of the Sysdig Cloud Account to enable Config Posture for (in case of organization, ID of the Sysdig management account)"
+}
+
+variable "region" {
+  type = string
+  description = "(Required) Customer home region"
 }
diff --git a/modules/onboarding/README.md b/modules/onboarding/README.md
@@ -20,11 +20,11 @@ Note:
 
 ## Requirements
 
-| Name                                                                      | Version |
-|---------------------------------------------------------------------------|---------|
-| <a name="requirement_terraform"></a> [terraform](#requirement\_terraform) | >= 1.0.0 |
+| Name                                                                      | Version   |
+|---------------------------------------------------------------------------|-----------|
+| <a name="requirement_terraform"></a> [terraform](#requirement\_terraform) | >= 1.0.0  |
 | <a name="requirement_oci"></a> [oci](#requirement\_oci)                   | >= 6.19.0 |
-| <a name="requirement_sysdig"></a> [sysdig](#requirement\_sysdig)          | ~> 1.42 |
+| <a name="requirement_sysdig"></a> [sysdig](#requirement\_sysdig)          | ~> 1.42   |
 
 ## Providers
 
@@ -51,11 +51,11 @@ resource |
 
 ## Inputs
 
-| Name                                                                                    | Description                                                                                  | Type     | Default          | Required |
-|-----------------------------------------------------------------------------------------|----------------------------------------------------------------------------------------------|----------|------------------|:--------:|
-| <a name="input_is_organizational"></a> [is\_organizational](#input\_is\_organizational) | (Optional) True/False whether secure-for-cloud should be deployed in an organizational setup | `bool`   | `false`          |    no    |
-| <a name="input_tenancy_ocid"></a> [tenancy\_ocid](#input\_tenancy\_ocid)                | (Required) Customer tenant OCID                                                              | `string` | n/a              |   yes    |
-| <a name="input_compartment_ocid"></a> [compartment\_ocid](#input\_compartment\_ocid)    | (Optional) Customer compartment OCID                                                         | `string` | `""`             |    no    |
+| Name                                                                                    | Description                                                                                  | Type     | Default | Required |
+|-----------------------------------------------------------------------------------------|----------------------------------------------------------------------------------------------|----------|---------|:--------:|
+| <a name="input_is_organizational"></a> [is\_organizational](#input\_is\_organizational) | (Optional) True/False whether secure-for-cloud should be deployed in an organizational setup | `bool`   | `false` |    no    |
+| <a name="input_tenancy_ocid"></a> [tenancy\_ocid](#input\_tenancy\_ocid)                | (Required) Customer tenant OCID                                                              | `string` | n/a     |   yes    |
+| <a name="input_compartment_ocid"></a> [compartment\_ocid](#input\_compartment\_ocid)    | (Optional) Customer compartment OCID                                                         | `string` | `""`    |    no    |
 
 ## Outputs
 

diff --git a/modules/onboarding/main.tf b/modules/onboarding/main.tf
@@ -1,3 +1,11 @@
+locals {
+  home_region = [
+    for subscription in data.oci_identity_region_subscriptions.test_region_subscriptions.region_subscriptions :
+    subscription.region_name
+    if subscription.is_home_region == true
+  ]
+}
+
 #-----------------------------------------------------------------------------------------
 # Fetch the data sources
 #-----------------------------------------------------------------------------------------
@@ -18,6 +26,11 @@ data "oci_identity_tenancy" "tenancy" {
   tenancy_id = var.tenancy_ocid
 }
 
+// tenancy region data
+data "oci_identity_region_subscriptions" "test_region_subscriptions" {
+  tenancy_id = var.tenancy_ocid
+}
+
 
 // random suffix for policy name
 resource "random_id" "suffix" {
@@ -61,6 +74,7 @@ resource "sysdig_secure_cloud_auth_account" "oracle_account" {
       oci = {
         api_key = {
           user_id = data.sysdig_secure_trusted_oracle_app.onboarding.user_ocid
+          region  = local.home_region[0]
         }
         policy = {
           policy_id = oci_identity_policy.admit_onboarding_policy.id

diff --git a/modules/onboarding/outputs.tf b/modules/onboarding/outputs.tf
@@ -17,3 +17,8 @@ output "is_organizational" {
   value       = var.is_organizational
   description = "Boolean value to indicate if secure-for-cloud is deployed to an entire Oracle organization or not"
 }
+
+output "region" {
+  value = local.home_region[0]
+  description = "Customer home region"
+}
diff --git a/tests/examples/modular_organization/onboarding_cspm_compartment.tf b/tests/examples/modular_organization/onboarding_cspm_compartment.tf
@@ -36,6 +36,7 @@ module "config-posture" {
   tenancy_ocid             = module.onboarding.tenancy_ocid
   compartment_ocid         = module.onboarding.compartment_ocid
   is_organizational        = module.onboarding.is_organizational
+  region                   = module.onboarding.region
 }
 
 resource "sysdig_secure_cloud_auth_account_feature" "config_posture" {

diff --git a/tests/examples/modular_organization/onboarding_cspm_tenancy.tf b/tests/examples/modular_organization/onboarding_cspm_tenancy.tf
@@ -35,6 +35,7 @@ module "config-posture" {
   tenancy_ocid             = module.onboarding.tenancy_ocid
   compartment_ocid         = module.onboarding.compartment_ocid
   is_organizational        = module.onboarding.is_organizational
+  region                   = module.onboarding.region
 }
 
 resource "sysdig_secure_cloud_auth_account_feature" "config_posture" {