Adding cscc vars to on_gke examples (#304)

README.md

@@ -86,6 +86,7 @@ your environment.
 | cloudsql\_db\_name | CloudSQL database name | string | `"forseti_security"` | no |
 | cloudsql\_db\_port | CloudSQL database port | string | `"3306"` | no |
 | cloudsql\_disk\_size | The size of data disk, in GB. Size of a running instance cannot be reduced but can be increased. | string | `"25"` | no |
+| cloudsql\_net\_write\_timeout | See MySQL documentation: https://dev.mysql.com/doc/refman/5.7/en/server-system-variables.html#sysvar_net_write_timeout | string | `"240"` | no |
 | cloudsql\_private | Whether to enable private network and not to create public IP for CloudSQL Instance | bool | `"false"` | no |
 | cloudsql\_proxy\_arch | CloudSQL Proxy architecture | string | `"linux.amd64"` | no |
 | cloudsql\_region | CloudSQL region | string | `"us-central1"` | no |

examples/on_gke/README.md

@@ -55,6 +55,8 @@ In order to operate with the Service Account you must activate the following API
 | Name | Description | Type | Default | Required |
 |------|-------------|:----:|:-----:|:-----:|
 | config\_validator\_enabled | Config Validator scanner enabled. | bool | `"false"` | no |
+| cscc\_source\_id | Source ID for CSCC Beta API | string | `""` | no |
+| cscc\_violations\_enabled | Notify for CSCC violations | bool | `"false"` | no |
 | domain | The domain associated with the GCP Organization ID | string | n/a | yes |
 | forseti\_email\_recipient | Email address that receives Forseti notifications | string | `""` | no |
 | forseti\_email\_sender | Email address that sends the Forseti notifications | string | `""` | no |

examples/on_gke/main.tf

@@ -135,6 +135,8 @@ module "forseti" {
   sendgrid_api_key        = var.sendgrid_api_key
   forseti_email_sender    = var.forseti_email_sender
   forseti_email_recipient = var.forseti_email_recipient
+  cscc_violations_enabled = var.cscc_violations_enabled
+  cscc_source_id          = var.cscc_source_id
 
   config_validator_enabled        = var.config_validator_enabled
   git_sync_private_ssh_key        = local.git_sync_private_ssh_key

examples/on_gke/variables.tf

@@ -14,6 +14,16 @@
  * limitations under the License.
  */
 
+variable "cscc_violations_enabled" {
+  description = "Notify for CSCC violations"
+  type        = bool
+  default     = false
+}
+
+variable "cscc_source_id" {
+  description = "Source ID for CSCC Beta API"
+  default     = ""
+}
 
 variable "config_validator_enabled" {
   description = "Config Validator scanner enabled."

examples/on_gke_end_to_end/README.md

@@ -55,6 +55,8 @@ In order to operate with the Service Account you must activate the following API
 |------|-------------|:----:|:-----:|:-----:|
 | auto\_create\_subnetworks | When set to true, the network is created in 'auto subnet mode' and it will create a subnet for each region automatically across the 10.128.0.0/9 address range. When set to false, the network is created in 'custom subnet mode' so the user can explicitly connect subnetwork resources. | bool | `"false"` | no |
 | config\_validator\_enabled | Config Validator scanner enabled. | bool | `"false"` | no |
+| cscc\_source\_id | Source ID for CSCC Beta API | string | `""` | no |
+| cscc\_violations\_enabled | Notify for CSCC violations | bool | `"false"` | no |
 | domain | The domain associated with the GCP Organization ID | string | n/a | yes |
 | forseti\_email\_recipient | Email address that receives Forseti notifications | string | `""` | no |
 | forseti\_email\_sender | Email address that sends the Forseti notifications | string | `""` | no |

examples/on_gke_end_to_end/main.tf

@@ -193,6 +193,9 @@ module "forseti" {
   sendgrid_api_key        = var.sendgrid_api_key
   forseti_email_sender    = var.forseti_email_sender
   forseti_email_recipient = var.forseti_email_recipient
+  cscc_violations_enabled = var.cscc_violations_enabled
+  cscc_source_id          = var.cscc_source_id
+
 
   config_validator_enabled         = var.config_validator_enabled
   git_sync_private_ssh_key         = local.git_sync_private_ssh_key

examples/on_gke_end_to_end/variables.tf

@@ -20,11 +20,21 @@ variable "config_validator_enabled" {
   default     = false
 }
 
+variable "cscc_violations_enabled" {
+  description = "Notify for CSCC violations"
+  type        = bool
+  default     = false
+}
+
+variable "cscc_source_id" {
+  description = "Source ID for CSCC Beta API"
+  default     = ""
+}
+
 variable "domain" {
   description = "The domain associated with the GCP Organization ID"
 }
 
-
 variable "git_sync_private_ssh_key_file" {
   description = "The file containing the private SSH key allowing the git-sync to clone the policy library repository."
   default     = ""

modules/on_gke/README.md

@@ -45,6 +45,7 @@ This sub-module deploys Forseti on GKE.  In short, this deploys a server contain
 | cloudsql\_acl\_violations\_should\_notify | Notify for CloudSQL ACL violations | bool | `"true"` | no |
 | cloudsql\_db\_name | CloudSQL database name | string | `"forseti_security"` | no |
 | cloudsql\_disk\_size | The size of data disk, in GB. Size of a running instance cannot be reduced but can be increased. | string | `"25"` | no |
+| cloudsql\_net\_write\_timeout | See MySQL documentation: https://dev.mysql.com/doc/refman/5.7/en/server-system-variables.html#sysvar_net_write_timeout | string | `"240"` | no |
 | cloudsql\_private | Whether to enable private network and not to create public IP for CloudSQL Instance | bool | `"false"` | no |
 | cloudsql\_region | CloudSQL region | string | `"us-central1"` | no |
 | cloudsql\_type | CloudSQL Instance size | string | `"db-n1-standard-4"` | no |