diff --git a/README.md b/README.md index dfee86097..5daff0732 100644 --- a/README.md +++ b/README.md @@ -86,6 +86,7 @@ your environment. | cloudsql\_db\_name | CloudSQL database name | string | `"forseti_security"` | no | | cloudsql\_db\_port | CloudSQL database port | string | `"3306"` | no | | cloudsql\_disk\_size | The size of data disk, in GB. Size of a running instance cannot be reduced but can be increased. | string | `"25"` | no | +| cloudsql\_net\_write\_timeout | See MySQL documentation: https://dev.mysql.com/doc/refman/5.7/en/server-system-variables.html#sysvar_net_write_timeout | string | `"240"` | no | | cloudsql\_private | Whether to enable private network and not to create public IP for CloudSQL Instance | bool | `"false"` | no | | cloudsql\_proxy\_arch | CloudSQL Proxy architecture | string | `"linux.amd64"` | no | | cloudsql\_region | CloudSQL region | string | `"us-central1"` | no | diff --git a/examples/on_gke/README.md b/examples/on_gke/README.md index a9fe4762e..9abf5da24 100644 --- a/examples/on_gke/README.md +++ b/examples/on_gke/README.md @@ -55,6 +55,8 @@ In order to operate with the Service Account you must activate the following API | Name | Description | Type | Default | Required | |------|-------------|:----:|:-----:|:-----:| | config\_validator\_enabled | Config Validator scanner enabled. | bool | `"false"` | no | +| cscc\_source\_id | Source ID for CSCC Beta API | string | `""` | no | +| cscc\_violations\_enabled | Notify for CSCC violations | bool | `"false"` | no | | domain | The domain associated with the GCP Organization ID | string | n/a | yes | | forseti\_email\_recipient | Email address that receives Forseti notifications | string | `""` | no | | forseti\_email\_sender | Email address that sends the Forseti notifications | string | `""` | no | diff --git a/examples/on_gke/main.tf b/examples/on_gke/main.tf index 4e8759698..5d34d4327 100644 --- a/examples/on_gke/main.tf +++ b/examples/on_gke/main.tf @@ -135,6 +135,8 @@ module "forseti" { sendgrid_api_key = var.sendgrid_api_key forseti_email_sender = var.forseti_email_sender forseti_email_recipient = var.forseti_email_recipient + cscc_violations_enabled = var.cscc_violations_enabled + cscc_source_id = var.cscc_source_id config_validator_enabled = var.config_validator_enabled git_sync_private_ssh_key = local.git_sync_private_ssh_key diff --git a/examples/on_gke/variables.tf b/examples/on_gke/variables.tf index cbf9c0a49..9f8247e6e 100644 --- a/examples/on_gke/variables.tf +++ b/examples/on_gke/variables.tf @@ -14,6 +14,16 @@ * limitations under the License. */ +variable "cscc_violations_enabled" { + description = "Notify for CSCC violations" + type = bool + default = false +} + +variable "cscc_source_id" { + description = "Source ID for CSCC Beta API" + default = "" +} variable "config_validator_enabled" { description = "Config Validator scanner enabled." diff --git a/examples/on_gke_end_to_end/README.md b/examples/on_gke_end_to_end/README.md index d4d304d7e..b0a1f27f8 100644 --- a/examples/on_gke_end_to_end/README.md +++ b/examples/on_gke_end_to_end/README.md @@ -55,6 +55,8 @@ In order to operate with the Service Account you must activate the following API |------|-------------|:----:|:-----:|:-----:| | auto\_create\_subnetworks | When set to true, the network is created in 'auto subnet mode' and it will create a subnet for each region automatically across the 10.128.0.0/9 address range. When set to false, the network is created in 'custom subnet mode' so the user can explicitly connect subnetwork resources. | bool | `"false"` | no | | config\_validator\_enabled | Config Validator scanner enabled. | bool | `"false"` | no | +| cscc\_source\_id | Source ID for CSCC Beta API | string | `""` | no | +| cscc\_violations\_enabled | Notify for CSCC violations | bool | `"false"` | no | | domain | The domain associated with the GCP Organization ID | string | n/a | yes | | forseti\_email\_recipient | Email address that receives Forseti notifications | string | `""` | no | | forseti\_email\_sender | Email address that sends the Forseti notifications | string | `""` | no | diff --git a/examples/on_gke_end_to_end/main.tf b/examples/on_gke_end_to_end/main.tf index 86d420dd9..77b6f30e8 100644 --- a/examples/on_gke_end_to_end/main.tf +++ b/examples/on_gke_end_to_end/main.tf @@ -193,6 +193,9 @@ module "forseti" { sendgrid_api_key = var.sendgrid_api_key forseti_email_sender = var.forseti_email_sender forseti_email_recipient = var.forseti_email_recipient + cscc_violations_enabled = var.cscc_violations_enabled + cscc_source_id = var.cscc_source_id + config_validator_enabled = var.config_validator_enabled git_sync_private_ssh_key = local.git_sync_private_ssh_key diff --git a/examples/on_gke_end_to_end/variables.tf b/examples/on_gke_end_to_end/variables.tf index e54c7ca13..67b6fefd1 100644 --- a/examples/on_gke_end_to_end/variables.tf +++ b/examples/on_gke_end_to_end/variables.tf @@ -20,11 +20,21 @@ variable "config_validator_enabled" { default = false } +variable "cscc_violations_enabled" { + description = "Notify for CSCC violations" + type = bool + default = false +} + +variable "cscc_source_id" { + description = "Source ID for CSCC Beta API" + default = "" +} + variable "domain" { description = "The domain associated with the GCP Organization ID" } - variable "git_sync_private_ssh_key_file" { description = "The file containing the private SSH key allowing the git-sync to clone the policy library repository." default = "" diff --git a/modules/on_gke/README.md b/modules/on_gke/README.md index ed396c4bb..c297ee9f6 100644 --- a/modules/on_gke/README.md +++ b/modules/on_gke/README.md @@ -45,6 +45,7 @@ This sub-module deploys Forseti on GKE. In short, this deploys a server contain | cloudsql\_acl\_violations\_should\_notify | Notify for CloudSQL ACL violations | bool | `"true"` | no | | cloudsql\_db\_name | CloudSQL database name | string | `"forseti_security"` | no | | cloudsql\_disk\_size | The size of data disk, in GB. Size of a running instance cannot be reduced but can be increased. | string | `"25"` | no | +| cloudsql\_net\_write\_timeout | See MySQL documentation: https://dev.mysql.com/doc/refman/5.7/en/server-system-variables.html#sysvar_net_write_timeout | string | `"240"` | no | | cloudsql\_private | Whether to enable private network and not to create public IP for CloudSQL Instance | bool | `"false"` | no | | cloudsql\_region | CloudSQL region | string | `"us-central1"` | no | | cloudsql\_type | CloudSQL Instance size | string | `"db-n1-standard-4"` | no |