A Terraform Module to integrate Google Container Registries (GCR) with Lacework.
Alternatively, it is possible to remove the offending roles from the state file before destroy, preventing the role(s) from being removed.
e.g. terraform state rm 'google_project_iam_binding.for_lacework_service_account'
roles/storage.objectViewer
cloudresourcemanager.googleapis.com
containerregistry.googleapis.com
| Name | Description | Type | Default | Required |
|---|---|---|---|---|
| project_id | A project ID different from the default defined inside the provider | string | "" | false |
| use_existing_service_account | Set this to true to use an existing Service Account. When using an existing service account, the required roles must be added manually. | bool | false | false |
| service_account_name | The Service Account name (required when use_existing_service_account is set to true). This can also be used to specify the new service account name when use_existing_service_account is set to false | string | "" | false |
| service_account_private_key | The private key in JSON format, base64 encoded (required when use_existing_service_account is set to true) | string | "" | false |
| prefix | The prefix that will be use at the beginning of every generated resource | string | lw-gcr | false |
| lacework_integration_name | The integration name displayed in the Lacework UI. | string | TF GCR | false |
| wait_time | Amount of time to wait before the next resource is provisioned. | string | 10s | false |
| registry_domain | The GCR domain, which specifies the location where you store the images. Supported domains are gcr.io, us.gcr.io, eu.gcr.io, or asia.gcr.io. | string | gcr.io | false |
| limit_by_tags | A list of image tags to limit the assessment of images with matching tags. If you specify limit_by_tags and limit_by_labels limits, they function as an AND. Supported field input can be ["mytext*mytext", "mytext", "mytext*", "mytext". Only one * wildcard is supported. | list(string) | * | false |
| limit_by_labels | A list of image labels to limit the assessment of images with matching labels. If you specify limit_by_tags and limit_by_labels limits, they function as an AND. Supported field input can be ["mytext*mytext", "mytext", "mytext*", "mytext"].Only one * wildcard is supported. | list(string) | * | false |
| limit_by_repositories | A list of repositories to assess. | list(string) | "" | false |
| limit_num_imgs | The maximum number of newest container images to assess per repository. Must be one of 5, 10, or 15. | string | 5 | false |
| non_os_package_support | Whether or not the integration should check non-os packages in the container for vulnerabilities. Defaults to true. | bool | true | false |
| Name | Description |
|---|---|
| service_account_name | The Service Account name |
| service_account_private_key | The private key in JSON format, base64 encoded |