feat: add new variable 'lacework_agent_log_stdout' (#65)

Signed-off-by: Darren Murray <darren.murray@lacework.net>
lacework · Apr 21, 2023 · bb807d0 · bb807d0
1 parent ba687d4
commit bb807d0
Show file tree

Hide file tree

Showing 6 changed files with 62 additions and 4 deletions.
diff --git a/README.md b/README.md
@@ -48,8 +48,9 @@ The `main.tf` file will configure a Kubernetes Secret and DaemonSet which will t
 | <a name="input_enable_cluster_agent"></a> [enable\_cluster\_agent](#input\_enable\_cluster\_agent) | A boolean representing whether the Lacework cluster agent should be deployed | `bool` | `false` | no |
 | <a name="input_lacework_access_token"></a> [lacework\_access\_token](#input\_lacework\_access\_token) | The access token for the Lacework agent | `string` | n/a | yes |
 | <a name="input_lacework_agent_autoupgrade"></a> [lacework\_agent\_autoupgrade](#input\_lacework\_agent\_autoupgrade) | Boolean value to control whether or not the agent should automatically upgrade to newer versions when available | `bool` | `true` | no |
-| <a name="input_lacework_agent_configuration"></a> [lacework\_agent\_configuration](#input\_lacework\_agent\_configuration) | A map/dictionary of configuration parameters for the Lacework datacollector | `map(any)` | `{}` | no |
+| <a name="input_lacework_agent_configuration"></a> [lacework\_agent\_configuration](#input\_lacework\_agent\_configuration) | A map/dictionary of configuration parameters for the Lacework datacollector | `any` | `{}` | no |
 | <a name="input_lacework_agent_interface_connection_size"></a> [lacework\_agent\_interface\_connection\_size](#input\_lacework\_agent\_interface\_connection\_size) | Desired value for the InterfaceConnectionSize Lacework agent parameter | `string` | `""` | no |
+| <a name="input_lacework_agent_log_stdout"></a> [lacework\_agent\_log\_stdout](#input\_lacework\_agent\_log\_stdout) | Enable Lacework agent stdout logging. | `bool` | `true` | no |
 | <a name="input_lacework_agent_name"></a> [lacework\_agent\_name](#input\_lacework\_agent\_name) | The name for the Lacework agent service within Kubernetes | `string` | `"lacework-agent"` | no |
 | <a name="input_lacework_agent_tags"></a> [lacework\_agent\_tags](#input\_lacework\_agent\_tags) | A map/dictionary of Tags to be assigned to the Lacework datacollector | `map(string)` | `{}` | no |
 | <a name="input_lacework_cluster_configuration"></a> [lacework\_cluster\_configuration](#input\_lacework\_cluster\_configuration) | A map/dictionary of configuration parameters for the Lacework K8s collector | `map(any)` | `{}` | no |

diff --git a/examples/disable-stdout-logging/README.md b/examples/disable-stdout-logging/README.md
@@ -0,0 +1,24 @@
+# Disable stdout logging Kubernetes Deployment
+
+This example shows how to use the Terraform Provider for Lacework to create
+a new Lacework Agent Token and use it to generate a Kubernetes DaemonSet and
+Secret configuration for deploying the Lacework Datacollector Agent.
+
+```hcl
+provider "kubernetes" {}
+
+provider "lacework" {}
+
+resource "lacework_agent_access_token" "k8s" {
+  name        = "prod"
+  description = "k8s deployment for production env"
+}
+
+module "lacework_k8s_datacollector" {
+  source  = "lacework/agent/kubernetes"
+  version = "~> 2.0"
+
+  lacework_access_token     = lacework_agent_access_token.k8s.token
+  lacework_agent_log_stdout = false
+}
+```
diff --git a/examples/disable-stdout-logging/main.tf b/examples/disable-stdout-logging/main.tf
@@ -0,0 +1,15 @@
+provider "kubernetes" {}
+
+provider "lacework" {}
+
+resource "lacework_agent_access_token" "k8s" {
+  name        = "prod"
+  description = "k8s deployment for production env"
+}
+
+module "lacework_k8s_datacollector" {
+  source = "../../"
+
+  lacework_access_token    = lacework_agent_access_token.k8s.token
+  lacework_agent_log_stdout = false
+}
diff --git a/examples/disable-stdout-logging/versions.tf b/examples/disable-stdout-logging/versions.tf
@@ -0,0 +1,11 @@
+terraform {
+  required_version = ">= 0.15"
+
+  required_providers {
+    kubernetes = "~> 2.2"
+    lacework = {
+      source  = "lacework/lacework"
+      version = "~> 1.0"
+    }
+  }
+}
diff --git a/lacework_node.tf b/lacework_node.tf
@@ -9,8 +9,9 @@ locals {
     lacework_proxy_url                       = var.lacework_proxy_url
     lacework_server_url                      = var.lacework_server_url
   })
-  node_config_name   = "${var.lacework_config_name}-${random_id.node_config_name_tail.hex}"
-  merged_node_config = jsonencode(merge(jsondecode(local.node_config_data), var.lacework_agent_configuration))
+  lacework_agent_log_stdout = var.lacework_agent_log_stdout ? "yes" : ""
+  node_config_name          = "${var.lacework_config_name}-${random_id.node_config_name_tail.hex}"
+  merged_node_config        = jsonencode(merge(jsondecode(local.node_config_data), var.lacework_agent_configuration))
 }
 
 resource "random_id" "node_config_name_tail" {
@@ -130,7 +131,7 @@ resource "kubernetes_daemonset" "lacework_datacollector" {
 
           env {
             name  = "LaceworkLogStdout"
-            value = "yes"
+            value = local.lacework_agent_log_stdout
           }
 
           env {

diff --git a/variables.tf b/variables.tf
@@ -183,6 +183,12 @@ variable "pod_mem_limit" {
   description = "The limit of Memory for the Lacework datacollector pod"
 }
 
+variable "lacework_agent_log_stdout" {
+  type        = bool
+  default     = true
+  description = "Enable Lacework agent stdout logging."
+}
+
 variable "tolerations" {
   type = list(map(string))
   default = [