| 123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175 |
- resource "yandex_iam_service_account_static_access_key" "sa_static_key" {
- service_account_id = var.service_account_id
- description = "static access key for object storage and s3 "
- }
- data "archive_file" "function" {
- type = "zip"
- source_dir = "${path.module}/pusher"
- output_path = "${path.module}/pusher.zip"
- }
- resource "random_string" "project_suffix" {
- length = 10
- upper = false
- lower = true
- number = true
- special = false
- }
- #--------AUDIT-----------
- resource "yandex_message_queue" "log_queue_for_auditlog" {
- count = var.auditlog_enabled ? 1 : 0
- access_key = yandex_iam_service_account_static_access_key.sa_static_key.access_key
- secret_key = yandex_iam_service_account_static_access_key.sa_static_key.secret_key
- name = "log-queue-auditlog-${random_string.project_suffix.result}"
- visibility_timeout_seconds = 600
- receive_wait_time_seconds = 20
- message_retention_seconds = 1209600
- }
- resource "yandex_function" "s3_ymq_for_auditlog" {
- depends_on = [yandex_message_queue.log_queue_for_auditlog]
- folder_id = var.folder_id
- name = "s3-ymq-auditlog-sync-${random_string.project_suffix.result}"
- runtime = "python38"
- entrypoint = "main.handler"
- memory = "256"
- execution_timeout = "30"
- environment = {
- YMQ_URL = yandex_message_queue.log_queue_for_auditlog[0].id
- AWS_ACCESS_KEY_ID = yandex_iam_service_account_static_access_key.sa_static_key.access_key
- AWS_SECRET_ACCESS_KEY = yandex_iam_service_account_static_access_key.sa_static_key.secret_key
- AUDIT_LOG_PREFIX = var.auditlogs_prefix
- }
- user_hash = data.archive_file.function.output_base64sha256
- content {
- zip_filename = data.archive_file.function.output_path
- }
- }
- resource "yandex_function_trigger" "s3_ymq_auditlog_trigger" {
- depends_on = [yandex_message_queue.log_queue_for_auditlog,yandex_function.s3_ymq_for_auditlog]
- folder_id = var.folder_id
- name = "s3-ymq-auditlog-trigger-${random_string.project_suffix.result}"
-
- function {
- id = yandex_function.s3_ymq_for_auditlog.id
- service_account_id = var.service_account_id
- }
- object_storage {
- bucket_id = var.log_bucket_name
- prefix = var.auditlogs_prefix
- create = true
- update = false
- delete = false
- }
- }
- #--------FALCO-----------
- resource "yandex_message_queue" "log_queue_for_falco" {
- count = var.falco_enabled ? 1 :0
- access_key = yandex_iam_service_account_static_access_key.sa_static_key.access_key
- secret_key = yandex_iam_service_account_static_access_key.sa_static_key.secret_key
- name = "log-queue-falco-${random_string.project_suffix.result}"
- visibility_timeout_seconds = 600
- receive_wait_time_seconds = 20
- message_retention_seconds = 1209600
- }
- resource "yandex_function" "s3_ymq_for_falco" {
- depends_on = [yandex_message_queue.log_queue_for_falco]
- folder_id = var.folder_id
- name = "s3-ymq-falco-sync-${random_string.project_suffix.result}"
- runtime = "python38"
- entrypoint = "main.handler"
- memory = "256"
- execution_timeout = "30"
- environment = {
- YMQ_URL = yandex_message_queue.log_queue_for_falco[0].id
- AWS_ACCESS_KEY_ID = yandex_iam_service_account_static_access_key.sa_static_key.access_key
- AWS_SECRET_ACCESS_KEY = yandex_iam_service_account_static_access_key.sa_static_key.secret_key
- FALCO_LOG_PREFIX = var.falco_prefix
- }
- user_hash = data.archive_file.function.output_base64sha256
- content {
- zip_filename = data.archive_file.function.output_path
- }
- }
- resource "yandex_function_trigger" "s3_ymq_falco_trigger" {
- depends_on = [yandex_message_queue.log_queue_for_falco,yandex_function.s3_ymq_for_falco]
- folder_id = var.folder_id
- name = "s3-ymq-falco-trigger-${random_string.project_suffix.result}"
-
- function {
- id = yandex_function.s3_ymq_for_falco.id
- service_account_id = var.service_account_id
- }
- object_storage {
- bucket_id = var.log_bucket_name
- prefix = var.falco_prefix
- create = true
- update = false
- delete = false
- }
- }
- #--------KYVERNO-----------
- resource "yandex_message_queue" "log_queue_for_kyverno" {
- count = var.kyverno_enabled ? 1 :0
- access_key = yandex_iam_service_account_static_access_key.sa_static_key.access_key
- secret_key = yandex_iam_service_account_static_access_key.sa_static_key.secret_key
- name = "log-queue-kyverno-${random_string.project_suffix.result}"
- visibility_timeout_seconds = 600
- receive_wait_time_seconds = 20
- message_retention_seconds = 1209600
- }
- resource "yandex_function" "s3_ymq_for_kyverno" {
- depends_on = [yandex_message_queue.log_queue_for_kyverno]
- folder_id = var.folder_id
- name = "s3-ymq-kyverno-sync-${random_string.project_suffix.result}"
- runtime = "python38"
- entrypoint = "main.handler"
- memory = "256"
- execution_timeout = "30"
- environment = {
- YMQ_URL = yandex_message_queue.log_queue_for_kyverno[0].id
- AWS_ACCESS_KEY_ID = yandex_iam_service_account_static_access_key.sa_static_key.access_key
- AWS_SECRET_ACCESS_KEY = yandex_iam_service_account_static_access_key.sa_static_key.secret_key
- KYVERNO_LOG_PREFIX = var.kyverno_prefix
- }
- user_hash = data.archive_file.function.output_base64sha256
- content {
- zip_filename = data.archive_file.function.output_path
- }
- }
- resource "yandex_function_trigger" "s3_ymq_kyverno_trigger" {
- depends_on = [yandex_message_queue.log_queue_for_kyverno,yandex_function.s3_ymq_for_kyverno]
- folder_id = var.folder_id
- name = "s3-ymq-kyverno-trigger-${random_string.project_suffix.result}"
-
- function {
- id = yandex_function.s3_ymq_for_kyverno.id
- service_account_id = var.service_account_id
- }
- object_storage {
- bucket_id = var.log_bucket_name
- prefix = var.kyverno_prefix
- create = true
- update = false
- delete = false
- }
- }
|
