+## Requirements
+
+No requirements.
+
+## Providers
+
+| Name | Version |
+|------|---------|
+| [dsfhub](#provider\_dsfhub) | n/a |
+
+## Modules
+
+No modules.
+
+## Resources
+
+| Name | Type |
+|------|------|
+| [dsfhub_data_source.this](https://registry.terraform.io/providers/imperva/dsfhub/latest/docs/resources/data_source) | resource |
+
+## Inputs
+
+| Name | Description | Type | Default | Required |
+|------|-------------|------|---------|:--------:|
+| [admin\_email](#input\_admin\_email) | The email address to notify about the asset. | `string` | n/a | yes |
+| [asset\_display\_name](#input\_asset\_display\_name) | User-friendly name of the asset, defined by user | `string` | n/a | yes |
+| [asset\_id](#input\_asset\_id) | Unique identifier for the MySQL instance in the form '{project-id}:{instance-region}:{instance-name}'. | `string` | n/a | yes |
+| [audit\_pull\_enabled](#input\_audit\_pull\_enabled) | If true, sonargateway will collect the audit logs for this system if it can. | `bool` | `false` | no |
+| [gateway\_id](#input\_gateway\_id) | Unique identifier (UID) attached to the jSonar machine controlling the asset | `string` | n/a | yes |
+| [logs\_destination\_asset\_id](#input\_logs\_destination\_asset\_id) | The asset\_id of the GCP PUSUB asset that this asset is sending its audit logs to. | `string` | `null` | no |
+| [parent\_asset\_id](#input\_parent\_asset\_id) | The asset\_id of the GCP asset representing the GCP account where this data source is located. | `string` | `null` | no |
+| [server\_host\_name](#input\_server\_host\_name) | Hostname (or IP if host is unknown) of the GCP MySQL instance | `string` | n/a | yes |
+| [server\_ip](#input\_server\_ip) | IP address (or hostname if IP is unknown) of the GCP MySQL instance | `string` | n/a | yes |
+
+## Outputs
+
+| Name | Description |
+|------|-------------|
+| [this](#output\_this) | GCP MYSQL asset |
+
\ No newline at end of file
diff --git a/modules/dsfhub-gcp-mysql/main.tf b/modules/dsfhub-gcp-mysql/main.tf
new file mode 100644
index 0000000..1943ebf
--- /dev/null
+++ b/modules/dsfhub-gcp-mysql/main.tf
@@ -0,0 +1,22 @@
+terraform {
+ required_providers {
+ dsfhub = {
+ source = "imperva/dsfhub"
+ }
+ }
+}
+
+resource "dsfhub_data_source" "this" {
+ server_type = "GCP MYSQL"
+
+ admin_email = var.admin_email
+ asset_display_name = var.asset_display_name
+ asset_id = var.asset_id
+ audit_pull_enabled = var.audit_pull_enabled
+ gateway_id = var.gateway_id
+ logs_destination_asset_id = var.logs_destination_asset_id
+ parent_asset_id = var.parent_asset_id
+ server_host_name = var.server_host_name
+ server_ip = var.server_ip
+
+}
diff --git a/modules/dsfhub-gcp-mysql/outputs.tf b/modules/dsfhub-gcp-mysql/outputs.tf
new file mode 100644
index 0000000..b6fad3b
--- /dev/null
+++ b/modules/dsfhub-gcp-mysql/outputs.tf
@@ -0,0 +1,4 @@
+output "this" {
+ description = "GCP MYSQL asset"
+ value = dsfhub_data_source.this
+}
diff --git a/modules/dsfhub-gcp-mysql/variables.tf b/modules/dsfhub-gcp-mysql/variables.tf
new file mode 100644
index 0000000..7babca4
--- /dev/null
+++ b/modules/dsfhub-gcp-mysql/variables.tf
@@ -0,0 +1,47 @@
+variable "admin_email" {
+ description = "The email address to notify about the asset."
+ type = string
+}
+
+variable "asset_display_name" {
+ description = "User-friendly name of the asset, defined by user"
+ type = string
+}
+
+variable "asset_id" {
+ description = "Unique identifier for the MySQL instance in the form '{project-id}:{instance-region}:{instance-name}'."
+ type = string
+}
+
+variable "audit_pull_enabled" {
+ description = "If true, sonargateway will collect the audit logs for this system if it can."
+ type = bool
+ default = false
+}
+
+variable "gateway_id" {
+ description = "Unique identifier (UID) attached to the jSonar machine controlling the asset"
+ type = string
+}
+
+variable "logs_destination_asset_id" {
+ description = "The asset_id of the GCP PUSUB asset that this asset is sending its audit logs to."
+ type = string
+ default = null
+}
+
+variable "parent_asset_id" {
+ description = "The asset_id of the GCP asset representing the GCP account where this data source is located."
+ type = string
+ default = null
+}
+
+variable "server_host_name" {
+ description = "Hostname (or IP if host is unknown) of the GCP MySQL instance"
+ type = string
+}
+
+variable "server_ip" {
+ description = "IP address (or hostname if IP is unknown) of the GCP MySQL instance"
+ type = string
+}
diff --git a/modules/dsfhub-gcp-pubsub/README.md b/modules/dsfhub-gcp-pubsub/README.md
index 24d2f87..33160b5 100644
--- a/modules/dsfhub-gcp-pubsub/README.md
+++ b/modules/dsfhub-gcp-pubsub/README.md
@@ -1,13 +1,15 @@
## Requirements
-No requirements.
+| Name | Version |
+|------|---------|
+| [dsfhub](#requirement\_dsfhub) | >= 1.3.5 |
## Providers
| Name | Version |
|------|---------|
-| [dsfhub](#provider\_dsfhub) | n/a |
+| [dsfhub](#provider\_dsfhub) | >= 1.3.5 |
## Modules
@@ -27,8 +29,9 @@ No modules.
| [asset\_display\_name](#input\_asset\_display\_name) | User-friendly name of the asset, defined by user | `string` | n/a | yes |
| [asset\_id](#input\_asset\_id) | Unique identifier of the Google PubSub Subscription in the form 'projects/{{project}}/subscriptions/{{name}}'. | `string` | n/a | yes |
| [audit\_pull\_enabled](#input\_audit\_pull\_enabled) | If true, sonargateway will collect the audit logs for this system if it can. | `bool` | `false` | no |
-| [audit\_type](#input\_audit\_type) | Identifier for the type of audit data contained within the PubSub Subscription. Supported values: ALLOYDB\_POSTGRESQL, BIGQUERY, BIGTABLE, MYSQL, MYSQL\_SLOW, MSSQL, POSTGRESQL, SPANNER. | `string` | `null` | no |
+| [audit\_type](#input\_audit\_type) | Identifier for the type of audit data contained within the PubSub Subscription. Supported values: ALLOYDB\_POSTGRESQL, BIGQUERY, BIGTABLE, GCP\_MYSQL\_SLOW, MYSQL, MSSQL, POSTGRESQL, SPANNER. | `string` | `null` | no |
| [auth\_mechanism](#input\_auth\_mechanism) | Specifies the auth mechanism used by the connection. Supported values: default, service\_account. | `string` | `"default"` | no |
+| [content\_type](#input\_content\_type) | Desired 'parent' asset 'Server Type' which is the one tha tuses this asset as a destination for logs. NOTE: The content\_type field will take precedence on the lookup for parent\_asset\_id field when checking which server is sending logs to this asset. | `string` | `null` | no |
| [gateway\_id](#input\_gateway\_id) | Unique identifier (UID) attached to the jSonar machine controlling the asset | `string` | n/a | yes |
| [key\_file](#input\_key\_file) | Path to JSON file with credentials info (service account's key) residing on your Agentless Gateway. File must be accessible by the sonarw OS user. Required when auth\_mechanism is set to 'service\_account'. | `string` | `null` | no |
| [pubsub\_subscription](#input\_pubsub\_subscription) | ID of the Google PubSub Subscription in the form 'projects/{{project}}/subscriptions/{{name}}'. | `string` | n/a | yes |
diff --git a/modules/dsfhub-gcp-pubsub/main.tf b/modules/dsfhub-gcp-pubsub/main.tf
index 16d50d3..1621592 100644
--- a/modules/dsfhub-gcp-pubsub/main.tf
+++ b/modules/dsfhub-gcp-pubsub/main.tf
@@ -1,7 +1,8 @@
terraform {
required_providers {
dsfhub = {
- source = "imperva/dsfhub"
+ source = "imperva/dsfhub"
+ version = ">= 1.3.5"
}
}
}
@@ -14,6 +15,7 @@ resource "dsfhub_log_aggregator" "this" {
asset_id = var.asset_id
audit_pull_enabled = var.audit_pull_enabled
audit_type = var.audit_type
+ content_type = var.content_type
gateway_id = var.gateway_id
pubsub_subscription = var.pubsub_subscription
server_host_name = "pubsub.googleapis.com"
diff --git a/modules/dsfhub-gcp-pubsub/variables.tf b/modules/dsfhub-gcp-pubsub/variables.tf
index 7160ae1..a672aa7 100644
--- a/modules/dsfhub-gcp-pubsub/variables.tf
+++ b/modules/dsfhub-gcp-pubsub/variables.tf
@@ -20,7 +20,7 @@ variable "audit_pull_enabled" {
}
variable "audit_type" {
- description = "Identifier for the type of audit data contained within the PubSub Subscription. Supported values: ALLOYDB_POSTGRESQL, BIGQUERY, BIGTABLE, MYSQL, MYSQL_SLOW, MSSQL, POSTGRESQL, SPANNER."
+ description = "Identifier for the type of audit data contained within the PubSub Subscription. Supported values: ALLOYDB_POSTGRESQL, BIGQUERY, BIGTABLE, GCP_MYSQL_SLOW, MYSQL, MSSQL, POSTGRESQL, SPANNER."
type = string
default = null
validation {
@@ -29,8 +29,8 @@ variable "audit_type" {
"ALLOYDB_POSTGRESQL",
"BIGQUERY",
"BIGTABLE",
+ "GCP_MYSQL_SLOW",
"MYSQL",
- "MYSQL_SLOW",
"MSSQL",
"POSTGRESQL",
"SPANNER"
@@ -51,6 +51,12 @@ variable "auth_mechanism" {
}
}
+variable "content_type" {
+ description = "Desired 'parent' asset 'Server Type' which is the one tha tuses this asset as a destination for logs. NOTE: The content_type field will take precedence on the lookup for parent_asset_id field when checking which server is sending logs to this asset."
+ type = string
+ default = null
+}
+
variable "gateway_id" {
description = "Unique identifier (UID) attached to the jSonar machine controlling the asset"
type = string
diff --git a/modules/google-logging-project-sink/main.tf b/modules/google-logging-project-sink/main.tf
index 7e20c1d..b70c0c4 100644
--- a/modules/google-logging-project-sink/main.tf
+++ b/modules/google-logging-project-sink/main.tf
@@ -7,7 +7,7 @@ resource "google_logging_project_sink" "this" {
dynamic "exclusions" {
# If exclusions is not defined, do not create
- for_each = var.exclusions != null ? [0] : []
+ for_each = var.exclusions != null ? var.exclusions : []
content {
description = exclusions.value.description
diff --git a/modules/google-sql-database-instance/README.md b/modules/google-sql-database-instance/README.md
new file mode 100644
index 0000000..7a83f6a
--- /dev/null
+++ b/modules/google-sql-database-instance/README.md
@@ -0,0 +1,42 @@
+
+## Requirements
+
+No requirements.
+
+## Providers
+
+| Name | Version |
+|------|---------|
+| [google](#provider\_google) | n/a |
+
+## Modules
+
+No modules.
+
+## Resources
+
+| Name | Type |
+|------|------|
+| [google_sql_database_instance.this](https://registry.terraform.io/providers/hashicorp/google/latest/docs/resources/sql_database_instance) | resource |
+
+## Inputs
+
+| Name | Description | Type | Default | Required |
+|------|-------------|------|---------|:--------:|
+| [authorized\_networks](#input\_authorized\_networks) | A list of authorized network blocks as defined below.
authorized\_network:
- expiration\_time: (Optional) The RFC 3339 formatted date time string indicating when this whitelist expires.
- name: (Optional) A name for this whitelist entry.
- value: A CIDR notation IPv4 or IPv6 address that is allowed to access this instance. | list(
object(
{
expiration_time = optional(string)
name = optional(string)
value = string
}
)
)
| `null` | no |
+| [database\_flags](#input\_database\_flags) | List of database flags to assign to the instance. | list(
object(
{
name = string
value = string
}
)
)
| `null` | no |
+| [database\_version](#input\_database\_version) | The MySQL, PostgreSQL or SQL Server version to use. The full list of supported versions can be found at https://cloud.google.com/sql/docs/db-versions. | `string` | n/a | yes |
+| [deletion\_protection](#input\_deletion\_protection) | Whether Terraform will be prevented from destroying the instance. When the field is set to true or unset in Terraform state, a terraform apply or terraform destroy that would delete the instance will fail. When the field is set to false, deleting the instance is allowed. | `bool` | `false` | no |
+| [name](#input\_name) | The name of the instance. | `string` | n/a | yes |
+| [project](#input\_project) | The ID of the project that the service account will be created in. | `string` | `null` | no |
+| [region](#input\_region) | The region the instance will sit in. If a region is not provided in the resource definition, the provider region will be used instead. | `string` | `null` | no |
+| [root\_password](#input\_root\_password) | Initial root password. Can be updated. Required for MS SQL Server. | `string` | `null` | no |
+| [sql\_server\_audit\_config](#input\_sql\_server\_audit\_config) | A block describing a SQL Server audit configuration as described below.
- bucket: (Optional) The name of the destination bucket (e.g., gs://mybucket).
- upload\_interval: (Optional) How often to upload generated audit files. A duration in seconds with up to nine fractional digits, terminated by 's'. Example: "3.5s".
- retention\_interval: (Optional) How long to keep generated audit files. A duration in seconds with up to nine fractional digits, terminated by 's'. Example: "3.5s". | object({
bucket = optional(string)
upload_interval = optional(string)
retention_interval = optional(string)
}) | `null` | no |
+| [tier](#input\_tier) | The machine type to use. See [tiers](https://cloud.google.com/sql/docs/mysql/admin-api/rest/v1beta4/tiers) for more details and supported versions | `string` | `"db-f1-micro"` | no |
+
+## Outputs
+
+| Name | Description |
+|------|-------------|
+| [this](#output\_this) | Google SQL database instance |
+
\ No newline at end of file
diff --git a/modules/google-sql-database-instance/main.tf b/modules/google-sql-database-instance/main.tf
new file mode 100644
index 0000000..cf699e2
--- /dev/null
+++ b/modules/google-sql-database-instance/main.tf
@@ -0,0 +1,43 @@
+resource "google_sql_database_instance" "this" {
+ database_version = var.database_version
+ deletion_protection = var.deletion_protection
+ name = var.name
+ project = var.project
+ region = var.region
+ root_password = var.root_password
+
+ settings {
+ tier = var.tier
+
+ dynamic "database_flags" {
+ for_each = var.database_flags != null ? var.database_flags : []
+
+ content {
+ name = database_flags.value.name
+ value = database_flags.value.value
+ }
+ }
+
+ ip_configuration {
+ dynamic "authorized_networks" {
+ for_each = var.authorized_networks != null ? var.authorized_networks : []
+
+ content {
+ expiration_time = authorized_networks.value.expiration_time
+ name = authorized_networks.value.name
+ value = authorized_networks.value.value
+ }
+ }
+ }
+
+ dynamic "sql_server_audit_config" {
+ for_each = var.sql_server_audit_config != null ? [0] : []
+
+ content {
+ bucket = var.sql_server_audit_config.bucket
+ upload_interval = var.sql_server_audit_config.upload_interval
+ retention_interval = var.sql_server_audit_config.retention_interval
+ }
+ }
+ }
+}
diff --git a/modules/google-sql-database-instance/outputs.tf b/modules/google-sql-database-instance/outputs.tf
new file mode 100644
index 0000000..c58fe10
--- /dev/null
+++ b/modules/google-sql-database-instance/outputs.tf
@@ -0,0 +1,4 @@
+output "this" {
+ description = "Google SQL database instance"
+ value = google_sql_database_instance.this
+}
diff --git a/modules/google-sql-database-instance/variables.tf b/modules/google-sql-database-instance/variables.tf
new file mode 100644
index 0000000..cd1ede5
--- /dev/null
+++ b/modules/google-sql-database-instance/variables.tf
@@ -0,0 +1,97 @@
+variable "authorized_networks" {
+ description = <
+## Requirements
+
+No requirements.
+
+## Providers
+
+No providers.
+
+## Modules
+
+| Name | Source | Version |
+|------|--------|---------|
+| [gcp-mysql-asset](#module\_gcp-mysql-asset) | ../dsfhub-gcp-mysql | n/a |
+| [gcp-mysql-instance](#module\_gcp-mysql-instance) | ../google-sql-database-instance | n/a |
+
+## Resources
+
+No resources.
+
+## Inputs
+
+| Name | Description | Type | Default | Required |
+|------|-------------|------|---------|:--------:|
+| [gcp\_mysql\_admin\_email](#input\_gcp\_mysql\_admin\_email) | The email address to notify about the asset. | `string` | n/a | yes |
+| [gcp\_mysql\_audit\_pull\_enabled](#input\_gcp\_mysql\_audit\_pull\_enabled) | If true, sonargateway will collect the audit logs for this system if it can. | `bool` | `false` | no |
+| [gcp\_mysql\_gateway\_id](#input\_gcp\_mysql\_gateway\_id) | Unique identifier (UID) attached to the jSonar machine controlling the asset | `string` | n/a | yes |
+| [gcp\_mysql\_logs\_destination\_asset\_id](#input\_gcp\_mysql\_logs\_destination\_asset\_id) | The asset\_id of the GCP PUSUB asset that this asset is sending its audit logs to. | `string` | n/a | yes |
+| [gcp\_mysql\_parent\_asset\_id](#input\_gcp\_mysql\_parent\_asset\_id) | The asset\_id of the GCP asset representing the GCP account where this data source is located. | `string` | `null` | no |
+| [instance\_authorized\_networks](#input\_instance\_authorized\_networks) | A list of authorized network blocks as defined below.
authorized\_network:
- expiration\_time: (Optional) The RFC 3339 formatted date time string indicating when this whitelist expires.
- name: (Optional) A name for this whitelist entry.
- value: A CIDR notation IPv4 or IPv6 address that is allowed to access this instance. | list(
object(
{
expiration_time = optional(string)
name = optional(string)
value = string
}
)
)
| n/a | yes |
+| [instance\_database\_flags](#input\_instance\_database\_flags) | List of database flags to assign to the instance. | list(
object(
{
name = string
value = string
}
)
)
| [
{
"name": "log_output",
"value": "FILE"
},
{
"name": "general_log",
"value": "on"
}
]
| no |
+| [instance\_database\_version](#input\_instance\_database\_version) | The MySQL version to use. The full list of supported versions can be found at https://cloud.google.com/sql/docs/db-versions. | `string` | `"MYSQL_8_0"` | no |
+| [instance\_deletion\_protection](#input\_instance\_deletion\_protection) | Whether Terraform will be prevented from destroying the instance. When the field is set to true or unset in Terraform state, a terraform apply or terraform destroy that would delete the instance will fail. When the field is set to false, deleting the instance is allowed. | `bool` | `false` | no |
+| [instance\_name](#input\_instance\_name) | The name of the instance. | `string` | n/a | yes |
+| [instance\_project](#input\_instance\_project) | The ID of the project that the service account will be created in. | `string` | `null` | no |
+| [instance\_region](#input\_instance\_region) | The region the instance will sit in. If a region is not provided in the resource definition, the provider region will be used instead. | `string` | `null` | no |
+| [instance\_tier](#input\_instance\_tier) | The machine type to use. See [tiers](https://cloud.google.com/sql/docs/mysql/admin-api/rest/v1beta4/tiers) for more details and supported versions | `string` | `"db-f1-micro"` | no |
+
+## Outputs
+
+| Name | Description |
+|------|-------------|
+| [gcp-mysql-asset](#output\_gcp-mysql-asset) | GCP MYSQL asset |
+| [gcp-mysql-instance](#output\_gcp-mysql-instance) | Google MySQL database instance |
+
\ No newline at end of file
diff --git a/modules/onboard-gcp-mysql/main.tf b/modules/onboard-gcp-mysql/main.tf
new file mode 100644
index 0000000..4f18686
--- /dev/null
+++ b/modules/onboard-gcp-mysql/main.tf
@@ -0,0 +1,28 @@
+module "gcp-mysql-instance" {
+ source = "../google-sql-database-instance"
+
+ authorized_networks = var.instance_authorized_networks
+ database_flags = var.instance_database_flags
+ database_version = var.instance_database_version
+ deletion_protection = var.instance_deletion_protection
+ name = var.instance_name
+ project = var.instance_project
+ region = var.instance_region
+ root_password = null
+ sql_server_audit_config = null
+ tier = var.instance_tier
+}
+
+module "gcp-mysql-asset" {
+ source = "../dsfhub-gcp-mysql"
+
+ admin_email = var.gcp_mysql_admin_email
+ asset_display_name = module.gcp-mysql-instance.this.name
+ asset_id = "${module.gcp-mysql-instance.this.project}:${module.gcp-mysql-instance.this.region}:${module.gcp-mysql-instance.this.name}"
+ audit_pull_enabled = var.gcp_mysql_audit_pull_enabled
+ gateway_id = var.gcp_mysql_gateway_id
+ logs_destination_asset_id = var.gcp_mysql_logs_destination_asset_id
+ parent_asset_id = var.gcp_mysql_parent_asset_id
+ server_host_name = module.gcp-mysql-instance.this.ip_address.0.ip_address
+ server_ip = module.gcp-mysql-instance.this.ip_address.0.ip_address
+}
diff --git a/modules/onboard-gcp-mysql/outputs.tf b/modules/onboard-gcp-mysql/outputs.tf
new file mode 100644
index 0000000..2296af5
--- /dev/null
+++ b/modules/onboard-gcp-mysql/outputs.tf
@@ -0,0 +1,9 @@
+output "gcp-mysql-instance" {
+ description = "Google MySQL database instance"
+ value = module.gcp-mysql-instance.this
+}
+
+output "gcp-mysql-asset" {
+ description = "GCP MYSQL asset"
+ value = module.gcp-mysql-asset.this
+}
diff --git a/modules/onboard-gcp-mysql/variables.tf b/modules/onboard-gcp-mysql/variables.tf
new file mode 100644
index 0000000..9a45200
--- /dev/null
+++ b/modules/onboard-gcp-mysql/variables.tf
@@ -0,0 +1,109 @@
+variable "gcp_mysql_admin_email" {
+ description = "The email address to notify about the asset."
+ type = string
+}
+
+variable "gcp_mysql_audit_pull_enabled" {
+ description = "If true, sonargateway will collect the audit logs for this system if it can."
+ type = bool
+ default = false
+}
+
+variable "gcp_mysql_gateway_id" {
+ description = "Unique identifier (UID) attached to the jSonar machine controlling the asset"
+ type = string
+}
+
+variable "gcp_mysql_logs_destination_asset_id" {
+ description = "The asset_id of the GCP PUSUB asset that this asset is sending its audit logs to."
+ type = string
+}
+
+variable "gcp_mysql_parent_asset_id" {
+ description = "The asset_id of the GCP asset representing the GCP account where this data source is located."
+ type = string
+ default = null
+}
+
+variable "instance_authorized_networks" {
+ description = < [gcp\_pubsub\_admin\_email](#input\_gcp\_pubsub\_admin\_email) | The email address to notify about the asset. | `string` | n/a | yes |
| [gcp\_pubsub\_audit\_pull\_enabled](#input\_gcp\_pubsub\_audit\_pull\_enabled) | If true, sonargateway will collect the audit logs for this system if it can. | `bool` | `null` | no |
-| [gcp\_pubsub\_audit\_type](#input\_gcp\_pubsub\_audit\_type) | Identifier for the type of audit data contained within the PubSub Subscription. Supported values: ALLOYDB\_POSTGRESQL, BIGQUERY, BIGTABLE, MYSQL, MYSQL\_SLOW, MSSQL, POSTGRESQL, SPANNER. | `string` | `null` | no |
+| [gcp\_pubsub\_audit\_type](#input\_gcp\_pubsub\_audit\_type) | Identifier for the type of audit data contained within the PubSub Subscription. Supported values: ALLOYDB\_POSTGRESQL, BIGQUERY, BIGTABLE, GCP\_MYSQL\_SLOW, MYSQL, MSSQL, POSTGRESQL, SPANNER. | `string` | `null` | no |
| [gcp\_pubsub\_auth\_mechanism](#input\_gcp\_pubsub\_auth\_mechanism) | Specifies the auth mechanism used by the connection. Supported values: default, service\_account. | `string` | `"default"` | no |
+| [gcp\_pubsub\_content\_type](#input\_gcp\_pubsub\_content\_type) | Desired 'parent' asset 'Server Type' which is the one tha tuses this asset as a destination for logs. NOTE: The content\_type field will take precedence on the lookup for parent\_asset\_id field when checking which server is sending logs to this asset. | `string` | `null` | no |
| [gcp\_pubsub\_gateway\_id](#input\_gcp\_pubsub\_gateway\_id) | Unique identifier (UID) attached to the jSonar machine controlling the asset | `string` | n/a | yes |
| [gcp\_pubsub\_key\_file](#input\_gcp\_pubsub\_key\_file) | Path to JSON file with credentials info (service account's key) residing on your Agentless Gateway. File must be accessible by the sonarw OS user. Required when auth\_mechanism is set to 'service\_account'. | `string` | `null` | no |
| [gcp\_pubsub\_reason](#input\_gcp\_pubsub\_reason) | Used to differentiate connections that belong to the same asset | `string` | `"default"` | no |
diff --git a/modules/onboard-gcp-pubsub/main.tf b/modules/onboard-gcp-pubsub/main.tf
index f397b10..a91ce6a 100644
--- a/modules/onboard-gcp-pubsub/main.tf
+++ b/modules/onboard-gcp-pubsub/main.tf
@@ -55,6 +55,7 @@ module "gcp-pubsub-asset" {
audit_pull_enabled = var.gcp_pubsub_audit_pull_enabled
audit_type = var.gcp_pubsub_audit_type
auth_mechanism = var.gcp_pubsub_auth_mechanism
+ content_type = var.gcp_pubsub_content_type
gateway_id = var.gcp_pubsub_gateway_id
key_file = var.gcp_pubsub_key_file
pubsub_subscription = module.pubsub-subscription.this.id
diff --git a/modules/onboard-gcp-pubsub/variables.tf b/modules/onboard-gcp-pubsub/variables.tf
index 2a4ac1e..72f3c9a 100644
--- a/modules/onboard-gcp-pubsub/variables.tf
+++ b/modules/onboard-gcp-pubsub/variables.tf
@@ -10,7 +10,7 @@ variable "gcp_pubsub_audit_pull_enabled" {
}
variable "gcp_pubsub_audit_type" {
- description = "Identifier for the type of audit data contained within the PubSub Subscription. Supported values: ALLOYDB_POSTGRESQL, BIGQUERY, BIGTABLE, MYSQL, MYSQL_SLOW, MSSQL, POSTGRESQL, SPANNER."
+ description = "Identifier for the type of audit data contained within the PubSub Subscription. Supported values: ALLOYDB_POSTGRESQL, BIGQUERY, BIGTABLE, GCP_MYSQL_SLOW, MYSQL, MSSQL, POSTGRESQL, SPANNER."
type = string
default = null
validation {
@@ -19,8 +19,8 @@ variable "gcp_pubsub_audit_type" {
"ALLOYDB_POSTGRESQL",
"BIGQUERY",
"BIGTABLE",
+ "GCP_MYSQL_SLOW",
"MYSQL",
- "MYSQL_SLOW",
"MSSQL",
"POSTGRESQL",
"SPANNER"
@@ -41,6 +41,12 @@ variable "gcp_pubsub_auth_mechanism" {
}
}
+variable "gcp_pubsub_content_type" {
+ description = "Desired 'parent' asset 'Server Type' which is the one tha tuses this asset as a destination for logs. NOTE: The content_type field will take precedence on the lookup for parent_asset_id field when checking which server is sending logs to this asset."
+ type = string
+ default = null
+}
+
variable "gcp_pubsub_gateway_id" {
description = "Unique identifier (UID) attached to the jSonar machine controlling the asset"
type = string