Updated terraform to work with version 1.0.1

PaloAltoNetworks · Jan 23, 2024 · c3c89ba · c3c89ba
1 parent c14ad0f
commit c3c89ba
Show file tree

Hide file tree

Showing 3 changed files with 36 additions and 3 deletions.
diff --git a/terraform/AWS/main.tf b/terraform/AWS/main.tf
@@ -75,6 +75,7 @@ data "aws_iam_policy" "ebs_csi_policy" {
 
 # https://registry.terraform.io/modules/terraform-aws-modules/iam/aws/latest/submodules/iam-assumable-role-with-oidc
 module "irsa-ebs-csi" {
+  count   = var.job-has_volume ? 1 : 0
   source  = "terraform-aws-modules/iam/aws//modules/iam-assumable-role-with-oidc"
   version = "4.7.0"
 
@@ -87,9 +88,10 @@ module "irsa-ebs-csi" {
 
 # https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/eks_addon
 resource "aws_eks_addon" "ebs-csi" {
+  count                    = var.job-has_volume ? 1 : 0
   cluster_name             = module.eks.cluster_name
   addon_name               = "aws-ebs-csi-driver"
-  service_account_role_arn = module.irsa-ebs-csi.iam_role_arn
+  service_account_role_arn = module.irsa-ebs-csi[count.index].iam_role_arn
   tags = {
     "eks_addon" = "ebs-csi"
     "terraform" = "true"

diff --git a/terraform/AWS/twistlock-updater.tf b/terraform/AWS/twistlock-updater.tf
@@ -20,9 +20,14 @@ resource "helm_release" "twistlock-updater" {
   chart            = "twistlock-updater"
   namespace        = var.namespace
   create_namespace = true
-  version          = "1.0.0"
+  version          = "1.0.1"
   wait             = false
 
+  set {
+    name  = "always_run"
+    value = timestamp()
+  }
+
   set {
     name  = "compute.api_endpoint"
     value = var.compute_api_endpoint
@@ -43,6 +48,10 @@ resource "helm_release" "twistlock-updater" {
     value = var.job-schedule
   }
 
+  set {
+    name  = "job.has_volume"
+    value = var.job-has_volume
+  }
 
   set {
     name  = "job.timezone"
@@ -79,6 +88,11 @@ resource "helm_release" "twistlock-updater" {
     value = var.defender-monitor_service_accounts
   }
 
+  set {
+    name  = "job.cronjob_enabled"
+    value = var.job-cronjob_enabled
+  }
+
   depends_on = [
     aws_eks_addon.ebs-csi,
     module.eks,

diff --git a/terraform/AWS/variables.tf b/terraform/AWS/variables.tf
@@ -12,7 +12,7 @@ variable "cluster_name" {
 variable "namespace" {
   description = "Prisma Cloud Defender namespace"
   type        = string
-  default = "twistlock"
+  default     = "twistlock"
 }
 
 variable "compute_api_endpoint" {
@@ -30,14 +30,22 @@ variable "prisma_password" {
   type        = string
 }
 
+variable "job-cronjob_enabled" {
+  description = "Defender Auto Updater CronJob enablement"
+  type        = bool
+  default     = true
+}
+
 variable "job-schedule" {
   description = "Defender Auto Updater CronJob schedule"
   type        = string
+  default     = "0 0 * * Sun"
 }
 
 variable "job-timezone" {
   description = "Defender Auto Updater CronJob timezone"
   type        = string
+  default     = "Etc/UTC"
 }
 
 variable "job-image_name" {
@@ -55,17 +63,26 @@ variable "job-pull_secret_dockerconfigjson" {
   type        = string
 }
 
+variable "job-has_volume" {
+  description = "Defender Auto Updater job debug mode"
+  type        = bool
+  default     = true
+}
+
 variable "job-debug" {
   description = "Defender Auto Updater job debug mode"
   type        = bool
+  default     = false
 }
 
 variable "defender-collect_pod_labels" {
   description = "Enable defender collect pod labels"
   type        = bool
+  default     = true
 }
 
 variable "defender-monitor_service_accounts" {
   description = "Enable defender service accounts monitoring"
   type        = bool
+  default     = true
 }