diff --git a/terraform/modules/aws-policies/README.md b/terraform/modules/aws-policies/README.md
index 6bf18b0..e87fb4d 100644
--- a/terraform/modules/aws-policies/README.md
+++ b/terraform/modules/aws-policies/README.md
@@ -3,14 +3,14 @@
| Name | Version |
|------|---------|
-| [terraform](#requirement\_terraform) | >= 1.6 |
-| [aws](#requirement\_aws) | ~> 5.0 |
+| [terraform](#requirement\_terraform) | >= 1.7 |
+| [aws](#requirement\_aws) | ~> 6.0 |
## Providers
| Name | Version |
|------|---------|
-| [aws](#provider\_aws) | ~> 5.0 |
+| [aws](#provider\_aws) | ~> 6.0 |
## Modules
@@ -24,9 +24,13 @@ No modules.
| [aws_iam_policy.pantheon_full_policy](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_policy) | resource |
| [aws_iam_policy.pantheon_full_policy2](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_policy) | resource |
| [aws_iam_policy.pantheon_full_policy3](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_policy) | resource |
+| [aws_iam_policy.pantheon_full_policy4](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_policy) | resource |
+| [aws_iam_policy.pantheon_full_policy5](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_policy) | resource |
| [aws_iam_policy_attachment.attach_PantheonDenyActionsPolicy1_to_gcp_federation](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_policy_attachment) | resource |
| [aws_iam_policy_attachment.attach_PantheonFullPolicy2_to_gcp_federation](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_policy_attachment) | resource |
| [aws_iam_policy_attachment.attach_PantheonFullPolicy3_to_gcp_federation](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_policy_attachment) | resource |
+| [aws_iam_policy_attachment.attach_PantheonFullPolicy4_to_gcp_federation](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_policy_attachment) | resource |
+| [aws_iam_policy_attachment.attach_PantheonFullPolicy5_to_gcp_federation](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_policy_attachment) | resource |
| [aws_iam_policy_attachment.attach_PantheonFullPolicy_to_gcp_federation](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_policy_attachment) | resource |
| [aws_iam_role.gcp_federation](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_role) | resource |
| [aws_iam_role_policy_attachment.attach_SecurityAudit_to_gcp_federation](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_role_policy_attachment) | resource |
diff --git a/terraform/modules/azure-entra/README.md b/terraform/modules/azure-entra/README.md
index 485a647..a3684d1 100644
--- a/terraform/modules/azure-entra/README.md
+++ b/terraform/modules/azure-entra/README.md
@@ -31,4 +31,40 @@ module "azure_entra_permission" {
- Assigns the specified Azure AD directory role to the given service principal.
## Notes
-- The service principal will be able to perform actions allowed by the assigned directory role (e.g., list users and groups if "Directory Readers" is assigned).
\ No newline at end of file
+- The service principal will be able to perform actions allowed by the assigned directory role (e.g., list users and groups if "Directory Readers" is assigned).
+
+## Requirements
+
+| Name | Version |
+|------|---------|
+| [azuread](#requirement\_azuread) | ~> 3.0 |
+
+## Providers
+
+| Name | Version |
+|------|---------|
+| [azuread](#provider\_azuread) | ~> 3.0 |
+
+## Modules
+
+No modules.
+
+## Resources
+
+| Name | Type |
+|------|------|
+| [azuread_directory_role.directory_reader](https://registry.terraform.io/providers/hashicorp/azuread/latest/docs/resources/directory_role) | resource |
+| [azuread_directory_role_assignment.pantheon_engine_directory_reader](https://registry.terraform.io/providers/hashicorp/azuread/latest/docs/resources/directory_role_assignment) | resource |
+| [azuread_service_principal.pantheon-service-principal](https://registry.terraform.io/providers/hashicorp/azuread/latest/docs/data-sources/service_principal) | data source |
+
+## Inputs
+
+| Name | Description | Type | Default | Required |
+|------|-------------|------|---------|:--------:|
+| [pantheon\_service\_principal](#input\_pantheon\_service\_principal) | The email address of the Google service account | `string` | n/a | yes |
+| [role](#input\_role) | The role to be assigned to the service account | `string` | `"Directory Readers"` | no |
+
+## Outputs
+
+No outputs.
+
\ No newline at end of file
diff --git a/terraform/modules/azure-permission/README.md b/terraform/modules/azure-permission/README.md
index 8b1cac8..09645ca 100644
--- a/terraform/modules/azure-permission/README.md
+++ b/terraform/modules/azure-permission/README.md
@@ -73,4 +73,51 @@ module "azure_permission_sub2" {
- Role assignment at the resource group level
## Notes
-- All role assignments are optional; if you leave a variable empty, no assignment is created for that scope.
\ No newline at end of file
+- All role assignments are optional; if you leave a variable empty, no assignment is created for that scope.
+
+## Requirements
+
+| Name | Version |
+|------|---------|
+| [azurerm](#requirement\_azurerm) | ~> 4.0 |
+
+## Providers
+
+| Name | Version |
+|------|---------|
+| [azuread](#provider\_azuread) | n/a |
+| [azurerm](#provider\_azurerm) | ~> 4.0 |
+
+## Modules
+
+No modules.
+
+## Resources
+
+| Name | Type |
+|------|------|
+| [azurerm_role_assignment.pantheon_engine_security_admin](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/role_assignment) | resource |
+| [azurerm_role_assignment.pantheon_engine_security_admin_management_groups](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/role_assignment) | resource |
+| [azurerm_role_assignment.pantheon_engine_security_admin_resource_groups](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/role_assignment) | resource |
+| [azuread_service_principal.pantheon-service-principal](https://registry.terraform.io/providers/hashicorp/azuread/latest/docs/data-sources/service_principal) | data source |
+| [azurerm_management_group.management_groups](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/data-sources/management_group) | data source |
+| [azurerm_resource_group.resource_groups](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/data-sources/resource_group) | data source |
+| [azurerm_role_definition.management_groups](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/data-sources/role_definition) | data source |
+| [azurerm_role_definition.resource_groups](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/data-sources/role_definition) | data source |
+| [azurerm_role_definition.subscription_role](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/data-sources/role_definition) | data source |
+| [azurerm_subscription.subscriptions](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/data-sources/subscription) | data source |
+
+## Inputs
+
+| Name | Description | Type | Default | Required |
+|------|-------------|------|---------|:--------:|
+| [management\_groups](#input\_management\_groups) | A list of specific resource IDs to which the IAM binding should be applied | `list(string)` | `[]` | no |
+| [pantheon\_service\_principal](#input\_pantheon\_service\_principal) | The email address of the Google service account | `string` | n/a | yes |
+| [resource\_groups](#input\_resource\_groups) | A list of resource group names to which the IAM binding should be applied | `list(string)` | `[]` | no |
+| [role](#input\_role) | The role to be assigned to the service account | `string` | `"Security Reader"` | no |
+| [subscriptions](#input\_subscriptions) | A list of subscription IDs to which the IAM binding should be applied | `list(string)` | `[]` | no |
+
+## Outputs
+
+No outputs.
+
\ No newline at end of file
diff --git a/terraform/modules/gcp-billing/README.md b/terraform/modules/gcp-billing/README.md
index 3a08511..3aaef9d 100644
--- a/terraform/modules/gcp-billing/README.md
+++ b/terraform/modules/gcp-billing/README.md
@@ -42,14 +42,14 @@ No outputs.
| Name | Version |
|------|---------|
-| [terraform](#requirement\_terraform) | >= 1.6 |
-| [google](#requirement\_google) | >= 5 |
+| [terraform](#requirement\_terraform) | >= 1.7 |
+| [google](#requirement\_google) | >= 6, >= 7 |
## Providers
| Name | Version |
|------|---------|
-| [google](#provider\_google) | >= 5 |
+| [google](#provider\_google) | >= 6, >= 7 |
## Modules
diff --git a/terraform/modules/gcp-log-export/README.md b/terraform/modules/gcp-log-export/README.md
index da22b0c..90e53b8 100644
--- a/terraform/modules/gcp-log-export/README.md
+++ b/terraform/modules/gcp-log-export/README.md
@@ -56,16 +56,16 @@ No modules.
| Name | Version |
|------|---------|
-| [terraform](#requirement\_terraform) | >= 1.6 |
-| [google](#requirement\_google) | >= 5 |
-| [random](#requirement\_random) | >= 3.6.0 |
+| [terraform](#requirement\_terraform) | >= 1.7 |
+| [google](#requirement\_google) | >= 6, >= 7 |
+| [random](#requirement\_random) | >= 3.8.0 |
## Providers
| Name | Version |
|------|---------|
-| [google](#provider\_google) | >= 5 |
-| [random](#provider\_random) | >= 3.6.0 |
+| [google](#provider\_google) | >= 6, >= 7 |
+| [random](#provider\_random) | >= 3.8.0 |
## Modules
@@ -84,6 +84,7 @@ No modules.
| Name | Description | Type | Default | Required |
|------|-------------|------|---------|:--------:|
| [destination\_uri](#input\_destination\_uri) | The full qualified destination URI of the PubSub topic the logging sink should write to in the form 'pubsub.googleapis.com/projects//topics/'. Will be provided by the team. | `string` | n/a | yes |
+| [ignore\_principal\_emails](#input\_ignore\_principal\_emails) | Audit logs from these principal emails will be ignored. | `list(string)` | n/a | yes |
| [pantheon\_service\_account](#input\_pantheon\_service\_account) | The service account used to scan resources. Will be provided by the team. | `string` | n/a | yes |
| [parent\_resource\_id](#input\_parent\_resource\_id) | The folder resp. organization number, e.g. 123456789. Needs to be set by user. | `string` | n/a | yes |
| [parent\_resource\_type](#input\_parent\_resource\_type) | Either 'folder' or 'organization'. Needs to be set by user. | `string` | n/a | yes |
diff --git a/terraform/modules/gcp-machine-scanning/README.md b/terraform/modules/gcp-machine-scanning/README.md
new file mode 100644
index 0000000..a0ab313
--- /dev/null
+++ b/terraform/modules/gcp-machine-scanning/README.md
@@ -0,0 +1,111 @@
+## Pantheon gcp-org terraform module
+
+Provides IAM bindings on folder or organization level.
+
+This module is optional.
+
+Example usage
+```hcl
+
+# needed to prepare Pantheon VM Scanner role
+
+module "gcp-org" {
+ source = "github.com/ottogroup/pantheon//terraform/modules/gcp-org?ref=VERSION"
+ org_id = "1234567890", # Organization1
+}
+
+module "gcp-machine-scanning" {
+ source = "github.com/ottogroup/pantheon//terraform/modules/gcp-machine-scanning?ref=VERSION"
+
+ # either org_id or folder_ids MUST be set
+ org_id = "1234567890", # Organization1
+ folder_ids = [
+ "folders/112233445566" # Department2
+ ]
+
+ pantheon_machine_scanning_role_id = module.gcp-org.pantheon_machine_scanning_role_id
+ pantheon_service_account = "engine@.iam.gserviceaccount.com"
+}
+
+
+```
+
+## Requirements
+
+| Name | Version |
+|------|---------|
+| [terraform](#requirement\_terraform) | >= 1 |
+| [google](#requirement\_google) | >= 4 |
+
+## Providers
+
+| Name | Version |
+|------|---------|
+| [google](#provider\_google) | >= 4 |
+
+## Modules
+
+| Name | Source | Version |
+|------|--------|---------|
+| [gcp-roles](#module\_gcp-roles) | ./../gcp-roles | n/a |
+
+## Resources
+
+| Name | Type |
+|------|------|
+| [google_folder_iam_member.folder_level_permissions](https://registry.terraform.io/providers/hashicorp/google/latest/docs/resources/folder_iam_member) | resource |
+| [google_organization_iam_member.org_level_permissions](https://registry.terraform.io/providers/hashicorp/google/latest/docs/resources/organization_iam_member) | resource |
+
+## Inputs
+
+| Name | Description | Type | Default | Required |
+|------|-------------|------|---------|:--------:|
+| [folder\_ids](#input\_folder\_ids) | Optional: The ID of a folder you want to attach the permissions to. Per default, the permissions will be granted on the org level. The format for each element is folders/{folder\_id}. Needs to be set by user. | `list(string)` | `[]` | no |
+| [org\_id](#input\_org\_id) | The ID of the organization that owns the resources that you want to scan. Needs to be set by user. | `string` | `null` | no |
+| [pantheon\_engine\_role\_id](#input\_pantheon\_engine\_role\_id) | The ID of org level custom role of Pantheon Engine. Will be provided by output of gcp-org module. | `string` | n/a | yes |
+| [pantheon\_gcp\_roles](#input\_pantheon\_gcp\_roles) | The roles that will be applied to all folders or the organization. The default are the recommended roles. | `list(string)` | `null` | no |
+| [pantheon\_service\_account](#input\_pantheon\_service\_account) | The service account used to scan resources. Will be provided by the team. | `string` | n/a | yes |
+
+## Outputs
+
+No outputs.
+
+## Requirements
+
+| Name | Version |
+|------|---------|
+| [google](#requirement\_google) | ~> 7.0 |
+| [null](#requirement\_null) | 3.2.4 |
+
+## Providers
+
+| Name | Version |
+|------|---------|
+| [google](#provider\_google) | ~> 7.0 |
+| [null](#provider\_null) | 3.2.4 |
+
+## Modules
+
+No modules.
+
+## Resources
+
+| Name | Type |
+|------|------|
+| [google_folder_iam_member.folder_level_permissions](https://registry.terraform.io/providers/hashicorp/google/latest/docs/resources/folder_iam_member) | resource |
+| [google_organization_iam_member.org_level_permissions](https://registry.terraform.io/providers/hashicorp/google/latest/docs/resources/organization_iam_member) | resource |
+| [null_resource.assert_org_or_folder_ids_are_set](https://registry.terraform.io/providers/hashicorp/null/3.2.4/docs/resources/resource) | resource |
+
+## Inputs
+
+| Name | Description | Type | Default | Required |
+|------|-------------|------|---------|:--------:|
+| [folder\_ids](#input\_folder\_ids) | The ID of a folder you want to attach the permissions to. Per default, the permissions will be granted on the org level. The format for each element is folders/{folder\_id}. Needs to be set by user. Either org\_id or folder\_ids must be set. | `list(string)` | `[]` | no |
+| [org\_id](#input\_org\_id) | The ID of the organization that owns the resources that you want to scan. Needs to be set by user. Either org\_id or folder\_ids must be set. | `string` | `null` | no |
+| [pantheon\_machine\_scanning\_role\_id](#input\_pantheon\_machine\_scanning\_role\_id) | The ID of org level custom role of Pantheon VM Scanner. Will be provided by output of gcp-org module. | `string` | n/a | yes |
+| [pantheon\_service\_account](#input\_pantheon\_service\_account) | The service account used to scan resources. Will be provided by the team. | `string` | n/a | yes |
+
+## Outputs
+
+No outputs.
+
\ No newline at end of file
diff --git a/terraform/modules/gcp-machine-scanning/folder.tf b/terraform/modules/gcp-machine-scanning/folder.tf
new file mode 100644
index 0000000..7449ce6
--- /dev/null
+++ b/terraform/modules/gcp-machine-scanning/folder.tf
@@ -0,0 +1,11 @@
+#
+# This file contains role bindings required for Pantheon on the folder level.
+#
+
+# Iterate over the permutation of all roles and folderIds
+resource "google_folder_iam_member" "folder_level_permissions" {
+ for_each = { for entry in local.folder_roles : "${entry.role}.${entry.folderId}" => entry }
+ folder = each.value.folderId
+ member = "serviceAccount:${var.pantheon_service_account}"
+ role = each.value.role
+}
diff --git a/terraform/modules/gcp-machine-scanning/locals.tf b/terraform/modules/gcp-machine-scanning/locals.tf
new file mode 100644
index 0000000..ac83918
--- /dev/null
+++ b/terraform/modules/gcp-machine-scanning/locals.tf
@@ -0,0 +1,11 @@
+locals {
+ folder_roles = flatten(
+ [
+ for folderId in var.folder_ids : {
+ role = var.pantheon_machine_scanning_role_id
+ folderId = folderId
+ }
+ ]
+ )
+ is_org_level = length(var.folder_ids) == 0
+}
\ No newline at end of file
diff --git a/terraform/modules/gcp-machine-scanning/main.tf b/terraform/modules/gcp-machine-scanning/main.tf
new file mode 100644
index 0000000..fbfc7ea
--- /dev/null
+++ b/terraform/modules/gcp-machine-scanning/main.tf
@@ -0,0 +1,9 @@
+
+resource "null_resource" "assert_org_or_folder_ids_are_set" {
+ lifecycle {
+ precondition {
+ condition = (var.org_id == null && length(var.folder_ids) > 0) || (var.org_id != null && length(var.folder_ids) > 0)
+ error_message = "Either org_id or folder_ids must be set. Please provide either an org_id or at least one folder_id."
+ }
+ }
+}
diff --git a/terraform/modules/gcp-machine-scanning/org.tf b/terraform/modules/gcp-machine-scanning/org.tf
new file mode 100644
index 0000000..6d084d8
--- /dev/null
+++ b/terraform/modules/gcp-machine-scanning/org.tf
@@ -0,0 +1,11 @@
+#
+# This file contains role bindings required for Pantheon on the org level.
+#
+
+# Only iterate over roles, if the configuration is on org level, else iterate over empty list (create not resources)
+resource "google_organization_iam_member" "org_level_permissions" {
+ for_each = local.is_org_level ? toset(var.pantheon_machine_scanning_role_id) : []
+ org_id = var.org_id
+ member = "serviceAccount:${var.pantheon_service_account}"
+ role = each.key
+}
diff --git a/terraform/modules/gcp-machine-scanning/provider.tf b/terraform/modules/gcp-machine-scanning/provider.tf
new file mode 100644
index 0000000..d831993
--- /dev/null
+++ b/terraform/modules/gcp-machine-scanning/provider.tf
@@ -0,0 +1,12 @@
+terraform {
+ required_providers {
+ google = {
+ source = "hashicorp/google"
+ version = "~> 7.0"
+ }
+ null = {
+ source = "hashicorp/null"
+ version = "3.2.4"
+ }
+ }
+}
diff --git a/terraform/modules/gcp-machine-scanning/variable.tf b/terraform/modules/gcp-machine-scanning/variable.tf
new file mode 100644
index 0000000..1182e0c
--- /dev/null
+++ b/terraform/modules/gcp-machine-scanning/variable.tf
@@ -0,0 +1,21 @@
+variable "org_id" {
+ type = string
+ default = null
+ description = "The ID of the organization that owns the resources that you want to scan. Needs to be set by user. Either org_id or folder_ids must be set."
+}
+
+variable "folder_ids" {
+ type = list(string)
+ default = []
+ description = "The ID of a folder you want to attach the permissions to. Per default, the permissions will be granted on the org level. The format for each element is folders/{folder_id}. Needs to be set by user. Either org_id or folder_ids must be set."
+}
+
+variable "pantheon_machine_scanning_role_id" {
+ type = string
+ description = "The ID of org level custom role of Pantheon VM Scanner. Will be provided by output of gcp-org module."
+}
+
+variable "pantheon_service_account" {
+ type = string
+ description = "The service account used to scan resources. Will be provided by the team."
+}
diff --git a/terraform/modules/gcp-org/README.md b/terraform/modules/gcp-org/README.md
index bccad1a..81a5a2c 100644
--- a/terraform/modules/gcp-org/README.md
+++ b/terraform/modules/gcp-org/README.md
@@ -43,14 +43,14 @@ No modules.
| Name | Version |
|------|---------|
-| [terraform](#requirement\_terraform) | >= 1.6 |
-| [google](#requirement\_google) | >= 5 |
+| [terraform](#requirement\_terraform) | >= 1.7 |
+| [google](#requirement\_google) | >= 6, >= 7 |
## Providers
| Name | Version |
|------|---------|
-| [google](#provider\_google) | >= 5 |
+| [google](#provider\_google) | >= 6, >= 7 |
## Modules
@@ -61,6 +61,7 @@ No modules.
| Name | Type |
|------|------|
| [google_organization_iam_custom_role.pantheon_engine_permissions](https://registry.terraform.io/providers/hashicorp/google/latest/docs/resources/organization_iam_custom_role) | resource |
+| [google_organization_iam_custom_role.pantheon_machine_scanning_permissions](https://registry.terraform.io/providers/hashicorp/google/latest/docs/resources/organization_iam_custom_role) | resource |
## Inputs
@@ -73,4 +74,5 @@ No modules.
| Name | Description |
|------|-------------|
| [pantheon\_engine\_role\_id](#output\_pantheon\_engine\_role\_id) | The identifier of the created custom role with the format organizations/{{org\_id}}/roles/{{role\_id}}. |
+| [pantheon\_machine\_scanning\_role\_id](#output\_pantheon\_machine\_scanning\_role\_id) | The identifier of the created custom role with the format organizations/{{org\_id}}/roles/{{role\_id}}. |
\ No newline at end of file
diff --git a/terraform/modules/gcp-org/main.tf b/terraform/modules/gcp-org/main.tf
index 845b6cf..3d55259 100644
--- a/terraform/modules/gcp-org/main.tf
+++ b/terraform/modules/gcp-org/main.tf
@@ -14,3 +14,14 @@ resource "google_organization_iam_custom_role" "pantheon_engine_permissions" {
"clientauthconfig.clients.listWithSecrets",
]
}
+
+resource "google_organization_iam_custom_role" "pantheon_machine_scanning_permissions" {
+ org_id = var.org_id
+ role_id = "pantheon.machineScanning"
+ title = "Pantheon machine scanning"
+ description = "Permissions for Pantheon to be able scan machine snapshots and list instances."
+ permissions = [
+ "compute.snapshots.create",
+ "compute.instances.list"
+ ]
+}
diff --git a/terraform/modules/gcp-org/outputs.tf b/terraform/modules/gcp-org/outputs.tf
index 7f88b2c..039f332 100644
--- a/terraform/modules/gcp-org/outputs.tf
+++ b/terraform/modules/gcp-org/outputs.tf
@@ -2,3 +2,8 @@ output "pantheon_engine_role_id" {
value = google_organization_iam_custom_role.pantheon_engine_permissions.id
description = "The identifier of the created custom role with the format organizations/{{org_id}}/roles/{{role_id}}."
}
+
+output "pantheon_machine_scanning_role_id" {
+ value = google_organization_iam_custom_role.pantheon_machine_scanning_permissions.id
+ description = "The identifier of the created custom role with the format organizations/{{org_id}}/roles/{{role_id}}."
+}
diff --git a/terraform/modules/gcp-permission/README.md b/terraform/modules/gcp-permission/README.md
index 1f3d21d..ca15a5e 100644
--- a/terraform/modules/gcp-permission/README.md
+++ b/terraform/modules/gcp-permission/README.md
@@ -48,14 +48,14 @@ No outputs.
| Name | Version |
|------|---------|
-| [terraform](#requirement\_terraform) | >= 1.6 |
-| [google](#requirement\_google) | >= 5 |
+| [terraform](#requirement\_terraform) | >= 1.7 |
+| [google](#requirement\_google) | >= 6, >= 7 |
## Providers
| Name | Version |
|------|---------|
-| [google](#provider\_google) | >= 5 |
+| [google](#provider\_google) | >= 6, >= 7 |
## Modules
diff --git a/terraform/modules/kubernetes-scanner/README.md b/terraform/modules/kubernetes-scanner/README.md
index 19bece8..79d01b5 100644
--- a/terraform/modules/kubernetes-scanner/README.md
+++ b/terraform/modules/kubernetes-scanner/README.md
@@ -3,13 +3,13 @@
| Name | Version |
|------|---------|
-| [kubernetes](#requirement\_kubernetes) | 2.31.0 |
+| [kubernetes](#requirement\_kubernetes) | 2.38.0 |
## Providers
| Name | Version |
|------|---------|
-| [kubernetes](#provider\_kubernetes) | 2.31.0 |
+| [kubernetes](#provider\_kubernetes) | 2.38.0 |
## Modules
@@ -19,19 +19,25 @@ No modules.
| Name | Type |
|------|------|
-| [kubernetes_cluster_role_binding_v1.pantheon_scanner_crb](https://registry.terraform.io/providers/hashicorp/kubernetes/2.31.0/docs/resources/cluster_role_binding_v1) | resource |
-| [kubernetes_cluster_role_v1.pantheon_scanner_cr](https://registry.terraform.io/providers/hashicorp/kubernetes/2.31.0/docs/resources/cluster_role_v1) | resource |
-| [kubernetes_config_map_v1.pantheon_scanner_cm](https://registry.terraform.io/providers/hashicorp/kubernetes/2.31.0/docs/resources/config_map_v1) | resource |
-| [kubernetes_cron_job_v1.scanner](https://registry.terraform.io/providers/hashicorp/kubernetes/2.31.0/docs/resources/cron_job_v1) | resource |
-| [kubernetes_namespace_v1.pantheon_scanner](https://registry.terraform.io/providers/hashicorp/kubernetes/2.31.0/docs/resources/namespace_v1) | resource |
-| [kubernetes_service_account_v1.pantheon_scanner](https://registry.terraform.io/providers/hashicorp/kubernetes/2.31.0/docs/resources/service_account_v1) | resource |
+| [kubernetes_cluster_role_binding_v1.pantheon_scanner_crb](https://registry.terraform.io/providers/hashicorp/kubernetes/2.38.0/docs/resources/cluster_role_binding_v1) | resource |
+| [kubernetes_cluster_role_v1.pantheon_scanner_cr](https://registry.terraform.io/providers/hashicorp/kubernetes/2.38.0/docs/resources/cluster_role_v1) | resource |
+| [kubernetes_config_map_v1.pantheon_scanner_cm](https://registry.terraform.io/providers/hashicorp/kubernetes/2.38.0/docs/resources/config_map_v1) | resource |
+| [kubernetes_cron_job_v1.scanner](https://registry.terraform.io/providers/hashicorp/kubernetes/2.38.0/docs/resources/cron_job_v1) | resource |
+| [kubernetes_namespace_v1.pantheon_scanner](https://registry.terraform.io/providers/hashicorp/kubernetes/2.38.0/docs/resources/namespace_v1) | resource |
+| [kubernetes_priority_class_v1.pantheon-high-priority](https://registry.terraform.io/providers/hashicorp/kubernetes/2.38.0/docs/resources/priority_class_v1) | resource |
+| [kubernetes_service_account_v1.pantheon_scanner](https://registry.terraform.io/providers/hashicorp/kubernetes/2.38.0/docs/resources/service_account_v1) | resource |
## Inputs
| Name | Description | Type | Default | Required |
|------|-------------|------|---------|:--------:|
-| [pantheon\_kubernetes\_scanner\_config\_file](#input\_pantheon\_kubernetes\_scanner\_config\_file) | The path to the config file to use for the pantheon kubernetes scanner | `any` | n/a | yes |
+| [pantheon\_kubernetes\_cluster\_asset\_class](#input\_pantheon\_kubernetes\_cluster\_asset\_class) | The asset class of the cluster | `any` | n/a | yes |
+| [pantheon\_kubernetes\_cluster\_canonical\_asset\_type](#input\_pantheon\_kubernetes\_cluster\_canonical\_asset\_type) | The canonical asset type of the cluster | `any` | n/a | yes |
+| [pantheon\_kubernetes\_cluster\_canonical\_resource\_id](#input\_pantheon\_kubernetes\_cluster\_canonical\_resource\_id) | The canonical resource id of the cluster | `any` | n/a | yes |
+| [pantheon\_kubernetes\_cluster\_service\_id](#input\_pantheon\_kubernetes\_cluster\_service\_id) | The service id cluster | `any` | n/a | yes |
+| [pantheon\_kubernetes\_node\_architecture](#input\_pantheon\_kubernetes\_node\_architecture) | The target node architecture for the scanner | `string` | `"amd64"` | no |
| [pantheon\_kubernetes\_scanner\_image](#input\_pantheon\_kubernetes\_scanner\_image) | The docker image to use for the pantheon kubernetes scanner | `any` | n/a | yes |
+| [pantheon\_kubernetes\_sink\_message\_broker](#input\_pantheon\_kubernetes\_sink\_message\_broker) | The sink message broker | `any` | n/a | yes |
## Outputs