enable CSCC API when violations are enabled; fixes forseti-security#142

agold-rh · May 15, 2019 · b69e2e5 · b69e2e5
1 parent 7332b49
commit b69e2e5
Showing 1 changed file with 13 additions and 0 deletions.
diff --git a/main.tf b/main.tf
@@ -17,6 +17,7 @@
 resource "random_id" "random_hash_suffix" {
   byte_length = 4
 }
+
 resource "null_resource" "org_id_and_folder_id_are_both_empty" {
   count = "${var.org_id == "" && var.folder_id == "" ? 1 : 0}"
 
@@ -25,6 +26,7 @@ resource "null_resource" "org_id_and_folder_id_are_both_empty" {
     interpreter = ["bash", "-c"]
   }
 }
+
 #--------#
 # Locals #
 #--------#
@@ -50,6 +52,10 @@ locals {
     "storage-api.googleapis.com",
     "groupssettings.googleapis.com",
   ]
+
+  cscc_violations_enabled_services_list = [
+    "securitycenter.googleapis.com",
+  ]
 }
 
 #-------------------#
@@ -62,6 +68,13 @@ resource "google_project_service" "main" {
   disable_on_destroy = "false"
 }
 
+resource "google_project_service" "cscc_violations" {
+  count              = "${var.cscc_violations_enabled ? length(local.cscc_violations_enabled_services_list) : 0}"
+  project            = "${var.project_id}"
+  service            = "${local.cscc_violations_enabled_services_list[count.index]}"
+  disable_on_destroy = "false"
+}
+
 module "client" {
   source = "modules/client"