From 5898506e995c9deb48d9e3fb2220dd671ff129e3 Mon Sep 17 00:00:00 2001
From: Jose Pablo Camacho <jose.camacho@sysdig.com>
Date: Wed, 9 Oct 2024 12:58:55 -0600
Subject: [PATCH 1/5] fix(routing-key): enable routing key generation in a
 deterministic way

---
 modules/integrations/pub-sub/main.tf    | 11 ++++++++---
 modules/integrations/pub-sub/outputs.tf |  5 +++++
 2 files changed, 13 insertions(+), 3 deletions(-)

diff --git a/modules/integrations/pub-sub/main.tf b/modules/integrations/pub-sub/main.tf
index f3d717a..3a164ba 100644
--- a/modules/integrations/pub-sub/main.tf
+++ b/modules/integrations/pub-sub/main.tf
@@ -22,14 +22,17 @@ data "google_project" "project" {
 
 data "sysdig_secure_tenant_external_id" "external_id" {}
 
-data "sysdig_secure_cloud_ingestion_assets" "assets" {}
+# data "sysdig_secure_cloud_ingestion_assets" "assets" {}
 
+data "sysdig_current_user" "user" {}
 #-----------------------------------------------------------------------------------------
 # These locals indicate the suffix to create unique name for resources
 #-----------------------------------------------------------------------------------------
 locals {
   suffix    = var.suffix == null ? random_id.suffix[0].hex : var.suffix
   role_name = "SysdigIngestionAuthRole"
+  key_name = "${var.project_id}-${data.sysdig_current_user.user.id}"
+  routing_key = uuidv5("oid", local.key_name)
 }
 
 
@@ -143,7 +146,8 @@ resource "google_pubsub_subscription" "ingestion_topic_push_subscription" {
   project                    = var.project_id
 
   push_config {
-    push_endpoint = data.sysdig_secure_cloud_ingestion_assets.assets.gcp_metadata.ingestionURL
+    push_endpoint = "https://app-staging.sysdigcloud.com/api/cloudingestion/gcp/v2/${local.routing_key}"
+#   push_endpoint = data.sysdig_secure_cloud_ingestion_assets.assets.gcp_metadata.ingestionURL
     attributes = {
       x-goog-version = "v1"
     }
@@ -256,7 +260,8 @@ resource "sysdig_secure_cloud_auth_account_component" "gcp_pubsub_datasource" {
         sink_name              = var.is_organizational ? google_logging_organization_sink.ingestion_sink[0].name : google_logging_project_sink.ingestion_sink[0].name
         push_subscription_name = google_pubsub_subscription.ingestion_topic_push_subscription.name
         push_endpoint          = google_pubsub_subscription.ingestion_topic_push_subscription.push_config[0].push_endpoint
-        routing_key            = data.sysdig_secure_cloud_ingestion_assets.assets.gcp_routing_key
+        routing_key            = local.routing_key
+#       routing_key            = data.sysdig_secure_cloud_ingestion_assets.assets.gcp_routing_key
       }
       service_principal = {
         workload_identity_federation = {
diff --git a/modules/integrations/pub-sub/outputs.tf b/modules/integrations/pub-sub/outputs.tf
index a1f7b73..39dad70 100644
--- a/modules/integrations/pub-sub/outputs.tf
+++ b/modules/integrations/pub-sub/outputs.tf
@@ -2,4 +2,9 @@ output "pubsub_datasource_component_id" {
   value       = "${sysdig_secure_cloud_auth_account_component.gcp_pubsub_datasource.type}/${sysdig_secure_cloud_auth_account_component.gcp_pubsub_datasource.instance}"
   description = "Component identifier of Webhook Datasource integration created in Sysdig Backend for Log Ingestion"
   depends_on  = [sysdig_secure_cloud_auth_account_component.gcp_pubsub_datasource]
+}
+
+output "pubsub_datasource_routing_key" {
+  value = local.routing_key
+  description = "Component routing key identifier of Webhook Datasource"
 }
\ No newline at end of file

From 0143dc805787f08a60cb7f34a009dc23d4c667f5 Mon Sep 17 00:00:00 2001
From: Jose Pablo Camacho <jose.camacho@sysdig.com>
Date: Wed, 9 Oct 2024 13:07:08 -0600
Subject: [PATCH 2/5] fix(routing-key): enable routing key generation in a
 deterministic way

---
 modules/integrations/pub-sub/main.tf    | 10 +++++-----
 modules/integrations/pub-sub/outputs.tf |  2 +-
 2 files changed, 6 insertions(+), 6 deletions(-)

diff --git a/modules/integrations/pub-sub/main.tf b/modules/integrations/pub-sub/main.tf
index 3a164ba..9847bd2 100644
--- a/modules/integrations/pub-sub/main.tf
+++ b/modules/integrations/pub-sub/main.tf
@@ -29,9 +29,9 @@ data "sysdig_current_user" "user" {}
 # These locals indicate the suffix to create unique name for resources
 #-----------------------------------------------------------------------------------------
 locals {
-  suffix    = var.suffix == null ? random_id.suffix[0].hex : var.suffix
-  role_name = "SysdigIngestionAuthRole"
-  key_name = "${var.project_id}-${data.sysdig_current_user.user.id}"
+  suffix      = var.suffix == null ? random_id.suffix[0].hex : var.suffix
+  role_name   = "SysdigIngestionAuthRole"
+  key_name    = "${var.project_id}-${data.sysdig_current_user.user.id}"
   routing_key = uuidv5("oid", local.key_name)
 }
 
@@ -147,7 +147,7 @@ resource "google_pubsub_subscription" "ingestion_topic_push_subscription" {
 
   push_config {
     push_endpoint = "https://app-staging.sysdigcloud.com/api/cloudingestion/gcp/v2/${local.routing_key}"
-#   push_endpoint = data.sysdig_secure_cloud_ingestion_assets.assets.gcp_metadata.ingestionURL
+    #   push_endpoint = data.sysdig_secure_cloud_ingestion_assets.assets.gcp_metadata.ingestionURL
     attributes = {
       x-goog-version = "v1"
     }
@@ -261,7 +261,7 @@ resource "sysdig_secure_cloud_auth_account_component" "gcp_pubsub_datasource" {
         push_subscription_name = google_pubsub_subscription.ingestion_topic_push_subscription.name
         push_endpoint          = google_pubsub_subscription.ingestion_topic_push_subscription.push_config[0].push_endpoint
         routing_key            = local.routing_key
-#       routing_key            = data.sysdig_secure_cloud_ingestion_assets.assets.gcp_routing_key
+        #       routing_key            = data.sysdig_secure_cloud_ingestion_assets.assets.gcp_routing_key
       }
       service_principal = {
         workload_identity_federation = {
diff --git a/modules/integrations/pub-sub/outputs.tf b/modules/integrations/pub-sub/outputs.tf
index 39dad70..839fd84 100644
--- a/modules/integrations/pub-sub/outputs.tf
+++ b/modules/integrations/pub-sub/outputs.tf
@@ -5,6 +5,6 @@ output "pubsub_datasource_component_id" {
 }
 
 output "pubsub_datasource_routing_key" {
-  value = local.routing_key
+  value       = local.routing_key
   description = "Component routing key identifier of Webhook Datasource"
 }
\ No newline at end of file

From 968d63e8a7682486bb6b3a5aff2b4cec342b84bf Mon Sep 17 00:00:00 2001
From: Jose Pablo Camacho <jose.camacho@sysdig.com>
Date: Wed, 16 Oct 2024 03:26:26 -0600
Subject: [PATCH 3/5] fix(routing-key): enable routing key generation in a
 deterministic way

---
 modules/integrations/pub-sub/main.tf    | 7 +++----
 modules/integrations/pub-sub/outputs.tf | 5 -----
 2 files changed, 3 insertions(+), 9 deletions(-)

diff --git a/modules/integrations/pub-sub/main.tf b/modules/integrations/pub-sub/main.tf
index 9847bd2..5a09abf 100644
--- a/modules/integrations/pub-sub/main.tf
+++ b/modules/integrations/pub-sub/main.tf
@@ -22,7 +22,7 @@ data "google_project" "project" {
 
 data "sysdig_secure_tenant_external_id" "external_id" {}
 
-# data "sysdig_secure_cloud_ingestion_assets" "assets" {}
+data "sysdig_secure_cloud_ingestion_assets" "assets" {}
 
 data "sysdig_current_user" "user" {}
 #-----------------------------------------------------------------------------------------
@@ -33,6 +33,7 @@ locals {
   role_name   = "SysdigIngestionAuthRole"
   key_name    = "${var.project_id}-${data.sysdig_current_user.user.id}"
   routing_key = uuidv5("oid", local.key_name)
+  ingestion_url = "${regex("^(.*)/[^/]+$", data.sysdig_secure_cloud_ingestion_assets.assets.gcp_metadata.ingestionURL)[0]}/${local.routing_key}"
 }
 
 
@@ -146,8 +147,7 @@ resource "google_pubsub_subscription" "ingestion_topic_push_subscription" {
   project                    = var.project_id
 
   push_config {
-    push_endpoint = "https://app-staging.sysdigcloud.com/api/cloudingestion/gcp/v2/${local.routing_key}"
-    #   push_endpoint = data.sysdig_secure_cloud_ingestion_assets.assets.gcp_metadata.ingestionURL
+    push_endpoint = local.ingestion_url
     attributes = {
       x-goog-version = "v1"
     }
@@ -261,7 +261,6 @@ resource "sysdig_secure_cloud_auth_account_component" "gcp_pubsub_datasource" {
         push_subscription_name = google_pubsub_subscription.ingestion_topic_push_subscription.name
         push_endpoint          = google_pubsub_subscription.ingestion_topic_push_subscription.push_config[0].push_endpoint
         routing_key            = local.routing_key
-        #       routing_key            = data.sysdig_secure_cloud_ingestion_assets.assets.gcp_routing_key
       }
       service_principal = {
         workload_identity_federation = {
diff --git a/modules/integrations/pub-sub/outputs.tf b/modules/integrations/pub-sub/outputs.tf
index 839fd84..a1f7b73 100644
--- a/modules/integrations/pub-sub/outputs.tf
+++ b/modules/integrations/pub-sub/outputs.tf
@@ -2,9 +2,4 @@ output "pubsub_datasource_component_id" {
   value       = "${sysdig_secure_cloud_auth_account_component.gcp_pubsub_datasource.type}/${sysdig_secure_cloud_auth_account_component.gcp_pubsub_datasource.instance}"
   description = "Component identifier of Webhook Datasource integration created in Sysdig Backend for Log Ingestion"
   depends_on  = [sysdig_secure_cloud_auth_account_component.gcp_pubsub_datasource]
-}
-
-output "pubsub_datasource_routing_key" {
-  value       = local.routing_key
-  description = "Component routing key identifier of Webhook Datasource"
 }
\ No newline at end of file

From 91a33e486de19a5a9f22265d5c52eda3e2290e04 Mon Sep 17 00:00:00 2001
From: Jose Pablo Camacho <jose.camacho@sysdig.com>
Date: Wed, 16 Oct 2024 03:29:51 -0600
Subject: [PATCH 4/5] fix(routing-key): enable routing key generation in a
 deterministic way

---
 modules/integrations/pub-sub/main.tf | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/modules/integrations/pub-sub/main.tf b/modules/integrations/pub-sub/main.tf
index 5a09abf..4053c31 100644
--- a/modules/integrations/pub-sub/main.tf
+++ b/modules/integrations/pub-sub/main.tf
@@ -29,10 +29,10 @@ data "sysdig_current_user" "user" {}
 # These locals indicate the suffix to create unique name for resources
 #-----------------------------------------------------------------------------------------
 locals {
-  suffix      = var.suffix == null ? random_id.suffix[0].hex : var.suffix
-  role_name   = "SysdigIngestionAuthRole"
-  key_name    = "${var.project_id}-${data.sysdig_current_user.user.id}"
-  routing_key = uuidv5("oid", local.key_name)
+  suffix        = var.suffix == null ? random_id.suffix[0].hex : var.suffix
+  role_name     = "SysdigIngestionAuthRole"
+  key_name      = "${var.project_id}-${data.sysdig_current_user.user.id}"
+  routing_key   = uuidv5("oid", local.key_name)
   ingestion_url = "${regex("^(.*)/[^/]+$", data.sysdig_secure_cloud_ingestion_assets.assets.gcp_metadata.ingestionURL)[0]}/${local.routing_key}"
 }
 

From 430176019208bd964b180c88d590ca7271f8afe1 Mon Sep 17 00:00:00 2001
From: Jose Pablo Camacho <jose.camacho@sysdig.com>
Date: Wed, 16 Oct 2024 14:37:44 -0600
Subject: [PATCH 5/5] fix(routing-key): enable routing key generation in a
 deterministic way

---
 modules/integrations/pub-sub/main.tf | 11 +++++++----
 1 file changed, 7 insertions(+), 4 deletions(-)

diff --git a/modules/integrations/pub-sub/main.tf b/modules/integrations/pub-sub/main.tf
index 4053c31..a02c6d7 100644
--- a/modules/integrations/pub-sub/main.tf
+++ b/modules/integrations/pub-sub/main.tf
@@ -24,19 +24,16 @@ data "sysdig_secure_tenant_external_id" "external_id" {}
 
 data "sysdig_secure_cloud_ingestion_assets" "assets" {}
 
-data "sysdig_current_user" "user" {}
 #-----------------------------------------------------------------------------------------
 # These locals indicate the suffix to create unique name for resources
 #-----------------------------------------------------------------------------------------
 locals {
   suffix        = var.suffix == null ? random_id.suffix[0].hex : var.suffix
   role_name     = "SysdigIngestionAuthRole"
-  key_name      = "${var.project_id}-${data.sysdig_current_user.user.id}"
-  routing_key   = uuidv5("oid", local.key_name)
+  routing_key   = random_uuid.routing_key.result
   ingestion_url = "${regex("^(.*)/[^/]+$", data.sysdig_secure_cloud_ingestion_assets.assets.gcp_metadata.ingestionURL)[0]}/${local.routing_key}"
 }
 
-
 #-----------------------------------------------------------------------------------------------------------------------
 # A random resource is used to generate unique Pub Sub name suffix for resources.
 # This prevents conflicts when recreating a Pub Sub resources with the same name.
@@ -46,6 +43,12 @@ resource "random_id" "suffix" {
   byte_length = 3
 }
 
+
+#-----------------------------------------------------------------------------------------------------------------------
+# A random UUID is used to generate a unique identifier for the routing key per onboarded entity.
+#-----------------------------------------------------------------------------------------------------------------------
+resource "random_uuid" "routing_key" {}
+
 #-----------------------------------------------------------------------------------------
 # Audit Logs
 #-----------------------------------------------------------------------------------------