From 52cc2e17c399fd7864de57b07faeee7554654b61 Mon Sep 17 00:00:00 2001
From: Hayden B <hblauzvern@google.com>
Date: Fri, 26 Jan 2024 00:53:46 -0800
Subject: [PATCH] Add configuration for pubsub consumers to sigstore module
 (#957)

Needed to configure in public instance deployment

Signed-off-by: Hayden Blauzvern <hblauzvern@google.com>
---
 terraform/gcp/modules/sigstore/sigstore.tf  | 2 ++
 terraform/gcp/modules/sigstore/variables.tf | 5 +++++
 2 files changed, 7 insertions(+)

diff --git a/terraform/gcp/modules/sigstore/sigstore.tf b/terraform/gcp/modules/sigstore/sigstore.tf
index 44f17226d..36f7ac69a 100644
--- a/terraform/gcp/modules/sigstore/sigstore.tf
+++ b/terraform/gcp/modules/sigstore/sigstore.tf
@@ -218,6 +218,8 @@ module "rekor" {
   dns_zone_name   = var.dns_zone_name
   dns_domain_name = var.dns_domain_name
 
+  new_entry_pubsub_consumers = var.rekor_new_entry_pubsub_consumers
+
   redis_cluster_memory_size_gb = var.redis_cluster_memory_size_gb
 
   depends_on = [
diff --git a/terraform/gcp/modules/sigstore/variables.tf b/terraform/gcp/modules/sigstore/variables.tf
index 6dee23e06..8cf23c2e3 100644
--- a/terraform/gcp/modules/sigstore/variables.tf
+++ b/terraform/gcp/modules/sigstore/variables.tf
@@ -260,6 +260,11 @@ variable "rekor_key_name" {
   default     = "rekor-key"
 }
 
+variable "rekor_new_entry_pubsub_consumers" {
+  type        = list(string)
+  description = "List of IAM principals that can subscribe to events about new entries in the log"
+}
+
 variable "timestamp" {
   type = object({
     enabled = bool