terraform: add cron job for module scanning
Add a Cloud Scheduler job to do a module scan at 30 minutes past every
hour.
Change-Id: I19458905b821cbb6642099a7a40bdfd8c925b4fc
Reviewed-on: https://go-review.googlesource.com/c/vulndb/+/393842
Trust: Jonathan Amsterdam <jba@google.com>
Run-TryBot: Jonathan Amsterdam <jba@google.com>
TryBot-Result: Gopher Robot <gobot@golang.org>
Reviewed-by: kokoro <noreply+kokoro@google.com>
Reviewed-by: Damien Neil <dneil@google.com>
diff --git a/terraform/environment/worker.tf b/terraform/environment/worker.tf
index 61fff13..711c860 100644
--- a/terraform/environment/worker.tf
+++ b/terraform/environment/worker.tf
@@ -184,3 +184,29 @@
}
}
+resource "google_cloud_scheduler_job" "scan_modules" {
+ name = "vuln-${var.env}-scan-modules"
+ description = "Scan selected modules for vulns."
+ schedule = "30 * * * *" # every hour on the half hour
+ time_zone = local.tz
+ project = var.project
+ attempt_deadline = format("%ds", 30 * 60)
+
+ http_target {
+ http_method = "POST"
+ uri = "${google_cloud_run_service.worker.status[0].url}/scan-modules"
+ oidc_token {
+ service_account_email = data.google_compute_default_service_account.default.email
+ audience = var.oauth_client_id
+ }
+ }
+
+ retry_config {
+ max_backoff_duration = "3600s"
+ max_doublings = 5
+ max_retry_duration = "0s"
+ min_backoff_duration = "5s"
+ retry_count = 0
+ }
+}
+