docs: several clarifications (#96)

* docs: clarify import for trust_relationship

* docs: add troubleshooting PORT error

* docs: add sysdig_secure_endpoint as default endpoint is not that used

Author: iru

README.md

@@ -81,7 +81,8 @@ provider "google-beta" {
 }
 
 provider "sysdig" {
-  sysdig_secure_api_token  = "00000000-1111-2222-3333-444444444444"
+  sysdig_secure_url         = "<SYSDIG_SECURE_URL>"
+  sysdig_secure_endpoint    = "<SYSDIG_SECURE_API_TOKEN>"
 }
 
 module "cloud_bench" {
@@ -138,7 +139,7 @@ And a CloudBuild being launched successfully.
 ## Troubleshooting
 
 ### Q: Getting "Error creating WorkloadIdentityPool: googleapi: Error 409: Requested entity already exists"<br/>
-A: Currently Sysdig Backend does not support dynamic WorkloadPool and it's name is fixed to `sysdiglcoud`.
+A: Currently Sysdig Backend does not support dynamic WorkloadPool and it's name is fixed to `sysdigcloud`.
 <br/>Besides, Google, only performs a soft-deletion of this resource.
 https://cloud.google.com/iam/docs/manage-workload-identity-pools-providers#delete-pool
 > You can undelete a pool for up to 30 days after deletion. After 30 days, deletion is permanent. Until a pool is permanently deleted, you cannot reuse its   name when creating a new workload identity pool.<br/>
@@ -150,12 +151,17 @@ $ gcloud iam workload-identity-pools undelete sysdigcloud  --location=global
 $ gcloud iam workload-identity-pools providers undelete sysdigcloud --workload-identity-pool="sysdigcloud" --location=global
 
 # import to terraform state
-# input your project-id, and for organization example, change the import resource accordingly
-$ terraform import 'module.sfc_example_single-project.module.cloud_bench[0].module.trust_relationship["<YOUR_PROJECT_ID>"].google_iam_workload_identity_pool.pool' sysdigcloud
-$ terraform import 'module.sfc_example_single-project.module.cloud_bench[0].module.trust_relationship["<YOUR_PROJECT_ID>"].google_iam_workload_identity_pool_provider.pool_provider' sysdigcloud/sysdigcloud
+# for this you have to adapt the import resource to your specific usage
+# ex.: for single-project, input your project-id
+$ terraform import 'module.secure-for-cloud_example_single-project.module.cloud_bench[0].module.trust_relationship["<YOUR_PROJECT_ID>"].google_iam_workload_identity_pool.pool' sysdigcloud
+$ terraform import 'module.secure-for-cloud_example_single-project.module.cloud_bench[0].module.trust_relationship["<YOUR_PROJECT_ID>"].google_iam_workload_identity_pool_provider.pool_provider' sysdigcloud/sysdigcloud
+
+# ex.: for organization example you should change its reference too, per project
+$ terraform import 'module.secure-for-cloud_example_organization.module.cloud_bench[0].module.trust_relationship["<YOUR_PROJECT_ID>"].google_iam_workload_identity_pool.pool' sysdigcloud
+$ terraform import 'module.secure-for-cloud_example_organization.module.cloud_bench[0].module.trust_relationship["<YOUR_PROJECT_ID>"].google_iam_workload_identity_pool_provider.pool_provider' sysdigcloud/sysdigcloud
  ```
 
-### Q: Gettint "Error creating Topic: googleapi: Error 409: Resource already exists in the project (resource=gcr)"
+### Q: Getting "Error creating Topic: googleapi: Error 409: Resource already exists in the project (resource=gcr)"
 ```text
 │ Error: Error creating Topic: googleapi: Error 409: Resource already exists in the project (resource=gcr).
 │
@@ -172,6 +178,9 @@ $ terraform import 'module.sfc_example_single_project.module.pubsub_http_subscri
 Contact us to develop a workaround for this, where the topic name is to be reused.
 
 
+### Q: Getting "Cloud Run error: Container failed to start. Failed to start and then listen on the port defined by the PORT environment variable."
+A: If cloud-connector cloud run module cannot start it will give this error. The error is given by the health-check system, it's not specific to its PORT per-se
+S: Verify possible logs before the deployment crashes. Could be limitations due to Sysdig license (expired trial subscription or free-tier usage where cloud-account limit has been surpassed)
 
 ### Q: Scanning does not seem to work<br/>
 A: Verify that `gcr` topic exists. If `create_gcr_topic` is set to false and `gcr` topic is not found, the GCR scanning is omitted and won't be deployed. For more info see GCR PubSub topic.

examples/organization/README.md

@@ -50,7 +50,8 @@ module "secure-for-cloud_example_organization" {
   source = "sysdiglabs/secure-for-cloud/google//examples/organization"
 
   repository_project_ids    = ["<PROJECT_SCAN_ID1>", "<PROJECT_SCAN_ID2>"]
-  sysdig_secure_api_token   = "00000000-1111-2222-3333-444444444444"
+   sysdig_secure_url         = "<SYSDIG_SECURE_URL>"
+   sysdig_secure_endpoint    = "<SYSDIG_SECURE_API_TOKEN>"
   organization_domain       = "<ORG_DOMAIN>"
 }
 ```

examples/single-project-k8s/README.md

@@ -43,7 +43,8 @@ provider "helm" {
 
 module "secure_for_cloud_gcp_single_project_k8s" {
   source = "sysdiglabs/secure-for-cloud/google//examples/single-project-k8s"
-  sysdig_secure_api_token = "00000000-1111-2222-3333-444444444444"
+  sysdig_secure_url         = "<SYSDIG_SECURE_URL>"
+  sysdig_secure_endpoint    = "<SYSDIG_SECURE_API_TOKEN>"
 }
 ```
 

examples/single-project/README.md

@@ -49,7 +49,8 @@ provider "google-beta" {
 
 module "secure-for-cloud_example_single-project" {
   source = "sysdiglabs/secure-for-cloud/google//examples/single-project"
-  sysdig_secure_api_token = "00000000-1111-2222-3333-444444444444"
+   sysdig_secure_url         = "<SYSDIG_SECURE_URL>"
+   sysdig_secure_endpoint    = "<SYSDIG_SECURE_API_TOKEN>"
 }
 ```