Merge pull request #9 from Worklytics/rc-v0.4.30

update to v0.4.30

README.md

@@ -1,7 +1,5 @@
 # Psoxy Deployment Example - GCP
 
-** alpha **
-
 [![Latest Release](https://img.shields.io/github/v/release/Worklytics/psoxy-example-gcp)](https://github.com/Worklytics/psoxy-example-gcp/releases/latest)
 ![build passing](https://img.shields.io/github/actions/workflow/status/Worklytics/psoxy-example-gcp/terraform_validate.yaml?label=build%20passing)
 

google-workspace-variables.tf

@@ -25,3 +25,14 @@ variable "google_workspace_example_admin" {
   description = "user to impersonate for Google Workspace API calls (null for value of `google_workspace_example_user`)"
   default     = null # will failover to user
 }
+
+locals {
+  # tflint-ignore: terraform_unused_declarations
+  validate_google_workspace_gcp_project_id         = (var.google_workspace_gcp_project_id == null || var.google_workspace_gcp_project_id == "") && (length(setintersection(var.enabled_connectors, ["gcal", "gdirectory", "gdrive", "gmail", "google-meet", "google-chat"])) > 0)
+  validate_google_workspace_gcp_project_id_message = "The google_workspace_gcp_project_id var should be populated if a Google Workspace connector is enabled."
+  validate_google_workspace_gcp_project_id_check = regex(
+    "^${local.validate_google_workspace_gcp_project_id_message}$",
+    (!local.validate_google_workspace_gcp_project_id
+    ? local.validate_google_workspace_gcp_project_id_message
+    : ""))
+}

google-workspace.tf

@@ -7,7 +7,7 @@ provider "google" {
 
 
 module "worklytics_connectors_google_workspace" {
-  source = "git::https://github.com/worklytics/psoxy//infra/modules/worklytics-connectors-google-workspace?ref=v0.4.29"
+  source = "git::https://github.com/worklytics/psoxy//infra/modules/worklytics-connectors-google-workspace?ref=v0.4.30"
 
   providers = {
     google = google.google_workspace

init

@@ -3,10 +3,14 @@
 # Psoxy init script - lite version
 #
 # Usage:
-#   ./tools/release/init-example.sh <repo-root>
+#   ./tools/init-example.sh
+#   ./tools/init-example.sh <repo-root>
+#
+# if <repo-root> is omitted, presumes it's being run at the root of the Terraform
+# configuration
 #
 # this is meant to be run from within a Terraform configuration for Psoxy, modeled on one of our
-# examples
+# examples. Copied as the `init` script in each example.
 #
 # this is a 'thin' version, expected to be duplicated across multiple examples and then leverage
 # that 'terraform init' will do a clone of the repo, in which a longer init script will be provided
@@ -27,10 +31,6 @@ NC='\e[0m' # No Color
 
 EXPLICIT_REPO_CLONE_DIR=$1
 
-if [[ "${EXPLICIT_REPO_CLONE_DIR}" != */ ]]; then
-    EXPLICIT_REPO_CLONE_DIR="${EXPLICIT_REPO_CLONE_DIR}/"
-fi
-
 TF_CONFIG_ROOT=`pwd`
 
 if ! terraform -v &> /dev/null ; then
@@ -48,18 +48,24 @@ if [[ $TF_INIT_EXIT_CODE -ne 0 ]]; then
   exit 1
 fi
 
-if [[ -z $EXPLICIT_REPO_CLONE_DIR ]]; then
+# determine where the repo is cloned
+if [[ -z "$EXPLICIT_REPO_CLONE_DIR" ]]; then
   if [[ -d ".terraform/modules/psoxy/" ]]; then
     REPO_CLONE_BASE_DIR=".terraform/modules/psoxy/"
   else
-    # use checkout of repo on your local machine
-    cd ../../..
-    REPO_CLONE_BASE_DIR="$(pwd)/"
-    cd "${TF_CONFIG_ROOT}" # q: could be just `cd -`, right?
+    printf "${RED}No explicit path to repo clone provided, and 'psoxy' module in Terraform configuration.${NC}\n"
+    printf "Try running this script with a Terraform module named 'psoxy' that references to GitHub repo https://github.com/Worklytics/psoxy, or pass the path to a clone of that as the first argument to the script.\n"
+    printf " eg ${BLUE}./init ~/code/psoxy${NC}\n"
+    exit 1
   fi
 else
+  # append trailing slash if not present
+  if [[ "${EXPLICIT_REPO_CLONE_DIR}" != */ ]]; then
+      EXPLICIT_REPO_CLONE_DIR="${EXPLICIT_REPO_CLONE_DIR}/"
+  fi
+
   REPO_CLONE_BASE_DIR="$EXPLICIT_REPO_CLONE_DIR"
 fi
 
 # pass control to the full init script.
-${REPO_CLONE_BASE_DIR}/tools/init-example-full.sh $REPO_CLONE_BASE_DIR
+"${REPO_CLONE_BASE_DIR}/tools/init-example-full.sh" $REPO_CLONE_BASE_DIR

main.tf

@@ -39,14 +39,17 @@ locals {
 # be provisioned via Terraform, so doesn't add any dependencies
 # call this 'generic_source_connectors'?
 module "worklytics_connectors" {
-  source = "git::https://github.com/worklytics/psoxy//infra/modules/worklytics-connectors?ref=v0.4.29"
+  source = "git::https://github.com/worklytics/psoxy//infra/modules/worklytics-connectors?ref=v0.4.30"
 
 
-  enabled_connectors    = var.enabled_connectors
-  example_jira_issue_id = var.example_jira_issue_id
-  jira_cloud_id         = var.jira_cloud_id
-  jira_server_url       = var.jira_server_url
-  salesforce_domain     = var.salesforce_domain
+  enabled_connectors        = var.enabled_connectors
+  example_jira_issue_id     = var.example_jira_issue_id
+  jira_cloud_id             = var.jira_cloud_id
+  jira_server_url           = var.jira_server_url
+  salesforce_domain         = var.salesforce_domain
+  github_installation_id    = var.github_installation_id
+  github_organization       = var.github_organization
+  github_example_repository = var.github_example_repository
 }
 
 # sources which require additional dependencies are split into distinct Terraform files, following
@@ -83,7 +86,7 @@ locals {
 }
 
 module "psoxy" {
-  source = "git::https://github.com/worklytics/psoxy//infra/modules/gcp-host?ref=v0.4.29"
+  source = "git::https://github.com/worklytics/psoxy//infra/modules/gcp-host?ref=v0.4.30"
 
   gcp_project_id                 = var.gcp_project_id
   environment_name               = var.environment_name
@@ -119,7 +122,7 @@ locals {
 module "connection_in_worklytics" {
   for_each = local.all_instances
 
-  source = "git::https://github.com/worklytics/psoxy//infra/modules/worklytics-psoxy-connection-generic?ref=v0.4.29"
+  source = "git::https://github.com/worklytics/psoxy//infra/modules/worklytics-psoxy-connection-generic?ref=v0.4.30"
 
   psoxy_host_platform_id = local.host_platform_id
   psoxy_instance_id      = each.key

variables.tf

@@ -179,12 +179,12 @@ variable "custom_bulk_connectors" {
     input_bucket_name     = optional(string) # allow override of default bucket name
     sanitized_bucket_name = optional(string) # allow override of default bucket name
     rules = object({
-      pseudonymFormat       = optional(string)
-      columnsToRedact       = optional(list(string))
-      columnsToInclude      = optional(list(string))
-      columnsToPseudonymize = optional(list(string))
-      columnsToDuplicate    = optional(map(string))
-      columnsToRename       = optional(map(string))
+      pseudonymFormat       = optional(string, "URL_SAFE_TOKEN")
+      columnsToRedact       = optional(list(string)) # columns to remove from CSV
+      columnsToInclude      = optional(list(string)) # if you prefer to include only an explicit list of columns, rather than redacting those you don't want
+      columnsToPseudonymize = optional(list(string)) # columns to pseudonymize
+      columnsToDuplicate    = optional(map(string))  # columns to create copy of; name --> new name
+      columnsToRename       = optional(map(string))  # columns to rename: original name --> new name; renames applied BEFORE pseudonymization
     })
     settings_to_provide = optional(map(string), {})
   }))
@@ -207,15 +207,30 @@ variable "custom_bulk_connectors" {
 variable "custom_bulk_connector_rules" {
   type = map(object({
     pseudonymFormat       = optional(string, "URL_SAFE_TOKEN")
-    columnsToRedact       = optional(list(string))
-    columnsToInclude      = optional(list(string))
-    columnsToPseudonymize = optional(list(string))
-    columnsToDuplicate    = optional(map(string))
-    columnsToRename       = optional(map(string))
+    columnsToRedact       = optional(list(string)) # columns to remove from CSV
+    columnsToInclude      = optional(list(string)) # if you prefer to include only an explicit list of columns, rather than redacting those you don't want
+    columnsToPseudonymize = optional(list(string)) # columns to pseudonymize
+    columnsToDuplicate    = optional(map(string))  # columns to create copy of; name --> new name
+    columnsToRename       = optional(map(string))  # columns to rename: original name --> new name; renames applied BEFORE pseudonymization
   }))
 
   description = "map of connector id --> rules object"
-  default     = {}
+  default = {
+    # hris = {
+    #   columnsToRedact       = []
+    #   columnsToPseudonymize = [
+    #     "EMPLOYEE_ID",
+    #     "EMPLOYEE_EMAIL",
+    #     "MANAGER_ID",
+    #     "MANAGER_EMAIL"
+    #  ]
+    # columnsToRename = {
+    #   # original --> new
+    #   "workday_id" = "employee_id"
+    # }
+    # columnsToInclude = [
+    # ]
+  }
 }
 
 variable "salesforce_domain" {
@@ -242,6 +257,24 @@ variable "example_jira_issue_id" {
   description = "(Only required if using Jira Server/Cloud connector) Id of an issue for only to be used as part of example calls for Jira (ex: ETV-12)"
 }
 
+variable "github_installation_id" {
+  type        = string
+  default     = null
+  description = "(Only required if using Github connector) InstallationId of the application in your org for authentication with the proxy instance (ex: 123456)"
+}
+
+variable "github_organization" {
+  type        = string
+  default     = null
+  description = "(Only required if using Github connector) Name of the organization to be used as part of example calls for Github (ex: Worklytics)"
+}
+
+variable "github_example_repository" {
+  type        = string
+  default     = null
+  description = "(Only required if using Github connector) Name for the repository to be used as part of example calls for Github (ex: psoxy)"
+}
+
 # build lookup tables to JOIN data you receive back from Worklytics with your original data.
 #   - `join_key_column` should be the column you expect to JOIN on, usually 'employee_id'
 #   - `columns_to_include` is an optional a list of columns to include in the lookup table,
@@ -284,4 +317,3 @@ variable "todos_as_local_files" {
   description = "whether to render TODOs as flat files"
   default     = true
 }
-