diff --git a/check-prereqs b/check-prereqs index dbc2fc8..37c5c2a 100755 --- a/check-prereqs +++ b/check-prereqs @@ -18,8 +18,7 @@ if ! git --version &> /dev/null ; then fi if ! terraform -v &> /dev/null ; then - printf "${RED}Terraform CLI not available.${NC} Psoxy examples / deployment scripts require it. See https://developer.hashicorp.com/terraform/tutorials/aws-get-started/install-cli\n" - if $HOMEBREW_AVAILABLE; then printf " or, as you have Homebrew available, run ${BLUE}brew install terraform${NC}\n"; fi + printf "${RED}Terraform CLI not available.${NC} Psoxy examples / deployment scripts require it. See ${BLUE}https://developer.hashicorp.com/terraform/downloads${NC} for installation options\n" exit 1 fi @@ -40,8 +39,7 @@ printf "\n" JAVA_VERSION=`mvn -v | grep Java` printf "Your Maven installation uses ${BLUE}${JAVA_VERSION}${NC}.\n" -printf "\t- if that is a Java version < 11, you must upgrade to 11 or higher. We recommend 17, as it is LTS and we have seen problems with 19.x and 20.x.\n" -printf "\t- if that is some version of Java 19.x / 20.x, we recommend you *downgrade* to 17. See https://github.com/Worklytics/psoxy/blob/main/docs/troubleshooting.md#build-problems-with-java-19-specifically-openjdk-19\n" +printf "\t- if that is a Java version < 11, you must upgrade to 11. Java >= 11, <= 20 are supported.\n" printf "\t- if you have a Java JDK of the right version installed on your machine *other* than the one referenced there, set your ${BLUE}JAVA_HOME${NC} to its location.\n" printf "\n" @@ -51,6 +49,18 @@ if ! npm -v &> /dev/null ; then if $HOMEBREW_AVAILABLE; then printf " or, as you have Homebrew available, run ${BLUE}brew install node${NC}\n"; fi fi +AWSCLI_REASON="It is used if you're deploying to AWS." +if ! aws --version &> /dev/null ; then + printf "${RED}AWS CLI is not installed.${NC} ${AWSCLI_REASON} See https://docs.aws.amazon.com/cli/latest/userguide/install-cliv2.html\n" + if $HOMEBREW_AVAILABLE; then printf " or, as you have Homebrew available, run ${BLUE}brew install awscli${NC}\n"; fi +else + printf "AWS CLI version ${BLUE}`aws --version`${NC} is installed.\n" + printf "" + printf "\t- make sure ${BLUE}aws sts get-caller-identity${NC} returns the user/role/account you expect. $AWSCLI_REASON\n" +fi + +printf "\n" + GCLOUD_REASON="It is used if you're deploying to GCP or using Google Workspace data sources." if ! gcloud --version &> /dev/null ; then printf "${RED}Google Cloud SDK is not installed.${NC} ${GCLOUD_REASON} See https://cloud.google.com/sdk/docs/install\n" diff --git a/google-workspace.tf b/google-workspace.tf index 6b2c81e..1740f53 100644 --- a/google-workspace.tf +++ b/google-workspace.tf @@ -7,8 +7,7 @@ provider "google" { module "worklytics_connectors_google_workspace" { - source = "git::https://github.com/worklytics/psoxy//infra/modules/worklytics-connectors-google-workspace?ref=v0.4.26" - + source = "git::https://github.com/worklytics/psoxy//infra/modules/worklytics-connectors-google-workspace?ref=v0.4.29" providers = { google = google.google_workspace diff --git a/init b/init index 5430dd7..e7f1407 100755 --- a/init +++ b/init @@ -1,16 +1,36 @@ #!/bin/bash -# Psoxy init script +# Psoxy init script - lite version +# +# Usage: +# ./tools/release/init-example.sh # # this is meant to be run from within a Terraform configuration for Psoxy, modeled on one of our # examples -# see: https://github.com/Worklytics/psoxy/tree/main/infra/examples +# +# this is a 'thin' version, expected to be duplicated across multiple examples and then leverage +# that 'terraform init' will do a clone of the repo, in which a longer init script will be provided +# +# +# Testing: +# - within example directory, such as `infra/examples/aws-msft-365`: +# ../../../tools/init-example.sh ~/code/psoxy +# +# to repeat: +# ../../../tools/reset-example.sh # colors RED='\e[0;31m' BLUE='\e[0;34m' NC='\e[0m' # No Color + +EXPLICIT_REPO_CLONE_DIR=$1 + +if [[ "${EXPLICIT_REPO_CLONE_DIR}" != */ ]]; then + EXPLICIT_REPO_CLONE_DIR="${EXPLICIT_REPO_CLONE_DIR}/" +fi + TF_CONFIG_ROOT=`pwd` if ! terraform -v &> /dev/null ; then @@ -23,32 +43,23 @@ printf "Initializing ${BLUE}psoxy${NC} Terraform configuration ...\n" terraform init TF_INIT_EXIT_CODE=$? -if [ $TF_INIT_EXIT_CODE -ne 0 ]; then +if [[ $TF_INIT_EXIT_CODE -ne 0 ]]; then printf "${RED}Terraform init failed. See above for details. Cannot continue to initialize example configuration.${NC}\n" exit 1 fi -if [ -d ${TF_CONFIG_ROOT}/.terraform/modules/psoxy/ ]; then - # use checkout of repo done by Terraform - PSOXY_BASE_DIR=${TF_CONFIG_ROOT}/.terraform/modules/psoxy/ -else - # use checkout of repo on your local machine - cd ../../.. - PSOXY_BASE_DIR="`pwd`/" - cd ${TF_CONFIG_ROOT} -fi - -if [ ! -f terraform.tfvars ]; then - printf "Initializing ${BLUE}terraform.tfvars${NC} file for your configuration ...\n" - - TFVARS_FILE="${TF_CONFIG_ROOT}/terraform.tfvars" - - cp ${TF_CONFIG_ROOT}/terraform.tfvars.example.hcl $TFVARS_FILE - - ${PSOXY_BASE_DIR}tools/init-tfvars.sh $TFVARS_FILE $PSOXY_BASE_DIR +if [[ -z $EXPLICIT_REPO_CLONE_DIR ]]; then + if [[ -d ".terraform/modules/psoxy/" ]]; then + REPO_CLONE_BASE_DIR=".terraform/modules/psoxy/" + else + # use checkout of repo on your local machine + cd ../../.. + REPO_CLONE_BASE_DIR="$(pwd)/" + cd "${TF_CONFIG_ROOT}" # q: could be just `cd -`, right? + fi else - printf "${RED}Nothing to initialize. File terraform.tfvars already exists.${NC}\n\n" + REPO_CLONE_BASE_DIR="$EXPLICIT_REPO_CLONE_DIR" fi -# Install test tool -${PSOXY_BASE_DIR}tools/install-test-tool.sh ${PSOXY_BASE_DIR}tools +# pass control to the full init script. +${REPO_CLONE_BASE_DIR}/tools/init-example-full.sh $REPO_CLONE_BASE_DIR diff --git a/main.tf b/main.tf index 731aae6..f279b63 100644 --- a/main.tf +++ b/main.tf @@ -39,7 +39,7 @@ locals { # be provisioned via Terraform, so doesn't add any dependencies # call this 'generic_source_connectors'? module "worklytics_connectors" { - source = "git::https://github.com/worklytics/psoxy//infra/modules/worklytics-connectors?ref=v0.4.26" + source = "git::https://github.com/worklytics/psoxy//infra/modules/worklytics-connectors?ref=v0.4.29" enabled_connectors = var.enabled_connectors @@ -52,7 +52,6 @@ module "worklytics_connectors" { # sources which require additional dependencies are split into distinct Terraform files, following # the naming convention of `{source-identifier}.tf`, eg `msft-365.tf` # lines below merge results of those files back into single maps of sources - locals { api_connectors = merge( module.worklytics_connectors.enabled_api_connectors, @@ -74,7 +73,9 @@ locals { # module.worklytics_connectors_msft_365.next_todo_step, 0 ) +} +locals { bulk_connectors = merge( module.worklytics_connectors.enabled_bulk_connectors, var.custom_bulk_connectors, @@ -82,7 +83,7 @@ locals { } module "psoxy" { - source = "git::https://github.com/worklytics/psoxy//infra/modules/gcp-host?ref=v0.4.26" + source = "git::https://github.com/worklytics/psoxy//infra/modules/gcp-host?ref=v0.4.29" gcp_project_id = var.gcp_project_id environment_name = var.environment_name @@ -94,7 +95,7 @@ module "psoxy" { force_bundle = var.force_bundle install_test_tool = var.install_test_tool gcp_region = var.gcp_region - replica_regions = var.replica_regions + replica_regions = coalesce(var.replica_regions, var.gcp_secret_replica_locations) api_connectors = local.api_connectors bulk_connectors = local.bulk_connectors non_production_connectors = var.non_production_connectors @@ -108,7 +109,6 @@ module "psoxy" { custom_artifacts_bucket_name = var.custom_artifacts_bucket_name todos_as_local_files = var.todos_as_local_files todo_step = local.max_auth_todo_step - } locals { @@ -119,7 +119,7 @@ locals { module "connection_in_worklytics" { for_each = local.all_instances - source = "git::https://github.com/worklytics/psoxy//infra/modules/worklytics-psoxy-connection-generic?ref=v0.4.26" + source = "git::https://github.com/worklytics/psoxy//infra/modules/worklytics-psoxy-connection-generic?ref=v0.4.29" psoxy_host_platform_id = local.host_platform_id psoxy_instance_id = each.key @@ -163,3 +163,16 @@ output "todos_3" { description = "List of todo steps to complete 3rd, in markdown format." value = var.todos_as_outputs ? join("\n", values(module.connection_in_worklytics)[*].todo) : null } + +moved { + from = module.psoxy.module.secrets["jira-cloud"].google_secret_manager_secret.secret["JIRA_CLOUD_REFRESH_TOKEN"] + to = module.psoxy.module.secrets["jira-cloud"].google_secret_manager_secret.secret["REFRESH_TOKEN"] +} +moved { + from = module.psoxy.module.secrets["jira-cloud"].google_secret_manager_secret_version.version["JIRA_CLOUD_REFRESH_TOKEN"] + to = module.psoxy.module.secrets["jira-cloud"].google_secret_manager_secret_version.version["REFRESH_TOKEN"] +} +moved { + from = module.psoxy.module.api_connector["jira-cloud"].google_secret_manager_secret_iam_member.grant_sa_accessor_on_secret["JIRA_CLOUD_REFRESH_TOKEN"] + to = module.psoxy.module.api_connector["jira-cloud"].google_secret_manager_secret_iam_member.grant_sa_accessor_on_secret["REFRESH_TOKEN"] +} diff --git a/variables.tf b/variables.tf index d5556f0..f4096a2 100644 --- a/variables.tf +++ b/variables.tf @@ -79,7 +79,7 @@ variable "psoxy_base_dir" { variable "deployment_bundle" { type = string - description = "path to deployment bundle to use (if not provided, will build one)" + description = "path to deployment bundle to use (if not provided, will build one). Can be GCS url, eg 'gs://artifacts-bucket/psoxy-0.4.28.zip'." default = null validation { @@ -120,16 +120,27 @@ variable "gcp_region" { variable "replica_regions" { type = list(string) - description = "List of regions in which to replicate secrets." + description = "DEPRECATED; use `gcp_secret_replica_locations`. List of locations to which to replicate secrets. See https://cloud.google.com/secret-manager/docs/locations" + default = null +} + +variable "gcp_secret_replica_locations" { + type = list(string) + description = "List of locations to which to replicate GCP Secret Manager secrets. See https://cloud.google.com/secret-manager/docs/locations" default = [ "us-central1", "us-west1", ] + + validation { + condition = length(var.gcp_secret_replica_locations) > 0 + error_message = "`gcp_secret_replica_locations` must be non-empty list." + } } variable "custom_artifacts_bucket_name" { type = string - description = "name of bucket to use for custom artifacts, if you want something other than default" + description = "name of bucket to use for custom artifacts, if you want something other than default. Ignored if you pass gcs url for `deployment_bundle`." default = null }