update to v0.4.29

check-prereqs

@@ -18,8 +18,7 @@ if ! git --version &> /dev/null ; then
 fi
 
 if ! terraform -v &> /dev/null ; then
-  printf "${RED}Terraform CLI not available.${NC} Psoxy examples / deployment scripts require it. See https://developer.hashicorp.com/terraform/tutorials/aws-get-started/install-cli\n"
-  if $HOMEBREW_AVAILABLE; then printf " or, as you have Homebrew available, run ${BLUE}brew install terraform${NC}\n"; fi
+  printf "${RED}Terraform CLI not available.${NC} Psoxy examples / deployment scripts require it. See ${BLUE}https://developer.hashicorp.com/terraform/downloads${NC} for installation options\n"
   exit 1
 fi
 
@@ -40,8 +39,7 @@ printf "\n"
 JAVA_VERSION=`mvn -v | grep Java`
 
 printf "Your Maven installation uses ${BLUE}${JAVA_VERSION}${NC}.\n"
-printf "\t- if that is a Java version < 11, you must upgrade to 11 or higher. We recommend 17, as it is LTS and we have seen problems with 19.x and 20.x.\n"
-printf "\t- if that is some version of Java 19.x / 20.x, we recommend you *downgrade* to 17. See https://github.com/Worklytics/psoxy/blob/main/docs/troubleshooting.md#build-problems-with-java-19-specifically-openjdk-19\n"
+printf "\t- if that is a Java version < 11, you must upgrade to 11. Java >= 11, <= 20 are supported.\n"
 printf "\t- if you have a Java JDK of the right version installed on your machine *other* than the one referenced there, set your ${BLUE}JAVA_HOME${NC} to its location.\n"
 
 printf "\n"
@@ -51,6 +49,18 @@ if ! npm -v &> /dev/null ; then
   if $HOMEBREW_AVAILABLE; then printf " or, as you have Homebrew available, run ${BLUE}brew install node${NC}\n"; fi
 fi
 
+AWSCLI_REASON="It is used if you're deploying to AWS."
+if ! aws --version &> /dev/null ; then
+  printf "${RED}AWS CLI is not installed.${NC} ${AWSCLI_REASON} See https://docs.aws.amazon.com/cli/latest/userguide/install-cliv2.html\n"
+  if $HOMEBREW_AVAILABLE; then printf " or, as you have Homebrew available, run ${BLUE}brew install awscli${NC}\n"; fi
+else
+  printf "AWS CLI version ${BLUE}`aws --version`${NC} is installed.\n"
+  printf ""
+  printf "\t- make sure ${BLUE}aws sts get-caller-identity${NC} returns the user/role/account you expect. $AWSCLI_REASON\n"
+fi
+
+printf "\n"
+
 GCLOUD_REASON="It is used if you're deploying to GCP or using Google Workspace data sources."
 if ! gcloud --version &> /dev/null ; then
   printf "${RED}Google Cloud SDK is not installed.${NC} ${GCLOUD_REASON} See https://cloud.google.com/sdk/docs/install\n"

google-workspace.tf

@@ -7,8 +7,7 @@ provider "google" {
 
 
 module "worklytics_connectors_google_workspace" {
-  source = "git::https://github.com/worklytics/psoxy//infra/modules/worklytics-connectors-google-workspace?ref=v0.4.26"
-
+  source = "git::https://github.com/worklytics/psoxy//infra/modules/worklytics-connectors-google-workspace?ref=v0.4.29"
 
   providers = {
     google = google.google_workspace

init

@@ -1,16 +1,36 @@
 #!/bin/bash
 
-# Psoxy init script
+# Psoxy init script - lite version
+#
+# Usage:
+#   ./tools/release/init-example.sh <repo-root>
 #
 # this is meant to be run from within a Terraform configuration for Psoxy, modeled on one of our
 # examples
-# see: https://github.com/Worklytics/psoxy/tree/main/infra/examples
+#
+# this is a 'thin' version, expected to be duplicated across multiple examples and then leverage
+# that 'terraform init' will do a clone of the repo, in which a longer init script will be provided
+#
+#
+# Testing:
+#   - within example directory, such as `infra/examples/aws-msft-365`:
+#     ../../../tools/init-example.sh ~/code/psoxy
+#
+#   to repeat:
+#     ../../../tools/reset-example.sh
 
 # colors
 RED='\e[0;31m'
 BLUE='\e[0;34m'
 NC='\e[0m' # No Color
 
+
+EXPLICIT_REPO_CLONE_DIR=$1
+
+if [[ "${EXPLICIT_REPO_CLONE_DIR}" != */ ]]; then
+    EXPLICIT_REPO_CLONE_DIR="${EXPLICIT_REPO_CLONE_DIR}/"
+fi
+
 TF_CONFIG_ROOT=`pwd`
 
 if ! terraform -v &> /dev/null ; then
@@ -23,32 +43,23 @@ printf "Initializing ${BLUE}psoxy${NC} Terraform configuration ...\n"
 terraform init
 
 TF_INIT_EXIT_CODE=$?
-if [ $TF_INIT_EXIT_CODE -ne 0 ]; then
+if [[ $TF_INIT_EXIT_CODE -ne 0 ]]; then
   printf "${RED}Terraform init failed. See above for details. Cannot continue to initialize example configuration.${NC}\n"
   exit 1
 fi
 
-if [ -d ${TF_CONFIG_ROOT}/.terraform/modules/psoxy/ ]; then
-  # use checkout of repo done by Terraform
-  PSOXY_BASE_DIR=${TF_CONFIG_ROOT}/.terraform/modules/psoxy/
-else
-  # use checkout of repo on your local machine
-  cd ../../..
-  PSOXY_BASE_DIR="`pwd`/"
-  cd ${TF_CONFIG_ROOT}
-fi
-
-if [ ! -f terraform.tfvars ]; then
-  printf "Initializing ${BLUE}terraform.tfvars${NC} file for your configuration ...\n"
-
-  TFVARS_FILE="${TF_CONFIG_ROOT}/terraform.tfvars"
-
-  cp ${TF_CONFIG_ROOT}/terraform.tfvars.example.hcl $TFVARS_FILE
-
-  ${PSOXY_BASE_DIR}tools/init-tfvars.sh $TFVARS_FILE $PSOXY_BASE_DIR
+if [[ -z $EXPLICIT_REPO_CLONE_DIR ]]; then
+  if [[ -d ".terraform/modules/psoxy/" ]]; then
+    REPO_CLONE_BASE_DIR=".terraform/modules/psoxy/"
+  else
+    # use checkout of repo on your local machine
+    cd ../../..
+    REPO_CLONE_BASE_DIR="$(pwd)/"
+    cd "${TF_CONFIG_ROOT}" # q: could be just `cd -`, right?
+  fi
 else
-  printf "${RED}Nothing to initialize. File terraform.tfvars already exists.${NC}\n\n"
+  REPO_CLONE_BASE_DIR="$EXPLICIT_REPO_CLONE_DIR"
 fi
 
-# Install test tool
-${PSOXY_BASE_DIR}tools/install-test-tool.sh ${PSOXY_BASE_DIR}tools
+# pass control to the full init script.
+${REPO_CLONE_BASE_DIR}/tools/init-example-full.sh $REPO_CLONE_BASE_DIR

main.tf

@@ -39,7 +39,7 @@ locals {
 # be provisioned via Terraform, so doesn't add any dependencies
 # call this 'generic_source_connectors'?
 module "worklytics_connectors" {
-  source = "git::https://github.com/worklytics/psoxy//infra/modules/worklytics-connectors?ref=v0.4.26"
+  source = "git::https://github.com/worklytics/psoxy//infra/modules/worklytics-connectors?ref=v0.4.29"
 
 
   enabled_connectors    = var.enabled_connectors
@@ -52,7 +52,6 @@ module "worklytics_connectors" {
 # sources which require additional dependencies are split into distinct Terraform files, following
 # the naming convention of `{source-identifier}.tf`, eg `msft-365.tf`
 # lines below merge results of those files back into single maps of sources
-
 locals {
   api_connectors = merge(
     module.worklytics_connectors.enabled_api_connectors,
@@ -74,15 +73,17 @@ locals {
     # module.worklytics_connectors_msft_365.next_todo_step,
     0
   )
+}
 
+locals {
   bulk_connectors = merge(
     module.worklytics_connectors.enabled_bulk_connectors,
     var.custom_bulk_connectors,
   )
 }
 
 module "psoxy" {
-  source = "git::https://github.com/worklytics/psoxy//infra/modules/gcp-host?ref=v0.4.26"
+  source = "git::https://github.com/worklytics/psoxy//infra/modules/gcp-host?ref=v0.4.29"
 
   gcp_project_id                 = var.gcp_project_id
   environment_name               = var.environment_name
@@ -94,7 +95,7 @@ module "psoxy" {
   force_bundle                   = var.force_bundle
   install_test_tool              = var.install_test_tool
   gcp_region                     = var.gcp_region
-  replica_regions                = var.replica_regions
+  replica_regions                = coalesce(var.replica_regions, var.gcp_secret_replica_locations)
   api_connectors                 = local.api_connectors
   bulk_connectors                = local.bulk_connectors
   non_production_connectors      = var.non_production_connectors
@@ -108,7 +109,6 @@ module "psoxy" {
   custom_artifacts_bucket_name   = var.custom_artifacts_bucket_name
   todos_as_local_files           = var.todos_as_local_files
   todo_step                      = local.max_auth_todo_step
-
 }
 
 locals {
@@ -119,7 +119,7 @@ locals {
 module "connection_in_worklytics" {
   for_each = local.all_instances
 
-  source = "git::https://github.com/worklytics/psoxy//infra/modules/worklytics-psoxy-connection-generic?ref=v0.4.26"
+  source = "git::https://github.com/worklytics/psoxy//infra/modules/worklytics-psoxy-connection-generic?ref=v0.4.29"
 
   psoxy_host_platform_id = local.host_platform_id
   psoxy_instance_id      = each.key
@@ -163,3 +163,16 @@ output "todos_3" {
   description = "List of todo steps to complete 3rd, in markdown format."
   value       = var.todos_as_outputs ? join("\n", values(module.connection_in_worklytics)[*].todo) : null
 }
+
+moved {
+  from = module.psoxy.module.secrets["jira-cloud"].google_secret_manager_secret.secret["JIRA_CLOUD_REFRESH_TOKEN"]
+  to   = module.psoxy.module.secrets["jira-cloud"].google_secret_manager_secret.secret["REFRESH_TOKEN"]
+}
+moved {
+  from = module.psoxy.module.secrets["jira-cloud"].google_secret_manager_secret_version.version["JIRA_CLOUD_REFRESH_TOKEN"]
+  to   = module.psoxy.module.secrets["jira-cloud"].google_secret_manager_secret_version.version["REFRESH_TOKEN"]
+}
+moved {
+  from = module.psoxy.module.api_connector["jira-cloud"].google_secret_manager_secret_iam_member.grant_sa_accessor_on_secret["JIRA_CLOUD_REFRESH_TOKEN"]
+  to   = module.psoxy.module.api_connector["jira-cloud"].google_secret_manager_secret_iam_member.grant_sa_accessor_on_secret["REFRESH_TOKEN"]
+}

variables.tf

@@ -79,7 +79,7 @@ variable "psoxy_base_dir" {
 
 variable "deployment_bundle" {
   type        = string
-  description = "path to deployment bundle to use (if not provided, will build one)"
+  description = "path to deployment bundle to use (if not provided, will build one). Can be GCS url, eg 'gs://artifacts-bucket/psoxy-0.4.28.zip'."
   default     = null
 
   validation {
@@ -120,16 +120,27 @@ variable "gcp_region" {
 
 variable "replica_regions" {
   type        = list(string)
-  description = "List of regions in which to replicate secrets."
+  description = "DEPRECATED; use `gcp_secret_replica_locations`. List of locations to which to replicate secrets. See https://cloud.google.com/secret-manager/docs/locations"
+  default     = null
+}
+
+variable "gcp_secret_replica_locations" {
+  type        = list(string)
+  description = "List of locations to which to replicate GCP Secret Manager secrets. See https://cloud.google.com/secret-manager/docs/locations"
   default = [
     "us-central1",
     "us-west1",
   ]
+
+  validation {
+    condition     = length(var.gcp_secret_replica_locations) > 0
+    error_message = "`gcp_secret_replica_locations` must be non-empty list."
+  }
 }
 
 variable "custom_artifacts_bucket_name" {
   type        = string
-  description = "name of bucket to use for custom artifacts, if you want something other than default"
+  description = "name of bucket to use for custom artifacts, if you want something other than default. Ignored if you pass gcs url for `deployment_bundle`."
   default     = null
 }