-
Notifications
You must be signed in to change notification settings - Fork 0
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
currently supports the Azure cloud enrichment service.
- Loading branch information
John Dewey
committed
Jun 4, 2024
1 parent
0a95f0a
commit db9fb1d
Showing
15 changed files
with
352 additions
and
0 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,24 @@ | ||
--- | ||
name: Bug Report | ||
about: Report a Bug | ||
|
||
--- | ||
|
||
**Describe the bug** | ||
What issue did you experience? More detail the better! | ||
|
||
**Reproducing the Bug** | ||
Steps to reproduce the behavior: | ||
1. Using terraform version x.y.z | ||
2. With module version a.b.c | ||
3. Provider versions... 1,2,3 | ||
4. Error looks like: <insert screenshot / copy terraform error> | ||
|
||
**Expected Behavior** | ||
Describe the expected behavior. | ||
|
||
**Screenshots** | ||
If applicable, add screenshots, obfuscated tf state files, etc... to help explain your issue. | ||
|
||
**Any Additional Context** | ||
Add any other context about the bug that will help us troubleshoot the issue. |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,18 @@ | ||
--- | ||
name: Feature Request | ||
about: Suggest an feature for this project | ||
|
||
--- | ||
|
||
**Is your feature request related to an ongoing bug?** | ||
Please provide a clear description of the challenge you're facing. | ||
|
||
**Propose a solution** | ||
Outline a solution you may have to the challenge and any tests / evidence that may help us better | ||
decide to take it on! | ||
|
||
**What alternatives have you tried or considered?** | ||
Outline any alternatives to the solution you're proposing in a clear and concise way. | ||
|
||
**Any additional context** | ||
Add any other context or screenshots about the feature request here. |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,19 @@ | ||
# Description | ||
|
||
Include an overview of the change and which issue it addresses. Please also include relevant | ||
motivation and context. List any dependencies that are required for this change. | ||
|
||
Associated it with an existing issue, i.e. - "Fixes issue #12345" | ||
|
||
## Type of change | ||
|
||
Please delete options that are not relevant. | ||
|
||
- [ ] Bug Fix | ||
- [ ] New Feature | ||
- [ ] This change requires a documentation update | ||
|
||
# How Has This Been Tested? | ||
|
||
Describe the tests that you ran to verify your changes. Provide instructions so they can be | ||
reproduced. Please also list any relevant details for your test configuration |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,25 @@ | ||
--- | ||
name: Terraform Validation | ||
|
||
on: | ||
pull_request: | ||
branches: | ||
- main | ||
|
||
jobs: | ||
terraform: | ||
name: Lint | ||
runs-on: ubuntu-latest | ||
steps: | ||
- uses: actions/checkout@v4 | ||
- name: Install Task | ||
uses: arduino/setup-task@v2 | ||
with: | ||
version: 3.x | ||
repo-token: ${{ secrets.GITHUB_TOKEN }} | ||
- name: Install Terraform | ||
uses: hashicorp/setup-terraform@v3 | ||
with: | ||
terraform_version: "1.8.2" | ||
- name: Terraform fmt | ||
run: task fmt:check |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,6 @@ | ||
.idea** | ||
**/.terraform/** | ||
*.tfstate.* | ||
*.tfstate | ||
**.terraform* | ||
**tfplan** |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,21 @@ | ||
The MIT License (MIT) | ||
|
||
Copyright (c) 2024 Corelight, Inc. | ||
|
||
Permission is hereby granted, free of charge, to any person obtaining a copy | ||
of this software and associated documentation files (the "Software"), to deal | ||
in the Software without restriction, including without limitation the rights | ||
to use, copy, modify, merge, publish, distribute, sublicense, and/or sell | ||
copies of the Software, and to permit persons to whom the Software is | ||
furnished to do so, subject to the following conditions: | ||
|
||
The above copyright notice and this permission notice shall be included in | ||
all copies or substantial portions of the Software. | ||
|
||
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR | ||
IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, | ||
FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE | ||
AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER | ||
LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, | ||
OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN | ||
THE SOFTWARE. |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1,2 +1,50 @@ | ||
# terraform-config-sensor | ||
|
||
Terraform for Corelight's Sensor Configuration. | ||
|
||
## Usage | ||
|
||
```hcl | ||
resource "sensor_config" { | ||
source = "github.com/corelight/terraform-config-sensor" | ||
sensor_community_string = "<your Corelight Fleet community string>" | ||
sensor_license = "<your Corelight sensor license key>" | ||
sensor_management_interface_name = "<the instance's management interface name>" | ||
sensor_monitoring_interface_name = "<the instance's monitoring interface name>" | ||
sensor_health_check_probe_source_ranges_cidr = "<the cloud provider's health check source CIDR>" | ||
subnetwork_monitoring_cidr = "<the instance's monitoring subnetwork CIDR>" | ||
subnetwork_monitoring_gateway = "<the instance's monitoring subnetwork gateway IP>" | ||
} | ||
module "sensor_config" { | ||
source = "../../" | ||
sensor_community_string = "<your Corelight Fleet community string>" | ||
sensor_license = "<your Corelight sensor license key>" | ||
sensor_management_interface_name = "<the instance's management interface name>" | ||
sensor_monitoring_interface_name = "<the instance's monitoring interface name>" | ||
sensor_health_check_probe_source_ranges_cidr = "<the cloud provider's health check source CIDR> | ||
subnetwork_monitoring_cidr = "<the instance's monitoring subnetwork CIDR>" | ||
subnetwork_monitoring_gateway = "<the instance's monitoring subnetwork gateway IP>" | ||
# Optional -- Azure Enrichment Service | ||
enrichment_cloud_provider_name = "<the cloud provider name>" | ||
enrichment_storage_account_name = "<name of the enrichment storage account>" | ||
enrichment_storage_container_name = "<name of the enrichment container in the storage account>" | ||
} | ||
``` | ||
|
||
## Deployment | ||
|
||
The variables for this module all have default values that can be overwritten to meet your naming and compliance standards. | ||
|
||
Deployment examples can be found [here](examples). | ||
|
||
## License | ||
|
||
The project is licensed under the MIT license. | ||
|
||
[MIT]: LICENSE |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,13 @@ | ||
--- | ||
version: "3" | ||
|
||
tasks: | ||
fmt: | ||
desc: Reformat your configuration in the standard style | ||
cmds: | ||
- terraform fmt -recursive . | ||
|
||
fmt:check: | ||
desc: Check if the input is formatted | ||
cmds: | ||
- terraform fmt -recursive -check -diff . |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,40 @@ | ||
#cloud-config | ||
|
||
write_files: | ||
- content: | | ||
sensor: | ||
api: | ||
password: ${community_string} | ||
license_key: ${license} | ||
management_interface: | ||
name: ${mgmt_int} | ||
wait: true | ||
monitoring_interface: | ||
name: ${mon_int} | ||
wait: true | ||
%{ if mon_subnet != "" && mon_gateway != "" ~} | ||
health_check: | ||
port: ${health_port} | ||
subnet: ${mon_subnet} | ||
gateway: ${mon_gateway} | ||
%{ endif ~} | ||
kubernetes: | ||
allow_ports: | ||
%{ for probe in probe_ranges ~} | ||
- protocol: tcp | ||
port: ${health_port} | ||
net: ${probe} | ||
%{ endfor ~} | ||
|
||
owner: root:root | ||
path: /etc/corelight/corelightctl.yaml | ||
permissions: '0644' | ||
|
||
runcmd: | ||
- corelightctl sensor bootstrap -v | ||
- corelightctl sensor deploy -v | ||
|
||
%{ if cloud_provider == "azure" ~} | ||
- | | ||
echo '{"cloud_enrichment.enable": "true", "cloud_enrichment.cloud_provider": "azure","cloud_enrichment.bucket_name": "${container_name}", "cloud_enrichment.azure_storage_account": "${storage_account_name}"}' | corelightctl sensor cfg put | ||
%{ endif ~} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,26 @@ | ||
data "cloudinit_config" "config" { | ||
gzip = false | ||
base64_encode = false | ||
|
||
part { | ||
content_type = "text/cloud-config" | ||
content = templatefile("${path.module}/cloud-config/init.tpl", { | ||
community_string = var.sensor_community_string | ||
license = var.sensor_license | ||
mgmt_int = var.sensor_management_interface_name | ||
mon_int = var.sensor_monitoring_interface_name | ||
health_port = var.sensor_health_check_http_port | ||
probe_ranges = var.sensor_health_check_probe_source_ranges_cidr | ||
mon_subnet = var.subnetwork_monitoring_cidr | ||
mon_gateway = var.subnetwork_monitoring_gateway | ||
|
||
# enrichment service | ||
cloud_provider = var.enrichment_cloud_provider_name | ||
|
||
# enrichment service -- azure | ||
storage_account_name = var.enrichment_storage_account_name | ||
container_name = var.enrichment_storage_container_name | ||
}) | ||
filename = "sensor-build.yaml" | ||
} | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,31 @@ | ||
locals { | ||
community_string = "abc123" | ||
license = file("~/corelight-license.txt") | ||
mgmt_interface = "eth0" | ||
mon_interface = "eth1" | ||
probe_source_ranges_cidr = ["130.211.0.0/22", "35.191.0.0/16"] | ||
mon_cidr = "10.3.0.0/24" | ||
mon_gateway = "10.3.0.1" | ||
|
||
enrichment_cloud_provider = "azure" | ||
enrichment_storage_account_name = "account-foo" | ||
enrichment_storage_container_name = "bucket-bar" | ||
} | ||
|
||
module "sensor_config" { | ||
source = "../../" | ||
|
||
sensor_community_string = local.community_string | ||
sensor_license = local.license | ||
sensor_management_interface_name = local.mgmt_interface | ||
sensor_monitoring_interface_name = local.mon_interface | ||
sensor_health_check_probe_source_ranges_cidr = local.probe_source_ranges_cidr | ||
subnetwork_monitoring_cidr = local.mon_cidr | ||
subnetwork_monitoring_gateway = local.mon_gateway | ||
|
||
|
||
# Optional -- Azure Enrichment Service | ||
enrichment_cloud_provider_name = local.enrichment_cloud_provider | ||
enrichment_storage_account_name = local.enrichment_storage_account_name | ||
enrichment_storage_container_name = local.enrichment_storage_container_name | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,3 @@ | ||
output "rendered" { | ||
value = module.sensor_config.cloudinit_config.rendered | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,3 @@ | ||
terraform { | ||
required_version = ">=1.3.2" | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,3 @@ | ||
output "cloudinit_config" { | ||
value = data.cloudinit_config.config | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,72 @@ | ||
variable "sensor_community_string" { | ||
type = string | ||
sensitive = true | ||
description = "the Fleet Manager community string (api string)" | ||
} | ||
|
||
variable "sensor_license" { | ||
type = string | ||
sensitive = true | ||
description = "path to the Corelight sensor license file" | ||
} | ||
|
||
variable "sensor_management_interface_name" { | ||
type = string | ||
description = "the sensor(s) management interface name" | ||
} | ||
|
||
variable "sensor_monitoring_interface_name" { | ||
type = string | ||
description = "the sensor(s) monitoring interface name" | ||
} | ||
|
||
variable "sensor_health_check_http_port" { | ||
type = string | ||
default = "41080" | ||
description = "the port number for the HTTP health check request" | ||
} | ||
|
||
variable "sensor_health_check_probe_source_ranges_cidr" { | ||
type = list(string) | ||
default = [""] | ||
description = "(optional) the health check probe ranges" | ||
} | ||
|
||
variable "subnetwork_monitoring_cidr" { | ||
type = string | ||
default = "" | ||
description = "(optional) the monitoring subnet for the sensor(s), leaving this empty will result in no sensor.monitoring_interface.health_check section being rendered into user data." | ||
} | ||
|
||
variable "subnetwork_monitoring_gateway" { | ||
type = string | ||
default = "" | ||
description = "(optional) the monitoring subnet's gateway address, leaving this empty will result in no sensor.monitoring_interface.health_check section being rendered into user data." | ||
} | ||
|
||
# Enrichment Service | ||
|
||
variable "enrichment_cloud_provider_name" { | ||
description = "(optional) the cloud provider name" | ||
type = string | ||
default = "" | ||
|
||
validation { | ||
condition = contains(["", "aws", "azure", "gcp"], var.enrichment_cloud_provider_name) | ||
error_message = "allowed options: \"aws\", \"azure\", \"gcp\"." | ||
} | ||
} | ||
|
||
# Enrichment Service -- Azure | ||
|
||
variable "enrichment_storage_account_name" { | ||
description = "(optional) the azure storage account where enrichment data is stored" | ||
type = string | ||
default = "" | ||
} | ||
|
||
variable "enrichment_storage_container_name" { | ||
description = "(optional) the container where enrichment data is stored" | ||
type = string | ||
default = "" | ||
} |