Merge branch 'main' into matt/SR-1728-azure-cosmos-sql

README.md

@@ -113,20 +113,58 @@ The following example will go through the steps for onboarding Amazon RDS for Po
 Using the ``dsfhub`` provider will require an authorization token that has been given access to the Unified Settings Console. To generate one, follow the instructions described in [Generating an Authorization Token for DSF Open APIs](https://docs.imperva.com/bundle/v4.16-sonar-user-guide/page/84555.htm).
 
 ### Configure the Providers
+#### Authentication (Mandatory)
 Both the ``aws`` and ``dsfhub`` providers offer different methods for configuration. In this example, we will define authentication keys using environment variables.
 
-To configure the [dsfhub](https://registry.terraform.io/providers/imperva/dsfhub/latest) provider, export the hostname of your DSF hub as well as the authorization token created above
+To configure the [dsfhub](https://registry.terraform.io/providers/imperva/dsfhub/latest) provider, export the hostname of your DSF hub as well as the authorization token created above:
 ```bash
-$ export TF_VAR_dsfhub_host='https://1.2.3.4:8443'
-$ export TF_VAR_dsfhub_token='a1b2c3d4-e5f6-g8h9-wxyz-123456790'
+$ export DSFHUB_HOST="https://1.2.3.4:8443"
+$ export DSFHUB_TOKEN="a1b2c3d4-e5f6-g8h9-wxyz-123456790"
 ```
 
-The [aws](https://registry.terraform.io/providers/hashicorp/aws/latest) provider can also be configured using environment variables. To do so, export your key pair that has permissions to create resources
+The [aws](https://registry.terraform.io/providers/hashicorp/aws/latest) provider can also be configured using environment variables. To do so, export your key pair that has permissions to create resources:
 ```bash
 $ export AWS_ACCESS_KEY_ID="anaccesskey"
 $ export AWS_SECRET_ACCESS_KEY="asecretkey"
 ``` 
 
+#### Sync Type (Optional)
+The `dsfhub` provider may be configured with `sync_type` to determine whether to run the "Sync assets and connections between WAREHOUSE and AGENTLESS GATEWAYS" playbook immediately following the import of assets and connections. It may be set with the `SYNC_TYPE` environment variable or within the script as the `sync_type` parameter. 
+
+```bash
+$ export SYNC_TYPE="SYNC_GW_NON_BLOCKING"
+```
+
+You can choose between the following options. The default value is `"SYNC_GW_BLOCKING"`.
+
+<table>
+  <tr>
+   <th>Sync Type Value</th>
+   <th>Description</th>
+  </tr>
+  <tr>
+    <td>SYNC_GW_BLOCKING (default)</td>
+    <td>The playbook is run synchronously and blocks the creation or update of assets and connections until all gateways have been synced.</td>
+  </tr>
+    <tr>
+    <td>SYNC_GW_NON_BLOCKING</td>
+    <td>The playbook is run asynchronously and does not affect the creation or update of assets and connections.</td>
+  </tr>
+    <tr>
+    <td>DO_NOT_SYNC_GW</td>
+    <td>The playbook is not run in connection with the creation or update of assets and connections.</td>
+  </tr>
+</table>
+
+For more details, see the [DSFHub provider documentation](https://registry.terraform.io/providers/imperva/dsfhub/latest/docs#dsfhub-provider-argument-reference).
+
+#### Insecure SSL (Optional)
+The `dsfhub` provider may be configured with `insecure_ssl` to allow for insecure SSL API calls to a DSF Hub instance to support tests against instances with self-signed certificates. It may be set with the `INSECURE_SSL` environment variable or within the script as the `insecure_ssl` parameter. The default value is `true`.
+
+```bash
+$ export INSECURE_SSL=false
+```
+
 ### Complete Module Prerequisites
 The Amazon RDS for PostgreSQL module has two prerequisites:
 1. An AWS cloud account asset with permissions to read from CloudWatch log groups
@@ -183,10 +221,13 @@ provider "aws" {
 
 variable "dsfhub_host" {}  # TF_VAR_dsfhub_host env variable
 variable "dsfhub_token" {} # TF_VAR_dsfhub_token env variable
+variable "sync_type" {}    # SYNC_TYPE env variable (optional)
 
 provider "dsfhub" {
   dsfhub_host  = var.dsfhub_host
   dsfhub_token = var.dsfhub_token
+  sync_type    = var.sync_type     # optional
+  insecure_ssl = false             # optional
 }
 
 ################################################################################

modules/azurerm-eventhub-namespace-authorization-rule/README.md

@@ -23,12 +23,12 @@ No modules.
 
 | Name | Description | Type | Default | Required |
 |------|-------------|------|---------|:--------:|
-| <a name="input_listen"></a> [listen](#input\_listen) | Grants listen access to this this Authorization Rule. Defaults to false. | `bool` | `false` | no |
-| <a name="input_manage"></a> [manage](#input\_manage) | Grants manage access to this this Authorization Rule. When this property is true - both listen and send must be too. Defaults to false. | `bool` | `false` | no |
+| <a name="input_listen"></a> [listen](#input\_listen) | Grants listen access to this Authorization Rule. Defaults to false. | `bool` | `false` | no |
+| <a name="input_manage"></a> [manage](#input\_manage) | Grants manage access to this Authorization Rule. When this property is true - both listen and send must be too. Defaults to false. | `bool` | `false` | no |
 | <a name="input_name"></a> [name](#input\_name) | Specifies the name of the Authorization Rule. Changing this forces a new resource to be created. | `string` | n/a | yes |
 | <a name="input_namespace_name"></a> [namespace\_name](#input\_namespace\_name) | Specifies the name of the Event Hub Namespace. Changing this forces a new resource to be created. | `string` | n/a | yes |
 | <a name="input_resource_group_name"></a> [resource\_group\_name](#input\_resource\_group\_name) | The name of the resource group in which the Event Hub Namespace exists. Changing this forces a new resource to be created. | `string` | n/a | yes |
-| <a name="input_send"></a> [send](#input\_send) | Grants send access to this this Authorization Rule. Defaults to false. | `bool` | `false` | no |
+| <a name="input_send"></a> [send](#input\_send) | Grants send access to this Authorization Rule. Defaults to false. | `bool` | `false` | no |
 
 ## Outputs
 

modules/azurerm-eventhub-namespace-authorization-rule/main.tf

@@ -1,13 +1,6 @@
 resource "azurerm_eventhub_namespace_authorization_rule" "this" {
   lifecycle {
-    # precondition {
-    #   condition = (
-    #     var.listen != null ||
-    #     var.manage != null ||
-    #     var.send != null
-    #   )
-    #   error_message = "Atleast one of listen, send, manage needs to be set."
-    # }
+    # todo: add precondition ensuring atleast one of manage, send, listen is defined
 
     precondition {
       condition     = var.manage == true ? (var.listen == true && var.send == true) : true

modules/azurerm-eventhub-namespace-authorization-rule/variables.tf

@@ -1,11 +1,11 @@
 variable "listen" {
-  description = "Grants listen access to this this Authorization Rule. Defaults to false."
+  description = "Grants listen access to this Authorization Rule. Defaults to false."
   type        = bool
   default     = false
 }
 
 variable "manage" {
-  description = "Grants manage access to this this Authorization Rule. When this property is true - both listen and send must be too. Defaults to false."
+  description = "Grants manage access to this Authorization Rule. When this property is true - both listen and send must be too. Defaults to false."
   type        = bool
   default     = false
 }
@@ -26,7 +26,7 @@ variable "resource_group_name" {
 }
 
 variable "send" {
-  description = "Grants send access to this this Authorization Rule. Defaults to false."
+  description = "Grants send access to this Authorization Rule. Defaults to false."
   type        = bool
   default     = false
 }

modules/azurerm-eventhub/README.md

@@ -23,10 +23,10 @@ No modules.
 
 | Name | Description | Type | Default | Required |
 |------|-------------|------|---------|:--------:|
-| <a name="input_message_retention"></a> [message\_retention](#input\_message\_retention) | Specifies the number of days to retain the events for this Event Hub. | `number` | `1` | no |
+| <a name="input_message_retention"></a> [message\_retention](#input\_message\_retention) | Specifies the number of days to retain the events for this Event Hub. Defaults to 1. | `number` | `1` | no |
 | <a name="input_name"></a> [name](#input\_name) | Specifies the name of the Event Hub resource. Changing this forces a new resource to be created. | `string` | n/a | yes |
 | <a name="input_namespace_name"></a> [namespace\_name](#input\_namespace\_name) | Specifies the name of the Event Hub Namespace. Changing this forces a new resource to be created. | `string` | n/a | yes |
-| <a name="input_partition_count"></a> [partition\_count](#input\_partition\_count) | Specifies the current number of shards on the Event Hub. Note: partition\_count cannot be changed unless Eventhub Namespace SKU is Premium and cannot be decreased. | `number` | `1` | no |
+| <a name="input_partition_count"></a> [partition\_count](#input\_partition\_count) | Specifies the current number of shards on the Event Hub. Note: partition\_count cannot be changed unless Eventhub Namespace SKU is Premium and cannot be decreased. Defaults to 1. | `number` | `1` | no |
 | <a name="input_resource_group_name"></a> [resource\_group\_name](#input\_resource\_group\_name) | The name of the resource group in which the Event Hub's parent Namespace exists. Changing this forces a new resource to be created. | `string` | n/a | yes |
 | <a name="input_status"></a> [status](#input\_status) | Specifies the status of the Event Hub resource. Possible values are Active, Disabled and SendDisabled. Defaults to Active. | `string` | `"Active"` | no |
 

modules/azurerm-eventhub/variables.tf

@@ -1,5 +1,5 @@
 variable "message_retention" {
-  description = "Specifies the number of days to retain the events for this Event Hub."
+  description = "Specifies the number of days to retain the events for this Event Hub. Defaults to 1."
   type        = number
   default     = 1
 }
@@ -15,7 +15,7 @@ variable "namespace_name" {
 }
 
 variable "partition_count" {
-  description = "Specifies the current number of shards on the Event Hub. Note: partition_count cannot be changed unless Eventhub Namespace SKU is Premium and cannot be decreased."
+  description = "Specifies the current number of shards on the Event Hub. Note: partition_count cannot be changed unless Eventhub Namespace SKU is Premium and cannot be decreased. Defaults to 1."
   type        = number
   default     = 1
 }

modules/azurerm-storage-account/README.md

@@ -23,8 +23,8 @@ No modules.
 
 | Name | Description | Type | Default | Required |
 |------|-------------|------|---------|:--------:|
-| <a name="input_account_replication_type"></a> [account\_replication\_type](#input\_account\_replication\_type) | Defines the type of replication to use for this storage account. Valid options are LRS, GRS, RAGRS, ZRS, GZRS and RAGZRS. Changing this forces a new resource to be created when types LRS, GRS and RAGRS are changed to ZRS, GZRS or RAGZRS and vice versa. | `string` | `"GRS"` | no |
-| <a name="input_account_tier"></a> [account\_tier](#input\_account\_tier) | Defines the Tier to use for this storage account. Valid options are Standard and Premium. | `string` | `"Standard"` | no |
+| <a name="input_account_replication_type"></a> [account\_replication\_type](#input\_account\_replication\_type) | Defines the type of replication to use for this storage account. Valid options are LRS, GRS, RAGRS, ZRS, GZRS and RAGZRS. Changing this forces a new resource to be created when types LRS, GRS and RAGRS are changed to ZRS, GZRS or RAGZRS and vice versa. Defaults to GRS. | `string` | `"GRS"` | no |
+| <a name="input_account_tier"></a> [account\_tier](#input\_account\_tier) | Defines the Tier to use for this storage account. Valid options are Standard and Premium. Defaults to Standard. | `string` | `"Standard"` | no |
 | <a name="input_location"></a> [location](#input\_location) | Specifies the supported Azure location where the resource exists. Changing this forces a new resource to be created. | `string` | n/a | yes |
 | <a name="input_name"></a> [name](#input\_name) | Specifies the name of the storage account. Only lowercase Alphanumeric characters allowed. Changing this forces a new resource to be created. This must be unique across the entire Azure service, not just within the resource group. | `string` | n/a | yes |
 | <a name="input_resource_group_name"></a> [resource\_group\_name](#input\_resource\_group\_name) | The name of the resource group in which to create the storage account. Changing this forces a new resource to be created. | `string` | n/a | yes |

modules/azurerm-storage-account/variables.tf

@@ -1,5 +1,5 @@
 variable "account_replication_type" {
-  description = "Defines the type of replication to use for this storage account. Valid options are LRS, GRS, RAGRS, ZRS, GZRS and RAGZRS. Changing this forces a new resource to be created when types LRS, GRS and RAGRS are changed to ZRS, GZRS or RAGZRS and vice versa."
+  description = "Defines the type of replication to use for this storage account. Valid options are LRS, GRS, RAGRS, ZRS, GZRS and RAGZRS. Changing this forces a new resource to be created when types LRS, GRS and RAGRS are changed to ZRS, GZRS or RAGZRS and vice versa. Defaults to GRS."
   type        = string
   default     = "GRS"
   validation {
@@ -9,7 +9,7 @@ variable "account_replication_type" {
 }
 
 variable "account_tier" {
-  description = "Defines the Tier to use for this storage account. Valid options are Standard and Premium."
+  description = "Defines the Tier to use for this storage account. Valid options are Standard and Premium. Defaults to Standard."
   type        = string
   default     = "Standard"
   validation {

modules/dsfhub-azure-eventhub/README.md

@@ -40,7 +40,7 @@ No modules.
 | <a name="input_parent_asset_id"></a> [parent\_asset\_id](#input\_parent\_asset\_id) | The asset\_id of the azure asset that is sending its audit logs to this AZURE EVENTHUB asset. | `string` | `null` | no |
 | <a name="input_reason"></a> [reason](#input\_reason) | Used to differentiate connections that belong to the same asset | `string` | `"default"` | no |
 | <a name="input_region"></a> [region](#input\_region) | Azure region containing the Event Hub. | `string` | `null` | no |
-| <a name="input_server_host_name"></a> [server\_host\_name](#input\_server\_host\_name) | Event Hub Namepace's service bus endpoint, e.g. mynamespace.servicebus.windows.net | `string` | n/a | yes |
+| <a name="input_server_host_name"></a> [server\_host\_name](#input\_server\_host\_name) | Event Hub Namespace's service bus endpoint, e.g. mynamespace.servicebus.windows.net | `string` | n/a | yes |
 
 ## Outputs
 

modules/dsfhub-azure-eventhub/variables.tf

@@ -120,6 +120,6 @@ variable "region" {
 }
 
 variable "server_host_name" {
-  description = "Event Hub Namepace's service bus endpoint, e.g. mynamespace.servicebus.windows.net"
+  description = "Event Hub Namespace's service bus endpoint, e.g. mynamespace.servicebus.windows.net"
   type        = string
 }

modules/onboard-azure-eventhub/README.md

@@ -1,5 +1,5 @@
 # onboard-azure-eventhub
-Creates and onboards an Azure Event Hub to DSF Hub, alongside creating the Storage Account used by DSF to store a marker when pulling data from the Event Hub.
+Creates and onboards an Azure Event Hub to DSF Hub using the default authentication mechanism (relying on access and secret keys), alongside creating the Storage Account used by DSF to store a marker when pulling data from the Event Hub.
 
 
 <!-- BEGIN_TF_DOCS -->