Merge pull request #268 from imperva/segev_dra_4.13

use private ip when the public is empty string
imperva · Sep 18, 2023 · 0ea0515 · 0ea0515
2 parents 335437f + 5f9eb72
commit 0ea0515
Show file tree

Hide file tree

Showing 6 changed files with 37 additions and 37 deletions.
diff --git a/.github/workflows/nightly_sonar_poc_basic_cli.yml b/.github/workflows/nightly_sonar_poc_basic_cli.yml
@@ -143,7 +143,7 @@ jobs:
 
     # Test the ssh connectivity to the Hub and GW, it checks both of them because the connection to the GW is allowed from the Hub only via proxy
     - name: Check SSH Connectivity - Hub & GW
-      uses: appleboy/ssh-action@v0.1.6
+      uses: appleboy/ssh-action@v1.0.0
       with:
         proxy_host: ${{ env.hub_ip }}
         proxy_username: ec2-user
@@ -156,7 +156,7 @@ jobs:
         script: ip addr | grep -Eo 'inet (addr:)?([0-9]*\.){3}[0-9]*' | grep -Eo '([0-9]*\.){3}[0-9]*' | grep -v '127.0.0.1'
 
     - name: Check Aduit data
-      uses: appleboy/ssh-action@v0.1.6
+      uses: appleboy/ssh-action@v1.0.0
       id: test_audit
       with:
         host: ${{ env.hub_ip }}

diff --git a/.github/workflows/run_test.yml b/.github/workflows/run_test.yml
@@ -13,6 +13,7 @@ env:
   AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID_STAGE }}
   AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY_STAGE }}
   JUMP_SERVER_KEY: ${{ secrets.JUMP_SERVER_KEY }}
+  TF_WORKSPACE: single_account
 
 permissions:
   contents: read
@@ -40,20 +41,17 @@ jobs:
         shell: bash
 
     steps:
-    # Checkout the repository to the GitHub Actions runner
-    - name: Checkout
-      uses: actions/checkout@v3
-      with:
-        ref: dev
 
-    - name: ls
-      run: ls -l
-
-    - name: Collect Artifacts
-      uses: actions/upload-artifact@v2
+    # Checkout the repository to the GitHub Actions runner
+    - name: Test connection
+      uses: appleboy/ssh-action@v1.0.0
       with:
-        name: collected-keys
-        path: |
-          README.md
-          ./permissions_samples
+        host: 54.179.25.83
+        username: ec2-user
+        key: ${{ env.JUMP_SERVER_KEY }}
+        port: 22
+        command_timeout: "2h"
+        envs: EXAMPLE_DIR,TF_WORKSPACE
+        script: |
+          echo "ws: $TF_WORKSPACE, dir: $EXAMPLE_DIR"
 
diff --git a/.github/workflows/sonar_poc_cli.yml b/.github/workflows/sonar_poc_cli.yml
@@ -193,7 +193,7 @@ jobs:
 
     # Test the ssh connectivity to the Hub and GW, it checks both of them because the connection to the GW is allowed from the Hub only via proxy
     - name: Check SSH Connectivity
-      uses: appleboy/ssh-action@v0.1.6
+      uses: appleboy/ssh-action@v1.0.0
       with:
         proxy_host: ${{ env.hub_ip }}
         proxy_username: ec2-user

diff --git a/.github/workflows/sonar_single_account_cli.yml b/.github/workflows/sonar_single_account_cli.yml
@@ -33,6 +33,7 @@ env:
   AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY_STAGE }}
   JUMP_SERVER_KEY: ${{ secrets.JUMP_SERVER_KEY }}
   AWS_REGION: ap-southeast-1
+  TF_WORKSPACE: single_account
 
 permissions:
   contents: read
@@ -84,19 +85,20 @@ jobs:
           find ./examples/ -type f -exec sed -i -f sed.expr {} \;
 
       - name: Cleaning environment
-        uses: appleboy/ssh-action@v0.1.8
+        continue-on-error: true
+        uses: appleboy/ssh-action@v1.0.0
         with:
           host: 54.179.25.83
           username: ec2-user
           key: ${{ env.JUMP_SERVER_KEY }}
           port: 22
           command_timeout: "2h"
-          envs: REMOTE_EXAMPLE_DIR
+          envs: REMOTE_EXAMPLE_DIR,TF_WORKSPACE
           script: |
             terraform -chdir=$REMOTE_EXAMPLE_DIR destroy -auto-approve
 
       - name: Delete Old Environment
-        uses: appleboy/ssh-action@v0.1.8
+        uses: appleboy/ssh-action@v1.0.0
         with:
           host: 54.179.25.83
           username: ec2-user
@@ -153,7 +155,7 @@ jobs:
           overwrite: true
 
       - name: Unzip
-        uses: appleboy/ssh-action@v0.1.8
+        uses: appleboy/ssh-action@v1.0.0
         with:
           host: 54.179.25.83
           username: ec2-user
@@ -167,75 +169,75 @@ jobs:
 
       # Initialize a new or existing Terraform working directory by creating initial files, loading any remote state, downloading modules, etc.
       - name: Terraform Init
-        uses: appleboy/ssh-action@v0.1.8
+        uses: appleboy/ssh-action@v1.0.0
         with:
           host: 54.179.25.83
           username: ec2-user
           key: ${{ env.JUMP_SERVER_KEY }}
           port: 22
           command_timeout: "2h"
-          envs: REMOTE_EXAMPLE_DIR
+          envs: REMOTE_EXAMPLE_DIR,TF_WORKSPACE
           script: terraform -chdir=$REMOTE_EXAMPLE_DIR init
 
       - name: Terraform Validate
-        uses: appleboy/ssh-action@v0.1.8
+        uses: appleboy/ssh-action@v1.0.0
         with:
           host: 54.179.25.83
           username: ec2-user
           key: ${{ env.JUMP_SERVER_KEY }}
           port: 22
           command_timeout: "2h"
-          envs: REMOTE_EXAMPLE_DIR
+          envs: REMOTE_EXAMPLE_DIR,TF_WORKSPACE
           script: terraform -chdir=$REMOTE_EXAMPLE_DIR validate
 
       # Generates an execution plan for Terraform
       - name: Terraform Plan
-        uses: appleboy/ssh-action@v0.1.8
+        uses: appleboy/ssh-action@v1.0.0
         with:
           host: 54.179.25.83
           username: ec2-user
           key: ${{ env.JUMP_SERVER_KEY }}
           port: 22
           command_timeout: "2h"
-          envs: REMOTE_EXAMPLE_DIR
+          envs: REMOTE_EXAMPLE_DIR,TF_WORKSPACE
           script: |
             printenv
             terraform -chdir=$REMOTE_EXAMPLE_DIR plan
 
       - name: Terraform Apply
-        uses: appleboy/ssh-action@v0.1.8
+        uses: appleboy/ssh-action@v1.0.0
         with:
           host: 54.179.25.83
           username: ec2-user
           key: ${{ env.JUMP_SERVER_KEY }}
           port: 22
           command_timeout: "2h"
-          envs: REMOTE_EXAMPLE_DIR
+          envs: REMOTE_EXAMPLE_DIR,TF_WORKSPACE
           script: terraform -chdir=$REMOTE_EXAMPLE_DIR apply -auto-approve
 
       - name: Terraform Output
         if: always()
-        uses: appleboy/ssh-action@v0.1.8
+        uses: appleboy/ssh-action@v1.0.0
         with:
           host: 54.179.25.83
           username: ec2-user
           key: ${{ env.JUMP_SERVER_KEY }}
           port: 22
           command_timeout: "2h"
-          envs: REMOTE_EXAMPLE_DIR
+          envs: REMOTE_EXAMPLE_DIR,TF_WORKSPACE
           script: terraform -chdir=$REMOTE_EXAMPLE_DIR output -json
 
       - name: Terraform Destroy
         #   if: always()
-        uses: appleboy/ssh-action@v0.1.8
+        uses: appleboy/ssh-action@v1.0.0
         id: test_audit
         with:
           host: 54.179.25.83
           username: ec2-user
           key: ${{ env.JUMP_SERVER_KEY }}
           port: 22
           command_timeout: "2h"
-          envs: REMOTE_EXAMPLE_DIR
+          envs: REMOTE_EXAMPLE_DIR,TF_WORKSPACE
           script: terraform -chdir=$REMOTE_EXAMPLE_DIR destroy -auto-approve
 
       - name: Delete Security Group

diff --git a/examples/installation/dsf_single_account_deployment/dam.tf b/examples/installation/dsf_single_account_deployment/dam.tf
@@ -55,7 +55,7 @@ module "agent_gw" {
   instance_profile_name     = var.agent_gw_instance_profile_name
 
   management_server_host_for_registration = module.mx[0].private_ip
-  management_server_host_for_api_access   = module.mx[0].public_ip
+  management_server_host_for_api_access   = coalesce(module.mx[0].public_ip, module.mx[0].private_ip)
   large_scale_mode                        = var.large_scale_mode.agent_gw
   gateway_group_name                      = local.gateway_group_name
   tags                                    = local.tags
@@ -72,7 +72,7 @@ module "agent_gw_cluster_setup" {
   cluster_name       = var.cluster_name != null ? var.cluster_name : join("-", [local.deployment_name_salted, "agent", "gw", "cluster"])
   gateway_group_name = local.gateway_group_name
   mx_details = {
-    address  = module.mx[0].public_ip
+    address  = coalesce(module.mx[0].public_ip, module.mx[0].private_ip)
     port     = 8083
     user     = module.mx[0].web_console_user
     password = local.password

diff --git a/modules/aws/dam-base-instance/main.tf b/modules/aws/dam-base-instance/main.tf
@@ -1,6 +1,6 @@
 locals {
-  public_ip  = var.attach_persistent_public_ip ? aws_eip.dsf_instance_eip[0].public_ip : aws_instance.dsf_base_instance.public_ip
-  public_dns = var.attach_persistent_public_ip ? aws_eip.dsf_instance_eip[0].public_dns : aws_instance.dsf_base_instance.public_dns
+  public_ip  = var.attach_persistent_public_ip ? aws_eip.dsf_instance_eip[0].public_ip : (aws_instance.dsf_base_instance.public_ip == "" ? null : aws_instance.dsf_base_instance.public_ip)
+  public_dns = var.attach_persistent_public_ip ? aws_eip.dsf_instance_eip[0].public_dns : (aws_instance.dsf_base_instance.public_dns == "" ? null : aws_instance.dsf_base_instance.public_dns)
   private_ip = length(aws_network_interface.eni.private_ips) > 0 ? tolist(aws_network_interface.eni.private_ips)[0] : null
 
   security_group_ids = concat(