Merge pull request #240 from imperva/master

pr

.github/workflows/dsf_single_account_cli.yml

@@ -16,6 +16,10 @@ on:
         required: true
         type: string
     secrets:
+      AWS_ACCESS_KEY_ID:
+        required: true
+      AWS_SECRET_ACCESS_KEY:
+        required: true
       AWS_ACCESS_KEY_ID_STAGE:
         required: true
       AWS_SECRET_ACCESS_KEY_STAGE:
@@ -24,10 +28,8 @@ on:
         required: true
       JUMP_SERVER_KEY:
         required: true
-
-  push:
-    branches:
-      - 'sprint_10_segev'
+      DAM_LICENSE:
+        required: true
 
 env:
   TF_CLI_ARGS: "-no-color"
@@ -70,9 +72,9 @@ jobs:
       with:
         ref: ${{ env.REF }}
 
-#    - name: Change the modules source to local
-#      run: |
-#        find ./examples/ -type f -exec sed -i -f sed.expr {} \;
+    - name: Change the modules source to local
+      run: |
+        find ./examples/ -type f -exec sed -i -f sed.expr {} \;
 
     - name: Sets env vars for environment
       run: |
@@ -124,6 +126,17 @@ jobs:
       run: |
         aws_sg=$(aws ec2 authorize-security-group-ingress --group-id ${{ vars.JUMP_SERVER_SG_ID }} --protocol tcp --port 22 --cidr $curr_ip/32)
         echo sg_id=$(echo $aws_sg | jq '.SecurityGroupRules[0].SecurityGroupRuleId') >> $GITHUB_ENV
+        aws_sg_for_singapore=$(aws ec2 authorize-security-group-ingress --group-id ${{ vars.SINGAPORE_SG_ID }} --protocol tcp --port 8443 --cidr $curr_ip/32)
+        echo sg_id_for_singapore=$(echo $aws_sg_for_singapore | jq '.SecurityGroupRules[0].SecurityGroupRuleId') >> $GITHUB_ENV
+
+    - name: Set IP in AWS Security Group - Sydney
+      env:
+        AWS_REGION: ap-southeast-2
+        AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID_STAGE }}
+        AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY_STAGE }}
+      run: |
+        aws_sg_for_sydney=$(aws ec2 authorize-security-group-ingress --group-id ${{ vars.SYDNEY_SG_ID }} --protocol tcp --port 8443 --cidr $curr_ip/32)
+        echo sg_id_for_sydney=$(echo $aws_sg_for_sydney | jq '.SecurityGroupRules[0].SecurityGroupRuleId') >> $GITHUB_ENV
 
     - name: Create Key File
       run: |
@@ -167,6 +180,7 @@ jobs:
       run: terraform -chdir=$EXAMPLE_DIR output -json
 
     - name: Collect Artifacts
+      if: always()
       uses: actions/upload-artifact@v2
       with:
         name: collected-keys
@@ -183,7 +197,18 @@ jobs:
         AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID_STAGE }}
         AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY_STAGE }}
       if: always()
-      run: aws ec2 revoke-security-group-ingress --group-id ${{ vars.JUMP_SERVER_SG_ID }} --security-group-rule-ids ${{ env.sg_id }}
+      run: |
+        aws ec2 revoke-security-group-ingress --group-id ${{ vars.JUMP_SERVER_SG_ID }} --security-group-rule-ids ${{ env.sg_id }}
+        aws ec2 revoke-security-group-ingress --group-id ${{ vars.SINGAPORE_SG_ID }} --security-group-rule-ids ${{ env.sg_id_for_singapore }}
+
+    - name: Delete Security Group - Sydney
+      env:
+        AWS_REGION: ap-southeast-2
+        AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID_STAGE }}
+        AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY_STAGE }}
+      if: always()
+      run: |
+        aws ec2 revoke-security-group-ingress --group-id ${{ vars.SYDNEY_SG_ID }} --security-group-rule-ids ${{ env.sg_id_for_sydney }}
 
     - name: Check how was the workflow run
       id: check-trigger

.github/workflows/terraform_nightly_manager.yml

@@ -76,7 +76,7 @@ jobs:
       SLACK_WEBHOOK_URL: ${{ secrets.SLACK_WEBHOOK_URL }}
 
   master_dsf_single_account:
-    uses: imperva/dsfkit/.github/workflows/terraform_nightly_manager.yml@master
+    uses: imperva/dsfkit/.github/workflows/dsf_single_account_cli.yml@master
     with:
       branch: master
     secrets:
@@ -89,7 +89,7 @@ jobs:
       DAM_LICENSE: ${{ secrets.DAM_LICENSE }}
 
   dev_dsf_single_account:
-    uses: imperva/dsfkit/.github/workflows/terraform_nightly_manager.yml@dev
+    uses: imperva/dsfkit/.github/workflows/dsf_single_account_cli.yml@dev
     with:
       branch: dev
     secrets: