From 3c97872d4e6b4b853f483653e7f6c6e2004fd24c Mon Sep 17 00:00:00 2001 From: "segev.elmalech" Date: Mon, 17 Jul 2023 10:17:50 +0300 Subject: [PATCH 1/8] add sed - EDSF-302 --- .github/workflows/dsf_single_account_cli.yml | 6 ++--- .../dsf_single_account_deployment/dam.tf | 9 +++---- .../dsf_single_account_deployment/dra.tf | 6 ++--- .../dsf_single_account_deployment/main.tf | 27 +++++++------------ .../dsf_single_account_deployment/sonar.tf | 21 +++++---------- 5 files changed, 24 insertions(+), 45 deletions(-) diff --git a/.github/workflows/dsf_single_account_cli.yml b/.github/workflows/dsf_single_account_cli.yml index 2d955273b..a7d273da8 100644 --- a/.github/workflows/dsf_single_account_cli.yml +++ b/.github/workflows/dsf_single_account_cli.yml @@ -70,9 +70,9 @@ jobs: with: ref: ${{ env.REF }} -# - name: Change the modules source to local -# run: | -# find ./examples/ -type f -exec sed -i -f sed.expr {} \; + - name: Change the modules source to local + run: | + find ./examples/ -type f -exec sed -i -f sed.expr {} \; - name: Sets env vars for environment run: | diff --git a/examples/installation/dsf_single_account_deployment/dam.tf b/examples/installation/dsf_single_account_deployment/dam.tf index 149265b5e..ed3fced88 100644 --- a/examples/installation/dsf_single_account_deployment/dam.tf +++ b/examples/installation/dsf_single_account_deployment/dam.tf @@ -7,8 +7,7 @@ locals { } module "mx" { - source = "imperva/dsf-mx/aws" - version = "1.5.0" # latest release tag + source = "../../../modules/aws/mx" count = var.enable_dam ? 1 : 0 friendly_name = join("-", [local.deployment_name_salted, "mx"]) @@ -35,8 +34,7 @@ module "mx" { } module "agent_gw" { - source = "imperva/dsf-agent-gw/aws" - version = "1.5.0" # latest release tag + source = "../../../modules/aws/agent-gw" count = local.agent_gw_count friendly_name = join("-", [local.deployment_name_salted, "agent", "gw", count.index]) @@ -63,8 +61,7 @@ module "agent_gw" { } module "agent_gw_cluster_setup" { - source = "imperva/dsf-agent-gw-cluster-setup/null" - version = "1.5.0" # latest release tag + source = "../../../modules/null/agent-gw-cluster-setup" count = local.create_agent_gw_cluster cluster_name = var.cluster_name != null ? var.cluster_name : join("-", [local.deployment_name_salted, "agent", "gw", "cluster"]) diff --git a/examples/installation/dsf_single_account_deployment/dra.tf b/examples/installation/dsf_single_account_deployment/dra.tf index 352a5390a..b2b80d2e4 100644 --- a/examples/installation/dsf_single_account_deployment/dra.tf +++ b/examples/installation/dsf_single_account_deployment/dra.tf @@ -5,8 +5,7 @@ locals { } module "dra_admin" { - source = "imperva/dsf-dra-admin/aws" - version = "1.5.0" # latest release tag + source = "../../../modules/aws/dra-admin" count = var.enable_dra ? 1 : 0 friendly_name = join("-", [local.deployment_name_salted, "dra", "admin"]) @@ -26,8 +25,7 @@ module "dra_admin" { } module "analytics_server_group" { - source = "imperva/dsf-dra-analytics/aws" - version = "1.5.0" # latest release tag + source = "../../../modules/aws/dra-analytics" count = local.dra_analytics_server_count friendly_name = join("-", [local.deployment_name_salted, "dra", "analytics", "server", count.index]) diff --git a/examples/installation/dsf_single_account_deployment/main.tf b/examples/installation/dsf_single_account_deployment/main.tf index 971a512d5..0ace89936 100644 --- a/examples/installation/dsf_single_account_deployment/main.tf +++ b/examples/installation/dsf_single_account_deployment/main.tf @@ -1,6 +1,5 @@ module "globals" { - source = "imperva/dsf-globals/aws" - version = "1.5.0" # latest release tag + source = "../../../modules/aws/core/globals" sonar_version = var.sonar_version dra_version = var.dra_version @@ -39,8 +38,7 @@ locals { module "key_pair_hub_primary" { count = var.hub_primary_key_pair == null ? 1 : 0 - source = "imperva/dsf-globals/aws//modules/key_pair" - version = "1.5.0" # latest release tag + source = "../../../modules/aws/core/key_pair" key_name_prefix = "imperva-dsf-hub-primary" private_key_filename = "ssh_keys/dsf_ssh_key-hub-primary-${terraform.workspace}" tags = local.tags @@ -51,8 +49,7 @@ module "key_pair_hub_primary" { module "key_pair_hub_secondary" { count = var.hub_secondary_key_pair == null ? 1 : 0 - source = "imperva/dsf-globals/aws//modules/key_pair" - version = "1.5.0" # latest release tag + source = "../../../modules/aws/core/key_pair" key_name_prefix = "imperva-dsf-hub-secondary" private_key_filename = "ssh_keys/dsf_ssh_key-hub-secondary-${terraform.workspace}" tags = local.tags @@ -63,8 +60,7 @@ module "key_pair_hub_secondary" { module "key_pair_agentless_gw_primary" { count = var.agentless_gw_primary_key_pair == null ? 1 : 0 - source = "imperva/dsf-globals/aws//modules/key_pair" - version = "1.5.0" # latest release tag + source = "../../../modules/aws/core/key_pair" key_name_prefix = "imperva-dsf-gw-primary" private_key_filename = "ssh_keys/dsf_ssh_key-agentless-gw-primary-${terraform.workspace}" tags = local.tags @@ -75,8 +71,7 @@ module "key_pair_agentless_gw_primary" { module "key_pair_agentless_gw_secondary" { count = var.agentless_gw_secondary_key_pair == null ? 1 : 0 - source = "imperva/dsf-globals/aws//modules/key_pair" - version = "1.5.0" # latest release tag + source = "../../../modules/aws/core/key_pair" key_name_prefix = "imperva-dsf-gw-secondary" private_key_filename = "ssh_keys/dsf_ssh_key-agentless-gw-secondary-${terraform.workspace}" tags = local.tags @@ -87,8 +82,7 @@ module "key_pair_agentless_gw_secondary" { module "key_pair_mx" { count = var.mx_key_pair == null ? 1 : 0 - source = "imperva/dsf-globals/aws//modules/key_pair" - version = "1.5.0" # latest release tag + source = "../../../modules/aws/core/key_pair" key_name_prefix = "imperva-dsf-mx" private_key_filename = "ssh_keys/dsf_ssh_key-mx-${terraform.workspace}" tags = local.tags @@ -99,8 +93,7 @@ module "key_pair_mx" { module "key_pair_agent_gw" { count = var.agent_gw_key_pair == null ? 1 : 0 - source = "imperva/dsf-globals/aws//modules/key_pair" - version = "1.5.0" # latest release tag + source = "../../../modules/aws/core/key_pair" key_name_prefix = "imperva-dsf-agent-gw" private_key_filename = "ssh_keys/dsf_ssh_key-agent-gw-${terraform.workspace}" tags = local.tags @@ -111,8 +104,7 @@ module "key_pair_agent_gw" { module "key_pair_dra_admin" { count = var.dra_admin_key_pair == null ? 1 : 0 - source = "imperva/dsf-globals/aws//modules/key_pair" - version = "1.5.0" # latest release tag + source = "../../../modules/aws/core/key_pair" key_name_prefix = "imperva-dsf-dra-admin" private_key_filename = "ssh_keys/dsf_ssh_key-dra-admin-${terraform.workspace}" tags = local.tags @@ -123,8 +115,7 @@ module "key_pair_dra_admin" { module "key_pair_dra_analytics" { count = var.dra_analytics_key_pair == null ? 1 : 0 - source = "imperva/dsf-globals/aws//modules/key_pair" - version = "1.5.0" # latest release tag + source = "../../../modules/aws/core/key_pair" key_name_prefix = "imperva-dsf-dra-analytics" private_key_filename = "ssh_keys/dsf_ssh_key-dra-analytics-${terraform.workspace}" tags = local.tags diff --git a/examples/installation/dsf_single_account_deployment/sonar.tf b/examples/installation/dsf_single_account_deployment/sonar.tf index 96d0e0e63..a3a1a80f4 100644 --- a/examples/installation/dsf_single_account_deployment/sonar.tf +++ b/examples/installation/dsf_single_account_deployment/sonar.tf @@ -7,8 +7,7 @@ locals { } module "hub_primary" { - source = "imperva/dsf-hub/aws" - version = "1.5.0" # latest release tag + source = "../../../modules/aws/hub" count = var.enable_dsf_hub ? 1 : 0 friendly_name = join("-", [local.deployment_name_salted, "hub", "primary"]) @@ -53,8 +52,7 @@ module "hub_primary" { } module "hub_secondary" { - source = "imperva/dsf-hub/aws" - version = "1.5.0" # latest release tag + source = "../../../modules/aws/hub" count = var.enable_dsf_hub && var.hub_hadr ? 1 : 0 friendly_name = join("-", [local.deployment_name_salted, "hub", "secondary"]) @@ -96,8 +94,7 @@ module "hub_secondary" { } module "hub_hadr" { - source = "imperva/dsf-hadr/null" - version = "1.5.0" # latest release tag + source = "../../../modules/null/hadr" count = length(module.hub_secondary) > 0 ? 1 : 0 sonar_version = module.globals.tarball_location.version @@ -121,8 +118,7 @@ module "hub_hadr" { } module "agentless_gw_primary" { - source = "imperva/dsf-agentless-gw/aws" - version = "1.5.0" # latest release tag + source = "../../../modules/aws/agentless-gw" count = local.agentless_gw_count friendly_name = join("-", [local.deployment_name_salted, "agentless", "gw", count.index]) @@ -159,8 +155,7 @@ module "agentless_gw_primary" { } module "agentless_gw_secondary" { - source = "imperva/dsf-agentless-gw/aws" - version = "1.5.0" # latest release tag + source = "../../../modules/aws/agentless-gw" count = var.agentless_gw_hadr ? local.agentless_gw_count : 0 friendly_name = join("-", [local.deployment_name_salted, "agentless", "gw", "secondary", count.index]) @@ -200,8 +195,7 @@ module "agentless_gw_secondary" { } module "agentless_gw_hadr" { - source = "imperva/dsf-hadr/null" - version = "1.5.0" # latest release tag + source = "../../../modules/null/hadr" count = length(module.agentless_gw_secondary) sonar_version = module.globals.tarball_location.version @@ -246,8 +240,7 @@ locals { } module "federation" { - source = "imperva/dsf-federation/null" - version = "1.5.0" # latest release tag + source = "../../../modules/null/federation" for_each = local.hub_gw_combinations hub_info = { From 89d5f433b0b161e1ca45cd704a429c3ae3f0e075 Mon Sep 17 00:00:00 2001 From: "segev.elmalech" Date: Mon, 17 Jul 2023 10:42:06 +0300 Subject: [PATCH 2/8] Revert "add sed - EDSF-302" This reverts commit 3c97872d4e6b4b853f483653e7f6c6e2004fd24c. --- .github/workflows/dsf_single_account_cli.yml | 6 ++--- .../dsf_single_account_deployment/dam.tf | 9 ++++--- .../dsf_single_account_deployment/dra.tf | 6 +++-- .../dsf_single_account_deployment/main.tf | 27 ++++++++++++------- .../dsf_single_account_deployment/sonar.tf | 21 ++++++++++----- 5 files changed, 45 insertions(+), 24 deletions(-) diff --git a/.github/workflows/dsf_single_account_cli.yml b/.github/workflows/dsf_single_account_cli.yml index a7d273da8..2d955273b 100644 --- a/.github/workflows/dsf_single_account_cli.yml +++ b/.github/workflows/dsf_single_account_cli.yml @@ -70,9 +70,9 @@ jobs: with: ref: ${{ env.REF }} - - name: Change the modules source to local - run: | - find ./examples/ -type f -exec sed -i -f sed.expr {} \; +# - name: Change the modules source to local +# run: | +# find ./examples/ -type f -exec sed -i -f sed.expr {} \; - name: Sets env vars for environment run: | diff --git a/examples/installation/dsf_single_account_deployment/dam.tf b/examples/installation/dsf_single_account_deployment/dam.tf index fa3e38fbf..e856501f2 100644 --- a/examples/installation/dsf_single_account_deployment/dam.tf +++ b/examples/installation/dsf_single_account_deployment/dam.tf @@ -7,7 +7,8 @@ locals { } module "mx" { - source = "../../../modules/aws/mx" + source = "imperva/dsf-mx/aws" + version = "1.5.0" # latest release tag count = var.enable_dam ? 1 : 0 friendly_name = join("-", [local.deployment_name_salted, "mx"]) @@ -35,7 +36,8 @@ module "mx" { } module "agent_gw" { - source = "../../../modules/aws/agent-gw" + source = "imperva/dsf-agent-gw/aws" + version = "1.5.0" # latest release tag count = local.agent_gw_count friendly_name = join("-", [local.deployment_name_salted, "agent", "gw", count.index]) @@ -63,7 +65,8 @@ module "agent_gw" { } module "agent_gw_cluster_setup" { - source = "../../../modules/null/agent-gw-cluster-setup" + source = "imperva/dsf-agent-gw-cluster-setup/null" + version = "1.5.0" # latest release tag count = local.create_agent_gw_cluster cluster_name = var.cluster_name != null ? var.cluster_name : join("-", [local.deployment_name_salted, "agent", "gw", "cluster"]) diff --git a/examples/installation/dsf_single_account_deployment/dra.tf b/examples/installation/dsf_single_account_deployment/dra.tf index 483829303..49ad91c91 100644 --- a/examples/installation/dsf_single_account_deployment/dra.tf +++ b/examples/installation/dsf_single_account_deployment/dra.tf @@ -5,7 +5,8 @@ locals { } module "dra_admin" { - source = "../../../modules/aws/dra-admin" + source = "imperva/dsf-dra-admin/aws" + version = "1.5.0" # latest release tag count = var.enable_dra ? 1 : 0 friendly_name = join("-", [local.deployment_name_salted, "dra", "admin"]) @@ -26,7 +27,8 @@ module "dra_admin" { } module "analytics_server_group" { - source = "../../../modules/aws/dra-analytics" + source = "imperva/dsf-dra-analytics/aws" + version = "1.5.0" # latest release tag count = local.dra_analytics_server_count friendly_name = join("-", [local.deployment_name_salted, "dra", "analytics", "server", count.index]) diff --git a/examples/installation/dsf_single_account_deployment/main.tf b/examples/installation/dsf_single_account_deployment/main.tf index 0ace89936..971a512d5 100644 --- a/examples/installation/dsf_single_account_deployment/main.tf +++ b/examples/installation/dsf_single_account_deployment/main.tf @@ -1,5 +1,6 @@ module "globals" { - source = "../../../modules/aws/core/globals" + source = "imperva/dsf-globals/aws" + version = "1.5.0" # latest release tag sonar_version = var.sonar_version dra_version = var.dra_version @@ -38,7 +39,8 @@ locals { module "key_pair_hub_primary" { count = var.hub_primary_key_pair == null ? 1 : 0 - source = "../../../modules/aws/core/key_pair" + source = "imperva/dsf-globals/aws//modules/key_pair" + version = "1.5.0" # latest release tag key_name_prefix = "imperva-dsf-hub-primary" private_key_filename = "ssh_keys/dsf_ssh_key-hub-primary-${terraform.workspace}" tags = local.tags @@ -49,7 +51,8 @@ module "key_pair_hub_primary" { module "key_pair_hub_secondary" { count = var.hub_secondary_key_pair == null ? 1 : 0 - source = "../../../modules/aws/core/key_pair" + source = "imperva/dsf-globals/aws//modules/key_pair" + version = "1.5.0" # latest release tag key_name_prefix = "imperva-dsf-hub-secondary" private_key_filename = "ssh_keys/dsf_ssh_key-hub-secondary-${terraform.workspace}" tags = local.tags @@ -60,7 +63,8 @@ module "key_pair_hub_secondary" { module "key_pair_agentless_gw_primary" { count = var.agentless_gw_primary_key_pair == null ? 1 : 0 - source = "../../../modules/aws/core/key_pair" + source = "imperva/dsf-globals/aws//modules/key_pair" + version = "1.5.0" # latest release tag key_name_prefix = "imperva-dsf-gw-primary" private_key_filename = "ssh_keys/dsf_ssh_key-agentless-gw-primary-${terraform.workspace}" tags = local.tags @@ -71,7 +75,8 @@ module "key_pair_agentless_gw_primary" { module "key_pair_agentless_gw_secondary" { count = var.agentless_gw_secondary_key_pair == null ? 1 : 0 - source = "../../../modules/aws/core/key_pair" + source = "imperva/dsf-globals/aws//modules/key_pair" + version = "1.5.0" # latest release tag key_name_prefix = "imperva-dsf-gw-secondary" private_key_filename = "ssh_keys/dsf_ssh_key-agentless-gw-secondary-${terraform.workspace}" tags = local.tags @@ -82,7 +87,8 @@ module "key_pair_agentless_gw_secondary" { module "key_pair_mx" { count = var.mx_key_pair == null ? 1 : 0 - source = "../../../modules/aws/core/key_pair" + source = "imperva/dsf-globals/aws//modules/key_pair" + version = "1.5.0" # latest release tag key_name_prefix = "imperva-dsf-mx" private_key_filename = "ssh_keys/dsf_ssh_key-mx-${terraform.workspace}" tags = local.tags @@ -93,7 +99,8 @@ module "key_pair_mx" { module "key_pair_agent_gw" { count = var.agent_gw_key_pair == null ? 1 : 0 - source = "../../../modules/aws/core/key_pair" + source = "imperva/dsf-globals/aws//modules/key_pair" + version = "1.5.0" # latest release tag key_name_prefix = "imperva-dsf-agent-gw" private_key_filename = "ssh_keys/dsf_ssh_key-agent-gw-${terraform.workspace}" tags = local.tags @@ -104,7 +111,8 @@ module "key_pair_agent_gw" { module "key_pair_dra_admin" { count = var.dra_admin_key_pair == null ? 1 : 0 - source = "../../../modules/aws/core/key_pair" + source = "imperva/dsf-globals/aws//modules/key_pair" + version = "1.5.0" # latest release tag key_name_prefix = "imperva-dsf-dra-admin" private_key_filename = "ssh_keys/dsf_ssh_key-dra-admin-${terraform.workspace}" tags = local.tags @@ -115,7 +123,8 @@ module "key_pair_dra_admin" { module "key_pair_dra_analytics" { count = var.dra_analytics_key_pair == null ? 1 : 0 - source = "../../../modules/aws/core/key_pair" + source = "imperva/dsf-globals/aws//modules/key_pair" + version = "1.5.0" # latest release tag key_name_prefix = "imperva-dsf-dra-analytics" private_key_filename = "ssh_keys/dsf_ssh_key-dra-analytics-${terraform.workspace}" tags = local.tags diff --git a/examples/installation/dsf_single_account_deployment/sonar.tf b/examples/installation/dsf_single_account_deployment/sonar.tf index a3a1a80f4..96d0e0e63 100644 --- a/examples/installation/dsf_single_account_deployment/sonar.tf +++ b/examples/installation/dsf_single_account_deployment/sonar.tf @@ -7,7 +7,8 @@ locals { } module "hub_primary" { - source = "../../../modules/aws/hub" + source = "imperva/dsf-hub/aws" + version = "1.5.0" # latest release tag count = var.enable_dsf_hub ? 1 : 0 friendly_name = join("-", [local.deployment_name_salted, "hub", "primary"]) @@ -52,7 +53,8 @@ module "hub_primary" { } module "hub_secondary" { - source = "../../../modules/aws/hub" + source = "imperva/dsf-hub/aws" + version = "1.5.0" # latest release tag count = var.enable_dsf_hub && var.hub_hadr ? 1 : 0 friendly_name = join("-", [local.deployment_name_salted, "hub", "secondary"]) @@ -94,7 +96,8 @@ module "hub_secondary" { } module "hub_hadr" { - source = "../../../modules/null/hadr" + source = "imperva/dsf-hadr/null" + version = "1.5.0" # latest release tag count = length(module.hub_secondary) > 0 ? 1 : 0 sonar_version = module.globals.tarball_location.version @@ -118,7 +121,8 @@ module "hub_hadr" { } module "agentless_gw_primary" { - source = "../../../modules/aws/agentless-gw" + source = "imperva/dsf-agentless-gw/aws" + version = "1.5.0" # latest release tag count = local.agentless_gw_count friendly_name = join("-", [local.deployment_name_salted, "agentless", "gw", count.index]) @@ -155,7 +159,8 @@ module "agentless_gw_primary" { } module "agentless_gw_secondary" { - source = "../../../modules/aws/agentless-gw" + source = "imperva/dsf-agentless-gw/aws" + version = "1.5.0" # latest release tag count = var.agentless_gw_hadr ? local.agentless_gw_count : 0 friendly_name = join("-", [local.deployment_name_salted, "agentless", "gw", "secondary", count.index]) @@ -195,7 +200,8 @@ module "agentless_gw_secondary" { } module "agentless_gw_hadr" { - source = "../../../modules/null/hadr" + source = "imperva/dsf-hadr/null" + version = "1.5.0" # latest release tag count = length(module.agentless_gw_secondary) sonar_version = module.globals.tarball_location.version @@ -240,7 +246,8 @@ locals { } module "federation" { - source = "../../../modules/null/federation" + source = "imperva/dsf-federation/null" + version = "1.5.0" # latest release tag for_each = local.hub_gw_combinations hub_info = { From fbc8d554526c6c4917d5ef210e4860ae82d97b49 Mon Sep 17 00:00:00 2001 From: "segev.elmalech" Date: Mon, 17 Jul 2023 10:44:27 +0300 Subject: [PATCH 3/8] add sed - EDSF-302 --- .github/workflows/dsf_single_account_cli.yml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/.github/workflows/dsf_single_account_cli.yml b/.github/workflows/dsf_single_account_cli.yml index 2d955273b..a7d273da8 100644 --- a/.github/workflows/dsf_single_account_cli.yml +++ b/.github/workflows/dsf_single_account_cli.yml @@ -70,9 +70,9 @@ jobs: with: ref: ${{ env.REF }} -# - name: Change the modules source to local -# run: | -# find ./examples/ -type f -exec sed -i -f sed.expr {} \; + - name: Change the modules source to local + run: | + find ./examples/ -type f -exec sed -i -f sed.expr {} \; - name: Sets env vars for environment run: | From 853c66b0533fa989cd3776489cfc9137d69502d8 Mon Sep 17 00:00:00 2001 From: "segev.elmalech" Date: Tue, 18 Jul 2023 10:56:29 +0300 Subject: [PATCH 4/8] add sg for sydney and fix nightly manager - EDSF-302 --- .github/workflows/dsf_single_account_cli.yml | 27 ++++++++++++++++++- .../workflows/terraform_nightly_manager.yml | 4 +-- 2 files changed, 28 insertions(+), 3 deletions(-) diff --git a/.github/workflows/dsf_single_account_cli.yml b/.github/workflows/dsf_single_account_cli.yml index a7d273da8..ea1f67dbf 100644 --- a/.github/workflows/dsf_single_account_cli.yml +++ b/.github/workflows/dsf_single_account_cli.yml @@ -16,6 +16,10 @@ on: required: true type: string secrets: + AWS_ACCESS_KEY_ID: + required: true + AWS_SECRET_ACCESS_KEY: + required: true AWS_ACCESS_KEY_ID_STAGE: required: true AWS_SECRET_ACCESS_KEY_STAGE: @@ -24,6 +28,8 @@ on: required: true JUMP_SERVER_KEY: required: true + DAM_LICENSE: + required: true push: branches: @@ -125,6 +131,15 @@ jobs: aws_sg=$(aws ec2 authorize-security-group-ingress --group-id ${{ vars.JUMP_SERVER_SG_ID }} --protocol tcp --port 22 --cidr $curr_ip/32) echo sg_id=$(echo $aws_sg | jq '.SecurityGroupRules[0].SecurityGroupRuleId') >> $GITHUB_ENV + - name: Set IP in AWS Security Group - Sydney + env: + AWS_REGION: ap-southeast-2 + AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID_STAGE }} + AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY_STAGE }} + run: | + aws_sg_for_sydney=$(aws ec2 authorize-security-group-ingress --group-id ${{ vars.SYDNEY_SG_ID }} --protocol tcp --port 22 --cidr $curr_ip/32) + echo sg_id_for_sydney=$(echo $aws_sg_for_sydney | jq '.SecurityGroupRules[0].SecurityGroupRuleId') >> $GITHUB_ENV + - name: Create Key File run: | echo "${{ secrets.JUMP_SERVER_KEY }}" > $EXAMPLE_DIR/$AWS_KEY_PATH @@ -183,7 +198,17 @@ jobs: AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID_STAGE }} AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY_STAGE }} if: always() - run: aws ec2 revoke-security-group-ingress --group-id ${{ vars.JUMP_SERVER_SG_ID }} --security-group-rule-ids ${{ env.sg_id }} + run: | + aws ec2 revoke-security-group-ingress --group-id ${{ vars.JUMP_SERVER_SG_ID }} --security-group-rule-ids ${{ env.sg_id }} + + - name: Delete Security Group - Sydney + env: + AWS_REGION: ap-southeast-2 + AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID_STAGE }} + AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY_STAGE }} + if: always() + run: | + aws ec2 revoke-security-group-ingress --group-id ${{ vars.SYDNEY_SG_ID }} --security-group-rule-ids ${{ env.sg_id_for_sydney }} - name: Check how was the workflow run id: check-trigger diff --git a/.github/workflows/terraform_nightly_manager.yml b/.github/workflows/terraform_nightly_manager.yml index 68d991e90..edaf2d45a 100644 --- a/.github/workflows/terraform_nightly_manager.yml +++ b/.github/workflows/terraform_nightly_manager.yml @@ -76,7 +76,7 @@ jobs: SLACK_WEBHOOK_URL: ${{ secrets.SLACK_WEBHOOK_URL }} master_dsf_single_account: - uses: imperva/dsfkit/.github/workflows/terraform_nightly_manager.yml@master + uses: imperva/dsfkit/.github/workflows/dsf_single_account_cli.yml@master with: branch: master secrets: @@ -89,7 +89,7 @@ jobs: DAM_LICENSE: ${{ secrets.DAM_LICENSE }} dev_dsf_single_account: - uses: imperva/dsfkit/.github/workflows/terraform_nightly_manager.yml@dev + uses: imperva/dsfkit/.github/workflows/dsf_single_account_cli.yml@dev with: branch: dev secrets: From 4c4dfebb7808c1b9b768506e394e83d6613c170b Mon Sep 17 00:00:00 2001 From: "segev.elmalech" Date: Tue, 18 Jul 2023 12:20:19 +0300 Subject: [PATCH 5/8] add sg for singapore - EDSF-302 --- .github/workflows/dsf_single_account_cli.yml | 3 +++ 1 file changed, 3 insertions(+) diff --git a/.github/workflows/dsf_single_account_cli.yml b/.github/workflows/dsf_single_account_cli.yml index ea1f67dbf..5961c4be5 100644 --- a/.github/workflows/dsf_single_account_cli.yml +++ b/.github/workflows/dsf_single_account_cli.yml @@ -130,6 +130,8 @@ jobs: run: | aws_sg=$(aws ec2 authorize-security-group-ingress --group-id ${{ vars.JUMP_SERVER_SG_ID }} --protocol tcp --port 22 --cidr $curr_ip/32) echo sg_id=$(echo $aws_sg | jq '.SecurityGroupRules[0].SecurityGroupRuleId') >> $GITHUB_ENV + aws_sg_for_singapore=$(aws ec2 authorize-security-group-ingress --group-id ${{ vars.SINGAPORE_SG_ID }} --protocol tcp --port 22 --cidr $curr_ip/32) + echo sg_id_for_singapore=$(echo $aws_sg_for_singapore | jq '.SecurityGroupRules[0].SecurityGroupRuleId') >> $GITHUB_ENV - name: Set IP in AWS Security Group - Sydney env: @@ -200,6 +202,7 @@ jobs: if: always() run: | aws ec2 revoke-security-group-ingress --group-id ${{ vars.JUMP_SERVER_SG_ID }} --security-group-rule-ids ${{ env.sg_id }} + aws ec2 revoke-security-group-ingress --group-id ${{ vars.SINGAPORE_SG_ID }} --security-group-rule-ids ${{ env.sg_id_for_singapore }} - name: Delete Security Group - Sydney env: From cb0c163ceaab21fc39dd23e861ff2dc0e218a569 Mon Sep 17 00:00:00 2001 From: "segev.elmalech" Date: Tue, 18 Jul 2023 13:42:01 +0300 Subject: [PATCH 6/8] fix the port - EDSF-302 --- .github/workflows/dsf_single_account_cli.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/dsf_single_account_cli.yml b/.github/workflows/dsf_single_account_cli.yml index 5961c4be5..3c97eff63 100644 --- a/.github/workflows/dsf_single_account_cli.yml +++ b/.github/workflows/dsf_single_account_cli.yml @@ -130,7 +130,7 @@ jobs: run: | aws_sg=$(aws ec2 authorize-security-group-ingress --group-id ${{ vars.JUMP_SERVER_SG_ID }} --protocol tcp --port 22 --cidr $curr_ip/32) echo sg_id=$(echo $aws_sg | jq '.SecurityGroupRules[0].SecurityGroupRuleId') >> $GITHUB_ENV - aws_sg_for_singapore=$(aws ec2 authorize-security-group-ingress --group-id ${{ vars.SINGAPORE_SG_ID }} --protocol tcp --port 22 --cidr $curr_ip/32) + aws_sg_for_singapore=$(aws ec2 authorize-security-group-ingress --group-id ${{ vars.SINGAPORE_SG_ID }} --protocol tcp --port 8443 --cidr $curr_ip/32) echo sg_id_for_singapore=$(echo $aws_sg_for_singapore | jq '.SecurityGroupRules[0].SecurityGroupRuleId') >> $GITHUB_ENV - name: Set IP in AWS Security Group - Sydney @@ -139,7 +139,7 @@ jobs: AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID_STAGE }} AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY_STAGE }} run: | - aws_sg_for_sydney=$(aws ec2 authorize-security-group-ingress --group-id ${{ vars.SYDNEY_SG_ID }} --protocol tcp --port 22 --cidr $curr_ip/32) + aws_sg_for_sydney=$(aws ec2 authorize-security-group-ingress --group-id ${{ vars.SYDNEY_SG_ID }} --protocol tcp --port 8443 --cidr $curr_ip/32) echo sg_id_for_sydney=$(echo $aws_sg_for_sydney | jq '.SecurityGroupRules[0].SecurityGroupRuleId') >> $GITHUB_ENV - name: Create Key File From 38de73d7de29119641e839b26eeea83c6fd26b91 Mon Sep 17 00:00:00 2001 From: "segev.elmalech" Date: Tue, 18 Jul 2023 14:30:29 +0300 Subject: [PATCH 7/8] collect artifacts always - EDSF-302 --- .github/workflows/dsf_single_account_cli.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/.github/workflows/dsf_single_account_cli.yml b/.github/workflows/dsf_single_account_cli.yml index 3c97eff63..276a3739b 100644 --- a/.github/workflows/dsf_single_account_cli.yml +++ b/.github/workflows/dsf_single_account_cli.yml @@ -184,6 +184,7 @@ jobs: run: terraform -chdir=$EXAMPLE_DIR output -json - name: Collect Artifacts + if: always() uses: actions/upload-artifact@v2 with: name: collected-keys From 2840528cfa87eaf786787bcb4d8e93a42aec2b92 Mon Sep 17 00:00:00 2001 From: "segev.elmalech" Date: Tue, 18 Jul 2023 14:31:00 +0300 Subject: [PATCH 8/8] remove on push - EDSF-302 --- .github/workflows/dsf_single_account_cli.yml | 4 ---- 1 file changed, 4 deletions(-) diff --git a/.github/workflows/dsf_single_account_cli.yml b/.github/workflows/dsf_single_account_cli.yml index 276a3739b..01b011751 100644 --- a/.github/workflows/dsf_single_account_cli.yml +++ b/.github/workflows/dsf_single_account_cli.yml @@ -31,10 +31,6 @@ on: DAM_LICENSE: required: true - push: - branches: - - 'sprint_10_segev' - env: TF_CLI_ARGS: "-no-color" TF_INPUT: 0