diff --git a/CHANGELOG.md b/CHANGELOG.md index a9292fe55..49c8f2e71 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -7,6 +7,18 @@ Changes to be including in future/planned release notes will be added here. ## Next +## [0.4.57](https://github.com/Worklytics/psoxy/release/tag/v0.4.57) +Several changes in this version will result in visible changes during `terraform plan`/`apply`: +- Permission changes on Microsoft 365: + - `MailboxSettings.Read` permission has been added for directory connectors (`azure-ad`, `entra-id`) + This will have NO impact until your Admin grants this permission in the Microsoft 365 Admin + Center; until that happens, Worklytics will continue to NOT retrieve mailbox settings. + - `OnlineMeetings.Read.All` and `OnlineMeetingArtifact.Read.All` permissions have been removed from `outlook-cal` connector +- `java17` runtime by default (previously, was `java11`); `java11` is still supported by AWS, but + will be deprecated by GCP in Sept 2024. As of 0.4, proxy code is still compiled for java 11 - so + if you wish to keep using `java11` runtime, it will work; if you require this, let us know asnd + we'll expose option to select runtime version in the Terraform module. + ## [0.4.56](https://github.com/Worklytics/psoxy/release/tag/v0.4.56) - due to refactoring, users of Microsoft connectors may see some moves of resources in Terraform plan; these will be no-ops. diff --git a/docs/README.md b/docs/README.md index acc6a7d30..5790826f5 100644 --- a/docs/README.md +++ b/docs/README.md @@ -124,11 +124,11 @@ must authorize the Azure Application you provision (with [provided terraform mod below. This is done via the Azure Portal (Active Directory). If you use our provided Terraform modules, specific instructions that you can pass to the Microsoft 365 Admin will be output for you. -| Source                 | Examples    | Application Scopes | -|--------------------------------------------------------------------------------------------------------|----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------| -| Entra ID (former Active Directory) | [data](https://github.com/Worklytics/psoxy/tree/main/docs/sources/microsoft-365/entra-id/example-api-responses) - [rules](https://github.com/Worklytics/psoxy/tree/main/docs/sources/microsoft-365/entra-id/entra-id.yaml) | [`User.Read.All`](https://learn.microsoft.com/en-us/graph/permissions-reference#userreadall) [`Group.Read.All`](https://learn.microsoft.com/en-us/graph/permissions-reference#userreadall) | -| Calendar | [data](https://github.com/Worklytics/psoxy/tree/main/docs/sources/microsoft-365/outlook-cal/example-api-responses) - [rules](https://github.com/Worklytics/psoxy/tree/main/docs/sources/microsoft-365/outlook-cal/outlook-cal.yaml) | [`User.Read.All`](https://learn.microsoft.com/en-us/graph/permissions-reference#userreadall) [`Group.Read.All`](https://learn.microsoft.com/en-us/graph/permissions-reference#userreadall) [`OnlineMeetings.Read.All`](https://learn.microsoft.com/en-us/graph/permissions-reference#onlinemeetingsreadall) [`Calendars.Read`](https://learn.microsoft.com/en-us/graph/permissions-reference#calendarsread) [`MailboxSettings.Read`](https://learn.microsoft.com/en-us/graph/permissions-reference#mailboxsettingsread) | -| Mail | [data](https://github.com/Worklytics/psoxy/tree/main/docs/sources/microsoft-365/outlook-mail/example-api-responses) - [rules](https://github.com/Worklytics/psoxy/tree/main/docs/sources/microsoft-365/outlook-mail/outlook-mail.yaml) | [`User.Read.All`](https://learn.microsoft.com/en-us/graph/permissions-reference#userreadall) [`Group.Read.All`](https://learn.microsoft.com/en-us/graph/permissions-reference#userreadall) [`Mail.ReadBasic.All`](https://learn.microsoft.com/en-us/graph/permissions-reference#mailreadbasicall) [`MailboxSettings.Read`](https://learn.microsoft.com/en-us/graph/permissions-reference#mailboxsettingsread) | +| Source                 | Examples    | Application Scopes | +|--------------------------------------------------------------------------------------------------------|----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------| +| Entra ID (former Active Directory) | [data](https://github.com/Worklytics/psoxy/tree/main/docs/sources/microsoft-365/entra-id/example-api-responses) - [rules](https://github.com/Worklytics/psoxy/tree/main/docs/sources/microsoft-365/entra-id/entra-id.yaml) | [`User.Read.All`](https://learn.microsoft.com/en-us/graph/permissions-reference#userreadall) [`Group.Read.All`](https://learn.microsoft.com/en-us/graph/permissions-reference#userreadall) [`MailboxSettings.Read`](https://learn.microsoft.com/en-us/graph/permissions-reference#mailboxsettingsread) | +| Calendar | [data](https://github.com/Worklytics/psoxy/tree/main/docs/sources/microsoft-365/outlook-cal/example-api-responses) - [rules](https://github.com/Worklytics/psoxy/tree/main/docs/sources/microsoft-365/outlook-cal/outlook-cal.yaml) | [`User.Read.All`](https://learn.microsoft.com/en-us/graph/permissions-reference#userreadall) [`Group.Read.All`](https://learn.microsoft.com/en-us/graph/permissions-reference#userreadall) [`Calendars.Read`](https://learn.microsoft.com/en-us/graph/permissions-reference#calendarsread) [`MailboxSettings.Read`](https://learn.microsoft.com/en-us/graph/permissions-reference#mailboxsettingsread) | +| Mail | [data](https://github.com/Worklytics/psoxy/tree/main/docs/sources/microsoft-365/outlook-mail/example-api-responses) - [rules](https://github.com/Worklytics/psoxy/tree/main/docs/sources/microsoft-365/outlook-mail/outlook-mail.yaml) | [`User.Read.All`](https://learn.microsoft.com/en-us/graph/permissions-reference#userreadall) [`Group.Read.All`](https://learn.microsoft.com/en-us/graph/permissions-reference#userreadall) [`Mail.ReadBasic.All`](https://learn.microsoft.com/en-us/graph/permissions-reference#mailreadbasicall) [`MailboxSettings.Read`](https://learn.microsoft.com/en-us/graph/permissions-reference#mailboxsettingsread) | | Teams (**__beta__**) | [data](https://github.com/Worklytics/psoxy/tree/main/docs/sources/microsoft-365/msft-teams/example-api-responses) - [rules](https://github.com/Worklytics/psoxy/tree/main/docs/sources/microsoft-365/msft-teams/msft-teams.yaml) | [`User.Read.All`](https://learn.microsoft.com/en-us/graph/permissions-reference#userreadall) [`Team.ReadBasic.All`](https://learn.microsoft.com/en-us/graph/permissions-reference#teamreadbasicall) [`Channel.ReadBasic.All`](https://learn.microsoft.com/en-us/graph/permissions-reference#channelreadbasicall) [`Chat.Read.All`](https://learn.microsoft.com/en-us/graph/permissions-reference#chatreadall) [`ChannelMessage.Read.All`](https://learn.microsoft.com/en-us/graph/permissions-reference#channelmessagereadall) [`CallRecords.Read.All`](https://learn.microsoft.com/en-us/graph/permissions-reference#channelmessagereadall) [`OnlineMeetings.Read.All`](https://learn.microsoft.com/en-us/graph/permissions-reference#onlinemeetingsreadall) | NOTE: the above scopes are copied from [infra/modules/worklytics-connector-specs](infra/modules/worklytics-connector-specs)./ @@ -234,13 +234,113 @@ NOTE: Refrain to use Terraform versions 1.4.x that are < v1.4.3. We've seen bugs Depending on your Cloud Host / Data Sources, you will need: -| Condition | Tool | Test Command | Roles / Permissions (Examples, YMMV) | -|-----------------------------------|-----------------------------------------------------------------------------------------------|------------------|-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------| -| if deploying to AWS | [AWS CLI](https://docs.aws.amazon.com/cli/latest/userguide/getting-started-install.html) 2.2+ | `aws --version` |
see [aws/getting-started.md](aws/getting-started.md) | -| if deploying to GCP | [Google Cloud CLI](https://cloud.google.com/sdk/docs/install) 1.0+ | `gcloud version` |
see [gcp/getting-started.md](gcp/getting-started.md) | -| if connecting to Microsoft 365 | [Azure CLI](https://docs.microsoft.com/en-us/cli/azure/install-azure-cli) 2.29+ | `az --version` | [Cloud Application Administrator](https://learn.microsoft.com/en-us/azure/active-directory/roles/permissions-reference#cloud-application-administrator) | | | -| if connecting to Google Workspace | [Google Cloud CLI](https://cloud.google.com/sdk/docs/install) 1.0+ | `gcloud version` |
see [sources/google-workspace/README.md](sources/google-workspace/README.md) | - + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
ConditionToolTest CommandRoles / Permissions (Examples, YMMV)
if deploying to AWS + AWS CLI + 2.2+ + aws --version + +

see aws/getting-started.md

+
if deploying to GCPGoogle Cloud CLI 1.0+gcloud version + +

see gcp/getting-started.md

+
if connecting to Microsoft 365 + Azure CLI 2.29+ + az --version + Cloud + Application Administrator +
if connecting to Google WorkspaceGoogle Cloud CLI 1.0+gcloud version + +

see sources/google-workspace/README.md

+
For testing your psoxy instance, you will need: @@ -322,4 +422,4 @@ Review [release notes in GitHub](https://github.com/Worklytics/psoxy/releases). Psoxy is maintained by Worklytics, Co. Support as well as professional services to assist with configuration and customization are available. Please contact [sales@worklytics.co](mailto:sales@worklytics.co) for more information or visit -[www.worklytics.co](https://www.worklytics.co). +[www.worklytics.co](https://www.worklytics.co). \ No newline at end of file diff --git a/docs/SUMMARY.md b/docs/SUMMARY.md index d9f0f680d..96ab19b32 100644 --- a/docs/SUMMARY.md +++ b/docs/SUMMARY.md @@ -22,14 +22,15 @@ * [Getting Started](gcp/getting-started.md) * [Authentication and Authorization](gcp/authentication-authorization.md) * [Getting Started with Google Cloud Shell](gcp/cloud-shell.md) - * [GCP Development](gcp/development.md) * [GCP Troubleshooting](gcp/troubleshooting.md) + * [GCP Development](gcp/development.md) * [General Guides](guides/README.md) - * [Cleaning Up](guides/cleaning-up.md) - * [Deployment Migration](guides/deployment-migration.md) + * [Implementation](guides/implementation.md) * [Terraform Cloud / Enterprise](guides/terraform-cloud.md) * [Testing](guides/testing.md) + * [Deployment Migration](guides/deployment-migration.md) * [Upgrade Proxy Versions](guides/upgrading-versions.md) + * [Cleaning Up](guides/cleaning-up.md) * [General Troubleshooting](troubleshooting.md) * [Configuration](configuration/README.md) * [API Data Sanitization](configuration/api-data-sanitization.md) diff --git a/docs/aws/README.md b/docs/aws/README.md new file mode 100644 index 000000000..0548985be --- /dev/null +++ b/docs/aws/README.md @@ -0,0 +1 @@ +# AWS diff --git a/docs/development/releases.md b/docs/development/releases.md index 4a02dbc3a..1014265c4 100644 --- a/docs/development/releases.md +++ b/docs/development/releases.md @@ -22,8 +22,16 @@ On `rc-`: QA aws, gcp dev examples by running `terraform apply` for each, and testing various connectors. +Scan a GCP container image for vulnerabilities: + +```shell +./tools/gcp/container-scan.sh psoxy-dev-erik psoxy-dev-erik-gcal +``` + +Create PR to merge `rc-` to `main`. + ```shell -./tools/release/rc-to-release.sh v0.4.16 +./tools/release/rc-to-main.sh v0.4.16 ``` After merged to `main`: diff --git a/docs/gcp/README.md b/docs/gcp/README.md deleted file mode 120000 index a19598fb6..000000000 --- a/docs/gcp/README.md +++ /dev/null @@ -1 +0,0 @@ -getting-started.md \ No newline at end of file diff --git a/docs/gcp/README.md b/docs/gcp/README.md new file mode 100644 index 000000000..6efa79654 --- /dev/null +++ b/docs/gcp/README.md @@ -0,0 +1 @@ +# GCP diff --git a/docs/guides/implementation.md b/docs/guides/implementation.md new file mode 100644 index 000000000..c4ccd4aa1 --- /dev/null +++ b/docs/guides/implementation.md @@ -0,0 +1,65 @@ +# Implementation Guide + +This guide provides a roadmap of a typical implementation with Worklytics-provided support. + +## 1 Kick-off/Scoping meeting + +*30-60 min video call to get overview of process, responsibilities* + +Attendees: + - Product Stakeholder(s) + - Data Source Administrator(s), if identified + - IT Admin(s), if identified + +Agenda: + - determine data sources, and who can authorize access to each + - determine host platform (GCP or AWS) + - identify who has the permissions to manage infra, will be able to run Terraform, and how + they'll run it (where, authenticated how) + - scope desired data interval, approximate headcount, etc. + - identify any potential integration issues or infrastructure constraints + +## 2 Initial Walk through + +*1-2 hr video call, to walk-through customization and initial terraform runs via screenshare* + +Attendees: + - IT Admin(s) who will be running Terraform + - Worklytics technical contact + +Prior to this call, please follow the initial steps in the `Getting Started` section for your host +platform and ensure you have all Prereqs + +Goals: + 1. get example customized and a terraform plan working. + 2. run `terraform apply`. Obtain the `TODO 1` files you can send to your data source + administrators to complete, as needed. + +Tips: + - Works best if we screenshare + +## 3 Testing / Validation + +*can be completed without call; but Worklytics can assist if desired* + + - follow `TODO 2` files / use test.sh shell scripts produced by `terraform apply` + - validate that authentication/authorization is correct for all connections, and that you're + satisfied with proxy behavior + +## 4 Authorize Worklytics to Access Sanitized Data + +*can be completed without call; but Worklytics can assist if desired* + +Authorize Worklytics to invoke API connectors / access sanitized bulk data: + - obtain service account ID of your tenant from Worklytics; configure it in you terraform.tfvars file + - run `terraform apply` again to update IAM policy to reflect the change + +## 5 Connect Sanitized Data Sources to Worklytics + +*can be completed without call; but Worklytics can assist if desired* + + - follow `TODO 3` files (or terraform output values) generated by the `terraform apply` command + - if you do not have access to [Worklytics](https://app.worklytics.co), or you do, but do not have `Data Connection Admin` role, send + these files to the appropriate person + + diff --git a/docs/sources/microsoft-365/README.md b/docs/sources/microsoft-365/README.md index 65c27cad3..d92662844 100644 --- a/docs/sources/microsoft-365/README.md +++ b/docs/sources/microsoft-365/README.md @@ -68,11 +68,11 @@ proxy host platform) The following Scopes are required for each connector. Note that they are all READ-only scopes. -| Source                 | Examples    | Application Scopes | -|--------------------------------------------------------------------------------------------------------|--------------------------------------------------------------------------------------------------------------------------------------------|--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------| -| Entra ID | [data](https://github.com/Worklytics/psoxy/tree/main/docs/sources/microsoft-365/directory/example-api-responses) - [rules](https://github.com/Worklytics/psoxy/tree/main/docs/sources/microsoft-365/directory/directory.yaml) | [`User.Read.All`](https://learn.microsoft.com/en-us/graph/permissions-reference#userreadall) [`Group.Read.All`](https://learn.microsoft.com/en-us/graph/permissions-reference#groupreadall) | -| Calendar | [data](https://github.com/Worklytics/psoxy/tree/main/docs/sources/microsoft-365/outlook-cal/example-api-responses) - [rules](https://github.com/Worklytics/psoxy/tree/main/docs/sources/microsoft-365/outlook-cal/outlook-cal.yaml) | [`User.Read.All`](https://learn.microsoft.com/en-us/graph/permissions-reference#userreadall) [`Group.Read.All`](https://learn.microsoft.com/en-us/graph/permissions-reference#groupreadall) [`OnlineMeetings.Read.All`](https://learn.microsoft.com/en-us/graph/permissions-reference#onlinemeetingsreadall) [`Calendars.Read`](https://learn.microsoft.com/en-us/graph/permissions-reference#calendarsread) [`MailboxSettings.Read`](https://learn.microsoft.com/en-us/graph/permissions-reference#mailboxsettingsread) | -| Mail | [data](https://github.com/Worklytics/psoxy/tree/main/docs/sources/microsoft-365/outlook-mail/example-api-responses) - [rules](https://github.com/Worklytics/psoxy/tree/main/docs/sources/microsoft-365/outlook-mail/outlook-mail.yaml) | [`User.Read.All`](https://learn.microsoft.com/en-us/graph/permissions-reference#userreadall) [`Group.Read.All`](https://learn.microsoft.com/en-us/graph/permissions-reference#groupreadall) [`Mail.ReadBasic.All`](https://learn.microsoft.com/en-us/graph/permissions-reference#mailreadbasicall) [`MailboxSettings.Read`](https://learn.microsoft.com/en-us/graph/permissions-reference#mailboxsettingsread) | +| Source                 | Examples    | Application Scopes | +|--------------------------------------------------------------------------------------------------------|--------------------------------------------------------------------------------------------------------------------------------------------|-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------| +| Entra ID | [data](https://github.com/Worklytics/psoxy/tree/main/docs/sources/microsoft-365/directory/example-api-responses) - [rules](https://github.com/Worklytics/psoxy/tree/main/docs/sources/microsoft-365/directory/directory.yaml) | [`User.Read.All`](https://learn.microsoft.com/en-us/graph/permissions-reference#userreadall) [`Group.Read.All`](https://learn.microsoft.com/en-us/graph/permissions-reference#groupreadall) [`MailboxSettings.Read`](https://learn.microsoft.com/en-us/graph/permissions-reference#mailboxsettingsread) | +| Calendar | [data](https://github.com/Worklytics/psoxy/tree/main/docs/sources/microsoft-365/outlook-cal/example-api-responses) - [rules](https://github.com/Worklytics/psoxy/tree/main/docs/sources/microsoft-365/outlook-cal/outlook-cal.yaml) | [`User.Read.All`](https://learn.microsoft.com/en-us/graph/permissions-reference#userreadall) [`Group.Read.All`](https://learn.microsoft.com/en-us/graph/permissions-reference#groupreadall) [`Calendars.Read`](https://learn.microsoft.com/en-us/graph/permissions-reference#calendarsread) [`MailboxSettings.Read`](https://learn.microsoft.com/en-us/graph/permissions-reference#mailboxsettingsread) | +| Mail | [data](https://github.com/Worklytics/psoxy/tree/main/docs/sources/microsoft-365/outlook-mail/example-api-responses) - [rules](https://github.com/Worklytics/psoxy/tree/main/docs/sources/microsoft-365/outlook-mail/outlook-mail.yaml) | [`User.Read.All`](https://learn.microsoft.com/en-us/graph/permissions-reference#userreadall) [`Group.Read.All`](https://learn.microsoft.com/en-us/graph/permissions-reference#groupreadall) [`Mail.ReadBasic.All`](https://learn.microsoft.com/en-us/graph/permissions-reference#mailreadbasicall) [`MailboxSettings.Read`](https://learn.microsoft.com/en-us/graph/permissions-reference#mailboxsettingsread) | | Teams (**__beta__**) | [data](https://github.com/Worklytics/psoxy/tree/main/docs/sources/microsoft-365/msft-teams/example-api-responses) - [rules](https://github.com/Worklytics/psoxy/tree/main/docs/sources/microsoft-365/msft-teams/msft-teams.yaml)| [`User.Read.All`](https://learn.microsoft.com/en-us/graph/permissions-reference#userreadall) [`Team.ReadBasic.All`](https://learn.microsoft.com/en-us/graph/permissions-reference#teamreadbasicall) [`Channel.ReadBasic.All`](https://learn.microsoft.com/en-us/graph/permissions-reference#channelreadbasicall) [`Chat.Read.All`](https://learn.microsoft.com/en-us/graph/permissions-reference#chatreadall) [`ChannelMessage.Read.All`](https://learn.microsoft.com/en-us/graph/permissions-reference#channelmessagereadall) [`CallRecords.Read.All`](https://learn.microsoft.com/en-us/graph/permissions-reference#channelmessagereadall) [`OnlineMeetings.Read.All`](https://learn.microsoft.com/en-us/graph/permissions-reference#onlinemeetingsreadall) | NOTE: the above scopes are copied from diff --git a/docs/sources/microsoft-365/entra-id/README.md b/docs/sources/microsoft-365/entra-id/README.md index 5c7ed1dee..bf710ae16 100644 --- a/docs/sources/microsoft-365/entra-id/README.md +++ b/docs/sources/microsoft-365/entra-id/README.md @@ -1,15 +1,39 @@ # Entra ID -## Examples +Connect to Directory data in Microsoft 365. This allows enumeration of all users, groups, and group +members in your organization, to provide additional segmentation, timezone/workday information, etc. -- [Example Rules](entra-id.yaml) -- [Example Rules: no App IDs](entra-id_no-app-ids.yaml) -- [Example Rules: no App IDs, no orig](entra-id_no-app-ids_no-orig.yaml) -- Example Data: - - [original/group-members.json](example-api-responses/original/group-members.json) | - [sanitized/group-members.json](example-api-responses/sanitized/group-members.json) - - [original/users.json](example-api-responses/original/users.json) | - [sanitized/users.json](example-api-responses/sanitized/users.json) +## Required Scopes +- [`User.Read.All`](https://learn.microsoft.com/en-us/graph/permissions-reference#userreadall) +- [`Group.Read.All`](https://learn.microsoft.com/en-us/graph/permissions-reference#userreadall) + +## Authentication + +See the [Microsoft 365 Authentication](../README.md#authentication) section of the main README. + +## Authorization + +See the [Microsoft 365 Authorization](../README.md#authorization) section of the main README. + +## Example Data + +| API Endpoint | Example Response | Sanitized Example Response | +| --- |------------------------------------------------------------------------------| --- | +| `/v1.0/groups/{group-id}/members` | [original/group-members.json](example-api-responses/original/group-members.json) | [sanitized/group-members.json](example-api-responses/sanitized/group-members.json) | +| `/v1.0/users` | [original/users.json](example-api-responses/original/users.json) | [sanitized/users.json](example-api-responses/sanitized/users.json) | +| `/v1.0/users/me` | [original/user.json](example-api-responses/original/user.json) | [sanitized/user.json](example-api-responses/sanitized/user.json) | +| `/v1.0/groups` | [original/groups.json](example-api-responses/original/groups.json) | [sanitized/groups.json](example-api-responses/sanitized/groups.json) | + + +Assuming proxy is auth'd as an application, you'll have to replace `me` with your MSFT ID or +`UserPrincipalName` (often your email address). See more examples in the `docs/sources/microsoft-365/entra-id/example-api-responses` folder of the [Psoxy repository](https://github.com/Worklytics/psoxy). + +## Sanitization Rule Examples + +- [Default Rules](entra-id.yaml) +- [Rules, pseudonymizing MSFT account IDs](entra-id_no-app-ids.yaml) +- [Rules, pseudonymizing MSFT account IDs](entra-id_no-app-ids_no-orig.yaml) + diff --git a/docs/sources/microsoft-365/example-api-calls.md b/docs/sources/microsoft-365/example-api-calls.md index 877183f22..1f2671e93 100644 --- a/docs/sources/microsoft-365/example-api-calls.md +++ b/docs/sources/microsoft-365/example-api-calls.md @@ -2,30 +2,6 @@ Example test commands that you can use to validate proxy behavior against various source APIs. -## Directory - -Assuming proxy is auth'd as an application, you'll have to replace `me` with your MSFT ID or -UserPrincipalName (often your email address). - -``` -/v1.0/users -/v1.0/users/me -/v1.0/groups -/v1.0/groups/{groupId} -/v1.0/groups/{groupId}/members?$count=true -``` - -## Calendar - -Assuming proxy is auth'd as an application, you'll have to replace `me` with your MSFT ID or -UserPrincipalName (often your email address). - -``` -/v1.0/users/me/events -/v1.0/users/me/calendars -/v1.0/users/me/events/{eventId} -/v1.0/users/me/mailboxSettings -``` ## Mail @@ -36,4 +12,4 @@ UserPrincipalName (often your email address). /v1.0/users/me/mailFolders/SentItems/messages /v1.0/users/me/messages/{messageId} /v1.0/users/me/mailboxSettings -``` \ No newline at end of file +``` diff --git a/docs/sources/microsoft-365/msft-teams/README.md b/docs/sources/microsoft-365/msft-teams/README.md index 7cc23ebea..e9077609b 100644 --- a/docs/sources/microsoft-365/msft-teams/README.md +++ b/docs/sources/microsoft-365/msft-teams/README.md @@ -1,14 +1,42 @@ -# MSFT Teams +# Microsoft Teams -## Examples +Connect Microsoft Teams data to Worklytics, enabling communication analysis and general collaboration +insights based on collaboration via Microsoft Teams. Includes user enumeration to support fetching +mailboxes from each account; and group enumeration to expand emails via mailing list (groups). -- [Example Rules](msft-teams.yaml) -- [Example Rules: no User IDs](msft-teams_no-userIds.yaml) -- Example Data: - - [original/Teams_v1.0.json](example-api-responses/original/Teams_v1.0.json) | - [sanitized/Teams_v1.0.json](example-api-responses/sanitized/Teams_v1.0.json) - - [original/Chats_messages_v1.0.json](example-api-responses/original/Chats_messages_v1.0.json) | - [sanitized/Chats_messages_v1.0.json](example-api-responses/sanitized/Chats_messages_v1.0.json) +## Required Scopes +- [`User.Read.All`](https://learn.microsoft.com/en-us/graph/permissions-reference#userreadall) +- [`Team.ReadBasic.All`](https://learn.microsoft.com/en-us/graph/permissions-reference#teamreadbasicall) +- [`Channel.ReadBasic.All`](https://learn.microsoft.com/en-us/graph/permissions-reference#channelreadbasicall) +- [`Chat.Read.All`](https://learn.microsoft.com/en-us/graph/permissions-reference#chatreadbasicall) +- [`ChannelMessage.Read.All`](https://learn.microsoft.com/en-us/graph/permissions-reference#channelmessagereadall) +- [`CallRecords.Read.All`](https://learn.microsoft.com/en-us/graph/permissions-reference#callrecordsreadall) +- [`OnlineMeetings.Read.All`](https://learn.microsoft.com/en-us/graph/permissions-reference#onlinemeetingsreadall) + +## Authentication + +See the [Microsoft 365 Authentication](../README.md#authentication) section of the main README. + +## Authorization + +See the [Microsoft 365 Authorization](../README.md#authorization) section of the main README. + +## Example Data +| API Endpoint | Example Response | Sanitized Example Response | +|-------------------------------------|----------------------------------------------------------------------------------------------------------------|------------------------------------------------------------------------------------------------| +| `/v1.0/teams` | [original/Teams_v1.0.json](example-api-responses/original/Teams_v1.0.json) | [sanitized/Teams_v1.0.json](example-api-responses/sanitized/Teams_v1.0.json) | +| `/v1.0/teams/{teamId}/allChannels` | [original/Teams_allChannels_v1.0.json](example-api-responses/original/Teams_allChannels_v1.0.json) | [sanitized/Teams_allChannels_v1.0.json](example-api-responses/sanitized/Teams_allChannels_v1.0.json) | +| `/v1.0/teams/{teamId}/channels/{channelId}/messages` | [original/Teams_channels_messages_v1.0.json](example-api-responses/original/Teams_channels_messages_v1.0.json) | [sanitized/Teams_channels_messages_v1.0.json](example-api-responses/sanitized/Teams_channels_messages_v1.0.json) | +| `/v1.0/users/{userId}/chats` | [original/Chats_messages_v1.0.json](example-api-responses/original/Chats_messages_v1.0.json) | [sanitized/Chats_messages_v1.0.json](example-api-responses/sanitized/Chats_messages_v1.0.json) | +| `/v1.0/users/{userId}/onlineMeetings` | [original/Users_onlineMeetings_v1.0.json](example-api-responses/original/Users_onlineMeetings_v1.0.json) | [sanitized/Users_onlineMeetings_v1.0.json](example-api-responses/sanitized/Users_onlineMeetings_v1.0.json) | +| See more examples in the `docs/sources/microsoft-365/msft-teams/example-api-responses` folder of the [Psoxy repository](https://github.com/Worklytics/psoxy). + +## Example Rules + +- [Example Rules](msft-teams.yaml) +- [Example Rules: no User IDs](msft-teams_no-userIds.yaml) + + diff --git a/docs/sources/microsoft-365/msft-teams/msft-teams.yaml b/docs/sources/microsoft-365/msft-teams/msft-teams.yaml index 922db4b85..17f0597c7 100644 --- a/docs/sources/microsoft-365/msft-teams/msft-teams.yaml +++ b/docs/sources/microsoft-365/msft-teams/msft-teams.yaml @@ -1,6 +1,6 @@ --- endpoints: - - pathTemplate: "/{apiVersion}/teams" + - pathTemplate: "/v1.0/teams" allowedQueryParams: - "$select" - "$top" @@ -16,7 +16,7 @@ endpoints: jsonPaths: - "$..displayName" - "$..description" - - pathTemplate: "/{apiVersion}/teams/{teamId}/allChannels" + - pathTemplate: "/v1.0/teams/{teamId}/allChannels" allowedQueryParams: - "$select" - "$filter" @@ -29,7 +29,7 @@ endpoints: jsonPaths: - "$..displayName" - "$..description" - - pathTemplate: "/{apiVersion}/users/{userId}/chats" + - pathTemplate: "/v1.0/users/{userId}/chats" allowedQueryParams: - "$select" - "$top" @@ -45,7 +45,7 @@ endpoints: - ! jsonPaths: - "$..topic" - - pathTemplate: "/{apiVersion}/teams/{teamId}/channels/{channelId}/messages" + - pathTemplate: "/v1.0/teams/{teamId}/channels/{channelId}/messages" allowedQueryParams: - "$select" - "$top" @@ -63,7 +63,7 @@ endpoints: - "$..attachments" - "$..mentions[*].mentionText" - "$..eventDetail.teamDescription" - - pathTemplate: "/{apiVersion}/teams/{teamId}/channels/{channelId}/messages/delta" + - pathTemplate: "/v1.0/teams/{teamId}/channels/{channelId}/messages/delta" allowedQueryParams: - "$select" - "$top" @@ -83,7 +83,7 @@ endpoints: - "$..value[*].attachments" - "$..value[*].mentions[*].mentionText" - "$..value[*].eventDetail.teamDescription" - - pathTemplate: "/{apiVersion}/chats/{chatId}/messages" + - pathTemplate: "/v1.0/chats/{chatId}/messages" allowedQueryParams: - "$select" - "$top" @@ -108,7 +108,7 @@ endpoints: - "$..value[*].mentions[*].mentionText" - "$..value[*].eventDetail.teamDescription" - "$..value[*].eventDetail.chatDisplayName" - - pathTemplate: "/{apiVersion}/communications/calls/{callId}" + - pathTemplate: "/v1.0/communications/calls/{callId}" allowedQueryParams: - "$select" - "$top" @@ -143,7 +143,7 @@ endpoints: - "$..callee.name" - "$..captureDeviceName" - "$..renderDeviceName" - - pathTemplate: "/{apiVersion}/communications/callRecords/getDirectRoutingCalls(fromDateTime={startDate},toDateTime={endDate})" + - pathTemplate: "/v1.0/communications/callRecords/getDirectRoutingCalls(fromDateTime={startDate},toDateTime={endDate})" allowedQueryParams: - "$skip" transforms: @@ -157,7 +157,7 @@ endpoints: - "$..value[*].userDisplayName" - "$..value[*].callerNumber" - "$..value[*].calleeNumber" - - pathTemplate: "/{apiVersion}/communications/callRecords/getPstnCalls(fromDateTime={startDate},toDateTime={endDate})" + - pathTemplate: "/v1.0/communications/callRecords/getPstnCalls(fromDateTime={startDate},toDateTime={endDate})" allowedQueryParams: - "$skip" transforms: @@ -171,7 +171,7 @@ endpoints: - "$..value[*].userDisplayName" - "$..value[*].callerNumber" - "$..value[*].calleeNumber" - - pathTemplate: "/{apiVersion}/users/{userId}/onlineMeetings" + - pathTemplate: "/v1.0/users/{userId}/onlineMeetings" allowedQueryParams: - "$select" - "$top" @@ -197,7 +197,7 @@ endpoints: - "$..subject" - "$..joinMeetingIdSettings.isPasscodeRequired" - "$..joinMeetingIdSettings.passcode" - - pathTemplate: "/{apiVersion}/users/{userId}/onlineMeetings/{meetingId}/attendanceReports" + - pathTemplate: "/v1.0/users/{userId}/onlineMeetings/{meetingId}/attendanceReports" allowedQueryParams: - "$select" - "$top" @@ -223,7 +223,7 @@ endpoints: - "$..subject" - "$..joinMeetingIdSettings.isPasscodeRequired" - "$..joinMeetingIdSettings.passcode" - - pathTemplate: "/{apiVersion}/users/{userId}/onlineMeetings/{meetingId}/attendanceReports/{reportId}" + - pathTemplate: "/v1.0/users/{userId}/onlineMeetings/{meetingId}/attendanceReports/{reportId}" allowedQueryParams: - "$select" - "$top" @@ -291,4 +291,4 @@ endpoints: - "$..onPremisesDistinguishedName" - "$..onPremisesImmutableId" - "$..identities[*].issuerAssignedId" - encoding: "JSON" + encoding: "JSON" \ No newline at end of file diff --git a/docs/sources/microsoft-365/msft-teams/msft-teams_no-userIds.yaml b/docs/sources/microsoft-365/msft-teams/msft-teams_no-userIds.yaml index a8958b791..64919e370 100644 --- a/docs/sources/microsoft-365/msft-teams/msft-teams_no-userIds.yaml +++ b/docs/sources/microsoft-365/msft-teams/msft-teams_no-userIds.yaml @@ -1,6 +1,6 @@ --- endpoints: - - pathTemplate: "/{apiVersion}/teams" + - pathTemplate: "/v1.0/teams" allowedQueryParams: - "$select" - "$top" @@ -25,7 +25,7 @@ endpoints: - "$..['@odata.id']" - "$..['@odata.type']" - "$..['@odata.count']" - - pathTemplate: "/{apiVersion}/teams/{teamId}/allChannels" + - pathTemplate: "/v1.0/teams/{teamId}/allChannels" allowedQueryParams: - "$select" - "$filter" @@ -47,7 +47,7 @@ endpoints: - "$..['@odata.id']" - "$..['@odata.type']" - "$..['@odata.count']" - - pathTemplate: "/{apiVersion}/users/{userId}/chats" + - pathTemplate: "/v1.0/users/{userId}/chats" allowedQueryParams: - "$select" - "$top" @@ -70,7 +70,7 @@ endpoints: - "$..topic" - "$..['@odata.context']" - "$..['@odata.count']" - - pathTemplate: "/{apiVersion}/teams/{teamId}/channels/{channelId}/messages" + - pathTemplate: "/v1.0/teams/{teamId}/channels/{channelId}/messages" allowedQueryParams: - "$select" - "$top" @@ -99,7 +99,7 @@ endpoints: jsonPaths: - "$.['@odata.nextLink', '@odata.prevLink']" regex: "^https://graph.microsoft.com/(.*)$" - - pathTemplate: "/{apiVersion}/teams/{teamId}/channels/{channelId}/messages/delta" + - pathTemplate: "/v1.0/teams/{teamId}/channels/{channelId}/messages/delta" allowedQueryParams: - "$select" - "$top" @@ -130,7 +130,7 @@ endpoints: jsonPaths: - "$.['@odata.nextLink', '@odata.prevLink']" regex: "^https://graph.microsoft.com/(.*)$" - - pathTemplate: "/{apiVersion}/chats/{chatId}/messages" + - pathTemplate: "/v1.0/chats/{chatId}/messages" allowedQueryParams: - "$select" - "$top" @@ -166,7 +166,7 @@ endpoints: jsonPaths: - "$.['@odata.nextLink', '@odata.prevLink']" regex: "^https://graph.microsoft.com/(.*)$" - - pathTemplate: "/{apiVersion}/communications/calls/{callId}" + - pathTemplate: "/v1.0/communications/calls/{callId}" allowedQueryParams: - "$select" - "$top" @@ -224,7 +224,7 @@ endpoints: jsonPaths: - "$.['sessions@odata.nextLink']" regex: "^https://graph.microsoft.com/(.*)$" - - pathTemplate: "/{apiVersion}/communications/callRecords/getDirectRoutingCalls(fromDateTime={startDate},toDateTime={endDate})" + - pathTemplate: "/v1.0/communications/callRecords/getDirectRoutingCalls(fromDateTime={startDate},toDateTime={endDate})" allowedQueryParams: - "$skip" transforms: @@ -254,7 +254,7 @@ endpoints: jsonPaths: - "$.['@odata.nextLink', '@odata.prevLink']" regex: "^https://graph.microsoft.com/(.*)$" - - pathTemplate: "/{apiVersion}/communications/callRecords/getPstnCalls(fromDateTime={startDate},toDateTime={endDate})" + - pathTemplate: "/v1.0/communications/callRecords/getPstnCalls(fromDateTime={startDate},toDateTime={endDate})" allowedQueryParams: - "$skip" transforms: @@ -284,7 +284,7 @@ endpoints: jsonPaths: - "$.['@odata.nextLink', '@odata.prevLink']" regex: "^https://graph.microsoft.com/(.*)$" - - pathTemplate: "/{apiVersion}/users/{userId}/onlineMeetings" + - pathTemplate: "/v1.0/users/{userId}/onlineMeetings" allowedQueryParams: - "$select" - "$top" @@ -317,7 +317,7 @@ endpoints: - "$..joinMeetingIdSettings.passcode" - "$..['@odata.context']" - "$..['@odata.type']" - - pathTemplate: "/{apiVersion}/users/{userId}/onlineMeetings/{meetingId}/attendanceReports" + - pathTemplate: "/v1.0/users/{userId}/onlineMeetings/{meetingId}/attendanceReports" allowedQueryParams: - "$select" - "$top" @@ -350,7 +350,7 @@ endpoints: - "$..joinMeetingIdSettings.passcode" - "$..['@odata.context']" - "$..['@odata.type']" - - pathTemplate: "/{apiVersion}/users/{userId}/onlineMeetings/{meetingId}/attendanceReports/{reportId}" + - pathTemplate: "/v1.0/users/{userId}/onlineMeetings/{meetingId}/attendanceReports/{reportId}" allowedQueryParams: - "$select" - "$top" @@ -430,4 +430,4 @@ endpoints: jsonPaths: - "$..id" includeReversible: true - encoding: "URL_SAFE_TOKEN" + encoding: "URL_SAFE_TOKEN" \ No newline at end of file diff --git a/docs/sources/microsoft-365/outlook-cal/README.md b/docs/sources/microsoft-365/outlook-cal/README.md index a028196f0..d1ed06934 100644 --- a/docs/sources/microsoft-365/outlook-cal/README.md +++ b/docs/sources/microsoft-365/outlook-cal/README.md @@ -1,15 +1,44 @@ # Outlook Calendar +Connect Outlook Calendar data to Worklytics, enabling meeting analysis and general collaboration +insights based on collaboration via Outlook Calendar. Includes user enumeration to support fetching +calendars from each account; and group enumeration to expand attendance/invitations to meetings +via mailing list (groups). + +## Required Scopes +- [`User.Read.All`](https://learn.microsoft.com/en-us/graph/permissions-reference#userreadall) +- [`Group.Read.All`](https://learn.microsoft.com/en-us/graph/permissions-reference#userreadall) +- [`Calendars.Read`](https://learn.microsoft.com/en-us/graph/permissions-reference#calendarsread) +- [`MailboxSettings.Read`](https://learn.microsoft.com/en-us/graph/permissions-reference#mailboxsettingsread) +- [`OnlineMeetings.Read.All`](https://learn.microsoft.com/en-us/graph/permissions-reference#onlinemeetingsreadall) + +## Authentication + +See the [Microsoft 365 Authentication](../README.md#authentication) section of the main README. + +## Authorization + +See the [Microsoft 365 Authorization](../README.md#authorization) section of the main README. + + +## Example Data + +| API Endpoint | Example Response | Sanitized Example Response | +|----------------------------------|--------------------------------------------------------------------------------------------|------------------------------------------------------------------------------------------------| +| `/v1.0/me/events` | [original/Events_v1.0.json](example-api-responses/original/Events_v1.0.json) | [sanitized/Events_v1.0.json](example-api-responses/sanitized/Events_v1.0.json) | +| `/v1.0/me/events/{eventId}` | [original/Event_v1.0.json](example-api-responses/original/Event_v1.0.json) | [sanitized/Event_v1.0.json](example-api-responses/sanitized/Event_v1.0.json) | +| `/v1.0/me/calendar/calendarView` | [original/CalendarView_v1.0.json](example-api-responses/original/CalendarView_v1.0.json) | [sanitized/CalendarView_v1.0.json](example-api-responses/sanitized/CalendarView_v1.0.json) | +| `/v1.0/me/calendar/events` | [original/CalendarEvents_v1.0.json](example-api-responses/original/CalendarEvents_v1.0.json) | [sanitized/CalendarEvents_v1.0.json](example-api-responses/sanitized/CalendarEvents_v1.0.json) | + +Assuming proxy is auth'd as an application, you'll have to replace `me` with your MSFT ID or +`UserPrincipalName` (often your email address). + +See more examples in the `docs/sources/microsoft-365/msft-teams/example-api-responses` folder +of the [Psoxy repository](https://github.com/Worklytics/psoxy). + ## Examples - [Example Rules](outlook-cal.yaml) - [Example Rules: no App IDs](outlook-cal_no-app-ids.yaml) - [Example Rules: no App IDs, no groups](outlook-cal_no-app-ids_no-groups.yaml) -- Example Data: - - [original/Event_v1.0.json](example-api-responses/original/Event_v1.0.json) | - [sanitized/Event_v1.0.json](example-api-responses/sanitized/Event_v1.0.json) - - [original/CalendarEvents_v1.0.json](example-api-responses/original/CalendarEvents_v1.0.json) | - [sanitized/CalendarEvents_v1.0.json](example-api-responses/sanitized/CalendarEvents_v1.0.json) -See more examples in the `docs/sources/microsoft-365/msft-teams/example-api-responses` folder -of the [Psoxy repository](https://github.com/Worklytics/psoxy). diff --git a/docs/sources/microsoft-365/outlook-mail/README.md b/docs/sources/microsoft-365/outlook-mail/README.md index ac204bc0b..6c035c004 100644 --- a/docs/sources/microsoft-365/outlook-mail/README.md +++ b/docs/sources/microsoft-365/outlook-mail/README.md @@ -1,15 +1,39 @@ # Outlook Mail +Connect Outlook Mail data to Worklytics, enabling communication analysis and general collaboration +insights based on collaboration via Outlook Mail. Includes user enumeration to support fetching +mailboxes from each account; and group enumeration to expand emails via mailing list (groups). + +## Required Scopes +- [`User.Read.All`](https://learn.microsoft.com/en-us/graph/permissions-reference#userreadall) +- [`Group.Read.All`](https://learn.microsoft.com/en-us/graph/permissions-reference#userreadall) +- [`MailboxSettings.Read`](https://learn.microsoft.com/en-us/graph/permissions-reference#mailboxsettingsread) +- [`Mail.ReadBasic.All`](https://learn.microsoft.com/en-us/graph/permissions-reference#mailreadbasicall) + +## Authentication + +See the [Microsoft 365 Authentication](../README.md#authentication) section of the main README. + +## Authorization + +See the [Microsoft 365 Authorization](../README.md#authorization) section of the main README. + +## Example Data + +| API Endpoint | Example Response | Sanitized Example Response | +|----------------------------------|--------------------------------------------------------------------------------------------|------------------------------------------------------------------------------------------------| +| `/v1.0/me/mailFolders/SentItems/messages` | [original/Messages_SentItems_v1.0.json](example-api-responses/original/Messages_SentItems_v1.0.json) | [sanitized/Messages_SentItems_v1.0.json](example-api-responses/sanitized/Messages_SentItems_v1.0.json) | +| `/v1.0/me/messages/{messageId}` | [original/Message_v1.0.json](example-api-responses/original/Message_v1.0.json) | [sanitized/Message_v1.0.json](example-api-responses/sanitized/Message_v1.0.json) | +| `/v1.0/me/mailboxSettings` | [original/MailboxSettings_v1.0.json](example-api-responses/original/MailboxSettings_v1.0.json) | [sanitized/MailboxSettings_v1.0.json](example-api-responses/sanitized/MailboxSettings_v1.0.json) | + +Assuming proxy is auth'd as an application, you'll have to replace `me` with your MSFT ID or +`UserPrincipalName` (often your email address). + +See more examples in the `docs/sources/microsoft-365/msft-teams/example-api-responses` folder +of the [Psoxy repository](https://github.com/Worklytics/psoxy). + ## Examples - [Example Rules](outlook-mail.yaml) - [Example Rules: no App IDs](outlook-mail_no-app-ids.yaml) - [Example Rules: no App IDs, no groups](outlook-mail_no-app-ids_no-groups.yaml) -- Example Data: - - [original/Messages_SentItems_v1.0.json](example-api-responses/original/Messages_SentItems_v1.0.json) | - [sanitized/Messages_SentItems_v1.0.json](example-api-responses/sanitized/Messages_SentItems_v1.0.json) - - [original/Message_v1.0.json](example-api-responses/original/Message_v1.0.json) | - [sanitized/Message_v1.0.json](example-api-responses/sanitized/Message_v1.0.json) - -See more examples in the `docs/sources/microsoft-365/msft-teams/example-api-responses` folder -of the [Psoxy repository](https://github.com/Worklytics/psoxy). diff --git a/infra/examples-dev/aws-all/google-workspace.tf b/infra/examples-dev/aws-all/google-workspace.tf index 90fa0d0e7..e64da3934 100644 --- a/infra/examples-dev/aws-all/google-workspace.tf +++ b/infra/examples-dev/aws-all/google-workspace.tf @@ -8,7 +8,7 @@ provider "google" { module "worklytics_connectors_google_workspace" { source = "../../modules/worklytics-connectors-google-workspace" - # source = "git::https://github.com/worklytics/psoxy//infra/modules/worklytics-connectors-google-workspace?ref=v0.4.56" + # source = "git::https://github.com/worklytics/psoxy//infra/modules/worklytics-connectors-google-workspace?ref=v0.4.57" providers = { google = google.google_workspace diff --git a/infra/examples-dev/aws-all/main.tf b/infra/examples-dev/aws-all/main.tf index 9bc117627..8fa154079 100644 --- a/infra/examples-dev/aws-all/main.tf +++ b/infra/examples-dev/aws-all/main.tf @@ -21,7 +21,7 @@ terraform { # general cases module "worklytics_connectors" { source = "../../modules/worklytics-connectors" - # source = "git::https://github.com/worklytics/psoxy//infra/modules/worklytics-connectors?ref=v0.4.56" + # source = "git::https://github.com/worklytics/psoxy//infra/modules/worklytics-connectors?ref=v0.4.57" enabled_connectors = var.enabled_connectors jira_cloud_id = var.jira_cloud_id @@ -101,7 +101,7 @@ locals { module "psoxy" { source = "../../modules/aws-host" - # source = "git::https://github.com/worklytics/psoxy//infra/modules/aws-host?ref=v0.4.56" + # source = "git::https://github.com/worklytics/psoxy//infra/modules/aws-host?ref=v0.4.57" environment_name = var.environment_name aws_account_id = var.aws_account_id @@ -126,6 +126,7 @@ module "psoxy" { aws_ssm_key_id = var.project_aws_kms_key_arn use_api_gateway_v2 = var.use_api_gateway_v2 aws_lambda_execution_role_policy_arn = var.aws_lambda_execution_role_policy_arn + iam_roles_permissions_boundary = var.iam_roles_permissions_boundary secrets_store_implementation = var.secrets_store_implementation bulk_sanitized_expiration_days = var.bulk_sanitized_expiration_days bulk_input_expiration_days = var.bulk_input_expiration_days @@ -158,7 +159,7 @@ module "connection_in_worklytics" { for_each = local.all_instances source = "../../modules/worklytics-psoxy-connection-aws" - # source = "git::https://github.com/worklytics/psoxy//infra/modules/worklytics-psoxy-connection-aws?ref=v0.4.56" + # source = "git::https://github.com/worklytics/psoxy//infra/modules/worklytics-psoxy-connection-aws?ref=v0.4.57" psoxy_instance_id = each.key worklytics_host = var.worklytics_host diff --git a/infra/examples-dev/aws-all/msft-365.tf b/infra/examples-dev/aws-all/msft-365.tf index cd9f77272..54c3c477b 100644 --- a/infra/examples-dev/aws-all/msft-365.tf +++ b/infra/examples-dev/aws-all/msft-365.tf @@ -2,7 +2,7 @@ module "worklytics_connectors_msft_365" { source = "../../modules/worklytics-connectors-msft-365" - # source = "git::https://github.com/worklytics/psoxy//infra/modules/worklytics-connectors-msft-365?ref=v0.4.56" + # source = "git::https://github.com/worklytics/psoxy//infra/modules/worklytics-connectors-msft-365?ref=v0.4.57" enabled_connectors = var.enabled_connectors environment_id = var.environment_name @@ -47,7 +47,7 @@ module "cognito_identity_pool" { count = local.msft_365_enabled ? 1 : 0 # only provision identity pool if MSFT-365 connectors are enabled source = "../../modules/aws-cognito-pool" - # source = "git::https://github.com/worklytics/psoxy//infra/modules/aws-cognito-pool?ref=v0.4.56" + # source = "git::https://github.com/worklytics/psoxy//infra/modules/aws-cognito-pool?ref=v0.4.57" developer_provider_name = local.developer_provider_name name = "${local.env_qualifier}-azure-ad-federation" @@ -70,7 +70,7 @@ module "cognito_identity" { count = local.msft_365_enabled ? 1 : 0 # only provision identity pool if MSFT-365 connectors are enabled source = "../../modules/aws-cognito-identity-cli" - # source = "git::https://github.com/worklytics/psoxy//infra/modules/aws-cognito-identity-cli?ref=v0.4.56" + # source = "git::https://github.com/worklytics/psoxy//infra/modules/aws-cognito-identity-cli?ref=v0.4.57" aws_region = data.aws_region.current.id aws_role = var.aws_assume_role_arn @@ -107,7 +107,7 @@ module "msft_connection_auth_federation" { for_each = local.provision_entraid_apps ? local.enabled_to_entraid_object : local.shared_to_entraid_object source = "../../modules/azuread-federated-credentials" - # source = "git::https://github.com/worklytics/psoxy//infra/modules/azuread-federated-credentials?ref=v0.4.56" + # source = "git::https://github.com/worklytics/psoxy//infra/modules/azuread-federated-credentials?ref=v0.4.57" application_object_id = each.value.connector_id display_name = "${local.env_qualifier}AccessFromAWS" diff --git a/infra/examples-dev/aws-all/variables.tf b/infra/examples-dev/aws-all/variables.tf index 7450b2fc2..da0aa4f84 100644 --- a/infra/examples-dev/aws-all/variables.tf +++ b/infra/examples-dev/aws-all/variables.tf @@ -36,6 +36,12 @@ variable "aws_region" { default = "us-east-1" } +variable "iam_roles_permissions_boundary" { + type = string + description = "*beta* ARN of the permissions boundary to attach to IAM roles created by this module." + default = null +} + variable "default_tags" { type = map(string) description = "Tags to apply to all resources created by this configuration. See https://registry.terraform.io/providers/hashicorp/aws/latest/docs#default_tags for more info." diff --git a/infra/examples-dev/aws-google-workspace/main.tf b/infra/examples-dev/aws-google-workspace/main.tf index 1993ec62c..7d8d5b792 100644 --- a/infra/examples-dev/aws-google-workspace/main.tf +++ b/infra/examples-dev/aws-google-workspace/main.tf @@ -59,7 +59,7 @@ data "google_project" "psoxy-google-connectors" { module "psoxy" { source = "../../modular-examples/aws-google-workspace" - # source = "git::https://github.com/worklytics/psoxy//infra/modular-examples/aws-google-workspace?ref=v0.4.56" + # source = "git::https://github.com/worklytics/psoxy//infra/modular-examples/aws-google-workspace?ref=v0.4.57" aws_account_id = var.aws_account_id aws_assume_role_arn = var.aws_assume_role_arn # role that can test the instances (lambdas) diff --git a/infra/examples-dev/aws-msft-365/main.tf b/infra/examples-dev/aws-msft-365/main.tf index 9c8f59895..33385b283 100644 --- a/infra/examples-dev/aws-msft-365/main.tf +++ b/infra/examples-dev/aws-msft-365/main.tf @@ -51,7 +51,7 @@ provider "azuread" { module "psoxy" { source = "../../modular-examples/aws-msft-365" - # source = "git::https://github.com/worklytics/psoxy//infra/modular-examples/aws-msft-365?ref=v0.4.56" + # source = "git::https://github.com/worklytics/psoxy//infra/modular-examples/aws-msft-365?ref=v0.4.57" aws_account_id = var.aws_account_id aws_assume_role_arn = var.aws_assume_role_arn # role that can test the instances (lambdas) diff --git a/infra/examples-dev/aws/main.tf b/infra/examples-dev/aws/main.tf index bf95695e4..4d6722c2b 100644 --- a/infra/examples-dev/aws/main.tf +++ b/infra/examples-dev/aws/main.tf @@ -57,7 +57,7 @@ provider "azuread" { module "psoxy" { source = "../../modular-examples/aws" - # source = "git::https://github.com/worklytics/psoxy//infra/modular-examples/aws?ref=v0.4.56" + # source = "git::https://github.com/worklytics/psoxy//infra/modular-examples/aws?ref=v0.4.57" aws_account_id = var.aws_account_id aws_assume_role_arn = var.aws_assume_role_arn # role that can test the instances (lambdas) diff --git a/infra/examples-dev/gcp-google-workspace/main.tf b/infra/examples-dev/gcp-google-workspace/main.tf index 4e04e4c9d..4320f98ac 100644 --- a/infra/examples-dev/gcp-google-workspace/main.tf +++ b/infra/examples-dev/gcp-google-workspace/main.tf @@ -28,7 +28,7 @@ provider "google" { module "psoxy" { source = "../../modular-examples/gcp-google-workspace" - # source = "git::https://github.com/worklytics/psoxy//infra/modular-examples/gcp-google-workspace?ref=v0.4.56" + # source = "git::https://github.com/worklytics/psoxy//infra/modular-examples/gcp-google-workspace?ref=v0.4.57" gcp_project_id = var.gcp_project_id environment_name = var.environment_name diff --git a/infra/examples-dev/gcp/google-workspace.tf b/infra/examples-dev/gcp/google-workspace.tf index 90fa0d0e7..e64da3934 100644 --- a/infra/examples-dev/gcp/google-workspace.tf +++ b/infra/examples-dev/gcp/google-workspace.tf @@ -8,7 +8,7 @@ provider "google" { module "worklytics_connectors_google_workspace" { source = "../../modules/worklytics-connectors-google-workspace" - # source = "git::https://github.com/worklytics/psoxy//infra/modules/worklytics-connectors-google-workspace?ref=v0.4.56" + # source = "git::https://github.com/worklytics/psoxy//infra/modules/worklytics-connectors-google-workspace?ref=v0.4.57" providers = { google = google.google_workspace diff --git a/infra/examples-dev/gcp/main.tf b/infra/examples-dev/gcp/main.tf index 15a25d3c9..c4d3ae212 100644 --- a/infra/examples-dev/gcp/main.tf +++ b/infra/examples-dev/gcp/main.tf @@ -29,7 +29,7 @@ locals { # call this 'generic_source_connectors'? module "worklytics_connectors" { source = "../../modules/worklytics-connectors" - # source = "git::https://github.com/worklytics/psoxy//infra/modules/worklytics-connectors?ref=v0.4.56" + # source = "git::https://github.com/worklytics/psoxy//infra/modules/worklytics-connectors?ref=v0.4.57" enabled_connectors = var.enabled_connectors @@ -81,7 +81,7 @@ locals { module "psoxy" { source = "../../modules/gcp-host" - # source = "git::https://github.com/worklytics/psoxy//infra/modules/gcp-host?ref=v0.4.56" + # source = "git::https://github.com/worklytics/psoxy//infra/modules/gcp-host?ref=v0.4.57" gcp_project_id = var.gcp_project_id environment_name = var.environment_name @@ -121,7 +121,7 @@ module "connection_in_worklytics" { for_each = local.all_instances source = "../../modules/worklytics-psoxy-connection-generic" - # source = "git::https://github.com/worklytics/psoxy//infra/modules/worklytics-psoxy-connection-generic?ref=v0.4.56" + # source = "git::https://github.com/worklytics/psoxy//infra/modules/worklytics-psoxy-connection-generic?ref=v0.4.57" psoxy_host_platform_id = local.host_platform_id psoxy_instance_id = each.key diff --git a/infra/examples-dev/gcp/msft-365.tf b/infra/examples-dev/gcp/msft-365.tf index 78f2207f6..e2756b157 100644 --- a/infra/examples-dev/gcp/msft-365.tf +++ b/infra/examples-dev/gcp/msft-365.tf @@ -2,7 +2,7 @@ module "worklytics_connectors_msft_365" { source = "../../modules/worklytics-connectors-msft-365" - # source = "git::https://github.com/worklytics/psoxy//infra/modules/worklytics-connectors-msft-365?ref=v0.4.56" + # source = "git::https://github.com/worklytics/psoxy//infra/modules/worklytics-connectors-msft-365?ref=v0.4.57" enabled_connectors = var.enabled_connectors environment_id = var.environment_name @@ -33,7 +33,7 @@ module "msft-connection-auth-federation" { for_each = module.worklytics_connectors_msft_365.enabled_api_connectors source = "../../modules/azuread-federated-credentials" - # source = "git::https://github.com/worklytics/psoxy//infra/modules/azuread-federated-credentials?ref=v0.4.56" + # source = "git::https://github.com/worklytics/psoxy//infra/modules/azuread-federated-credentials?ref=v0.4.57" application_object_id = each.value.connector.id display_name = "GcpFederation" diff --git a/infra/examples/aws-google-workspace/main.tf b/infra/examples/aws-google-workspace/main.tf index e9ffa1d46..9bde92677 100644 --- a/infra/examples/aws-google-workspace/main.tf +++ b/infra/examples/aws-google-workspace/main.tf @@ -59,7 +59,7 @@ data "google_project" "psoxy-google-connectors" { module "psoxy" { # source = "../../modular-examples/aws-google-workspace" - source = "git::https://github.com/worklytics/psoxy//infra/modular-examples/aws-google-workspace?ref=v0.4.56" + source = "git::https://github.com/worklytics/psoxy//infra/modular-examples/aws-google-workspace?ref=v0.4.57" aws_account_id = var.aws_account_id aws_assume_role_arn = var.aws_assume_role_arn # role that can test the instances (lambdas) diff --git a/infra/examples/aws-msft-365/main.tf b/infra/examples/aws-msft-365/main.tf index 0be857307..e5fbb50da 100644 --- a/infra/examples/aws-msft-365/main.tf +++ b/infra/examples/aws-msft-365/main.tf @@ -51,7 +51,7 @@ provider "azuread" { module "psoxy" { # source = "../../modular-examples/aws-msft-365" - source = "git::https://github.com/worklytics/psoxy//infra/modular-examples/aws-msft-365?ref=v0.4.56" + source = "git::https://github.com/worklytics/psoxy//infra/modular-examples/aws-msft-365?ref=v0.4.57" aws_account_id = var.aws_account_id aws_assume_role_arn = var.aws_assume_role_arn # role that can test the instances (lambdas) diff --git a/infra/examples/gcp-google-workspace/main.tf b/infra/examples/gcp-google-workspace/main.tf index 8fdc3c4dd..90171547a 100644 --- a/infra/examples/gcp-google-workspace/main.tf +++ b/infra/examples/gcp-google-workspace/main.tf @@ -28,7 +28,7 @@ provider "google" { module "psoxy" { # source = "../../modular-examples/gcp-google-workspace" - source = "git::https://github.com/worklytics/psoxy//infra/modular-examples/gcp-google-workspace?ref=v0.4.56" + source = "git::https://github.com/worklytics/psoxy//infra/modular-examples/gcp-google-workspace?ref=v0.4.57" gcp_project_id = var.gcp_project_id environment_name = var.environment_name diff --git a/infra/examples/msft-365/main.tf b/infra/examples/msft-365/main.tf index 87bccadd4..4a2a0dd27 100644 --- a/infra/examples/msft-365/main.tf +++ b/infra/examples/msft-365/main.tf @@ -34,7 +34,7 @@ data "azuread_client_config" "current" {} module "worklytics_connector_specs" { # source = "../../modules/worklytics-connector-specs" - source = "git::https://github.com/worklytics/psoxy//infra/modules/worklytics-connector-specs?ref=v0.4.56" + source = "git::https://github.com/worklytics/psoxy//infra/modules/worklytics-connector-specs?ref=v0.4.57" enabled_connectors = var.enabled_connectors @@ -52,7 +52,7 @@ module "msft-connection" { for_each = module.worklytics_connector_specs.enabled_msft_365_connectors # source = "../../modules/azuread-connection" - source = "git::https://github.com/worklytics/psoxy//infra/modules/azuread-connection?ref=v0.4.56" + source = "git::https://github.com/worklytics/psoxy//infra/modules/azuread-connection?ref=v0.4.57" display_name = "Psoxy Connector - ${each.value.display_name}${var.connector_display_name_suffix}" tenant_id = var.msft_tenant_id @@ -65,7 +65,7 @@ module "msft-connection-auth-federation" { for_each = module.worklytics_connector_specs.enabled_msft_365_connectors # source = "../../modules/azuread-federated-credentials" - source = "git::https://github.com/worklytics/psoxy//infra/modules/azuread-federated-credentials?ref=v0.4.56" + source = "git::https://github.com/worklytics/psoxy//infra/modules/azuread-federated-credentials?ref=v0.4.57" application_object_id = module.msft-connection[each.key].connector.id display_name = "AccessFromAWS" @@ -107,7 +107,7 @@ module "msft_365_grants" { for_each = module.worklytics_connector_specs.enabled_msft_365_connectors # source = "../../modules/azuread-grant-all-users" - source = "git::https://github.com/worklytics/psoxy//infra/modules/azuread-grant-all-users?ref=v0.4.56" + source = "git::https://github.com/worklytics/psoxy//infra/modules/azuread-grant-all-users?ref=v0.4.57" psoxy_instance_id = each.key application_id = module.msft-connection[each.key].connector.application_id diff --git a/infra/modular-examples/aws-google-workspace/main.tf b/infra/modular-examples/aws-google-workspace/main.tf index b1313c779..8a6db2034 100644 --- a/infra/modular-examples/aws-google-workspace/main.tf +++ b/infra/modular-examples/aws-google-workspace/main.tf @@ -22,7 +22,7 @@ locals { module "worklytics_connector_specs" { source = "../../modules/worklytics-connector-specs" - # source = "git::https://github.com/worklytics/psoxy//infra/modules/worklytics-connector-specs?ref=v0.4.56 + # source = "git::https://github.com/worklytics/psoxy//infra/modules/worklytics-connector-specs?ref=v0.4.57 enabled_connectors = var.enabled_connectors google_workspace_example_user = var.google_workspace_example_user @@ -41,7 +41,7 @@ module "worklytics_connector_specs" { module "psoxy-aws" { source = "../../modules/aws" - # source = "git::https://github.com/worklytics/psoxy//infra/modules/aws?ref=v0.4.56 + # source = "git::https://github.com/worklytics/psoxy//infra/modules/aws?ref=v0.4.57 aws_account_id = var.aws_account_id region = var.aws_region @@ -55,7 +55,7 @@ module "psoxy-aws" { # secrets shared across all instances module "global_secrets" { source = "../../modules/aws-ssm-secrets" - # source = "git::https://github.com/worklytics/psoxy//infra/modules/aws-ssm-secrets?ref=v0.4.56 + # source = "git::https://github.com/worklytics/psoxy//infra/modules/aws-ssm-secrets?ref=v0.4.57 path = var.aws_ssm_param_root_path kms_key_id = var.aws_ssm_key_id @@ -83,7 +83,7 @@ module "google-workspace-connection" { for_each = module.worklytics_connector_specs.enabled_google_workspace_connectors source = "../../modules/google-workspace-dwd-connection" - # source = "git::https://github.com/worklytics/psoxy//infra/modules/google-workspace-dwd-connection?ref=v0.4.56 + # source = "git::https://github.com/worklytics/psoxy//infra/modules/google-workspace-dwd-connection?ref=v0.4.57 project_id = var.gcp_project_id connector_service_account_id = "${module.env_id_gcp_sa.id}-${each.key}" @@ -101,7 +101,7 @@ module "google-workspace-connection-auth" { for_each = module.worklytics_connector_specs.enabled_google_workspace_connectors source = "../../modules/gcp-sa-auth-key" - # source = "git::https://github.com/worklytics/psoxy//infra/modules/gcp-sa-auth-key?ref=v0.4.56" + # source = "git::https://github.com/worklytics/psoxy//infra/modules/gcp-sa-auth-key?ref=v0.4.57" service_account_id = module.google-workspace-connection[each.key].service_account_id } @@ -110,7 +110,7 @@ module "sa-key-secrets" { for_each = module.worklytics_connector_specs.enabled_google_workspace_connectors source = "../../modules/aws-ssm-secrets" - # source = "git::https://github.com/worklytics/psoxy//infra/modules/aws-ssm-secrets?ref=v0.4.56" + # source = "git::https://github.com/worklytics/psoxy//infra/modules/aws-ssm-secrets?ref=v0.4.57" # other possibly implementations: # source = "../hashicorp-vault-secrets" @@ -129,7 +129,7 @@ module "psoxy-google-workspace-connector" { for_each = module.worklytics_connector_specs.enabled_google_workspace_connectors source = "../../modules/aws-psoxy-rest" - # source = "git::https://github.com/worklytics/psoxy//infra/modules/aws-psoxy-rest?ref=v0.4.56" + # source = "git::https://github.com/worklytics/psoxy//infra/modules/aws-psoxy-rest?ref=v0.4.57" environment_name = var.environment_name instance_id = each.key @@ -171,7 +171,7 @@ module "worklytics-psoxy-connection-google-workspace" { for_each = module.worklytics_connector_specs.enabled_google_workspace_connectors source = "../../modules/worklytics-psoxy-connection" - # source = "git::https://github.com/worklytics/psoxy//infra/modules/worklytics-psoxy-connection?ref=v0.4.56" + # source = "git::https://github.com/worklytics/psoxy//infra/modules/worklytics-psoxy-connection?ref=v0.4.57" psoxy_instance_id = each.key psoxy_host_platform_id = local.host_platform_id @@ -217,7 +217,7 @@ module "parameter-fill-instructions" { for_each = local.long_access_parameters source = "../../modules/aws-ssm-fill-md" - # source = "git::https://github.com/worklytics/psoxy//infra/modules/aws-ssm-fill-md?ref=v0.4.56" + # source = "git::https://github.com/worklytics/psoxy//infra/modules/aws-ssm-fill-md?ref=v0.4.57" region = var.aws_region parameter_name = aws_ssm_parameter.long-access-secrets[each.key].name @@ -227,7 +227,7 @@ module "source_token_external_todo" { for_each = module.worklytics_connector_specs.enabled_oauth_long_access_connectors_todos source = "../../modules/source-token-external-todo" - # source = "git::https://github.com/worklytics/psoxy//infra/modules/source-token-external-todo?ref=v0.4.56" + # source = "git::https://github.com/worklytics/psoxy//infra/modules/source-token-external-todo?ref=v0.4.57" source_id = each.key connector_specific_external_steps = each.value.external_token_todo @@ -240,7 +240,7 @@ module "aws-psoxy-long-auth-connectors" { for_each = module.worklytics_connector_specs.enabled_oauth_long_access_connectors source = "../../modules/aws-psoxy-rest" - # source = "git::https://github.com/worklytics/psoxy//infra/modules/aws-psoxy-rest?ref=v0.4.56" + # source = "git::https://github.com/worklytics/psoxy//infra/modules/aws-psoxy-rest?ref=v0.4.57" environment_name = var.environment_name instance_id = each.key @@ -285,7 +285,7 @@ module "worklytics-psoxy-connection" { for_each = module.worklytics_connector_specs.enabled_oauth_long_access_connectors source = "../../modules/worklytics-psoxy-connection" - # source = "git::https://github.com/worklytics/psoxy//infra/modules/worklytics-psoxy-connection?ref=v0.4.56" + # source = "git::https://github.com/worklytics/psoxy//infra/modules/worklytics-psoxy-connection?ref=v0.4.57" psoxy_instance_id = each.key connector_id = try(each.value.worklytics_connector_id, "") @@ -318,7 +318,7 @@ module "psoxy-bulk" { for_each = merge(module.worklytics_connector_specs.enabled_bulk_connectors, var.custom_bulk_connectors) source = "../../modules/aws-psoxy-bulk" - # source = "git::https://github.com/worklytics/psoxy//infra/modules/aws-psoxy-bulk?ref=v0.4.56" + # source = "git::https://github.com/worklytics/psoxy//infra/modules/aws-psoxy-bulk?ref=v0.4.57" environment_name = var.environment_name instance_id = each.key @@ -358,7 +358,7 @@ module "psoxy-bulk-to-worklytics" { var.custom_bulk_connectors) source = "../../modules/worklytics-psoxy-connection-generic" - # source = "git::https://github.com/worklytics/psoxy//infra/modules/worklytics-psoxy-connection-generic?ref=v0.4.56" + # source = "git::https://github.com/worklytics/psoxy//infra/modules/worklytics-psoxy-connection-generic?ref=v0.4.57" psoxy_host_platform_id = local.host_platform_id psoxy_instance_id = each.key @@ -378,7 +378,7 @@ module "lookup_output" { for_each = var.lookup_table_builders source = "../../modules/aws-psoxy-output-bucket" - # source = "git::https://github.com/worklytics/psoxy//infra/modules/aws-psoxy-output-bucket?ref=v0.4.56" + # source = "git::https://github.com/worklytics/psoxy//infra/modules/aws-psoxy-output-bucket?ref=v0.4.57" environment_name = var.environment_name instance_id = each.key diff --git a/infra/modular-examples/aws-msft-365/main.tf b/infra/modular-examples/aws-msft-365/main.tf index 7acbab99b..d8d2ca98d 100644 --- a/infra/modular-examples/aws-msft-365/main.tf +++ b/infra/modular-examples/aws-msft-365/main.tf @@ -24,7 +24,7 @@ data "azuread_client_config" "current" {} module "worklytics_connector_specs" { source = "../../modules/worklytics-connector-specs" - # source = "git::https://github.com/worklytics/psoxy//infra/modules/worklytics-connector-specs?ref=v0.4.56" + # source = "git::https://github.com/worklytics/psoxy//infra/modules/worklytics-connector-specs?ref=v0.4.57" enabled_connectors = var.enabled_connectors msft_tenant_id = var.msft_tenant_id @@ -44,7 +44,7 @@ module "worklytics_connector_specs" { module "psoxy-aws" { source = "../../modules/aws" - # source = "git::https://github.com/worklytics/psoxy//infra/modules/aws?ref=v0.4.56" + # source = "git::https://github.com/worklytics/psoxy//infra/modules/aws?ref=v0.4.57" aws_account_id = var.aws_account_id region = var.aws_region @@ -57,7 +57,7 @@ module "psoxy-aws" { module "global_secrets" { source = "../../modules/aws-ssm-secrets" - # source = "git::https://github.com/worklytics/psoxy//infra/modules/aws-ssm-secrets?ref=v0.4.56" + # source = "git::https://github.com/worklytics/psoxy//infra/modules/aws-ssm-secrets?ref=v0.4.57" path = var.aws_ssm_param_root_path kms_key_id = var.aws_ssm_key_id @@ -76,7 +76,7 @@ moved { module "cognito-identity-pool" { source = "../../modules/aws-cognito-pool" - # source = "git::https://github.com/worklytics/psoxy//infra/modules/aws-cognito-pool?ref=v0.4.56" + # source = "git::https://github.com/worklytics/psoxy//infra/modules/aws-cognito-pool?ref=v0.4.57" developer_provider_name = "azure-access" @@ -91,7 +91,7 @@ module "msft-connection" { for_each = module.worklytics_connector_specs.enabled_msft_365_connectors source = "../../modules/azuread-connection" - # source = "git::https://github.com/worklytics/psoxy//infra/modules/azuread-connection?ref=v0.4.56" + # source = "git::https://github.com/worklytics/psoxy//infra/modules/azuread-connection?ref=v0.4.57" display_name = "Psoxy Connector - ${each.value.display_name}${var.connector_display_name_suffix}" tenant_id = var.msft_tenant_id @@ -113,7 +113,7 @@ module "msft-connection-auth-federation" { for_each = module.worklytics_connector_specs.enabled_msft_365_connectors source = "../../modules/azuread-federated-credentials" - # source = "git::https://github.com/worklytics/psoxy//infra/modules/azuread-federated-credentials?ref=v0.4.56" + # source = "git::https://github.com/worklytics/psoxy//infra/modules/azuread-federated-credentials?ref=v0.4.57" application_object_id = module.msft-connection[each.key].connector.id display_name = "AccessFromAWS" @@ -130,7 +130,7 @@ module "msft_365_grants" { for_each = module.worklytics_connector_specs.enabled_msft_365_connectors source = "../../modules/azuread-grant-all-users" - # source = "git::https://github.com/worklytics/psoxy//infra/modules/azuread-grant-all-users?ref=v0.4.56" + # source = "git::https://github.com/worklytics/psoxy//infra/modules/azuread-grant-all-users?ref=v0.4.57" psoxy_instance_id = each.key application_id = module.msft-connection[each.key].connector.application_id @@ -144,7 +144,7 @@ module "psoxy-msft-connector" { for_each = module.worklytics_connector_specs.enabled_msft_365_connectors source = "../../modules/aws-psoxy-rest" - # source = "git::https://github.com/worklytics/psoxy//infra/modules/aws-psoxy-rest?ref=v0.4.56" + # source = "git::https://github.com/worklytics/psoxy//infra/modules/aws-psoxy-rest?ref=v0.4.57" environment_name = var.environment_name instance_id = each.key @@ -194,7 +194,7 @@ module "worklytics-psoxy-connection-msft-365" { for_each = module.worklytics_connector_specs.enabled_msft_365_connectors source = "../../modules/worklytics-psoxy-connection" - # source = "git::https://github.com/worklytics/psoxy//infra/modules/worklytics-psoxy-connection?ref=v0.4.56" + # source = "git::https://github.com/worklytics/psoxy//infra/modules/worklytics-psoxy-connection?ref=v0.4.57" psoxy_host_platform_id = local.host_platform_id psoxy_instance_id = each.key @@ -239,7 +239,7 @@ module "parameter-fill-instructions" { for_each = local.long_access_parameters source = "../../modules/aws-ssm-fill-md" - # source = "git::https://github.com/worklytics/psoxy//infra/modules/aws-ssm-fill-md?ref=v0.4.56" + # source = "git::https://github.com/worklytics/psoxy//infra/modules/aws-ssm-fill-md?ref=v0.4.57" region = var.aws_region parameter_name = aws_ssm_parameter.long-access-secrets[each.key].name @@ -249,7 +249,7 @@ module "source_token_external_todo" { for_each = module.worklytics_connector_specs.enabled_oauth_long_access_connectors_todos source = "../../modules/source-token-external-todo" - # source = "git::https://github.com/worklytics/psoxy//infra/modules/source-token-external-todo?ref=v0.4.56" + # source = "git::https://github.com/worklytics/psoxy//infra/modules/source-token-external-todo?ref=v0.4.57" source_id = each.key connector_specific_external_steps = each.value.external_token_todo @@ -262,7 +262,7 @@ module "aws-psoxy-long-auth-connectors" { for_each = module.worklytics_connector_specs.enabled_oauth_long_access_connectors source = "../../modules/aws-psoxy-rest" - # source = "git::https://github.com/worklytics/psoxy//infra/modules/aws-psoxy-rest?ref=v0.4.56" + # source = "git::https://github.com/worklytics/psoxy//infra/modules/aws-psoxy-rest?ref=v0.4.57" environment_name = var.environment_name instance_id = each.key @@ -305,7 +305,7 @@ module "worklytics-psoxy-connection-oauth-long-access" { for_each = module.worklytics_connector_specs.enabled_oauth_long_access_connectors source = "../../modules/worklytics-psoxy-connection" - # source = "git::https://github.com/worklytics/psoxy//infra/modules/worklytics-psoxy-connection?ref=v0.4.56" + # source = "git::https://github.com/worklytics/psoxy//infra/modules/worklytics-psoxy-connection?ref=v0.4.57" psoxy_host_platform_id = local.host_platform_id psoxy_instance_id = each.key @@ -364,7 +364,7 @@ module "psoxy-bulk" { var.custom_bulk_connectors) source = "../../modules/aws-psoxy-bulk" - # source = "git::https://github.com/worklytics/psoxy//infra/modules/aws-psoxy-bulk?ref=v0.4.56" + # source = "git::https://github.com/worklytics/psoxy//infra/modules/aws-psoxy-bulk?ref=v0.4.57" environment_name = var.environment_name aws_account_id = var.aws_account_id @@ -409,7 +409,7 @@ module "psoxy-bulk-to-worklytics" { var.custom_bulk_connectors) source = "../../modules/worklytics-psoxy-connection-generic" - # source = "git::https://github.com/worklytics/psoxy//infra/modules/worklytics-psoxy-connection-generic?ref=v0.4.56" + # source = "git::https://github.com/worklytics/psoxy//infra/modules/worklytics-psoxy-connection-generic?ref=v0.4.57" psoxy_host_platform_id = local.host_platform_id psoxy_instance_id = each.key @@ -429,7 +429,7 @@ module "lookup_output" { for_each = var.lookup_table_builders source = "../../modules/aws-psoxy-output-bucket" - # source = "git::https://github.com/worklytics/psoxy//infra/modules/aws-psoxy-output-bucket?ref=v0.4.56" + # source = "git::https://github.com/worklytics/psoxy//infra/modules/aws-psoxy-output-bucket?ref=v0.4.57" environment_name = var.environment_name instance_id = each.key diff --git a/infra/modular-examples/aws/main.tf b/infra/modular-examples/aws/main.tf index 4f707bf01..da61d94cd 100644 --- a/infra/modular-examples/aws/main.tf +++ b/infra/modular-examples/aws/main.tf @@ -33,7 +33,7 @@ locals { module "worklytics_connector_specs" { source = "../../modules/worklytics-connector-specs" - # source = "git::https://github.com/worklytics/psoxy//infra/modules/worklytics-connector-specs?ref=v0.4.56 + # source = "git::https://github.com/worklytics/psoxy//infra/modules/worklytics-connector-specs?ref=v0.4.57 enabled_connectors = var.enabled_connectors google_workspace_example_user = var.google_workspace_example_user @@ -52,7 +52,7 @@ module "worklytics_connector_specs" { module "psoxy_aws" { source = "../../modules/aws" - # source = "git::https://github.com/worklytics/psoxy//infra/modules/aws?ref=v0.4.56 + # source = "git::https://github.com/worklytics/psoxy//infra/modules/aws?ref=v0.4.57 aws_account_id = var.aws_account_id region = data.aws_region.current.id @@ -75,7 +75,7 @@ moved { # secrets shared across all instances module "global_secrets" { source = "../../modules/aws-ssm-secrets" - # source = "git::https://github.com/worklytics/psoxy//infra/modules/aws-ssm-secrets?ref=v0.4.56 + # source = "git::https://github.com/worklytics/psoxy//infra/modules/aws-ssm-secrets?ref=v0.4.57 path = var.aws_ssm_param_root_path kms_key_id = var.aws_ssm_key_id @@ -92,7 +92,7 @@ module "google_workspace_connection" { for_each = module.worklytics_connector_specs.enabled_google_workspace_connectors source = "../../modules/google-workspace-dwd-connection" - # source = "git::https://github.com/worklytics/psoxy//infra/modules/google-workspace-dwd-connection?ref=v0.4.56 + # source = "git::https://github.com/worklytics/psoxy//infra/modules/google-workspace-dwd-connection?ref=v0.4.57 project_id = var.gcp_project_id connector_service_account_id = "${local.function_name_prefix}${local.deployment_id_sa_id_part}${each.key}" @@ -117,7 +117,7 @@ module "google_workspace_connection_auth" { for_each = module.worklytics_connector_specs.enabled_google_workspace_connectors source = "../../modules/gcp-sa-auth-key" - # source = "git::https://github.com/worklytics/psoxy//infra/modules/gcp-sa-auth-key?ref=v0.4.56" + # source = "git::https://github.com/worklytics/psoxy//infra/modules/gcp-sa-auth-key?ref=v0.4.57" service_account_id = module.google_workspace_connection[each.key].service_account_id } @@ -133,7 +133,7 @@ module "sa_key_secrets" { for_each = module.worklytics_connector_specs.enabled_google_workspace_connectors source = "../../modules/aws-ssm-secrets" - # source = "git::https://github.com/worklytics/psoxy//infra/modules/aws-ssm-secrets?ref=v0.4.56" + # source = "git::https://github.com/worklytics/psoxy//infra/modules/aws-ssm-secrets?ref=v0.4.57" # other possibly implementations: # source = "../hashicorp-vault-secrets" @@ -159,7 +159,7 @@ module "psoxy_google_workspace_connector" { for_each = module.worklytics_connector_specs.enabled_google_workspace_connectors source = "../../modules/aws-psoxy-rest" - # source = "git::https://github.com/worklytics/psoxy//infra/modules/aws-psoxy-rest?ref=v0.4.56" + # source = "git::https://github.com/worklytics/psoxy//infra/modules/aws-psoxy-rest?ref=v0.4.57" environment_name = var.environment_name instance_id = each.key @@ -203,7 +203,7 @@ module "worklytics_psoxy_connection_google_workspace" { for_each = module.worklytics_connector_specs.enabled_google_workspace_connectors source = "../../modules/worklytics-psoxy-connection" - # source = "git::https://github.com/worklytics/psoxy//infra/modules/worklytics-psoxy-connection?ref=v0.4.56" + # source = "git::https://github.com/worklytics/psoxy//infra/modules/worklytics-psoxy-connection?ref=v0.4.57" psoxy_instance_id = each.key psoxy_host_platform_id = local.host_platform_id @@ -237,7 +237,7 @@ module "cognito_identity_pool" { count = local.msft_365_enabled ? 1 : 0 # only provision identity pool if MSFT-365 connectors are enabled source = "../../modules/aws-cognito-pool" - # source = "git::https://github.com/worklytics/psoxy//infra/modules/aws-cognito-pool?ref=v0.4.56" + # source = "git::https://github.com/worklytics/psoxy//infra/modules/aws-cognito-pool?ref=v0.4.57" developer_provider_name = "azure-access" name = "azure-ad-federation" @@ -247,7 +247,7 @@ module "cognito_identity" { count = local.msft_365_enabled ? 1 : 0 # only provision identity pool if MSFT-365 connectors are enabled source = "../../modules/aws-cognito-identity-cli" - # source = "git::https://github.com/worklytics/psoxy//infra/modules/aws-cognito-identity-cli?ref=v0.4.56" + # source = "git::https://github.com/worklytics/psoxy//infra/modules/aws-cognito-identity-cli?ref=v0.4.57" identity_pool_id = module.cognito_identity_pool[0].pool_id aws_region = data.aws_region.current.id @@ -269,7 +269,7 @@ module "msft_connection" { for_each = module.worklytics_connector_specs.enabled_msft_365_connectors source = "../../modules/azuread-connection" - # source = "git::https://github.com/worklytics/psoxy//infra/modules/azuread-connection?ref=v0.4.56" + # source = "git::https://github.com/worklytics/psoxy//infra/modules/azuread-connection?ref=v0.4.57" display_name = "Psoxy Connector - ${each.value.display_name}${var.connector_display_name_suffix}" tenant_id = var.msft_tenant_id @@ -288,7 +288,7 @@ module "msft_connection_auth_federation" { for_each = module.worklytics_connector_specs.enabled_msft_365_connectors source = "../../modules/azuread-federated-credentials" - # source = "git::https://github.com/worklytics/psoxy//infra/modules/azuread-federated-credentials?ref=v0.4.56" + # source = "git::https://github.com/worklytics/psoxy//infra/modules/azuread-federated-credentials?ref=v0.4.57" application_object_id = module.msft_connection[each.key].connector.id display_name = "AccessFromAWS" @@ -312,7 +312,7 @@ module "msft_365_grants" { for_each = module.worklytics_connector_specs.enabled_msft_365_connectors source = "../../modules/azuread-grant-all-users" - # source = "git::https://github.com/worklytics/psoxy//infra/modules/azuread-grant-all-users?ref=v0.4.56" + # source = "git::https://github.com/worklytics/psoxy//infra/modules/azuread-grant-all-users?ref=v0.4.57" psoxy_instance_id = each.key application_id = module.msft_connection[each.key].connector.application_id @@ -326,7 +326,7 @@ module "psoxy_msft_connector" { for_each = module.worklytics_connector_specs.enabled_msft_365_connectors source = "../../modules/aws-psoxy-rest" - # source = "git::https://github.com/worklytics/psoxy//infra/modules/aws-psoxy-rest?ref=v0.4.56" + # source = "git::https://github.com/worklytics/psoxy//infra/modules/aws-psoxy-rest?ref=v0.4.57" environment_name = var.environment_name instance_id = each.key @@ -380,7 +380,7 @@ module "worklytics_psoxy_connection_msft_365" { for_each = module.worklytics_connector_specs.enabled_msft_365_connectors source = "../../modules/worklytics-psoxy-connection" - # source = "git::https://github.com/worklytics/psoxy//infra/modules/worklytics-psoxy-connection?ref=v0.4.56" + # source = "git::https://github.com/worklytics/psoxy//infra/modules/worklytics-psoxy-connection?ref=v0.4.57" psoxy_host_platform_id = local.host_platform_id psoxy_instance_id = each.key @@ -433,7 +433,7 @@ module "parameter_fill_instructions" { for_each = local.long_access_parameters source = "../../modules/aws-ssm-fill-md" - # source = "git::https://github.com/worklytics/psoxy//infra/modules/aws-ssm-fill-md?ref=v0.4.56" + # source = "git::https://github.com/worklytics/psoxy//infra/modules/aws-ssm-fill-md?ref=v0.4.57" region = data.aws_region.current.id parameter_name = aws_ssm_parameter.long-access-secrets[each.key].name @@ -449,7 +449,7 @@ module "source_token_external_todo" { for_each = module.worklytics_connector_specs.enabled_oauth_long_access_connectors_todos source = "../../modules/source-token-external-todo" - # source = "git::https://github.com/worklytics/psoxy//infra/modules/source-token-external-todo?ref=v0.4.56" + # source = "git::https://github.com/worklytics/psoxy//infra/modules/source-token-external-todo?ref=v0.4.57" source_id = each.key connector_specific_external_steps = each.value.external_token_todo @@ -462,7 +462,7 @@ module "aws_psoxy_long_auth_connectors" { for_each = module.worklytics_connector_specs.enabled_oauth_long_access_connectors source = "../../modules/aws-psoxy-rest" - # source = "git::https://github.com/worklytics/psoxy//infra/modules/aws-psoxy-rest?ref=v0.4.56" + # source = "git::https://github.com/worklytics/psoxy//infra/modules/aws-psoxy-rest?ref=v0.4.57" environment_name = var.environment_name instance_id = each.key @@ -510,7 +510,7 @@ module "worklytics_psoxy_connection" { for_each = module.worklytics_connector_specs.enabled_oauth_long_access_connectors source = "../../modules/worklytics-psoxy-connection" - # source = "git::https://github.com/worklytics/psoxy//infra/modules/worklytics-psoxy-connection?ref=v0.4.56" + # source = "git::https://github.com/worklytics/psoxy//infra/modules/worklytics-psoxy-connection?ref=v0.4.57" psoxy_instance_id = each.key connector_id = try(each.value.worklytics_connector_id, "") @@ -549,7 +549,7 @@ module "psoxy_bulk" { for_each = merge(module.worklytics_connector_specs.enabled_bulk_connectors, var.custom_bulk_connectors) source = "../../modules/aws-psoxy-bulk" - # source = "git::https://github.com/worklytics/psoxy//infra/modules/aws-psoxy-bulk?ref=v0.4.56" + # source = "git::https://github.com/worklytics/psoxy//infra/modules/aws-psoxy-bulk?ref=v0.4.57" environment_name = var.environment_name instance_id = each.key @@ -593,7 +593,7 @@ module "psoxy_bulk_to_worklytics" { var.custom_bulk_connectors) source = "../../modules/worklytics-psoxy-connection-generic" - # source = "git::https://github.com/worklytics/psoxy//infra/modules/worklytics-psoxy-connection-generic?ref=v0.4.56" + # source = "git::https://github.com/worklytics/psoxy//infra/modules/worklytics-psoxy-connection-generic?ref=v0.4.57" psoxy_host_platform_id = local.host_platform_id psoxy_instance_id = each.key @@ -620,7 +620,7 @@ module "lookup_output" { for_each = var.lookup_table_builders source = "../../modules/aws-psoxy-output-bucket" - # source = "git::https://github.com/worklytics/psoxy//infra/modules/aws-psoxy-output-bucket?ref=v0.4.56" + # source = "git::https://github.com/worklytics/psoxy//infra/modules/aws-psoxy-output-bucket?ref=v0.4.57" environment_name = var.environment_name instance_id = each.key diff --git a/infra/modular-examples/gcp-google-workspace/main.tf b/infra/modular-examples/gcp-google-workspace/main.tf index 86cc73271..a410f0491 100644 --- a/infra/modular-examples/gcp-google-workspace/main.tf +++ b/infra/modular-examples/gcp-google-workspace/main.tf @@ -13,7 +13,7 @@ locals { module "worklytics_connector_specs" { source = "../../modules/worklytics-connector-specs" - # source = "git::https://github.com/worklytics/psoxy//infra/modules/worklytics-connector-specs?ref=v0.4.56" + # source = "git::https://github.com/worklytics/psoxy//infra/modules/worklytics-connector-specs?ref=v0.4.57" enabled_connectors = var.enabled_connectors @@ -33,7 +33,7 @@ module "worklytics_connector_specs" { module "psoxy-gcp" { source = "../../modules/gcp" - # source = "git::https://github.com/worklytics/psoxy//infra/modules/gcp?ref=v0.4.56" + # source = "git::https://github.com/worklytics/psoxy//infra/modules/gcp?ref=v0.4.57" project_id = var.gcp_project_id psoxy_base_dir = var.psoxy_base_dir @@ -47,7 +47,7 @@ module "google-workspace-connection" { for_each = module.worklytics_connector_specs.enabled_google_workspace_connectors source = "../../modules/google-workspace-dwd-connection" - # source = "git::https://github.com/worklytics/psoxy//infra/modules/google-workspace-dwd-connection?ref=v0.4.56" + # source = "git::https://github.com/worklytics/psoxy//infra/modules/google-workspace-dwd-connection?ref=v0.4.57" project_id = var.gcp_project_id connector_service_account_id = "psoxy-${substr(each.key, 0, 24)}" @@ -65,7 +65,7 @@ module "google-workspace-connection-auth" { for_each = module.worklytics_connector_specs.enabled_google_workspace_connectors source = "../../modules/gcp-sa-auth-key" - # source = "git::https://github.com/worklytics/psoxy//infra/modules/gcp-sa-auth-key?ref=v0.4.56" + # source = "git::https://github.com/worklytics/psoxy//infra/modules/gcp-sa-auth-key?ref=v0.4.57" service_account_id = module.google-workspace-connection[each.key].service_account_id } @@ -75,7 +75,7 @@ module "google-workspace-key-secrets" { for_each = module.worklytics_connector_specs.enabled_google_workspace_connectors source = "../../modules/gcp-secrets" - # source = "git::https://github.com/worklytics/psoxy//infra/modules/gcp-secrets?ref=v0.4.56" + # source = "git::https://github.com/worklytics/psoxy//infra/modules/gcp-secrets?ref=v0.4.57" secret_project = var.gcp_project_id default_labels = var.default_labels @@ -116,7 +116,7 @@ module "psoxy-google-workspace-connector" { for_each = module.worklytics_connector_specs.enabled_google_workspace_connectors source = "../../modules/gcp-psoxy-rest" - # source = "git::https://github.com/worklytics/psoxy//infra/modules/gcp-psoxy-rest?ref=v0.4.56" + # source = "git::https://github.com/worklytics/psoxy//infra/modules/gcp-psoxy-rest?ref=v0.4.57" project_id = var.gcp_project_id source_kind = each.value.source_kind @@ -159,7 +159,7 @@ module "worklytics-psoxy-connection" { for_each = module.worklytics_connector_specs.enabled_google_workspace_connectors source = "../../modules/worklytics-psoxy-connection" - # source = "git::https://github.com/worklytics/psoxy//infra/modules/worklytics-psoxy-connection?ref=v0.4.56" + # source = "git::https://github.com/worklytics/psoxy//infra/modules/worklytics-psoxy-connection?ref=v0.4.57" psoxy_host_platform_id = local.host_platform_id psoxy_instance_id = each.key @@ -192,7 +192,7 @@ module "connector-oauth" { for_each = local.long_access_parameters source = "../../modules/gcp-oauth-secrets" - # source = "git::https://github.com/worklytics/psoxy//infra/modules/gcp-oauth-secrets?ref=v0.4.56" + # source = "git::https://github.com/worklytics/psoxy//infra/modules/gcp-oauth-secrets?ref=v0.4.57" secret_name = "PSOXY_${upper(replace(each.value.connector_name, "-", "_"))}_${upper(each.value.secret_name)}" project_id = var.gcp_project_id @@ -213,7 +213,7 @@ module "long-auth-token-secret-fill-instructions" { for_each = local.long_access_parameters source = "../../modules/gcp-secret-fill-md" - # source = "git::https://github.com/worklytics/psoxy//infra/modules/gcp-secret-fill-md?ref=v0.4.56" + # source = "git::https://github.com/worklytics/psoxy//infra/modules/gcp-secret-fill-md?ref=v0.4.57" project_id = var.gcp_project_id secret_id = module.connector-oauth[each.key].secret_id @@ -223,7 +223,7 @@ module "source_token_external_todo" { for_each = module.worklytics_connector_specs.enabled_oauth_long_access_connectors_todos source = "../../modules/source-token-external-todo" - # source = "git::https://github.com/worklytics/psoxy//infra/modules/source-token-external-todo?ref=v0.4.56" + # source = "git::https://github.com/worklytics/psoxy//infra/modules/source-token-external-todo?ref=v0.4.57" source_id = each.key connector_specific_external_steps = each.value.external_token_todo @@ -236,7 +236,7 @@ module "connector-long-auth-function" { for_each = module.worklytics_connector_specs.enabled_oauth_long_access_connectors source = "../../modules/gcp-psoxy-rest" - # source = "git::https://github.com/worklytics/psoxy//infra/modules/gcp-psoxy-rest?ref=v0.4.56" + # source = "git::https://github.com/worklytics/psoxy//infra/modules/gcp-psoxy-rest?ref=v0.4.57" project_id = var.gcp_project_id source_kind = each.value.source_kind @@ -281,7 +281,7 @@ module "worklytics-psoxy-connection-long-auth" { for_each = module.worklytics_connector_specs.enabled_oauth_long_access_connectors source = "../../modules/worklytics-psoxy-connection" - # source = "git::https://github.com/worklytics/psoxy//infra/modules/worklytics-psoxy-connection?ref=v0.4.56" + # source = "git::https://github.com/worklytics/psoxy//infra/modules/worklytics-psoxy-connection?ref=v0.4.57" psoxy_host_platform_id = "GCP" psoxy_instance_id = each.key @@ -299,7 +299,7 @@ module "psoxy-gcp-bulk" { var.custom_bulk_connectors) source = "../../modules/gcp-psoxy-bulk" - # source = "git::https://github.com/worklytics/psoxy//infra/modules/gcp-psoxy-bulk?ref=v0.4.56" + # source = "git::https://github.com/worklytics/psoxy//infra/modules/gcp-psoxy-bulk?ref=v0.4.57" project_id = var.gcp_project_id worklytics_sa_emails = var.worklytics_sa_emails @@ -333,7 +333,7 @@ module "psoxy-bulk-to-worklytics" { var.custom_bulk_connectors) source = "../../modules/worklytics-psoxy-connection-generic" - # source = "git::https://github.com/worklytics/psoxy//infra/modules/worklytics-psoxy-connection-generic?ref=v0.4.56" + # source = "git::https://github.com/worklytics/psoxy//infra/modules/worklytics-psoxy-connection-generic?ref=v0.4.57" psoxy_host_platform_id = local.host_platform_id psoxy_instance_id = each.key diff --git a/infra/modules/aws-host/main.tf b/infra/modules/aws-host/main.tf index 7cc4dd15a..4ed959686 100644 --- a/infra/modules/aws-host/main.tf +++ b/infra/modules/aws-host/main.tf @@ -42,6 +42,7 @@ module "psoxy" { api_function_name_prefix = "${lower(module.env_id.id)}-" use_api_gateway_v2 = local.use_api_gateway_v2 logs_kms_key_arn = var.logs_kms_key_arn + iam_roles_permissions_boundary = var.iam_roles_permissions_boundary } @@ -138,6 +139,7 @@ module "api_connector" { vpc_config = var.vpc_config api_gateway_v2 = module.psoxy.api_gateway_v2 aws_lambda_execution_role_policy_arn = var.aws_lambda_execution_role_policy_arn + iam_roles_permissions_boundary = var.iam_roles_permissions_boundary todos_as_local_files = var.todos_as_local_files todo_step = var.todo_step @@ -198,6 +200,7 @@ module "bulk_connector" { vpc_config = var.vpc_config aws_lambda_execution_role_policy_arn = var.aws_lambda_execution_role_policy_arn provision_bucket_public_access_block = var.provision_bucket_public_access_block + iam_roles_permissions_boundary = var.iam_roles_permissions_boundary todos_as_local_files = var.todos_as_local_files diff --git a/infra/modules/aws-host/variables.tf b/infra/modules/aws-host/variables.tf index 27ec5bbc9..6746fc55f 100644 --- a/infra/modules/aws-host/variables.tf +++ b/infra/modules/aws-host/variables.tf @@ -61,6 +61,11 @@ variable "aws_lambda_execution_role_policy_arn" { default = null } +variable "iam_roles_permissions_boundary" { + type = string + description = "*beta* ARN of the permissions boundary to attach to IAM roles created by this module." + default = null +} variable "caller_gcp_service_account_ids" { type = list(string) diff --git a/infra/modules/aws-psoxy-bulk-existing/main.tf b/infra/modules/aws-psoxy-bulk-existing/main.tf index 3aa07b41e..5d7fb7454 100644 --- a/infra/modules/aws-psoxy-bulk-existing/main.tf +++ b/infra/modules/aws-psoxy-bulk-existing/main.tf @@ -22,6 +22,8 @@ module "psoxy_lambda" { vpc_config = var.vpc_config secrets_store_implementation = var.secrets_store_implementation aws_lambda_execution_role_policy_arn = var.aws_lambda_execution_role_policy_arn + iam_roles_permissions_boundary = var.iam_roles_permissions_boundary + environment_variables = merge( var.environment_variables, diff --git a/infra/modules/aws-psoxy-bulk-existing/variables.tf b/infra/modules/aws-psoxy-bulk-existing/variables.tf index babd50703..ed4261d4b 100644 --- a/infra/modules/aws-psoxy-bulk-existing/variables.tf +++ b/infra/modules/aws-psoxy-bulk-existing/variables.tf @@ -152,6 +152,12 @@ variable "memory_size_mb" { default = 512 } +variable "iam_roles_permissions_boundary" { + type = string + description = "*beta* ARN of the permissions boundary to attach to IAM roles created by this module." + default = null +} + variable "vpc_config" { type = object({ # ipv6_allowed_for_dual_stack = optional(bool, false) diff --git a/infra/modules/aws-psoxy-bulk/main.tf b/infra/modules/aws-psoxy-bulk/main.tf index fb4dd1c1d..48d308e7a 100644 --- a/infra/modules/aws-psoxy-bulk/main.tf +++ b/infra/modules/aws-psoxy-bulk/main.tf @@ -46,6 +46,7 @@ module "psoxy_lambda" { log_retention_in_days = var.log_retention_days vpc_config = var.vpc_config aws_lambda_execution_role_policy_arn = var.aws_lambda_execution_role_policy_arn + iam_roles_permissions_boundary = var.iam_roles_permissions_boundary environment_variables = merge( var.environment_variables, diff --git a/infra/modules/aws-psoxy-bulk/variables.tf b/infra/modules/aws-psoxy-bulk/variables.tf index 40014644d..c989f5a54 100644 --- a/infra/modules/aws-psoxy-bulk/variables.tf +++ b/infra/modules/aws-psoxy-bulk/variables.tf @@ -83,6 +83,12 @@ variable "aws_lambda_execution_role_policy_arn" { default = null } +variable "iam_roles_permissions_boundary" { + type = string + description = "*beta* ARN of the permissions boundary to attach to IAM roles created by this module." + default = null +} + variable "log_retention_days" { type = number description = "number of days to retain logs in CloudWatch for this psoxy instance" diff --git a/infra/modules/aws-psoxy-lambda/main.tf b/infra/modules/aws-psoxy-lambda/main.tf index bc64f7fa5..754a0686b 100644 --- a/infra/modules/aws-psoxy-lambda/main.tf +++ b/infra/modules/aws-psoxy-lambda/main.tf @@ -44,7 +44,7 @@ resource "aws_lambda_function" "instance" { function_name = local.function_name role = aws_iam_role.iam_for_lambda.arn architectures = ["arm64"] # 20% cheaper per ms exec time than x86_64 - runtime = "java11" + runtime = "java17" filename = local.bundle_from_s3 ? null : var.path_to_function_zip s3_bucket = local.s3_bucket # null if local file s3_key = local.s3_key # null if local file @@ -119,6 +119,8 @@ resource "aws_iam_role" "iam_for_lambda" { ] }) + permissions_boundary = var.iam_roles_permissions_boundary + lifecycle { ignore_changes = [ tags diff --git a/infra/modules/aws-psoxy-lambda/variables.tf b/infra/modules/aws-psoxy-lambda/variables.tf index a556b4c75..f40c0a94d 100644 --- a/infra/modules/aws-psoxy-lambda/variables.tf +++ b/infra/modules/aws-psoxy-lambda/variables.tf @@ -141,6 +141,11 @@ variable "global_secrets_manager_secret_arns" { default = {} } +variable "iam_roles_permissions_boundary" { + type = string + description = "*beta* ARN of the permissions boundary to attach to IAM roles created by this module." + default = null +} # TODO: remove after v0.4.x variable "function_parameters" { diff --git a/infra/modules/aws-psoxy-rest/main.tf b/infra/modules/aws-psoxy-rest/main.tf index 379afddef..d941d61cd 100644 --- a/infra/modules/aws-psoxy-rest/main.tf +++ b/infra/modules/aws-psoxy-rest/main.tf @@ -56,6 +56,8 @@ module "psoxy_lambda" { vpc_config = var.vpc_config secrets_store_implementation = var.secrets_store_implementation aws_lambda_execution_role_policy_arn = var.aws_lambda_execution_role_policy_arn + iam_roles_permissions_boundary = var.iam_roles_permissions_boundary + environment_variables = merge( var.environment_variables, diff --git a/infra/modules/aws-psoxy-rest/variables.tf b/infra/modules/aws-psoxy-rest/variables.tf index 2174f96cf..1bf19990d 100644 --- a/infra/modules/aws-psoxy-rest/variables.tf +++ b/infra/modules/aws-psoxy-rest/variables.tf @@ -63,6 +63,12 @@ variable "ssm_kms_key_ids" { default = {} } +variable "iam_roles_permissions_boundary" { + type = string + description = "*beta* ARN of the permissions boundary to attach to IAM roles created by this module." + default = null +} + variable "log_retention_days" { type = number description = "number of days to retain logs in CloudWatch for this psoxy instance" diff --git a/infra/modules/aws/main.tf b/infra/modules/aws/main.tf index ac5287c74..8ae7e1e0b 100644 --- a/infra/modules/aws/main.tf +++ b/infra/modules/aws/main.tf @@ -45,8 +45,9 @@ data "aws_region" "current" {} # role that Worklytics user will use to call the API resource "aws_iam_role" "api-caller" { - name = "${var.deployment_id}Caller" - description = "role for AWS principals that may invoke the psoxy instance or read an instance's output" + name = "${var.deployment_id}Caller" + description = "role for AWS principals that may invoke the psoxy instance or read an instance's output" + permissions_boundary = var.iam_roles_permissions_boundary # who can assume this role assume_role_policy = jsonencode({ @@ -67,6 +68,8 @@ resource "aws_iam_role" "api-caller" { ) }) + + lifecycle { ignore_changes = [ tags diff --git a/infra/modules/aws/variables.tf b/infra/modules/aws/variables.tf index c7b6595d5..053fdcdcf 100644 --- a/infra/modules/aws/variables.tf +++ b/infra/modules/aws/variables.tf @@ -111,3 +111,9 @@ variable "logs_kms_key_arn" { description = "AWS KMS key ARN to use to encrypt lambdas' logs. NOTE: ensure CloudWatch is setup to use this key (cloudwatch principal has perms, log group in same region as key, etc) - see https://docs.aws.amazon.com/AmazonCloudWatch/latest/logs/encrypt-log-data-kms.html ." default = null } + +variable "iam_roles_permissions_boundary" { + type = string + description = "*beta* ARN of the permissions boundary to attach to IAM roles created by this module." + default = null +} diff --git a/infra/modules/gcp-psoxy-bulk/main.tf b/infra/modules/gcp-psoxy-bulk/main.tf index d6403963f..bd2a20a02 100644 --- a/infra/modules/gcp-psoxy-bulk/main.tf +++ b/infra/modules/gcp-psoxy-bulk/main.tf @@ -164,19 +164,19 @@ resource "google_service_account_iam_member" "act_as" { resource "google_cloudfunctions_function" "function" { name = local.function_name description = "Psoxy instance to process ${var.source_kind} files" - runtime = "java11" + runtime = "java17" project = var.project_id region = var.region available_memory_mb = coalesce(var.available_memory_mb, 1024) source_archive_bucket = var.artifacts_bucket_name source_archive_object = var.deployment_bundle_object_name - docker_repository = var.artifact_repository_id entry_point = "co.worklytics.psoxy.GCSFileEvent" service_account_email = google_service_account.service_account.email timeout = 540 # 9 minutes, which is gen1 max allowed labels = var.default_labels - docker_registry = "CONTAINER_REGISTRY" + docker_registry = "ARTIFACT_REGISTRY" + docker_repository = var.artifact_repository_id environment_variables = merge(tomap({ INPUT_BUCKET = google_storage_bucket.input_bucket.name, @@ -334,4 +334,4 @@ output "todo" { output "next_todo_step" { value = var.todo_step + 1 -} \ No newline at end of file +} diff --git a/infra/modules/gcp-psoxy-rest/main.tf b/infra/modules/gcp-psoxy-rest/main.tf index 9413b680a..2a946d9c2 100644 --- a/infra/modules/gcp-psoxy-rest/main.tf +++ b/infra/modules/gcp-psoxy-rest/main.tf @@ -58,7 +58,7 @@ resource "google_service_account_iam_member" "act_as" { resource "google_cloudfunctions_function" "function" { name = "${var.environment_id_prefix}${var.instance_id}" description = "Psoxy Connector - ${var.source_kind}" - runtime = "java11" + runtime = "java17" project = var.project_id region = var.region @@ -250,4 +250,4 @@ output "todo" { output "next_todo_step" { value = var.todo_step + 1 -} \ No newline at end of file +} diff --git a/infra/modules/worklytics-connector-specs/main.tf b/infra/modules/worklytics-connector-specs/main.tf index 1a5b2ceaf..2917aaebc 100644 --- a/infra/modules/worklytics-connector-specs/main.tf +++ b/infra/modules/worklytics-connector-specs/main.tf @@ -205,7 +205,8 @@ locals { required_app_roles : [ # Application permissions (form az ad sp list --query "[?appDisplayName=='Microsoft Graph'].appRoles" --all "User.Read.All", - "Group.Read.All" + "Group.Read.All", + "MailboxSettings.Read", ] environment_variables : { GRANT_TYPE : "workload_identity_federation" # by default, assumed to be of type 'urn:ietf:params:oauth:client-assertion-type:jwt-bearer' @@ -234,7 +235,8 @@ locals { required_app_roles : [ # Application permissions (form az ad sp list --query "[?appDisplayName=='Microsoft Graph'].appRoles" --all "User.Read.All", - "Group.Read.All" + "Group.Read.All", + "MailboxSettings.Read" ] environment_variables : { GRANT_TYPE : "workload_identity_federation" # by default, assumed to be of type 'urn:ietf:params:oauth:client-assertion-type:jwt-bearer' @@ -260,8 +262,6 @@ locals { target_host : "graph.microsoft.com" required_oauth2_permission_scopes : [] required_app_roles : [ - "OnlineMeetings.Read.All", - "OnlineMeetingArtifact.Read.All", "Calendars.Read", "MailboxSettings.Read", "Group.Read.All", @@ -1504,4 +1504,4 @@ locals { } if try(secret_var.lockable, false) == true ] ])) -} +} \ No newline at end of file diff --git a/infra/modules/worklytics-connectors-msft-365/main.tf b/infra/modules/worklytics-connectors-msft-365/main.tf index c55a6a790..117e9df27 100644 --- a/infra/modules/worklytics-connectors-msft-365/main.tf +++ b/infra/modules/worklytics-connectors-msft-365/main.tf @@ -32,7 +32,7 @@ data "azuread_client_config" "current" { } data "azuread_users" "owners" { - count = local.provision_entraid_apps && length(var.msft_owners_email) > 0 ? 1 : 0 + count = local.provision_entraid_apps ? 1 : 0 user_principal_names = var.msft_owners_email } @@ -126,4 +126,4 @@ locals { }) }) } -} +} \ No newline at end of file diff --git a/java/core/src/main/java/co/worklytics/psoxy/gateway/impl/HealthCheckRequestHandler.java b/java/core/src/main/java/co/worklytics/psoxy/gateway/impl/HealthCheckRequestHandler.java index b0eddcbe1..12bf7bb45 100644 --- a/java/core/src/main/java/co/worklytics/psoxy/gateway/impl/HealthCheckRequestHandler.java +++ b/java/core/src/main/java/co/worklytics/psoxy/gateway/impl/HealthCheckRequestHandler.java @@ -31,7 +31,7 @@ @Log public class HealthCheckRequestHandler { - static final String JAVA_SOURCE_CODE_VERSION = "v0.4.56"; + static final String JAVA_SOURCE_CODE_VERSION = "v0.4.57"; @Inject EnvVarsConfigService envVarsConfigService; diff --git a/java/core/src/main/java/co/worklytics/psoxy/rules/msft/PrebuiltSanitizerRules.java b/java/core/src/main/java/co/worklytics/psoxy/rules/msft/PrebuiltSanitizerRules.java index 3c5edc913..477a7cc01 100644 --- a/java/core/src/main/java/co/worklytics/psoxy/rules/msft/PrebuiltSanitizerRules.java +++ b/java/core/src/main/java/co/worklytics/psoxy/rules/msft/PrebuiltSanitizerRules.java @@ -295,13 +295,13 @@ public class PrebuiltSanitizerRules { REDACT_CALENDAR_ODATA_LINKS); - static final String MS_TEAMS_PATH_TEMPLATES_TEAMS = "/{apiVersion}/teams"; // ^/v1.0 - static final String MS_TEAMS_PATH_TEMPLATES_TEAMS_ALL_CHANNELS = "/{apiVersion}/teams/{teamId}/allChannels"; - static final String MS_TEAMS_PATH_TEMPLATES_USERS_CHATS = "/{apiVersion}/users/{userId}/chats"; - static final String MS_TEAMS_PATH_TEMPLATES_TEAMS_CHANNELS_MESSAGES = "/{apiVersion}/teams/{teamId}/channels/{channelId}/messages"; - static final String MS_TEAMS_PATH_TEMPLATES_TEAMS_CHANNELS_MESSAGES_DELTA = "/{apiVersion}/teams/{teamId}/channels/{channelId}/messages/delta"; - static final String MS_TEAMS_PATH_TEMPLATES_CHATS_MESSAGES = "/{apiVersion}/chats/{chatId}/messages"; - static final String MS_TEAMS_PATH_TEMPLATES_COMMUNICATIONS_CALLS = "/{apiVersion}/communications/calls/{callId}"; + static final String MS_TEAMS_PATH_TEMPLATES_TEAMS = "/v1.0/teams"; // + static final String MS_TEAMS_PATH_TEMPLATES_TEAMS_ALL_CHANNELS = "/v1.0/teams/{teamId}/allChannels"; + static final String MS_TEAMS_PATH_TEMPLATES_USERS_CHATS = "/v1.0/users/{userId}/chats"; + static final String MS_TEAMS_PATH_TEMPLATES_TEAMS_CHANNELS_MESSAGES = "/v1.0/teams/{teamId}/channels/{channelId}/messages"; + static final String MS_TEAMS_PATH_TEMPLATES_TEAMS_CHANNELS_MESSAGES_DELTA = "/v1.0/teams/{teamId}/channels/{channelId}/messages/delta"; + static final String MS_TEAMS_PATH_TEMPLATES_CHATS_MESSAGES = "/v1.0/chats/{chatId}/messages"; + static final String MS_TEAMS_PATH_TEMPLATES_COMMUNICATIONS_CALLS = "/v1.0/communications/calls/{callId}"; /* Unfortunately, we have to use regex expression here. If we use pathTemplate here: /{apiVersion}/communications/callRecords/{callChainId} - internally it would convert into @@ -326,11 +326,11 @@ public class PrebuiltSanitizerRules { 2. Match GraphQL query parameters: (?\?[a-zA-z0-9\s\$\=\(\)]*) */ static final String MS_TEAMS_PATH_TEMPLATES_COMMUNICATIONS_CALL_RECORDS_REGEX = "^/v1.0/communications/callRecords/(?[({]?[a-fA-F0-9]{8}[-]?([a-fA-F0-9]{4}[-]?){3}[a-fA-F0-9]{12}[})]?)(?[a-zA-z0-9\\s\\$\\=\\?\\(\\)]*)"; - static final String MS_TEAMS_PATH_TEMPLATES_COMMUNICATIONS_CALL_RECORDS_GET_DIRECT_ROUTING_CALLS = "/{apiVersion}/communications/callRecords/getDirectRoutingCalls(fromDateTime={startDate},toDateTime={endDate})"; - static final String MS_TEAMS_PATH_TEMPLATES_COMMUNICATIONS_CALL_RECORDS_GET_PSTN_CALLS = "/{apiVersion}/communications/callRecords/getPstnCalls(fromDateTime={startDate},toDateTime={endDate})"; - static final String MS_TEAMS_PATH_TEMPLATES_USERS_ONLINE_MEETINGS = "/{apiVersion}/users/{userId}/onlineMeetings"; - static final String MS_TEAMS_PATH_TEMPLATES_USERS_ONLINE_MEETINGS_ATTENDANCE_REPORTS = "/{apiVersion}/users/{userId}/onlineMeetings/{meetingId}/attendanceReports"; - static final String MS_TEAMS_PATH_TEMPLATES_USERS_ONLINE_MEETINGS_ATTENDANCE_REPORT = "/{apiVersion}/users/{userId}/onlineMeetings/{meetingId}/attendanceReports/{reportId}"; + static final String MS_TEAMS_PATH_TEMPLATES_COMMUNICATIONS_CALL_RECORDS_GET_DIRECT_ROUTING_CALLS = "/v1.0/communications/callRecords/getDirectRoutingCalls(fromDateTime={startDate},toDateTime={endDate})"; + static final String MS_TEAMS_PATH_TEMPLATES_COMMUNICATIONS_CALL_RECORDS_GET_PSTN_CALLS = "/v1.0/communications/callRecords/getPstnCalls(fromDateTime={startDate},toDateTime={endDate})"; + static final String MS_TEAMS_PATH_TEMPLATES_USERS_ONLINE_MEETINGS = "/v1.0/users/{userId}/onlineMeetings"; + static final String MS_TEAMS_PATH_TEMPLATES_USERS_ONLINE_MEETINGS_ATTENDANCE_REPORTS = "/v1.0/users/{userId}/onlineMeetings/{meetingId}/attendanceReports"; + static final String MS_TEAMS_PATH_TEMPLATES_USERS_ONLINE_MEETINGS_ATTENDANCE_REPORT = "/v1.0/users/{userId}/onlineMeetings/{meetingId}/attendanceReports/{reportId}"; static final Transform.Pseudonymize PSEUDONYMIZE_USER_ID = Transform.Pseudonymize.builder() .jsonPath("$..user.id") diff --git a/java/core/src/test/java/co/worklytics/psoxy/salesforce/SalesforceTests.java b/java/core/src/test/java/co/worklytics/psoxy/rules/salesforce/SalesforceTests.java similarity index 99% rename from java/core/src/test/java/co/worklytics/psoxy/salesforce/SalesforceTests.java rename to java/core/src/test/java/co/worklytics/psoxy/rules/salesforce/SalesforceTests.java index c8ee9221a..6e190aab1 100644 --- a/java/core/src/test/java/co/worklytics/psoxy/salesforce/SalesforceTests.java +++ b/java/core/src/test/java/co/worklytics/psoxy/rules/salesforce/SalesforceTests.java @@ -1,4 +1,4 @@ -package co.worklytics.psoxy.salesforce; +package co.worklytics.psoxy.rules.salesforce; import co.worklytics.psoxy.rules.JavaRulesTestBaseCase; import co.worklytics.psoxy.rules.RESTRules; @@ -194,4 +194,4 @@ public Stream getExamples() { InvocationExample.of("https://test.salesforce.com/services/data/v51.0/query/SOME_TOKEN", "related_item_query.json") ); } -} +} \ No newline at end of file diff --git a/java/impl/aws/pom.xml b/java/impl/aws/pom.xml index 0ecb86ce6..9f3b0e165 100644 --- a/java/impl/aws/pom.xml +++ b/java/impl/aws/pom.xml @@ -186,15 +186,16 @@ maven-assembly-plugin + 3.7.1 co.worklytics.psoxy.Handler - - jar-with-dependencies - + + ../uber-jar.xml + false diff --git a/java/impl/aws/src/main/java/co/worklytics/psoxy/aws/VaultAwsIamAuth.java b/java/impl/aws/src/main/java/co/worklytics/psoxy/aws/VaultAwsIamAuth.java index 2c6a14175..3b6611c7d 100644 --- a/java/impl/aws/src/main/java/co/worklytics/psoxy/aws/VaultAwsIamAuth.java +++ b/java/impl/aws/src/main/java/co/worklytics/psoxy/aws/VaultAwsIamAuth.java @@ -215,7 +215,10 @@ void preflightChecks(@NonNull String getVaultServerUrl) { CloseableHttpResponse r = httpClient.execute(asHttpPost(buildGetCallerIdentityRequest(getVaultServerUrl))); if (r.getStatusLine().getStatusCode() == 200) { //if succeeds, content is the lambda's identity (eg, it's IAM execution role) - log.info("STS preflight check succeeded: " + IOUtils.toString(r.getEntity().getContent(), StandardCharsets.UTF_8)); + log.info("STS preflight check succeeded"); + //actual content is XML; don't want to mess around w XML parser so if you want to + // double-check identity, uncomment the following: + // log.info("Assumed rule: " + IOUtils.toString(r.getEntity().getContent(), StandardCharsets.UTF_8)); } else { throw new RuntimeException("STS preflight failed: " + r.getStatusLine()); } @@ -272,4 +275,4 @@ String serializeToJsonMultimap(Map map) { }); return jsonObject.toString(); } -} \ No newline at end of file +} diff --git a/java/impl/cmd-line/pom.xml b/java/impl/cmd-line/pom.xml index bb8a28456..7b165e1ac 100644 --- a/java/impl/cmd-line/pom.xml +++ b/java/impl/cmd-line/pom.xml @@ -20,7 +20,7 @@ com.google.cloud - google-cloud-bom + libraries-bom ${dependency.google-cloud-bom.version} pom import diff --git a/java/impl/gcp/check-grpc-services.sh b/java/impl/gcp/check-grpc-services.sh new file mode 100755 index 000000000..fd21180e8 --- /dev/null +++ b/java/impl/gcp/check-grpc-services.sh @@ -0,0 +1,26 @@ +#!/usr/bin/env bash + +# helper script to quickly check the gRPC services in a jar file, which seems to be root cause +# of the gRPC issue in the cloud function + +RED='\e[0;31m' +BLUE='\e[34m' +NC='\e[0m' # No Color + +# determine the jar file to check +VERSION=$1 +if [ -z "$VERSION" ]; then + printf "${RED}ERROR: version is required${NC}\n" + echo "Usage: $0 " + exit 1 +fi + +JAR_FILE=target/psoxy-gcp-${VERSION}.jar + + +printf "Checking grpc load balancer services in jar file: ${BLUE}${JAR_FILE}${NC}\n" +printf " (this should contain long list, including 'io.grpc.internal.PickFirstLoadBalancerProvider')\n" +jar xf $JAR_FILE META-INF/services/io.grpc.LoadBalancerProvider + +cat META-INF/services/io.grpc.LoadBalancerProvider +rm -rf META-INF diff --git a/java/impl/gcp/pom.xml b/java/impl/gcp/pom.xml index ed28a4fbb..e63b64e5d 100644 --- a/java/impl/gcp/pom.xml +++ b/java/impl/gcp/pom.xml @@ -21,7 +21,7 @@ psoxy-gmail-dwd@psoxy-dev-erik.iam.gserviceaccount.com - 26.1.4 + ${dependency.google-cloud-bom.version} @@ -46,7 +46,7 @@ com.google.cloud libraries-bom - ${google-libraries-bom.version} + ${dependency.google-cloud-bom.version} pom import @@ -95,7 +95,10 @@ com.google.cloud.functions functions-framework-api - 1.0.4 + + + 1.1.0 + provided @@ -151,13 +154,15 @@ mvn function:run -Drun.functionTarget=your.package.yourFunction + eg, mvn function:run -Drun.functionTarget=co.worklytics.psoxy.Route + NOTE: intellij deploy run config doesn't work the first time. you should run the `gcloud functions deploy` cmd once interactively, and follow the prompt to confirm that you wish to block unauthenticated connections --> com.google.cloud.functions function-maven-plugin - 0.9.7 + 0.11.0 co.worklytics.psoxy.Route @@ -177,15 +182,16 @@ maven-assembly-plugin + 3.7.1 co.worklytics.psoxy.Route - - jar-with-dependencies - + + ../uber-jar.xml + false @@ -246,7 +252,7 @@ + dependencies, to facilitate eventual distribution of built JAR --> org.codehaus.mojo license-maven-plugin diff --git a/java/impl/gcp/src/main/java/co/worklytics/psoxy/Route.java b/java/impl/gcp/src/main/java/co/worklytics/psoxy/Route.java index 0d1eb4065..1da390170 100644 --- a/java/impl/gcp/src/main/java/co/worklytics/psoxy/Route.java +++ b/java/impl/gcp/src/main/java/co/worklytics/psoxy/Route.java @@ -1,6 +1,5 @@ package co.worklytics.psoxy; -import co.worklytics.psoxy.gateway.ConfigService; import co.worklytics.psoxy.gateway.HttpEventResponse; import co.worklytics.psoxy.gateway.impl.CommonRequestHandler; import co.worklytics.psoxy.gateway.impl.EnvVarsConfigService; diff --git a/java/impl/uber-jar.xml b/java/impl/uber-jar.xml new file mode 100644 index 000000000..d3e8523a9 --- /dev/null +++ b/java/impl/uber-jar.xml @@ -0,0 +1,25 @@ + + + uber-jar + + jar + + false + + + / + true + true + runtime + + + + + + + metaInf-services + + + diff --git a/java/pom.xml b/java/pom.xml index b2bfe17e0..a3576e7d5 100644 --- a/java/pom.xml +++ b/java/pom.xml @@ -10,7 +10,7 @@ pom - 0.4.56 + 0.4.57 UTF-8 1.18.30 2.40.5 @@ -20,7 +20,7 @@ 32.0.1-jre 2.13.0 5.2.2 - 0.198.0 + 26.42.0 1.43.3 1.18.0 5.10.1 @@ -100,4 +100,4 @@ - \ No newline at end of file + diff --git a/tools/gcp/container-scan.sh b/tools/gcp/container-scan.sh new file mode 100755 index 000000000..6dcd62763 --- /dev/null +++ b/tools/gcp/container-scan.sh @@ -0,0 +1,39 @@ +#!/bin/bash + + +# NOTE: requires that you've enabled the Container Analysis API for the project +# https://console.developers.google.com/apis/library/containeranalysis.googleapis.com + +RED='\033[0;31m' +GREEN='\033[0;32m' +BLUE='\033[0;34m' +NC='\033[0m' # No Color + +USAGE=$(printf "Usage: $0 \n Example: $0 psoxy-dev-erik psoxy-dev-erik-gcal") +å +PROJECT_ID=$1 +if [ -z "$PROJECT_ID" ]; then + printf "${RED}Project ID not provided. Exiting.${NC}\n" + printf "$USAGE\n" + exit 1 +fi + +INSTANCE_NAME=$2 +if [ -z "$INSTANCE_NAME" ]; then + printf "${RED}Instance name not provided. Exiting.${NC}\n" + printf "$USAGE\n" + exit 1 +fi + +REGION=us-central1 + +INSTANCE_NAME_EXTRA_DASHES=$(echo $INSTANCE_NAME | sed 's/-/--/g') + +VERSION=$(gcloud artifacts docker images list ${REGION}-docker.pkg.dev/${PROJECT_ID}/gcf-artifacts/${INSTANCE_NAME_EXTRA_DASHES} --format=json | jq -r 'max_by(.createTime) | .version') + +printf "Initiating container scan for ${BLUE}${INSTANCE_NAME}:${VERSION}${NC}\n" +printf "Results will be available in the GCP Console: ${BLUE}https://console.cloud.google.com/artifacts/docker/$PROJECT_ID/$REGION/gcf-artifacts/$INSTANCE_NAME_EXTRA_DASHES?project=$PROJECT_ID${NC}\n" + +gcloud artifacts docker images scan ${REGION}-docker.pkg.dev/${PROJECT_ID}/gcf-artifacts/${INSTANCE_NAME_EXTRA_DASHES}@$VERSION --additional-package-types=MAVEN --remote --project=$PROJECT_ID --async + +printf "${GREEN}Container scan initiated.${NC}\n" diff --git a/tools/init-tfvars.sh b/tools/init-tfvars.sh index 8261a1caa..3ade4c205 100755 --- a/tools/init-tfvars.sh +++ b/tools/init-tfvars.sh @@ -7,7 +7,7 @@ PSOXY_BASE_DIR=$2 DEPLOYMENT_ENV=${3:-"local"} HOST_PLATFORM=${4:-"aws"} -SCRIPT_VERSION="v0.4.56" +SCRIPT_VERSION="v0.4.57" if [ -z "$PSOXY_BASE_DIR" ]; then printf "Usage: init-tfvars.sh [DEPLOYMENT_ENV]\n" diff --git a/tools/release/publish.sh b/tools/release/publish.sh index 3c5738641..57c37682e 100755 --- a/tools/release/publish.sh +++ b/tools/release/publish.sh @@ -89,6 +89,25 @@ fi printf "Opening release ${BLUE}${RELEASE}${NC} in browser; review / update notes and then publish as latest ...\n" gh release view $RELEASE --web +printf "Do you want to create a docs branch based on the release? (Y/n)\n" +read -p "(Y/n) " -n 1 -r +REPLY=${REPLY:-Y} +echo # Move to a new line +if [[ "$REPLY" =~ ^[Yy][Ee]?[Ss]?$ ]]; then + if git rev-parse --verify "docs-$RELEASE" >/dev/null 2>&1; then + printf "${RED}Branch docs-${RELEASE} already exists.${NC}\n" + else + git checkout -b "docs-$RELEASE" + git push origin "docs-$RELEASE" + git checkout main + printf "Docs branch ${GREEN}docs-$RELEASE${NC} created and pushed. View it at: ${BLUE}https://github.com/Worklytics/psoxy/tree/docs-$RELEASE${NC}\n" + printf "Manual steps to publish docs in GitBook: \n" + printf "1. Create a new space under the Psoxy collection with the same name than the release ${GREEN}X.Y.Z${NC}\n" + printf "2. Enable GitHub Sync on the new space and sync with the branch: ${GREEN}docs-$RELEASE${NC}\n" + printf "3. Share → Publish to the web → Publish in collection\n" + printf "4. Now, go back to the collection and customize: General → Default space → select ${GREEN}X.Y.Z${NC}\n" + fi +fi printf " Then update example templates to point to it:\n" if [ -d ~/code/psoxy-example-aws/ ]; then diff --git a/tools/release/rc-to-main.sh b/tools/release/rc-to-main.sh index 43b1d95e7..749530922 100755 --- a/tools/release/rc-to-main.sh +++ b/tools/release/rc-to-main.sh @@ -40,10 +40,10 @@ fi touch rc_to_main.md echo "$RELEASE back to main" >> rc_to_main.md echo "" >> rc_to_main.md -echo "Next steps:" >> rc_to_main.md +echo "Next steps, after that's merged to \`main\`:" >> rc_to_main.md echo " 1. publish the release: \`./tools/release/publish.sh $RELEASE\`" >> rc_to_main.md echo " 2. update stable deployment in demos repo to point to $RELEASE" >> rc_to_main.md -echo " 3. prep next rc: \`./tools/release/prep.sh $RELEASE rc-{x.y.z}\`" >> rc_to_main.md +echo " 3. prep next rc: \`./tools/release/prep.sh $RELEASE rc-v{x.y.z}\`" >> rc_to_main.md PR_URL=$(gh pr create --title "$RELEASE" --body-file rc_to_main.md --base main --assignee "@me") PR_NUMBER=$(echo $PR_URL | sed -n 's/.*\/pull\/\([0-9]*\).*/\1/p')