Skip to content
Merged
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
2 changes: 1 addition & 1 deletion google-workspace.tf
Original file line number Diff line number Diff line change
Expand Up @@ -7,7 +7,7 @@ provider "google" {


module "worklytics_connectors_google_workspace" {
source = "git::https://github.com/worklytics/psoxy//infra/modules/worklytics-connectors-google-workspace?ref=v0.6.2"
source = "git::https://github.com/worklytics/psoxy//infra/modules/worklytics-connectors-google-workspace?ref=v0.6.3"

google_workspace_connector_settings = var.google_workspace_connector_settings

Expand Down
16 changes: 9 additions & 7 deletions kms-cmek.tf
Original file line number Diff line number Diff line change
Expand Up @@ -13,15 +13,17 @@
#locals {
# key_arn = aws_kms_key.example_key.arn # alternatively, use ar.project_aws_kms_key_arn
#
# # TODO: can eliminate this if test tool doesn't assume role when uploading to bucket
# testing_policy_statements = var.provision_testing_infra ? [
# upload_testing_policy_statements = length(module.psoxy.test_aws_principal_arns) > 0 ? [
# {
# "Sid": "Allow Test Users to Use Key",
# "Sid": "Allow Test Principals to Encrypt for Input Upload",
# "Effect": "Allow",
# "Principal": { # tests
# "AWS": "arn:aws:iam::${var.aws_account_id}:role/${module.psoxy.caller_role_name}"
# "Principal": {
# "AWS": module.psoxy.test_aws_principal_arns
# },
# "Action": "kms:*",
# "Action": [
# "kms:Encrypt",
# "kms:GenerateDataKey",
# ],
# "Resource": local.key_arn
# }
# ] : []
Expand Down Expand Up @@ -93,7 +95,7 @@
# }
# ],
# local.bulk_writer_policy_statements,
# local.testing_policy_statements,
# local.upload_testing_policy_statements,
# local.proxy_caller_policy_statements
# )
# })
Expand Down
7 changes: 4 additions & 3 deletions main.tf
Original file line number Diff line number Diff line change
Expand Up @@ -20,7 +20,7 @@ terraform {

# general cases
module "worklytics_connectors" {
source = "git::https://github.com/worklytics/psoxy//infra/modules/worklytics-connectors?ref=v0.6.2"
source = "git::https://github.com/worklytics/psoxy//infra/modules/worklytics-connectors?ref=v0.6.3"

enabled_connectors = var.enabled_connectors
connector_settings = var.connector_settings
Expand Down Expand Up @@ -119,7 +119,7 @@ locals {
}

module "psoxy" {
source = "git::https://github.com/worklytics/psoxy//infra/modules/aws-host?ref=v0.6.2"
source = "git::https://github.com/worklytics/psoxy//infra/modules/aws-host?ref=v0.6.3"

environment_name = var.environment_name
aws_account_id = var.aws_account_id
Expand All @@ -131,6 +131,7 @@ module "psoxy" {
force_bundle = var.force_bundle
caller_gcp_service_account_ids = var.caller_gcp_service_account_ids
caller_aws_arns = var.caller_aws_arns
test_aws_principal_arns = var.test_aws_principal_arns
non_production_connectors = var.non_production_connectors
custom_api_connector_rules = var.custom_api_connector_rules
lookup_table_builders = var.lookup_table_builders
Expand Down Expand Up @@ -196,7 +197,7 @@ locals {
module "connection_in_worklytics" {
for_each = local.all_instances

source = "git::https://github.com/worklytics/psoxy//infra/modules/worklytics-proxy-connection-aws?ref=v0.6.2"
source = "git::https://github.com/worklytics/psoxy//infra/modules/worklytics-proxy-connection-aws?ref=v0.6.3"

proxy_instance_id = each.key
worklytics_host = var.worklytics_host
Expand Down
10 changes: 5 additions & 5 deletions msft-365.tf
Original file line number Diff line number Diff line change
@@ -1,7 +1,7 @@
# BEGIN MSFT

module "worklytics_connectors_msft_365" {
source = "git::https://github.com/worklytics/psoxy//infra/modules/worklytics-connectors-msft-365?ref=v0.6.2"
source = "git::https://github.com/worklytics/psoxy//infra/modules/worklytics-connectors-msft-365?ref=v0.6.3"

msft_365_connector_settings = var.msft_365_connector_settings

Expand Down Expand Up @@ -50,7 +50,7 @@ data "aws_region" "current" {
module "cognito_identity_pool" {
count = local.msft_365_enabled ? 1 : 0 # only provision identity pool if MSFT-365 connectors are enabled

source = "git::https://github.com/worklytics/psoxy//infra/modules/aws-cognito-pool?ref=v0.6.2"
source = "git::https://github.com/worklytics/psoxy//infra/modules/aws-cognito-pool?ref=v0.6.3"

developer_provider_name = local.developer_provider_name
name = "${local.env_qualifier}-azure-ad-federation"
Expand All @@ -72,10 +72,10 @@ locals {
module "cognito_identity" {
count = local.msft_365_enabled ? 1 : 0 # only provision identity pool if MSFT-365 connectors are enabled

source = "git::https://github.com/worklytics/psoxy//infra/modules/aws-cognito-identity-cli?ref=v0.6.2"
source = "git::https://github.com/worklytics/psoxy//infra/modules/aws-cognito-identity-cli?ref=v0.6.3"


aws_region = data.aws_region.current.id
aws_region = data.aws_region.current.region
aws_role = var.aws_assume_role_arn
identity_pool_id = module.cognito_identity_pool[0].pool_id
login_ids = {
Expand Down Expand Up @@ -109,7 +109,7 @@ locals {
module "msft_connection_auth_federation" {
for_each = local.provision_entraid_apps ? local.enabled_to_entraid_object : local.shared_to_entraid_object

source = "git::https://github.com/worklytics/psoxy//infra/modules/azuread-federated-credentials?ref=v0.6.2"
source = "git::https://github.com/worklytics/psoxy//infra/modules/azuread-federated-credentials?ref=v0.6.3"

application_id = each.value.connector_id
display_name = "${local.env_qualifier}AccessFromAWS"
Expand Down
8 changes: 8 additions & 0 deletions variables.tf
Original file line number Diff line number Diff line change
Expand Up @@ -141,6 +141,14 @@ variable "caller_aws_arns" {
}


variable "test_aws_principal_arns" {
type = list(string)
description = "AWS principal ARNs allowed to test the deployment. When null and provision_testing_infra is true, defaults to the IAM principal running Terraform."
default = null
nullable = true
}


variable "connector_display_name_suffix" {
type = string
description = "suffix to append to display_names of connector SAs; helpful to distinguish between various ones in testing/dev scenarios"
Expand Down
Loading