From aa430572c2ac61be52bd0c118848c28caf770d32 Mon Sep 17 00:00:00 2001 From: ofiriro3 Date: Tue, 7 Feb 2023 14:56:59 +0200 Subject: [PATCH 001/105] update integration to 1.1.1 --- deploy/cloud/data/package_policy.json | 9 ++------- deploy/cloud/data/package_policy_vanilla.json | 9 ++------- 2 files changed, 4 insertions(+), 14 deletions(-) diff --git a/deploy/cloud/data/package_policy.json b/deploy/cloud/data/package_policy.json index d4387d1c40..c81a761f2c 100644 --- a/deploy/cloud/data/package_policy.json +++ b/deploy/cloud/data/package_policy.json @@ -59,12 +59,7 @@ ], "package": { "name": "cloud_security_posture", - "title": "Kubernetes Security Posture Management", - "version": "1.0.5" - }, - "vars": { - "runtimeCfg": { - "type": "yaml" - } + "title": "Kubernetes Security Posture Management (KSPM)", + "version": "1.1.1" } } diff --git a/deploy/cloud/data/package_policy_vanilla.json b/deploy/cloud/data/package_policy_vanilla.json index f72672efdc..8724da43f3 100644 --- a/deploy/cloud/data/package_policy_vanilla.json +++ b/deploy/cloud/data/package_policy_vanilla.json @@ -58,12 +58,7 @@ ], "package": { "name": "cloud_security_posture", - "title": "Kubernetes Security Posture Management", - "version": "1.0.5" - }, - "vars": { - "runtimeCfg": { - "type": "yaml" - } + "title": "Kubernetes Security Posture Management (KSPM)", + "version": "1.1.1" } } From 8163f4250b1cd7247b244407374b8713bc0625f5 Mon Sep 17 00:00:00 2001 From: ofiriro3 Date: Tue, 7 Feb 2023 17:31:57 +0200 Subject: [PATCH 002/105] Adding only elastic stack --- .github/workflows/Periodic-CI.yml | 249 -------------- .github/workflows/cloudbeat-ci.yml | 315 ------------------ .github/workflows/eks-ci.yml | 252 -------------- .github/workflows/packaging.yml | 50 --- .github/workflows/publish-test-results.yml | 86 ----- .github/workflows/unit-test.yml | 140 -------- .github/workflows/weekly-enviroment.yml | 141 ++++++++ .gitignore | 1 + .../cloud/modules/weekly-environment/main.tf | 30 ++ .../modules/weekly-environment/outputs.tf | 26 ++ .../modules/weekly-environment/terraform.tf | 13 + .../modules/weekly-environment/variables.tf | 60 ++++ 12 files changed, 271 insertions(+), 1092 deletions(-) delete mode 100644 .github/workflows/Periodic-CI.yml delete mode 100644 .github/workflows/cloudbeat-ci.yml delete mode 100644 .github/workflows/eks-ci.yml delete mode 100644 .github/workflows/packaging.yml delete mode 100644 .github/workflows/publish-test-results.yml delete mode 100644 .github/workflows/unit-test.yml create mode 100644 .github/workflows/weekly-enviroment.yml create mode 100644 deploy/cloud/modules/weekly-environment/main.tf create mode 100644 deploy/cloud/modules/weekly-environment/outputs.tf create mode 100644 deploy/cloud/modules/weekly-environment/terraform.tf create mode 100644 deploy/cloud/modules/weekly-environment/variables.tf diff --git a/.github/workflows/Periodic-CI.yml b/.github/workflows/Periodic-CI.yml deleted file mode 100644 index fb6e8472d5..0000000000 --- a/.github/workflows/Periodic-CI.yml +++ /dev/null @@ -1,249 +0,0 @@ -name: Periodic-CI - -on: - # On demand execution of workflow will run all suites. - workflow_dispatch: - inputs: - test-targets: - required: true - description: 'Specify test markers to run' - default: '[\"pre_merge\", \"file_system_rules\", \"k8s_object_rules\", \"process_api_server_rules\", \"process_controller_manager_rules\", \"process_etcd_rules\", \"process_kubelet_rules\", \"process_scheduler_rules\"]' - - schedule: - # Nightly job. Running every day at 2 am - - cron: '00 02 * * 0-4' - - # Weekly job running every saturday at 2 am - - cron: '00 02 * * 6' - -env: - AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }} - AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }} - GITHUB_AUTH_TOKEN: ${{ secrets.GITHUB_TOKEN }} - CONTAINER_SUFFIX: ${{ github.run_id }} - TEST_TARGETS_DEFAULT: '[\"pre_merge\", \"file_system_rules\", \"k8s_object_rules\", \"process_api_server_rules\", \"process_controller_manager_rules\", \"process_etcd_rules\", \"process_kubelet_rules\", \"process_scheduler_rules\"]' - -permissions: - actions: read - checks: write - statuses: read -jobs: - Setup: - runs-on: ubuntu-20.04 - outputs: - matrix: ${{ steps.set-matrix.outputs.matrix }} - timeout-minutes: 15 - steps: - - id: Default - env: - TEST_TARGETS: ${{ env.TEST_TARGETS_DEFAULT }} - run: | - echo "TEST_MATRIX=$TEST_TARGETS" >> $GITHUB_ENV - - - id: Nightly - if: github.event_name == 'schedule' && github.event.schedule == '00 02 * * 0-4' - env: - TEST_TARGETS: ${{ env.TEST_TARGETS_DEFAULT }} - run: echo "TEST_MATRIX=${TEST_TARGETS}" >> $GITHUB_ENV - - - id: Weekly - if: github.event_name == 'schedule' && github.event.schedule == '00 02 * * 6' - env: - TEST_TARGETS: ${{ env.TEST_TARGETS_DEFAULT }} - run: echo "TEST_MATRIX=${TEST_TARGETS}" >> $GITHUB_ENV - - - id: Push - if: github.event_name == 'push' - env: - TEST_TARGETS: '[\"pre_merge\", \"file_system_rules\"]' - run: | - echo "TEST_MATRIX=$TEST_TARGETS" >> $GITHUB_ENV - - - id: Dispatch - if: github.event_name == 'workflow_dispatch' - env: - TEST_TARGETS: ${{ github.event.inputs.test-targets }} - run: echo "TEST_MATRIX=${TEST_TARGETS}" >> $GITHUB_ENV - - - id: set-matrix - run: echo "{matrix}={${{ env.TEST_MATRIX}}}" >> $GITHUB_OUTPUT - - Build: - name: Build - runs-on: ubuntu-20.04 - timeout-minutes: 15 - steps: - - name: Check out the repo - uses: actions/checkout@v3 - - - name: Set up Go - uses: actions/setup-go@v3 - with: - go-version-file: .go-version - - - name: Fetch OPA version - run: echo "OPA_VERSION=$(go list -m -f {{.Version}} github.com/open-policy-agent/opa | sed 's/v//')" >> $GITHUB_ENV - - - name: Setup OPA - uses: open-policy-agent/setup-opa@v2 - with: - version: ${{ env.OPA_VERSION }} - - - name: cache go dependencies - uses: actions/cache@v3 - with: - path: | - ~/go/pkg/mod - ~/.cache/go-build - key: ${{ runner.os }}-go-${{ matrix.go-version }}-${{ hashFiles('**/go.sum') }} - restore-keys: | - ${{ runner.os }}-go-${{ matrix.go-version }}- - - - name: build cloudbeat - run: make - - - name: build opa bundle - uses: magefile/mage-action@v2 - with: - version: latest - args: BuildOpaBundle - - - name: Set up Docker Buildx - uses: docker/setup-buildx-action@v2 - - - name: Cache Build dependencies - uses: actions/cache@v3 - with: - path: /tmp/.buildx-cache - key: ${{ runner.os }}-buildx-${{ github.workflow }} - restore-keys: | - ${{ runner.os }}-buildx- - - - name: Build cloudbeat-docker - uses: docker/build-push-action@v4 - with: - context: . - push: false - tags: cloudbeat:latest - cache-from: type=local,src=/tmp/.buildx-cache - cache-to: type=local,dest=/tmp/.buildx-cache-new - outputs: type=docker,dest=/tmp/cloudbeat-${{ env.CONTAINER_SUFFIX }}.tar - - - name: Build pytest-docker - uses: docker/build-push-action@v4 - with: - context: ./tests/. - push: false - tags: cloudbeat-test:latest - cache-from: type=local,mode=max,src=/tmp/.buildx-cache - cache-to: type=local,mode=max,dest=/tmp/.buildx-cache-new - outputs: type=docker,dest=/tmp/pytest-${{ env.CONTAINER_SUFFIX }}.tar - - - name: Cache docker images - uses: actions/cache@v3 - with: - path: /tmp/*.tar - key: ${{ runner.os }}-dockers-cache-${{ env.CONTAINER_SUFFIX }} - restore-keys: | - ${{ runner.os }}-dockers-cache-${{ env.CONTAINER_SUFFIX }} - - - name: Move cache - run: | - rm -rf /tmp/.buildx-cache - mv /tmp/.buildx-cache-new /tmp/.buildx-cache - - Test_Matrix: - needs: ['Build', 'Setup'] - strategy: - fail-fast: false - matrix: - test-target: ${{fromJson(needs.Setup.outputs.matrix)}} - name: ${{ matrix.test-target }}-tests - runs-on: ubuntu-20.04 - timeout-minutes: 90 - steps: - - name: Check out the repo - uses: actions/checkout@v3 - - - uses: azure/setup-helm@v3 - id: install - - - uses: extractions/setup-just@v1 - env: - GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} - - - name: Create k8s Kind Cluster - uses: helm/kind-action@v1.5.0 - with: - config: deploy/k8s/kind/kind-mono.yml - - - name: Cache docker images - uses: actions/cache@v3 - with: - path: /tmp/*.tar - key: ${{ runner.os }}-dockers-cache-${{ env.CONTAINER_SUFFIX }} - restore-keys: | - ${{ runner.os }}-dockers-cache- - - - name: Load images to kind - run: | - kind load image-archive /tmp/cloudbeat-${{ env.CONTAINER_SUFFIX }}.tar --name=kind-mono & kind load image-archive /tmp/pytest-${{ env.CONTAINER_SUFFIX }}.tar --name=kind-mono - - - name: Deploy tests Helm chart - id: deploy_helm - run: | - just deploy-tests-helm-ci ${{ matrix.test-target }} - - - name: Run Tests - id: run_tests - run: | - just run-tests-ci - - - name: Upload Test Results - if: always() - uses: actions/upload-artifact@v3 - with: - name: allure_results-${{ matrix.test-target}} - path: tests/allure/results/ - - - name: clear cache - id: clear_cache - if: success() - run: rm -rf /tmp/${{ env.CONTAINER_SUFFIX }}}.tar - - publish_results: - name: Publish Results - needs: Test_Matrix - if: always() - runs-on: ubuntu-20.04 - steps: - - name: Download Artifacts - uses: actions/download-artifact@v3 - with: - path: artifacts - - - name: Extract Artifacts - run: | - mkdir -p tests/allure/results - find artifacts/ -type f -print0 | xargs -0 mv -t tests/allure/results - - - name: Publish allure report - if: always() - uses: andrcuns/allure-publish-action@v2.2.3 - with: - storageType: s3 - resultsGlob: "tests/allure/results/*" - updatePr: actions - collapseSummary: false - summary: suites - summaryTableType: markdown - copyLatest: true - bucket: csp-allure-reports - prefix: allure_reports/cloudbeat/${{ github.ref_name }} - ignoreMissingResults: true - - - name: Setup tmate session - uses: mxschmitt/action-tmate@v3 - if: failure() - with: - limit-access-to-actor: true diff --git a/.github/workflows/cloudbeat-ci.yml b/.github/workflows/cloudbeat-ci.yml deleted file mode 100644 index 99987ef7a9..0000000000 --- a/.github/workflows/cloudbeat-ci.yml +++ /dev/null @@ -1,315 +0,0 @@ -name: Cloudbeat-CI - -on: - pull_request: - branches: - - main - - '[0-9]+.[0-9]+' - types: [opened, synchronize, reopened] - -env: - CONTAINER_SUFFIX: ${{ github.run_id }} - -concurrency: - group: ${{ github.workflow }}-${{ github.head_ref || github.run_id }} - cancel-in-progress: true - -jobs: - Lint: - # for more information see .pre-commit-config.yaml - name: Pre-commit Hooks - runs-on: ubuntu-latest - timeout-minutes: 10 - steps: - - name: Check out the repo - uses: actions/checkout@v3 - - - name: Init Hermit - run: ./bin/hermit env -r >> $GITHUB_ENV - - - name: Pre-commit Hooks - run: | - pre-commit run --all-files - shell: bash - - Build: - name: Build - runs-on: ubuntu-20.04 - timeout-minutes: 15 - steps: - - name: Check out the repo - uses: actions/checkout@v3 - - - name: Init Hermit - run: ./bin/hermit env -r >> $GITHUB_ENV - - - name: cache go dependencies - uses: actions/cache@v3 - with: - path: | - ~/go/pkg/mod - ~/.cache/go-build - key: ${{ runner.os }}-go-${{ matrix.go-version }}-${{ hashFiles('**/go.sum') }} - restore-keys: | - ${{ runner.os }}-go-${{ matrix.go-version }}- - - - name: build cloudbeat binary - uses: magefile/mage-action@v2 - with: - version: latest - args: build - - - name: build opa bundle - uses: magefile/mage-action@v2 - with: - version: latest - args: BuildOpaBundle - - - name: Set up Docker Buildx - uses: docker/setup-buildx-action@v1 - - - name: Cache Build dependencies - uses: actions/cache@v2 - with: - path: /tmp/.buildx-cache - key: ${{ runner.os }}-buildx-${{ github.workflow }} - restore-keys: | - ${{ runner.os }}-buildx- - - - name: Build cloudbeat-docker - uses: docker/build-push-action@v4 - with: - context: . - push: false - tags: cloudbeat:latest - cache-from: type=local,src=/tmp/.buildx-cache - cache-to: type=local,dest=/tmp/.buildx-cache-new - outputs: type=docker,dest=/tmp/cloudbeat-${{ env.CONTAINER_SUFFIX }}.tar - - - name: Build elastic-agent - run: | - make build_elastic_agent_docker_image - - - name: Build pytest-docker - uses: docker/build-push-action@v4 - with: - context: ./tests/. - push: false - tags: cloudbeat-test:latest - cache-from: type=local,mode=max,src=/tmp/.buildx-cache - cache-to: type=local,mode=max,dest=/tmp/.buildx-cache-new - outputs: type=docker,dest=/tmp/pytest-${{ env.CONTAINER_SUFFIX }}.tar - - - name: Cache docker images - uses: actions/cache@v3 - with: - path: /tmp/*.tar - key: ${{ runner.os }}-dockers-cache-${{ env.CONTAINER_SUFFIX }} - - - name: Move cache - run: | - ./.ci/scripts/gh-cache.sh - shell: bash - - Test_Matrix: - name: ${{ matrix.test-target }}-${{ matrix.range }}-tests - needs: [Build] - runs-on: ubuntu-20.04 - timeout-minutes: 55 - strategy: - matrix: - include: - - test-target: pre_merge_agent - range: '' - values_file: tests/deploy/values/ci-sa-agent.yml - - test-target: pre_merge - range: '' - values_file: tests/deploy/values/ci.yml - - test-target: file_system_rules - range: '0..5' - values_file: tests/deploy/values/ci.yml - - test-target: file_system_rules - range: '5..10' - values_file: tests/deploy/values/ci.yml - - test-target: file_system_rules - range: '10..15' - values_file: tests/deploy/values/ci.yml - - test-target: file_system_rules - range: '15..20' - values_file: tests/deploy/values/ci.yml - - test-target: file_system_rules - range: '20..25' - values_file: tests/deploy/values/ci.yml - - test-target: file_system_rules - range: '25..30' - values_file: tests/deploy/values/ci.yml - - test-target: file_system_rules - range: '30..35' - values_file: tests/deploy/values/ci.yml - - test-target: file_system_rules - range: '35..40' - values_file: tests/deploy/values/ci.yml - - test-target: file_system_rules - range: '40..45' - values_file: tests/deploy/values/ci.yml - - test-target: file_system_rules - range: '45..50' - values_file: tests/deploy/values/ci.yml - - test-target: file_system_rules - range: '50..55' - values_file: tests/deploy/values/ci.yml - - test-target: file_system_rules - range: '55..60' - values_file: tests/deploy/values/ci.yml - - test-target: file_system_rules - range: '60..65' - values_file: tests/deploy/values/ci.yml - - test-target: file_system_rules - range: '65..70' - values_file: tests/deploy/values/ci.yml - - test-target: file_system_rules - range: '70..' - values_file: tests/deploy/values/ci.yml - - test-target: k8s_object_rules - range: '0..6' - values_file: tests/deploy/values/ci.yml - - test-target: k8s_object_rules - range: '6..12' - values_file: tests/deploy/values/ci.yml - - test-target: k8s_object_rules - range: '12..18' - values_file: tests/deploy/values/ci.yml - - test-target: k8s_object_rules - range: '18..' - values_file: tests/deploy/values/ci.yml - - test-target: process_scheduler_rules - range: '0..3' - values_file: tests/deploy/values/ci.yml - - test-target: process_scheduler_rules - range: '3..' - values_file: tests/deploy/values/ci.yml - - test-target: process_api_server_rules - range: '0..5' - values_file: tests/deploy/values/ci.yml - - test-target: process_api_server_rules - range: '5..10' - values_file: tests/deploy/values/ci.yml - - test-target: process_api_server_rules - range: '10..15' - values_file: tests/deploy/values/ci.yml - - test-target: process_api_server_rules - range: '15..20' - values_file: tests/deploy/values/ci.yml - - test-target: process_api_server_rules - range: '20..24' - values_file: tests/deploy/values/ci.yml - - test-target: process_api_server_rules - range: '24..28' - values_file: tests/deploy/values/ci.yml - - test-target: process_api_server_rules - range: '28..32' - values_file: tests/deploy/values/ci.yml - - test-target: process_api_server_rules - range: '32..36' - values_file: tests/deploy/values/ci.yml - - test-target: process_api_server_rules - range: '36..40' - values_file: tests/deploy/values/ci.yml - - test-target: process_api_server_rules - range: '40..44' - values_file: tests/deploy/values/ci.yml - - test-target: process_api_server_rules - range: '44..48' - values_file: tests/deploy/values/ci.yml - - test-target: process_api_server_rules - range: '48..52' - values_file: tests/deploy/values/ci.yml - - test-target: process_api_server_rules - range: '52..56' - values_file: tests/deploy/values/ci.yml - - test-target: process_api_server_rules - range: '56..' - values_file: tests/deploy/values/ci.yml - - test-target: process_controller_manager_rules - range: '0..4' - values_file: tests/deploy/values/ci.yml - - test-target: process_controller_manager_rules - range: '4..8' - values_file: tests/deploy/values/ci.yml - - test-target: process_controller_manager_rules - range: '8..12' - values_file: tests/deploy/values/ci.yml - - test-target: process_controller_manager_rules - range: '12..' - values_file: tests/deploy/values/ci.yml - - test-target: process_etcd_rules - range: '0..4' - values_file: tests/deploy/values/ci.yml - - test-target: process_etcd_rules - range: '4..8' - values_file: tests/deploy/values/ci.yml - - test-target: process_etcd_rules - range: '8..' - values_file: tests/deploy/values/ci.yml - - test-target: process_kubelet_rules - range: '0..4' - values_file: tests/deploy/values/ci.yml - - test-target: process_kubelet_rules - range: '4..8' - values_file: tests/deploy/values/ci.yml - - test-target: process_kubelet_rules - range: '8..12' - values_file: tests/deploy/values/ci.yml - - test-target: process_kubelet_rules - range: '12..16' - values_file: tests/deploy/values/ci.yml - - test-target: process_kubelet_rules - range: '16..20' - values_file: tests/deploy/values/ci.yml - - test-target: process_kubelet_rules - range: '20..' - values_file: tests/deploy/values/ci.yml - fail-fast: false - steps: - - name: Check out the repo - uses: actions/checkout@v3 - - - name: Init Hermit - run: ./bin/hermit env -r >> $GITHUB_ENV - - - name: Create k8s Kind Cluster - run: | - just create-kind-cluster - - - name: Cache docker images - uses: actions/cache@v3 - with: - path: /tmp/*.tar - key: ${{ runner.os }}-dockers-cache-${{ env.CONTAINER_SUFFIX }} - - - name: Load images to kind - run: | - ./.ci/scripts/kind-images.sh ${{ env.CONTAINER_SUFFIX }} kind-multi - shell: bash - - - name: Deploy tests Helm chart - id: deploy_helm - run: | - just deploy-tests-helm ${{ matrix.test-target }} ${{ matrix.values_file }} ${{ matrix.range }} - - - name: Run Tests - id: run_tests - run: | - just run-tests ${{ matrix.test-target }} - - - name: Upload Test Results - if: always() - uses: actions/upload-artifact@v3 - with: - name: allure_results-${{ matrix.test-target}} - path: tests/allure/results/ - - - name: clear cache - id: clear_cache - if: always() - run: rm -rf /tmp/*-${{ env.CONTAINER_SUFFIX }}.tar diff --git a/.github/workflows/eks-ci.yml b/.github/workflows/eks-ci.yml deleted file mode 100644 index ce6cd922c6..0000000000 --- a/.github/workflows/eks-ci.yml +++ /dev/null @@ -1,252 +0,0 @@ -name: EKS-CI - -on: - # On demand execution of workflow will run all suites. - workflow_dispatch: - inputs: - test-targets: - required: true - description: "Specify test markers to run" - default: '["eks"]' - - # On post-merge execution running eks tests - push: - branches: - - main - -env: - AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }} - AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }} - GITHUB_AUTH_TOKEN: ${{ secrets.GITHUB_TOKEN }} - CONTAINER_SUFFIX: ${{ github.run_id }} - TEST_TARGETS_DEFAULT: '["pre_merge"]' - AWS_REGION: eu-west-2 - REPORTS_DIR: tests/allure/results/ - KUBE_NAMESPACE: kube-system - -# run only a single job at a time -concurrency: EKS-Functional-Tests - -jobs: - Setup: - runs-on: ubuntu-20.04 - outputs: - matrix: ${{ steps.set-matrix.outputs.matrix }} - timeout-minutes: 15 - steps: - - id: set-default-matrix - env: - TEST_TARGETS: ${{ env.TEST_TARGETS_DEFAULT }} - run: | - echo "TEST_MATRIX=$TEST_TARGETS" >> $GITHUB_ENV - - - id: Dispatch - if: github.event_name == 'workflow_dispatch' - env: - TEST_TARGETS: ${{ github.event.inputs.test-targets }} - run: echo "TEST_MATRIX=${TEST_TARGETS}" >> $GITHUB_ENV - - - id: set-matrix - run: echo "matrix=${{ env.TEST_MATRIX}}" >> $GITHUB_OUTPUT - - Build: - name: Build - runs-on: ubuntu-20.04 - timeout-minutes: 15 - steps: - - name: Check out the repo - uses: actions/checkout@v3 - - - name: Init Hermit - run: ./bin/hermit env -r >> $GITHUB_ENV - - - name: cache go dependencies - uses: actions/cache@v3 - with: - path: | - ~/go/pkg/mod - ~/.cache/go-build - key: ${{ runner.os }}-go-${{ matrix.go-version }}-${{ hashFiles('**/go.sum') }} - restore-keys: | - ${{ runner.os }}-go-${{ matrix.go-version }}- - - - name: build cloudbeat binary - uses: magefile/mage-action@v2 - with: - version: latest - args: build - - - name: build opa bundle - uses: magefile/mage-action@v2 - with: - version: latest - args: BuildOpaBundle - - - name: Set up Docker Buildx - uses: docker/setup-buildx-action@v2 - - - name: Cache Build dependencies - uses: actions/cache@v3 - with: - path: /tmp/.buildx-cache - key: ${{ runner.os }}-buildx-${{ github.workflow }} - restore-keys: | - ${{ runner.os }}-buildx- - - - name: Build cloudbeat-docker - uses: docker/build-push-action@v4 - with: - context: . - push: false - tags: cloudbeat:latest - cache-from: type=local,src=/tmp/.buildx-cache - cache-to: type=local,dest=/tmp/.buildx-cache-new - outputs: type=docker,dest=/tmp/cloudbeat-${{ env.CONTAINER_SUFFIX }}.tar - - - name: Build elastic-agent - run: | - make build_elastic_agent_docker_image - - - name: Build pytest-docker - uses: docker/build-push-action@v4 - with: - context: ./tests/. - push: false - tags: cloudbeat-test:latest - cache-from: type=local,mode=max,src=/tmp/.buildx-cache - cache-to: type=local,mode=max,dest=/tmp/.buildx-cache-new - outputs: type=docker,dest=/tmp/pytest-${{ env.CONTAINER_SUFFIX }}.tar - - - name: Cache docker images - uses: actions/cache@v3 - with: - path: /tmp/*.tar - key: ${{ runner.os }}-dockers-cache-${{ env.CONTAINER_SUFFIX }} - - - name: Configure AWS credentials - uses: aws-actions/configure-aws-credentials@v1-node16 - with: - aws-access-key-id: ${{ env.AWS_ACCESS_KEY_ID }} - aws-secret-access-key: ${{ env.AWS_SECRET_ACCESS_KEY }} - aws-region: ${{ env.AWS_REGION }} - - - name: Login to Amazon ECR - id: login-ecr - uses: aws-actions/amazon-ecr-login@v1 - - - name: Load images cloudbeat and cloudbeat-test to ECR - id: load-to-ecr - env: - ECR_REGISTRY: ${{ steps.login-ecr.outputs.registry }} - run: | - ./.ci/scripts/ecr-images.sh ${{ env.CONTAINER_SUFFIX }} ${{ env.ECR_REGISTRY}} - shell: bash - - - - name: Move cache - run: | - ./.ci/scripts/gh-cache.sh - shell: bash - - Test_Matrix: - needs: ["Setup", "Build"] - strategy: - fail-fast: false - matrix: - include: - - test-target: eks - range: "" - values_file: tests/deploy/values/ci-eks-config-1.yml - k8s_context: "test-eks-config-1" - label: "EKS functional tests: config 1" - - test-target: eks - range: "" - values_file: tests/deploy/values/ci-eks-config-2.yml - k8s_context: "test-eks-config-2" - label: "EKS functional tests: config 2" - name: ${{ matrix.label }} - runs-on: ubuntu-20.04 - timeout-minutes: 90 - steps: - - name: Check out the repo - uses: actions/checkout@v3 - - # Setup all required tools - - name: Init Hermit - run: ./bin/hermit env -r >> $GITHUB_ENV - - - name: Get kubeconfig and select context - if: success() - run: | - aws eks update-kubeconfig --name ${{ matrix.k8s_context }} --region ${{ env.AWS_REGION }} --alias ${{ matrix.k8s_context }} - echo 'KUBE_CONFIG_DATA=$(cat ~/.kube/config | base64)' >> $GITHUB_ENV - kubectl config use-context ${{ matrix.k8s_context }} - kubectl config set-context --current --namespace=${{ env.KUBE_NAMESPACE }} - - - name: Deploy tests Helm chart - id: deploy_helm - if: success() - run: | - just deploy-tests-helm ${{ matrix.test-target }} ${{ matrix.values_file }} ${{ matrix.range }} - - - name: Execute tests - id: run_tests - if: success() - run: | - just run-tests ${{ matrix.test-target }} ${{ matrix.k8s_context }} - - - name: Copy test results - id: copy_results - if: always() - run: | - NODE=$(kubectl get po test-pod-v1 -o jsonpath='{.spec.nodeName}') - RESULTS_POD=$(kubectl get po -l k8s-app=eks-results --field-selector spec.nodeName=$NODE -o jsonpath='{.items[*].metadata.name}') - kubectl cp $RESULTS_POD:/reports ${{ env.REPORTS_DIR }} - kubectl exec $RESULTS_POD -- sh -c 'rm -rf /reports/*' - - - name: Upload Test Results - if: always() - uses: actions/upload-artifact@v3 - with: - name: allure_results-${{ matrix.test-target}} - path: ${{ env.REPORTS_DIR }} - - - name: Purge tests environment - id: purge_helm - if: always() - run: | - just purge-tests - - publish_results: - name: Publish Results - needs: Test_Matrix - if: always() - runs-on: ubuntu-20.04 - steps: - - name: Download Artifacts - uses: actions/download-artifact@v3 - with: - path: artifacts - - - name: Extract Artifacts - run: | - mkdir -p tests/allure/results - find artifacts/ -type f -print0 | xargs -0 mv -t tests/allure/results - - - name: Publish allure report - if: always() - uses: andrcuns/allure-publish-action@v2.2.3 - env: - GITHUB_AUTH_TOKEN: ${{ secrets.GITHUB_TOKEN }} - AWS_REGION: eu-west-1 - with: - storageType: s3 - resultsGlob: "tests/allure/results" - updatePr: actions - collapseSummary: false - summary: suites - summaryTableType: markdown - copyLatest: true - bucket: csp-allure-reports - prefix: allure_reports/cloudbeat/${{ github.ref_name }} - ignoreMissingResults: true diff --git a/.github/workflows/packaging.yml b/.github/workflows/packaging.yml deleted file mode 100644 index db01539108..0000000000 --- a/.github/workflows/packaging.yml +++ /dev/null @@ -1,50 +0,0 @@ -name: Packaging - -on: - pull_request: - branches: - - main - - '[0-9]+.[0-9]+' - types: [opened, synchronize, reopened] - -env: - DEV: true - SNAPSHOT: true - PLATFORMS: linux/amd64 - GOPATH: /home/runner/go - -concurrency: - group: ${{ github.workflow }}-${{ github.head_ref || github.run_id }} - cancel-in-progress: true - -jobs: - package_beat: - name: Package Cloudbeat - runs-on: ubuntu-20.04 - timeout-minutes: 15 - strategy: - fail-fast: false - matrix: - types: [ tar.gz, docker ] - steps: - - name: Check out the repo - uses: actions/checkout@v3 - - - name: Init Hermit - run: ./bin/hermit env -r >> $GITHUB_ENV - - - name: cache go dependencies - uses: actions/cache@v3 - with: - path: | - ~/go/pkg/mod - ~/.cache/go-build - key: ${{ runner.os }}-go-${{ matrix.go-version }}-${{ hashFiles('**/go.sum') }} - restore-keys: | - ${{ runner.os }}-go-${{ matrix.go-version }}- - - - name: Packaging - run: | - mage -v package - env: - TYPES: ${{ matrix.types }} diff --git a/.github/workflows/publish-test-results.yml b/.github/workflows/publish-test-results.yml deleted file mode 100644 index 589014e7f4..0000000000 --- a/.github/workflows/publish-test-results.yml +++ /dev/null @@ -1,86 +0,0 @@ -name: Publish-Test-Results - -on: - workflow_run: - workflows: ["Cloudbeat-CI"] - types: - - completed - -jobs: - publish_results: - timeout-minutes: 15 - name: Publish Results - runs-on: ubuntu-20.04 - if: github.event.workflow_run.conclusion != 'skipped' - env: - AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }} - AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }} - permissions: - checks: write - # needed unless run with comment_mode: off - pull-requests: write - # required by download step to access artifacts API - actions: read - steps: - - - name: Download and Extract Artifacts - env: - GH_TOKEN: ${{ secrets.GITHUB_TOKEN }} - run: | - mkdir -p tests/allure/results - mkdir -p artifacts && cd artifacts - - artifacts_url=${{ github.event.workflow_run.artifacts_url }} - - gh api "$artifacts_url" -q '.artifacts[] | [.name, .archive_download_url] | @tsv' | while read artifact - do - IFS=$'\t' read name url <<< "$artifact" - gh api $url > "$name.zip" - unzip -o "$name.zip" -d "../tests/allure/results" - done - - - name: Get pr info - id: pr_info - env: - GH_TOKEN: ${{ secrets.GITHUB_TOKEN }} - run: | - PR_NUM=$(gh api -X GET search/issues -f q='elastic/cloudbeat is:open is:pr is:unmerged ${{ github.event.workflow_run.head_sha }}' | jq '.items[0].number' ) - echo "PR_NUMBER=$PR_NUM" >> $GITHUB_ENV - - - name: Publish allure report - if: always() - uses: andrcuns/allure-publish-action@v2.2.3 - env: - GITHUB_AUTH_TOKEN: ${{ secrets.GITHUB_TOKEN }} - AWS_REGION: eu-west-1 - with: - storageType: s3 - resultsGlob: "tests/allure/results" - updatePr: actions - collapseSummary: false - summary: suites - summaryTableType: markdown - copyLatest: true - bucket: csp-allure-reports - prefix: allure_reports/cloudbeat/prs/${{ env.PR_NUMBER }} - ignoreMissingResults: true - - - name: Output to Job Summary - if: ${{ github.event.workflow_run.event == 'pull_request' }} - env: - GH_TOKEN: ${{ secrets.GITHUB_TOKEN }} - GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} - run: | - echo "### Run Summary :rocket:" >> $GITHUB_STEP_SUMMARY - echo "Allure Report: http://csp-allure-reports.s3.amazonaws.com/allure_reports/cloudbeat/prs/${{ env.PR_NUMBER }}/index.html" >> $GITHUB_STEP_SUMMARY - - - name: Comment test success result - uses: marocchino/sticky-pull-request-comment@v2 - if: ${{ github.event.workflow_run.event == 'pull_request' }} - with: - header: Test Results - number: ${{ env.PR_NUMBER }} - GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} - message: | - ## Cloudbeat CI :robot: - Allure Report: http://csp-allure-reports.s3.amazonaws.com/allure_reports/cloudbeat/prs/${{ env.PR_NUMBER }}/index.html diff --git a/.github/workflows/unit-test.yml b/.github/workflows/unit-test.yml deleted file mode 100644 index b695c537c5..0000000000 --- a/.github/workflows/unit-test.yml +++ /dev/null @@ -1,140 +0,0 @@ -name: UnitTests - -on: - pull_request: - branches: - - main - - '[0-9]+.[0-9]+' - types: [opened, synchronize, reopened] - push: - branches: - - main - -env: - K8S_MANIFEST_DIR: deploy - - -concurrency: - group: ${{ github.workflow }}-${{ github.head_ref || github.run_id }} - cancel-in-progress: true - -jobs: - unit_tests: - name: Unit Tests - runs-on: ubuntu-20.04 - timeout-minutes: 15 - steps: - - name: Check out the repo - uses: actions/checkout@v3 - - - name: Init Hermit - run: ./bin/hermit env -r >> $GITHUB_ENV - - - name: Mage Check - run: mage check - - - name: Mage checkLicenseHeaders - run: mage checkLicenseHeaders - - - name: Mage build bundle before unit tests - uses: magefile/mage-action@v2 - with: - args: buildOpaBundle - - - name: Copy bundle to required dirs - run: | - cp bundle.tar.gz evaluator/ - - - name: Validate mocks - run: just validate-mocks - - - name: Unit-Test Cloudbeat - run: | - GOOS=linux go test -v -coverpkg=./... -coverprofile=cover.out.tmp ./... - cat cover.out.tmp | grep -v "mock_.*.go" > cover.out # remove mock files from coverage report - - - name: Upload coverage artifact - uses: actions/upload-artifact@v3 - with: - name: coverage-file - path: cover.out - - coverage: - name: Coverage report - needs: unit_tests - runs-on: ubuntu-20.04 - timeout-minutes: 10 - steps: - - name: Check out the repo - uses: actions/checkout@v3 - - - name: Init Hermit - run: ./bin/hermit env -r >> $GITHUB_ENV - - - name: Install goveralls - run: go install github.com/mattn/goveralls@latest - - - name: Download coverage artifact - uses: actions/download-artifact@v3 - with: - name: coverage-file - - - name: Send coverage - env: - COVERALLS_TOKEN: ${{ secrets.GITHUB_TOKEN }} - run: goveralls -coverprofile=cover.out -service=github - - manifest_tests: - name: Manifest Tests - runs-on: ubuntu-20.04 - timeout-minutes: 15 - steps: - - name: Check out the repo - uses: actions/checkout@v3 - - - name: Get diff k8s manifests - uses: technote-space/get-diff-action@v6 - with: - PATTERNS: ${{ env.K8S_MANIFEST_DIR }}/** - - - name: Run K8s manifest tests - if: env.GIT_DIFF - uses: stefanprodan/kube-tools@v1 - with: - kubectl: 1.18.4 - kubeval: v0.16.1 - command: | - kubeval --strict -d ${{ env.K8S_MANIFEST_DIR }} --ignore-missing-schemas --ignored-filename-patterns kustomization,kind,patch,cloudbeat,cloudformation --skip-kinds ClusterConfig - - golangci: - name: golangci-lint - runs-on: ubuntu-20.04 - timeout-minutes: 15 - steps: - - name: Check out the repo - uses: actions/checkout@v3 - - uses: actions/setup-go@v3 - with: - go-version-file: .go-version - - name: Check out the repo - uses: actions/checkout@v3 - with: - token: ${{ secrets.GITHUB_TOKEN }} - repository: ${{ (github.event.pull_request_target || github.event.pull_request).head.repo.full_name }} - ref: ${{ (github.event.pull_request_target || github.event.pull_request).head.sha }} - - - name: Go linter - uses: golangci/golangci-lint-action@v3 - with: - version: latest - args: --timeout=10m --whole-files - - dependency-review: - runs-on: ubuntu-20.04 - if: ${{ github.event_name == 'pull_request' }} - steps: - - name: Checkout Repository - uses: actions/checkout@v3 - - - name: Dependency Review - uses: actions/dependency-review-action@v3 diff --git a/.github/workflows/weekly-enviroment.yml b/.github/workflows/weekly-enviroment.yml new file mode 100644 index 0000000000..1816b4eeec --- /dev/null +++ b/.github/workflows/weekly-enviroment.yml @@ -0,0 +1,141 @@ +name: Weekly environment deployment + +on: + workflow_dispatch: + inputs: + environment: + description: 'Environment to run tests against' + type: choice + options: + - weekly environment + logLevel: + description: 'Log level' + required: true + default: 'warning' + type: choice + options: + - TRACE + - DEBUG + - INFO + - WARN + - ERROR + StackVersion: + description: 'Stack version' + required: true + default: 'warning' + type: choice + options: + - TRACE + - DEBUG + - INFO + - WARN + - ERROR + +env: + AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }} + AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }} + GITHUB_AUTH_TOKEN: ${{ secrets.GITHUB_TOKEN }} + CONTAINER_SUFFIX: ${{ github.run_id }} + AWS_REGION: eu-north-1 + KUBE_NAMESPACE: kube-system + WORKING_DIR: deploy/cloud/weekly-environment + ENVIRONMENT: "weekly-environment" + TF_VAR_ec_api_key: ${{ secrets.TF_VAR_EC_API_KEY }} + TF_VAR_environment: ${{ github.event.inputs.logLevel }} + TF_VAR_eks_region: eu-north-1 + TF_LOG: ${{ github.event.inputs.logLevel }} + +jobs: + terraform: + name: Deploy KSPM/CSPM cloud environment + runs-on: ubuntu-latest + defaults: + run: + working-directory: ${{ env.WORKING_DIR }} + steps: + - name: Check out the repo + uses: actions/checkout@v2 + + - name: Setup Terraform + uses: hashicorp/setup-terraform@v2 + with: + terraform_version: 1.3.5 + terraform_wrapper: false + + - name: Terraform fmt + id: fmt + run: terraform fmt -check + continue-on-error: true + + - name: Terraform Validate + id: validate + run: terraform validate -no-color + + - name: Terraform Init + id: init + run: terraform init -no-color + + - name: Deploy Elastic Cloud + id: apply + run: terraform apply --auto-approve + + - name: Set terraform output as env variable + id: kibana_url + run: | + echo "KIBANA_URL=$(terraform output kibana_url)" >> $GITHUB_ENV + + - name: Set sensitive terraform output as env variable + id: set_sensitive_output + run: | + export ELASTICSEARCH_USERNAME=$(terraform output elasticsearch_username) + echo "::add-mask::$ELASTICSEARCH_USERNAME" + echo "ELASTICSEARCH_USERNAME=$ELASTICSEARCH_USERNAME" >> $GITHUB_ENV + + export ELASTICSEARCH_PASSWORD=$(terraform output elasticsearch_password) + echo "::add-mask::$ELASTICSEARCH_PASSWORD" + echo "ELASTICSEARCH_PASSWORD=$ELASTICSEARCH_PASSWORD" >> $GITHUB_ENV + + # Once https://github.com/slackapi/slack-github-action/issues/84 will be resolved we can push the payload to a different file + - name: Send custom JSON data to Slack workflow + id: slack + uses: slackapi/slack-github-action@v1.23.0 + with: + payload: | + { + "text": "A new deployment job has been triggered", + "attachments": [ + { + "color": "#36a64f", + "fields": [ + { + "title": "Environment", + "value": "${{ github.event.inputs.environment }}", + "short": true + }, + { + "title": "Log level", + "value": "${{ github.event.inputs.logLevel }}", + "short": true + }, + { + "title": "Kibana URL", + "value": ${{ env.KIBANA_URL }}, + "short": false + }, + { + "title": "ElasticSearch username", + "value": ${{ env.ELASTICSEARCH_USERNAME }}, + "short": false + }, + { + "title": "ElasticSearch password", + "value": ${{ env.ELASTICSEARCH_PASSWORD }}, + "short": false + } + ] + } + ] + } + env: + SLACK_WEBHOOK_URL: ${{ secrets.SLACK_WEBHOOK_URL }} + SLACK_WEBHOOK_TYPE: INCOMING_WEBHOOK diff --git a/.gitignore b/.gitignore index 0bcfa0ed72..9f929c96b7 100644 --- a/.gitignore +++ b/.gitignore @@ -45,3 +45,4 @@ deploy/cloud/.terraform deploy/cloud/.terraform.lock.hcl deploy/cloud/terraform.tfstate deploy/cloud/terraform.tfstate.backup +/terraform.tfstate diff --git a/deploy/cloud/modules/weekly-environment/main.tf b/deploy/cloud/modules/weekly-environment/main.tf new file mode 100644 index 0000000000..31fb444476 --- /dev/null +++ b/deploy/cloud/modules/weekly-environment/main.tf @@ -0,0 +1,30 @@ +module "ec_deployment" { + source = "github.com/elastic/apm-server/testing/infra/terraform/modules/ec_deployment" + + region = var.ess_region + stack_version = var.stack_version + + deployment_template = var.deployment_template + deployment_name_prefix = "${var.deployment_name_prefix}-${random_string.suffix.result}" + + integrations_server = true + + elasticsearch_size = var.elasticsearch_size + elasticsearch_zone_count = var.elasticsearch_zone_count + + docker_image = var.docker_image_override + docker_image_tag_override = { + "elasticsearch" : "", + "kibana" : "", + "apm" : "" + } +} + +resource "random_string" "suffix" { + length = 3 + special = false +} + + + + diff --git a/deploy/cloud/modules/weekly-environment/outputs.tf b/deploy/cloud/modules/weekly-environment/outputs.tf new file mode 100644 index 0000000000..0c55271150 --- /dev/null +++ b/deploy/cloud/modules/weekly-environment/outputs.tf @@ -0,0 +1,26 @@ +output "elasticsearch_url" { + value = module.ec_deployment.elasticsearch_url + description = "The secure Elasticsearch URL" +} + +output "elasticsearch_username" { + value = module.ec_deployment.elasticsearch_username + description = "The Elasticsearch username" + sensitive = true +} + +output "elasticsearch_password" { + value = module.ec_deployment.elasticsearch_password + description = "The Elasticsearch password" + sensitive = true +} + +output "kibana_url" { + value = module.ec_deployment.kibana_url + description = "The secure Kibana URL" +} + +output "admin_console_url" { + value = module.ec_deployment.admin_console_url + description = "The admin console URL" +} diff --git a/deploy/cloud/modules/weekly-environment/terraform.tf b/deploy/cloud/modules/weekly-environment/terraform.tf new file mode 100644 index 0000000000..913bb398f5 --- /dev/null +++ b/deploy/cloud/modules/weekly-environment/terraform.tf @@ -0,0 +1,13 @@ +terraform { + required_providers { + random = { + source = "hashicorp/random" + version = "~> 3.1.0" + } + + ec = { + source = "elastic/ec" + version = ">=0.5.0" + } + } +} diff --git a/deploy/cloud/modules/weekly-environment/variables.tf b/deploy/cloud/modules/weekly-environment/variables.tf new file mode 100644 index 0000000000..a5c9fb8eb3 --- /dev/null +++ b/deploy/cloud/modules/weekly-environment/variables.tf @@ -0,0 +1,60 @@ +## Deployment configuration + +variable "ec_api_key" { + description = "Elastic cloud API key" + type = string +} + +variable "ess_region" { + default = "gcp-us-central1" + description = "Optional ESS region where the deployment will be created. Defaults to gcp-us-west2" + type = string +} + +variable "deployment_template" { + default = "gcp-compute-optimized-v2" + description = "Optional deployment template. Defaults to the CPU optimized template for GCP" + type = string +} + +variable "stack_version" { + default = "latest" + description = "Optional stack version" + type = string +} + +variable "elasticsearch_size" { + default = "8g" + type = string + description = "Optional Elasticsearch instance size" +} + +variable "elasticsearch_zone_count" { + default = 1 + type = number + description = "Optional Elasticsearch zone count" +} + +variable "docker_image_tag_override" { + default = { + "elasticsearch" : "", + "kibana" : "", + "apm" : "", + } + description = "Optional docker image tag override" + type = map(string) +} + +variable "docker_image_override" { + default = { + "elasticsearch" : "docker.elastic.co/cloud-release/elasticsearch-cloud-ess", + "kibana" : "docker.elastic.co/cloud-release/kibana-cloud", + "apm" : "docker.elastic.co/cloud-release/elastic-agent-cloud", + } + type = map(string) +} + +variable "deployment_name_prefix" { + default = "weekly environment" + description = "Optional set a prefix of the deployment. Defaults to cloudbeat-tf" +} From 212965d92ed40118c8310dd6b90c0bb3768d1578 Mon Sep 17 00:00:00 2001 From: ofiriro3 Date: Tue, 7 Feb 2023 17:41:39 +0200 Subject: [PATCH 003/105] update working directory --- .github/workflows/weekly-enviroment.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/weekly-enviroment.yml b/.github/workflows/weekly-enviroment.yml index 1816b4eeec..34d7ef4f7b 100644 --- a/.github/workflows/weekly-enviroment.yml +++ b/.github/workflows/weekly-enviroment.yml @@ -38,7 +38,7 @@ env: CONTAINER_SUFFIX: ${{ github.run_id }} AWS_REGION: eu-north-1 KUBE_NAMESPACE: kube-system - WORKING_DIR: deploy/cloud/weekly-environment + WORKING_DIR: deploy/cloud/modules/weekly-environment ENVIRONMENT: "weekly-environment" TF_VAR_ec_api_key: ${{ secrets.TF_VAR_EC_API_KEY }} TF_VAR_environment: ${{ github.event.inputs.logLevel }} From 061b309d34d1f2d5677321161cbeacd95901b4e5 Mon Sep 17 00:00:00 2001 From: ofiriro3 Date: Tue, 7 Feb 2023 17:44:26 +0200 Subject: [PATCH 004/105] update working directory --- .github/workflows/weekly-enviroment.yml | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/.github/workflows/weekly-enviroment.yml b/.github/workflows/weekly-enviroment.yml index 34d7ef4f7b..0003d1552b 100644 --- a/.github/workflows/weekly-enviroment.yml +++ b/.github/workflows/weekly-enviroment.yml @@ -67,14 +67,14 @@ jobs: run: terraform fmt -check continue-on-error: true - - name: Terraform Validate - id: validate - run: terraform validate -no-color - - name: Terraform Init id: init run: terraform init -no-color + - name: Terraform Validate + id: validate + run: terraform validate -no-color + - name: Deploy Elastic Cloud id: apply run: terraform apply --auto-approve From 4bb7688617fa0d23ba443bb1bb4b13d1216851b8 Mon Sep 17 00:00:00 2001 From: ofiriro3 Date: Tue, 7 Feb 2023 17:47:47 +0200 Subject: [PATCH 005/105] adding the ec provider --- deploy/cloud/modules/weekly-environment/main.tf | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/deploy/cloud/modules/weekly-environment/main.tf b/deploy/cloud/modules/weekly-environment/main.tf index 31fb444476..bee1008b74 100644 --- a/deploy/cloud/modules/weekly-environment/main.tf +++ b/deploy/cloud/modules/weekly-environment/main.tf @@ -1,3 +1,7 @@ +provider "ec" { + apikey = var.ec_api_key +} + module "ec_deployment" { source = "github.com/elastic/apm-server/testing/infra/terraform/modules/ec_deployment" From 050aeb7b6495916b829140cd4a7d0cf5f9df04ba Mon Sep 17 00:00:00 2001 From: ofiriro3 Date: Sun, 12 Feb 2023 12:46:53 +0200 Subject: [PATCH 006/105] Fixing gitignore files + adding github actions that uses the new bash script --- .../data/agent_policy_vanilla.json | 8 ++ .../data/package_policy_vanilla.json | 64 +++++++++++ .../install-kspm-vanilla-integration.sh | 19 ++++ .github/workflows/scripts/utils.sh | 106 ++++++++++++++++++ .github/workflows/weekly-enviroment.yml | 15 ++- .gitignore | 32 +++++- deploy/cloud/.gitignore | 27 ----- .../modules => }/weekly-environment/main.tf | 14 +-- .../weekly-environment/outputs.tf | 0 .../weekly-environment/terraform.tf | 0 .../weekly-environment/variables.tf | 4 +- 11 files changed, 246 insertions(+), 43 deletions(-) create mode 100644 .github/workflows/scripts/benchmarks/kspm_vanilla/data/agent_policy_vanilla.json create mode 100644 .github/workflows/scripts/benchmarks/kspm_vanilla/data/package_policy_vanilla.json create mode 100644 .github/workflows/scripts/benchmarks/kspm_vanilla/install-kspm-vanilla-integration.sh create mode 100644 .github/workflows/scripts/utils.sh delete mode 100644 deploy/cloud/.gitignore rename deploy/{cloud/modules => }/weekly-environment/main.tf (99%) rename deploy/{cloud/modules => }/weekly-environment/outputs.tf (100%) rename deploy/{cloud/modules => }/weekly-environment/terraform.tf (100%) rename deploy/{cloud/modules => }/weekly-environment/variables.tf (95%) diff --git a/.github/workflows/scripts/benchmarks/kspm_vanilla/data/agent_policy_vanilla.json b/.github/workflows/scripts/benchmarks/kspm_vanilla/data/agent_policy_vanilla.json new file mode 100644 index 0000000000..1f8040e083 --- /dev/null +++ b/.github/workflows/scripts/benchmarks/kspm_vanilla/data/agent_policy_vanilla.json @@ -0,0 +1,8 @@ +{ + "name": "weekly-environment-vanilla-policy-full-flow-1", + "namespace": "default", + "monitoring_enabled": [ + "logs", + "metrics" + ] +} diff --git a/.github/workflows/scripts/benchmarks/kspm_vanilla/data/package_policy_vanilla.json b/.github/workflows/scripts/benchmarks/kspm_vanilla/data/package_policy_vanilla.json new file mode 100644 index 0000000000..e6a406c261 --- /dev/null +++ b/.github/workflows/scripts/benchmarks/kspm_vanilla/data/package_policy_vanilla.json @@ -0,0 +1,64 @@ +{ + "name": "weekly-environment-vanilla-integration-package-full-flow-1", + "description": "", + "namespace": "default", + "policy_id": "${agent_policy_id}", + "enabled": true, + "inputs": [ + { + "type": "cloudbeat/cis_k8s", + "policy_template": "kspm", + "enabled": true, + "streams": [ + { + "enabled": true, + "data_stream": { + "type": "logs", + "dataset": "cloud_security_posture.findings" + }, + "release": "ga" + } + ] + }, + { + "type": "cloudbeat/cis_eks", + "policy_template": "kspm", + "enabled": false, + "streams": [ + { + "enabled": false, + "data_stream": { + "type": "logs", + "dataset": "cloud_security_posture.findings" + }, + "release": "ga", + "vars": { + "access_key_id": { + "type": "text" + }, + "secret_access_key": { + "type": "text" + }, + "session_token": { + "type": "text" + }, + "shared_credential_file": { + "type": "text" + }, + "credential_profile_name": { + "type": "text" + }, + "role_arn": { + "type": "text" + } + } + } + ] + } + ], + "package": { + "name": "cloud_security_posture", + "title": "Kubernetes Security Posture Management (KSPM)", + "version": "1.1.1" + } +} diff --git a/.github/workflows/scripts/benchmarks/kspm_vanilla/install-kspm-vanilla-integration.sh b/.github/workflows/scripts/benchmarks/kspm_vanilla/install-kspm-vanilla-integration.sh new file mode 100644 index 0000000000..bb040d56ce --- /dev/null +++ b/.github/workflows/scripts/benchmarks/kspm_vanilla/install-kspm-vanilla-integration.sh @@ -0,0 +1,19 @@ +#!/bin/bash + +source ../../utils.sh + +KIBANA_URL=$1 +KIBANA_PASSWORD=$2 +KIBANA_AUTH=elastic:${KIBANA_PASSWORD} +AGENT_POLICY=data/agent_policy_vanilla.json +INTEGRATION_POLICY=data/package_policy_vanilla.json + +## Create a new agent policy And get the agent id +create_a_new_agent_policy "$KIBANA_URL" "$KIBANA_AUTH" "$AGENT_POLICY" + +# Create a new vanilla integration +create_a_new_vanilla_integration "$KIBANA_URL" "$KIBANA_AUTH" "$POLICY_ID" "$INTEGRATION_POLICY" + +# Create a new agent policy +create_new_vanilla_integration_manifest_file "$KIBANA_URL" "$KIBANA_AUTH" "$POLICY_ID" + diff --git a/.github/workflows/scripts/utils.sh b/.github/workflows/scripts/utils.sh new file mode 100644 index 0000000000..8e8e21efc9 --- /dev/null +++ b/.github/workflows/scripts/utils.sh @@ -0,0 +1,106 @@ +#!/bin/bash + +# create a new agent policy and set POLICY_ID to the new agent id +create_a_new_agent_policy() { + local KIBANA_URL=$1 + local KIBANA_AUTH=$2 + local AGENT_POLICY=$3 + + # Install Agent policy + installAgentResponse=$(curl -X POST \ + --url "${KIBANA_URL}/api/fleet/agent_policies?sys_monitoring=true" \ + -u "$KIBANA_AUTH" \ + -H 'Cache-Control: no-cache' \ + -H 'Connection: keep-alive' \ + -H 'Content-Type: application/json' \ + -H 'kbn-xsrf: true' \ + -d "@$AGENT_POLICY") + + check_status_code_of_curl "$installAgentResponse" + + POLICY_ID=$(echo "$installAgentResponse" | jq -r '.item.id') + echo "Creating a new agent policy has completed successfully: New policy id: $POLICY_ID" +} + +# create a new vanilla integration and set INTEGRATION_ID to the new integration id +create_a_new_vanilla_integration() { + local KIBANA_URL=$1 + local KIBANA_AUTH=$2 + local POLICY_ID=$3 + local INTEGRATION_POLICY=$4 + + local UPDATED_POLICY="$(jq --arg POLICY_ID "$POLICY_ID" '.policy_id |= $POLICY_ID' "$INTEGRATION_POLICY")" + echo "New integration policy: $UPDATED_POLICY" + + PACKAGE_POLICY_RESPONSE=$(curl -X POST \ + --url "${KIBANA_URL}/api/fleet/package_policies" \ + -u "$KIBANA_AUTH" \ + -H 'Cache-Control: no-cache' \ + -H 'Connection: keep-alive' \ + -H 'Content-Type: application/json' \ + -H 'kbn-xsrf: true' \ + -d "${UPDATED_POLICY}") + + check_status_code_of_curl "$PACKAGE_POLICY_RESPONSE" + + echo "Creating a new a new vanilla integration with policy id: $POLICY_ID has completed successfully.Integration policy: $UPDATED_POLICY " +} + +# create a new vanilla integration manifest file named manifest.yaml +create_new_vanilla_integration_manifest_file() { + local KIBANA_URL=$1 + local KIBANA_AUTH=$2 + local POLICY_ID=$3 + + ENROLMENT_TOKEN_RESPONSE=$(curl -X GET \ + --url "${KIBANA_URL}/api/fleet/enrollment_api_keys" \ + -u "$KIBANA_AUTH" \ + -H 'Cache-Control: no-cache' \ + -H 'Connection: keep-alive' \ + -H 'Content-Type: application/json' \ + -H 'kbn-xsrf: true') + + check_status_code_of_curl "$ENROLMENT_TOKEN_RESPONSE" + + ENROLMENT_TOKEN=$(echo "$ENROLMENT_TOKEN_RESPONSE" | jq --arg policy "$POLICY_ID" '.list[] | select(.policy_id == $policy)' | jq -r '.api_key') + echo "ENROLMENT_TOKEN: $ENROLMENT_TOKEN" + + FLEET_DATA_RESPONSE=$(curl -X GET \ + --url "${KIBANA_URL}/api/fleet/settings" \ + -u "$KIBANA_AUTH" \ + -H 'Cache-Control: no-cache' \ + -H 'Connection: keep-alive' \ + -H 'Content-Type: application/json' \ + -H 'kbn-xsrf: true') + + check_status_code_of_curl "$FLEET_DATA_RESPONSE" + FLEET_SERVER_HOST=$(echo "$FLEET_DATA_RESPONSE" | jq -r '.item.fleet_server_hosts[0]') + echo "FLEET_SERVER_HOST: $FLEET_SERVER_HOST" + + # Create the manifest file + MANIFEST_CREATION_RESPONSE=$(curl -X GET \ + --url "${KIBANA_URL}/api/fleet/kubernetes?fleetServer=${FLEET_SERVER_HOST}&enrolToken=${ENROLMENT_TOKEN}" \ + -u "$KIBANA_AUTH" \ + -H 'Cache-Control: no-cache' \ + -H 'Connection: keep-alive' \ + -H 'Content-Type: application/json' \ + -H 'kbn-xsrf: true') + + check_status_code_of_curl "$MANIFEST_CREATION_RESPONSE" + + # write the manifest file to the file system + # get the item field from the response + MANIFEST_FILE=$(echo "$MANIFEST_CREATION_RESPONSE" | jq -r '.item') + echo "$MANIFEST_FILE" > manifest.yaml +} + +check_status_code_of_curl() { + local CURL_RESPONSE=$1 + error_code=$(echo "$CURL_RESPONSE" | jq -r '.statusCode') + if [ "$error_code" != "null" ] && [ "$error_code" != "200" ]; then + echo "Error code: $error_code" + echo "Error message: $(echo "$CURL_RESPONSE" | jq -r '.message')" + echo "Error full response: $CURL_RESPONSE" + exit 1 + fi +} diff --git a/.github/workflows/weekly-enviroment.yml b/.github/workflows/weekly-enviroment.yml index 0003d1552b..771c79d3cc 100644 --- a/.github/workflows/weekly-enviroment.yml +++ b/.github/workflows/weekly-enviroment.yml @@ -38,7 +38,7 @@ env: CONTAINER_SUFFIX: ${{ github.run_id }} AWS_REGION: eu-north-1 KUBE_NAMESPACE: kube-system - WORKING_DIR: deploy/cloud/modules/weekly-environment + WORKING_DIR: deploy/weekly-environment ENVIRONMENT: "weekly-environment" TF_VAR_ec_api_key: ${{ secrets.TF_VAR_EC_API_KEY }} TF_VAR_environment: ${{ github.event.inputs.logLevel }} @@ -95,6 +95,19 @@ jobs: echo "::add-mask::$ELASTICSEARCH_PASSWORD" echo "ELASTICSEARCH_PASSWORD=$ELASTICSEARCH_PASSWORD" >> $GITHUB_ENV + - name: Install KSPM vanilla integration + id: install_vanilla_integration + run: | + ./scripts/benchmarks/kspm_vanilla/install-kspm-vanilla-integration.sh ${{ env.KIBANA_URL }} ${{ env.ELASTICSEARCH_PASSWORD }} + + - name: Deploy KSPM vanilla Agent to EC2 + id: deploy_ksmp + run: | + cat manifest.yaml + cat ./scripts/benchmarks/kspm_vanilla/manifest.yaml + cat ./scripts/benchmarks/manifest.yaml + + # Once https://github.com/slackapi/slack-github-action/issues/84 will be resolved we can push the payload to a different file - name: Send custom JSON data to Slack workflow id: slack diff --git a/.gitignore b/.gitignore index 9f929c96b7..c8777d1369 100644 --- a/.gitignore +++ b/.gitignore @@ -41,8 +41,32 @@ bundle.tar.gz /deploy/k8s/cloudbeat-ds.yaml # terraform -deploy/cloud/.terraform -deploy/cloud/.terraform.lock.hcl -deploy/cloud/terraform.tfstate -deploy/cloud/terraform.tfstate.backup +.terraform +.terraform.lock.hcl +.tfstate.backup /terraform.tfstate + +# .tfstate files +*.tfstate +*.tfstate.* +*.tfplan + +# Crash log files +crash.log + +# Exclude all .tfvars files, which are likely to contain sentitive data, such as +# password, private keys, and other secrets. These should not be part of version +# control as they are data points which are potentially sensitive and subject +# to change depending on the environment. +*.tfvars + +# Ignore override files as they are usually used to override resources locally and so +# are not checked in +override.tf +override.tf.json +*_override.tf +*_override.tf.json + +# Ignore CLI configuration files +.terraformrc +terraform.rc diff --git a/deploy/cloud/.gitignore b/deploy/cloud/.gitignore deleted file mode 100644 index 6665869f80..0000000000 --- a/deploy/cloud/.gitignore +++ /dev/null @@ -1,27 +0,0 @@ -# Local .terraform directories -**/.terraform/* - -# .tfstate files -*.tfstate -*.tfstate.* -*.tfplan - -# Crash log files -crash.log - -# Exclude all .tfvars files, which are likely to contain sentitive data, such as -# password, private keys, and other secrets. These should not be part of version -# control as they are data points which are potentially sensitive and subject -# to change depending on the environment. -*.tfvars - -# Ignore override files as they are usually used to override resources locally and so -# are not checked in -override.tf -override.tf.json -*_override.tf -*_override.tf.json - -# Ignore CLI configuration files -.terraformrc -terraform.rc diff --git a/deploy/cloud/modules/weekly-environment/main.tf b/deploy/weekly-environment/main.tf similarity index 99% rename from deploy/cloud/modules/weekly-environment/main.tf rename to deploy/weekly-environment/main.tf index bee1008b74..9f1bc94d82 100644 --- a/deploy/cloud/modules/weekly-environment/main.tf +++ b/deploy/weekly-environment/main.tf @@ -2,6 +2,11 @@ provider "ec" { apikey = var.ec_api_key } +resource "random_string" "suffix" { + length = 3 + special = false +} + module "ec_deployment" { source = "github.com/elastic/apm-server/testing/infra/terraform/modules/ec_deployment" @@ -23,12 +28,3 @@ module "ec_deployment" { "apm" : "" } } - -resource "random_string" "suffix" { - length = 3 - special = false -} - - - - diff --git a/deploy/cloud/modules/weekly-environment/outputs.tf b/deploy/weekly-environment/outputs.tf similarity index 100% rename from deploy/cloud/modules/weekly-environment/outputs.tf rename to deploy/weekly-environment/outputs.tf diff --git a/deploy/cloud/modules/weekly-environment/terraform.tf b/deploy/weekly-environment/terraform.tf similarity index 100% rename from deploy/cloud/modules/weekly-environment/terraform.tf rename to deploy/weekly-environment/terraform.tf diff --git a/deploy/cloud/modules/weekly-environment/variables.tf b/deploy/weekly-environment/variables.tf similarity index 95% rename from deploy/cloud/modules/weekly-environment/variables.tf rename to deploy/weekly-environment/variables.tf index a5c9fb8eb3..0dac9f064a 100644 --- a/deploy/cloud/modules/weekly-environment/variables.tf +++ b/deploy/weekly-environment/variables.tf @@ -55,6 +55,6 @@ variable "docker_image_override" { } variable "deployment_name_prefix" { - default = "weekly environment" - description = "Optional set a prefix of the deployment. Defaults to cloudbeat-tf" + default = "weekly-environment" + description = "Optional set a prefix of the deployment. Defaults to weekly-environment" } From d6b9978e30939cdb8f14f881eb51c01176513a17 Mon Sep 17 00:00:00 2001 From: ofiriro3 Date: Sun, 12 Feb 2023 13:37:24 +0200 Subject: [PATCH 007/105] Moving scripts to the weekly directory --- .../benchmarks/kspm_vanilla/data/agent_policy_vanilla.json | 0 .../benchmarks/kspm_vanilla/data/package_policy_vanilla.json | 0 .../benchmarks/kspm_vanilla/install-kspm-vanilla-integration.sh | 0 {.github/workflows => deploy/weekly-environment}/scripts/utils.sh | 0 4 files changed, 0 insertions(+), 0 deletions(-) rename {.github/workflows => deploy/weekly-environment}/scripts/benchmarks/kspm_vanilla/data/agent_policy_vanilla.json (100%) rename {.github/workflows => deploy/weekly-environment}/scripts/benchmarks/kspm_vanilla/data/package_policy_vanilla.json (100%) rename {.github/workflows => deploy/weekly-environment}/scripts/benchmarks/kspm_vanilla/install-kspm-vanilla-integration.sh (100%) rename {.github/workflows => deploy/weekly-environment}/scripts/utils.sh (100%) diff --git a/.github/workflows/scripts/benchmarks/kspm_vanilla/data/agent_policy_vanilla.json b/deploy/weekly-environment/scripts/benchmarks/kspm_vanilla/data/agent_policy_vanilla.json similarity index 100% rename from .github/workflows/scripts/benchmarks/kspm_vanilla/data/agent_policy_vanilla.json rename to deploy/weekly-environment/scripts/benchmarks/kspm_vanilla/data/agent_policy_vanilla.json diff --git a/.github/workflows/scripts/benchmarks/kspm_vanilla/data/package_policy_vanilla.json b/deploy/weekly-environment/scripts/benchmarks/kspm_vanilla/data/package_policy_vanilla.json similarity index 100% rename from .github/workflows/scripts/benchmarks/kspm_vanilla/data/package_policy_vanilla.json rename to deploy/weekly-environment/scripts/benchmarks/kspm_vanilla/data/package_policy_vanilla.json diff --git a/.github/workflows/scripts/benchmarks/kspm_vanilla/install-kspm-vanilla-integration.sh b/deploy/weekly-environment/scripts/benchmarks/kspm_vanilla/install-kspm-vanilla-integration.sh similarity index 100% rename from .github/workflows/scripts/benchmarks/kspm_vanilla/install-kspm-vanilla-integration.sh rename to deploy/weekly-environment/scripts/benchmarks/kspm_vanilla/install-kspm-vanilla-integration.sh diff --git a/.github/workflows/scripts/utils.sh b/deploy/weekly-environment/scripts/utils.sh similarity index 100% rename from .github/workflows/scripts/utils.sh rename to deploy/weekly-environment/scripts/utils.sh From b06001e98d2428ea04b53dd1ca01965c014492f9 Mon Sep 17 00:00:00 2001 From: ofiriro3 Date: Sun, 12 Feb 2023 14:49:30 +0200 Subject: [PATCH 008/105] Updating executing permissions --- .../benchmarks/kspm_vanilla/install-kspm-vanilla-integration.sh | 0 deploy/weekly-environment/scripts/utils.sh | 0 2 files changed, 0 insertions(+), 0 deletions(-) mode change 100644 => 100755 deploy/weekly-environment/scripts/benchmarks/kspm_vanilla/install-kspm-vanilla-integration.sh mode change 100644 => 100755 deploy/weekly-environment/scripts/utils.sh diff --git a/deploy/weekly-environment/scripts/benchmarks/kspm_vanilla/install-kspm-vanilla-integration.sh b/deploy/weekly-environment/scripts/benchmarks/kspm_vanilla/install-kspm-vanilla-integration.sh old mode 100644 new mode 100755 diff --git a/deploy/weekly-environment/scripts/utils.sh b/deploy/weekly-environment/scripts/utils.sh old mode 100644 new mode 100755 From e615ee6383fb7f3a05c96c261625621d6ee28fb0 Mon Sep 17 00:00:00 2001 From: ofiriro3 Date: Sun, 12 Feb 2023 15:03:11 +0200 Subject: [PATCH 009/105] Update local variable to lower_case --- deploy/weekly-environment/scripts/utils.sh | 60 +++++++++++----------- 1 file changed, 30 insertions(+), 30 deletions(-) diff --git a/deploy/weekly-environment/scripts/utils.sh b/deploy/weekly-environment/scripts/utils.sh index 8e8e21efc9..9feb07e0f1 100755 --- a/deploy/weekly-environment/scripts/utils.sh +++ b/deploy/weekly-environment/scripts/utils.sh @@ -1,60 +1,60 @@ #!/bin/bash -# create a new agent policy and set POLICY_ID to the new agent id +# create a new agent policy and set policy_id to the new agent id create_a_new_agent_policy() { - local KIBANA_URL=$1 - local KIBANA_AUTH=$2 - local AGENT_POLICY=$3 + local kibana_url=$1 + local kibana_auth=$2 + local agent_policy=$3 # Install Agent policy installAgentResponse=$(curl -X POST \ - --url "${KIBANA_URL}/api/fleet/agent_policies?sys_monitoring=true" \ - -u "$KIBANA_AUTH" \ + --url "${kibana_url}/api/fleet/agent_policies?sys_monitoring=true" \ + -u "$kibana_auth" \ -H 'Cache-Control: no-cache' \ -H 'Connection: keep-alive' \ -H 'Content-Type: application/json' \ -H 'kbn-xsrf: true' \ - -d "@$AGENT_POLICY") + -d "@$agent_policy") check_status_code_of_curl "$installAgentResponse" - POLICY_ID=$(echo "$installAgentResponse" | jq -r '.item.id') - echo "Creating a new agent policy has completed successfully: New policy id: $POLICY_ID" + policy_id=$(echo "$installAgentResponse" | jq -r '.item.id') + echo "Creating a new agent policy has completed successfully: New policy id: $policy_id" } # create a new vanilla integration and set INTEGRATION_ID to the new integration id create_a_new_vanilla_integration() { - local KIBANA_URL=$1 - local KIBANA_AUTH=$2 - local POLICY_ID=$3 - local INTEGRATION_POLICY=$4 - - local UPDATED_POLICY="$(jq --arg POLICY_ID "$POLICY_ID" '.policy_id |= $POLICY_ID' "$INTEGRATION_POLICY")" - echo "New integration policy: $UPDATED_POLICY" + local kibana_url=$1 + local kibana_auth=$2 + local policy_id=$3 + local integration_policy=$4 + local updated_policy + updated_policy="$(jq --arg policy_id "$policy_id" '.policy_id |= $policy_id' "$integration_policy")" + echo "New integration policy: $updated_policy" PACKAGE_POLICY_RESPONSE=$(curl -X POST \ - --url "${KIBANA_URL}/api/fleet/package_policies" \ - -u "$KIBANA_AUTH" \ + --url "${kibana_url}/api/fleet/package_policies" \ + -u "$kibana_auth" \ -H 'Cache-Control: no-cache' \ -H 'Connection: keep-alive' \ -H 'Content-Type: application/json' \ -H 'kbn-xsrf: true' \ - -d "${UPDATED_POLICY}") + -d "${updated_policy}") check_status_code_of_curl "$PACKAGE_POLICY_RESPONSE" - echo "Creating a new a new vanilla integration with policy id: $POLICY_ID has completed successfully.Integration policy: $UPDATED_POLICY " + echo "Creating a new a new vanilla integration with policy id: $policy_id has completed successfully.Integration policy: $updated_policy " } # create a new vanilla integration manifest file named manifest.yaml create_new_vanilla_integration_manifest_file() { - local KIBANA_URL=$1 - local KIBANA_AUTH=$2 - local POLICY_ID=$3 + local kibana_url=$1 + local kibana_auth=$2 + local policy_id=$3 ENROLMENT_TOKEN_RESPONSE=$(curl -X GET \ - --url "${KIBANA_URL}/api/fleet/enrollment_api_keys" \ - -u "$KIBANA_AUTH" \ + --url "${kibana_url}/api/fleet/enrollment_api_keys" \ + -u "$kibana_auth" \ -H 'Cache-Control: no-cache' \ -H 'Connection: keep-alive' \ -H 'Content-Type: application/json' \ @@ -62,12 +62,12 @@ create_new_vanilla_integration_manifest_file() { check_status_code_of_curl "$ENROLMENT_TOKEN_RESPONSE" - ENROLMENT_TOKEN=$(echo "$ENROLMENT_TOKEN_RESPONSE" | jq --arg policy "$POLICY_ID" '.list[] | select(.policy_id == $policy)' | jq -r '.api_key') + ENROLMENT_TOKEN=$(echo "$ENROLMENT_TOKEN_RESPONSE" | jq --arg policy "$policy_id" '.list[] | select(.policy_id == $policy)' | jq -r '.api_key') echo "ENROLMENT_TOKEN: $ENROLMENT_TOKEN" FLEET_DATA_RESPONSE=$(curl -X GET \ - --url "${KIBANA_URL}/api/fleet/settings" \ - -u "$KIBANA_AUTH" \ + --url "${kibana_url}/api/fleet/settings" \ + -u "$kibana_auth" \ -H 'Cache-Control: no-cache' \ -H 'Connection: keep-alive' \ -H 'Content-Type: application/json' \ @@ -79,8 +79,8 @@ create_new_vanilla_integration_manifest_file() { # Create the manifest file MANIFEST_CREATION_RESPONSE=$(curl -X GET \ - --url "${KIBANA_URL}/api/fleet/kubernetes?fleetServer=${FLEET_SERVER_HOST}&enrolToken=${ENROLMENT_TOKEN}" \ - -u "$KIBANA_AUTH" \ + --url "${kibana_url}/api/fleet/kubernetes?fleetServer=${FLEET_SERVER_HOST}&enrolToken=${ENROLMENT_TOKEN}" \ + -u "$kibana_auth" \ -H 'Cache-Control: no-cache' \ -H 'Connection: keep-alive' \ -H 'Content-Type: application/json' \ From cf80da8b417580f08fd19465ed5f09d4481ba3c2 Mon Sep 17 00:00:00 2001 From: ofiriro3 Date: Sun, 12 Feb 2023 15:12:59 +0200 Subject: [PATCH 010/105] updating path --- .github/workflows/weekly-enviroment.yml | 64 +++++++++---------- .../install-kspm-vanilla-integration.sh | 3 + 2 files changed, 35 insertions(+), 32 deletions(-) diff --git a/.github/workflows/weekly-enviroment.yml b/.github/workflows/weekly-enviroment.yml index 771c79d3cc..33ee028bb6 100644 --- a/.github/workflows/weekly-enviroment.yml +++ b/.github/workflows/weekly-enviroment.yml @@ -62,38 +62,38 @@ jobs: terraform_version: 1.3.5 terraform_wrapper: false - - name: Terraform fmt - id: fmt - run: terraform fmt -check - continue-on-error: true - - - name: Terraform Init - id: init - run: terraform init -no-color - - - name: Terraform Validate - id: validate - run: terraform validate -no-color - - - name: Deploy Elastic Cloud - id: apply - run: terraform apply --auto-approve - - - name: Set terraform output as env variable - id: kibana_url - run: | - echo "KIBANA_URL=$(terraform output kibana_url)" >> $GITHUB_ENV - - - name: Set sensitive terraform output as env variable - id: set_sensitive_output - run: | - export ELASTICSEARCH_USERNAME=$(terraform output elasticsearch_username) - echo "::add-mask::$ELASTICSEARCH_USERNAME" - echo "ELASTICSEARCH_USERNAME=$ELASTICSEARCH_USERNAME" >> $GITHUB_ENV - - export ELASTICSEARCH_PASSWORD=$(terraform output elasticsearch_password) - echo "::add-mask::$ELASTICSEARCH_PASSWORD" - echo "ELASTICSEARCH_PASSWORD=$ELASTICSEARCH_PASSWORD" >> $GITHUB_ENV +# - name: Terraform fmt +# id: fmt +# run: terraform fmt -check +# continue-on-error: true +# +# - name: Terraform Init +# id: init +# run: terraform init -no-color +# +# - name: Terraform Validate +# id: validate +# run: terraform validate -no-color +# +# - name: Deploy Elastic Cloud +# id: apply +# run: terraform apply --auto-approve +# +# - name: Set terraform output as env variable +# id: kibana_url +# run: | +# echo "KIBANA_URL=$(terraform output kibana_url)" >> $GITHUB_ENV +# +# - name: Set sensitive terraform output as env variable +# id: set_sensitive_output +# run: | +# export ELASTICSEARCH_USERNAME=$(terraform output elasticsearch_username) +# echo "::add-mask::$ELASTICSEARCH_USERNAME" +# echo "ELASTICSEARCH_USERNAME=$ELASTICSEARCH_USERNAME" >> $GITHUB_ENV +# +# export ELASTICSEARCH_PASSWORD=$(terraform output elasticsearch_password) +# echo "::add-mask::$ELASTICSEARCH_PASSWORD" +# echo "ELASTICSEARCH_PASSWORD=$ELASTICSEARCH_PASSWORD" >> $GITHUB_ENV - name: Install KSPM vanilla integration id: install_vanilla_integration diff --git a/deploy/weekly-environment/scripts/benchmarks/kspm_vanilla/install-kspm-vanilla-integration.sh b/deploy/weekly-environment/scripts/benchmarks/kspm_vanilla/install-kspm-vanilla-integration.sh index bb040d56ce..51b411a7df 100755 --- a/deploy/weekly-environment/scripts/benchmarks/kspm_vanilla/install-kspm-vanilla-integration.sh +++ b/deploy/weekly-environment/scripts/benchmarks/kspm_vanilla/install-kspm-vanilla-integration.sh @@ -8,6 +8,9 @@ KIBANA_AUTH=elastic:${KIBANA_PASSWORD} AGENT_POLICY=data/agent_policy_vanilla.json INTEGRATION_POLICY=data/package_policy_vanilla.json +echo "I am here" +pwd + ## Create a new agent policy And get the agent id create_a_new_agent_policy "$KIBANA_URL" "$KIBANA_AUTH" "$AGENT_POLICY" From bfc4c0a401ee7ba3bf97468cfd9114097938d6ea Mon Sep 17 00:00:00 2001 From: ofiriro3 Date: Sun, 12 Feb 2023 15:24:44 +0200 Subject: [PATCH 011/105] Updating path --- .github/workflows/weekly-enviroment.yml | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/.github/workflows/weekly-enviroment.yml b/.github/workflows/weekly-enviroment.yml index 33ee028bb6..d110fe6066 100644 --- a/.github/workflows/weekly-enviroment.yml +++ b/.github/workflows/weekly-enviroment.yml @@ -39,6 +39,7 @@ env: AWS_REGION: eu-north-1 KUBE_NAMESPACE: kube-system WORKING_DIR: deploy/weekly-environment + SCRIPTS_DIR: ${{WORKING_DIR}}/scripts/benchmarks/kspm_vanilla ENVIRONMENT: "weekly-environment" TF_VAR_ec_api_key: ${{ secrets.TF_VAR_EC_API_KEY }} TF_VAR_environment: ${{ github.event.inputs.logLevel }} @@ -97,11 +98,13 @@ jobs: - name: Install KSPM vanilla integration id: install_vanilla_integration + working-directory: {{env.SCRIPTS_DIR}} run: | - ./scripts/benchmarks/kspm_vanilla/install-kspm-vanilla-integration.sh ${{ env.KIBANA_URL }} ${{ env.ELASTICSEARCH_PASSWORD }} + ./install-kspm-vanilla-integration.sh ${{ env.KIBANA_URL }} ${{ env.ELASTICSEARCH_PASSWORD }} - name: Deploy KSPM vanilla Agent to EC2 id: deploy_ksmp + working-directory: {{ env.SCRIPTS_DIR }} run: | cat manifest.yaml cat ./scripts/benchmarks/kspm_vanilla/manifest.yaml From 4c18e6deaf1337876ca2cc47aa0eb6e8cfa05f8a Mon Sep 17 00:00:00 2001 From: ofiriro3 Date: Sun, 12 Feb 2023 15:40:03 +0200 Subject: [PATCH 012/105] Fixing path --- .github/workflows/weekly-enviroment.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/weekly-enviroment.yml b/.github/workflows/weekly-enviroment.yml index d110fe6066..6925a68b26 100644 --- a/.github/workflows/weekly-enviroment.yml +++ b/.github/workflows/weekly-enviroment.yml @@ -39,7 +39,7 @@ env: AWS_REGION: eu-north-1 KUBE_NAMESPACE: kube-system WORKING_DIR: deploy/weekly-environment - SCRIPTS_DIR: ${{WORKING_DIR}}/scripts/benchmarks/kspm_vanilla + SCRIPTS_DIR: ${{env.WORKING_DIR}}/scripts/benchmarks/kspm_vanilla ENVIRONMENT: "weekly-environment" TF_VAR_ec_api_key: ${{ secrets.TF_VAR_EC_API_KEY }} TF_VAR_environment: ${{ github.event.inputs.logLevel }} From 5a78456294203fa8dd5bf31a070e2f42d3a18f4d Mon Sep 17 00:00:00 2001 From: ofiriro3 Date: Sun, 12 Feb 2023 15:42:22 +0200 Subject: [PATCH 013/105] Updating to full path --- .../kspm_vanilla/deploy_agent_on_ec2.sh | 22 +++++++++++++++++++ 1 file changed, 22 insertions(+) create mode 100644 deploy/weekly-environment/scripts/benchmarks/kspm_vanilla/deploy_agent_on_ec2.sh diff --git a/deploy/weekly-environment/scripts/benchmarks/kspm_vanilla/deploy_agent_on_ec2.sh b/deploy/weekly-environment/scripts/benchmarks/kspm_vanilla/deploy_agent_on_ec2.sh new file mode 100644 index 0000000000..770fe2f80b --- /dev/null +++ b/deploy/weekly-environment/scripts/benchmarks/kspm_vanilla/deploy_agent_on_ec2.sh @@ -0,0 +1,22 @@ + + + + + + + + + + + + + + + + +#"cloud-init status --wait", +# "git clone https://github.com/elastic/cloudbeat", +# "cd cloudbeat", +# "sudo kind create cluster --config deploy/k8s/kind/kind-multi.yml --wait 30s", +# "sudo kind export kubeconfig --name kind-multi --kubeconfig /home/ubuntu/.kube/config", +# "kubectl apply -f /tmp/manifests.yml", From e3ad992635728751c18b91ad04cd7ec890491d88 Mon Sep 17 00:00:00 2001 From: ofiriro3 Date: Sun, 12 Feb 2023 15:43:39 +0200 Subject: [PATCH 014/105] Updating to full path --- .github/workflows/weekly-enviroment.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/weekly-enviroment.yml b/.github/workflows/weekly-enviroment.yml index 6925a68b26..81f49f7804 100644 --- a/.github/workflows/weekly-enviroment.yml +++ b/.github/workflows/weekly-enviroment.yml @@ -39,7 +39,7 @@ env: AWS_REGION: eu-north-1 KUBE_NAMESPACE: kube-system WORKING_DIR: deploy/weekly-environment - SCRIPTS_DIR: ${{env.WORKING_DIR}}/scripts/benchmarks/kspm_vanilla + SCRIPTS_DIR: deploy/weekly-environment/scripts/benchmarks/kspm_vanilla ENVIRONMENT: "weekly-environment" TF_VAR_ec_api_key: ${{ secrets.TF_VAR_EC_API_KEY }} TF_VAR_environment: ${{ github.event.inputs.logLevel }} From fc81e64d181d01fa8f4d668aaebea760e0345718 Mon Sep 17 00:00:00 2001 From: ofiriro3 Date: Sun, 12 Feb 2023 15:46:54 +0200 Subject: [PATCH 015/105] Updating CI to full path --- .github/workflows/weekly-enviroment.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/weekly-enviroment.yml b/.github/workflows/weekly-enviroment.yml index 81f49f7804..92f8ecba0c 100644 --- a/.github/workflows/weekly-enviroment.yml +++ b/.github/workflows/weekly-enviroment.yml @@ -98,13 +98,13 @@ jobs: - name: Install KSPM vanilla integration id: install_vanilla_integration - working-directory: {{env.SCRIPTS_DIR}} + working-directory: deploy/weekly-environment/scripts/benchmarks/kspm_vanilla run: | ./install-kspm-vanilla-integration.sh ${{ env.KIBANA_URL }} ${{ env.ELASTICSEARCH_PASSWORD }} - name: Deploy KSPM vanilla Agent to EC2 id: deploy_ksmp - working-directory: {{ env.SCRIPTS_DIR }} + working-directory: deploy/weekly-environment/scripts/benchmarks/kspm_vanilla run: | cat manifest.yaml cat ./scripts/benchmarks/kspm_vanilla/manifest.yaml From 18fd270026c9baf0876da08f5645db954f8c898e Mon Sep 17 00:00:00 2001 From: ofiriro3 Date: Sun, 12 Feb 2023 15:50:43 +0200 Subject: [PATCH 016/105] using variable --- .github/workflows/weekly-enviroment.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/weekly-enviroment.yml b/.github/workflows/weekly-enviroment.yml index 92f8ecba0c..9eb37a1c5c 100644 --- a/.github/workflows/weekly-enviroment.yml +++ b/.github/workflows/weekly-enviroment.yml @@ -98,7 +98,7 @@ jobs: - name: Install KSPM vanilla integration id: install_vanilla_integration - working-directory: deploy/weekly-environment/scripts/benchmarks/kspm_vanilla + working-directory: ${{ env.WORKING_DIR }} run: | ./install-kspm-vanilla-integration.sh ${{ env.KIBANA_URL }} ${{ env.ELASTICSEARCH_PASSWORD }} From 7c324e6055dc345a764e4853995e8a6a15955fb6 Mon Sep 17 00:00:00 2001 From: ofiriro3 Date: Sun, 12 Feb 2023 15:55:20 +0200 Subject: [PATCH 017/105] using variable --- .github/workflows/weekly-enviroment.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/weekly-enviroment.yml b/.github/workflows/weekly-enviroment.yml index 9eb37a1c5c..98c985ed5c 100644 --- a/.github/workflows/weekly-enviroment.yml +++ b/.github/workflows/weekly-enviroment.yml @@ -98,7 +98,7 @@ jobs: - name: Install KSPM vanilla integration id: install_vanilla_integration - working-directory: ${{ env.WORKING_DIR }} + working-directory: ${{ env.SCRIPTS_DIR }} run: | ./install-kspm-vanilla-integration.sh ${{ env.KIBANA_URL }} ${{ env.ELASTICSEARCH_PASSWORD }} From bfe4eb3c75e5e2fa2ad8a58ebbc7821a1b03d975 Mon Sep 17 00:00:00 2001 From: ofiriro3 Date: Sun, 12 Feb 2023 15:57:59 +0200 Subject: [PATCH 018/105] flow without agent deployment --- .github/workflows/weekly-enviroment.yml | 66 ++++++++++++------------- 1 file changed, 33 insertions(+), 33 deletions(-) diff --git a/.github/workflows/weekly-enviroment.yml b/.github/workflows/weekly-enviroment.yml index 98c985ed5c..e404791f41 100644 --- a/.github/workflows/weekly-enviroment.yml +++ b/.github/workflows/weekly-enviroment.yml @@ -63,38 +63,38 @@ jobs: terraform_version: 1.3.5 terraform_wrapper: false -# - name: Terraform fmt -# id: fmt -# run: terraform fmt -check -# continue-on-error: true -# -# - name: Terraform Init -# id: init -# run: terraform init -no-color -# -# - name: Terraform Validate -# id: validate -# run: terraform validate -no-color -# -# - name: Deploy Elastic Cloud -# id: apply -# run: terraform apply --auto-approve -# -# - name: Set terraform output as env variable -# id: kibana_url -# run: | -# echo "KIBANA_URL=$(terraform output kibana_url)" >> $GITHUB_ENV -# -# - name: Set sensitive terraform output as env variable -# id: set_sensitive_output -# run: | -# export ELASTICSEARCH_USERNAME=$(terraform output elasticsearch_username) -# echo "::add-mask::$ELASTICSEARCH_USERNAME" -# echo "ELASTICSEARCH_USERNAME=$ELASTICSEARCH_USERNAME" >> $GITHUB_ENV -# -# export ELASTICSEARCH_PASSWORD=$(terraform output elasticsearch_password) -# echo "::add-mask::$ELASTICSEARCH_PASSWORD" -# echo "ELASTICSEARCH_PASSWORD=$ELASTICSEARCH_PASSWORD" >> $GITHUB_ENV + - name: Terraform fmt + id: fmt + run: terraform fmt -check + continue-on-error: true + + - name: Terraform Init + id: init + run: terraform init -no-color + + - name: Terraform Validate + id: validate + run: terraform validate -no-color + + - name: Deploy Elastic Cloud + id: apply + run: terraform apply --auto-approve + + - name: Set terraform output as env variable + id: kibana_url + run: | + echo "KIBANA_URL=$(terraform output kibana_url)" >> $GITHUB_ENV + + - name: Set sensitive terraform output as env variable + id: set_sensitive_output + run: | + export ELASTICSEARCH_USERNAME=$(terraform output elasticsearch_username) + echo "::add-mask::$ELASTICSEARCH_USERNAME" + echo "ELASTICSEARCH_USERNAME=$ELASTICSEARCH_USERNAME" >> $GITHUB_ENV + + export ELASTICSEARCH_PASSWORD=$(terraform output elasticsearch_password) + echo "::add-mask::$ELASTICSEARCH_PASSWORD" + echo "ELASTICSEARCH_PASSWORD=$ELASTICSEARCH_PASSWORD" >> $GITHUB_ENV - name: Install KSPM vanilla integration id: install_vanilla_integration @@ -104,7 +104,7 @@ jobs: - name: Deploy KSPM vanilla Agent to EC2 id: deploy_ksmp - working-directory: deploy/weekly-environment/scripts/benchmarks/kspm_vanilla + working-directory: ${{ env.SCRIPTS_DIR }} run: | cat manifest.yaml cat ./scripts/benchmarks/kspm_vanilla/manifest.yaml From f781ffb94cca1cfb1732773df9ae5e6242f6217d Mon Sep 17 00:00:00 2001 From: ofiriro3 Date: Sun, 12 Feb 2023 17:18:44 +0200 Subject: [PATCH 019/105] Fixing integration --- .../kspm_vanilla/install-kspm-vanilla-integration.sh | 3 --- deploy/weekly-environment/scripts/utils.sh | 4 ++-- 2 files changed, 2 insertions(+), 5 deletions(-) diff --git a/deploy/weekly-environment/scripts/benchmarks/kspm_vanilla/install-kspm-vanilla-integration.sh b/deploy/weekly-environment/scripts/benchmarks/kspm_vanilla/install-kspm-vanilla-integration.sh index 51b411a7df..bb040d56ce 100755 --- a/deploy/weekly-environment/scripts/benchmarks/kspm_vanilla/install-kspm-vanilla-integration.sh +++ b/deploy/weekly-environment/scripts/benchmarks/kspm_vanilla/install-kspm-vanilla-integration.sh @@ -8,9 +8,6 @@ KIBANA_AUTH=elastic:${KIBANA_PASSWORD} AGENT_POLICY=data/agent_policy_vanilla.json INTEGRATION_POLICY=data/package_policy_vanilla.json -echo "I am here" -pwd - ## Create a new agent policy And get the agent id create_a_new_agent_policy "$KIBANA_URL" "$KIBANA_AUTH" "$AGENT_POLICY" diff --git a/deploy/weekly-environment/scripts/utils.sh b/deploy/weekly-environment/scripts/utils.sh index 9feb07e0f1..de94f5052a 100755 --- a/deploy/weekly-environment/scripts/utils.sh +++ b/deploy/weekly-environment/scripts/utils.sh @@ -18,8 +18,8 @@ create_a_new_agent_policy() { check_status_code_of_curl "$installAgentResponse" - policy_id=$(echo "$installAgentResponse" | jq -r '.item.id') - echo "Creating a new agent policy has completed successfully: New policy id: $policy_id" + POLICY_ID=$(echo "$installAgentResponse" | jq -r '.item.id') + echo "Creating a new agent policy has completed successfully: New policy id: $POLICY_ID" } # create a new vanilla integration and set INTEGRATION_ID to the new integration id From 2b6346a8a318a4d42fa28a6b5305f9aacee9d801 Mon Sep 17 00:00:00 2001 From: ofiriro3 Date: Sun, 12 Feb 2023 18:12:10 +0200 Subject: [PATCH 020/105] Update CI to full E2E --- .github/workflows/weekly-enviroment.yml | 16 +++++++++----- .../kspm_vanilla/deploy_agent_on_ec2.sh | 22 ------------------- 2 files changed, 10 insertions(+), 28 deletions(-) delete mode 100644 deploy/weekly-environment/scripts/benchmarks/kspm_vanilla/deploy_agent_on_ec2.sh diff --git a/.github/workflows/weekly-enviroment.yml b/.github/workflows/weekly-enviroment.yml index e404791f41..13df15b01b 100644 --- a/.github/workflows/weekly-enviroment.yml +++ b/.github/workflows/weekly-enviroment.yml @@ -32,18 +32,14 @@ on: - ERROR env: - AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }} - AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }} GITHUB_AUTH_TOKEN: ${{ secrets.GITHUB_TOKEN }} CONTAINER_SUFFIX: ${{ github.run_id }} - AWS_REGION: eu-north-1 KUBE_NAMESPACE: kube-system WORKING_DIR: deploy/weekly-environment SCRIPTS_DIR: deploy/weekly-environment/scripts/benchmarks/kspm_vanilla ENVIRONMENT: "weekly-environment" TF_VAR_ec_api_key: ${{ secrets.TF_VAR_EC_API_KEY }} TF_VAR_environment: ${{ github.event.inputs.logLevel }} - TF_VAR_eks_region: eu-north-1 TF_LOG: ${{ github.event.inputs.logLevel }} jobs: @@ -102,14 +98,22 @@ jobs: run: | ./install-kspm-vanilla-integration.sh ${{ env.KIBANA_URL }} ${{ env.ELASTICSEARCH_PASSWORD }} - - name: Deploy KSPM vanilla Agent to EC2 - id: deploy_ksmp + - name: Show manifest file + id: manifest_file working-directory: ${{ env.SCRIPTS_DIR }} run: | cat manifest.yaml cat ./scripts/benchmarks/kspm_vanilla/manifest.yaml cat ./scripts/benchmarks/manifest.yaml + - name: Deploy KSPM vanilla Agent to EC2 + id: deploy_ksmp + working-directory: ${{ env.SCRIPTS_DIR }} + run: | + echo {{secrets.EC2_SECRET}} > weekly-key.pem && chmod 600 weekly-key.pem + touch from_ci.txt + scp -i ${weekly-key.pem} from_ci.txt "ubuntu@${{secrets.EC2_PUBLIC_IP}}:~/." + ssh -i ${weekly-key.pem} "ubuntu@${{secrets.EC2_PUBLIC_IP}}" "ls -l" # Once https://github.com/slackapi/slack-github-action/issues/84 will be resolved we can push the payload to a different file - name: Send custom JSON data to Slack workflow diff --git a/deploy/weekly-environment/scripts/benchmarks/kspm_vanilla/deploy_agent_on_ec2.sh b/deploy/weekly-environment/scripts/benchmarks/kspm_vanilla/deploy_agent_on_ec2.sh deleted file mode 100644 index 770fe2f80b..0000000000 --- a/deploy/weekly-environment/scripts/benchmarks/kspm_vanilla/deploy_agent_on_ec2.sh +++ /dev/null @@ -1,22 +0,0 @@ - - - - - - - - - - - - - - - - -#"cloud-init status --wait", -# "git clone https://github.com/elastic/cloudbeat", -# "cd cloudbeat", -# "sudo kind create cluster --config deploy/k8s/kind/kind-multi.yml --wait 30s", -# "sudo kind export kubeconfig --name kind-multi --kubeconfig /home/ubuntu/.kube/config", -# "kubectl apply -f /tmp/manifests.yml", From 6c18d50c95f30daa0e24c7b4bc3a2c111cb5dc49 Mon Sep 17 00:00:00 2001 From: ofiriro3 Date: Sun, 12 Feb 2023 18:23:32 +0200 Subject: [PATCH 021/105] Fixing show manifest file step --- .github/workflows/weekly-enviroment.yml | 21 ++------------------- 1 file changed, 2 insertions(+), 19 deletions(-) diff --git a/.github/workflows/weekly-enviroment.yml b/.github/workflows/weekly-enviroment.yml index 13df15b01b..ecbee24f75 100644 --- a/.github/workflows/weekly-enviroment.yml +++ b/.github/workflows/weekly-enviroment.yml @@ -4,25 +4,14 @@ on: workflow_dispatch: inputs: environment: - description: 'Environment to run tests against' + description: 'Environment to deploy' type: choice options: - weekly environment logLevel: description: 'Log level' required: true - default: 'warning' - type: choice - options: - - TRACE - - DEBUG - - INFO - - WARN - - ERROR - StackVersion: - description: 'Stack version' - required: true - default: 'warning' + default: 'INFO' type: choice options: - TRACE @@ -32,12 +21,8 @@ on: - ERROR env: - GITHUB_AUTH_TOKEN: ${{ secrets.GITHUB_TOKEN }} - CONTAINER_SUFFIX: ${{ github.run_id }} - KUBE_NAMESPACE: kube-system WORKING_DIR: deploy/weekly-environment SCRIPTS_DIR: deploy/weekly-environment/scripts/benchmarks/kspm_vanilla - ENVIRONMENT: "weekly-environment" TF_VAR_ec_api_key: ${{ secrets.TF_VAR_EC_API_KEY }} TF_VAR_environment: ${{ github.event.inputs.logLevel }} TF_LOG: ${{ github.event.inputs.logLevel }} @@ -103,8 +88,6 @@ jobs: working-directory: ${{ env.SCRIPTS_DIR }} run: | cat manifest.yaml - cat ./scripts/benchmarks/kspm_vanilla/manifest.yaml - cat ./scripts/benchmarks/manifest.yaml - name: Deploy KSPM vanilla Agent to EC2 id: deploy_ksmp From 48050c6a62490274c62b4391a05aa7eeac244473 Mon Sep 17 00:00:00 2001 From: ofiriro3 Date: Sun, 12 Feb 2023 18:37:44 +0200 Subject: [PATCH 022/105] update ci --- .github/workflows/weekly-enviroment.yml | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/.github/workflows/weekly-enviroment.yml b/.github/workflows/weekly-enviroment.yml index ecbee24f75..726b9fe19e 100644 --- a/.github/workflows/weekly-enviroment.yml +++ b/.github/workflows/weekly-enviroment.yml @@ -93,10 +93,11 @@ jobs: id: deploy_ksmp working-directory: ${{ env.SCRIPTS_DIR }} run: | - echo {{secrets.EC2_SECRET}} > weekly-key.pem && chmod 600 weekly-key.pem + echo ${{secrets.EC2_SECRET}} > weekly-key.pem && chmod 600 weekly-key.pem touch from_ci.txt - scp -i ${weekly-key.pem} from_ci.txt "ubuntu@${{secrets.EC2_PUBLIC_IP}}:~/." - ssh -i ${weekly-key.pem} "ubuntu@${{secrets.EC2_PUBLIC_IP}}" "ls -l" + scp -i weekly-key.pem from_ci.txt "ubuntu@${{secrets.EC2_PUBLIC_IP}}:~/." + scp -i weekly-key.pem manifest.yaml "ubuntu@${{secrets.EC2_PUBLIC_IP}}:~/." + ssh -i weekly-key.pem "ubuntu@${{secrets.EC2_PUBLIC_IP}}" "ls -l" # Once https://github.com/slackapi/slack-github-action/issues/84 will be resolved we can push the payload to a different file - name: Send custom JSON data to Slack workflow From 2e63a33713799b19f062d3a684b68bf273b65428 Mon Sep 17 00:00:00 2001 From: ofiriro3 Date: Sun, 12 Feb 2023 18:51:43 +0200 Subject: [PATCH 023/105] Deploy yaml file --- deploy/weekly-environment/cloudbeat-ds.yaml | 412 ++++++++++++++++++++ 1 file changed, 412 insertions(+) create mode 100644 deploy/weekly-environment/cloudbeat-ds.yaml diff --git a/deploy/weekly-environment/cloudbeat-ds.yaml b/deploy/weekly-environment/cloudbeat-ds.yaml new file mode 100644 index 0000000000..b6b69b2a93 --- /dev/null +++ b/deploy/weekly-environment/cloudbeat-ds.yaml @@ -0,0 +1,412 @@ +apiVersion: v1 +kind: ServiceAccount +metadata: + labels: + k8s-app: cloudbeat + name: cloudbeat + namespace: kube-system +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + labels: + k8s-app: cloudbeat + name: cloudbeat-kubeadm-config + namespace: kube-system +rules: +- apiGroups: + - "" + resourceNames: + - kubeadm-config + resources: + - configmaps + verbs: + - get +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + labels: + k8s-app: cloudbeat + name: cloudbeat-role + namespace: kube-system +rules: +- apiGroups: + - coordination.k8s.io + resources: + - leases + verbs: + - get + - create + - update +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + labels: + k8s-app: cloudbeat + name: cloudbeat +rules: +- apiGroups: + - "" + resources: + - nodes + - namespaces + - events + - pods + - services + - configmaps + - serviceaccounts + verbs: + - get + - list + - watch +- apiGroups: + - extensions + resources: + - replicasets + verbs: + - get + - list + - watch +- apiGroups: + - apps + resources: + - statefulsets + - deployments + - replicasets + verbs: + - get + - list + - watch +- apiGroups: + - batch + resources: + - jobs + verbs: + - get + - list + - watch +- apiGroups: + - "" + resources: + - nodes/stats + verbs: + - get +- nonResourceURLs: + - /metrics + verbs: + - get +- apiGroups: + - rbac.authorization.k8s.io + resources: + - clusterrolebindings + - clusterroles + - rolebindings + - roles + verbs: + - get + - list + - watch +- apiGroups: + - networking.k8s.io + resources: + - ingressclasses + - ingresses + - networkpolicies + verbs: + - get + - list + - watch +- apiGroups: + - policy + resources: + - podsecuritypolicies + verbs: + - get + - list + - watch +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + name: cloudbeat-kubeadm-config + namespace: kube-system +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: cloudbeat-kubeadm-config +subjects: +- kind: ServiceAccount + name: cloudbeat + namespace: kube-system +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + name: cloudbeat-role-binding + namespace: kube-system +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: cloudbeat-role +subjects: +- kind: ServiceAccount + name: cloudbeat + namespace: kube-system +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: cloudbeat +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: cluster-admin +subjects: +- kind: ServiceAccount + name: cloudbeat + namespace: kube-system +--- +apiVersion: v1 +data: + cloudbeat.yml: | + cloudbeat: + config: + v1: + benchmark: cis_k8s + type: + cloudbeat/cis_k8s + # Defines how often an event is sent to the output + period: 30s + fetchers: + - name: kube-api + - name: process + directory: "/hostfs" + processes: + etcd: + kube-apiserver: + kube-controller: + kube-scheduler: + kubelet: + config-file-arguments: + - config + - name: file-system + patterns: + [ + "/hostfs/etc/kubernetes/scheduler.conf", + "/hostfs/etc/kubernetes/controller-manager.conf", + "/hostfs/etc/kubernetes/admin.conf", + "/hostfs/etc/kubernetes/kubelet.conf", + "/hostfs/etc/kubernetes/manifests/etcd.yaml", + "/hostfs/etc/kubernetes/manifests/kube-apiserver.yaml", + "/hostfs/etc/kubernetes/manifests/kube-controller-manager.yaml", + "/hostfs/etc/kubernetes/manifests/kube-scheduler.yaml", + "/hostfs/etc/systemd/system/kubelet.service.d/10-kubeadm.conf", + "/hostfs/etc/kubernetes/pki/*", + "/hostfs/var/lib/kubelet/config.yaml", + "/hostfs/var/lib/etcd", + "/hostfs/etc/kubernetes/pki", + ] + # =================================== Kibana =================================== + setup.kibana: + # Kibana Host + host: "http://host.docker.internal:5601" + # =============================== Elastic Cloud ================================ + + # These settings simplify using Cloudbeat with the Elastic Cloud (https://cloud.elastic.co/). + + # The cloud.id setting overwrites the `output.elasticsearch.hosts` and + # `setup.kibana.host` options. + # You can find the `cloud.id` in the Elastic Cloud web UI. + #cloud.id: + + # The cloud.auth setting overwrites the `output.elasticsearch.username` and + # `output.elasticsearch.password` settings. The format is `:`. + #cloud.auth: + + # ---------------------------- Elasticsearch Output ---------------------------- + output.elasticsearch: + # Array of hosts to connect to. + hosts: ${ES_HOST} + + # Protocol - either `http` (default) or `https`. + #protocol: "https" + + # Authentication credentials - either API key or username/password. + #api_key: "id:api_key" + username: ${ES_USERNAME} + password: ${ES_PASSWORD} + + # Enable to allow sending output to older ES versions + allow_older_versions: true + + # ================================= Processors ================================= + processors: + - add_host_metadata: ~ + - add_cloud_metadata: ~ + - add_docker_metadata: ~ + - add_cluster_id: ~ + + # Sets log level. The default log level is info. + # Available log levels are: error, warning, info, debug + logging.level: debug + # Enable debug output for selected components. To enable all selectors use ["*"] + # Other available selectors are "beat", "publisher", "service" + # Multiple selectors can be chained. + #logging.selectors: ["publisher"] + + # Send all logging output to stderr. The default is false. + #logging.to_stderr: false +kind: ConfigMap +metadata: + labels: + k8s-app: cloudbeat + name: cloudbeat-daemonset-config + namespace: kube-system +--- +apiVersion: v1 +data: + ca-cert.pem: | + LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUJmRENDQVNLZ0F3SUJBZ0lRVWJwbD + grMUtWNUhoYWNqSGszazUyekFLQmdncWhrak9QUVFEQWpBZE1Sc3cKR1FZRFZRUURFeEps + YkdGemRHbGpMWEJoWTJ0aFoyVWdRMEV3SUJjTk1qSXhNVEEyTURnMU1USXpXaGdQTWpFeQ + pNakV3TVRNd09EVXhNak5hTUIweEd6QVpCZ05WQkFNVEVtVnNZWE4wYVdNdGNHRmphMkZu + WlNCRFFUQlpNQk1HCkJ5cUdTTTQ5QWdFR0NDcUdTTTQ5QXdFSEEwSUFCT3BLU3lYTFpKan + hQK1Zlay9sdVUvYUovMGVWOVl3elloSDYKazhBWkZjU2JWY2oxalNGZk5RNENoSzRxNXVG + ZDIvLzN5blFnK1JtbXlTVnFqbWp0SHNlalFqQkFNQTRHQTFVZApEd0VCL3dRRUF3SUJwak + FQQmdOVkhSTUJBZjhFQlRBREFRSC9NQjBHQTFVZERnUVdCQlMxUy9oQmtCcE1uTEdlCkRq + VU94d3BKUzRMRkZEQUtCZ2dxaGtqT1BRUURBZ05JQURCRkFpRUF6S2EzUmlhdnUxOE5qNG + 5SdVd0NW0vS1AKN213T2JtTDhnL09HVTRxRXVoY0NJSDQxZkNQNnVQR3FVaFd0V1I3aXQ2 + aVhXajMvbkQyaUY5Q05CK2UvWm8yUwotLS0tLUVORCBDRVJUSUZJQ0FURS0tLS0tCg== +kind: Secret +metadata: + name: elastic-package-certs-ffg5hm6k7b + namespace: kube-system +type: Opaque +--- +apiVersion: apps/v1 +kind: DaemonSet +metadata: + labels: + k8s-app: cloudbeat + name: cloudbeat + namespace: kube-system +spec: + selector: + matchLabels: + k8s-app: cloudbeat + template: + metadata: + labels: + k8s-app: cloudbeat + spec: + containers: + - env: + - name: ES_HOST + value: https://elasticsearch:9200 + - name: KIBANA_HOST + value: https://kibana:5601 + - name: SSL_CERT_DIR + value: /etc/ssl/elastic-package + - name: CLOUDBEAT_TYPE + value: cloudbeat/cis_k8s + - name: ES_USERNAME + value: elastic + - name: ES_PASSWORD + value: changeme + - name: ELASTIC_CLOUD_ID + value: none + - name: ELASTIC_CLOUD_AUTH + value: none + - name: NODE_NAME + valueFrom: + fieldRef: + fieldPath: spec.nodeName + - name: POD_NAME + valueFrom: + fieldRef: + fieldPath: metadata.name + image: cloudbeat:latest + imagePullPolicy: IfNotPresent + name: cloudbeat + resources: + requests: + cpu: 100m + memory: 100Mi + securityContext: + runAsUser: 0 + volumeMounts: + - mountPath: /etc/ssl/elastic-package + name: elastic-package-ca + readOnly: true + - mountPath: /cloudbeat.yml + name: config + readOnly: true + subPath: cloudbeat.yml + - mountPath: /hostfs/proc + name: proc + readOnly: true + - mountPath: /hostfs/etc/kubernetes + name: etc-kubernetes + - mountPath: /hostfs/var/lib + name: var-lib + readOnly: true + - mountPath: /hostfs/sys/fs/cgroup + name: cgroup + readOnly: true + - mountPath: /var/lib/docker/containers + name: varlibdockercontainers + readOnly: true + - mountPath: /var/log + name: varlog + readOnly: true + - mountPath: /hostfs/etc/passwd + name: passwd + readOnly: true + - mountPath: /hostfs/etc/group + name: group + readOnly: true + - mountPath: /hostfs/etc/systemd + name: etcsysmd + readOnly: true + dnsPolicy: ClusterFirstWithHostNet + hostNetwork: true + serviceAccountName: cloudbeat + terminationGracePeriodSeconds: 30 + volumes: + - name: elastic-package-ca + secret: + defaultMode: 420 + secretName: elastic-package-certs-ffg5hm6k7b + - hostPath: + path: /proc + name: proc + - hostPath: + path: /etc/kubernetes + name: etc-kubernetes + - hostPath: + path: /var/lib + name: var-lib + - hostPath: + path: /etc/passwd + name: passwd + - hostPath: + path: /etc/group + name: group + - hostPath: + path: /sys/fs/cgroup + name: cgroup + - hostPath: + path: /var/lib/docker/containers + name: varlibdockercontainers + - hostPath: + path: /var/log + name: varlog + - hostPath: + path: /etc/systemd + name: etcsysmd + - configMap: + defaultMode: 416 + name: cloudbeat-daemonset-config + name: config From ae0699251ac58032d2f399444749a18e37f0f367 Mon Sep 17 00:00:00 2001 From: ofiriro3 Date: Sun, 12 Feb 2023 19:07:34 +0200 Subject: [PATCH 024/105] Another try --- .github/workflows/weekly-enviroment.yml | 11 +++++++---- 1 file changed, 7 insertions(+), 4 deletions(-) diff --git a/.github/workflows/weekly-enviroment.yml b/.github/workflows/weekly-enviroment.yml index 726b9fe19e..246aafa3dc 100644 --- a/.github/workflows/weekly-enviroment.yml +++ b/.github/workflows/weekly-enviroment.yml @@ -92,12 +92,15 @@ jobs: - name: Deploy KSPM vanilla Agent to EC2 id: deploy_ksmp working-directory: ${{ env.SCRIPTS_DIR }} + env: + EC2_PUBLIC_IP: ${{ secrets.EC2_PUBLIC_IP }} + EC2_SECRET: ${{ secrets.EC2_SECRET }} run: | - echo ${{secrets.EC2_SECRET}} > weekly-key.pem && chmod 600 weekly-key.pem + echo "$EC2_SECRET" > weekly-key.pem && chmod 600 weekly-key.pem touch from_ci.txt - scp -i weekly-key.pem from_ci.txt "ubuntu@${{secrets.EC2_PUBLIC_IP}}:~/." - scp -i weekly-key.pem manifest.yaml "ubuntu@${{secrets.EC2_PUBLIC_IP}}:~/." - ssh -i weekly-key.pem "ubuntu@${{secrets.EC2_PUBLIC_IP}}" "ls -l" + scp -i weekly-key.pem from_ci.txt "ubuntu@${EC2_PUBLIC_IP}:~/." + scp -i weekly-key.pem manifest.yaml "ubuntu@${EC2_PUBLIC_IP}:~/." + ssh -i weekly-key.pem "ubuntu@${EC2_PUBLIC_IP}" "ls -l" # Once https://github.com/slackapi/slack-github-action/issues/84 will be resolved we can push the payload to a different file - name: Send custom JSON data to Slack workflow From 52b55ac4ae9d425aa08c000970b1f8a0ce29119e Mon Sep 17 00:00:00 2001 From: ofiriro3 Date: Sun, 12 Feb 2023 19:44:35 +0200 Subject: [PATCH 025/105] updating deployment file --- .github/workflows/weekly-enviroment.yml | 15 +- deploy/weekly-environment/cloudbeat-ds.yaml | 412 -------------------- 2 files changed, 12 insertions(+), 415 deletions(-) delete mode 100644 deploy/weekly-environment/cloudbeat-ds.yaml diff --git a/.github/workflows/weekly-enviroment.yml b/.github/workflows/weekly-enviroment.yml index 246aafa3dc..c71f4c5839 100644 --- a/.github/workflows/weekly-enviroment.yml +++ b/.github/workflows/weekly-enviroment.yml @@ -89,6 +89,15 @@ jobs: run: | cat manifest.yaml + - name: Replace the agent image + id: replace_agent_image + working-directory: ${{ env.SCRIPTS_DIR }} + run: | + cp manifest.yaml manifest-2.yaml + sed -i '' "s/^\( *image: *\).*/\1ofir_image/" manifest-2.yaml + cat manifest-2.yaml + diff manifest.yaml manifest-2.yaml + - name: Deploy KSPM vanilla Agent to EC2 id: deploy_ksmp working-directory: ${{ env.SCRIPTS_DIR }} @@ -98,9 +107,9 @@ jobs: run: | echo "$EC2_SECRET" > weekly-key.pem && chmod 600 weekly-key.pem touch from_ci.txt - scp -i weekly-key.pem from_ci.txt "ubuntu@${EC2_PUBLIC_IP}:~/." - scp -i weekly-key.pem manifest.yaml "ubuntu@${EC2_PUBLIC_IP}:~/." - ssh -i weekly-key.pem "ubuntu@${EC2_PUBLIC_IP}" "ls -l" + scp -i "$EC2_SECRET" from_ci.txt "ubuntu@${EC2_PUBLIC_IP}:~/." + scp -i "$EC2_SECRET" manifest.yaml "ubuntu@${EC2_PUBLIC_IP}:~/." + ssh -i "$EC2_SECRET" "ubuntu@${EC2_PUBLIC_IP}" "ls -l" # Once https://github.com/slackapi/slack-github-action/issues/84 will be resolved we can push the payload to a different file - name: Send custom JSON data to Slack workflow diff --git a/deploy/weekly-environment/cloudbeat-ds.yaml b/deploy/weekly-environment/cloudbeat-ds.yaml deleted file mode 100644 index b6b69b2a93..0000000000 --- a/deploy/weekly-environment/cloudbeat-ds.yaml +++ /dev/null @@ -1,412 +0,0 @@ -apiVersion: v1 -kind: ServiceAccount -metadata: - labels: - k8s-app: cloudbeat - name: cloudbeat - namespace: kube-system ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: Role -metadata: - labels: - k8s-app: cloudbeat - name: cloudbeat-kubeadm-config - namespace: kube-system -rules: -- apiGroups: - - "" - resourceNames: - - kubeadm-config - resources: - - configmaps - verbs: - - get ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: Role -metadata: - labels: - k8s-app: cloudbeat - name: cloudbeat-role - namespace: kube-system -rules: -- apiGroups: - - coordination.k8s.io - resources: - - leases - verbs: - - get - - create - - update ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - labels: - k8s-app: cloudbeat - name: cloudbeat -rules: -- apiGroups: - - "" - resources: - - nodes - - namespaces - - events - - pods - - services - - configmaps - - serviceaccounts - verbs: - - get - - list - - watch -- apiGroups: - - extensions - resources: - - replicasets - verbs: - - get - - list - - watch -- apiGroups: - - apps - resources: - - statefulsets - - deployments - - replicasets - verbs: - - get - - list - - watch -- apiGroups: - - batch - resources: - - jobs - verbs: - - get - - list - - watch -- apiGroups: - - "" - resources: - - nodes/stats - verbs: - - get -- nonResourceURLs: - - /metrics - verbs: - - get -- apiGroups: - - rbac.authorization.k8s.io - resources: - - clusterrolebindings - - clusterroles - - rolebindings - - roles - verbs: - - get - - list - - watch -- apiGroups: - - networking.k8s.io - resources: - - ingressclasses - - ingresses - - networkpolicies - verbs: - - get - - list - - watch -- apiGroups: - - policy - resources: - - podsecuritypolicies - verbs: - - get - - list - - watch ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: RoleBinding -metadata: - name: cloudbeat-kubeadm-config - namespace: kube-system -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: Role - name: cloudbeat-kubeadm-config -subjects: -- kind: ServiceAccount - name: cloudbeat - namespace: kube-system ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: RoleBinding -metadata: - name: cloudbeat-role-binding - namespace: kube-system -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: Role - name: cloudbeat-role -subjects: -- kind: ServiceAccount - name: cloudbeat - namespace: kube-system ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - name: cloudbeat -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: cluster-admin -subjects: -- kind: ServiceAccount - name: cloudbeat - namespace: kube-system ---- -apiVersion: v1 -data: - cloudbeat.yml: | - cloudbeat: - config: - v1: - benchmark: cis_k8s - type: - cloudbeat/cis_k8s - # Defines how often an event is sent to the output - period: 30s - fetchers: - - name: kube-api - - name: process - directory: "/hostfs" - processes: - etcd: - kube-apiserver: - kube-controller: - kube-scheduler: - kubelet: - config-file-arguments: - - config - - name: file-system - patterns: - [ - "/hostfs/etc/kubernetes/scheduler.conf", - "/hostfs/etc/kubernetes/controller-manager.conf", - "/hostfs/etc/kubernetes/admin.conf", - "/hostfs/etc/kubernetes/kubelet.conf", - "/hostfs/etc/kubernetes/manifests/etcd.yaml", - "/hostfs/etc/kubernetes/manifests/kube-apiserver.yaml", - "/hostfs/etc/kubernetes/manifests/kube-controller-manager.yaml", - "/hostfs/etc/kubernetes/manifests/kube-scheduler.yaml", - "/hostfs/etc/systemd/system/kubelet.service.d/10-kubeadm.conf", - "/hostfs/etc/kubernetes/pki/*", - "/hostfs/var/lib/kubelet/config.yaml", - "/hostfs/var/lib/etcd", - "/hostfs/etc/kubernetes/pki", - ] - # =================================== Kibana =================================== - setup.kibana: - # Kibana Host - host: "http://host.docker.internal:5601" - # =============================== Elastic Cloud ================================ - - # These settings simplify using Cloudbeat with the Elastic Cloud (https://cloud.elastic.co/). - - # The cloud.id setting overwrites the `output.elasticsearch.hosts` and - # `setup.kibana.host` options. - # You can find the `cloud.id` in the Elastic Cloud web UI. - #cloud.id: - - # The cloud.auth setting overwrites the `output.elasticsearch.username` and - # `output.elasticsearch.password` settings. The format is `:`. - #cloud.auth: - - # ---------------------------- Elasticsearch Output ---------------------------- - output.elasticsearch: - # Array of hosts to connect to. - hosts: ${ES_HOST} - - # Protocol - either `http` (default) or `https`. - #protocol: "https" - - # Authentication credentials - either API key or username/password. - #api_key: "id:api_key" - username: ${ES_USERNAME} - password: ${ES_PASSWORD} - - # Enable to allow sending output to older ES versions - allow_older_versions: true - - # ================================= Processors ================================= - processors: - - add_host_metadata: ~ - - add_cloud_metadata: ~ - - add_docker_metadata: ~ - - add_cluster_id: ~ - - # Sets log level. The default log level is info. - # Available log levels are: error, warning, info, debug - logging.level: debug - # Enable debug output for selected components. To enable all selectors use ["*"] - # Other available selectors are "beat", "publisher", "service" - # Multiple selectors can be chained. - #logging.selectors: ["publisher"] - - # Send all logging output to stderr. The default is false. - #logging.to_stderr: false -kind: ConfigMap -metadata: - labels: - k8s-app: cloudbeat - name: cloudbeat-daemonset-config - namespace: kube-system ---- -apiVersion: v1 -data: - ca-cert.pem: | - LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUJmRENDQVNLZ0F3SUJBZ0lRVWJwbD - grMUtWNUhoYWNqSGszazUyekFLQmdncWhrak9QUVFEQWpBZE1Sc3cKR1FZRFZRUURFeEps - YkdGemRHbGpMWEJoWTJ0aFoyVWdRMEV3SUJjTk1qSXhNVEEyTURnMU1USXpXaGdQTWpFeQ - pNakV3TVRNd09EVXhNak5hTUIweEd6QVpCZ05WQkFNVEVtVnNZWE4wYVdNdGNHRmphMkZu - WlNCRFFUQlpNQk1HCkJ5cUdTTTQ5QWdFR0NDcUdTTTQ5QXdFSEEwSUFCT3BLU3lYTFpKan - hQK1Zlay9sdVUvYUovMGVWOVl3elloSDYKazhBWkZjU2JWY2oxalNGZk5RNENoSzRxNXVG - ZDIvLzN5blFnK1JtbXlTVnFqbWp0SHNlalFqQkFNQTRHQTFVZApEd0VCL3dRRUF3SUJwak - FQQmdOVkhSTUJBZjhFQlRBREFRSC9NQjBHQTFVZERnUVdCQlMxUy9oQmtCcE1uTEdlCkRq - VU94d3BKUzRMRkZEQUtCZ2dxaGtqT1BRUURBZ05JQURCRkFpRUF6S2EzUmlhdnUxOE5qNG - 5SdVd0NW0vS1AKN213T2JtTDhnL09HVTRxRXVoY0NJSDQxZkNQNnVQR3FVaFd0V1I3aXQ2 - aVhXajMvbkQyaUY5Q05CK2UvWm8yUwotLS0tLUVORCBDRVJUSUZJQ0FURS0tLS0tCg== -kind: Secret -metadata: - name: elastic-package-certs-ffg5hm6k7b - namespace: kube-system -type: Opaque ---- -apiVersion: apps/v1 -kind: DaemonSet -metadata: - labels: - k8s-app: cloudbeat - name: cloudbeat - namespace: kube-system -spec: - selector: - matchLabels: - k8s-app: cloudbeat - template: - metadata: - labels: - k8s-app: cloudbeat - spec: - containers: - - env: - - name: ES_HOST - value: https://elasticsearch:9200 - - name: KIBANA_HOST - value: https://kibana:5601 - - name: SSL_CERT_DIR - value: /etc/ssl/elastic-package - - name: CLOUDBEAT_TYPE - value: cloudbeat/cis_k8s - - name: ES_USERNAME - value: elastic - - name: ES_PASSWORD - value: changeme - - name: ELASTIC_CLOUD_ID - value: none - - name: ELASTIC_CLOUD_AUTH - value: none - - name: NODE_NAME - valueFrom: - fieldRef: - fieldPath: spec.nodeName - - name: POD_NAME - valueFrom: - fieldRef: - fieldPath: metadata.name - image: cloudbeat:latest - imagePullPolicy: IfNotPresent - name: cloudbeat - resources: - requests: - cpu: 100m - memory: 100Mi - securityContext: - runAsUser: 0 - volumeMounts: - - mountPath: /etc/ssl/elastic-package - name: elastic-package-ca - readOnly: true - - mountPath: /cloudbeat.yml - name: config - readOnly: true - subPath: cloudbeat.yml - - mountPath: /hostfs/proc - name: proc - readOnly: true - - mountPath: /hostfs/etc/kubernetes - name: etc-kubernetes - - mountPath: /hostfs/var/lib - name: var-lib - readOnly: true - - mountPath: /hostfs/sys/fs/cgroup - name: cgroup - readOnly: true - - mountPath: /var/lib/docker/containers - name: varlibdockercontainers - readOnly: true - - mountPath: /var/log - name: varlog - readOnly: true - - mountPath: /hostfs/etc/passwd - name: passwd - readOnly: true - - mountPath: /hostfs/etc/group - name: group - readOnly: true - - mountPath: /hostfs/etc/systemd - name: etcsysmd - readOnly: true - dnsPolicy: ClusterFirstWithHostNet - hostNetwork: true - serviceAccountName: cloudbeat - terminationGracePeriodSeconds: 30 - volumes: - - name: elastic-package-ca - secret: - defaultMode: 420 - secretName: elastic-package-certs-ffg5hm6k7b - - hostPath: - path: /proc - name: proc - - hostPath: - path: /etc/kubernetes - name: etc-kubernetes - - hostPath: - path: /var/lib - name: var-lib - - hostPath: - path: /etc/passwd - name: passwd - - hostPath: - path: /etc/group - name: group - - hostPath: - path: /sys/fs/cgroup - name: cgroup - - hostPath: - path: /var/lib/docker/containers - name: varlibdockercontainers - - hostPath: - path: /var/log - name: varlog - - hostPath: - path: /etc/systemd - name: etcsysmd - - configMap: - defaultMode: 416 - name: cloudbeat-daemonset-config - name: config From 9adc67cf66683f114c5768bae701bc45051c2106 Mon Sep 17 00:00:00 2001 From: ofiriro3 Date: Sun, 12 Feb 2023 20:31:25 +0200 Subject: [PATCH 026/105] Remove image replacement --- .github/workflows/weekly-enviroment.yml | 16 ++++++++-------- 1 file changed, 8 insertions(+), 8 deletions(-) diff --git a/.github/workflows/weekly-enviroment.yml b/.github/workflows/weekly-enviroment.yml index c71f4c5839..30b8caeea3 100644 --- a/.github/workflows/weekly-enviroment.yml +++ b/.github/workflows/weekly-enviroment.yml @@ -89,14 +89,14 @@ jobs: run: | cat manifest.yaml - - name: Replace the agent image - id: replace_agent_image - working-directory: ${{ env.SCRIPTS_DIR }} - run: | - cp manifest.yaml manifest-2.yaml - sed -i '' "s/^\( *image: *\).*/\1ofir_image/" manifest-2.yaml - cat manifest-2.yaml - diff manifest.yaml manifest-2.yaml +# - name: Replace the agent image +# id: replace_agent_image +# working-directory: ${{ env.SCRIPTS_DIR }} +# run: | +# cp manifest.yaml manifest-2.yaml +# sed -i '' "s/^\( *image: *\).*/\1ofir_image/" manifest-2.yaml +# cat manifest-2.yaml +# diff manifest.yaml manifest-2.yaml - name: Deploy KSPM vanilla Agent to EC2 id: deploy_ksmp From a14ad1d7854d9695c85f5aae94ba7c849e191d40 Mon Sep 17 00:00:00 2001 From: ofiriro3 Date: Mon, 13 Feb 2023 09:53:06 +0200 Subject: [PATCH 027/105] Remove secret echo to file --- .github/workflows/weekly-enviroment.yml | 1 - 1 file changed, 1 deletion(-) diff --git a/.github/workflows/weekly-enviroment.yml b/.github/workflows/weekly-enviroment.yml index 30b8caeea3..56cca1fe89 100644 --- a/.github/workflows/weekly-enviroment.yml +++ b/.github/workflows/weekly-enviroment.yml @@ -105,7 +105,6 @@ jobs: EC2_PUBLIC_IP: ${{ secrets.EC2_PUBLIC_IP }} EC2_SECRET: ${{ secrets.EC2_SECRET }} run: | - echo "$EC2_SECRET" > weekly-key.pem && chmod 600 weekly-key.pem touch from_ci.txt scp -i "$EC2_SECRET" from_ci.txt "ubuntu@${EC2_PUBLIC_IP}:~/." scp -i "$EC2_SECRET" manifest.yaml "ubuntu@${EC2_PUBLIC_IP}:~/." From 1006b22a857a49d1f196516ee34d63a11042fb62 Mon Sep 17 00:00:00 2001 From: ofiriro3 Date: Mon, 13 Feb 2023 10:33:51 +0200 Subject: [PATCH 028/105] Trying to solve ssh issue --- .github/workflows/weekly-enviroment.yml | 92 ++++++++++++------------- 1 file changed, 46 insertions(+), 46 deletions(-) diff --git a/.github/workflows/weekly-enviroment.yml b/.github/workflows/weekly-enviroment.yml index 56cca1fe89..1782eda21b 100644 --- a/.github/workflows/weekly-enviroment.yml +++ b/.github/workflows/weekly-enviroment.yml @@ -44,50 +44,50 @@ jobs: terraform_version: 1.3.5 terraform_wrapper: false - - name: Terraform fmt - id: fmt - run: terraform fmt -check - continue-on-error: true - - - name: Terraform Init - id: init - run: terraform init -no-color - - - name: Terraform Validate - id: validate - run: terraform validate -no-color - - - name: Deploy Elastic Cloud - id: apply - run: terraform apply --auto-approve - - - name: Set terraform output as env variable - id: kibana_url - run: | - echo "KIBANA_URL=$(terraform output kibana_url)" >> $GITHUB_ENV - - - name: Set sensitive terraform output as env variable - id: set_sensitive_output - run: | - export ELASTICSEARCH_USERNAME=$(terraform output elasticsearch_username) - echo "::add-mask::$ELASTICSEARCH_USERNAME" - echo "ELASTICSEARCH_USERNAME=$ELASTICSEARCH_USERNAME" >> $GITHUB_ENV - - export ELASTICSEARCH_PASSWORD=$(terraform output elasticsearch_password) - echo "::add-mask::$ELASTICSEARCH_PASSWORD" - echo "ELASTICSEARCH_PASSWORD=$ELASTICSEARCH_PASSWORD" >> $GITHUB_ENV - - - name: Install KSPM vanilla integration - id: install_vanilla_integration - working-directory: ${{ env.SCRIPTS_DIR }} - run: | - ./install-kspm-vanilla-integration.sh ${{ env.KIBANA_URL }} ${{ env.ELASTICSEARCH_PASSWORD }} +# - name: Terraform fmt +# id: fmt +# run: terraform fmt -check +# continue-on-error: true +# +# - name: Terraform Init +# id: init +# run: terraform init -no-color +# +# - name: Terraform Validate +# id: validate +# run: terraform validate -no-color +# +# - name: Deploy Elastic Cloud +# id: apply +# run: terraform apply --auto-approve +# +# - name: Set terraform output as env variable +# id: kibana_url +# run: | +# echo "KIBANA_URL=$(terraform output kibana_url)" >> $GITHUB_ENV +# +# - name: Set sensitive terraform output as env variable +# id: set_sensitive_output +# run: | +# export ELASTICSEARCH_USERNAME=$(terraform output elasticsearch_username) +# echo "::add-mask::$ELASTICSEARCH_USERNAME" +# echo "ELASTICSEARCH_USERNAME=$ELASTICSEARCH_USERNAME" >> $GITHUB_ENV +# +# export ELASTICSEARCH_PASSWORD=$(terraform output elasticsearch_password) +# echo "::add-mask::$ELASTICSEARCH_PASSWORD" +# echo "ELASTICSEARCH_PASSWORD=$ELASTICSEARCH_PASSWORD" >> $GITHUB_ENV +# +# - name: Install KSPM vanilla integration +# id: install_vanilla_integration +# working-directory: ${{ env.SCRIPTS_DIR }} +# run: | +# ./install-kspm-vanilla-integration.sh ${{ env.KIBANA_URL }} ${{ env.ELASTICSEARCH_PASSWORD }} - - name: Show manifest file - id: manifest_file - working-directory: ${{ env.SCRIPTS_DIR }} - run: | - cat manifest.yaml +# - name: Show manifest file +# id: manifest_file +# working-directory: ${{ env.SCRIPTS_DIR }} +# run: | +# cat manifest.yaml # - name: Replace the agent image # id: replace_agent_image @@ -106,9 +106,9 @@ jobs: EC2_SECRET: ${{ secrets.EC2_SECRET }} run: | touch from_ci.txt - scp -i "$EC2_SECRET" from_ci.txt "ubuntu@${EC2_PUBLIC_IP}:~/." - scp -i "$EC2_SECRET" manifest.yaml "ubuntu@${EC2_PUBLIC_IP}:~/." - ssh -i "$EC2_SECRET" "ubuntu@${EC2_PUBLIC_IP}" "ls -l" + scp -i "$EC2_SECRET" -o StrictHostKeyChecking=no from_ci.txt "ubuntu@${EC2_PUBLIC_IP}:~/." +# scp -i "$EC2_SECRET" manifest.yaml "ubuntu@${EC2_PUBLIC_IP}:~/." + ssh -i "$EC2_SECRET" -o StrictHostKeyChecking=no "ubuntu@${EC2_PUBLIC_IP}" "ls -l" # Once https://github.com/slackapi/slack-github-action/issues/84 will be resolved we can push the payload to a different file - name: Send custom JSON data to Slack workflow From d0b9bc7befa555d16646ec4dfd6d0d0682129361 Mon Sep 17 00:00:00 2001 From: ofiriro3 Date: Mon, 13 Feb 2023 10:39:32 +0200 Subject: [PATCH 029/105] Trying to solve ssh issue --- .github/workflows/weekly-enviroment.yml | 1 - 1 file changed, 1 deletion(-) diff --git a/.github/workflows/weekly-enviroment.yml b/.github/workflows/weekly-enviroment.yml index 1782eda21b..f405683728 100644 --- a/.github/workflows/weekly-enviroment.yml +++ b/.github/workflows/weekly-enviroment.yml @@ -97,7 +97,6 @@ jobs: # sed -i '' "s/^\( *image: *\).*/\1ofir_image/" manifest-2.yaml # cat manifest-2.yaml # diff manifest.yaml manifest-2.yaml - - name: Deploy KSPM vanilla Agent to EC2 id: deploy_ksmp working-directory: ${{ env.SCRIPTS_DIR }} From d71688f3232c957ad44a982d831a3c628901f5f6 Mon Sep 17 00:00:00 2001 From: ofiriro3 Date: Mon, 13 Feb 2023 10:40:47 +0200 Subject: [PATCH 030/105] Adding the entire flow --- .github/workflows/weekly-enviroment.yml | 114 ++++++++++++------------ 1 file changed, 58 insertions(+), 56 deletions(-) diff --git a/.github/workflows/weekly-enviroment.yml b/.github/workflows/weekly-enviroment.yml index f405683728..c71f4c5839 100644 --- a/.github/workflows/weekly-enviroment.yml +++ b/.github/workflows/weekly-enviroment.yml @@ -44,59 +44,60 @@ jobs: terraform_version: 1.3.5 terraform_wrapper: false -# - name: Terraform fmt -# id: fmt -# run: terraform fmt -check -# continue-on-error: true -# -# - name: Terraform Init -# id: init -# run: terraform init -no-color -# -# - name: Terraform Validate -# id: validate -# run: terraform validate -no-color -# -# - name: Deploy Elastic Cloud -# id: apply -# run: terraform apply --auto-approve -# -# - name: Set terraform output as env variable -# id: kibana_url -# run: | -# echo "KIBANA_URL=$(terraform output kibana_url)" >> $GITHUB_ENV -# -# - name: Set sensitive terraform output as env variable -# id: set_sensitive_output -# run: | -# export ELASTICSEARCH_USERNAME=$(terraform output elasticsearch_username) -# echo "::add-mask::$ELASTICSEARCH_USERNAME" -# echo "ELASTICSEARCH_USERNAME=$ELASTICSEARCH_USERNAME" >> $GITHUB_ENV -# -# export ELASTICSEARCH_PASSWORD=$(terraform output elasticsearch_password) -# echo "::add-mask::$ELASTICSEARCH_PASSWORD" -# echo "ELASTICSEARCH_PASSWORD=$ELASTICSEARCH_PASSWORD" >> $GITHUB_ENV -# -# - name: Install KSPM vanilla integration -# id: install_vanilla_integration -# working-directory: ${{ env.SCRIPTS_DIR }} -# run: | -# ./install-kspm-vanilla-integration.sh ${{ env.KIBANA_URL }} ${{ env.ELASTICSEARCH_PASSWORD }} - -# - name: Show manifest file -# id: manifest_file -# working-directory: ${{ env.SCRIPTS_DIR }} -# run: | -# cat manifest.yaml - -# - name: Replace the agent image -# id: replace_agent_image -# working-directory: ${{ env.SCRIPTS_DIR }} -# run: | -# cp manifest.yaml manifest-2.yaml -# sed -i '' "s/^\( *image: *\).*/\1ofir_image/" manifest-2.yaml -# cat manifest-2.yaml -# diff manifest.yaml manifest-2.yaml + - name: Terraform fmt + id: fmt + run: terraform fmt -check + continue-on-error: true + + - name: Terraform Init + id: init + run: terraform init -no-color + + - name: Terraform Validate + id: validate + run: terraform validate -no-color + + - name: Deploy Elastic Cloud + id: apply + run: terraform apply --auto-approve + + - name: Set terraform output as env variable + id: kibana_url + run: | + echo "KIBANA_URL=$(terraform output kibana_url)" >> $GITHUB_ENV + + - name: Set sensitive terraform output as env variable + id: set_sensitive_output + run: | + export ELASTICSEARCH_USERNAME=$(terraform output elasticsearch_username) + echo "::add-mask::$ELASTICSEARCH_USERNAME" + echo "ELASTICSEARCH_USERNAME=$ELASTICSEARCH_USERNAME" >> $GITHUB_ENV + + export ELASTICSEARCH_PASSWORD=$(terraform output elasticsearch_password) + echo "::add-mask::$ELASTICSEARCH_PASSWORD" + echo "ELASTICSEARCH_PASSWORD=$ELASTICSEARCH_PASSWORD" >> $GITHUB_ENV + + - name: Install KSPM vanilla integration + id: install_vanilla_integration + working-directory: ${{ env.SCRIPTS_DIR }} + run: | + ./install-kspm-vanilla-integration.sh ${{ env.KIBANA_URL }} ${{ env.ELASTICSEARCH_PASSWORD }} + + - name: Show manifest file + id: manifest_file + working-directory: ${{ env.SCRIPTS_DIR }} + run: | + cat manifest.yaml + + - name: Replace the agent image + id: replace_agent_image + working-directory: ${{ env.SCRIPTS_DIR }} + run: | + cp manifest.yaml manifest-2.yaml + sed -i '' "s/^\( *image: *\).*/\1ofir_image/" manifest-2.yaml + cat manifest-2.yaml + diff manifest.yaml manifest-2.yaml + - name: Deploy KSPM vanilla Agent to EC2 id: deploy_ksmp working-directory: ${{ env.SCRIPTS_DIR }} @@ -104,10 +105,11 @@ jobs: EC2_PUBLIC_IP: ${{ secrets.EC2_PUBLIC_IP }} EC2_SECRET: ${{ secrets.EC2_SECRET }} run: | + echo "$EC2_SECRET" > weekly-key.pem && chmod 600 weekly-key.pem touch from_ci.txt - scp -i "$EC2_SECRET" -o StrictHostKeyChecking=no from_ci.txt "ubuntu@${EC2_PUBLIC_IP}:~/." -# scp -i "$EC2_SECRET" manifest.yaml "ubuntu@${EC2_PUBLIC_IP}:~/." - ssh -i "$EC2_SECRET" -o StrictHostKeyChecking=no "ubuntu@${EC2_PUBLIC_IP}" "ls -l" + scp -i "$EC2_SECRET" from_ci.txt "ubuntu@${EC2_PUBLIC_IP}:~/." + scp -i "$EC2_SECRET" manifest.yaml "ubuntu@${EC2_PUBLIC_IP}:~/." + ssh -i "$EC2_SECRET" "ubuntu@${EC2_PUBLIC_IP}" "ls -l" # Once https://github.com/slackapi/slack-github-action/issues/84 will be resolved we can push the payload to a different file - name: Send custom JSON data to Slack workflow From 4ab1da7cd6155c2e22bcc47a0998d3627a29f36a Mon Sep 17 00:00:00 2001 From: ofiriro3 Date: Mon, 13 Feb 2023 10:48:53 +0200 Subject: [PATCH 031/105] Comment out terraform --- .github/workflows/weekly-enviroment.yml | 107 ++++++++++++------------ 1 file changed, 54 insertions(+), 53 deletions(-) diff --git a/.github/workflows/weekly-enviroment.yml b/.github/workflows/weekly-enviroment.yml index c71f4c5839..cbe883593c 100644 --- a/.github/workflows/weekly-enviroment.yml +++ b/.github/workflows/weekly-enviroment.yml @@ -1,3 +1,4 @@ + name: Weekly environment deployment on: @@ -44,59 +45,59 @@ jobs: terraform_version: 1.3.5 terraform_wrapper: false - - name: Terraform fmt - id: fmt - run: terraform fmt -check - continue-on-error: true - - - name: Terraform Init - id: init - run: terraform init -no-color - - - name: Terraform Validate - id: validate - run: terraform validate -no-color - - - name: Deploy Elastic Cloud - id: apply - run: terraform apply --auto-approve - - - name: Set terraform output as env variable - id: kibana_url - run: | - echo "KIBANA_URL=$(terraform output kibana_url)" >> $GITHUB_ENV - - - name: Set sensitive terraform output as env variable - id: set_sensitive_output - run: | - export ELASTICSEARCH_USERNAME=$(terraform output elasticsearch_username) - echo "::add-mask::$ELASTICSEARCH_USERNAME" - echo "ELASTICSEARCH_USERNAME=$ELASTICSEARCH_USERNAME" >> $GITHUB_ENV - - export ELASTICSEARCH_PASSWORD=$(terraform output elasticsearch_password) - echo "::add-mask::$ELASTICSEARCH_PASSWORD" - echo "ELASTICSEARCH_PASSWORD=$ELASTICSEARCH_PASSWORD" >> $GITHUB_ENV - - - name: Install KSPM vanilla integration - id: install_vanilla_integration - working-directory: ${{ env.SCRIPTS_DIR }} - run: | - ./install-kspm-vanilla-integration.sh ${{ env.KIBANA_URL }} ${{ env.ELASTICSEARCH_PASSWORD }} - - - name: Show manifest file - id: manifest_file - working-directory: ${{ env.SCRIPTS_DIR }} - run: | - cat manifest.yaml - - - name: Replace the agent image - id: replace_agent_image - working-directory: ${{ env.SCRIPTS_DIR }} - run: | - cp manifest.yaml manifest-2.yaml - sed -i '' "s/^\( *image: *\).*/\1ofir_image/" manifest-2.yaml - cat manifest-2.yaml - diff manifest.yaml manifest-2.yaml +# - name: Terraform fmt +# id: fmt +# run: terraform fmt -check +# continue-on-error: true +# +# - name: Terraform Init +# id: init +# run: terraform init -no-color +# +# - name: Terraform Validate +# id: validate +# run: terraform validate -no-color +# +# - name: Deploy Elastic Cloud +# id: apply +# run: terraform apply --auto-approve +# +# - name: Set terraform output as env variable +# id: kibana_url +# run: | +# echo "KIBANA_URL=$(terraform output kibana_url)" >> $GITHUB_ENV +# +# - name: Set sensitive terraform output as env variable +# id: set_sensitive_output +# run: | +# export ELASTICSEARCH_USERNAME=$(terraform output elasticsearch_username) +# echo "::add-mask::$ELASTICSEARCH_USERNAME" +# echo "ELASTICSEARCH_USERNAME=$ELASTICSEARCH_USERNAME" >> $GITHUB_ENV +# +# export ELASTICSEARCH_PASSWORD=$(terraform output elasticsearch_password) +# echo "::add-mask::$ELASTICSEARCH_PASSWORD" +# echo "ELASTICSEARCH_PASSWORD=$ELASTICSEARCH_PASSWORD" >> $GITHUB_ENV +# +# - name: Install KSPM vanilla integration +# id: install_vanilla_integration +# working-directory: ${{ env.SCRIPTS_DIR }} +# run: | +# ./install-kspm-vanilla-integration.sh ${{ env.KIBANA_URL }} ${{ env.ELASTICSEARCH_PASSWORD }} +# +# - name: Show manifest file +# id: manifest_file +# working-directory: ${{ env.SCRIPTS_DIR }} +# run: | +# cat manifest.yaml +# +# - name: Replace the agent image +# id: replace_agent_image +# working-directory: ${{ env.SCRIPTS_DIR }} +# run: | +# cp manifest.yaml manifest-2.yaml +# sed -i '' "s/^\( *image: *\).*/\1ofir_image/" manifest-2.yaml +# cat manifest-2.yaml +# diff manifest.yaml manifest-2.yaml - name: Deploy KSPM vanilla Agent to EC2 id: deploy_ksmp From e821839f3ea3a1b579710ac94ca6f61462d50119 Mon Sep 17 00:00:00 2001 From: ofiriro3 Date: Mon, 13 Feb 2023 10:51:16 +0200 Subject: [PATCH 032/105] Remove echo --- .github/workflows/weekly-enviroment.yml | 1 - 1 file changed, 1 deletion(-) diff --git a/.github/workflows/weekly-enviroment.yml b/.github/workflows/weekly-enviroment.yml index cbe883593c..42903ddff6 100644 --- a/.github/workflows/weekly-enviroment.yml +++ b/.github/workflows/weekly-enviroment.yml @@ -106,7 +106,6 @@ jobs: EC2_PUBLIC_IP: ${{ secrets.EC2_PUBLIC_IP }} EC2_SECRET: ${{ secrets.EC2_SECRET }} run: | - echo "$EC2_SECRET" > weekly-key.pem && chmod 600 weekly-key.pem touch from_ci.txt scp -i "$EC2_SECRET" from_ci.txt "ubuntu@${EC2_PUBLIC_IP}:~/." scp -i "$EC2_SECRET" manifest.yaml "ubuntu@${EC2_PUBLIC_IP}:~/." From 93ef6630c7c13a16b98d197cc80a90dfc971a871 Mon Sep 17 00:00:00 2001 From: ofiriro3 Date: Mon, 13 Feb 2023 10:52:27 +0200 Subject: [PATCH 033/105] Strict host checking false --- .github/workflows/weekly-enviroment.yml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/.github/workflows/weekly-enviroment.yml b/.github/workflows/weekly-enviroment.yml index 42903ddff6..d3874d768c 100644 --- a/.github/workflows/weekly-enviroment.yml +++ b/.github/workflows/weekly-enviroment.yml @@ -107,9 +107,9 @@ jobs: EC2_SECRET: ${{ secrets.EC2_SECRET }} run: | touch from_ci.txt - scp -i "$EC2_SECRET" from_ci.txt "ubuntu@${EC2_PUBLIC_IP}:~/." - scp -i "$EC2_SECRET" manifest.yaml "ubuntu@${EC2_PUBLIC_IP}:~/." - ssh -i "$EC2_SECRET" "ubuntu@${EC2_PUBLIC_IP}" "ls -l" + scp -i "$EC2_SECRET" -o StrictHostKeyChecking=no from_ci.txt "ubuntu@${EC2_PUBLIC_IP}:~/." + scp -i "$EC2_SECRET" -o StrictHostKeyChecking=no manifest.yaml "ubuntu@${EC2_PUBLIC_IP}:~/." + ssh -i "$EC2_SECRET" -o StrictHostKeyChecking=no "ubuntu@${EC2_PUBLIC_IP}" "ls -l" # Once https://github.com/slackapi/slack-github-action/issues/84 will be resolved we can push the payload to a different file - name: Send custom JSON data to Slack workflow From 1c0e32330db7234e6cb5a471ba9017dfca6d7594 Mon Sep 17 00:00:00 2001 From: ofiriro3 Date: Mon, 13 Feb 2023 11:16:49 +0200 Subject: [PATCH 034/105] Trying to use package for copy the file --- .github/workflows/weekly-enviroment.yml | 15 +++++++++++++++ 1 file changed, 15 insertions(+) diff --git a/.github/workflows/weekly-enviroment.yml b/.github/workflows/weekly-enviroment.yml index d3874d768c..5e7f806870 100644 --- a/.github/workflows/weekly-enviroment.yml +++ b/.github/workflows/weekly-enviroment.yml @@ -98,6 +98,21 @@ jobs: # sed -i '' "s/^\( *image: *\).*/\1ofir_image/" manifest-2.yaml # cat manifest-2.yaml # diff manifest.yaml manifest-2.yaml +# + - name: Copy file to EC2 + working-directory: ${{ env.SCRIPTS_DIR }} + run: | + touch from_ci.txt + + - name: Copy file to EC2 + uses: appleboy/scp-action@master + working-directory: ${{ env.SCRIPTS_DIR }} + with: + host: ${{ secrets.EC2_PUBLIC_IP }} + username: ubuntu + key: ${{ secrets.EC2_SECRET }} + source: "from_ci.txt" + target: "test" - name: Deploy KSPM vanilla Agent to EC2 id: deploy_ksmp From b4ebb271ef902e8afb0113cb413160269d52c55f Mon Sep 17 00:00:00 2001 From: ofiriro3 Date: Mon, 13 Feb 2023 11:21:59 +0200 Subject: [PATCH 035/105] Remove working directory --- .github/workflows/weekly-enviroment.yml | 2 -- 1 file changed, 2 deletions(-) diff --git a/.github/workflows/weekly-enviroment.yml b/.github/workflows/weekly-enviroment.yml index 5e7f806870..6ef8fbbbed 100644 --- a/.github/workflows/weekly-enviroment.yml +++ b/.github/workflows/weekly-enviroment.yml @@ -100,13 +100,11 @@ jobs: # diff manifest.yaml manifest-2.yaml # - name: Copy file to EC2 - working-directory: ${{ env.SCRIPTS_DIR }} run: | touch from_ci.txt - name: Copy file to EC2 uses: appleboy/scp-action@master - working-directory: ${{ env.SCRIPTS_DIR }} with: host: ${{ secrets.EC2_PUBLIC_IP }} username: ubuntu From 7c854021e3484c16ce4e5238408dbd41a00a8596 Mon Sep 17 00:00:00 2001 From: ofiriro3 Date: Mon, 13 Feb 2023 11:23:56 +0200 Subject: [PATCH 036/105] Remove working directory --- .github/workflows/weekly-enviroment.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/weekly-enviroment.yml b/.github/workflows/weekly-enviroment.yml index 6ef8fbbbed..fdd110419a 100644 --- a/.github/workflows/weekly-enviroment.yml +++ b/.github/workflows/weekly-enviroment.yml @@ -110,7 +110,7 @@ jobs: username: ubuntu key: ${{ secrets.EC2_SECRET }} source: "from_ci.txt" - target: "test" + target: "." - name: Deploy KSPM vanilla Agent to EC2 id: deploy_ksmp From 8f99aee71ad9b24c68613740ed8357181e31d944 Mon Sep 17 00:00:00 2001 From: ofiriro3 Date: Mon, 13 Feb 2023 11:26:42 +0200 Subject: [PATCH 037/105] Update scp use --- .github/workflows/weekly-enviroment.yml | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/.github/workflows/weekly-enviroment.yml b/.github/workflows/weekly-enviroment.yml index fdd110419a..f67567d1ce 100644 --- a/.github/workflows/weekly-enviroment.yml +++ b/.github/workflows/weekly-enviroment.yml @@ -105,10 +105,11 @@ jobs: - name: Copy file to EC2 uses: appleboy/scp-action@master + env: + HOST: ${{ secrets.EC2_PUBLIC_IP }} + USERNAME: "ubuntu" + KEY: ${{ secrets.EC2_SECRET } with: - host: ${{ secrets.EC2_PUBLIC_IP }} - username: ubuntu - key: ${{ secrets.EC2_SECRET }} source: "from_ci.txt" target: "." From 7987fccf8945889bc83bf06d6933c66aa105c31c Mon Sep 17 00:00:00 2001 From: ofiriro3 Date: Mon, 13 Feb 2023 11:28:25 +0200 Subject: [PATCH 038/105] Update scp use --- .github/workflows/weekly-enviroment.yml | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/.github/workflows/weekly-enviroment.yml b/.github/workflows/weekly-enviroment.yml index f67567d1ce..fd55393193 100644 --- a/.github/workflows/weekly-enviroment.yml +++ b/.github/workflows/weekly-enviroment.yml @@ -120,7 +120,9 @@ jobs: EC2_PUBLIC_IP: ${{ secrets.EC2_PUBLIC_IP }} EC2_SECRET: ${{ secrets.EC2_SECRET }} run: | - touch from_ci.txt + touch from_ci_1.txt + scp -i ${{ secrets.EC2_PEM_KEY }} -o StrictHostKeyChecking=no from_ci_1.txt "ubuntu@${EC2_PUBLIC_IP}:~/." + scp -i "$EC2_SECRET" -o StrictHostKeyChecking=no from_ci.txt "ubuntu@${EC2_PUBLIC_IP}:~/." scp -i "$EC2_SECRET" -o StrictHostKeyChecking=no manifest.yaml "ubuntu@${EC2_PUBLIC_IP}:~/." ssh -i "$EC2_SECRET" -o StrictHostKeyChecking=no "ubuntu@${EC2_PUBLIC_IP}" "ls -l" From fa40cdf953c5b8266b32e662b88665546d1e5a12 Mon Sep 17 00:00:00 2001 From: ofiriro3 Date: Mon, 13 Feb 2023 11:30:28 +0200 Subject: [PATCH 039/105] Fixing Ci --- .github/workflows/weekly-enviroment.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/weekly-enviroment.yml b/.github/workflows/weekly-enviroment.yml index fd55393193..72b15878c6 100644 --- a/.github/workflows/weekly-enviroment.yml +++ b/.github/workflows/weekly-enviroment.yml @@ -108,7 +108,7 @@ jobs: env: HOST: ${{ secrets.EC2_PUBLIC_IP }} USERNAME: "ubuntu" - KEY: ${{ secrets.EC2_SECRET } + KEY: ${{ secrets.EC2_SECRET }} with: source: "from_ci.txt" target: "." From 8e5e4aef58048295ab3497ffe8ea5ad5dc2bdb82 Mon Sep 17 00:00:00 2001 From: ofiriro3 Date: Mon, 13 Feb 2023 11:32:29 +0200 Subject: [PATCH 040/105] Fixing Ci --- .github/workflows/weekly-enviroment.yml | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/.github/workflows/weekly-enviroment.yml b/.github/workflows/weekly-enviroment.yml index 72b15878c6..6c64b170c2 100644 --- a/.github/workflows/weekly-enviroment.yml +++ b/.github/workflows/weekly-enviroment.yml @@ -99,7 +99,7 @@ jobs: # cat manifest-2.yaml # diff manifest.yaml manifest-2.yaml # - - name: Copy file to EC2 + - name: Create new file run: | touch from_ci.txt @@ -112,6 +112,7 @@ jobs: with: source: "from_ci.txt" target: "." + strip_components: 1 - name: Deploy KSPM vanilla Agent to EC2 id: deploy_ksmp From af3a2a57d1985622223ee5150a3aa097fc3e08f5 Mon Sep 17 00:00:00 2001 From: ofiriro3 Date: Mon, 13 Feb 2023 11:33:59 +0200 Subject: [PATCH 041/105] Remove package --- .github/workflows/weekly-enviroment.yml | 22 +++++++++++----------- 1 file changed, 11 insertions(+), 11 deletions(-) diff --git a/.github/workflows/weekly-enviroment.yml b/.github/workflows/weekly-enviroment.yml index 6c64b170c2..cfc31f7b18 100644 --- a/.github/workflows/weekly-enviroment.yml +++ b/.github/workflows/weekly-enviroment.yml @@ -102,17 +102,17 @@ jobs: - name: Create new file run: | touch from_ci.txt - - - name: Copy file to EC2 - uses: appleboy/scp-action@master - env: - HOST: ${{ secrets.EC2_PUBLIC_IP }} - USERNAME: "ubuntu" - KEY: ${{ secrets.EC2_SECRET }} - with: - source: "from_ci.txt" - target: "." - strip_components: 1 +# +# - name: Copy file to EC2 +# uses: appleboy/scp-action@master +# env: +# HOST: ${{ secrets.EC2_PUBLIC_IP }} +# USERNAME: "ubuntu" +# KEY: ${{ secrets.EC2_SECRET }} +# with: +# source: "from_ci.txt" +# target: "." +# strip_components: 1 - name: Deploy KSPM vanilla Agent to EC2 id: deploy_ksmp From 39e9f591a94ea080b786382b263ac76a2a6587cd Mon Sep 17 00:00:00 2001 From: ofiriro3 Date: Mon, 13 Feb 2023 11:36:52 +0200 Subject: [PATCH 042/105] Updating ssh command --- .github/workflows/weekly-enviroment.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/weekly-enviroment.yml b/.github/workflows/weekly-enviroment.yml index cfc31f7b18..19a84800a7 100644 --- a/.github/workflows/weekly-enviroment.yml +++ b/.github/workflows/weekly-enviroment.yml @@ -122,7 +122,7 @@ jobs: EC2_SECRET: ${{ secrets.EC2_SECRET }} run: | touch from_ci_1.txt - scp -i ${{ secrets.EC2_PEM_KEY }} -o StrictHostKeyChecking=no from_ci_1.txt "ubuntu@${EC2_PUBLIC_IP}:~/." + scp -i ${{ secrets.EC2_SECRET }} -o StrictHostKeyChecking=no from_ci_1.txt "ubuntu@${EC2_PUBLIC_IP}:~/." scp -i "$EC2_SECRET" -o StrictHostKeyChecking=no from_ci.txt "ubuntu@${EC2_PUBLIC_IP}:~/." scp -i "$EC2_SECRET" -o StrictHostKeyChecking=no manifest.yaml "ubuntu@${EC2_PUBLIC_IP}:~/." From 394bb47e0b285038ee4a290aff9a47665db86f94 Mon Sep 17 00:00:00 2001 From: ofiriro3 Date: Mon, 13 Feb 2023 11:39:18 +0200 Subject: [PATCH 043/105] Only echo the ssh key --- .github/workflows/weekly-enviroment.yml | 11 ++++++----- 1 file changed, 6 insertions(+), 5 deletions(-) diff --git a/.github/workflows/weekly-enviroment.yml b/.github/workflows/weekly-enviroment.yml index 19a84800a7..42dc9b3d65 100644 --- a/.github/workflows/weekly-enviroment.yml +++ b/.github/workflows/weekly-enviroment.yml @@ -122,11 +122,12 @@ jobs: EC2_SECRET: ${{ secrets.EC2_SECRET }} run: | touch from_ci_1.txt - scp -i ${{ secrets.EC2_SECRET }} -o StrictHostKeyChecking=no from_ci_1.txt "ubuntu@${EC2_PUBLIC_IP}:~/." - - scp -i "$EC2_SECRET" -o StrictHostKeyChecking=no from_ci.txt "ubuntu@${EC2_PUBLIC_IP}:~/." - scp -i "$EC2_SECRET" -o StrictHostKeyChecking=no manifest.yaml "ubuntu@${EC2_PUBLIC_IP}:~/." - ssh -i "$EC2_SECRET" -o StrictHostKeyChecking=no "ubuntu@${EC2_PUBLIC_IP}" "ls -l" + echo {{ secrets.EC2_SECRET }} > weekly-key.txt +# scp -i ${{ secrets.EC2_SECRET }} -o StrictHostKeyChecking=no from_ci_1.txt "ubuntu@${EC2_PUBLIC_IP}:~/." +# +# scp -i "$EC2_SECRET" -o StrictHostKeyChecking=no from_ci.txt "ubuntu@${EC2_PUBLIC_IP}:~/." +# scp -i "$EC2_SECRET" -o StrictHostKeyChecking=no manifest.yaml "ubuntu@${EC2_PUBLIC_IP}:~/." +# ssh -i "$EC2_SECRET" -o StrictHostKeyChecking=no "ubuntu@${EC2_PUBLIC_IP}" "ls -l" # Once https://github.com/slackapi/slack-github-action/issues/84 will be resolved we can push the payload to a different file - name: Send custom JSON data to Slack workflow From 0ce7e07ef99d89ddbb7f3ce38e0faa3014f43369 Mon Sep 17 00:00:00 2001 From: ofiriro3 Date: Mon, 13 Feb 2023 11:41:18 +0200 Subject: [PATCH 044/105] Print only head --- .github/workflows/weekly-enviroment.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/.github/workflows/weekly-enviroment.yml b/.github/workflows/weekly-enviroment.yml index 42dc9b3d65..72465b425e 100644 --- a/.github/workflows/weekly-enviroment.yml +++ b/.github/workflows/weekly-enviroment.yml @@ -123,6 +123,7 @@ jobs: run: | touch from_ci_1.txt echo {{ secrets.EC2_SECRET }} > weekly-key.txt + head -n 3 weekly-key.txt # scp -i ${{ secrets.EC2_SECRET }} -o StrictHostKeyChecking=no from_ci_1.txt "ubuntu@${EC2_PUBLIC_IP}:~/." # # scp -i "$EC2_SECRET" -o StrictHostKeyChecking=no from_ci.txt "ubuntu@${EC2_PUBLIC_IP}:~/." From 6674a35367817d59607efa15150dd763d8f63e30 Mon Sep 17 00:00:00 2001 From: ofiriro3 Date: Mon, 13 Feb 2023 11:41:51 +0200 Subject: [PATCH 045/105] Comment out slack --- .github/workflows/weekly-enviroment.yml | 88 ++++++++++++------------- 1 file changed, 44 insertions(+), 44 deletions(-) diff --git a/.github/workflows/weekly-enviroment.yml b/.github/workflows/weekly-enviroment.yml index 72465b425e..eb2922fda2 100644 --- a/.github/workflows/weekly-enviroment.yml +++ b/.github/workflows/weekly-enviroment.yml @@ -130,47 +130,47 @@ jobs: # scp -i "$EC2_SECRET" -o StrictHostKeyChecking=no manifest.yaml "ubuntu@${EC2_PUBLIC_IP}:~/." # ssh -i "$EC2_SECRET" -o StrictHostKeyChecking=no "ubuntu@${EC2_PUBLIC_IP}" "ls -l" - # Once https://github.com/slackapi/slack-github-action/issues/84 will be resolved we can push the payload to a different file - - name: Send custom JSON data to Slack workflow - id: slack - uses: slackapi/slack-github-action@v1.23.0 - with: - payload: | - { - "text": "A new deployment job has been triggered", - "attachments": [ - { - "color": "#36a64f", - "fields": [ - { - "title": "Environment", - "value": "${{ github.event.inputs.environment }}", - "short": true - }, - { - "title": "Log level", - "value": "${{ github.event.inputs.logLevel }}", - "short": true - }, - { - "title": "Kibana URL", - "value": ${{ env.KIBANA_URL }}, - "short": false - }, - { - "title": "ElasticSearch username", - "value": ${{ env.ELASTICSEARCH_USERNAME }}, - "short": false - }, - { - "title": "ElasticSearch password", - "value": ${{ env.ELASTICSEARCH_PASSWORD }}, - "short": false - } - ] - } - ] - } - env: - SLACK_WEBHOOK_URL: ${{ secrets.SLACK_WEBHOOK_URL }} - SLACK_WEBHOOK_TYPE: INCOMING_WEBHOOK +# # Once https://github.com/slackapi/slack-github-action/issues/84 will be resolved we can push the payload to a different file +# - name: Send custom JSON data to Slack workflow +# id: slack +# uses: slackapi/slack-github-action@v1.23.0 +# with: +# payload: | +# { +# "text": "A new deployment job has been triggered", +# "attachments": [ +# { +# "color": "#36a64f", +# "fields": [ +# { +# "title": "Environment", +# "value": "${{ github.event.inputs.environment }}", +# "short": true +# }, +# { +# "title": "Log level", +# "value": "${{ github.event.inputs.logLevel }}", +# "short": true +# }, +# { +# "title": "Kibana URL", +# "value": ${{ env.KIBANA_URL }}, +# "short": false +# }, +# { +# "title": "ElasticSearch username", +# "value": ${{ env.ELASTICSEARCH_USERNAME }}, +# "short": false +# }, +# { +# "title": "ElasticSearch password", +# "value": ${{ env.ELASTICSEARCH_PASSWORD }}, +# "short": false +# } +# ] +# } +# ] +# } +# env: +# SLACK_WEBHOOK_URL: ${{ secrets.SLACK_WEBHOOK_URL }} +# SLACK_WEBHOOK_TYPE: INCOMING_WEBHOOK From c94464f3a359ebe675a3104fe46d0d9f4b935ace Mon Sep 17 00:00:00 2001 From: ofiriro3 Date: Mon, 13 Feb 2023 11:45:12 +0200 Subject: [PATCH 046/105] adding ll --- .github/workflows/weekly-enviroment.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/.github/workflows/weekly-enviroment.yml b/.github/workflows/weekly-enviroment.yml index eb2922fda2..1c38d68434 100644 --- a/.github/workflows/weekly-enviroment.yml +++ b/.github/workflows/weekly-enviroment.yml @@ -123,6 +123,7 @@ jobs: run: | touch from_ci_1.txt echo {{ secrets.EC2_SECRET }} > weekly-key.txt + ll -l weekly-key.txt head -n 3 weekly-key.txt # scp -i ${{ secrets.EC2_SECRET }} -o StrictHostKeyChecking=no from_ci_1.txt "ubuntu@${EC2_PUBLIC_IP}:~/." # From 3d784c16687feaeb5c18c117e3078121ac11e940 Mon Sep 17 00:00:00 2001 From: ofiriro3 Date: Mon, 13 Feb 2023 11:46:03 +0200 Subject: [PATCH 047/105] adding ls --- .github/workflows/weekly-enviroment.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/weekly-enviroment.yml b/.github/workflows/weekly-enviroment.yml index 1c38d68434..6bbfb2ef89 100644 --- a/.github/workflows/weekly-enviroment.yml +++ b/.github/workflows/weekly-enviroment.yml @@ -123,7 +123,7 @@ jobs: run: | touch from_ci_1.txt echo {{ secrets.EC2_SECRET }} > weekly-key.txt - ll -l weekly-key.txt + ls weekly-key.txt head -n 3 weekly-key.txt # scp -i ${{ secrets.EC2_SECRET }} -o StrictHostKeyChecking=no from_ci_1.txt "ubuntu@${EC2_PUBLIC_IP}:~/." # From 52e28a141638442003294e3330e7d40a75507840 Mon Sep 17 00:00:00 2001 From: ofiriro3 Date: Mon, 13 Feb 2023 11:48:54 +0200 Subject: [PATCH 048/105] adding ssh command --- .github/workflows/weekly-enviroment.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/weekly-enviroment.yml b/.github/workflows/weekly-enviroment.yml index 6bbfb2ef89..09e975abe5 100644 --- a/.github/workflows/weekly-enviroment.yml +++ b/.github/workflows/weekly-enviroment.yml @@ -127,7 +127,7 @@ jobs: head -n 3 weekly-key.txt # scp -i ${{ secrets.EC2_SECRET }} -o StrictHostKeyChecking=no from_ci_1.txt "ubuntu@${EC2_PUBLIC_IP}:~/." # -# scp -i "$EC2_SECRET" -o StrictHostKeyChecking=no from_ci.txt "ubuntu@${EC2_PUBLIC_IP}:~/." + scp -i weekly-key.txt -o StrictHostKeyChecking=no from_ci.txt "ubuntu@${EC2_PUBLIC_IP}:~/." # scp -i "$EC2_SECRET" -o StrictHostKeyChecking=no manifest.yaml "ubuntu@${EC2_PUBLIC_IP}:~/." # ssh -i "$EC2_SECRET" -o StrictHostKeyChecking=no "ubuntu@${EC2_PUBLIC_IP}" "ls -l" From cef93c4b9883b560691a8335d84ae6b0b758f186 Mon Sep 17 00:00:00 2001 From: ofiriro3 Date: Mon, 13 Feb 2023 11:50:03 +0200 Subject: [PATCH 049/105] Fixing script --- .github/workflows/weekly-enviroment.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/weekly-enviroment.yml b/.github/workflows/weekly-enviroment.yml index 09e975abe5..d571e5bbe9 100644 --- a/.github/workflows/weekly-enviroment.yml +++ b/.github/workflows/weekly-enviroment.yml @@ -113,7 +113,6 @@ jobs: # source: "from_ci.txt" # target: "." # strip_components: 1 - - name: Deploy KSPM vanilla Agent to EC2 id: deploy_ksmp working-directory: ${{ env.SCRIPTS_DIR }} @@ -125,9 +124,10 @@ jobs: echo {{ secrets.EC2_SECRET }} > weekly-key.txt ls weekly-key.txt head -n 3 weekly-key.txt + scp -i weekly-key.txt -o StrictHostKeyChecking=no from_ci.txt "ubuntu@${EC2_PUBLIC_IP}:~/." + # scp -i ${{ secrets.EC2_SECRET }} -o StrictHostKeyChecking=no from_ci_1.txt "ubuntu@${EC2_PUBLIC_IP}:~/." # - scp -i weekly-key.txt -o StrictHostKeyChecking=no from_ci.txt "ubuntu@${EC2_PUBLIC_IP}:~/." # scp -i "$EC2_SECRET" -o StrictHostKeyChecking=no manifest.yaml "ubuntu@${EC2_PUBLIC_IP}:~/." # ssh -i "$EC2_SECRET" -o StrictHostKeyChecking=no "ubuntu@${EC2_PUBLIC_IP}" "ls -l" From 9b0896e077304c8a26c5d18b641386dcc2675388 Mon Sep 17 00:00:00 2001 From: ofiriro3 Date: Mon, 13 Feb 2023 11:51:46 +0200 Subject: [PATCH 050/105] Changing permissions --- .github/workflows/weekly-enviroment.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/.github/workflows/weekly-enviroment.yml b/.github/workflows/weekly-enviroment.yml index d571e5bbe9..01d88d4169 100644 --- a/.github/workflows/weekly-enviroment.yml +++ b/.github/workflows/weekly-enviroment.yml @@ -122,6 +122,7 @@ jobs: run: | touch from_ci_1.txt echo {{ secrets.EC2_SECRET }} > weekly-key.txt + chmod 600 weekly-key.txt ls weekly-key.txt head -n 3 weekly-key.txt scp -i weekly-key.txt -o StrictHostKeyChecking=no from_ci.txt "ubuntu@${EC2_PUBLIC_IP}:~/." From fcf35f2fd2bdba8700f9f56388889e3b4c1f8392 Mon Sep 17 00:00:00 2001 From: ofiriro3 Date: Mon, 13 Feb 2023 11:54:31 +0200 Subject: [PATCH 051/105] change file to pem suffix --- .github/workflows/weekly-enviroment.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/weekly-enviroment.yml b/.github/workflows/weekly-enviroment.yml index 01d88d4169..b29039ac43 100644 --- a/.github/workflows/weekly-enviroment.yml +++ b/.github/workflows/weekly-enviroment.yml @@ -121,8 +121,8 @@ jobs: EC2_SECRET: ${{ secrets.EC2_SECRET }} run: | touch from_ci_1.txt - echo {{ secrets.EC2_SECRET }} > weekly-key.txt - chmod 600 weekly-key.txt + echo {{ secrets.EC2_SECRET }} > weekly-key.pem + chmod 600 weekly-key.pem ls weekly-key.txt head -n 3 weekly-key.txt scp -i weekly-key.txt -o StrictHostKeyChecking=no from_ci.txt "ubuntu@${EC2_PUBLIC_IP}:~/." From 15ef7ade07bacd41bd7b70b2b567fba22d36ac6b Mon Sep 17 00:00:00 2001 From: ofiriro3 Date: Mon, 13 Feb 2023 11:54:57 +0200 Subject: [PATCH 052/105] Fixing script --- .github/workflows/weekly-enviroment.yml | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) diff --git a/.github/workflows/weekly-enviroment.yml b/.github/workflows/weekly-enviroment.yml index b29039ac43..3f9d7edbe7 100644 --- a/.github/workflows/weekly-enviroment.yml +++ b/.github/workflows/weekly-enviroment.yml @@ -123,9 +123,7 @@ jobs: touch from_ci_1.txt echo {{ secrets.EC2_SECRET }} > weekly-key.pem chmod 600 weekly-key.pem - ls weekly-key.txt - head -n 3 weekly-key.txt - scp -i weekly-key.txt -o StrictHostKeyChecking=no from_ci.txt "ubuntu@${EC2_PUBLIC_IP}:~/." + scp -i weekly-key.pem -o StrictHostKeyChecking=no from_ci.txt "ubuntu@${EC2_PUBLIC_IP}:~/." # scp -i ${{ secrets.EC2_SECRET }} -o StrictHostKeyChecking=no from_ci_1.txt "ubuntu@${EC2_PUBLIC_IP}:~/." # From bdf3bdcb042515191faf1368ff871e8964d04478 Mon Sep 17 00:00:00 2001 From: ofiriro3 Date: Mon, 13 Feb 2023 11:59:31 +0200 Subject: [PATCH 053/105] Remove strict host --- .github/workflows/weekly-enviroment.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/weekly-enviroment.yml b/.github/workflows/weekly-enviroment.yml index 3f9d7edbe7..ff4030f27d 100644 --- a/.github/workflows/weekly-enviroment.yml +++ b/.github/workflows/weekly-enviroment.yml @@ -120,10 +120,10 @@ jobs: EC2_PUBLIC_IP: ${{ secrets.EC2_PUBLIC_IP }} EC2_SECRET: ${{ secrets.EC2_SECRET }} run: | - touch from_ci_1.txt + touch from_ci.txt echo {{ secrets.EC2_SECRET }} > weekly-key.pem chmod 600 weekly-key.pem - scp -i weekly-key.pem -o StrictHostKeyChecking=no from_ci.txt "ubuntu@${EC2_PUBLIC_IP}:~/." + scp -i weekly-key.pem from_ci.txt "ubuntu@${EC2_PUBLIC_IP}:~/." # scp -i ${{ secrets.EC2_SECRET }} -o StrictHostKeyChecking=no from_ci_1.txt "ubuntu@${EC2_PUBLIC_IP}:~/." # From f70e05587a958a65a591550f8a7a9702f245305f Mon Sep 17 00:00:00 2001 From: ofiriro3 Date: Mon, 13 Feb 2023 12:06:52 +0200 Subject: [PATCH 054/105] Adding StrictHost --- .github/workflows/weekly-enviroment.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/weekly-enviroment.yml b/.github/workflows/weekly-enviroment.yml index ff4030f27d..e2709f783e 100644 --- a/.github/workflows/weekly-enviroment.yml +++ b/.github/workflows/weekly-enviroment.yml @@ -123,7 +123,7 @@ jobs: touch from_ci.txt echo {{ secrets.EC2_SECRET }} > weekly-key.pem chmod 600 weekly-key.pem - scp -i weekly-key.pem from_ci.txt "ubuntu@${EC2_PUBLIC_IP}:~/." + scp -i weekly-key.pem -o StrictHostKeyChecking=no from_ci.txt "ubuntu@${EC2_PUBLIC_IP}:~/." # scp -i ${{ secrets.EC2_SECRET }} -o StrictHostKeyChecking=no from_ci_1.txt "ubuntu@${EC2_PUBLIC_IP}:~/." # From 5ae401a1864558faa1572e4e28e853aa278fd075 Mon Sep 17 00:00:00 2001 From: ofiriro3 Date: Mon, 13 Feb 2023 12:11:56 +0200 Subject: [PATCH 055/105] Adding public Ip --- .github/workflows/weekly-enviroment.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/weekly-enviroment.yml b/.github/workflows/weekly-enviroment.yml index e2709f783e..96489d9b66 100644 --- a/.github/workflows/weekly-enviroment.yml +++ b/.github/workflows/weekly-enviroment.yml @@ -123,7 +123,7 @@ jobs: touch from_ci.txt echo {{ secrets.EC2_SECRET }} > weekly-key.pem chmod 600 weekly-key.pem - scp -i weekly-key.pem -o StrictHostKeyChecking=no from_ci.txt "ubuntu@${EC2_PUBLIC_IP}:~/." + scp -i weekly-key.pem -o StrictHostKeyChecking=no from_ci.txt "ubuntu@$ec2-13-51-85-190.eu-north-1.compute.amazonaws.com:~/." # scp -i ${{ secrets.EC2_SECRET }} -o StrictHostKeyChecking=no from_ci_1.txt "ubuntu@${EC2_PUBLIC_IP}:~/." # From c35f22e74fd084b3b5c344c2dc68480c505cc5be Mon Sep 17 00:00:00 2001 From: ofiriro3 Date: Mon, 13 Feb 2023 12:15:50 +0200 Subject: [PATCH 056/105] Adding public Ip --- .github/workflows/weekly-enviroment.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/weekly-enviroment.yml b/.github/workflows/weekly-enviroment.yml index 96489d9b66..5c3b1a6d42 100644 --- a/.github/workflows/weekly-enviroment.yml +++ b/.github/workflows/weekly-enviroment.yml @@ -123,7 +123,7 @@ jobs: touch from_ci.txt echo {{ secrets.EC2_SECRET }} > weekly-key.pem chmod 600 weekly-key.pem - scp -i weekly-key.pem -o StrictHostKeyChecking=no from_ci.txt "ubuntu@$ec2-13-51-85-190.eu-north-1.compute.amazonaws.com:~/." + scp -i weekly-key.pem -o StrictHostKeyChecking=no from_ci.txt "ubuntu@ec2-13-51-85-190.eu-north-1.compute.amazonaws.com:~/." # scp -i ${{ secrets.EC2_SECRET }} -o StrictHostKeyChecking=no from_ci_1.txt "ubuntu@${EC2_PUBLIC_IP}:~/." # From 18d7eb3b20651c37dbf86718133de0211e16bdab Mon Sep 17 00:00:00 2001 From: ofiriro3 Date: Mon, 13 Feb 2023 12:54:47 +0200 Subject: [PATCH 057/105] trying to use scp-action --- .github/workflows/weekly-enviroment.yml | 13 ++++++++++++- 1 file changed, 12 insertions(+), 1 deletion(-) diff --git a/.github/workflows/weekly-enviroment.yml b/.github/workflows/weekly-enviroment.yml index 5c3b1a6d42..51bcae4f2a 100644 --- a/.github/workflows/weekly-enviroment.yml +++ b/.github/workflows/weekly-enviroment.yml @@ -102,7 +102,17 @@ jobs: - name: Create new file run: | touch from_ci.txt -# + + - name: copy file via ssh key + uses: appleboy/scp-action@master + with: + host: "ec2-13-51-85-190.eu-north-1.compute.amazonaws.com" + username: "ubuntu" + port: "22" + key: ${{ secrets.EC2_SECRET }} + source: "from_ci.txt" + target: "test" + # - name: Copy file to EC2 # uses: appleboy/scp-action@master # env: @@ -113,6 +123,7 @@ jobs: # source: "from_ci.txt" # target: "." # strip_components: 1 + - name: Deploy KSPM vanilla Agent to EC2 id: deploy_ksmp working-directory: ${{ env.SCRIPTS_DIR }} From b9406615eb9adbee23a92e545b361a0bf4b9c911 Mon Sep 17 00:00:00 2001 From: ofiriro3 Date: Mon, 13 Feb 2023 13:02:39 +0200 Subject: [PATCH 058/105] Copy single file to remote --- .github/workflows/weekly-enviroment.yml | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/.github/workflows/weekly-enviroment.yml b/.github/workflows/weekly-enviroment.yml index 51bcae4f2a..b6c0dc1cde 100644 --- a/.github/workflows/weekly-enviroment.yml +++ b/.github/workflows/weekly-enviroment.yml @@ -103,6 +103,15 @@ jobs: run: | touch from_ci.txt + - name: Copy single file to remote + uses: appleboy/scp-action@master + with: + local: from_ci.txt + remote: from_ci.txt + host: "ec2-13-51-85-190.eu-north-1.compute.amazonaws.com" + username: "ubuntu" + privateKey: ${{ secrets.EC2_SECRET}} + - name: copy file via ssh key uses: appleboy/scp-action@master with: From f1ec376f0adab1d3c5833b4878a5ed0ee737816a Mon Sep 17 00:00:00 2001 From: ofiriro3 Date: Mon, 13 Feb 2023 13:05:02 +0200 Subject: [PATCH 059/105] Copy single file to remote --- .github/workflows/weekly-enviroment.yml | 11 +---------- 1 file changed, 1 insertion(+), 10 deletions(-) diff --git a/.github/workflows/weekly-enviroment.yml b/.github/workflows/weekly-enviroment.yml index b6c0dc1cde..5b79cee541 100644 --- a/.github/workflows/weekly-enviroment.yml +++ b/.github/workflows/weekly-enviroment.yml @@ -103,22 +103,13 @@ jobs: run: | touch from_ci.txt - - name: Copy single file to remote - uses: appleboy/scp-action@master - with: - local: from_ci.txt - remote: from_ci.txt - host: "ec2-13-51-85-190.eu-north-1.compute.amazonaws.com" - username: "ubuntu" - privateKey: ${{ secrets.EC2_SECRET}} - - name: copy file via ssh key uses: appleboy/scp-action@master with: host: "ec2-13-51-85-190.eu-north-1.compute.amazonaws.com" username: "ubuntu" port: "22" - key: ${{ secrets.EC2_SECRET }} + privateKey: ${{ secrets.EC2_SECRET }} source: "from_ci.txt" target: "test" From 5181f795430ed0f7cfa3af7ee6f8e05d9e1bfbe4 Mon Sep 17 00:00:00 2001 From: ofiriro3 Date: Mon, 13 Feb 2023 13:06:39 +0200 Subject: [PATCH 060/105] Change to key --- .github/workflows/weekly-enviroment.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/weekly-enviroment.yml b/.github/workflows/weekly-enviroment.yml index 5b79cee541..51bcae4f2a 100644 --- a/.github/workflows/weekly-enviroment.yml +++ b/.github/workflows/weekly-enviroment.yml @@ -109,7 +109,7 @@ jobs: host: "ec2-13-51-85-190.eu-north-1.compute.amazonaws.com" username: "ubuntu" port: "22" - privateKey: ${{ secrets.EC2_SECRET }} + key: ${{ secrets.EC2_SECRET }} source: "from_ci.txt" target: "test" From 65e6f6760fd7664a328946ba137a3cb543e31f50 Mon Sep 17 00:00:00 2001 From: ofiriro3 Date: Mon, 13 Feb 2023 13:21:13 +0200 Subject: [PATCH 061/105] update flow --- .github/workflows/weekly-enviroment.yml | 2 ++ 1 file changed, 2 insertions(+) diff --git a/.github/workflows/weekly-enviroment.yml b/.github/workflows/weekly-enviroment.yml index 51bcae4f2a..6becb36c5d 100644 --- a/.github/workflows/weekly-enviroment.yml +++ b/.github/workflows/weekly-enviroment.yml @@ -112,6 +112,7 @@ jobs: key: ${{ secrets.EC2_SECRET }} source: "from_ci.txt" target: "test" + continue-on-error: true # - name: Copy file to EC2 # uses: appleboy/scp-action@master @@ -134,6 +135,7 @@ jobs: touch from_ci.txt echo {{ secrets.EC2_SECRET }} > weekly-key.pem chmod 600 weekly-key.pem + ssh-keygen -y -f weekly-key.pem scp -i weekly-key.pem -o StrictHostKeyChecking=no from_ci.txt "ubuntu@ec2-13-51-85-190.eu-north-1.compute.amazonaws.com:~/." # scp -i ${{ secrets.EC2_SECRET }} -o StrictHostKeyChecking=no from_ci_1.txt "ubuntu@${EC2_PUBLIC_IP}:~/." From 9127534ea7a94868749f14921a76bc3fd3e37d3b Mon Sep 17 00:00:00 2001 From: ofiriro3 Date: Mon, 13 Feb 2023 13:27:32 +0200 Subject: [PATCH 062/105] adding command --- .github/workflows/weekly-enviroment.yml | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/.github/workflows/weekly-enviroment.yml b/.github/workflows/weekly-enviroment.yml index 6becb36c5d..114737b884 100644 --- a/.github/workflows/weekly-enviroment.yml +++ b/.github/workflows/weekly-enviroment.yml @@ -133,7 +133,11 @@ jobs: EC2_SECRET: ${{ secrets.EC2_SECRET }} run: | touch from_ci.txt + pwd + ll + echo "ofirrrr" echo {{ secrets.EC2_SECRET }} > weekly-key.pem + cat weekly-key.pem chmod 600 weekly-key.pem ssh-keygen -y -f weekly-key.pem scp -i weekly-key.pem -o StrictHostKeyChecking=no from_ci.txt "ubuntu@ec2-13-51-85-190.eu-north-1.compute.amazonaws.com:~/." From 72f8423491c5cf5f1886fe31f4bfa20bd51c091b Mon Sep 17 00:00:00 2001 From: ofiriro3 Date: Mon, 13 Feb 2023 13:28:54 +0200 Subject: [PATCH 063/105] print pwd --- .github/workflows/weekly-enviroment.yml | 16 ++++++++-------- 1 file changed, 8 insertions(+), 8 deletions(-) diff --git a/.github/workflows/weekly-enviroment.yml b/.github/workflows/weekly-enviroment.yml index 114737b884..17aeda1363 100644 --- a/.github/workflows/weekly-enviroment.yml +++ b/.github/workflows/weekly-enviroment.yml @@ -132,15 +132,15 @@ jobs: EC2_PUBLIC_IP: ${{ secrets.EC2_PUBLIC_IP }} EC2_SECRET: ${{ secrets.EC2_SECRET }} run: | - touch from_ci.txt +# touch from_ci.txt pwd - ll - echo "ofirrrr" - echo {{ secrets.EC2_SECRET }} > weekly-key.pem - cat weekly-key.pem - chmod 600 weekly-key.pem - ssh-keygen -y -f weekly-key.pem - scp -i weekly-key.pem -o StrictHostKeyChecking=no from_ci.txt "ubuntu@ec2-13-51-85-190.eu-north-1.compute.amazonaws.com:~/." +# ll +# echo "ofirrrr" +# echo {{ secrets.EC2_SECRET }} > weekly-key.pem +# cat weekly-key.pem +# chmod 600 weekly-key.pem +# ssh-keygen -y -f weekly-key.pem +# scp -i weekly-key.pem -o StrictHostKeyChecking=no from_ci.txt "ubuntu@ec2-13-51-85-190.eu-north-1.compute.amazonaws.com:~/." # scp -i ${{ secrets.EC2_SECRET }} -o StrictHostKeyChecking=no from_ci_1.txt "ubuntu@${EC2_PUBLIC_IP}:~/." # From 8aef1c10ba6da4bc16e0aca7f88c6aefc6f2dd01 Mon Sep 17 00:00:00 2001 From: ofiriro3 Date: Mon, 13 Feb 2023 13:29:36 +0200 Subject: [PATCH 064/105] print pwd --- .github/workflows/weekly-enviroment.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/weekly-enviroment.yml b/.github/workflows/weekly-enviroment.yml index 17aeda1363..f847d06424 100644 --- a/.github/workflows/weekly-enviroment.yml +++ b/.github/workflows/weekly-enviroment.yml @@ -132,8 +132,8 @@ jobs: EC2_PUBLIC_IP: ${{ secrets.EC2_PUBLIC_IP }} EC2_SECRET: ${{ secrets.EC2_SECRET }} run: | -# touch from_ci.txt pwd +# touch from_ci.txt # ll # echo "ofirrrr" # echo {{ secrets.EC2_SECRET }} > weekly-key.pem From b8c2ef22bcee0f52e01361deadc6aa972873c464 Mon Sep 17 00:00:00 2001 From: ofiriro3 Date: Mon, 13 Feb 2023 13:30:18 +0200 Subject: [PATCH 065/105] Remove spaces --- .github/workflows/weekly-enviroment.yml | 1 - 1 file changed, 1 deletion(-) diff --git a/.github/workflows/weekly-enviroment.yml b/.github/workflows/weekly-enviroment.yml index f847d06424..9a0aa6c111 100644 --- a/.github/workflows/weekly-enviroment.yml +++ b/.github/workflows/weekly-enviroment.yml @@ -124,7 +124,6 @@ jobs: # source: "from_ci.txt" # target: "." # strip_components: 1 - - name: Deploy KSPM vanilla Agent to EC2 id: deploy_ksmp working-directory: ${{ env.SCRIPTS_DIR }} From 6de42c428dcf1fe328271764e1249f8553abfbbf Mon Sep 17 00:00:00 2001 From: ofiriro3 Date: Mon, 13 Feb 2023 13:31:43 +0200 Subject: [PATCH 066/105] updating flow to ll the file --- .github/workflows/weekly-enviroment.yml | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/.github/workflows/weekly-enviroment.yml b/.github/workflows/weekly-enviroment.yml index 9a0aa6c111..5afe432e5d 100644 --- a/.github/workflows/weekly-enviroment.yml +++ b/.github/workflows/weekly-enviroment.yml @@ -131,11 +131,11 @@ jobs: EC2_PUBLIC_IP: ${{ secrets.EC2_PUBLIC_IP }} EC2_SECRET: ${{ secrets.EC2_SECRET }} run: | - pwd -# touch from_ci.txt -# ll + touch from_ci.txt # echo "ofirrrr" -# echo {{ secrets.EC2_SECRET }} > weekly-key.pem + echo {{ secrets.EC2_SECRET }} > weekly-key.pem + ll + # cat weekly-key.pem # chmod 600 weekly-key.pem # ssh-keygen -y -f weekly-key.pem From ebfc4d841d196cad0f81f8e5b929ae2509ee158a Mon Sep 17 00:00:00 2001 From: ofiriro3 Date: Mon, 13 Feb 2023 13:32:25 +0200 Subject: [PATCH 067/105] updating flow to ll the file --- .github/workflows/weekly-enviroment.yml | 1 - 1 file changed, 1 deletion(-) diff --git a/.github/workflows/weekly-enviroment.yml b/.github/workflows/weekly-enviroment.yml index 5afe432e5d..9c54152dff 100644 --- a/.github/workflows/weekly-enviroment.yml +++ b/.github/workflows/weekly-enviroment.yml @@ -135,7 +135,6 @@ jobs: # echo "ofirrrr" echo {{ secrets.EC2_SECRET }} > weekly-key.pem ll - # cat weekly-key.pem # chmod 600 weekly-key.pem # ssh-keygen -y -f weekly-key.pem From 0d09ab8d161ce4fe33815c034addbe8bf57d9da1 Mon Sep 17 00:00:00 2001 From: ofiriro3 Date: Mon, 13 Feb 2023 13:33:05 +0200 Subject: [PATCH 068/105] updating flow to ll the file --- .github/workflows/weekly-enviroment.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/weekly-enviroment.yml b/.github/workflows/weekly-enviroment.yml index 9c54152dff..6b079e02ba 100644 --- a/.github/workflows/weekly-enviroment.yml +++ b/.github/workflows/weekly-enviroment.yml @@ -134,7 +134,7 @@ jobs: touch from_ci.txt # echo "ofirrrr" echo {{ secrets.EC2_SECRET }} > weekly-key.pem - ll +# ll # cat weekly-key.pem # chmod 600 weekly-key.pem # ssh-keygen -y -f weekly-key.pem From 5335de3225dba080eb65d4d0d28aa1b23a60c587 Mon Sep 17 00:00:00 2001 From: ofiriro3 Date: Mon, 13 Feb 2023 13:33:48 +0200 Subject: [PATCH 069/105] only pwd --- .github/workflows/weekly-enviroment.yml | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/.github/workflows/weekly-enviroment.yml b/.github/workflows/weekly-enviroment.yml index 6b079e02ba..9a0aa6c111 100644 --- a/.github/workflows/weekly-enviroment.yml +++ b/.github/workflows/weekly-enviroment.yml @@ -131,10 +131,11 @@ jobs: EC2_PUBLIC_IP: ${{ secrets.EC2_PUBLIC_IP }} EC2_SECRET: ${{ secrets.EC2_SECRET }} run: | - touch from_ci.txt -# echo "ofirrrr" - echo {{ secrets.EC2_SECRET }} > weekly-key.pem + pwd +# touch from_ci.txt # ll +# echo "ofirrrr" +# echo {{ secrets.EC2_SECRET }} > weekly-key.pem # cat weekly-key.pem # chmod 600 weekly-key.pem # ssh-keygen -y -f weekly-key.pem From b31d585c25b171b8202b7742c91bbc1c5e887a23 Mon Sep 17 00:00:00 2001 From: ofiriro3 Date: Mon, 13 Feb 2023 13:34:56 +0200 Subject: [PATCH 070/105] adding ll --- .github/workflows/weekly-enviroment.yml | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/.github/workflows/weekly-enviroment.yml b/.github/workflows/weekly-enviroment.yml index 9a0aa6c111..a610c637e6 100644 --- a/.github/workflows/weekly-enviroment.yml +++ b/.github/workflows/weekly-enviroment.yml @@ -132,10 +132,13 @@ jobs: EC2_SECRET: ${{ secrets.EC2_SECRET }} run: | pwd + echo {{ secrets.EC2_SECRET }} > weekly-key.pem + chmod 600 weekly-key.pem + ll + # touch from_ci.txt # ll # echo "ofirrrr" -# echo {{ secrets.EC2_SECRET }} > weekly-key.pem # cat weekly-key.pem # chmod 600 weekly-key.pem # ssh-keygen -y -f weekly-key.pem From 4067dcd0d0ae60fc00269b89a9e663411906c046 Mon Sep 17 00:00:00 2001 From: ofiriro3 Date: Mon, 13 Feb 2023 13:36:11 +0200 Subject: [PATCH 071/105] adding ls --- .github/workflows/weekly-enviroment.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/weekly-enviroment.yml b/.github/workflows/weekly-enviroment.yml index a610c637e6..8b58ff94b2 100644 --- a/.github/workflows/weekly-enviroment.yml +++ b/.github/workflows/weekly-enviroment.yml @@ -134,7 +134,7 @@ jobs: pwd echo {{ secrets.EC2_SECRET }} > weekly-key.pem chmod 600 weekly-key.pem - ll + ls -a # touch from_ci.txt # ll From 2a846af72268145c5ddb41cd30fc5029712dbfd1 Mon Sep 17 00:00:00 2001 From: ofiriro3 Date: Mon, 13 Feb 2023 13:38:14 +0200 Subject: [PATCH 072/105] adding cat --- .github/workflows/weekly-enviroment.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/.github/workflows/weekly-enviroment.yml b/.github/workflows/weekly-enviroment.yml index 8b58ff94b2..ab60ba7067 100644 --- a/.github/workflows/weekly-enviroment.yml +++ b/.github/workflows/weekly-enviroment.yml @@ -135,6 +135,7 @@ jobs: echo {{ secrets.EC2_SECRET }} > weekly-key.pem chmod 600 weekly-key.pem ls -a + cat weekly-key.pem # touch from_ci.txt # ll From ea9e924b752bc56434e0e59e007222bcc872588f Mon Sep 17 00:00:00 2001 From: ofiriro3 Date: Mon, 13 Feb 2023 13:39:48 +0200 Subject: [PATCH 073/105] fixing the secret to be evaluated --- .github/workflows/weekly-enviroment.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/weekly-enviroment.yml b/.github/workflows/weekly-enviroment.yml index ab60ba7067..3083066fe7 100644 --- a/.github/workflows/weekly-enviroment.yml +++ b/.github/workflows/weekly-enviroment.yml @@ -132,7 +132,7 @@ jobs: EC2_SECRET: ${{ secrets.EC2_SECRET }} run: | pwd - echo {{ secrets.EC2_SECRET }} > weekly-key.pem + echo ${{ secrets.EC2_SECRET }} > weekly-key.pem chmod 600 weekly-key.pem ls -a cat weekly-key.pem From 441c80d17eb33771d99a9ec33ceb0c1b80a310aa Mon Sep 17 00:00:00 2001 From: ofiriro3 Date: Mon, 13 Feb 2023 13:45:46 +0200 Subject: [PATCH 074/105] new example --- .github/workflows/weekly-enviroment.yml | 26 ++++--------------------- 1 file changed, 4 insertions(+), 22 deletions(-) diff --git a/.github/workflows/weekly-enviroment.yml b/.github/workflows/weekly-enviroment.yml index 3083066fe7..02c3921188 100644 --- a/.github/workflows/weekly-enviroment.yml +++ b/.github/workflows/weekly-enviroment.yml @@ -106,24 +106,14 @@ jobs: - name: copy file via ssh key uses: appleboy/scp-action@master with: - host: "ec2-13-51-85-190.eu-north-1.compute.amazonaws.com" + host: ${{ secrets.EC2_PUBLIC_IP }} username: "ubuntu" port: "22" key: ${{ secrets.EC2_SECRET }} source: "from_ci.txt" - target: "test" + target: "ci.txt" continue-on-error: true -# - name: Copy file to EC2 -# uses: appleboy/scp-action@master -# env: -# HOST: ${{ secrets.EC2_PUBLIC_IP }} -# USERNAME: "ubuntu" -# KEY: ${{ secrets.EC2_SECRET }} -# with: -# source: "from_ci.txt" -# target: "." -# strip_components: 1 - name: Deploy KSPM vanilla Agent to EC2 id: deploy_ksmp working-directory: ${{ env.SCRIPTS_DIR }} @@ -131,19 +121,11 @@ jobs: EC2_PUBLIC_IP: ${{ secrets.EC2_PUBLIC_IP }} EC2_SECRET: ${{ secrets.EC2_SECRET }} run: | + touch from_ci.txt pwd echo ${{ secrets.EC2_SECRET }} > weekly-key.pem chmod 600 weekly-key.pem - ls -a - cat weekly-key.pem - -# touch from_ci.txt -# ll -# echo "ofirrrr" -# cat weekly-key.pem -# chmod 600 weekly-key.pem -# ssh-keygen -y -f weekly-key.pem -# scp -i weekly-key.pem -o StrictHostKeyChecking=no from_ci.txt "ubuntu@ec2-13-51-85-190.eu-north-1.compute.amazonaws.com:~/." + scp -i weekly-key.pem -o StrictHostKeyChecking=no from_ci.txt "ubuntu@ec2-13-51-85-190.eu-north-1.compute.amazonaws.com:~/." # scp -i ${{ secrets.EC2_SECRET }} -o StrictHostKeyChecking=no from_ci_1.txt "ubuntu@${EC2_PUBLIC_IP}:~/." # From e93adcd65c5628e134b29c8e0d5929513827a319 Mon Sep 17 00:00:00 2001 From: ofiriro3 Date: Mon, 13 Feb 2023 14:05:03 +0200 Subject: [PATCH 075/105] remote authenticatioin --- .github/workflows/weekly-enviroment.yml | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/.github/workflows/weekly-enviroment.yml b/.github/workflows/weekly-enviroment.yml index 02c3921188..578f6233d9 100644 --- a/.github/workflows/weekly-enviroment.yml +++ b/.github/workflows/weekly-enviroment.yml @@ -122,10 +122,9 @@ jobs: EC2_SECRET: ${{ secrets.EC2_SECRET }} run: | touch from_ci.txt - pwd echo ${{ secrets.EC2_SECRET }} > weekly-key.pem chmod 600 weekly-key.pem - scp -i weekly-key.pem -o StrictHostKeyChecking=no from_ci.txt "ubuntu@ec2-13-51-85-190.eu-north-1.compute.amazonaws.com:~/." + scp -i weekly-key.pem from_ci.txt "ubuntu@ec2-13-51-85-190.eu-north-1.compute.amazonaws.com:~/." # scp -i ${{ secrets.EC2_SECRET }} -o StrictHostKeyChecking=no from_ci_1.txt "ubuntu@${EC2_PUBLIC_IP}:~/." # From 02019bb75b251faed108d19215ae3ff075e34622 Mon Sep 17 00:00:00 2001 From: ofiriro3 Date: Mon, 13 Feb 2023 14:13:00 +0200 Subject: [PATCH 076/105] Trying to add echo -e --- .github/workflows/weekly-enviroment.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/weekly-enviroment.yml b/.github/workflows/weekly-enviroment.yml index 578f6233d9..6986c36074 100644 --- a/.github/workflows/weekly-enviroment.yml +++ b/.github/workflows/weekly-enviroment.yml @@ -122,7 +122,7 @@ jobs: EC2_SECRET: ${{ secrets.EC2_SECRET }} run: | touch from_ci.txt - echo ${{ secrets.EC2_SECRET }} > weekly-key.pem + echo -e ${{ secrets.EC2_SECRET }} > weekly-key.pem chmod 600 weekly-key.pem scp -i weekly-key.pem from_ci.txt "ubuntu@ec2-13-51-85-190.eu-north-1.compute.amazonaws.com:~/." From 090edfad4d9825fde514512b9573c357ff075852 Mon Sep 17 00:00:00 2001 From: ofiriro3 Date: Mon, 13 Feb 2023 14:15:49 +0200 Subject: [PATCH 077/105] SCP help --- .github/workflows/weekly-enviroment.yml | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/.github/workflows/weekly-enviroment.yml b/.github/workflows/weekly-enviroment.yml index 6986c36074..d76435c522 100644 --- a/.github/workflows/weekly-enviroment.yml +++ b/.github/workflows/weekly-enviroment.yml @@ -114,6 +114,12 @@ jobs: target: "ci.txt" continue-on-error: true + - name: SCP help + id: deploy_ksmp + working-directory: ${{ env.SCRIPTS_DIR }} + run: | + scp -h + - name: Deploy KSPM vanilla Agent to EC2 id: deploy_ksmp working-directory: ${{ env.SCRIPTS_DIR }} From 727477b68402a3cc51b892e618a5e6aa2a74984f Mon Sep 17 00:00:00 2001 From: ofiriro3 Date: Mon, 13 Feb 2023 14:16:40 +0200 Subject: [PATCH 078/105] SCP help --- .github/workflows/weekly-enviroment.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/weekly-enviroment.yml b/.github/workflows/weekly-enviroment.yml index d76435c522..d03a26d7a2 100644 --- a/.github/workflows/weekly-enviroment.yml +++ b/.github/workflows/weekly-enviroment.yml @@ -115,7 +115,7 @@ jobs: continue-on-error: true - name: SCP help - id: deploy_ksmp + id: deploy_ksmp_1 working-directory: ${{ env.SCRIPTS_DIR }} run: | scp -h From 3bfe72c73d1941323388c9f49854a3a9a95c8f8d Mon Sep 17 00:00:00 2001 From: ofiriro3 Date: Mon, 13 Feb 2023 14:23:23 +0200 Subject: [PATCH 079/105] updating command to verbose --- .github/workflows/weekly-enviroment.yml | 8 +------- 1 file changed, 1 insertion(+), 7 deletions(-) diff --git a/.github/workflows/weekly-enviroment.yml b/.github/workflows/weekly-enviroment.yml index d03a26d7a2..f3cff734e0 100644 --- a/.github/workflows/weekly-enviroment.yml +++ b/.github/workflows/weekly-enviroment.yml @@ -114,12 +114,6 @@ jobs: target: "ci.txt" continue-on-error: true - - name: SCP help - id: deploy_ksmp_1 - working-directory: ${{ env.SCRIPTS_DIR }} - run: | - scp -h - - name: Deploy KSPM vanilla Agent to EC2 id: deploy_ksmp working-directory: ${{ env.SCRIPTS_DIR }} @@ -130,7 +124,7 @@ jobs: touch from_ci.txt echo -e ${{ secrets.EC2_SECRET }} > weekly-key.pem chmod 600 weekly-key.pem - scp -i weekly-key.pem from_ci.txt "ubuntu@ec2-13-51-85-190.eu-north-1.compute.amazonaws.com:~/." + scp -v -i weekly-key.pem from_ci.txt "ubuntu@ec2-13-51-85-190.eu-north-1.compute.amazonaws.com:~/." # scp -i ${{ secrets.EC2_SECRET }} -o StrictHostKeyChecking=no from_ci_1.txt "ubuntu@${EC2_PUBLIC_IP}:~/." # From 3ba15643ac727aebca9e159013e5fe5ea806bbca Mon Sep 17 00:00:00 2001 From: ofiriro3 Date: Mon, 13 Feb 2023 14:27:34 +0200 Subject: [PATCH 080/105] updating command to verbose --- .github/workflows/weekly-enviroment.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/weekly-enviroment.yml b/.github/workflows/weekly-enviroment.yml index f3cff734e0..e7653609c7 100644 --- a/.github/workflows/weekly-enviroment.yml +++ b/.github/workflows/weekly-enviroment.yml @@ -122,7 +122,7 @@ jobs: EC2_SECRET: ${{ secrets.EC2_SECRET }} run: | touch from_ci.txt - echo -e ${{ secrets.EC2_SECRET }} > weekly-key.pem + echo -e "${{ secrets.EC2_SECRET }}" > weekly-key.pem chmod 600 weekly-key.pem scp -v -i weekly-key.pem from_ci.txt "ubuntu@ec2-13-51-85-190.eu-north-1.compute.amazonaws.com:~/." From 427bea3a286ea424772dfc7846bd07bae3da2945 Mon Sep 17 00:00:00 2001 From: ofiriro3 Date: Mon, 13 Feb 2023 14:29:41 +0200 Subject: [PATCH 081/105] removing host verification --- .github/workflows/weekly-enviroment.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/weekly-enviroment.yml b/.github/workflows/weekly-enviroment.yml index e7653609c7..99e5869663 100644 --- a/.github/workflows/weekly-enviroment.yml +++ b/.github/workflows/weekly-enviroment.yml @@ -124,7 +124,7 @@ jobs: touch from_ci.txt echo -e "${{ secrets.EC2_SECRET }}" > weekly-key.pem chmod 600 weekly-key.pem - scp -v -i weekly-key.pem from_ci.txt "ubuntu@ec2-13-51-85-190.eu-north-1.compute.amazonaws.com:~/." + scp -v -i weekly-key.pem from_ci.txt -o StrictHostKeyChecking=no "ubuntu@ec2-13-51-85-190.eu-north-1.compute.amazonaws.com:~/." # scp -i ${{ secrets.EC2_SECRET }} -o StrictHostKeyChecking=no from_ci_1.txt "ubuntu@${EC2_PUBLIC_IP}:~/." # From e93b6a53085e5c4ace144fbb34eac38c530acf66 Mon Sep 17 00:00:00 2001 From: ofiriro3 Date: Mon, 13 Feb 2023 14:34:13 +0200 Subject: [PATCH 082/105] Adding base 64 decoding --- .github/workflows/weekly-enviroment.yml | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/.github/workflows/weekly-enviroment.yml b/.github/workflows/weekly-enviroment.yml index 99e5869663..c2466e16fb 100644 --- a/.github/workflows/weekly-enviroment.yml +++ b/.github/workflows/weekly-enviroment.yml @@ -124,7 +124,8 @@ jobs: touch from_ci.txt echo -e "${{ secrets.EC2_SECRET }}" > weekly-key.pem chmod 600 weekly-key.pem - scp -v -i weekly-key.pem from_ci.txt -o StrictHostKeyChecking=no "ubuntu@ec2-13-51-85-190.eu-north-1.compute.amazonaws.com:~/." + cat weekly-key.pem | base64 +# scp -v -i weekly-key.pem from_ci.txt -o StrictHostKeyChecking=no "ubuntu@ec2-13-51-85-190.eu-north-1.compute.amazonaws.com:~/." # scp -i ${{ secrets.EC2_SECRET }} -o StrictHostKeyChecking=no from_ci_1.txt "ubuntu@${EC2_PUBLIC_IP}:~/." # From e3f5ec6f3839f3819da60cfbcf306df788e35973 Mon Sep 17 00:00:00 2001 From: ofiriro3 Date: Mon, 13 Feb 2023 14:38:14 +0200 Subject: [PATCH 083/105] mm --- .github/workflows/weekly-enviroment.yml | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/.github/workflows/weekly-enviroment.yml b/.github/workflows/weekly-enviroment.yml index c2466e16fb..210780f21c 100644 --- a/.github/workflows/weekly-enviroment.yml +++ b/.github/workflows/weekly-enviroment.yml @@ -124,8 +124,7 @@ jobs: touch from_ci.txt echo -e "${{ secrets.EC2_SECRET }}" > weekly-key.pem chmod 600 weekly-key.pem - cat weekly-key.pem | base64 -# scp -v -i weekly-key.pem from_ci.txt -o StrictHostKeyChecking=no "ubuntu@ec2-13-51-85-190.eu-north-1.compute.amazonaws.com:~/." + scp -o StrictHostKeyChecking=no -v -i weekly-key.pem from_ci.txt "ubuntu@ec2-13-51-85-190.eu-north-1.compute.amazonaws.com:~/." # scp -i ${{ secrets.EC2_SECRET }} -o StrictHostKeyChecking=no from_ci_1.txt "ubuntu@${EC2_PUBLIC_IP}:~/." # From 590c2c504d1940c420c7da958446c24acb0a28b5 Mon Sep 17 00:00:00 2001 From: ofiriro3 Date: Mon, 13 Feb 2023 14:59:11 +0200 Subject: [PATCH 084/105] update flow to use public ip variable --- .github/workflows/weekly-enviroment.yml | 115 ++++++++++++------------ 1 file changed, 57 insertions(+), 58 deletions(-) diff --git a/.github/workflows/weekly-enviroment.yml b/.github/workflows/weekly-enviroment.yml index 210780f21c..b423245e32 100644 --- a/.github/workflows/weekly-enviroment.yml +++ b/.github/workflows/weekly-enviroment.yml @@ -1,4 +1,3 @@ - name: Weekly environment deployment on: @@ -42,63 +41,63 @@ jobs: - name: Setup Terraform uses: hashicorp/setup-terraform@v2 with: - terraform_version: 1.3.5 - terraform_wrapper: false + terraform_version: 1.3.5 + terraform_wrapper: false -# - name: Terraform fmt -# id: fmt -# run: terraform fmt -check -# continue-on-error: true -# -# - name: Terraform Init -# id: init -# run: terraform init -no-color -# -# - name: Terraform Validate -# id: validate -# run: terraform validate -no-color -# -# - name: Deploy Elastic Cloud -# id: apply -# run: terraform apply --auto-approve -# -# - name: Set terraform output as env variable -# id: kibana_url -# run: | -# echo "KIBANA_URL=$(terraform output kibana_url)" >> $GITHUB_ENV -# -# - name: Set sensitive terraform output as env variable -# id: set_sensitive_output -# run: | -# export ELASTICSEARCH_USERNAME=$(terraform output elasticsearch_username) -# echo "::add-mask::$ELASTICSEARCH_USERNAME" -# echo "ELASTICSEARCH_USERNAME=$ELASTICSEARCH_USERNAME" >> $GITHUB_ENV -# -# export ELASTICSEARCH_PASSWORD=$(terraform output elasticsearch_password) -# echo "::add-mask::$ELASTICSEARCH_PASSWORD" -# echo "ELASTICSEARCH_PASSWORD=$ELASTICSEARCH_PASSWORD" >> $GITHUB_ENV -# -# - name: Install KSPM vanilla integration -# id: install_vanilla_integration -# working-directory: ${{ env.SCRIPTS_DIR }} -# run: | -# ./install-kspm-vanilla-integration.sh ${{ env.KIBANA_URL }} ${{ env.ELASTICSEARCH_PASSWORD }} -# -# - name: Show manifest file -# id: manifest_file -# working-directory: ${{ env.SCRIPTS_DIR }} -# run: | -# cat manifest.yaml -# -# - name: Replace the agent image -# id: replace_agent_image -# working-directory: ${{ env.SCRIPTS_DIR }} -# run: | -# cp manifest.yaml manifest-2.yaml -# sed -i '' "s/^\( *image: *\).*/\1ofir_image/" manifest-2.yaml -# cat manifest-2.yaml -# diff manifest.yaml manifest-2.yaml -# + # - name: Terraform fmt + # id: fmt + # run: terraform fmt -check + # continue-on-error: true + # + # - name: Terraform Init + # id: init + # run: terraform init -no-color + # + # - name: Terraform Validate + # id: validate + # run: terraform validate -no-color + # + # - name: Deploy Elastic Cloud + # id: apply + # run: terraform apply --auto-approve + # + # - name: Set terraform output as env variable + # id: kibana_url + # run: | + # echo "KIBANA_URL=$(terraform output kibana_url)" >> $GITHUB_ENV + # + # - name: Set sensitive terraform output as env variable + # id: set_sensitive_output + # run: | + # export ELASTICSEARCH_USERNAME=$(terraform output elasticsearch_username) + # echo "::add-mask::$ELASTICSEARCH_USERNAME" + # echo "ELASTICSEARCH_USERNAME=$ELASTICSEARCH_USERNAME" >> $GITHUB_ENV + # + # export ELASTICSEARCH_PASSWORD=$(terraform output elasticsearch_password) + # echo "::add-mask::$ELASTICSEARCH_PASSWORD" + # echo "ELASTICSEARCH_PASSWORD=$ELASTICSEARCH_PASSWORD" >> $GITHUB_ENV + # + # - name: Install KSPM vanilla integration + # id: install_vanilla_integration + # working-directory: ${{ env.SCRIPTS_DIR }} + # run: | + # ./install-kspm-vanilla-integration.sh ${{ env.KIBANA_URL }} ${{ env.ELASTICSEARCH_PASSWORD }} + # + # - name: Show manifest file + # id: manifest_file + # working-directory: ${{ env.SCRIPTS_DIR }} + # run: | + # cat manifest.yaml + # + # - name: Replace the agent image + # id: replace_agent_image + # working-directory: ${{ env.SCRIPTS_DIR }} + # run: | + # cp manifest.yaml manifest-2.yaml + # sed -i '' "s/^\( *image: *\).*/\1ofir_image/" manifest-2.yaml + # cat manifest-2.yaml + # diff manifest.yaml manifest-2.yaml + # - name: Create new file run: | touch from_ci.txt @@ -124,7 +123,7 @@ jobs: touch from_ci.txt echo -e "${{ secrets.EC2_SECRET }}" > weekly-key.pem chmod 600 weekly-key.pem - scp -o StrictHostKeyChecking=no -v -i weekly-key.pem from_ci.txt "ubuntu@ec2-13-51-85-190.eu-north-1.compute.amazonaws.com:~/." + scp -o StrictHostKeyChecking=no -v -i weekly-key.pem from_ci.txt "ubuntu@${{ secrets.EC2_PUBLIC_IP }}:~/." # scp -i ${{ secrets.EC2_SECRET }} -o StrictHostKeyChecking=no from_ci_1.txt "ubuntu@${EC2_PUBLIC_IP}:~/." # From b55ce4846d7d35dafb1a8e0001e357a2c57c40a1 Mon Sep 17 00:00:00 2001 From: ofiriro3 Date: Mon, 13 Feb 2023 15:02:30 +0200 Subject: [PATCH 085/105] update flow to use public ip variable --- .github/workflows/weekly-enviroment.yml | 15 ++++++++++++--- 1 file changed, 12 insertions(+), 3 deletions(-) diff --git a/.github/workflows/weekly-enviroment.yml b/.github/workflows/weekly-enviroment.yml index b423245e32..80dcfe8b20 100644 --- a/.github/workflows/weekly-enviroment.yml +++ b/.github/workflows/weekly-enviroment.yml @@ -113,8 +113,8 @@ jobs: target: "ci.txt" continue-on-error: true - - name: Deploy KSPM vanilla Agent to EC2 - id: deploy_ksmp + - name: Copy Vanilla Manifest file to EC2 instance + id: copy_manifest_file working-directory: ${{ env.SCRIPTS_DIR }} env: EC2_PUBLIC_IP: ${{ secrets.EC2_PUBLIC_IP }} @@ -125,7 +125,16 @@ jobs: chmod 600 weekly-key.pem scp -o StrictHostKeyChecking=no -v -i weekly-key.pem from_ci.txt "ubuntu@${{ secrets.EC2_PUBLIC_IP }}:~/." -# scp -i ${{ secrets.EC2_SECRET }} -o StrictHostKeyChecking=no from_ci_1.txt "ubuntu@${EC2_PUBLIC_IP}:~/." + - name: Deploy Agent on EC2 instance + id: copy_manifest_file + working-directory: ${{ env.SCRIPTS_DIR }} + env: + EC2_PUBLIC_IP: ${{ secrets.EC2_PUBLIC_IP }} + EC2_SECRET: ${{ secrets.EC2_SECRET }} + run: | + ssh -o StrictHostKeyChecking=no -i weekly-key.pem "ubuntu@${EC2_PUBLIC_IP}" "touch from_ci_apply.text" + +# scp -o StrictHostKeyChecking=no -i ${{ secrets.EC2_SECRET }} from_ci_1.txt "ubuntu@${EC2_PUBLIC_IP}:~/." # # scp -i "$EC2_SECRET" -o StrictHostKeyChecking=no manifest.yaml "ubuntu@${EC2_PUBLIC_IP}:~/." # ssh -i "$EC2_SECRET" -o StrictHostKeyChecking=no "ubuntu@${EC2_PUBLIC_IP}" "ls -l" From 850dee5693a6740094bc2a5e7f41f4015a4aa7fd Mon Sep 17 00:00:00 2001 From: ofiriro3 Date: Mon, 13 Feb 2023 15:03:53 +0200 Subject: [PATCH 086/105] updating id of flow --- .github/workflows/weekly-enviroment.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/weekly-enviroment.yml b/.github/workflows/weekly-enviroment.yml index 80dcfe8b20..d98e8b60a4 100644 --- a/.github/workflows/weekly-enviroment.yml +++ b/.github/workflows/weekly-enviroment.yml @@ -126,7 +126,7 @@ jobs: scp -o StrictHostKeyChecking=no -v -i weekly-key.pem from_ci.txt "ubuntu@${{ secrets.EC2_PUBLIC_IP }}:~/." - name: Deploy Agent on EC2 instance - id: copy_manifest_file + id: deploy_manifest_file working-directory: ${{ env.SCRIPTS_DIR }} env: EC2_PUBLIC_IP: ${{ secrets.EC2_PUBLIC_IP }} From 0008f61e451b66f76e7a9a3ad9e7da7c8e6b1d37 Mon Sep 17 00:00:00 2001 From: ofiriro3 Date: Mon, 13 Feb 2023 15:09:51 +0200 Subject: [PATCH 087/105] first end to end flow --- .github/workflows/weekly-enviroment.yml | 213 ++++++++++-------------- 1 file changed, 92 insertions(+), 121 deletions(-) diff --git a/.github/workflows/weekly-enviroment.yml b/.github/workflows/weekly-enviroment.yml index d98e8b60a4..603a06a976 100644 --- a/.github/workflows/weekly-enviroment.yml +++ b/.github/workflows/weekly-enviroment.yml @@ -44,50 +44,50 @@ jobs: terraform_version: 1.3.5 terraform_wrapper: false - # - name: Terraform fmt - # id: fmt - # run: terraform fmt -check - # continue-on-error: true - # - # - name: Terraform Init - # id: init - # run: terraform init -no-color - # - # - name: Terraform Validate - # id: validate - # run: terraform validate -no-color - # - # - name: Deploy Elastic Cloud - # id: apply - # run: terraform apply --auto-approve - # - # - name: Set terraform output as env variable - # id: kibana_url - # run: | - # echo "KIBANA_URL=$(terraform output kibana_url)" >> $GITHUB_ENV - # - # - name: Set sensitive terraform output as env variable - # id: set_sensitive_output - # run: | - # export ELASTICSEARCH_USERNAME=$(terraform output elasticsearch_username) - # echo "::add-mask::$ELASTICSEARCH_USERNAME" - # echo "ELASTICSEARCH_USERNAME=$ELASTICSEARCH_USERNAME" >> $GITHUB_ENV - # - # export ELASTICSEARCH_PASSWORD=$(terraform output elasticsearch_password) - # echo "::add-mask::$ELASTICSEARCH_PASSWORD" - # echo "ELASTICSEARCH_PASSWORD=$ELASTICSEARCH_PASSWORD" >> $GITHUB_ENV - # - # - name: Install KSPM vanilla integration - # id: install_vanilla_integration - # working-directory: ${{ env.SCRIPTS_DIR }} - # run: | - # ./install-kspm-vanilla-integration.sh ${{ env.KIBANA_URL }} ${{ env.ELASTICSEARCH_PASSWORD }} - # - # - name: Show manifest file - # id: manifest_file - # working-directory: ${{ env.SCRIPTS_DIR }} - # run: | - # cat manifest.yaml + - name: Terraform fmt + id: fmt + run: terraform fmt -check + continue-on-error: true + + - name: Terraform Init + id: init + run: terraform init -no-color + + - name: Terraform Validate + id: validate + run: terraform validate -no-color + + - name: Deploy Elastic Cloud + id: apply + run: terraform apply --auto-approve + + - name: Set terraform output as env variable + id: kibana_url + run: | + echo "KIBANA_URL=$(terraform output kibana_url)" >> $GITHUB_ENV + + - name: Set sensitive terraform output as env variable + id: set_sensitive_output + run: | + export ELASTICSEARCH_USERNAME=$(terraform output elasticsearch_username) + echo "::add-mask::$ELASTICSEARCH_USERNAME" + echo "ELASTICSEARCH_USERNAME=$ELASTICSEARCH_USERNAME" >> $GITHUB_ENV + + export ELASTICSEARCH_PASSWORD=$(terraform output elasticsearch_password) + echo "::add-mask::$ELASTICSEARCH_PASSWORD" + echo "ELASTICSEARCH_PASSWORD=$ELASTICSEARCH_PASSWORD" >> $GITHUB_ENV + + - name: Install KSPM vanilla integration + id: install_vanilla_integration + working-directory: ${{ env.SCRIPTS_DIR }} + run: | + ./install-kspm-vanilla-integration.sh ${{ env.KIBANA_URL }} ${{ env.ELASTICSEARCH_PASSWORD }} + + - name: Show manifest file + id: manifest_file + working-directory: ${{ env.SCRIPTS_DIR }} + run: | + cat manifest.yaml # # - name: Replace the agent image # id: replace_agent_image @@ -98,88 +98,59 @@ jobs: # cat manifest-2.yaml # diff manifest.yaml manifest-2.yaml # - - name: Create new file - run: | - touch from_ci.txt - - - name: copy file via ssh key - uses: appleboy/scp-action@master - with: - host: ${{ secrets.EC2_PUBLIC_IP }} - username: "ubuntu" - port: "22" - key: ${{ secrets.EC2_SECRET }} - source: "from_ci.txt" - target: "ci.txt" - continue-on-error: true - - - name: Copy Vanilla Manifest file to EC2 instance + - name: Deploy agent on EC2 id: copy_manifest_file working-directory: ${{ env.SCRIPTS_DIR }} - env: - EC2_PUBLIC_IP: ${{ secrets.EC2_PUBLIC_IP }} - EC2_SECRET: ${{ secrets.EC2_SECRET }} run: | touch from_ci.txt echo -e "${{ secrets.EC2_SECRET }}" > weekly-key.pem chmod 600 weekly-key.pem - scp -o StrictHostKeyChecking=no -v -i weekly-key.pem from_ci.txt "ubuntu@${{ secrets.EC2_PUBLIC_IP }}:~/." + # Copy the manifest file to the EC2 instance + scp -o StrictHostKeyChecking=no -v -i manifest.yaml "ubuntu@${{ secrets.EC2_PUBLIC_IP }}:~/." + # Apply the manifest file + ssh -o StrictHostKeyChecking=no -v -i manifest.yaml "ubuntu@${{ secrets.EC2_PUBLIC_IP }}" "kubectl apply -f manifest.yaml" - - name: Deploy Agent on EC2 instance - id: deploy_manifest_file - working-directory: ${{ env.SCRIPTS_DIR }} + # Once https://github.com/slackapi/slack-github-action/issues/84 will be resolved we can push the payload to a different file + - name: Send custom JSON data to Slack workflow + id: slack + uses: slackapi/slack-github-action@v1.23.0 + with: + payload: | + { + "text": "A new deployment job has been triggered", + "attachments": [ + { + "color": "#36a64f", + "fields": [ + { + "title": "Environment", + "value": "${{ github.event.inputs.environment }}", + "short": true + }, + { + "title": "Log level", + "value": "${{ github.event.inputs.logLevel }}", + "short": true + }, + { + "title": "Kibana URL", + "value": ${{ env.KIBANA_URL }}, + "short": false + }, + { + "title": "ElasticSearch username", + "value": ${{ env.ELASTICSEARCH_USERNAME }}, + "short": false + }, + { + "title": "ElasticSearch password", + "value": ${{ env.ELASTICSEARCH_PASSWORD }}, + "short": false + } + ] + } + ] + } env: - EC2_PUBLIC_IP: ${{ secrets.EC2_PUBLIC_IP }} - EC2_SECRET: ${{ secrets.EC2_SECRET }} - run: | - ssh -o StrictHostKeyChecking=no -i weekly-key.pem "ubuntu@${EC2_PUBLIC_IP}" "touch from_ci_apply.text" - -# scp -o StrictHostKeyChecking=no -i ${{ secrets.EC2_SECRET }} from_ci_1.txt "ubuntu@${EC2_PUBLIC_IP}:~/." -# -# scp -i "$EC2_SECRET" -o StrictHostKeyChecking=no manifest.yaml "ubuntu@${EC2_PUBLIC_IP}:~/." -# ssh -i "$EC2_SECRET" -o StrictHostKeyChecking=no "ubuntu@${EC2_PUBLIC_IP}" "ls -l" - -# # Once https://github.com/slackapi/slack-github-action/issues/84 will be resolved we can push the payload to a different file -# - name: Send custom JSON data to Slack workflow -# id: slack -# uses: slackapi/slack-github-action@v1.23.0 -# with: -# payload: | -# { -# "text": "A new deployment job has been triggered", -# "attachments": [ -# { -# "color": "#36a64f", -# "fields": [ -# { -# "title": "Environment", -# "value": "${{ github.event.inputs.environment }}", -# "short": true -# }, -# { -# "title": "Log level", -# "value": "${{ github.event.inputs.logLevel }}", -# "short": true -# }, -# { -# "title": "Kibana URL", -# "value": ${{ env.KIBANA_URL }}, -# "short": false -# }, -# { -# "title": "ElasticSearch username", -# "value": ${{ env.ELASTICSEARCH_USERNAME }}, -# "short": false -# }, -# { -# "title": "ElasticSearch password", -# "value": ${{ env.ELASTICSEARCH_PASSWORD }}, -# "short": false -# } -# ] -# } -# ] -# } -# env: -# SLACK_WEBHOOK_URL: ${{ secrets.SLACK_WEBHOOK_URL }} -# SLACK_WEBHOOK_TYPE: INCOMING_WEBHOOK + SLACK_WEBHOOK_URL: ${{ secrets.SLACK_WEBHOOK_URL }} + SLACK_WEBHOOK_TYPE: INCOMING_WEBHOOK From 2f099570f8d9faebf4a6b2f0f5153a8c932184bb Mon Sep 17 00:00:00 2001 From: ofiriro3 Date: Mon, 13 Feb 2023 15:28:05 +0200 Subject: [PATCH 088/105] Fixing CI scp command --- .github/workflows/weekly-enviroment.yml | 5 ++--- .../kspm_vanilla/data/agent_policy_vanilla.json | 2 +- .../kspm_vanilla/data/package_policy_vanilla.json | 2 +- deploy/weekly-environment/scripts/utils.sh | 8 +++++--- 4 files changed, 9 insertions(+), 8 deletions(-) diff --git a/.github/workflows/weekly-enviroment.yml b/.github/workflows/weekly-enviroment.yml index 603a06a976..a2c940e256 100644 --- a/.github/workflows/weekly-enviroment.yml +++ b/.github/workflows/weekly-enviroment.yml @@ -102,13 +102,12 @@ jobs: id: copy_manifest_file working-directory: ${{ env.SCRIPTS_DIR }} run: | - touch from_ci.txt echo -e "${{ secrets.EC2_SECRET }}" > weekly-key.pem chmod 600 weekly-key.pem # Copy the manifest file to the EC2 instance - scp -o StrictHostKeyChecking=no -v -i manifest.yaml "ubuntu@${{ secrets.EC2_PUBLIC_IP }}:~/." + scp -o StrictHostKeyChecking=no -v -i weekly-key.pem manifest.yaml "ubuntu@${{ secrets.EC2_PUBLIC_IP }}:~/." # Apply the manifest file - ssh -o StrictHostKeyChecking=no -v -i manifest.yaml "ubuntu@${{ secrets.EC2_PUBLIC_IP }}" "kubectl apply -f manifest.yaml" + ssh -o StrictHostKeyChecking=no -v -i weekly-key.pem manifest.yaml "ubuntu@${{ secrets.EC2_PUBLIC_IP }}" "kubectl apply -f manifest.yaml" # Once https://github.com/slackapi/slack-github-action/issues/84 will be resolved we can push the payload to a different file - name: Send custom JSON data to Slack workflow diff --git a/deploy/weekly-environment/scripts/benchmarks/kspm_vanilla/data/agent_policy_vanilla.json b/deploy/weekly-environment/scripts/benchmarks/kspm_vanilla/data/agent_policy_vanilla.json index 1f8040e083..8ceaf9e3aa 100644 --- a/deploy/weekly-environment/scripts/benchmarks/kspm_vanilla/data/agent_policy_vanilla.json +++ b/deploy/weekly-environment/scripts/benchmarks/kspm_vanilla/data/agent_policy_vanilla.json @@ -1,5 +1,5 @@ { - "name": "weekly-environment-vanilla-policy-full-flow-1", + "name": "weekly-environment-vanilla-policy", "namespace": "default", "monitoring_enabled": [ "logs", diff --git a/deploy/weekly-environment/scripts/benchmarks/kspm_vanilla/data/package_policy_vanilla.json b/deploy/weekly-environment/scripts/benchmarks/kspm_vanilla/data/package_policy_vanilla.json index e6a406c261..452a5c06ea 100644 --- a/deploy/weekly-environment/scripts/benchmarks/kspm_vanilla/data/package_policy_vanilla.json +++ b/deploy/weekly-environment/scripts/benchmarks/kspm_vanilla/data/package_policy_vanilla.json @@ -1,5 +1,5 @@ { - "name": "weekly-environment-vanilla-integration-package-full-flow-1", + "name": "weekly-environment-vanilla-integration-package", "description": "", "namespace": "default", "policy_id": "${agent_policy_id}", diff --git a/deploy/weekly-environment/scripts/utils.sh b/deploy/weekly-environment/scripts/utils.sh index de94f5052a..4462f148e2 100755 --- a/deploy/weekly-environment/scripts/utils.sh +++ b/deploy/weekly-environment/scripts/utils.sh @@ -1,6 +1,6 @@ #!/bin/bash -# create a new agent policy and set policy_id to the new agent id +# creates a new agent policy and set the new POLICY_ID to the policy id create_a_new_agent_policy() { local kibana_url=$1 local kibana_auth=$2 @@ -22,13 +22,15 @@ create_a_new_agent_policy() { echo "Creating a new agent policy has completed successfully: New policy id: $POLICY_ID" } -# create a new vanilla integration and set INTEGRATION_ID to the new integration id +# creates a new vanilla integration and set INTEGRATION_ID to the new integration id create_a_new_vanilla_integration() { local kibana_url=$1 local kibana_auth=$2 local policy_id=$3 local integration_policy=$4 local updated_policy + + # Updating the new integration policy with the policy id updated_policy="$(jq --arg policy_id "$policy_id" '.policy_id |= $policy_id' "$integration_policy")" echo "New integration policy: $updated_policy" @@ -46,7 +48,7 @@ create_a_new_vanilla_integration() { echo "Creating a new a new vanilla integration with policy id: $policy_id has completed successfully.Integration policy: $updated_policy " } -# create a new vanilla integration manifest file named manifest.yaml +# creates a new vanilla integration manifest file named manifest.yaml create_new_vanilla_integration_manifest_file() { local kibana_url=$1 local kibana_auth=$2 From 3e5a3daa9e2005d8348fea368334c870e5343cce Mon Sep 17 00:00:00 2001 From: ofiriro3 Date: Mon, 13 Feb 2023 15:43:02 +0200 Subject: [PATCH 089/105] Fixing deployment --- .github/workflows/weekly-enviroment.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/weekly-enviroment.yml b/.github/workflows/weekly-enviroment.yml index a2c940e256..1552e328d6 100644 --- a/.github/workflows/weekly-enviroment.yml +++ b/.github/workflows/weekly-enviroment.yml @@ -107,7 +107,7 @@ jobs: # Copy the manifest file to the EC2 instance scp -o StrictHostKeyChecking=no -v -i weekly-key.pem manifest.yaml "ubuntu@${{ secrets.EC2_PUBLIC_IP }}:~/." # Apply the manifest file - ssh -o StrictHostKeyChecking=no -v -i weekly-key.pem manifest.yaml "ubuntu@${{ secrets.EC2_PUBLIC_IP }}" "kubectl apply -f manifest.yaml" + ssh -o StrictHostKeyChecking=no -v -i weekly-key.pem "ubuntu@${{ secrets.EC2_PUBLIC_IP }}" "kubectl apply -f manifest.yaml" # Once https://github.com/slackapi/slack-github-action/issues/84 will be resolved we can push the payload to a different file - name: Send custom JSON data to Slack workflow From a4170e849d8ff23837f7f5aed4aaf222c58759f6 Mon Sep 17 00:00:00 2001 From: ofiriro3 Date: Mon, 13 Feb 2023 16:02:36 +0200 Subject: [PATCH 090/105] Working version with no snapshot --- .github/workflows/weekly-enviroment.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/.github/workflows/weekly-enviroment.yml b/.github/workflows/weekly-enviroment.yml index 1552e328d6..0f4df122b4 100644 --- a/.github/workflows/weekly-enviroment.yml +++ b/.github/workflows/weekly-enviroment.yml @@ -27,6 +27,7 @@ env: TF_VAR_environment: ${{ github.event.inputs.logLevel }} TF_LOG: ${{ github.event.inputs.logLevel }} + jobs: terraform: name: Deploy KSPM/CSPM cloud environment From fe6627834e6bc2157a3a6c13fb340b0114f3a965 Mon Sep 17 00:00:00 2001 From: ofiriro3 Date: Mon, 13 Feb 2023 16:59:59 +0200 Subject: [PATCH 091/105] Adding input validation and using 8.6.1 version --- .github/workflows/weekly-enviroment.yml | 2 +- .../kspm_vanilla/install-kspm-vanilla-integration.sh | 6 ++++++ 2 files changed, 7 insertions(+), 1 deletion(-) diff --git a/.github/workflows/weekly-enviroment.yml b/.github/workflows/weekly-enviroment.yml index 0f4df122b4..0154381502 100644 --- a/.github/workflows/weekly-enviroment.yml +++ b/.github/workflows/weekly-enviroment.yml @@ -26,7 +26,7 @@ env: TF_VAR_ec_api_key: ${{ secrets.TF_VAR_EC_API_KEY }} TF_VAR_environment: ${{ github.event.inputs.logLevel }} TF_LOG: ${{ github.event.inputs.logLevel }} - + TF_VAR: 8.6.1 jobs: terraform: diff --git a/deploy/weekly-environment/scripts/benchmarks/kspm_vanilla/install-kspm-vanilla-integration.sh b/deploy/weekly-environment/scripts/benchmarks/kspm_vanilla/install-kspm-vanilla-integration.sh index bb040d56ce..3fefb94fca 100755 --- a/deploy/weekly-environment/scripts/benchmarks/kspm_vanilla/install-kspm-vanilla-integration.sh +++ b/deploy/weekly-environment/scripts/benchmarks/kspm_vanilla/install-kspm-vanilla-integration.sh @@ -8,6 +8,12 @@ KIBANA_AUTH=elastic:${KIBANA_PASSWORD} AGENT_POLICY=data/agent_policy_vanilla.json INTEGRATION_POLICY=data/package_policy_vanilla.json +# Check if input is empty +if [ -z "$KIBANA_URL" ] || [ -z "$KIBANA_PASSWORD" ]; then + echo "Kibana URL or Kibana password is empty" + exit 1 +fi + ## Create a new agent policy And get the agent id create_a_new_agent_policy "$KIBANA_URL" "$KIBANA_AUTH" "$AGENT_POLICY" From a2efb02891770f850a84cb80ff35221d4ea69635 Mon Sep 17 00:00:00 2001 From: ofiriro3 Date: Mon, 13 Feb 2023 17:17:20 +0200 Subject: [PATCH 092/105] Adding all old files --- .github/workflows/Periodic-CI.yml | 249 ++++++++++++++++ .github/workflows/cloudbeat-ci.yml | 315 +++++++++++++++++++++ .github/workflows/eks-ci.yml | 252 +++++++++++++++++ .github/workflows/packaging.yml | 50 ++++ .github/workflows/publish-test-results.yml | 86 ++++++ .github/workflows/unit-test.yml | 140 +++++++++ .github/workflows/weekly-enviroment.yml | 11 +- 7 files changed, 1093 insertions(+), 10 deletions(-) create mode 100644 .github/workflows/Periodic-CI.yml create mode 100644 .github/workflows/cloudbeat-ci.yml create mode 100644 .github/workflows/eks-ci.yml create mode 100644 .github/workflows/packaging.yml create mode 100644 .github/workflows/publish-test-results.yml create mode 100644 .github/workflows/unit-test.yml diff --git a/.github/workflows/Periodic-CI.yml b/.github/workflows/Periodic-CI.yml new file mode 100644 index 0000000000..fb6e8472d5 --- /dev/null +++ b/.github/workflows/Periodic-CI.yml @@ -0,0 +1,249 @@ +name: Periodic-CI + +on: + # On demand execution of workflow will run all suites. + workflow_dispatch: + inputs: + test-targets: + required: true + description: 'Specify test markers to run' + default: '[\"pre_merge\", \"file_system_rules\", \"k8s_object_rules\", \"process_api_server_rules\", \"process_controller_manager_rules\", \"process_etcd_rules\", \"process_kubelet_rules\", \"process_scheduler_rules\"]' + + schedule: + # Nightly job. Running every day at 2 am + - cron: '00 02 * * 0-4' + + # Weekly job running every saturday at 2 am + - cron: '00 02 * * 6' + +env: + AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }} + AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }} + GITHUB_AUTH_TOKEN: ${{ secrets.GITHUB_TOKEN }} + CONTAINER_SUFFIX: ${{ github.run_id }} + TEST_TARGETS_DEFAULT: '[\"pre_merge\", \"file_system_rules\", \"k8s_object_rules\", \"process_api_server_rules\", \"process_controller_manager_rules\", \"process_etcd_rules\", \"process_kubelet_rules\", \"process_scheduler_rules\"]' + +permissions: + actions: read + checks: write + statuses: read +jobs: + Setup: + runs-on: ubuntu-20.04 + outputs: + matrix: ${{ steps.set-matrix.outputs.matrix }} + timeout-minutes: 15 + steps: + - id: Default + env: + TEST_TARGETS: ${{ env.TEST_TARGETS_DEFAULT }} + run: | + echo "TEST_MATRIX=$TEST_TARGETS" >> $GITHUB_ENV + + - id: Nightly + if: github.event_name == 'schedule' && github.event.schedule == '00 02 * * 0-4' + env: + TEST_TARGETS: ${{ env.TEST_TARGETS_DEFAULT }} + run: echo "TEST_MATRIX=${TEST_TARGETS}" >> $GITHUB_ENV + + - id: Weekly + if: github.event_name == 'schedule' && github.event.schedule == '00 02 * * 6' + env: + TEST_TARGETS: ${{ env.TEST_TARGETS_DEFAULT }} + run: echo "TEST_MATRIX=${TEST_TARGETS}" >> $GITHUB_ENV + + - id: Push + if: github.event_name == 'push' + env: + TEST_TARGETS: '[\"pre_merge\", \"file_system_rules\"]' + run: | + echo "TEST_MATRIX=$TEST_TARGETS" >> $GITHUB_ENV + + - id: Dispatch + if: github.event_name == 'workflow_dispatch' + env: + TEST_TARGETS: ${{ github.event.inputs.test-targets }} + run: echo "TEST_MATRIX=${TEST_TARGETS}" >> $GITHUB_ENV + + - id: set-matrix + run: echo "{matrix}={${{ env.TEST_MATRIX}}}" >> $GITHUB_OUTPUT + + Build: + name: Build + runs-on: ubuntu-20.04 + timeout-minutes: 15 + steps: + - name: Check out the repo + uses: actions/checkout@v3 + + - name: Set up Go + uses: actions/setup-go@v3 + with: + go-version-file: .go-version + + - name: Fetch OPA version + run: echo "OPA_VERSION=$(go list -m -f {{.Version}} github.com/open-policy-agent/opa | sed 's/v//')" >> $GITHUB_ENV + + - name: Setup OPA + uses: open-policy-agent/setup-opa@v2 + with: + version: ${{ env.OPA_VERSION }} + + - name: cache go dependencies + uses: actions/cache@v3 + with: + path: | + ~/go/pkg/mod + ~/.cache/go-build + key: ${{ runner.os }}-go-${{ matrix.go-version }}-${{ hashFiles('**/go.sum') }} + restore-keys: | + ${{ runner.os }}-go-${{ matrix.go-version }}- + + - name: build cloudbeat + run: make + + - name: build opa bundle + uses: magefile/mage-action@v2 + with: + version: latest + args: BuildOpaBundle + + - name: Set up Docker Buildx + uses: docker/setup-buildx-action@v2 + + - name: Cache Build dependencies + uses: actions/cache@v3 + with: + path: /tmp/.buildx-cache + key: ${{ runner.os }}-buildx-${{ github.workflow }} + restore-keys: | + ${{ runner.os }}-buildx- + + - name: Build cloudbeat-docker + uses: docker/build-push-action@v4 + with: + context: . + push: false + tags: cloudbeat:latest + cache-from: type=local,src=/tmp/.buildx-cache + cache-to: type=local,dest=/tmp/.buildx-cache-new + outputs: type=docker,dest=/tmp/cloudbeat-${{ env.CONTAINER_SUFFIX }}.tar + + - name: Build pytest-docker + uses: docker/build-push-action@v4 + with: + context: ./tests/. + push: false + tags: cloudbeat-test:latest + cache-from: type=local,mode=max,src=/tmp/.buildx-cache + cache-to: type=local,mode=max,dest=/tmp/.buildx-cache-new + outputs: type=docker,dest=/tmp/pytest-${{ env.CONTAINER_SUFFIX }}.tar + + - name: Cache docker images + uses: actions/cache@v3 + with: + path: /tmp/*.tar + key: ${{ runner.os }}-dockers-cache-${{ env.CONTAINER_SUFFIX }} + restore-keys: | + ${{ runner.os }}-dockers-cache-${{ env.CONTAINER_SUFFIX }} + + - name: Move cache + run: | + rm -rf /tmp/.buildx-cache + mv /tmp/.buildx-cache-new /tmp/.buildx-cache + + Test_Matrix: + needs: ['Build', 'Setup'] + strategy: + fail-fast: false + matrix: + test-target: ${{fromJson(needs.Setup.outputs.matrix)}} + name: ${{ matrix.test-target }}-tests + runs-on: ubuntu-20.04 + timeout-minutes: 90 + steps: + - name: Check out the repo + uses: actions/checkout@v3 + + - uses: azure/setup-helm@v3 + id: install + + - uses: extractions/setup-just@v1 + env: + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} + + - name: Create k8s Kind Cluster + uses: helm/kind-action@v1.5.0 + with: + config: deploy/k8s/kind/kind-mono.yml + + - name: Cache docker images + uses: actions/cache@v3 + with: + path: /tmp/*.tar + key: ${{ runner.os }}-dockers-cache-${{ env.CONTAINER_SUFFIX }} + restore-keys: | + ${{ runner.os }}-dockers-cache- + + - name: Load images to kind + run: | + kind load image-archive /tmp/cloudbeat-${{ env.CONTAINER_SUFFIX }}.tar --name=kind-mono & kind load image-archive /tmp/pytest-${{ env.CONTAINER_SUFFIX }}.tar --name=kind-mono + + - name: Deploy tests Helm chart + id: deploy_helm + run: | + just deploy-tests-helm-ci ${{ matrix.test-target }} + + - name: Run Tests + id: run_tests + run: | + just run-tests-ci + + - name: Upload Test Results + if: always() + uses: actions/upload-artifact@v3 + with: + name: allure_results-${{ matrix.test-target}} + path: tests/allure/results/ + + - name: clear cache + id: clear_cache + if: success() + run: rm -rf /tmp/${{ env.CONTAINER_SUFFIX }}}.tar + + publish_results: + name: Publish Results + needs: Test_Matrix + if: always() + runs-on: ubuntu-20.04 + steps: + - name: Download Artifacts + uses: actions/download-artifact@v3 + with: + path: artifacts + + - name: Extract Artifacts + run: | + mkdir -p tests/allure/results + find artifacts/ -type f -print0 | xargs -0 mv -t tests/allure/results + + - name: Publish allure report + if: always() + uses: andrcuns/allure-publish-action@v2.2.3 + with: + storageType: s3 + resultsGlob: "tests/allure/results/*" + updatePr: actions + collapseSummary: false + summary: suites + summaryTableType: markdown + copyLatest: true + bucket: csp-allure-reports + prefix: allure_reports/cloudbeat/${{ github.ref_name }} + ignoreMissingResults: true + + - name: Setup tmate session + uses: mxschmitt/action-tmate@v3 + if: failure() + with: + limit-access-to-actor: true diff --git a/.github/workflows/cloudbeat-ci.yml b/.github/workflows/cloudbeat-ci.yml new file mode 100644 index 0000000000..99987ef7a9 --- /dev/null +++ b/.github/workflows/cloudbeat-ci.yml @@ -0,0 +1,315 @@ +name: Cloudbeat-CI + +on: + pull_request: + branches: + - main + - '[0-9]+.[0-9]+' + types: [opened, synchronize, reopened] + +env: + CONTAINER_SUFFIX: ${{ github.run_id }} + +concurrency: + group: ${{ github.workflow }}-${{ github.head_ref || github.run_id }} + cancel-in-progress: true + +jobs: + Lint: + # for more information see .pre-commit-config.yaml + name: Pre-commit Hooks + runs-on: ubuntu-latest + timeout-minutes: 10 + steps: + - name: Check out the repo + uses: actions/checkout@v3 + + - name: Init Hermit + run: ./bin/hermit env -r >> $GITHUB_ENV + + - name: Pre-commit Hooks + run: | + pre-commit run --all-files + shell: bash + + Build: + name: Build + runs-on: ubuntu-20.04 + timeout-minutes: 15 + steps: + - name: Check out the repo + uses: actions/checkout@v3 + + - name: Init Hermit + run: ./bin/hermit env -r >> $GITHUB_ENV + + - name: cache go dependencies + uses: actions/cache@v3 + with: + path: | + ~/go/pkg/mod + ~/.cache/go-build + key: ${{ runner.os }}-go-${{ matrix.go-version }}-${{ hashFiles('**/go.sum') }} + restore-keys: | + ${{ runner.os }}-go-${{ matrix.go-version }}- + + - name: build cloudbeat binary + uses: magefile/mage-action@v2 + with: + version: latest + args: build + + - name: build opa bundle + uses: magefile/mage-action@v2 + with: + version: latest + args: BuildOpaBundle + + - name: Set up Docker Buildx + uses: docker/setup-buildx-action@v1 + + - name: Cache Build dependencies + uses: actions/cache@v2 + with: + path: /tmp/.buildx-cache + key: ${{ runner.os }}-buildx-${{ github.workflow }} + restore-keys: | + ${{ runner.os }}-buildx- + + - name: Build cloudbeat-docker + uses: docker/build-push-action@v4 + with: + context: . + push: false + tags: cloudbeat:latest + cache-from: type=local,src=/tmp/.buildx-cache + cache-to: type=local,dest=/tmp/.buildx-cache-new + outputs: type=docker,dest=/tmp/cloudbeat-${{ env.CONTAINER_SUFFIX }}.tar + + - name: Build elastic-agent + run: | + make build_elastic_agent_docker_image + + - name: Build pytest-docker + uses: docker/build-push-action@v4 + with: + context: ./tests/. + push: false + tags: cloudbeat-test:latest + cache-from: type=local,mode=max,src=/tmp/.buildx-cache + cache-to: type=local,mode=max,dest=/tmp/.buildx-cache-new + outputs: type=docker,dest=/tmp/pytest-${{ env.CONTAINER_SUFFIX }}.tar + + - name: Cache docker images + uses: actions/cache@v3 + with: + path: /tmp/*.tar + key: ${{ runner.os }}-dockers-cache-${{ env.CONTAINER_SUFFIX }} + + - name: Move cache + run: | + ./.ci/scripts/gh-cache.sh + shell: bash + + Test_Matrix: + name: ${{ matrix.test-target }}-${{ matrix.range }}-tests + needs: [Build] + runs-on: ubuntu-20.04 + timeout-minutes: 55 + strategy: + matrix: + include: + - test-target: pre_merge_agent + range: '' + values_file: tests/deploy/values/ci-sa-agent.yml + - test-target: pre_merge + range: '' + values_file: tests/deploy/values/ci.yml + - test-target: file_system_rules + range: '0..5' + values_file: tests/deploy/values/ci.yml + - test-target: file_system_rules + range: '5..10' + values_file: tests/deploy/values/ci.yml + - test-target: file_system_rules + range: '10..15' + values_file: tests/deploy/values/ci.yml + - test-target: file_system_rules + range: '15..20' + values_file: tests/deploy/values/ci.yml + - test-target: file_system_rules + range: '20..25' + values_file: tests/deploy/values/ci.yml + - test-target: file_system_rules + range: '25..30' + values_file: tests/deploy/values/ci.yml + - test-target: file_system_rules + range: '30..35' + values_file: tests/deploy/values/ci.yml + - test-target: file_system_rules + range: '35..40' + values_file: tests/deploy/values/ci.yml + - test-target: file_system_rules + range: '40..45' + values_file: tests/deploy/values/ci.yml + - test-target: file_system_rules + range: '45..50' + values_file: tests/deploy/values/ci.yml + - test-target: file_system_rules + range: '50..55' + values_file: tests/deploy/values/ci.yml + - test-target: file_system_rules + range: '55..60' + values_file: tests/deploy/values/ci.yml + - test-target: file_system_rules + range: '60..65' + values_file: tests/deploy/values/ci.yml + - test-target: file_system_rules + range: '65..70' + values_file: tests/deploy/values/ci.yml + - test-target: file_system_rules + range: '70..' + values_file: tests/deploy/values/ci.yml + - test-target: k8s_object_rules + range: '0..6' + values_file: tests/deploy/values/ci.yml + - test-target: k8s_object_rules + range: '6..12' + values_file: tests/deploy/values/ci.yml + - test-target: k8s_object_rules + range: '12..18' + values_file: tests/deploy/values/ci.yml + - test-target: k8s_object_rules + range: '18..' + values_file: tests/deploy/values/ci.yml + - test-target: process_scheduler_rules + range: '0..3' + values_file: tests/deploy/values/ci.yml + - test-target: process_scheduler_rules + range: '3..' + values_file: tests/deploy/values/ci.yml + - test-target: process_api_server_rules + range: '0..5' + values_file: tests/deploy/values/ci.yml + - test-target: process_api_server_rules + range: '5..10' + values_file: tests/deploy/values/ci.yml + - test-target: process_api_server_rules + range: '10..15' + values_file: tests/deploy/values/ci.yml + - test-target: process_api_server_rules + range: '15..20' + values_file: tests/deploy/values/ci.yml + - test-target: process_api_server_rules + range: '20..24' + values_file: tests/deploy/values/ci.yml + - test-target: process_api_server_rules + range: '24..28' + values_file: tests/deploy/values/ci.yml + - test-target: process_api_server_rules + range: '28..32' + values_file: tests/deploy/values/ci.yml + - test-target: process_api_server_rules + range: '32..36' + values_file: tests/deploy/values/ci.yml + - test-target: process_api_server_rules + range: '36..40' + values_file: tests/deploy/values/ci.yml + - test-target: process_api_server_rules + range: '40..44' + values_file: tests/deploy/values/ci.yml + - test-target: process_api_server_rules + range: '44..48' + values_file: tests/deploy/values/ci.yml + - test-target: process_api_server_rules + range: '48..52' + values_file: tests/deploy/values/ci.yml + - test-target: process_api_server_rules + range: '52..56' + values_file: tests/deploy/values/ci.yml + - test-target: process_api_server_rules + range: '56..' + values_file: tests/deploy/values/ci.yml + - test-target: process_controller_manager_rules + range: '0..4' + values_file: tests/deploy/values/ci.yml + - test-target: process_controller_manager_rules + range: '4..8' + values_file: tests/deploy/values/ci.yml + - test-target: process_controller_manager_rules + range: '8..12' + values_file: tests/deploy/values/ci.yml + - test-target: process_controller_manager_rules + range: '12..' + values_file: tests/deploy/values/ci.yml + - test-target: process_etcd_rules + range: '0..4' + values_file: tests/deploy/values/ci.yml + - test-target: process_etcd_rules + range: '4..8' + values_file: tests/deploy/values/ci.yml + - test-target: process_etcd_rules + range: '8..' + values_file: tests/deploy/values/ci.yml + - test-target: process_kubelet_rules + range: '0..4' + values_file: tests/deploy/values/ci.yml + - test-target: process_kubelet_rules + range: '4..8' + values_file: tests/deploy/values/ci.yml + - test-target: process_kubelet_rules + range: '8..12' + values_file: tests/deploy/values/ci.yml + - test-target: process_kubelet_rules + range: '12..16' + values_file: tests/deploy/values/ci.yml + - test-target: process_kubelet_rules + range: '16..20' + values_file: tests/deploy/values/ci.yml + - test-target: process_kubelet_rules + range: '20..' + values_file: tests/deploy/values/ci.yml + fail-fast: false + steps: + - name: Check out the repo + uses: actions/checkout@v3 + + - name: Init Hermit + run: ./bin/hermit env -r >> $GITHUB_ENV + + - name: Create k8s Kind Cluster + run: | + just create-kind-cluster + + - name: Cache docker images + uses: actions/cache@v3 + with: + path: /tmp/*.tar + key: ${{ runner.os }}-dockers-cache-${{ env.CONTAINER_SUFFIX }} + + - name: Load images to kind + run: | + ./.ci/scripts/kind-images.sh ${{ env.CONTAINER_SUFFIX }} kind-multi + shell: bash + + - name: Deploy tests Helm chart + id: deploy_helm + run: | + just deploy-tests-helm ${{ matrix.test-target }} ${{ matrix.values_file }} ${{ matrix.range }} + + - name: Run Tests + id: run_tests + run: | + just run-tests ${{ matrix.test-target }} + + - name: Upload Test Results + if: always() + uses: actions/upload-artifact@v3 + with: + name: allure_results-${{ matrix.test-target}} + path: tests/allure/results/ + + - name: clear cache + id: clear_cache + if: always() + run: rm -rf /tmp/*-${{ env.CONTAINER_SUFFIX }}.tar diff --git a/.github/workflows/eks-ci.yml b/.github/workflows/eks-ci.yml new file mode 100644 index 0000000000..ce6cd922c6 --- /dev/null +++ b/.github/workflows/eks-ci.yml @@ -0,0 +1,252 @@ +name: EKS-CI + +on: + # On demand execution of workflow will run all suites. + workflow_dispatch: + inputs: + test-targets: + required: true + description: "Specify test markers to run" + default: '["eks"]' + + # On post-merge execution running eks tests + push: + branches: + - main + +env: + AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }} + AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }} + GITHUB_AUTH_TOKEN: ${{ secrets.GITHUB_TOKEN }} + CONTAINER_SUFFIX: ${{ github.run_id }} + TEST_TARGETS_DEFAULT: '["pre_merge"]' + AWS_REGION: eu-west-2 + REPORTS_DIR: tests/allure/results/ + KUBE_NAMESPACE: kube-system + +# run only a single job at a time +concurrency: EKS-Functional-Tests + +jobs: + Setup: + runs-on: ubuntu-20.04 + outputs: + matrix: ${{ steps.set-matrix.outputs.matrix }} + timeout-minutes: 15 + steps: + - id: set-default-matrix + env: + TEST_TARGETS: ${{ env.TEST_TARGETS_DEFAULT }} + run: | + echo "TEST_MATRIX=$TEST_TARGETS" >> $GITHUB_ENV + + - id: Dispatch + if: github.event_name == 'workflow_dispatch' + env: + TEST_TARGETS: ${{ github.event.inputs.test-targets }} + run: echo "TEST_MATRIX=${TEST_TARGETS}" >> $GITHUB_ENV + + - id: set-matrix + run: echo "matrix=${{ env.TEST_MATRIX}}" >> $GITHUB_OUTPUT + + Build: + name: Build + runs-on: ubuntu-20.04 + timeout-minutes: 15 + steps: + - name: Check out the repo + uses: actions/checkout@v3 + + - name: Init Hermit + run: ./bin/hermit env -r >> $GITHUB_ENV + + - name: cache go dependencies + uses: actions/cache@v3 + with: + path: | + ~/go/pkg/mod + ~/.cache/go-build + key: ${{ runner.os }}-go-${{ matrix.go-version }}-${{ hashFiles('**/go.sum') }} + restore-keys: | + ${{ runner.os }}-go-${{ matrix.go-version }}- + + - name: build cloudbeat binary + uses: magefile/mage-action@v2 + with: + version: latest + args: build + + - name: build opa bundle + uses: magefile/mage-action@v2 + with: + version: latest + args: BuildOpaBundle + + - name: Set up Docker Buildx + uses: docker/setup-buildx-action@v2 + + - name: Cache Build dependencies + uses: actions/cache@v3 + with: + path: /tmp/.buildx-cache + key: ${{ runner.os }}-buildx-${{ github.workflow }} + restore-keys: | + ${{ runner.os }}-buildx- + + - name: Build cloudbeat-docker + uses: docker/build-push-action@v4 + with: + context: . + push: false + tags: cloudbeat:latest + cache-from: type=local,src=/tmp/.buildx-cache + cache-to: type=local,dest=/tmp/.buildx-cache-new + outputs: type=docker,dest=/tmp/cloudbeat-${{ env.CONTAINER_SUFFIX }}.tar + + - name: Build elastic-agent + run: | + make build_elastic_agent_docker_image + + - name: Build pytest-docker + uses: docker/build-push-action@v4 + with: + context: ./tests/. + push: false + tags: cloudbeat-test:latest + cache-from: type=local,mode=max,src=/tmp/.buildx-cache + cache-to: type=local,mode=max,dest=/tmp/.buildx-cache-new + outputs: type=docker,dest=/tmp/pytest-${{ env.CONTAINER_SUFFIX }}.tar + + - name: Cache docker images + uses: actions/cache@v3 + with: + path: /tmp/*.tar + key: ${{ runner.os }}-dockers-cache-${{ env.CONTAINER_SUFFIX }} + + - name: Configure AWS credentials + uses: aws-actions/configure-aws-credentials@v1-node16 + with: + aws-access-key-id: ${{ env.AWS_ACCESS_KEY_ID }} + aws-secret-access-key: ${{ env.AWS_SECRET_ACCESS_KEY }} + aws-region: ${{ env.AWS_REGION }} + + - name: Login to Amazon ECR + id: login-ecr + uses: aws-actions/amazon-ecr-login@v1 + + - name: Load images cloudbeat and cloudbeat-test to ECR + id: load-to-ecr + env: + ECR_REGISTRY: ${{ steps.login-ecr.outputs.registry }} + run: | + ./.ci/scripts/ecr-images.sh ${{ env.CONTAINER_SUFFIX }} ${{ env.ECR_REGISTRY}} + shell: bash + + + - name: Move cache + run: | + ./.ci/scripts/gh-cache.sh + shell: bash + + Test_Matrix: + needs: ["Setup", "Build"] + strategy: + fail-fast: false + matrix: + include: + - test-target: eks + range: "" + values_file: tests/deploy/values/ci-eks-config-1.yml + k8s_context: "test-eks-config-1" + label: "EKS functional tests: config 1" + - test-target: eks + range: "" + values_file: tests/deploy/values/ci-eks-config-2.yml + k8s_context: "test-eks-config-2" + label: "EKS functional tests: config 2" + name: ${{ matrix.label }} + runs-on: ubuntu-20.04 + timeout-minutes: 90 + steps: + - name: Check out the repo + uses: actions/checkout@v3 + + # Setup all required tools + - name: Init Hermit + run: ./bin/hermit env -r >> $GITHUB_ENV + + - name: Get kubeconfig and select context + if: success() + run: | + aws eks update-kubeconfig --name ${{ matrix.k8s_context }} --region ${{ env.AWS_REGION }} --alias ${{ matrix.k8s_context }} + echo 'KUBE_CONFIG_DATA=$(cat ~/.kube/config | base64)' >> $GITHUB_ENV + kubectl config use-context ${{ matrix.k8s_context }} + kubectl config set-context --current --namespace=${{ env.KUBE_NAMESPACE }} + + - name: Deploy tests Helm chart + id: deploy_helm + if: success() + run: | + just deploy-tests-helm ${{ matrix.test-target }} ${{ matrix.values_file }} ${{ matrix.range }} + + - name: Execute tests + id: run_tests + if: success() + run: | + just run-tests ${{ matrix.test-target }} ${{ matrix.k8s_context }} + + - name: Copy test results + id: copy_results + if: always() + run: | + NODE=$(kubectl get po test-pod-v1 -o jsonpath='{.spec.nodeName}') + RESULTS_POD=$(kubectl get po -l k8s-app=eks-results --field-selector spec.nodeName=$NODE -o jsonpath='{.items[*].metadata.name}') + kubectl cp $RESULTS_POD:/reports ${{ env.REPORTS_DIR }} + kubectl exec $RESULTS_POD -- sh -c 'rm -rf /reports/*' + + - name: Upload Test Results + if: always() + uses: actions/upload-artifact@v3 + with: + name: allure_results-${{ matrix.test-target}} + path: ${{ env.REPORTS_DIR }} + + - name: Purge tests environment + id: purge_helm + if: always() + run: | + just purge-tests + + publish_results: + name: Publish Results + needs: Test_Matrix + if: always() + runs-on: ubuntu-20.04 + steps: + - name: Download Artifacts + uses: actions/download-artifact@v3 + with: + path: artifacts + + - name: Extract Artifacts + run: | + mkdir -p tests/allure/results + find artifacts/ -type f -print0 | xargs -0 mv -t tests/allure/results + + - name: Publish allure report + if: always() + uses: andrcuns/allure-publish-action@v2.2.3 + env: + GITHUB_AUTH_TOKEN: ${{ secrets.GITHUB_TOKEN }} + AWS_REGION: eu-west-1 + with: + storageType: s3 + resultsGlob: "tests/allure/results" + updatePr: actions + collapseSummary: false + summary: suites + summaryTableType: markdown + copyLatest: true + bucket: csp-allure-reports + prefix: allure_reports/cloudbeat/${{ github.ref_name }} + ignoreMissingResults: true diff --git a/.github/workflows/packaging.yml b/.github/workflows/packaging.yml new file mode 100644 index 0000000000..db01539108 --- /dev/null +++ b/.github/workflows/packaging.yml @@ -0,0 +1,50 @@ +name: Packaging + +on: + pull_request: + branches: + - main + - '[0-9]+.[0-9]+' + types: [opened, synchronize, reopened] + +env: + DEV: true + SNAPSHOT: true + PLATFORMS: linux/amd64 + GOPATH: /home/runner/go + +concurrency: + group: ${{ github.workflow }}-${{ github.head_ref || github.run_id }} + cancel-in-progress: true + +jobs: + package_beat: + name: Package Cloudbeat + runs-on: ubuntu-20.04 + timeout-minutes: 15 + strategy: + fail-fast: false + matrix: + types: [ tar.gz, docker ] + steps: + - name: Check out the repo + uses: actions/checkout@v3 + + - name: Init Hermit + run: ./bin/hermit env -r >> $GITHUB_ENV + + - name: cache go dependencies + uses: actions/cache@v3 + with: + path: | + ~/go/pkg/mod + ~/.cache/go-build + key: ${{ runner.os }}-go-${{ matrix.go-version }}-${{ hashFiles('**/go.sum') }} + restore-keys: | + ${{ runner.os }}-go-${{ matrix.go-version }}- + + - name: Packaging + run: | + mage -v package + env: + TYPES: ${{ matrix.types }} diff --git a/.github/workflows/publish-test-results.yml b/.github/workflows/publish-test-results.yml new file mode 100644 index 0000000000..589014e7f4 --- /dev/null +++ b/.github/workflows/publish-test-results.yml @@ -0,0 +1,86 @@ +name: Publish-Test-Results + +on: + workflow_run: + workflows: ["Cloudbeat-CI"] + types: + - completed + +jobs: + publish_results: + timeout-minutes: 15 + name: Publish Results + runs-on: ubuntu-20.04 + if: github.event.workflow_run.conclusion != 'skipped' + env: + AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }} + AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }} + permissions: + checks: write + # needed unless run with comment_mode: off + pull-requests: write + # required by download step to access artifacts API + actions: read + steps: + + - name: Download and Extract Artifacts + env: + GH_TOKEN: ${{ secrets.GITHUB_TOKEN }} + run: | + mkdir -p tests/allure/results + mkdir -p artifacts && cd artifacts + + artifacts_url=${{ github.event.workflow_run.artifacts_url }} + + gh api "$artifacts_url" -q '.artifacts[] | [.name, .archive_download_url] | @tsv' | while read artifact + do + IFS=$'\t' read name url <<< "$artifact" + gh api $url > "$name.zip" + unzip -o "$name.zip" -d "../tests/allure/results" + done + + - name: Get pr info + id: pr_info + env: + GH_TOKEN: ${{ secrets.GITHUB_TOKEN }} + run: | + PR_NUM=$(gh api -X GET search/issues -f q='elastic/cloudbeat is:open is:pr is:unmerged ${{ github.event.workflow_run.head_sha }}' | jq '.items[0].number' ) + echo "PR_NUMBER=$PR_NUM" >> $GITHUB_ENV + + - name: Publish allure report + if: always() + uses: andrcuns/allure-publish-action@v2.2.3 + env: + GITHUB_AUTH_TOKEN: ${{ secrets.GITHUB_TOKEN }} + AWS_REGION: eu-west-1 + with: + storageType: s3 + resultsGlob: "tests/allure/results" + updatePr: actions + collapseSummary: false + summary: suites + summaryTableType: markdown + copyLatest: true + bucket: csp-allure-reports + prefix: allure_reports/cloudbeat/prs/${{ env.PR_NUMBER }} + ignoreMissingResults: true + + - name: Output to Job Summary + if: ${{ github.event.workflow_run.event == 'pull_request' }} + env: + GH_TOKEN: ${{ secrets.GITHUB_TOKEN }} + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} + run: | + echo "### Run Summary :rocket:" >> $GITHUB_STEP_SUMMARY + echo "Allure Report: http://csp-allure-reports.s3.amazonaws.com/allure_reports/cloudbeat/prs/${{ env.PR_NUMBER }}/index.html" >> $GITHUB_STEP_SUMMARY + + - name: Comment test success result + uses: marocchino/sticky-pull-request-comment@v2 + if: ${{ github.event.workflow_run.event == 'pull_request' }} + with: + header: Test Results + number: ${{ env.PR_NUMBER }} + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} + message: | + ## Cloudbeat CI :robot: + Allure Report: http://csp-allure-reports.s3.amazonaws.com/allure_reports/cloudbeat/prs/${{ env.PR_NUMBER }}/index.html diff --git a/.github/workflows/unit-test.yml b/.github/workflows/unit-test.yml new file mode 100644 index 0000000000..b695c537c5 --- /dev/null +++ b/.github/workflows/unit-test.yml @@ -0,0 +1,140 @@ +name: UnitTests + +on: + pull_request: + branches: + - main + - '[0-9]+.[0-9]+' + types: [opened, synchronize, reopened] + push: + branches: + - main + +env: + K8S_MANIFEST_DIR: deploy + + +concurrency: + group: ${{ github.workflow }}-${{ github.head_ref || github.run_id }} + cancel-in-progress: true + +jobs: + unit_tests: + name: Unit Tests + runs-on: ubuntu-20.04 + timeout-minutes: 15 + steps: + - name: Check out the repo + uses: actions/checkout@v3 + + - name: Init Hermit + run: ./bin/hermit env -r >> $GITHUB_ENV + + - name: Mage Check + run: mage check + + - name: Mage checkLicenseHeaders + run: mage checkLicenseHeaders + + - name: Mage build bundle before unit tests + uses: magefile/mage-action@v2 + with: + args: buildOpaBundle + + - name: Copy bundle to required dirs + run: | + cp bundle.tar.gz evaluator/ + + - name: Validate mocks + run: just validate-mocks + + - name: Unit-Test Cloudbeat + run: | + GOOS=linux go test -v -coverpkg=./... -coverprofile=cover.out.tmp ./... + cat cover.out.tmp | grep -v "mock_.*.go" > cover.out # remove mock files from coverage report + + - name: Upload coverage artifact + uses: actions/upload-artifact@v3 + with: + name: coverage-file + path: cover.out + + coverage: + name: Coverage report + needs: unit_tests + runs-on: ubuntu-20.04 + timeout-minutes: 10 + steps: + - name: Check out the repo + uses: actions/checkout@v3 + + - name: Init Hermit + run: ./bin/hermit env -r >> $GITHUB_ENV + + - name: Install goveralls + run: go install github.com/mattn/goveralls@latest + + - name: Download coverage artifact + uses: actions/download-artifact@v3 + with: + name: coverage-file + + - name: Send coverage + env: + COVERALLS_TOKEN: ${{ secrets.GITHUB_TOKEN }} + run: goveralls -coverprofile=cover.out -service=github + + manifest_tests: + name: Manifest Tests + runs-on: ubuntu-20.04 + timeout-minutes: 15 + steps: + - name: Check out the repo + uses: actions/checkout@v3 + + - name: Get diff k8s manifests + uses: technote-space/get-diff-action@v6 + with: + PATTERNS: ${{ env.K8S_MANIFEST_DIR }}/** + + - name: Run K8s manifest tests + if: env.GIT_DIFF + uses: stefanprodan/kube-tools@v1 + with: + kubectl: 1.18.4 + kubeval: v0.16.1 + command: | + kubeval --strict -d ${{ env.K8S_MANIFEST_DIR }} --ignore-missing-schemas --ignored-filename-patterns kustomization,kind,patch,cloudbeat,cloudformation --skip-kinds ClusterConfig + + golangci: + name: golangci-lint + runs-on: ubuntu-20.04 + timeout-minutes: 15 + steps: + - name: Check out the repo + uses: actions/checkout@v3 + - uses: actions/setup-go@v3 + with: + go-version-file: .go-version + - name: Check out the repo + uses: actions/checkout@v3 + with: + token: ${{ secrets.GITHUB_TOKEN }} + repository: ${{ (github.event.pull_request_target || github.event.pull_request).head.repo.full_name }} + ref: ${{ (github.event.pull_request_target || github.event.pull_request).head.sha }} + + - name: Go linter + uses: golangci/golangci-lint-action@v3 + with: + version: latest + args: --timeout=10m --whole-files + + dependency-review: + runs-on: ubuntu-20.04 + if: ${{ github.event_name == 'pull_request' }} + steps: + - name: Checkout Repository + uses: actions/checkout@v3 + + - name: Dependency Review + uses: actions/dependency-review-action@v3 diff --git a/.github/workflows/weekly-enviroment.yml b/.github/workflows/weekly-enviroment.yml index 0154381502..1aa8f225a0 100644 --- a/.github/workflows/weekly-enviroment.yml +++ b/.github/workflows/weekly-enviroment.yml @@ -89,16 +89,7 @@ jobs: working-directory: ${{ env.SCRIPTS_DIR }} run: | cat manifest.yaml - # - # - name: Replace the agent image - # id: replace_agent_image - # working-directory: ${{ env.SCRIPTS_DIR }} - # run: | - # cp manifest.yaml manifest-2.yaml - # sed -i '' "s/^\( *image: *\).*/\1ofir_image/" manifest-2.yaml - # cat manifest-2.yaml - # diff manifest.yaml manifest-2.yaml - # + - name: Deploy agent on EC2 id: copy_manifest_file working-directory: ${{ env.SCRIPTS_DIR }} From ed4ea56526b71e8eb6078a0078f581263a102bce Mon Sep 17 00:00:00 2001 From: ofiriro3 Date: Mon, 13 Feb 2023 17:21:55 +0200 Subject: [PATCH 093/105] Update the git ignore --- .gitignore | 1 - 1 file changed, 1 deletion(-) diff --git a/.gitignore b/.gitignore index c8777d1369..ac28157667 100644 --- a/.gitignore +++ b/.gitignore @@ -44,7 +44,6 @@ bundle.tar.gz .terraform .terraform.lock.hcl .tfstate.backup -/terraform.tfstate # .tfstate files *.tfstate From 008f3e37e87c940a3b79caf4481dd4d43fc92287 Mon Sep 17 00:00:00 2001 From: ofiriro3 Date: Mon, 13 Feb 2023 19:54:09 +0200 Subject: [PATCH 094/105] Refined version --- .github/workflows/weekly-enviroment.yml | 8 +- deploy/weekly-environment/main.tf | 7 +- .../install-kspm-vanilla-integration.sh | 20 ++- deploy/weekly-environment/scripts/utils.sh | 125 ++++++++++++------ deploy/weekly-environment/terraform.tf | 5 - 5 files changed, 105 insertions(+), 60 deletions(-) diff --git a/.github/workflows/weekly-enviroment.yml b/.github/workflows/weekly-enviroment.yml index 1aa8f225a0..f9cabb4c6d 100644 --- a/.github/workflows/weekly-enviroment.yml +++ b/.github/workflows/weekly-enviroment.yml @@ -84,14 +84,8 @@ jobs: run: | ./install-kspm-vanilla-integration.sh ${{ env.KIBANA_URL }} ${{ env.ELASTICSEARCH_PASSWORD }} - - name: Show manifest file - id: manifest_file - working-directory: ${{ env.SCRIPTS_DIR }} - run: | - cat manifest.yaml - - name: Deploy agent on EC2 - id: copy_manifest_file + id: deploy_agent_on_ec2 working-directory: ${{ env.SCRIPTS_DIR }} run: | echo -e "${{ secrets.EC2_SECRET }}" > weekly-key.pem diff --git a/deploy/weekly-environment/main.tf b/deploy/weekly-environment/main.tf index 9f1bc94d82..9262b1a142 100644 --- a/deploy/weekly-environment/main.tf +++ b/deploy/weekly-environment/main.tf @@ -2,11 +2,6 @@ provider "ec" { apikey = var.ec_api_key } -resource "random_string" "suffix" { - length = 3 - special = false -} - module "ec_deployment" { source = "github.com/elastic/apm-server/testing/infra/terraform/modules/ec_deployment" @@ -14,7 +9,7 @@ module "ec_deployment" { stack_version = var.stack_version deployment_template = var.deployment_template - deployment_name_prefix = "${var.deployment_name_prefix}-${random_string.suffix.result}" + deployment_name_prefix = "${var.deployment_name_prefix}-${formatdate("MMM DD, YYYY", timestamp())}" integrations_server = true diff --git a/deploy/weekly-environment/scripts/benchmarks/kspm_vanilla/install-kspm-vanilla-integration.sh b/deploy/weekly-environment/scripts/benchmarks/kspm_vanilla/install-kspm-vanilla-integration.sh index 3fefb94fca..1787a68cb4 100755 --- a/deploy/weekly-environment/scripts/benchmarks/kspm_vanilla/install-kspm-vanilla-integration.sh +++ b/deploy/weekly-environment/scripts/benchmarks/kspm_vanilla/install-kspm-vanilla-integration.sh @@ -2,11 +2,18 @@ source ../../utils.sh +# This script is used to install a vanilla integration for the KSPM vanilla benchmark. +# It will create a new agent policy, a new vanilla integration and a new vanilla integration manifest file. +# The script requires two arguments: +# 1. Kibana URL +# 2. Kibana password + KIBANA_URL=$1 KIBANA_PASSWORD=$2 KIBANA_AUTH=elastic:${KIBANA_PASSWORD} -AGENT_POLICY=data/agent_policy_vanilla.json -INTEGRATION_POLICY=data/package_policy_vanilla.json + +readonly AGENT_POLICY=data/agent_policy_vanilla.json +readonly INTEGRATION_POLICY=data/package_policy_vanilla.json # Check if input is empty if [ -z "$KIBANA_URL" ] || [ -z "$KIBANA_PASSWORD" ]; then @@ -16,10 +23,17 @@ fi ## Create a new agent policy And get the agent id create_a_new_agent_policy "$KIBANA_URL" "$KIBANA_AUTH" "$AGENT_POLICY" +if [ -z "$POLICY_ID" ]; then + echo "Agent policy id is empty" + exit 1 +fi # Create a new vanilla integration create_a_new_vanilla_integration "$KIBANA_URL" "$KIBANA_AUTH" "$POLICY_ID" "$INTEGRATION_POLICY" # Create a new agent policy create_new_vanilla_integration_manifest_file "$KIBANA_URL" "$KIBANA_AUTH" "$POLICY_ID" - +if [ -z "$MANIFEST_FILE" ]; then + echo "Manifest file is empty" + exit 1 +fi diff --git a/deploy/weekly-environment/scripts/utils.sh b/deploy/weekly-environment/scripts/utils.sh index 4462f148e2..2d3268556d 100755 --- a/deploy/weekly-environment/scripts/utils.sh +++ b/deploy/weekly-environment/scripts/utils.sh @@ -1,108 +1,155 @@ #!/bin/bash -# creates a new agent policy and set the new POLICY_ID to the policy id +# This utility script contains functions that are used by the benchmark scripts. + +####################################### +# Creates a new agent policy and set the new POLICY_ID as the new integration policy id +# Globals: +# POLICY_ID +# Arguments: +# $1: Kibana URL +# $2: Kibana auth +# $3: Agent policy +# Returns: +# None +####################################### create_a_new_agent_policy() { local kibana_url=$1 local kibana_auth=$2 local agent_policy=$3 # Install Agent policy - installAgentResponse=$(curl -X POST \ + local install_agent_response + install_agent_response="$(curl -X POST \ --url "${kibana_url}/api/fleet/agent_policies?sys_monitoring=true" \ - -u "$kibana_auth" \ + -u "${kibana_auth}" \ -H 'Cache-Control: no-cache' \ -H 'Connection: keep-alive' \ -H 'Content-Type: application/json' \ -H 'kbn-xsrf: true' \ - -d "@$agent_policy") + -d "@${agent_policy}")" - check_status_code_of_curl "$installAgentResponse" + echo "Install agent response: ${install_agent_response}" + check_status_code_of_curl "${install_agent_response}" - POLICY_ID=$(echo "$installAgentResponse" | jq -r '.item.id') - echo "Creating a new agent policy has completed successfully: New policy id: $POLICY_ID" + POLICY_ID=$(echo "${install_agent_response}" | jq -r '.item.id') + echo "Creating a new agent policy has completed successfully: New policy id: ${POLICY_ID}" } -# creates a new vanilla integration and set INTEGRATION_ID to the new integration id +####################################### +# Creates a new vanilla integration on the given policy id +# Arguments: +# $1: Kibana URL +# $2: Kibana auth +# $3: Policy id +# $4: Integration policy +# Returns: +# None +####################################### create_a_new_vanilla_integration() { local kibana_url=$1 local kibana_auth=$2 local policy_id=$3 local integration_policy=$4 - local updated_policy # Updating the new integration policy with the policy id - updated_policy="$(jq --arg policy_id "$policy_id" '.policy_id |= $policy_id' "$integration_policy")" - echo "New integration policy: $updated_policy" + local updated_policy + updated_policy="$(jq --arg policy_id "${policy_id}" '.policy_id |= $policy_id' "${integration_policy}")" + echo "New integration policy: ${updated_policy}" - PACKAGE_POLICY_RESPONSE=$(curl -X POST \ + package_policy_response="$(curl -X POST \ --url "${kibana_url}/api/fleet/package_policies" \ - -u "$kibana_auth" \ + -u "${kibana_auth}" \ -H 'Cache-Control: no-cache' \ -H 'Connection: keep-alive' \ -H 'Content-Type: application/json' \ -H 'kbn-xsrf: true' \ - -d "${updated_policy}") + -d "${updated_policy}")" - check_status_code_of_curl "$PACKAGE_POLICY_RESPONSE" + check_status_code_of_curl "${package_policy_response}" - echo "Creating a new a new vanilla integration with policy id: $policy_id has completed successfully.Integration policy: $updated_policy " + echo "Creating a new a new vanilla integration with policy id: ${policy_id} has completed successfully.Integration policy: ${updated_policy}" } -# creates a new vanilla integration manifest file named manifest.yaml +####################################### +# Creates a new vanilla integration manifest file manifest.yaml +# Globals: +# MANIFEST_FILE +# Arguments: +# $1: Kibana URL +# $2: Kibana auth +# $3: Policy id +# Returns: +# None +####################################### create_new_vanilla_integration_manifest_file() { local kibana_url=$1 local kibana_auth=$2 local policy_id=$3 - ENROLMENT_TOKEN_RESPONSE=$(curl -X GET \ + local enrolment_token_response + enrolment_token_response="$(curl -X GET \ --url "${kibana_url}/api/fleet/enrollment_api_keys" \ - -u "$kibana_auth" \ + -u "${kibana_auth}" \ -H 'Cache-Control: no-cache' \ -H 'Connection: keep-alive' \ -H 'Content-Type: application/json' \ - -H 'kbn-xsrf: true') + -H 'kbn-xsrf: true')" - check_status_code_of_curl "$ENROLMENT_TOKEN_RESPONSE" + check_status_code_of_curl "${enrolment_token_response}" - ENROLMENT_TOKEN=$(echo "$ENROLMENT_TOKEN_RESPONSE" | jq --arg policy "$policy_id" '.list[] | select(.policy_id == $policy)' | jq -r '.api_key') - echo "ENROLMENT_TOKEN: $ENROLMENT_TOKEN" + local enrolment_token + enrolment_token="$(echo "${enrolment_token_response}" | jq --arg policy "${policy_id}" '.list[] | select(.policy_id == $policy)' | jq -r '.api_key')" + echo "enrolment_token: ${enrolment_token}" - FLEET_DATA_RESPONSE=$(curl -X GET \ + local fleet_data_response + fleet_data_response="$(curl -X GET \ --url "${kibana_url}/api/fleet/settings" \ - -u "$kibana_auth" \ + -u "${kibana_auth}" \ -H 'Cache-Control: no-cache' \ -H 'Connection: keep-alive' \ -H 'Content-Type: application/json' \ - -H 'kbn-xsrf: true') + -H 'kbn-xsrf: true')" + + check_status_code_of_curl "${fleet_data_response}" - check_status_code_of_curl "$FLEET_DATA_RESPONSE" - FLEET_SERVER_HOST=$(echo "$FLEET_DATA_RESPONSE" | jq -r '.item.fleet_server_hosts[0]') - echo "FLEET_SERVER_HOST: $FLEET_SERVER_HOST" + local fleet_server_host + fleet_server_host="$(echo "${fleet_data_response}" | jq -r '.item.fleet_server_hosts[0]')" + echo "fleet_server_host: ${fleet_server_host}" # Create the manifest file - MANIFEST_CREATION_RESPONSE=$(curl -X GET \ - --url "${kibana_url}/api/fleet/kubernetes?fleetServer=${FLEET_SERVER_HOST}&enrolToken=${ENROLMENT_TOKEN}" \ - -u "$kibana_auth" \ + local manifest_creation_response + manifest_creation_response="$(curl -X GET \ + --url "${kibana_url}/api/fleet/kubernetes?fleetServer=${fleet_server_host}&enrolToken=${enrolment_token}" \ + -u "${kibana_auth}" \ -H 'Cache-Control: no-cache' \ -H 'Connection: keep-alive' \ -H 'Content-Type: application/json' \ - -H 'kbn-xsrf: true') + -H 'kbn-xsrf: true')" - check_status_code_of_curl "$MANIFEST_CREATION_RESPONSE" + check_status_code_of_curl "${manifest_creation_response}" # write the manifest file to the file system # get the item field from the response - MANIFEST_FILE=$(echo "$MANIFEST_CREATION_RESPONSE" | jq -r '.item') + MANIFEST_FILE=$(echo "$manifest_creation_response" | jq -r '.item') echo "$MANIFEST_FILE" > manifest.yaml } +####################################### +# Checks the status code of the curl response and exits if the status code is not 200 +# Globals: +# Arguments: +# $1: Curl response +# Returns: +# None +####################################### check_status_code_of_curl() { - local CURL_RESPONSE=$1 - error_code=$(echo "$CURL_RESPONSE" | jq -r '.statusCode') + local curl_response=$1 + error_code=$(echo "$curl_response" | jq -r '.statusCode') if [ "$error_code" != "null" ] && [ "$error_code" != "200" ]; then echo "Error code: $error_code" - echo "Error message: $(echo "$CURL_RESPONSE" | jq -r '.message')" - echo "Error full response: $CURL_RESPONSE" + echo "Error message: $(echo "$curl_response" | jq -r '.message')" + echo "Error full response: $curl_response" exit 1 fi } diff --git a/deploy/weekly-environment/terraform.tf b/deploy/weekly-environment/terraform.tf index 913bb398f5..94ff40d981 100644 --- a/deploy/weekly-environment/terraform.tf +++ b/deploy/weekly-environment/terraform.tf @@ -1,10 +1,5 @@ terraform { required_providers { - random = { - source = "hashicorp/random" - version = "~> 3.1.0" - } - ec = { source = "elastic/ec" version = ">=0.5.0" From 74c9a40699194de08a6cadec06b49c81d4377e88 Mon Sep 17 00:00:00 2001 From: ofiriro3 Date: Tue, 14 Feb 2023 15:43:20 +0200 Subject: [PATCH 095/105] Edit environment variables --- .github/workflows/weekly-enviroment.yml | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/.github/workflows/weekly-enviroment.yml b/.github/workflows/weekly-enviroment.yml index f9cabb4c6d..3b7b392eb5 100644 --- a/.github/workflows/weekly-enviroment.yml +++ b/.github/workflows/weekly-enviroment.yml @@ -23,7 +23,7 @@ on: env: WORKING_DIR: deploy/weekly-environment SCRIPTS_DIR: deploy/weekly-environment/scripts/benchmarks/kspm_vanilla - TF_VAR_ec_api_key: ${{ secrets.TF_VAR_EC_API_KEY }} + TF_VAR_ec_api_key: ${{ secrets.WEEKLY_ENVIRONMENT_KIBANA_API_KEY }} TF_VAR_environment: ${{ github.event.inputs.logLevel }} TF_LOG: ${{ github.event.inputs.logLevel }} TF_VAR: 8.6.1 @@ -88,12 +88,12 @@ jobs: id: deploy_agent_on_ec2 working-directory: ${{ env.SCRIPTS_DIR }} run: | - echo -e "${{ secrets.EC2_SECRET }}" > weekly-key.pem + echo -e "${{ secrets.WEEKLY_ENVIRONMENT_EC2_SECRET }}" > weekly-key.pem chmod 600 weekly-key.pem # Copy the manifest file to the EC2 instance - scp -o StrictHostKeyChecking=no -v -i weekly-key.pem manifest.yaml "ubuntu@${{ secrets.EC2_PUBLIC_IP }}:~/." + scp -o StrictHostKeyChecking=no -v -i weekly-key.pem manifest.yaml "ubuntu@${{ secrets.WEEKLY_ENVIRONMENT_EC2_PUBLIC_IP }}:~/." # Apply the manifest file - ssh -o StrictHostKeyChecking=no -v -i weekly-key.pem "ubuntu@${{ secrets.EC2_PUBLIC_IP }}" "kubectl apply -f manifest.yaml" + ssh -o StrictHostKeyChecking=no -v -i weekly-key.pem "ubuntu@${{ secrets.WEEKLY_ENVIRONMENT_EC2_PUBLIC_IP }}" "kubectl apply -f manifest.yaml" # Once https://github.com/slackapi/slack-github-action/issues/84 will be resolved we can push the payload to a different file - name: Send custom JSON data to Slack workflow From 592bfd12160adc2e327d684ef5d2a8af384c8bd8 Mon Sep 17 00:00:00 2001 From: ofiriro3 Date: Tue, 14 Feb 2023 16:00:39 +0200 Subject: [PATCH 096/105] removing flow --- .github/workflows/weekly-enviroment.yml | 89 ------------------------- 1 file changed, 89 deletions(-) diff --git a/.github/workflows/weekly-enviroment.yml b/.github/workflows/weekly-enviroment.yml index 3b7b392eb5..4d4eb7b56a 100644 --- a/.github/workflows/weekly-enviroment.yml +++ b/.github/workflows/weekly-enviroment.yml @@ -50,92 +50,3 @@ jobs: run: terraform fmt -check continue-on-error: true - - name: Terraform Init - id: init - run: terraform init -no-color - - - name: Terraform Validate - id: validate - run: terraform validate -no-color - - - name: Deploy Elastic Cloud - id: apply - run: terraform apply --auto-approve - - - name: Set terraform output as env variable - id: kibana_url - run: | - echo "KIBANA_URL=$(terraform output kibana_url)" >> $GITHUB_ENV - - - name: Set sensitive terraform output as env variable - id: set_sensitive_output - run: | - export ELASTICSEARCH_USERNAME=$(terraform output elasticsearch_username) - echo "::add-mask::$ELASTICSEARCH_USERNAME" - echo "ELASTICSEARCH_USERNAME=$ELASTICSEARCH_USERNAME" >> $GITHUB_ENV - - export ELASTICSEARCH_PASSWORD=$(terraform output elasticsearch_password) - echo "::add-mask::$ELASTICSEARCH_PASSWORD" - echo "ELASTICSEARCH_PASSWORD=$ELASTICSEARCH_PASSWORD" >> $GITHUB_ENV - - - name: Install KSPM vanilla integration - id: install_vanilla_integration - working-directory: ${{ env.SCRIPTS_DIR }} - run: | - ./install-kspm-vanilla-integration.sh ${{ env.KIBANA_URL }} ${{ env.ELASTICSEARCH_PASSWORD }} - - - name: Deploy agent on EC2 - id: deploy_agent_on_ec2 - working-directory: ${{ env.SCRIPTS_DIR }} - run: | - echo -e "${{ secrets.WEEKLY_ENVIRONMENT_EC2_SECRET }}" > weekly-key.pem - chmod 600 weekly-key.pem - # Copy the manifest file to the EC2 instance - scp -o StrictHostKeyChecking=no -v -i weekly-key.pem manifest.yaml "ubuntu@${{ secrets.WEEKLY_ENVIRONMENT_EC2_PUBLIC_IP }}:~/." - # Apply the manifest file - ssh -o StrictHostKeyChecking=no -v -i weekly-key.pem "ubuntu@${{ secrets.WEEKLY_ENVIRONMENT_EC2_PUBLIC_IP }}" "kubectl apply -f manifest.yaml" - - # Once https://github.com/slackapi/slack-github-action/issues/84 will be resolved we can push the payload to a different file - - name: Send custom JSON data to Slack workflow - id: slack - uses: slackapi/slack-github-action@v1.23.0 - with: - payload: | - { - "text": "A new deployment job has been triggered", - "attachments": [ - { - "color": "#36a64f", - "fields": [ - { - "title": "Environment", - "value": "${{ github.event.inputs.environment }}", - "short": true - }, - { - "title": "Log level", - "value": "${{ github.event.inputs.logLevel }}", - "short": true - }, - { - "title": "Kibana URL", - "value": ${{ env.KIBANA_URL }}, - "short": false - }, - { - "title": "ElasticSearch username", - "value": ${{ env.ELASTICSEARCH_USERNAME }}, - "short": false - }, - { - "title": "ElasticSearch password", - "value": ${{ env.ELASTICSEARCH_PASSWORD }}, - "short": false - } - ] - } - ] - } - env: - SLACK_WEBHOOK_URL: ${{ secrets.SLACK_WEBHOOK_URL }} - SLACK_WEBHOOK_TYPE: INCOMING_WEBHOOK From 819615deba2d6f6ffd4876885a75ef793ad35d34 Mon Sep 17 00:00:00 2001 From: ofiriro3 Date: Tue, 14 Feb 2023 16:01:40 +0200 Subject: [PATCH 097/105] reverting changes --- .github/workflows/weekly-enviroment.yml | 89 +++++++++++++++++++++++++ 1 file changed, 89 insertions(+) diff --git a/.github/workflows/weekly-enviroment.yml b/.github/workflows/weekly-enviroment.yml index 4d4eb7b56a..3b7b392eb5 100644 --- a/.github/workflows/weekly-enviroment.yml +++ b/.github/workflows/weekly-enviroment.yml @@ -50,3 +50,92 @@ jobs: run: terraform fmt -check continue-on-error: true + - name: Terraform Init + id: init + run: terraform init -no-color + + - name: Terraform Validate + id: validate + run: terraform validate -no-color + + - name: Deploy Elastic Cloud + id: apply + run: terraform apply --auto-approve + + - name: Set terraform output as env variable + id: kibana_url + run: | + echo "KIBANA_URL=$(terraform output kibana_url)" >> $GITHUB_ENV + + - name: Set sensitive terraform output as env variable + id: set_sensitive_output + run: | + export ELASTICSEARCH_USERNAME=$(terraform output elasticsearch_username) + echo "::add-mask::$ELASTICSEARCH_USERNAME" + echo "ELASTICSEARCH_USERNAME=$ELASTICSEARCH_USERNAME" >> $GITHUB_ENV + + export ELASTICSEARCH_PASSWORD=$(terraform output elasticsearch_password) + echo "::add-mask::$ELASTICSEARCH_PASSWORD" + echo "ELASTICSEARCH_PASSWORD=$ELASTICSEARCH_PASSWORD" >> $GITHUB_ENV + + - name: Install KSPM vanilla integration + id: install_vanilla_integration + working-directory: ${{ env.SCRIPTS_DIR }} + run: | + ./install-kspm-vanilla-integration.sh ${{ env.KIBANA_URL }} ${{ env.ELASTICSEARCH_PASSWORD }} + + - name: Deploy agent on EC2 + id: deploy_agent_on_ec2 + working-directory: ${{ env.SCRIPTS_DIR }} + run: | + echo -e "${{ secrets.WEEKLY_ENVIRONMENT_EC2_SECRET }}" > weekly-key.pem + chmod 600 weekly-key.pem + # Copy the manifest file to the EC2 instance + scp -o StrictHostKeyChecking=no -v -i weekly-key.pem manifest.yaml "ubuntu@${{ secrets.WEEKLY_ENVIRONMENT_EC2_PUBLIC_IP }}:~/." + # Apply the manifest file + ssh -o StrictHostKeyChecking=no -v -i weekly-key.pem "ubuntu@${{ secrets.WEEKLY_ENVIRONMENT_EC2_PUBLIC_IP }}" "kubectl apply -f manifest.yaml" + + # Once https://github.com/slackapi/slack-github-action/issues/84 will be resolved we can push the payload to a different file + - name: Send custom JSON data to Slack workflow + id: slack + uses: slackapi/slack-github-action@v1.23.0 + with: + payload: | + { + "text": "A new deployment job has been triggered", + "attachments": [ + { + "color": "#36a64f", + "fields": [ + { + "title": "Environment", + "value": "${{ github.event.inputs.environment }}", + "short": true + }, + { + "title": "Log level", + "value": "${{ github.event.inputs.logLevel }}", + "short": true + }, + { + "title": "Kibana URL", + "value": ${{ env.KIBANA_URL }}, + "short": false + }, + { + "title": "ElasticSearch username", + "value": ${{ env.ELASTICSEARCH_USERNAME }}, + "short": false + }, + { + "title": "ElasticSearch password", + "value": ${{ env.ELASTICSEARCH_PASSWORD }}, + "short": false + } + ] + } + ] + } + env: + SLACK_WEBHOOK_URL: ${{ secrets.SLACK_WEBHOOK_URL }} + SLACK_WEBHOOK_TYPE: INCOMING_WEBHOOK From b727e5d4478c8c0c43c211e65e455b279f76212c Mon Sep 17 00:00:00 2001 From: ofiriro3 Date: Wed, 15 Feb 2023 11:22:02 +0200 Subject: [PATCH 098/105] Update weekly-enviroment.yml EC parameter name --- .github/workflows/weekly-enviroment.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/weekly-enviroment.yml b/.github/workflows/weekly-enviroment.yml index 3b7b392eb5..a83ce934e2 100644 --- a/.github/workflows/weekly-enviroment.yml +++ b/.github/workflows/weekly-enviroment.yml @@ -23,7 +23,7 @@ on: env: WORKING_DIR: deploy/weekly-environment SCRIPTS_DIR: deploy/weekly-environment/scripts/benchmarks/kspm_vanilla - TF_VAR_ec_api_key: ${{ secrets.WEEKLY_ENVIRONMENT_KIBANA_API_KEY }} + TF_VAR_ec_api_key: ${{ secrets.WEEKLY_ENVIRONMENT_EC_API_KEY }} TF_VAR_environment: ${{ github.event.inputs.logLevel }} TF_LOG: ${{ github.event.inputs.logLevel }} TF_VAR: 8.6.1 From 65a8a33e4c12af79bb387db4a7fbb14e651e5279 Mon Sep 17 00:00:00 2001 From: ofiriro3 Date: Wed, 15 Feb 2023 12:06:22 +0200 Subject: [PATCH 099/105] Update weekly-enviroment.yml EC2 Private key parameter name --- .github/workflows/weekly-enviroment.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/weekly-enviroment.yml b/.github/workflows/weekly-enviroment.yml index a83ce934e2..0a1feeef9e 100644 --- a/.github/workflows/weekly-enviroment.yml +++ b/.github/workflows/weekly-enviroment.yml @@ -88,7 +88,7 @@ jobs: id: deploy_agent_on_ec2 working-directory: ${{ env.SCRIPTS_DIR }} run: | - echo -e "${{ secrets.WEEKLY_ENVIRONMENT_EC2_SECRET }}" > weekly-key.pem + echo -e "${{ secrets.WEEKLY_ENVIRONMENT_EC2_PRIVATE_KEY }}" > weekly-key.pem chmod 600 weekly-key.pem # Copy the manifest file to the EC2 instance scp -o StrictHostKeyChecking=no -v -i weekly-key.pem manifest.yaml "ubuntu@${{ secrets.WEEKLY_ENVIRONMENT_EC2_PUBLIC_IP }}:~/." From 2c6459504495d6f7481ed347391d008dc9d7bf8d Mon Sep 17 00:00:00 2001 From: ofiriro3 Date: Mon, 20 Feb 2023 12:28:18 +0200 Subject: [PATCH 100/105] apply review comments --- .github/workflows/weekly-enviroment.yml | 17 ++--------------- 1 file changed, 2 insertions(+), 15 deletions(-) diff --git a/.github/workflows/weekly-enviroment.yml b/.github/workflows/weekly-enviroment.yml index 0a1feeef9e..4e4c46b881 100644 --- a/.github/workflows/weekly-enviroment.yml +++ b/.github/workflows/weekly-enviroment.yml @@ -26,11 +26,11 @@ env: TF_VAR_ec_api_key: ${{ secrets.WEEKLY_ENVIRONMENT_EC_API_KEY }} TF_VAR_environment: ${{ github.event.inputs.logLevel }} TF_LOG: ${{ github.event.inputs.logLevel }} - TF_VAR: 8.6.1 + TF_VAR_stack_version: 8.6.1 jobs: terraform: - name: Deploy KSPM/CSPM cloud environment + name: Deploy KSPM cloud environment runs-on: ubuntu-latest defaults: run: @@ -45,30 +45,20 @@ jobs: terraform_version: 1.3.5 terraform_wrapper: false - - name: Terraform fmt - id: fmt - run: terraform fmt -check - continue-on-error: true - - name: Terraform Init - id: init run: terraform init -no-color - name: Terraform Validate - id: validate run: terraform validate -no-color - name: Deploy Elastic Cloud - id: apply run: terraform apply --auto-approve - name: Set terraform output as env variable - id: kibana_url run: | echo "KIBANA_URL=$(terraform output kibana_url)" >> $GITHUB_ENV - name: Set sensitive terraform output as env variable - id: set_sensitive_output run: | export ELASTICSEARCH_USERNAME=$(terraform output elasticsearch_username) echo "::add-mask::$ELASTICSEARCH_USERNAME" @@ -79,13 +69,11 @@ jobs: echo "ELASTICSEARCH_PASSWORD=$ELASTICSEARCH_PASSWORD" >> $GITHUB_ENV - name: Install KSPM vanilla integration - id: install_vanilla_integration working-directory: ${{ env.SCRIPTS_DIR }} run: | ./install-kspm-vanilla-integration.sh ${{ env.KIBANA_URL }} ${{ env.ELASTICSEARCH_PASSWORD }} - name: Deploy agent on EC2 - id: deploy_agent_on_ec2 working-directory: ${{ env.SCRIPTS_DIR }} run: | echo -e "${{ secrets.WEEKLY_ENVIRONMENT_EC2_PRIVATE_KEY }}" > weekly-key.pem @@ -97,7 +85,6 @@ jobs: # Once https://github.com/slackapi/slack-github-action/issues/84 will be resolved we can push the payload to a different file - name: Send custom JSON data to Slack workflow - id: slack uses: slackapi/slack-github-action@v1.23.0 with: payload: | From e726da81967ca87a6c79ddfa1b60a39a11f1a4df Mon Sep 17 00:00:00 2001 From: ofiriro3 Date: Tue, 21 Feb 2023 09:29:32 +0200 Subject: [PATCH 101/105] Trying to use Hermit without Terraform setup step --- .github/workflows/weekly-enviroment.yml | 13 ++++++++----- 1 file changed, 8 insertions(+), 5 deletions(-) diff --git a/.github/workflows/weekly-enviroment.yml b/.github/workflows/weekly-enviroment.yml index 4e4c46b881..022da6bbe3 100644 --- a/.github/workflows/weekly-enviroment.yml +++ b/.github/workflows/weekly-enviroment.yml @@ -39,11 +39,14 @@ jobs: - name: Check out the repo uses: actions/checkout@v2 - - name: Setup Terraform - uses: hashicorp/setup-terraform@v2 - with: - terraform_version: 1.3.5 - terraform_wrapper: false + - name: Init Hermit + run: ./bin/hermit env -r >> $GITHUB_ENV + +# - name: Setup Terraform +# uses: hashicorp/setup-terraform@v2 +# with: +# terraform_version: 1.3.5 +# terraform_wrapper: false - name: Terraform Init run: terraform init -no-color From 76941676ddd3cdfb9a0029efaa928a2797c184ba Mon Sep 17 00:00:00 2001 From: ofiriro3 Date: Tue, 21 Feb 2023 09:48:05 +0200 Subject: [PATCH 102/105] Updating hermit path --- .github/workflows/weekly-enviroment.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/.github/workflows/weekly-enviroment.yml b/.github/workflows/weekly-enviroment.yml index 022da6bbe3..0f7f5bbc23 100644 --- a/.github/workflows/weekly-enviroment.yml +++ b/.github/workflows/weekly-enviroment.yml @@ -41,6 +41,7 @@ jobs: - name: Init Hermit run: ./bin/hermit env -r >> $GITHUB_ENV + working-directory: ./ # - name: Setup Terraform # uses: hashicorp/setup-terraform@v2 From 2f337e75625c276fd5d2377610bec62fd6c1d3f9 Mon Sep 17 00:00:00 2001 From: ofiriro3 Date: Tue, 21 Feb 2023 10:06:41 +0200 Subject: [PATCH 103/105] using Hermit --- .github/workflows/weekly-enviroment.yml | 6 ------ 1 file changed, 6 deletions(-) diff --git a/.github/workflows/weekly-enviroment.yml b/.github/workflows/weekly-enviroment.yml index 0f7f5bbc23..4c5af30075 100644 --- a/.github/workflows/weekly-enviroment.yml +++ b/.github/workflows/weekly-enviroment.yml @@ -43,12 +43,6 @@ jobs: run: ./bin/hermit env -r >> $GITHUB_ENV working-directory: ./ -# - name: Setup Terraform -# uses: hashicorp/setup-terraform@v2 -# with: -# terraform_version: 1.3.5 -# terraform_wrapper: false - - name: Terraform Init run: terraform init -no-color From b46b90e3338d2a419479001bb5367b1abacb5948 Mon Sep 17 00:00:00 2001 From: ofiriro3 Date: Tue, 21 Feb 2023 13:52:01 +0200 Subject: [PATCH 104/105] Run terraform format --- deploy/cloud/modules/api/terraform.tf | 4 ++-- .../cloud/modules/provision-apps/aws-ebs-csi-driver.tf | 8 ++++---- deploy/cloud/modules/provision-apps/nginx-ingress.tf | 10 +++++----- deploy/cloud/modules/provision-apps/terraform.tf | 2 +- deploy/cloud/modules/provision-apps/variables.tf | 4 ++-- 5 files changed, 14 insertions(+), 14 deletions(-) diff --git a/deploy/cloud/modules/api/terraform.tf b/deploy/cloud/modules/api/terraform.tf index dec6d6e92a..0d4352222f 100644 --- a/deploy/cloud/modules/api/terraform.tf +++ b/deploy/cloud/modules/api/terraform.tf @@ -1,11 +1,11 @@ terraform { required_providers { restapi = { - source = "mastercard/restapi" + source = "mastercard/restapi" version = "~> 1.18.0" } http = { - source = "hashicorp/http" + source = "hashicorp/http" version = "~> 3.2.1" } } diff --git a/deploy/cloud/modules/provision-apps/aws-ebs-csi-driver.tf b/deploy/cloud/modules/provision-apps/aws-ebs-csi-driver.tf index d2b0a6431c..c357cf1de3 100644 --- a/deploy/cloud/modules/provision-apps/aws-ebs-csi-driver.tf +++ b/deploy/cloud/modules/provision-apps/aws-ebs-csi-driver.tf @@ -1,12 +1,12 @@ resource "helm_release" "aws_ebs_csi_driver" { - chart = "aws-ebs-csi-driver" - name = "aws-ebs-csi-driver" - namespace = var.namespace + chart = "aws-ebs-csi-driver" + name = "aws-ebs-csi-driver" + namespace = var.namespace repository = "https://kubernetes-sigs.github.io/aws-ebs-csi-driver" set { - name = "controller.serviceAccount.name" + name = "controller.serviceAccount.name" value = "ebs-csi-controller-sa" } diff --git a/deploy/cloud/modules/provision-apps/nginx-ingress.tf b/deploy/cloud/modules/provision-apps/nginx-ingress.tf index 7e7571d748..d9ed770093 100644 --- a/deploy/cloud/modules/provision-apps/nginx-ingress.tf +++ b/deploy/cloud/modules/provision-apps/nginx-ingress.tf @@ -1,10 +1,10 @@ resource "helm_release" "nginx_ingress" { - chart = "nginx-ingress-controller" - name = "nginx-ingress-controller" + chart = "nginx-ingress-controller" + name = "nginx-ingress-controller" repository = "https://charts.bitnami.com/bitnami" - timeout = 600 - namespace = var.namespace + timeout = 600 + namespace = var.namespace set { name = "service.type" @@ -12,7 +12,7 @@ resource "helm_release" "nginx_ingress" { } set { - name = "replicaCount" + name = "replicaCount" value = var.replica_count } } diff --git a/deploy/cloud/modules/provision-apps/terraform.tf b/deploy/cloud/modules/provision-apps/terraform.tf index d436ae8bb5..995559fe6f 100644 --- a/deploy/cloud/modules/provision-apps/terraform.tf +++ b/deploy/cloud/modules/provision-apps/terraform.tf @@ -1,7 +1,7 @@ terraform { required_providers { helm = { - source = "hashicorp/helm" + source = "hashicorp/helm" version = ">=2.8.0" } diff --git a/deploy/cloud/modules/provision-apps/variables.tf b/deploy/cloud/modules/provision-apps/variables.tf index 4a927ff926..09377378a6 100644 --- a/deploy/cloud/modules/provision-apps/variables.tf +++ b/deploy/cloud/modules/provision-apps/variables.tf @@ -1,9 +1,9 @@ variable "namespace" { - type = string + type = string default = "default" } variable "replica_count" { - type = string + type = string default = "2" } From eab79a45fe7b91665724eca0ab6688d1ac700060 Mon Sep 17 00:00:00 2001 From: ofiriro3 Date: Tue, 21 Feb 2023 13:57:17 +0200 Subject: [PATCH 105/105] Adding lint for terraform --- .github/workflows/unit-test.yml | 14 ++++++++++++++ 1 file changed, 14 insertions(+) diff --git a/.github/workflows/unit-test.yml b/.github/workflows/unit-test.yml index 765890de55..7a7764c8a2 100644 --- a/.github/workflows/unit-test.yml +++ b/.github/workflows/unit-test.yml @@ -116,6 +116,7 @@ jobs: - uses: actions/setup-go@v3 with: go-version-file: .go-version + - name: Check out the repo uses: actions/checkout@v3 with: @@ -153,3 +154,16 @@ jobs: run: | cfn-lint --version cfn-lint -I -t ./deploy/cloudformation/elastic-agent-ec2.yml + + terraform-linter: + name: terraform-lint + runs-on: ubuntu-20.04 + steps: + - name: Checkout Repository + uses: actions/checkout@v3 + + - name: Init Hermit + run: ./bin/hermit env -r >> $GITHUB_ENV + + - name: Terraform fmt + run: terraform fmt -check -recursive