Merge pull request #29 from SumoLogic/sumo_242226

Updated latest SAM app version with TF integration module
SumoLogic · Jun 19, 2024 · 2ccc399 · 2ccc399
2 parents 5e877d9 + 3ec7687
commit 2ccc399
Show file tree

Hide file tree

Showing 28 changed files with 1,047 additions and 583 deletions.
diff --git a/.github/workflows/validate-terraform.yml b/.github/workflows/validate-terraform.yml
@@ -0,0 +1,54 @@
+name: "TF template tests"
+on: [workflow_dispatch, pull_request]
+
+jobs:
+  ValidateTF:
+    runs-on: ubuntu-latest
+    name: "Validation (format & syntax)"
+    defaults:
+      run:
+        working-directory: ./
+    steps:
+    - uses: actions/checkout@v4
+      name: Checkout source code
+
+    - uses: hashicorp/setup-terraform@v3
+      name: Setup Terraform
+
+    - name: Initialize and Validate Terraform Modules
+      run: |
+        # Find all directories inside the 'aws' directory that contain Terraform files
+        dirs=$(find . -type f -name "versions.tf" -not -path "*example*" -exec dirname {} \; | sort -u)
+        for dir in $dirs; do
+          echo "Running terraform init and validate in directory: $dir"
+          cd $dir
+          terraform init -input=false
+          terraform validate
+          cd - # Go back to the root directory
+        done
+
+  CHECKOV-SCAN:
+    runs-on: ubuntu-latest
+    name: "Security Scan"
+    defaults:
+      run:
+        working-directory: ./
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@v2
+
+      - name: Set up Python
+        uses: actions/setup-python@v2
+        with:
+          python-version: '3.x'
+
+      - name: Install Checkov
+        run: pip install checkov
+
+      - name: Find and run Checkov on Terraform modules
+        run: |
+          dirs=$(find . -type f -name "versions.tf" -not -path "*example*" -exec dirname {} \; | sort -u)
+          for dir in $dirs; do
+            echo "Running Checkov in directory: $dir"
+            checkov --directory $dir --quiet --framework terraform --output cli --download-external-modules true --skip-check CKV2_AWS_10,CKV2_AWS_6,CKV2_AWS_61,CKV2_AWS_62,CKV_AWS_115,CKV_AWS_117,CKV_AWS_144,CKV_AWS_145,CKV_AWS_158,CKV_AWS_173,CKV_AWS_18,CKV_AWS_21,CKV_AWS_240,CKV_AWS_241,CKV_AWS_252,CKV_AWS_26,CKV_AWS_27,CKV_AWS_272,CKV_AWS_338,CKV_AWS_35,CKV_AWS_36,CKV_AWS_50,CKV_AWS_67,CKV_GCP_83,CKV_TF_1,CKV_TF_2
+          done
diff --git a/atlassian/webhooks/sumologic_jira_service_desk/inputs.tf b/atlassian/webhooks/sumologic_jira_service_desk/inputs.tf
@@ -1,4 +1,8 @@
 # Jira Service Desk
+variable "create_jira_service_desk_webhook_connection" {
+  type        = string
+  description = "Create Sumo Logic connection for Jira Service Desk Webhook"
+}
 variable "jira_servicedesk_url" {
   type        = string
   description = "Jira Service Desk URL"

diff --git a/atlassian/webhooks/sumologic_jira_service_desk/main.tf b/atlassian/webhooks/sumologic_jira_service_desk/main.tf
@@ -11,7 +11,7 @@ data "template_file" "data_json_stjsd" {
 
 # Create/Delete Sumo Logic to Jira Service Desk Webhook
 resource "sumologic_connection" "jira_service_desk_connection" {
-  count       = "${var.install_sumo_to_jiraservicedesk_webhook}" ? 1 : 0
+  count       = var.create_jira_service_desk_webhook_connection ? 1 : 0
   type        = "WebhookConnection"
   name        = "Jira Service Desk Webhook"
   description = "Created via Sumo Logic module."

diff --git a/aws/cloudwatchlogsforwarder/README.md b/aws/cloudwatchlogsforwarder/README.md
diff --git a/aws/cloudwatchlogsforwarder/data.tf b/aws/cloudwatchlogsforwarder/data.tf
@@ -6,5 +6,5 @@ data "sumologic_caller_identity" "current" {}
 
 data "aws_serverlessapplicationrepository_application" "app" {
   application_id   = "arn:aws:serverlessrepo:us-east-1:956882708938:applications/sumologic-loggroup-connector"
-  semantic_version = "1.0.6"
+  semantic_version = "1.0.11"
 }
diff --git a/aws/cloudwatchlogsforwarder/examples/default/main.tf b/aws/cloudwatchlogsforwarder/examples/default/main.tf
@@ -21,7 +21,7 @@ module "cloudwatch_logs_lambda_log_forwarder_module" {
   }
 
   auto_enable_logs_subscription = "Both"
-  app_semantic_version = "1.0.9"
+  app_semantic_version = "1.0.11"
   auto_enable_logs_subscription_options = {
     filter = "lambda|rds"
   }

diff --git a/aws/cloudwatchlogsforwarder/variables.tf b/aws/cloudwatchlogsforwarder/variables.tf
@@ -78,7 +78,7 @@ variable "source_details" {
 variable "app_semantic_version" {
   type        = string
   description = "Provide the latest version of Serverless Application Repository 'sumologic-loggroup-connector'."
-  default = "1.0.7"
+  default = "1.0.11"
 }
 
 variable "auto_enable_logs_subscription" {

diff --git a/aws/elasticloadbalancing/README.md b/aws/elasticloadbalancing/README.md
diff --git a/aws/elasticloadbalancing/data.tf b/aws/elasticloadbalancing/data.tf
@@ -6,5 +6,5 @@ data "sumologic_caller_identity" "current" {}
 
 data "aws_serverlessapplicationrepository_application" "app" {
   application_id   = "arn:aws:serverlessrepo:us-east-1:956882708938:applications/sumologic-s3-logging-auto-enable"
-  semantic_version = "1.0.2"
+  semantic_version = "1.0.10"
 }
diff --git a/aws/elasticloadbalancing/examples/default/main.tf b/aws/elasticloadbalancing/examples/default/main.tf
@@ -37,7 +37,7 @@ module "lb_module" {
     }
   }
   auto_enable_access_logs = "Both"
-  app_semantic_version = "1.0.6"
+  app_semantic_version = "1.0.10"
   auto_enable_access_logs_options = {
     bucket_prefix          = "classicloadbalancing"
     auto_enable_logging    = "ELB"

diff --git a/aws/elasticloadbalancing/variables.tf b/aws/elasticloadbalancing/variables.tf
@@ -111,7 +111,7 @@ variable "auto_enable_access_logs" {
 variable "app_semantic_version" {
   type        = string
   description = "Provide the latest version of Serverless Application Repository 'sumologic-s3-logging-auto-enable'."
-  default = "1.0.5"
+  default = "1.0.10"
 }
 
 variable "auto_enable_access_logs_options" {

diff --git a/aws/elb/README.md b/aws/elb/README.md
diff --git a/aws/elb/data.tf b/aws/elb/data.tf
@@ -6,5 +6,5 @@ data "sumologic_caller_identity" "current" {}
 
 data "aws_serverlessapplicationrepository_application" "app" {
   application_id   = "arn:aws:serverlessrepo:us-east-1:956882708938:applications/sumologic-s3-logging-auto-enable"
-  semantic_version = "1.0.2"
+  semantic_version = "1.0.10"
 }
diff --git a/aws/elb/examples/default/main.tf b/aws/elb/examples/default/main.tf
@@ -37,7 +37,7 @@ module "lb_module" {
     }
   }
   auto_enable_access_logs = "Both"
-  app_semantic_version = "1.0.6"
+  app_semantic_version = "1.0.10"
   auto_enable_access_logs_options = {
     filter                 = "'Type': 'application'|'type': 'application'"
     remove_on_delete_stack = true

diff --git a/aws/elb/variables.tf b/aws/elb/variables.tf
@@ -92,7 +92,7 @@ variable "sumologic_organization_id" {
 variable "app_semantic_version" {
   type        = string
   description = "Provide the latest version of Serverless Application Repository 'sumologic-s3-logging-auto-enable'."
-  default = "1.0.5"
+  default = "1.0.10"
 }
 
 variable "auto_enable_access_logs" {

diff --git a/aws/kinesisfirehoseforlogs/README.md b/aws/kinesisfirehoseforlogs/README.md
@@ -58,16 +58,16 @@ No modules.
 
 ## Inputs
 
-| Name | Description | Type | Default | Required |
-|------|-------------|------|---------|:--------:|
-| <a name="input_app_semantic_version"></a> [app\_semantic\_version](#input\_app\_semantic\_version) | Provide the latest version of Serverless Application Repository 'sumologic-loggroup-connector'. | `string` | `"1.0.7"` | no |
-| <a name="input_auto_enable_logs_subscription"></a> [auto\_enable\_logs\_subscription](#input\_auto\_enable\_logs\_subscription) | New - Automatically subscribes new log groups to send logs to Sumo Logic.<br>				Existing - Automatically subscribes existing log groups to send logs to Sumo Logic.<br>				Both - Automatically subscribes new and existing log groups.<br>				None - Skips Automatic subscription. | `string` | `"Both"` | no |
-| <a name="input_auto_enable_logs_subscription_options"></a> [auto\_enable\_logs\_subscription\_options](#input\_auto\_enable\_logs\_subscription\_options) | filter - Enter regex for matching logGroups. Regex will check for the name. Visit https://help.sumologic.com/03Send-Data/Collect-from-Other-Data-Sources/Auto-Subscribe_AWS_Log_Groups_to_a_Lambda_Function#Configuring_parameters | <pre>object({<br>    filter = string<br>  })</pre> | <pre>{<br>  "filter": "lambda"<br>}</pre> | no |
-| <a name="input_bucket_details"></a> [bucket\_details](#input\_bucket\_details) | Provide details for the AWS S3 bucket. If not provided, existing will be used. | <pre>object({<br>    bucket_name          = string<br>    force_destroy_bucket = bool<br>  })</pre> | <pre>{<br>  "bucket_name": "sumologic-kinesis-firehose-logs-random-id",<br>  "force_destroy_bucket": true<br>}</pre> | no |
-| <a name="input_collector_details"></a> [collector\_details](#input\_collector\_details) | Provide details for the Sumo Logic collector. If not provided, then defaults will be used. | <pre>object({<br>    collector_name = string<br>    description    = string<br>    fields         = map(string)<br>  })</pre> | <pre>{<br>  "collector_name": "SumoLogic Kinesis Firehose for Logs Collector <Random ID>",<br>  "description": "This collector is created using Sumo Logic terraform AWS Kinesis Firehose for logs module to collect AWS cloudwatch logs.",<br>  "fields": {}<br>}</pre> | no |
-| <a name="input_create_bucket"></a> [create\_bucket](#input\_create\_bucket) | Provide "true" if you would like to create AWS S3 bucket to store logs. Provide "bucket\_details" if set to "false". | `bool` | `true` | no |
-| <a name="input_create_collector"></a> [create\_collector](#input\_create\_collector) | Provide "true" if you would like to create the Sumo Logic Collector. | `bool` | n/a | yes |
-| <a name="input_source_details"></a> [source\_details](#input\_source\_details) | Provide details for the Sumo Logic Kinesis Firehose for Logs source. If not provided, then defaults will be used. | <pre>object({<br>    source_name     = string<br>    source_category = string<br>    collector_id    = string<br>    description     = string<br>    fields          = map(string)<br>  })</pre> | <pre>{<br>  "collector_id": "",<br>  "description": "This source is created using Sumo Logic terraform AWS Kinesis Firehose for logs module to collect AWS Cloudwatch logs.",<br>  "fields": {},<br>  "source_category": "Labs/aws/cloudwatch/logs",<br>  "source_name": "Kinesis Firehose for Logs Source"<br>}</pre> | no |
+| Name                                                                                                                                                      | Description                                                                                                                                                                                                                                                                          | Type                                                                                                                                                                                             | Default                                                                                                                                                                                                                                                                                                                | Required |
+|-----------------------------------------------------------------------------------------------------------------------------------------------------------|--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|:--------:|
+| <a name="input_app_semantic_version"></a> [app\_semantic\_version](#input\_app\_semantic\_version)                                                        | Provide the latest version of Serverless Application Repository 'sumologic-loggroup-connector'.                                                                                                                                                                                      | `string`                                                                                                                                                                                         | `"1.0.11"`                                                                                                                                                                                                                                                                                                             |    no    |
+| <a name="input_auto_enable_logs_subscription"></a> [auto\_enable\_logs\_subscription](#input\_auto\_enable\_logs\_subscription)                           | New - Automatically subscribes new log groups to send logs to Sumo Logic.<br>				Existing - Automatically subscribes existing log groups to send logs to Sumo Logic.<br>				Both - Automatically subscribes new and existing log groups.<br>				None - Skips Automatic subscription. | `string`                                                                                                                                                                                         | `"Both"`                                                                                                                                                                                                                                                                                                               |    no    |
+| <a name="input_auto_enable_logs_subscription_options"></a> [auto\_enable\_logs\_subscription\_options](#input\_auto\_enable\_logs\_subscription\_options) | filter - Enter regex for matching logGroups. Regex will check for the name. Visit https://help.sumologic.com/03Send-Data/Collect-from-Other-Data-Sources/Auto-Subscribe_AWS_Log_Groups_to_a_Lambda_Function#Configuring_parameters                                                   | <pre>object({<br>    filter = string<br>  })</pre>                                                                                                                                               | <pre>{<br>  "filter": "lambda"<br>}</pre>                                                                                                                                                                                                                                                                              |    no    |
+| <a name="input_bucket_details"></a> [bucket\_details](#input\_bucket\_details)                                                                            | Provide details for the AWS S3 bucket. If not provided, existing will be used.                                                                                                                                                                                                       | <pre>object({<br>    bucket_name          = string<br>    force_destroy_bucket = bool<br>  })</pre>                                                                                              | <pre>{<br>  "bucket_name": "sumologic-kinesis-firehose-logs-random-id",<br>  "force_destroy_bucket": true<br>}</pre>                                                                                                                                                                                                   |    no    |
+| <a name="input_collector_details"></a> [collector\_details](#input\_collector\_details)                                                                   | Provide details for the Sumo Logic collector. If not provided, then defaults will be used.                                                                                                                                                                                           | <pre>object({<br>    collector_name = string<br>    description    = string<br>    fields         = map(string)<br>  })</pre>                                                                    | <pre>{<br>  "collector_name": "SumoLogic Kinesis Firehose for Logs Collector <Random ID>",<br>  "description": "This collector is created using Sumo Logic terraform AWS Kinesis Firehose for logs module to collect AWS cloudwatch logs.",<br>  "fields": {}<br>}</pre>                                               |    no    |
+| <a name="input_create_bucket"></a> [create\_bucket](#input\_create\_bucket)                                                                               | Provide "true" if you would like to create AWS S3 bucket to store logs. Provide "bucket\_details" if set to "false".                                                                                                                                                                 | `bool`                                                                                                                                                                                           | `true`                                                                                                                                                                                                                                                                                                                 |    no    |
+| <a name="input_create_collector"></a> [create\_collector](#input\_create\_collector)                                                                      | Provide "true" if you would like to create the Sumo Logic Collector.                                                                                                                                                                                                                 | `bool`                                                                                                                                                                                           | n/a                                                                                                                                                                                                                                                                                                                    |   yes    |
+| <a name="input_source_details"></a> [source\_details](#input\_source\_details)                                                                            | Provide details for the Sumo Logic Kinesis Firehose for Logs source. If not provided, then defaults will be used.                                                                                                                                                                    | <pre>object({<br>    source_name     = string<br>    source_category = string<br>    collector_id    = string<br>    description     = string<br>    fields          = map(string)<br>  })</pre> | <pre>{<br>  "collector_id": "",<br>  "description": "This source is created using Sumo Logic terraform AWS Kinesis Firehose for logs module to collect AWS Cloudwatch logs.",<br>  "fields": {},<br>  "source_category": "Labs/aws/cloudwatch/logs",<br>  "source_name": "Kinesis Firehose for Logs Source"<br>}</pre> |    no    |
 
 ## Outputs
 

diff --git a/aws/kinesisfirehoseforlogs/data.tf b/aws/kinesisfirehoseforlogs/data.tf
@@ -6,5 +6,5 @@ data "sumologic_caller_identity" "current" {}
 
 data "aws_serverlessapplicationrepository_application" "app" {
   application_id   = "arn:aws:serverlessrepo:us-east-1:956882708938:applications/sumologic-loggroup-connector"
-  semantic_version = "1.0.6"
+  semantic_version = "1.0.11"
 }
diff --git a/aws/kinesisfirehoseforlogs/examples/default/main.tf b/aws/kinesisfirehoseforlogs/examples/default/main.tf
@@ -24,7 +24,7 @@ module "kinesis_firehose_for_logs_module" {
   }
 
   auto_enable_logs_subscription = "Both"
-  app_semantic_version = "1.0.9"
+  app_semantic_version = "1.0.11"
   auto_enable_logs_subscription_options = {
     filter = "lambda|rds"
   }

diff --git a/aws/kinesisfirehoseforlogs/variables.tf b/aws/kinesisfirehoseforlogs/variables.tf
@@ -56,7 +56,7 @@ variable "source_details" {
 variable "app_semantic_version" {
   type        = string
   description = "Provide the latest version of Serverless Application Repository 'sumologic-loggroup-connector'."
-  default = "1.0.7"
+  default = "1.0.11"
 }
 
 variable "auto_enable_logs_subscription" {

diff --git a/terratest/aws/cloudwatchlogsforwarder/TestWithDefaultValues.json b/terratest/aws/cloudwatchlogsforwarder/TestWithDefaultValues.json
@@ -68,7 +68,7 @@
           "LogGroupPattern": "lambda",
           "UseExistingLogs": "true"
         },
-        "semantic_version": "1.0.5"
+        "semantic_version": "1.0.11"
       }
     }
   ],

diff --git a/terratest/aws/cloudwatchlogsforwarder/TestWithExistingValues.json b/terratest/aws/cloudwatchlogsforwarder/TestWithExistingValues.json
@@ -68,7 +68,7 @@
           "LogGroupPattern": "lambda",
           "UseExistingLogs": "true"
         },
-        "semantic_version": "1.0.5"
+        "semantic_version": "1.0.11"
       }
     }
   ],

diff --git a/terratest/aws/elb/TestWithDefaultValues.json b/terratest/aws/elb/TestWithDefaultValues.json
@@ -16,7 +16,7 @@
           "BucketName": "elb-logs-{RandomString}",
           "BucketPrefix": "elasticloadbalancing"
         },
-        "semantic_version": "1.0.2"
+        "semantic_version": "1.0.10"
       }
     }
   ],

diff --git a/terratest/aws/elb/TestWithExistingCollectorIAMNewSNSResources.json b/terratest/aws/elb/TestWithExistingCollectorIAMNewSNSResources.json
@@ -16,7 +16,7 @@
           "BucketName": "cf-templates-1qpf3unpuo1hw-{Region}",
           "BucketPrefix": "elasticloadbalancing"
         },
-        "semantic_version": "1.0.2"
+        "semantic_version": "1.0.10"
       }
     }
   ],