Skip to content

Commit

Permalink
updated interface for serverport to accept float64 not int
Browse files Browse the repository at this point in the history
  • Loading branch information
banderson0421 authored and banderson0421 committed Nov 14, 2023
1 parent 7e4f862 commit 7758e60
Show file tree
Hide file tree
Showing 7 changed files with 21 additions and 67 deletions.
2 changes: 1 addition & 1 deletion GNUmakefile
View file
Original file line number Diff line number Diff line change
Expand Up @@ -5,7 +5,7 @@ HOSTNAME=registry.terraform.io
NAMESPACE=terraform-providers
PKG_NAME=dsfhub
BINARY=terraform-provider-${PKG_NAME}
VERSION=1.2.16
VERSION=1.2.17
OS_ARCH=darwin_amd64

default: install
Expand Down
4 changes: 2 additions & 2 deletions dsfhub/resource_cloud_account.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -544,8 +544,8 @@ func resourceCloudAccountRead(d *schema.ResourceData, m interface{}) error {
d.Set("server_type", cloudAccountReadResponse.Data.ServerType)
if cloudAccountReadResponse.Data.AssetData.ServerPort != nil {
var serverPort string
if serverPortNum, ok := cloudAccountReadResponse.Data.AssetData.ServerPort.(int); ok {
serverPort = fmt.Sprintf("%d", int(serverPortNum))
if serverPortNum, ok := cloudAccountReadResponse.Data.AssetData.ServerPort.(float64); ok {
serverPort = fmt.Sprintf("%d", float64(serverPortNum))
} else {
serverPort = cloudAccountReadResponse.Data.AssetData.ServerPort.(string)
}
Expand Down
4 changes: 2 additions & 2 deletions dsfhub/resource_data_source.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -1402,8 +1402,8 @@ func resourceDSFDataSourceRead(d *schema.ResourceData, m interface{}) error {
d.Set("server_ip", dsfDataSourceReadResponse.Data.AssetData.ServerIP)
if dsfDataSourceReadResponse.Data.AssetData.ServerPort != nil {
var serverPort string
if serverPortNum, ok := dsfDataSourceReadResponse.Data.AssetData.ServerPort.(int); ok {
serverPort = fmt.Sprintf("%d", int(serverPortNum))
if serverPortNum, ok := dsfDataSourceReadResponse.Data.AssetData.ServerPort.(float64); ok {
serverPort = fmt.Sprintf("%d", float64(serverPortNum))
} else {
serverPort = dsfDataSourceReadResponse.Data.AssetData.ServerPort.(string)
}
Expand Down
4 changes: 2 additions & 2 deletions dsfhub/resource_log_aggregator.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -582,8 +582,8 @@ func resourceLogAggregatorRead(d *schema.ResourceData, m interface{}) error {
d.Set("server_type", logAggregatorReadResponse.Data.ServerType)
if logAggregatorReadResponse.Data.AssetData.ServerPort != nil {
var serverPort string
if serverPortNum, ok := logAggregatorReadResponse.Data.AssetData.ServerPort.(int); ok {
serverPort = fmt.Sprintf("%d", int(serverPortNum))
if serverPortNum, ok := logAggregatorReadResponse.Data.AssetData.ServerPort.(float64); ok {
serverPort = fmt.Sprintf("%d", float64(serverPortNum))
} else {
serverPort = logAggregatorReadResponse.Data.AssetData.ServerPort.(string)
}
Expand Down
4 changes: 2 additions & 2 deletions dsfhub/resource_secret_manager.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -551,8 +551,8 @@ func resourceSecretManagerRead(d *schema.ResourceData, m interface{}) error {
d.Set("server_ip", secretManagerReadResponse.Data.AssetData.ServerIP)
if secretManagerReadResponse.Data.AssetData.ServerPort != nil {
var serverPort string
if serverPortNum, ok := secretManagerReadResponse.Data.AssetData.ServerPort.(int); ok {
serverPort = fmt.Sprintf("%d", int(serverPortNum))
if serverPortNum, ok := secretManagerReadResponse.Data.AssetData.ServerPort.(float64); ok {
serverPort = fmt.Sprintf("%d", float64(serverPortNum))
} else {
serverPort = secretManagerReadResponse.Data.AssetData.ServerPort.(string)
}
Expand Down
8 changes: 6 additions & 2 deletions website/docs/guides/iam_aws_secrets.md
View file
Original file line number Diff line number Diff line change
@@ -1,11 +1,15 @@
---
subcategory: ""
layout: "dsfhub"
page_title: "AWS IAM Permissions - Kinesis"
page_title: "AWS IAM Permissions - Secrets"
description: |-
AWS IAM permissions for the DSF Agentless Gateway to access logs via Kinesis.
AWS IAM permissions for the DSF Agentless Gateway to access logs via AWS Secrets Manager.
---

# DSF Agentless Gateway Required IAM Permissions - Secrets Manager

The DSF Agentless Gateway requires the following IAM permissions to access an AWS Secrets Manager.

## Variable Reference

```
Expand Down
62 changes: 6 additions & 56 deletions website/docs/guides/module_aws_rds_mysql.md
View file
Original file line number Diff line number Diff line change
@@ -1,5 +1,5 @@
---
subcategory: "DSFHUB Templates by Database"
subcategory: "DSFHUB Database Modules"
layout: "dsfhub"
page_title: "Module - AWS RDS MYSQL"
description: |-
Expand Down Expand Up @@ -114,7 +114,6 @@ variable "vpc_security_group_ids" {
## Providers and Resources

```hcl
## Providers ###
provider "aws" {
region = var.region
Expand Down Expand Up @@ -210,65 +209,16 @@ resource "dsfhub_log_aggregator" "rds-mysql-db-log-group" {
}
```

## Dependencies:
## Agentless Gateway Permission Dependencies:

The [DSF Agentless Gateway](https://registry.terraform.io/modules/imperva/dsf-agentless-gw/aws/latest) is required to have access to read logs from cloud watch. The following is an example [AWS IAM Role](../guides/iam_aws_kinesis.md) granting this access:
The [DSF Agentless Gateway](https://registry.terraform.io/modules/imperva/dsf-agentless-gw/aws/latest) is required to have [AWS IAM Role](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_role) access to the AWS service the database is configured to publish logs to in order to consume audit.

<ul>
<li><a target="_blank" href="../guides/iam_aws_kinesis.md">Kinesis Streams</a></li>
<li><a target="_blank" href="../guides/iam_aws_log_group.md">CloudWatch Log Groups</a></li>
<li><a target="_blank" href="../guides/iam_aws_secrets.md">Secret Manager</a></li>
<li><a target="_blank" href="../guides/iam_aws_kinesis.md">AWS IAM Permissions for Kinesis Streams</a></li>
<li><a target="_blank" href="../guides/iam_aws_log_group.md">AWS IAM Permissions for CloudWatch Log Groups</a></li>
<li><a target="_blank" href="../guides/iam_aws_secrets.md">AWS IAM Permissions for Secret Manager</a></li>
</ul>

```hcl
#################################
# DSF Agentless Gateway IAM role
#################################
# DSF Agentless-Gateway Variables for IAM permissions granting access logs
variable "agentless_gatway_iam_role_name" {
description = "Name of the DSF agentless gateway role to add permissions to access db logs."
type = string
default = "your-gw-role-name-here"
}
variable "db_cloud_watch_log_group_arn" {
description = " ARN of the Cloudwatch log group."
type = string
default = "arn:aws:logs:us-east-2:1234567890:log-group:/aws/rds/instance/your-mysql-db-identifier/audit:*"
}
# #### IAM Permissions for DSF Agentless Gateway ###
resource "aws_iam_policy" "log_group_policy" {
name = "DSFAgentlessGatewayLogGroupPolicy-${var.deployment_name}"
description = "DSF Agentless Gateway Log Group Policy for ${var.deployment_name}"
policy = jsonencode({
"Version": "2012-10-17",
"Statement": [
{
"Sid": "VisualEditor0",
"Effect": "Allow",
"Action": [
"logs:DescribeLogGroups",
"logs:DescribeLogStreams",
"logs:FilterLogEvents",
"logs:GetLogEvents"
]
"Resource": [
"${var.db_cloud_watch_log_group_arn}/*",
]
}
]
})
}
resource "aws_iam_role_policy_attachment" "log_group_policy_attachment" {
policy_arn = aws_iam_policy.log_group_policy.arn
role = var.agentless_gatway_iam_role_name
}
```

## Argument Reference:

### Required
Expand Down

0 comments on commit 7758e60

Please sign in to comment.