Merge branch 'master' into awso_2_11_0

.github/workflows/app-components-tf-test.yml

@@ -0,0 +1,50 @@
+name: "App Components TF template tests"
+on:
+  pull_request:
+    paths:
+      - 'application-components/**'
+
+jobs:
+
+  ValidateTF:
+    runs-on: ubuntu-latest
+    name: "Validatation (format & syntax)"
+    defaults:
+      run:
+        working-directory: ./application-components
+    steps:
+    - uses: actions/checkout@v4
+      name: Checkout source code
+
+    - uses: hashicorp/setup-terraform@v3
+      name: Setup Terraform
+
+    - name: Terraform fmt
+      id: fmt
+      run: terraform fmt -check -recursive -diff
+      continue-on-error: true
+
+    - name: Terraform Init
+      id: init
+      run: terraform init
+
+    - name: Terraform Validate
+      id: validate
+      run: terraform validate
+
+  TFSecurityChecks:
+    name: "Security Checks (checkov)"
+    runs-on: "ubuntu-latest"
+    steps:
+      - name: Checkout repo
+        uses: actions/checkout@v3
+
+      - uses: bridgecrewio/checkov-action@master
+        with:
+          directory: 'application-components/'
+          quiet: true
+          framework: terraform
+          output_format: cli
+          output_bc_ids: false
+          download_external_modules: true
+          skip_check: CKV_TF_1,CKV_TF_2

.github/workflows/cf-test.yml → .github/workflows/awso-cf-test.yml

@@ -1,5 +1,8 @@
-name: "CF template tests"
-on: [workflow_dispatch, pull_request]
+name: "AWSO CF template tests"
+on:
+  pull_request:
+    paths:
+      - 'aws-observability/**'
 
 jobs:
   ValidateLinting:
@@ -14,7 +17,7 @@ jobs:
 
       - name: Print the Cloud Formation Linter Version & run Linter.
         run: |
-          cfn-lint aws-observability/**/*.yaml --ignore-templates aws-observability/**/*TestTemplate.yaml --ignore-checks W3011
+          cfn-lint aws-observability/**/*.yaml --ignore-templates aws-observability/**/*TestTemplate.yaml --ignore-checks W3011,E8001
 
   CFSecurityChecksCheckovt:
     name: "Security Checks (checkov)"
@@ -47,4 +50,4 @@ jobs:
       - name: Validate with cfn_nag
         run: |
           cfn_nag_scan -i aws-observability --ignore-fatal aws-observability/**/TestTemplate.yaml
-        continue-on-error: true
+        continue-on-error: true

.github/workflows/tf-test.yml → .github/workflows/awso-tf-test.yml

@@ -1,5 +1,8 @@
-name: "TF template tests"
-on: [workflow_dispatch, pull_request]
+name: "AWSO TF template tests"
+on:
+  pull_request:
+    paths:
+      - 'aws-observability-terraform/**'
 
 jobs:
 

.github/workflows/sdo-tf-test.yml

@@ -0,0 +1,60 @@
+name: "SDO TF template tests"
+on:
+  pull_request:
+    paths:
+      - 'software-development-optimization-terraform/**'
+
+jobs:
+
+  ValidateTF:
+    runs-on: ubuntu-latest
+    name: "Validatation (format & syntax)"
+    defaults:
+      run:
+        working-directory: ./software-development-optimization-terraform
+    steps:
+    - uses: actions/checkout@v4
+      name: Checkout source code
+
+    - uses: hashicorp/setup-terraform@v3
+      name: Setup Terraform
+      with:
+        terraform_version: "0.12.31"
+
+    - name: Download and extract the terraform-provider-jira plugin version 0.1.11
+      run: |
+        curl -LO https://github.com/fourplusone/terraform-provider-jira/releases/download/v0.1.11/terraform-provider-jira_linux_amd64.zip && mkdir -p ~/.terraform.d/plugins/linux_amd64 && unzip terraform-provider-jira_linux_amd64.zip -d ~/.terraform.d/plugins/linux_amd64/ && rm terraform-provider-jira_linux_amd64.zip
+
+    - name: Download and install the terraform-provider-restapi plugin version 1.12.0
+      run: |
+        curl -LO https://github.com/Mastercard/terraform-provider-restapi/releases/download/v1.12.0/terraform-provider-restapi_v1.12.0-linux-amd64 && chmod +x terraform-provider-restapi_v1.12.0-linux-amd64 && mv terraform-provider-restapi_v1.12.0-linux-amd64 ~/.terraform.d/plugins/linux_amd64/terraform-provider-restapi
+
+    - name: Terraform fmt
+      id: fmt
+      run: terraform fmt -check -recursive -diff
+      continue-on-error: true
+
+    - name: Terraform Init
+      id: init
+      run: terraform init
+
+    - name: Terraform Validate
+      id: validate
+      run: terraform validate
+
+  TFSecurityChecks:
+    name: "Security Checks (checkov)"
+    runs-on: "ubuntu-latest"
+    steps:
+      - name: Checkout repo
+        uses: actions/checkout@v3
+
+      - uses: bridgecrewio/checkov-action@master
+        with:
+          directory: 'software-development-optimization-terraform/'
+          quiet: true
+          framework: terraform
+          output_format: cli
+          output_bc_ids: false
+          download_external_modules: true
+          skip_check: CKV_TF_1,CKV_TF_2

.github/workflows/slo-tf-test.yml

@@ -0,0 +1,50 @@
+name: "SLO Packages TF template tests"
+on:
+  pull_request:
+    paths:
+      - 'slo_packages/**'
+
+jobs:
+
+  ValidateTF:
+    runs-on: ubuntu-latest
+    name: "Validatation (format & syntax)"
+    defaults:
+      run:
+        working-directory: ./slo_packages
+    steps:
+    - uses: actions/checkout@v4
+      name: Checkout source code
+
+    - uses: hashicorp/setup-terraform@v3
+      name: Setup Terraform
+
+    - name: Terraform fmt
+      id: fmt
+      run: terraform fmt -check -recursive -diff
+      continue-on-error: true
+
+    - name: Terraform Init
+      id: init
+      run: terraform init
+
+    - name: Terraform Validate
+      id: validate
+      run: terraform validate
+
+  TFSecurityChecks:
+    name: "Security Checks (checkov)"
+    runs-on: "ubuntu-latest"
+    steps:
+      - name: Checkout repo
+        uses: actions/checkout@v3
+
+      - uses: bridgecrewio/checkov-action@master
+        with:
+          directory: 'slo_packages/'
+          quiet: true
+          framework: terraform
+          output_format: cli
+          output_bc_ids: false
+          download_external_modules: true
+          skip_check: CKV_TF_1,CKV_TF_2

application-components/RESOURCES.md

@@ -243,7 +243,7 @@
 | <a name="input_sqlserver_monitor_folder"></a> [sqlserver\_monitor\_folder](#input\_sqlserver\_monitor\_folder) | Folder where sqlserver monitors will be created. | `string` | `"SQL Server"` | no |
 | <a name="input_sumologic_access_id"></a> [sumologic\_access\_id](#input\_sumologic\_access\_id) | Sumo Logic Access ID. Visit https://help.sumologic.com/Manage/Security/Access-Keys#Create_an_access_key | `string` | n/a | yes |
 | <a name="input_sumologic_access_key"></a> [sumologic\_access\_key](#input\_sumologic\_access\_key) | Sumo Logic Access Key. Visit https://help.sumologic.com/Manage/Security/Access-Keys#Create_an_access_key | `string` | n/a | yes |
-| <a name="input_sumologic_environment"></a> [sumologic\_environment](#input\_sumologic\_environment) | Enter au, ca, de, eu, jp, us2, in, fed or us1. For more information on Sumo Logic deployments visit https://help.sumologic.com/APIs/General-API-Information/Sumo-Logic-Endpoints-and-Firewall-Security | `string` | n/a | yes |
+| <a name="input_sumologic_environment"></a> [sumologic\_environment](#input\_sumologic\_environment) | Enter au, ca, de, eu, jp, us2, in, fed, kr or us1. For more information on Sumo Logic deployments visit https://help.sumologic.com/APIs/General-API-Information/Sumo-Logic-Endpoints-and-Firewall-Security | `string` | n/a | yes |
 | <a name="input_sumologic_organization_id"></a> [sumologic\_organization\_id](#input\_sumologic\_organization\_id) | You can find your org on the Preferences page in the Sumo Logic UI. For more information, see the Preferences Page topic. Your org ID will be used to configure the IAM Role for Sumo Logic AWS Sources."<br>            For more details, visit https://help.sumologic.com/01Start-Here/05Customize-Your-Sumo-Logic-Experience/Preferences-Page | `string` | n/a | yes |
 
 ## Outputs

application-components/common_component.tf

@@ -12,6 +12,21 @@ resource "sumologic_field" "environment" {
 }
 
 
+resource "sumologic_field" "pod_labels_environment" {
+  count      = length(local.all_components_values) > 0 && local.has_any_kubernetes_deployments ? 1 : 0
+  data_type  = "String"
+  field_name = "pod_labels_environment"
+  state      = "Enabled"
+}
+
+
+resource "sumologic_field" "pod_labels_component" {
+  count      = length(local.all_components_values) > 0 && local.has_any_kubernetes_deployments ? 1 : 0
+  data_type  = "String"
+  field_name = "pod_labels_component"
+  state      = "Enabled"
+}
+
 # ********************** Application Components App ********************** #
 locals {
   application_component_app_id          = "22aa033e-5a36-4a20-b07d-810096e18050"

application-components/db_component.tf

@@ -62,7 +62,7 @@ resource "sumologic_field" "pod_labels_db_cluster_port" {
 # ********************** Database component FERs ********************** #
 
 resource "sumologic_field_extraction_rule" "SumoLogicFieldExtractionRulesForDatabase" {
-  depends_on       = [sumologic_field.db_cluster, sumologic_field.db_system, sumologic_field.db_cluster_address, sumologic_field.db_cluster_port, sumologic_field.pod_labels_db_cluster, sumologic_field.pod_labels_db_system, sumologic_field.pod_labels_db_cluster_address, sumologic_field.pod_labels_db_cluster_port]
+  depends_on       = [sumologic_field.db_cluster, sumologic_field.db_system, sumologic_field.db_cluster_address, sumologic_field.db_cluster_port, sumologic_field.pod_labels_db_cluster, sumologic_field.pod_labels_db_system, sumologic_field.pod_labels_db_cluster_address, sumologic_field.pod_labels_db_cluster_port,sumologic_field.component,sumologic_field.environment, sumologic_field.pod_labels_environment, sumologic_field.pod_labels_component]
   count            = length(local.all_components_values) > 0 && local.has_any_kubernetes_deployments ? 1 : 0
   enabled          = true
   name             = local.database_fer_name

application-components/fields.sh

@@ -2,7 +2,7 @@
 
 # ----------------------------------------------------------------------------------------------------------------------------------------------------------
 # This script imports the existing fields and FERs (required by aws observability solution) if field(s) and FER(s) are already present in the user's Sumo Logic account.
-# For SUMOLOGIC_ENV, provide one from the list : au, ca, de, eu, jp, us2, in, fed or us1. For more information on Sumo Logic deployments visit https://help.sumologic.com/APIs/General-API-Information/Sumo-Logic-Endpoints-and-Firewall-Security"
+# For SUMOLOGIC_ENV, provide one from the list : au, ca, de, eu, jp, us2, in, kr, fed or us1. For more information on Sumo Logic deployments visit https://help.sumologic.com/APIs/General-API-Information/Sumo-Logic-Endpoints-and-Firewall-Security"
 # Before using this script, set following environment variables using below commands:
 # export SUMOLOGIC_ENV=""
 # export SUMOLOGIC_ACCESSID=""
@@ -16,8 +16,8 @@ if ! foobar_loc="$(type -p "jq")" || [[ -z $foobar_loc ]]; then
 fi
 
 # Validate Sumo Logic environment/deployment.
-if ! [[ "$SUMOLOGIC_ENV" =~ ^(au|ca|de|eu|jp|us2|in|fed|us1)$ ]]; then
-    echo "$SUMOLOGIC_ENV is invalid Sumo Logic deployment. For SUMOLOGIC_ENV, provide one from list : au, ca, de, eu, jp, us2, in, fed or us1. For more information on Sumo Logic deployments visit https://help.sumologic.com/APIs/General-API-Information/Sumo-Logic-Endpoints-and-Firewall-Security"
+if ! [[ "$SUMOLOGIC_ENV" =~ ^(au|ca|de|eu|jp|us2|in|fed|kr|us1)$ ]]; then
+    echo "$SUMOLOGIC_ENV is invalid Sumo Logic deployment. For SUMOLOGIC_ENV, provide one from list : au, ca, de, eu, jp, us2, in, fed, kr or us1. For more information on Sumo Logic deployments visit https://help.sumologic.com/APIs/General-API-Information/Sumo-Logic-Endpoints-and-Firewall-Security"
     exit 1
 fi
 

application-components/main.auto.tfvars

@@ -3,7 +3,7 @@
 
 ####### SUMOLOGIC CONFIGURATION #######
 
-sumologic_environment     = ""   # Please replace <YOUR SUMO DEPLOYMENT> (including brackets) with au, ca, de, eu, jp, us2, in, fed or us1.
+sumologic_environment     = ""   # Please replace <YOUR SUMO DEPLOYMENT> (including brackets) with au, ca, de, eu, jp, us2, in, fed, kr or us1.
 sumologic_access_id       = ""   # Please replace <YOUR SUMO ACCESS ID> (including brackets) with your Sumo Logic Access ID.
 sumologic_access_key      = ""   # Please replace <YOUR SUMO ACCESS KEY> (including brackets) with your Sumo Logic Access KEY.
 sumologic_organization_id = ""   # Please replace <YOUR SUMO ORG ID> (including brackets) with your Sumo Logic Organization ID.

application-components/variables.tf

@@ -2,7 +2,7 @@
 
 variable "sumologic_environment" {
   type        = string
-  description = "Enter au, ca, de, eu, jp, us2, in, fed or us1. For more information on Sumo Logic deployments visit https://help.sumologic.com/APIs/General-API-Information/Sumo-Logic-Endpoints-and-Firewall-Security"
+  description = "Enter au, ca, de, eu, jp, us2, in, kr, fed or us1. For more information on Sumo Logic deployments visit https://help.sumologic.com/APIs/General-API-Information/Sumo-Logic-Endpoints-and-Firewall-Security"
 
   validation {
     condition = contains([
@@ -16,8 +16,9 @@ variable "sumologic_environment" {
       "us1",
       "us2",
       "in",
+      "kr",
     "fed"], var.sumologic_environment)
-    error_message = "The value must be one of au, ca, de, eu, jp, us1, us2, in, or fed."
+    error_message = "The value must be one of au, ca, de, eu, jp, us1, us2, in, kr or fed."
   }
 }
 

application-components/versions.tf

@@ -4,7 +4,7 @@ terraform {
   required_providers {
 
     sumologic = {
-      version = ">= 2.19.0"
+      version = ">= 2.31.3, < 3.0.0"
       source  = "SumoLogic/sumologic"
     }
     time = {

slo_packages/aws/README.md

@@ -27,7 +27,7 @@ Required in the aws_slo.auto.tfvars file.
 |------|-------------|------|---------|:--------:|
 | <a name="input_access_id"></a> [access\_id](#access\_id) | Sumo Logic Access ID. Visit https://help.sumologic.com/Manage/Security/Access-Keys#Create_an_access_key | `string` | n/a | yes |
 | <a name="input_access_key"></a> [access\_key](#access\_key) | Sumo Logic Access Key. Visit https://help.sumologic.com/Manage/Security/Access-Keys#Create_an_access_key | `string` | n/a | yes |
-| <a name="input_environment"></a> [environment](#environment) | Enter au, ca, de, eu, jp, us2, in, fed or us1. For more information on Sumo Logic deployments visit https://help.sumologic.com/APIs/General-API-Information/Sumo-Logic-Endpoints-and-Firewall-Security | `string` | n/a | yes |
+| <a name="input_environment"></a> [environment](#environment) | Enter au, ca, de, eu, jp, us2, in, kr, fed or us1. For more information on Sumo Logic deployments visit https://help.sumologic.com/APIs/General-API-Information/Sumo-Logic-Endpoints-and-Firewall-Security | `string` | n/a | yes |
 | <a name="input_folder"></a> [folder](#folder) | Indicates the SLO installation folder. | `string` | `"AWS"` | no |
 | <a name="input_aws_elb_data_filter"></a> [aws\_elb\_data\_filter](#aws\_elb\_data\_filter) | AWS ELB Data Filter. For eg: account=prod | `string` | `""` | yes |
 | <a name="input_time_zone"></a> [time\_zone](#time\_zone) | Time zone for the SLO compliance. Follow the format in the IANA Time Zone Database. | `string` | `"Asia/Kolkata"` | yes |
@@ -133,4 +133,4 @@ Raise issues at [Issues](https://github.com/SumoLogic/sumologic-solution-templat
 
 * Fork the project on [Github](https://github.com/SumoLogic/sumologic-solution-templates).
 * Make your feature addition or fix bug, write tests and commit.
-* Create a pull request with one of the maintainer as Reviewer.
+* Create a pull request with one of the maintainer as Reviewer.

slo_packages/aws/variables.tf

@@ -20,8 +20,8 @@ variable "environment" {
   validation {
     condition = contains([
       "US1",
-    "us1","US2","us2","AU","au","CA","ca","DE","de","EU","eu","FED","fed","JP","jp","IN","in"], var.environment)
-    error_message = "Argument \"environment\" must be one of \"us1\",\"us2\",\"au\",\"ca\",\"de\",\"eu\",\"fed\",\"jp\",\"in\"."
+    "us1","US2","us2","AU","au","CA","ca","DE","de","EU","eu","FED","fed","JP","jp","IN","in", "KR", "kr"], var.environment)
+    error_message = "Argument \"environment\" must be one of \"us1\",\"us2\",\"au\",\"ca\",\"de\",\"eu\",\"fed\",\"jp\",\"kr\",\"in\"."
   }
 }
 variable "folder" {
@@ -129,4 +129,4 @@ variable "time_zone" {
 variable "aws_elb_data_filter" {
   type = string
   description = "AWS ELB Data Filter. For eg: account=prod"
-}
+}

slo_packages/aws/versions.tf

@@ -3,8 +3,8 @@ terraform {
 
   required_providers {
     sumologic = {
-      version = "~> 2.16.2"
+      version = ">= 2.31.3, < 3.0.0"
       source = "SumoLogic/sumologic"
     }
   }
-}
+}

software-development-optimization-terraform/Dockerfile

@@ -27,12 +27,13 @@ RUN curl -LO https://github.com/fourplusone/terraform-provider-jira/releases/dow
     && rm terraform-provider-jira_linux_amd64.zip 
 
 # Download and install the terraform-provider-restapi plugin
-RUN curl -LO https://github.com/Mastercard/terraform-provider-restapi/releases/download/v1.8.0/terraform-provider-restapi_v1.8.0-linux-amd64 \
-    && chmod +x terraform-provider-restapi_v1.8.0-linux-amd64 \
-    && mv terraform-provider-restapi_v1.8.0-linux-amd64 /usr/local/bin/terraform-provider-restapi
+RUN curl -LO https://github.com/Mastercard/terraform-provider-restapi/releases/download/v1.12.0/terraform-provider-restapi_v1.12.0-linux-amd64 \
+    && chmod +x terraform-provider-restapi_v1.12.0-linux-amd64 \
+    && mv terraform-provider-restapi_v1.12.0-linux-amd64 /usr/local/bin/terraform-provider-restapi
 
 # Set the working directory
 WORKDIR /sdo
+COPY . /sdo
 
 # Set an entry point for convenience (you can customize this)
 ENTRYPOINT ["bash"]

software-development-optimization-terraform/providers.tf

@@ -7,7 +7,7 @@ terraform {
     #   jira = "~> 0.1.11"
     github    = "~> 2.8"
     pagerduty = "~> 2.3"
-    sumologic = "~> 2.1.0"
+    sumologic = ">= 2.31.3, < 3.0.0"
     gitlab    = "3.6.0"
   }
-}
+}

software-development-optimization-terraform/scripts/set-sumologic-access-keys.sh

@@ -16,7 +16,7 @@ sumologic_access_key=""
 read -r sumologic_access_key
 ./scripts/update_sdo_variable sumo_access_key $sumologic_access_key
 
-echo -n "Sumo Logic Deployment Region [US1, US2, JP, IN, FED, EU, DE CA, AU]: "
+echo -n "Sumo Logic Deployment Region [US1, US2, JP, KR, IN, FED, EU, DE, CA, AU]: "
 sumologic_deployment_region=""
 read -r sumologic_deployment_region
 # Make sure we only have to deal with lowercase region values
@@ -33,6 +33,9 @@ case $sumologic_deployment_region  in
   "jp")
     sumologic_api_endpoint="https://api.jp.sumologic.com/api/"
     ;;
+  "kr")
+    sumologic_api_endpoint="https://api.kr.sumologic.com/api/"
+    ;;
   "in")
     sumologic_api_endpoint="https://api.in.sumologic.com/api/"
     ;;