Merge pull request #3 from imperva/dev

Add automatic database on-boarding and many other small things

Former-commit-id: af138c5

.github/workflows/terraform_apply.yml

@@ -1,14 +1,27 @@
-name: 'Terraform Apply'
+name: 'Terraform Apply (simple)'
 
 on:
   schedule:
-    - cron: '0 22 * * *'
+    - cron: '0 23 * * *'
     - cron: '0 0 * * *'
-    - cron: '0 2 * * *'
   workflow_dispatch: {}
   push:
-    branches: [ "master" ]
-  # pull_request:
+    branches:
+      - 'master'
+      - 'dev'
+  pull_request:
+    types:
+      - 'opened'
+      - 'reopened'
+    branches:
+      - 'master'
+      - 'dev'
+
+env:
+  TF_WARN_OUTPUT_ERRORS: 1
+  TF_WORKSPACE: dsfkit-ci-cd
+  TF_CLI_ARGS: "-no-color"
+  TF_INPUT: 0
 
 permissions:
   contents: read
@@ -39,16 +52,24 @@ jobs:
     - name: Terraform Init
       run: terraform init
 
+    - name: Terraform Validate
+      run: terraform validate
+
     # Checks that all Terraform configuration files adhere to a canonical format
     - name: Terraform Format
       run: terraform fmt -check
+      continue-on-error: true
+
+    # Generates an execution plan for Terraform
+    - name: Terraform Plan
+      run: terraform plan
 
       # On push to "main", build or change infrastructure according to Terraform configuration files
       # Note: It is recommended to set up a required "strict" status check in your repository for "Terraform Cloud". See the documentation on "strict" required status checks for more information: https://help.github.com/en/github/administering-a-repository/types-of-required-status-checks
     - name: Terraform Apply
       # if: github.ref == 'refs/heads/"master"' && github.event_name == 'push' || github.event_name == 'workflow_dispatch'
-      run: terraform apply -auto-approve -input=false
+      run: terraform apply -auto-approve
 
     - name: Terraform Destroy
       if: always()
-      run: TF_WARN_OUTPUT_ERRORS=1 terraform destroy -auto-approve -input=false
+      run: terraform destroy -auto-approve

.github/workflows/terraform_apply_hadr.yml

@@ -0,0 +1,75 @@
+name: 'Terraform Apply (hadr)'
+
+on:
+  # schedule:
+  #   - cron: '0 1 * * *'
+  #   - cron: '0 2 * * *'
+  workflow_dispatch: {}
+  # push:
+  #   branches:
+  #     - 'master'
+  #     - 'dev'
+  # pull_request:
+  #   types:
+  #     - 'opened'
+  #     - 'reopened'
+  #   branches:
+  #     - 'master'
+  #     - 'dev'
+
+env:
+  TF_WARN_OUTPUT_ERRORS: 1
+  TF_WORKSPACE: dsfkit-ci-cd-hadr
+  TF_CLI_ARGS: "-no-color"
+  TF_INPUT: 0
+
+permissions:
+  contents: read
+
+jobs:
+  terraform:
+    name: 'Terraform'
+    runs-on: ubuntu-latest
+    environment: test
+
+    # Use the Bash shell regardless whether the GitHub Actions runner is ubuntu-latest, macos-latest, or windows-latest
+    defaults:
+      run:
+        shell: bash
+
+    steps:
+    # Checkout the repository to the GitHub Actions runner
+    - name: Checkout
+      uses: actions/checkout@v3
+
+    # Install the latest version of Terraform CLI and configure the Terraform CLI configuration file with a Terraform Cloud user API token
+    - name: Setup Terraform
+      uses: hashicorp/setup-terraform@v1
+      with:
+        cli_config_credentials_token: ${{ secrets.TF_API_TOKEN }}
+
+    # Initialize a new or existing Terraform working directory by creating initial files, loading any remote state, downloading modules, etc.
+    - name: Terraform Init
+      run: terraform init
+
+    - name: Terraform Validate
+      run: terraform validate
+
+    # Checks that all Terraform configuration files adhere to a canonical format
+    - name: Terraform Format
+      run: terraform fmt -check
+      continue-on-error: true
+
+    # Generates an execution plan for Terraform
+    - name: Terraform Plan
+      run: terraform plan
+
+      # On push to "main", build or change infrastructure according to Terraform configuration files
+      # Note: It is recommended to set up a required "strict" status check in your repository for "Terraform Cloud". See the documentation on "strict" required status checks for more information: https://help.github.com/en/github/administering-a-repository/types-of-required-status-checks
+    - name: Terraform Apply
+      # if: github.ref == 'refs/heads/"master"' && github.event_name == 'push' || github.event_name == 'workflow_dispatch'
+      run: terraform apply -auto-approve
+
+    - name: Terraform Destroy
+      if: always()
+      run: terraform destroy -auto-approve

.github/workflows/terraform_plan.yml

@@ -5,6 +5,13 @@ on:
     branches:
       - '*'
       - '!master'
+      - '!dev'
+
+env:
+  TF_WARN_OUTPUT_ERRORS: 1
+  TF_WORKSPACE: dsfkit-ci-cd
+  TF_CLI_ARGS: "-no-color"
+  TF_INPUT: 0
 
 permissions:
   contents: read
@@ -35,10 +42,17 @@ jobs:
     - name: Terraform Init
       run: terraform init
 
+    - name: Terraform Validate
+      run: terraform validate
+
     # Checks that all Terraform configuration files adhere to a canonical format
     - name: Terraform Format
       run: terraform fmt -check
+      continue-on-error: true
 
     # Generates an execution plan for Terraform
-    - name: Terraform Plan
-      run: terraform plan -input=false
+    - name: Terraform Plan (simple)
+      run: terraform plan
+
+    - name: Terraform Plan (hadr)
+      run: TF_WORKSPACE=dsfkit-ci-cd-hadr terraform plan

.gitignore

@@ -12,3 +12,8 @@ dsf_hub_ssh_key.pub
 *.terraform*
 *.DS_Store
 *ssh_keys*
+*tmp-*
+**/tmp/
+generate_token.sh
+hub_token
+myip-default

README.md

@@ -2,7 +2,8 @@
 
 [Temporarly, the full documentation can be found here](https://docs.google.com/document/d/1wzCrAkU2tk5e7L8pYLOeyJYai7upFBLhANWY1yDTOao/edit?usp=sharing)
 
-<!-- # DSFKIT
+<!--
+# DSFKIT
 DSFKIT is the official Terraform toolkit designed to automate the deployment and maintanence of Imperva's Data Security Fabric AKA DSF.
 
 # Installation Modes