move asset inv under cdr

elastic · Sep 11, 2024 · 1caf75e · 1caf75e
1 parent dd47d3f
commit 1caf75e
Show file tree

Hide file tree

Showing 9 changed files with 46 additions and 61 deletions.
diff --git a/.github/workflows/test-environment.yml b/.github/workflows/test-environment.yml
@@ -228,17 +228,6 @@ jobs:
           enrollment_token="init"
           echo "::add-mask::$enrollment_token"
           echo "ENROLLMENT_TOKEN=$enrollment_token" >> $GITHUB_ENV
-      # TODO: remove
-      # - name: Init CDR Infra
-      #   id: init-cdr-infra
-      #   env:
-      #     INPUT_CDR_INFRA: ${{ inputs.cdr-infra }}
-      #   run: |
-      #     if [[ "${INPUT_CDR_INFRA:-}" == "true" ]]; then
-      #       echo "CDR_INFRA=true" >> $GITHUB_ENV
-      #     else
-      #       echo "CDR_INFRA=false" >> $GITHUB_ENV
-      #     fi
 
       - name: Init Infra Type
         id: init-infra-type
@@ -338,9 +327,8 @@ jobs:
           ./manage_infrastructure.sh "$INFRA_TYPE" "upload"
           echo "s3-bucket-folder=${S3_BUCKET}" >> $GITHUB_OUTPUT
           echo "aws-cnvm-stack=${CNVM_STACK_NAME}" >> $GITHUB_OUTPUT
-          # TODO: remove "true" after debugging
-          python3 ../../.ci/scripts/create_env_config.py || true
-          aws s3 cp "./env_config.json" "${S3_BUCKET}/env_config.json" || true
+          python3 ../../.ci/scripts/create_env_config.py
+          aws s3 cp "./env_config.json" "${S3_BUCKET}/env_config.json"
       # TODO: remove
       # - name: Upload tf state
       #   id: upload-state
@@ -548,18 +536,19 @@ jobs:
         working-directory: ${{ env.WORKING_DIR }}/cis
         run: |
           scriptname="cspm-linux.sh"
-          src="../../$INTEGRATIONS_SETUP_DIR/$scriptname"
+          src="../../../$INTEGRATIONS_SETUP_DIR/$scriptname"
           cmd="chmod +x $scriptname && ./$scriptname"
-          ../../.ci/scripts/remote_setup.sh -k "$EC2_CSPM_KEY" -s "$src" -h "$CSPM_PUBLIC_IP" -d "~/$scriptname" -c "$cmd"
+          ../../../.ci/scripts/remote_setup.sh -k "$EC2_CSPM_KEY" -s "$src" -h "$CSPM_PUBLIC_IP" -d "~/$scriptname" -c "$cmd"
 
       - name: Install AWS Asset Inventory integration
         id: aws-asset-inventory
+        if: env.INFRA_TYPE != 'cis'
         working-directory: ${{ env.INTEGRATIONS_SETUP_DIR }}
         run: |
           poetry run python ./install_aws_asset_inventory_integration.py
 
       - name: Deploy AWS Asset Inventory agent
-        if: env.INFRA_TYPE != 'cdr'
+        if: env.INFRA_TYPE != 'cis'
         working-directory: ${{ env.WORKING_DIR }}/cis
         run: |
           scriptname="aws-asset-inventory-linux.sh"
@@ -578,7 +567,6 @@ jobs:
             aws s3 cp "./kspm_unmanaged.yaml" "$S3_BUCKET/kspm_unmanaged.yaml"
             aws s3 cp "./kspm_d4c.yaml" "$S3_BUCKET/kspm_d4c.yaml"
             aws s3 cp "./kspm_eks.yaml" "$S3_BUCKET/kspm_eks.yaml"
-            aws s3 cp "./aws-asset-inventory-linux.sh" "$S3_BUCKET/aws-asset-inventory-linux.sh"
           fi
           aws s3 cp "./state_data.json" "$S3_BUCKET/state_data.json"
 

diff --git a/deploy/test-environments/cdr/main.tf b/deploy/test-environments/cdr/main.tf
@@ -59,4 +59,14 @@ module "azure_vm_activity_logs" {
   specific_tags   = merge(local.common_tags, { "vm_type" : "activity-logs" })
 }
 
+module "aws_ec2_for_asset_inventory" {
+  count           = var.deploy_aws_asset_inventory ? 1 : 0
+  source          = "../../cloud/modules/ec2"
+  providers       = { aws : aws }
+  aws_ami         = var.ami_map[var.region]
+  deploy_k8s      = false
+  deploy_agent    = false
+  deployment_name = "${var.deployment_name}-${random_string.suffix.result}"
+  specific_tags   = merge(local.common_tags, { "ec2_type" : "asset_inventory" })
+}
 # ===== End Of CDR Infrastructure Resources =====
diff --git a/deploy/test-environments/cdr/output.tf b/deploy/test-environments/cdr/output.tf
@@ -47,3 +47,18 @@ output "az_vm_activity_logs_key" {
   value     = var.deploy_az_vm ? module.azure_vm_activity_logs[0].azure_vm_ssh_key : null
   sensitive = true
 }
+
+output "ec2_asset_inventory_ssh_cmd" {
+  value     = module.aws_ec2_for_asset_inventory[0].cloudbeat_ssh_cmd
+  sensitive = true
+}
+
+output "ec2_asset_inventory_public_ip" {
+  value     = module.aws_ec2_for_asset_inventory[0].aws_instance_cloudbeat_public_ip
+  sensitive = true
+}
+
+output "ec2_asset_inventory_key" {
+  value     = module.aws_ec2_for_asset_inventory[0].ec2_ssh_key
+  sensitive = true
+}
diff --git a/deploy/test-environments/cdr/variables.tf b/deploy/test-environments/cdr/variables.tf
@@ -60,6 +60,12 @@ variable "deploy_aws_ec2" {
   default     = true
 }
 
+variable "deploy_aws_asset_inventory" {
+  description = "Deploy AWS Asset Inventory EC2 resources"
+  type        = bool
+  default     = true
+}
+
 # ========= Cloud Tags ========================
 variable "division" {
   default     = "engineering"

diff --git a/deploy/test-environments/cis/main.tf b/deploy/test-environments/cis/main.tf
@@ -40,17 +40,6 @@ module "aws_ec2_for_cspm" {
   specific_tags   = merge(local.common_tags, { "ec2_type" : "cspm" })
 }
 
-module "aws_ec2_for_asset_inventory" {
-  count           = var.deploy_aws_asset_inventory ? 1 : 0
-  source          = "../../cloud/modules/ec2"
-  providers       = { aws : aws }
-  aws_ami         = var.ami_map[var.region]
-  deploy_k8s      = false
-  deploy_agent    = false
-  deployment_name = "${var.deployment_name}-${random_string.suffix.result}"
-  specific_tags   = merge(local.common_tags, { "ec2_type" : "asset_inventory" })
-}
-
 module "eks" {
   source                      = "../../cloud/modules/provision-eks-cluster"
   region                      = var.region

diff --git a/deploy/test-environments/cis/output.tf b/deploy/test-environments/cis/output.tf
@@ -37,18 +37,4 @@ output "ec2_cspm_key" {
   sensitive = true
 }
 
-output "ec2_asset_inventory_ssh_cmd" {
-  value     = module.aws_ec2_for_asset_inventory[0].cloudbeat_ssh_cmd
-  sensitive = true
-}
-
-output "ec2_asset_inventory_public_ip" {
-  value     = module.aws_ec2_for_asset_inventory[0].aws_instance_cloudbeat_public_ip
-  sensitive = true
-}
-
-output "ec2_asset_inventory_key" {
-  value     = module.aws_ec2_for_asset_inventory[0].ec2_ssh_key
-  sensitive = true
-}
 # =============================================================
diff --git a/deploy/test-environments/cis/variables.tf b/deploy/test-environments/cis/variables.tf
@@ -33,12 +33,6 @@ variable "deploy_aws_cspm" {
   default     = true
 }
 
-variable "deploy_aws_asset_inventory" {
-  description = "Deploy AWS Asset Inventory EC2 resources"
-  type        = bool
-  default     = true
-}
-
 variable "division" {
   default     = "engineering"
   type        = string

diff --git a/deploy/test-environments/set_cloud_env_params.sh b/deploy/test-environments/set_cloud_env_params.sh
@@ -37,10 +37,6 @@ output_cis_vars() {
     echo "::add-mask::$EC2_KSPM"
     echo "EC2_KSPM=$EC2_KSPM" >>"$GITHUB_ENV"
 
-    EC2_ASSET_INV=$(terraform output -raw ec2_asset_inventory_ssh_cmd)
-    echo "::add-mask::$EC2_ASSET_INV"
-    echo "EC2_ASSET_INV=$EC2_ASSET_INV" >>"$GITHUB_ENV"
-
     EC2_CSPM_KEY=$(terraform output -raw ec2_cspm_key)
     echo "::add-mask::$EC2_CSPM_KEY"
     echo "EC2_CSPM_KEY=$EC2_CSPM_KEY" >>"$GITHUB_ENV"
@@ -49,10 +45,6 @@ output_cis_vars() {
     echo "::add-mask::$EC2_KSPM_KEY"
     echo "EC2_KSPM_KEY=$EC2_KSPM_KEY" >>"$GITHUB_ENV"
 
-    EC2_ASSET_INV_KEY=$(terraform output -raw ec2_asset_inventory_key)
-    echo "::add-mask::$EC2_ASSET_INV_KEY"
-    echo "EC2_ASSET_INV_KEY=$EC2_ASSET_INV_KEY" >>"$GITHUB_ENV"
-
     KSPM_PUBLIC_IP=$(terraform output -raw ec2_kspm_public_ip)
     echo "::add-mask::$KSPM_PUBLIC_IP"
     echo "KSPM_PUBLIC_IP=$KSPM_PUBLIC_IP" >>"$GITHUB_ENV"
@@ -61,9 +53,6 @@ output_cis_vars() {
     echo "::add-mask::$CSPM_PUBLIC_IP"
     echo "CSPM_PUBLIC_IP=$CSPM_PUBLIC_IP" >>"$GITHUB_ENV"
 
-    ASSET_INV_PUBLIC_IP=$(terraform output -raw ec2_asset_inventory_public_ip)
-    echo "::add-mask::$ASSET_INV_PUBLIC_IP"
-    echo "ASSET_INV_PUBLIC_IP=$ASSET_INV_PUBLIC_IP" >>"$GITHUB_ENV"
 }
 
 # Function to output cis variables
@@ -91,6 +80,14 @@ output_cdr_vars() {
     gcp_audit_logs_key=$(terraform output -raw gcp_audit_logs_key)
     echo "::add-mask::$gcp_audit_logs_key"
     echo "AUDIT_LOGS_KEY=$gcp_audit_logs_key" >>"$GITHUB_ENV"
+
+    ec2_asset_inv_key=$(terraform output -raw ec2_asset_inventory_key)
+    echo "::add-mask::$ec2_asset_inv_key"
+    echo "EC2_ASSET_INV_KEY=$ec2_asset_inv_key" >>"$GITHUB_ENV"
+
+    asset_inv_public_ip=$(terraform output -raw ec2_asset_inventory_public_ip)
+    echo "::add-mask::$asset_inv_public_ip"
+    echo "ASSET_INV_PUBLIC_IP=$asset_inv_public_ip" >>"$GITHUB_ENV"
 }
 
 # Check for valid input

diff --git a/deploy/test-environments/upload_state.sh b/deploy/test-environments/upload_state.sh
@@ -10,7 +10,6 @@ upload_cis() {
     aws s3 cp "./terraform.tfstate" "${S3_BUCKET}/cis-terraform.tfstate"
     aws s3 cp "${EC2_CSPM_KEY}" "${S3_BUCKET}/cspm.pem"
     aws s3 cp "${EC2_KSPM_KEY}" "${S3_BUCKET}/kspm.pem"
-    aws s3 cp "${EC2_ASSET_INV_KEY}" "${S3_BUCKET}/asset_inv.pem"
 }
 
 # Function to upload additional keys for CDR
@@ -19,6 +18,7 @@ upload_cdr() {
     aws s3 cp "${CLOUDTRAIL_KEY}" "${S3_BUCKET}/cloudtrail.pem"
     aws s3 cp "${ACTIVITY_LOGS_KEY}" "${S3_BUCKET}/az_activity_logs.pem"
     aws s3 cp "${AUDIT_LOGS_KEY}" "${S3_BUCKET}/gcp_audit_logs.pem"
+    aws s3 cp "${EC2_ASSET_INV_KEY}" "${S3_BUCKET}/asset_inv.pem"
 }
 
 # Check for valid input