Skip to content

Commit

Permalink
Disable deployment of Asset Inventory for versions below 8.16 (#2642)
Browse files Browse the repository at this point in the history
* Disable deployment of Asset Inventory for versions below 8.16

* Fixing CI

* Fixing bad substitution

* Adding login to az and gcp

* bump image

* Refactor to action

* Remove trailing space

* Revert "Remove trailing space"

This reverts commit 79b12f5.

* Revert "Refactor to action"

This reverts commit cf3db80.

* Stack version pull to env

---------

Co-authored-by: Dmitry Gurevich <[email protected]>
  • Loading branch information
jeniawhite and gurevichdmitry authored Oct 30, 2024
1 parent 29e90ed commit 44b0fd0
Show file tree
Hide file tree
Showing 3 changed files with 62 additions and 4 deletions.
32 changes: 29 additions & 3 deletions .github/workflows/ci.yml
Original file line number Diff line number Diff line change
Expand Up @@ -19,6 +19,29 @@ concurrency:
cancel-in-progress: true

jobs:
check-asset-inventory-supported-version:
name: Check Asset Inventory supported version
runs-on: ubuntu-22.04
outputs:
asset_inventory_supported: ${{ steps.check-asset-inventory-supported-version.outputs.asset_inventory_supported }}
steps:
- name: Check out the repo
uses: actions/checkout@v4

- name: Check Asset Inventory supported version
id: check-asset-inventory-supported-version
env:
STACK_VERSION: ${{ env.ELK_VERSION }}
run: |
MIN_VERSION="8.16.0"
if [[ "$(echo -e "$MIN_VERSION\n$STACK_VERSION" | sort -V | head -n 1)" == "$MIN_VERSION" ]]; then
echo "Stack version meets the requirement: $STACK_VERSION >= $MIN_VERSION."
echo "asset_inventory_supported=true" >> $GITHUB_ENV
else
echo "Stack version is below the requirement: $STACK_VERSION < $MIN_VERSION."
echo "asset_inventory_supported=false" >> $GITHUB_ENV
fi
init-hermit:
name: Init Hermit Tools
runs-on: ubuntu-22.04
Expand Down Expand Up @@ -55,9 +78,10 @@ jobs:
azure-client-secret: ${{ fromJSON(secrets.AZURE_CREDENTIALS).clientSecret }}

ci-azure-asset-inventory:
needs: [ init-hermit ]
needs: [ init-hermit, check-asset-inventory-supported-version ]
name: Azure Asset Inventory CI
runs-on: ubuntu-22.04
if: needs.check-asset-inventory-supported-version.outputs.asset_inventory_supported == 'true'
timeout-minutes: 60
permissions:
contents: "read"
Expand Down Expand Up @@ -101,9 +125,10 @@ jobs:
aws-account-type: single-account

ci-aws-asset-inventory:
needs: [ init-hermit ]
needs: [ init-hermit, check-asset-inventory-supported-version ]
name: AWS Asset Inventory CI
runs-on: ubuntu-22.04
if: needs.check-asset-inventory-supported-version.outputs.asset_inventory_supported == 'true'
timeout-minutes: 60
permissions:
contents: "read"
Expand Down Expand Up @@ -147,9 +172,10 @@ jobs:
gcp-account-type: 'single-account'

ci-gcp-asset-inventory:
needs: [init-hermit]
needs: [ init-hermit, check-asset-inventory-supported-version ]
name: GCP Asset Inventory CI
runs-on: ubuntu-22.04
if: needs.check-asset-inventory-supported-version.outputs.asset_inventory_supported == 'true'
timeout-minutes: 60
permissions:
contents: "read"
Expand Down
21 changes: 20 additions & 1 deletion .github/workflows/test-environment.yml
Original file line number Diff line number Diff line change
Expand Up @@ -425,15 +425,29 @@ jobs:
AZURE_TAGS: ${{ env.AZURE_DEFAULT_TAGS }}
run: ./install_agent_az_cli.sh

- name: Check Asset Inventory supported version
id: asset-inventory-version-check
run: |
MIN_VERSION="8.16.0"
if [[ "$(echo -e "$MIN_VERSION\n$STACK_VERSION" | sort -V | head -n 1)" == "$MIN_VERSION" ]]; then
echo "Stack version meets the requirement: $STACK_VERSION >= $MIN_VERSION."
echo "asset_inventory_supported=true" >> $GITHUB_ENV
else
echo "Stack version is below the requirement: $STACK_VERSION < $MIN_VERSION."
echo "asset_inventory_supported=false" >> $GITHUB_ENV
fi
- name: Install Azure Asset Inventory integration
id: azure-asset-inventory-integration
working-directory: ${{ env.INTEGRATIONS_SETUP_DIR }}
if: env.asset_inventory_supported == 'true'
run: |
poetry run python ./install_azure_asset_inventory_integration.py
- name: Deploy Azure Asset Inventory agent
id: azure-asset-inventory-agent
working-directory: deploy/azure
if: env.asset_inventory_supported == 'true'
env:
AZURE_TAGS: ${{ env.AZURE_DEFAULT_TAGS }}
DEPLOYMENT_NAME: "${{ env.DEPLOYMENT_NAME }}-inventory"
Expand Down Expand Up @@ -491,10 +505,12 @@ jobs:
- name: Install AWS Asset Inventory integration
id: aws-asset-inventory
working-directory: ${{ env.INTEGRATIONS_SETUP_DIR }}
if: env.asset_inventory_supported == 'true'
run: |
poetry run python ./install_aws_asset_inventory_integration.py
- name: Deploy AWS Asset Inventory agent
if: env.asset_inventory_supported == 'true'
run: |
scriptname="aws-asset-inventory-linux.sh"
src="../../$INTEGRATIONS_SETUP_DIR/$scriptname"
Expand All @@ -505,13 +521,16 @@ jobs:
if: always()
env:
S3_BUCKET: "${{ env.S3_BASE_BUCKET }}/${{ env.DEPLOYMENT_NAME }}_${{ env.TF_STATE_FOLDER }}"
ASSET_INVENTORY_SUPPORTED: "${{ env.asset_inventory_supported }}"
working-directory: ${{ env.INTEGRATIONS_SETUP_DIR }}
run: |
aws s3 cp "./kspm_unmanaged.yaml" "$S3_BUCKET/kspm_unmanaged.yaml"
aws s3 cp "./kspm_d4c.yaml" "$S3_BUCKET/kspm_d4c.yaml"
aws s3 cp "./kspm_eks.yaml" "$S3_BUCKET/kspm_eks.yaml"
aws s3 cp "./cspm-linux.sh" "$S3_BUCKET/cspm-linux.sh"
aws s3 cp "./aws-asset-inventory-linux.sh" "$S3_BUCKET/aws-asset-inventory-linux.sh"
if [[ "${ASSET_INVENTORY_SUPPORTED}" == "true" ]]; then
aws s3 cp "./aws-asset-inventory-linux.sh" "$S3_BUCKET/aws-asset-inventory-linux.sh"
fi
aws s3 cp "./state_data.json" "$S3_BUCKET/state_data.json"
- name: Install Agentless integrations
Expand Down
13 changes: 13 additions & 0 deletions .github/workflows/upgrade-environment.yml
Original file line number Diff line number Diff line change
Expand Up @@ -128,6 +128,19 @@ jobs:
role-session-name: github-ci
aws-region: ${{ env.AWS_REGION }}

- id: google-auth
name: Authenticate to Google Cloud
uses: google-github-actions/auth@v2
with:
workload_identity_provider: ${{ secrets.GCP_WORKLOAD_IDENTITY_PROVIDER }}
service_account: ${{ secrets.GCP_SERVICE_ACCOUNT }}

- id: azure-auth
name: Azure login
uses: azure/login@v2
with:
creds: ${{ secrets.AZURE_CREDENTIALS }}

- name: Download tf state data
env:
S3_BUCKET: ${{ needs.deploy.outputs.s3-bucket }}
Expand Down

0 comments on commit 44b0fd0

Please sign in to comment.