release v0.5.8 from PR #980

release v0.5.8 from PR #980

Author: eschultink

CHANGELOG.md

@@ -7,6 +7,9 @@ Changes to be including in future/planned release notes will be added here.
 
 ## Next
 
+## [0.5.8](https://github.com/Worklytics/psoxy/release/tag/v0.5.8)
+- **GCP**: Changed default value of `bucket_force_destroy` from `true` to `false` across all GCP modules. Customers upgrading may see this change from `true` → `false`. To maintain the previous behavior, add `bucket_force_destroy = true` to your terraform.tfvars file.
+
 ## [0.5.7](https://github.com/Worklytics/psoxy/release/tag/v0.5.7)
   - `Confluence`: added new connector for supporting fetching Confluence Cloud data, through OAuth 2.0 (3LO)
 

docs/gcp/cloud-shell.md

@@ -1,23 +1,33 @@
-# Getting Started with Google Cloud Shell
+# Google Cloud Shell
 
-1. clone the repo (or a [private-fork](../development/private-fork.md) of it)
+IMPORTANT: Google Cloud Shells are somewhat ephemeral; GCP will delete the `home` directory of your Cloud Shell if you don't use it for ~180 days or so. As such, please be CERTAIN that you 1) [use a remote terraform state backend](https://developer.hashicorp.com/terraform/language/backend) and 2) commit or otherwise backup the Terraform configuration files you create/modify.
 
-```shell
-git clone https://github.com/Worklytics/psoxy.git
-```
 
-2. if using Microsoft 365 sources, install and authenticate Azure CLI
+## Why Google Cloud Shell?
+
+Google Cloud Shell is implicitly auth'd as your GCP user, which eases running `terraform` to deploy GCP-hosted proxy instances as well as connectors to Google Workspace. So if you're hosting in GCP, or even if you're hosting in AWS but connecting to Google Workspace data, running in GCP cloud shell may be simpler than in a location where you must authenticate with BOTH aws and gcp. 
+
+Cloud Shell offers security benefits over your personal laptop. Even if you use a remote state solution, sensitive information handled by terraform will transit the environment where `terraform` executes. Cloud shell avoids your laptop, local network, and the public internet being in this loop. And there's nothing physical to get lost/stolen/damaged. 
+
+Cloud Shell offers both a terminal and an editor interface via the web. This is more convenient than running terraform in a plain container/VM, where you'd be limited to a terminal and file transfer can be tricky.
+
+
+## Why not Google Cloud Shell?
+
+Stock dependencies provided by Google are somewhat old; you'll have to update and maintain a few of them to manage the proxy, which may be redundant if you maintain your laptop for terraform/git/java/maven development. As of v0.5.x of the proxy, the stock `terraform` is insufficient; with `v0.6.x`, we anticipate the stock `mvn`/`java` will also be too old.
+
+Per above, GCP is a bit stingy about keeping Google Cloud shell home directories around if not in "active" use; so you need to ensure you log into it periodically. Even if you back-up your Terraform configurations and state to locations outside the shell, if your Cloud Shell instance is de-provisioned by GCP - you'll need to repeat the 'Getting Started' steps again to install all the dependencies/etc.
 
-https://docs.microsoft.com/en-us/cli/azure/install-azure-cli
+## Getting Started
 
-3. if deploying AWS infra,
-   [install](https://docs.aws.amazon.com/cli/latest/userguide/getting-started-install.html) and
-   authenticate AWS CLI
+1. install `tfenv`, to ease getting proper version of terraform:
 
 ```shell
-curl "https://awscli.amazonaws.com/awscli-exe-linux-x86_64.zip" -o "awscliv2.zip"
-unzip awscliv2.zip
-sudo ./aws/install
+git clone https://github.com/tfutils/tfenv.git ~/.tfenv
+mkdir ~/bin
+ln -s ~/.tfenv/bin/* ~/bin/
+tfenv install
+tfenv use latest
 ```
 
-You should now be ready for the general instructions in the [README.md](../README.md).
+You should now be ready to continue with the [general setup](https://docs.worklytics.co/psoxy#setup). Those steps should include installation of AWS CLI (for AWS-hosted) and Azure CLI (required for MSFT 365 sources)

infra/examples-dev/aws/google-workspace.tf

@@ -8,7 +8,7 @@ provider "google" {
 
 module "worklytics_connectors_google_workspace" {
   source = "../../modules/worklytics-connectors-google-workspace"
-  # source = "git::https://github.com/worklytics/psoxy//infra/modules/worklytics-connectors-google-workspace?ref=v0.5.7"
+  # source = "git::https://github.com/worklytics/psoxy//infra/modules/worklytics-connectors-google-workspace?ref=v0.5.8"
 
   providers = {
     google = google.google_workspace

infra/examples-dev/aws/main.tf

@@ -21,7 +21,7 @@ terraform {
 # general cases
 module "worklytics_connectors" {
   source = "../../modules/worklytics-connectors"
-  # source = "git::https://github.com/worklytics/psoxy//infra/modules/worklytics-connectors?ref=v0.5.7"
+  # source = "git::https://github.com/worklytics/psoxy//infra/modules/worklytics-connectors?ref=v0.5.8"
 
   enabled_connectors                       = var.enabled_connectors
   chat_gpt_enterprise_example_workspace_id = var.chat_gpt_enterprise_example_workspace_id
@@ -106,7 +106,7 @@ locals {
 
 module "psoxy" {
   source = "../../modules/aws-host"
-  # source = "git::https://github.com/worklytics/psoxy//infra/modules/aws-host?ref=v0.5.7"
+  # source = "git::https://github.com/worklytics/psoxy//infra/modules/aws-host?ref=v0.5.8"
 
   environment_name                     = var.environment_name
   aws_account_id                       = var.aws_account_id
@@ -170,7 +170,7 @@ module "connection_in_worklytics" {
   for_each = local.all_instances
 
   source = "../../modules/worklytics-psoxy-connection-aws"
-  # source = "git::https://github.com/worklytics/psoxy//infra/modules/worklytics-psoxy-connection-aws?ref=v0.5.7"
+  # source = "git::https://github.com/worklytics/psoxy//infra/modules/worklytics-psoxy-connection-aws?ref=v0.5.8"
 
   proxy_instance_id    = each.key
   worklytics_host      = var.worklytics_host

infra/examples-dev/aws/msft-365.tf

@@ -2,7 +2,7 @@
 
 module "worklytics_connectors_msft_365" {
   source = "../../modules/worklytics-connectors-msft-365"
-  # source = "git::https://github.com/worklytics/psoxy//infra/modules/worklytics-connectors-msft-365?ref=v0.5.7"
+  # source = "git::https://github.com/worklytics/psoxy//infra/modules/worklytics-connectors-msft-365?ref=v0.5.8"
 
   enabled_connectors                         = var.enabled_connectors
   environment_id                             = var.environment_name
@@ -48,7 +48,7 @@ module "cognito_identity_pool" {
   count = local.msft_365_enabled ? 1 : 0 # only provision identity pool if MSFT-365 connectors are enabled
 
   source = "../../modules/aws-cognito-pool"
-  # source = "git::https://github.com/worklytics/psoxy//infra/modules/aws-cognito-pool?ref=v0.5.7"
+  # source = "git::https://github.com/worklytics/psoxy//infra/modules/aws-cognito-pool?ref=v0.5.8"
 
   developer_provider_name = local.developer_provider_name
   name                    = "${local.env_qualifier}-azure-ad-federation"
@@ -71,7 +71,7 @@ module "cognito_identity" {
   count = local.msft_365_enabled ? 1 : 0 # only provision identity pool if MSFT-365 connectors are enabled
 
   source = "../../modules/aws-cognito-identity-cli"
-  # source = "git::https://github.com/worklytics/psoxy//infra/modules/aws-cognito-identity-cli?ref=v0.5.7"
+  # source = "git::https://github.com/worklytics/psoxy//infra/modules/aws-cognito-identity-cli?ref=v0.5.8"
 
   aws_region       = data.aws_region.current.id
   aws_role         = var.aws_assume_role_arn
@@ -108,7 +108,7 @@ module "msft_connection_auth_federation" {
   for_each = local.provision_entraid_apps ? local.enabled_to_entraid_object : local.shared_to_entraid_object
 
   source = "../../modules/azuread-federated-credentials"
-  # source = "git::https://github.com/worklytics/psoxy//infra/modules/azuread-federated-credentials?ref=v0.5.7"
+  # source = "git::https://github.com/worklytics/psoxy//infra/modules/azuread-federated-credentials?ref=v0.5.8"
 
   application_id = each.value.connector_id
   display_name   = "${local.env_qualifier}AccessFromAWS"

infra/examples-dev/gcp/google-workspace.tf

@@ -8,7 +8,7 @@ provider "google" {
 
 module "worklytics_connectors_google_workspace" {
   source = "../../modules/worklytics-connectors-google-workspace"
-  # source = "git::https://github.com/worklytics/psoxy//infra/modules/worklytics-connectors-google-workspace?ref=v0.5.7"
+  # source = "git::https://github.com/worklytics/psoxy//infra/modules/worklytics-connectors-google-workspace?ref=v0.5.8"
 
   providers = {
     google = google.google_workspace

infra/examples-dev/gcp/main.tf

@@ -29,7 +29,7 @@ locals {
 # call this 'generic_source_connectors'?
 module "worklytics_connectors" {
   source = "../../modules/worklytics-connectors"
-  # source = "git::https://github.com/worklytics/psoxy//infra/modules/worklytics-connectors?ref=v0.5.7"
+  # source = "git::https://github.com/worklytics/psoxy//infra/modules/worklytics-connectors?ref=v0.5.8"
 
   enabled_connectors                       = var.enabled_connectors
   chat_gpt_enterprise_example_workspace_id = var.chat_gpt_enterprise_example_workspace_id
@@ -84,7 +84,7 @@ locals {
 
 module "psoxy" {
   source = "../../modules/gcp-host"
-  # source = "git::https://github.com/worklytics/psoxy//infra/modules/gcp-host?ref=v0.5.7"
+  # source = "git::https://github.com/worklytics/psoxy//infra/modules/gcp-host?ref=v0.5.8"
 
   gcp_project_id                    = var.gcp_project_id
   environment_name                  = var.environment_name
@@ -121,6 +121,7 @@ module "psoxy" {
   custom_side_outputs             = var.custom_side_outputs
   todos_as_local_files            = var.todos_as_local_files
   todo_step                       = local.max_auth_todo_step
+  bucket_force_destroy            = var.bucket_force_destroy
 }
 
 locals {
@@ -132,7 +133,7 @@ module "connection_in_worklytics" {
   for_each = local.all_instances
 
   source = "../../modules/worklytics-psoxy-connection-generic"
-  # source = "git::https://github.com/worklytics/psoxy//infra/modules/worklytics-psoxy-connection-generic?ref=v0.5.7"
+  # source = "git::https://github.com/worklytics/psoxy//infra/modules/worklytics-psoxy-connection-generic?ref=v0.5.8"
 
   host_platform_id  = local.host_platform_id
   proxy_instance_id = each.key

infra/examples-dev/gcp/msft-365.tf

@@ -2,7 +2,7 @@
 
 module "worklytics_connectors_msft_365" {
   source = "../../modules/worklytics-connectors-msft-365"
-  # source = "git::https://github.com/worklytics/psoxy//infra/modules/worklytics-connectors-msft-365?ref=v0.5.7"
+  # source = "git::https://github.com/worklytics/psoxy//infra/modules/worklytics-connectors-msft-365?ref=v0.5.8"
 
   enabled_connectors                         = var.enabled_connectors
   environment_id                             = var.environment_name
@@ -34,7 +34,7 @@ module "msft-connection-auth-federation" {
   for_each = module.worklytics_connectors_msft_365.enabled_api_connectors
 
   source = "../../modules/azuread-federated-credentials"
-  # source = "git::https://github.com/worklytics/psoxy//infra/modules/azuread-federated-credentials?ref=v0.5.7"
+  # source = "git::https://github.com/worklytics/psoxy//infra/modules/azuread-federated-credentials?ref=v0.5.8"
 
   application_id = each.value.connector.id
   display_name   = "GcpFederation"

infra/examples-dev/gcp/variables.tf

@@ -407,3 +407,9 @@ variable "todos_as_local_files" {
   description = "whether to render TODOs as flat files"
   default     = true
 }
+
+variable "bucket_force_destroy" {
+  type        = bool
+  description = "set the `force_destroy` flag on each google_storage_bucket provisioned by this configuration"
+  default     = false
+}

infra/modules/aws-psoxy-bulk/main.tf

@@ -8,6 +8,17 @@ resource "random_string" "bucket_suffix" {
   lower   = true
   upper   = false
   special = false
+
+  lifecycle {
+    # just NEVER recreate this random string; never what we're going to want to do, as will re-create the buckets
+    ignore_changes = [
+      length,
+      special,
+      lower,
+      upper,
+      numeric,
+    ]
+  }
 }
 
 module "env_id" {