diff --git a/.github/workflows/linter.yml b/.github/workflows/linter.yml index f98b87d..b92b4cb 100644 --- a/.github/workflows/linter.yml +++ b/.github/workflows/linter.yml @@ -7,7 +7,7 @@ on: - '!main' jobs: linter: - runs-on: ubuntu-20.04 + runs-on: ubuntu-latest steps: - uses: actions/checkout@v3 - name: Set up Python 3.8 diff --git a/src/integrations/aws_integration_automation/README.md b/src/integrations/aws_integration_automation/README.md index a2933ab..8acbadb 100644 --- a/src/integrations/aws_integration_automation/README.md +++ b/src/integrations/aws_integration_automation/README.md @@ -31,23 +31,23 @@ Deploys JIT integration across an entire AWS Organization using a CloudFormation ```hcl module "jit_aws_account_integration" { source = "path/to/aws_integration_automation" - + # JIT Configuration jit_client_id = var.jit_client_id jit_secret = var.jit_secret jit_region = "us" # Use "eu" for European API endpoint - + # Integration Type integration_type = "account" - + # AWS Configuration aws_regions_to_monitor = ["us-east-1", "us-west-2"] - + # Stack Configuration stack_name = "JitAccountIntegration" account_name = "Production Account" resource_name_prefix = "JitProd" - + # CloudFormation Configuration capabilities = ["CAPABILITY_NAMED_IAM"] } @@ -58,26 +58,26 @@ module "jit_aws_account_integration" { ```hcl module "jit_aws_org_integration" { source = "path/to/aws_integration_automation" - + # JIT Configuration jit_client_id = var.jit_client_id jit_secret = var.jit_secret jit_region = "us" # Use "eu" for European API endpoint - + # Integration Type integration_type = "org" - + # Organization Configuration organization_root_id = "r-xxxxxxxxxxxx" should_include_root_account = true - + # AWS Configuration aws_regions_to_monitor = ["us-east-1", "us-west-2", "eu-west-1"] - + # Stack Configuration stack_name = "JitOrgIntegration" resource_name_prefix = "JitOrg" - + # CloudFormation Configuration capabilities = ["CAPABILITY_IAM", "CAPABILITY_NAMED_IAM", "CAPABILITY_AUTO_EXPAND"] } @@ -194,7 +194,7 @@ terraform plan terraform apply ``` -### Organization Integration +### Organization Integration - **Directory**: [`examples/aws_organization/`](examples/aws_organization/) - **Main File**: `organization_integration.tf` - **Variables**: `variables.tf` @@ -282,4 +282,4 @@ terraform apply ## License -This module is part of the JIT customer scripts repository. Please refer to the main repository license for usage terms. \ No newline at end of file +This module is part of the JIT customer scripts repository. Please refer to the main repository license for usage terms. diff --git a/src/integrations/aws_integration_automation/examples/aws_organization/organization_integration.tf b/src/integrations/aws_integration_automation/examples/aws_organization/organization_integration.tf index daf0913..161e46f 100644 --- a/src/integrations/aws_integration_automation/examples/aws_organization/organization_integration.tf +++ b/src/integrations/aws_integration_automation/examples/aws_organization/organization_integration.tf @@ -3,7 +3,7 @@ terraform { required_version = ">= 1.5" - + required_providers { aws = { source = "hashicorp/aws" @@ -20,24 +20,24 @@ provider "aws" { # Organization Integration Module module "jit_aws_org_integration" { source = "../../" - + # Jit API Configuration jit_client_id = var.jit_client_id # Set via environment variable or terraform.tfvars jit_secret = var.jit_secret # Set via environment variable or terraform.tfvars jit_region = "us" # Use "eu" for European API endpoint - + # Integration Configuration integration_type = "org" aws_regions_to_monitor = var.regions_to_monitor - + # Organization Configuration organization_root_id = var.organization_root_id # Your AWS Organization Root ID should_include_root_account = var.should_include_root_account # Whether to include the management account - + # Stack Configuration stack_name = "JitOrgIntegration" resource_name_prefix = var.resource_name_prefix # Optional: Prefix for CloudFormation resources - + # CloudFormation Configuration capabilities = ["CAPABILITY_IAM", "CAPABILITY_NAMED_IAM", "CAPABILITY_AUTO_EXPAND"] } diff --git a/src/integrations/aws_integration_automation/examples/aws_organization/terraform.tfvars b/src/integrations/aws_integration_automation/examples/aws_organization/terraform.tfvars index 1a92548..059c465 100644 --- a/src/integrations/aws_integration_automation/examples/aws_organization/terraform.tfvars +++ b/src/integrations/aws_integration_automation/examples/aws_organization/terraform.tfvars @@ -2,7 +2,7 @@ # Follow the guide here - https://docs.jit.io/reference/credentials # Create creds using "Engineering Manager" role jit_client_id = "JIT_API_KEY_CLIENT_ID" -jit_secret = "JIT_API_KEY_SECRET" +jit_secret = "JIT_API_KEY_SECRET" # Should manage also the root account in Jit (false to avoid it) should_include_root_account = true @@ -17,4 +17,4 @@ regions_to_monitor = ["us-east-1", "us-west-2"] aws_region = "us-east-1" # Prefix for the resource name -resource_name_prefix = "JitOrg" \ No newline at end of file +resource_name_prefix = "JitOrg" diff --git a/src/integrations/aws_integration_automation/examples/aws_organization/variables.tf b/src/integrations/aws_integration_automation/examples/aws_organization/variables.tf index 2512c5a..51fe908 100644 --- a/src/integrations/aws_integration_automation/examples/aws_organization/variables.tf +++ b/src/integrations/aws_integration_automation/examples/aws_organization/variables.tf @@ -38,4 +38,4 @@ variable "resource_name_prefix" { description = "Prefix for the resource name" type = string default = "JitOrg" -} \ No newline at end of file +} diff --git a/src/integrations/aws_integration_automation/examples/single_account/account_integration.tf b/src/integrations/aws_integration_automation/examples/single_account/account_integration.tf index 90a96cf..9cef1b8 100644 --- a/src/integrations/aws_integration_automation/examples/single_account/account_integration.tf +++ b/src/integrations/aws_integration_automation/examples/single_account/account_integration.tf @@ -3,7 +3,7 @@ terraform { required_version = ">= 1.5" - + required_providers { aws = { source = "hashicorp/aws" @@ -20,21 +20,21 @@ provider "aws" { # Single Account Integration Module module "jit_aws_account_integration" { source = "../../" - + # Jit API Configuration jit_client_id = var.jit_client_id # Set via environment variable or terraform.tfvars jit_secret = var.jit_secret # Set via environment variable or terraform.tfvars jit_region = "us" # Use "eu" for European API endpoint - + # Integration Configuration integration_type = "account" aws_regions_to_monitor = var.regions_to_monitor - + # Stack Configuration stack_name = "JitAccountIntegration" account_name = var.account_name # Optional: Display name in Jit platform resource_name_prefix = var.resource_name_prefix # Optional: Prefix for CloudFormation resources - + # CloudFormation Configuration capabilities = ["CAPABILITY_NAMED_IAM"] } diff --git a/src/integrations/aws_integration_automation/examples/single_account/terraform.tfvars b/src/integrations/aws_integration_automation/examples/single_account/terraform.tfvars index e816caa..c876f2b 100644 --- a/src/integrations/aws_integration_automation/examples/single_account/terraform.tfvars +++ b/src/integrations/aws_integration_automation/examples/single_account/terraform.tfvars @@ -2,7 +2,7 @@ # Follow the guide here - https://docs.jit.io/reference/credentials # Create creds using "Engineering Manager" role jit_client_id = "JIT_API_KEY_CLIENT_ID" -jit_secret = "JIT_API_KEY_SECRET" +jit_secret = "JIT_API_KEY_SECRET" # AWS regions to monitor using Jit regions_to_monitor = ["us-east-1", "us-west-2"] @@ -14,4 +14,4 @@ aws_region = "us-east-1" resource_name_prefix = "JitProd" # Name of the account to monitor -account_name = "My AWS Account" \ No newline at end of file +account_name = "My AWS Account" diff --git a/src/integrations/aws_integration_automation/examples/single_account/variables.tf b/src/integrations/aws_integration_automation/examples/single_account/variables.tf index 466138b..8624c3b 100644 --- a/src/integrations/aws_integration_automation/examples/single_account/variables.tf +++ b/src/integrations/aws_integration_automation/examples/single_account/variables.tf @@ -31,4 +31,4 @@ variable "resource_name_prefix" { description = "Prefix for the resource name" type = string default = "JitProd" -} \ No newline at end of file +} diff --git a/src/integrations/aws_integration_automation/locals.tf b/src/integrations/aws_integration_automation/locals.tf index 967cb16..cc7af64 100644 --- a/src/integrations/aws_integration_automation/locals.tf +++ b/src/integrations/aws_integration_automation/locals.tf @@ -1,25 +1,25 @@ locals { # JIT API Configuration jit_api_endpoint = var.jit_region == "us" ? "https://api.jit.io" : "https://api.eu.jit.io" - + # CloudFormation template URLs based on integration type cloudformation_template_url = var.integration_type == "org" ? "https://jit-aws-prod.s3.amazonaws.com/jit_aws_org_integration_stack.json" : "https://jit-aws-prod.s3.amazonaws.com/jit_aws_integration_stack.json" - + # Resource name prefix with integration-specific defaults resource_name_prefix = var.resource_name_prefix != null ? var.resource_name_prefix : (var.integration_type == "org" ? "JitOrg" : "Jit") - + # Base extra parameters for state token request base_extra_params = { regions_to_monitor = var.aws_regions_to_monitor integration_type = var.integration_type } - + # Additional parameters for organization integration org_extra_params = var.integration_type == "org" ? { organizationRootId = var.organization_root_id shouldIncludeRootAccount = var.should_include_root_account } : {} - + # State token request body with correct structure state_token_request_body = { vendor = "aws" @@ -29,4 +29,4 @@ locals { local.org_extra_params ) } -} \ No newline at end of file +} diff --git a/src/integrations/aws_integration_automation/main.tf b/src/integrations/aws_integration_automation/main.tf index c994ee3..c13bdba 100644 --- a/src/integrations/aws_integration_automation/main.tf +++ b/src/integrations/aws_integration_automation/main.tf @@ -3,7 +3,7 @@ provider "restapi" { uri = local.jit_api_endpoint write_returns_object = true create_returns_object = true - + headers = { "Accept" = "application/json" "Content-Type" = "application/json" @@ -15,17 +15,17 @@ provider "restapi" { data "http" "jit_auth" { url = "${local.jit_api_endpoint}/authentication/login" method = "POST" - + request_headers = { "Accept" = "application/json" "Content-Type" = "application/json" } - + request_body = jsonencode({ clientId = var.jit_client_id secret = var.jit_secret }) - + lifecycle { postcondition { condition = self.status_code == 200 @@ -43,34 +43,34 @@ resource "restapi_object" "jit_state_token" { ignore_changes_to = ["token"] # Request body with state token parameters data = jsonencode(local.state_token_request_body) - + # Ignore changes to data since read endpoint returns different structure lifecycle { ignore_changes = [data] } - + depends_on = [data.http.jit_auth] } # CloudFormation Stack for single account integration resource "aws_cloudformation_stack" "jit_integration_account" { count = var.integration_type == "account" ? 1 : 0 - + name = var.stack_name template_url = local.cloudformation_template_url capabilities = var.capabilities - + parameters = { "ExternalId" = jsondecode(restapi_object.jit_state_token.create_response)["token"] "ResourceNamePrefix" = local.resource_name_prefix "AccountName" = var.account_name "ShouldIncludeRootAccount" = tostring(var.should_include_root_account) } - + lifecycle { prevent_destroy = true } - + depends_on = [ data.http.jit_auth, restapi_object.jit_state_token @@ -80,26 +80,24 @@ resource "aws_cloudformation_stack" "jit_integration_account" { # CloudFormation Stack for organization integration resource "aws_cloudformation_stack" "jit_integration_org" { count = var.integration_type == "org" ? 1 : 0 - + name = var.stack_name template_url = local.cloudformation_template_url capabilities = var.capabilities - + parameters = { "ExternalId" = jsondecode(restapi_object.jit_state_token.create_response)["token"] "ResourceNamePrefix" = local.resource_name_prefix "OrganizationRootId" = var.organization_root_id "ShouldIncludeRootAccount" = tostring(var.should_include_root_account) } - + lifecycle { prevent_destroy = true } - + depends_on = [ data.http.jit_auth, restapi_object.jit_state_token ] } - - diff --git a/src/integrations/aws_integration_automation/variables.tf b/src/integrations/aws_integration_automation/variables.tf index 8d88fba..f786c96 100644 --- a/src/integrations/aws_integration_automation/variables.tf +++ b/src/integrations/aws_integration_automation/variables.tf @@ -53,8 +53,8 @@ variable "resource_name_prefix" { default = null validation { condition = var.resource_name_prefix == null || ( - length(var.resource_name_prefix) >= 1 && - length(var.resource_name_prefix) <= 40 && + length(var.resource_name_prefix) >= 1 && + length(var.resource_name_prefix) <= 40 && can(regex("^[a-zA-Z0-9-_]*$", var.resource_name_prefix)) ) error_message = "The resource_name_prefix must be 1-40 characters and contain only alphanumeric characters, hyphens, and underscores." @@ -81,4 +81,4 @@ variable "capabilities" { description = "CloudFormation capabilities required for stack creation" type = list(string) default = ["CAPABILITY_NAMED_IAM"] -} \ No newline at end of file +} diff --git a/src/integrations/aws_integration_automation/versions.tf b/src/integrations/aws_integration_automation/versions.tf index 16c8e54..59803a4 100644 --- a/src/integrations/aws_integration_automation/versions.tf +++ b/src/integrations/aws_integration_automation/versions.tf @@ -1,25 +1,25 @@ terraform { required_version = ">= 1.5" - + required_providers { aws = { source = "hashicorp/aws" version = ">= 5.0" } - + http = { source = "hashicorp/http" version = ">= 3.0" } - + local = { source = "hashicorp/local" version = ">= 2.0" } - + restapi = { source = "Mastercard/restapi" version = ">= 1.19.1" } } -} \ No newline at end of file +} diff --git a/src/integrations/microsoft_teams/jit_bot/jit-teams-bot.zip b/src/integrations/microsoft_teams/jit_bot/jit-teams-bot.zip new file mode 100644 index 0000000..7c612d9 Binary files /dev/null and b/src/integrations/microsoft_teams/jit_bot/jit-teams-bot.zip differ