update to v0.5.14

google-workspace.tf

@@ -7,7 +7,7 @@ provider "google" {
 
 
 module "worklytics_connectors_google_workspace" {
-  source = "git::https://github.com/worklytics/psoxy//infra/modules/worklytics-connectors-google-workspace?ref=v0.5.13"
+  source = "git::https://github.com/worklytics/psoxy//infra/modules/worklytics-connectors-google-workspace?ref=v0.5.14"
 
 
   providers = {

main.tf

@@ -28,7 +28,7 @@ locals {
 # be provisioned via Terraform, so doesn't add any dependencies
 # call this 'generic_source_connectors'?
 module "worklytics_connectors" {
-  source = "git::https://github.com/worklytics/psoxy//infra/modules/worklytics-connectors?ref=v0.5.13"
+  source = "git::https://github.com/worklytics/psoxy//infra/modules/worklytics-connectors?ref=v0.5.14"
 
   enabled_connectors                       = var.enabled_connectors
   chat_gpt_enterprise_example_workspace_id = var.chat_gpt_enterprise_example_workspace_id
@@ -85,7 +85,7 @@ locals {
 
 
 module "psoxy" {
-  source = "git::https://github.com/worklytics/psoxy//infra/modules/gcp-host?ref=v0.5.13"
+  source = "git::https://github.com/worklytics/psoxy//infra/modules/gcp-host?ref=v0.5.14"
 
   gcp_project_id                    = var.gcp_project_id
   environment_name                  = var.environment_name
@@ -124,6 +124,7 @@ module "psoxy" {
   todo_step                       = local.max_auth_todo_step
   bucket_force_destroy            = var.bucket_force_destroy
   tf_gcp_principal_email          = var.gcp_terraform_sa_account_email
+  provision_project_level_iam     = var.provision_project_level_iam
 }
 
 locals {
@@ -144,14 +145,14 @@ locals {
 module "connection_in_worklytics" {
   for_each = local.all_instances
 
-  source = "git::https://github.com/worklytics/psoxy//infra/modules/worklytics-psoxy-connection-generic?ref=v0.5.13"
+  source = "git::https://github.com/worklytics/psoxy//infra/modules/worklytics-psoxy-connection-generic?ref=v0.5.14"
 
-  host_platform_id  = local.host_platform_id
-  proxy_instance_id = each.key
-  worklytics_host   = var.worklytics_host
-  connector_id      = try(local.all_connectors[each.key].worklytics_connector_id, "")
-  display_name      = try(local.all_connectors[each.key].worklytics_connector_name, "${local.all_connectors[each.key].display_name} via Psoxy")
-  todo_step         = module.psoxy.next_todo_step
+  host_platform_id     = local.host_platform_id
+  proxy_instance_id    = each.key
+  worklytics_host      = var.worklytics_host
+  connector_id         = try(local.all_connectors[each.key].worklytics_connector_id, "")
+  display_name         = try(local.all_connectors[each.key].worklytics_connector_name, "${local.all_connectors[each.key].display_name} via Psoxy")
+  todo_step            = module.psoxy.next_todo_step
   todos_as_local_files = var.todos_as_local_files
 
   settings_to_provide = merge(
@@ -179,19 +180,40 @@ output "api_connector_instances" {
     endpoint_url = v.endpoint_url
     }, v.sanitized_bucket != null ? {
     sanitized_bucket = v.sanitized_bucket
-    } : {})
-  }
+    } : {}, {
+    test_examples = merge({
+      api_requests = concat(
+        [for path in try(v.example_api_calls, []) : "GET ${path}"],
+        [for req in try(v.example_api_requests, []) : merge(
+          {
+            request = "${try(req.method, "GET")} ${req.path}"
+          },
+          try(req.method, "GET") == "POST" || try(req.method, "GET") == "PUT" ? merge(
+            try(req.content_type, null) != null ? { content_type = req.content_type } : {},
+            try(req.body, null) != null ? { body = req.body } : {}
+          ) : {}
+        )]
+      )
+      },
+      try(v.enable_async_processing, false) ? { supports_async = true } : {},
+      try(v.example_api_calls_user_to_impersonate, null) != null ? { user_to_impersonate = try(v.example_api_calls_user_to_impersonate, null) } : {}
+    ) }
+  ) }
 }
 
 output "bulk_connector_instances" {
   value = { for k, v in module.psoxy.bulk_connector_instances : k => {
+    input_bucket     = try(v.input_bucket, null)
     sanitized_bucket = v.sanitized_bucket
+    example_files    = try(v.example_files, [])
   } }
 }
 
 output "webhook_collector_instances" {
   value = { for k, v in module.psoxy.webhook_collector_instances : k => {
+    endpoint_url     = try(v.cloud_function_url, null)
     sanitized_bucket = v.output_sanitized_bucket_id
+    test_examples    = try(v.test_examples, [])
   } }
 }
 

msft-365.tf

@@ -1,7 +1,7 @@
 # BEGIN MSFT
 
 module "worklytics_connectors_msft_365" {
-  source = "git::https://github.com/worklytics/psoxy//infra/modules/worklytics-connectors-msft-365?ref=v0.5.13"
+  source = "git::https://github.com/worklytics/psoxy//infra/modules/worklytics-connectors-msft-365?ref=v0.5.14"
 
   enabled_connectors                         = var.enabled_connectors
   environment_id                             = var.environment_name
@@ -32,7 +32,7 @@ locals {
 module "msft-connection-auth-federation" {
   for_each = module.worklytics_connectors_msft_365.enabled_api_connectors
 
-  source = "git::https://github.com/worklytics/psoxy//infra/modules/azuread-federated-credentials?ref=v0.5.13"
+  source = "git::https://github.com/worklytics/psoxy//infra/modules/azuread-federated-credentials?ref=v0.5.14"
 
   application_id = each.value.connector.id
   display_name   = "GcpFederation"

variables.tf

@@ -147,50 +147,46 @@ variable "gcp_region" {
 
 variable "vpc_config" {
   type = object({
-    network                         = optional(string)                # Local name of the VPC network resource on which to provision the VPC connector (if `serverless_connector` is not provided)
-    subnet                          = optional(string)                # Local name of the VPC subnet resource on which to provision the VPC connector (if `serverless_connector` is not provided). NOTE: Subnet MUST have /28 netmask (required by Google Cloud for VPC connectors)
-    serverless_connector            = optional(string)                # Format: projects/{project}/locations/{location}/connectors/{connector}
-    serverless_connector_cidr_range = optional(string, "10.8.0.0/28") # ignored if serverless_connector or subnet is provided
+    network              = string           # Local name of the VPC network resource on which to provision the VPC connector (required if `serverless_connector` is not provided)
+    subnet               = string           # Local name of the VPC subnet resource on which to provision the VPC connector (required if `serverless_connector` is not provided). NOTE: Subnet MUST have /28 netmask (required by Google Cloud for VPC connectors)
+    serverless_connector = optional(string) # Format: projects/{project}/locations/{location}/connectors/{connector}
   })
 
   description = "**alpha** configuration of a VPC to be used by the Psoxy instances, if any (null for none)."
   default     = null
   # serverless_connector: allow null; if provided, must match the full resource name
   validation {
     condition = (
-      var.vpc_config == null
-      || try(var.vpc_config.serverless_connector, null) == null
-      || can(regex("^projects/[^/]+/locations/[^/]+/connectors/[^/]+$", try(var.vpc_config.serverless_connector, "")))
+    var.vpc_config == null
+    || try(var.vpc_config.serverless_connector, null) == null
+    || can(regex("^projects/[^/]+/locations/[^/]+/connectors/[^/]+$", try(var.vpc_config.serverless_connector, "")))
     )
     error_message = "If vpc_config.serverless_connector is provided, it must match the format: projects/{project}/locations/{location}/connectors/{connector}"
   }
 
-  # serverless_connector_cidr_range: allow null; if provided, must look like CIDR
   validation {
     condition = (
-      var.vpc_config == null
-      || try(var.vpc_config.serverless_connector_cidr_range, null) == null
-      || can(regex("^[0-9.]+/[0-9]+$", try(var.vpc_config.serverless_connector_cidr_range, "")))
+    var.vpc_config == null
+    || try(var.vpc_config.serverless_connector, null) != null
+    ||
+    (
+    # Accepts a simple network name: lowercase letters, digits, dashes
+    can(regex("^[a-z0-9-]+$", try(var.vpc_config.network,"")))
+    ||
+    # Accepts a full self-link (Compute URL format)
+    can(regex("^projects/[^/]+/(global|regions/[^/]+)/networks/[^/]+$", try(var.vpc_config.network,"")))
     )
-    error_message = "If vpc_config.serverless_connector_cidr_range is provided, it must match the format: {ip}/{mask}"
-  }
-
-  validation {
-    condition = (
-      var.vpc_config == null
-      || try(var.vpc_config.network, null) == null
-      || can(regex("^[a-z0-9-]+$", try(var.vpc_config.network, "")))
     )
     error_message = "vpc_config.network must be lowercase letters, numbers, or dashes."
   }
 
   validation {
     condition = (
-      var.vpc_config == null
-      || try(var.vpc_config.network, null) != null
-      || try(var.vpc_config.serverless_connector, null) != null
+    var.vpc_config == null
+    || try(var.vpc_config.serverless_connector, null) != null
+    || (try(var.vpc_config.network, null) != null && try(var.vpc_config.subnet, null) != null)
     )
-    error_message = "If vpc_config is provided, it must either specify a serverless_connector or a network on which to provision a serverless connector."
+    error_message = "If vpc_config is provided without serverless_connector, both network and subnet are required."
   }
 }
 
@@ -454,3 +450,9 @@ variable "bucket_force_destroy" {
   description = "set the `force_destroy` flag on each google_storage_bucket provisioned by this configuration"
   default     = false
 }
+
+variable "provision_project_level_iam" {
+  description = "Whether to provision project-level IAM bindings required for Psoxy operation. Set to false if you prefer to manage these IAM bindings outside of Terraform."
+  type        = bool
+  default     = true
+}