From d58c1f2d4c940922c60b8e3eb02cc37b10047cb1 Mon Sep 17 00:00:00 2001
From: Dmitry Gurevich <99176494+gurevichdmitry@users.noreply.github.com>
Date: Thu, 7 Nov 2024 09:52:49 +0200
Subject: [PATCH] update actions

---
 .github/actions/cdr/action.yml         | 48 --------------------------
 .github/actions/cis/action.yml         | 13 +------
 .github/actions/elk-stack/action.yml   | 46 ++++++------------------
 .github/workflows/test-environment.yml | 13 +++----
 4 files changed, 17 insertions(+), 103 deletions(-)

diff --git a/.github/actions/cdr/action.yml b/.github/actions/cdr/action.yml
index 5141a14b75..824b77d448 100644
--- a/.github/actions/cdr/action.yml
+++ b/.github/actions/cdr/action.yml
@@ -15,11 +15,6 @@ inputs:
     default: "eu-west-1"
     required: false
     type: string
-  azure-location:
-    description: "Azure location"
-    default: "East US"
-    required: false
-    type: string
   gcp-project-id:
     description: "GCP project ID"
     default: "default"
@@ -30,26 +25,6 @@ inputs:
     default: "default"
     required: false
     type: string
-  deploy-az-vm:
-    description: "Deploy Azure VM resources"
-    default: true
-    required: false
-    type: boolean
-  deploy-gcp-vm:
-    description: "Deploy GCP VM resources"
-    default: true
-    required: false
-    type: boolean
-  deploy-aws-ec2:
-    description: "Deploy AWS EC2 resources"
-    default: true
-    required: false
-    type: boolean
-  deploy-aws-asset-inventory:
-    description: "Deploy AWS Asset Inventory EC2 resources"
-    default: true
-    required: false
-    type: boolean
   aws-cloudtrail-s3-bucket:
     description: "AWS Cloudtrail S3 bucket"
     default: "default"
@@ -90,21 +65,6 @@ inputs:
     default: "Key=division,Value=engineering"
     required: false
     type: string
-  tag-division:
-    description: "Optional division resource tag"
-    default: "engineering"
-    required: false
-    type: string
-  tag-org:
-    description: "Optional org resource tag"
-    default: "security"
-    required: false
-    type: string
-  tag-team:
-    description: "Optional team resource tag"
-    default: "cloud-security-posture"
-    required: false
-    type: string
   tag-project:
     description: "Optional project resource tag"
     default: "test-environments"
@@ -124,16 +84,8 @@ runs:
       env:
         TF_VAR_deployment_name: ${{ inputs.deployment-name }}
         TF_VAR_region: ${{ inputs.aws-region }}
-        TF_VAR_location: ${{ inputs.azure-location }}
         TF_VAR_gcp_project_id: ${{ inputs.gcp-project-id }}
         TF_VAR_gcp_service_account_json: ${{ inputs.gcp-service-account-json }}
-        TF_VAR_deploy_az_vm: ${{ inputs.deploy-az-vm }}
-        TF_VAR_deploy_gcp_vm: ${{ inputs.deploy-gcp-vm }}
-        TF_VAR_deploy_aws_ec2: ${{ inputs.deploy-aws-ec2 }}
-        TF_VAR_deploy_aws_asset_inventory: ${{ inputs.deploy-aws-asset-inventory }}
-        TF_VAR_division: ${{ inputs.tag-division }}
-        TF_VAR_org: ${{ inputs.tag-org }}
-        TF_VAR_team: ${{ inputs.tag-team }}
         TF_VAR_project: ${{ inputs.tag-project }}
         TF_VAR_owner: ${{ inputs.tag-owner }}
       shell: bash
diff --git a/.github/actions/cis/action.yml b/.github/actions/cis/action.yml
index c99491172c..8ffb93a3a4 100644
--- a/.github/actions/cis/action.yml
+++ b/.github/actions/cis/action.yml
@@ -8,17 +8,9 @@ inputs:
     type: string
   aws-region:
     description: "AWS region"
-    default: "eu-west-1"
     required: false
+    default: "eu-west-1"
     type: string
-  deploy-aws-kspm:
-    description: "Deploy AWS KSPM EC2 resources"
-    type: boolean
-    default: true
-  deploy-aws-cspm:
-    description: "Deploy AWS CSPM EC2 resources"
-    type: boolean
-    default: true
   cnvm-stack-name:
     description: "CNVM CloudFormation stack name"
     required: true
@@ -80,9 +72,6 @@ runs:
       id: deploy-cis-infra
       env:
         TF_VAR_deployment_name: ${{ inputs.deployment-name }}
-        TF_VAR_region: ${{ inputs.aws-region }}
-        TF_VAR_deploy_aws_kspm: ${{ inputs.deploy-aws-kspm }}
-        TF_VAR_deploy_aws_cspm: ${{ inputs.deploy-aws-cspm }}
         TF_VAR_project: ${{ inputs.tag-project }}
         TF_VAR_owner: ${{ inputs.tag-owner }}
       shell: bash
diff --git a/.github/actions/elk-stack/action.yml b/.github/actions/elk-stack/action.yml
index f7df575b44..a6e75c16fb 100644
--- a/.github/actions/elk-stack/action.yml
+++ b/.github/actions/elk-stack/action.yml
@@ -29,35 +29,9 @@ inputs:
     description: "Optional Docker image version to override the default stack image. Accepts formats like 8.x.y, 8.x.y-hash, or 8.x.y-SNAPSHOT."
     type: string
     required: false
-  deployment-template:
-    description: "Optional deployment template. Defaults to the CPU optimized template for GCP"
-    default: "gcp-general-purpose"
-    required: false
-    type: string
-  elasticsearch-size:
-    description: "Optional Elasticsearch instance size"
-    default: "8g"
-    required: false
-    type: string
-  elasticsearch-zone-count:
-    description: "Optional Elasticsearch zone count"
-    default: 2
-    required: false
-    type: number
-  tag-division:
-    description: "Optional division resource tag"
-    default: "engineering"
-    required: false
-    type: string
-  tag-org:
-    description: "Optional org resource tag"
-    default: "security"
-    required: false
-    type: string
-  tag-team:
-    description: "Optional team resource tag"
-    default: "cloud-security-posture"
-    required: false
+  env-s3-bucket:
+    description: "S3 bucket"
+    required: true
     type: string
   tag-project:
     description: "Optional project resource tag"
@@ -101,12 +75,6 @@ runs:
         TF_VAR_ess_region: ${{ inputs.ess-region }}
         TF_VAR_pin_version: ${{ inputs.docker-image-version-override }}
         TF_VAR_ec_api_key: ${{ inputs.ec-api-key }}
-        TF_VAR_deployment_template: ${{ inputs.deployment-template }}
-        TF_VAR_elasticsearch_size: ${{ inputs.elasticsearch-size }}
-        TF_VAR_elasticsearch_zone_count: ${{ inputs.elasticsearch-zone-count }}
-        TF_VAR_division: ${{ inputs.tag-division }}
-        TF_VAR_org: ${{ inputs.tag-org }}
-        TF_VAR_team: ${{ inputs.tag-team }}
         TF_VAR_project: ${{ inputs.tag-project }}
         TF_VAR_owner: ${{ inputs.tag-owner }}
       shell: bash
@@ -147,3 +115,11 @@ runs:
         test_es_url="https://${ES_USER}:${ES_PASSWORD}@${es_url_stripped}"
         echo "::add-mask::${test_es_url}"
         echo "test-es-url=${test_es_url}" >> "$GITHUB_OUTPUT"
+
+      - name: Upload tf state
+        id: upload-state-elk
+        working-directory: deploy/test-environments
+        env:
+          S3_BUCKET: "${{ inputs.env-s3-bucket }}"
+        run: |
+          ./manage_infrastructure.sh "elk-stack" "upload-state"
\ No newline at end of file
diff --git a/.github/workflows/test-environment.yml b/.github/workflows/test-environment.yml
index 158a4415cc..3ac63b90a0 100644
--- a/.github/workflows/test-environment.yml
+++ b/.github/workflows/test-environment.yml
@@ -278,17 +278,17 @@ jobs:
           ess-region: ${{ env.TF_VAR_ess_region }}
           ec-api-key: ${{ env.TF_VAR_ec_api_key }}
           docker-image-version-override: ${{ env.TF_VAR_pin_version }}
+          env-s3-bucket: "${{ env.S3_BASE_BUCKET }}/${{ env.DEPLOYMENT_NAME }}_${{ env.TF_STATE_FOLDER }}"
           tag-project: ${{ github.actor }}
           tag-owner: ${{ github.actor }}
 
-      - name: Upload tf state
+      - name: Upload environment info
         id: upload-state
         if: always()
         env:
           S3_BUCKET: "${{ env.S3_BASE_BUCKET }}/${{ env.DEPLOYMENT_NAME }}_${{ env.TF_STATE_FOLDER }}"
           EXPIRATION_DAYS: ${{ inputs.expiration_days }}
         run: |
-          ./manage_infrastructure.sh "elk-stack" "upload-state"
           echo "s3-bucket-folder=${S3_BUCKET}" >> $GITHUB_OUTPUT
           echo "aws-cnvm-stack=${CNVM_STACK_NAME}" >> $GITHUB_OUTPUT
           python3 ../../.ci/scripts/create_env_config.py
@@ -318,13 +318,8 @@ jobs:
         with:
           deployment-name: ${{ env.DEPLOYMENT_NAME }}
           aws-region: ${{ env.AWS_REGION }}
-          azure-location: "East US"
           gcp-project-id: ${{ env.GCP_PROJECT }}
           gcp-service-account-json: ${{ secrets.GCP_AGENT_CREDENTIALS }}
-          deploy-az-vm: true
-          deploy-gcp-vm: true
-          deploy-aws-ec2: true
-          deploy-aws-asset-inventory: true
           aws-cloudtrail-s3-bucket: ${{ secrets.CLOUDTRAIL_S3 }}
           azure-eventhub-connection-string: ${{ secrets.AZURE_EVENTHUB_CONNECTION_STRING }}
           azure-storage-account-key: ${{ secrets.AZURE_STORAGE_ACCOUNT_KEY }}
@@ -342,13 +337,15 @@ jobs:
         uses: ./.github/actions/cis
         with:
           deployment-name: ${{ env.DEPLOYMENT_NAME }}
-          aws-region: ${{ env.AWS_REGION }}
           cnvm-stack-name: ${{ env.CNVM_STACK_NAME }}
           gcp-zone: ${{ env.GCP_ZONE }}
           cspm-azure-creds: ${{ secrets.AZURE_CREDENTIALS }}
           cspm-azure-tags: ${{ env.AZURE_DEFAULT_TAGS }}
           stack-enrollment-token: ${{ env.ENROLLMENT_TOKEN }}
           env-s3-bucket: "${{ env.S3_BASE_BUCKET }}/${{ env.DEPLOYMENT_NAME }}_${{ env.TF_STATE_FOLDER }}"
+          es-user: ${{ steps.elk-stack.outputs.es-user }}
+          es-password: ${{ steps.elk-stack.outputs.es-password }}
+          kibana-url: ${{ steps.elk-stack.outputs.kibana-url }}
           test-agentless: ${{ env.TEST_AGENTLESS }}
           tag-project: ${{ github.actor }}
           tag-owner: ${{ github.actor }}