GCP PostgreSQL onboarding module

CHANGELOG.md

@@ -5,6 +5,7 @@
 ### Features
 - Aurora PostgreSQL CloudWatch with slow query auditing example
 - Google Cloud SQL for MySQL module
+- Google Cloud SQL for PostgreSQL module
 
 ### Bug Fixes
 - Modified Server Host Name of AWS RDS MS SQL SERVER Dsfhub assets

DSF_VERSION_COMPATABILITY.md

@@ -107,5 +107,9 @@ The following table lists the DSF versions that each module is tested and mainta
       <td>onboard-gcp-mysql</td>
       <td>4.17+</td>
    </tr>
+   <tr>
+      <td>onboard-gcp-postgresql</td>
+      <td>4.17+</td>
+   </tr>
 
 </table>

examples/onboard-gcp-mysql/README.md

@@ -45,4 +45,4 @@ No inputs.
 ## Outputs
 
 No outputs.
-<!-- END_TF_DOCS -->
+<!-- END_TF_DOCS -->

examples/onboard-gcp-postgresql/README.md

@@ -0,0 +1,60 @@
+# Onboard Google Cloud SQL for PostgreSQL example
+This example includes additional prerequisites that will need to be completed to fully utilize the module. More details can be found in the [onboarding documentation](https://docs.imperva.com/bundle/onboarding-databases-to-sonar-reference-guide/page/Cloud-SQL-for-PostgreSQL-Onboarding-Steps_48367600.html).
+
+This example creates 'dsfhub' and 'google' resources. More information regarding authentication to each can be found in the relevant provider documentation:
+- [dsfhub](https://registry.terraform.io/providers/imperva/dsfhub/latest/docs)
+- [google](https://registry.terraform.io/providers/hashicorp/google/latest/docs)
+
+## Prerequisites
+### Service Account
+A Google Service Account will need to be created with permissions to read from PubSub subscriptions. This can be done via the ``google-service-account-dsf`` module. Depending on the authentication mechanism chosen, the service account will either need to be attached to a GCP Compute Engine instance or the service account's credentials file will need to be copied to your Agentless Gateway.
+
+### Google PubSub Subscription
+A Google logging sink, PubSub topic, and PubSub subscription in addition to a GCP PUBSUB asset in DSF will need to be created in advance. This prerequisite is handled by the ``onboard-gcp-pubsub`` module.
+
+### Database Configuration
+Part of the onboarding process involves connecting to your Google PostgreSQL instance and running SQL commands to create an extension. This module includes an example for how to connect to the instance from your local machine and create this.
+
+<!-- BEGIN_TF_DOCS -->
+## Requirements
+
+No requirements.
+
+## Providers
+
+| Name | Version |
+|------|---------|
+| <a name="provider_google"></a> [google](#provider\_google) | n/a |
+| <a name="provider_terraform"></a> [terraform](#provider\_terraform) | n/a |
+
+## Modules
+
+| Name | Source | Version |
+|------|--------|---------|
+| <a name="module_gcp-postgresql-1"></a> [gcp-postgresql-1](#module\_gcp-postgresql-1) | ../../modules/onboard-gcp-postgresql | n/a |
+| <a name="module_gcp-postgresql-2"></a> [gcp-postgresql-2](#module\_gcp-postgresql-2) | ../../modules/onboard-gcp-postgresql | n/a |
+| <a name="module_gcp-postgresql-3"></a> [gcp-postgresql-3](#module\_gcp-postgresql-3) | ../../modules/onboard-gcp-postgresql | n/a |
+| <a name="module_gcp-pubsub-1"></a> [gcp-pubsub-1](#module\_gcp-pubsub-1) | ../../modules/onboard-gcp-pubsub | n/a |
+| <a name="module_gcp-pubsub-2"></a> [gcp-pubsub-2](#module\_gcp-pubsub-2) | ../../modules/onboard-gcp-pubsub | n/a |
+| <a name="module_gcp-pubsub-3"></a> [gcp-pubsub-3](#module\_gcp-pubsub-3) | ../../modules/onboard-gcp-pubsub | n/a |
+| <a name="module_service-account"></a> [service-account](#module\_service-account) | ../../modules/google-service-account-dsf | n/a |
+
+## Resources
+
+| Name | Type |
+|------|------|
+| [google_sql_user.gcp-postgresql-admin-user-1](https://registry.terraform.io/providers/hashicorp/google/latest/docs/resources/sql_user) | resource |
+| [google_sql_user.gcp-postgresql-admin-user-2](https://registry.terraform.io/providers/hashicorp/google/latest/docs/resources/sql_user) | resource |
+| [google_sql_user.gcp-postgresql-admin-user-3](https://registry.terraform.io/providers/hashicorp/google/latest/docs/resources/sql_user) | resource |
+| [terraform_data.configure_database_1](https://registry.terraform.io/providers/hashicorp/terraform/latest/docs/resources/data) | resource |
+| [terraform_data.configure_database_2](https://registry.terraform.io/providers/hashicorp/terraform/latest/docs/resources/data) | resource |
+| [terraform_data.configure_database_3](https://registry.terraform.io/providers/hashicorp/terraform/latest/docs/resources/data) | resource |
+
+## Inputs
+
+No inputs.
+
+## Outputs
+
+No outputs.
+<!-- END_TF_DOCS -->

examples/onboard-gcp-postgresql/configure_database.sh

@@ -0,0 +1,38 @@
+#!/bin/bash
+# Configures Google Postgresql database for auditing by connecting to the 
+# database using 'psql'
+# 
+# Connection to the database uses PG environment variables
+# See postgres documentation for more information: 
+# https://www.postgresql.org/docs/current/libpq-envars.html
+################################################################################
+
+# Settings
+current_directory=$(dirname "$(realpath "${BASH_SOURCE[0]}")")
+sql_file="${current_directory}/configure_database.sql"
+
+# Functions
+function is_pkg_installed {
+  local pkg="$1"
+  if ! command -v "${pkg}" &> /dev/null
+  then
+    echo "Package '${pkg}' is not installed."
+    echo "Install on MacOS:  brew install libpq"
+    echo "Install on Ubuntu: apt-get install -y libpq-dev"
+    echo "Install on CentOS: yum install -y libpq"
+    echo "Exiting..."
+    exit 1
+  else 
+    return 0
+  fi 
+}
+
+################################################################################
+is_pkg_installed "psql"
+if [ ! -r "${sql_file}" ]; then 
+  echo "Unable to read ${sql_file}"
+  echo "Exiting..."
+  exit 1
+else 
+  psql --file="${sql_file}"
+fi

examples/onboard-gcp-postgresql/configure_database.sql

@@ -0,0 +1,11 @@
+DO
+$$
+BEGIN
+  RAISE NOTICE 'Creating audit extension "pgaudit".';
+  IF EXISTS (SELECT FROM pg_catalog.pg_extension WHERE extname = 'pgaudit') THEN
+    RAISE NOTICE 'Audit extension "pgaudit" already exists. Skipping.';
+  ELSE
+    CREATE EXTENSION pgaudit;
+  END IF;
+END
+$$;