Worklytics · eschultink · Nov 23, 2023 · Nov 20, 2023 · Nov 20, 2023 · Nov 20, 2023
diff --git a/.github/workflows/ci-java-all.yaml b/.github/workflows/ci-java-all.yaml
@@ -11,10 +11,10 @@ on:
     branches:
       - 'main'
       - 'rc-*'
-      - 's162-improve-health-check' # more fixes to java cross-version compatibility here, so test all here to
+      - 's162-prep-release'
 
 jobs:
-  # Java 11 - Oracle support ended 30 Sept 2023
+  # Java 11 - Oracle support ended 30 Sept 2023 ... but still what ships with GCP cloud shell!!!
   ci_java11:
     uses: ./.github/workflows/build-java.yaml
     with:
@@ -31,10 +31,10 @@ jobs:
   # although beyond me why 17 and 21 both work, but 20 doesn't; best guess is Mockito 5 degrading
   # behavior in some way for 20 that isn't needed for 21 and doesn't matter for 17?
 
-#  ci_java20:
-#    uses: ./.github/workflows/build-java.yaml
-#    with:
-#      java-version: '20'
+  ci_java20:
+    uses: ./.github/workflows/build-java.yaml
+    with:
+      java-version: '20'
 
   # Java 21 - released 19 Sept 2023, supported until Sept 2028 (LTS)
   ci_java21:

diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -17,6 +17,11 @@ Working tracking of changes, updated as work done prior to release.  Please revi
         then wildcard policy to read shared also grants read of secrets across all connectors)
   - keys/salts per value kind (PII, item id, etc)
 
+## [0.4.41](https://github.com/Worklytics/psoxy/release/tag/v0.4.41)
+  * GCP only : Compute Engine API will be enabled in the project. Newer versions of GCP terraform
+    provider seem to require this. You may see this in your next `terraform plan`, although it may
+    also be a no-op if you already have the API enabled.
+
 ## [0.4.36](https://github.com/Worklytics/psoxy/release/tag/v0.4.36)
   * Microsoft 365 - Azure AD Directory - default rules change to return `proxyAddresses` field for
     users, pseudonymized; needed to match user's past email addresses against other data sources

diff --git a/docs/gcp/getting-started.md b/docs/gcp/getting-started.md
@@ -38,6 +38,7 @@ Service Account Keys and activate Google Workspace APIs.
     *attempt* to enable these, but as there is sometimes a few minutes delay in activation and in
     some cases they are required to read your existing infra prior to apply, you may experience
     errors. To pre-empt those, we suggest ensuring the following are enabled:
+      - [Compute Engine API](https://console.cloud.google.com/apis/library/compute.googleapis.com) (`compute.googleapis.com`)
       - [Cloud Build API](https://console.cloud.google.com/apis/library/cloudbuild.googleapis.com) (`cloudbuild.googleapis.com`)
       - [Cloud Functions API](https://console.cloud.google.com/apis/library/cloudfunctions.googleapis.com) (`cloudfunctions.googleapis.com`)
       - [Cloud Resource Manager API](https://console.cloud.google.com/apis/library/cloudresourcemanager.googleapis.com) (`cloudresourcemanager.googleapis.com`)

diff --git a/docs/sources/google-workspace/directory/directory.yaml b/docs/sources/google-workspace/directory/directory.yaml
@@ -21,11 +21,12 @@ endpoints:
       - !<redact>
         jsonPaths:
           - "$.users[*].name"
-          - "$.users[*].thumbnailPhotoUrl"
+          - "$.users[*].organizations[*].title"
+          - "$.users[*].posixAccounts[*].homeDirectory"
           - "$.users[*].recoveryEmail"
           - "$.users[*].recoveryPhone"
-          - "$.users[*].posixAccounts[*].homeDirectory"
           - "$.users[*].sshPublicKeys[*]"
+          - "$.users[*].thumbnailPhotoUrl"
           - "$.users[*].websites[*]"
   - pathTemplate: "/admin/directory/v1/users/{accountId}"
     transforms:
@@ -47,11 +48,12 @@ endpoints:
       - !<redact>
         jsonPaths:
           - "$.name"
-          - "$.thumbnailPhotoUrl"
+          - "$.organizations[*].title"
+          - "$.posixAccounts[*].homeDirectory"
           - "$.recoveryEmail"
           - "$.recoveryPhone"
-          - "$.posixAccounts[*].homeDirectory"
           - "$.sshPublicKeys[*]"
+          - "$.thumbnailPhotoUrl"
           - "$.websites[*]"
   - pathTemplate: "/admin/directory/v1/groups"
     transforms:

diff --git a/docs/sources/google-workspace/directory/directory_no-app-ids.yaml b/docs/sources/google-workspace/directory/directory_no-app-ids.yaml
@@ -21,11 +21,12 @@ endpoints:
       - !<redact>
         jsonPaths:
           - "$.users[*].name"
-          - "$.users[*].thumbnailPhotoUrl"
+          - "$.users[*].organizations[*].title"
+          - "$.users[*].posixAccounts[*].homeDirectory"
           - "$.users[*].recoveryEmail"
           - "$.users[*].recoveryPhone"
-          - "$.users[*].posixAccounts[*].homeDirectory"
           - "$.users[*].sshPublicKeys[*]"
+          - "$.users[*].thumbnailPhotoUrl"
           - "$.users[*].websites[*]"
       - !<pseudonymize>
         jsonPaths:
@@ -52,11 +53,12 @@ endpoints:
       - !<redact>
         jsonPaths:
           - "$.name"
-          - "$.thumbnailPhotoUrl"
+          - "$.organizations[*].title"
+          - "$.posixAccounts[*].homeDirectory"
           - "$.recoveryEmail"
           - "$.recoveryPhone"
-          - "$.posixAccounts[*].homeDirectory"
           - "$.sshPublicKeys[*]"
+          - "$.thumbnailPhotoUrl"
           - "$.websites[*]"
       - !<pseudonymize>
         jsonPaths:

diff --git a/docs/sources/google-workspace/directory/example-api-responses/sanitized/user.json b/docs/sources/google-workspace/directory/example-api-responses/sanitized/user.json
@@ -68,7 +68,6 @@
   ],
   "organizations":[
     {
-      "title":"CTO, President",
       "primary":true,
       "customType":"",
       "department":"Engineering",

diff --git a/docs/sources/google-workspace/directory/example-api-responses/sanitized/users.json b/docs/sources/google-workspace/directory/example-api-responses/sanitized/users.json
@@ -72,7 +72,6 @@
       ],
       "organizations":[
         {
-          "title":"CTO, President",
           "primary":true,
           "customType":"",
           "department":"Engineering",

diff --git a/docs/sources/google-workspace/directory/example-api-responses/sanitized_no-app-ids/user.json b/docs/sources/google-workspace/directory/example-api-responses/sanitized_no-app-ids/user.json
@@ -68,7 +68,6 @@
   ],
   "organizations":[
     {
-      "title":"CTO, President",
       "primary":true,
       "customType":"",
       "department":"Engineering",

diff --git a/.../sources/google-workspace/directory/example-api-responses/sanitized_no-app-ids/users.json b/.../sources/google-workspace/directory/example-api-responses/sanitized_no-app-ids/users.json
@@ -72,7 +72,6 @@
       ],
       "organizations":[
         {
-          "title":"CTO, President",
           "primary":true,
           "customType":"",
           "department":"Engineering",

diff --git a/infra/examples-dev/aws-all/google-workspace.tf b/infra/examples-dev/aws-all/google-workspace.tf
@@ -8,7 +8,7 @@ provider "google" {
 
 module "worklytics_connectors_google_workspace" {
   source = "../../modules/worklytics-connectors-google-workspace"
-  # source = "git::https://github.com/worklytics/psoxy//infra/modules/worklytics-connectors-google-workspace?ref=rc-v0.4.41"
+  # source = "git::https://github.com/worklytics/psoxy//infra/modules/worklytics-connectors-google-workspace?ref=v0.4.41"
 
   providers = {
     google = google.google_workspace

diff --git a/infra/examples-dev/aws-all/main.tf b/infra/examples-dev/aws-all/main.tf
@@ -19,7 +19,7 @@ terraform {
 # general cases
 module "worklytics_connectors" {
   source = "../../modules/worklytics-connectors"
-  # source = "git::https://github.com/worklytics/psoxy//infra/modules/worklytics-connectors?ref=rc-v0.4.41"
+  # source = "git::https://github.com/worklytics/psoxy//infra/modules/worklytics-connectors?ref=v0.4.41"
 
   enabled_connectors            = var.enabled_connectors
   jira_cloud_id                 = var.jira_cloud_id
@@ -95,7 +95,7 @@ locals {
 
 module "psoxy" {
   source = "../../modules/aws-host"
-  # source = "git::https://github.com/worklytics/psoxy//infra/modules/aws-host?ref=rc-v0.4.41"
+  # source = "git::https://github.com/worklytics/psoxy//infra/modules/aws-host?ref=v0.4.41"
 
   environment_name                = var.environment_name
   aws_account_id                  = var.aws_account_id
@@ -136,7 +136,7 @@ module "connection_in_worklytics" {
   for_each = local.all_instances
 
   source = "../../modules/worklytics-psoxy-connection-aws"
-  # source = "git::https://github.com/worklytics/psoxy//infra/modules/worklytics-psoxy-connection-aws?ref=rc-v0.4.41"
+  # source = "git::https://github.com/worklytics/psoxy//infra/modules/worklytics-psoxy-connection-aws?ref=v0.4.41"
 
   psoxy_instance_id  = each.key
   worklytics_host    = var.worklytics_host

diff --git a/infra/examples-dev/aws-all/msft-365.tf b/infra/examples-dev/aws-all/msft-365.tf
@@ -2,7 +2,7 @@
 
 module "worklytics_connectors_msft_365" {
   source = "../../modules/worklytics-connectors-msft-365"
-  # source = "git::https://github.com/worklytics/psoxy//infra/modules/worklytics-connectors-msft-365?ref=rc-v0.4.41"
+  # source = "git::https://github.com/worklytics/psoxy//infra/modules/worklytics-connectors-msft-365?ref=v0.4.41"
 
 
   enabled_connectors     = var.enabled_connectors
@@ -41,7 +41,7 @@ module "cognito_identity_pool" {
   count = local.msft_365_enabled ? 1 : 0 # only provision identity pool if MSFT-365 connectors are enabled
 
   source = "../../modules/aws-cognito-pool"
-  # source = "git::https://github.com/worklytics/psoxy//infra/modules/aws-cognito-pool?ref=rc-v0.4.41"
+  # source = "git::https://github.com/worklytics/psoxy//infra/modules/aws-cognito-pool?ref=v0.4.41"
 
   developer_provider_name = local.developer_provider_name
   name                    = "${local.env_qualifier}-azure-ad-federation"
@@ -51,7 +51,7 @@ module "cognito_identity" {
   count = local.msft_365_enabled ? 1 : 0 # only provision identity pool if MSFT-365 connectors are enabled
 
   source = "../../modules/aws-cognito-identity-cli"
-  # source = "git::https://github.com/worklytics/psoxy//infra/modules/aws-cognito-identity-cli?ref=rc-v0.4.41"
+  # source = "git::https://github.com/worklytics/psoxy//infra/modules/aws-cognito-identity-cli?ref=v0.4.41"
 
   aws_region       = data.aws_region.current.id
   aws_role         = var.aws_assume_role_arn
@@ -73,7 +73,7 @@ module "msft_connection_auth_federation" {
   for_each = module.worklytics_connectors_msft_365.enabled_api_connectors
 
   source = "../../modules/azuread-federated-credentials"
-  # source = "git::https://github.com/worklytics/psoxy//infra/modules/azuread-federated-credentials?ref=rc-v0.4.41"
+  # source = "git::https://github.com/worklytics/psoxy//infra/modules/azuread-federated-credentials?ref=v0.4.41"
 
   application_object_id = each.value.connector.id
   display_name          = "${local.env_qualifier}AccessFromAWS"

diff --git a/infra/examples-dev/aws-google-workspace/main.tf b/infra/examples-dev/aws-google-workspace/main.tf
@@ -59,7 +59,7 @@ data "google_project" "psoxy-google-connectors" {
 
 module "psoxy" {
   source = "../../modular-examples/aws-google-workspace"
-  # source = "git::https://github.com/worklytics/psoxy//infra/modular-examples/aws-google-workspace?ref=rc-v0.4.41"
+  # source = "git::https://github.com/worklytics/psoxy//infra/modular-examples/aws-google-workspace?ref=v0.4.41"
 
   aws_account_id                 = var.aws_account_id
   aws_assume_role_arn            = var.aws_assume_role_arn # role that can test the instances (lambdas)

diff --git a/infra/examples-dev/aws-msft-365/main.tf b/infra/examples-dev/aws-msft-365/main.tf
@@ -51,7 +51,7 @@ provider "azuread" {
 
 module "psoxy" {
   source = "../../modular-examples/aws-msft-365"
-  # source = "git::https://github.com/worklytics/psoxy//infra/modular-examples/aws-msft-365?ref=rc-v0.4.41"
+  # source = "git::https://github.com/worklytics/psoxy//infra/modular-examples/aws-msft-365?ref=v0.4.41"
 
   aws_account_id                 = var.aws_account_id
   aws_assume_role_arn            = var.aws_assume_role_arn # role that can test the instances (lambdas)

diff --git a/infra/examples-dev/aws/main.tf b/infra/examples-dev/aws/main.tf
@@ -57,7 +57,7 @@ provider "azuread" {
 
 module "psoxy" {
   source = "../../modular-examples/aws"
-  # source = "git::https://github.com/worklytics/psoxy//infra/modular-examples/aws?ref=rc-v0.4.41"
+  # source = "git::https://github.com/worklytics/psoxy//infra/modular-examples/aws?ref=v0.4.41"
 
   aws_account_id                 = var.aws_account_id
   aws_assume_role_arn            = var.aws_assume_role_arn # role that can test the instances (lambdas)

diff --git a/infra/examples-dev/gcp-google-workspace/main.tf b/infra/examples-dev/gcp-google-workspace/main.tf
@@ -28,7 +28,7 @@ provider "google" {
 
 module "psoxy" {
   source = "../../modular-examples/gcp-google-workspace"
-  # source = "git::https://github.com/worklytics/psoxy//infra/modular-examples/gcp-google-workspace?ref=rc-v0.4.41"
+  # source = "git::https://github.com/worklytics/psoxy//infra/modular-examples/gcp-google-workspace?ref=v0.4.41"
 
   gcp_project_id                 = var.gcp_project_id
   environment_name               = var.environment_name

diff --git a/infra/examples-dev/gcp/google-workspace.tf b/infra/examples-dev/gcp/google-workspace.tf
@@ -8,7 +8,7 @@ provider "google" {
 
 module "worklytics_connectors_google_workspace" {
   source = "../../modules/worklytics-connectors-google-workspace"
-  # source = "git::https://github.com/worklytics/psoxy//infra/modules/worklytics-connectors-google-workspace?ref=rc-v0.4.41"
+  # source = "git::https://github.com/worklytics/psoxy//infra/modules/worklytics-connectors-google-workspace?ref=v0.4.41"
 
   providers = {
     google = google.google_workspace

diff --git a/infra/examples-dev/gcp/main.tf b/infra/examples-dev/gcp/main.tf
@@ -27,7 +27,7 @@ locals {
 # call this 'generic_source_connectors'?
 module "worklytics_connectors" {
   source = "../../modules/worklytics-connectors"
-  # source = "git::https://github.com/worklytics/psoxy//infra/modules/worklytics-connectors?ref=rc-v0.4.41"
+  # source = "git::https://github.com/worklytics/psoxy//infra/modules/worklytics-connectors?ref=v0.4.41"
 
 
   enabled_connectors            = var.enabled_connectors
@@ -76,7 +76,7 @@ locals {
 
 module "psoxy" {
   source = "../../modules/gcp-host"
-  # source = "git::https://github.com/worklytics/psoxy//infra/modules/gcp-host?ref=rc-v0.4.41"
+  # source = "git::https://github.com/worklytics/psoxy//infra/modules/gcp-host?ref=v0.4.41"
 
   gcp_project_id                    = var.gcp_project_id
   environment_name                  = var.environment_name
@@ -115,7 +115,7 @@ module "connection_in_worklytics" {
   for_each = local.all_instances
 
   source = "../../modules/worklytics-psoxy-connection-generic"
-  # source = "git::https://github.com/worklytics/psoxy//infra/modules/worklytics-psoxy-connection-generic?ref=rc-v0.4.41"
+  # source = "git::https://github.com/worklytics/psoxy//infra/modules/worklytics-psoxy-connection-generic?ref=v0.4.41"
 
   psoxy_host_platform_id = local.host_platform_id
   psoxy_instance_id      = each.key

diff --git a/infra/examples-dev/gcp/msft-365.tf b/infra/examples-dev/gcp/msft-365.tf
@@ -27,7 +27,7 @@ module "msft-connection-auth-federation" {
   for_each = module.worklytics_connectors_msft_365.enabled_api_connectors
 
   source = "../../modules/azuread-federated-credentials"
-  # source = "git::https://github.com/worklytics/psoxy//infra/modules/azuread-federated-credentials?ref=rc-v0.4.41"
+  # source = "git::https://github.com/worklytics/psoxy//infra/modules/azuread-federated-credentials?ref=v0.4.41"
 
   application_object_id = each.value.connector.id
   display_name          = "GcpFederation"

diff --git a/infra/examples/aws-google-workspace/main.tf b/infra/examples/aws-google-workspace/main.tf
@@ -59,7 +59,7 @@ data "google_project" "psoxy-google-connectors" {
 
 module "psoxy" {
   # source = "../../modular-examples/aws-google-workspace"
-  source = "git::https://github.com/worklytics/psoxy//infra/modular-examples/aws-google-workspace?ref=rc-v0.4.41"
+  source = "git::https://github.com/worklytics/psoxy//infra/modular-examples/aws-google-workspace?ref=v0.4.41"
 
   aws_account_id                 = var.aws_account_id
   aws_assume_role_arn            = var.aws_assume_role_arn # role that can test the instances (lambdas)

diff --git a/infra/examples/aws-msft-365/main.tf b/infra/examples/aws-msft-365/main.tf
@@ -51,7 +51,7 @@ provider "azuread" {
 
 module "psoxy" {
   # source = "../../modular-examples/aws-msft-365"
-  source = "git::https://github.com/worklytics/psoxy//infra/modular-examples/aws-msft-365?ref=rc-v0.4.41"
+  source = "git::https://github.com/worklytics/psoxy//infra/modular-examples/aws-msft-365?ref=v0.4.41"
 
   aws_account_id                 = var.aws_account_id
   aws_assume_role_arn            = var.aws_assume_role_arn # role that can test the instances (lambdas)

diff --git a/infra/examples/gcp-google-workspace/main.tf b/infra/examples/gcp-google-workspace/main.tf
@@ -28,7 +28,7 @@ provider "google" {
 
 module "psoxy" {
   # source = "../../modular-examples/gcp-google-workspace"
-  source = "git::https://github.com/worklytics/psoxy//infra/modular-examples/gcp-google-workspace?ref=rc-v0.4.41"
+  source = "git::https://github.com/worklytics/psoxy//infra/modular-examples/gcp-google-workspace?ref=v0.4.41"
 
   gcp_project_id                 = var.gcp_project_id
   environment_name               = var.environment_name

diff --git a/infra/examples/msft-365/main.tf b/infra/examples/msft-365/main.tf
@@ -34,7 +34,7 @@ data "azuread_client_config" "current" {}
 
 module "worklytics_connector_specs" {
   # source = "../../modules/worklytics-connector-specs"
-  source = "git::https://github.com/worklytics/psoxy//infra/modules/worklytics-connector-specs?ref=rc-v0.4.41"
+  source = "git::https://github.com/worklytics/psoxy//infra/modules/worklytics-connector-specs?ref=v0.4.41"
 
   enabled_connectors = var.enabled_connectors
 
@@ -52,7 +52,7 @@ module "msft-connection" {
   for_each = module.worklytics_connector_specs.enabled_msft_365_connectors
 
   # source = "../../modules/azuread-connection"
-  source = "git::https://github.com/worklytics/psoxy//infra/modules/azuread-connection?ref=rc-v0.4.41"
+  source = "git::https://github.com/worklytics/psoxy//infra/modules/azuread-connection?ref=v0.4.41"
 
   display_name                      = "Psoxy Connector - ${each.value.display_name}${var.connector_display_name_suffix}"
   tenant_id                         = var.msft_tenant_id
@@ -65,7 +65,7 @@ module "msft-connection-auth-federation" {
   for_each = module.worklytics_connector_specs.enabled_msft_365_connectors
 
   # source = "../../modules/azuread-federated-credentials"
-  source = "git::https://github.com/worklytics/psoxy//infra/modules/azuread-federated-credentials?ref=rc-v0.4.41"
+  source = "git::https://github.com/worklytics/psoxy//infra/modules/azuread-federated-credentials?ref=v0.4.41"
 
   application_object_id = module.msft-connection[each.key].connector.id
   display_name          = "AccessFromAWS"
@@ -107,7 +107,7 @@ module "msft_365_grants" {
   for_each = module.worklytics_connector_specs.enabled_msft_365_connectors
 
   # source = "../../modules/azuread-grant-all-users"
-  source = "git::https://github.com/worklytics/psoxy//infra/modules/azuread-grant-all-users?ref=rc-v0.4.41"
+  source = "git::https://github.com/worklytics/psoxy//infra/modules/azuread-grant-all-users?ref=v0.4.41"
 
   psoxy_instance_id        = each.key
   application_id           = module.msft-connection[each.key].connector.application_id