Elgato_dark/fleet
1
0
Fork 0
mirror of https://github.com/fleetdm/fleet synced 2026-05-23 00:49:03 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 106

Fix secretsmanager policies in dogfood (#30765)

Browse source
This commit is contained in:
Robert Fairburn 2025-07-10 16:25:20 -05:00 committed by GitHub
parent 3e2c72dfed
commit 6e52b61ef9
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
2 changed files with 15 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

14
infrastructure/dogfood/terraform/aws-tf-module/entra.tf
View file

@ -1,5 +1,19 @@
variable "entra_api_key" {}
resource "aws_iam_policy" "entra_conditional_access" {
name = "fleet-entra-conditional-access"
policy = data.aws_iam_policy_document.entra_conditional_access.json
}
data "aws_iam_policy_document" "entra_conditional_access" {
statement {
actions = [
"secretsmanager:GetSecretValue",
]
resources = [aws_secretsmanager_secret.entra_conditional_access.arn]
}
}
resource "aws_secretsmanager_secret" "entra_conditional_access" {
name = "dogfood-entra-conditional-access"
}

2
infrastructure/dogfood/terraform/aws-tf-module/main.tf
View file

@ -152,7 +152,7 @@ module "main" {
)
extra_execution_iam_policies = concat(
module.mdm.extra_execution_iam_policies,
[aws_iam_policy.sentry.arn, aws_iam_policy.osquery_sidecar.arn],
[aws_iam_policy.sentry.arn, aws_iam_policy.osquery_sidecar.arn, aws_iam_policy.entra_conditional_access.arn],
module.cloudfront-software-installers.extra_execution_iam_policies,
) #, module.saml_auth_proxy.fleet_extra_execution_policies)
extra_secrets = merge(