Add Windows MDM variables to the MDM terraform mdoule and update dogfood (#12938)

https://github.com/fleetdm/confidential/issues/3166
2026-05-23 00:49:03 +00:00 · 2023-07-24 15:49:30 -04:00 · 2023-07-24 15:49:30 -04:00 · 7eecb4ac90
commit 7eecb4ac90
parent ec33f9e66f
4 changed files with 49 additions and 13 deletions
--- a/infrastructure/dogfood/terraform/aws-tf-module/main.tf
+++ b/infrastructure/dogfood/terraform/aws-tf-module/main.tf
@ -176,8 +176,9 @@ module "migrations" {
 }

 module "mdm" {
-  source             = "github.com/fleetdm/fleet//terraform/addons/mdm?ref=tf-mod-addon-mdm-v1.1.0"
+  source             = "github.com/fleetdm/fleet//terraform/addons/mdm?ref=tf-mod-addon-mdm-v1.2.0"
  public_domain_name = "dogfood.fleetdm.com"
+  enable_windows_mdm = true
  apn_secret_name    = "${local.customer}-apn"
  scep_secret_name   = "${local.customer}-scep"
  dep_secret_name    = "${local.customer}-dep"
--- a/terraform/addons/mdm/.terraform.lock.hcl
+++ b/terraform/addons/mdm/.terraform.lock.hcl
@ -0,0 +1,24 @@
+# This file is maintained automatically by "terraform init".
+# Manual edits may be lost in future updates.
+
+provider "registry.terraform.io/hashicorp/aws" {
+  version = "4.53.0"
+  hashes = [
+    "h1:CymaUpULY6LR/rHl+4+Vs0i2jVHXMhSZuJj8VXqGIPs=",
+    "zh:0d44171544a916adf0fa96b7d0851a49d8dec98f71f0229dfd2d178958b3996b",
+    "zh:16945808ce26b86af7f5a77c4ab1154da786208c793abb95b8f918b4f48daded",
+    "zh:1a57a5a30cef9a5867579d894b74f60bb99afc7ca0d030d49a80ad776958b428",
+    "zh:2c718734ae17430d7f598ca0b4e4f86d43d66569c72076a10f4ace3ff8dfc605",
+    "zh:46fdf6301cb2fa0a4d122d1a8f75f047b6660c24851d6a4537ee38926a86485d",
+    "zh:53a53920b38a9e1648e85c6ee33bccf95bfcd067bffc4934a2af55621e6a6bd9",
+    "zh:548d927b234b1914c43169224b03f641d0961a4e312e5c6508657fce27b66db4",
+    "zh:57c847b2a5ae41ddea20b18ef006369d36bfdc4dec7f542f60e22a47f7b6f347",
+    "zh:79f7402b581621ba69f5a07ce70299735c678beb265d114d58955d04f0d39f87",
+    "zh:8970109a692dc4ecbda98a0969da472da4759db90ce22f2a196356ea85bb2cf7",
+    "zh:9b12af85486a96aedd8d7984b0ff811a4b42e3d88dad1a3fb4c0b580d04fa425",
+    "zh:a500cc4ffcad854dec0cf6f97751930a53c9f278f143a4355fa8892aa77c77bf",
+    "zh:b687c20b42a8b9e9e9f56c42e3b3c6859c043ec72b8907a6e4d4b64068e11df5",
+    "zh:e2c592e96822b78287554be43c66398f658c74c4ae3796f6b9e6d4b0f1f7f626",
+    "zh:ff1c4a46fdc988716c6fc28925549600093fc098828237cb1a30264e15cf730f",
+  ]
+}
--- a/terraform/addons/mdm/outputs.tf
+++ b/terraform/addons/mdm/outputs.tf
@ -1,25 +1,30 @@
 output "extra_environment_variables" {
-  value = {
+  value = merge({
    FLEET_MDM_APPLE_SERVER_ADDRESS = var.public_domain_name
-  }
+    }, var.enable_windows_mdm == false ? {} : {
+    FLEET_MDM_WINDOWS_ENABLED_AND_CONFIGURED = "true"
+  })
 }

 output "extra_secrets" {
  value = merge({
-    FLEET_MDM_APPLE_SCEP_CERT_BYTES       = "${aws_secretsmanager_secret.scep.arn}:crt::"
-    FLEET_MDM_APPLE_SCEP_CA_CERT_PEM      = "${aws_secretsmanager_secret.scep.arn}:crt::"
-    FLEET_MDM_APPLE_SCEP_KEY_BYTES        = "${aws_secretsmanager_secret.scep.arn}:key::"
-    FLEET_MDM_APPLE_SCEP_CA_KEY_PEM       = "${aws_secretsmanager_secret.scep.arn}:key::"
-    FLEET_MDM_APPLE_SCEP_CHALLENGE        = "${aws_secretsmanager_secret.scep.arn}:challenge::"
-    FLEET_MDM_APPLE_APNS_CERT_BYTES       = "${aws_secretsmanager_secret.apn.arn}:FLEET_MDM_APPLE_MDM_PUSH_CERT_PEM::"
-    FLEET_MDM_APPLE_MDM_PUSH_CERT_PEM     = "${aws_secretsmanager_secret.apn.arn}:FLEET_MDM_APPLE_MDM_PUSH_CERT_PEM::"
-    FLEET_MDM_APPLE_APNS_KEY_BYTES        = "${aws_secretsmanager_secret.apn.arn}:FLEET_MDM_APPLE_MDM_PUSH_KEY_PEM::"
-    FLEET_MDM_APPLE_MDM_PUSH_KEY_PEM      = "${aws_secretsmanager_secret.apn.arn}:FLEET_MDM_APPLE_MDM_PUSH_KEY_PEM::"
-  }, var.dep_secret_name == null ? {} : {
+    FLEET_MDM_APPLE_SCEP_CERT_BYTES   = "${aws_secretsmanager_secret.scep.arn}:crt::"
+    FLEET_MDM_APPLE_SCEP_CA_CERT_PEM  = "${aws_secretsmanager_secret.scep.arn}:crt::"
+    FLEET_MDM_APPLE_SCEP_KEY_BYTES    = "${aws_secretsmanager_secret.scep.arn}:key::"
+    FLEET_MDM_APPLE_SCEP_CA_KEY_PEM   = "${aws_secretsmanager_secret.scep.arn}:key::"
+    FLEET_MDM_APPLE_SCEP_CHALLENGE    = "${aws_secretsmanager_secret.scep.arn}:challenge::"
+    FLEET_MDM_APPLE_APNS_CERT_BYTES   = "${aws_secretsmanager_secret.apn.arn}:FLEET_MDM_APPLE_MDM_PUSH_CERT_PEM::"
+    FLEET_MDM_APPLE_MDM_PUSH_CERT_PEM = "${aws_secretsmanager_secret.apn.arn}:FLEET_MDM_APPLE_MDM_PUSH_CERT_PEM::"
+    FLEET_MDM_APPLE_APNS_KEY_BYTES    = "${aws_secretsmanager_secret.apn.arn}:FLEET_MDM_APPLE_MDM_PUSH_KEY_PEM::"
+    FLEET_MDM_APPLE_MDM_PUSH_KEY_PEM  = "${aws_secretsmanager_secret.apn.arn}:FLEET_MDM_APPLE_MDM_PUSH_KEY_PEM::"
+    }, var.dep_secret_name == null ? {} : {
    FLEET_MDM_APPLE_DEP_TOKEN             = "${aws_secretsmanager_secret.dep[0].arn}:token::"
    FLEET_MDM_APPLE_BM_SERVER_TOKEN_BYTES = "${aws_secretsmanager_secret.dep[0].arn}:token-encrypted::"
    FLEET_MDM_APPLE_BM_CERT_BYTES         = "${aws_secretsmanager_secret.dep[0].arn}:cert::"
    FLEET_MDM_APPLE_BM_KEY_BYTES          = "${aws_secretsmanager_secret.dep[0].arn}:key::"
+    }, var.enable_windows_mdm == false ? {} : {
+    FLEET_MDM_WINDOWS_WSTEP_IDENTITY_CERT = "${aws_secretsmanager_secret.scep.arn}:crt::"
+    FLEET_MDM_WINDOWS_WSTEP_IDENTITY_KEY  = "${aws_secretsmanager_secret.scep.arn}:key::"
  })
 }

--- a/terraform/addons/mdm/variables.tf
+++ b/terraform/addons/mdm/variables.tf
@ -20,3 +20,9 @@ variable "public_domain_name" {
  nullable = false
  type     = string
 }
+
+variable "enable_windows_mdm" {
+  default  = false
+  nullable = false
+  type     = boolean
+}