From 7eecb4ac9042c59b6d31e1a7eaffd29fec8a4987 Mon Sep 17 00:00:00 2001 From: Zachary Winnerman <98712682+zwinnerman-fleetdm@users.noreply.github.com> Date: Mon, 24 Jul 2023 15:49:30 -0400 Subject: [PATCH] Add Windows MDM variables to the MDM terraform mdoule and update dogfood (#12938) https://github.com/fleetdm/confidential/issues/3166 --- .../dogfood/terraform/aws-tf-module/main.tf | 3 +- terraform/addons/mdm/.terraform.lock.hcl | 24 +++++++++++++++ terraform/addons/mdm/outputs.tf | 29 +++++++++++-------- terraform/addons/mdm/variables.tf | 6 ++++ 4 files changed, 49 insertions(+), 13 deletions(-) create mode 100644 terraform/addons/mdm/.terraform.lock.hcl diff --git a/infrastructure/dogfood/terraform/aws-tf-module/main.tf b/infrastructure/dogfood/terraform/aws-tf-module/main.tf index 2b452d4e58..b73af86916 100644 --- a/infrastructure/dogfood/terraform/aws-tf-module/main.tf +++ b/infrastructure/dogfood/terraform/aws-tf-module/main.tf @@ -176,8 +176,9 @@ module "migrations" { } module "mdm" { - source = "github.com/fleetdm/fleet//terraform/addons/mdm?ref=tf-mod-addon-mdm-v1.1.0" + source = "github.com/fleetdm/fleet//terraform/addons/mdm?ref=tf-mod-addon-mdm-v1.2.0" public_domain_name = "dogfood.fleetdm.com" + enable_windows_mdm = true apn_secret_name = "${local.customer}-apn" scep_secret_name = "${local.customer}-scep" dep_secret_name = "${local.customer}-dep" diff --git a/terraform/addons/mdm/.terraform.lock.hcl b/terraform/addons/mdm/.terraform.lock.hcl new file mode 100644 index 0000000000..9833b48fcb --- /dev/null +++ b/terraform/addons/mdm/.terraform.lock.hcl @@ -0,0 +1,24 @@ +# This file is maintained automatically by "terraform init". +# Manual edits may be lost in future updates. + +provider "registry.terraform.io/hashicorp/aws" { + version = "4.53.0" + hashes = [ + "h1:CymaUpULY6LR/rHl+4+Vs0i2jVHXMhSZuJj8VXqGIPs=", + "zh:0d44171544a916adf0fa96b7d0851a49d8dec98f71f0229dfd2d178958b3996b", + "zh:16945808ce26b86af7f5a77c4ab1154da786208c793abb95b8f918b4f48daded", + "zh:1a57a5a30cef9a5867579d894b74f60bb99afc7ca0d030d49a80ad776958b428", + "zh:2c718734ae17430d7f598ca0b4e4f86d43d66569c72076a10f4ace3ff8dfc605", + "zh:46fdf6301cb2fa0a4d122d1a8f75f047b6660c24851d6a4537ee38926a86485d", + "zh:53a53920b38a9e1648e85c6ee33bccf95bfcd067bffc4934a2af55621e6a6bd9", + "zh:548d927b234b1914c43169224b03f641d0961a4e312e5c6508657fce27b66db4", + "zh:57c847b2a5ae41ddea20b18ef006369d36bfdc4dec7f542f60e22a47f7b6f347", + "zh:79f7402b581621ba69f5a07ce70299735c678beb265d114d58955d04f0d39f87", + "zh:8970109a692dc4ecbda98a0969da472da4759db90ce22f2a196356ea85bb2cf7", + "zh:9b12af85486a96aedd8d7984b0ff811a4b42e3d88dad1a3fb4c0b580d04fa425", + "zh:a500cc4ffcad854dec0cf6f97751930a53c9f278f143a4355fa8892aa77c77bf", + "zh:b687c20b42a8b9e9e9f56c42e3b3c6859c043ec72b8907a6e4d4b64068e11df5", + "zh:e2c592e96822b78287554be43c66398f658c74c4ae3796f6b9e6d4b0f1f7f626", + "zh:ff1c4a46fdc988716c6fc28925549600093fc098828237cb1a30264e15cf730f", + ] +} diff --git a/terraform/addons/mdm/outputs.tf b/terraform/addons/mdm/outputs.tf index f0238d7b2c..8799f6be9a 100644 --- a/terraform/addons/mdm/outputs.tf +++ b/terraform/addons/mdm/outputs.tf @@ -1,25 +1,30 @@ output "extra_environment_variables" { - value = { + value = merge({ FLEET_MDM_APPLE_SERVER_ADDRESS = var.public_domain_name - } + }, var.enable_windows_mdm == false ? {} : { + FLEET_MDM_WINDOWS_ENABLED_AND_CONFIGURED = "true" + }) } output "extra_secrets" { value = merge({ - FLEET_MDM_APPLE_SCEP_CERT_BYTES = "${aws_secretsmanager_secret.scep.arn}:crt::" - FLEET_MDM_APPLE_SCEP_CA_CERT_PEM = "${aws_secretsmanager_secret.scep.arn}:crt::" - FLEET_MDM_APPLE_SCEP_KEY_BYTES = "${aws_secretsmanager_secret.scep.arn}:key::" - FLEET_MDM_APPLE_SCEP_CA_KEY_PEM = "${aws_secretsmanager_secret.scep.arn}:key::" - FLEET_MDM_APPLE_SCEP_CHALLENGE = "${aws_secretsmanager_secret.scep.arn}:challenge::" - FLEET_MDM_APPLE_APNS_CERT_BYTES = "${aws_secretsmanager_secret.apn.arn}:FLEET_MDM_APPLE_MDM_PUSH_CERT_PEM::" - FLEET_MDM_APPLE_MDM_PUSH_CERT_PEM = "${aws_secretsmanager_secret.apn.arn}:FLEET_MDM_APPLE_MDM_PUSH_CERT_PEM::" - FLEET_MDM_APPLE_APNS_KEY_BYTES = "${aws_secretsmanager_secret.apn.arn}:FLEET_MDM_APPLE_MDM_PUSH_KEY_PEM::" - FLEET_MDM_APPLE_MDM_PUSH_KEY_PEM = "${aws_secretsmanager_secret.apn.arn}:FLEET_MDM_APPLE_MDM_PUSH_KEY_PEM::" - }, var.dep_secret_name == null ? {} : { + FLEET_MDM_APPLE_SCEP_CERT_BYTES = "${aws_secretsmanager_secret.scep.arn}:crt::" + FLEET_MDM_APPLE_SCEP_CA_CERT_PEM = "${aws_secretsmanager_secret.scep.arn}:crt::" + FLEET_MDM_APPLE_SCEP_KEY_BYTES = "${aws_secretsmanager_secret.scep.arn}:key::" + FLEET_MDM_APPLE_SCEP_CA_KEY_PEM = "${aws_secretsmanager_secret.scep.arn}:key::" + FLEET_MDM_APPLE_SCEP_CHALLENGE = "${aws_secretsmanager_secret.scep.arn}:challenge::" + FLEET_MDM_APPLE_APNS_CERT_BYTES = "${aws_secretsmanager_secret.apn.arn}:FLEET_MDM_APPLE_MDM_PUSH_CERT_PEM::" + FLEET_MDM_APPLE_MDM_PUSH_CERT_PEM = "${aws_secretsmanager_secret.apn.arn}:FLEET_MDM_APPLE_MDM_PUSH_CERT_PEM::" + FLEET_MDM_APPLE_APNS_KEY_BYTES = "${aws_secretsmanager_secret.apn.arn}:FLEET_MDM_APPLE_MDM_PUSH_KEY_PEM::" + FLEET_MDM_APPLE_MDM_PUSH_KEY_PEM = "${aws_secretsmanager_secret.apn.arn}:FLEET_MDM_APPLE_MDM_PUSH_KEY_PEM::" + }, var.dep_secret_name == null ? {} : { FLEET_MDM_APPLE_DEP_TOKEN = "${aws_secretsmanager_secret.dep[0].arn}:token::" FLEET_MDM_APPLE_BM_SERVER_TOKEN_BYTES = "${aws_secretsmanager_secret.dep[0].arn}:token-encrypted::" FLEET_MDM_APPLE_BM_CERT_BYTES = "${aws_secretsmanager_secret.dep[0].arn}:cert::" FLEET_MDM_APPLE_BM_KEY_BYTES = "${aws_secretsmanager_secret.dep[0].arn}:key::" + }, var.enable_windows_mdm == false ? {} : { + FLEET_MDM_WINDOWS_WSTEP_IDENTITY_CERT = "${aws_secretsmanager_secret.scep.arn}:crt::" + FLEET_MDM_WINDOWS_WSTEP_IDENTITY_KEY = "${aws_secretsmanager_secret.scep.arn}:key::" }) } diff --git a/terraform/addons/mdm/variables.tf b/terraform/addons/mdm/variables.tf index 4e7e2ccfe1..ba78dbbdf7 100644 --- a/terraform/addons/mdm/variables.tf +++ b/terraform/addons/mdm/variables.tf @@ -20,3 +20,9 @@ variable "public_domain_name" { nullable = false type = string } + +variable "enable_windows_mdm" { + default = false + nullable = false + type = boolean +}