From bc5406be7e8f5106c819410f911518bdff51fc07 Mon Sep 17 00:00:00 2001 From: Robert Fairburn <8029478+rfairburn@users.noreply.github.com> Date: Mon, 10 Feb 2025 18:42:14 -0600 Subject: [PATCH] Setup dogfood to use fleet-terraform repo (#26199) Note this has been applied from the branch and is required to merge before applying dogfood from main going forward. This should significantly speed up deployments from the clone speed difference. Only the latest versions of modules have been migrated to the new repo, so all the module versions needed updated in dogfood. --- .../dogfood/terraform/aws-tf-module/free.tf | 6 ++-- .../dogfood/terraform/aws-tf-module/main.tf | 31 +++++++++---------- 2 files changed, 18 insertions(+), 19 deletions(-) diff --git a/infrastructure/dogfood/terraform/aws-tf-module/free.tf b/infrastructure/dogfood/terraform/aws-tf-module/free.tf index 943d57cda8..c0c29c9fc6 100644 --- a/infrastructure/dogfood/terraform/aws-tf-module/free.tf +++ b/infrastructure/dogfood/terraform/aws-tf-module/free.tf @@ -15,7 +15,7 @@ locals { } module "free" { - source = "github.com/fleetdm/fleet//terraform/byo-vpc?ref=tf-mod-byo-vpc-v1.9.0" + source = "github.com/fleetdm/fleet-terraform//byo-vpc?ref=tf-mod-byo-vpc-v1.12.1" vpc_config = { name = local.customer_free vpc_id = module.main.vpc.vpc_id @@ -119,7 +119,7 @@ resource "aws_route53_record" "free" { } module "ses-free" { - source = "github.com/fleetdm/fleet//terraform/addons/ses?ref=tf-mod-addon-ses-v1.0.0" + source = "github.com/fleetdm/fleet-terraform//addons/ses?ref=tf-mod-addon-ses-v1.2.0" zone_id = aws_route53_zone.free.zone_id domain = "free.fleetdm.com" } @@ -128,7 +128,7 @@ module "migrations_free" { depends_on = [ module.geolite2 ] - source = "github.com/fleetdm/fleet//terraform/addons/migrations?ref=tf-mod-addon-migrations-v2.0.0" + source = "github.com/fleetdm/fleet-terraform//addons/migrations?ref=tf-mod-addon-migrations-v2.0.1" ecs_cluster = module.free.byo-db.byo-ecs.service.cluster task_definition = module.free.byo-db.byo-ecs.task_definition.family task_definition_revision = module.free.byo-db.byo-ecs.task_definition.revision diff --git a/infrastructure/dogfood/terraform/aws-tf-module/main.tf b/infrastructure/dogfood/terraform/aws-tf-module/main.tf index f6c76db3da..a7261c9c25 100644 --- a/infrastructure/dogfood/terraform/aws-tf-module/main.tf +++ b/infrastructure/dogfood/terraform/aws-tf-module/main.tf @@ -69,7 +69,7 @@ locals { } module "main" { - source = "github.com/fleetdm/fleet//terraform?ref=tf-mod-root-v1.9.1" + source = "github.com/fleetdm/fleet-terraform?ref=tf-mod-root-v1.11.1" certificate_arn = module.acm.acm_certificate_arn vpc = { name = local.customer @@ -126,7 +126,6 @@ module "main" { extra_iam_policies = concat(module.firehose-logging.fleet_extra_iam_policies, module.osquery-carve.fleet_extra_iam_policies, module.ses.fleet_extra_iam_policies) extra_execution_iam_policies = concat(module.mdm.extra_execution_iam_policies, [aws_iam_policy.sentry.arn, aws_iam_policy.osquery_sidecar.arn]) #, module.saml_auth_proxy.fleet_extra_execution_policies) extra_environment_variables = merge( - module.mdm.extra_environment_variables, module.firehose-logging.fleet_extra_environment_variables, module.osquery-carve.fleet_extra_environment_variables, module.ses.fleet_extra_environment_variables, @@ -330,7 +329,7 @@ module "migrations" { depends_on = [ module.geolite2 ] - source = "github.com/fleetdm/fleet//terraform/addons/migrations?ref=tf-mod-addon-migrations-v2.0.1" + source = "github.com/fleetdm/fleet-terraform//addons/migrations?ref=tf-mod-addon-migrations-v2.0.1" ecs_cluster = module.main.byo-vpc.byo-db.byo-ecs.service.cluster task_definition = module.main.byo-vpc.byo-db.byo-ecs.task_definition.family task_definition_revision = module.main.byo-vpc.byo-db.byo-ecs.task_definition.revision @@ -343,32 +342,32 @@ module "migrations" { } module "mdm" { - source = "github.com/fleetdm/fleet//terraform/addons/mdm?ref=tf-mod-addon-mdm-v1.3.0" - public_domain_name = "dogfood.fleetdm.com" + source = "github.com/fleetdm/fleet-terraform//addons/mdm?ref=tf-mod-addon-mdm-v2.0.0" + enable_apple_mdm = false enable_windows_mdm = true - apn_secret_name = "${local.customer}-apn" + apn_secret_name = null scep_secret_name = "${local.customer}-scep" - dep_secret_name = "${local.customer}-dep" + abm_secret_name = null } module "firehose-logging" { - source = "github.com/fleetdm/fleet//terraform/addons/byo-firehose-logging-destination/firehose?ref=tf-mod-addon-byo-firehose-logging-destination-firehose-v2.0.3" + source = "github.com/fleetdm/fleet-terraform//addons/byo-firehose-logging-destination/firehose?ref=tf-mod-addon-byo-firehose-logging-destination-firehose-v2.0.3" firehose_results_name = "osquery_results" firehose_status_name = "osquery_status" firehose_audit_name = "fleet_audit" - iam_role_arn = "arn:aws:iam::273354660820:role/terraform-20250115232230102400000003" + iam_role_arn = "arn:aws:iam::273354660820:role/terraform-20250115232230102400000003" region = data.aws_region.current.name } module "osquery-carve" { - source = "github.com/fleetdm/fleet//terraform/addons/osquery-carve?ref=tf-mod-addon-osquery-carve-v1.1.0" + source = "github.com/fleetdm/fleet-terraform//addons/osquery-carve?ref=tf-mod-addon-osquery-carve-v1.1.0" osquery_carve_s3_bucket = { name = "fleet-${local.customer}-osquery-carve" } } module "monitoring" { - source = "github.com/fleetdm/fleet//terraform/addons/monitoring?ref=tf-mod-addon-monitoring-v1.5.1" + source = "github.com/fleetdm/fleet-terraform//addons/monitoring?ref=tf-mod-addon-monitoring-v1.5.1" customer_prefix = local.customer fleet_ecs_service_name = module.main.byo-vpc.byo-db.byo-ecs.service.name albs = [ @@ -416,7 +415,7 @@ module "monitoring" { } module "logging_alb" { - source = "github.com/fleetdm/fleet//terraform/addons/logging-alb?ref=tf-mod-addon-logging-alb-v1.2.0" + source = "github.com/fleetdm/fleet-terraform//addons/logging-alb?ref=tf-mod-addon-logging-alb-v1.2.0" prefix = local.customer enable_athena = true } @@ -499,13 +498,13 @@ module "notify_slack_p2" { } module "ses" { - source = "github.com/fleetdm/fleet//terraform/addons/ses?ref=tf-mod-addon-ses-v1.0.0" + source = "github.com/fleetdm/fleet-terraform//addons/ses?ref=tf-mod-addon-ses-v1.2.0" zone_id = aws_route53_zone.main.zone_id domain = "dogfood.fleetdm.com" } # module "saml_auth_proxy" { -# # source = "github.com/fleetdm/fleet//terraform/addons/saml-auth-proxy?ref=main" +# # source = "github.com/fleetdm/fleet-terraform//addons/saml-auth-proxy?ref=main" # # public_alb_security_group_id = module.main.byo-vpc.byo-db.alb.security_group_id # idp_metadata_url = "https://dev-99185346.okta.com/app/exkbcrjeqmahXWvW45d7/sso/saml/metadata" # customer_prefix = local.customer @@ -547,14 +546,14 @@ resource "aws_s3_object" "idp_metadata" { } module "geolite2" { - source = "github.com/fleetdm/fleet//terraform/addons/geolite2?ref=tf-mod-addon-geolite2-v1.0.0" + source = "github.com/fleetdm/fleet-terraform//addons/geolite2?ref=tf-mod-addon-geolite2-v1.0.0" fleet_image = var.fleet_image destination_image = local.geolite2_image license_key = var.geolite2_license } module "vuln-processing" { - source = "github.com/fleetdm/fleet//terraform/addons/external-vuln-scans?ref=tf-mod-addon-external-vuln-scans-v2.2.0" + source = "github.com/fleetdm/fleet-terraform//addons/external-vuln-scans?ref=tf-mod-addon-external-vuln-scans-v2.2.0" ecs_cluster = module.main.byo-vpc.byo-db.byo-ecs.service.cluster execution_iam_role_arn = module.main.byo-vpc.byo-db.byo-ecs.execution_iam_role_arn subnets = module.main.byo-vpc.byo-db.byo-ecs.service.network_configuration[0].subnets