Elgato_dark/fleet
1
0
Fork 0
mirror of https://github.com/fleetdm/fleet synced 2026-05-23 08:58:41 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 111

added env vars for webhook osquery results logging destination (#29809)

Browse source 
Update dogfood deployment to utilize webhooks for the osquery results
logging destination configuration

@BCTBB already added a tines.io webhook URL to the repo secrets
`DOGFOOD_WEBHOOK_URL` where the value was provided by @harrisonravazzolo

Co-authored-by: Harrison Ravazzolo <38767391+harrisonravazzolo@users.noreply.github.com>
This commit is contained in:
Benjamin Edwards 2025-06-16 11:22:31 -04:00 committed by GitHub
parent 43e488cff6
commit e3711d0b11
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
2 changed files with 9 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

1
.github/workflows/dogfood-deploy.yml vendored
View file

@ -26,6 +26,7 @@ env:
TF_WORKSPACE: fleet
TF_VAR_fleet_image: ${{ github.event.inputs.DOCKER_IMAGE || 'fleetdm/fleet:main' }}
TF_VAR_fleet_license: ${{ secrets.DOGFOOD_LICENSE_KEY }}
TF_VAR_webhook_url: ${{secrets.DOGFOOD_WEBHOOK_URL }}
TF_VAR_slack_p1_webhook: ${{ secrets.SLACK_G_HELP_P1_WEBHOOK_URL }}
TF_VAR_slack_p2_webhook: ${{ secrets.SLACK_G_HELP_P2_WEBHOOK_URL }}
TF_VAR_fleet_sentry_dsn: ${{ secrets.DOGFOOD_SENTRY_DSN }}

9
infrastructure/dogfood/terraform/aws-tf-module/main.tf
View file

@ -44,6 +44,9 @@ variable "android_service_credentials" {}
variable "dogfood_sidecar_enroll_secret" {}
variable "cloudfront_public_key" {}
variable "cloudfront_private_key" {}
variable "webhook_url" {
description = "Webhook URL used for Webhook Logging Destination"
}
data "aws_caller_identity" "current" {}
@ -67,6 +70,10 @@ locals {
FLEET_CALENDAR_PERIODICITY = var.fleet_calendar_periodicity
FLEET_DEV_ANDROID_ENABLED = "1"
FLEET_DEV_ANDROID_SERVICE_CREDENTIALS = var.android_service_credentials
# Webhook Results & Status Logging Destination
FLEET_WEBHOOK_STATUS_URL = var.webhook_url
FLEET_WEBHOOK_RESULT_URL = var.webhook_url
FLEET_OSQUERY_RESULT_LOG_PLUGIN = var.webhook_url != "" ? "webhook" : ""
}
sentry_secrets = {
FLEET_SENTRY_DSN = "${aws_secretsmanager_secret.sentry.arn}:FLEET_SENTRY_DSN::"
@ -135,7 +142,6 @@ module "main" {
}
extra_iam_policies = concat(module.firehose-logging.fleet_extra_iam_policies, module.osquery-carve.fleet_extra_iam_policies, module.ses.fleet_extra_iam_policies)
extra_environment_variables = merge(
module.firehose-logging.fleet_extra_environment_variables,
module.osquery-carve.fleet_extra_environment_variables,
module.ses.fleet_extra_environment_variables,
local.extra_environment_variables,
@ -376,6 +382,7 @@ module "mdm" {
abm_secret_name = null
}
# can deprecate once we get webhooks rolling
module "firehose-logging" {
source = "github.com/fleetdm/fleet-terraform//addons/byo-firehose-logging-destination/firehose?ref=tf-mod-addon-byo-firehose-logging-destination-firehose-v2.0.3"
firehose_results_name = "osquery_results"