From e3711d0b115689faf0870fa84152b11c2eaa41a4 Mon Sep 17 00:00:00 2001 From: Benjamin Edwards Date: Mon, 16 Jun 2025 11:22:31 -0400 Subject: [PATCH] added env vars for webhook osquery results logging destination (#29809) Update dogfood deployment to utilize webhooks for the osquery results logging destination configuration @BCTBB already added a tines.io webhook URL to the repo secrets `DOGFOOD_WEBHOOK_URL` where the value was provided by @harrisonravazzolo Co-authored-by: Harrison Ravazzolo <38767391+harrisonravazzolo@users.noreply.github.com> --- .github/workflows/dogfood-deploy.yml | 1 + infrastructure/dogfood/terraform/aws-tf-module/main.tf | 9 ++++++++- 2 files changed, 9 insertions(+), 1 deletion(-) diff --git a/.github/workflows/dogfood-deploy.yml b/.github/workflows/dogfood-deploy.yml index 4b004c7c34..6cbcffe5e1 100644 --- a/.github/workflows/dogfood-deploy.yml +++ b/.github/workflows/dogfood-deploy.yml @@ -26,6 +26,7 @@ env: TF_WORKSPACE: fleet TF_VAR_fleet_image: ${{ github.event.inputs.DOCKER_IMAGE || 'fleetdm/fleet:main' }} TF_VAR_fleet_license: ${{ secrets.DOGFOOD_LICENSE_KEY }} + TF_VAR_webhook_url: ${{secrets.DOGFOOD_WEBHOOK_URL }} TF_VAR_slack_p1_webhook: ${{ secrets.SLACK_G_HELP_P1_WEBHOOK_URL }} TF_VAR_slack_p2_webhook: ${{ secrets.SLACK_G_HELP_P2_WEBHOOK_URL }} TF_VAR_fleet_sentry_dsn: ${{ secrets.DOGFOOD_SENTRY_DSN }} diff --git a/infrastructure/dogfood/terraform/aws-tf-module/main.tf b/infrastructure/dogfood/terraform/aws-tf-module/main.tf index d789092dae..63e60c6c50 100644 --- a/infrastructure/dogfood/terraform/aws-tf-module/main.tf +++ b/infrastructure/dogfood/terraform/aws-tf-module/main.tf @@ -44,6 +44,9 @@ variable "android_service_credentials" {} variable "dogfood_sidecar_enroll_secret" {} variable "cloudfront_public_key" {} variable "cloudfront_private_key" {} +variable "webhook_url" { + description = "Webhook URL used for Webhook Logging Destination" +} data "aws_caller_identity" "current" {} @@ -67,6 +70,10 @@ locals { FLEET_CALENDAR_PERIODICITY = var.fleet_calendar_periodicity FLEET_DEV_ANDROID_ENABLED = "1" FLEET_DEV_ANDROID_SERVICE_CREDENTIALS = var.android_service_credentials + # Webhook Results & Status Logging Destination + FLEET_WEBHOOK_STATUS_URL = var.webhook_url + FLEET_WEBHOOK_RESULT_URL = var.webhook_url + FLEET_OSQUERY_RESULT_LOG_PLUGIN = var.webhook_url != "" ? "webhook" : "" } sentry_secrets = { FLEET_SENTRY_DSN = "${aws_secretsmanager_secret.sentry.arn}:FLEET_SENTRY_DSN::" @@ -135,7 +142,6 @@ module "main" { } extra_iam_policies = concat(module.firehose-logging.fleet_extra_iam_policies, module.osquery-carve.fleet_extra_iam_policies, module.ses.fleet_extra_iam_policies) extra_environment_variables = merge( - module.firehose-logging.fleet_extra_environment_variables, module.osquery-carve.fleet_extra_environment_variables, module.ses.fleet_extra_environment_variables, local.extra_environment_variables, @@ -376,6 +382,7 @@ module "mdm" { abm_secret_name = null } +# can deprecate once we get webhooks rolling module "firehose-logging" { source = "github.com/fleetdm/fleet-terraform//addons/byo-firehose-logging-destination/firehose?ref=tf-mod-addon-byo-firehose-logging-destination-firehose-v2.0.3" firehose_results_name = "osquery_results"