Elgato_dark/fleet
1
0
Fork 0
mirror of https://github.com/fleetdm/fleet synced 2026-05-24 01:18:42 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 84

Testing applying basic config to sandbox instances (#7105)

Browse source 
* Testing applying basic config to sandbox instances

* fixup

* Consistency nit from @lucasmrod
This commit is contained in:
Zachary Winnerman 2022-08-09 11:24:10 -04:00 committed by GitHub
parent 34749e377f
commit f1d76d7e24
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
6 changed files with 1167 additions and 145 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

11
infrastructure/sandbox/JITProvisioner/jitprovisioner.tf
View file

@ -150,10 +150,18 @@ resource "random_uuid" "jitprovisioner" {
}
}
resource "local_file" "standard-query-library" {
content = file("${path.module}/../../../docs/01-Using-Fleet/standard-query-library/standard-query-library.yml")
filename = "${path.module}/lambda/standard-query-library.yml"
}
data "archive_file" "jitprovisioner" {
type = "zip"
output_path = "${path.module}/.jitprovisioner.zip"
source_dir = "${path.module}/lambda"
depends_on = [
local_file.standard-query-library
]
}
resource "docker_registry_image" "jitprovisioner" {
@ -164,6 +172,9 @@ resource "docker_registry_image" "jitprovisioner" {
context = "${path.module}/lambda/"
pull_parent = true
}
depends_on = [
local_file.standard-query-library
]
}
resource "aws_security_group" "jitprovisioner" {

1
infrastructure/sandbox/JITProvisioner/lambda/.gitignore vendored
View file

@ -1 +1,2 @@
lambda
standard-query-library.yml

1
infrastructure/sandbox/JITProvisioner/lambda/Dockerfile
View file

@ -3,6 +3,7 @@ WORKDIR /build
COPY . .
RUN go get -d -v
RUN CGO_ENABLED=0 GOOS=linux GOARCH=amd64 go build -ldflags "-extldflags '-static'"
RUN chmod +r standard-query-library.yml
#FROM scratch
#COPY --from=builder /build/lambda /build/terraform /

98
infrastructure/sandbox/JITProvisioner/lambda/go.mod
View file

@ -5,7 +5,7 @@ go 1.18
require (
github.com/akrylysov/algnhsa v0.12.1
github.com/aws/aws-sdk-go v1.44.25
github.com/fleetdm/fleet/v4 v4.1.0
github.com/fleetdm/fleet/v4 v4.1.1-0.20220808183908-01d5d14f82e3
github.com/gin-contrib/cors v1.3.0
github.com/gin-gonic/gin v1.7.7
github.com/jessevdk/go-flags v1.5.0
@ -16,102 +16,134 @@ require (
)
require (
cloud.google.com/go v0.81.0 // indirect
cloud.google.com/go/pubsub v1.5.0 // indirect
cloud.google.com/go v0.94.0 // indirect
cloud.google.com/go/pubsub v1.16.0 // indirect
github.com/OneOfOne/xxhash v1.2.8 // indirect
github.com/VividCortex/mysqlerr v0.0.0-20170204212430-6c6b55f8796f // indirect
github.com/WatchBeam/clock v0.0.0-20170901150240-b08e6b4da7ea // indirect
github.com/XSAM/otelsql v0.10.0 // indirect
github.com/agnivade/levenshtein v1.0.1 // indirect
github.com/andygrunwald/go-jira v1.15.1 // indirect
github.com/armon/go-radix v1.0.0 // indirect
github.com/aws/aws-lambda-go v1.31.1 // indirect
github.com/beevik/etree v1.1.0 // indirect
github.com/beorn7/perks v1.0.1 // indirect
github.com/cenkalti/backoff/v4 v4.1.3 // indirect
github.com/cespare/xxhash/v2 v2.1.2 // indirect
github.com/davecgh/go-spew v1.1.1 // indirect
github.com/doug-martin/goqu/v9 v9.18.0 // indirect
github.com/elastic/go-licenser v0.4.0 // indirect
github.com/elastic/go-sysinfo v1.7.1 // indirect
github.com/elastic/go-windows v1.0.1 // indirect
github.com/elazarl/go-bindata-assetfs v1.0.0 // indirect
github.com/fsnotify/fsnotify v1.4.9 // indirect
github.com/fatih/color v1.12.0 // indirect
github.com/fatih/structs v1.1.0 // indirect
github.com/felixge/httpsnoop v1.0.2 // indirect
github.com/fleetdm/goose v0.0.0-20220214194029-91b5e5eb8e77 // indirect
github.com/fsnotify/fsnotify v1.5.4 // indirect
github.com/getsentry/sentry-go v0.12.0 // indirect
github.com/ghodss/yaml v1.0.0 // indirect
github.com/gin-contrib/sse v0.1.0 // indirect
github.com/go-kit/kit v0.9.0 // indirect
github.com/go-logfmt/logfmt v0.5.0 // indirect
github.com/go-logr/logr v1.2.3 // indirect
github.com/go-logr/stdr v1.2.2 // indirect
github.com/go-playground/locales v0.14.0 // indirect
github.com/go-playground/universal-translator v0.18.0 // indirect
github.com/go-playground/validator/v10 v10.9.0 // indirect
github.com/go-sql-driver/mysql v1.5.0 // indirect
github.com/go-sql-driver/mysql v1.6.0 // indirect
github.com/gobwas/glob v0.2.3 // indirect
github.com/gofrs/uuid v3.2.0+incompatible // indirect
github.com/golang/groupcache v0.0.0-20200121045136-8c9f03a8e57e // indirect
github.com/gocarina/gocsv v0.0.0-20220310154401-d4df709ca055 // indirect
github.com/gofrs/uuid v4.0.0+incompatible // indirect
github.com/golang-jwt/jwt/v4 v4.3.0 // indirect
github.com/golang/groupcache v0.0.0-20210331224755-41bb18bfe9da // indirect
github.com/golang/protobuf v1.5.2 // indirect
github.com/gomodule/redigo v1.8.4 // indirect
github.com/google/go-cmp v0.5.5 // indirect
github.com/google/uuid v1.1.2 // indirect
github.com/googleapis/gax-go/v2 v2.0.5 // indirect
github.com/gomodule/redigo v1.8.5 // indirect
github.com/google/go-cmp v0.5.7 // indirect
github.com/google/go-querystring v1.1.0 // indirect
github.com/google/uuid v1.3.0 // indirect
github.com/googleapis/gax-go/v2 v2.1.0 // indirect
github.com/gorilla/mux v1.8.0 // indirect
github.com/gorilla/websocket v1.4.2 // indirect
github.com/hashicorp/errwrap v1.1.0 // indirect
github.com/hashicorp/go-multierror v1.1.1 // indirect
github.com/hashicorp/golang-lru v0.5.4 // indirect
github.com/hashicorp/hcl v1.0.0 // indirect
github.com/igm/sockjs-go/v3 v3.0.0 // indirect
github.com/inconshreveable/mousetrap v1.0.0 // indirect
github.com/jcchavezs/porto v0.1.0 // indirect
github.com/jmespath/go-jmespath v0.4.0 // indirect
github.com/jmoiron/sqlx v1.2.1-0.20190826204134-d7d95172beb5 // indirect
github.com/joeshaw/multierror v0.0.0-20140124173710-69b34d4ec901 // indirect
github.com/jonboulle/clockwork v0.2.2 // indirect
github.com/json-iterator/go v1.1.12 // indirect
github.com/jstemmer/go-junit-report v0.9.1 // indirect
github.com/kolide/kit v0.0.0-20180421083548-36eb8dc43916 // indirect
github.com/kolide/kit v0.0.0-20191023141830-6312ecc11c23 // indirect
github.com/leodido/go-urn v1.2.1 // indirect
github.com/lib/pq v1.10.2 // indirect
github.com/magiconair/properties v1.8.5 // indirect
github.com/mattermost/xml-roundtrip-validator v0.0.0-20201213122252-bcd7e1b9601e // indirect
github.com/mattn/go-colorable v0.1.11 // indirect
github.com/mattn/go-isatty v0.0.14 // indirect
github.com/matttproud/golang_protobuf_extensions v1.0.1 // indirect
github.com/matttproud/golang_protobuf_extensions v1.0.2-0.20181231171920-c182affec369 // indirect
github.com/mitchellh/mapstructure v1.4.1 // indirect
github.com/mna/redisc v1.2.1 // indirect
github.com/mna/redisc v1.3.2 // indirect
github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd // indirect
github.com/modern-go/reflect2 v1.0.2 // indirect
github.com/open-policy-agent/opa v0.24.0 // indirect
github.com/ngrok/sqlmw v0.0.0-20211220175533-9d16fdc47b31 // indirect
github.com/nukosuke/go-zendesk v0.12.0 // indirect
github.com/open-policy-agent/opa v0.42.0 // indirect
github.com/oschwald/geoip2-golang v1.6.1 // indirect
github.com/oschwald/maxminddb-golang v1.8.0 // indirect
github.com/pelletier/go-toml v1.9.3 // indirect
github.com/pkg/errors v0.9.1 // indirect
github.com/pmezard/go-difflib v1.0.0 // indirect
github.com/prometheus/client_golang v0.9.3 // indirect
github.com/prometheus/client_golang v1.12.2 // indirect
github.com/prometheus/client_model v0.2.0 // indirect
github.com/prometheus/common v0.4.1 // indirect
github.com/prometheus/common v0.32.1 // indirect
github.com/prometheus/procfs v0.7.3 // indirect
github.com/rcrowley/go-metrics v0.0.0-20200313005456-10cdbea86bc0 // indirect
github.com/russellhaering/goxmldsig v1.1.0 // indirect
github.com/santhosh-tekuri/jsonschema v1.2.4 // indirect
github.com/smartystreets/assertions v1.0.0 // indirect
github.com/spf13/afero v1.6.0 // indirect
github.com/spf13/cast v1.3.1 // indirect
github.com/spf13/cobra v0.0.6 // indirect
github.com/spf13/cobra v1.5.0 // indirect
github.com/spf13/jwalterweatherman v1.1.0 // indirect
github.com/spf13/pflag v1.0.5 // indirect
github.com/spf13/viper v1.8.0 // indirect
github.com/stretchr/testify v1.7.0 // indirect
github.com/spf13/viper v1.8.1 // indirect
github.com/stretchr/testify v1.8.0 // indirect
github.com/subosito/gotenv v1.2.0 // indirect
github.com/throttled/throttled/v2 v2.8.0 // indirect
github.com/trivago/tgo v1.0.7 // indirect
github.com/ugorji/go/codec v1.2.6 // indirect
github.com/yashtewari/glob-intersection v0.0.0-20180916065949-5c77d914dd0b // indirect
github.com/vektah/gqlparser/v2 v2.4.5 // indirect
github.com/xeipuuv/gojsonpointer v0.0.0-20190905194746-02993c407bfb // indirect
github.com/xeipuuv/gojsonreference v0.0.0-20180127040603-bd5ef7bd5415 // indirect
github.com/yashtewari/glob-intersection v0.1.0 // indirect
go.elastic.co/apm/module/apmhttp/v2 v2.1.0 // indirect
go.elastic.co/fastjson v1.1.0 // indirect
go.opencensus.io v0.23.0 // indirect
golang.org/x/crypto v0.0.0-20220214200702-86341886e292 // indirect
golang.org/x/lint v0.0.0-20210508222113-6edffad5e616 // indirect
go.opentelemetry.io/contrib/instrumentation/github.com/gorilla/mux/otelmux v0.28.0 // indirect
go.opentelemetry.io/otel v1.7.0 // indirect
go.opentelemetry.io/otel/trace v1.7.0 // indirect
golang.org/x/crypto v0.0.0-20220525230936-793ad666bf5e // indirect
golang.org/x/mod v0.5.1 // indirect
golang.org/x/net v0.0.0-20220225172249-27dd8689420f // indirect
golang.org/x/oauth2 v0.0.0-20210402161424-2e8d93401602 // indirect
golang.org/x/sync v0.0.0-20210220032951-036812b2e83c // indirect
golang.org/x/sys v0.0.0-20220227234510-4e6760a101f9 // indirect
golang.org/x/oauth2 v0.0.0-20211104180415-d3ed0bb246c8 // indirect
golang.org/x/sync v0.0.0-20220601150217-0de741cfad7f // indirect
golang.org/x/sys v0.0.0-20220412211240-33da011f77ad // indirect
golang.org/x/text v0.3.7 // indirect
golang.org/x/tools v0.1.9 // indirect
golang.org/x/xerrors v0.0.0-20200804184101-5ec99f83aff1 // indirect
google.golang.org/api v0.44.0 // indirect
google.golang.org/api v0.56.0 // indirect
google.golang.org/appengine v1.6.7 // indirect
google.golang.org/genproto v0.0.0-20210602131652-f16073e35f0c // indirect
google.golang.org/grpc v1.38.0 // indirect
google.golang.org/protobuf v1.27.1 // indirect
google.golang.org/genproto v0.0.0-20220107163113-42d7afdf6368 // indirect
google.golang.org/grpc v1.47.0 // indirect
google.golang.org/protobuf v1.28.0 // indirect
gopkg.in/guregu/null.v3 v3.4.0 // indirect
gopkg.in/ini.v1 v1.62.0 // indirect
gopkg.in/natefinch/lumberjack.v2 v2.0.0-20170531160350-a96e63847dc3 // indirect
gopkg.in/natefinch/lumberjack.v2 v2.0.0 // indirect
gopkg.in/yaml.v2 v2.4.0 // indirect
gopkg.in/yaml.v3 v3.0.0-20210107192922-496545a6307b // indirect
gopkg.in/yaml.v3 v3.0.1 // indirect
howett.net/plist v1.0.0 // indirect
)

1163
infrastructure/sandbox/JITProvisioner/lambda/go.sum
View file

File diff suppressed because it is too large Load diff

38
infrastructure/sandbox/JITProvisioner/lambda/main.go
View file

@ -16,6 +16,7 @@ import (
"github.com/aws/aws-sdk-go/service/dynamodb/dynamodbattribute"
"github.com/aws/aws-sdk-go/service/sfn"
"github.com/fleetdm/fleet/v4/server/service"
"github.com/fleetdm/fleet/v4/pkg/spec"
"github.com/loopfz/gadgeto/tonic"
"github.com/wI2L/fizz"
"github.com/wI2L/fizz/openapi"
@ -25,6 +26,7 @@ import (
"math/rand"
"strings"
"time"
"os"
)
type OptionsStruct struct {
@ -37,6 +39,33 @@ type OptionsStruct struct {
var options = OptionsStruct{}
func applyConfig(c* gin.Context, url, token string) (err error) {
var client *service.Client
if client, err = service.NewClient(url, false, "", ""); err != nil {
log.Print(err)
return
}
client.SetToken(token)
buf, err := os.ReadFile("standard-query-library.yml")
if err != nil {
log.Print(err)
return
}
specs, err := spec.GroupFromBytes(buf)
if err != nil {
return
}
logf := func(format string, a ...interface{}) {
log.Printf(format, a...)
}
err = client.ApplyGroup(c, specs, logf)
if err != nil {
return
}
return
}
type LifecycleRecord struct {
ID string
State string
@ -207,14 +236,21 @@ func NewFleet(c *gin.Context, in *NewFleetInput) (ret *NewFleetOutput, err error
return
}
log.Print("Creating admin user")
if _, err = client.Setup(in.Email, in.Name, in.Password, "Fleet Sandbox"); err != nil {
var token string
if token, err = client.Setup(in.Email, in.Name, in.Password, "Fleet Sandbox"); err != nil {
log.Print(err)
return
}
log.Print("Triggering SFN to start teardown timer")
if err = triggerSFN(fleet.ID, in.SandboxExpiration); err != nil {
log.Print(err)
return
}
log.Print("Applying basic config now that we have a user")
if err = applyConfig(c, ret.URL, token); err != nil {
log.Print(err)
return
}
return
}