Elgato_dark/fleet
1
0
Fork 0
mirror of https://github.com/fleetdm/fleet synced 2026-05-23 08:58:41 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 114

Add Sentry secret to dogfood (#10859)

Browse source
This commit is contained in:
Robert Fairburn 2023-03-30 12:51:12 -05:00 committed by GitHub
parent 0de8b58f60
commit fc84da1a36
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
2 changed files with 18 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

1
.github/workflows/dogfood-deploy.yml vendored
View file

@ -27,6 +27,7 @@ env:
TF_VAR_fleet_image: ${{ github.event.inputs.DOCKER_IMAGE || 'fleetdm/fleet:main' }}
TF_VAR_fleet_license: ${{ secrets.DOGFOOD_LICENSE_KEY }}
TF_VAR_slack_webhook: ${{ secrets.SLACK_G_HELP_P1_WEBHOOK_URL }}
TF_VAR_sentry_dsn: ${{ secrets.DOGFOOD_SENTRY_DSN }}
permissions:
id-token: write

18
infrastructure/dogfood/terraform/aws-tf-module/main.tf
View file

@ -28,6 +28,8 @@ variable "fleet_license" {}
variable "fleet_image" {
default = "160035666661.dkr.ecr.us-east-2.amazonaws.com/fleet:1f68e7a5e39339d763da26a0c8ae3e459b2e1f016538d7962312310493381f7c"
}
variable "sentry_dsn" {
}
data "aws_caller_identity" "current" {}
@ -42,6 +44,9 @@ locals {
FLEET_VULNERABILITIES_DATABASES_PATH = "/home/fleet"
FLEET_OSQUERY_ENABLE_ASYNC_HOST_PROCESSING = "false"
}
sentry_secrets = {
SENTRY_DSN = "${aws_secretsmanager_secret.sentry.arn}:SENTRY_DSN::"
}
}
module "main" {
@ -85,7 +90,7 @@ module "main" {
extra_iam_policies = concat(module.firehose-logging.fleet_extra_iam_policies, module.osquery-carve.fleet_extra_iam_policies)
extra_execution_iam_policies = concat(module.mdm.extra_execution_iam_policies)
extra_environment_variables = merge(module.mdm.extra_environment_variables, module.firehose-logging.fleet_extra_environment_variables, module.osquery-carve.fleet_extra_environment_variables, local.extra_environment_variables)
extra_secrets = merge(module.mdm.extra_secrets)
extra_secrets = merge(module.mdm.extra_secrets, local.sentry_secrets)
}
alb_config = {
name = local.customer
@ -141,6 +146,17 @@ resource "aws_route53_record" "main" {
}
}
resource "aws_secretsmanager_secret" "sentry" {
name = "${local.customer}-sentry"
}
resource "aws_secretsmanager_secret_version" "sentry" {
secret_id = aws_secretsmanager_secret.sentry.id
secret_string = jsonencode({
SENTRY_DSN = var.sentry_dsn
})
}
module "migrations" {
source = "github.com/fleetdm/fleet//terraform/addons/migrations?ref=main"
ecs_cluster = module.main.byo-vpc.byo-db.byo-ecs.service.cluster