fleet

mirror of https://github.com/fleetdm/fleet synced 2026-05-24 09:28:54 +00:00

Author	SHA1	Message	Date
Benjamin Edwards	14629202ed	add ingress destroyer (#10674 ) this PR adds a step in the AWS state function that introduces a new ECS fargate task that is responsible for destroying the ingress for the particular instance. I have tested the Go code locally, but not yet fully deployed into ECS. What is does is run: `aws eks update-kubeconfig` which is described as: ``` This command constructs a configuration with prepopulated server and certificate authority data values for a specified cluster. You can specify an IAM role ARN with the --role-arn option to use for authenti- cation when you issue kubectl commands. Otherwise, the IAM entity in your default AWS CLI or SDK credential chain is used. ``` I then write the output of this command to the tmp directory, then load the Go SDK for Kubernetes telling it to read this kubeconfig file to bootstrap which cluster we'll operate on. relates to https://github.com/fleetdm/fleet/issues/8569 Then its a simple Ingress destroy command. --------- Co-authored-by: zwinnerman-fleetdm <zwinnerman@fleetdm.com> Co-authored-by: Zachary Winnerman <98712682+zwinnerman-fleetdm@users.noreply.github.com>	2023-04-05 17:15:33 -04:00
Zach Wasserman	c136b3bdfa	Update Fleet library versions used in Sandbox (#10230 )	2023-03-01 15:22:14 -05:00
dependabot[bot]	74e01c36ae	Bump github.com/theupdateframework/go-tuf from 0.3.0 to 0.3.2 in /infrastructure/sandbox/PreProvisioner/lambda (#10223 ) Bumps [github.com/theupdateframework/go-tuf](https://github.com/theupdateframework/go-tuf) from 0.3.0 to 0.3.2. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/theupdateframework/go-tuf/releases">github.com/theupdateframework/go-tuf's releases</a>.</em></p> <blockquote> <h2>v0.3.2</h2> <h2>Changelog</h2> <h3>Bug fixes</h3> <ul> <li>b6695e4ba6d0b98beb851054c0f187df8d54a639: fix(verify): backport "Fix a vulnerability in the verification of threshold si… (<a href="https://github-redirect.dependabot.com/theupdateframework/go-tuf/issues/375">#375</a>) (<a href="https://github.com/znewman01"><code>@znewman01</code></a>)</li> </ul> <h2>v0.3.1</h2> <h2>Changelog</h2> <h3>Features</h3> <ul> <li>4bf58eb096f99647e7fd30447396c7a57202982f: feat: add <code>payload</code> and <code>add-signature</code> commands. (<a href="https://github-redirect.dependabot.com/theupdateframework/go-tuf/issues/214">#214</a>) (<a href="https://github.com/znewman01"><code>@znewman01</code></a>)</li> <li>39c23cb5043ad2c0d873f7cc7191a7256f6a3cb6: feat: add workflow responsible for notifying of new TUF spec release (<a href="https://github-redirect.dependabot.com/theupdateframework/go-tuf/issues/287">#287</a>) (<a href="https://github.com/rdimitrov"><code>@rdimitrov</code></a>)</li> <li>355e39cb2df220fc3961396a6d0e30bcf2c9ac12: feat: Implement TAP-12 support (<a href="https://github-redirect.dependabot.com/theupdateframework/go-tuf/issues/310">#310</a>) (<a href="https://github.com/znewman01"><code>@znewman01</code></a>)</li> </ul> <h3>Bug fixes</h3> <ul> <li>9a41055b8eee0fee60650c43037f35b919d72d7c: fix: check root metadata verification before snapshotting (<a href="https://github-redirect.dependabot.com/theupdateframework/go-tuf/issues/293">#293</a>) (<a href="https://github.com/asraa"><code>@asraa</code></a>)</li> <li>e3efe988f0371d41c83686204dc6ae23285bf33c: fix: verify length and hashes of fetched bytes before parsing (<a href="https://github-redirect.dependabot.com/theupdateframework/go-tuf/issues/325">#325</a>) (<a href="https://github.com/joshuagl"><code>@joshuagl</code></a>)</li> </ul> <h3>Others</h3> <ul> <li>ea0f98a4e1b72d7486e4e86baf7fd9a3ec1fc844: chore(deps): bump arnested/go-version-action from 1.0.67 to 1.0.69 (<a href="https://github-redirect.dependabot.com/theupdateframework/go-tuf/issues/288">#288</a>) (<a href="https://github.com/dependabot"><code>@dependabot</code></a>[bot])</li> <li>6722937104a3178b2b899c5ce1799de129ddb294: chore(deps): bump golangci/golangci-lint-action from 2.5.2 to 3.2.0 (<a href="https://github-redirect.dependabot.com/theupdateframework/go-tuf/issues/289">#289</a>) (<a href="https://github.com/dependabot"><code>@dependabot</code></a>[bot])</li> <li>e2594e68bf2239a0b60c576c47b5ede7ac8c8fe4: chore(deps): bump actions/setup-go from 3.0.0 to 3.1.0 (<a href="https://github-redirect.dependabot.com/theupdateframework/go-tuf/issues/290">#290</a>) (<a href="https://github.com/dependabot"><code>@dependabot</code></a>[bot])</li> <li>580db1958c1e16ee73d53055eb9793fde1110d8e: chore(deps): bump goreleaser/goreleaser-action from 2.9.1 to 3 (<a href="https://github-redirect.dependabot.com/theupdateframework/go-tuf/issues/294">#294</a>) (<a href="https://github.com/dependabot"><code>@dependabot</code></a>[bot])</li> <li>5884dab97151c7fd314ee34ac71bf0cf6167e21c: chore(deps): bump actions/setup-go from 3.1.0 to 3.2.0 (<a href="https://github-redirect.dependabot.com/theupdateframework/go-tuf/issues/295">#295</a>) (<a href="https://github.com/dependabot"><code>@dependabot</code></a>[bot])</li> <li>3b26aedfe985198bc88a9dda7525938c575ca046: chore(deps): bump arnested/go-version-action from 1.0.69 to 1.0.70 (<a href="https://github-redirect.dependabot.com/theupdateframework/go-tuf/issues/297">#297</a>) (<a href="https://github.com/dependabot"><code>@dependabot</code></a>[bot])</li> <li>041e818016131ec500c78ed8eb20fed9a5668861: chore(deps): bump github.com/secure-systems-lab/go-securesystemslib (<a href="https://github-redirect.dependabot.com/theupdateframework/go-tuf/issues/298">#298</a>) (<a href="https://github.com/dependabot"><code>@dependabot</code></a>[bot])</li> <li>ad96eca0239ec2cc9b6e408fbe42b2f9e9d6b1dd: chore(deps): bump github.com/stretchr/testify from 1.7.1 to 1.7.2 (<a href="https://github-redirect.dependabot.com/theupdateframework/go-tuf/issues/299">#299</a>) (<a href="https://github.com/dependabot"><code>@dependabot</code></a>[bot])</li> <li>36633af8d7a2162664a58f3fb1fe36a74e10428e: chore(deps): bump arnested/go-version-action from 1.0.70 to 1.1.0 (<a href="https://github-redirect.dependabot.com/theupdateframework/go-tuf/issues/300">#300</a>) (<a href="https://github.com/dependabot"><code>@dependabot</code></a>[bot])</li> <li>e24b175b00960136ecacb8111d9887d15ce47c6d: chore(deps): bump actions/setup-python from 3.1.2 to 4 (<a href="https://github-redirect.dependabot.com/theupdateframework/go-tuf/issues/311">#311</a>) (<a href="https://github.com/dependabot"><code>@dependabot</code></a>[bot])</li> <li>1684c680105f90a054f04e05b0f8ac540c4ef885: docs: Update CONTRIBUTING.md, add MAINTAINERS.md (<a href="https://github-redirect.dependabot.com/theupdateframework/go-tuf/issues/309">#309</a>) (<a href="https://github.com/znewman01"><code>@znewman01</code></a>)</li> <li>4139c85cd7632c659bf00f4b2810c37eb8d71a2c: chore(deps): bump arnested/go-version-action from 1.1.0 to 1.1.3 (<a href="https://github-redirect.dependabot.com/theupdateframework/go-tuf/issues/316">#316</a>) (<a href="https://github.com/dependabot"><code>@dependabot</code></a>[bot])</li> <li>36a29309b2531255fc7d374c4055dcfab0fd04e8: build: update go version to 1.18 (<a href="https://github-redirect.dependabot.com/theupdateframework/go-tuf/issues/314">#314</a>) (<a href="https://github.com/asraa"><code>@asraa</code></a>)</li> <li>ae904d2bb977a54e6a5527513c4d398c8d9cc285: docs: Add DCO instructions (<a href="https://github-redirect.dependabot.com/theupdateframework/go-tuf/issues/319">#319</a>) (<a href="https://github.com/znewman01"><code>@znewman01</code></a>)</li> <li>81cd9b36a8023d6e943f0f3cacfe664603fa3177: chore(deps): bump Python from 3.6 to 3.10 (<a href="https://github-redirect.dependabot.com/theupdateframework/go-tuf/issues/318">#318</a>) (<a href="https://github.com/rdimitrov"><code>@rdimitrov</code></a>)</li> <li>986a4c5a492be020d0ab16a5ea13b9963bf7af1f: chore(deps): bump requests from 2.27.1 to 2.28.0 (<a href="https://github-redirect.dependabot.com/theupdateframework/go-tuf/issues/317">#317</a>) (<a href="https://github.com/dependabot"><code>@dependabot</code></a>[bot])</li> <li>439ce47c43c772ad225101494db8307e97f869c3: chore(deps): bump github.com/stretchr/testify from 1.7.2 to 1.7.4 (<a href="https://github-redirect.dependabot.com/theupdateframework/go-tuf/issues/324">#324</a>) (<a href="https://github.com/dependabot"><code>@dependabot</code></a>[bot])</li> <li>3bb077e8c246429db8acafc78761de71cc4d6b62: chore(deps): bump requests from 2.28.0 to 2.28.1 (<a href="https://github-redirect.dependabot.com/theupdateframework/go-tuf/issues/332">#332</a>) (<a href="https://github.com/dependabot"><code>@dependabot</code></a>[bot])</li> <li>eed9e6c4d8eac821593800fd053d8cca5ee56137: chore(deps): bump github.com/stretchr/testify from 1.7.4 to 1.8.0 (<a href="https://github-redirect.dependabot.com/theupdateframework/go-tuf/issues/331">#331</a>) (<a href="https://github.com/dependabot"><code>@dependabot</code></a>[bot])</li> <li>0d40b25637fa35e4e546a0bafebaa7ee4591e172: test: fix flakey util test (<a href="https://github-redirect.dependabot.com/theupdateframework/go-tuf/issues/333">#333</a>) (<a href="https://github.com/asraa"><code>@asraa</code></a>)</li> </ul> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="`b6695e4ba6`"><code>b6695e4</code></a> fix(verify): backport "Fix a vulnerability in the verification of threshold s...</li> <li><a href="`0d40b25637`"><code>0d40b25</code></a> test: fix flakey util test (<a href="https://github-redirect.dependabot.com/theupdateframework/go-tuf/issues/333">#333</a>)</li> <li><a href="`eed9e6c4d8`"><code>eed9e6c</code></a> chore(deps): bump github.com/stretchr/testify from 1.7.4 to 1.8.0 (<a href="https://github-redirect.dependabot.com/theupdateframework/go-tuf/issues/331">#331</a>)</li> <li><a href="`3bb077e8c2`"><code>3bb077e</code></a> chore(deps): bump requests from 2.28.0 to 2.28.1 (<a href="https://github-redirect.dependabot.com/theupdateframework/go-tuf/issues/332">#332</a>)</li> <li><a href="`e3efe988f0`"><code>e3efe98</code></a> fix: verify length and hashes of fetched bytes before parsing (<a href="https://github-redirect.dependabot.com/theupdateframework/go-tuf/issues/325">#325</a>)</li> <li><a href="`439ce47c43`"><code>439ce47</code></a> chore(deps): bump github.com/stretchr/testify from 1.7.2 to 1.7.4 (<a href="https://github-redirect.dependabot.com/theupdateframework/go-tuf/issues/324">#324</a>)</li> <li><a href="`986a4c5a49`"><code>986a4c5</code></a> chore(deps): bump requests from 2.27.1 to 2.28.0 (<a href="https://github-redirect.dependabot.com/theupdateframework/go-tuf/issues/317">#317</a>)</li> <li><a href="`81cd9b36a8`"><code>81cd9b3</code></a> chore(deps): bump Python from 3.6 to 3.10 (<a href="https://github-redirect.dependabot.com/theupdateframework/go-tuf/issues/318">#318</a>)</li> <li><a href="`355e39cb2d`"><code>355e39c</code></a> feat: Implement TAP-12 support (<a href="https://github-redirect.dependabot.com/theupdateframework/go-tuf/issues/310">#310</a>)</li> <li><a href="`ae904d2bb9`"><code>ae904d2</code></a> docs: Add DCO instructions (<a href="https://github-redirect.dependabot.com/theupdateframework/go-tuf/issues/319">#319</a>)</li> <li>Additional commits viewable in <a href="https://github.com/theupdateframework/go-tuf/compare/v0.3.0...v0.3.2">compare view</a></li> </ul> </details> <br /> [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=github.com/theupdateframework/go-tuf&package-manager=go_modules&previous-version=0.3.0&new-version=0.3.2)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) You can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/fleetdm/fleet/network/alerts). </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2023-03-01 11:42:48 -08:00
dependabot[bot]	9addac9f8e	Bump golang.org/x/net from 0.0.0-20220225172249-27dd8689420f to 0.7.0 in /infrastructure/sandbox/PreProvisioner/lambda (#10173 ) Bumps [golang.org/x/net](https://github.com/golang/net) from 0.0.0-20220225172249-27dd8689420f to 0.7.0. <details> <summary>Commits</summary> <ul> <li>See full diff in <a href="https://github.com/golang/net/commits/v0.7.0">compare view</a></li> </ul> </details> <br /> [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=golang.org/x/net&package-manager=go_modules&previous-version=0.0.0-20220225172249-27dd8689420f&new-version=0.7.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) You can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/fleetdm/fleet/network/alerts). </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2023-02-28 09:44:26 -08:00
dependabot[bot]	57feba63dd	Bump golang.org/x/text from 0.3.7 to 0.3.8 in /infrastructure/sandbox/PreProvisioner/lambda (#10050 ) Bumps [golang.org/x/text](https://github.com/golang/text) from 0.3.7 to 0.3.8. <details> <summary>Commits</summary> <ul> <li><a href="`434eadcdbc`"><code>434eadc</code></a> language: reject excessively large Accept-Language strings</li> <li><a href="`23407e72ed`"><code>23407e7</code></a> go.mod: ignore cyclic dependency for tagging</li> <li><a href="`b18d3dd8a4`"><code>b18d3dd</code></a> secure/precis: replace bytes.Compare with bytes.Equal</li> <li><a href="`795e854ff3`"><code>795e854</code></a> all: replace io/ioutil with io and os package</li> <li><a href="`b0ca10ff35`"><code>b0ca10f</code></a> internal/language: bump script types to uint16 and update registry</li> <li><a href="`ba9b0e1d4b`"><code>ba9b0e1</code></a> go.mod: update x/tools to HEAD</li> <li><a href="`d03b418000`"><code>d03b418</code></a> A+C: delete AUTHORS and CONTRIBUTORS</li> <li><a href="`b4bca84b03`"><code>b4bca84</code></a> language/display: fix Tag method comment</li> <li><a href="`ea49e3e2d5`"><code>ea49e3e</code></a> go.mod: update x/tools to HEAD</li> <li><a href="`78819d01d0`"><code>78819d0</code></a> go.mod: update to golang.org/x/text v0.1.10</li> <li>Additional commits viewable in <a href="https://github.com/golang/text/compare/v0.3.7...v0.3.8">compare view</a></li> </ul> </details> <br /> [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=golang.org/x/text&package-manager=go_modules&previous-version=0.3.7&new-version=0.3.8)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) You can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/fleetdm/fleet/network/alerts). </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2023-02-27 18:09:44 -08:00
dependabot[bot]	6f0e0873ca	Bump golang from 1.18.4-bullseye to 1.19.0-bullseye (#7039 ) * Bump golang from 1.18.4-bullseye to 1.19.0-bullseye Bumps golang from 1.18.4-bullseye to 1.19.0-bullseye. --- updated-dependencies: - dependency-name: golang dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> * Update other golang deps as well * Update missing go mods Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Tomas Touceda <chiiph@gmail.com>	2022-08-10 17:00:01 -03:00
Zachary Winnerman	82ba1a00a2	Demo packaging (#7020 ) * checkin for testing * Initial work on packaging, still need to configure fleet to use it * Add the terraform stuff for installers * Add iam permissions for packaging * Add environment variables for installers to fleet * Implement review fixes * Add an extra state for provisioned, but not ready for customers * Add secretsmanager stuff for apple * fixup * fixup * Bugfixes * fixup * fixup and added some stuff to the readdme * Add link to openapi.json in readme	2022-08-05 11:41:41 -04:00
Zachary Winnerman	9338fcbcbd	Fleet Sandbox (#5079 ) * Add code for the shared infra part of the demo environment * Checkin * checkin * Checkin for pre-provisioner, got terraform working * Checkin with the pre-deployer working, now blocked by helm chart * Add interface for helm * Add some initial code for the JIT Provisioner lambda Lots of code taken from https://gitlab.com/hmajid2301/articles/-/tree/master/41.%20Create%20a%20webapp%20with%20fizz * Update helm chart to work with shared infra (#5621) * Update helm chart to work with shared infra * Update helm chart README to reflect changes. * Checkin * Checkin * Checkin, Pre-provisioner actually works * PreProvisioner is now complete * Make changes to the JIT provisioner based off of actually learning how to do stuff * checkin * Check in, broken currently * Add all code except provisioning and emailing user * Checkin * Checkin, fixed kubernetes * Checkin * Forgot a file * Finish jit provisioner, need to test now * Checkin, switching to nginx ingress * Fleets are now actually accessible * JITProvisioner now returns working fleet instances * Deprovisioner code done, just need a few bugs fixed * Fix the deprovisioner so it works now and re-ip * fixup * Finished testing the deprovisioner * Added monitoring and fixed some bugs * Add stuff for #6548 * fixed per luke's suggestion * Fix for inactive task definition arns * move everything to the prod account * Bump fleet version and fix a couple of bugs * Fix a couple of bugs * Lots of security fixes and a few bug fixes * Rename demo to sandbox to match product's naming * Revert "Update helm chart to work with shared infra (#5621)" This reverts commit `610bbd1c00`. Co-authored-by: Robert Fairburn <8029478+rfairburn@users.noreply.github.com>	2022-07-19 13:56:53 -05:00

8 commits