mirror of
https://github.com/fleetdm/fleet
synced 2026-05-24 09:28:54 +00:00
7 commits
| Author | SHA1 | Message | Date | |
|---|---|---|---|---|
Benjamin Edwards
|
14629202ed
|
add ingress destroyer (#10674)
this PR adds a step in the AWS state function that introduces a new ECS
fargate task that is responsible for destroying the ingress for the
particular instance.
I have tested the Go code locally, but not yet fully deployed into ECS.
What is does is run:
`aws eks update-kubeconfig` which is described as:
```
This command constructs a configuration with prepopulated server and
certificate authority data values for a specified cluster. You can
specify an IAM role ARN with the --role-arn option to use for authenti-
cation when you issue kubectl commands. Otherwise, the IAM entity in
your default AWS CLI or SDK credential chain is used.
```
I then write the output of this command to the tmp directory, then load
the Go SDK for Kubernetes telling it to read this kubeconfig file to
bootstrap which cluster we'll operate on.
relates to https://github.com/fleetdm/fleet/issues/8569
Then its a simple Ingress destroy command.
---------
Co-authored-by: zwinnerman-fleetdm <zwinnerman@fleetdm.com>
Co-authored-by: Zachary Winnerman <98712682+zwinnerman-fleetdm@users.noreply.github.com>
|
||
|
Zach Wasserman
|
c136b3bdfa
|
Update Fleet library versions used in Sandbox (#10230) | ||
|
dependabot[bot]
|
74e01c36ae
|
Bump github.com/theupdateframework/go-tuf from 0.3.0 to 0.3.2 in /infrastructure/sandbox/PreProvisioner/lambda (#10223)
Bumps [github.com/theupdateframework/go-tuf](https://github.com/theupdateframework/go-tuf) from 0.3.0 to 0.3.2. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/theupdateframework/go-tuf/releases">github.com/theupdateframework/go-tuf's releases</a>.</em></p> <blockquote> <h2>v0.3.2</h2> <h2>Changelog</h2> <h3>Bug fixes</h3> <ul> <li>b6695e4ba6d0b98beb851054c0f187df8d54a639: fix(verify): backport "Fix a vulnerability in the verification of threshold si… (<a href="https://github-redirect.dependabot.com/theupdateframework/go-tuf/issues/375">#375</a>) (<a href="https://github.com/znewman01"><code>@znewman01</code></a>)</li> </ul> <h2>v0.3.1</h2> <h2>Changelog</h2> <h3>Features</h3> <ul> <li>4bf58eb096f99647e7fd30447396c7a57202982f: feat: add <code>payload</code> and <code>add-signature</code> commands. (<a href="https://github-redirect.dependabot.com/theupdateframework/go-tuf/issues/214">#214</a>) (<a href="https://github.com/znewman01"><code>@znewman01</code></a>)</li> <li>39c23cb5043ad2c0d873f7cc7191a7256f6a3cb6: feat: add workflow responsible for notifying of new TUF spec release (<a href="https://github-redirect.dependabot.com/theupdateframework/go-tuf/issues/287">#287</a>) (<a href="https://github.com/rdimitrov"><code>@rdimitrov</code></a>)</li> <li>355e39cb2df220fc3961396a6d0e30bcf2c9ac12: feat: Implement TAP-12 support (<a href="https://github-redirect.dependabot.com/theupdateframework/go-tuf/issues/310">#310</a>) (<a href="https://github.com/znewman01"><code>@znewman01</code></a>)</li> </ul> <h3>Bug fixes</h3> <ul> <li>9a41055b8eee0fee60650c43037f35b919d72d7c: fix: check root metadata verification before snapshotting (<a href="https://github-redirect.dependabot.com/theupdateframework/go-tuf/issues/293">#293</a>) (<a href="https://github.com/asraa"><code>@asraa</code></a>)</li> <li>e3efe988f0371d41c83686204dc6ae23285bf33c: fix: verify length and hashes of fetched bytes before parsing (<a href="https://github-redirect.dependabot.com/theupdateframework/go-tuf/issues/325">#325</a>) (<a href="https://github.com/joshuagl"><code>@joshuagl</code></a>)</li> </ul> <h3>Others</h3> <ul> <li>ea0f98a4e1b72d7486e4e86baf7fd9a3ec1fc844: chore(deps): bump arnested/go-version-action from 1.0.67 to 1.0.69 (<a href="https://github-redirect.dependabot.com/theupdateframework/go-tuf/issues/288">#288</a>) (<a href="https://github.com/dependabot"><code>@dependabot</code></a>[bot])</li> <li>6722937104a3178b2b899c5ce1799de129ddb294: chore(deps): bump golangci/golangci-lint-action from 2.5.2 to 3.2.0 (<a href="https://github-redirect.dependabot.com/theupdateframework/go-tuf/issues/289">#289</a>) (<a href="https://github.com/dependabot"><code>@dependabot</code></a>[bot])</li> <li>e2594e68bf2239a0b60c576c47b5ede7ac8c8fe4: chore(deps): bump actions/setup-go from 3.0.0 to 3.1.0 (<a href="https://github-redirect.dependabot.com/theupdateframework/go-tuf/issues/290">#290</a>) (<a href="https://github.com/dependabot"><code>@dependabot</code></a>[bot])</li> <li>580db1958c1e16ee73d53055eb9793fde1110d8e: chore(deps): bump goreleaser/goreleaser-action from 2.9.1 to 3 (<a href="https://github-redirect.dependabot.com/theupdateframework/go-tuf/issues/294">#294</a>) (<a href="https://github.com/dependabot"><code>@dependabot</code></a>[bot])</li> <li>5884dab97151c7fd314ee34ac71bf0cf6167e21c: chore(deps): bump actions/setup-go from 3.1.0 to 3.2.0 (<a href="https://github-redirect.dependabot.com/theupdateframework/go-tuf/issues/295">#295</a>) (<a href="https://github.com/dependabot"><code>@dependabot</code></a>[bot])</li> <li>3b26aedfe985198bc88a9dda7525938c575ca046: chore(deps): bump arnested/go-version-action from 1.0.69 to 1.0.70 (<a href="https://github-redirect.dependabot.com/theupdateframework/go-tuf/issues/297">#297</a>) (<a href="https://github.com/dependabot"><code>@dependabot</code></a>[bot])</li> <li>041e818016131ec500c78ed8eb20fed9a5668861: chore(deps): bump github.com/secure-systems-lab/go-securesystemslib (<a href="https://github-redirect.dependabot.com/theupdateframework/go-tuf/issues/298">#298</a>) (<a href="https://github.com/dependabot"><code>@dependabot</code></a>[bot])</li> <li>ad96eca0239ec2cc9b6e408fbe42b2f9e9d6b1dd: chore(deps): bump github.com/stretchr/testify from 1.7.1 to 1.7.2 (<a href="https://github-redirect.dependabot.com/theupdateframework/go-tuf/issues/299">#299</a>) (<a href="https://github.com/dependabot"><code>@dependabot</code></a>[bot])</li> <li>36633af8d7a2162664a58f3fb1fe36a74e10428e: chore(deps): bump arnested/go-version-action from 1.0.70 to 1.1.0 (<a href="https://github-redirect.dependabot.com/theupdateframework/go-tuf/issues/300">#300</a>) (<a href="https://github.com/dependabot"><code>@dependabot</code></a>[bot])</li> <li>e24b175b00960136ecacb8111d9887d15ce47c6d: chore(deps): bump actions/setup-python from 3.1.2 to 4 (<a href="https://github-redirect.dependabot.com/theupdateframework/go-tuf/issues/311">#311</a>) (<a href="https://github.com/dependabot"><code>@dependabot</code></a>[bot])</li> <li>1684c680105f90a054f04e05b0f8ac540c4ef885: docs: Update CONTRIBUTING.md, add MAINTAINERS.md (<a href="https://github-redirect.dependabot.com/theupdateframework/go-tuf/issues/309">#309</a>) (<a href="https://github.com/znewman01"><code>@znewman01</code></a>)</li> <li>4139c85cd7632c659bf00f4b2810c37eb8d71a2c: chore(deps): bump arnested/go-version-action from 1.1.0 to 1.1.3 (<a href="https://github-redirect.dependabot.com/theupdateframework/go-tuf/issues/316">#316</a>) (<a href="https://github.com/dependabot"><code>@dependabot</code></a>[bot])</li> <li>36a29309b2531255fc7d374c4055dcfab0fd04e8: build: update go version to 1.18 (<a href="https://github-redirect.dependabot.com/theupdateframework/go-tuf/issues/314">#314</a>) (<a href="https://github.com/asraa"><code>@asraa</code></a>)</li> <li>ae904d2bb977a54e6a5527513c4d398c8d9cc285: docs: Add DCO instructions (<a href="https://github-redirect.dependabot.com/theupdateframework/go-tuf/issues/319">#319</a>) (<a href="https://github.com/znewman01"><code>@znewman01</code></a>)</li> <li>81cd9b36a8023d6e943f0f3cacfe664603fa3177: chore(deps): bump Python from 3.6 to 3.10 (<a href="https://github-redirect.dependabot.com/theupdateframework/go-tuf/issues/318">#318</a>) (<a href="https://github.com/rdimitrov"><code>@rdimitrov</code></a>)</li> <li>986a4c5a492be020d0ab16a5ea13b9963bf7af1f: chore(deps): bump requests from 2.27.1 to 2.28.0 (<a href="https://github-redirect.dependabot.com/theupdateframework/go-tuf/issues/317">#317</a>) (<a href="https://github.com/dependabot"><code>@dependabot</code></a>[bot])</li> <li>439ce47c43c772ad225101494db8307e97f869c3: chore(deps): bump github.com/stretchr/testify from 1.7.2 to 1.7.4 (<a href="https://github-redirect.dependabot.com/theupdateframework/go-tuf/issues/324">#324</a>) (<a href="https://github.com/dependabot"><code>@dependabot</code></a>[bot])</li> <li>3bb077e8c246429db8acafc78761de71cc4d6b62: chore(deps): bump requests from 2.28.0 to 2.28.1 (<a href="https://github-redirect.dependabot.com/theupdateframework/go-tuf/issues/332">#332</a>) (<a href="https://github.com/dependabot"><code>@dependabot</code></a>[bot])</li> <li>eed9e6c4d8eac821593800fd053d8cca5ee56137: chore(deps): bump github.com/stretchr/testify from 1.7.4 to 1.8.0 (<a href="https://github-redirect.dependabot.com/theupdateframework/go-tuf/issues/331">#331</a>) (<a href="https://github.com/dependabot"><code>@dependabot</code></a>[bot])</li> <li>0d40b25637fa35e4e546a0bafebaa7ee4591e172: test: fix flakey util test (<a href="https://github-redirect.dependabot.com/theupdateframework/go-tuf/issues/333">#333</a>) (<a href="https://github.com/asraa"><code>@asraa</code></a>)</li> </ul> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href=" |
||
|
dependabot[bot]
|
9addac9f8e
|
Bump golang.org/x/net from 0.0.0-20220225172249-27dd8689420f to 0.7.0 in /infrastructure/sandbox/PreProvisioner/lambda (#10173)
Bumps [golang.org/x/net](https://github.com/golang/net) from 0.0.0-20220225172249-27dd8689420f to 0.7.0. <details> <summary>Commits</summary> <ul> <li>See full diff in <a href="https://github.com/golang/net/commits/v0.7.0">compare view</a></li> </ul> </details> <br /> [](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) You can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/fleetdm/fleet/network/alerts). </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> |
||
|
dependabot[bot]
|
57feba63dd
|
Bump golang.org/x/text from 0.3.7 to 0.3.8 in /infrastructure/sandbox/PreProvisioner/lambda (#10050)
Bumps [golang.org/x/text](https://github.com/golang/text) from 0.3.7 to 0.3.8. <details> <summary>Commits</summary> <ul> <li><a href=" |
||
|
Zachary Winnerman
|
82ba1a00a2
|
Demo packaging (#7020)
* checkin for testing * Initial work on packaging, still need to configure fleet to use it * Add the terraform stuff for installers * Add iam permissions for packaging * Add environment variables for installers to fleet * Implement review fixes * Add an extra state for provisioned, but not ready for customers * Add secretsmanager stuff for apple * fixup * fixup * Bugfixes * fixup * fixup and added some stuff to the readdme * Add link to openapi.json in readme |
||
|
Zachary Winnerman
|
9338fcbcbd
|
Fleet Sandbox (#5079)
* Add code for the shared infra part of the demo environment
* Checkin
* checkin
* Checkin for pre-provisioner, got terraform working
* Checkin with the pre-deployer working, now blocked by helm chart
* Add interface for helm
* Add some initial code for the JIT Provisioner lambda
Lots of code taken from https://gitlab.com/hmajid2301/articles/-/tree/master/41.%20Create%20a%20webapp%20with%20fizz
* Update helm chart to work with shared infra (#5621)
* Update helm chart to work with shared infra
* Update helm chart README to reflect changes.
* Checkin
* Checkin
* Checkin, Pre-provisioner actually works
* PreProvisioner is now complete
* Make changes to the JIT provisioner based off of actually learning how
to do stuff
* checkin
* Check in, broken currently
* Add all code except provisioning and emailing user
* Checkin
* Checkin, fixed kubernetes
* Checkin
* Forgot a file
* Finish jit provisioner, need to test now
* Checkin, switching to nginx ingress
* Fleets are now actually accessible
* JITProvisioner now returns working fleet instances
* Deprovisioner code done, just need a few bugs fixed
* Fix the deprovisioner so it works now and re-ip
* fixup
* Finished testing the deprovisioner
* Added monitoring and fixed some bugs
* Add stuff for #6548
* fixed per luke's suggestion
* Fix for inactive task definition arns
* move everything to the prod account
* Bump fleet version and fix a couple of bugs
* Fix a couple of bugs
* Lots of security fixes and a few bug fixes
* Rename demo to sandbox to match product's naming
* Revert "Update helm chart to work with shared infra (#5621)"
This reverts commit
|