Elgato_dark/fleet
1
0
Fork 0
mirror of https://github.com/fleetdm/fleet synced 2026-05-24 09:28:54 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 31
fleet/terraform/addons/mdm
History
allenhouchins 9e484b46f4
fixed typo in Apple Business Manager (#20915)
2024-08-01 14:56:42 -07:00
..
.header.md Mdm module naming (#17519) 2024-03-13 04:57:27 -05:00
.terraform-docs.yml Dogfood changes (#9763) 2023-02-09 00:20:57 -05:00
.terraform.lock.hcl Initial windows-only mdm option in terraform addon module (#14639) 2023-10-27 07:09:20 -05:00
main.tf Mdm module naming (#17519) 2024-03-13 04:57:27 -05:00
outputs.tf Mdm module naming (#17519) 2024-03-13 04:57:27 -05:00
README.md fixed typo in Apple Business Manager (#20915) 2024-08-01 14:56:42 -07:00
variables.tf Mdm module naming (#17519) 2024-03-13 04:57:27 -05:00

README.md

MDM addon

Notice: Previous versions of this module referred to dep, but to reduce confusion that has been replaces with abm to mach the change to the newer Apple Business Manager. For each key/value pair below, the key names have been changed from previous version to match the name of the env var for easier usability. Older unused env vars were also removed for simplification. This includes removing the need for extra_environment_variables completely.

This addon enables MDM functionality for Fleet. It does this via several secrets in AWS that stores the necessary values. The following secrets are created:

  • abm
  • scep
  • apn

Note: ABM is optional. If Apple Business Manager (ABM) is not used, set the abm variable to null and it will be omitted.

Since this module cannot determine the value for the secrets at apply time, this module must be applied in 2 phases:

  1. In the first phase, just add the module without passing additional config to the main Fleet module
  2. In the second phase, after the secret values have been populated, apply while also passing the additional config to the main Fleet module.

The secrets should have the following layouts, note that all values are strings. If a value is a JSON object, string escape it.:

ABM

{
    "FLEET_MDM_APPLE_BM_CERT_BYTES": <ABM cert>,
    "FLEET_MDM_APPLE_BM_KEY_BYTES": <ABM key>,
    "FLEET_MDM_APPLE_BM_SERVER_TOKEN_BYTES": <ABM p7m token>
}

SCEP

{
    "FLEET_MDM_APPLE_SCEP_CERT_BYTES": <SCEP cert>,
    "FLEET_MDM_APPLE_SCEP_KEY_BYTES": <SCEP key>,
    "FLEET_MDM_APPLE_SCEP_CHALLENGE": <SCEP challenge>
}

Please note that for Windows, the same SCEP cert is used and the cert+key above will populate the following environment variables:

    "FLEET_MDM_WINDOWS_WSTEP_IDENTITY_CERT_BYTES"
    "FLEET_MDM_WINDOWS_WSTEP_IDENTITY_KEY_BYTES"

APN

{
    "FLEET_MDM_APPLE_APNS_CERT_BYTES": <APNS cert>,
    "FLEET_MDM_APPLE_APNS_KEY_BYTES ": <APNS key>
}

Requirements

No requirements.

Providers

Name Version
aws 4.53.0

Modules

No modules.

Resources

Name Type
aws_iam_policy.main resource
aws_secretsmanager_secret.abm resource
aws_secretsmanager_secret.apn resource
aws_secretsmanager_secret.scep resource
aws_iam_policy_document.main data source
aws_region.current data source

Inputs

Name Description Type Default Required
abm_secret_name n/a string "fleet-abm" no
apn_secret_name n/a string "fleet-apn" no
enable_apple_mdm n/a bool true no
enable_windows_mdm n/a bool false no
public_domain_name n/a string n/a yes
scep_secret_name n/a string "fleet-scep" no

Outputs

Name Description
abm n/a
apn n/a
extra_execution_iam_policies n/a
extra_secrets n/a
scep n/a