mirror of
https://github.com/empayre/fleet.git
synced 2024-11-06 00:45:19 +00:00
Add terraform version constraints (#11146)
# Checklist for submitter If some of the following don't apply, delete the relevant line. - [ ] Changes file added for user-visible changes in `changes/` or `orbit/changes/`. See [Changes files](https://fleetdm.com/docs/contributing/committing-changes#changes-files) for more information. - [ ] Documented any API changes (docs/Using-Fleet/REST-API.md or docs/Contributing/API-for-contributors.md) - [ ] Documented any permissions changes - [ ] Input data is properly validated, `SELECT *` is avoided, SQL injection is prevented (using placeholders for values in statements) - [ ] Added support on fleet's osquery simulator `cmd/osquery-perf` for new osquery data ingestion features. - [ ] Added/updated tests - [ ] Manual QA for all new/changed functionality - For Orbit and Fleet Desktop changes: - [ ] Manual QA must be performed in the three main OSs, macOS, Windows and Linux. - [ ] Auto-update manual QA, from released version of component to new version (see [tools/tuf/test](../tools/tuf/test/README.md)). Closes #11144
This commit is contained in:
parent
14bc2c36f5
commit
0a3df86138
@ -44,7 +44,9 @@ Edit .header.md and run `terraform-docs markdown . > README.md`
|
||||
|
||||
## Requirements
|
||||
|
||||
No requirements.
|
||||
| Name | Version |
|
||||
|------|---------|
|
||||
| <a name="requirement_terraform"></a> [terraform](#requirement\_terraform) | >= 1.3.8 |
|
||||
|
||||
## Providers
|
||||
|
||||
@ -70,12 +72,13 @@ No resources.
|
||||
| <a name="input_ecs_cluster"></a> [ecs\_cluster](#input\_ecs\_cluster) | The config for the terraform-aws-modules/ecs/aws module | <pre>object({<br> autoscaling_capacity_providers = optional(any, {})<br> cluster_configuration = optional(any, {<br> execute_command_configuration = {<br> logging = "OVERRIDE"<br> log_configuration = {<br> cloud_watch_log_group_name = "/aws/ecs/aws-ec2"<br> }<br> }<br> })<br> cluster_name = optional(string, "fleet")<br> cluster_settings = optional(map(string), {<br> "name" : "containerInsights",<br> "value" : "enabled",<br> })<br> create = optional(bool, true)<br> default_capacity_provider_use_fargate = optional(bool, true)<br> fargate_capacity_providers = optional(any, {<br> FARGATE = {<br> default_capacity_provider_strategy = {<br> weight = 100<br> }<br> }<br> FARGATE_SPOT = {<br> default_capacity_provider_strategy = {<br> weight = 0<br> }<br> }<br> })<br> tags = optional(map(string))<br> })</pre> | <pre>{<br> "autoscaling_capacity_providers": {},<br> "cluster_configuration": {<br> "execute_command_configuration": {<br> "log_configuration": {<br> "cloud_watch_log_group_name": "/aws/ecs/aws-ec2"<br> },<br> "logging": "OVERRIDE"<br> }<br> },<br> "cluster_name": "fleet",<br> "cluster_settings": {<br> "name": "containerInsights",<br> "value": "enabled"<br> },<br> "create": true,<br> "default_capacity_provider_use_fargate": true,<br> "fargate_capacity_providers": {<br> "FARGATE": {<br> "default_capacity_provider_strategy": {<br> "weight": 100<br> }<br> },<br> "FARGATE_SPOT": {<br> "default_capacity_provider_strategy": {<br> "weight": 0<br> }<br> }<br> },<br> "tags": {}<br>}</pre> | no |
|
||||
| <a name="input_fleet_config"></a> [fleet\_config](#input\_fleet\_config) | The configuration object for Fleet itself. Fields that default to null will have their respective resources created if not specified. | <pre>object({<br> mem = optional(number, 4096)<br> cpu = optional(number, 512)<br> image = optional(string, "fleetdm/fleet:v4.22.1")<br> family = optional(string, "fleet")<br> sidecars = optional(list(any), [])<br> extra_environment_variables = optional(map(string), {})<br> extra_iam_policies = optional(list(string), [])<br> extra_execution_iam_policies = optional(list(string), [])<br> extra_secrets = optional(map(string), {})<br> security_groups = optional(list(string), null)<br> security_group_name = optional(string, "fleet")<br> iam_role_arn = optional(string, null)<br> service = optional(object({<br> name = optional(string, "fleet")<br> }), {<br> name = "fleet"<br> })<br> database = optional(object({<br> password_secret_arn = string<br> user = string<br> database = string<br> address = string<br> rr_address = optional(string, null)<br> }), {<br> password_secret_arn = null<br> user = null<br> database = null<br> address = null<br> rr_address = null<br> })<br> redis = optional(object({<br> address = string<br> use_tls = optional(bool, true)<br> }), {<br> address = null<br> use_tls = true<br> })<br> awslogs = optional(object({<br> name = optional(string, null)<br> region = optional(string, null)<br> create = optional(bool, true)<br> prefix = optional(string, "fleet")<br> retention = optional(number, 5)<br> }), {<br> name = null<br> region = null<br> prefix = "fleet"<br> retention = 5<br> })<br> loadbalancer = optional(object({<br> arn = string<br> }), {<br> arn = null<br> })<br> networking = optional(object({<br> subnets = list(string)<br> security_groups = optional(list(string), null)<br> }), {<br> subnets = null<br> security_groups = null<br> })<br> autoscaling = optional(object({<br> max_capacity = optional(number, 5)<br> min_capacity = optional(number, 1)<br> memory_tracking_target_value = optional(number, 80)<br> cpu_tracking_target_value = optional(number, 80)<br> }), {<br> max_capacity = 5<br> min_capacity = 1<br> memory_tracking_target_value = 80<br> cpu_tracking_target_value = 80<br> })<br> iam = optional(object({<br> role = optional(object({<br> name = optional(string, "fleet-role")<br> policy_name = optional(string, "fleet-iam-policy")<br> }), {<br> name = "fleet-role"<br> policy_name = "fleet-iam-policy"<br> })<br> execution = optional(object({<br> name = optional(string, "fleet-execution-role")<br> policy_name = optional(string, "fleet-execution-role")<br> }), {<br> name = "fleet-execution-role"<br> policy_name = "fleet-iam-policy-execution"<br> })<br> }), {<br> name = "fleetdm-execution-role"<br> })<br> })</pre> | <pre>{<br> "autoscaling": {<br> "cpu_tracking_target_value": 80,<br> "max_capacity": 5,<br> "memory_tracking_target_value": 80,<br> "min_capacity": 1<br> },<br> "awslogs": {<br> "create": true,<br> "name": null,<br> "prefix": "fleet",<br> "region": null,<br> "retention": 5<br> },<br> "cpu": 256,<br> "database": {<br> "address": null,<br> "database": null,<br> "password_secret_arn": null,<br> "rr_address": null,<br> "user": null<br> },<br> "extra_environment_variables": {},<br> "extra_execution_iam_policies": [],<br> "extra_iam_policies": [],<br> "extra_secrets": {},<br> "family": "fleet",<br> "iam": {<br> "execution": {<br> "name": "fleet-execution-role",<br> "policy_name": "fleet-iam-policy-execution"<br> },<br> "role": {<br> "name": "fleet-role",<br> "policy_name": "fleet-iam-policy"<br> }<br> },<br> "iam_role_arn": null,<br> "image": "fleetdm/fleet:v4.22.1",<br> "loadbalancer": {<br> "arn": null<br> },<br> "mem": 512,<br> "networking": {<br> "security_groups": null,<br> "subnets": null<br> },<br> "redis": {<br> "address": null,<br> "use_tls": true<br> },<br> "security_group_name": "fleet",<br> "security_groups": null,<br> "service": {<br> "name": "fleet"<br> },<br> "sidecars": []<br>}</pre> | no |
|
||||
| <a name="input_migration_config"></a> [migration\_config](#input\_migration\_config) | The configuration object for Fleet's migration task. | <pre>object({<br> mem = number<br> cpu = number<br> })</pre> | <pre>{<br> "cpu": 1024,<br> "mem": 2048<br>}</pre> | no |
|
||||
| <a name="input_rds_config"></a> [rds\_config](#input\_rds\_config) | The config for the terraform-aws-modules/rds-aurora/aws module | <pre>object({<br> name = optional(string, "fleet")<br> engine_version = optional(string, "8.0.mysql_aurora.3.02.2")<br> instance_class = optional(string, "db.t4g.large")<br> subnets = optional(list(string), [])<br> allowed_security_groups = optional(list(string), [])<br> allowed_cidr_blocks = optional(list(string), [])<br> apply_immediately = optional(bool, true)<br> monitoring_interval = optional(number, 10)<br> db_parameter_group_name = optional(string)<br> db_parameters = optional(map(string), {})<br> db_cluster_parameter_group_name = optional(string)<br> db_cluster_parameters = optional(map(string), {})<br> enabled_cloudwatch_logs_exports = optional(list(string), [])<br> master_username = optional(string, "fleet")<br> snapshot_identifier = optional(string)<br> })</pre> | <pre>{<br> "allowed_cidr_blocks": [],<br> "allowed_security_groups": [],<br> "apply_immediately": true,<br> "db_cluster_parameter_group_name": null,<br> "db_cluster_parameters": {},<br> "db_parameter_group_name": null,<br> "db_parameters": {},<br> "enabled_cloudwatch_logs_exports": [],<br> "engine_version": "8.0.mysql_aurora.3.02.2",<br> "instance_class": "db.t4g.large",<br> "master_username": "fleet",<br> "monitoring_interval": 10,<br> "name": "fleet",<br> "snapshot_identifier": null,<br> "subnets": []<br>}</pre> | no |
|
||||
| <a name="input_redis_config"></a> [redis\_config](#input\_redis\_config) | n/a | <pre>object({<br> name = optional(string, "fleet")<br> replication_group_id = optional(string)<br> elasticache_subnet_group_name = optional(string)<br> allowed_security_group_ids = optional(list(string), [])<br> subnets = optional(list(string))<br> availability_zones = optional(list(string))<br> cluster_size = optional(number, 3)<br> instance_type = optional(string, "cache.m5.large")<br> apply_immediately = optional(bool, true)<br> automatic_failover_enabled = optional(bool, false)<br> engine_version = optional(string, "6.x")<br> family = optional(string, "redis6.x")<br> at_rest_encryption_enabled = optional(bool, true)<br> transit_encryption_enabled = optional(bool, true)<br> parameter = optional(list(object({<br> name = string<br> value = string<br> })), [])<br> })</pre> | <pre>{<br> "allowed_security_group_ids": [],<br> "apply_immediately": true,<br> "at_rest_encryption_enabled": true,<br> "automatic_failover_enabled": false,<br> "availability_zones": null,<br> "cluster_size": 3,<br> "elasticache_subnet_group_name": null,<br> "engine_version": "6.x",<br> "family": "redis6.x",<br> "instance_type": "cache.m5.large",<br> "name": "fleet",<br> "parameter": [],<br> "replication_group_id": null,<br> "subnets": null,<br> "transit_encryption_enabled": true<br>}</pre> | no |
|
||||
| <a name="input_vpc"></a> [vpc](#input\_vpc) | n/a | <pre>object({<br> name = optional(string, "fleet")<br> cidr = optional(string, "10.10.0.0/16")<br> azs = optional(list(string), ["us-east-2a", "us-east-2b", "us-east-2c"])<br> private_subnets = optional(list(string), ["10.10.1.0/24", "10.10.2.0/24", "10.10.3.0/24"])<br> public_subnets = optional(list(string), ["10.10.11.0/24", "10.10.12.0/24", "10.10.13.0/24"])<br> database_subnets = optional(list(string), ["10.10.21.0/24", "10.10.22.0/24", "10.10.23.0/24"])<br> elasticache_subnets = optional(list(string), ["10.10.31.0/24", "10.10.32.0/24", "10.10.33.0/24"])<br><br> create_database_subnet_group = optional(bool, false)<br> create_database_subnet_route_table = optional(bool, true)<br> create_elasticache_subnet_group = optional(bool, true)<br> create_elasticache_subnet_route_table = optional(bool, true)<br> enable_vpn_gateway = optional(bool, false)<br> one_nat_gateway_per_az = optional(bool, false)<br> single_nat_gateway = optional(bool, true)<br> enable_nat_gateway = optional(bool, true)<br><br> enable_flow_log = optional(bool, false)<br> create_flow_log_cloudwatch_log_group = optional(bool, false)<br> create_flow_log_cloudwatch_iam_role = optional(bool, false)<br> flow_log_max_aggregation_interval = optional(number, 600)<br> flow_log_cloudwatch_log_group_name_prefix = optional(string, "/aws/vpc-flow-log/")<br> flow_log_cloudwatch_log_group_name_suffix = optional(string, "")<br> vpc_flow_log_tags = optional(map(string), {})<br> })</pre> | <pre>{<br> "azs": [<br> "us-east-2a",<br> "us-east-2b",<br> "us-east-2c"<br> ],<br> "cidr": "10.10.0.0/16",<br> "create_database_subnet_group": false,<br> "create_database_subnet_route_table": true,<br> "create_elasticache_subnet_group": true,<br> "create_elasticache_subnet_route_table": true,<br> "create_flow_log_cloudwatch_iam_role": false,<br> "create_flow_log_cloudwatch_log_group": false,<br> "database_subnets": [<br> "10.10.21.0/24",<br> "10.10.22.0/24",<br> "10.10.23.0/24"<br> ],<br> "elasticache_subnets": [<br> "10.10.31.0/24",<br> "10.10.32.0/24",<br> "10.10.33.0/24"<br> ],<br> "enable_flow_log": false,<br> "enable_nat_gateway": true,<br> "enable_vpn_gateway": false,<br> "flow_log_cloudwatch_log_group_name_prefix": "/aws/vpc-flow-log/",<br> "flow_log_cloudwatch_log_group_name_suffix": "",<br> "flow_log_max_aggregation_interval": 600,<br> "name": "fleet",<br> "one_nat_gateway_per_az": false,<br> "private_subnets": [<br> "10.10.1.0/24",<br> "10.10.2.0/24",<br> "10.10.3.0/24"<br> ],<br> "public_subnets": [<br> "10.10.11.0/24",<br> "10.10.12.0/24",<br> "10.10.13.0/24"<br> ],<br> "single_nat_gateway": true,<br> "vpc_flow_log_tags": {}<br>}</pre> | no |
|
||||
| <a name="input_rds_config"></a> [rds\_config](#input\_rds\_config) | The config for the terraform-aws-modules/rds-aurora/aws module | <pre>object({<br> name = optional(string, "fleet")<br> engine_version = optional(string, "8.0.mysql_aurora.3.02.2")<br> instance_class = optional(string, "db.t4g.large")<br> subnets = optional(list(string), [])<br> allowed_security_groups = optional(list(string), [])<br> allowed_cidr_blocks = optional(list(string), [])<br> apply_immediately = optional(bool, true)<br> monitoring_interval = optional(number, 10)<br> db_parameter_group_name = optional(string)<br> db_parameters = optional(map(string), {})<br> db_cluster_parameter_group_name = optional(string)<br> db_cluster_parameters = optional(map(string), {})<br> enabled_cloudwatch_logs_exports = optional(list(string), [])<br> master_username = optional(string, "fleet")<br> snapshot_identifier = optional(string)<br> cluster_tags = optional(map(string), {})<br> })</pre> | <pre>{<br> "allowed_cidr_blocks": [],<br> "allowed_security_groups": [],<br> "apply_immediately": true,<br> "cluster_tags": {},<br> "db_cluster_parameter_group_name": null,<br> "db_cluster_parameters": {},<br> "db_parameter_group_name": null,<br> "db_parameters": {},<br> "enabled_cloudwatch_logs_exports": [],<br> "engine_version": "8.0.mysql_aurora.3.02.2",<br> "instance_class": "db.t4g.large",<br> "master_username": "fleet",<br> "monitoring_interval": 10,<br> "name": "fleet",<br> "snapshot_identifier": null,<br> "subnets": []<br>}</pre> | no |
|
||||
| <a name="input_redis_config"></a> [redis\_config](#input\_redis\_config) | n/a | <pre>object({<br> name = optional(string, "fleet")<br> replication_group_id = optional(string)<br> elasticache_subnet_group_name = optional(string)<br> allowed_security_group_ids = optional(list(string), [])<br> subnets = optional(list(string))<br> availability_zones = optional(list(string))<br> cluster_size = optional(number, 3)<br> instance_type = optional(string, "cache.m5.large")<br> apply_immediately = optional(bool, true)<br> automatic_failover_enabled = optional(bool, false)<br> engine_version = optional(string, "6.x")<br> family = optional(string, "redis6.x")<br> at_rest_encryption_enabled = optional(bool, true)<br> transit_encryption_enabled = optional(bool, true)<br> parameter = optional(list(object({<br> name = string<br> value = string<br> })), [])<br> tags = optional(map(string), {})<br> })</pre> | <pre>{<br> "allowed_security_group_ids": [],<br> "apply_immediately": true,<br> "at_rest_encryption_enabled": true,<br> "automatic_failover_enabled": false,<br> "availability_zones": null,<br> "cluster_size": 3,<br> "elasticache_subnet_group_name": null,<br> "engine_version": "6.x",<br> "family": "redis6.x",<br> "instance_type": "cache.m5.large",<br> "name": "fleet",<br> "parameter": [],<br> "replication_group_id": null,<br> "subnets": null,<br> "tags": {},<br> "transit_encryption_enabled": true<br>}</pre> | no |
|
||||
| <a name="input_vpc"></a> [vpc](#input\_vpc) | n/a | <pre>object({<br> name = optional(string, "fleet")<br> cidr = optional(string, "10.10.0.0/16")<br> azs = optional(list(string), ["us-east-2a", "us-east-2b", "us-east-2c"])<br> private_subnets = optional(list(string), ["10.10.1.0/24", "10.10.2.0/24", "10.10.3.0/24"])<br> public_subnets = optional(list(string), ["10.10.11.0/24", "10.10.12.0/24", "10.10.13.0/24"])<br> database_subnets = optional(list(string), ["10.10.21.0/24", "10.10.22.0/24", "10.10.23.0/24"])<br> elasticache_subnets = optional(list(string), ["10.10.31.0/24", "10.10.32.0/24", "10.10.33.0/24"])<br><br> create_database_subnet_group = optional(bool, false)<br> create_database_subnet_route_table = optional(bool, true)<br> create_elasticache_subnet_group = optional(bool, true)<br> create_elasticache_subnet_route_table = optional(bool, true)<br> enable_vpn_gateway = optional(bool, false)<br> one_nat_gateway_per_az = optional(bool, false)<br> single_nat_gateway = optional(bool, true)<br> enable_nat_gateway = optional(bool, true)<br> enable_dns_hostnames = optional(bool, false)<br> enable_dns_support = optional(bool, true)<br> enable_flow_log = optional(bool, false)<br> create_flow_log_cloudwatch_log_group = optional(bool, false)<br> create_flow_log_cloudwatch_iam_role = optional(bool, false)<br> flow_log_max_aggregation_interval = optional(number, 600)<br> flow_log_cloudwatch_log_group_name_prefix = optional(string, "/aws/vpc-flow-log/")<br> flow_log_cloudwatch_log_group_name_suffix = optional(string, "")<br> vpc_flow_log_tags = optional(map(string), {})<br> })</pre> | <pre>{<br> "azs": [<br> "us-east-2a",<br> "us-east-2b",<br> "us-east-2c"<br> ],<br> "cidr": "10.10.0.0/16",<br> "create_database_subnet_group": false,<br> "create_database_subnet_route_table": true,<br> "create_elasticache_subnet_group": true,<br> "create_elasticache_subnet_route_table": true,<br> "create_flow_log_cloudwatch_iam_role": false,<br> "create_flow_log_cloudwatch_log_group": false,<br> "database_subnets": [<br> "10.10.21.0/24",<br> "10.10.22.0/24",<br> "10.10.23.0/24"<br> ],<br> "elasticache_subnets": [<br> "10.10.31.0/24",<br> "10.10.32.0/24",<br> "10.10.33.0/24"<br> ],<br> "enable_dns_hostnames": false,<br> "enable_dns_support": true,<br> "enable_flow_log": false,<br> "enable_nat_gateway": true,<br> "enable_vpn_gateway": false,<br> "flow_log_cloudwatch_log_group_name_prefix": "/aws/vpc-flow-log/",<br> "flow_log_cloudwatch_log_group_name_suffix": "",<br> "flow_log_max_aggregation_interval": 600,<br> "name": "fleet",<br> "one_nat_gateway_per_az": false,<br> "private_subnets": [<br> "10.10.1.0/24",<br> "10.10.2.0/24",<br> "10.10.3.0/24"<br> ],<br> "public_subnets": [<br> "10.10.11.0/24",<br> "10.10.12.0/24",<br> "10.10.13.0/24"<br> ],<br> "single_nat_gateway": true,<br> "vpc_flow_log_tags": {}<br>}</pre> | no |
|
||||
|
||||
## Outputs
|
||||
|
||||
| Name | Description |
|
||||
|------|-------------|
|
||||
| <a name="output_byo-vpc"></a> [byo-vpc](#output\_byo-vpc) | n/a |
|
||||
| <a name="output_vpc"></a> [vpc](#output\_vpc) | n/a |
|
||||
|
@ -1,3 +1,7 @@
|
||||
terraform {
|
||||
required_version = ">= 1.3.8"
|
||||
}
|
||||
|
||||
module "vpc" {
|
||||
source = "terraform-aws-modules/vpc/aws"
|
||||
version = "3.18.1"
|
||||
|
Loading…
Reference in New Issue
Block a user