# Checklist for submitter
If some of the following don't apply, delete the relevant line.
- [ ] Changes file added for user-visible changes in `changes/` or
`orbit/changes/`.
See [Changes
files](https://fleetdm.com/docs/contributing/committing-changes#changes-files)
for more information.
- [ ] Documented any API changes (docs/Using-Fleet/REST-API.md or
docs/Contributing/API-for-contributors.md)
- [ ] Documented any permissions changes
- [ ] Input data is properly validated, `SELECT *` is avoided, SQL
injection is prevented (using placeholders for values in statements)
- [ ] Added support on fleet's osquery simulator `cmd/osquery-perf` for
new osquery data ingestion features.
- [ ] Added/updated tests
- [ ] Manual QA for all new/changed functionality
- For Orbit and Fleet Desktop changes:
- [ ] Manual QA must be performed in the three main OSs, macOS, Windows
and Linux.
- [ ] Auto-update manual QA, from released version of component to new
version (see [tools/tuf/test](../tools/tuf/test/README.md)).
# Checklist for submitter
If some of the following don't apply, delete the relevant line.
- [ ] Changes file added for user-visible changes in `changes/` or
`orbit/changes/`.
See [Changes
files](https://fleetdm.com/docs/contributing/committing-changes#changes-files)
for more information.
- [ ] Documented any API changes (docs/Using-Fleet/REST-API.md or
docs/Contributing/API-for-contributors.md)
- [ ] Documented any permissions changes
- [ ] Input data is properly validated, `SELECT *` is avoided, SQL
injection is prevented (using placeholders for values in statements)
- [ ] Added support on fleet's osquery simulator `cmd/osquery-perf` for
new osquery data ingestion features.
- [ ] Added/updated tests
- [ ] Manual QA for all new/changed functionality
- For Orbit and Fleet Desktop changes:
- [ ] Manual QA must be performed in the three main OSs, macOS, Windows
and Linux.
- [ ] Auto-update manual QA, from released version of component to new
version (see [tools/tuf/test](../tools/tuf/test/README.md)).
---------
Co-authored-by: zwinnerman-fleetdm <zwinnerman@fleetdm.com>
# Checklist for submitter
If some of the following don't apply, delete the relevant line.
- [x] Changes file added for user-visible changes in `changes/` or
`orbit/changes/`.
See [Changes
files](https://fleetdm.com/docs/contributing/committing-changes#changes-files)
for more information.
this PR adds a step in the AWS state function that introduces a new ECS
fargate task that is responsible for destroying the ingress for the
particular instance.
I have tested the Go code locally, but not yet fully deployed into ECS.
What is does is run:
`aws eks update-kubeconfig` which is described as:
```
This command constructs a configuration with prepopulated server and
certificate authority data values for a specified cluster. You can
specify an IAM role ARN with the --role-arn option to use for authenti-
cation when you issue kubectl commands. Otherwise, the IAM entity in
your default AWS CLI or SDK credential chain is used.
```
I then write the output of this command to the tmp directory, then load
the Go SDK for Kubernetes telling it to read this kubeconfig file to
bootstrap which cluster we'll operate on.
relates to https://github.com/fleetdm/fleet/issues/8569
Then its a simple Ingress destroy command.
---------
Co-authored-by: zwinnerman-fleetdm <zwinnerman@fleetdm.com>
Co-authored-by: Zachary Winnerman <98712682+zwinnerman-fleetdm@users.noreply.github.com>
# Checklist for submitter
If some of the following don't apply, delete the relevant line.
- [ ] Changes file added for user-visible changes in `changes/` or
`orbit/changes/`.
See [Changes
files](https://fleetdm.com/docs/contributing/committing-changes#changes-files)
for more information.
- [ ] Documented any API changes (docs/Using-Fleet/REST-API.md or
docs/Contributing/API-for-contributors.md)
- [ ] Documented any permissions changes
- [ ] Input data is properly validated, `SELECT *` is avoided, SQL
injection is prevented (using placeholders for values in statements)
- [ ] Added support on fleet's osquery simulator `cmd/osquery-perf` for
new osquery data ingestion features.
- [ ] Added/updated tests
- [ ] Manual QA for all new/changed functionality
- For Orbit and Fleet Desktop changes:
- [ ] Manual QA must be performed in the three main OSs, macOS, Windows
and Linux.
- [ ] Auto-update manual QA, from released version of component to new
version (see [tools/tuf/test](../tools/tuf/test/README.md)).
Bumps
[github.com/russellhaering/goxmldsig](https://github.com/russellhaering/goxmldsig)
from 1.1.0 to 1.1.1.
<details>
<summary>Commits</summary>
<ul>
<li><a
href="dfbd95396a"><code>dfbd953</code></a>
Bump Go versions in Travis</li>
<li><a
href="65601c817d"><code>65601c8</code></a>
Update dependencies</li>
<li><a
href="fb23e0af61"><code>fb23e0a</code></a>
Merge pull request <a
href="https://github-redirect.dependabot.com/russellhaering/goxmldsig/issues/71">#71</a>
from aporcupine/patch-1</li>
<li><a
href="ca2b448c7d"><code>ca2b448</code></a>
Explicitly check for case where SignatureValue is nil</li>
<li><a
href="3541f5e554"><code>3541f5e</code></a>
Merge pull request <a
href="https://github-redirect.dependabot.com/russellhaering/goxmldsig/issues/67">#67</a>
from santosh653/master</li>
<li><a
href="735e3c720c"><code>735e3c7</code></a>
Update .travis.yml</li>
<li><a
href="d6a59c7d76"><code>d6a59c7</code></a>
Update .travis.yml</li>
<li><a
href="add80e26e1"><code>add80e2</code></a>
Update .travis.yml</li>
<li><a
href="0bf1c10130"><code>0bf1c10</code></a>
Merge pull request <a
href="https://github-redirect.dependabot.com/russellhaering/goxmldsig/issues/61">#61</a>
from pboyd04/UseCanonicalizationFromSigInfo</li>
<li><a
href="d396ec6179"><code>d396ec6</code></a>
Merge pull request <a
href="https://github-redirect.dependabot.com/russellhaering/goxmldsig/issues/39">#39</a>
from aykevl/fixes</li>
<li>Additional commits viewable in <a
href="https://github.com/russellhaering/goxmldsig/compare/v1.1.0...v1.1.1">compare
view</a></li>
</ul>
</details>
<br />
[](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)
Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.
[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)
---
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)
You can disable automated security fix PRs for this repo from the
[Security Alerts page](https://github.com/fleetdm/fleet/network/alerts).
</details>
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
## Summary
This pull request is created by [Secure
Repo](https://app.stepsecurity.io/securerepo) at the request of @zwass.
Please merge the Pull Request to incorporate the requested changes.
Please tag @zwass on your message if you have any questions related to
the PR. You can also engage with the
[StepSecurity](https://github.com/step-security) team by tagging
@step-security-bot.
## Security Fixes
### Secure Dockerfiles
Pin image tags to digests in Dockerfiles. With the Docker v2 API
release, it became possible to use digests in place of tags when pulling
images or to use them in FROM lines in Dockerfiles.
- [The Open Source Security Foundation (OpenSSF) Security
Guide](https://github.com/ossf/scorecard/blob/main/docs/checks.md#pinned-dependencies)
## Feedback
For bug reports, feature requests, and general feedback; please create
an issue in
[step-security/secure-repo](https://github.com/step-security/secure-repo).
To create such PRs, please visit https://app.stepsecurity.io/securerepo.
Signed-off-by: StepSecurity Bot <bot@stepsecurity.io>
---------
Signed-off-by: StepSecurity Bot <bot@stepsecurity.io>
Co-authored-by: Zach Wasserman <zach@fleetdm.com>
Bumps [golang.org/x/net](https://github.com/golang/net) from
0.0.0-20220722155237-a158d28d115b to 0.7.0.
<details>
<summary>Commits</summary>
<ul>
<li>See full diff in <a
href="https://github.com/golang/net/commits/v0.7.0">compare
view</a></li>
</ul>
</details>
<br />
[](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)
Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.
[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)
---
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)
You can disable automated security fix PRs for this repo from the
[Security Alerts page](https://github.com/fleetdm/fleet/network/alerts).
</details>
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Bumps [golang.org/x/sys](https://github.com/golang/sys) from
0.0.0-20220227234510-4e6760a101f9 to 0.1.0.
<details>
<summary>Commits</summary>
<ul>
<li>See full diff in <a
href="https://github.com/golang/sys/commits/v0.1.0">compare
view</a></li>
</ul>
</details>
<br />
[](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)
Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.
[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)
---
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)
You can disable automated security fix PRs for this repo from the
[Security Alerts page](https://github.com/fleetdm/fleet/network/alerts).
</details>
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
[//]: # (dependabot-start)
⚠️ **Dependabot is rebasing this PR** ⚠️
Rebasing might not happen immediately, so don't worry if this takes some
time.
Note: if you make any changes to this PR yourself, they will take
precedence over the rebase.
---
[//]: # (dependabot-end)
Bumps [golang.org/x/text](https://github.com/golang/text) from 0.3.7 to
0.3.8.
<details>
<summary>Commits</summary>
<ul>
<li><a
href="434eadcdbc"><code>434eadc</code></a>
language: reject excessively large Accept-Language strings</li>
<li><a
href="23407e72ed"><code>23407e7</code></a>
go.mod: ignore cyclic dependency for tagging</li>
<li><a
href="b18d3dd8a4"><code>b18d3dd</code></a>
secure/precis: replace bytes.Compare with bytes.Equal</li>
<li><a
href="795e854ff3"><code>795e854</code></a>
all: replace io/ioutil with io and os package</li>
<li><a
href="b0ca10ff35"><code>b0ca10f</code></a>
internal/language: bump script types to uint16 and update registry</li>
<li><a
href="ba9b0e1d4b"><code>ba9b0e1</code></a>
go.mod: update x/tools to HEAD</li>
<li><a
href="d03b418000"><code>d03b418</code></a>
A+C: delete AUTHORS and CONTRIBUTORS</li>
<li><a
href="b4bca84b03"><code>b4bca84</code></a>
language/display: fix Tag method comment</li>
<li><a
href="ea49e3e2d5"><code>ea49e3e</code></a>
go.mod: update x/tools to HEAD</li>
<li><a
href="78819d01d0"><code>78819d0</code></a>
go.mod: update to golang.org/x/text v0.1.10</li>
<li>Additional commits viewable in <a
href="https://github.com/golang/text/compare/v0.3.7...v0.3.8">compare
view</a></li>
</ul>
</details>
<br />
[](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)
Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.
[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)
---
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)
You can disable automated security fix PRs for this repo from the
[Security Alerts page](https://github.com/fleetdm/fleet/network/alerts).
</details>
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
* Update go to 1.19.4
* Comment out failing package test
* Comment out ALL the packaging tests for windows for the moment
* Update go to 1.19.4
* Comment out failing package test
* Comment out ALL the packaging tests for windows for the moment
* Update changelog
* Bump versions
* Update changelog to reflect this being a security release
* Bump go to 1.19.1
* Bump remaining go-version to the 1.19.1
* Add extra paths for test-go
* Oops, putting the right path in the right place
* gofmt file
* gofmt ALL THE THINGS
* Moar changes
* Actually, go.mod doesn't like minor versions
* Add code for the shared infra part of the demo environment
* Checkin
* checkin
* Checkin for pre-provisioner, got terraform working
* Checkin with the pre-deployer working, now blocked by helm chart
* Add interface for helm
* Add some initial code for the JIT Provisioner lambda
Lots of code taken from https://gitlab.com/hmajid2301/articles/-/tree/master/41.%20Create%20a%20webapp%20with%20fizz
* Update helm chart to work with shared infra (#5621)
* Update helm chart to work with shared infra
* Update helm chart README to reflect changes.
* Checkin
* Checkin
* Checkin, Pre-provisioner actually works
* PreProvisioner is now complete
* Make changes to the JIT provisioner based off of actually learning how
to do stuff
* checkin
* Check in, broken currently
* Add all code except provisioning and emailing user
* Checkin
* Checkin, fixed kubernetes
* Checkin
* Forgot a file
* Finish jit provisioner, need to test now
* Checkin, switching to nginx ingress
* Fleets are now actually accessible
* JITProvisioner now returns working fleet instances
* Deprovisioner code done, just need a few bugs fixed
* Fix the deprovisioner so it works now and re-ip
* fixup
* Finished testing the deprovisioner
* Added monitoring and fixed some bugs
* Add stuff for #6548
* fixed per luke's suggestion
* Fix for inactive task definition arns
* move everything to the prod account
* Bump fleet version and fix a couple of bugs
* Fix a couple of bugs
* Lots of security fixes and a few bug fixes
* Rename demo to sandbox to match product's naming
* Revert "Update helm chart to work with shared infra (#5621)"
This reverts commit 610bbd1c00338620f6cc65fe2aff86139551f465.
Co-authored-by: Robert Fairburn <8029478+rfairburn@users.noreply.github.com>
