Commit Graph

49 Commits

Author SHA1 Message Date
Zachary Winnerman
ac797c8f81
Fix variable consistency for optional in fleet_config (#12874)
# Checklist for submitter

If some of the following don't apply, delete the relevant line.

- [ ] Changes file added for user-visible changes in `changes/` or
`orbit/changes/`.
See [Changes
files](https://fleetdm.com/docs/contributing/committing-changes#changes-files)
for more information.
- [ ] Documented any API changes (docs/Using-Fleet/REST-API.md or
docs/Contributing/API-for-contributors.md)
- [ ] Documented any permissions changes
- [ ] Input data is properly validated, `SELECT *` is avoided, SQL
injection is prevented (using placeholders for values in statements)
- [ ] Added support on fleet's osquery simulator `cmd/osquery-perf` for
new osquery data ingestion features.
- [ ] Added/updated tests
- [ ] Manual QA for all new/changed functionality
  - For Orbit and Fleet Desktop changes:
- [ ] Manual QA must be performed in the three main OSs, macOS, Windows
and Linux.
- [ ] Auto-update manual QA, from released version of component to new
version (see [tools/tuf/test](../tools/tuf/test/README.md)).
2023-07-20 14:33:15 -04:00
Benjamin Edwards
97a705af5d
fleet tf module config (#12304) 2023-06-22 21:06:59 -04:00
Benjamin Edwards
4156859b90
feat(outputs.tf): add FLEET_FIREHOSE_AUDIT_STREAM environment variable (#12415)
forgot to add the env variable
2023-06-20 22:55:43 -04:00
Robert Fairburn
7370e80fd7
Update terraform logging addon (#12339)
This should allow us to pass in policies for kms and both s3 buckets.
This is needed in order to allow for the new sns alerting lambda to
query athena for 5xx errors.
2023-06-14 19:01:13 -05:00
Robert Fairburn
cfe59b169e
remove s3 acl from terraform/addons/logging-alb (#12169)
Fixes "the bucket does not allow acls". If it doesn't allow them, then
don't make one.

Validated logging still works.
2023-06-06 14:42:04 -04:00
Benjamin Edwards
806e6b9887
terraform module -- firehose audit logs (#11710)
Add support for Fleet audit logs by adding a new variable
`firehose_audit_name` to the `firehose` module. If the variable is set,
a new delivery stream is created for Fleet audit logs. The IAM role is
updated to allow writing to the new delivery stream. The `outputs.tf`
file is updated to include the new environment variable
`FLEET_ACTIVITY_ENABLE_AUDIT_LOG` and `FLEET_ACTIVITY_AUDIT_LOG_PLUGIN`
to the `fleet_extra_environment_variables` output. The `firehose_policy`
in `firehose.tf` is updated to allow writing to the new delivery stream.
The `firehose_audit` policy is created and attached to the IAM role if
the `firehose_audit_name` variable is set.

---------

Co-authored-by: Robert Fairburn <8029478+rfairburn@users.noreply.github.com>
2023-05-31 15:02:22 -04:00
Benjamin Edwards
052dcb7b50
update deploying on terraform guide to be module based, update terraf… (#11847) 2023-05-30 20:11:06 -04:00
Zachary Winnerman
af8ea1eb2f
Use tags for our code (#11854)
# Checklist for submitter

If some of the following don't apply, delete the relevant line.

- [ ] Changes file added for user-visible changes in `changes/` or
`orbit/changes/`.
See [Changes
files](https://fleetdm.com/docs/contributing/committing-changes#changes-files)
for more information.
- [ ] Documented any API changes (docs/Using-Fleet/REST-API.md or
docs/Contributing/API-for-contributors.md)
- [ ] Documented any permissions changes
- [ ] Input data is properly validated, `SELECT *` is avoided, SQL
injection is prevented (using placeholders for values in statements)
- [ ] Added support on fleet's osquery simulator `cmd/osquery-perf` for
new osquery data ingestion features.
- [ ] Added/updated tests
- [ ] Manual QA for all new/changed functionality
  - For Orbit and Fleet Desktop changes:
- [ ] Manual QA must be performed in the three main OSs, macOS, Windows
and Linux.
- [ ] Auto-update manual QA, from released version of component to new
version (see [tools/tuf/test](../tools/tuf/test/README.md)).

See #11583
2023-05-22 14:07:09 -04:00
Zachary Winnerman
3a43c1ebc2
Add waf to dogfood (#11541)
# Checklist for submitter

If some of the following don't apply, delete the relevant line.

- [ ] Changes file added for user-visible changes in `changes/` or
`orbit/changes/`.
See [Changes
files](https://fleetdm.com/docs/contributing/committing-changes#changes-files)
for more information.
- [ ] Documented any API changes (docs/Using-Fleet/REST-API.md or
docs/Contributing/API-for-contributors.md)
- [ ] Documented any permissions changes
- [ ] Input data is properly validated, `SELECT *` is avoided, SQL
injection is prevented (using placeholders for values in statements)
- [ ] Added support on fleet's osquery simulator `cmd/osquery-perf` for
new osquery data ingestion features.
- [ ] Added/updated tests
- [ ] Manual QA for all new/changed functionality
  - For Orbit and Fleet Desktop changes:
- [ ] Manual QA must be performed in the three main OSs, macOS, Windows
and Linux.
- [ ] Auto-update manual QA, from released version of component to new
version (see [tools/tuf/test](../tools/tuf/test/README.md)).

Closes #10716
2023-05-05 12:06:16 -04:00
Benjamin Edwards
3fc78e0e3c
firehose module update (#11444) 2023-05-01 17:38:18 -04:00
Benjamin Edwards
9a2581e1d6
fix firehose addon take 2 (#11369)
rename aws_iam_policy and aws_iam_policy_attachment resources to use
underscore instead of hyphen in their names. Also, change
aws_iam_policy_attachment to aws_iam_role_policy_attachment to match the
correct resource type.
2023-04-26 23:08:09 -04:00
Benjamin Edwards
1208c0151e
BYO-Firehose module updates (#11333)
feat(firehose): add Terraform documentation to README.md
feat(firehose): add Terraform module for IAM policy
feat(firehose): add Terraform output for IAM policy ARN

docs(byo-firehose-logging-destination): add introduction and explanation
of IAM role and policy

This commit adds an introduction and explanation of the IAM role and
policy defined in the Terraform code. Specifically, it explains that the
IAM role named `fleet_role` is being defined in the AWS account, and
that it will be assumed by the Fleet application being hosted. The
commit also explains that the IAM role is being given specific
permissions to perform certain actions on the Firehose service, and that
the associated IAM policy specifies the minimum allowed permissions.
Additionally, the commit explains that the Firehose service is KMS
encrypted, and that the IAM role needs permission to the KMS key being
used to encrypt the data going into Firehose. Finally, the commit
explains that the code sets up a secure and controlled environment for
the Fleet application to perform its necessary actions on the Firehose
service within the AWS account.

refactor(byo-firehose-logging-destination): reformat table of resources
and inputs
feat(byo-firehose-logging-destination): add KMS key resource for
firehose encryption
feat(byo-firehose-logging-destination): add S3 bucket resource for
logging destination
feat(byo-firehose-logging-destination): add IAM policy and role
resources for firehose
feat(byo-firehose-logging-destination): add IAM policy attachment
resource for fleet-firehose policy
feat(byo-firehose-logging-destination): add data source for current AWS
region
feat(byo-firehose-logging-destination): add data source for KMS alias
feat(byo-firehose-logging-destination): add data source for IAM policy
documents
feat(byo-firehose-logging-destination): add outputs for firehose IAM
role, delivery streams, and S3 bucket

fix(iam.tf): change aws_iam_policy and aws_iam_policy_attachment
resource names to include fleet prefix

closes https://github.com/fleetdm/fleet/issues/11331
2023-04-26 12:00:42 -04:00
Robert Fairburn
9c8797eef2
Terraform module to use mysql reader endpoint by default (#11315) 2023-04-25 12:47:42 -05:00
Benjamin Edwards
9c594fba21
feat(terraform): add zone_id variable to ses module (#11196)
The zone_id variable is added to the ses module to allow the module to
be used with different Route53 zones. The variable is used in the
aws_route53_record resource to set the zone_id attribute. The
aws_route53_zone data source is removed from the module and the zone_id
attribute is set directly. The count attribute is added to the
aws_route53_record resource to allow for multiple DKIM records to be
created.
2023-04-17 17:04:51 -04:00
Scott Blake
a6b6f77b08
Fix a typo (#11227) 2023-04-17 15:58:22 -05:00
Zachary Winnerman
0a3df86138
Add terraform version constraints (#11146)
# Checklist for submitter

If some of the following don't apply, delete the relevant line.

- [ ] Changes file added for user-visible changes in `changes/` or
`orbit/changes/`.
See [Changes
files](https://fleetdm.com/docs/contributing/committing-changes#changes-files)
for more information.
- [ ] Documented any API changes (docs/Using-Fleet/REST-API.md or
docs/Contributing/API-for-contributors.md)
- [ ] Documented any permissions changes
- [ ] Input data is properly validated, `SELECT *` is avoided, SQL
injection is prevented (using placeholders for values in statements)
- [ ] Added support on fleet's osquery simulator `cmd/osquery-perf` for
new osquery data ingestion features.
- [ ] Added/updated tests
- [ ] Manual QA for all new/changed functionality
  - For Orbit and Fleet Desktop changes:
- [ ] Manual QA must be performed in the three main OSs, macOS, Windows
and Linux.
- [ ] Auto-update manual QA, from released version of component to new
version (see [tools/tuf/test](../tools/tuf/test/README.md)).

Closes #11144
2023-04-11 12:39:56 -04:00
Benjamin Edwards
6f836d60cb
add support for AWS SES email backend (#10847) 2023-04-06 13:21:07 -05:00
Zach Wasserman
70a429327f
Use proper name for ALB policy (#10889)
Fixes issue from #10887.
2023-03-30 11:15:30 -07:00
Zach Wasserman
24533da337
Require TLS 1.2 in Terraform ALB listener (#10887)
This should fix tfsec
https://aquasecurity.github.io/tfsec/v1.0.8/checks/aws/elb/use-secure-tls-policy/
by configuring
https://registry.terraform.io/modules/terraform-aws-modules/alb/aws/6.4.0#input_listener_ssl_policy_default.
2023-03-30 10:52:42 -07:00
Benjamin Edwards
4161ee5679
create vuln processing addon (#10526)
two things here:

1. create addon for use in new modular terraform
2. create vuln processing terraform for legacy terraform, but by default
its disabled
2023-03-29 08:57:10 -04:00
Luke Heath
1265ff4b7d
Remove the MDM feature flags (#10825) 2023-03-28 17:12:16 -05:00
Robert Fairburn
def04c5833
Fix terraform logging addon-module and apply to dogfood (#10712) 2023-03-23 11:23:14 -05:00
Zachary Winnerman
e78554540f
Add ability to tag data containing resources (#10534)
# Checklist for submitter

If some of the following don't apply, delete the relevant line.

- [ ] Changes file added for user-visible changes in `changes/` or
`orbit/changes/`.
See [Changes
files](https://fleetdm.com/docs/contributing/committing-changes#changes-files)
for more information.
- [ ] Documented any API changes (docs/Using-Fleet/REST-API.md or
docs/Contributing/API-for-contributors.md)
- [ ] Documented any permissions changes
- [ ] Input data is properly validated, `SELECT *` is avoided, SQL
injection is prevented (using placeholders for values in statements)
- [ ] Added support on fleet's osquery simulator `cmd/osquery-perf` for
new osquery data ingestion features.
- [ ] Added/updated tests
- [ ] Manual QA for all new/changed functionality
  - For Orbit and Fleet Desktop changes:
- [ ] Manual QA must be performed in the three main OSs, macOS, Windows
and Linux.
- [ ] Auto-update manual QA, from released version of component to new
version (see [tools/tuf/test](../tools/tuf/test/README.md)).
2023-03-16 14:10:42 -04:00
Robert Fairburn
b857fee61f
Terraform MDM make DEP/ABM optional (#10462) 2023-03-16 01:09:57 -05:00
Robert Fairburn
989e0f7121
Add rds_parameters to tf module for dogfood to apply sort_buffer_size (#10528) 2023-03-16 00:31:12 -05:00
Zachary Winnerman
87ea6a7c0f
Add flow log support to terraform module (#10499)
# Checklist for submitter

If some of the following don't apply, delete the relevant line.

- [ ] Changes file added for user-visible changes in `changes/` or
`orbit/changes/`.
See [Changes
files](https://fleetdm.com/docs/contributing/committing-changes#changes-files)
for more information.
- [ ] Documented any API changes (docs/Using-Fleet/REST-API.md or
docs/Contributing/API-for-contributors.md)
- [ ] Documented any permissions changes
- [ ] Input data is properly validated, `SELECT *` is avoided, SQL
injection is prevented (using placeholders for values in statements)
- [ ] Added support on fleet's osquery simulator `cmd/osquery-perf` for
new osquery data ingestion features.
- [ ] Added/updated tests
- [ ] Manual QA for all new/changed functionality
  - For Orbit and Fleet Desktop changes:
- [ ] Manual QA must be performed in the three main OSs, macOS, Windows
and Linux.
- [ ] Auto-update manual QA, from released version of component to new
version (see [tools/tuf/test](../tools/tuf/test/README.md)).
2023-03-14 21:18:33 -04:00
Zachary Winnerman
2933a7bdaa
Add ability to use sidecars (#10287)
# Checklist for submitter

If some of the following don't apply, delete the relevant line.

- [ ] Changes file added for user-visible changes in `changes/` or
`orbit/changes/`.
See [Changes
files](https://fleetdm.com/docs/contributing/committing-changes#changes-files)
for more information.
- [ ] Documented any API changes (docs/Using-Fleet/REST-API.md or
docs/Contributing/API-for-contributors.md)
- [ ] Documented any permissions changes
- [ ] Input data is properly validated, `SELECT *` is avoided, SQL
injection is prevented (using placeholders for values in statements)
- [ ] Added support on fleet's osquery simulator `cmd/osquery-perf` for
new osquery data ingestion features.
- [ ] Added/updated tests
- [ ] Manual QA for all new/changed functionality
  - For Orbit and Fleet Desktop changes:
- [ ] Manual QA must be performed in the three main OSs, macOS, Windows
and Linux.
- [ ] Auto-update manual QA, from released version of component to new
version (see [tools/tuf/test](../tools/tuf/test/README.md)).
2023-03-03 13:50:48 -05:00
Zachary Winnerman
714a628908
Update readmes (#10214)
# Checklist for submitter

If some of the following don't apply, delete the relevant line.

- [ ] Changes file added for user-visible changes in `changes/` or
`orbit/changes/`.
See [Changes
files](https://fleetdm.com/docs/contributing/committing-changes#changes-files)
for more information.
- [ ] Documented any API changes (docs/Using-Fleet/REST-API.md or
docs/Contributing/API-for-contributors.md)
- [ ] Documented any permissions changes
- [ ] Input data is properly validated, `SELECT *` is avoided, SQL
injection is prevented (using placeholders for values in statements)
- [ ] Added support on fleet's osquery simulator `cmd/osquery-perf` for
new osquery data ingestion features.
- [ ] Added/updated tests
- [ ] Manual QA for all new/changed functionality
  - For Orbit and Fleet Desktop changes:
- [ ] Manual QA must be performed in the three main OSs, macOS, Windows
and Linux.
- [ ] Auto-update manual QA, from released version of component to new
version (see [tools/tuf/test](../tools/tuf/test/README.md)).
2023-03-01 11:07:46 -05:00
Zachary Winnerman
eff94f917a
Alb cidr list (#10184)
# Checklist for submitter

If some of the following don't apply, delete the relevant line.

- [ ] Changes file added for user-visible changes in `changes/` or
`orbit/changes/`.
See [Changes
files](https://fleetdm.com/docs/contributing/committing-changes#changes-files)
for more information.
- [ ] Documented any API changes (docs/Using-Fleet/REST-API.md or
docs/Contributing/API-for-contributors.md)
- [ ] Documented any permissions changes
- [ ] Input data is properly validated, `SELECT *` is avoided, SQL
injection is prevented (using placeholders for values in statements)
- [ ] Added support on fleet's osquery simulator `cmd/osquery-perf` for
new osquery data ingestion features.
- [ ] Added/updated tests
- [ ] Manual QA for all new/changed functionality
  - For Orbit and Fleet Desktop changes:
- [ ] Manual QA must be performed in the three main OSs, macOS, Windows
and Linux.
- [ ] Auto-update manual QA, from released version of component to new
version (see [tools/tuf/test](../tools/tuf/test/README.md)).
2023-02-28 14:37:53 -05:00
Zachary Winnerman
889247eeb3
Allow ALB Cidrs to be passed into the module (#10179)
# Checklist for submitter

If some of the following don't apply, delete the relevant line.

- [ ] Changes file added for user-visible changes in `changes/` or
`orbit/changes/`.
See [Changes
files](https://fleetdm.com/docs/contributing/committing-changes#changes-files)
for more information.
- [ ] Documented any API changes (docs/Using-Fleet/REST-API.md or
docs/Contributing/API-for-contributors.md)
- [ ] Documented any permissions changes
- [ ] Input data is properly validated, `SELECT *` is avoided, SQL
injection is prevented (using placeholders for values in statements)
- [ ] Added support on fleet's osquery simulator `cmd/osquery-perf` for
new osquery data ingestion features.
- [ ] Added/updated tests
- [ ] Manual QA for all new/changed functionality
  - For Orbit and Fleet Desktop changes:
- [ ] Manual QA must be performed in the three main OSs, macOS, Windows
and Linux.
- [ ] Auto-update manual QA, from released version of component to new
version (see [tools/tuf/test](../tools/tuf/test/README.md)).
2023-02-28 14:02:12 -05:00
Robert Fairburn
e760ce4ac5
Separate monitoring notifications per alert (#10032) 2023-02-22 21:25:25 -06:00
Benjamin Edwards
c1a7b565f1
output arn & id for mdm secrets (#10046)
add outputs to mdm module to make it simple to utilize downstream
2023-02-22 21:37:46 -05:00
Robert Fairburn
de888d3cb3
Initial Terraform ALB Loggin Module (#10010) 2023-02-22 10:07:12 -06:00
Robert Fairburn
78fd5f2971
Initial terraform monitoring addon module (#9864) 2023-02-16 14:30:08 -06:00
Zachary Winnerman
c158d4e55b
Change the default memory value to a sane value (#9800)
# Checklist for submitter

If some of the following don't apply, delete the relevant line.

- [ ] Changes file added for user-visible changes in `changes/` or
`orbit/changes/`.
See [Changes
files](https://fleetdm.com/docs/contributing/committing-changes#changes-files)
for more information.
- [ ] Documented any API changes (docs/Using-Fleet/REST-API.md or
docs/Contributing/API-for-contributors.md)
- [ ] Documented any permissions changes
- [ ] Input data is properly validated, `SELECT *` is avoided, SQL
injection is prevented (using placeholders for values in statements)
- [ ] Added support on fleet's osquery simulator `cmd/osquery-perf` for
new osquery data ingestion features.
- [ ] Added/updated tests
- [ ] Manual QA for all new/changed functionality
  - For Orbit and Fleet Desktop changes:
- [ ] Manual QA must be performed in the three main OSs, macOS, Windows
and Linux.
- [ ] Auto-update manual QA, from released version of component to new
version (see [tools/tuf/test](../tools/tuf/test/README.md)).
2023-02-10 15:44:51 -05:00
Zachary Winnerman
024084d993
Dogfood changes (#9769)
# Checklist for submitter

If some of the following don't apply, delete the relevant line.

- [ ] Changes file added for user-visible changes in `changes/` or
`orbit/changes/`.
See [Changes
files](https://fleetdm.com/docs/contributing/committing-changes#changes-files)
for more information.
- [ ] Documented any API changes (docs/Using-Fleet/REST-API.md or
docs/Contributing/API-for-contributors.md)
- [ ] Documented any permissions changes
- [ ] Input data is properly validated, `SELECT *` is avoided, SQL
injection is prevented (using placeholders for values in statements)
- [ ] Added support on fleet's osquery simulator `cmd/osquery-perf` for
new osquery data ingestion features.
- [ ] Added/updated tests
- [ ] Manual QA for all new/changed functionality
  - For Orbit and Fleet Desktop changes:
- [ ] Manual QA must be performed in the three main OSs, macOS, Windows
and Linux.
- [ ] Auto-update manual QA, from released version of component to new
version (see [tools/tuf/test](../tools/tuf/test/README.md)).
2023-02-09 11:31:10 -05:00
Zachary Winnerman
a23ce1b0a2
Dogfood changes (#9763)
# Checklist for submitter

If some of the following don't apply, delete the relevant line.

- [ ] Changes file added for user-visible changes in `changes/` or
`orbit/changes/`.
See [Changes
files](https://fleetdm.com/docs/contributing/committing-changes#changes-files)
for more information.
- [ ] Documented any API changes (docs/Using-Fleet/REST-API.md or
docs/Contributing/API-for-contributors.md)
- [ ] Documented any permissions changes
- [ ] Input data is properly validated, `SELECT *` is avoided, SQL
injection is prevented (using placeholders for values in statements)
- [ ] Added support on fleet's osquery simulator `cmd/osquery-perf` for
new osquery data ingestion features.
- [ ] Added/updated tests
- [ ] Manual QA for all new/changed functionality
  - For Orbit and Fleet Desktop changes:
- [ ] Manual QA must be performed in the three main OSs, macOS, Windows
and Linux.
- [ ] Auto-update manual QA, from released version of component to new
version (see [tools/tuf/test](../tools/tuf/test/README.md)).
2023-02-09 00:20:57 -05:00
Benjamin Edwards
78e41b60b3
refactor logging module to prefer logging directly to firehose (#9678)
prefer logging to firehose in target-account, this opens up more
flexibility to choose different out-of-the-box firehose destinations.

by default S3 destination is provided, as a destination is required to
create a firehose delivery stream
2023-02-06 10:38:23 -05:00
Zachary Winnerman
ecbf9d9429
Add migration code for Dogfood to module. (#9648)
# Checklist for submitter
Closes https://github.com/fleetdm/fleet/issues/9385

If some of the following don't apply, delete the relevant line.

- [ ] Changes file added for user-visible changes in `changes/` or
`orbit/changes/`.
See [Changes
files](https://fleetdm.com/docs/contributing/committing-changes#changes-files)
for more information.
- [ ] Documented any API changes (docs/Using-Fleet/REST-API.md or
docs/Contributing/API-for-contributors.md)
- [ ] Documented any permissions changes
- [ ] Input data is properly validated, `SELECT *` is avoided, SQL
injection is prevented (using placeholders for values in statements)
- [ ] Added support on fleet's osquery simulator `cmd/osquery-perf` for
new osquery data ingestion features.
- [ ] Added/updated tests
- [ ] Manual QA for all new/changed functionality
  - For Orbit and Fleet Desktop changes:
- [ ] Manual QA must be performed in the three main OSs, macOS, Windows
and Linux.
- [ ] Auto-update manual QA, from released version of component to new
version (see [tools/tuf/test](../tools/tuf/test/README.md)).
2023-02-03 13:05:57 -05:00
Benjamin Edwards
2f0f549e45
cross-account firehose destinations via module (#9528)
initial support for cross-account firehose destinations
2023-02-03 13:00:31 -05:00
Robert Fairburn
7f2ff02801
Ensure extra env vars apply (#9649) 2023-02-03 00:40:03 -06:00
Robert Fairburn
a027a2a893
Terraform Module to allow for unique dbpassword secret names (#9633) 2023-02-02 12:42:08 -06:00
Robert Fairburn
68673cfa6a
Initial osquery-perf terraform module addon (#9556)
Added some outputs to re-use the execution and other iam roles in terraform module.
Added osquery-perf addon terraform module
2023-01-31 15:28:57 -06:00
Zachary Winnerman
e83d7ea9d1
Module fixes (#9424)
# Checklist for submitter

If some of the following don't apply, delete the relevant line.

- [ ] Changes file added for user-visible changes in `changes/` or
`orbit/changes/`.
See [Changes
files](https://fleetdm.com/docs/contributing/committing-changes#changes-files)
for more information.
- [ ] Documented any API changes (docs/Using-Fleet/REST-API.md or
docs/Contributing/API-for-contributors.md)
- [ ] Documented any permissions changes
- [ ] Input data is properly validated, `SELECT *` is avoided, SQL
injection is prevented (using placeholders for values in statements)
- [ ] Added support on fleet's osquery simulator `cmd/osquery-perf` for
new osquery data ingestion features.
- [ ] Added/updated tests
- [ ] Manual QA for all new/changed functionality
  - For Orbit and Fleet Desktop changes:
- [ ] Manual QA must be performed in the three main OSs, macOS, Windows
and Linux.
- [ ] Auto-update manual QA, from released version of component to new
version (see [tools/tuf/test](../tools/tuf/test/README.md)).
2023-01-18 23:00:01 -05:00
Zachary Winnerman
323b02a850
Module fixes (#9423)
# Checklist for submitter

If some of the following don't apply, delete the relevant line.

- [ ] Changes file added for user-visible changes in `changes/` or
`orbit/changes/`.
See [Changes
files](https://fleetdm.com/docs/contributing/committing-changes#changes-files)
for more information.
- [ ] Documented any API changes (docs/Using-Fleet/REST-API.md or
docs/Contributing/API-for-contributors.md)
- [ ] Documented any permissions changes
- [ ] Input data is properly validated, `SELECT *` is avoided, SQL
injection is prevented (using placeholders for values in statements)
- [ ] Added support on fleet's osquery simulator `cmd/osquery-perf` for
new osquery data ingestion features.
- [ ] Added/updated tests
- [ ] Manual QA for all new/changed functionality
  - For Orbit and Fleet Desktop changes:
- [ ] Manual QA must be performed in the three main OSs, macOS, Windows
and Linux.
- [ ] Auto-update manual QA, from released version of component to new
version (see [tools/tuf/test](../tools/tuf/test/README.md)).
2023-01-18 22:52:16 -05:00
Zachary Winnerman
40ea76a4f5
Module variable fix (#9411)
# Checklist for submitter

If some of the following don't apply, delete the relevant line.

- [ ] Changes file added for user-visible changes in `changes/` or
`orbit/changes/`.
See [Changes
files](https://fleetdm.com/docs/contributing/committing-changes#changes-files)
for more information.
- [ ] Documented any API changes (docs/Using-Fleet/REST-API.md or
docs/Contributing/API-for-contributors.md)
- [ ] Documented any permissions changes
- [ ] Input data is properly validated, `SELECT *` is avoided, SQL
injection is prevented (using placeholders for values in statements)
- [ ] Added support on fleet's osquery simulator `cmd/osquery-perf` for
new osquery data ingestion features.
- [ ] Added/updated tests
- [ ] Manual QA for all new/changed functionality
  - For Orbit and Fleet Desktop changes:
- [ ] Manual QA must be performed in the three main OSs, macOS, Windows
and Linux.
- [ ] Auto-update manual QA, from released version of component to new
version (see [tools/tuf/test](../tools/tuf/test/README.md)).
2023-01-18 15:08:24 -05:00
Zachary Winnerman
13a4c65f32
Add addon modules for s3 firehose logging and automatic migrations (#9377)
# Checklist for submitter

If some of the following don't apply, delete the relevant line.

- [ ] Changes file added for user-visible changes in `changes/` or
`orbit/changes/`.
See [Changes
files](https://fleetdm.com/docs/contributing/committing-changes#changes-files)
for more information.
- [ ] Documented any API changes (docs/Using-Fleet/REST-API.md or
docs/Contributing/API-for-contributors.md)
- [ ] Documented any permissions changes
- [ ] Input data is properly validated, `SELECT *` is avoided, SQL
injection is prevented (using placeholders for values in statements)
- [ ] Added support on fleet's osquery simulator `cmd/osquery-perf` for
new osquery data ingestion features.
- [ ] Added/updated tests
- [ ] Manual QA for all new/changed functionality
  - For Orbit and Fleet Desktop changes:
- [ ] Manual QA must be performed in the three main OSs, macOS, Windows
and Linux.
- [ ] Auto-update manual QA, from released version of component to new
version (see [tools/tuf/test](../tools/tuf/test/README.md)).
2023-01-18 11:09:18 -05:00
Zachary Winnerman
571848177a
Fix some findings from checkov (#9171) 2023-01-03 20:08:39 -05:00
Zachary Winnerman
6f4a20bdcd
Customer terraform (#9136)
* Initial work on customer terraform modules.

I'm getting lost so I'll need to start applying stuff to make sure it
works

* Stopping here for now

Next I need to add optional()'s to everything so we can specify partial
structure.https://developer.hashicorp.com/terraform/language/expressions/type-constraints#optional-object-type-attributes

* A random check in

Need to redo basically all variables and fix everything

* Got a lot more working finally!

* RDS and Elasticache now create

* Clean apply, just need debugging

* Should be fully working, just need to make a fully working example

* Everything is working and added a usage example

* Added contributing

* fixup

* Final wiring changes and ran the autodoc command

* Add more docs

* Fixup
2022-12-29 16:28:50 -05:00