Adding changes for Fleet v4.55.2 (#21831)

Author: georgekarrv

CHANGELOG.md

@@ -1,3 +1,10 @@
+## Fleet 4.55.2 (Sep 05, 2024)
+
+### Bug fixes
+
+* Removed validation of APNS certificate from server startup. This was no longer necessary because we now allow for APNS certificates to be renewed in the UI.
+* Fixed logic to properly catch and log APNs errors.
+
 ## Fleet 4.55.1 (Aug 14, 2024)
 
 ### Bug fixes

changes/21683-apns-cert-validation-on-start

@@ -8,7 +8,7 @@ version: v6.2.0
 home: https://github.com/fleetdm/fleet
 sources:
   - https://github.com/fleetdm/fleet.git
-appVersion: v4.55.1
+appVersion: v4.55.2
 dependencies:
   - name: mysql
     condition: mysql.enabled

changes/apns-errors

@@ -3,7 +3,7 @@
 hostName: fleet.localhost
 replicas: 3 # The number of Fleet instances to deploy
 imageRepository: fleetdm/fleet
-imageTag: v4.55.1 # Version of Fleet to deploy
+imageTag: v4.55.2 # Version of Fleet to deploy
 podAnnotations: {} # Additional annotations to add to the Fleet pod
 serviceAccountAnnotations: {} # Additional annotations to add to the Fleet service account
 resources:

charts/fleet/Chart.yaml

@@ -56,7 +56,7 @@ variable "database_name" {
 
 variable "fleet_image" {
   description = "the name of the container image to run"
-  default     = "fleetdm/fleet:v4.55.1"
+  default     = "fleetdm/fleet:v4.55.2"
 }
 
 variable "software_inventory" {

charts/fleet/values.yaml

@@ -68,7 +68,7 @@ variable "redis_mem" {
 }
 
 variable "image" {
-  default = "fleetdm/fleet:v4.55.1"
+  default = "fleetdm/fleet:v4.55.2"
 }
 
 variable "software_installers_bucket_name" {

infrastructure/dogfood/terraform/aws/variables.tf

@@ -24,7 +24,7 @@ variable "fleet_config" {
     vuln_processing_cpu                  = optional(number, 2048)
     vuln_data_stream_mem                 = optional(number, 1024)
     vuln_data_stream_cpu                 = optional(number, 512)
-    image                                = optional(string, "fleetdm/fleet:v4.55.1")
+    image                                = optional(string, "fleetdm/fleet:v4.55.2")
     family                               = optional(string, "fleet-vuln-processing")
     sidecars                             = optional(list(any), [])
     extra_environment_variables          = optional(map(string), {})
@@ -82,7 +82,7 @@ variable "fleet_config" {
     vuln_processing_cpu                  = 2048
     vuln_data_stream_mem                 = 1024
     vuln_data_stream_cpu                 = 512
-    image                                = "fleetdm/fleet:v4.55.1"
+    image                                = "fleetdm/fleet:v4.55.2"
     family                               = "fleet-vuln-processing"
     sidecars                             = []
     extra_environment_variables          = {}

infrastructure/dogfood/terraform/gcp/variables.tf

@@ -52,7 +52,7 @@ No modules.
 | Name | Description | Type | Default | Required |
 |------|-------------|------|---------|:--------:|
 | <a name="input_ecs_cluster"></a> [ecs\_cluster](#input\_ecs\_cluster) | The name of the ECS cluster to use | `string` | n/a | yes |
-| <a name="input_fleet_config"></a> [fleet\_config](#input\_fleet\_config) | The configuration object for Fleet itself. Fields that default to null will have their respective resources created if not specified. | <pre>object({<br>    task_mem                     = optional(number, null)<br>    task_cpu                     = optional(number, null)<br>    mem                          = optional(number, 4096)<br>    cpu                          = optional(number, 512)<br>    pid_mode                     = optional(string, null)<br>    image                        = optional(string, "fleetdm/fleet:v4.55.1")<br>    family                       = optional(string, "fleet")<br>    sidecars                     = optional(list(any), [])<br>    depends_on                   = optional(list(any), [])<br>    mount_points                 = optional(list(any), [])<br>    volumes                      = optional(list(any), [])<br>    extra_environment_variables  = optional(map(string), {})<br>    extra_iam_policies           = optional(list(string), [])<br>    extra_execution_iam_policies = optional(list(string), [])<br>    extra_secrets                = optional(map(string), {})<br>    security_groups              = optional(list(string), null)<br>    security_group_name          = optional(string, "fleet")<br>    iam_role_arn                 = optional(string, null)<br>    repository_credentials       = optional(string, "")<br>    private_key_secret_name      = optional(string, "fleet-server-private-key")<br>    service = optional(object({<br>      name = optional(string, "fleet")<br>      }), {<br>      name = "fleet"<br>    })<br>    database = object({<br>      password_secret_arn = string<br>      user                = string<br>      database            = string<br>      address             = string<br>      rr_address          = optional(string, null)<br>    })<br>    redis = object({<br>      address = string<br>      use_tls = optional(bool, true)<br>    })<br>    awslogs = optional(object({<br>      name      = optional(string, null)<br>      region    = optional(string, null)<br>      create    = optional(bool, true)<br>      prefix    = optional(string, "fleet")<br>      retention = optional(number, 5)<br>      }), {<br>      name      = null<br>      region    = null<br>      prefix    = "fleet"<br>      retention = 5<br>    })<br>    loadbalancer = object({<br>      arn = string<br>    })<br>    extra_load_balancers = optional(list(any), [])<br>    networking = object({<br>      subnets         = optional(list(string), null)<br>      security_groups = optional(list(string), null)<br>      ingress_sources = object({<br>        cidr_blocks      = optional(list(string), [])<br>        ipv6_cidr_blocks = optional(list(string), [])<br>        security_groups  = optional(list(string), [])<br>        prefix_list_ids  = optional(list(string), [])<br>      })<br>    })<br>    autoscaling = optional(object({<br>      max_capacity                 = optional(number, 5)<br>      min_capacity                 = optional(number, 1)<br>      memory_tracking_target_value = optional(number, 80)<br>      cpu_tracking_target_value    = optional(number, 80)<br>      }), {<br>      max_capacity                 = 5<br>      min_capacity                 = 1<br>      memory_tracking_target_value = 80<br>      cpu_tracking_target_value    = 80<br>    })<br>    iam = optional(object({<br>      role = optional(object({<br>        name        = optional(string, "fleet-role")<br>        policy_name = optional(string, "fleet-iam-policy")<br>        }), {<br>        name        = "fleet-role"<br>        policy_name = "fleet-iam-policy"<br>      })<br>      execution = optional(object({<br>        name        = optional(string, "fleet-execution-role")<br>        policy_name = optional(string, "fleet-execution-role")<br>        }), {<br>        name        = "fleet-execution-role"<br>        policy_name = "fleet-iam-policy-execution"<br>      })<br>      }), {<br>      name = "fleetdm-execution-role"<br>    })<br>    software_installers = optional(object({<br>      create_bucket    = optional(bool, true)<br>      bucket_name      = optional(string, null)<br>      bucket_prefix    = optional(string, "fleet-software-installers-")<br>      s3_object_prefix = optional(string, "")<br>      }), {<br>      create_bucket    = true<br>      bucket_name      = null<br>      bucket_prefix    = "fleet-software-installers-"<br>      s3_object_prefix = ""<br>    })<br>  })</pre> | <pre>{<br>  "autoscaling": {<br>    "cpu_tracking_target_value": 80,<br>    "max_capacity": 5,<br>    "memory_tracking_target_value": 80,<br>    "min_capacity": 1<br>  },<br>  "awslogs": {<br>    "create": true,<br>    "name": null,<br>    "prefix": "fleet",<br>    "region": null,<br>    "retention": 5<br>  },<br>  "cpu": 256,<br>  "database": {<br>    "address": null,<br>    "database": null,<br>    "password_secret_arn": null,<br>    "rr_address": null,<br>    "user": null<br>  },<br>  "depends_on": [],<br>  "extra_environment_variables": {},<br>  "extra_execution_iam_policies": [],<br>  "extra_iam_policies": [],<br>  "extra_load_balacners": [],<br>  "extra_secrets": {},<br>  "family": "fleet",<br>  "iam": {<br>    "execution": {<br>      "name": "fleet-execution-role",<br>      "policy_name": "fleet-iam-policy-execution"<br>    },<br>    "role": {<br>      "name": "fleet-role",<br>      "policy_name": "fleet-iam-policy"<br>    }<br>  },<br>  "iam_role_arn": null,<br>  "image": "fleetdm/fleet:v4.55.1",<br>  "loadbalancer": {<br>    "arn": null<br>  },<br>  "mem": 512,<br>  "mount_points": [],<br>  "networking": {<br>    "ingress_sources": {<br>      "cidr_blocks": [],<br>      "ipv6_cidr_blocks": [],<br>      "prefix_list_ids": [],<br>      "security_groups": []<br>    },<br>    "security_groups": null,<br>    "subnets": null<br>  },<br>  "pid_mode": null,<br>  "private_key_secret_name": "fleet-server-private-key",<br>  "redis": {<br>    "address": null,<br>    "use_tls": true<br>  },<br>  "repository_credentials": "",<br>  "security_group_name": "fleet",<br>  "security_groups": null,<br>  "service": {<br>    "name": "fleet"<br>  },<br>  "sidecars": [],<br>  "software_installers": {<br>    "bucket_name": null,<br>    "bucket_prefix": "fleet-software-installers-",<br>    "create_bucket": true,<br>    "s3_object_prefix": ""<br>  },<br>  "task_cpu": null,<br>  "task_mem": null,<br>  "volumes": []<br>}</pre> | no |
+| <a name="input_fleet_config"></a> [fleet\_config](#input\_fleet\_config) | The configuration object for Fleet itself. Fields that default to null will have their respective resources created if not specified. | <pre>object({<br>    task_mem                     = optional(number, null)<br>    task_cpu                     = optional(number, null)<br>    mem                          = optional(number, 4096)<br>    cpu                          = optional(number, 512)<br>    pid_mode                     = optional(string, null)<br>    image                        = optional(string, "fleetdm/fleet:v4.55.2")<br>    family                       = optional(string, "fleet")<br>    sidecars                     = optional(list(any), [])<br>    depends_on                   = optional(list(any), [])<br>    mount_points                 = optional(list(any), [])<br>    volumes                      = optional(list(any), [])<br>    extra_environment_variables  = optional(map(string), {})<br>    extra_iam_policies           = optional(list(string), [])<br>    extra_execution_iam_policies = optional(list(string), [])<br>    extra_secrets                = optional(map(string), {})<br>    security_groups              = optional(list(string), null)<br>    security_group_name          = optional(string, "fleet")<br>    iam_role_arn                 = optional(string, null)<br>    repository_credentials       = optional(string, "")<br>    private_key_secret_name      = optional(string, "fleet-server-private-key")<br>    service = optional(object({<br>      name = optional(string, "fleet")<br>      }), {<br>      name = "fleet"<br>    })<br>    database = object({<br>      password_secret_arn = string<br>      user                = string<br>      database            = string<br>      address             = string<br>      rr_address          = optional(string, null)<br>    })<br>    redis = object({<br>      address = string<br>      use_tls = optional(bool, true)<br>    })<br>    awslogs = optional(object({<br>      name      = optional(string, null)<br>      region    = optional(string, null)<br>      create    = optional(bool, true)<br>      prefix    = optional(string, "fleet")<br>      retention = optional(number, 5)<br>      }), {<br>      name      = null<br>      region    = null<br>      prefix    = "fleet"<br>      retention = 5<br>    })<br>    loadbalancer = object({<br>      arn = string<br>    })<br>    extra_load_balancers = optional(list(any), [])<br>    networking = object({<br>      subnets         = optional(list(string), null)<br>      security_groups = optional(list(string), null)<br>      ingress_sources = object({<br>        cidr_blocks      = optional(list(string), [])<br>        ipv6_cidr_blocks = optional(list(string), [])<br>        security_groups  = optional(list(string), [])<br>        prefix_list_ids  = optional(list(string), [])<br>      })<br>    })<br>    autoscaling = optional(object({<br>      max_capacity                 = optional(number, 5)<br>      min_capacity                 = optional(number, 1)<br>      memory_tracking_target_value = optional(number, 80)<br>      cpu_tracking_target_value    = optional(number, 80)<br>      }), {<br>      max_capacity                 = 5<br>      min_capacity                 = 1<br>      memory_tracking_target_value = 80<br>      cpu_tracking_target_value    = 80<br>    })<br>    iam = optional(object({<br>      role = optional(object({<br>        name        = optional(string, "fleet-role")<br>        policy_name = optional(string, "fleet-iam-policy")<br>        }), {<br>        name        = "fleet-role"<br>        policy_name = "fleet-iam-policy"<br>      })<br>      execution = optional(object({<br>        name        = optional(string, "fleet-execution-role")<br>        policy_name = optional(string, "fleet-execution-role")<br>        }), {<br>        name        = "fleet-execution-role"<br>        policy_name = "fleet-iam-policy-execution"<br>      })<br>      }), {<br>      name = "fleetdm-execution-role"<br>    })<br>    software_installers = optional(object({<br>      create_bucket    = optional(bool, true)<br>      bucket_name      = optional(string, null)<br>      bucket_prefix    = optional(string, "fleet-software-installers-")<br>      s3_object_prefix = optional(string, "")<br>      }), {<br>      create_bucket    = true<br>      bucket_name      = null<br>      bucket_prefix    = "fleet-software-installers-"<br>      s3_object_prefix = ""<br>    })<br>  })</pre> | <pre>{<br>  "autoscaling": {<br>    "cpu_tracking_target_value": 80,<br>    "max_capacity": 5,<br>    "memory_tracking_target_value": 80,<br>    "min_capacity": 1<br>  },<br>  "awslogs": {<br>    "create": true,<br>    "name": null,<br>    "prefix": "fleet",<br>    "region": null,<br>    "retention": 5<br>  },<br>  "cpu": 256,<br>  "database": {<br>    "address": null,<br>    "database": null,<br>    "password_secret_arn": null,<br>    "rr_address": null,<br>    "user": null<br>  },<br>  "depends_on": [],<br>  "extra_environment_variables": {},<br>  "extra_execution_iam_policies": [],<br>  "extra_iam_policies": [],<br>  "extra_load_balacners": [],<br>  "extra_secrets": {},<br>  "family": "fleet",<br>  "iam": {<br>    "execution": {<br>      "name": "fleet-execution-role",<br>      "policy_name": "fleet-iam-policy-execution"<br>    },<br>    "role": {<br>      "name": "fleet-role",<br>      "policy_name": "fleet-iam-policy"<br>    }<br>  },<br>  "iam_role_arn": null,<br>  "image": "fleetdm/fleet:v4.55.2",<br>  "loadbalancer": {<br>    "arn": null<br>  },<br>  "mem": 512,<br>  "mount_points": [],<br>  "networking": {<br>    "ingress_sources": {<br>      "cidr_blocks": [],<br>      "ipv6_cidr_blocks": [],<br>      "prefix_list_ids": [],<br>      "security_groups": []<br>    },<br>    "security_groups": null,<br>    "subnets": null<br>  },<br>  "pid_mode": null,<br>  "private_key_secret_name": "fleet-server-private-key",<br>  "redis": {<br>    "address": null,<br>    "use_tls": true<br>  },<br>  "repository_credentials": "",<br>  "security_group_name": "fleet",<br>  "security_groups": null,<br>  "service": {<br>    "name": "fleet"<br>  },<br>  "sidecars": [],<br>  "software_installers": {<br>    "bucket_name": null,<br>    "bucket_prefix": "fleet-software-installers-",<br>    "create_bucket": true,<br>    "s3_object_prefix": ""<br>  },<br>  "task_cpu": null,<br>  "task_mem": null,<br>  "volumes": []<br>}</pre> | no |
 | <a name="input_migration_config"></a> [migration\_config](#input\_migration\_config) | The configuration object for Fleet's migration task. | <pre>object({<br>    mem = number<br>    cpu = number<br>  })</pre> | <pre>{<br>  "cpu": 1024,<br>  "mem": 2048<br>}</pre> | no |
 | <a name="input_vpc_id"></a> [vpc\_id](#input\_vpc\_id) | n/a | `string` | `null` | no |
 

terraform/README.md

@@ -16,7 +16,7 @@ variable "fleet_config" {
     mem                          = optional(number, 4096)
     cpu                          = optional(number, 512)
     pid_mode                     = optional(string, null)
-    image                        = optional(string, "fleetdm/fleet:v4.55.1")
+    image                        = optional(string, "fleetdm/fleet:v4.55.2")
     family                       = optional(string, "fleet")
     sidecars                     = optional(list(any), [])
     depends_on                   = optional(list(any), [])
@@ -120,7 +120,7 @@ variable "fleet_config" {
     mem                          = 512
     cpu                          = 256
     pid_mode                     = null
-    image                        = "fleetdm/fleet:v4.55.1"
+    image                        = "fleetdm/fleet:v4.55.2"
     family                       = "fleet"
     sidecars                     = []
     depends_on                   = []

terraform/addons/vuln-processing/variables.tf

@@ -77,7 +77,7 @@ variable "fleet_config" {
     mem                          = optional(number, 4096)
     cpu                          = optional(number, 512)
     pid_mode                     = optional(string, null)
-    image                        = optional(string, "fleetdm/fleet:v4.55.1")
+    image                        = optional(string, "fleetdm/fleet:v4.55.2")
     family                       = optional(string, "fleet")
     sidecars                     = optional(list(any), [])
     depends_on                   = optional(list(any), [])
@@ -206,7 +206,7 @@ variable "fleet_config" {
     mem                          = 512
     cpu                          = 256
     pid_mode                     = null
-    image                        = "fleetdm/fleet:v4.55.1"
+    image                        = "fleetdm/fleet:v4.55.2"
     family                       = "fleet"
     sidecars                     = []
     depends_on                   = []

terraform/byo-vpc/README.md

@@ -17,7 +17,7 @@ provider "aws" {
 }
 
 locals {
-  fleet_image = "fleetdm/fleet:v4.55.1"
+  fleet_image = "fleetdm/fleet:v4.55.2"
   domain_name = "example.com"
 }
 

terraform/byo-vpc/byo-db/README.md

@@ -170,7 +170,7 @@ variable "fleet_config" {
     mem                          = optional(number, 4096)
     cpu                          = optional(number, 512)
     pid_mode                     = optional(string, null)
-    image                        = optional(string, "fleetdm/fleet:v4.55.1")
+    image                        = optional(string, "fleetdm/fleet:v4.55.2")
     family                       = optional(string, "fleet")
     sidecars                     = optional(list(any), [])
     depends_on                   = optional(list(any), [])
@@ -299,7 +299,7 @@ variable "fleet_config" {
     mem                          = 512
     cpu                          = 256
     pid_mode                     = null
-    image                        = "fleetdm/fleet:v4.55.1"
+    image                        = "fleetdm/fleet:v4.55.2"
     family                       = "fleet"
     sidecars                     = []
     depends_on                   = []

terraform/byo-vpc/byo-db/byo-ecs/README.md

@@ -63,8 +63,8 @@ module "fleet" {
 
   fleet_config = {
     # To avoid pull-rate limiting from dockerhub, consider using our quay.io mirror
-    # for the Fleet image. e.g. "quay.io/fleetdm/fleet:v4.55.1"
-    image = "fleetdm/fleet:v4.55.1" # override default to deploy the image you desire
+    # for the Fleet image. e.g. "quay.io/fleetdm/fleet:v4.55.2"
+    image = "fleetdm/fleet:v4.55.2" # override default to deploy the image you desire
     # See https://fleetdm.com/docs/deploy/reference-architectures#aws for appropriate scaling
     # memory and cpu.
     autoscaling = {