include all secrets in vuln task (#17033)

this change should fix the issue of vuln task interfering with MDM settings.
fleetdm · Feb 21, 2024 · 03873f6 · 03873f6
1 parent 0d930e1
commit 03873f6
Showing 1 changed file with 5 additions and 8 deletions.
diff --git a/terraform/addons/external-vuln-scans/main.tf b/terraform/addons/external-vuln-scans/main.tf
@@ -6,14 +6,16 @@ locals {
     // and then we pull in the output of fleet ecs module
     for k, v in merge(
       var.fleet_config.extra_environment_variables,
-      { FLEET_VULNERABILITIES_DISABLE_SCHEDULE  = "false"}
+      { FLEET_VULNERABILITIES_DISABLE_SCHEDULE = "false" }
       ) : {
       name  = k
       value = v
     }
   ]
   secrets = [
-    for k, v in var.fleet_config.extra_secrets : {
+    for k, v in merge(var.fleet_config.extra_secrets, {
+      FLEET_MYSQL_PASSWORD = var.fleet_config.database.password_secret_arn
+      }) : {
       name      = k
       valueFrom = v
     }
@@ -54,12 +56,7 @@ resource "aws_ecs_task_definition" "vuln-processing" {
       image       = var.fleet_config.image
       essential   = true
       networkMode = "awsvpc"
-      secrets = [
-        {
-          name      = "FLEET_MYSQL_PASSWORD"
-          valueFrom = var.fleet_config.database.password_secret_arn
-        }
-      ]
+      secrets     = local.secrets
       ulimits = [
         {
           name      = "nofile"