fleet/website/api/controllers/android-proxy/get-android-devices.js

module.exports = {


  friendlyName: 'Get android devices',


  description: 'List android devices accessible to the Android enterprise.',


  inputs: {
    androidEnterpriseId: {
      type: 'string',
      required: true,
    },
    pageSize: {
      type: 'number',
      description: 'The maximum number of devices to return.',
      min: 1,
      defaultsTo: 100,
      isInteger: true,
    },
    pageToken: {
      type: 'string',
    },
    fields: {
      type: 'string',
      description: 'Selector specifying which fields to include in a partial response if any.',
    }
  },


  exits: {
    success: { description: 'Android devices list was successfully retrieved.' },
    missingAuthHeader: { description: 'This request was missing an authorization header.', responseType: 'unauthorized'},
    missingOriginHeader: { description: 'The request was missing an Origin header', responseType: 'badRequest'},
    notFound: { description: 'No Android enterprise found for this Fleet server.', responseType: 'notFound' },
    unauthorized: { description: 'Invalid authentication token.', responseType: 'unauthorized'},
  },


  fn: async function ({ androidEnterpriseId, pageSize, pageToken, fields }) {

    // Extract fleetServerSecret from the Authorization header
    let authHeader = this.req.get('authorization');
    let fleetServerSecret;

    if (authHeader && authHeader.startsWith('Bearer')) {
      fleetServerSecret = authHeader.replace('Bearer', '').trim();
    } else {
      throw 'missingAuthHeader';
    }


    let thisAndroidEnterprise = await AndroidEnterprise.findOne({
      androidEnterpriseId: androidEnterpriseId
    });

    if (!thisAndroidEnterprise) {
      throw 'notFound';
    }

    if (thisAndroidEnterprise.fleetServerSecret !== fleetServerSecret) {
      throw 'unauthorized';
    }


    // List android devices from an enterprises using the passed parameters
    return await sails.helpers.flow.build(async ()=>{
      let { google } = require('googleapis');
      let androidmanagement = google.androidmanagement('v1');

      let googleAuth = new google.auth.GoogleAuth({
        scopes: [
          'https://www.googleapis.com/auth/androidmanagement'
        ],
        credentials: {
          client_email: sails.config.custom.androidEnterpriseServiceAccountEmailAddress,// eslint-disable-line camelcase
          private_key: sails.config.custom.androidEnterpriseServiceAccountPrivateKey,// eslint-disable-line camelcase
        },
      });

      // Acquire the google auth client
      let authClient = await googleAuth.getClient();
      google.options({auth: authClient});

      // Get the Android devices list from Google
      let devicesResponse = await androidmanagement.enterprises.devices.list({
        parent: `enterprises/${thisAndroidEnterprise.androidEnterpriseId}`,
        pageSize: pageSize,
        pageToken: pageToken,
        fields: fields,
      });
      // Return the devices (no filtering needed since parent parameter already filters by enterprise)
      return devicesResponse.data;

    }).intercept({status: 429}, (err)=>{
      // If the Android management API returns a 429 response, log an additional warning that will trigger a help-p1 alert.
      sails.log.warn(`p1: Android management API rate limit exceeded!`);
      return new Error(`When attempting to list devices for an Android enterprise (${androidEnterpriseId}), an error occurred. Error: ${err}`);
    }).intercept((err)=>{
      return new Error(`When attempting to list devices for an Android enterprise (${androidEnterpriseId}), an error occurred. Error: ${require('util').inspect(err)}`);
    });
  }
};
Reduce API Android usage (#36209) <!-- Add the related story/sub-task/bug number, like Resolves #123, or remove if NA --> Related issue: Resolves #36138 # Checklist for submitter If some of the following don't apply, delete the relevant line. - [x] Changes file added for user-visible changes in `changes/`, `orbit/changes/` or `ee/fleetd-chrome/changes`. See [Changes files](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/guides/committing-changes.md#changes-files) for more information. ## Testing - [x] Added/updated automated tests - [x] QA'd all new/changed functionality manually --------- Co-authored-by: Jordan Montgomery <[email protected]> 2025-11-25 12:39:06 +00:00			`module.exports = {`


			`friendlyName: 'Get android devices',`


			`description: 'List android devices accessible to the Android enterprise.',`


			`inputs: {`
			`androidEnterpriseId: {`
			`type: 'string',`
			`required: true,`
			`},`
			`pageSize: {`
			`type: 'number',`
			`description: 'The maximum number of devices to return.',`
			`min: 1,`
			`defaultsTo: 100,`
			`isInteger: true,`
			`},`
			`pageToken: {`
			`type: 'string',`
			`},`
			`fields: {`
			`type: 'string',`
			`description: 'Selector specifying which fields to include in a partial response if any.',`
			`}`
			`},`


			`exits: {`
			`success: { description: 'Android devices list was successfully retrieved.' },`
			`missingAuthHeader: { description: 'This request was missing an authorization header.', responseType: 'unauthorized'},`
			`missingOriginHeader: { description: 'The request was missing an Origin header', responseType: 'badRequest'},`
Website: add missing exit to get-android-devices (#37490) Changes: - Added a missing `notFound` exit to the `get-android-devices` action used by the website's Android Enterprise proxy. 2025-12-18 18:10:57 +00:00			`notFound: { description: 'No Android enterprise found for this Fleet server.', responseType: 'notFound' },`
Reduce API Android usage (#36209) <!-- Add the related story/sub-task/bug number, like Resolves #123, or remove if NA --> Related issue: Resolves #36138 # Checklist for submitter If some of the following don't apply, delete the relevant line. - [x] Changes file added for user-visible changes in `changes/`, `orbit/changes/` or `ee/fleetd-chrome/changes`. See [Changes files](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/guides/committing-changes.md#changes-files) for more information. ## Testing - [x] Added/updated automated tests - [x] QA'd all new/changed functionality manually --------- Co-authored-by: Jordan Montgomery <[email protected]> 2025-11-25 12:39:06 +00:00			`unauthorized: { description: 'Invalid authentication token.', responseType: 'unauthorized'},`
			`},`


			`fn: async function ({ androidEnterpriseId, pageSize, pageToken, fields }) {`

			`// Extract fleetServerSecret from the Authorization header`
			`let authHeader = this.req.get('authorization');`
			`let fleetServerSecret;`

			`if (authHeader && authHeader.startsWith('Bearer')) {`
			`fleetServerSecret = authHeader.replace('Bearer', '').trim();`
			`} else {`
			`throw 'missingAuthHeader';`
			`}`


			`let thisAndroidEnterprise = await AndroidEnterprise.findOne({`
			`androidEnterpriseId: androidEnterpriseId`
			`});`

			`if (!thisAndroidEnterprise) {`
			`throw 'notFound';`
			`}`

			`if (thisAndroidEnterprise.fleetServerSecret !== fleetServerSecret) {`
			`throw 'unauthorized';`
			`}`


			`// List android devices from an enterprises using the passed parameters`
			`return await sails.helpers.flow.build(async ()=>{`
			`let { google } = require('googleapis');`
			`let androidmanagement = google.androidmanagement('v1');`

			`let googleAuth = new google.auth.GoogleAuth({`
			`scopes: [`
			`'https://www.googleapis.com/auth/androidmanagement'`
			`],`
			`credentials: {`
			`client_email: sails.config.custom.androidEnterpriseServiceAccountEmailAddress,// eslint-disable-line camelcase`
			`private_key: sails.config.custom.androidEnterpriseServiceAccountPrivateKey,// eslint-disable-line camelcase`
			`},`
			`});`

			`// Acquire the google auth client`
			`let authClient = await googleAuth.getClient();`
			`google.options({auth: authClient});`

			`// Get the Android devices list from Google`
			`let devicesResponse = await androidmanagement.enterprises.devices.list({`
			parent: `enterprises/${thisAndroidEnterprise.androidEnterpriseId}`,
			`pageSize: pageSize,`
			`pageToken: pageToken,`
			`fields: fields,`
			`});`
			`// Return the devices (no filtering needed since parent parameter already filters by enterprise)`
			`return devicesResponse.data;`

			`}).intercept({status: 429}, (err)=>{`
			`// If the Android management API returns a 429 response, log an additional warning that will trigger a help-p1 alert.`
			sails.log.warn(`p1: Android management API rate limit exceeded!`);
			return new Error(`When attempting to list devices for an Android enterprise (${androidEnterpriseId}), an error occurred. Error: ${err}`);
			`}).intercept((err)=>{`
Website: update android proxy error handling (#40140) Related to: https://github.com/fleetdm/fleet/issues/40127 Changes: - Updated errors logged by Android proxy endpoints to include more information about the error. - Added a `deviceNoLongerManaged` exit to the `delete-android-device` endpoint that is used when the Google API returns a "Device is no longer being managed" error. - Added a `policyNotFound` exit to the `modify-android-policies` and `modify-enterprise-app-policy` endpoints that is used when the Google API returns a 404 response - Added a `invalidPolicyName` exit to the `modify-android-device` endpoint that is used when the Google API returns an error related to the policy name sent in the request body. 2026-02-19 23:46:41 +00:00			return new Error(`When attempting to list devices for an Android enterprise (${androidEnterpriseId}), an error occurred. Error: ${require('util').inspect(err)}`);
Reduce API Android usage (#36209) <!-- Add the related story/sub-task/bug number, like Resolves #123, or remove if NA --> Related issue: Resolves #36138 # Checklist for submitter If some of the following don't apply, delete the relevant line. - [x] Changes file added for user-visible changes in `changes/`, `orbit/changes/` or `ee/fleetd-chrome/changes`. See [Changes files](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/guides/committing-changes.md#changes-files) for more information. ## Testing - [x] Added/updated automated tests - [x] QA'd all new/changed functionality manually --------- Co-authored-by: Jordan Montgomery <[email protected]> 2025-11-25 12:39:06 +00:00			`});`
			`}`
			`};`