Elgato_dark/fleet
1
0
Fork 0
mirror of https://github.com/fleetdm/fleet synced 2026-05-20 15:38:39 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 107
fleet/server/service/testing_utils.go

1088 lines
28 KiB
Go
Raw Normal View History

Adds endpoints to invite new users to the application. (#235) User service checks that tokens are valid on new user signups. Closes #230
2016-09-29 02:44:05 +00:00
package service
import (
Add support for context in datastore/mysql layer (#1962) This is just to pass down the context to the datastore layer, it doesn't use it just yet - this will be in a follow-up PR.
2021-09-14 12:11:07 +00:00
"context"
add mocks + tests and move things around (#9574) #8948 - Add more go:generate commands for MDM mocks - Add unit and integration tests for MDM code - Move interfaces from their PoC location to match existing patterns
2023-01-31 14:46:01 +00:00
"crypto/tls"
Refactor integration tests (#1821) * Refactor integration tests * Remove nopCloser and use io.NopCloser * Address review comments
2021-09-15 19:27:53 +00:00
"encoding/json"
Keep created_at timestamp of existing enroll secrets (#8062)
2022-10-05 12:35:36 +00:00
"fmt"
enable controlled rollout of features by teams (#7408)
2022-08-30 11:13:09 +00:00
"io"
Refactor integration tests (#1821) * Refactor integration tests * Remove nopCloser and use io.NopCloser * Address review comments
2021-09-15 19:27:53 +00:00
"net/http"
Issue 1362 fleetctl user roles (#1397) * WIP * Add get user_roles and apply for a user_roles spec to fleetctl * Uncomment other tests * Update test to check output * Update test with the new struct * Mock token so that it doesn't pick up the one in the local machine * Address review comments * Fix printJSON and printYaml * Fix merge conflict error * If both roles are specified, fail * Fix test * Switch arguments around * Update test with the new rule * Fix other tests that fell through the cracks
2021-07-16 18:28:13 +00:00
"net/http/httptest"
"os"
Fix TestIntegrations/TestUsers flaky test (#18251) ``` --- FAIL: TestIntegrations (47.44s) --- FAIL: TestIntegrations/TestUsers (1.42s) integration_core_test.go:4198: Error Trace: /Users/tim/workspace/fleet/server/service/integration_core_test.go:4198 Error: Not equal: expected: 0x2 actual : 0x1 Test: TestIntegrations/TestUsers ```
2024-04-16 21:40:29 +00:00
"sort"
Issue 1286 improve errors (#1322) * Refactor error handling for better extensibility and add more scaffolding for specific db errors * Add integration tests to check errors from mysql are translated properly * Address review comments * Add changes file
2021-07-08 15:50:43 +00:00
"strings"
Global policies automation webhooks (#3378) * Add webhook to app config * Add redis failing policies set and webhook * Add basic webhook test * Store hostname in redis * Global policy deletion to remove policy ID from set and config * Also process new passing policies * Fix unit test * Sort hosts * Add more tests * Add ListSets to the failing policies interface * Fix server URL and garbage collect on the triggering side * Do not use Redis SCAN * Fix Redis operation order * Add API changes to doc * Add comments * Add more tests * Fix tests * Add tests for config update upon deletion of policies * Run make dump-test-schema * Ignore policies that failed to run * Add proper unit tests to trigger logic * Fix comments * WIP * Add tests to service_osquerty_test.go * Use SSCAN for listing hosts instead of SMEMBERS * Add failing policies to docs/01-Using-Fleet/configuration-files/README.md * Remove skip * Fix PR comments
2021-12-23 21:26:55 +00:00
"sync"
Adds endpoints to invite new users to the application. (#235) User service checks that tokens are valid on new user signups. Closes #230
2016-09-29 02:44:05 +00:00
"testing"
"github.com/WatchBeam/clock"
Return all scheduled queries and their stats on the host fetch API (#2855) * Return all scheduled queries and their stats on the host fetch API (pack_stats) * Use 'pack' instead of null and wrap errs with ctxerr
2021-11-12 11:18:25 +00:00
eeservice "github.com/fleetdm/fleet/v4/ee/server/service"
Add v4 suffix in go.mod (#1224)
2021-06-26 04:46:51 +00:00
"github.com/fleetdm/fleet/v4/server/config"
Refactor license so it is stored in the context (#8544)
2022-11-15 14:08:05 +00:00
"github.com/fleetdm/fleet/v4/server/contexts/license"
prevent live queries to stall if a detail query override was set for a team (#14296) alternative approach for #14286
2023-10-04 20:02:55 +00:00
"github.com/fleetdm/fleet/v4/server/datastore/cached_mysql"
Implement software installer storage for S3 and local filesystem (#18493)
2024-04-24 14:18:58 +00:00
"github.com/fleetdm/fleet/v4/server/datastore/filesystem"
Add v4 suffix in go.mod (#1224)
2021-06-26 04:46:51 +00:00
"github.com/fleetdm/fleet/v4/server/fleet"
Return all scheduled queries and their stats on the host fetch API (#2855) * Return all scheduled queries and their stats on the host fetch API (pack_stats) * Use 'pack' instead of null and wrap errs with ctxerr
2021-11-12 11:18:25 +00:00
"github.com/fleetdm/fleet/v4/server/logging"
Fix SMTP e-mail send when SMTP server has credentials (#10758) #9609 This PR also fixes #10777. The issue is: We were using `svc.AppConfig` instead of `svc.ds.AppConfig` to retrieve the SMTP credentials. `svc.AppConfig` obfuscates credentials, whereas `svc.ds.AppConfig` does not. To help prevent this from happening again I've renamed `svc.AppConfig` to `svc.AppConfigObfuscated`. I've also added a new test SMTP server (https://github.com/axllent/mailpit) that supports Basic Authentication and tests that make use of it to catch these kind of bugs (the tests are executed when running `go test` with `MAIL_TEST=1`). - [X] Changes file added for user-visible changes in `changes/` or `orbit/changes/`. See [Changes files](https://fleetdm.com/docs/contributing/committing-changes#changes-files) for more information. - ~[ ] Documented any API changes (docs/Using-Fleet/REST-API.md or docs/Contributing/API-for-contributors.md)~ - ~[ ] Documented any permissions changes~ - ~[ ] Input data is properly validated, `SELECT *` is avoided, SQL injection is prevented (using placeholders for values in statements)~ - ~[ ] Added support on fleet's osquery simulator `cmd/osquery-perf` for new osquery data ingestion features.~ - [X] Added/updated tests - [X] Manual QA for all new/changed functionality - ~For Orbit and Fleet Desktop changes:~ - ~[ ] Manual QA must be performed in the three main OSs, macOS, Windows and Linux.~ - ~[ ] Auto-update manual QA, from released version of component to new version (see [tools/tuf/test](../tools/tuf/test/README.md)).~
2023-03-28 18:23:15 +00:00
"github.com/fleetdm/fleet/v4/server/mail"
remove feature flags to enable MDM (#10746) https://github.com/fleetdm/fleet/issues/10025
2023-03-27 19:30:29 +00:00
apple_mdm "github.com/fleetdm/fleet/v4/server/mdm/apple"
Add certificate management for Microsoft MDM (WSTEP) (#12543) Issue #12261 # Checklist for submitter If some of the following don't apply, delete the relevant line. - [ ] Changes file added for user-visible changes in `changes/` or `orbit/changes/`. See [Changes files](https://fleetdm.com/docs/contributing/committing-changes#changes-files) for more information. - [ ] Documented any API changes (docs/Using-Fleet/REST-API.md or docs/Contributing/API-for-contributors.md) - [ ] Documented any permissions changes - [ ] Input data is properly validated, `SELECT *` is avoided, SQL injection is prevented (using placeholders for values in statements) - [ ] Added support on fleet's osquery simulator `cmd/osquery-perf` for new osquery data ingestion features. - [ ] Added/updated tests - [ ] Manual QA for all new/changed functionality - For Orbit and Fleet Desktop changes: - [ ] Manual QA must be performed in the three main OSs, macOS, Windows and Linux. - [ ] Auto-update manual QA, from released version of component to new version (see [tools/tuf/test](../tools/tuf/test/README.md)).
2023-06-29 22:31:53 +00:00
microsoft_mdm "github.com/fleetdm/fleet/v4/server/mdm/microsoft"
Move nanodep dependency in monorepo (#16984)
2024-02-26 15:26:00 +00:00
nanodep_storage "github.com/fleetdm/fleet/v4/server/mdm/nanodep/storage"
Move nanomdm dependency in monorepo (#16015) #15557 Following the precedent that Lucas used for other similar PRs, the best way to review is probably by commits. * The first one simply copies over the files from the fork to the monorepo * Second one adjusts all import paths * Third one tidies up the `go.mod` files * Last one fixes the linter issues in the nanomdm package # Checklist for submitter - ~~Changes file added for user-visible changes in `changes/` or `orbit/changes/`.~~ (not a user-visible change) - [x] Manual QA for all new/changed functionality (ran test suite, re-generated mocks) I also verified that our Go test suite did run the newly moved `nanomdm` package steps: ``` ok github.com/fleetdm/fleet/v4/server/mdm/nanomdm/cryptoutil 0.003s coverage: 0.0% of statements in github.com/fleetdm/fleet/v4/... ok github.com/fleetdm/fleet/v4/server/mdm/nanomdm/mdm 0.005s coverage: 46.2% of statements in github.com/fleetdm/fleet/v4/... ok github.com/fleetdm/fleet/v4/server/mdm/nanomdm/service/certauth 1.320s coverage: 20.7% of statements in github.com/fleetdm/fleet/v4/... ok github.com/fleetdm/fleet/v4/server/mdm/nanomdm/storage/file 0.007s coverage: 24.1% of statements in github.com/fleetdm/fleet/v4/... ```
2024-01-12 02:28:48 +00:00
"github.com/fleetdm/fleet/v4/server/mdm/nanomdm/mdm"
"github.com/fleetdm/fleet/v4/server/mdm/nanomdm/push"
nanomdm_push "github.com/fleetdm/fleet/v4/server/mdm/nanomdm/push"
feat: move scep dependency inside the monorepo (#16988) Following the pattern set up by Martin and Lucas for similar PRs. Can be reviewed by commits: 1. move scep directory into monorepo 2. update import paths 3. update go.mod, go.sum 4. fix golint errors in scep package 5. skip a failing test that's been broken for a while 6. fix that failing test # Checklist for submitter If some of the following don't apply, delete the relevant line. <!-- Note that API documentation changes are now addressed by the product design team. --> - [x] Manual QA for all new/changed functionality Also verified that our test suite runs the `scep` tests.
2024-02-22 18:13:46 +00:00
scep_depot "github.com/fleetdm/fleet/v4/server/mdm/scep/depot"
gate DEP enrollment behind SSO when configured (#11309) #10739 Co-authored-by: Gabriel Hernandez <ghernandez345@gmail.com> Co-authored-by: gillespi314 <73313222+gillespi314@users.noreply.github.com>
2023-04-27 12:43:20 +00:00
nanodep_mock "github.com/fleetdm/fleet/v4/server/mock/nanodep"
Add v4 suffix in go.mod (#1224)
2021-06-26 04:46:51 +00:00
"github.com/fleetdm/fleet/v4/server/ptr"
Return all scheduled queries and their stats on the host fetch API (#2855) * Return all scheduled queries and their stats on the host fetch API (pack_stats) * Use 'pack' instead of null and wrap errs with ctxerr
2021-11-12 11:18:25 +00:00
"github.com/fleetdm/fleet/v4/server/service/async"
add mocks + tests and move things around (#9574) #8948 - Add more go:generate commands for MDM mocks - Add unit and integration tests for MDM code - Move interfaces from their PoC location to match existing patterns
2023-01-31 14:46:01 +00:00
"github.com/fleetdm/fleet/v4/server/service/mock"
Add tests to SSO/SAML implementation (#2997)
2021-11-23 13:25:43 +00:00
"github.com/fleetdm/fleet/v4/server/sso"
Increase minimum password length to 12 characters (#5712)
2022-05-18 17:03:00 +00:00
"github.com/fleetdm/fleet/v4/server/test"
Migrate old admin field to new global role (#609) - Migrate old admins to global admins - Migrate old non-admins to global maintainers - Remove old admin column - Give initial user global admin privilege - Comment out some tests (to be refactored for new permissions model later)
2021-04-07 01:27:10 +00:00
kitlog "github.com/go-kit/kit/log"
add mocks + tests and move things around (#9574) #8948 - Add more go:generate commands for MDM mocks - Add unit and integration tests for MDM code - Move interfaces from their PoC location to match existing patterns
2023-01-31 14:46:01 +00:00
"github.com/google/uuid"
Return all scheduled queries and their stats on the host fetch API (#2855) * Return all scheduled queries and their stats on the host fetch API (pack_stats) * Use 'pack' instead of null and wrap errs with ctxerr
2021-11-12 11:18:25 +00:00
"github.com/stretchr/testify/assert"
Adds endpoints to invite new users to the application. (#235) User service checks that tokens are valid on new user signups. Closes #230
2016-09-29 02:44:05 +00:00
"github.com/stretchr/testify/require"
Fix race condition in tests when using global var loginRateLimit (#5197)
2022-04-19 13:35:53 +00:00
"github.com/throttled/throttled/v2"
Issue 1362 fleetctl user roles (#1397) * WIP * Add get user_roles and apply for a user_roles spec to fleetctl * Uncomment other tests * Update test to check output * Update test with the new struct * Mock token so that it doesn't pick up the one in the local machine * Address review comments * Fix printJSON and printYaml * Fix merge conflict error * If both roles are specified, fail * Fix test * Switch arguments around * Update test with the new rule * Fix other tests that fell through the cracks
2021-07-16 18:28:13 +00:00
"github.com/throttled/throttled/v2/store/memstore"
Adds endpoints to invite new users to the application. (#235) User service checks that tokens are valid on new user signups. Closes #230
2016-09-29 02:44:05 +00:00
)
Refactor license so it is stored in the context (#8544)
2022-11-15 14:08:05 +00:00
func newTestService(t *testing.T, ds fleet.Datastore, rs fleet.QueryResultStore, lq fleet.LiveQueryStore, opts ...*TestServerOpts) (fleet.Service, context.Context) {
Add missing error checking to test config setup (#4401) * check for errors when setting test logs on new services * fix tests that fail because a log file wasn't specified * remove unnecessary nil check
2022-03-11 15:51:12 +00:00
return newTestServiceWithConfig(t, ds, config.TestConfig(), rs, lq, opts...)
add logging settings to config api response (#1467) - add docker-compose file for locally testing aws dependencies - update firehose & kinesis configs to optionally supply endpoint url override - serialize `logging` field in appconfig api response
2021-07-30 15:45:49 +00:00
}
Refactor license so it is stored in the context (#8544)
2022-11-15 14:08:05 +00:00
func newTestServiceWithConfig(t *testing.T, ds fleet.Datastore, fleetConfig config.FleetConfig, rs fleet.QueryResultStore, lq fleet.LiveQueryStore, opts ...*TestServerOpts) (fleet.Service, context.Context) {
lic := &fleet.LicenseInfo{Tier: fleet.TierFree}
add configuration parameters for filesystem logging file rotation (#10048)
2023-02-24 12:44:56 +00:00
writer, err := logging.NewFilesystemLogWriter(fleetConfig.Filesystem.StatusLogFile, kitlog.NewNopLogger(), fleetConfig.Filesystem.EnableLogRotation, fleetConfig.Filesystem.EnableLogCompression, 500, 28, 3)
Add missing error checking to test config setup (#4401) * check for errors when setting test logs on new services * fix tests that fail because a log file wasn't specified * remove unnecessary nil check
2022-03-11 15:51:12 +00:00
require.NoError(t, err)
Generate audit logs for activities (#9001) * Generate audit logs for activities * Fix config tests * Fix TestGetConfig/IncludeServerConfig * Fix use of AddAttributes in results only * Stream activities asynchronously * Fix index and add logging * Revert change * Documentation fixes
2022-12-23 22:04:13 +00:00
osqlogger := &OsqueryLogger{Status: writer, Result: writer}
Move logger up to the HTTP layer and make it generic (#1439) * Add basic idea * Implement the new logging strategy everywhere * Remove unused const * Add tests and fix error cases * Fix logging in osquery service * If there are extras, log info unless force debug * Change to info * Fix test * Make logging context more chainable and force info for sessions
2021-08-02 22:06:27 +00:00
logger := kitlog.NewNopLogger()
Add tests to SSO/SAML implementation (#2997)
2021-11-23 13:25:43 +00:00
Track active hosts count and enforce limit (#6099)
2022-06-13 20:29:32 +00:00
var (
Move nanodep dependency in monorepo (#16984)
2024-02-26 15:26:00 +00:00
failingPolicySet fleet.FailingPolicySet = NewMemFailingPolicySet()
enrollHostLimiter fleet.EnrollHostLimiter = nopEnrollHostLimiter{}
depStorage nanodep_storage.AllDEPStorage = &nanodep_mock.Storage{}
mailer fleet.MailService = &mockMailService{SendEmailFn: func(e fleet.Email) error { return nil }}
c clock.Clock = clock.C
Implement preassign endpoint as first step to match profiles and hosts to teams (#12046)
2023-05-31 13:24:22 +00:00
Implement software installer storage for S3 and local filesystem (#18493)
2024-04-24 14:18:58 +00:00
is fleet.InstallerStore
mdmStorage fleet.MDMAppleStore
mdmPusher nanomdm_push.Pusher
ssoStore sso.SessionStore
profMatcher fleet.ProfileMatcher
softwareInstallStore fleet.SoftwareInstallerStore
Track active hosts count and enforce limit (#6099)
2022-06-13 20:29:32 +00:00
)
Support per-task configuration for async host processing configuration (#5700)
2022-05-16 13:44:50 +00:00
if len(opts) > 0 {
if opts[0].Clock != nil {
c = opts[0].Clock
}
}
Support async saving of hosts' last seen time (#5640)
2022-05-10 15:29:17 +00:00
Support per-task configuration for async host processing configuration (#5700)
2022-05-16 13:44:50 +00:00
task := async.NewTask(ds, nil, c, config.OsqueryConfig{})
if len(opts) > 0 {
if opts[0].Task != nil {
task = opts[0].Task
} else {
opts[0].Task = task
}
Support async saving of hosts' last seen time (#5640)
2022-05-10 15:29:17 +00:00
}
Issue 1600 fleetctl license expiration (#1800) * Show banner in fleet and fleetctl if license expired * Ignore if license is nil or tier is core * Address review comments
2021-08-26 13:28:53 +00:00
if len(opts) > 0 {
if opts[0].Logger != nil {
logger = opts[0].Logger
}
if opts[0].License != nil {
Refactor license so it is stored in the context (#8544)
2022-11-15 14:08:05 +00:00
lic = opts[0].License
Issue 1600 fleetctl license expiration (#1800) * Show banner in fleet and fleetctl if license expired * Ignore if license is nil or tier is core * Address review comments
2021-08-26 13:28:53 +00:00
}
Add tests to SSO/SAML implementation (#2997)
2021-11-23 13:25:43 +00:00
if opts[0].Pool != nil {
ssoStore = sso.NewSessionStore(opts[0].Pool)
Implement preassign endpoint as first step to match profiles and hosts to teams (#12046)
2023-05-31 13:24:22 +00:00
profMatcher = apple_mdm.NewProfileMatcher(opts[0].Pool)
Add tests to SSO/SAML implementation (#2997)
2021-11-23 13:25:43 +00:00
}
Match pre-assigned profiles to a team (or create one) and assign host to team (#12127)
2023-06-05 19:08:21 +00:00
if opts[0].ProfileMatcher != nil {
profMatcher = opts[0].ProfileMatcher
}
Global policies automation webhooks (#3378) * Add webhook to app config * Add redis failing policies set and webhook * Add basic webhook test * Store hostname in redis * Global policy deletion to remove policy ID from set and config * Also process new passing policies * Fix unit test * Sort hosts * Add more tests * Add ListSets to the failing policies interface * Fix server URL and garbage collect on the triggering side * Do not use Redis SCAN * Fix Redis operation order * Add API changes to doc * Add comments * Add more tests * Fix tests * Add tests for config update upon deletion of policies * Run make dump-test-schema * Ignore policies that failed to run * Add proper unit tests to trigger logic * Fix comments * WIP * Add tests to service_osquerty_test.go * Use SSCAN for listing hosts instead of SMEMBERS * Add failing policies to docs/01-Using-Fleet/configuration-files/README.md * Remove skip * Fix PR comments
2021-12-23 21:26:55 +00:00
if opts[0].FailingPolicySet != nil {
failingPolicySet = opts[0].FailingPolicySet
}
Track active hosts count and enforce limit (#6099)
2022-06-13 20:29:32 +00:00
if opts[0].EnrollHostLimiter != nil {
enrollHostLimiter = opts[0].EnrollHostLimiter
}
Fix SMTP e-mail send when SMTP server has credentials (#10758) #9609 This PR also fixes #10777. The issue is: We were using `svc.AppConfig` instead of `svc.ds.AppConfig` to retrieve the SMTP credentials. `svc.AppConfig` obfuscates credentials, whereas `svc.ds.AppConfig` does not. To help prevent this from happening again I've renamed `svc.AppConfig` to `svc.AppConfigObfuscated`. I've also added a new test SMTP server (https://github.com/axllent/mailpit) that supports Basic Authentication and tests that make use of it to catch these kind of bugs (the tests are executed when running `go test` with `MAIL_TEST=1`). - [X] Changes file added for user-visible changes in `changes/` or `orbit/changes/`. See [Changes files](https://fleetdm.com/docs/contributing/committing-changes#changes-files) for more information. - ~[ ] Documented any API changes (docs/Using-Fleet/REST-API.md or docs/Contributing/API-for-contributors.md)~ - ~[ ] Documented any permissions changes~ - ~[ ] Input data is properly validated, `SELECT *` is avoided, SQL injection is prevented (using placeholders for values in statements)~ - ~[ ] Added support on fleet's osquery simulator `cmd/osquery-perf` for new osquery data ingestion features.~ - [X] Added/updated tests - [X] Manual QA for all new/changed functionality - ~For Orbit and Fleet Desktop changes:~ - ~[ ] Manual QA must be performed in the three main OSs, macOS, Windows and Linux.~ - ~[ ] Auto-update manual QA, from released version of component to new version (see [tools/tuf/test](../tools/tuf/test/README.md)).~
2023-03-28 18:23:15 +00:00
if opts[0].UseMailService {
add support for AWS SES email backend (#10847)
2023-04-06 18:21:07 +00:00
mailer, err = mail.NewService(config.TestConfig())
require.NoError(t, err)
Fix SMTP e-mail send when SMTP server has credentials (#10758) #9609 This PR also fixes #10777. The issue is: We were using `svc.AppConfig` instead of `svc.ds.AppConfig` to retrieve the SMTP credentials. `svc.AppConfig` obfuscates credentials, whereas `svc.ds.AppConfig` does not. To help prevent this from happening again I've renamed `svc.AppConfig` to `svc.AppConfigObfuscated`. I've also added a new test SMTP server (https://github.com/axllent/mailpit) that supports Basic Authentication and tests that make use of it to catch these kind of bugs (the tests are executed when running `go test` with `MAIL_TEST=1`). - [X] Changes file added for user-visible changes in `changes/` or `orbit/changes/`. See [Changes files](https://fleetdm.com/docs/contributing/committing-changes#changes-files) for more information. - ~[ ] Documented any API changes (docs/Using-Fleet/REST-API.md or docs/Contributing/API-for-contributors.md)~ - ~[ ] Documented any permissions changes~ - ~[ ] Input data is properly validated, `SELECT *` is avoided, SQL injection is prevented (using placeholders for values in statements)~ - ~[ ] Added support on fleet's osquery simulator `cmd/osquery-perf` for new osquery data ingestion features.~ - [X] Added/updated tests - [X] Manual QA for all new/changed functionality - ~For Orbit and Fleet Desktop changes:~ - ~[ ] Manual QA must be performed in the three main OSs, macOS, Windows and Linux.~ - ~[ ] Auto-update manual QA, from released version of component to new version (see [tools/tuf/test](../tools/tuf/test/README.md)).~
2023-03-28 18:23:15 +00:00
}
Implement software installer storage for S3 and local filesystem (#18493)
2024-04-24 14:18:58 +00:00
if opts[0].SoftwareInstallStore != nil {
softwareInstallStore = opts[0].SoftwareInstallStore
}
add API endpoints to retrieve pre-built installers (#6672) Rel: #6365, this adds a new endpoint to check and download pre-built installers.
2022-07-18 16:44:30 +00:00
// allow to explicitly set installer store to nil
is = opts[0].Is
Add Apple MDM functionality (#7940) * WIP * Adding DEP functionality to Fleet * Better organize additional MDM code * Add cmdr.py and amend API paths * Fix lint * Add demo file * Fix demo.md * go mod tidy * Add munki setup to Fleet * Add diagram to demo.md * Add fixes * Update TODOs and demo.md * Fix cmdr.py and add TODO * Add endpoints to demo.md * Add more Munki PoC/demo stuff * WIP * Remove proposals from PoC * Replace prepare commands with fleetctl commands * Update demo.md with current state * Remove config field * Amend demo * Remove Munki setup from MVP-Dogfood * Update demo.md * Add apple mdm commands (#7769) * fleetctl enqueue mdm command * fix deps * Fix build Co-authored-by: Lucas Rodriguez <lucas@fleetdm.com> * Add command to upload installers * go mod tidy * fix subcommands help There is a bug in urfave/cli where help text is not generated properly when subcommands are nested too deep. * Add support for installing apps * Add a way to list enrolled devices * Add dep listing * Rearrange endpoints * Move DEP routine to schedule * Define paths globally * Add a way to list enrollments and installers * Parse device-ids as comma-separated string * Remove unused types * Add simple commands and nest under enqueue-command * Fix simple commands * Add help to enqueue-command * merge apple_mdm database * Fix commands * update nanomdm * Split nanomdm and nanodep schemas * Set 512 MB in memory for upload * Remove empty file * Amend profile * Add sample commands * Add delete installers and fix bug in DEP profile assigning * Add dogfood.md deployment guide * Update schema.sql * Dump schema with MySQL 5 * Set default value for authenticate_at * add tokens to enrollment profiles When a device downloads an MDM enrollment profile, verify the token passed as a query parameter. This ensures untrusted devices don't enroll with our MDM server. - Rename enrollments to enrollment profiles. Enrollments is used by nano to refer to devices that are enrolled with MDM - Rename endpoint /api/<version>/fleet/mdm/apple/enrollments to ../enrollmentprofiles - Generate a token for authentication when creating an enrollment profile - Return unauthorized if token is invalid when downloading an enrollment profile from /api/mdm/apple/enroll?token= * remove mdm apple server url * update docs * make dump-test-schema * Update nanomdm with missing prefix table * Add docs and simplify changes * Add changes file * Add method docs * Fix compile and revert prepare.go changes * Revert migration status check change * Amend comments * Add more docs * Clarify storage of installers * Remove TODO * Remove unused * update dogfood.md * remove cmdr.py * Add authorization tests * Add TODO comment * use kitlog for nano logging * Add yaml tags * Remove unused flag * Remove changes file * Only run DEP routine if MDM is enabled * Add docs to all new exported types * Add docs * more nano logging changes * Fix unintentional removal * more nano logging changes * Fix compile test * Use string for configs and fix config test * Add docs and amend changes * revert changes to basicAuthHandler * remove exported BasicAuthHandler * rename rego authz type * Add more information to dep list * add db tag * update deps * Fix schema * Remove unimplemented Co-authored-by: Michal Nicpon <39177923+michalnicp@users.noreply.github.com> Co-authored-by: Michal Nicpon <michal@fleetdm.com>
2022-10-05 22:53:54 +00:00
// allow to explicitly set MDM storage to nil
mdmStorage = opts[0].MDMStorage
gate DEP enrollment behind SSO when configured (#11309) #10739 Co-authored-by: Gabriel Hernandez <ghernandez345@gmail.com> Co-authored-by: gillespi314 <73313222+gillespi314@users.noreply.github.com>
2023-04-27 12:43:20 +00:00
if opts[0].DEPStorage != nil {
depStorage = opts[0].DEPStorage
}
Add Apple MDM functionality (#7940) * WIP * Adding DEP functionality to Fleet * Better organize additional MDM code * Add cmdr.py and amend API paths * Fix lint * Add demo file * Fix demo.md * go mod tidy * Add munki setup to Fleet * Add diagram to demo.md * Add fixes * Update TODOs and demo.md * Fix cmdr.py and add TODO * Add endpoints to demo.md * Add more Munki PoC/demo stuff * WIP * Remove proposals from PoC * Replace prepare commands with fleetctl commands * Update demo.md with current state * Remove config field * Amend demo * Remove Munki setup from MVP-Dogfood * Update demo.md * Add apple mdm commands (#7769) * fleetctl enqueue mdm command * fix deps * Fix build Co-authored-by: Lucas Rodriguez <lucas@fleetdm.com> * Add command to upload installers * go mod tidy * fix subcommands help There is a bug in urfave/cli where help text is not generated properly when subcommands are nested too deep. * Add support for installing apps * Add a way to list enrolled devices * Add dep listing * Rearrange endpoints * Move DEP routine to schedule * Define paths globally * Add a way to list enrollments and installers * Parse device-ids as comma-separated string * Remove unused types * Add simple commands and nest under enqueue-command * Fix simple commands * Add help to enqueue-command * merge apple_mdm database * Fix commands * update nanomdm * Split nanomdm and nanodep schemas * Set 512 MB in memory for upload * Remove empty file * Amend profile * Add sample commands * Add delete installers and fix bug in DEP profile assigning * Add dogfood.md deployment guide * Update schema.sql * Dump schema with MySQL 5 * Set default value for authenticate_at * add tokens to enrollment profiles When a device downloads an MDM enrollment profile, verify the token passed as a query parameter. This ensures untrusted devices don't enroll with our MDM server. - Rename enrollments to enrollment profiles. Enrollments is used by nano to refer to devices that are enrolled with MDM - Rename endpoint /api/<version>/fleet/mdm/apple/enrollments to ../enrollmentprofiles - Generate a token for authentication when creating an enrollment profile - Return unauthorized if token is invalid when downloading an enrollment profile from /api/mdm/apple/enroll?token= * remove mdm apple server url * update docs * make dump-test-schema * Update nanomdm with missing prefix table * Add docs and simplify changes * Add changes file * Add method docs * Fix compile and revert prepare.go changes * Revert migration status check change * Amend comments * Add more docs * Clarify storage of installers * Remove TODO * Remove unused * update dogfood.md * remove cmdr.py * Add authorization tests * Add TODO comment * use kitlog for nano logging * Add yaml tags * Remove unused flag * Remove changes file * Only run DEP routine if MDM is enabled * Add docs to all new exported types * Add docs * more nano logging changes * Fix unintentional removal * more nano logging changes * Fix compile test * Use string for configs and fix config test * Add docs and amend changes * revert changes to basicAuthHandler * remove exported BasicAuthHandler * rename rego authz type * Add more information to dep list * add db tag * update deps * Fix schema * Remove unimplemented Co-authored-by: Michal Nicpon <39177923+michalnicp@users.noreply.github.com> Co-authored-by: Michal Nicpon <michal@fleetdm.com>
2022-10-05 22:53:54 +00:00
// allow to explicitly set mdm pusher to nil
mdmPusher = opts[0].MDMPusher
Configure golangci-lint for the whole repository Add a relatively minimal set of linters that raise safe and mostly un-opinionated issues with the code. It runs automatically on CI via a github action.
2021-08-24 17:35:03 +00:00
}
Support async saving of hosts' last seen time (#5640)
2022-05-10 15:29:17 +00:00
Refactor license so it is stored in the context (#8544)
2022-11-15 14:08:05 +00:00
ctx := license.NewContext(context.Background(), lic)
Implement schedule triggers (#8747)
2022-11-28 19:28:06 +00:00
cronSchedulesService := fleet.NewCronSchedules()
if len(opts) > 0 && opts[0].StartCronSchedules != nil {
for _, fn := range opts[0].StartCronSchedules {
err = cronSchedulesService.StartCronSchedule(fn(ctx, ds))
require.NoError(t, err)
}
}
Add `TestMDMClient` to simulate MDM clients in osquery-perf (#11672) #11528 osquery-perf simulated hosts enroll and are identified as manually enrolled. (Enrolling as DEP requires more work, e.g. a new mocked Apple DEP endpoint). Given that these are simulated MDM clients, they cannot be woken up with push notifications. Instead, these check for new commands to execute every 10 seconds (which is not realistic, but could serve as a good loadtesting exercise). I will now start setting up the loadtest environment with MDM enabled and configured to test this. - ~[ ] Changes file added for user-visible changes in `changes/` or `orbit/changes/`. See [Changes files](https://fleetdm.com/docs/contributing/committing-changes#changes-files) for more information.~ - ~[ ] Documented any API changes (docs/Using-Fleet/REST-API.md or docs/Contributing/API-for-contributors.md)~ - ~[ ] Documented any permissions changes~ - ~[ ] Input data is properly validated, `SELECT *` is avoided, SQL injection is prevented (using placeholders for values in statements)~ - [X] Added support on fleet's osquery simulator `cmd/osquery-perf` for new osquery data ingestion features. - [X] Added/updated tests - [X] Manual QA for all new/changed functionality - ~For Orbit and Fleet Desktop changes:~ - ~[ ] Manual QA must be performed in the three main OSs, macOS, Windows and Linux.~ - ~[ ] Auto-update manual QA, from released version of component to new version (see [tools/tuf/test](../tools/tuf/test/README.md)).~
2023-05-12 16:50:20 +00:00
mdmPushCertTopic := ""
if len(opts) > 0 && opts[0].APNSTopic != "" {
mdmPushCertTopic = opts[0].APNSTopic
}
Add certificate management for Microsoft MDM (WSTEP) (#12543) Issue #12261 # Checklist for submitter If some of the following don't apply, delete the relevant line. - [ ] Changes file added for user-visible changes in `changes/` or `orbit/changes/`. See [Changes files](https://fleetdm.com/docs/contributing/committing-changes#changes-files) for more information. - [ ] Documented any API changes (docs/Using-Fleet/REST-API.md or docs/Contributing/API-for-contributors.md) - [ ] Documented any permissions changes - [ ] Input data is properly validated, `SELECT *` is avoided, SQL injection is prevented (using placeholders for values in statements) - [ ] Added support on fleet's osquery simulator `cmd/osquery-perf` for new osquery data ingestion features. - [ ] Added/updated tests - [ ] Manual QA for all new/changed functionality - For Orbit and Fleet Desktop changes: - [ ] Manual QA must be performed in the three main OSs, macOS, Windows and Linux. - [ ] Auto-update manual QA, from released version of component to new version (see [tools/tuf/test](../tools/tuf/test/README.md)).
2023-06-29 22:31:53 +00:00
var wstepManager microsoft_mdm.CertManager
Adding support for RequestSecurityToken messages - Windows MDM enroll endpoint (#12555) This relates to #12263 # Checklist for submitter If some of the following don't apply, delete the relevant line. - [X] Changes file added for user-visible changes in `changes/` or `orbit/changes/`. See [Changes files](https://fleetdm.com/docs/contributing/committing-changes#changes-files) for more information. - [X] Input data is properly validated, `SELECT *` is avoided, SQL injection is prevented (using placeholders for values in statements) - [X] Added/updated tests --------- Co-authored-by: Roberto Dip <me@roperzh.com>
2023-07-05 13:06:37 +00:00
if fleetConfig.MDM.WindowsWSTEPIdentityCert != "" && fleetConfig.MDM.WindowsWSTEPIdentityKey != "" {
rawCert, err := os.ReadFile(fleetConfig.MDM.WindowsWSTEPIdentityCert)
Add certificate management for Microsoft MDM (WSTEP) (#12543) Issue #12261 # Checklist for submitter If some of the following don't apply, delete the relevant line. - [ ] Changes file added for user-visible changes in `changes/` or `orbit/changes/`. See [Changes files](https://fleetdm.com/docs/contributing/committing-changes#changes-files) for more information. - [ ] Documented any API changes (docs/Using-Fleet/REST-API.md or docs/Contributing/API-for-contributors.md) - [ ] Documented any permissions changes - [ ] Input data is properly validated, `SELECT *` is avoided, SQL injection is prevented (using placeholders for values in statements) - [ ] Added support on fleet's osquery simulator `cmd/osquery-perf` for new osquery data ingestion features. - [ ] Added/updated tests - [ ] Manual QA for all new/changed functionality - For Orbit and Fleet Desktop changes: - [ ] Manual QA must be performed in the three main OSs, macOS, Windows and Linux. - [ ] Auto-update manual QA, from released version of component to new version (see [tools/tuf/test](../tools/tuf/test/README.md)).
2023-06-29 22:31:53 +00:00
require.NoError(t, err)
Adding support for RequestSecurityToken messages - Windows MDM enroll endpoint (#12555) This relates to #12263 # Checklist for submitter If some of the following don't apply, delete the relevant line. - [X] Changes file added for user-visible changes in `changes/` or `orbit/changes/`. See [Changes files](https://fleetdm.com/docs/contributing/committing-changes#changes-files) for more information. - [X] Input data is properly validated, `SELECT *` is avoided, SQL injection is prevented (using placeholders for values in statements) - [X] Added/updated tests --------- Co-authored-by: Roberto Dip <me@roperzh.com>
2023-07-05 13:06:37 +00:00
rawKey, err := os.ReadFile(fleetConfig.MDM.WindowsWSTEPIdentityKey)
Add certificate management for Microsoft MDM (WSTEP) (#12543) Issue #12261 # Checklist for submitter If some of the following don't apply, delete the relevant line. - [ ] Changes file added for user-visible changes in `changes/` or `orbit/changes/`. See [Changes files](https://fleetdm.com/docs/contributing/committing-changes#changes-files) for more information. - [ ] Documented any API changes (docs/Using-Fleet/REST-API.md or docs/Contributing/API-for-contributors.md) - [ ] Documented any permissions changes - [ ] Input data is properly validated, `SELECT *` is avoided, SQL injection is prevented (using placeholders for values in statements) - [ ] Added support on fleet's osquery simulator `cmd/osquery-perf` for new osquery data ingestion features. - [ ] Added/updated tests - [ ] Manual QA for all new/changed functionality - For Orbit and Fleet Desktop changes: - [ ] Manual QA must be performed in the three main OSs, macOS, Windows and Linux. - [ ] Auto-update manual QA, from released version of component to new version (see [tools/tuf/test](../tools/tuf/test/README.md)).
2023-06-29 22:31:53 +00:00
require.NoError(t, err)
wstepManager, err = microsoft_mdm.NewCertManager(ds, rawCert, rawKey)
require.NoError(t, err)
}
Add Apple MDM functionality (#7940) * WIP * Adding DEP functionality to Fleet * Better organize additional MDM code * Add cmdr.py and amend API paths * Fix lint * Add demo file * Fix demo.md * go mod tidy * Add munki setup to Fleet * Add diagram to demo.md * Add fixes * Update TODOs and demo.md * Fix cmdr.py and add TODO * Add endpoints to demo.md * Add more Munki PoC/demo stuff * WIP * Remove proposals from PoC * Replace prepare commands with fleetctl commands * Update demo.md with current state * Remove config field * Amend demo * Remove Munki setup from MVP-Dogfood * Update demo.md * Add apple mdm commands (#7769) * fleetctl enqueue mdm command * fix deps * Fix build Co-authored-by: Lucas Rodriguez <lucas@fleetdm.com> * Add command to upload installers * go mod tidy * fix subcommands help There is a bug in urfave/cli where help text is not generated properly when subcommands are nested too deep. * Add support for installing apps * Add a way to list enrolled devices * Add dep listing * Rearrange endpoints * Move DEP routine to schedule * Define paths globally * Add a way to list enrollments and installers * Parse device-ids as comma-separated string * Remove unused types * Add simple commands and nest under enqueue-command * Fix simple commands * Add help to enqueue-command * merge apple_mdm database * Fix commands * update nanomdm * Split nanomdm and nanodep schemas * Set 512 MB in memory for upload * Remove empty file * Amend profile * Add sample commands * Add delete installers and fix bug in DEP profile assigning * Add dogfood.md deployment guide * Update schema.sql * Dump schema with MySQL 5 * Set default value for authenticate_at * add tokens to enrollment profiles When a device downloads an MDM enrollment profile, verify the token passed as a query parameter. This ensures untrusted devices don't enroll with our MDM server. - Rename enrollments to enrollment profiles. Enrollments is used by nano to refer to devices that are enrolled with MDM - Rename endpoint /api/<version>/fleet/mdm/apple/enrollments to ../enrollmentprofiles - Generate a token for authentication when creating an enrollment profile - Return unauthorized if token is invalid when downloading an enrollment profile from /api/mdm/apple/enroll?token= * remove mdm apple server url * update docs * make dump-test-schema * Update nanomdm with missing prefix table * Add docs and simplify changes * Add changes file * Add method docs * Fix compile and revert prepare.go changes * Revert migration status check change * Amend comments * Add more docs * Clarify storage of installers * Remove TODO * Remove unused * update dogfood.md * remove cmdr.py * Add authorization tests * Add TODO comment * use kitlog for nano logging * Add yaml tags * Remove unused flag * Remove changes file * Only run DEP routine if MDM is enabled * Add docs to all new exported types * Add docs * more nano logging changes * Fix unintentional removal * more nano logging changes * Fix compile test * Use string for configs and fix config test * Add docs and amend changes * revert changes to basicAuthHandler * remove exported BasicAuthHandler * rename rego authz type * Add more information to dep list * add db tag * update deps * Fix schema * Remove unimplemented Co-authored-by: Michal Nicpon <39177923+michalnicp@users.noreply.github.com> Co-authored-by: Michal Nicpon <michal@fleetdm.com>
2022-10-05 22:53:54 +00:00
svc, err := NewService(
Refactor license so it is stored in the context (#8544)
2022-11-15 14:08:05 +00:00
ctx,
Add Apple MDM functionality (#7940) * WIP * Adding DEP functionality to Fleet * Better organize additional MDM code * Add cmdr.py and amend API paths * Fix lint * Add demo file * Fix demo.md * go mod tidy * Add munki setup to Fleet * Add diagram to demo.md * Add fixes * Update TODOs and demo.md * Fix cmdr.py and add TODO * Add endpoints to demo.md * Add more Munki PoC/demo stuff * WIP * Remove proposals from PoC * Replace prepare commands with fleetctl commands * Update demo.md with current state * Remove config field * Amend demo * Remove Munki setup from MVP-Dogfood * Update demo.md * Add apple mdm commands (#7769) * fleetctl enqueue mdm command * fix deps * Fix build Co-authored-by: Lucas Rodriguez <lucas@fleetdm.com> * Add command to upload installers * go mod tidy * fix subcommands help There is a bug in urfave/cli where help text is not generated properly when subcommands are nested too deep. * Add support for installing apps * Add a way to list enrolled devices * Add dep listing * Rearrange endpoints * Move DEP routine to schedule * Define paths globally * Add a way to list enrollments and installers * Parse device-ids as comma-separated string * Remove unused types * Add simple commands and nest under enqueue-command * Fix simple commands * Add help to enqueue-command * merge apple_mdm database * Fix commands * update nanomdm * Split nanomdm and nanodep schemas * Set 512 MB in memory for upload * Remove empty file * Amend profile * Add sample commands * Add delete installers and fix bug in DEP profile assigning * Add dogfood.md deployment guide * Update schema.sql * Dump schema with MySQL 5 * Set default value for authenticate_at * add tokens to enrollment profiles When a device downloads an MDM enrollment profile, verify the token passed as a query parameter. This ensures untrusted devices don't enroll with our MDM server. - Rename enrollments to enrollment profiles. Enrollments is used by nano to refer to devices that are enrolled with MDM - Rename endpoint /api/<version>/fleet/mdm/apple/enrollments to ../enrollmentprofiles - Generate a token for authentication when creating an enrollment profile - Return unauthorized if token is invalid when downloading an enrollment profile from /api/mdm/apple/enroll?token= * remove mdm apple server url * update docs * make dump-test-schema * Update nanomdm with missing prefix table * Add docs and simplify changes * Add changes file * Add method docs * Fix compile and revert prepare.go changes * Revert migration status check change * Amend comments * Add more docs * Clarify storage of installers * Remove TODO * Remove unused * update dogfood.md * remove cmdr.py * Add authorization tests * Add TODO comment * use kitlog for nano logging * Add yaml tags * Remove unused flag * Remove changes file * Only run DEP routine if MDM is enabled * Add docs to all new exported types * Add docs * more nano logging changes * Fix unintentional removal * more nano logging changes * Fix compile test * Use string for configs and fix config test * Add docs and amend changes * revert changes to basicAuthHandler * remove exported BasicAuthHandler * rename rego authz type * Add more information to dep list * add db tag * update deps * Fix schema * Remove unimplemented Co-authored-by: Michal Nicpon <39177923+michalnicp@users.noreply.github.com> Co-authored-by: Michal Nicpon <michal@fleetdm.com>
2022-10-05 22:53:54 +00:00
ds,
task,
rs,
logger,
osqlogger,
fleetConfig,
mailer,
c,
ssoStore,
lq,
ds,
is,
failingPolicySet,
&fleet.NoOpGeoIP{},
enrollHostLimiter,
depStorage,
mdmStorage,
mdmPusher,
Add `TestMDMClient` to simulate MDM clients in osquery-perf (#11672) #11528 osquery-perf simulated hosts enroll and are identified as manually enrolled. (Enrolling as DEP requires more work, e.g. a new mocked Apple DEP endpoint). Given that these are simulated MDM clients, they cannot be woken up with push notifications. Instead, these check for new commands to execute every 10 seconds (which is not realistic, but could serve as a good loadtesting exercise). I will now start setting up the loadtest environment with MDM enabled and configured to test this. - ~[ ] Changes file added for user-visible changes in `changes/` or `orbit/changes/`. See [Changes files](https://fleetdm.com/docs/contributing/committing-changes#changes-files) for more information.~ - ~[ ] Documented any API changes (docs/Using-Fleet/REST-API.md or docs/Contributing/API-for-contributors.md)~ - ~[ ] Documented any permissions changes~ - ~[ ] Input data is properly validated, `SELECT *` is avoided, SQL injection is prevented (using placeholders for values in statements)~ - [X] Added support on fleet's osquery simulator `cmd/osquery-perf` for new osquery data ingestion features. - [X] Added/updated tests - [X] Manual QA for all new/changed functionality - ~For Orbit and Fleet Desktop changes:~ - ~[ ] Manual QA must be performed in the three main OSs, macOS, Windows and Linux.~ - ~[ ] Auto-update manual QA, from released version of component to new version (see [tools/tuf/test](../tools/tuf/test/README.md)).~
2023-05-12 16:50:20 +00:00
mdmPushCertTopic,
Implement schedule triggers (#8747)
2022-11-28 19:28:06 +00:00
cronSchedulesService,
Add certificate management for Microsoft MDM (WSTEP) (#12543) Issue #12261 # Checklist for submitter If some of the following don't apply, delete the relevant line. - [ ] Changes file added for user-visible changes in `changes/` or `orbit/changes/`. See [Changes files](https://fleetdm.com/docs/contributing/committing-changes#changes-files) for more information. - [ ] Documented any API changes (docs/Using-Fleet/REST-API.md or docs/Contributing/API-for-contributors.md) - [ ] Documented any permissions changes - [ ] Input data is properly validated, `SELECT *` is avoided, SQL injection is prevented (using placeholders for values in statements) - [ ] Added support on fleet's osquery simulator `cmd/osquery-perf` for new osquery data ingestion features. - [ ] Added/updated tests - [ ] Manual QA for all new/changed functionality - For Orbit and Fleet Desktop changes: - [ ] Manual QA must be performed in the three main OSs, macOS, Windows and Linux. - [ ] Auto-update manual QA, from released version of component to new version (see [tools/tuf/test](../tools/tuf/test/README.md)).
2023-06-29 22:31:53 +00:00
wstepManager,
Add Apple MDM functionality (#7940) * WIP * Adding DEP functionality to Fleet * Better organize additional MDM code * Add cmdr.py and amend API paths * Fix lint * Add demo file * Fix demo.md * go mod tidy * Add munki setup to Fleet * Add diagram to demo.md * Add fixes * Update TODOs and demo.md * Fix cmdr.py and add TODO * Add endpoints to demo.md * Add more Munki PoC/demo stuff * WIP * Remove proposals from PoC * Replace prepare commands with fleetctl commands * Update demo.md with current state * Remove config field * Amend demo * Remove Munki setup from MVP-Dogfood * Update demo.md * Add apple mdm commands (#7769) * fleetctl enqueue mdm command * fix deps * Fix build Co-authored-by: Lucas Rodriguez <lucas@fleetdm.com> * Add command to upload installers * go mod tidy * fix subcommands help There is a bug in urfave/cli where help text is not generated properly when subcommands are nested too deep. * Add support for installing apps * Add a way to list enrolled devices * Add dep listing * Rearrange endpoints * Move DEP routine to schedule * Define paths globally * Add a way to list enrollments and installers * Parse device-ids as comma-separated string * Remove unused types * Add simple commands and nest under enqueue-command * Fix simple commands * Add help to enqueue-command * merge apple_mdm database * Fix commands * update nanomdm * Split nanomdm and nanodep schemas * Set 512 MB in memory for upload * Remove empty file * Amend profile * Add sample commands * Add delete installers and fix bug in DEP profile assigning * Add dogfood.md deployment guide * Update schema.sql * Dump schema with MySQL 5 * Set default value for authenticate_at * add tokens to enrollment profiles When a device downloads an MDM enrollment profile, verify the token passed as a query parameter. This ensures untrusted devices don't enroll with our MDM server. - Rename enrollments to enrollment profiles. Enrollments is used by nano to refer to devices that are enrolled with MDM - Rename endpoint /api/<version>/fleet/mdm/apple/enrollments to ../enrollmentprofiles - Generate a token for authentication when creating an enrollment profile - Return unauthorized if token is invalid when downloading an enrollment profile from /api/mdm/apple/enroll?token= * remove mdm apple server url * update docs * make dump-test-schema * Update nanomdm with missing prefix table * Add docs and simplify changes * Add changes file * Add method docs * Fix compile and revert prepare.go changes * Revert migration status check change * Amend comments * Add more docs * Clarify storage of installers * Remove TODO * Remove unused * update dogfood.md * remove cmdr.py * Add authorization tests * Add TODO comment * use kitlog for nano logging * Add yaml tags * Remove unused flag * Remove changes file * Only run DEP routine if MDM is enabled * Add docs to all new exported types * Add docs * more nano logging changes * Fix unintentional removal * more nano logging changes * Fix compile test * Use string for configs and fix config test * Add docs and amend changes * revert changes to basicAuthHandler * remove exported BasicAuthHandler * rename rego authz type * Add more information to dep list * add db tag * update deps * Fix schema * Remove unimplemented Co-authored-by: Michal Nicpon <39177923+michalnicp@users.noreply.github.com> Co-authored-by: Michal Nicpon <michal@fleetdm.com>
2022-10-05 22:53:54 +00:00
)
Issue 1361 fleetctl teams (#1405) * WIP * Add get user_roles and apply for a user_roles spec to fleetctl * Uncomment other tests * Update test to check output * Update test with the new struct * Mock token so that it doesn't pick up the one in the local machine * Address review comments * Fix printJSON and printYaml * Fix merge conflict error * WIP * wip * wip * Finish implementation * Address review comments * Fix flaky test
2021-07-19 19:48:49 +00:00
if err != nil {
panic(err)
}
Refactor license so it is stored in the context (#8544)
2022-11-15 14:08:05 +00:00
if lic.IsPremium() {
Implement software installer storage for S3 and local filesystem (#18493)
2024-04-24 14:18:58 +00:00
if softwareInstallStore == nil {
// default to file-based
dir := t.TempDir()
store, err := filesystem.NewSoftwareInstallerStore(dir)
if err != nil {
panic(err)
}
softwareInstallStore = store
}
incomplete implementation of device wipe and lock (#9947)
2023-02-22 20:11:44 +00:00
svc, err = eeservice.NewService(
svc,
ds,
kitlog.NewNopLogger(),
fleetConfig,
mailer,
c,
depStorage,
implement logic to sign apple profiles (#16490) #10418
2024-04-18 21:01:37 +00:00
apple_mdm.NewMDMAppleCommander(mdmStorage, mdmPusher, fleetConfig.MDM),
allow to set up a DEP flow gated by Okta auth (#10338) #10271
2023-03-13 13:33:32 +00:00
"",
gate DEP enrollment behind SSO when configured (#11309) #10739 Co-authored-by: Gabriel Hernandez <ghernandez345@gmail.com> Co-authored-by: gillespi314 <73313222+gillespi314@users.noreply.github.com>
2023-04-27 12:43:20 +00:00
ssoStore,
Implement preassign endpoint as first step to match profiles and hosts to teams (#12046)
2023-05-31 13:24:22 +00:00
profMatcher,
Implement software installer storage for S3 and local filesystem (#18493)
2024-04-24 14:18:58 +00:00
softwareInstallStore,
incomplete implementation of device wipe and lock (#9947)
2023-02-22 20:11:44 +00:00
)
Issue 1600 fleetctl license expiration (#1800) * Show banner in fleet and fleetctl if license expired * Ignore if license is nil or tier is core * Address review comments
2021-08-26 13:28:53 +00:00
if err != nil {
panic(err)
}
Issue 1361 fleetctl teams (#1405) * WIP * Add get user_roles and apply for a user_roles spec to fleetctl * Uncomment other tests * Update test to check output * Update test with the new struct * Mock token so that it doesn't pick up the one in the local machine * Address review comments * Fix printJSON and printYaml * Fix merge conflict error * WIP * wip * wip * Finish implementation * Address review comments * Fix flaky test
2021-07-19 19:48:49 +00:00
}
Refactor license so it is stored in the context (#8544)
2022-11-15 14:08:05 +00:00
return svc, ctx
Issue 1361 fleetctl teams (#1405) * WIP * Add get user_roles and apply for a user_roles spec to fleetctl * Uncomment other tests * Update test to check output * Update test with the new struct * Mock token so that it doesn't pick up the one in the local machine * Address review comments * Fix printJSON and printYaml * Fix merge conflict error * WIP * wip * wip * Finish implementation * Address review comments * Fix flaky test
2021-07-19 19:48:49 +00:00
}
Refactor license so it is stored in the context (#8544)
2022-11-15 14:08:05 +00:00
func newTestServiceWithClock(t *testing.T, ds fleet.Datastore, rs fleet.QueryResultStore, lq fleet.LiveQueryStore, c clock.Clock) (fleet.Service, context.Context) {
add logging settings to config api response (#1467) - add docker-compose file for locally testing aws dependencies - update firehose & kinesis configs to optionally supply endpoint url override - serialize `logging` field in appconfig api response
2021-07-30 15:45:49 +00:00
testConfig := config.TestConfig()
Refactor license so it is stored in the context (#8544)
2022-11-15 14:08:05 +00:00
return newTestServiceWithConfig(t, ds, testConfig, rs, lq, &TestServerOpts{
Global policies automation webhooks (#3378) * Add webhook to app config * Add redis failing policies set and webhook * Add basic webhook test * Store hostname in redis * Global policy deletion to remove policy ID from set and config * Also process new passing policies * Fix unit test * Sort hosts * Add more tests * Add ListSets to the failing policies interface * Fix server URL and garbage collect on the triggering side * Do not use Redis SCAN * Fix Redis operation order * Add API changes to doc * Add comments * Add more tests * Fix tests * Add tests for config update upon deletion of policies * Run make dump-test-schema * Ignore policies that failed to run * Add proper unit tests to trigger logic * Fix comments * WIP * Add tests to service_osquerty_test.go * Use SSCAN for listing hosts instead of SMEMBERS * Add failing policies to docs/01-Using-Fleet/configuration-files/README.md * Remove skip * Fix PR comments
2021-12-23 21:26:55 +00:00
Clock: c,
})
App Settings - /admin/settings #363 (#590)
2016-12-20 21:54:30 +00:00
}
Remove kolide types and packages from backend (#974) Generally renamed `kolide` -> `fleet`
2021-06-06 22:07:29 +00:00
func createTestUsers(t *testing.T, ds fleet.Datastore) map[string]fleet.User {
users := make(map[string]fleet.User)
Fix TestIntegrations/TestUsers flaky test (#18251) ``` --- FAIL: TestIntegrations (47.44s) --- FAIL: TestIntegrations/TestUsers (1.42s) integration_core_test.go:4198: Error Trace: /Users/tim/workspace/fleet/server/service/integration_core_test.go:4198 Error: Not equal: expected: 0x2 actual : 0x1 Test: TestIntegrations/TestUsers ```
2024-04-16 21:40:29 +00:00
// Map iteration is random so we sort and iterate using the testUsers keys.
var keys []string
for key := range testUsers {
keys = append(keys, key)
}
sort.Strings(keys)
Add read replica testing helpers and fix non-sso login bug (#4908) not set on the INSERT. - OUT: Only sets the ID on the passed session and returns it. (`CreatedAt`, `AccessedAt`, are not set.) New version: ```go func (ds *Datastore) NewSession(ctx context.Context, userID uint, sessionKey string) (*fleet.Session, error) { sqlStatement := ` INSERT INTO sessions ( user_id, ` + "`key`" + ` ) VALUES(?,?) ` result, err := ds.writer.ExecContext(ctx, sqlStatement, userID, sessionKey) if err != nil { return nil, ctxerr.Wrap(ctx, err, "inserting session") } id, _ := result.LastInsertId() // cannot fail with the mysql driver return ds.sessionByID(ctx, ds.writer, uint(id)) } ``` - IN: Define arguments that are truly used when creating a session. - OUT: Load and return the fleet.Session struct with all values set (using the `ds.writer` to support read replicas correctly). PS: The new `NewSession` version mimics what we already do with other entities, like policies (`Datastore.NewGlobalPolicy`).
2022-04-04 23:52:05 +00:00
userID := uint(1)
Fix TestIntegrations/TestUsers flaky test (#18251) ``` --- FAIL: TestIntegrations (47.44s) --- FAIL: TestIntegrations/TestUsers (1.42s) integration_core_test.go:4198: Error Trace: /Users/tim/workspace/fleet/server/service/integration_core_test.go:4198 Error: Not equal: expected: 0x2 actual : 0x1 Test: TestIntegrations/TestUsers ```
2024-04-16 21:40:29 +00:00
for _, key := range keys {
u := testUsers[key]
Issue 1286 improve errors (#1322) * Refactor error handling for better extensibility and add more scaffolding for specific db errors * Add integration tests to check errors from mysql are translated properly * Address review comments * Add changes file
2021-07-08 15:50:43 +00:00
role := fleet.RoleObserver
if strings.Contains(u.Email, "admin") {
role = fleet.RoleAdmin
}
Remove kolide types and packages from backend (#974) Generally renamed `kolide` -> `fleet`
2021-06-06 22:07:29 +00:00
user := &fleet.User{
Fix TestIntegrations/TestUsers flaky test (#18251) ``` --- FAIL: TestIntegrations (47.44s) --- FAIL: TestIntegrations/TestUsers (1.42s) integration_core_test.go:4198: Error Trace: /Users/tim/workspace/fleet/server/service/integration_core_test.go:4198 Error: Not equal: expected: 0x2 actual : 0x1 Test: TestIntegrations/TestUsers ```
2024-04-16 21:40:29 +00:00
ID: userID, // We need to set this in case ds is a mocked Datastore.
Issue 1286 improve errors (#1322) * Refactor error handling for better extensibility and add more scaffolding for specific db errors * Add integration tests to check errors from mysql are translated properly * Address review comments * Add changes file
2021-07-08 15:50:43 +00:00
Name: "Test Name " + u.Email,
Email: u.Email,
GlobalRole: &role,
Adds endpoints to invite new users to the application. (#235) User service checks that tokens are valid on new user signups. Closes #230
2016-09-29 02:44:05 +00:00
}
err := user.SetPassword(u.PlaintextPassword, 10, 10)
require.Nil(t, err)
Add support for context in datastore/mysql layer (#1962) This is just to pass down the context to the datastore layer, it doesn't use it just yet - this will be in a follow-up PR.
2021-09-14 12:11:07 +00:00
user, err = ds.NewUser(context.Background(), user)
Adds endpoints to invite new users to the application. (#235) User service checks that tokens are valid on new user signups. Closes #230
2016-09-29 02:44:05 +00:00
require.Nil(t, err)
Remove username from UI (#1168) * Remove username from UI code * Remove username from tests * Remove username from database * Modify server endpoints for removing username * Implement backend aspects of removing username * Update API docs * Add name to fleetctl
2021-06-24 20:42:29 +00:00
users[user.Email] = *user
Add read replica testing helpers and fix non-sso login bug (#4908) not set on the INSERT. - OUT: Only sets the ID on the passed session and returns it. (`CreatedAt`, `AccessedAt`, are not set.) New version: ```go func (ds *Datastore) NewSession(ctx context.Context, userID uint, sessionKey string) (*fleet.Session, error) { sqlStatement := ` INSERT INTO sessions ( user_id, ` + "`key`" + ` ) VALUES(?,?) ` result, err := ds.writer.ExecContext(ctx, sqlStatement, userID, sessionKey) if err != nil { return nil, ctxerr.Wrap(ctx, err, "inserting session") } id, _ := result.LastInsertId() // cannot fail with the mysql driver return ds.sessionByID(ctx, ds.writer, uint(id)) } ``` - IN: Define arguments that are truly used when creating a session. - OUT: Load and return the fleet.Session struct with all values set (using the `ds.writer` to support read replicas correctly). PS: The new `NewSession` version mimics what we already do with other entities, like policies (`Datastore.NewGlobalPolicy`).
2022-04-04 23:52:05 +00:00
userID++
Adds endpoints to invite new users to the application. (#235) User service checks that tokens are valid on new user signups. Closes #230
2016-09-29 02:44:05 +00:00
}
return users
}
var testUsers = map[string]struct {
Email string
PlaintextPassword string
Refactor usage of null values in Teams models (#863) - Use pointers rather than null package types. - Use new internal ptr package. - Improved handling of changing user teams/roles.
2021-05-25 22:46:46 +00:00
GlobalRole *string
Adds endpoints to invite new users to the application. (#235) User service checks that tokens are valid on new user signups. Closes #230
2016-09-29 02:44:05 +00:00
}{
"admin1": {
Increase minimum password length to 12 characters (#5712)
2022-05-18 17:03:00 +00:00
PlaintextPassword: test.GoodPassword,
Adds endpoints to invite new users to the application. (#235) User service checks that tokens are valid on new user signups. Closes #230
2016-09-29 02:44:05 +00:00
Email: "admin1@example.com",
Remove kolide types and packages from backend (#974) Generally renamed `kolide` -> `fleet`
2021-06-06 22:07:29 +00:00
GlobalRole: ptr.String(fleet.RoleAdmin),
Adds endpoints to invite new users to the application. (#235) User service checks that tokens are valid on new user signups. Closes #230
2016-09-29 02:44:05 +00:00
},
"user1": {
Increase minimum password length to 12 characters (#5712)
2022-05-18 17:03:00 +00:00
PlaintextPassword: test.GoodPassword,
Adds endpoints to invite new users to the application. (#235) User service checks that tokens are valid on new user signups. Closes #230
2016-09-29 02:44:05 +00:00
Email: "user1@example.com",
Remove kolide types and packages from backend (#974) Generally renamed `kolide` -> `fleet`
2021-06-06 22:07:29 +00:00
GlobalRole: ptr.String(fleet.RoleMaintainer),
Adds endpoints to invite new users to the application. (#235) User service checks that tokens are valid on new user signups. Closes #230
2016-09-29 02:44:05 +00:00
},
"user2": {
Increase minimum password length to 12 characters (#5712)
2022-05-18 17:03:00 +00:00
PlaintextPassword: test.GoodPassword,
Adds endpoints to invite new users to the application. (#235) User service checks that tokens are valid on new user signups. Closes #230
2016-09-29 02:44:05 +00:00
Email: "user2@example.com",
Remove kolide types and packages from backend (#974) Generally renamed `kolide` -> `fleet`
2021-06-06 22:07:29 +00:00
GlobalRole: ptr.String(fleet.RoleObserver),
Adds endpoints to invite new users to the application. (#235) User service checks that tokens are valid on new user signups. Closes #230
2016-09-29 02:44:05 +00:00
},
}
Keep created_at timestamp of existing enroll secrets (#8062)
2022-10-05 12:35:36 +00:00
func createEnrollSecrets(t *testing.T, count int) []*fleet.EnrollSecret {
secrets := make([]*fleet.EnrollSecret, count)
for i := 0; i < count; i++ {
secrets[i] = &fleet.EnrollSecret{Secret: fmt.Sprintf("testSecret%d", i)}
}
return secrets
}
Adds endpoints to invite new users to the application. (#235) User service checks that tokens are valid on new user signups. Closes #230
2016-09-29 02:44:05 +00:00
type mockMailService struct {
Remove kolide types and packages from backend (#974) Generally renamed `kolide` -> `fleet`
2021-06-06 22:07:29 +00:00
SendEmailFn func(e fleet.Email) error
Adds endpoints to invite new users to the application. (#235) User service checks that tokens are valid on new user signups. Closes #230
2016-09-29 02:44:05 +00:00
Invoked bool
}
Remove kolide types and packages from backend (#974) Generally renamed `kolide` -> `fleet`
2021-06-06 22:07:29 +00:00
func (svc *mockMailService) SendEmail(e fleet.Email) error {
Adds endpoints to invite new users to the application. (#235) User service checks that tokens are valid on new user signups. Closes #230
2016-09-29 02:44:05 +00:00
svc.Invoked = true
return svc.SendEmailFn(e)
}
Issue 1362 fleetctl user roles (#1397) * WIP * Add get user_roles and apply for a user_roles spec to fleetctl * Uncomment other tests * Update test to check output * Update test with the new struct * Mock token so that it doesn't pick up the one in the local machine * Address review comments * Fix printJSON and printYaml * Fix merge conflict error * If both roles are specified, fail * Fix test * Switch arguments around * Update test with the new rule * Fix other tests that fell through the cracks
2021-07-16 18:28:13 +00:00
Implement schedule triggers (#8747)
2022-11-28 19:28:06 +00:00
type TestNewScheduleFunc func(ctx context.Context, ds fleet.Datastore) fleet.NewCronScheduleFunc
Issue 1361 fleetctl teams (#1405) * WIP * Add get user_roles and apply for a user_roles spec to fleetctl * Uncomment other tests * Update test to check output * Update test with the new struct * Mock token so that it doesn't pick up the one in the local machine * Address review comments * Fix printJSON and printYaml * Fix merge conflict error * WIP * wip * wip * Finish implementation * Address review comments * Fix flaky test
2021-07-19 19:48:49 +00:00
type TestServerOpts struct {
Implement software installer storage for S3 and local filesystem (#18493)
2024-04-24 14:18:58 +00:00
Logger kitlog.Logger
License *fleet.LicenseInfo
SkipCreateTestUsers bool
Rs fleet.QueryResultStore
Lq fleet.LiveQueryStore
Pool fleet.RedisPool
FailingPolicySet fleet.FailingPolicySet
Clock clock.Clock
Task *async.Task
EnrollHostLimiter fleet.EnrollHostLimiter
Is fleet.InstallerStore
FleetConfig *config.FleetConfig
MDMStorage fleet.MDMAppleStore
DEPStorage nanodep_storage.AllDEPStorage
SCEPStorage scep_depot.Depot
MDMPusher nanomdm_push.Pusher
HTTPServerConfig *http.Server
StartCronSchedules []TestNewScheduleFunc
UseMailService bool
APNSTopic string
ProfileMatcher fleet.ProfileMatcher
EnableCachedDS bool
NoCacheDatastore bool
SoftwareInstallStore fleet.SoftwareInstallerStore
Issue 1361 fleetctl teams (#1405) * WIP * Add get user_roles and apply for a user_roles spec to fleetctl * Uncomment other tests * Update test to check output * Update test with the new struct * Mock token so that it doesn't pick up the one in the local machine * Address review comments * Fix printJSON and printYaml * Fix merge conflict error * WIP * wip * wip * Finish implementation * Address review comments * Fix flaky test
2021-07-19 19:48:49 +00:00
}
Support async saving of hosts' last seen time (#5640)
2022-05-10 15:29:17 +00:00
func RunServerForTestsWithDS(t *testing.T, ds fleet.Datastore, opts ...*TestServerOpts) (map[string]fleet.User, *httptest.Server) {
prevent live queries to stall if a detail query override was set for a team (#14296) alternative approach for #14286
2023-10-04 20:02:55 +00:00
if len(opts) > 0 && opts[0].EnableCachedDS {
ds = cached_mysql.New(ds)
}
Support close the websocket of `LiveQueryResultsHandler` (#1006) * Support close `LiveQueryResultsHandler` * Start adding test * Make LiveQuery exit when the context is Done * Fix lint and remove debug print * Update server/service/client_live_query.go Co-authored-by: Zach Wasserman <zach@fleetdm.com> * Revert "Update server/service/client_live_query.go" This reverts commit be67ca1512fe502503e821393c2b9e84f5e6e82e. Co-authored-by: Tomas Touceda <chiiph@gmail.com> Co-authored-by: Zach Wasserman <zach@fleetdm.com>
2021-09-10 19:26:39 +00:00
var rs fleet.QueryResultStore
if len(opts) > 0 && opts[0].Rs != nil {
rs = opts[0].Rs
}
var lq fleet.LiveQueryStore
if len(opts) > 0 && opts[0].Lq != nil {
lq = opts[0].Lq
}
consolidate sandbox env flags (#6917) Related to #6894, this entirely replaces FLEET_DEMO with the server config added in #6597 As part of this, I also implemented a small refactor to the integration test suite to allow setting a custom config when the server is initialized.
2022-07-27 19:47:39 +00:00
cfg := config.TestConfig()
if len(opts) > 0 && opts[0].FleetConfig != nil {
cfg = *opts[0].FleetConfig
}
Refactor license so it is stored in the context (#8544)
2022-11-15 14:08:05 +00:00
svc, ctx := newTestServiceWithConfig(t, ds, cfg, rs, lq, opts...)
Issue 1600 fleetctl license expiration (#1800) * Show banner in fleet and fleetctl if license expired * Ignore if license is nil or tier is core * Address review comments
2021-08-26 13:28:53 +00:00
users := map[string]fleet.User{}
if len(opts) == 0 || (len(opts) > 0 && !opts[0].SkipCreateTestUsers) {
users = createTestUsers(t, ds)
Issue 1361 fleetctl teams (#1405) * WIP * Add get user_roles and apply for a user_roles spec to fleetctl * Uncomment other tests * Update test to check output * Update test with the new struct * Mock token so that it doesn't pick up the one in the local machine * Address review comments * Fix printJSON and printYaml * Fix merge conflict error * WIP * wip * wip * Finish implementation * Address review comments * Fix flaky test
2021-07-19 19:48:49 +00:00
}
Issue 1362 fleetctl user roles (#1397) * WIP * Add get user_roles and apply for a user_roles spec to fleetctl * Uncomment other tests * Update test to check output * Update test with the new struct * Mock token so that it doesn't pick up the one in the local machine * Address review comments * Fix printJSON and printYaml * Fix merge conflict error * If both roles are specified, fail * Fix test * Switch arguments around * Update test with the new rule * Fix other tests that fell through the cracks
2021-07-16 18:28:13 +00:00
logger := kitlog.NewLogfmtLogger(os.Stdout)
Move logger up to the HTTP layer and make it generic (#1439) * Add basic idea * Implement the new logging strategy everywhere * Remove unused const * Add tests and fix error cases * Fix logging in osquery service * If there are extras, log info unless force debug * Change to info * Fix test * Make logging context more chainable and force info for sessions
2021-08-02 22:06:27 +00:00
if len(opts) > 0 && opts[0].Logger != nil {
logger = opts[0].Logger
Issue 1362 fleetctl user roles (#1397) * WIP * Add get user_roles and apply for a user_roles spec to fleetctl * Uncomment other tests * Update test to check output * Update test with the new struct * Mock token so that it doesn't pick up the one in the local machine * Address review comments * Fix printJSON and printYaml * Fix merge conflict error * If both roles are specified, fail * Fix test * Switch arguments around * Update test with the new rule * Fix other tests that fell through the cracks
2021-07-16 18:28:13 +00:00
}
install fleetd on DEP enrolled hosts during enrollment (#10971) https://github.com/fleetdm/fleet/issues/9459
2023-04-05 23:52:26 +00:00
var mdmPusher nanomdm_push.Pusher
if len(opts) > 0 && opts[0].MDMPusher != nil {
mdmPusher = opts[0].MDMPusher
}
Move logger up to the HTTP layer and make it generic (#1439) * Add basic idea * Implement the new logging strategy everywhere * Remove unused const * Add tests and fix error cases * Fix logging in osquery service * If there are extras, log info unless force debug * Change to info * Fix test * Make logging context more chainable and force info for sessions
2021-08-02 22:06:27 +00:00
limitStore, _ := memstore.New(0)
use nanomdm's multi service + integration tests and fixes (#9269) **Use nano's multi service** This allows us to integrate more seamlessly with nano and to run our custom MDM logic _after_ the request was handled by nano, which gives us more flexibility (for example: now we can issue commands after a TokenUpdate message) From nano's code: > MultiService executes multiple services for the same service calls. > The first service returns values or errors to the caller. We give the > first service a chance to alter any 'core' request data (say, the > Enrollment ID) by waiting for it to finish then we run the remaining > services' calls in parallel. **Integration tests + fixes** - Move some of the service logic from `cmd/` to `server/service` - Add integration tests for the MDM enrollment flow, including SCEP authentication. - Fixed a bug that set `host_mdm.mdm_id = 0` during MDM enrollment due to how MySQL reports the last insert id when `ON DUPLICATE KEY` is used. - Completely remove the host row from `host_mdm` when a device is unenrolled from MDM to match the behavior of how we ingest MDM data from osquery Related to https://github.com/fleetdm/fleet/issues/8708, https://github.com/fleetdm/fleet/issues/9034
2023-01-16 20:06:30 +00:00
rootMux := http.NewServeMux()
if len(opts) > 0 {
mdmStorage := opts[0].MDMStorage
scepStorage := opts[0].SCEPStorage
add consistent MDM host lifecycle management (#18510) The mantra for MDM lifecycle events is: > - Noah: When MDM is turned on, install fleetd, bootstrap package (if DEP), > and profiles. Don't clear host vitals (everything you see on the Host > details page) > - Noah: On re-enrollment, don't clear host vitals. > - Noah: On lock and wipe, don't clear host vitals. > - Noah: On delete, clear host vitals. This addresses issues: - https://github.com/fleetdm/fleet/issues/17243 - https://github.com/fleetdm/fleet/issues/17481 - https://github.com/fleetdm/fleet/issues/17292 - https://github.com/fleetdm/fleet/issues/18030 - https://github.com/fleetdm/fleet/issues/18031
2024-04-29 19:43:15 +00:00
commander := apple_mdm.NewMDMAppleCommander(mdmStorage, mdmPusher, cfg.MDM)
use nanomdm's multi service + integration tests and fixes (#9269) **Use nano's multi service** This allows us to integrate more seamlessly with nano and to run our custom MDM logic _after_ the request was handled by nano, which gives us more flexibility (for example: now we can issue commands after a TokenUpdate message) From nano's code: > MultiService executes multiple services for the same service calls. > The first service returns values or errors to the caller. We give the > first service a chance to alter any 'core' request data (say, the > Enrollment ID) by waiting for it to finish then we run the remaining > services' calls in parallel. **Integration tests + fixes** - Move some of the service logic from `cmd/` to `server/service` - Add integration tests for the MDM enrollment flow, including SCEP authentication. - Fixed a bug that set `host_mdm.mdm_id = 0` during MDM enrollment due to how MySQL reports the last insert id when `ON DUPLICATE KEY` is used. - Completely remove the host row from `host_mdm` when a device is unenrolled from MDM to match the behavior of how we ingest MDM data from osquery Related to https://github.com/fleetdm/fleet/issues/8708, https://github.com/fleetdm/fleet/issues/9034
2023-01-16 20:06:30 +00:00
if mdmStorage != nil && scepStorage != nil {
err := RegisterAppleMDMProtocolServices(
rootMux,
Normalize the naming of mdm settings, update docs and document missing ones (#10681) #10408
2023-03-23 10:30:28 +00:00
cfg.MDM,
use nanomdm's multi service + integration tests and fixes (#9269) **Use nano's multi service** This allows us to integrate more seamlessly with nano and to run our custom MDM logic _after_ the request was handled by nano, which gives us more flexibility (for example: now we can issue commands after a TokenUpdate message) From nano's code: > MultiService executes multiple services for the same service calls. > The first service returns values or errors to the caller. We give the > first service a chance to alter any 'core' request data (say, the > Enrollment ID) by waiting for it to finish then we run the remaining > services' calls in parallel. **Integration tests + fixes** - Move some of the service logic from `cmd/` to `server/service` - Add integration tests for the MDM enrollment flow, including SCEP authentication. - Fixed a bug that set `host_mdm.mdm_id = 0` during MDM enrollment due to how MySQL reports the last insert id when `ON DUPLICATE KEY` is used. - Completely remove the host row from `host_mdm` when a device is unenrolled from MDM to match the behavior of how we ingest MDM data from osquery Related to https://github.com/fleetdm/fleet/issues/8708, https://github.com/fleetdm/fleet/issues/9034
2023-01-16 20:06:30 +00:00
mdmStorage,
scepStorage,
logger,
add consistent MDM host lifecycle management (#18510) The mantra for MDM lifecycle events is: > - Noah: When MDM is turned on, install fleetd, bootstrap package (if DEP), > and profiles. Don't clear host vitals (everything you see on the Host > details page) > - Noah: On re-enrollment, don't clear host vitals. > - Noah: On lock and wipe, don't clear host vitals. > - Noah: On delete, clear host vitals. This addresses issues: - https://github.com/fleetdm/fleet/issues/17243 - https://github.com/fleetdm/fleet/issues/17481 - https://github.com/fleetdm/fleet/issues/17292 - https://github.com/fleetdm/fleet/issues/18030 - https://github.com/fleetdm/fleet/issues/18031
2024-04-29 19:43:15 +00:00
NewMDMAppleCheckinAndCommandService(ds, commander, logger),
Add DDM service struct, basic handlers, and test client (#17671)
2024-03-15 18:20:15 +00:00
&MDMAppleDDMService{
ds: ds,
logger: logger,
},
use nanomdm's multi service + integration tests and fixes (#9269) **Use nano's multi service** This allows us to integrate more seamlessly with nano and to run our custom MDM logic _after_ the request was handled by nano, which gives us more flexibility (for example: now we can issue commands after a TokenUpdate message) From nano's code: > MultiService executes multiple services for the same service calls. > The first service returns values or errors to the caller. We give the > first service a chance to alter any 'core' request data (say, the > Enrollment ID) by waiting for it to finish then we run the remaining > services' calls in parallel. **Integration tests + fixes** - Move some of the service logic from `cmd/` to `server/service` - Add integration tests for the MDM enrollment flow, including SCEP authentication. - Fixed a bug that set `host_mdm.mdm_id = 0` during MDM enrollment due to how MySQL reports the last insert id when `ON DUPLICATE KEY` is used. - Completely remove the host row from `host_mdm` when a device is unenrolled from MDM to match the behavior of how we ingest MDM data from osquery Related to https://github.com/fleetdm/fleet/issues/8708, https://github.com/fleetdm/fleet/issues/9034
2023-01-16 20:06:30 +00:00
)
require.NoError(t, err)
}
}
Recategorize MDM endpoints to new mdm-less paths (#17372)
2024-03-13 14:27:29 +00:00
apiHandler := MakeHandler(svc, cfg, logger, limitStore, WithLoginRateLimit(throttled.PerMin(1000)))
use nanomdm's multi service + integration tests and fixes (#9269) **Use nano's multi service** This allows us to integrate more seamlessly with nano and to run our custom MDM logic _after_ the request was handled by nano, which gives us more flexibility (for example: now we can issue commands after a TokenUpdate message) From nano's code: > MultiService executes multiple services for the same service calls. > The first service returns values or errors to the caller. We give the > first service a chance to alter any 'core' request data (say, the > Enrollment ID) by waiting for it to finish then we run the remaining > services' calls in parallel. **Integration tests + fixes** - Move some of the service logic from `cmd/` to `server/service` - Add integration tests for the MDM enrollment flow, including SCEP authentication. - Fixed a bug that set `host_mdm.mdm_id = 0` during MDM enrollment due to how MySQL reports the last insert id when `ON DUPLICATE KEY` is used. - Completely remove the host row from `host_mdm` when a device is unenrolled from MDM to match the behavior of how we ingest MDM data from osquery Related to https://github.com/fleetdm/fleet/issues/8708, https://github.com/fleetdm/fleet/issues/9034
2023-01-16 20:06:30 +00:00
rootMux.Handle("/api/", apiHandler)
In fleetctl debug db-locks and fleetctl debug db-innodb-status, fixed 500 errors (#18285)
2024-04-16 12:52:03 +00:00
debugHandler := MakeDebugHandler(svc, cfg, logger, nil, ds)
rootMux.Handle("/debug/", debugHandler)
use nanomdm's multi service + integration tests and fixes (#9269) **Use nano's multi service** This allows us to integrate more seamlessly with nano and to run our custom MDM logic _after_ the request was handled by nano, which gives us more flexibility (for example: now we can issue commands after a TokenUpdate message) From nano's code: > MultiService executes multiple services for the same service calls. > The first service returns values or errors to the caller. We give the > first service a chance to alter any 'core' request data (say, the > Enrollment ID) by waiting for it to finish then we run the remaining > services' calls in parallel. **Integration tests + fixes** - Move some of the service logic from `cmd/` to `server/service` - Add integration tests for the MDM enrollment flow, including SCEP authentication. - Fixed a bug that set `host_mdm.mdm_id = 0` during MDM enrollment due to how MySQL reports the last insert id when `ON DUPLICATE KEY` is used. - Completely remove the host row from `host_mdm` when a device is unenrolled from MDM to match the behavior of how we ingest MDM data from osquery Related to https://github.com/fleetdm/fleet/issues/8708, https://github.com/fleetdm/fleet/issues/9034
2023-01-16 20:06:30 +00:00
server := httptest.NewUnstartedServer(rootMux)
server.Config = cfg.Server.DefaultHTTPServer(ctx, rootMux)
Use the same HTTP server config as the production server in tests (#8254) * Use the same HTTP server config as the production server in tests This abstracts the default config we use to run the server into a function so it can be used in tests to run an HTTP server using the same configuration. Additionally, this fixes a data race in tests, as an HTTP server configuration can't be changed once you call `server.Start()`[1] [1]: https://cs.opensource.google/go/go/+/refs/tags/go1.19.2:src/net/http/httptest/server.go;l=40;drc=19309779ac5e2f5a2fd3cbb34421dafb2855ac21
2022-10-19 10:42:21 +00:00
if len(opts) > 0 && opts[0].HTTPServerConfig != nil {
server.Config = opts[0].HTTPServerConfig
// make sure we use the application handler we just created
use nanomdm's multi service + integration tests and fixes (#9269) **Use nano's multi service** This allows us to integrate more seamlessly with nano and to run our custom MDM logic _after_ the request was handled by nano, which gives us more flexibility (for example: now we can issue commands after a TokenUpdate message) From nano's code: > MultiService executes multiple services for the same service calls. > The first service returns values or errors to the caller. We give the > first service a chance to alter any 'core' request data (say, the > Enrollment ID) by waiting for it to finish then we run the remaining > services' calls in parallel. **Integration tests + fixes** - Move some of the service logic from `cmd/` to `server/service` - Add integration tests for the MDM enrollment flow, including SCEP authentication. - Fixed a bug that set `host_mdm.mdm_id = 0` during MDM enrollment due to how MySQL reports the last insert id when `ON DUPLICATE KEY` is used. - Completely remove the host row from `host_mdm` when a device is unenrolled from MDM to match the behavior of how we ingest MDM data from osquery Related to https://github.com/fleetdm/fleet/issues/8708, https://github.com/fleetdm/fleet/issues/9034
2023-01-16 20:06:30 +00:00
server.Config.Handler = rootMux
Use the same HTTP server config as the production server in tests (#8254) * Use the same HTTP server config as the production server in tests This abstracts the default config we use to run the server into a function so it can be used in tests to run an HTTP server using the same configuration. Additionally, this fixes a data race in tests, as an HTTP server configuration can't be changed once you call `server.Start()`[1] [1]: https://cs.opensource.google/go/go/+/refs/tags/go1.19.2:src/net/http/httptest/server.go;l=40;drc=19309779ac5e2f5a2fd3cbb34421dafb2855ac21
2022-10-19 10:42:21 +00:00
}
Fix race in tests (modifying already started server config) (#8227)
2022-10-14 15:00:16 +00:00
server.Start()
Refactor integration tests (#1821) * Refactor integration tests * Remove nopCloser and use io.NopCloser * Address review comments
2021-09-15 19:27:53 +00:00
t.Cleanup(func() {
server.Close()
})
Issue 1362 fleetctl user roles (#1397) * WIP * Add get user_roles and apply for a user_roles spec to fleetctl * Uncomment other tests * Update test to check output * Update test with the new struct * Mock token so that it doesn't pick up the one in the local machine * Address review comments * Fix printJSON and printYaml * Fix merge conflict error * If both roles are specified, fail * Fix test * Switch arguments around * Update test with the new rule * Fix other tests that fell through the cracks
2021-07-16 18:28:13 +00:00
return users, server
}
add logging settings to config api response (#1467) - add docker-compose file for locally testing aws dependencies - update firehose & kinesis configs to optionally supply endpoint url override - serialize `logging` field in appconfig api response
2021-07-30 15:45:49 +00:00
add support for AWS SES email backend (#10847)
2023-04-06 18:21:07 +00:00
func testSESPluginConfig() config.FleetConfig {
c := config.TestConfig()
c.Email = config.EmailConfig{EmailBackend: "ses"}
c.SES = config.SESConfig{
Region: "us-east-1",
AccessKeyID: "foo",
SecretAccessKey: "bar",
StsAssumeRoleArn: "baz",
SourceArn: "qux",
}
return c
}
add logging settings to config api response (#1467) - add docker-compose file for locally testing aws dependencies - update firehose & kinesis configs to optionally supply endpoint url override - serialize `logging` field in appconfig api response
2021-07-30 15:45:49 +00:00
func testKinesisPluginConfig() config.FleetConfig {
c := config.TestConfig()
c.Osquery.ResultLogPlugin = "kinesis"
c.Osquery.StatusLogPlugin = "kinesis"
Generate audit logs for activities (#9001) * Generate audit logs for activities * Fix config tests * Fix TestGetConfig/IncludeServerConfig * Fix use of AddAttributes in results only * Stream activities asynchronously * Fix index and add logging * Revert change * Documentation fixes
2022-12-23 22:04:13 +00:00
c.Activity.AuditLogPlugin = "kinesis"
add logging settings to config api response (#1467) - add docker-compose file for locally testing aws dependencies - update firehose & kinesis configs to optionally supply endpoint url override - serialize `logging` field in appconfig api response
2021-07-30 15:45:49 +00:00
c.Kinesis = config.KinesisConfig{
Region: "us-east-1",
AccessKeyID: "foo",
SecretAccessKey: "bar",
StsAssumeRoleArn: "baz",
StatusStream: "test-status-stream",
ResultStream: "test-result-stream",
Generate audit logs for activities (#9001) * Generate audit logs for activities * Fix config tests * Fix TestGetConfig/IncludeServerConfig * Fix use of AddAttributes in results only * Stream activities asynchronously * Fix index and add logging * Revert change * Documentation fixes
2022-12-23 22:04:13 +00:00
AuditStream: "test-audit-stream",
add logging settings to config api response (#1467) - add docker-compose file for locally testing aws dependencies - update firehose & kinesis configs to optionally supply endpoint url override - serialize `logging` field in appconfig api response
2021-07-30 15:45:49 +00:00
}
return c
}
func testFirehosePluginConfig() config.FleetConfig {
c := config.TestConfig()
c.Osquery.ResultLogPlugin = "firehose"
c.Osquery.StatusLogPlugin = "firehose"
Generate audit logs for activities (#9001) * Generate audit logs for activities * Fix config tests * Fix TestGetConfig/IncludeServerConfig * Fix use of AddAttributes in results only * Stream activities asynchronously * Fix index and add logging * Revert change * Documentation fixes
2022-12-23 22:04:13 +00:00
c.Activity.AuditLogPlugin = "firehose"
add logging settings to config api response (#1467) - add docker-compose file for locally testing aws dependencies - update firehose & kinesis configs to optionally supply endpoint url override - serialize `logging` field in appconfig api response
2021-07-30 15:45:49 +00:00
c.Firehose = config.FirehoseConfig{
Region: "us-east-1",
AccessKeyID: "foo",
SecretAccessKey: "bar",
StsAssumeRoleArn: "baz",
StatusStream: "test-status-firehose",
ResultStream: "test-result-firehose",
Generate audit logs for activities (#9001) * Generate audit logs for activities * Fix config tests * Fix TestGetConfig/IncludeServerConfig * Fix use of AddAttributes in results only * Stream activities asynchronously * Fix index and add logging * Revert change * Documentation fixes
2022-12-23 22:04:13 +00:00
AuditStream: "test-audit-firehose",
add logging settings to config api response (#1467) - add docker-compose file for locally testing aws dependencies - update firehose & kinesis configs to optionally supply endpoint url override - serialize `logging` field in appconfig api response
2021-07-30 15:45:49 +00:00
}
return c
}
func testLambdaPluginConfig() config.FleetConfig {
c := config.TestConfig()
c.Osquery.ResultLogPlugin = "lambda"
c.Osquery.StatusLogPlugin = "lambda"
Generate audit logs for activities (#9001) * Generate audit logs for activities * Fix config tests * Fix TestGetConfig/IncludeServerConfig * Fix use of AddAttributes in results only * Stream activities asynchronously * Fix index and add logging * Revert change * Documentation fixes
2022-12-23 22:04:13 +00:00
c.Activity.AuditLogPlugin = "lambda"
add logging settings to config api response (#1467) - add docker-compose file for locally testing aws dependencies - update firehose & kinesis configs to optionally supply endpoint url override - serialize `logging` field in appconfig api response
2021-07-30 15:45:49 +00:00
c.Lambda = config.LambdaConfig{
Region: "us-east-1",
AccessKeyID: "foo",
SecretAccessKey: "bar",
StsAssumeRoleArn: "baz",
Move logger up to the HTTP layer and make it generic (#1439) * Add basic idea * Implement the new logging strategy everywhere * Remove unused const * Add tests and fix error cases * Fix logging in osquery service * If there are extras, log info unless force debug * Change to info * Fix test * Make logging context more chainable and force info for sessions
2021-08-02 22:06:27 +00:00
ResultFunction: "result-func",
StatusFunction: "status-func",
Generate audit logs for activities (#9001) * Generate audit logs for activities * Fix config tests * Fix TestGetConfig/IncludeServerConfig * Fix use of AddAttributes in results only * Stream activities asynchronously * Fix index and add logging * Revert change * Documentation fixes
2022-12-23 22:04:13 +00:00
AuditFunction: "audit-func",
add logging settings to config api response (#1467) - add docker-compose file for locally testing aws dependencies - update firehose & kinesis configs to optionally supply endpoint url override - serialize `logging` field in appconfig api response
2021-07-30 15:45:49 +00:00
}
return c
}
func testPubSubPluginConfig() config.FleetConfig {
c := config.TestConfig()
c.Osquery.ResultLogPlugin = "pubsub"
c.Osquery.StatusLogPlugin = "pubsub"
Generate audit logs for activities (#9001) * Generate audit logs for activities * Fix config tests * Fix TestGetConfig/IncludeServerConfig * Fix use of AddAttributes in results only * Stream activities asynchronously * Fix index and add logging * Revert change * Documentation fixes
2022-12-23 22:04:13 +00:00
c.Activity.AuditLogPlugin = "pubsub"
add logging settings to config api response (#1467) - add docker-compose file for locally testing aws dependencies - update firehose & kinesis configs to optionally supply endpoint url override - serialize `logging` field in appconfig api response
2021-07-30 15:45:49 +00:00
c.PubSub = config.PubSubConfig{
Project: "test",
StatusTopic: "status-topic",
ResultTopic: "result-topic",
Generate audit logs for activities (#9001) * Generate audit logs for activities * Fix config tests * Fix TestGetConfig/IncludeServerConfig * Fix use of AddAttributes in results only * Stream activities asynchronously * Fix index and add logging * Revert change * Documentation fixes
2022-12-23 22:04:13 +00:00
AuditTopic: "audit-topic",
add logging settings to config api response (#1467) - add docker-compose file for locally testing aws dependencies - update firehose & kinesis configs to optionally supply endpoint url override - serialize `logging` field in appconfig api response
2021-07-30 15:45:49 +00:00
AddAttributes: false,
}
return c
}
func testStdoutPluginConfig() config.FleetConfig {
c := config.TestConfig()
c.Osquery.ResultLogPlugin = "stdout"
c.Osquery.StatusLogPlugin = "stdout"
Generate audit logs for activities (#9001) * Generate audit logs for activities * Fix config tests * Fix TestGetConfig/IncludeServerConfig * Fix use of AddAttributes in results only * Stream activities asynchronously * Fix index and add logging * Revert change * Documentation fixes
2022-12-23 22:04:13 +00:00
c.Activity.AuditLogPlugin = "stdout"
add logging settings to config api response (#1467) - add docker-compose file for locally testing aws dependencies - update firehose & kinesis configs to optionally supply endpoint url override - serialize `logging` field in appconfig api response
2021-07-30 15:45:49 +00:00
return c
Move logger up to the HTTP layer and make it generic (#1439) * Add basic idea * Implement the new logging strategy everywhere * Remove unused const * Add tests and fix error cases * Fix logging in osquery service * If there are extras, log info unless force debug * Change to info * Fix test * Make logging context more chainable and force info for sessions
2021-08-02 22:06:27 +00:00
}
Refactor integration tests (#1821) * Refactor integration tests * Remove nopCloser and use io.NopCloser * Address review comments
2021-09-15 19:27:53 +00:00
Add missing error checking to test config setup (#4401) * check for errors when setting test logs on new services * fix tests that fail because a log file wasn't specified * remove unnecessary nil check
2022-03-11 15:51:12 +00:00
func testUnrecognizedPluginConfig() config.FleetConfig {
c := config.TestConfig()
Generate audit logs for activities (#9001) * Generate audit logs for activities * Fix config tests * Fix TestGetConfig/IncludeServerConfig * Fix use of AddAttributes in results only * Stream activities asynchronously * Fix index and add logging * Revert change * Documentation fixes
2022-12-23 22:04:13 +00:00
c.Osquery = config.OsqueryConfig{
ResultLogPlugin: "bar",
StatusLogPlugin: "bar",
}
c.Activity.AuditLogPlugin = "bar"
Add missing error checking to test config setup (#4401) * check for errors when setting test logs on new services * fix tests that fail because a log file wasn't specified * remove unnecessary nil check
2022-03-11 15:51:12 +00:00
return c
}
Refactor integration tests (#1821) * Refactor integration tests * Remove nopCloser and use io.NopCloser * Address review comments
2021-09-15 19:27:53 +00:00
func assertBodyContains(t *testing.T, resp *http.Response, expected string) {
enable controlled rollout of features by teams (#7408)
2022-08-30 11:13:09 +00:00
bodyBytes, err := io.ReadAll(resp.Body)
Refactor integration tests (#1821) * Refactor integration tests * Remove nopCloser and use io.NopCloser * Address review comments
2021-09-15 19:27:53 +00:00
require.Nil(t, err)
bodyString := string(bodyBytes)
assert.Contains(t, bodyString, expected)
}
func getJSON(r *http.Response, target interface{}) error {
return json.NewDecoder(r.Body).Decode(target)
}
func assertErrorCodeAndMessage(t *testing.T, resp *http.Response, code int, message string) {
err := &fleet.Error{}
require.Nil(t, getJSON(resp, err))
assert.Equal(t, code, err.Code)
assert.Equal(t, message, err.Message)
}
Global policies automation webhooks (#3378) * Add webhook to app config * Add redis failing policies set and webhook * Add basic webhook test * Store hostname in redis * Global policy deletion to remove policy ID from set and config * Also process new passing policies * Fix unit test * Sort hosts * Add more tests * Add ListSets to the failing policies interface * Fix server URL and garbage collect on the triggering side * Do not use Redis SCAN * Fix Redis operation order * Add API changes to doc * Add comments * Add more tests * Fix tests * Add tests for config update upon deletion of policies * Run make dump-test-schema * Ignore policies that failed to run * Add proper unit tests to trigger logic * Fix comments * WIP * Add tests to service_osquerty_test.go * Use SSCAN for listing hosts instead of SMEMBERS * Add failing policies to docs/01-Using-Fleet/configuration-files/README.md * Remove skip * Fix PR comments
2021-12-23 21:26:55 +00:00
type memFailingPolicySet struct {
mMu sync.RWMutex
m map[uint][]fleet.PolicySetHost
}
var _ fleet.FailingPolicySet = (*memFailingPolicySet)(nil)
func NewMemFailingPolicySet() *memFailingPolicySet {
return &memFailingPolicySet{
m: make(map[uint][]fleet.PolicySetHost),
}
}
// AddFailingPoliciesForHost adds the given host to the policy sets.
func (m *memFailingPolicySet) AddHost(policyID uint, host fleet.PolicySetHost) error {
m.mMu.Lock()
defer m.mMu.Unlock()
m.m[policyID] = append(m.m[policyID], host)
return nil
}
// ListHosts returns the list of hosts present in the policy set.
func (m *memFailingPolicySet) ListHosts(policyID uint) ([]fleet.PolicySetHost, error) {
m.mMu.RLock()
defer m.mMu.RUnlock()
hosts := make([]fleet.PolicySetHost, len(m.m[policyID]))
for i := range m.m[policyID] {
hosts[i] = m.m[policyID][i]
}
return hosts, nil
}
// RemoveHosts removes the hosts from the policy set.
func (m *memFailingPolicySet) RemoveHosts(policyID uint, hosts []fleet.PolicySetHost) error {
m.mMu.Lock()
defer m.mMu.Unlock()
if _, ok := m.m[policyID]; !ok {
return nil
}
hostsSet := make(map[uint]struct{})
for _, host := range hosts {
hostsSet[host.ID] = struct{}{}
}
n := 0
for _, host := range m.m[policyID] {
if _, ok := hostsSet[host.ID]; !ok {
m.m[policyID][n] = host
n++
}
}
m.m[policyID] = m.m[policyID][:n]
return nil
}
// RemoveSet removes a policy set.
func (m *memFailingPolicySet) RemoveSet(policyID uint) error {
m.mMu.Lock()
defer m.mMu.Unlock()
delete(m.m, policyID)
return nil
}
// ListSets lists all the policy sets.
func (m *memFailingPolicySet) ListSets() ([]uint, error) {
m.mMu.RLock()
defer m.mMu.RUnlock()
var policyIDs []uint
for policyID := range m.m {
policyIDs = append(policyIDs, policyID)
}
return policyIDs, nil
}
Track active hosts count and enforce limit (#6099)
2022-06-13 20:29:32 +00:00
type nopEnrollHostLimiter struct{}
func (nopEnrollHostLimiter) CanEnrollNewHost(ctx context.Context) (bool, error) {
return true, nil
}
func (nopEnrollHostLimiter) SyncEnrolledHostIDs(ctx context.Context) error {
return nil
}
add mocks + tests and move things around (#9574) #8948 - Add more go:generate commands for MDM mocks - Add unit and integration tests for MDM code - Move interfaces from their PoC location to match existing patterns
2023-01-31 14:46:01 +00:00
func newMockAPNSPushProviderFactory() (*mock.APNSPushProviderFactory, *mock.APNSPushProvider) {
provider := &mock.APNSPushProvider{}
provider.PushFunc = mockSuccessfulPush
factory := &mock.APNSPushProviderFactory{}
factory.NewPushProviderFunc = func(*tls.Certificate) (push.PushProvider, error) {
return provider, nil
}
return factory, provider
}
func mockSuccessfulPush(pushes []*mdm.Push) (map[string]*push.Response, error) {
res := make(map[string]*push.Response, len(pushes))
for _, p := range pushes {
res[p.Token.String()] = &push.Response{
Id: uuid.New().String(),
Err: nil,
}
}
return res, nil
}
remove feature flags to enable MDM (#10746) https://github.com/fleetdm/fleet/issues/10025
2023-03-27 19:30:29 +00:00
Merging Bitlocker feature branch (#14350) This relates to #12577 --------- Co-authored-by: gillespi314 <73313222+gillespi314@users.noreply.github.com> Co-authored-by: Roberto Dip <dip.jesusr@gmail.com>
2023-10-06 22:04:33 +00:00
func mdmConfigurationRequiredEndpoints() []struct {
Add device-authenticated endpoint to trigger MDM migration webhook request (#11724)
2023-05-17 14:16:26 +00:00
method, path string
deviceAuthenticated bool
premiumOnly bool
} {
return []struct {
method, path string
deviceAuthenticated bool
premiumOnly bool
}{
{"POST", "/api/latest/fleet/mdm/apple/enqueue", false, false},
{"GET", "/api/latest/fleet/mdm/apple/commandresults", false, false},
{"GET", "/api/latest/fleet/mdm/apple/installers/1", false, false},
{"DELETE", "/api/latest/fleet/mdm/apple/installers/1", false, false},
{"GET", "/api/latest/fleet/mdm/apple/installers", false, false},
{"GET", "/api/latest/fleet/mdm/apple/devices", false, false},
{"GET", "/api/latest/fleet/mdm/apple/dep/devices", false, false},
{"GET", "/api/latest/fleet/mdm/apple/profiles", false, false},
{"GET", "/api/latest/fleet/mdm/apple/profiles/1", false, false},
{"DELETE", "/api/latest/fleet/mdm/apple/profiles/1", false, false},
{"GET", "/api/latest/fleet/mdm/apple/profiles/summary", false, false},
Recategorize MDM endpoints to new mdm-less paths (#17372)
2024-03-13 14:27:29 +00:00
{"GET", "/api/latest/fleet/mdm/profiles/summary", false, false},
{"GET", "/api/latest/fleet/configuration_profiles/summary", false, false},
Add device-authenticated endpoint to trigger MDM migration webhook request (#11724)
2023-05-17 14:16:26 +00:00
{"PATCH", "/api/latest/fleet/mdm/hosts/1/unenroll", false, false},
Recategorize MDM endpoints to new mdm-less paths (#17372)
2024-03-13 14:27:29 +00:00
{"DELETE", "/api/latest/fleet/hosts/1/mdm", false, false},
Add device-authenticated endpoint to trigger MDM migration webhook request (#11724)
2023-05-17 14:16:26 +00:00
{"GET", "/api/latest/fleet/mdm/hosts/1/encryption_key", false, false},
Recategorize MDM endpoints to new mdm-less paths (#17372)
2024-03-13 14:27:29 +00:00
{"GET", "/api/latest/fleet/hosts/1/encryption_key", false, false},
properly report changed profiles in the Puppet module (#12719) For #12480
2023-07-14 15:53:03 +00:00
{"GET", "/api/latest/fleet/mdm/hosts/1/profiles", false, true},
Recategorize MDM endpoints to new mdm-less paths (#17372)
2024-03-13 14:27:29 +00:00
{"GET", "/api/latest/fleet/hosts/1/configuration_profiles", false, true},
Add device-authenticated endpoint to trigger MDM migration webhook request (#11724)
2023-05-17 14:16:26 +00:00
{"POST", "/api/latest/fleet/mdm/hosts/1/lock", false, false},
{"POST", "/api/latest/fleet/mdm/hosts/1/wipe", false, false},
{"PATCH", "/api/latest/fleet/mdm/apple/settings", false, false},
Recategorize MDM endpoints to new mdm-less paths (#17372)
2024-03-13 14:27:29 +00:00
{"POST", "/api/latest/fleet/disk_encryption", false, false},
Add device-authenticated endpoint to trigger MDM migration webhook request (#11724)
2023-05-17 14:16:26 +00:00
{"GET", "/api/latest/fleet/mdm/apple", false, false},
Recategorize MDM endpoints to new mdm-less paths (#17372)
2024-03-13 14:27:29 +00:00
{"GET", "/api/latest/fleet/apns", false, false},
Add device-authenticated endpoint to trigger MDM migration webhook request (#11724)
2023-05-17 14:16:26 +00:00
{"GET", apple_mdm.EnrollPath + "?token=test", false, false},
{"GET", apple_mdm.InstallerPath + "?token=test", false, false},
Recategorize MDM endpoints to new mdm-less paths (#17372)
2024-03-13 14:27:29 +00:00
{"GET", "/api/latest/fleet/mdm/setup/eula/0982A979-B1C9-4BDF-B584-5A37D32A1172", false, true},
{"GET", "/api/latest/fleet/setup_experience/eula/0982A979-B1C9-4BDF-B584-5A37D32A1172", false, true},
{"DELETE", "/api/latest/fleet/mdm/setup/eula/token", false, true},
{"DELETE", "/api/latest/fleet/setup_experience/eula/token", false, true},
{"GET", "/api/latest/fleet/mdm/setup/eula/metadata", false, true},
{"GET", "/api/latest/fleet/setup_experience/eula/metadata", false, true},
bootstrap package and eula endpoints platform agnosic (#16631) for #15082 - POST /mdm/apple/setup/eula was replaced by POST /mdm/setup/eula - GET /mdm/apple/setup/eula/metadata was replaced by GET /mdm/setup/eula/metadata - DELETE /mdm/apple/setup/eula/:token was replaced by DELETE /mdm/setup/eula/:token - POST /mdm/apple/bootstrap was replaced by POST /mdm/bootstrap - GET /mdm/apple/bootstrap/:team_id/metadata was replaced by GET /mdm/bootstrap/:team_id/metadata - DELETE /mdm/apple/bootstrap/:team_id was replaced by DELETE /mdm/bootstrap/:team_id - GET /mdm/apple/bootstrap/summary was replaced by GET /mdm/bootstrap/summary
2024-02-07 12:24:24 +00:00
{"GET", "/api/latest/fleet/mdm/apple/setup/eula/0982A979-B1C9-4BDF-B584-5A37D32A1172", false, false},
Add device-authenticated endpoint to trigger MDM migration webhook request (#11724)
2023-05-17 14:16:26 +00:00
{"DELETE", "/api/latest/fleet/mdm/apple/setup/eula/token", false, false},
{"GET", "/api/latest/fleet/mdm/apple/setup/eula/metadata", false, false},
{"GET", "/api/latest/fleet/mdm/apple/enrollment_profile", false, false},
Recategorize MDM endpoints to new mdm-less paths (#17372)
2024-03-13 14:27:29 +00:00
{"GET", "/api/latest/fleet/enrollment_profiles/automatic", false, false},
Add device-authenticated endpoint to trigger MDM migration webhook request (#11724)
2023-05-17 14:16:26 +00:00
{"POST", "/api/latest/fleet/mdm/apple/enrollment_profile", false, false},
Recategorize MDM endpoints to new mdm-less paths (#17372)
2024-03-13 14:27:29 +00:00
{"POST", "/api/latest/fleet/enrollment_profiles/automatic", false, false},
Add device-authenticated endpoint to trigger MDM migration webhook request (#11724)
2023-05-17 14:16:26 +00:00
{"DELETE", "/api/latest/fleet/mdm/apple/enrollment_profile", false, false},
Recategorize MDM endpoints to new mdm-less paths (#17372)
2024-03-13 14:27:29 +00:00
{"DELETE", "/api/latest/fleet/enrollment_profiles/automatic", false, false},
Add device-authenticated endpoint to trigger MDM migration webhook request (#11724)
2023-05-17 14:16:26 +00:00
{"POST", "/api/latest/fleet/device/%s/migrate_mdm", true, true},
Implement preassign endpoint as first step to match profiles and hosts to teams (#12046)
2023-05-31 13:24:22 +00:00
{"POST", "/api/latest/fleet/mdm/apple/profiles/preassign", false, true},
{"POST", "/api/latest/fleet/mdm/apple/profiles/match", false, true},
Feat windows msmdm (#14837) for #13069 --------- Co-authored-by: Marcos Oviedo <marcos@fleetdm.com> Co-authored-by: Martin Angers <martin.n.angers@gmail.com> Co-authored-by: gillespi314 <73313222+gillespi314@users.noreply.github.com>
2023-11-01 14:13:12 +00:00
{"POST", "/api/latest/fleet/mdm/commands/run", false, false},
Recategorize MDM endpoints to new mdm-less paths (#17372)
2024-03-13 14:27:29 +00:00
{"POST", "/api/latest/fleet/commands/run", false, false},
Feat windows msmdm (#14837) for #13069 --------- Co-authored-by: Marcos Oviedo <marcos@fleetdm.com> Co-authored-by: Martin Angers <martin.n.angers@gmail.com> Co-authored-by: gillespi314 <73313222+gillespi314@users.noreply.github.com>
2023-11-01 14:13:12 +00:00
{"GET", "/api/latest/fleet/mdm/commandresults", false, false},
Recategorize MDM endpoints to new mdm-less paths (#17372)
2024-03-13 14:27:29 +00:00
{"GET", "/api/latest/fleet/commands/results", false, false},
Feat windows msmdm (#14837) for #13069 --------- Co-authored-by: Marcos Oviedo <marcos@fleetdm.com> Co-authored-by: Martin Angers <martin.n.angers@gmail.com> Co-authored-by: gillespi314 <73313222+gillespi314@users.noreply.github.com>
2023-11-01 14:13:12 +00:00
{"GET", "/api/latest/fleet/mdm/commands", false, false},
Recategorize MDM endpoints to new mdm-less paths (#17372)
2024-03-13 14:27:29 +00:00
{"GET", "/api/latest/fleet/commands", false, false},
Merging Bitlocker feature branch (#14350) This relates to #12577 --------- Co-authored-by: gillespi314 <73313222+gillespi314@users.noreply.github.com> Co-authored-by: Roberto Dip <dip.jesusr@gmail.com>
2023-10-06 22:04:33 +00:00
{"POST", "/api/fleet/orbit/disk_encryption_key", false, false},
{"GET", "/api/latest/fleet/mdm/disk_encryption/summary", false, true},
Recategorize MDM endpoints to new mdm-less paths (#17372)
2024-03-13 14:27:29 +00:00
{"GET", "/api/latest/fleet/disk_encryption", false, true},
feature: windows profiles (#15349)
2023-11-29 14:32:42 +00:00
{"GET", "/api/latest/fleet/mdm/profiles/1", false, false},
Recategorize MDM endpoints to new mdm-less paths (#17372)
2024-03-13 14:27:29 +00:00
{"GET", "/api/latest/fleet/configuration_profiles/1", false, false},
feature: windows profiles (#15349)
2023-11-29 14:32:42 +00:00
{"DELETE", "/api/latest/fleet/mdm/profiles/1", false, false},
Recategorize MDM endpoints to new mdm-less paths (#17372)
2024-03-13 14:27:29 +00:00
{"DELETE", "/api/latest/fleet/configuration_profiles/1", false, false},
// TODO: those endpoints accept multipart/form data that gets
Add endpoint to upload an MDM custom profile for Windows and macOS (#15150)
2023-11-15 15:58:59 +00:00
// parsed before the MDM check, we need to refactor this
// function to return more information to the caller, or find a
// better way to test these endpoints.
//{"POST", "/api/latest/fleet/mdm/profiles", false, false},
Recategorize MDM endpoints to new mdm-less paths (#17372)
2024-03-13 14:27:29 +00:00
//{"POST", "/api/latest/fleet/configuration_profiles", false, false},
//{"POST", "/api/latest/fleet/mdm/setup/eula"},
//{"POST", "/api/latest/fleet/setup_experience/eula"},
//{"POST", "/api/latest/fleet/mdm/bootstrap", false, true},
//{"POST", "/api/latest/fleet/bootstrap", false, true},
feature: windows profiles (#15349)
2023-11-29 14:32:42 +00:00
{"GET", "/api/latest/fleet/mdm/profiles", false, false},
Recategorize MDM endpoints to new mdm-less paths (#17372)
2024-03-13 14:27:29 +00:00
{"GET", "/api/latest/fleet/configuration_profiles", false, false},
{"GET", "/api/latest/fleet/mdm/manual_enrollment_profile", false, true},
{"GET", "/api/latest/fleet/enrollment_profiles/manual", false, true},
{"GET", "/api/latest/fleet/mdm/bootstrap/1/metadata", false, true},
{"GET", "/api/latest/fleet/bootstrap/1/metadata", false, true},
{"DELETE", "/api/latest/fleet/mdm/bootstrap/1", false, true},
{"DELETE", "/api/latest/fleet/bootstrap/1", false, true},
{"GET", "/api/latest/fleet/mdm/bootstrap?token=1", false, true},
{"GET", "/api/latest/fleet/bootstrap?token=1", false, true},
{"GET", "/api/latest/fleet/mdm/bootstrap/summary", false, true},
{"GET", "/api/latest/fleet/mdm/apple/bootstrap/summary", false, true},
{"GET", "/api/latest/fleet/bootstrap/summary", false, true},
{"PATCH", "/api/latest/fleet/mdm/apple/setup", false, true},
{"PATCH", "/api/latest/fleet/setup_experience", false, true},
remove feature flags to enable MDM (#10746) https://github.com/fleetdm/fleet/issues/10025
2023-03-27 19:30:29 +00:00
}
}
SSO Metadata URL can only be https/http (#12388) When setting up SSO, validate that the Metadata URL has the proper scheme.
2023-06-22 12:17:37 +00:00
// getURLSchemas returns a list of all valid URI schemas
func getURISchemas() []string {
return []string{
"aaa",
"aaas",
"about",
"acap",
"acct",
"acd",
"acr",
"adiumxtra",
"adt",
"afp",
"afs",
"aim",
"amss",
"android",
"appdata",
"apt",
"ar",
"ark",
"at",
"attachment",
"aw",
"barion",
"bb",
"beshare",
"bitcoin",
"bitcoincash",
"blob",
"bolo",
"browserext",
"cabal",
"calculator",
"callto",
"cap",
"cast",
"casts",
"chrome",
"chrome-extension",
"cid",
"coap",
"coap+tcp",
"coap+ws",
"coaps",
"coaps+tcp",
"coaps+ws",
"com-eventbrite-attendee",
"content",
"content-type",
"crid",
"cstr",
"cvs",
"dab",
"dat",
"data",
"dav",
"dhttp",
"diaspora",
"dict",
"did",
"dis",
"dlna-playcontainer",
"dlna-playsingle",
"dns",
"dntp",
"doi",
"dpp",
"drm",
"drop",
"dtmi",
"dtn",
"dvb",
"dvx",
"dweb",
"ed2k",
"eid",
"elsi",
"embedded",
"ens",
"ethereum",
"example",
"facetime",
"fax",
"feed",
"feedready",
"fido",
"file",
"filesystem",
"finger",
"first-run-pen-experience",
"fish",
"fm",
"ftp",
"fuchsia-pkg",
"geo",
"gg",
"git",
"gitoid",
"gizmoproject",
"go",
"gopher",
"graph",
"grd",
"gtalk",
"h323",
"ham",
"hcap",
"hcp",
"http",
"https",
"hxxp",
"hxxps",
"hydrazone",
"hyper",
"iax",
"icap",
"icon",
"im",
"imap",
"info",
"iotdisco",
"ipfs",
"ipn",
"ipns",
"ipp",
"ipps",
"irc",
"irc6",
"ircs",
"iris",
"iris.beep",
"iris.lwz",
"iris.xpc",
"iris.xpcs",
"isostore",
"itms",
"jabber",
"jar",
"jms",
"keyparc",
"lastfm",
"lbry",
"ldap",
"ldaps",
"leaptofrogans",
"lorawan",
"lpa",
"lvlt",
"magnet",
"mailserver",
"mailto",
"maps",
"market",
"matrix",
"message",
"microsoft.windows.camera",
"microsoft.windows.camera.multipicker",
"microsoft.windows.camera.picker",
"mid",
"mms",
"modem",
"mongodb",
"moz",
"ms-access",
"ms-appinstaller",
"ms-browser-extension",
"ms-calculator",
"ms-drive-to",
"ms-enrollment",
"ms-excel",
"ms-eyecontrolspeech",
"ms-gamebarservices",
"ms-gamingoverlay",
"ms-getoffice",
"ms-help",
"ms-infopath",
"ms-inputapp",
"ms-launchremotedesktop",
"ms-lockscreencomponent-config",
"ms-media-stream-id",
"ms-meetnow",
"ms-mixedrealitycapture",
"ms-mobileplans",
"ms-newsandinterests",
"ms-officeapp",
"ms-people",
"ms-project",
"ms-powerpoint",
"ms-publisher",
"ms-remotedesktop",
"ms-remotedesktop-launch",
"ms-restoretabcompanion",
"ms-screenclip",
"ms-screensketch",
"ms-search",
"ms-search-repair",
"ms-secondary-screen-controller",
"ms-secondary-screen-setup",
"ms-settings",
"ms-settings-airplanemode",
"ms-settings-bluetooth",
"ms-settings-camera",
"ms-settings-cellular",
"ms-settings-cloudstorage",
"ms-settings-connectabledevices",
"ms-settings-displays-topology",
"ms-settings-emailandaccounts",
"ms-settings-language",
"ms-settings-location",
"ms-settings-lock",
"ms-settings-nfctransactions",
"ms-settings-notifications",
"ms-settings-power",
"ms-settings-privacy",
"ms-settings-proximity",
"ms-settings-screenrotation",
"ms-settings-wifi",
"ms-settings-workplace",
"ms-spd",
"ms-stickers",
"ms-sttoverlay",
"ms-transit-to",
"ms-useractivityset",
"ms-virtualtouchpad",
"ms-visio",
"ms-walk-to",
"ms-whiteboard",
"ms-whiteboard-cmd",
"ms-word",
"msnim",
"msrp",
"msrps",
"mss",
"mt",
"mtqp",
"mumble",
"mupdate",
"mvn",
"news",
"nfs",
"ni",
"nih",
"nntp",
"notes",
"num",
"ocf",
"oid",
"onenote",
"onenote-cmd",
"opaquelocktoken",
"openpgp4fpr",
"otpauth",
"p1",
"pack",
"palm",
"paparazzi",
"payment",
"payto",
"pkcs11",
"platform",
"pop",
"pres",
"prospero",
"proxy",
"pwid",
"psyc",
"pttp",
"qb",
"query",
"quic-transport",
"redis",
"rediss",
"reload",
"res",
"resource",
"rmi",
"rsync",
"rtmfp",
"rtmp",
"rtsp",
"rtsps",
"rtspu",
"sarif",
"secondlife",
"secret-token",
"service",
"session",
"sftp",
"sgn",
"shc",
"shttp",
"sieve",
"simpleledger",
"simplex",
"sip",
"sips",
"skype",
"smb",
"smp",
"sms",
"smtp",
"snews",
"snmp",
"soap.beep",
"soap.beeps",
"soldat",
"spiffe",
"spotify",
"ssb",
"ssh",
"starknet",
"steam",
"stun",
"stuns",
"submit",
"svn",
"swh",
"swid",
"swidpath",
"tag",
"taler",
"teamspeak",
"tel",
"teliaeid",
"telnet",
"tftp",
"things",
"thismessage",
"tip",
"tn3270",
"tool",
"turn",
"turns",
"tv",
"udp",
"unreal",
"upt",
"urn",
"ut2004",
"uuid-in-package",
"v-event",
"vemmi",
"ventrilo",
"ves",
"videotex",
"vnc",
"view-source",
"vscode",
"vscode-insiders",
"vsls",
"w3",
"wais",
"web3",
"wcr",
"webcal",
"web+ap",
"wifi",
"wpid",
"ws",
"wss",
"wtai",
"wyciwyg",
"xcon",
"xcon-userid",
"xfire",
"xmlrpc.beep",
"xmlrpc.beeps",
"xmpp",
"xri",
"ymsgr",
"z39.50",
"z39.50r",
"z39.50s",
}
}
Reference in a new issue Copy permalink