Elgato_dark/fleet
1
0
Fork 0
mirror of https://github.com/fleetdm/fleet synced 2026-05-22 16:39:01 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 122
fleet/server/service/service.go

196 lines
6.7 KiB
Go
Raw Normal View History

Remove kolide types and packages from backend (#974) Generally renamed `kolide` -> `fleet`
2021-06-06 22:07:29 +00:00
// Package service holds the implementation of the fleet interface and HTTP
// endpoints for the API
Organizing go code (#241)
2016-09-26 18:48:55 +00:00
package service
go-kit server layout
2016-08-28 03:59:17 +00:00
update user service (#101) - Added all required methods for a UserService - Added authentication handlers `/api/login` and `/api/logout` - Added authMiddleware for authentication for `/api/v1/kolide` path - Added authorization middleware for each endoint - Added validation middleware for validating API inputs - Began work on logging middleware
2016-09-01 04:51:38 +00:00
import (
Better jitter (#3716) * Better jitter * Fix lint * Use milliseconds * Make duration milliseconds * Update based on Lucas' suggestion * Add changes file * Panic on error * Fix compilation error
2022-01-18 14:29:57 +00:00
"context"
Use new error handling approach in other packages (#2954)
2021-11-22 14:13:26 +00:00
"fmt"
Use Github hosted assets in emails sent by Fleet (#2090) This change allows the images in Fleet emails to load properly from any device with connectivity to github.com. Previously, emails might try to load resources from a Kolide server not accessible from the email client. The asset URL will be based on the most recent git tag to accomodate backwards-compatibility if the assets in the repo change. Closes #1471
2019-08-02 21:08:42 +00:00
"html/template"
Batch updates to host seen time (#633) Instead of synchronously updating the seen_time column for a host on an update, batch these updates to be written together every 1 second. This results in a ~33% reduction in MySQL CPU usage in a local test with 4,000 simulated hosts and MySQL running in Docker.
2021-04-12 23:22:22 +00:00
"sync"
Better jitter (#3716) * Better jitter * Fix lint * Use milliseconds * Make duration milliseconds * Update based on Lucas' suggestion * Add changes file * Panic on error * Fix compilation error
2022-01-18 14:29:57 +00:00
"time"
queries and packs services via go-kit (#102) * osquery services via go-kit * Visual Studio Code configurations * create query and pack endpoints * organizing files more scalably * modify query and pack endpoints * delete query and pack endpoints * get query and pack endpoints * get all queries and packs endpoints * add and remove queries from packs * test stubs * removing some indirection * query service tests * service pack tests * transport tests * adding config file flag back * organizing package kolide * get queries in pack endpoint * run tests on 1.7? * no 1.7 image :( * typo in circle.yml
2016-09-04 05:13:42 +00:00
Send configuration + label queries in distributed reads (#215) This PR is the beginning of distributed query work. For now we are focusing on using the distributed query subsystem to retrieve the basic configuration information (currently just platform), and run the label queries. A mockable clock interface is also added to the service struct, allowing us to inject a clock as a dependency, and write unit tests that can control the time.
2016-09-21 03:08:11 +00:00
"github.com/WatchBeam/clock"
Add v4 suffix in go.mod (#1224)
2021-06-26 04:46:51 +00:00
"github.com/fleetdm/fleet/v4/server/authz"
"github.com/fleetdm/fleet/v4/server/config"
"github.com/fleetdm/fleet/v4/server/fleet"
Finalize MDM commands part 3: add the `fleetctl get mdm-command-results` command (#10964)
2023-04-05 14:50:36 +00:00
apple_mdm "github.com/fleetdm/fleet/v4/server/mdm/apple"
Add certificate management for Microsoft MDM (WSTEP) (#12543) Issue #12261 # Checklist for submitter If some of the following don't apply, delete the relevant line. - [ ] Changes file added for user-visible changes in `changes/` or `orbit/changes/`. See [Changes files](https://fleetdm.com/docs/contributing/committing-changes#changes-files) for more information. - [ ] Documented any API changes (docs/Using-Fleet/REST-API.md or docs/Contributing/API-for-contributors.md) - [ ] Documented any permissions changes - [ ] Input data is properly validated, `SELECT *` is avoided, SQL injection is prevented (using placeholders for values in statements) - [ ] Added support on fleet's osquery simulator `cmd/osquery-perf` for new osquery data ingestion features. - [ ] Added/updated tests - [ ] Manual QA for all new/changed functionality - For Orbit and Fleet Desktop changes: - [ ] Manual QA must be performed in the three main OSs, macOS, Windows and Linux. - [ ] Auto-update manual QA, from released version of component to new version (see [tools/tuf/test](../tools/tuf/test/README.md)).
2023-06-29 22:31:53 +00:00
microsoft_mdm "github.com/fleetdm/fleet/v4/server/mdm/microsoft"
Move nanodep dependency in monorepo (#16984)
2024-02-26 15:26:00 +00:00
nanodep_storage "github.com/fleetdm/fleet/v4/server/mdm/nanodep/storage"
Move nanomdm dependency in monorepo (#16015) #15557 Following the precedent that Lucas used for other similar PRs, the best way to review is probably by commits. * The first one simply copies over the files from the fork to the monorepo * Second one adjusts all import paths * Third one tidies up the `go.mod` files * Last one fixes the linter issues in the nanomdm package # Checklist for submitter - ~~Changes file added for user-visible changes in `changes/` or `orbit/changes/`.~~ (not a user-visible change) - [x] Manual QA for all new/changed functionality (ran test suite, re-generated mocks) I also verified that our Go test suite did run the newly moved `nanomdm` package steps: ``` ok github.com/fleetdm/fleet/v4/server/mdm/nanomdm/cryptoutil 0.003s coverage: 0.0% of statements in github.com/fleetdm/fleet/v4/... ok github.com/fleetdm/fleet/v4/server/mdm/nanomdm/mdm 0.005s coverage: 46.2% of statements in github.com/fleetdm/fleet/v4/... ok github.com/fleetdm/fleet/v4/server/mdm/nanomdm/service/certauth 1.320s coverage: 20.7% of statements in github.com/fleetdm/fleet/v4/... ok github.com/fleetdm/fleet/v4/server/mdm/nanomdm/storage/file 0.007s coverage: 24.1% of statements in github.com/fleetdm/fleet/v4/... ```
2024-01-12 02:28:48 +00:00
nanomdm_push "github.com/fleetdm/fleet/v4/server/mdm/nanomdm/push"
nanomdm_storage "github.com/fleetdm/fleet/v4/server/mdm/nanomdm/storage"
Implement async processing of hosts for label queries (#2288)
2021-11-01 18:13:16 +00:00
"github.com/fleetdm/fleet/v4/server/service/async"
Microsoft Compliance Partner backend changes (#29540) For #27042. Ready for review, just missing integration tests that I will be writing today. - [X] Changes file added for user-visible changes in `changes/`, `orbit/changes/` or `ee/fleetd-chrome/changes`. See [Changes files](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/guides/committing-changes.md#changes-files) for more information. - [X] Input data is properly validated, `SELECT *` is avoided, SQL injection is prevented (using placeholders for values in statements) - [ ] Added support on fleet's osquery simulator `cmd/osquery-perf` for new osquery data ingestion features. - [X] If database migrations are included, checked table schema to confirm autoupdate - For new Fleet configuration settings - [X] Verified that the setting can be managed via GitOps, or confirmed that the setting is explicitly being excluded from GitOps. If managing via Gitops: - [X] Verified that the setting is exported via `fleetctl generate-gitops` - [X] Added the setting to [the GitOps documentation](https://github.com/fleetdm/fleet/blob/main/docs/Configuration/yaml-files.md#L485) - [X] Verified that the setting is cleared on the server if it is not supplied in a YAML file (or that it is documented as being optional) - [x] Verified that any relevant UI is disabled when GitOps mode is enabled - For database migrations: - [X] Checked schema for all modified table for columns that will auto-update timestamps during migration. - [X] Confirmed that updating the timestamps is acceptable, and will not cause unwanted side effects. - [X] Ensured the correct collation is explicitly set for character columns (`COLLATE utf8mb4_unicode_ci`). - [x] Added/updated automated tests - [X] Manual QA for all new/changed functionality --------- Co-authored-by: jacobshandling <61553566+jacobshandling@users.noreply.github.com> Co-authored-by: Jacob Shandling <jacob@fleetdm.com>
2025-06-11 17:22:46 +00:00
"github.com/fleetdm/fleet/v4/server/service/conditional_access_microsoft_proxy"
Add v4 suffix in go.mod (#1224)
2021-06-26 04:46:51 +00:00
"github.com/fleetdm/fleet/v4/server/sso"
🧹 friday cleanup party: substitute deprecated import of go-kit (#19774) `go-kit/kit/log` was deprecated and generating warnings # Checklist for submitter If some of the following don't apply, delete the relevant line. <!-- Note that API documentation changes are now addressed by the product design team. --> - [x] Manual QA for all new/changed functionality
2024-06-17 13:27:31 +00:00
kitlog "github.com/go-kit/log"
update user service (#101) - Added all required methods for a UserService - Added authentication handlers `/api/login` and `/api/logout` - Added authMiddleware for authentication for `/api/v1/kolide` path - Added authorization middleware for each endoint - Added validation middleware for validating API inputs - Began work on logging middleware
2016-09-01 04:51:38 +00:00
)
go-kit server layout
2016-08-28 03:59:17 +00:00
Add public ip to hosts & derive geolocation when rendering host (#4652) * geoip wip * return nil if ip is empty string or if ParseIP returns nil * add ui component to render geolocation if available, address PR feedback * render public ip if available * add changes file, document geoip in deployment guide * update rest-api docs
2022-03-21 16:29:52 +00:00
var _ fleet.Service = (*Service)(nil)
Remove kolide types and packages from backend (#974) Generally renamed `kolide` -> `fleet`
2021-06-06 22:07:29 +00:00
// Service is the struct implementing fleet.Service. Create a new one with NewService.
Refactor teams service methods (#910) - Move team-related service methods to `ee/server/service`. - Instantiate different service on startup based on license key. - Refactor service errors into separate package. - Add support for running E2E tests in both Core and Basic tiers.
2021-06-01 00:07:51 +00:00
type Service struct {
Remove kolide types and packages from backend (#974) Generally renamed `kolide` -> `fleet`
2021-06-06 22:07:29 +00:00
ds fleet.Datastore
Implement async processing of hosts for label queries (#2288)
2021-11-01 18:13:16 +00:00
task *async.Task
Remove kolide types and packages from backend (#974) Generally renamed `kolide` -> `fleet`
2021-06-06 22:07:29 +00:00
carveStore fleet.CarveStore
resultStore fleet.QueryResultStore
liveQueryStore fleet.LiveQueryStore
Refactor teams service methods (#910) - Move team-related service methods to `ee/server/service`. - Instantiate different service on startup based on license key. - Refactor service errors into separate package. - Add support for running E2E tests in both Core and Basic tiers.
2021-06-01 00:07:51 +00:00
logger kitlog.Logger
Remove kolide types and packages from backend (#974) Generally renamed `kolide` -> `fleet`
2021-06-06 22:07:29 +00:00
config config.FleetConfig
Refactor teams service methods (#910) - Move team-related service methods to `ee/server/service`. - Instantiate different service on startup based on license key. - Refactor service errors into separate package. - Add support for running E2E tests in both Core and Basic tiers.
2021-06-01 00:07:51 +00:00
clock clock.Clock
Generate audit logs for activities (#9001) * Generate audit logs for activities * Fix config tests * Fix TestGetConfig/IncludeServerConfig * Fix use of AddAttributes in results only * Stream activities asynchronously * Fix index and add logging * Revert change * Documentation fixes
2022-12-23 22:04:13 +00:00
osqueryLogWriter *OsqueryLogger
Refactor teams service methods (#910) - Move team-related service methods to `ee/server/service`. - Instantiate different service on startup based on license key. - Refactor service errors into separate package. - Add support for running E2E tests in both Core and Basic tiers.
2021-06-01 00:07:51 +00:00
Remove kolide types and packages from backend (#974) Generally renamed `kolide` -> `fleet`
2021-06-06 22:07:29 +00:00
mailService fleet.MailService
Refactor teams service methods (#910) - Move team-related service methods to `ee/server/service`. - Instantiate different service on startup based on license key. - Refactor service errors into separate package. - Add support for running E2E tests in both Core and Basic tiers.
2021-06-01 00:07:51 +00:00
ssoSessionStore sso.SessionStore
Track active hosts count and enforce limit (#6099)
2022-06-13 20:29:32 +00:00
failingPolicySet fleet.FailingPolicySet
enrollHostLimiter fleet.EnrollHostLimiter
Global policies automation webhooks (#3378) * Add webhook to app config * Add redis failing policies set and webhook * Add basic webhook test * Store hostname in redis * Global policy deletion to remove policy ID from set and config * Also process new passing policies * Fix unit test * Sort hosts * Add more tests * Add ListSets to the failing policies interface * Fix server URL and garbage collect on the triggering side * Do not use Redis SCAN * Fix Redis operation order * Add API changes to doc * Add comments * Add more tests * Fix tests * Add tests for config update upon deletion of policies * Run make dump-test-schema * Ignore policies that failed to run * Add proper unit tests to trigger logic * Fix comments * WIP * Add tests to service_osquerty_test.go * Use SSCAN for listing hosts instead of SMEMBERS * Add failing policies to docs/01-Using-Fleet/configuration-files/README.md * Remove skip * Fix PR comments
2021-12-23 21:26:55 +00:00
Add authorization checks in service (#938) - Add policy.rego file defining authorization policies. - Add Go integrations to evaluate Rego policies (via OPA). - Add middleware to ensure requests without authorization check are rejected (guard against programmer error). - Add authorization checks to most service endpoints.
2021-06-03 23:24:15 +00:00
authz *authz.Authorizer
Better jitter (#3716) * Better jitter * Fix lint * Use milliseconds * Make duration milliseconds * Update based on Lucas' suggestion * Add changes file * Panic on error * Fix compilation error
2022-01-18 14:29:57 +00:00
Split hosts in bucket of minutes for the jitter (#3767) * Split hosts in bucket of minutes * New approach on jitter * Use minutes to define the amount of buckets * Add logging to jitter hash creation * Clean up code and remove unused jitter * Fix test * Add docs and address review comments * Address review comments * Fix typo in doc Co-authored-by: Tomas Touceda <chiiph@gmail.com>
2022-02-03 17:56:11 +00:00
jitterMu *sync.Mutex
jitterH map[time.Duration]*jitterHashTable
Add public ip to hosts & derive geolocation when rendering host (#4652) * geoip wip * return nil if ip is empty string or if ParseIP returns nil * add ui component to render geolocation if available, address PR feedback * render public ip if available * add changes file, document geoip in deployment guide * update rest-api docs
2022-03-21 16:29:52 +00:00
geoIP fleet.GeoIP
enable controlled rollout of features by teams (#7408)
2022-08-30 11:13:09 +00:00
*fleet.EnterpriseOverrides
Add Apple MDM functionality (#7940) * WIP * Adding DEP functionality to Fleet * Better organize additional MDM code * Add cmdr.py and amend API paths * Fix lint * Add demo file * Fix demo.md * go mod tidy * Add munki setup to Fleet * Add diagram to demo.md * Add fixes * Update TODOs and demo.md * Fix cmdr.py and add TODO * Add endpoints to demo.md * Add more Munki PoC/demo stuff * WIP * Remove proposals from PoC * Replace prepare commands with fleetctl commands * Update demo.md with current state * Remove config field * Amend demo * Remove Munki setup from MVP-Dogfood * Update demo.md * Add apple mdm commands (#7769) * fleetctl enqueue mdm command * fix deps * Fix build Co-authored-by: Lucas Rodriguez <lucas@fleetdm.com> * Add command to upload installers * go mod tidy * fix subcommands help There is a bug in urfave/cli where help text is not generated properly when subcommands are nested too deep. * Add support for installing apps * Add a way to list enrolled devices * Add dep listing * Rearrange endpoints * Move DEP routine to schedule * Define paths globally * Add a way to list enrollments and installers * Parse device-ids as comma-separated string * Remove unused types * Add simple commands and nest under enqueue-command * Fix simple commands * Add help to enqueue-command * merge apple_mdm database * Fix commands * update nanomdm * Split nanomdm and nanodep schemas * Set 512 MB in memory for upload * Remove empty file * Amend profile * Add sample commands * Add delete installers and fix bug in DEP profile assigning * Add dogfood.md deployment guide * Update schema.sql * Dump schema with MySQL 5 * Set default value for authenticate_at * add tokens to enrollment profiles When a device downloads an MDM enrollment profile, verify the token passed as a query parameter. This ensures untrusted devices don't enroll with our MDM server. - Rename enrollments to enrollment profiles. Enrollments is used by nano to refer to devices that are enrolled with MDM - Rename endpoint /api/<version>/fleet/mdm/apple/enrollments to ../enrollmentprofiles - Generate a token for authentication when creating an enrollment profile - Return unauthorized if token is invalid when downloading an enrollment profile from /api/mdm/apple/enroll?token= * remove mdm apple server url * update docs * make dump-test-schema * Update nanomdm with missing prefix table * Add docs and simplify changes * Add changes file * Add method docs * Fix compile and revert prepare.go changes * Revert migration status check change * Amend comments * Add more docs * Clarify storage of installers * Remove TODO * Remove unused * update dogfood.md * remove cmdr.py * Add authorization tests * Add TODO comment * use kitlog for nano logging * Add yaml tags * Remove unused flag * Remove changes file * Only run DEP routine if MDM is enabled * Add docs to all new exported types * Add docs * more nano logging changes * Fix unintentional removal * more nano logging changes * Fix compile test * Use string for configs and fix config test * Add docs and amend changes * revert changes to basicAuthHandler * remove exported BasicAuthHandler * rename rego authz type * Add more information to dep list * add db tag * update deps * Fix schema * Remove unimplemented Co-authored-by: Michal Nicpon <39177923+michalnicp@users.noreply.github.com> Co-authored-by: Michal Nicpon <michal@fleetdm.com>
2022-10-05 22:53:54 +00:00
Move nanodep dependency in monorepo (#16984)
2024-02-26 15:26:00 +00:00
depStorage nanodep_storage.AllDEPStorage
refactor how we send Fleet initiated MDM commands (#9903) https://github.com/fleetdm/fleet/issues/9590 - move the logic to send commands into its own service method that can be used internally by cron jobs and other services. - deprecate the use of `rawEnqueueCommand` as it's copyied from the nanomdm codebase where it's used in other context as a general command API handler
2023-02-17 19:26:51 +00:00
mdmStorage nanomdm_storage.AllStorage
mdmPushService nanomdm_push.Pusher
Finalize MDM commands part 3: add the `fleetctl get mdm-command-results` command (#10964)
2023-04-05 14:50:36 +00:00
mdmAppleCommander *apple_mdm.MDMAppleCommander
Implement schedule triggers (#8747)
2022-11-28 19:28:06 +00:00
cronSchedulesService fleet.CronSchedulesService
Add certificate management for Microsoft MDM (WSTEP) (#12543) Issue #12261 # Checklist for submitter If some of the following don't apply, delete the relevant line. - [ ] Changes file added for user-visible changes in `changes/` or `orbit/changes/`. See [Changes files](https://fleetdm.com/docs/contributing/committing-changes#changes-files) for more information. - [ ] Documented any API changes (docs/Using-Fleet/REST-API.md or docs/Contributing/API-for-contributors.md) - [ ] Documented any permissions changes - [ ] Input data is properly validated, `SELECT *` is avoided, SQL injection is prevented (using placeholders for values in statements) - [ ] Added support on fleet's osquery simulator `cmd/osquery-perf` for new osquery data ingestion features. - [ ] Added/updated tests - [ ] Manual QA for all new/changed functionality - For Orbit and Fleet Desktop changes: - [ ] Manual QA must be performed in the three main OSs, macOS, Windows and Linux. - [ ] Auto-update manual QA, from released version of component to new version (see [tools/tuf/test](../tools/tuf/test/README.md)).
2023-06-29 22:31:53 +00:00
Add custom SCEP configs (#27045) For #26603 This PR includes: - Refactoring of NDES/SCEP verify/timeout logic for easier testing (with dependency injection) - Custom SCEP configs - saving/deleting/updating of encrypted custom SCEP challenges - validation call to custom SCEP server to verify connection - Custom SCEP activities - unit and integration tests for all of the above This PR does not include the following: - Changes file (in later PR) # Checklist for submitter - [x] Added/updated automated tests - [x] Manual QA for all new/changed functionality
2025-03-14 17:16:51 +00:00
wstepCertManager microsoft_mdm.CertManager
scepConfigService fleet.SCEPConfigService
GitOps support for DigiCert and Custom SCEP (#27229) For #26622 This PR includes: - Making DigiCert client a real service that can be overridden in tests - GitOps support for DigiCert and Custom SCEP configs # Checklist for submitter - [x] Added/updated automated tests - [x] A detailed QA plan exists on the associated ticket (if it isn't there, work with the product group's QA engineer to add it) - [x] Manual QA for all new/changed functionality
2025-03-20 16:36:00 +00:00
digiCertService fleet.DigiCertService
Microsoft Compliance Partner backend changes (#29540) For #27042. Ready for review, just missing integration tests that I will be writing today. - [X] Changes file added for user-visible changes in `changes/`, `orbit/changes/` or `ee/fleetd-chrome/changes`. See [Changes files](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/guides/committing-changes.md#changes-files) for more information. - [X] Input data is properly validated, `SELECT *` is avoided, SQL injection is prevented (using placeholders for values in statements) - [ ] Added support on fleet's osquery simulator `cmd/osquery-perf` for new osquery data ingestion features. - [X] If database migrations are included, checked table schema to confirm autoupdate - For new Fleet configuration settings - [X] Verified that the setting can be managed via GitOps, or confirmed that the setting is explicitly being excluded from GitOps. If managing via Gitops: - [X] Verified that the setting is exported via `fleetctl generate-gitops` - [X] Added the setting to [the GitOps documentation](https://github.com/fleetdm/fleet/blob/main/docs/Configuration/yaml-files.md#L485) - [X] Verified that the setting is cleared on the server if it is not supplied in a YAML file (or that it is documented as being optional) - [x] Verified that any relevant UI is disabled when GitOps mode is enabled - For database migrations: - [X] Checked schema for all modified table for columns that will auto-update timestamps during migration. - [X] Confirmed that updating the timestamps is acceptable, and will not cause unwanted side effects. - [X] Ensured the correct collation is explicitly set for character columns (`COLLATE utf8mb4_unicode_ci`). - [x] Added/updated automated tests - [X] Manual QA for all new/changed functionality --------- Co-authored-by: jacobshandling <61553566+jacobshandling@users.noreply.github.com> Co-authored-by: Jacob Shandling <jacob@fleetdm.com>
2025-06-11 17:22:46 +00:00
conditionalAccessMicrosoftProxy ConditionalAccessMicrosoftProxy
}
// ConditionalAccessMicrosoftProxy is the interface of the Microsoft compliance proxy.
type ConditionalAccessMicrosoftProxy interface {
// Create creates the integration on the MS proxy and returns the consent URL.
Create(ctx context.Context, tenantID string) (*conditional_access_microsoft_proxy.CreateResponse, error)
// Get returns the integration settings.
Get(ctx context.Context, tenantID string, secret string) (*conditional_access_microsoft_proxy.GetResponse, error)
// Delete deprovisions the tenant on Microsoft and deletes the integration in the proxy service.
// Returns a fleet.IsNotFound error if the integration doesn't exist.
Delete(ctx context.Context, tenantID string, secret string) (*conditional_access_microsoft_proxy.DeleteResponse, error)
// SetComplianceStatus sets the inventory and compliance status of a host.
// Returns the message ID to query the status of the operation (MS has an asynchronous API).
SetComplianceStatus(
ctx context.Context,
tenantID string, secret string,
deviceID string,
userPrincipalName string,
mdmEnrolled bool,
deviceName, osName, osVersion string,
compliant bool,
lastCheckInTime time.Time,
) (*conditional_access_microsoft_proxy.SetComplianceStatusResponse, error)
// GetMessageStatusResponse returns the status of a "compliance set" operation.
GetMessageStatus(ctx context.Context, tenantID string, secret string, messageID string) (*conditional_access_microsoft_proxy.GetMessageStatusResponse, error)
Add public ip to hosts & derive geolocation when rendering host (#4652) * geoip wip * return nil if ip is empty string or if ParseIP returns nil * add ui component to render geolocation if available, address PR feedback * render public ip if available * add changes file, document geoip in deployment guide * update rest-api docs
2022-03-21 16:29:52 +00:00
}
Add new configuration option to set default team for Apple Business Manager (#9062)
2023-01-03 22:14:18 +00:00
func (svc *Service) LookupGeoIP(ctx context.Context, ip string) *fleet.GeoLocation {
return svc.geoIP.Lookup(ctx, ip)
Refactor teams service methods (#910) - Move team-related service methods to `ee/server/service`. - Instantiate different service on startup based on license key. - Refactor service errors into separate package. - Add support for running E2E tests in both Core and Basic tiers.
2021-06-01 00:07:51 +00:00
}
Add new configuration option to set default team for Apple Business Manager (#9062)
2023-01-03 22:14:18 +00:00
func (svc *Service) SetEnterpriseOverrides(overrides fleet.EnterpriseOverrides) {
svc.EnterpriseOverrides = &overrides
enable controlled rollout of features by teams (#7408)
2022-08-30 11:13:09 +00:00
}
Generate audit logs for activities (#9001) * Generate audit logs for activities * Fix config tests * Fix TestGetConfig/IncludeServerConfig * Fix use of AddAttributes in results only * Stream activities asynchronously * Fix index and add logging * Revert change * Documentation fixes
2022-12-23 22:04:13 +00:00
// OsqueryLogger holds osqueryd's status and result loggers.
type OsqueryLogger struct {
// Status holds the osqueryd's status logger.
//
// See https://osquery.readthedocs.io/en/stable/deployment/logging/#status-logs
Status fleet.JSONLogger
// Result holds the osqueryd's result logger.
//
// See https://osquery.readthedocs.io/en/stable/deployment/logging/#results-logs
Result fleet.JSONLogger
}
update user service (#101) - Added all required methods for a UserService - Added authentication handlers `/api/login` and `/api/logout` - Added authMiddleware for authentication for `/api/v1/kolide` path - Added authorization middleware for each endoint - Added validation middleware for validating API inputs - Began work on logging middleware
2016-09-01 04:51:38 +00:00
// NewService creates a new service from the config struct
Add jitter to intervals (#2158) * Add max jitter percent config * Fix jitter calc * Remove comment * Reduce test jitter to make tests less flaky * Remove jitter entirely * Document new config * Fix doc link
2021-09-21 17:21:44 +00:00
func NewService(
Better jitter (#3716) * Better jitter * Fix lint * Use milliseconds * Make duration milliseconds * Update based on Lucas' suggestion * Add changes file * Panic on error * Fix compilation error
2022-01-18 14:29:57 +00:00
ctx context.Context,
Add jitter to intervals (#2158) * Add max jitter percent config * Fix jitter calc * Remove comment * Reduce test jitter to make tests less flaky * Remove jitter entirely * Document new config * Fix doc link
2021-09-21 17:21:44 +00:00
ds fleet.Datastore,
Implement async processing of hosts for label queries (#2288)
2021-11-01 18:13:16 +00:00
task *async.Task,
Add jitter to intervals (#2158) * Add max jitter percent config * Fix jitter calc * Remove comment * Reduce test jitter to make tests less flaky * Remove jitter entirely * Document new config * Fix doc link
2021-09-21 17:21:44 +00:00
resultStore fleet.QueryResultStore,
logger kitlog.Logger,
Generate audit logs for activities (#9001) * Generate audit logs for activities * Fix config tests * Fix TestGetConfig/IncludeServerConfig * Fix use of AddAttributes in results only * Stream activities asynchronously * Fix index and add logging * Revert change * Documentation fixes
2022-12-23 22:04:13 +00:00
osqueryLogger *OsqueryLogger,
Add jitter to intervals (#2158) * Add max jitter percent config * Fix jitter calc * Remove comment * Reduce test jitter to make tests less flaky * Remove jitter entirely * Document new config * Fix doc link
2021-09-21 17:21:44 +00:00
config config.FleetConfig,
mailService fleet.MailService,
c clock.Clock,
sso sso.SessionStore,
lq fleet.LiveQueryStore,
carveStore fleet.CarveStore,
Global policies automation webhooks (#3378) * Add webhook to app config * Add redis failing policies set and webhook * Add basic webhook test * Store hostname in redis * Global policy deletion to remove policy ID from set and config * Also process new passing policies * Fix unit test * Sort hosts * Add more tests * Add ListSets to the failing policies interface * Fix server URL and garbage collect on the triggering side * Do not use Redis SCAN * Fix Redis operation order * Add API changes to doc * Add comments * Add more tests * Fix tests * Add tests for config update upon deletion of policies * Run make dump-test-schema * Ignore policies that failed to run * Add proper unit tests to trigger logic * Fix comments * WIP * Add tests to service_osquerty_test.go * Use SSCAN for listing hosts instead of SMEMBERS * Add failing policies to docs/01-Using-Fleet/configuration-files/README.md * Remove skip * Fix PR comments
2021-12-23 21:26:55 +00:00
failingPolicySet fleet.FailingPolicySet,
Add public ip to hosts & derive geolocation when rendering host (#4652) * geoip wip * return nil if ip is empty string or if ParseIP returns nil * add ui component to render geolocation if available, address PR feedback * render public ip if available * add changes file, document geoip in deployment guide * update rest-api docs
2022-03-21 16:29:52 +00:00
geoIP fleet.GeoIP,
Track active hosts count and enforce limit (#6099)
2022-06-13 20:29:32 +00:00
enrollHostLimiter fleet.EnrollHostLimiter,
Move nanodep dependency in monorepo (#16984)
2024-02-26 15:26:00 +00:00
depStorage nanodep_storage.AllDEPStorage,
Feature: Remote Lock for macOS, Windows and Linux (#16783) Feature branch for the #9949 story. --------- Co-authored-by: Jahziel Villasana-Espinoza <jahziel@fleetdm.com> Co-authored-by: Roberto Dip <me@roperzh.com> Co-authored-by: Gabriel Hernandez <ghernandez345@gmail.com> Co-authored-by: Sarah Gillespie <sarah@fleetdm.com>
2024-02-13 18:03:53 +00:00
mdmStorage fleet.MDMAppleStore,
Add Apple MDM functionality (#7940) * WIP * Adding DEP functionality to Fleet * Better organize additional MDM code * Add cmdr.py and amend API paths * Fix lint * Add demo file * Fix demo.md * go mod tidy * Add munki setup to Fleet * Add diagram to demo.md * Add fixes * Update TODOs and demo.md * Fix cmdr.py and add TODO * Add endpoints to demo.md * Add more Munki PoC/demo stuff * WIP * Remove proposals from PoC * Replace prepare commands with fleetctl commands * Update demo.md with current state * Remove config field * Amend demo * Remove Munki setup from MVP-Dogfood * Update demo.md * Add apple mdm commands (#7769) * fleetctl enqueue mdm command * fix deps * Fix build Co-authored-by: Lucas Rodriguez <lucas@fleetdm.com> * Add command to upload installers * go mod tidy * fix subcommands help There is a bug in urfave/cli where help text is not generated properly when subcommands are nested too deep. * Add support for installing apps * Add a way to list enrolled devices * Add dep listing * Rearrange endpoints * Move DEP routine to schedule * Define paths globally * Add a way to list enrollments and installers * Parse device-ids as comma-separated string * Remove unused types * Add simple commands and nest under enqueue-command * Fix simple commands * Add help to enqueue-command * merge apple_mdm database * Fix commands * update nanomdm * Split nanomdm and nanodep schemas * Set 512 MB in memory for upload * Remove empty file * Amend profile * Add sample commands * Add delete installers and fix bug in DEP profile assigning * Add dogfood.md deployment guide * Update schema.sql * Dump schema with MySQL 5 * Set default value for authenticate_at * add tokens to enrollment profiles When a device downloads an MDM enrollment profile, verify the token passed as a query parameter. This ensures untrusted devices don't enroll with our MDM server. - Rename enrollments to enrollment profiles. Enrollments is used by nano to refer to devices that are enrolled with MDM - Rename endpoint /api/<version>/fleet/mdm/apple/enrollments to ../enrollmentprofiles - Generate a token for authentication when creating an enrollment profile - Return unauthorized if token is invalid when downloading an enrollment profile from /api/mdm/apple/enroll?token= * remove mdm apple server url * update docs * make dump-test-schema * Update nanomdm with missing prefix table * Add docs and simplify changes * Add changes file * Add method docs * Fix compile and revert prepare.go changes * Revert migration status check change * Amend comments * Add more docs * Clarify storage of installers * Remove TODO * Remove unused * update dogfood.md * remove cmdr.py * Add authorization tests * Add TODO comment * use kitlog for nano logging * Add yaml tags * Remove unused flag * Remove changes file * Only run DEP routine if MDM is enabled * Add docs to all new exported types * Add docs * more nano logging changes * Fix unintentional removal * more nano logging changes * Fix compile test * Use string for configs and fix config test * Add docs and amend changes * revert changes to basicAuthHandler * remove exported BasicAuthHandler * rename rego authz type * Add more information to dep list * add db tag * update deps * Fix schema * Remove unimplemented Co-authored-by: Michal Nicpon <39177923+michalnicp@users.noreply.github.com> Co-authored-by: Michal Nicpon <michal@fleetdm.com>
2022-10-05 22:53:54 +00:00
mdmPushService nanomdm_push.Pusher,
Implement schedule triggers (#8747)
2022-11-28 19:28:06 +00:00
cronSchedulesService fleet.CronSchedulesService,
Add certificate management for Microsoft MDM (WSTEP) (#12543) Issue #12261 # Checklist for submitter If some of the following don't apply, delete the relevant line. - [ ] Changes file added for user-visible changes in `changes/` or `orbit/changes/`. See [Changes files](https://fleetdm.com/docs/contributing/committing-changes#changes-files) for more information. - [ ] Documented any API changes (docs/Using-Fleet/REST-API.md or docs/Contributing/API-for-contributors.md) - [ ] Documented any permissions changes - [ ] Input data is properly validated, `SELECT *` is avoided, SQL injection is prevented (using placeholders for values in statements) - [ ] Added support on fleet's osquery simulator `cmd/osquery-perf` for new osquery data ingestion features. - [ ] Added/updated tests - [ ] Manual QA for all new/changed functionality - For Orbit and Fleet Desktop changes: - [ ] Manual QA must be performed in the three main OSs, macOS, Windows and Linux. - [ ] Auto-update manual QA, from released version of component to new version (see [tools/tuf/test](../tools/tuf/test/README.md)).
2023-06-29 22:31:53 +00:00
wstepCertManager microsoft_mdm.CertManager,
Add custom SCEP configs (#27045) For #26603 This PR includes: - Refactoring of NDES/SCEP verify/timeout logic for easier testing (with dependency injection) - Custom SCEP configs - saving/deleting/updating of encrypted custom SCEP challenges - validation call to custom SCEP server to verify connection - Custom SCEP activities - unit and integration tests for all of the above This PR does not include the following: - Changes file (in later PR) # Checklist for submitter - [x] Added/updated automated tests - [x] Manual QA for all new/changed functionality
2025-03-14 17:16:51 +00:00
scepConfigService fleet.SCEPConfigService,
GitOps support for DigiCert and Custom SCEP (#27229) For #26622 This PR includes: - Making DigiCert client a real service that can be overridden in tests - GitOps support for DigiCert and Custom SCEP configs # Checklist for submitter - [x] Added/updated automated tests - [x] A detailed QA plan exists on the associated ticket (if it isn't there, work with the product group's QA engineer to add it) - [x] Manual QA for all new/changed functionality
2025-03-20 16:36:00 +00:00
digiCertService fleet.DigiCertService,
Microsoft Compliance Partner backend changes (#29540) For #27042. Ready for review, just missing integration tests that I will be writing today. - [X] Changes file added for user-visible changes in `changes/`, `orbit/changes/` or `ee/fleetd-chrome/changes`. See [Changes files](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/guides/committing-changes.md#changes-files) for more information. - [X] Input data is properly validated, `SELECT *` is avoided, SQL injection is prevented (using placeholders for values in statements) - [ ] Added support on fleet's osquery simulator `cmd/osquery-perf` for new osquery data ingestion features. - [X] If database migrations are included, checked table schema to confirm autoupdate - For new Fleet configuration settings - [X] Verified that the setting can be managed via GitOps, or confirmed that the setting is explicitly being excluded from GitOps. If managing via Gitops: - [X] Verified that the setting is exported via `fleetctl generate-gitops` - [X] Added the setting to [the GitOps documentation](https://github.com/fleetdm/fleet/blob/main/docs/Configuration/yaml-files.md#L485) - [X] Verified that the setting is cleared on the server if it is not supplied in a YAML file (or that it is documented as being optional) - [x] Verified that any relevant UI is disabled when GitOps mode is enabled - For database migrations: - [X] Checked schema for all modified table for columns that will auto-update timestamps during migration. - [X] Confirmed that updating the timestamps is acceptable, and will not cause unwanted side effects. - [X] Ensured the correct collation is explicitly set for character columns (`COLLATE utf8mb4_unicode_ci`). - [x] Added/updated automated tests - [X] Manual QA for all new/changed functionality --------- Co-authored-by: jacobshandling <61553566+jacobshandling@users.noreply.github.com> Co-authored-by: Jacob Shandling <jacob@fleetdm.com>
2025-06-11 17:22:46 +00:00
conditionalAccessProxy ConditionalAccessMicrosoftProxy,
Add jitter to intervals (#2158) * Add max jitter percent config * Fix jitter calc * Remove comment * Reduce test jitter to make tests less flaky * Remove jitter entirely * Document new config * Fix doc link
2021-09-21 17:21:44 +00:00
) (fleet.Service, error) {
Add authorization checks in service (#938) - Add policy.rego file defining authorization policies. - Add Go integrations to evaluate Rego policies (via OPA). - Add middleware to ensure requests without authorization check are rejected (guard against programmer error). - Add authorization checks to most service endpoints.
2021-06-03 23:24:15 +00:00
authorizer, err := authz.NewAuthorizer()
if err != nil {
Use new error handling approach in other packages (#2954)
2021-11-22 14:13:26 +00:00
return nil, fmt.Errorf("new authorizer: %w", err)
Add authorization checks in service (#938) - Add policy.rego file defining authorization policies. - Add Go integrations to evaluate Rego policies (via OPA). - Add middleware to ensure requests without authorization check are rejected (guard against programmer error). - Add authorization checks to most service endpoints.
2021-06-03 23:24:15 +00:00
}
Better jitter (#3716) * Better jitter * Fix lint * Use milliseconds * Make duration milliseconds * Update based on Lucas' suggestion * Add changes file * Panic on error * Fix compilation error
2022-01-18 14:29:57 +00:00
svc := &Service{
refactor how we send Fleet initiated MDM commands (#9903) https://github.com/fleetdm/fleet/issues/9590 - move the logic to send commands into its own service method that can be used internally by cron jobs and other services. - deprecate the use of `rawEnqueueCommand` as it's copyied from the nanomdm codebase where it's used in other context as a general command API handler
2023-02-17 19:26:51 +00:00
ds: ds,
task: task,
carveStore: carveStore,
resultStore: resultStore,
liveQueryStore: lq,
logger: logger,
config: config,
clock: c,
osqueryLogWriter: osqueryLogger,
mailService: mailService,
ssoSessionStore: sso,
failingPolicySet: failingPolicySet,
authz: authorizer,
jitterH: make(map[time.Duration]*jitterHashTable),
jitterMu: new(sync.Mutex),
geoIP: geoIP,
enrollHostLimiter: enrollHostLimiter,
depStorage: depStorage,
// TODO: remove mdmStorage and mdmPushService when
// we remove deprecated top-level service methods
// from the prototype.
Implement schedule triggers (#8747)
2022-11-28 19:28:06 +00:00
mdmStorage: mdmStorage,
mdmPushService: mdmPushService,
19016 ingest certs on start (#19360) For #19016 This changes all the places where we previously assumed that certs were hardcoded when the Fleet server started to query the database instead. The plan is to loadtest afterwards, but as a first preemptive measure, this adds a caching layer on top the mysql datastore. # Checklist for submitter If some of the following don't apply, delete the relevant line. <!-- Note that API documentation changes are now addressed by the product design team. --> - [x] Added/updated tests - [x] If database migrations are included, checked table schema to confirm autoupdate - For database migrations: - [x] Checked schema for all modified table for columns that will auto-update timestamps during migration. - [x] Confirmed that updating the timestamps is acceptable, and will not cause unwanted side effects. - [x] Ensured the correct collation is explicitly set for character columns (`COLLATE utf8mb4_unicode_ci`). - [x] Manual QA for all new/changed functionality
2024-05-30 21:18:42 +00:00
mdmAppleCommander: apple_mdm.NewMDMAppleCommander(mdmStorage, mdmPushService),
Implement schedule triggers (#8747)
2022-11-28 19:28:06 +00:00
cronSchedulesService: cronSchedulesService,
Add certificate management for Microsoft MDM (WSTEP) (#12543) Issue #12261 # Checklist for submitter If some of the following don't apply, delete the relevant line. - [ ] Changes file added for user-visible changes in `changes/` or `orbit/changes/`. See [Changes files](https://fleetdm.com/docs/contributing/committing-changes#changes-files) for more information. - [ ] Documented any API changes (docs/Using-Fleet/REST-API.md or docs/Contributing/API-for-contributors.md) - [ ] Documented any permissions changes - [ ] Input data is properly validated, `SELECT *` is avoided, SQL injection is prevented (using placeholders for values in statements) - [ ] Added support on fleet's osquery simulator `cmd/osquery-perf` for new osquery data ingestion features. - [ ] Added/updated tests - [ ] Manual QA for all new/changed functionality - For Orbit and Fleet Desktop changes: - [ ] Manual QA must be performed in the three main OSs, macOS, Windows and Linux. - [ ] Auto-update manual QA, from released version of component to new version (see [tools/tuf/test](../tools/tuf/test/README.md)).
2023-06-29 22:31:53 +00:00
wstepCertManager: wstepCertManager,
Add custom SCEP configs (#27045) For #26603 This PR includes: - Refactoring of NDES/SCEP verify/timeout logic for easier testing (with dependency injection) - Custom SCEP configs - saving/deleting/updating of encrypted custom SCEP challenges - validation call to custom SCEP server to verify connection - Custom SCEP activities - unit and integration tests for all of the above This PR does not include the following: - Changes file (in later PR) # Checklist for submitter - [x] Added/updated automated tests - [x] Manual QA for all new/changed functionality
2025-03-14 17:16:51 +00:00
scepConfigService: scepConfigService,
GitOps support for DigiCert and Custom SCEP (#27229) For #26622 This PR includes: - Making DigiCert client a real service that can be overridden in tests - GitOps support for DigiCert and Custom SCEP configs # Checklist for submitter - [x] Added/updated automated tests - [x] A detailed QA plan exists on the associated ticket (if it isn't there, work with the product group's QA engineer to add it) - [x] Manual QA for all new/changed functionality
2025-03-20 16:36:00 +00:00
digiCertService: digiCertService,
Microsoft Compliance Partner backend changes (#29540) For #27042. Ready for review, just missing integration tests that I will be writing today. - [X] Changes file added for user-visible changes in `changes/`, `orbit/changes/` or `ee/fleetd-chrome/changes`. See [Changes files](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/guides/committing-changes.md#changes-files) for more information. - [X] Input data is properly validated, `SELECT *` is avoided, SQL injection is prevented (using placeholders for values in statements) - [ ] Added support on fleet's osquery simulator `cmd/osquery-perf` for new osquery data ingestion features. - [X] If database migrations are included, checked table schema to confirm autoupdate - For new Fleet configuration settings - [X] Verified that the setting can be managed via GitOps, or confirmed that the setting is explicitly being excluded from GitOps. If managing via Gitops: - [X] Verified that the setting is exported via `fleetctl generate-gitops` - [X] Added the setting to [the GitOps documentation](https://github.com/fleetdm/fleet/blob/main/docs/Configuration/yaml-files.md#L485) - [X] Verified that the setting is cleared on the server if it is not supplied in a YAML file (or that it is documented as being optional) - [x] Verified that any relevant UI is disabled when GitOps mode is enabled - For database migrations: - [X] Checked schema for all modified table for columns that will auto-update timestamps during migration. - [X] Confirmed that updating the timestamps is acceptable, and will not cause unwanted side effects. - [X] Ensured the correct collation is explicitly set for character columns (`COLLATE utf8mb4_unicode_ci`). - [x] Added/updated automated tests - [X] Manual QA for all new/changed functionality --------- Co-authored-by: jacobshandling <61553566+jacobshandling@users.noreply.github.com> Co-authored-by: Jacob Shandling <jacob@fleetdm.com>
2025-06-11 17:22:46 +00:00
conditionalAccessMicrosoftProxy: conditionalAccessProxy,
go-kit server layout
2016-08-28 03:59:17 +00:00
}
Better jitter (#3716) * Better jitter * Fix lint * Use milliseconds * Make duration milliseconds * Update based on Lucas' suggestion * Add changes file * Panic on error * Fix compilation error
2022-01-18 14:29:57 +00:00
return validationMiddleware{svc, ds, sso}, nil
}
Migrate from `aws-sdk-go` v1 to v2 (#30308) #29482 [Migrate to the AWS SDK for Go v2](https://docs.aws.amazon.com/sdk-for-go/v2/developer-guide/migrate-gosdk.html) documents how to migrate codebases. QA on features that use AWS SDK Go: - Bootstrap package: - upload: ✅ - download: ✅ - cleanup: ✅ - Software (upload, download, installation, etc.) ✅ - Cloudfront: Luckly, this feature was already using aws-sdk-go-v2. - Carves ✅ - Logging: - Firehose ✅ - Kinesis ✅ - Lambda ✅ (tested result logs to a lambda function on our AWS Dogfood account) - Email: - Amazon SES TODO ⚠️ (this is what Dogfood uses and a few customers) - We cannot easily test locally, we can use dogfood or load testing (AWS) environments. --- - [X] Changes file added for user-visible changes in `changes/`, `orbit/changes/` or `ee/fleetd-chrome/changes`. See [Changes files](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/guides/committing-changes.md#changes-files) for more information. - [ ] Manual QA for all new/changed functionality
2025-06-30 20:45:39 +00:00
func (svc *Service) SendEmail(ctx context.Context, mail fleet.Email) error {
return svc.mailService.SendEmail(ctx, mail)
App Settings - /admin/settings #363 (#590)
2016-12-20 21:54:30 +00:00
}
Host summary endpoint (#742) * Initial scaffolding of the host summary endpoint * inmem datastore implementation of GenerateHostStatusStatistics * HostSummary docstring * changing the url of the host summary endpoint * datastore tests for GenerateHostStatusStatistics * MySQL datastore implementation of GenerateHostStatusStatistics * <= and >= to catch exact time edge case * removing clock interface method * lowercase error wraps * removin superfluous whitespace * use updated_at * adding a seen_at column to the hosts table * moving the update of seen_time to the caller * using db.Get instead of db.Select
2017-01-04 21:16:17 +00:00
Server Side SSO Support (#1498) This PR partially addresses #1456, providing SSO SAML support. The flow of the code is as follows. A Kolide user attempts to access a protected resource and is directed to log in. If SSO identity providers (IDP) have been configured by an admin, the user is presented with SSO log in. The user selects SSO, which invokes a call the InitiateSSO passing the URL of the protected resource that the user was originally trying access. Kolide server loads the IDP metadata and caches it along with the URL. We then build an auth request URL for the IDP which is returned to the front end. The IDP calls the server, invoking CallbackSSO with the auth response. We extract the original request id from the response and use it to fetch the cached metadata and the URL. We check the signature of the response, and validate the timestamps. If everything passes we get the user id from the IDP response and use it to create a login session. We then build a page which executes some javascript that will write the token to web local storage, and redirect to the original URL. I've created a test web page in tools/app/authtest.html that can be used to test and debug new IDP's which also illustrates how a front end would interact with the IDP and the server. This page can be loaded by starting Kolide with the environment variable KOLIDE_TEST_PAGE_PATH to the full path of the page and then accessed at https://localhost:8080/test
2017-05-09 00:43:48 +00:00
type validationMiddleware struct {
Remove kolide types and packages from backend (#974) Generally renamed `kolide` -> `fleet`
2021-06-06 22:07:29 +00:00
fleet.Service
ds fleet.Datastore
Server Side SSO Support (#1498) This PR partially addresses #1456, providing SSO SAML support. The flow of the code is as follows. A Kolide user attempts to access a protected resource and is directed to log in. If SSO identity providers (IDP) have been configured by an admin, the user is presented with SSO log in. The user selects SSO, which invokes a call the InitiateSSO passing the URL of the protected resource that the user was originally trying access. Kolide server loads the IDP metadata and caches it along with the URL. We then build an auth request URL for the IDP which is returned to the front end. The IDP calls the server, invoking CallbackSSO with the auth response. We extract the original request id from the response and use it to fetch the cached metadata and the URL. We check the signature of the response, and validate the timestamps. If everything passes we get the user id from the IDP response and use it to create a login session. We then build a page which executes some javascript that will write the token to web local storage, and redirect to the original URL. I've created a test web page in tools/app/authtest.html that can be used to test and debug new IDP's which also illustrates how a front end would interact with the IDP and the server. This page can be loaded by starting Kolide with the environment variable KOLIDE_TEST_PAGE_PATH to the full path of the page and then accessed at https://localhost:8080/test
2017-05-09 00:43:48 +00:00
ssoSessionStore sso.SessionStore
}
Use Github hosted assets in emails sent by Fleet (#2090) This change allows the images in Fleet emails to load properly from any device with connectivity to github.com. Previously, emails might try to load resources from a Kolide server not accessible from the email client. The asset URL will be based on the most recent git tag to accomodate backwards-compatibility if the assets in the repo change. Closes #1471
2019-08-02 21:08:42 +00:00
Update email template image links (#1938) * Update email image links; move pngs to fleetdm.com
2021-09-03 22:00:30 +00:00
// getAssetURL simply returns the base url used for retrieving image assets from fleetdm.com.
Use Github hosted assets in emails sent by Fleet (#2090) This change allows the images in Fleet emails to load properly from any device with connectivity to github.com. Previously, emails might try to load resources from a Kolide server not accessible from the email client. The asset URL will be based on the most recent git tag to accomodate backwards-compatibility if the assets in the repo change. Closes #1471
2019-08-02 21:08:42 +00:00
func getAssetURL() template.URL {
Update email template image links (#1938) * Update email image links; move pngs to fleetdm.com
2021-09-03 22:00:30 +00:00
return template.URL("https://fleetdm.com/images/permanent")
Use Github hosted assets in emails sent by Fleet (#2090) This change allows the images in Fleet emails to load properly from any device with connectivity to github.com. Previously, emails might try to load resources from a Kolide server not accessible from the email client. The asset URL will be based on the most recent git tag to accomodate backwards-compatibility if the assets in the repo change. Closes #1471
2019-08-02 21:08:42 +00:00
}
Reference in a new issue Copy permalink