Elgato_dark/fleet
1
0
Fork 0
mirror of https://github.com/fleetdm/fleet synced 2026-05-10 02:30:56 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 52
fleet/server/service/testing_utils.go

1231 lines
34 KiB
Go
Raw Normal View History

Adds endpoints to invite new users to the application. (#235) User service checks that tokens are valid on new user signups. Closes #230
2016-09-29 02:44:05 +00:00
package service
import (
Add support for context in datastore/mysql layer (#1962) This is just to pass down the context to the datastore layer, it doesn't use it just yet - this will be in a follow-up PR.
2021-09-14 12:11:07 +00:00
"context"
add mocks + tests and move things around (#9574) #8948 - Add more go:generate commands for MDM mocks - Add unit and integration tests for MDM code - Move interfaces from their PoC location to match existing patterns
2023-01-31 14:46:01 +00:00
"crypto/tls"
Refactor integration tests (#1821) * Refactor integration tests * Remove nopCloser and use io.NopCloser * Address review comments
2021-09-15 19:27:53 +00:00
"encoding/json"
Keep created_at timestamp of existing enroll secrets (#8062)
2022-10-05 12:35:36 +00:00
"fmt"
enable controlled rollout of features by teams (#7408)
2022-08-30 11:13:09 +00:00
"io"
Refactor integration tests (#1821) * Refactor integration tests * Remove nopCloser and use io.NopCloser * Address review comments
2021-09-15 19:27:53 +00:00
"net/http"
Issue 1362 fleetctl user roles (#1397) * WIP * Add get user_roles and apply for a user_roles spec to fleetctl * Uncomment other tests * Update test to check output * Update test with the new struct * Mock token so that it doesn't pick up the one in the local machine * Address review comments * Fix printJSON and printYaml * Fix merge conflict error * If both roles are specified, fail * Fix test * Switch arguments around * Update test with the new rule * Fix other tests that fell through the cracks
2021-07-16 18:28:13 +00:00
"net/http/httptest"
"os"
Fix TestIntegrations/TestUsers flaky test (#18251) ``` --- FAIL: TestIntegrations (47.44s) --- FAIL: TestIntegrations/TestUsers (1.42s) integration_core_test.go:4198: Error Trace: /Users/tim/workspace/fleet/server/service/integration_core_test.go:4198 Error: Not equal: expected: 0x2 actual : 0x1 Test: TestIntegrations/TestUsers ```
2024-04-16 21:40:29 +00:00
"sort"
Global policies automation webhooks (#3378) * Add webhook to app config * Add redis failing policies set and webhook * Add basic webhook test * Store hostname in redis * Global policy deletion to remove policy ID from set and config * Also process new passing policies * Fix unit test * Sort hosts * Add more tests * Add ListSets to the failing policies interface * Fix server URL and garbage collect on the triggering side * Do not use Redis SCAN * Fix Redis operation order * Add API changes to doc * Add comments * Add more tests * Fix tests * Add tests for config update upon deletion of policies * Run make dump-test-schema * Ignore policies that failed to run * Add proper unit tests to trigger logic * Fix comments * WIP * Add tests to service_osquerty_test.go * Use SSCAN for listing hosts instead of SMEMBERS * Add failing policies to docs/01-Using-Fleet/configuration-files/README.md * Remove skip * Fix PR comments
2021-12-23 21:26:55 +00:00
"sync"
Adds endpoints to invite new users to the application. (#235) User service checks that tokens are valid on new user signups. Closes #230
2016-09-29 02:44:05 +00:00
"testing"
Adding telemetry for specific Fleet Desktop errors (#23349) Adding telemetry for catching issue #19172 # Docs changes In another PR: https://github.com/fleetdm/fleet/pull/23423/files # Demo <div> <a href="https://www.loom.com/share/233625875eec46508c26ae315cd52d19"> <p>[Demo] Add telemetry for vital fleetd errors - Issue #23413 - Watch Video</p> </a> <a href="https://www.loom.com/share/233625875eec46508c26ae315cd52d19"> <img style="max-width:300px;" src="https://cdn.loom.com/sessions/thumbnails/233625875eec46508c26ae315cd52d19-45ca0ec1b7b5e9e7-full-play.gif"> </a> </div> # Checklist for submitter - [x] Changes file added for user-visible changes in `changes/`, `orbit/changes/` or `ee/fleetd-chrome/changes`. See [Changes files](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/Committing-Changes.md#changes-files) for more information. - [x] Added/updated tests - [x] Manual QA for all new/changed functionality - For Orbit and Fleet Desktop changes: - [x] Orbit runs on macOS, Linux and Windows. Check if the orbit feature/bugfix should only apply to one platform (`runtime.GOOS`). - [x] Manual QA must be performed in the three main OSs, macOS, Windows and Linux. - [x] Auto-update manual QA, from released version of component to new version (see [tools/tuf/test](../tools/tuf/test/README.md)).
2024-10-31 19:24:42 +00:00
"time"
Adds endpoints to invite new users to the application. (#235) User service checks that tokens are valid on new user signups. Closes #230
2016-09-29 02:44:05 +00:00
"github.com/WatchBeam/clock"
SCIM integration tests (#27750) For #27287 This PR adds integration tests for SCIM API endpoints as well as some bug fixes found by these tests. # Checklist for submitter - [x] Added/updated automated tests - [x] Manual QA for all new/changed functionality
2025-04-04 16:00:46 +00:00
"github.com/fleetdm/fleet/v4/ee/server/scim"
Return all scheduled queries and their stats on the host fetch API (#2855) * Return all scheduled queries and their stats on the host fetch API (pack_stats) * Use 'pack' instead of null and wrap errs with ctxerr
2021-11-12 11:18:25 +00:00
eeservice "github.com/fleetdm/fleet/v4/ee/server/service"
GitOps support for DigiCert and Custom SCEP (#27229) For #26622 This PR includes: - Making DigiCert client a real service that can be overridden in tests - GitOps support for DigiCert and Custom SCEP configs # Checklist for submitter - [x] Added/updated automated tests - [x] A detailed QA plan exists on the associated ticket (if it isn't there, work with the product group's QA engineer to add it) - [x] Manual QA for all new/changed functionality
2025-03-20 16:36:00 +00:00
"github.com/fleetdm/fleet/v4/ee/server/service/digicert"
Add SCEP endpoint for host identity. (#30589) Fixes #30458 Contributor docs PR: https://github.com/fleetdm/fleet/pull/30651 # Checklist for submitter - We will add changes file later. - [x] Input data is properly validated, `SELECT *` is avoided, SQL injection is prevented (using placeholders for values in statements) - [x] If database migrations are included, checked table schema to confirm autoupdate - For database migrations: - [x] Checked schema for all modified table for columns that will auto-update timestamps during migration. - [x] Confirmed that updating the timestamps is acceptable, and will not cause unwanted side effects. - [x] Ensured the correct collation is explicitly set for character columns (`COLLATE utf8mb4_unicode_ci`). - [x] Added/updated automated tests - Did not do manual QA since the SCEP client I have doesn't support ECC. Will rely on next subtasks for manual QA. <!-- This is an auto-generated comment: release notes by coderabbit.ai --> ## Summary by CodeRabbit * **New Features** * Introduced Host Identity SCEP (Simple Certificate Enrollment Protocol) support, enabling secure host identity certificate enrollment and management. * Added new API endpoints for Host Identity SCEP, including certificate issuance and retrieval. * Implemented MySQL-backed storage and management for host identity SCEP certificates and serials. * Added new database tables for storing host identity SCEP certificates and serial numbers. * Provided utilities for encoding certificates and keys, and handling ECDSA public keys. * **Bug Fixes** * None. * **Tests** * Added comprehensive integration and unit tests for Host Identity SCEP functionality, including certificate issuance, validation, and error scenarios. * **Chores** * Updated test utilities to support unique test names and new SCEP storage options. * Extended mock datastore and interfaces for new host identity certificate methods. * **Documentation** * Added comments and documentation for new SCEP-related interfaces, methods, and database schema changes. <!-- end of auto-generated comment: release notes by coderabbit.ai -->
2025-07-11 14:44:07 +00:00
"github.com/fleetdm/fleet/v4/ee/server/service/hostidentity"
Fleet server verifies HTTP signature (#30825) Fixes #30473 # Checklist for submitter - [x] Changes file added for user-visible changes in `changes/`, `orbit/changes/` or `ee/fleetd-chrome/changes`. - [x] Added/updated automated tests - [ ] Manual QA for all new/changed functionality <!-- This is an auto-generated comment: release notes by coderabbit.ai --> ## Summary by CodeRabbit * **New Features** * Added support for TPM-backed host identity certificates enabling hardware-backed HTTP signature authentication for hosts. * Introduced HTTP signature verification middleware for API requests, applied conditionally for premium licenses. * Hosts presenting identity certificates must authenticate with matching HTTP message signatures during enrollment and authentication. * Added SCEP-based certificate issuance for secure host identity management. * Updated enrollment endpoints to use standardized request/response contract types. * **Bug Fixes** * Enhanced authentication logic to verify consistency between host identity certificates and host records, preventing duplicate or mismatched identities. * **Chores** * Updated dependencies and test infrastructure to support HTTP signature verification and host identity certificate workflows. * Added comprehensive integration and datastore tests for host identity certificate issuance, storage, and authentication. <!-- end of auto-generated comment: release notes by coderabbit.ai -->
2025-07-16 18:08:27 +00:00
"github.com/fleetdm/fleet/v4/ee/server/service/hostidentity/httpsig"
Hydrant CA Feature Branch (#31807) There are still some TODOs particularly within Gitops test code which will be worked on in a followup PR # Checklist for submitter If some of the following don't apply, delete the relevant line. - [x] Changes file added for user-visible changes in `changes/`, `orbit/changes/` or `ee/fleetd-chrome/changes`. See [Changes files](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/guides/committing-changes.md#changes-files) for more information. - [x] Input data is properly validated, `SELECT *` is avoided, SQL injection is prevented (using placeholders for values in statements) - [x] If paths of existing endpoints are modified without backwards compatibility, checked the frontend/CLI for any necessary changes ## Testing - [x] Added/updated automated tests - [x] Where appropriate, [automated tests simulate multiple hosts and test for host isolation](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/reference/patterns-backend.md#unit-testing) (updates to one hosts's records do not affect another) - [ ] QA'd all new/changed functionality manually For unreleased bug fixes in a release candidate, one of: - [x] Confirmed that the fix is not expected to adversely impact load test results - [x] Alerted the release DRI if additional load testing is needed ## Database migrations - [x] Checked table schema to confirm autoupdate - [x] Checked schema for all modified table for columns that will auto-update timestamps during migration. - [x] Confirmed that updating the timestamps is acceptable, and will not cause unwanted side effects. - [x] Ensured the correct collation is explicitly set for character columns (`COLLATE utf8mb4_unicode_ci`). ## New Fleet configuration settings - [ ] Setting(s) is/are explicitly excluded from GitOps If you didn't check the box above, follow this checklist for GitOps-enabled settings: - [ ] Verified that the setting is exported via `fleetctl generate-gitops` - [x] Verified the setting is documented in a separate PR to [the GitOps documentation](https://github.com/fleetdm/fleet/blob/main/docs/Configuration/yaml-files.md#L485) - [x] Verified that the setting is cleared on the server if it is not supplied in a YAML file (or that it is documented as being optional) - [x] Verified that any relevant UI is disabled when GitOps mode is enabled --------- Co-authored-by: Gabriel Hernandez <ghernandez345@gmail.com> Co-authored-by: Magnus Jensen <magnus@fleetdm.com> Co-authored-by: Sarah Gillespie <73313222+gillespi314@users.noreply.github.com>
2025-09-04 16:39:41 +00:00
"github.com/fleetdm/fleet/v4/ee/server/service/hydrant"
Add v4 suffix in go.mod (#1224)
2021-06-26 04:46:51 +00:00
"github.com/fleetdm/fleet/v4/server/config"
Adding telemetry for specific Fleet Desktop errors (#23349) Adding telemetry for catching issue #19172 # Docs changes In another PR: https://github.com/fleetdm/fleet/pull/23423/files # Demo <div> <a href="https://www.loom.com/share/233625875eec46508c26ae315cd52d19"> <p>[Demo] Add telemetry for vital fleetd errors - Issue #23413 - Watch Video</p> </a> <a href="https://www.loom.com/share/233625875eec46508c26ae315cd52d19"> <img style="max-width:300px;" src="https://cdn.loom.com/sessions/thumbnails/233625875eec46508c26ae315cd52d19-45ca0ec1b7b5e9e7-full-play.gif"> </a> </div> # Checklist for submitter - [x] Changes file added for user-visible changes in `changes/`, `orbit/changes/` or `ee/fleetd-chrome/changes`. See [Changes files](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/Committing-Changes.md#changes-files) for more information. - [x] Added/updated tests - [x] Manual QA for all new/changed functionality - For Orbit and Fleet Desktop changes: - [x] Orbit runs on macOS, Linux and Windows. Check if the orbit feature/bugfix should only apply to one platform (`runtime.GOOS`). - [x] Manual QA must be performed in the three main OSs, macOS, Windows and Linux. - [x] Auto-update manual QA, from released version of component to new version (see [tools/tuf/test](../tools/tuf/test/README.md)).
2024-10-31 19:24:42 +00:00
"github.com/fleetdm/fleet/v4/server/contexts/ctxerr"
Refactor license so it is stored in the context (#8544)
2022-11-15 14:08:05 +00:00
"github.com/fleetdm/fleet/v4/server/contexts/license"
prevent live queries to stall if a detail query override was set for a team (#14296) alternative approach for #14286
2023-10-04 20:02:55 +00:00
"github.com/fleetdm/fleet/v4/server/datastore/cached_mysql"
Implement software installer storage for S3 and local filesystem (#18493)
2024-04-24 14:18:58 +00:00
"github.com/fleetdm/fleet/v4/server/datastore/filesystem"
Adding telemetry for specific Fleet Desktop errors (#23349) Adding telemetry for catching issue #19172 # Docs changes In another PR: https://github.com/fleetdm/fleet/pull/23423/files # Demo <div> <a href="https://www.loom.com/share/233625875eec46508c26ae315cd52d19"> <p>[Demo] Add telemetry for vital fleetd errors - Issue #23413 - Watch Video</p> </a> <a href="https://www.loom.com/share/233625875eec46508c26ae315cd52d19"> <img style="max-width:300px;" src="https://cdn.loom.com/sessions/thumbnails/233625875eec46508c26ae315cd52d19-45ca0ec1b7b5e9e7-full-play.gif"> </a> </div> # Checklist for submitter - [x] Changes file added for user-visible changes in `changes/`, `orbit/changes/` or `ee/fleetd-chrome/changes`. See [Changes files](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/Committing-Changes.md#changes-files) for more information. - [x] Added/updated tests - [x] Manual QA for all new/changed functionality - For Orbit and Fleet Desktop changes: - [x] Orbit runs on macOS, Linux and Windows. Check if the orbit feature/bugfix should only apply to one platform (`runtime.GOOS`). - [x] Manual QA must be performed in the three main OSs, macOS, Windows and Linux. - [x] Auto-update manual QA, from released version of component to new version (see [tools/tuf/test](../tools/tuf/test/README.md)).
2024-10-31 19:24:42 +00:00
"github.com/fleetdm/fleet/v4/server/errorstore"
Add v4 suffix in go.mod (#1224)
2021-06-26 04:46:51 +00:00
"github.com/fleetdm/fleet/v4/server/fleet"
Return all scheduled queries and their stats on the host fetch API (#2855) * Return all scheduled queries and their stats on the host fetch API (pack_stats) * Use 'pack' instead of null and wrap errs with ctxerr
2021-11-12 11:18:25 +00:00
"github.com/fleetdm/fleet/v4/server/logging"
Fix SMTP e-mail send when SMTP server has credentials (#10758) #9609 This PR also fixes #10777. The issue is: We were using `svc.AppConfig` instead of `svc.ds.AppConfig` to retrieve the SMTP credentials. `svc.AppConfig` obfuscates credentials, whereas `svc.ds.AppConfig` does not. To help prevent this from happening again I've renamed `svc.AppConfig` to `svc.AppConfigObfuscated`. I've also added a new test SMTP server (https://github.com/axllent/mailpit) that supports Basic Authentication and tests that make use of it to catch these kind of bugs (the tests are executed when running `go test` with `MAIL_TEST=1`). - [X] Changes file added for user-visible changes in `changes/` or `orbit/changes/`. See [Changes files](https://fleetdm.com/docs/contributing/committing-changes#changes-files) for more information. - ~[ ] Documented any API changes (docs/Using-Fleet/REST-API.md or docs/Contributing/API-for-contributors.md)~ - ~[ ] Documented any permissions changes~ - ~[ ] Input data is properly validated, `SELECT *` is avoided, SQL injection is prevented (using placeholders for values in statements)~ - ~[ ] Added support on fleet's osquery simulator `cmd/osquery-perf` for new osquery data ingestion features.~ - [X] Added/updated tests - [X] Manual QA for all new/changed functionality - ~For Orbit and Fleet Desktop changes:~ - ~[ ] Manual QA must be performed in the three main OSs, macOS, Windows and Linux.~ - ~[ ] Auto-update manual QA, from released version of component to new version (see [tools/tuf/test](../tools/tuf/test/README.md)).~
2023-03-28 18:23:15 +00:00
"github.com/fleetdm/fleet/v4/server/mail"
remove feature flags to enable MDM (#10746) https://github.com/fleetdm/fleet/issues/10025
2023-03-27 19:30:29 +00:00
apple_mdm "github.com/fleetdm/fleet/v4/server/mdm/apple"
Add certificate management for Microsoft MDM (WSTEP) (#12543) Issue #12261 # Checklist for submitter If some of the following don't apply, delete the relevant line. - [ ] Changes file added for user-visible changes in `changes/` or `orbit/changes/`. See [Changes files](https://fleetdm.com/docs/contributing/committing-changes#changes-files) for more information. - [ ] Documented any API changes (docs/Using-Fleet/REST-API.md or docs/Contributing/API-for-contributors.md) - [ ] Documented any permissions changes - [ ] Input data is properly validated, `SELECT *` is avoided, SQL injection is prevented (using placeholders for values in statements) - [ ] Added support on fleet's osquery simulator `cmd/osquery-perf` for new osquery data ingestion features. - [ ] Added/updated tests - [ ] Manual QA for all new/changed functionality - For Orbit and Fleet Desktop changes: - [ ] Manual QA must be performed in the three main OSs, macOS, Windows and Linux. - [ ] Auto-update manual QA, from released version of component to new version (see [tools/tuf/test](../tools/tuf/test/README.md)).
2023-06-29 22:31:53 +00:00
microsoft_mdm "github.com/fleetdm/fleet/v4/server/mdm/microsoft"
Move nanodep dependency in monorepo (#16984)
2024-02-26 15:26:00 +00:00
nanodep_storage "github.com/fleetdm/fleet/v4/server/mdm/nanodep/storage"
Move nanomdm dependency in monorepo (#16015) #15557 Following the precedent that Lucas used for other similar PRs, the best way to review is probably by commits. * The first one simply copies over the files from the fork to the monorepo * Second one adjusts all import paths * Third one tidies up the `go.mod` files * Last one fixes the linter issues in the nanomdm package # Checklist for submitter - ~~Changes file added for user-visible changes in `changes/` or `orbit/changes/`.~~ (not a user-visible change) - [x] Manual QA for all new/changed functionality (ran test suite, re-generated mocks) I also verified that our Go test suite did run the newly moved `nanomdm` package steps: ``` ok github.com/fleetdm/fleet/v4/server/mdm/nanomdm/cryptoutil 0.003s coverage: 0.0% of statements in github.com/fleetdm/fleet/v4/... ok github.com/fleetdm/fleet/v4/server/mdm/nanomdm/mdm 0.005s coverage: 46.2% of statements in github.com/fleetdm/fleet/v4/... ok github.com/fleetdm/fleet/v4/server/mdm/nanomdm/service/certauth 1.320s coverage: 20.7% of statements in github.com/fleetdm/fleet/v4/... ok github.com/fleetdm/fleet/v4/server/mdm/nanomdm/storage/file 0.007s coverage: 24.1% of statements in github.com/fleetdm/fleet/v4/... ```
2024-01-12 02:28:48 +00:00
"github.com/fleetdm/fleet/v4/server/mdm/nanomdm/mdm"
"github.com/fleetdm/fleet/v4/server/mdm/nanomdm/push"
nanomdm_push "github.com/fleetdm/fleet/v4/server/mdm/nanomdm/push"
feat: move scep dependency inside the monorepo (#16988) Following the pattern set up by Martin and Lucas for similar PRs. Can be reviewed by commits: 1. move scep directory into monorepo 2. update import paths 3. update go.mod, go.sum 4. fix golint errors in scep package 5. skip a failing test that's been broken for a while 6. fix that failing test # Checklist for submitter If some of the following don't apply, delete the relevant line. <!-- Note that API documentation changes are now addressed by the product design team. --> - [x] Manual QA for all new/changed functionality Also verified that our test suite runs the `scep` tests.
2024-02-22 18:13:46 +00:00
scep_depot "github.com/fleetdm/fleet/v4/server/mdm/scep/depot"
gate DEP enrollment behind SSO when configured (#11309) #10739 Co-authored-by: Gabriel Hernandez <ghernandez345@gmail.com> Co-authored-by: gillespi314 <73313222+gillespi314@users.noreply.github.com>
2023-04-27 12:43:20 +00:00
nanodep_mock "github.com/fleetdm/fleet/v4/server/mock/nanodep"
Add v4 suffix in go.mod (#1224)
2021-06-26 04:46:51 +00:00
"github.com/fleetdm/fleet/v4/server/ptr"
Return all scheduled queries and their stats on the host fetch API (#2855) * Return all scheduled queries and their stats on the host fetch API (pack_stats) * Use 'pack' instead of null and wrap errs with ctxerr
2021-11-12 11:18:25 +00:00
"github.com/fleetdm/fleet/v4/server/service/async"
Scaffold for new integration tests. (#26747) For #26219 Created a scaffold for server/service integration tests going forward. - separate package - no dependency on testify Suite
2025-03-04 18:04:25 +00:00
"github.com/fleetdm/fleet/v4/server/service/middleware/endpoint_utils"
add mocks + tests and move things around (#9574) #8948 - Add more go:generate commands for MDM mocks - Add unit and integration tests for MDM code - Move interfaces from their PoC location to match existing patterns
2023-01-31 14:46:01 +00:00
"github.com/fleetdm/fleet/v4/server/service/mock"
Make software batch endpoint asynchronous (#22258) #22069 API changes: https://github.com/fleetdm/fleet/pull/22259 QAd by applying 10 pieces of software on a team, which took 3+ minutes in total (which, before these changes was timing out at 100s.) With this approach, a GitOps CI run timing out might leave the background process running (which will eventually be applied to the database). The team discussed and agreed that we can fix this edge case later. - [X] Changes file added for user-visible changes in `changes/`, `orbit/changes/` or `ee/fleetd-chrome/changes`. See [Changes files](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/Committing-Changes.md#changes-files) for more information. - [X] Input data is properly validated, `SELECT *` is avoided, SQL injection is prevented (using placeholders for values in statements) - [X] Added/updated tests - [X] Manual QA for all new/changed functionality
2024-09-20 14:55:47 +00:00
"github.com/fleetdm/fleet/v4/server/service/redis_key_value"
Distributed lock and store calendar_events UUID as binary in MySQL (#20277) #19352 Fix for code review comment: https://github.com/fleetdm/fleet/pull/20156#discussion_r1668421504 Also includes changes from https://github.com/fleetdm/fleet/pull/20252 # Checklist for submitter If some of the following don't apply, delete the relevant line. <!-- Note that API documentation changes are now addressed by the product design team. --> - [x] Added/updated tests - [x] If database migrations are included, checked table schema to confirm autoupdate - For database migrations: - [x] Checked schema for all modified table for columns that will auto-update timestamps during migration. - [x] Confirmed that updating the timestamps is acceptable, and will not cause unwanted side effects. - [x] Ensured the correct collation is explicitly set for character columns (`COLLATE utf8mb4_unicode_ci`). - [x] Manual QA for all new/changed functionality
2024-07-10 13:49:05 +00:00
"github.com/fleetdm/fleet/v4/server/service/redis_lock"
Add tests to SSO/SAML implementation (#2997)
2021-11-23 13:25:43 +00:00
"github.com/fleetdm/fleet/v4/server/sso"
Increase minimum password length to 12 characters (#5712)
2022-05-18 17:03:00 +00:00
"github.com/fleetdm/fleet/v4/server/test"
🧹 friday cleanup party: substitute deprecated import of go-kit (#19774) `go-kit/kit/log` was deprecated and generating warnings # Checklist for submitter If some of the following don't apply, delete the relevant line. <!-- Note that API documentation changes are now addressed by the product design team. --> - [x] Manual QA for all new/changed functionality
2024-06-17 13:27:31 +00:00
kitlog "github.com/go-kit/log"
add mocks + tests and move things around (#9574) #8948 - Add more go:generate commands for MDM mocks - Add unit and integration tests for MDM code - Move interfaces from their PoC location to match existing patterns
2023-01-31 14:46:01 +00:00
"github.com/google/uuid"
Return all scheduled queries and their stats on the host fetch API (#2855) * Return all scheduled queries and their stats on the host fetch API (pack_stats) * Use 'pack' instead of null and wrap errs with ctxerr
2021-11-12 11:18:25 +00:00
"github.com/stretchr/testify/assert"
Adds endpoints to invite new users to the application. (#235) User service checks that tokens are valid on new user signups. Closes #230
2016-09-29 02:44:05 +00:00
"github.com/stretchr/testify/require"
Fix race condition in tests when using global var loginRateLimit (#5197)
2022-04-19 13:35:53 +00:00
"github.com/throttled/throttled/v2"
Issue 1362 fleetctl user roles (#1397) * WIP * Add get user_roles and apply for a user_roles spec to fleetctl * Uncomment other tests * Update test to check output * Update test with the new struct * Mock token so that it doesn't pick up the one in the local machine * Address review comments * Fix printJSON and printYaml * Fix merge conflict error * If both roles are specified, fail * Fix test * Switch arguments around * Update test with the new rule * Fix other tests that fell through the cracks
2021-07-16 18:28:13 +00:00
"github.com/throttled/throttled/v2/store/memstore"
Adds endpoints to invite new users to the application. (#235) User service checks that tokens are valid on new user signups. Closes #230
2016-09-29 02:44:05 +00:00
)
Refactor license so it is stored in the context (#8544)
2022-11-15 14:08:05 +00:00
func newTestService(t *testing.T, ds fleet.Datastore, rs fleet.QueryResultStore, lq fleet.LiveQueryStore, opts ...*TestServerOpts) (fleet.Service, context.Context) {
Add missing error checking to test config setup (#4401) * check for errors when setting test logs on new services * fix tests that fail because a log file wasn't specified * remove unnecessary nil check
2022-03-11 15:51:12 +00:00
return newTestServiceWithConfig(t, ds, config.TestConfig(), rs, lq, opts...)
add logging settings to config api response (#1467) - add docker-compose file for locally testing aws dependencies - update firehose & kinesis configs to optionally supply endpoint url override - serialize `logging` field in appconfig api response
2021-07-30 15:45:49 +00:00
}
Refactor license so it is stored in the context (#8544)
2022-11-15 14:08:05 +00:00
func newTestServiceWithConfig(t *testing.T, ds fleet.Datastore, fleetConfig config.FleetConfig, rs fleet.QueryResultStore, lq fleet.LiveQueryStore, opts ...*TestServerOpts) (fleet.Service, context.Context) {
lic := &fleet.LicenseInfo{Tier: fleet.TierFree}
add configuration parameters for filesystem logging file rotation (#10048)
2023-02-24 12:44:56 +00:00
writer, err := logging.NewFilesystemLogWriter(fleetConfig.Filesystem.StatusLogFile, kitlog.NewNopLogger(), fleetConfig.Filesystem.EnableLogRotation, fleetConfig.Filesystem.EnableLogCompression, 500, 28, 3)
Add missing error checking to test config setup (#4401) * check for errors when setting test logs on new services * fix tests that fail because a log file wasn't specified * remove unnecessary nil check
2022-03-11 15:51:12 +00:00
require.NoError(t, err)
Generate audit logs for activities (#9001) * Generate audit logs for activities * Fix config tests * Fix TestGetConfig/IncludeServerConfig * Fix use of AddAttributes in results only * Stream activities asynchronously * Fix index and add logging * Revert change * Documentation fixes
2022-12-23 22:04:13 +00:00
osqlogger := &OsqueryLogger{Status: writer, Result: writer}
Move logger up to the HTTP layer and make it generic (#1439) * Add basic idea * Implement the new logging strategy everywhere * Remove unused const * Add tests and fix error cases * Fix logging in osquery service * If there are extras, log info unless force debug * Change to info * Fix test * Make logging context more chainable and force info for sessions
2021-08-02 22:06:27 +00:00
logger := kitlog.NewNopLogger()
Add tests to SSO/SAML implementation (#2997)
2021-11-23 13:25:43 +00:00
Track active hosts count and enforce limit (#6099)
2022-06-13 20:29:32 +00:00
var (
Microsoft Compliance Partner backend changes (#29540) For #27042. Ready for review, just missing integration tests that I will be writing today. - [X] Changes file added for user-visible changes in `changes/`, `orbit/changes/` or `ee/fleetd-chrome/changes`. See [Changes files](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/guides/committing-changes.md#changes-files) for more information. - [X] Input data is properly validated, `SELECT *` is avoided, SQL injection is prevented (using placeholders for values in statements) - [ ] Added support on fleet's osquery simulator `cmd/osquery-perf` for new osquery data ingestion features. - [X] If database migrations are included, checked table schema to confirm autoupdate - For new Fleet configuration settings - [X] Verified that the setting can be managed via GitOps, or confirmed that the setting is explicitly being excluded from GitOps. If managing via Gitops: - [X] Verified that the setting is exported via `fleetctl generate-gitops` - [X] Added the setting to [the GitOps documentation](https://github.com/fleetdm/fleet/blob/main/docs/Configuration/yaml-files.md#L485) - [X] Verified that the setting is cleared on the server if it is not supplied in a YAML file (or that it is documented as being optional) - [x] Verified that any relevant UI is disabled when GitOps mode is enabled - For database migrations: - [X] Checked schema for all modified table for columns that will auto-update timestamps during migration. - [X] Confirmed that updating the timestamps is acceptable, and will not cause unwanted side effects. - [X] Ensured the correct collation is explicitly set for character columns (`COLLATE utf8mb4_unicode_ci`). - [x] Added/updated automated tests - [X] Manual QA for all new/changed functionality --------- Co-authored-by: jacobshandling <61553566+jacobshandling@users.noreply.github.com> Co-authored-by: Jacob Shandling <jacob@fleetdm.com>
2025-06-11 17:22:46 +00:00
failingPolicySet fleet.FailingPolicySet = NewMemFailingPolicySet()
enrollHostLimiter fleet.EnrollHostLimiter = nopEnrollHostLimiter{}
depStorage nanodep_storage.AllDEPStorage = &nanodep_mock.Storage{}
mailer fleet.MailService = &mockMailService{SendEmailFn: func(e fleet.Email) error { return nil }}
c clock.Clock = clock.C
scepConfigService = eeservice.NewSCEPConfigService(logger, nil)
digiCertService = digicert.NewService(digicert.WithLogger(logger))
Hydrant CA Feature Branch (#31807) There are still some TODOs particularly within Gitops test code which will be worked on in a followup PR # Checklist for submitter If some of the following don't apply, delete the relevant line. - [x] Changes file added for user-visible changes in `changes/`, `orbit/changes/` or `ee/fleetd-chrome/changes`. See [Changes files](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/guides/committing-changes.md#changes-files) for more information. - [x] Input data is properly validated, `SELECT *` is avoided, SQL injection is prevented (using placeholders for values in statements) - [x] If paths of existing endpoints are modified without backwards compatibility, checked the frontend/CLI for any necessary changes ## Testing - [x] Added/updated automated tests - [x] Where appropriate, [automated tests simulate multiple hosts and test for host isolation](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/reference/patterns-backend.md#unit-testing) (updates to one hosts's records do not affect another) - [ ] QA'd all new/changed functionality manually For unreleased bug fixes in a release candidate, one of: - [x] Confirmed that the fix is not expected to adversely impact load test results - [x] Alerted the release DRI if additional load testing is needed ## Database migrations - [x] Checked table schema to confirm autoupdate - [x] Checked schema for all modified table for columns that will auto-update timestamps during migration. - [x] Confirmed that updating the timestamps is acceptable, and will not cause unwanted side effects. - [x] Ensured the correct collation is explicitly set for character columns (`COLLATE utf8mb4_unicode_ci`). ## New Fleet configuration settings - [ ] Setting(s) is/are explicitly excluded from GitOps If you didn't check the box above, follow this checklist for GitOps-enabled settings: - [ ] Verified that the setting is exported via `fleetctl generate-gitops` - [x] Verified the setting is documented in a separate PR to [the GitOps documentation](https://github.com/fleetdm/fleet/blob/main/docs/Configuration/yaml-files.md#L485) - [x] Verified that the setting is cleared on the server if it is not supplied in a YAML file (or that it is documented as being optional) - [x] Verified that any relevant UI is disabled when GitOps mode is enabled --------- Co-authored-by: Gabriel Hernandez <ghernandez345@gmail.com> Co-authored-by: Magnus Jensen <magnus@fleetdm.com> Co-authored-by: Sarah Gillespie <73313222+gillespi314@users.noreply.github.com>
2025-09-04 16:39:41 +00:00
hydrantService = hydrant.NewService(hydrant.WithLogger(logger))
Microsoft Compliance Partner backend changes (#29540) For #27042. Ready for review, just missing integration tests that I will be writing today. - [X] Changes file added for user-visible changes in `changes/`, `orbit/changes/` or `ee/fleetd-chrome/changes`. See [Changes files](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/guides/committing-changes.md#changes-files) for more information. - [X] Input data is properly validated, `SELECT *` is avoided, SQL injection is prevented (using placeholders for values in statements) - [ ] Added support on fleet's osquery simulator `cmd/osquery-perf` for new osquery data ingestion features. - [X] If database migrations are included, checked table schema to confirm autoupdate - For new Fleet configuration settings - [X] Verified that the setting can be managed via GitOps, or confirmed that the setting is explicitly being excluded from GitOps. If managing via Gitops: - [X] Verified that the setting is exported via `fleetctl generate-gitops` - [X] Added the setting to [the GitOps documentation](https://github.com/fleetdm/fleet/blob/main/docs/Configuration/yaml-files.md#L485) - [X] Verified that the setting is cleared on the server if it is not supplied in a YAML file (or that it is documented as being optional) - [x] Verified that any relevant UI is disabled when GitOps mode is enabled - For database migrations: - [X] Checked schema for all modified table for columns that will auto-update timestamps during migration. - [X] Confirmed that updating the timestamps is acceptable, and will not cause unwanted side effects. - [X] Ensured the correct collation is explicitly set for character columns (`COLLATE utf8mb4_unicode_ci`). - [x] Added/updated automated tests - [X] Manual QA for all new/changed functionality --------- Co-authored-by: jacobshandling <61553566+jacobshandling@users.noreply.github.com> Co-authored-by: Jacob Shandling <jacob@fleetdm.com>
2025-06-11 17:22:46 +00:00
conditionalAccessMicrosoftProxy ConditionalAccessMicrosoftProxy
Implement preassign endpoint as first step to match profiles and hosts to teams (#12046)
2023-05-31 13:24:22 +00:00
Add custom software icons (#32652) For #29478, sans GitOps. --------- Co-authored-by: RachelElysia <71795832+RachelElysia@users.noreply.github.com> Co-authored-by: Konstantin Sykulev <konst@sykulev.com>
2025-09-05 22:31:03 +00:00
mdmStorage fleet.MDMAppleStore
mdmPusher nanomdm_push.Pusher
ssoStore sso.SessionStore
profMatcher fleet.ProfileMatcher
softwareInstallStore fleet.SoftwareInstallerStore
bootstrapPackageStore fleet.MDMBootstrapPackageStore
softwareTitleIconStore fleet.SoftwareTitleIconStore
distributedLock fleet.Lock
keyValueStore fleet.KeyValueStore
Track active hosts count and enforce limit (#6099)
2022-06-13 20:29:32 +00:00
)
Support per-task configuration for async host processing configuration (#5700)
2022-05-16 13:44:50 +00:00
if len(opts) > 0 {
if opts[0].Clock != nil {
c = opts[0].Clock
}
}
Support async saving of hosts' last seen time (#5640)
2022-05-10 15:29:17 +00:00
Make software batch endpoint asynchronous (#22258) #22069 API changes: https://github.com/fleetdm/fleet/pull/22259 QAd by applying 10 pieces of software on a team, which took 3+ minutes in total (which, before these changes was timing out at 100s.) With this approach, a GitOps CI run timing out might leave the background process running (which will eventually be applied to the database). The team discussed and agreed that we can fix this edge case later. - [X] Changes file added for user-visible changes in `changes/`, `orbit/changes/` or `ee/fleetd-chrome/changes`. See [Changes files](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/Committing-Changes.md#changes-files) for more information. - [X] Input data is properly validated, `SELECT *` is avoided, SQL injection is prevented (using placeholders for values in statements) - [X] Added/updated tests - [X] Manual QA for all new/changed functionality
2024-09-20 14:55:47 +00:00
if len(opts) > 0 && opts[0].KeyValueStore != nil {
keyValueStore = opts[0].KeyValueStore
}
OpenTelemetry minor improvements (#32324) Fixes #32313 OpenTelemetry Tracing - Added tracing to async task collectors: FlushHostsLastSeen, collectHostsLastSeen, collectLabelQueryExecutions, collectPolicyQueryExecutions, collectScheduledQueryStats - Updated HTTP middleware to use OTEL semantic convention for span names ({method} {route}) - Added OTELEnabled() helper to FleetConfig Optimizations - Reduced OTEL batch size from 512 to 256 spans to prevent gRPC message size errors - Enabled gzip compression for trace exports NOTE: I tried to improve OTEL instrumentation for cron jobs, but it got too complicated due to goroutines in `schedule.go` so that effort should be separate. We do have SQL instrumentation for cron jobs, but we are missing root spans for cron jobs as a whole. # Checklist for submitter If some of the following don't apply, delete the relevant line. - [x] Changes file added for user-visible changes in `changes/`, `orbit/changes/` or `ee/fleetd-chrome/changes`. ## Testing - [x] QA'd all new/changed functionality manually <!-- This is an auto-generated comment: release notes by coderabbit.ai --> ## Summary by CodeRabbit * **New Features** * Expanded OpenTelemetry tracing for async tasks (host last seen, label membership, policy membership, scheduled query stats) to provide richer observability. * More descriptive HTTP span names using “METHOD /route” for clearer trace analysis. * **Bug Fixes** * Improved OTLP gRPC exporter reliability by enabling gzip compression and reducing export batch size, mitigating intermittent gRPC errors. <!-- end of auto-generated comment: release notes by coderabbit.ai -->
2025-08-29 00:32:46 +00:00
task := async.NewTask(ds, nil, c, nil)
Support per-task configuration for async host processing configuration (#5700)
2022-05-16 13:44:50 +00:00
if len(opts) > 0 {
if opts[0].Task != nil {
task = opts[0].Task
} else {
opts[0].Task = task
}
Support async saving of hosts' last seen time (#5640)
2022-05-10 15:29:17 +00:00
}
Issue 1600 fleetctl license expiration (#1800) * Show banner in fleet and fleetctl if license expired * Ignore if license is nil or tier is core * Address review comments
2021-08-26 13:28:53 +00:00
if len(opts) > 0 {
if opts[0].Logger != nil {
logger = opts[0].Logger
}
if opts[0].License != nil {
Refactor license so it is stored in the context (#8544)
2022-11-15 14:08:05 +00:00
lic = opts[0].License
Issue 1600 fleetctl license expiration (#1800) * Show banner in fleet and fleetctl if license expired * Ignore if license is nil or tier is core * Address review comments
2021-08-26 13:28:53 +00:00
}
Add tests to SSO/SAML implementation (#2997)
2021-11-23 13:25:43 +00:00
if opts[0].Pool != nil {
ssoStore = sso.NewSessionStore(opts[0].Pool)
Implement preassign endpoint as first step to match profiles and hosts to teams (#12046)
2023-05-31 13:24:22 +00:00
profMatcher = apple_mdm.NewProfileMatcher(opts[0].Pool)
Distributed lock and store calendar_events UUID as binary in MySQL (#20277) #19352 Fix for code review comment: https://github.com/fleetdm/fleet/pull/20156#discussion_r1668421504 Also includes changes from https://github.com/fleetdm/fleet/pull/20252 # Checklist for submitter If some of the following don't apply, delete the relevant line. <!-- Note that API documentation changes are now addressed by the product design team. --> - [x] Added/updated tests - [x] If database migrations are included, checked table schema to confirm autoupdate - For database migrations: - [x] Checked schema for all modified table for columns that will auto-update timestamps during migration. - [x] Confirmed that updating the timestamps is acceptable, and will not cause unwanted side effects. - [x] Ensured the correct collation is explicitly set for character columns (`COLLATE utf8mb4_unicode_ci`). - [x] Manual QA for all new/changed functionality
2024-07-10 13:49:05 +00:00
distributedLock = redis_lock.NewLock(opts[0].Pool)
Make software batch endpoint asynchronous (#22258) #22069 API changes: https://github.com/fleetdm/fleet/pull/22259 QAd by applying 10 pieces of software on a team, which took 3+ minutes in total (which, before these changes was timing out at 100s.) With this approach, a GitOps CI run timing out might leave the background process running (which will eventually be applied to the database). The team discussed and agreed that we can fix this edge case later. - [X] Changes file added for user-visible changes in `changes/`, `orbit/changes/` or `ee/fleetd-chrome/changes`. See [Changes files](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/Committing-Changes.md#changes-files) for more information. - [X] Input data is properly validated, `SELECT *` is avoided, SQL injection is prevented (using placeholders for values in statements) - [X] Added/updated tests - [X] Manual QA for all new/changed functionality
2024-09-20 14:55:47 +00:00
keyValueStore = redis_key_value.New(opts[0].Pool)
Add tests to SSO/SAML implementation (#2997)
2021-11-23 13:25:43 +00:00
}
Match pre-assigned profiles to a team (or create one) and assign host to team (#12127)
2023-06-05 19:08:21 +00:00
if opts[0].ProfileMatcher != nil {
profMatcher = opts[0].ProfileMatcher
}
Global policies automation webhooks (#3378) * Add webhook to app config * Add redis failing policies set and webhook * Add basic webhook test * Store hostname in redis * Global policy deletion to remove policy ID from set and config * Also process new passing policies * Fix unit test * Sort hosts * Add more tests * Add ListSets to the failing policies interface * Fix server URL and garbage collect on the triggering side * Do not use Redis SCAN * Fix Redis operation order * Add API changes to doc * Add comments * Add more tests * Fix tests * Add tests for config update upon deletion of policies * Run make dump-test-schema * Ignore policies that failed to run * Add proper unit tests to trigger logic * Fix comments * WIP * Add tests to service_osquerty_test.go * Use SSCAN for listing hosts instead of SMEMBERS * Add failing policies to docs/01-Using-Fleet/configuration-files/README.md * Remove skip * Fix PR comments
2021-12-23 21:26:55 +00:00
if opts[0].FailingPolicySet != nil {
failingPolicySet = opts[0].FailingPolicySet
}
Track active hosts count and enforce limit (#6099)
2022-06-13 20:29:32 +00:00
if opts[0].EnrollHostLimiter != nil {
enrollHostLimiter = opts[0].EnrollHostLimiter
}
Fix SMTP e-mail send when SMTP server has credentials (#10758) #9609 This PR also fixes #10777. The issue is: We were using `svc.AppConfig` instead of `svc.ds.AppConfig` to retrieve the SMTP credentials. `svc.AppConfig` obfuscates credentials, whereas `svc.ds.AppConfig` does not. To help prevent this from happening again I've renamed `svc.AppConfig` to `svc.AppConfigObfuscated`. I've also added a new test SMTP server (https://github.com/axllent/mailpit) that supports Basic Authentication and tests that make use of it to catch these kind of bugs (the tests are executed when running `go test` with `MAIL_TEST=1`). - [X] Changes file added for user-visible changes in `changes/` or `orbit/changes/`. See [Changes files](https://fleetdm.com/docs/contributing/committing-changes#changes-files) for more information. - ~[ ] Documented any API changes (docs/Using-Fleet/REST-API.md or docs/Contributing/API-for-contributors.md)~ - ~[ ] Documented any permissions changes~ - ~[ ] Input data is properly validated, `SELECT *` is avoided, SQL injection is prevented (using placeholders for values in statements)~ - ~[ ] Added support on fleet's osquery simulator `cmd/osquery-perf` for new osquery data ingestion features.~ - [X] Added/updated tests - [X] Manual QA for all new/changed functionality - ~For Orbit and Fleet Desktop changes:~ - ~[ ] Manual QA must be performed in the three main OSs, macOS, Windows and Linux.~ - ~[ ] Auto-update manual QA, from released version of component to new version (see [tools/tuf/test](../tools/tuf/test/README.md)).~
2023-03-28 18:23:15 +00:00
if opts[0].UseMailService {
add support for AWS SES email backend (#10847)
2023-04-06 18:21:07 +00:00
mailer, err = mail.NewService(config.TestConfig())
require.NoError(t, err)
Fix SMTP e-mail send when SMTP server has credentials (#10758) #9609 This PR also fixes #10777. The issue is: We were using `svc.AppConfig` instead of `svc.ds.AppConfig` to retrieve the SMTP credentials. `svc.AppConfig` obfuscates credentials, whereas `svc.ds.AppConfig` does not. To help prevent this from happening again I've renamed `svc.AppConfig` to `svc.AppConfigObfuscated`. I've also added a new test SMTP server (https://github.com/axllent/mailpit) that supports Basic Authentication and tests that make use of it to catch these kind of bugs (the tests are executed when running `go test` with `MAIL_TEST=1`). - [X] Changes file added for user-visible changes in `changes/` or `orbit/changes/`. See [Changes files](https://fleetdm.com/docs/contributing/committing-changes#changes-files) for more information. - ~[ ] Documented any API changes (docs/Using-Fleet/REST-API.md or docs/Contributing/API-for-contributors.md)~ - ~[ ] Documented any permissions changes~ - ~[ ] Input data is properly validated, `SELECT *` is avoided, SQL injection is prevented (using placeholders for values in statements)~ - ~[ ] Added support on fleet's osquery simulator `cmd/osquery-perf` for new osquery data ingestion features.~ - [X] Added/updated tests - [X] Manual QA for all new/changed functionality - ~For Orbit and Fleet Desktop changes:~ - ~[ ] Manual QA must be performed in the three main OSs, macOS, Windows and Linux.~ - ~[ ] Auto-update manual QA, from released version of component to new version (see [tools/tuf/test](../tools/tuf/test/README.md)).~
2023-03-28 18:23:15 +00:00
}
Implement software installer storage for S3 and local filesystem (#18493)
2024-04-24 14:18:58 +00:00
if opts[0].SoftwareInstallStore != nil {
softwareInstallStore = opts[0].SoftwareInstallStore
}
Feature branch for the Store Bootstrap Packages in S3 story (#21260)
2024-08-13 12:27:10 +00:00
if opts[0].BootstrapPackageStore != nil {
bootstrapPackageStore = opts[0].BootstrapPackageStore
}
Add custom software icons (#32652) For #29478, sans GitOps. --------- Co-authored-by: RachelElysia <71795832+RachelElysia@users.noreply.github.com> Co-authored-by: Konstantin Sykulev <konst@sykulev.com>
2025-09-05 22:31:03 +00:00
if opts[0].SoftwareTitleIconStore != nil {
softwareTitleIconStore = opts[0].SoftwareTitleIconStore
}
add API endpoints to retrieve pre-built installers (#6672) Rel: #6365, this adds a new endpoint to check and download pre-built installers.
2022-07-18 16:44:30 +00:00
Add Apple MDM functionality (#7940) * WIP * Adding DEP functionality to Fleet * Better organize additional MDM code * Add cmdr.py and amend API paths * Fix lint * Add demo file * Fix demo.md * go mod tidy * Add munki setup to Fleet * Add diagram to demo.md * Add fixes * Update TODOs and demo.md * Fix cmdr.py and add TODO * Add endpoints to demo.md * Add more Munki PoC/demo stuff * WIP * Remove proposals from PoC * Replace prepare commands with fleetctl commands * Update demo.md with current state * Remove config field * Amend demo * Remove Munki setup from MVP-Dogfood * Update demo.md * Add apple mdm commands (#7769) * fleetctl enqueue mdm command * fix deps * Fix build Co-authored-by: Lucas Rodriguez <lucas@fleetdm.com> * Add command to upload installers * go mod tidy * fix subcommands help There is a bug in urfave/cli where help text is not generated properly when subcommands are nested too deep. * Add support for installing apps * Add a way to list enrolled devices * Add dep listing * Rearrange endpoints * Move DEP routine to schedule * Define paths globally * Add a way to list enrollments and installers * Parse device-ids as comma-separated string * Remove unused types * Add simple commands and nest under enqueue-command * Fix simple commands * Add help to enqueue-command * merge apple_mdm database * Fix commands * update nanomdm * Split nanomdm and nanodep schemas * Set 512 MB in memory for upload * Remove empty file * Amend profile * Add sample commands * Add delete installers and fix bug in DEP profile assigning * Add dogfood.md deployment guide * Update schema.sql * Dump schema with MySQL 5 * Set default value for authenticate_at * add tokens to enrollment profiles When a device downloads an MDM enrollment profile, verify the token passed as a query parameter. This ensures untrusted devices don't enroll with our MDM server. - Rename enrollments to enrollment profiles. Enrollments is used by nano to refer to devices that are enrolled with MDM - Rename endpoint /api/<version>/fleet/mdm/apple/enrollments to ../enrollmentprofiles - Generate a token for authentication when creating an enrollment profile - Return unauthorized if token is invalid when downloading an enrollment profile from /api/mdm/apple/enroll?token= * remove mdm apple server url * update docs * make dump-test-schema * Update nanomdm with missing prefix table * Add docs and simplify changes * Add changes file * Add method docs * Fix compile and revert prepare.go changes * Revert migration status check change * Amend comments * Add more docs * Clarify storage of installers * Remove TODO * Remove unused * update dogfood.md * remove cmdr.py * Add authorization tests * Add TODO comment * use kitlog for nano logging * Add yaml tags * Remove unused flag * Remove changes file * Only run DEP routine if MDM is enabled * Add docs to all new exported types * Add docs * more nano logging changes * Fix unintentional removal * more nano logging changes * Fix compile test * Use string for configs and fix config test * Add docs and amend changes * revert changes to basicAuthHandler * remove exported BasicAuthHandler * rename rego authz type * Add more information to dep list * add db tag * update deps * Fix schema * Remove unimplemented Co-authored-by: Michal Nicpon <39177923+michalnicp@users.noreply.github.com> Co-authored-by: Michal Nicpon <michal@fleetdm.com>
2022-10-05 22:53:54 +00:00
// allow to explicitly set MDM storage to nil
mdmStorage = opts[0].MDMStorage
gate DEP enrollment behind SSO when configured (#11309) #10739 Co-authored-by: Gabriel Hernandez <ghernandez345@gmail.com> Co-authored-by: gillespi314 <73313222+gillespi314@users.noreply.github.com>
2023-04-27 12:43:20 +00:00
if opts[0].DEPStorage != nil {
depStorage = opts[0].DEPStorage
}
Add Apple MDM functionality (#7940) * WIP * Adding DEP functionality to Fleet * Better organize additional MDM code * Add cmdr.py and amend API paths * Fix lint * Add demo file * Fix demo.md * go mod tidy * Add munki setup to Fleet * Add diagram to demo.md * Add fixes * Update TODOs and demo.md * Fix cmdr.py and add TODO * Add endpoints to demo.md * Add more Munki PoC/demo stuff * WIP * Remove proposals from PoC * Replace prepare commands with fleetctl commands * Update demo.md with current state * Remove config field * Amend demo * Remove Munki setup from MVP-Dogfood * Update demo.md * Add apple mdm commands (#7769) * fleetctl enqueue mdm command * fix deps * Fix build Co-authored-by: Lucas Rodriguez <lucas@fleetdm.com> * Add command to upload installers * go mod tidy * fix subcommands help There is a bug in urfave/cli where help text is not generated properly when subcommands are nested too deep. * Add support for installing apps * Add a way to list enrolled devices * Add dep listing * Rearrange endpoints * Move DEP routine to schedule * Define paths globally * Add a way to list enrollments and installers * Parse device-ids as comma-separated string * Remove unused types * Add simple commands and nest under enqueue-command * Fix simple commands * Add help to enqueue-command * merge apple_mdm database * Fix commands * update nanomdm * Split nanomdm and nanodep schemas * Set 512 MB in memory for upload * Remove empty file * Amend profile * Add sample commands * Add delete installers and fix bug in DEP profile assigning * Add dogfood.md deployment guide * Update schema.sql * Dump schema with MySQL 5 * Set default value for authenticate_at * add tokens to enrollment profiles When a device downloads an MDM enrollment profile, verify the token passed as a query parameter. This ensures untrusted devices don't enroll with our MDM server. - Rename enrollments to enrollment profiles. Enrollments is used by nano to refer to devices that are enrolled with MDM - Rename endpoint /api/<version>/fleet/mdm/apple/enrollments to ../enrollmentprofiles - Generate a token for authentication when creating an enrollment profile - Return unauthorized if token is invalid when downloading an enrollment profile from /api/mdm/apple/enroll?token= * remove mdm apple server url * update docs * make dump-test-schema * Update nanomdm with missing prefix table * Add docs and simplify changes * Add changes file * Add method docs * Fix compile and revert prepare.go changes * Revert migration status check change * Amend comments * Add more docs * Clarify storage of installers * Remove TODO * Remove unused * update dogfood.md * remove cmdr.py * Add authorization tests * Add TODO comment * use kitlog for nano logging * Add yaml tags * Remove unused flag * Remove changes file * Only run DEP routine if MDM is enabled * Add docs to all new exported types * Add docs * more nano logging changes * Fix unintentional removal * more nano logging changes * Fix compile test * Use string for configs and fix config test * Add docs and amend changes * revert changes to basicAuthHandler * remove exported BasicAuthHandler * rename rego authz type * Add more information to dep list * add db tag * update deps * Fix schema * Remove unimplemented Co-authored-by: Michal Nicpon <39177923+michalnicp@users.noreply.github.com> Co-authored-by: Michal Nicpon <michal@fleetdm.com>
2022-10-05 22:53:54 +00:00
// allow to explicitly set mdm pusher to nil
mdmPusher = opts[0].MDMPusher
Configure golangci-lint for the whole repository Add a relatively minimal set of linters that raise safe and mostly un-opinionated issues with the code. It runs automatically on CI via a github action.
2021-08-24 17:35:03 +00:00
}
Support async saving of hosts' last seen time (#5640)
2022-05-10 15:29:17 +00:00
Refactor license so it is stored in the context (#8544)
2022-11-15 14:08:05 +00:00
ctx := license.NewContext(context.Background(), lic)
Implement schedule triggers (#8747)
2022-11-28 19:28:06 +00:00
cronSchedulesService := fleet.NewCronSchedules()
Adding telemetry for specific Fleet Desktop errors (#23349) Adding telemetry for catching issue #19172 # Docs changes In another PR: https://github.com/fleetdm/fleet/pull/23423/files # Demo <div> <a href="https://www.loom.com/share/233625875eec46508c26ae315cd52d19"> <p>[Demo] Add telemetry for vital fleetd errors - Issue #23413 - Watch Video</p> </a> <a href="https://www.loom.com/share/233625875eec46508c26ae315cd52d19"> <img style="max-width:300px;" src="https://cdn.loom.com/sessions/thumbnails/233625875eec46508c26ae315cd52d19-45ca0ec1b7b5e9e7-full-play.gif"> </a> </div> # Checklist for submitter - [x] Changes file added for user-visible changes in `changes/`, `orbit/changes/` or `ee/fleetd-chrome/changes`. See [Changes files](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/Committing-Changes.md#changes-files) for more information. - [x] Added/updated tests - [x] Manual QA for all new/changed functionality - For Orbit and Fleet Desktop changes: - [x] Orbit runs on macOS, Linux and Windows. Check if the orbit feature/bugfix should only apply to one platform (`runtime.GOOS`). - [x] Manual QA must be performed in the three main OSs, macOS, Windows and Linux. - [x] Auto-update manual QA, from released version of component to new version (see [tools/tuf/test](../tools/tuf/test/README.md)).
2024-10-31 19:24:42 +00:00
var eh *errorstore.Handler
if len(opts) > 0 {
if opts[0].Pool != nil {
eh = errorstore.NewHandler(ctx, opts[0].Pool, logger, time.Minute*10)
ctx = ctxerr.NewContext(ctx, eh)
}
if opts[0].StartCronSchedules != nil {
for _, fn := range opts[0].StartCronSchedules {
err = cronSchedulesService.StartCronSchedule(fn(ctx, ds))
require.NoError(t, err)
}
Implement schedule triggers (#8747)
2022-11-28 19:28:06 +00:00
}
}
Add custom SCEP configs (#27045) For #26603 This PR includes: - Refactoring of NDES/SCEP verify/timeout logic for easier testing (with dependency injection) - Custom SCEP configs - saving/deleting/updating of encrypted custom SCEP challenges - validation call to custom SCEP server to verify connection - Custom SCEP activities - unit and integration tests for all of the above This PR does not include the following: - Changes file (in later PR) # Checklist for submitter - [x] Added/updated automated tests - [x] Manual QA for all new/changed functionality
2025-03-14 17:16:51 +00:00
if len(opts) > 0 && opts[0].SCEPConfigService != nil {
scepConfigService = opts[0].SCEPConfigService
}
GitOps support for DigiCert and Custom SCEP (#27229) For #26622 This PR includes: - Making DigiCert client a real service that can be overridden in tests - GitOps support for DigiCert and Custom SCEP configs # Checklist for submitter - [x] Added/updated automated tests - [x] A detailed QA plan exists on the associated ticket (if it isn't there, work with the product group's QA engineer to add it) - [x] Manual QA for all new/changed functionality
2025-03-20 16:36:00 +00:00
if len(opts) > 0 && opts[0].DigiCertService != nil {
digiCertService = opts[0].DigiCertService
}
Microsoft Compliance Partner backend changes (#29540) For #27042. Ready for review, just missing integration tests that I will be writing today. - [X] Changes file added for user-visible changes in `changes/`, `orbit/changes/` or `ee/fleetd-chrome/changes`. See [Changes files](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/guides/committing-changes.md#changes-files) for more information. - [X] Input data is properly validated, `SELECT *` is avoided, SQL injection is prevented (using placeholders for values in statements) - [ ] Added support on fleet's osquery simulator `cmd/osquery-perf` for new osquery data ingestion features. - [X] If database migrations are included, checked table schema to confirm autoupdate - For new Fleet configuration settings - [X] Verified that the setting can be managed via GitOps, or confirmed that the setting is explicitly being excluded from GitOps. If managing via Gitops: - [X] Verified that the setting is exported via `fleetctl generate-gitops` - [X] Added the setting to [the GitOps documentation](https://github.com/fleetdm/fleet/blob/main/docs/Configuration/yaml-files.md#L485) - [X] Verified that the setting is cleared on the server if it is not supplied in a YAML file (or that it is documented as being optional) - [x] Verified that any relevant UI is disabled when GitOps mode is enabled - For database migrations: - [X] Checked schema for all modified table for columns that will auto-update timestamps during migration. - [X] Confirmed that updating the timestamps is acceptable, and will not cause unwanted side effects. - [X] Ensured the correct collation is explicitly set for character columns (`COLLATE utf8mb4_unicode_ci`). - [x] Added/updated automated tests - [X] Manual QA for all new/changed functionality --------- Co-authored-by: jacobshandling <61553566+jacobshandling@users.noreply.github.com> Co-authored-by: Jacob Shandling <jacob@fleetdm.com>
2025-06-11 17:22:46 +00:00
if len(opts) > 0 && opts[0].ConditionalAccessMicrosoftProxy != nil {
conditionalAccessMicrosoftProxy = opts[0].ConditionalAccessMicrosoftProxy
fleetConfig.MicrosoftCompliancePartner.ProxyAPIKey = "insecure" // setting this so the feature is "enabled".
}
Implement schedule triggers (#8747)
2022-11-28 19:28:06 +00:00
Add certificate management for Microsoft MDM (WSTEP) (#12543) Issue #12261 # Checklist for submitter If some of the following don't apply, delete the relevant line. - [ ] Changes file added for user-visible changes in `changes/` or `orbit/changes/`. See [Changes files](https://fleetdm.com/docs/contributing/committing-changes#changes-files) for more information. - [ ] Documented any API changes (docs/Using-Fleet/REST-API.md or docs/Contributing/API-for-contributors.md) - [ ] Documented any permissions changes - [ ] Input data is properly validated, `SELECT *` is avoided, SQL injection is prevented (using placeholders for values in statements) - [ ] Added support on fleet's osquery simulator `cmd/osquery-perf` for new osquery data ingestion features. - [ ] Added/updated tests - [ ] Manual QA for all new/changed functionality - For Orbit and Fleet Desktop changes: - [ ] Manual QA must be performed in the three main OSs, macOS, Windows and Linux. - [ ] Auto-update manual QA, from released version of component to new version (see [tools/tuf/test](../tools/tuf/test/README.md)).
2023-06-29 22:31:53 +00:00
var wstepManager microsoft_mdm.CertManager
Adding support for RequestSecurityToken messages - Windows MDM enroll endpoint (#12555) This relates to #12263 # Checklist for submitter If some of the following don't apply, delete the relevant line. - [X] Changes file added for user-visible changes in `changes/` or `orbit/changes/`. See [Changes files](https://fleetdm.com/docs/contributing/committing-changes#changes-files) for more information. - [X] Input data is properly validated, `SELECT *` is avoided, SQL injection is prevented (using placeholders for values in statements) - [X] Added/updated tests --------- Co-authored-by: Roberto Dip <me@roperzh.com>
2023-07-05 13:06:37 +00:00
if fleetConfig.MDM.WindowsWSTEPIdentityCert != "" && fleetConfig.MDM.WindowsWSTEPIdentityKey != "" {
rawCert, err := os.ReadFile(fleetConfig.MDM.WindowsWSTEPIdentityCert)
Add certificate management for Microsoft MDM (WSTEP) (#12543) Issue #12261 # Checklist for submitter If some of the following don't apply, delete the relevant line. - [ ] Changes file added for user-visible changes in `changes/` or `orbit/changes/`. See [Changes files](https://fleetdm.com/docs/contributing/committing-changes#changes-files) for more information. - [ ] Documented any API changes (docs/Using-Fleet/REST-API.md or docs/Contributing/API-for-contributors.md) - [ ] Documented any permissions changes - [ ] Input data is properly validated, `SELECT *` is avoided, SQL injection is prevented (using placeholders for values in statements) - [ ] Added support on fleet's osquery simulator `cmd/osquery-perf` for new osquery data ingestion features. - [ ] Added/updated tests - [ ] Manual QA for all new/changed functionality - For Orbit and Fleet Desktop changes: - [ ] Manual QA must be performed in the three main OSs, macOS, Windows and Linux. - [ ] Auto-update manual QA, from released version of component to new version (see [tools/tuf/test](../tools/tuf/test/README.md)).
2023-06-29 22:31:53 +00:00
require.NoError(t, err)
Adding support for RequestSecurityToken messages - Windows MDM enroll endpoint (#12555) This relates to #12263 # Checklist for submitter If some of the following don't apply, delete the relevant line. - [X] Changes file added for user-visible changes in `changes/` or `orbit/changes/`. See [Changes files](https://fleetdm.com/docs/contributing/committing-changes#changes-files) for more information. - [X] Input data is properly validated, `SELECT *` is avoided, SQL injection is prevented (using placeholders for values in statements) - [X] Added/updated tests --------- Co-authored-by: Roberto Dip <me@roperzh.com>
2023-07-05 13:06:37 +00:00
rawKey, err := os.ReadFile(fleetConfig.MDM.WindowsWSTEPIdentityKey)
Add certificate management for Microsoft MDM (WSTEP) (#12543) Issue #12261 # Checklist for submitter If some of the following don't apply, delete the relevant line. - [ ] Changes file added for user-visible changes in `changes/` or `orbit/changes/`. See [Changes files](https://fleetdm.com/docs/contributing/committing-changes#changes-files) for more information. - [ ] Documented any API changes (docs/Using-Fleet/REST-API.md or docs/Contributing/API-for-contributors.md) - [ ] Documented any permissions changes - [ ] Input data is properly validated, `SELECT *` is avoided, SQL injection is prevented (using placeholders for values in statements) - [ ] Added support on fleet's osquery simulator `cmd/osquery-perf` for new osquery data ingestion features. - [ ] Added/updated tests - [ ] Manual QA for all new/changed functionality - For Orbit and Fleet Desktop changes: - [ ] Manual QA must be performed in the three main OSs, macOS, Windows and Linux. - [ ] Auto-update manual QA, from released version of component to new version (see [tools/tuf/test](../tools/tuf/test/README.md)).
2023-06-29 22:31:53 +00:00
require.NoError(t, err)
wstepManager, err = microsoft_mdm.NewCertManager(ds, rawCert, rawKey)
require.NoError(t, err)
}
Add Apple MDM functionality (#7940) * WIP * Adding DEP functionality to Fleet * Better organize additional MDM code * Add cmdr.py and amend API paths * Fix lint * Add demo file * Fix demo.md * go mod tidy * Add munki setup to Fleet * Add diagram to demo.md * Add fixes * Update TODOs and demo.md * Fix cmdr.py and add TODO * Add endpoints to demo.md * Add more Munki PoC/demo stuff * WIP * Remove proposals from PoC * Replace prepare commands with fleetctl commands * Update demo.md with current state * Remove config field * Amend demo * Remove Munki setup from MVP-Dogfood * Update demo.md * Add apple mdm commands (#7769) * fleetctl enqueue mdm command * fix deps * Fix build Co-authored-by: Lucas Rodriguez <lucas@fleetdm.com> * Add command to upload installers * go mod tidy * fix subcommands help There is a bug in urfave/cli where help text is not generated properly when subcommands are nested too deep. * Add support for installing apps * Add a way to list enrolled devices * Add dep listing * Rearrange endpoints * Move DEP routine to schedule * Define paths globally * Add a way to list enrollments and installers * Parse device-ids as comma-separated string * Remove unused types * Add simple commands and nest under enqueue-command * Fix simple commands * Add help to enqueue-command * merge apple_mdm database * Fix commands * update nanomdm * Split nanomdm and nanodep schemas * Set 512 MB in memory for upload * Remove empty file * Amend profile * Add sample commands * Add delete installers and fix bug in DEP profile assigning * Add dogfood.md deployment guide * Update schema.sql * Dump schema with MySQL 5 * Set default value for authenticate_at * add tokens to enrollment profiles When a device downloads an MDM enrollment profile, verify the token passed as a query parameter. This ensures untrusted devices don't enroll with our MDM server. - Rename enrollments to enrollment profiles. Enrollments is used by nano to refer to devices that are enrolled with MDM - Rename endpoint /api/<version>/fleet/mdm/apple/enrollments to ../enrollmentprofiles - Generate a token for authentication when creating an enrollment profile - Return unauthorized if token is invalid when downloading an enrollment profile from /api/mdm/apple/enroll?token= * remove mdm apple server url * update docs * make dump-test-schema * Update nanomdm with missing prefix table * Add docs and simplify changes * Add changes file * Add method docs * Fix compile and revert prepare.go changes * Revert migration status check change * Amend comments * Add more docs * Clarify storage of installers * Remove TODO * Remove unused * update dogfood.md * remove cmdr.py * Add authorization tests * Add TODO comment * use kitlog for nano logging * Add yaml tags * Remove unused flag * Remove changes file * Only run DEP routine if MDM is enabled * Add docs to all new exported types * Add docs * more nano logging changes * Fix unintentional removal * more nano logging changes * Fix compile test * Use string for configs and fix config test * Add docs and amend changes * revert changes to basicAuthHandler * remove exported BasicAuthHandler * rename rego authz type * Add more information to dep list * add db tag * update deps * Fix schema * Remove unimplemented Co-authored-by: Michal Nicpon <39177923+michalnicp@users.noreply.github.com> Co-authored-by: Michal Nicpon <michal@fleetdm.com>
2022-10-05 22:53:54 +00:00
svc, err := NewService(
Refactor license so it is stored in the context (#8544)
2022-11-15 14:08:05 +00:00
ctx,
Add Apple MDM functionality (#7940) * WIP * Adding DEP functionality to Fleet * Better organize additional MDM code * Add cmdr.py and amend API paths * Fix lint * Add demo file * Fix demo.md * go mod tidy * Add munki setup to Fleet * Add diagram to demo.md * Add fixes * Update TODOs and demo.md * Fix cmdr.py and add TODO * Add endpoints to demo.md * Add more Munki PoC/demo stuff * WIP * Remove proposals from PoC * Replace prepare commands with fleetctl commands * Update demo.md with current state * Remove config field * Amend demo * Remove Munki setup from MVP-Dogfood * Update demo.md * Add apple mdm commands (#7769) * fleetctl enqueue mdm command * fix deps * Fix build Co-authored-by: Lucas Rodriguez <lucas@fleetdm.com> * Add command to upload installers * go mod tidy * fix subcommands help There is a bug in urfave/cli where help text is not generated properly when subcommands are nested too deep. * Add support for installing apps * Add a way to list enrolled devices * Add dep listing * Rearrange endpoints * Move DEP routine to schedule * Define paths globally * Add a way to list enrollments and installers * Parse device-ids as comma-separated string * Remove unused types * Add simple commands and nest under enqueue-command * Fix simple commands * Add help to enqueue-command * merge apple_mdm database * Fix commands * update nanomdm * Split nanomdm and nanodep schemas * Set 512 MB in memory for upload * Remove empty file * Amend profile * Add sample commands * Add delete installers and fix bug in DEP profile assigning * Add dogfood.md deployment guide * Update schema.sql * Dump schema with MySQL 5 * Set default value for authenticate_at * add tokens to enrollment profiles When a device downloads an MDM enrollment profile, verify the token passed as a query parameter. This ensures untrusted devices don't enroll with our MDM server. - Rename enrollments to enrollment profiles. Enrollments is used by nano to refer to devices that are enrolled with MDM - Rename endpoint /api/<version>/fleet/mdm/apple/enrollments to ../enrollmentprofiles - Generate a token for authentication when creating an enrollment profile - Return unauthorized if token is invalid when downloading an enrollment profile from /api/mdm/apple/enroll?token= * remove mdm apple server url * update docs * make dump-test-schema * Update nanomdm with missing prefix table * Add docs and simplify changes * Add changes file * Add method docs * Fix compile and revert prepare.go changes * Revert migration status check change * Amend comments * Add more docs * Clarify storage of installers * Remove TODO * Remove unused * update dogfood.md * remove cmdr.py * Add authorization tests * Add TODO comment * use kitlog for nano logging * Add yaml tags * Remove unused flag * Remove changes file * Only run DEP routine if MDM is enabled * Add docs to all new exported types * Add docs * more nano logging changes * Fix unintentional removal * more nano logging changes * Fix compile test * Use string for configs and fix config test * Add docs and amend changes * revert changes to basicAuthHandler * remove exported BasicAuthHandler * rename rego authz type * Add more information to dep list * add db tag * update deps * Fix schema * Remove unimplemented Co-authored-by: Michal Nicpon <39177923+michalnicp@users.noreply.github.com> Co-authored-by: Michal Nicpon <michal@fleetdm.com>
2022-10-05 22:53:54 +00:00
ds,
task,
rs,
logger,
osqlogger,
fleetConfig,
mailer,
c,
ssoStore,
lq,
ds,
failingPolicySet,
&fleet.NoOpGeoIP{},
enrollHostLimiter,
depStorage,
mdmStorage,
mdmPusher,
Implement schedule triggers (#8747)
2022-11-28 19:28:06 +00:00
cronSchedulesService,
Add certificate management for Microsoft MDM (WSTEP) (#12543) Issue #12261 # Checklist for submitter If some of the following don't apply, delete the relevant line. - [ ] Changes file added for user-visible changes in `changes/` or `orbit/changes/`. See [Changes files](https://fleetdm.com/docs/contributing/committing-changes#changes-files) for more information. - [ ] Documented any API changes (docs/Using-Fleet/REST-API.md or docs/Contributing/API-for-contributors.md) - [ ] Documented any permissions changes - [ ] Input data is properly validated, `SELECT *` is avoided, SQL injection is prevented (using placeholders for values in statements) - [ ] Added support on fleet's osquery simulator `cmd/osquery-perf` for new osquery data ingestion features. - [ ] Added/updated tests - [ ] Manual QA for all new/changed functionality - For Orbit and Fleet Desktop changes: - [ ] Manual QA must be performed in the three main OSs, macOS, Windows and Linux. - [ ] Auto-update manual QA, from released version of component to new version (see [tools/tuf/test](../tools/tuf/test/README.md)).
2023-06-29 22:31:53 +00:00
wstepManager,
Add custom SCEP configs (#27045) For #26603 This PR includes: - Refactoring of NDES/SCEP verify/timeout logic for easier testing (with dependency injection) - Custom SCEP configs - saving/deleting/updating of encrypted custom SCEP challenges - validation call to custom SCEP server to verify connection - Custom SCEP activities - unit and integration tests for all of the above This PR does not include the following: - Changes file (in later PR) # Checklist for submitter - [x] Added/updated automated tests - [x] Manual QA for all new/changed functionality
2025-03-14 17:16:51 +00:00
scepConfigService,
GitOps support for DigiCert and Custom SCEP (#27229) For #26622 This PR includes: - Making DigiCert client a real service that can be overridden in tests - GitOps support for DigiCert and Custom SCEP configs # Checklist for submitter - [x] Added/updated automated tests - [x] A detailed QA plan exists on the associated ticket (if it isn't there, work with the product group's QA engineer to add it) - [x] Manual QA for all new/changed functionality
2025-03-20 16:36:00 +00:00
digiCertService,
Microsoft Compliance Partner backend changes (#29540) For #27042. Ready for review, just missing integration tests that I will be writing today. - [X] Changes file added for user-visible changes in `changes/`, `orbit/changes/` or `ee/fleetd-chrome/changes`. See [Changes files](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/guides/committing-changes.md#changes-files) for more information. - [X] Input data is properly validated, `SELECT *` is avoided, SQL injection is prevented (using placeholders for values in statements) - [ ] Added support on fleet's osquery simulator `cmd/osquery-perf` for new osquery data ingestion features. - [X] If database migrations are included, checked table schema to confirm autoupdate - For new Fleet configuration settings - [X] Verified that the setting can be managed via GitOps, or confirmed that the setting is explicitly being excluded from GitOps. If managing via Gitops: - [X] Verified that the setting is exported via `fleetctl generate-gitops` - [X] Added the setting to [the GitOps documentation](https://github.com/fleetdm/fleet/blob/main/docs/Configuration/yaml-files.md#L485) - [X] Verified that the setting is cleared on the server if it is not supplied in a YAML file (or that it is documented as being optional) - [x] Verified that any relevant UI is disabled when GitOps mode is enabled - For database migrations: - [X] Checked schema for all modified table for columns that will auto-update timestamps during migration. - [X] Confirmed that updating the timestamps is acceptable, and will not cause unwanted side effects. - [X] Ensured the correct collation is explicitly set for character columns (`COLLATE utf8mb4_unicode_ci`). - [x] Added/updated automated tests - [X] Manual QA for all new/changed functionality --------- Co-authored-by: jacobshandling <61553566+jacobshandling@users.noreply.github.com> Co-authored-by: Jacob Shandling <jacob@fleetdm.com>
2025-06-11 17:22:46 +00:00
conditionalAccessMicrosoftProxy,
Add Apple MDM functionality (#7940) * WIP * Adding DEP functionality to Fleet * Better organize additional MDM code * Add cmdr.py and amend API paths * Fix lint * Add demo file * Fix demo.md * go mod tidy * Add munki setup to Fleet * Add diagram to demo.md * Add fixes * Update TODOs and demo.md * Fix cmdr.py and add TODO * Add endpoints to demo.md * Add more Munki PoC/demo stuff * WIP * Remove proposals from PoC * Replace prepare commands with fleetctl commands * Update demo.md with current state * Remove config field * Amend demo * Remove Munki setup from MVP-Dogfood * Update demo.md * Add apple mdm commands (#7769) * fleetctl enqueue mdm command * fix deps * Fix build Co-authored-by: Lucas Rodriguez <lucas@fleetdm.com> * Add command to upload installers * go mod tidy * fix subcommands help There is a bug in urfave/cli where help text is not generated properly when subcommands are nested too deep. * Add support for installing apps * Add a way to list enrolled devices * Add dep listing * Rearrange endpoints * Move DEP routine to schedule * Define paths globally * Add a way to list enrollments and installers * Parse device-ids as comma-separated string * Remove unused types * Add simple commands and nest under enqueue-command * Fix simple commands * Add help to enqueue-command * merge apple_mdm database * Fix commands * update nanomdm * Split nanomdm and nanodep schemas * Set 512 MB in memory for upload * Remove empty file * Amend profile * Add sample commands * Add delete installers and fix bug in DEP profile assigning * Add dogfood.md deployment guide * Update schema.sql * Dump schema with MySQL 5 * Set default value for authenticate_at * add tokens to enrollment profiles When a device downloads an MDM enrollment profile, verify the token passed as a query parameter. This ensures untrusted devices don't enroll with our MDM server. - Rename enrollments to enrollment profiles. Enrollments is used by nano to refer to devices that are enrolled with MDM - Rename endpoint /api/<version>/fleet/mdm/apple/enrollments to ../enrollmentprofiles - Generate a token for authentication when creating an enrollment profile - Return unauthorized if token is invalid when downloading an enrollment profile from /api/mdm/apple/enroll?token= * remove mdm apple server url * update docs * make dump-test-schema * Update nanomdm with missing prefix table * Add docs and simplify changes * Add changes file * Add method docs * Fix compile and revert prepare.go changes * Revert migration status check change * Amend comments * Add more docs * Clarify storage of installers * Remove TODO * Remove unused * update dogfood.md * remove cmdr.py * Add authorization tests * Add TODO comment * use kitlog for nano logging * Add yaml tags * Remove unused flag * Remove changes file * Only run DEP routine if MDM is enabled * Add docs to all new exported types * Add docs * more nano logging changes * Fix unintentional removal * more nano logging changes * Fix compile test * Use string for configs and fix config test * Add docs and amend changes * revert changes to basicAuthHandler * remove exported BasicAuthHandler * rename rego authz type * Add more information to dep list * add db tag * update deps * Fix schema * Remove unimplemented Co-authored-by: Michal Nicpon <39177923+michalnicp@users.noreply.github.com> Co-authored-by: Michal Nicpon <michal@fleetdm.com>
2022-10-05 22:53:54 +00:00
)
Issue 1361 fleetctl teams (#1405) * WIP * Add get user_roles and apply for a user_roles spec to fleetctl * Uncomment other tests * Update test to check output * Update test with the new struct * Mock token so that it doesn't pick up the one in the local machine * Address review comments * Fix printJSON and printYaml * Fix merge conflict error * WIP * wip * wip * Finish implementation * Address review comments * Fix flaky test
2021-07-19 19:48:49 +00:00
if err != nil {
panic(err)
}
Refactor license so it is stored in the context (#8544)
2022-11-15 14:08:05 +00:00
if lic.IsPremium() {
Implement software installer storage for S3 and local filesystem (#18493)
2024-04-24 14:18:58 +00:00
if softwareInstallStore == nil {
// default to file-based
dir := t.TempDir()
store, err := filesystem.NewSoftwareInstallerStore(dir)
if err != nil {
panic(err)
}
softwareInstallStore = store
}
incomplete implementation of device wipe and lock (#9947)
2023-02-22 20:11:44 +00:00
svc, err = eeservice.NewService(
svc,
ds,
Fix calendar duplicated events and other issues (#20443) #19352 Includes the following changes: - Re-enable calendar callback - Introduced a new Redis key that indicates event was updated by calendar callback. In that case, we ignore subsequent callbacks for 10 seconds. - This reduces the amount of Google API calls, including handling of the unneeded callback generated by our own event change. - Read event from DB after acquiring lock. This is critical since we get the updated ETag of the Google Calendar event from our DB. Using the previous ETag when fetching event sometimes returns stale data, resulting in duplicate events. - Fixed bug in getCalendarLock where calendar cron would always think it got the lock - Do not refetch timezone during calendar callback to reduce Google API load - Watch for calendar event changes for 1 week after event end (to account for user moving event into the future) - #20442: Speculative improvement for Google callback latency by keeping the same notification channel (callback URL). - processCalendarAsync now takes at least 1 sec to process all events, to reduce CPU/Redis load - Increased lock expiration time from 1 minute to 20 minutes to account for potential Google API retries, fixing occasional duplicate events. - Added `get-events.go` helper script that gets maintenance events from user calendars, and checks for duplicates # Checklist for submitter - [x] Changes file added for user-visible changes in `changes/`, `orbit/changes/` or `ee/fleetd-chrome/changes`. - [x] Added/updated tests - [x] Manual QA for all new/changed functionality
2024-07-24 11:40:33 +00:00
logger,
incomplete implementation of device wipe and lock (#9947)
2023-02-22 20:11:44 +00:00
fleetConfig,
mailer,
c,
depStorage,
19016 ingest certs on start (#19360) For #19016 This changes all the places where we previously assumed that certs were hardcoded when the Fleet server started to query the database instead. The plan is to loadtest afterwards, but as a first preemptive measure, this adds a caching layer on top the mysql datastore. # Checklist for submitter If some of the following don't apply, delete the relevant line. <!-- Note that API documentation changes are now addressed by the product design team. --> - [x] Added/updated tests - [x] If database migrations are included, checked table schema to confirm autoupdate - For database migrations: - [x] Checked schema for all modified table for columns that will auto-update timestamps during migration. - [x] Confirmed that updating the timestamps is acceptable, and will not cause unwanted side effects. - [x] Ensured the correct collation is explicitly set for character columns (`COLLATE utf8mb4_unicode_ci`). - [x] Manual QA for all new/changed functionality
2024-05-30 21:18:42 +00:00
apple_mdm.NewMDMAppleCommander(mdmStorage, mdmPusher),
gate DEP enrollment behind SSO when configured (#11309) #10739 Co-authored-by: Gabriel Hernandez <ghernandez345@gmail.com> Co-authored-by: gillespi314 <73313222+gillespi314@users.noreply.github.com>
2023-04-27 12:43:20 +00:00
ssoStore,
Implement preassign endpoint as first step to match profiles and hosts to teams (#12046)
2023-05-31 13:24:22 +00:00
profMatcher,
Implement software installer storage for S3 and local filesystem (#18493)
2024-04-24 14:18:58 +00:00
softwareInstallStore,
Feature branch for the Store Bootstrap Packages in S3 story (#21260)
2024-08-13 12:27:10 +00:00
bootstrapPackageStore,
Add custom software icons (#32652) For #29478, sans GitOps. --------- Co-authored-by: RachelElysia <71795832+RachelElysia@users.noreply.github.com> Co-authored-by: Konstantin Sykulev <konst@sykulev.com>
2025-09-05 22:31:03 +00:00
softwareTitleIconStore,
Distributed lock and store calendar_events UUID as binary in MySQL (#20277) #19352 Fix for code review comment: https://github.com/fleetdm/fleet/pull/20156#discussion_r1668421504 Also includes changes from https://github.com/fleetdm/fleet/pull/20252 # Checklist for submitter If some of the following don't apply, delete the relevant line. <!-- Note that API documentation changes are now addressed by the product design team. --> - [x] Added/updated tests - [x] If database migrations are included, checked table schema to confirm autoupdate - For database migrations: - [x] Checked schema for all modified table for columns that will auto-update timestamps during migration. - [x] Confirmed that updating the timestamps is acceptable, and will not cause unwanted side effects. - [x] Ensured the correct collation is explicitly set for character columns (`COLLATE utf8mb4_unicode_ci`). - [x] Manual QA for all new/changed functionality
2024-07-10 13:49:05 +00:00
distributedLock,
Make software batch endpoint asynchronous (#22258) #22069 API changes: https://github.com/fleetdm/fleet/pull/22259 QAd by applying 10 pieces of software on a team, which took 3+ minutes in total (which, before these changes was timing out at 100s.) With this approach, a GitOps CI run timing out might leave the background process running (which will eventually be applied to the database). The team discussed and agreed that we can fix this edge case later. - [X] Changes file added for user-visible changes in `changes/`, `orbit/changes/` or `ee/fleetd-chrome/changes`. See [Changes files](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/Committing-Changes.md#changes-files) for more information. - [X] Input data is properly validated, `SELECT *` is avoided, SQL injection is prevented (using placeholders for values in statements) - [X] Added/updated tests - [X] Manual QA for all new/changed functionality
2024-09-20 14:55:47 +00:00
keyValueStore,
Hydrant CA Feature Branch (#31807) There are still some TODOs particularly within Gitops test code which will be worked on in a followup PR # Checklist for submitter If some of the following don't apply, delete the relevant line. - [x] Changes file added for user-visible changes in `changes/`, `orbit/changes/` or `ee/fleetd-chrome/changes`. See [Changes files](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/guides/committing-changes.md#changes-files) for more information. - [x] Input data is properly validated, `SELECT *` is avoided, SQL injection is prevented (using placeholders for values in statements) - [x] If paths of existing endpoints are modified without backwards compatibility, checked the frontend/CLI for any necessary changes ## Testing - [x] Added/updated automated tests - [x] Where appropriate, [automated tests simulate multiple hosts and test for host isolation](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/reference/patterns-backend.md#unit-testing) (updates to one hosts's records do not affect another) - [ ] QA'd all new/changed functionality manually For unreleased bug fixes in a release candidate, one of: - [x] Confirmed that the fix is not expected to adversely impact load test results - [x] Alerted the release DRI if additional load testing is needed ## Database migrations - [x] Checked table schema to confirm autoupdate - [x] Checked schema for all modified table for columns that will auto-update timestamps during migration. - [x] Confirmed that updating the timestamps is acceptable, and will not cause unwanted side effects. - [x] Ensured the correct collation is explicitly set for character columns (`COLLATE utf8mb4_unicode_ci`). ## New Fleet configuration settings - [ ] Setting(s) is/are explicitly excluded from GitOps If you didn't check the box above, follow this checklist for GitOps-enabled settings: - [ ] Verified that the setting is exported via `fleetctl generate-gitops` - [x] Verified the setting is documented in a separate PR to [the GitOps documentation](https://github.com/fleetdm/fleet/blob/main/docs/Configuration/yaml-files.md#L485) - [x] Verified that the setting is cleared on the server if it is not supplied in a YAML file (or that it is documented as being optional) - [x] Verified that any relevant UI is disabled when GitOps mode is enabled --------- Co-authored-by: Gabriel Hernandez <ghernandez345@gmail.com> Co-authored-by: Magnus Jensen <magnus@fleetdm.com> Co-authored-by: Sarah Gillespie <73313222+gillespi314@users.noreply.github.com>
2025-09-04 16:39:41 +00:00
scepConfigService,
digiCertService,
hydrantService,
incomplete implementation of device wipe and lock (#9947)
2023-02-22 20:11:44 +00:00
)
Issue 1600 fleetctl license expiration (#1800) * Show banner in fleet and fleetctl if license expired * Ignore if license is nil or tier is core * Address review comments
2021-08-26 13:28:53 +00:00
if err != nil {
panic(err)
}
Issue 1361 fleetctl teams (#1405) * WIP * Add get user_roles and apply for a user_roles spec to fleetctl * Uncomment other tests * Update test to check output * Update test with the new struct * Mock token so that it doesn't pick up the one in the local machine * Address review comments * Fix printJSON and printYaml * Fix merge conflict error * WIP * wip * wip * Finish implementation * Address review comments * Fix flaky test
2021-07-19 19:48:49 +00:00
}
Refactor license so it is stored in the context (#8544)
2022-11-15 14:08:05 +00:00
return svc, ctx
Issue 1361 fleetctl teams (#1405) * WIP * Add get user_roles and apply for a user_roles spec to fleetctl * Uncomment other tests * Update test to check output * Update test with the new struct * Mock token so that it doesn't pick up the one in the local machine * Address review comments * Fix printJSON and printYaml * Fix merge conflict error * WIP * wip * wip * Finish implementation * Address review comments * Fix flaky test
2021-07-19 19:48:49 +00:00
}
Refactor license so it is stored in the context (#8544)
2022-11-15 14:08:05 +00:00
func newTestServiceWithClock(t *testing.T, ds fleet.Datastore, rs fleet.QueryResultStore, lq fleet.LiveQueryStore, c clock.Clock) (fleet.Service, context.Context) {
add logging settings to config api response (#1467) - add docker-compose file for locally testing aws dependencies - update firehose & kinesis configs to optionally supply endpoint url override - serialize `logging` field in appconfig api response
2021-07-30 15:45:49 +00:00
testConfig := config.TestConfig()
Refactor license so it is stored in the context (#8544)
2022-11-15 14:08:05 +00:00
return newTestServiceWithConfig(t, ds, testConfig, rs, lq, &TestServerOpts{
Global policies automation webhooks (#3378) * Add webhook to app config * Add redis failing policies set and webhook * Add basic webhook test * Store hostname in redis * Global policy deletion to remove policy ID from set and config * Also process new passing policies * Fix unit test * Sort hosts * Add more tests * Add ListSets to the failing policies interface * Fix server URL and garbage collect on the triggering side * Do not use Redis SCAN * Fix Redis operation order * Add API changes to doc * Add comments * Add more tests * Fix tests * Add tests for config update upon deletion of policies * Run make dump-test-schema * Ignore policies that failed to run * Add proper unit tests to trigger logic * Fix comments * WIP * Add tests to service_osquerty_test.go * Use SSCAN for listing hosts instead of SMEMBERS * Add failing policies to docs/01-Using-Fleet/configuration-files/README.md * Remove skip * Fix PR comments
2021-12-23 21:26:55 +00:00
Clock: c,
})
App Settings - /admin/settings #363 (#590)
2016-12-20 21:54:30 +00:00
}
Remove kolide types and packages from backend (#974) Generally renamed `kolide` -> `fleet`
2021-06-06 22:07:29 +00:00
func createTestUsers(t *testing.T, ds fleet.Datastore) map[string]fleet.User {
users := make(map[string]fleet.User)
Fix TestIntegrations/TestUsers flaky test (#18251) ``` --- FAIL: TestIntegrations (47.44s) --- FAIL: TestIntegrations/TestUsers (1.42s) integration_core_test.go:4198: Error Trace: /Users/tim/workspace/fleet/server/service/integration_core_test.go:4198 Error: Not equal: expected: 0x2 actual : 0x1 Test: TestIntegrations/TestUsers ```
2024-04-16 21:40:29 +00:00
// Map iteration is random so we sort and iterate using the testUsers keys.
var keys []string
for key := range testUsers {
keys = append(keys, key)
}
sort.Strings(keys)
Add read replica testing helpers and fix non-sso login bug (#4908) not set on the INSERT. - OUT: Only sets the ID on the passed session and returns it. (`CreatedAt`, `AccessedAt`, are not set.) New version: ```go func (ds *Datastore) NewSession(ctx context.Context, userID uint, sessionKey string) (*fleet.Session, error) { sqlStatement := ` INSERT INTO sessions ( user_id, ` + "`key`" + ` ) VALUES(?,?) ` result, err := ds.writer.ExecContext(ctx, sqlStatement, userID, sessionKey) if err != nil { return nil, ctxerr.Wrap(ctx, err, "inserting session") } id, _ := result.LastInsertId() // cannot fail with the mysql driver return ds.sessionByID(ctx, ds.writer, uint(id)) } ``` - IN: Define arguments that are truly used when creating a session. - OUT: Load and return the fleet.Session struct with all values set (using the `ds.writer` to support read replicas correctly). PS: The new `NewSession` version mimics what we already do with other entities, like policies (`Datastore.NewGlobalPolicy`).
2022-04-04 23:52:05 +00:00
userID := uint(1)
Fix TestIntegrations/TestUsers flaky test (#18251) ``` --- FAIL: TestIntegrations (47.44s) --- FAIL: TestIntegrations/TestUsers (1.42s) integration_core_test.go:4198: Error Trace: /Users/tim/workspace/fleet/server/service/integration_core_test.go:4198 Error: Not equal: expected: 0x2 actual : 0x1 Test: TestIntegrations/TestUsers ```
2024-04-16 21:40:29 +00:00
for _, key := range keys {
u := testUsers[key]
Remove kolide types and packages from backend (#974) Generally renamed `kolide` -> `fleet`
2021-06-06 22:07:29 +00:00
user := &fleet.User{
Fix TestIntegrations/TestUsers flaky test (#18251) ``` --- FAIL: TestIntegrations (47.44s) --- FAIL: TestIntegrations/TestUsers (1.42s) integration_core_test.go:4198: Error Trace: /Users/tim/workspace/fleet/server/service/integration_core_test.go:4198 Error: Not equal: expected: 0x2 actual : 0x1 Test: TestIntegrations/TestUsers ```
2024-04-16 21:40:29 +00:00
ID: userID, // We need to set this in case ds is a mocked Datastore.
Issue 1286 improve errors (#1322) * Refactor error handling for better extensibility and add more scaffolding for specific db errors * Add integration tests to check errors from mysql are translated properly * Address review comments * Add changes file
2021-07-08 15:50:43 +00:00
Name: "Test Name " + u.Email,
Email: u.Email,
SCIM integration tests (#27750) For #27287 This PR adds integration tests for SCIM API endpoints as well as some bug fixes found by these tests. # Checklist for submitter - [x] Added/updated automated tests - [x] Manual QA for all new/changed functionality
2025-04-04 16:00:46 +00:00
GlobalRole: u.GlobalRole,
Adds endpoints to invite new users to the application. (#235) User service checks that tokens are valid on new user signups. Closes #230
2016-09-29 02:44:05 +00:00
}
err := user.SetPassword(u.PlaintextPassword, 10, 10)
require.Nil(t, err)
Add support for context in datastore/mysql layer (#1962) This is just to pass down the context to the datastore layer, it doesn't use it just yet - this will be in a follow-up PR.
2021-09-14 12:11:07 +00:00
user, err = ds.NewUser(context.Background(), user)
Adds endpoints to invite new users to the application. (#235) User service checks that tokens are valid on new user signups. Closes #230
2016-09-29 02:44:05 +00:00
require.Nil(t, err)
Remove username from UI (#1168) * Remove username from UI code * Remove username from tests * Remove username from database * Modify server endpoints for removing username * Implement backend aspects of removing username * Update API docs * Add name to fleetctl
2021-06-24 20:42:29 +00:00
users[user.Email] = *user
Add read replica testing helpers and fix non-sso login bug (#4908) not set on the INSERT. - OUT: Only sets the ID on the passed session and returns it. (`CreatedAt`, `AccessedAt`, are not set.) New version: ```go func (ds *Datastore) NewSession(ctx context.Context, userID uint, sessionKey string) (*fleet.Session, error) { sqlStatement := ` INSERT INTO sessions ( user_id, ` + "`key`" + ` ) VALUES(?,?) ` result, err := ds.writer.ExecContext(ctx, sqlStatement, userID, sessionKey) if err != nil { return nil, ctxerr.Wrap(ctx, err, "inserting session") } id, _ := result.LastInsertId() // cannot fail with the mysql driver return ds.sessionByID(ctx, ds.writer, uint(id)) } ``` - IN: Define arguments that are truly used when creating a session. - OUT: Load and return the fleet.Session struct with all values set (using the `ds.writer` to support read replicas correctly). PS: The new `NewSession` version mimics what we already do with other entities, like policies (`Datastore.NewGlobalPolicy`).
2022-04-04 23:52:05 +00:00
userID++
Adds endpoints to invite new users to the application. (#235) User service checks that tokens are valid on new user signups. Closes #230
2016-09-29 02:44:05 +00:00
}
return users
}
SCIM integration tests (#27750) For #27287 This PR adds integration tests for SCIM API endpoints as well as some bug fixes found by these tests. # Checklist for submitter - [x] Added/updated automated tests - [x] Manual QA for all new/changed functionality
2025-04-04 16:00:46 +00:00
const (
TestAdminUserEmail = "admin1@example.com"
TestMaintainerUserEmail = "user1@example.com"
TestObserverUserEmail = "user2@example.com"
)
Adds endpoints to invite new users to the application. (#235) User service checks that tokens are valid on new user signups. Closes #230
2016-09-29 02:44:05 +00:00
var testUsers = map[string]struct {
Email string
PlaintextPassword string
Refactor usage of null values in Teams models (#863) - Use pointers rather than null package types. - Use new internal ptr package. - Improved handling of changing user teams/roles.
2021-05-25 22:46:46 +00:00
GlobalRole *string
Adds endpoints to invite new users to the application. (#235) User service checks that tokens are valid on new user signups. Closes #230
2016-09-29 02:44:05 +00:00
}{
"admin1": {
Increase minimum password length to 12 characters (#5712)
2022-05-18 17:03:00 +00:00
PlaintextPassword: test.GoodPassword,
SCIM integration tests (#27750) For #27287 This PR adds integration tests for SCIM API endpoints as well as some bug fixes found by these tests. # Checklist for submitter - [x] Added/updated automated tests - [x] Manual QA for all new/changed functionality
2025-04-04 16:00:46 +00:00
Email: TestAdminUserEmail,
Remove kolide types and packages from backend (#974) Generally renamed `kolide` -> `fleet`
2021-06-06 22:07:29 +00:00
GlobalRole: ptr.String(fleet.RoleAdmin),
Adds endpoints to invite new users to the application. (#235) User service checks that tokens are valid on new user signups. Closes #230
2016-09-29 02:44:05 +00:00
},
"user1": {
Increase minimum password length to 12 characters (#5712)
2022-05-18 17:03:00 +00:00
PlaintextPassword: test.GoodPassword,
SCIM integration tests (#27750) For #27287 This PR adds integration tests for SCIM API endpoints as well as some bug fixes found by these tests. # Checklist for submitter - [x] Added/updated automated tests - [x] Manual QA for all new/changed functionality
2025-04-04 16:00:46 +00:00
Email: TestMaintainerUserEmail,
Remove kolide types and packages from backend (#974) Generally renamed `kolide` -> `fleet`
2021-06-06 22:07:29 +00:00
GlobalRole: ptr.String(fleet.RoleMaintainer),
Adds endpoints to invite new users to the application. (#235) User service checks that tokens are valid on new user signups. Closes #230
2016-09-29 02:44:05 +00:00
},
"user2": {
Increase minimum password length to 12 characters (#5712)
2022-05-18 17:03:00 +00:00
PlaintextPassword: test.GoodPassword,
SCIM integration tests (#27750) For #27287 This PR adds integration tests for SCIM API endpoints as well as some bug fixes found by these tests. # Checklist for submitter - [x] Added/updated automated tests - [x] Manual QA for all new/changed functionality
2025-04-04 16:00:46 +00:00
Email: TestObserverUserEmail,
Remove kolide types and packages from backend (#974) Generally renamed `kolide` -> `fleet`
2021-06-06 22:07:29 +00:00
GlobalRole: ptr.String(fleet.RoleObserver),
Adds endpoints to invite new users to the application. (#235) User service checks that tokens are valid on new user signups. Closes #230
2016-09-29 02:44:05 +00:00
},
}
Keep created_at timestamp of existing enroll secrets (#8062)
2022-10-05 12:35:36 +00:00
func createEnrollSecrets(t *testing.T, count int) []*fleet.EnrollSecret {
secrets := make([]*fleet.EnrollSecret, count)
for i := 0; i < count; i++ {
secrets[i] = &fleet.EnrollSecret{Secret: fmt.Sprintf("testSecret%d", i)}
}
return secrets
}
Adds endpoints to invite new users to the application. (#235) User service checks that tokens are valid on new user signups. Closes #230
2016-09-29 02:44:05 +00:00
type mockMailService struct {
Remove kolide types and packages from backend (#974) Generally renamed `kolide` -> `fleet`
2021-06-06 22:07:29 +00:00
SendEmailFn func(e fleet.Email) error
Adds endpoints to invite new users to the application. (#235) User service checks that tokens are valid on new user signups. Closes #230
2016-09-29 02:44:05 +00:00
Invoked bool
}
Migrate from `aws-sdk-go` v1 to v2 (#30308) #29482 [Migrate to the AWS SDK for Go v2](https://docs.aws.amazon.com/sdk-for-go/v2/developer-guide/migrate-gosdk.html) documents how to migrate codebases. QA on features that use AWS SDK Go: - Bootstrap package: - upload: ✅ - download: ✅ - cleanup: ✅ - Software (upload, download, installation, etc.) ✅ - Cloudfront: Luckly, this feature was already using aws-sdk-go-v2. - Carves ✅ - Logging: - Firehose ✅ - Kinesis ✅ - Lambda ✅ (tested result logs to a lambda function on our AWS Dogfood account) - Email: - Amazon SES TODO ⚠️ (this is what Dogfood uses and a few customers) - We cannot easily test locally, we can use dogfood or load testing (AWS) environments. --- - [X] Changes file added for user-visible changes in `changes/`, `orbit/changes/` or `ee/fleetd-chrome/changes`. See [Changes files](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/guides/committing-changes.md#changes-files) for more information. - [ ] Manual QA for all new/changed functionality
2025-06-30 20:45:39 +00:00
func (svc *mockMailService) SendEmail(ctx context.Context, e fleet.Email) error {
Adds endpoints to invite new users to the application. (#235) User service checks that tokens are valid on new user signups. Closes #230
2016-09-29 02:44:05 +00:00
svc.Invoked = true
return svc.SendEmailFn(e)
}
Issue 1362 fleetctl user roles (#1397) * WIP * Add get user_roles and apply for a user_roles spec to fleetctl * Uncomment other tests * Update test to check output * Update test with the new struct * Mock token so that it doesn't pick up the one in the local machine * Address review comments * Fix printJSON and printYaml * Fix merge conflict error * If both roles are specified, fail * Fix test * Switch arguments around * Update test with the new rule * Fix other tests that fell through the cracks
2021-07-16 18:28:13 +00:00
Allow opting in users to email verification on login (#24273) #22790 Changes file is on the FE PR. # Checklist for submitter If some of the following don't apply, delete the relevant line. <!-- Note that API documentation changes are now addressed by the product design team. --> - [x] Input data is properly validated, `SELECT *` is avoided, SQL injection is prevented (using placeholders for values in statements) - [x] Added/updated tests - [x] If database migrations are included, checked table schema to confirm autoupdate - For database migrations: - [x] Checked schema for all modified table for columns that will auto-update timestamps during migration. - [x] Confirmed that updating the timestamps is acceptable, and will not cause unwanted side effects. - [x] Ensured the correct collation is explicitly set for character columns (`COLLATE utf8mb4_unicode_ci`). - [x] Manual QA for all new/changed functionality
2024-12-05 14:37:10 +00:00
func (svc *mockMailService) CanSendEmail(smtpSettings fleet.SMTPSettings) bool {
return smtpSettings.SMTPConfigured
}
Implement schedule triggers (#8747)
2022-11-28 19:28:06 +00:00
type TestNewScheduleFunc func(ctx context.Context, ds fleet.Datastore) fleet.NewCronScheduleFunc
Added auth.require_http_message_signature server option. (#30983) For #30947 # Checklist for submitter - [x] Input data is properly validated, `SELECT *` is avoided, SQL injection is prevented (using placeholders for values in statements) - [x] Added/updated automated tests <!-- This is an auto-generated comment: release notes by coderabbit.ai --> ## Summary by CodeRabbit * **New Features** * Added support for requiring HTTP message signatures for fleetd requests, configurable via a new setting. * Enhanced middleware to enforce HTTP message signature requirements when enabled. * **Tests** * Introduced integration tests to verify host identity endpoints enforce HTTP message signature requirements. * Updated test utilities and suite setup to support configurable signature enforcement. * **Chores** * Refactored configuration and test server options to support the new signature enforcement feature. <!-- end of auto-generated comment: release notes by coderabbit.ai -->
2025-07-17 11:23:19 +00:00
// HostIdentity combines host identity-related test options
type HostIdentity struct {
SCEPStorage scep_depot.Depot
RequireHTTPMessageSignature bool
}
Issue 1361 fleetctl teams (#1405) * WIP * Add get user_roles and apply for a user_roles spec to fleetctl * Uncomment other tests * Update test to check output * Update test with the new struct * Mock token so that it doesn't pick up the one in the local machine * Address review comments * Fix printJSON and printYaml * Fix merge conflict error * WIP * wip * wip * Finish implementation * Address review comments * Fix flaky test
2021-07-19 19:48:49 +00:00
type TestServerOpts struct {
Microsoft Compliance Partner backend changes (#29540) For #27042. Ready for review, just missing integration tests that I will be writing today. - [X] Changes file added for user-visible changes in `changes/`, `orbit/changes/` or `ee/fleetd-chrome/changes`. See [Changes files](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/guides/committing-changes.md#changes-files) for more information. - [X] Input data is properly validated, `SELECT *` is avoided, SQL injection is prevented (using placeholders for values in statements) - [ ] Added support on fleet's osquery simulator `cmd/osquery-perf` for new osquery data ingestion features. - [X] If database migrations are included, checked table schema to confirm autoupdate - For new Fleet configuration settings - [X] Verified that the setting can be managed via GitOps, or confirmed that the setting is explicitly being excluded from GitOps. If managing via Gitops: - [X] Verified that the setting is exported via `fleetctl generate-gitops` - [X] Added the setting to [the GitOps documentation](https://github.com/fleetdm/fleet/blob/main/docs/Configuration/yaml-files.md#L485) - [X] Verified that the setting is cleared on the server if it is not supplied in a YAML file (or that it is documented as being optional) - [x] Verified that any relevant UI is disabled when GitOps mode is enabled - For database migrations: - [X] Checked schema for all modified table for columns that will auto-update timestamps during migration. - [X] Confirmed that updating the timestamps is acceptable, and will not cause unwanted side effects. - [X] Ensured the correct collation is explicitly set for character columns (`COLLATE utf8mb4_unicode_ci`). - [x] Added/updated automated tests - [X] Manual QA for all new/changed functionality --------- Co-authored-by: jacobshandling <61553566+jacobshandling@users.noreply.github.com> Co-authored-by: Jacob Shandling <jacob@fleetdm.com>
2025-06-11 17:22:46 +00:00
Logger kitlog.Logger
License *fleet.LicenseInfo
SkipCreateTestUsers bool
Rs fleet.QueryResultStore
Lq fleet.LiveQueryStore
Pool fleet.RedisPool
FailingPolicySet fleet.FailingPolicySet
Clock clock.Clock
Task *async.Task
EnrollHostLimiter fleet.EnrollHostLimiter
Is fleet.InstallerStore
FleetConfig *config.FleetConfig
MDMStorage fleet.MDMAppleStore
DEPStorage nanodep_storage.AllDEPStorage
SCEPStorage scep_depot.Depot
MDMPusher nanomdm_push.Pusher
HTTPServerConfig *http.Server
StartCronSchedules []TestNewScheduleFunc
UseMailService bool
APNSTopic string
ProfileMatcher fleet.ProfileMatcher
EnableCachedDS bool
NoCacheDatastore bool
SoftwareInstallStore fleet.SoftwareInstallerStore
BootstrapPackageStore fleet.MDMBootstrapPackageStore
Add custom software icons (#32652) For #29478, sans GitOps. --------- Co-authored-by: RachelElysia <71795832+RachelElysia@users.noreply.github.com> Co-authored-by: Konstantin Sykulev <konst@sykulev.com>
2025-09-05 22:31:03 +00:00
SoftwareTitleIconStore fleet.SoftwareTitleIconStore
Microsoft Compliance Partner backend changes (#29540) For #27042. Ready for review, just missing integration tests that I will be writing today. - [X] Changes file added for user-visible changes in `changes/`, `orbit/changes/` or `ee/fleetd-chrome/changes`. See [Changes files](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/guides/committing-changes.md#changes-files) for more information. - [X] Input data is properly validated, `SELECT *` is avoided, SQL injection is prevented (using placeholders for values in statements) - [ ] Added support on fleet's osquery simulator `cmd/osquery-perf` for new osquery data ingestion features. - [X] If database migrations are included, checked table schema to confirm autoupdate - For new Fleet configuration settings - [X] Verified that the setting can be managed via GitOps, or confirmed that the setting is explicitly being excluded from GitOps. If managing via Gitops: - [X] Verified that the setting is exported via `fleetctl generate-gitops` - [X] Added the setting to [the GitOps documentation](https://github.com/fleetdm/fleet/blob/main/docs/Configuration/yaml-files.md#L485) - [X] Verified that the setting is cleared on the server if it is not supplied in a YAML file (or that it is documented as being optional) - [x] Verified that any relevant UI is disabled when GitOps mode is enabled - For database migrations: - [X] Checked schema for all modified table for columns that will auto-update timestamps during migration. - [X] Confirmed that updating the timestamps is acceptable, and will not cause unwanted side effects. - [X] Ensured the correct collation is explicitly set for character columns (`COLLATE utf8mb4_unicode_ci`). - [x] Added/updated automated tests - [X] Manual QA for all new/changed functionality --------- Co-authored-by: jacobshandling <61553566+jacobshandling@users.noreply.github.com> Co-authored-by: Jacob Shandling <jacob@fleetdm.com>
2025-06-11 17:22:46 +00:00
KeyValueStore fleet.KeyValueStore
EnableSCEPProxy bool
WithDEPWebview bool
FeatureRoutes []endpoint_utils.HandlerRoutesFunc
SCEPConfigService fleet.SCEPConfigService
DigiCertService fleet.DigiCertService
EnableSCIM bool
ConditionalAccessMicrosoftProxy ConditionalAccessMicrosoftProxy
Added auth.require_http_message_signature server option. (#30983) For #30947 # Checklist for submitter - [x] Input data is properly validated, `SELECT *` is avoided, SQL injection is prevented (using placeholders for values in statements) - [x] Added/updated automated tests <!-- This is an auto-generated comment: release notes by coderabbit.ai --> ## Summary by CodeRabbit * **New Features** * Added support for requiring HTTP message signatures for fleetd requests, configurable via a new setting. * Enhanced middleware to enforce HTTP message signature requirements when enabled. * **Tests** * Introduced integration tests to verify host identity endpoints enforce HTTP message signature requirements. * Updated test utilities and suite setup to support configurable signature enforcement. * **Chores** * Refactored configuration and test server options to support the new signature enforcement feature. <!-- end of auto-generated comment: release notes by coderabbit.ai -->
2025-07-17 11:23:19 +00:00
HostIdentity *HostIdentity
Issue 1361 fleetctl teams (#1405) * WIP * Add get user_roles and apply for a user_roles spec to fleetctl * Uncomment other tests * Update test to check output * Update test with the new struct * Mock token so that it doesn't pick up the one in the local machine * Address review comments * Fix printJSON and printYaml * Fix merge conflict error * WIP * wip * wip * Finish implementation * Address review comments * Fix flaky test
2021-07-19 19:48:49 +00:00
}
Support async saving of hosts' last seen time (#5640)
2022-05-10 15:29:17 +00:00
func RunServerForTestsWithDS(t *testing.T, ds fleet.Datastore, opts ...*TestServerOpts) (map[string]fleet.User, *httptest.Server) {
prevent live queries to stall if a detail query override was set for a team (#14296) alternative approach for #14286
2023-10-04 20:02:55 +00:00
if len(opts) > 0 && opts[0].EnableCachedDS {
ds = cached_mysql.New(ds)
}
consolidate sandbox env flags (#6917) Related to #6894, this entirely replaces FLEET_DEMO with the server config added in #6597 As part of this, I also implemented a small refactor to the integration test suite to allow setting a custom config when the server is initialized.
2022-07-27 19:47:39 +00:00
cfg := config.TestConfig()
if len(opts) > 0 && opts[0].FleetConfig != nil {
cfg = *opts[0].FleetConfig
}
Scaffold for new integration tests. (#26747) For #26219 Created a scaffold for server/service integration tests going forward. - separate package - no dependency on testify Suite
2025-03-04 18:04:25 +00:00
svc, ctx := NewTestService(t, ds, cfg, opts...)
return RunServerForTestsWithServiceWithDS(t, ctx, ds, svc, opts...)
}
func RunServerForTestsWithServiceWithDS(t *testing.T, ctx context.Context, ds fleet.Datastore, svc fleet.Service,
Update error message for VerifyMDMWindowsConfigured (#28646)
2025-04-29 19:11:31 +00:00
opts ...*TestServerOpts,
) (map[string]fleet.User, *httptest.Server) {
Scaffold for new integration tests. (#26747) For #26219 Created a scaffold for server/service integration tests going forward. - separate package - no dependency on testify Suite
2025-03-04 18:04:25 +00:00
var cfg config.FleetConfig
if len(opts) > 0 && opts[0].FleetConfig != nil {
cfg = *opts[0].FleetConfig
} else {
cfg = config.TestConfig()
}
Issue 1600 fleetctl license expiration (#1800) * Show banner in fleet and fleetctl if license expired * Ignore if license is nil or tier is core * Address review comments
2021-08-26 13:28:53 +00:00
users := map[string]fleet.User{}
if len(opts) == 0 || (len(opts) > 0 && !opts[0].SkipCreateTestUsers) {
users = createTestUsers(t, ds)
Issue 1361 fleetctl teams (#1405) * WIP * Add get user_roles and apply for a user_roles spec to fleetctl * Uncomment other tests * Update test to check output * Update test with the new struct * Mock token so that it doesn't pick up the one in the local machine * Address review comments * Fix printJSON and printYaml * Fix merge conflict error * WIP * wip * wip * Finish implementation * Address review comments * Fix flaky test
2021-07-19 19:48:49 +00:00
}
Issue 1362 fleetctl user roles (#1397) * WIP * Add get user_roles and apply for a user_roles spec to fleetctl * Uncomment other tests * Update test to check output * Update test with the new struct * Mock token so that it doesn't pick up the one in the local machine * Address review comments * Fix printJSON and printYaml * Fix merge conflict error * If both roles are specified, fail * Fix test * Switch arguments around * Update test with the new rule * Fix other tests that fell through the cracks
2021-07-16 18:28:13 +00:00
logger := kitlog.NewLogfmtLogger(os.Stdout)
Move logger up to the HTTP layer and make it generic (#1439) * Add basic idea * Implement the new logging strategy everywhere * Remove unused const * Add tests and fix error cases * Fix logging in osquery service * If there are extras, log info unless force debug * Change to info * Fix test * Make logging context more chainable and force info for sessions
2021-08-02 22:06:27 +00:00
if len(opts) > 0 && opts[0].Logger != nil {
logger = opts[0].Logger
Issue 1362 fleetctl user roles (#1397) * WIP * Add get user_roles and apply for a user_roles spec to fleetctl * Uncomment other tests * Update test to check output * Update test with the new struct * Mock token so that it doesn't pick up the one in the local machine * Address review comments * Fix printJSON and printYaml * Fix merge conflict error * If both roles are specified, fail * Fix test * Switch arguments around * Update test with the new rule * Fix other tests that fell through the cracks
2021-07-16 18:28:13 +00:00
}
install fleetd on DEP enrolled hosts during enrollment (#10971) https://github.com/fleetdm/fleet/issues/9459
2023-04-05 23:52:26 +00:00
var mdmPusher nanomdm_push.Pusher
if len(opts) > 0 && opts[0].MDMPusher != nil {
mdmPusher = opts[0].MDMPusher
}
Move logger up to the HTTP layer and make it generic (#1439) * Add basic idea * Implement the new logging strategy everywhere * Remove unused const * Add tests and fix error cases * Fix logging in osquery service * If there are extras, log info unless force debug * Change to info * Fix test * Make logging context more chainable and force info for sessions
2021-08-02 22:06:27 +00:00
limitStore, _ := memstore.New(0)
use nanomdm's multi service + integration tests and fixes (#9269) **Use nano's multi service** This allows us to integrate more seamlessly with nano and to run our custom MDM logic _after_ the request was handled by nano, which gives us more flexibility (for example: now we can issue commands after a TokenUpdate message) From nano's code: > MultiService executes multiple services for the same service calls. > The first service returns values or errors to the caller. We give the > first service a chance to alter any 'core' request data (say, the > Enrollment ID) by waiting for it to finish then we run the remaining > services' calls in parallel. **Integration tests + fixes** - Move some of the service logic from `cmd/` to `server/service` - Add integration tests for the MDM enrollment flow, including SCEP authentication. - Fixed a bug that set `host_mdm.mdm_id = 0` during MDM enrollment due to how MySQL reports the last insert id when `ON DUPLICATE KEY` is used. - Completely remove the host row from `host_mdm` when a device is unenrolled from MDM to match the behavior of how we ingest MDM data from osquery Related to https://github.com/fleetdm/fleet/issues/8708, https://github.com/fleetdm/fleet/issues/9034
2023-01-16 20:06:30 +00:00
rootMux := http.NewServeMux()
if len(opts) > 0 {
mdmStorage := opts[0].MDMStorage
scepStorage := opts[0].SCEPStorage
19016 ingest certs on start (#19360) For #19016 This changes all the places where we previously assumed that certs were hardcoded when the Fleet server started to query the database instead. The plan is to loadtest afterwards, but as a first preemptive measure, this adds a caching layer on top the mysql datastore. # Checklist for submitter If some of the following don't apply, delete the relevant line. <!-- Note that API documentation changes are now addressed by the product design team. --> - [x] Added/updated tests - [x] If database migrations are included, checked table schema to confirm autoupdate - For database migrations: - [x] Checked schema for all modified table for columns that will auto-update timestamps during migration. - [x] Confirmed that updating the timestamps is acceptable, and will not cause unwanted side effects. - [x] Ensured the correct collation is explicitly set for character columns (`COLLATE utf8mb4_unicode_ci`). - [x] Manual QA for all new/changed functionality
2024-05-30 21:18:42 +00:00
commander := apple_mdm.NewMDMAppleCommander(mdmStorage, mdmPusher)
use nanomdm's multi service + integration tests and fixes (#9269) **Use nano's multi service** This allows us to integrate more seamlessly with nano and to run our custom MDM logic _after_ the request was handled by nano, which gives us more flexibility (for example: now we can issue commands after a TokenUpdate message) From nano's code: > MultiService executes multiple services for the same service calls. > The first service returns values or errors to the caller. We give the > first service a chance to alter any 'core' request data (say, the > Enrollment ID) by waiting for it to finish then we run the remaining > services' calls in parallel. **Integration tests + fixes** - Move some of the service logic from `cmd/` to `server/service` - Add integration tests for the MDM enrollment flow, including SCEP authentication. - Fixed a bug that set `host_mdm.mdm_id = 0` during MDM enrollment due to how MySQL reports the last insert id when `ON DUPLICATE KEY` is used. - Completely remove the host row from `host_mdm` when a device is unenrolled from MDM to match the behavior of how we ingest MDM data from osquery Related to https://github.com/fleetdm/fleet/issues/8708, https://github.com/fleetdm/fleet/issues/9034
2023-01-16 20:06:30 +00:00
if mdmStorage != nil && scepStorage != nil {
Verify VPP: core implementation (#30295) # Checklist for submitter If some of the following don't apply, delete the relevant line. <!-- Note that API documentation changes are now addressed by the product design team. --> - [x] Changes file added for user-visible changes in `changes/`, `orbit/changes/` or `ee/fleetd-chrome/changes`. See [Changes files](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/guides/committing-changes.md#changes-files) for more information. - [x] Input data is properly validated, `SELECT *` is avoided, SQL injection is prevented (using placeholders for values in statements) - For database migrations: - [x] Ensured the correct collation is explicitly set for character columns (`COLLATE utf8mb4_unicode_ci`). - [x] Added/updated automated tests - [x] Manual QA for all new/changed functionality
2025-06-26 21:55:43 +00:00
checkInAndCommand := NewMDMAppleCheckinAndCommandService(ds, commander, logger)
checkInAndCommand.RegisterResultsHandler("InstalledApplicationList", NewInstalledApplicationListResultsHandler(ds, commander, logger, cfg.Server.VPPVerifyTimeout, cfg.Server.VPPVerifyRequestDelay))
use nanomdm's multi service + integration tests and fixes (#9269) **Use nano's multi service** This allows us to integrate more seamlessly with nano and to run our custom MDM logic _after_ the request was handled by nano, which gives us more flexibility (for example: now we can issue commands after a TokenUpdate message) From nano's code: > MultiService executes multiple services for the same service calls. > The first service returns values or errors to the caller. We give the > first service a chance to alter any 'core' request data (say, the > Enrollment ID) by waiting for it to finish then we run the remaining > services' calls in parallel. **Integration tests + fixes** - Move some of the service logic from `cmd/` to `server/service` - Add integration tests for the MDM enrollment flow, including SCEP authentication. - Fixed a bug that set `host_mdm.mdm_id = 0` during MDM enrollment due to how MySQL reports the last insert id when `ON DUPLICATE KEY` is used. - Completely remove the host row from `host_mdm` when a device is unenrolled from MDM to match the behavior of how we ingest MDM data from osquery Related to https://github.com/fleetdm/fleet/issues/8708, https://github.com/fleetdm/fleet/issues/9034
2023-01-16 20:06:30 +00:00
err := RegisterAppleMDMProtocolServices(
rootMux,
Normalize the naming of mdm settings, update docs and document missing ones (#10681) #10408
2023-03-23 10:30:28 +00:00
cfg.MDM,
use nanomdm's multi service + integration tests and fixes (#9269) **Use nano's multi service** This allows us to integrate more seamlessly with nano and to run our custom MDM logic _after_ the request was handled by nano, which gives us more flexibility (for example: now we can issue commands after a TokenUpdate message) From nano's code: > MultiService executes multiple services for the same service calls. > The first service returns values or errors to the caller. We give the > first service a chance to alter any 'core' request data (say, the > Enrollment ID) by waiting for it to finish then we run the remaining > services' calls in parallel. **Integration tests + fixes** - Move some of the service logic from `cmd/` to `server/service` - Add integration tests for the MDM enrollment flow, including SCEP authentication. - Fixed a bug that set `host_mdm.mdm_id = 0` during MDM enrollment due to how MySQL reports the last insert id when `ON DUPLICATE KEY` is used. - Completely remove the host row from `host_mdm` when a device is unenrolled from MDM to match the behavior of how we ingest MDM data from osquery Related to https://github.com/fleetdm/fleet/issues/8708, https://github.com/fleetdm/fleet/issues/9034
2023-01-16 20:06:30 +00:00
mdmStorage,
scepStorage,
logger,
Verify VPP: core implementation (#30295) # Checklist for submitter If some of the following don't apply, delete the relevant line. <!-- Note that API documentation changes are now addressed by the product design team. --> - [x] Changes file added for user-visible changes in `changes/`, `orbit/changes/` or `ee/fleetd-chrome/changes`. See [Changes files](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/guides/committing-changes.md#changes-files) for more information. - [x] Input data is properly validated, `SELECT *` is avoided, SQL injection is prevented (using placeholders for values in statements) - For database migrations: - [x] Ensured the correct collation is explicitly set for character columns (`COLLATE utf8mb4_unicode_ci`). - [x] Added/updated automated tests - [x] Manual QA for all new/changed functionality
2025-06-26 21:55:43 +00:00
checkInAndCommand,
Add DDM service struct, basic handlers, and test client (#17671)
2024-03-15 18:20:15 +00:00
&MDMAppleDDMService{
ds: ds,
logger: logger,
},
Full support of secret variables in Apple configuration profiles (#24925) For secrets subtask #24548 Fixed secret variables support in Apple configuration profiles. # Checklist for submitter - [x] Added/updated tests - [x] If database migrations are included, checked table schema to confirm autoupdate - For database migrations: - [x] Ensured the correct collation is explicitly set for character columns (`COLLATE utf8mb4_unicode_ci`). - [x] Manual QA for all new/changed functionality
2024-12-20 21:40:23 +00:00
commander,
Add service discovery API endpoint (#31089) relates to #31057 adds an endpoint to expose the fleet handled service discovery endpoint. > NOTE: test will be done in a follow up PR - [x] Changes file added for user-visible changes in `changes/`, `orbit/changes/` or `ee/fleetd-chrome/changes`. See [Changes files](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/guides/committing-changes.md#changes-files) for more information.
2025-07-23 11:11:32 +00:00
"https://test-url.com",
Added missing OpenTelemetry instrumentation to several API endpoints. (#32960) Fixes #32331 Manually tested all paths. `/test` path removed in https://github.com/fleetdm/fleet/pull/32962 Also added support for sending errors to OpenTelemetry, like we do for APM/Sentry. # Checklist for submitter - [x] Changes file added for user-visible changes in `changes/`, `orbit/changes/` or `ee/fleetd-chrome/changes`. See [Changes files](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/guides/committing-changes.md#changes-files) for more information. ## Testing - [x] QA'd all new/changed functionality manually <!-- This is an auto-generated comment: release notes by coderabbit.ai --> ## Summary by CodeRabbit * **New Features** * Added OpenTelemetry tracing across core HTTP endpoints (health, version, assets, metrics, enroll/root, debug, Apple MDM, SCEP, SCIM) with dynamic per-request route instrumentation. * Enhanced error reporting to include OpenTelemetry spans/events with contextual user/host attributes. * **Tests** * Added unit tests validating SCIM and error-handling telemetry, span naming, and sensitive-data redaction. <!-- end of auto-generated comment: release notes by coderabbit.ai -->
2025-09-16 16:10:33 +00:00
cfg,
use nanomdm's multi service + integration tests and fixes (#9269) **Use nano's multi service** This allows us to integrate more seamlessly with nano and to run our custom MDM logic _after_ the request was handled by nano, which gives us more flexibility (for example: now we can issue commands after a TokenUpdate message) From nano's code: > MultiService executes multiple services for the same service calls. > The first service returns values or errors to the caller. We give the > first service a chance to alter any 'core' request data (say, the > Enrollment ID) by waiting for it to finish then we run the remaining > services' calls in parallel. **Integration tests + fixes** - Move some of the service logic from `cmd/` to `server/service` - Add integration tests for the MDM enrollment flow, including SCEP authentication. - Fixed a bug that set `host_mdm.mdm_id = 0` during MDM enrollment due to how MySQL reports the last insert id when `ON DUPLICATE KEY` is used. - Completely remove the host row from `host_mdm` when a device is unenrolled from MDM to match the behavior of how we ingest MDM data from osquery Related to https://github.com/fleetdm/fleet/issues/8708, https://github.com/fleetdm/fleet/issues/9034
2023-01-16 20:06:30 +00:00
)
require.NoError(t, err)
}
NDES SCEP proxy backend (#22542) #21955 <div> <a href="https://www.loom.com/share/ba40b440502845d2861fd3ec7611bade"> <p>[Demo] Deploy SCEP certificates from Network Device Enrollment Service (NDES) #21955 - Watch Video</p> </a> <a href="https://www.loom.com/share/ba40b440502845d2861fd3ec7611bade"> <img style="max-width:300px;" src="https://cdn.loom.com/sessions/thumbnails/ba40b440502845d2861fd3ec7611bade-84f2d88c9f5106c2-full-play.gif"> </a> </div> Note: A few remaining subtasks will be done in a follow-up PR. See #22123 for a detailed list. # Checklist for submitter If some of the following don't apply, delete the relevant line. <!-- Note that API documentation changes are now addressed by the product design team. --> - [x] Changes file added for user-visible changes in `changes/`, `orbit/changes/` or `ee/fleetd-chrome/changes`. See [Changes files](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/Committing-Changes.md#changes-files) for more information. - [x] Input data is properly validated, `SELECT *` is avoided, SQL injection is prevented (using placeholders for values in statements) - [x] Added/updated tests - [x] Manual QA for all new/changed functionality
2024-10-09 18:47:27 +00:00
if opts[0].EnableSCEPProxy {
Add custom SCEP configs (#27045) For #26603 This PR includes: - Refactoring of NDES/SCEP verify/timeout logic for easier testing (with dependency injection) - Custom SCEP configs - saving/deleting/updating of encrypted custom SCEP challenges - validation call to custom SCEP server to verify connection - Custom SCEP activities - unit and integration tests for all of the above This PR does not include the following: - Changes file (in later PR) # Checklist for submitter - [x] Added/updated automated tests - [x] Manual QA for all new/changed functionality
2025-03-14 17:16:51 +00:00
var timeout *time.Duration
if opts[0].SCEPConfigService != nil {
scepConfig, ok := opts[0].SCEPConfigService.(*eeservice.SCEPConfigService)
if ok {
// In tests, we share the same Timeout pointer between SCEPConfigService and SCEPProxy
timeout = scepConfig.Timeout
}
}
NDES SCEP proxy backend (#22542) #21955 <div> <a href="https://www.loom.com/share/ba40b440502845d2861fd3ec7611bade"> <p>[Demo] Deploy SCEP certificates from Network Device Enrollment Service (NDES) #21955 - Watch Video</p> </a> <a href="https://www.loom.com/share/ba40b440502845d2861fd3ec7611bade"> <img style="max-width:300px;" src="https://cdn.loom.com/sessions/thumbnails/ba40b440502845d2861fd3ec7611bade-84f2d88c9f5106c2-full-play.gif"> </a> </div> Note: A few remaining subtasks will be done in a follow-up PR. See #22123 for a detailed list. # Checklist for submitter If some of the following don't apply, delete the relevant line. <!-- Note that API documentation changes are now addressed by the product design team. --> - [x] Changes file added for user-visible changes in `changes/`, `orbit/changes/` or `ee/fleetd-chrome/changes`. See [Changes files](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/Committing-Changes.md#changes-files) for more information. - [x] Input data is properly validated, `SELECT *` is avoided, SQL injection is prevented (using placeholders for values in statements) - [x] Added/updated tests - [x] Manual QA for all new/changed functionality
2024-10-09 18:47:27 +00:00
err := RegisterSCEPProxy(
rootMux,
ds,
logger,
Add custom SCEP configs (#27045) For #26603 This PR includes: - Refactoring of NDES/SCEP verify/timeout logic for easier testing (with dependency injection) - Custom SCEP configs - saving/deleting/updating of encrypted custom SCEP challenges - validation call to custom SCEP server to verify connection - Custom SCEP activities - unit and integration tests for all of the above This PR does not include the following: - Changes file (in later PR) # Checklist for submitter - [x] Added/updated automated tests - [x] Manual QA for all new/changed functionality
2025-03-14 17:16:51 +00:00
timeout,
Added missing OpenTelemetry instrumentation to several API endpoints. (#32960) Fixes #32331 Manually tested all paths. `/test` path removed in https://github.com/fleetdm/fleet/pull/32962 Also added support for sending errors to OpenTelemetry, like we do for APM/Sentry. # Checklist for submitter - [x] Changes file added for user-visible changes in `changes/`, `orbit/changes/` or `ee/fleetd-chrome/changes`. See [Changes files](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/guides/committing-changes.md#changes-files) for more information. ## Testing - [x] QA'd all new/changed functionality manually <!-- This is an auto-generated comment: release notes by coderabbit.ai --> ## Summary by CodeRabbit * **New Features** * Added OpenTelemetry tracing across core HTTP endpoints (health, version, assets, metrics, enroll/root, debug, Apple MDM, SCEP, SCIM) with dynamic per-request route instrumentation. * Enhanced error reporting to include OpenTelemetry spans/events with contextual user/host attributes. * **Tests** * Added unit tests validating SCIM and error-handling telemetry, span naming, and sensitive-data redaction. <!-- end of auto-generated comment: release notes by coderabbit.ai -->
2025-09-16 16:10:33 +00:00
&cfg,
NDES SCEP proxy backend (#22542) #21955 <div> <a href="https://www.loom.com/share/ba40b440502845d2861fd3ec7611bade"> <p>[Demo] Deploy SCEP certificates from Network Device Enrollment Service (NDES) #21955 - Watch Video</p> </a> <a href="https://www.loom.com/share/ba40b440502845d2861fd3ec7611bade"> <img style="max-width:300px;" src="https://cdn.loom.com/sessions/thumbnails/ba40b440502845d2861fd3ec7611bade-84f2d88c9f5106c2-full-play.gif"> </a> </div> Note: A few remaining subtasks will be done in a follow-up PR. See #22123 for a detailed list. # Checklist for submitter If some of the following don't apply, delete the relevant line. <!-- Note that API documentation changes are now addressed by the product design team. --> - [x] Changes file added for user-visible changes in `changes/`, `orbit/changes/` or `ee/fleetd-chrome/changes`. See [Changes files](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/Committing-Changes.md#changes-files) for more information. - [x] Input data is properly validated, `SELECT *` is avoided, SQL injection is prevented (using placeholders for values in statements) - [x] Added/updated tests - [x] Manual QA for all new/changed functionality
2024-10-09 18:47:27 +00:00
)
require.NoError(t, err)
}
use nanomdm's multi service + integration tests and fixes (#9269) **Use nano's multi service** This allows us to integrate more seamlessly with nano and to run our custom MDM logic _after_ the request was handled by nano, which gives us more flexibility (for example: now we can issue commands after a TokenUpdate message) From nano's code: > MultiService executes multiple services for the same service calls. > The first service returns values or errors to the caller. We give the > first service a chance to alter any 'core' request data (say, the > Enrollment ID) by waiting for it to finish then we run the remaining > services' calls in parallel. **Integration tests + fixes** - Move some of the service logic from `cmd/` to `server/service` - Add integration tests for the MDM enrollment flow, including SCEP authentication. - Fixed a bug that set `host_mdm.mdm_id = 0` during MDM enrollment due to how MySQL reports the last insert id when `ON DUPLICATE KEY` is used. - Completely remove the host row from `host_mdm` when a device is unenrolled from MDM to match the behavior of how we ingest MDM data from osquery Related to https://github.com/fleetdm/fleet/issues/8708, https://github.com/fleetdm/fleet/issues/9034
2023-01-16 20:06:30 +00:00
}
Apply minimum OS version enforcement to MDM SSO endpoint (#23856)
2024-11-22 15:56:36 +00:00
if len(opts) > 0 && opts[0].WithDEPWebview {
frontendHandler := WithMDMEnrollmentMiddleware(svc, logger, http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
// do nothing and return 200
w.WriteHeader(http.StatusOK)
}))
rootMux.Handle("/", frontendHandler)
}
Scaffold for new integration tests. (#26747) For #26219 Created a scaffold for server/service integration tests going forward. - separate package - no dependency on testify Suite
2025-03-04 18:04:25 +00:00
var featureRoutes []endpoint_utils.HandlerRoutesFunc
if len(opts) > 0 && len(opts[0].FeatureRoutes) > 0 {
featureRoutes = opts[0].FeatureRoutes
}
Fleet server verifies HTTP signature (#30825) Fixes #30473 # Checklist for submitter - [x] Changes file added for user-visible changes in `changes/`, `orbit/changes/` or `ee/fleetd-chrome/changes`. - [x] Added/updated automated tests - [ ] Manual QA for all new/changed functionality <!-- This is an auto-generated comment: release notes by coderabbit.ai --> ## Summary by CodeRabbit * **New Features** * Added support for TPM-backed host identity certificates enabling hardware-backed HTTP signature authentication for hosts. * Introduced HTTP signature verification middleware for API requests, applied conditionally for premium licenses. * Hosts presenting identity certificates must authenticate with matching HTTP message signatures during enrollment and authentication. * Added SCEP-based certificate issuance for secure host identity management. * Updated enrollment endpoints to use standardized request/response contract types. * **Bug Fixes** * Enhanced authentication logic to verify consistency between host identity certificates and host records, preventing duplicate or mismatched identities. * **Chores** * Updated dependencies and test infrastructure to support HTTP signature verification and host identity certificate workflows. * Added comprehensive integration and datastore tests for host identity certificate issuance, storage, and authentication. <!-- end of auto-generated comment: release notes by coderabbit.ai -->
2025-07-16 18:08:27 +00:00
var extra []ExtraHandlerOption
extra = append(extra, WithLoginRateLimit(throttled.PerMin(1000)))
Added auth.require_http_message_signature server option. (#30983) For #30947 # Checklist for submitter - [x] Input data is properly validated, `SELECT *` is avoided, SQL injection is prevented (using placeholders for values in statements) - [x] Added/updated automated tests <!-- This is an auto-generated comment: release notes by coderabbit.ai --> ## Summary by CodeRabbit * **New Features** * Added support for requiring HTTP message signatures for fleetd requests, configurable via a new setting. * Enhanced middleware to enforce HTTP message signature requirements when enabled. * **Tests** * Introduced integration tests to verify host identity endpoints enforce HTTP message signature requirements. * Updated test utilities and suite setup to support configurable signature enforcement. * **Chores** * Refactored configuration and test server options to support the new signature enforcement feature. <!-- end of auto-generated comment: release notes by coderabbit.ai -->
2025-07-17 11:23:19 +00:00
if len(opts) > 0 && opts[0].HostIdentity != nil {
Added missing OpenTelemetry instrumentation to several API endpoints. (#32960) Fixes #32331 Manually tested all paths. `/test` path removed in https://github.com/fleetdm/fleet/pull/32962 Also added support for sending errors to OpenTelemetry, like we do for APM/Sentry. # Checklist for submitter - [x] Changes file added for user-visible changes in `changes/`, `orbit/changes/` or `ee/fleetd-chrome/changes`. See [Changes files](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/guides/committing-changes.md#changes-files) for more information. ## Testing - [x] QA'd all new/changed functionality manually <!-- This is an auto-generated comment: release notes by coderabbit.ai --> ## Summary by CodeRabbit * **New Features** * Added OpenTelemetry tracing across core HTTP endpoints (health, version, assets, metrics, enroll/root, debug, Apple MDM, SCEP, SCIM) with dynamic per-request route instrumentation. * Enhanced error reporting to include OpenTelemetry spans/events with contextual user/host attributes. * **Tests** * Added unit tests validating SCIM and error-handling telemetry, span naming, and sensitive-data redaction. <!-- end of auto-generated comment: release notes by coderabbit.ai -->
2025-09-16 16:10:33 +00:00
require.NoError(t, hostidentity.RegisterSCEP(rootMux, opts[0].HostIdentity.SCEPStorage, ds, logger, &cfg))
Fleet server verifies HTTP signature (#30825) Fixes #30473 # Checklist for submitter - [x] Changes file added for user-visible changes in `changes/`, `orbit/changes/` or `ee/fleetd-chrome/changes`. - [x] Added/updated automated tests - [ ] Manual QA for all new/changed functionality <!-- This is an auto-generated comment: release notes by coderabbit.ai --> ## Summary by CodeRabbit * **New Features** * Added support for TPM-backed host identity certificates enabling hardware-backed HTTP signature authentication for hosts. * Introduced HTTP signature verification middleware for API requests, applied conditionally for premium licenses. * Hosts presenting identity certificates must authenticate with matching HTTP message signatures during enrollment and authentication. * Added SCEP-based certificate issuance for secure host identity management. * Updated enrollment endpoints to use standardized request/response contract types. * **Bug Fixes** * Enhanced authentication logic to verify consistency between host identity certificates and host records, preventing duplicate or mismatched identities. * **Chores** * Updated dependencies and test infrastructure to support HTTP signature verification and host identity certificate workflows. * Added comprehensive integration and datastore tests for host identity certificate issuance, storage, and authentication. <!-- end of auto-generated comment: release notes by coderabbit.ai -->
2025-07-16 18:08:27 +00:00
var httpSigVerifier func(http.Handler) http.Handler
Added auth.require_http_message_signature server option. (#30983) For #30947 # Checklist for submitter - [x] Input data is properly validated, `SELECT *` is avoided, SQL injection is prevented (using placeholders for values in statements) - [x] Added/updated automated tests <!-- This is an auto-generated comment: release notes by coderabbit.ai --> ## Summary by CodeRabbit * **New Features** * Added support for requiring HTTP message signatures for fleetd requests, configurable via a new setting. * Enhanced middleware to enforce HTTP message signature requirements when enabled. * **Tests** * Introduced integration tests to verify host identity endpoints enforce HTTP message signature requirements. * Updated test utilities and suite setup to support configurable signature enforcement. * **Chores** * Refactored configuration and test server options to support the new signature enforcement feature. <!-- end of auto-generated comment: release notes by coderabbit.ai -->
2025-07-17 11:23:19 +00:00
httpSigVerifier, err := httpsig.Middleware(ds, opts[0].HostIdentity.RequireHTTPMessageSignature, kitlog.With(logger, "component", "http-sig-verifier"))
Fleet server verifies HTTP signature (#30825) Fixes #30473 # Checklist for submitter - [x] Changes file added for user-visible changes in `changes/`, `orbit/changes/` or `ee/fleetd-chrome/changes`. - [x] Added/updated automated tests - [ ] Manual QA for all new/changed functionality <!-- This is an auto-generated comment: release notes by coderabbit.ai --> ## Summary by CodeRabbit * **New Features** * Added support for TPM-backed host identity certificates enabling hardware-backed HTTP signature authentication for hosts. * Introduced HTTP signature verification middleware for API requests, applied conditionally for premium licenses. * Hosts presenting identity certificates must authenticate with matching HTTP message signatures during enrollment and authentication. * Added SCEP-based certificate issuance for secure host identity management. * Updated enrollment endpoints to use standardized request/response contract types. * **Bug Fixes** * Enhanced authentication logic to verify consistency between host identity certificates and host records, preventing duplicate or mismatched identities. * **Chores** * Updated dependencies and test infrastructure to support HTTP signature verification and host identity certificate workflows. * Added comprehensive integration and datastore tests for host identity certificate issuance, storage, and authentication. <!-- end of auto-generated comment: release notes by coderabbit.ai -->
2025-07-16 18:08:27 +00:00
require.NoError(t, err)
extra = append(extra, WithHTTPSigVerifier(httpSigVerifier))
}
apiHandler := MakeHandler(svc, cfg, logger, limitStore, featureRoutes, extra...)
use nanomdm's multi service + integration tests and fixes (#9269) **Use nano's multi service** This allows us to integrate more seamlessly with nano and to run our custom MDM logic _after_ the request was handled by nano, which gives us more flexibility (for example: now we can issue commands after a TokenUpdate message) From nano's code: > MultiService executes multiple services for the same service calls. > The first service returns values or errors to the caller. We give the > first service a chance to alter any 'core' request data (say, the > Enrollment ID) by waiting for it to finish then we run the remaining > services' calls in parallel. **Integration tests + fixes** - Move some of the service logic from `cmd/` to `server/service` - Add integration tests for the MDM enrollment flow, including SCEP authentication. - Fixed a bug that set `host_mdm.mdm_id = 0` during MDM enrollment due to how MySQL reports the last insert id when `ON DUPLICATE KEY` is used. - Completely remove the host row from `host_mdm` when a device is unenrolled from MDM to match the behavior of how we ingest MDM data from osquery Related to https://github.com/fleetdm/fleet/issues/8708, https://github.com/fleetdm/fleet/issues/9034
2023-01-16 20:06:30 +00:00
rootMux.Handle("/api/", apiHandler)
Adding telemetry for specific Fleet Desktop errors (#23349) Adding telemetry for catching issue #19172 # Docs changes In another PR: https://github.com/fleetdm/fleet/pull/23423/files # Demo <div> <a href="https://www.loom.com/share/233625875eec46508c26ae315cd52d19"> <p>[Demo] Add telemetry for vital fleetd errors - Issue #23413 - Watch Video</p> </a> <a href="https://www.loom.com/share/233625875eec46508c26ae315cd52d19"> <img style="max-width:300px;" src="https://cdn.loom.com/sessions/thumbnails/233625875eec46508c26ae315cd52d19-45ca0ec1b7b5e9e7-full-play.gif"> </a> </div> # Checklist for submitter - [x] Changes file added for user-visible changes in `changes/`, `orbit/changes/` or `ee/fleetd-chrome/changes`. See [Changes files](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/Committing-Changes.md#changes-files) for more information. - [x] Added/updated tests - [x] Manual QA for all new/changed functionality - For Orbit and Fleet Desktop changes: - [x] Orbit runs on macOS, Linux and Windows. Check if the orbit feature/bugfix should only apply to one platform (`runtime.GOOS`). - [x] Manual QA must be performed in the three main OSs, macOS, Windows and Linux. - [x] Auto-update manual QA, from released version of component to new version (see [tools/tuf/test](../tools/tuf/test/README.md)).
2024-10-31 19:24:42 +00:00
var errHandler *errorstore.Handler
ctxErrHandler := ctxerr.FromContext(ctx)
if ctxErrHandler != nil {
errHandler = ctxErrHandler.(*errorstore.Handler)
}
debugHandler := MakeDebugHandler(svc, cfg, logger, errHandler, ds)
In fleetctl debug db-locks and fleetctl debug db-innodb-status, fixed 500 errors (#18285)
2024-04-16 12:52:03 +00:00
rootMux.Handle("/debug/", debugHandler)
IdP Authentication before BYOD (#32017) fixes: #29222 This is a feature branch that was completed last week, but did not get merged in time. All pr's going in was approved, and reviewed. I will after this is merged, do a cherry pick onto the RC 4.73 branch, and initiate the FR merge process. --------- Co-authored-by: Martin Angers <martin.n.angers@gmail.com> Co-authored-by: Sarah Gillespie <73313222+gillespi314@users.noreply.github.com> Co-authored-by: Gabriel Hernandez <ghernandez345@gmail.com>
2025-08-18 16:31:53 +00:00
rootMux.Handle("/enroll", ServeEndUserEnrollOTA(svc, "", ds, logger))
use nanomdm's multi service + integration tests and fixes (#9269) **Use nano's multi service** This allows us to integrate more seamlessly with nano and to run our custom MDM logic _after_ the request was handled by nano, which gives us more flexibility (for example: now we can issue commands after a TokenUpdate message) From nano's code: > MultiService executes multiple services for the same service calls. > The first service returns values or errors to the caller. We give the > first service a chance to alter any 'core' request data (say, the > Enrollment ID) by waiting for it to finish then we run the remaining > services' calls in parallel. **Integration tests + fixes** - Move some of the service logic from `cmd/` to `server/service` - Add integration tests for the MDM enrollment flow, including SCEP authentication. - Fixed a bug that set `host_mdm.mdm_id = 0` during MDM enrollment due to how MySQL reports the last insert id when `ON DUPLICATE KEY` is used. - Completely remove the host row from `host_mdm` when a device is unenrolled from MDM to match the behavior of how we ingest MDM data from osquery Related to https://github.com/fleetdm/fleet/issues/8708, https://github.com/fleetdm/fleet/issues/9034
2023-01-16 20:06:30 +00:00
SCIM integration tests (#27750) For #27287 This PR adds integration tests for SCIM API endpoints as well as some bug fixes found by these tests. # Checklist for submitter - [x] Added/updated automated tests - [x] Manual QA for all new/changed functionality
2025-04-04 16:00:46 +00:00
if len(opts) > 0 && opts[0].EnableSCIM {
Added missing OpenTelemetry instrumentation to several API endpoints. (#32960) Fixes #32331 Manually tested all paths. `/test` path removed in https://github.com/fleetdm/fleet/pull/32962 Also added support for sending errors to OpenTelemetry, like we do for APM/Sentry. # Checklist for submitter - [x] Changes file added for user-visible changes in `changes/`, `orbit/changes/` or `ee/fleetd-chrome/changes`. See [Changes files](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/guides/committing-changes.md#changes-files) for more information. ## Testing - [x] QA'd all new/changed functionality manually <!-- This is an auto-generated comment: release notes by coderabbit.ai --> ## Summary by CodeRabbit * **New Features** * Added OpenTelemetry tracing across core HTTP endpoints (health, version, assets, metrics, enroll/root, debug, Apple MDM, SCEP, SCIM) with dynamic per-request route instrumentation. * Enhanced error reporting to include OpenTelemetry spans/events with contextual user/host attributes. * **Tests** * Added unit tests validating SCIM and error-handling telemetry, span naming, and sensitive-data redaction. <!-- end of auto-generated comment: release notes by coderabbit.ai -->
2025-09-16 16:10:33 +00:00
require.NoError(t, scim.RegisterSCIM(rootMux, ds, svc, logger, &cfg))
Added scim/details endpoint (#28007) For #27281 This PR adds `/api/{version}/fleet/scim/details` endpoint, along with some frontend fixes. # Checklist for submitter - [x] If database migrations are included, checked table schema to confirm autoupdate - For database migrations: - [x] Checked schema for all modified table for columns that will auto-update timestamps during migration. - [x] Confirmed that updating the timestamps is acceptable, and will not cause unwanted side effects. - [x] Ensured the correct collation is explicitly set for character columns (`COLLATE utf8mb4_unicode_ci`). - [x] Added/updated automated tests - [x] A detailed QA plan exists on the associated ticket (if it isn't there, work with the product group's QA engineer to add it) - [x] Manual QA for all new/changed functionality
2025-04-10 19:08:45 +00:00
rootMux.Handle("/api/v1/fleet/scim/details", apiHandler)
rootMux.Handle("/api/latest/fleet/scim/details", apiHandler)
SCIM integration tests (#27750) For #27287 This PR adds integration tests for SCIM API endpoints as well as some bug fixes found by these tests. # Checklist for submitter - [x] Added/updated automated tests - [x] Manual QA for all new/changed functionality
2025-04-04 16:00:46 +00:00
}
use nanomdm's multi service + integration tests and fixes (#9269) **Use nano's multi service** This allows us to integrate more seamlessly with nano and to run our custom MDM logic _after_ the request was handled by nano, which gives us more flexibility (for example: now we can issue commands after a TokenUpdate message) From nano's code: > MultiService executes multiple services for the same service calls. > The first service returns values or errors to the caller. We give the > first service a chance to alter any 'core' request data (say, the > Enrollment ID) by waiting for it to finish then we run the remaining > services' calls in parallel. **Integration tests + fixes** - Move some of the service logic from `cmd/` to `server/service` - Add integration tests for the MDM enrollment flow, including SCEP authentication. - Fixed a bug that set `host_mdm.mdm_id = 0` during MDM enrollment due to how MySQL reports the last insert id when `ON DUPLICATE KEY` is used. - Completely remove the host row from `host_mdm` when a device is unenrolled from MDM to match the behavior of how we ingest MDM data from osquery Related to https://github.com/fleetdm/fleet/issues/8708, https://github.com/fleetdm/fleet/issues/9034
2023-01-16 20:06:30 +00:00
server := httptest.NewUnstartedServer(rootMux)
server.Config = cfg.Server.DefaultHTTPServer(ctx, rootMux)
Add docs around server `WriteTimeout` (#22153) Related to #22069 and core review comments in #22146.
2024-09-17 13:21:54 +00:00
// WriteTimeout is set for security purposes.
// If we don't set it, (bugy or malignant) clients making long running
// requests could DDOS Fleet.
require.NotZero(t, server.Config.WriteTimeout)
Use the same HTTP server config as the production server in tests (#8254) * Use the same HTTP server config as the production server in tests This abstracts the default config we use to run the server into a function so it can be used in tests to run an HTTP server using the same configuration. Additionally, this fixes a data race in tests, as an HTTP server configuration can't be changed once you call `server.Start()`[1] [1]: https://cs.opensource.google/go/go/+/refs/tags/go1.19.2:src/net/http/httptest/server.go;l=40;drc=19309779ac5e2f5a2fd3cbb34421dafb2855ac21
2022-10-19 10:42:21 +00:00
if len(opts) > 0 && opts[0].HTTPServerConfig != nil {
server.Config = opts[0].HTTPServerConfig
// make sure we use the application handler we just created
use nanomdm's multi service + integration tests and fixes (#9269) **Use nano's multi service** This allows us to integrate more seamlessly with nano and to run our custom MDM logic _after_ the request was handled by nano, which gives us more flexibility (for example: now we can issue commands after a TokenUpdate message) From nano's code: > MultiService executes multiple services for the same service calls. > The first service returns values or errors to the caller. We give the > first service a chance to alter any 'core' request data (say, the > Enrollment ID) by waiting for it to finish then we run the remaining > services' calls in parallel. **Integration tests + fixes** - Move some of the service logic from `cmd/` to `server/service` - Add integration tests for the MDM enrollment flow, including SCEP authentication. - Fixed a bug that set `host_mdm.mdm_id = 0` during MDM enrollment due to how MySQL reports the last insert id when `ON DUPLICATE KEY` is used. - Completely remove the host row from `host_mdm` when a device is unenrolled from MDM to match the behavior of how we ingest MDM data from osquery Related to https://github.com/fleetdm/fleet/issues/8708, https://github.com/fleetdm/fleet/issues/9034
2023-01-16 20:06:30 +00:00
server.Config.Handler = rootMux
Use the same HTTP server config as the production server in tests (#8254) * Use the same HTTP server config as the production server in tests This abstracts the default config we use to run the server into a function so it can be used in tests to run an HTTP server using the same configuration. Additionally, this fixes a data race in tests, as an HTTP server configuration can't be changed once you call `server.Start()`[1] [1]: https://cs.opensource.google/go/go/+/refs/tags/go1.19.2:src/net/http/httptest/server.go;l=40;drc=19309779ac5e2f5a2fd3cbb34421dafb2855ac21
2022-10-19 10:42:21 +00:00
}
Fix race in tests (modifying already started server config) (#8227)
2022-10-14 15:00:16 +00:00
server.Start()
Refactor integration tests (#1821) * Refactor integration tests * Remove nopCloser and use io.NopCloser * Address review comments
2021-09-15 19:27:53 +00:00
t.Cleanup(func() {
server.Close()
})
Issue 1362 fleetctl user roles (#1397) * WIP * Add get user_roles and apply for a user_roles spec to fleetctl * Uncomment other tests * Update test to check output * Update test with the new struct * Mock token so that it doesn't pick up the one in the local machine * Address review comments * Fix printJSON and printYaml * Fix merge conflict error * If both roles are specified, fail * Fix test * Switch arguments around * Update test with the new rule * Fix other tests that fell through the cracks
2021-07-16 18:28:13 +00:00
return users, server
}
Scaffold for new integration tests. (#26747) For #26219 Created a scaffold for server/service integration tests going forward. - separate package - no dependency on testify Suite
2025-03-04 18:04:25 +00:00
func NewTestService(t *testing.T, ds fleet.Datastore, cfg config.FleetConfig, opts ...*TestServerOpts) (fleet.Service, context.Context) {
var rs fleet.QueryResultStore
if len(opts) > 0 && opts[0].Rs != nil {
rs = opts[0].Rs
}
var lq fleet.LiveQueryStore
if len(opts) > 0 && opts[0].Lq != nil {
lq = opts[0].Lq
}
return newTestServiceWithConfig(t, ds, cfg, rs, lq, opts...)
}
add logging settings to config api response (#1467) - add docker-compose file for locally testing aws dependencies - update firehose & kinesis configs to optionally supply endpoint url override - serialize `logging` field in appconfig api response
2021-07-30 15:45:49 +00:00
add support for AWS SES email backend (#10847)
2023-04-06 18:21:07 +00:00
func testSESPluginConfig() config.FleetConfig {
c := config.TestConfig()
c.Email = config.EmailConfig{EmailBackend: "ses"}
c.SES = config.SESConfig{
Region: "us-east-1",
AccessKeyID: "foo",
SecretAccessKey: "bar",
StsAssumeRoleArn: "baz",
SourceArn: "qux",
}
return c
}
add logging settings to config api response (#1467) - add docker-compose file for locally testing aws dependencies - update firehose & kinesis configs to optionally supply endpoint url override - serialize `logging` field in appconfig api response
2021-07-30 15:45:49 +00:00
func testKinesisPluginConfig() config.FleetConfig {
c := config.TestConfig()
c.Osquery.ResultLogPlugin = "kinesis"
c.Osquery.StatusLogPlugin = "kinesis"
Generate audit logs for activities (#9001) * Generate audit logs for activities * Fix config tests * Fix TestGetConfig/IncludeServerConfig * Fix use of AddAttributes in results only * Stream activities asynchronously * Fix index and add logging * Revert change * Documentation fixes
2022-12-23 22:04:13 +00:00
c.Activity.AuditLogPlugin = "kinesis"
add logging settings to config api response (#1467) - add docker-compose file for locally testing aws dependencies - update firehose & kinesis configs to optionally supply endpoint url override - serialize `logging` field in appconfig api response
2021-07-30 15:45:49 +00:00
c.Kinesis = config.KinesisConfig{
Region: "us-east-1",
AccessKeyID: "foo",
SecretAccessKey: "bar",
StsAssumeRoleArn: "baz",
StatusStream: "test-status-stream",
ResultStream: "test-result-stream",
Generate audit logs for activities (#9001) * Generate audit logs for activities * Fix config tests * Fix TestGetConfig/IncludeServerConfig * Fix use of AddAttributes in results only * Stream activities asynchronously * Fix index and add logging * Revert change * Documentation fixes
2022-12-23 22:04:13 +00:00
AuditStream: "test-audit-stream",
add logging settings to config api response (#1467) - add docker-compose file for locally testing aws dependencies - update firehose & kinesis configs to optionally supply endpoint url override - serialize `logging` field in appconfig api response
2021-07-30 15:45:49 +00:00
}
return c
}
func testFirehosePluginConfig() config.FleetConfig {
c := config.TestConfig()
c.Osquery.ResultLogPlugin = "firehose"
c.Osquery.StatusLogPlugin = "firehose"
Generate audit logs for activities (#9001) * Generate audit logs for activities * Fix config tests * Fix TestGetConfig/IncludeServerConfig * Fix use of AddAttributes in results only * Stream activities asynchronously * Fix index and add logging * Revert change * Documentation fixes
2022-12-23 22:04:13 +00:00
c.Activity.AuditLogPlugin = "firehose"
add logging settings to config api response (#1467) - add docker-compose file for locally testing aws dependencies - update firehose & kinesis configs to optionally supply endpoint url override - serialize `logging` field in appconfig api response
2021-07-30 15:45:49 +00:00
c.Firehose = config.FirehoseConfig{
Region: "us-east-1",
AccessKeyID: "foo",
SecretAccessKey: "bar",
StsAssumeRoleArn: "baz",
StatusStream: "test-status-firehose",
ResultStream: "test-result-firehose",
Generate audit logs for activities (#9001) * Generate audit logs for activities * Fix config tests * Fix TestGetConfig/IncludeServerConfig * Fix use of AddAttributes in results only * Stream activities asynchronously * Fix index and add logging * Revert change * Documentation fixes
2022-12-23 22:04:13 +00:00
AuditStream: "test-audit-firehose",
add logging settings to config api response (#1467) - add docker-compose file for locally testing aws dependencies - update firehose & kinesis configs to optionally supply endpoint url override - serialize `logging` field in appconfig api response
2021-07-30 15:45:49 +00:00
}
return c
}
func testLambdaPluginConfig() config.FleetConfig {
c := config.TestConfig()
c.Osquery.ResultLogPlugin = "lambda"
c.Osquery.StatusLogPlugin = "lambda"
Generate audit logs for activities (#9001) * Generate audit logs for activities * Fix config tests * Fix TestGetConfig/IncludeServerConfig * Fix use of AddAttributes in results only * Stream activities asynchronously * Fix index and add logging * Revert change * Documentation fixes
2022-12-23 22:04:13 +00:00
c.Activity.AuditLogPlugin = "lambda"
add logging settings to config api response (#1467) - add docker-compose file for locally testing aws dependencies - update firehose & kinesis configs to optionally supply endpoint url override - serialize `logging` field in appconfig api response
2021-07-30 15:45:49 +00:00
c.Lambda = config.LambdaConfig{
Region: "us-east-1",
AccessKeyID: "foo",
SecretAccessKey: "bar",
StsAssumeRoleArn: "baz",
Move logger up to the HTTP layer and make it generic (#1439) * Add basic idea * Implement the new logging strategy everywhere * Remove unused const * Add tests and fix error cases * Fix logging in osquery service * If there are extras, log info unless force debug * Change to info * Fix test * Make logging context more chainable and force info for sessions
2021-08-02 22:06:27 +00:00
ResultFunction: "result-func",
StatusFunction: "status-func",
Generate audit logs for activities (#9001) * Generate audit logs for activities * Fix config tests * Fix TestGetConfig/IncludeServerConfig * Fix use of AddAttributes in results only * Stream activities asynchronously * Fix index and add logging * Revert change * Documentation fixes
2022-12-23 22:04:13 +00:00
AuditFunction: "audit-func",
add logging settings to config api response (#1467) - add docker-compose file for locally testing aws dependencies - update firehose & kinesis configs to optionally supply endpoint url override - serialize `logging` field in appconfig api response
2021-07-30 15:45:49 +00:00
}
return c
}
func testPubSubPluginConfig() config.FleetConfig {
c := config.TestConfig()
c.Osquery.ResultLogPlugin = "pubsub"
c.Osquery.StatusLogPlugin = "pubsub"
Generate audit logs for activities (#9001) * Generate audit logs for activities * Fix config tests * Fix TestGetConfig/IncludeServerConfig * Fix use of AddAttributes in results only * Stream activities asynchronously * Fix index and add logging * Revert change * Documentation fixes
2022-12-23 22:04:13 +00:00
c.Activity.AuditLogPlugin = "pubsub"
add logging settings to config api response (#1467) - add docker-compose file for locally testing aws dependencies - update firehose & kinesis configs to optionally supply endpoint url override - serialize `logging` field in appconfig api response
2021-07-30 15:45:49 +00:00
c.PubSub = config.PubSubConfig{
Project: "test",
StatusTopic: "status-topic",
ResultTopic: "result-topic",
Generate audit logs for activities (#9001) * Generate audit logs for activities * Fix config tests * Fix TestGetConfig/IncludeServerConfig * Fix use of AddAttributes in results only * Stream activities asynchronously * Fix index and add logging * Revert change * Documentation fixes
2022-12-23 22:04:13 +00:00
AuditTopic: "audit-topic",
add logging settings to config api response (#1467) - add docker-compose file for locally testing aws dependencies - update firehose & kinesis configs to optionally supply endpoint url override - serialize `logging` field in appconfig api response
2021-07-30 15:45:49 +00:00
AddAttributes: false,
}
return c
}
func testStdoutPluginConfig() config.FleetConfig {
c := config.TestConfig()
c.Osquery.ResultLogPlugin = "stdout"
c.Osquery.StatusLogPlugin = "stdout"
Generate audit logs for activities (#9001) * Generate audit logs for activities * Fix config tests * Fix TestGetConfig/IncludeServerConfig * Fix use of AddAttributes in results only * Stream activities asynchronously * Fix index and add logging * Revert change * Documentation fixes
2022-12-23 22:04:13 +00:00
c.Activity.AuditLogPlugin = "stdout"
add logging settings to config api response (#1467) - add docker-compose file for locally testing aws dependencies - update firehose & kinesis configs to optionally supply endpoint url override - serialize `logging` field in appconfig api response
2021-07-30 15:45:49 +00:00
return c
Move logger up to the HTTP layer and make it generic (#1439) * Add basic idea * Implement the new logging strategy everywhere * Remove unused const * Add tests and fix error cases * Fix logging in osquery service * If there are extras, log info unless force debug * Change to info * Fix test * Make logging context more chainable and force info for sessions
2021-08-02 22:06:27 +00:00
}
Refactor integration tests (#1821) * Refactor integration tests * Remove nopCloser and use io.NopCloser * Address review comments
2021-09-15 19:27:53 +00:00
Add missing error checking to test config setup (#4401) * check for errors when setting test logs on new services * fix tests that fail because a log file wasn't specified * remove unnecessary nil check
2022-03-11 15:51:12 +00:00
func testUnrecognizedPluginConfig() config.FleetConfig {
c := config.TestConfig()
Generate audit logs for activities (#9001) * Generate audit logs for activities * Fix config tests * Fix TestGetConfig/IncludeServerConfig * Fix use of AddAttributes in results only * Stream activities asynchronously * Fix index and add logging * Revert change * Documentation fixes
2022-12-23 22:04:13 +00:00
c.Osquery = config.OsqueryConfig{
ResultLogPlugin: "bar",
StatusLogPlugin: "bar",
}
c.Activity.AuditLogPlugin = "bar"
Add missing error checking to test config setup (#4401) * check for errors when setting test logs on new services * fix tests that fail because a log file wasn't specified * remove unnecessary nil check
2022-03-11 15:51:12 +00:00
return c
}
Refactor integration tests (#1821) * Refactor integration tests * Remove nopCloser and use io.NopCloser * Address review comments
2021-09-15 19:27:53 +00:00
func assertBodyContains(t *testing.T, resp *http.Response, expected string) {
enable controlled rollout of features by teams (#7408)
2022-08-30 11:13:09 +00:00
bodyBytes, err := io.ReadAll(resp.Body)
Refactor integration tests (#1821) * Refactor integration tests * Remove nopCloser and use io.NopCloser * Address review comments
2021-09-15 19:27:53 +00:00
require.Nil(t, err)
bodyString := string(bodyBytes)
assert.Contains(t, bodyString, expected)
}
func getJSON(r *http.Response, target interface{}) error {
return json.NewDecoder(r.Body).Decode(target)
}
func assertErrorCodeAndMessage(t *testing.T, resp *http.Response, code int, message string) {
err := &fleet.Error{}
require.Nil(t, getJSON(resp, err))
assert.Equal(t, code, err.Code)
assert.Equal(t, message, err.Message)
}
Global policies automation webhooks (#3378) * Add webhook to app config * Add redis failing policies set and webhook * Add basic webhook test * Store hostname in redis * Global policy deletion to remove policy ID from set and config * Also process new passing policies * Fix unit test * Sort hosts * Add more tests * Add ListSets to the failing policies interface * Fix server URL and garbage collect on the triggering side * Do not use Redis SCAN * Fix Redis operation order * Add API changes to doc * Add comments * Add more tests * Fix tests * Add tests for config update upon deletion of policies * Run make dump-test-schema * Ignore policies that failed to run * Add proper unit tests to trigger logic * Fix comments * WIP * Add tests to service_osquerty_test.go * Use SSCAN for listing hosts instead of SMEMBERS * Add failing policies to docs/01-Using-Fleet/configuration-files/README.md * Remove skip * Fix PR comments
2021-12-23 21:26:55 +00:00
type memFailingPolicySet struct {
mMu sync.RWMutex
m map[uint][]fleet.PolicySetHost
}
var _ fleet.FailingPolicySet = (*memFailingPolicySet)(nil)
func NewMemFailingPolicySet() *memFailingPolicySet {
return &memFailingPolicySet{
m: make(map[uint][]fleet.PolicySetHost),
}
}
// AddFailingPoliciesForHost adds the given host to the policy sets.
func (m *memFailingPolicySet) AddHost(policyID uint, host fleet.PolicySetHost) error {
m.mMu.Lock()
defer m.mMu.Unlock()
m.m[policyID] = append(m.m[policyID], host)
return nil
}
// ListHosts returns the list of hosts present in the policy set.
func (m *memFailingPolicySet) ListHosts(policyID uint) ([]fleet.PolicySetHost, error) {
m.mMu.RLock()
defer m.mMu.RUnlock()
hosts := make([]fleet.PolicySetHost, len(m.m[policyID]))
Add gosimple linter (#23250) #23249 Add gosimple linter to golangci-lint CI job.
2024-10-29 19:17:51 +00:00
copy(hosts, m.m[policyID])
Global policies automation webhooks (#3378) * Add webhook to app config * Add redis failing policies set and webhook * Add basic webhook test * Store hostname in redis * Global policy deletion to remove policy ID from set and config * Also process new passing policies * Fix unit test * Sort hosts * Add more tests * Add ListSets to the failing policies interface * Fix server URL and garbage collect on the triggering side * Do not use Redis SCAN * Fix Redis operation order * Add API changes to doc * Add comments * Add more tests * Fix tests * Add tests for config update upon deletion of policies * Run make dump-test-schema * Ignore policies that failed to run * Add proper unit tests to trigger logic * Fix comments * WIP * Add tests to service_osquerty_test.go * Use SSCAN for listing hosts instead of SMEMBERS * Add failing policies to docs/01-Using-Fleet/configuration-files/README.md * Remove skip * Fix PR comments
2021-12-23 21:26:55 +00:00
return hosts, nil
}
// RemoveHosts removes the hosts from the policy set.
func (m *memFailingPolicySet) RemoveHosts(policyID uint, hosts []fleet.PolicySetHost) error {
m.mMu.Lock()
defer m.mMu.Unlock()
if _, ok := m.m[policyID]; !ok {
return nil
}
hostsSet := make(map[uint]struct{})
for _, host := range hosts {
hostsSet[host.ID] = struct{}{}
}
n := 0
for _, host := range m.m[policyID] {
if _, ok := hostsSet[host.ID]; !ok {
m.m[policyID][n] = host
n++
}
}
m.m[policyID] = m.m[policyID][:n]
return nil
}
// RemoveSet removes a policy set.
func (m *memFailingPolicySet) RemoveSet(policyID uint) error {
m.mMu.Lock()
defer m.mMu.Unlock()
delete(m.m, policyID)
return nil
}
// ListSets lists all the policy sets.
func (m *memFailingPolicySet) ListSets() ([]uint, error) {
m.mMu.RLock()
defer m.mMu.RUnlock()
var policyIDs []uint
for policyID := range m.m {
policyIDs = append(policyIDs, policyID)
}
return policyIDs, nil
}
Track active hosts count and enforce limit (#6099)
2022-06-13 20:29:32 +00:00
type nopEnrollHostLimiter struct{}
func (nopEnrollHostLimiter) CanEnrollNewHost(ctx context.Context) (bool, error) {
return true, nil
}
func (nopEnrollHostLimiter) SyncEnrolledHostIDs(ctx context.Context) error {
return nil
}
add mocks + tests and move things around (#9574) #8948 - Add more go:generate commands for MDM mocks - Add unit and integration tests for MDM code - Move interfaces from their PoC location to match existing patterns
2023-01-31 14:46:01 +00:00
func newMockAPNSPushProviderFactory() (*mock.APNSPushProviderFactory, *mock.APNSPushProvider) {
provider := &mock.APNSPushProvider{}
provider.PushFunc = mockSuccessfulPush
factory := &mock.APNSPushProviderFactory{}
factory.NewPushProviderFunc = func(*tls.Certificate) (push.PushProvider, error) {
return provider, nil
}
return factory, provider
}
Update nanomdm dependency with latest bug fixes and improvements. (#23906) #23905 - Update with upstream nanomdm changes up to https://github.com/micromdm/nanomdm/tree/825f2979a2dc28c6cc57bb62aff16737978bd90e - Removed PostgeSQL folder from our nanomdm - Added nanomdm MySQL test job to our CI # Checklist for submitter - [x] Changes file added for user-visible changes in `changes/`, `orbit/changes/` or `ee/fleetd-chrome/changes`. See [Changes files](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/Committing-Changes.md#changes-files) for more information. - [x] Added/updated tests - [x] Manual QA for all new/changed functionality
2024-11-20 17:47:11 +00:00
func mockSuccessfulPush(_ context.Context, pushes []*mdm.Push) (map[string]*push.Response, error) {
add mocks + tests and move things around (#9574) #8948 - Add more go:generate commands for MDM mocks - Add unit and integration tests for MDM code - Move interfaces from their PoC location to match existing patterns
2023-01-31 14:46:01 +00:00
res := make(map[string]*push.Response, len(pushes))
for _, p := range pushes {
res[p.Token.String()] = &push.Response{
Id: uuid.New().String(),
Err: nil,
}
}
return res, nil
}
remove feature flags to enable MDM (#10746) https://github.com/fleetdm/fleet/issues/10025
2023-03-27 19:30:29 +00:00
Merging Bitlocker feature branch (#14350) This relates to #12577 --------- Co-authored-by: gillespi314 <73313222+gillespi314@users.noreply.github.com> Co-authored-by: Roberto Dip <dip.jesusr@gmail.com>
2023-10-06 22:04:33 +00:00
func mdmConfigurationRequiredEndpoints() []struct {
Add device-authenticated endpoint to trigger MDM migration webhook request (#11724)
2023-05-17 14:16:26 +00:00
method, path string
deviceAuthenticated bool
premiumOnly bool
} {
return []struct {
method, path string
deviceAuthenticated bool
premiumOnly bool
}{
{"POST", "/api/latest/fleet/mdm/apple/enqueue", false, false},
{"GET", "/api/latest/fleet/mdm/apple/commandresults", false, false},
{"GET", "/api/latest/fleet/mdm/apple/installers/1", false, false},
{"DELETE", "/api/latest/fleet/mdm/apple/installers/1", false, false},
{"GET", "/api/latest/fleet/mdm/apple/installers", false, false},
{"GET", "/api/latest/fleet/mdm/apple/devices", false, false},
{"GET", "/api/latest/fleet/mdm/apple/profiles", false, false},
{"GET", "/api/latest/fleet/mdm/apple/profiles/1", false, false},
{"DELETE", "/api/latest/fleet/mdm/apple/profiles/1", false, false},
{"GET", "/api/latest/fleet/mdm/apple/profiles/summary", false, false},
{"PATCH", "/api/latest/fleet/mdm/hosts/1/unenroll", false, false},
Recategorize MDM endpoints to new mdm-less paths (#17372)
2024-03-13 14:27:29 +00:00
{"DELETE", "/api/latest/fleet/hosts/1/mdm", false, false},
properly report changed profiles in the Puppet module (#12719) For #12480
2023-07-14 15:53:03 +00:00
{"GET", "/api/latest/fleet/mdm/hosts/1/profiles", false, true},
Recategorize MDM endpoints to new mdm-less paths (#17372)
2024-03-13 14:27:29 +00:00
{"GET", "/api/latest/fleet/hosts/1/configuration_profiles", false, true},
Add device-authenticated endpoint to trigger MDM migration webhook request (#11724)
2023-05-17 14:16:26 +00:00
{"POST", "/api/latest/fleet/mdm/hosts/1/lock", false, false},
{"POST", "/api/latest/fleet/mdm/hosts/1/wipe", false, false},
{"PATCH", "/api/latest/fleet/mdm/apple/settings", false, false},
{"GET", "/api/latest/fleet/mdm/apple", false, false},
Recategorize MDM endpoints to new mdm-less paths (#17372)
2024-03-13 14:27:29 +00:00
{"GET", "/api/latest/fleet/apns", false, false},
Add device-authenticated endpoint to trigger MDM migration webhook request (#11724)
2023-05-17 14:16:26 +00:00
{"GET", apple_mdm.EnrollPath + "?token=test", false, false},
{"GET", apple_mdm.InstallerPath + "?token=test", false, false},
Recategorize MDM endpoints to new mdm-less paths (#17372)
2024-03-13 14:27:29 +00:00
{"GET", "/api/latest/fleet/mdm/setup/eula/0982A979-B1C9-4BDF-B584-5A37D32A1172", false, true},
{"GET", "/api/latest/fleet/setup_experience/eula/0982A979-B1C9-4BDF-B584-5A37D32A1172", false, true},
{"DELETE", "/api/latest/fleet/mdm/setup/eula/token", false, true},
{"DELETE", "/api/latest/fleet/setup_experience/eula/token", false, true},
{"GET", "/api/latest/fleet/mdm/setup/eula/metadata", false, true},
{"GET", "/api/latest/fleet/setup_experience/eula/metadata", false, true},
bootstrap package and eula endpoints platform agnosic (#16631) for #15082 - POST /mdm/apple/setup/eula was replaced by POST /mdm/setup/eula - GET /mdm/apple/setup/eula/metadata was replaced by GET /mdm/setup/eula/metadata - DELETE /mdm/apple/setup/eula/:token was replaced by DELETE /mdm/setup/eula/:token - POST /mdm/apple/bootstrap was replaced by POST /mdm/bootstrap - GET /mdm/apple/bootstrap/:team_id/metadata was replaced by GET /mdm/bootstrap/:team_id/metadata - DELETE /mdm/apple/bootstrap/:team_id was replaced by DELETE /mdm/bootstrap/:team_id - GET /mdm/apple/bootstrap/summary was replaced by GET /mdm/bootstrap/summary
2024-02-07 12:24:24 +00:00
{"GET", "/api/latest/fleet/mdm/apple/setup/eula/0982A979-B1C9-4BDF-B584-5A37D32A1172", false, false},
Add device-authenticated endpoint to trigger MDM migration webhook request (#11724)
2023-05-17 14:16:26 +00:00
{"DELETE", "/api/latest/fleet/mdm/apple/setup/eula/token", false, false},
{"GET", "/api/latest/fleet/mdm/apple/setup/eula/metadata", false, false},
{"GET", "/api/latest/fleet/mdm/apple/enrollment_profile", false, false},
Recategorize MDM endpoints to new mdm-less paths (#17372)
2024-03-13 14:27:29 +00:00
{"GET", "/api/latest/fleet/enrollment_profiles/automatic", false, false},
Add device-authenticated endpoint to trigger MDM migration webhook request (#11724)
2023-05-17 14:16:26 +00:00
{"POST", "/api/latest/fleet/mdm/apple/enrollment_profile", false, false},
Recategorize MDM endpoints to new mdm-less paths (#17372)
2024-03-13 14:27:29 +00:00
{"POST", "/api/latest/fleet/enrollment_profiles/automatic", false, false},
Add device-authenticated endpoint to trigger MDM migration webhook request (#11724)
2023-05-17 14:16:26 +00:00
{"DELETE", "/api/latest/fleet/mdm/apple/enrollment_profile", false, false},
Recategorize MDM endpoints to new mdm-less paths (#17372)
2024-03-13 14:27:29 +00:00
{"DELETE", "/api/latest/fleet/enrollment_profiles/automatic", false, false},
Add device-authenticated endpoint to trigger MDM migration webhook request (#11724)
2023-05-17 14:16:26 +00:00
{"POST", "/api/latest/fleet/device/%s/migrate_mdm", true, true},
Implement preassign endpoint as first step to match profiles and hosts to teams (#12046)
2023-05-31 13:24:22 +00:00
{"POST", "/api/latest/fleet/mdm/apple/profiles/preassign", false, true},
{"POST", "/api/latest/fleet/mdm/apple/profiles/match", false, true},
Feat windows msmdm (#14837) for #13069 --------- Co-authored-by: Marcos Oviedo <marcos@fleetdm.com> Co-authored-by: Martin Angers <martin.n.angers@gmail.com> Co-authored-by: gillespi314 <73313222+gillespi314@users.noreply.github.com>
2023-11-01 14:13:12 +00:00
{"POST", "/api/latest/fleet/mdm/commands/run", false, false},
Recategorize MDM endpoints to new mdm-less paths (#17372)
2024-03-13 14:27:29 +00:00
{"POST", "/api/latest/fleet/commands/run", false, false},
Feat windows msmdm (#14837) for #13069 --------- Co-authored-by: Marcos Oviedo <marcos@fleetdm.com> Co-authored-by: Martin Angers <martin.n.angers@gmail.com> Co-authored-by: gillespi314 <73313222+gillespi314@users.noreply.github.com>
2023-11-01 14:13:12 +00:00
{"GET", "/api/latest/fleet/mdm/commandresults", false, false},
Recategorize MDM endpoints to new mdm-less paths (#17372)
2024-03-13 14:27:29 +00:00
{"GET", "/api/latest/fleet/commands/results", false, false},
Feat windows msmdm (#14837) for #13069 --------- Co-authored-by: Marcos Oviedo <marcos@fleetdm.com> Co-authored-by: Martin Angers <martin.n.angers@gmail.com> Co-authored-by: gillespi314 <73313222+gillespi314@users.noreply.github.com>
2023-11-01 14:13:12 +00:00
{"GET", "/api/latest/fleet/mdm/commands", false, false},
Recategorize MDM endpoints to new mdm-less paths (#17372)
2024-03-13 14:27:29 +00:00
{"GET", "/api/latest/fleet/commands", false, false},
Merging Bitlocker feature branch (#14350) This relates to #12577 --------- Co-authored-by: gillespi314 <73313222+gillespi314@users.noreply.github.com> Co-authored-by: Roberto Dip <dip.jesusr@gmail.com>
2023-10-06 22:04:33 +00:00
{"POST", "/api/fleet/orbit/disk_encryption_key", false, false},
feature: windows profiles (#15349)
2023-11-29 14:32:42 +00:00
{"GET", "/api/latest/fleet/mdm/profiles/1", false, false},
Recategorize MDM endpoints to new mdm-less paths (#17372)
2024-03-13 14:27:29 +00:00
{"GET", "/api/latest/fleet/configuration_profiles/1", false, false},
feature: windows profiles (#15349)
2023-11-29 14:32:42 +00:00
{"DELETE", "/api/latest/fleet/mdm/profiles/1", false, false},
Recategorize MDM endpoints to new mdm-less paths (#17372)
2024-03-13 14:27:29 +00:00
{"DELETE", "/api/latest/fleet/configuration_profiles/1", false, false},
// TODO: those endpoints accept multipart/form data that gets
Add endpoint to upload an MDM custom profile for Windows and macOS (#15150)
2023-11-15 15:58:59 +00:00
// parsed before the MDM check, we need to refactor this
// function to return more information to the caller, or find a
// better way to test these endpoints.
Updating golangci-lint to 1.61.0 (#22973)
2024-10-18 17:38:26 +00:00
// {"POST", "/api/latest/fleet/mdm/profiles", false, false},
// {"POST", "/api/latest/fleet/configuration_profiles", false, false},
// {"POST", "/api/latest/fleet/mdm/setup/eula"},
// {"POST", "/api/latest/fleet/setup_experience/eula"},
// {"POST", "/api/latest/fleet/mdm/bootstrap", false, true},
// {"POST", "/api/latest/fleet/bootstrap", false, true},
feature: windows profiles (#15349)
2023-11-29 14:32:42 +00:00
{"GET", "/api/latest/fleet/mdm/profiles", false, false},
Recategorize MDM endpoints to new mdm-less paths (#17372)
2024-03-13 14:27:29 +00:00
{"GET", "/api/latest/fleet/configuration_profiles", false, false},
{"GET", "/api/latest/fleet/mdm/manual_enrollment_profile", false, true},
{"GET", "/api/latest/fleet/enrollment_profiles/manual", false, true},
{"GET", "/api/latest/fleet/mdm/bootstrap/1/metadata", false, true},
{"GET", "/api/latest/fleet/bootstrap/1/metadata", false, true},
{"DELETE", "/api/latest/fleet/mdm/bootstrap/1", false, true},
{"DELETE", "/api/latest/fleet/bootstrap/1", false, true},
{"GET", "/api/latest/fleet/mdm/bootstrap?token=1", false, true},
{"GET", "/api/latest/fleet/bootstrap?token=1", false, true},
{"GET", "/api/latest/fleet/mdm/bootstrap/summary", false, true},
{"GET", "/api/latest/fleet/mdm/apple/bootstrap/summary", false, true},
{"GET", "/api/latest/fleet/bootstrap/summary", false, true},
{"PATCH", "/api/latest/fleet/mdm/apple/setup", false, true},
{"PATCH", "/api/latest/fleet/setup_experience", false, true},
SE: update /status endpoint to add bootstrap package, profiles, control automatic release (#22783)
2024-10-09 19:38:13 +00:00
{"POST", "/api/fleet/orbit/setup_experience/status", false, true},
remove feature flags to enable MDM (#10746) https://github.com/fleetdm/fleet/issues/10025
2023-03-27 19:30:29 +00:00
}
}
SSO Metadata URL can only be https/http (#12388) When setting up SSO, validate that the Metadata URL has the proper scheme.
2023-06-22 12:17:37 +00:00
Update error message for VerifyMDMWindowsConfigured (#28646)
2025-04-29 19:11:31 +00:00
func windowsMDMConfigurationRequiredEndpoints() []string {
return []string{
"/api/fleet/orbit/disk_encryption_key",
}
}
SSO Metadata URL can only be https/http (#12388) When setting up SSO, validate that the Metadata URL has the proper scheme.
2023-06-22 12:17:37 +00:00
// getURLSchemas returns a list of all valid URI schemas
func getURISchemas() []string {
return []string{
"aaa",
"aaas",
"about",
"acap",
"acct",
"acd",
"acr",
"adiumxtra",
"adt",
"afp",
"afs",
"aim",
"amss",
"android",
"appdata",
"apt",
"ar",
"ark",
"at",
"attachment",
"aw",
"barion",
"bb",
"beshare",
"bitcoin",
"bitcoincash",
"blob",
"bolo",
"browserext",
"cabal",
"calculator",
"callto",
"cap",
"cast",
"casts",
"chrome",
"chrome-extension",
"cid",
"coap",
"coap+tcp",
"coap+ws",
"coaps",
"coaps+tcp",
"coaps+ws",
"com-eventbrite-attendee",
"content",
"content-type",
"crid",
"cstr",
"cvs",
"dab",
"dat",
"data",
"dav",
"dhttp",
"diaspora",
"dict",
"did",
"dis",
"dlna-playcontainer",
"dlna-playsingle",
"dns",
"dntp",
"doi",
"dpp",
"drm",
"drop",
"dtmi",
"dtn",
"dvb",
"dvx",
"dweb",
"ed2k",
"eid",
"elsi",
"embedded",
"ens",
"ethereum",
"example",
"facetime",
"fax",
"feed",
"feedready",
"fido",
"file",
"filesystem",
"finger",
"first-run-pen-experience",
"fish",
"fm",
"ftp",
"fuchsia-pkg",
"geo",
"gg",
"git",
"gitoid",
"gizmoproject",
"go",
"gopher",
"graph",
"grd",
"gtalk",
"h323",
"ham",
"hcap",
"hcp",
"http",
"https",
"hxxp",
"hxxps",
"hydrazone",
"hyper",
"iax",
"icap",
"icon",
"im",
"imap",
"info",
"iotdisco",
"ipfs",
"ipn",
"ipns",
"ipp",
"ipps",
"irc",
"irc6",
"ircs",
"iris",
"iris.beep",
"iris.lwz",
"iris.xpc",
"iris.xpcs",
"isostore",
"itms",
"jabber",
"jar",
"jms",
"keyparc",
"lastfm",
"lbry",
"ldap",
"ldaps",
"leaptofrogans",
"lorawan",
"lpa",
"lvlt",
"magnet",
"mailserver",
"mailto",
"maps",
"market",
"matrix",
"message",
"microsoft.windows.camera",
"microsoft.windows.camera.multipicker",
"microsoft.windows.camera.picker",
"mid",
"mms",
"modem",
"mongodb",
"moz",
"ms-access",
"ms-appinstaller",
"ms-browser-extension",
"ms-calculator",
"ms-drive-to",
"ms-enrollment",
"ms-excel",
"ms-eyecontrolspeech",
"ms-gamebarservices",
"ms-gamingoverlay",
"ms-getoffice",
"ms-help",
"ms-infopath",
"ms-inputapp",
"ms-launchremotedesktop",
"ms-lockscreencomponent-config",
"ms-media-stream-id",
"ms-meetnow",
"ms-mixedrealitycapture",
"ms-mobileplans",
"ms-newsandinterests",
"ms-officeapp",
"ms-people",
"ms-project",
"ms-powerpoint",
"ms-publisher",
"ms-remotedesktop",
"ms-remotedesktop-launch",
"ms-restoretabcompanion",
"ms-screenclip",
"ms-screensketch",
"ms-search",
"ms-search-repair",
"ms-secondary-screen-controller",
"ms-secondary-screen-setup",
"ms-settings",
"ms-settings-airplanemode",
"ms-settings-bluetooth",
"ms-settings-camera",
"ms-settings-cellular",
"ms-settings-cloudstorage",
"ms-settings-connectabledevices",
"ms-settings-displays-topology",
"ms-settings-emailandaccounts",
"ms-settings-language",
"ms-settings-location",
"ms-settings-lock",
"ms-settings-nfctransactions",
"ms-settings-notifications",
"ms-settings-power",
"ms-settings-privacy",
"ms-settings-proximity",
"ms-settings-screenrotation",
"ms-settings-wifi",
"ms-settings-workplace",
"ms-spd",
"ms-stickers",
"ms-sttoverlay",
"ms-transit-to",
"ms-useractivityset",
"ms-virtualtouchpad",
"ms-visio",
"ms-walk-to",
"ms-whiteboard",
"ms-whiteboard-cmd",
"ms-word",
"msnim",
"msrp",
"msrps",
"mss",
"mt",
"mtqp",
"mumble",
"mupdate",
"mvn",
"news",
"nfs",
"ni",
"nih",
"nntp",
"notes",
"num",
"ocf",
"oid",
"onenote",
"onenote-cmd",
"opaquelocktoken",
"openpgp4fpr",
"otpauth",
"p1",
"pack",
"palm",
"paparazzi",
"payment",
"payto",
"pkcs11",
"platform",
"pop",
"pres",
"prospero",
"proxy",
"pwid",
"psyc",
"pttp",
"qb",
"query",
"quic-transport",
"redis",
"rediss",
"reload",
"res",
"resource",
"rmi",
"rsync",
"rtmfp",
"rtmp",
"rtsp",
"rtsps",
"rtspu",
"sarif",
"secondlife",
"secret-token",
"service",
"session",
"sftp",
"sgn",
"shc",
"shttp",
"sieve",
"simpleledger",
"simplex",
"sip",
"sips",
"skype",
"smb",
"smp",
"sms",
"smtp",
"snews",
"snmp",
"soap.beep",
"soap.beeps",
"soldat",
"spiffe",
"spotify",
"ssb",
"ssh",
"starknet",
"steam",
"stun",
"stuns",
"submit",
"svn",
"swh",
"swid",
"swidpath",
"tag",
"taler",
"teamspeak",
"tel",
"teliaeid",
"telnet",
"tftp",
"things",
"thismessage",
"tip",
"tn3270",
"tool",
"turn",
"turns",
"tv",
"udp",
"unreal",
"upt",
"urn",
"ut2004",
"uuid-in-package",
"v-event",
"vemmi",
"ventrilo",
"ves",
"videotex",
"vnc",
"view-source",
"vscode",
"vscode-insiders",
"vsls",
"w3",
"wais",
"web3",
"wcr",
"webcal",
"web+ap",
"wifi",
"wpid",
"ws",
"wss",
"wtai",
"wyciwyg",
"xcon",
"xcon-userid",
"xfire",
"xmlrpc.beep",
"xmlrpc.beeps",
"xmpp",
"xri",
"ymsgr",
"z39.50",
"z39.50r",
"z39.50s",
}
}
Reference in a new issue Copy permalink