Elgato_dark/fleet
1
0
Fork 0
mirror of https://github.com/fleetdm/fleet synced 2026-05-23 00:49:03 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 143
fleet/server/service/testing_client.go

836 lines
25 KiB
Go
Raw Normal View History

Refactor integration tests (#1821) * Refactor integration tests * Remove nopCloser and use io.NopCloser * Address review comments
2021-09-15 19:27:53 +00:00
package service
import (
"bytes"
Validate team and appconfig payloads, with `dry-run` and `force` modes (#7731)
2022-09-19 17:53:44 +00:00
"context"
Refactor integration tests (#1821) * Refactor integration tests * Remove nopCloser and use io.NopCloser * Address review comments
2021-09-15 19:27:53 +00:00
"encoding/json"
Automatic install custom packages (#25021) #24385 Some docs change here: https://github.com/fleetdm/fleet/pull/25026. - [X] Changes file added for user-visible changes in `changes/`, `orbit/changes/` or `ee/fleetd-chrome/changes`. See [Changes files](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/Committing-Changes.md#changes-files) for more information. - [X] Added/updated tests - [X] Manual QA for all new/changed functionality
2024-12-27 18:10:28 +00:00
"errors"
Refactor integration tests (#1821) * Refactor integration tests * Remove nopCloser and use io.NopCloser * Address review comments
2021-09-15 19:27:53 +00:00
"fmt"
"io"
Add integration tests for the setup experience flow with automatic and forced release (#22909)
2024-10-14 20:41:06 +00:00
"mime/multipart"
Refactor integration tests (#1821) * Refactor integration tests * Remove nopCloser and use io.NopCloser * Address review comments
2021-09-15 19:27:53 +00:00
"net/http"
add back-end implementation for SSO JIT provisioning (#7182) Related to #7053, this uses the SSO config added in #7140 to enable JIT provisioning for premium instances.
2022-08-15 17:42:33 +00:00
"net/http/cookiejar"
Refactor integration tests (#1821) * Refactor integration tests * Remove nopCloser and use io.NopCloser * Address review comments
2021-09-15 19:27:53 +00:00
"net/http/httptest"
add back-end implementation for SSO JIT provisioning (#7182) Related to #7053, this uses the SSO config added in #7140 to enable JIT provisioning for premium instances.
2022-08-15 17:42:33 +00:00
"net/url"
"os"
Add integration tests for the setup experience flow with automatic and forced release (#22909)
2024-10-14 20:41:06 +00:00
"path/filepath"
add back-end implementation for SSO JIT provisioning (#7182) Related to #7053, this uses the SSO config added in #7140 to enable JIT provisioning for premium instances.
2022-08-15 17:42:33 +00:00
"regexp"
New `gitops` role (#10850) #8593 This PR adds a new role `gitops` to Fleet. MDM capabilities for the role coming on a separate PR. We need this merged ASAP so that we can unblock the UI work for this. - [X] Changes file added for user-visible changes in `changes/` or `orbit/changes/`. See [Changes files](https://fleetdm.com/docs/contributing/committing-changes#changes-files) for more information. - [x] Documented any API changes (docs/Using-Fleet/REST-API.md or docs/Contributing/API-for-contributors.md) - [X] Documented any permissions changes - ~[ ] Input data is properly validated, `SELECT *` is avoided, SQL injection is prevented (using placeholders for values in statements)~ - ~[ ] Added support on fleet's osquery simulator `cmd/osquery-perf` for new osquery data ingestion features.~ - [X] Added/updated tests - [x] Manual QA for all new/changed functionality - ~For Orbit and Fleet Desktop changes:~ - ~[ ] Manual QA must be performed in the three main OSs, macOS, Windows and Linux.~ - ~[ ] Auto-update manual QA, from released version of component to new version (see [tools/tuf/test](../tools/tuf/test/README.md)).~
2023-04-12 19:11:04 +00:00
"sync"
Add new low_disk_space URL parameter to the GET /hosts endpoint (and GET /hosts/count) (#7853)
2022-09-21 19:16:31 +00:00
"testing"
"time"
Refactor integration tests (#1821) * Refactor integration tests * Remove nopCloser and use io.NopCloser * Address review comments
2021-09-15 19:27:53 +00:00
Make creation of http.Client uniform across the codebase (#3097)
2021-11-24 20:56:54 +00:00
"github.com/fleetdm/fleet/v4/pkg/fleethttp"
Support matching a host in orbit enrollment using the serial number (#9612)
2023-02-28 17:55:04 +00:00
"github.com/fleetdm/fleet/v4/server/config"
Refactor integration tests (#1821) * Refactor integration tests * Remove nopCloser and use io.NopCloser * Address review comments
2021-09-15 19:27:53 +00:00
"github.com/fleetdm/fleet/v4/server/datastore/mysql"
Adding telemetry for specific Fleet Desktop errors (#23349) Adding telemetry for catching issue #19172 # Docs changes In another PR: https://github.com/fleetdm/fleet/pull/23423/files # Demo <div> <a href="https://www.loom.com/share/233625875eec46508c26ae315cd52d19"> <p>[Demo] Add telemetry for vital fleetd errors - Issue #23413 - Watch Video</p> </a> <a href="https://www.loom.com/share/233625875eec46508c26ae315cd52d19"> <img style="max-width:300px;" src="https://cdn.loom.com/sessions/thumbnails/233625875eec46508c26ae315cd52d19-45ca0ec1b7b5e9e7-full-play.gif"> </a> </div> # Checklist for submitter - [x] Changes file added for user-visible changes in `changes/`, `orbit/changes/` or `ee/fleetd-chrome/changes`. See [Changes files](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/Committing-Changes.md#changes-files) for more information. - [x] Added/updated tests - [x] Manual QA for all new/changed functionality - For Orbit and Fleet Desktop changes: - [x] Orbit runs on macOS, Linux and Windows. Check if the orbit feature/bugfix should only apply to one platform (`runtime.GOOS`). - [x] Manual QA must be performed in the three main OSs, macOS, Windows and Linux. - [x] Auto-update manual QA, from released version of component to new version (see [tools/tuf/test](../tools/tuf/test/README.md)).
2024-10-31 19:24:42 +00:00
"github.com/fleetdm/fleet/v4/server/datastore/redis/redistest"
Refactor integration tests (#1821) * Refactor integration tests * Remove nopCloser and use io.NopCloser * Address review comments
2021-09-15 19:27:53 +00:00
"github.com/fleetdm/fleet/v4/server/fleet"
Add feature to change or disable Fleet's hardcoded detail queries (#9117) #8984 - [x] Changes file added for user-visible changes in `changes/` or `orbit/changes/`. See [Changes files](https://fleetdm.com/docs/contributing/committing-changes#changes-files) for more information. - [x] Added/updated tests Co-authored-by: Lucas Rodriguez <lucas@fleetdm.com>
2023-01-09 11:56:10 +00:00
"github.com/fleetdm/fleet/v4/server/live_query/live_query_mock"
Migrate the last batch of `authenticatedUser` endpoints to the new pattern (#4210)
2022-02-15 20:22:19 +00:00
"github.com/fleetdm/fleet/v4/server/pubsub"
Added scim/details endpoint (#28007) For #27281 This PR adds `/api/{version}/fleet/scim/details` endpoint, along with some frontend fixes. # Checklist for submitter - [x] If database migrations are included, checked table schema to confirm autoupdate - For database migrations: - [x] Checked schema for all modified table for columns that will auto-update timestamps during migration. - [x] Confirmed that updating the timestamps is acceptable, and will not cause unwanted side effects. - [x] Ensured the correct collation is explicitly set for character columns (`COLLATE utf8mb4_unicode_ci`). - [x] Added/updated automated tests - [x] A detailed QA plan exists on the associated ticket (if it isn't there, work with the product group's QA engineer to add it) - [x] Manual QA for all new/changed functionality
2025-04-10 19:08:45 +00:00
"github.com/fleetdm/fleet/v4/server/service/contract"
Refactor integration tests (#1821) * Refactor integration tests * Remove nopCloser and use io.NopCloser * Address review comments
2021-09-15 19:27:53 +00:00
"github.com/fleetdm/fleet/v4/server/test"
Added GET enterprise API endpoint. (#26555) For #26218 - Added `GET /api/_version_/fleet/android_enterprise` andpoint and tests - Set up some testing infrastructure for Android service tests -- see new README.md # Checklist for submitter - [x] Added/updated automated tests - [x] Manual QA for all new/changed functionality
2025-02-26 16:47:05 +00:00
fleet_httptest "github.com/fleetdm/fleet/v4/server/test/httptest"
Refactor integration tests (#1821) * Refactor integration tests * Remove nopCloser and use io.NopCloser * Address review comments
2021-09-15 19:27:53 +00:00
"github.com/ghodss/yaml"
🧹 friday cleanup party: substitute deprecated import of go-kit (#19774) `go-kit/kit/log` was deprecated and generating warnings # Checklist for submitter If some of the following don't apply, delete the relevant line. <!-- Note that API documentation changes are now addressed by the product design team. --> - [x] Manual QA for all new/changed functionality
2024-06-17 13:27:31 +00:00
kitlog "github.com/go-kit/log"
Feat: saved scripts (#14409) For #9537
2023-10-10 22:00:45 +00:00
"github.com/jmoiron/sqlx"
Refactor integration tests (#1821) * Refactor integration tests * Remove nopCloser and use io.NopCloser * Address review comments
2021-09-15 19:27:53 +00:00
"github.com/stretchr/testify/assert"
"github.com/stretchr/testify/require"
"github.com/stretchr/testify/suite"
)
type withDS struct {
s *suite.Suite
ds *mysql.Datastore
}
func (ts *withDS) SetupSuite(dbName string) {
Validate team and appconfig payloads, with `dry-run` and `force` modes (#7731)
2022-09-19 17:53:44 +00:00
t := ts.s.T()
ts.ds = mysql.CreateNamedMySQLDS(t, dbName)
Fix integration tests
2024-04-03 19:44:23 +00:00
// remove any migration-created labels
mysql.ExecAdhocSQL(t, ts.ds, func(q sqlx.ExtContext) error {
Fix conflicts
2024-04-15 20:10:10 +00:00
_, err := q.ExecContext(context.Background(), `DELETE FROM labels`)
Fix integration tests
2024-04-03 19:44:23 +00:00
return err
})
Fix issues related to Fleet builtin labels and reserved MDM profile names (#18043)
2024-04-08 19:34:55 +00:00
test.AddBuiltinLabels(t, ts.ds)
Validate team and appconfig payloads, with `dry-run` and `force` modes (#7731)
2022-09-19 17:53:44 +00:00
// setup the required fields on AppConfig
appConf, err := ts.ds.AppConfig(context.Background())
require.NoError(t, err)
appConf.OrgInfo.OrgName = "FleetTest"
appConf.ServerSettings.ServerURL = "https://example.org"
err = ts.ds.SaveAppConfig(context.Background(), appConf)
require.NoError(t, err)
Refactor integration tests (#1821) * Refactor integration tests * Remove nopCloser and use io.NopCloser * Address review comments
2021-09-15 19:27:53 +00:00
}
func (ts *withDS) TearDownSuite() {
ts.ds.Close()
}
type withServer struct {
withDS
Migrate special-case endpoints to new pattern (#4511)
2022-03-08 16:27:38 +00:00
server *httptest.Server
users map[string]fleet.User
token string
cachedAdminToken string
New `gitops` role (#10850) #8593 This PR adds a new role `gitops` to Fleet. MDM capabilities for the role coming on a separate PR. We need this merged ASAP so that we can unblock the UI work for this. - [X] Changes file added for user-visible changes in `changes/` or `orbit/changes/`. See [Changes files](https://fleetdm.com/docs/contributing/committing-changes#changes-files) for more information. - [x] Documented any API changes (docs/Using-Fleet/REST-API.md or docs/Contributing/API-for-contributors.md) - [X] Documented any permissions changes - ~[ ] Input data is properly validated, `SELECT *` is avoided, SQL injection is prevented (using placeholders for values in statements)~ - ~[ ] Added support on fleet's osquery simulator `cmd/osquery-perf` for new osquery data ingestion features.~ - [X] Added/updated tests - [x] Manual QA for all new/changed functionality - ~For Orbit and Fleet Desktop changes:~ - ~[ ] Manual QA must be performed in the three main OSs, macOS, Windows and Linux.~ - ~[ ] Auto-update manual QA, from released version of component to new version (see [tools/tuf/test](../tools/tuf/test/README.md)).~
2023-04-12 19:11:04 +00:00
cachedTokensMu sync.Mutex
cachedTokens map[string]string // email -> auth token
lq *live_query_mock.MockLiveQuery
New rate limit algorithm for Fleet Desktop endpoints (#33344) Resolves #31890 This new approach allows up to 1000 consecutive failing requests per minute. If the threshold of 1000 consecutive failures is reached for an IP, then we ban request (return 429) from such IP for a duration of 1 minute. (Any successful request for an IP clears the count.) This supports the scenario where all hosts are behind a NAT (same IP) AND still provides protection against brute force attacks (attackers can only probe 1k requests per minute). This approach was discussed in Slack with @rfairburn: https://fleetdm.slack.com/archives/C051QJU3D0V/p1755625131298319?thread_ts=1755101701.844249&cid=C051QJU3D0V. - [X] Changes file added for user-visible changes in `changes/`, `orbit/changes/` or `ee/fleetd-chrome/changes`. See [Changes files](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/guides/committing-changes.md#changes-files) for more information. ## Testing - [X] Added/updated automated tests - [X] Where appropriate, [automated tests simulate multiple hosts and test for host isolation](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/reference/patterns-backend.md#unit-testing) (updates to one hosts's records do not affect another) - [X] QA'd all new/changed functionality manually <!-- This is an auto-generated comment: release notes by coderabbit.ai --> ## Summary by CodeRabbit - New Features - Introduced IP-based rate limiting for Fleet Desktop endpoints to better support many hosts behind a single public IP (NAT). Requests from abusive IPs may be temporarily blocked, returning 429 Too Many Requests with a retry-after hint. - Documentation - Added README for a new desktop rate-limit tester, describing usage and expected behavior. - Tests - Added integration tests covering desktop endpoint rate limiting and Redis-backed banning logic. - Chores - Added a command-line tool to stress-test desktop endpoints and verify rate limiting behavior. <!-- end of auto-generated comment: release notes by coderabbit.ai -->
2025-09-26 18:03:50 +00:00
redisPool fleet.RedisPool
Refactor integration tests (#1821) * Refactor integration tests * Remove nopCloser and use io.NopCloser * Address review comments
2021-09-15 19:27:53 +00:00
}
func (ts *withServer) SetupSuite(dbName string) {
ts.withDS.SetupSuite(dbName)
Migrate the last batch of `authenticatedUser` endpoints to the new pattern (#4210)
2022-02-15 20:22:19 +00:00
rs := pubsub.NewInmemQueryResults()
Support matching a host in orbit enrollment using the serial number (#9612)
2023-02-28 17:55:04 +00:00
cfg := config.TestConfig()
cfg.Osquery.EnrollCooldown = 0
New rate limit algorithm for Fleet Desktop endpoints (#33344) Resolves #31890 This new approach allows up to 1000 consecutive failing requests per minute. If the threshold of 1000 consecutive failures is reached for an IP, then we ban request (return 429) from such IP for a duration of 1 minute. (Any successful request for an IP clears the count.) This supports the scenario where all hosts are behind a NAT (same IP) AND still provides protection against brute force attacks (attackers can only probe 1k requests per minute). This approach was discussed in Slack with @rfairburn: https://fleetdm.slack.com/archives/C051QJU3D0V/p1755625131298319?thread_ts=1755101701.844249&cid=C051QJU3D0V. - [X] Changes file added for user-visible changes in `changes/`, `orbit/changes/` or `ee/fleetd-chrome/changes`. See [Changes files](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/guides/committing-changes.md#changes-files) for more information. ## Testing - [X] Added/updated automated tests - [X] Where appropriate, [automated tests simulate multiple hosts and test for host isolation](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/reference/patterns-backend.md#unit-testing) (updates to one hosts's records do not affect another) - [X] QA'd all new/changed functionality manually <!-- This is an auto-generated comment: release notes by coderabbit.ai --> ## Summary by CodeRabbit - New Features - Introduced IP-based rate limiting for Fleet Desktop endpoints to better support many hosts behind a single public IP (NAT). Requests from abusive IPs may be temporarily blocked, returning 429 Too Many Requests with a retry-after hint. - Documentation - Added README for a new desktop rate-limit tester, describing usage and expected behavior. - Tests - Added integration tests covering desktop endpoint rate limiting and Redis-backed banning logic. - Chores - Added a command-line tool to stress-test desktop endpoints and verify rate limiting behavior. <!-- end of auto-generated comment: release notes by coderabbit.ai -->
2025-09-26 18:03:50 +00:00
redisPool := redistest.SetupRedis(ts.s.T(), "integration_core", false, false, false)
Recategorize MDM endpoints to new mdm-less paths (#17372)
2024-03-13 14:27:29 +00:00
opts := &TestServerOpts{
Support matching a host in orbit enrollment using the serial number (#9612)
2023-02-28 17:55:04 +00:00
Rs: rs,
Lq: ts.lq,
FleetConfig: &cfg,
New rate limit algorithm for Fleet Desktop endpoints (#33344) Resolves #31890 This new approach allows up to 1000 consecutive failing requests per minute. If the threshold of 1000 consecutive failures is reached for an IP, then we ban request (return 429) from such IP for a duration of 1 minute. (Any successful request for an IP clears the count.) This supports the scenario where all hosts are behind a NAT (same IP) AND still provides protection against brute force attacks (attackers can only probe 1k requests per minute). This approach was discussed in Slack with @rfairburn: https://fleetdm.slack.com/archives/C051QJU3D0V/p1755625131298319?thread_ts=1755101701.844249&cid=C051QJU3D0V. - [X] Changes file added for user-visible changes in `changes/`, `orbit/changes/` or `ee/fleetd-chrome/changes`. See [Changes files](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/guides/committing-changes.md#changes-files) for more information. ## Testing - [X] Added/updated automated tests - [X] Where appropriate, [automated tests simulate multiple hosts and test for host isolation](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/reference/patterns-backend.md#unit-testing) (updates to one hosts's records do not affect another) - [X] QA'd all new/changed functionality manually <!-- This is an auto-generated comment: release notes by coderabbit.ai --> ## Summary by CodeRabbit - New Features - Introduced IP-based rate limiting for Fleet Desktop endpoints to better support many hosts behind a single public IP (NAT). Requests from abusive IPs may be temporarily blocked, returning 429 Too Many Requests with a retry-after hint. - Documentation - Added README for a new desktop rate-limit tester, describing usage and expected behavior. - Tests - Added integration tests covering desktop endpoint rate limiting and Redis-backed banning logic. - Chores - Added a command-line tool to stress-test desktop endpoints and verify rate limiting behavior. <!-- end of auto-generated comment: release notes by coderabbit.ai -->
2025-09-26 18:03:50 +00:00
Pool: redisPool,
Recategorize MDM endpoints to new mdm-less paths (#17372)
2024-03-13 14:27:29 +00:00
}
if os.Getenv("FLEET_INTEGRATION_TESTS_DISABLE_LOG") != "" {
opts.Logger = kitlog.NewNopLogger()
}
users, server := RunServerForTestsWithDS(ts.s.T(), ts.ds, opts)
Refactor integration tests (#1821) * Refactor integration tests * Remove nopCloser and use io.NopCloser * Address review comments
2021-09-15 19:27:53 +00:00
ts.server = server
ts.users = users
ts.token = ts.getTestAdminToken()
Migrate special-case endpoints to new pattern (#4511)
2022-03-08 16:27:38 +00:00
ts.cachedAdminToken = ts.token
New rate limit algorithm for Fleet Desktop endpoints (#33344) Resolves #31890 This new approach allows up to 1000 consecutive failing requests per minute. If the threshold of 1000 consecutive failures is reached for an IP, then we ban request (return 429) from such IP for a duration of 1 minute. (Any successful request for an IP clears the count.) This supports the scenario where all hosts are behind a NAT (same IP) AND still provides protection against brute force attacks (attackers can only probe 1k requests per minute). This approach was discussed in Slack with @rfairburn: https://fleetdm.slack.com/archives/C051QJU3D0V/p1755625131298319?thread_ts=1755101701.844249&cid=C051QJU3D0V. - [X] Changes file added for user-visible changes in `changes/`, `orbit/changes/` or `ee/fleetd-chrome/changes`. See [Changes files](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/guides/committing-changes.md#changes-files) for more information. ## Testing - [X] Added/updated automated tests - [X] Where appropriate, [automated tests simulate multiple hosts and test for host isolation](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/reference/patterns-backend.md#unit-testing) (updates to one hosts's records do not affect another) - [X] QA'd all new/changed functionality manually <!-- This is an auto-generated comment: release notes by coderabbit.ai --> ## Summary by CodeRabbit - New Features - Introduced IP-based rate limiting for Fleet Desktop endpoints to better support many hosts behind a single public IP (NAT). Requests from abusive IPs may be temporarily blocked, returning 429 Too Many Requests with a retry-after hint. - Documentation - Added README for a new desktop rate-limit tester, describing usage and expected behavior. - Tests - Added integration tests covering desktop endpoint rate limiting and Redis-backed banning logic. - Chores - Added a command-line tool to stress-test desktop endpoints and verify rate limiting behavior. <!-- end of auto-generated comment: release notes by coderabbit.ai -->
2025-09-26 18:03:50 +00:00
ts.redisPool = redisPool
Refactor integration tests (#1821) * Refactor integration tests * Remove nopCloser and use io.NopCloser * Address review comments
2021-09-15 19:27:53 +00:00
}
func (ts *withServer) TearDownSuite() {
ts.withDS.TearDownSuite()
}
Add new low_disk_space URL parameter to the GET /hosts endpoint (and GET /hosts/count) (#7853)
2022-09-21 19:16:31 +00:00
func (ts *withServer) commonTearDownTest(t *testing.T) {
Add enterprise integration test for calendar events (#17900) Integration tests for the calendar feature: #17441. Adding coverage screenshots for the calendar cron and the osquery distributed/write coverage: ![Screenshot 2024-03-27 at 14 20 44](https://github.com/fleetdm/fleet/assets/2073526/40d394ab-2208-4bec-981b-fe22fae8b5c1) ![Screenshot 2024-03-27 at 14 21 20](https://github.com/fleetdm/fleet/assets/2073526/1e4c8611-21ba-48a6-82f8-a163594f7f01)
2024-04-04 17:58:31 +00:00
// By setting DISABLE_TABLES_CLEANUP a developer can troubleshoot tests
// by inspecting mysql tables.
if os.Getenv("DISABLE_CLEANUP_TABLES") != "" {
return
}
Add new low_disk_space URL parameter to the GET /hosts endpoint (and GET /hosts/count) (#7853)
2022-09-21 19:16:31 +00:00
ctx := context.Background()
u := ts.users["admin1@example.com"]
filter := fleet.TeamFilter{User: &u}
hosts, err := ts.ds.ListHosts(ctx, filter, fleet.HostListOptions{})
require.NoError(t, err)
for _, host := range hosts {
Feature: Store installed file path when ingesting software (#11214) Store software installed paths into the host_software_installed_paths table when ingesting osquery software data.
2023-05-17 18:49:09 +00:00
_, err := ts.ds.UpdateHostSoftware(context.Background(), host.ID, nil)
require.NoError(t, err)
Add new low_disk_space URL parameter to the GET /hosts endpoint (and GET /hosts/count) (#7853)
2022-09-21 19:16:31 +00:00
require.NoError(t, ts.ds.DeleteHost(ctx, host.ID))
}
SSVL: prevent deletion of a label if used to scope software installers (#24644)
2024-12-11 19:21:10 +00:00
teams, err := ts.ds.ListTeams(ctx, fleet.TeamFilter{User: &u}, fleet.ListOptions{})
require.NoError(t, err)
for _, tm := range teams {
err := ts.ds.DeleteTeam(ctx, tm.ID)
require.NoError(t, err)
}
mysql.ExecAdhocSQL(t, ts.ds, func(q sqlx.ExtContext) error {
_, err := q.ExecContext(ctx, `DELETE FROM policies;`)
return err
})
// Clean software installers in "No team" (the others are deleted in ts.ds.DeleteTeam above).
mysql.ExecAdhocSQL(t, ts.ds, func(q sqlx.ExtContext) error {
_, err := q.ExecContext(ctx, `DELETE FROM software_installers WHERE global_or_team_id = 0;`)
Initial support for in-house apps on iOS/iPadOS (#34802)
2025-10-28 12:33:58 +00:00
if err != nil {
return err
}
_, err = q.ExecContext(ctx, "DELETE FROM in_house_apps;")
SSVL: prevent deletion of a label if used to scope software installers (#24644)
2024-12-11 19:21:10 +00:00
return err
})
Add new low_disk_space URL parameter to the GET /hosts endpoint (and GET /hosts/count) (#7853)
2022-09-21 19:16:31 +00:00
lbls, err := ts.ds.ListLabels(ctx, fleet.TeamFilter{}, fleet.ListOptions{})
require.NoError(t, err)
for _, lbl := range lbls {
if lbl.LabelType != fleet.LabelTypeBuiltIn {
err := ts.ds.DeleteLabel(ctx, lbl.Name)
require.NoError(t, err)
}
}
21855 – Paginate and filter Queries on the server, update `platform` filtering from compatible to targeted platforms (#24446) ## Addresses #21855 and all of its subtasks **Frontend:** - Update list queries API call to include pagination and filter-related query params, including new `platform` param for filtering queries by platforms they've been set to target - Convert all filtering, sorting, and pagination functionality of the Manage queries page from client-side to server-side - Remove unneeded variable declarations / logic - Various typing and naming improvements **Server:** - Add new `platform` `ListQueryOption` - Update service and datastore level list queries logic to handle filtering queries by targeted platform - Update service and datastore level list queries logic to include `meta` and `count` fields in addition to filtered/paginated queries - [x] Changes file added for user-visible changes in `changes/`, ` - [x] Added/updated tests - [x] update DB, integration - [x] add integration (pagination) - [x] add integration (platform filter) - [x] add DB (pagination) - [x] add DB (platform filter) - [x] Manual QA for all new/changed functionality --------- Co-authored-by: Jacob Shandling <jacob@fleetdm.com>
2024-12-11 18:50:28 +00:00
queries, _, _, err := ts.ds.ListQueries(ctx, fleet.ListQueryOptions{})
Combine Schedules and Queries: API changes (#12778) Combining schedules and queries API changes.
2023-07-25 00:17:20 +00:00
require.NoError(t, err)
queryIDs := make([]uint, 0, len(queries))
for _, query := range queries {
queryIDs = append(queryIDs, query.ID)
}
if len(queryIDs) > 0 {
count, err := ts.ds.DeleteQueries(ctx, queryIDs)
require.NoError(t, err)
Updating golangci-lint to 1.61.0 (#22973)
2024-10-18 17:38:26 +00:00
require.EqualValues(t, len(queries), count)
Combine Schedules and Queries: API changes (#12778) Combining schedules and queries API changes.
2023-07-25 00:17:20 +00:00
}
Add new low_disk_space URL parameter to the GET /hosts endpoint (and GET /hosts/count) (#7853)
2022-09-21 19:16:31 +00:00
users, err := ts.ds.ListUsers(ctx, fleet.UserListOptions{})
require.NoError(t, err)
for _, u := range users {
if _, ok := ts.users[u.Email]; !ok {
err := ts.ds.DeleteUser(ctx, u.ID)
require.NoError(t, err)
}
}
Backend build for script automation (#22472) #22115, #22116 # Checklist for submitter If some of the following don't apply, delete the relevant line. <!-- Note that API documentation changes are now addressed by the product design team. --> No changes file, as FE changes file covers the entire feature - [x] Input data is properly validated, `SELECT *` is avoided, SQL injection is prevented (using placeholders for values in statements) - [x] Added/updated tests - [x] If database migrations are included, checked table schema to confirm autoupdate - For database migrations: - [x] Checked schema for all modified table for columns that will auto-update timestamps during migration. - [x] Confirmed that updating the timestamps is acceptable, and will not cause unwanted side effects. - [x] Ensured the correct collation is explicitly set for character columns (`COLLATE utf8mb4_unicode_ci`). - [x] Manual QA for all new/changed functionality --------- Co-authored-by: Jacob Shandling <jacob@fleetdm.com> Co-authored-by: Tim Lee <timlee@fleetdm.com>
2024-10-04 01:03:40 +00:00
// Clean scripts in "No team" (the others are deleted in ts.ds.DeleteTeam above).
mysql.ExecAdhocSQL(t, ts.ds, func(q sqlx.ExtContext) error {
_, err := q.ExecContext(ctx, `DELETE FROM scripts WHERE global_or_team_id = 0;`)
return err
})
paginate the policies API (#13459)
2023-08-30 22:30:17 +00:00
globalPolicies, err := ts.ds.ListGlobalPolicies(ctx, fleet.ListOptions{})
Add new low_disk_space URL parameter to the GET /hosts endpoint (and GET /hosts/count) (#7853)
2022-09-21 19:16:31 +00:00
require.NoError(t, err)
if len(globalPolicies) > 0 {
var globalPolicyIDs []uint
for _, gp := range globalPolicies {
globalPolicyIDs = append(globalPolicyIDs, gp.ID)
}
_, err = ts.ds.DeleteGlobalPolicies(ctx, globalPolicyIDs)
require.NoError(t, err)
}
Fix queries stats ingestion (`Performance impact`) (#13432) #13318 - [X] Changes file added for user-visible changes in `changes/` or `orbit/changes/`. See [Changes files](https://fleetdm.com/docs/contributing/committing-changes#changes-files) for more information. - ~[ ] Documented any API changes (docs/Using-Fleet/REST-API.md or docs/Contributing/API-for-contributors.md)~ - ~[ ] Documented any permissions changes~ - ~[ ] Input data is properly validated, `SELECT *` is avoided, SQL injection is prevented (using placeholders for values in statements)~ - ~[ ] Added support on fleet's osquery simulator `cmd/osquery-perf` for new osquery data ingestion features.~ - [x] Added/updated tests - [X] Manual QA for all new/changed functionality - ~For Orbit and Fleet Desktop changes:~ - ~[ ] Manual QA must be performed in the three main OSs, macOS, Windows and Linux.~ - ~[ ] Auto-update manual QA, from released version of component to new version (see [tools/tuf/test](../tools/tuf/test/README.md)).~
2023-09-01 18:14:49 +00:00
packs, err := ts.ds.ListPacks(ctx, fleet.PackListOptions{})
require.NoError(t, err)
for _, pack := range packs {
err := ts.ds.DeletePack(ctx, pack.Name)
require.NoError(t, err)
}
Software installers: backend cleanup tasks part 1 (#18955)
2024-05-14 12:37:07 +00:00
// Do the software/titles cleanup.
Add new low_disk_space URL parameter to the GET /hosts endpoint (and GET /hosts/count) (#7853)
2022-09-21 19:16:31 +00:00
err = ts.ds.SyncHostsSoftware(ctx, time.Now())
require.NoError(t, err)
Optimize software title reconciliation in vulnerabilities job (#34146) Resolves #34055 - [X] Changes file added for user-visible changes in `changes/`, `orbit/changes/` or `ee/fleetd-chrome/changes`. - [X] Input data is properly validated, `SELECT *` is avoided, SQL injection is prevented (using placeholders for values in statements) ## Testing - [x] QA'd all new/changed functionality manually <!-- This is an auto-generated comment: release notes by coderabbit.ai --> ## Summary by CodeRabbit * **Refactor** * Optimized software title reconciliation used during vulnerability processing, improving scan performance and reducing database load. More efficient cleanup of orphaned titles and updates to title names. * **Tests** * Corrected a test name typo for clarity. * Streamlined MDM integration test by removing redundant title recreation steps. <!-- end of auto-generated comment: release notes by coderabbit.ai -->
2025-10-14 22:36:45 +00:00
err = ts.ds.CleanupSoftwareTitles(ctx)
Software installers: backend cleanup tasks part 1 (#18955)
2024-05-14 12:37:07 +00:00
require.NoError(t, err)
err = ts.ds.SyncHostsSoftwareTitles(ctx, time.Now())
require.NoError(t, err)
Feat: saved scripts (#14409) For #9537
2023-10-10 22:00:45 +00:00
// delete orphaned scripts
mysql.ExecAdhocSQL(t, ts.ds, func(q sqlx.ExtContext) error {
_, err := q.ExecContext(ctx, `DELETE FROM scripts`)
return err
})
// delete orphaned host_script_results
mysql.ExecAdhocSQL(t, ts.ds, func(q sqlx.ExtContext) error {
_, err := q.ExecContext(ctx, `DELETE FROM host_script_results`)
return err
})
Use `global_or_team_id` instead of `team_id` so ID 0 (no team) is valid (#21880)
2024-09-06 18:36:41 +00:00
mysql.ExecAdhocSQL(t, ts.ds, func(tx sqlx.ExtContext) error {
_, err := tx.ExecContext(ctx, "DELETE FROM vpp_tokens;")
return err
})
Full support of secret variables in Apple configuration profiles (#24925) For secrets subtask #24548 Fixed secret variables support in Apple configuration profiles. # Checklist for submitter - [x] Added/updated tests - [x] If database migrations are included, checked table schema to confirm autoupdate - For database migrations: - [x] Ensured the correct collation is explicitly set for character columns (`COLLATE utf8mb4_unicode_ci`). - [x] Manual QA for all new/changed functionality
2024-12-20 21:40:23 +00:00
mysql.ExecAdhocSQL(t, ts.ds, func(tx sqlx.ExtContext) error {
_, err := tx.ExecContext(ctx, "DELETE FROM secret_variables")
return err
})
Support for fleet maintained apps in gitops (#28751) https://github.com/fleetdm/fleet/issues/24469 - [x] Changes file added for user-visible changes in `changes/`, `orbit/changes/` or `ee/fleetd-chrome/changes`. See [Changes files](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/Committing-Changes.md#changes-files) for more information. - [x] Input data is properly validated, `SELECT *` is avoided, SQL injection is prevented (using placeholders for values in statements) - [x] If paths of existing endpoints are modified without backwards compatibility, checked the frontend/CLI for any necessary changes - [x] Added/updated automated tests - [x] A detailed QA plan exists on the associated ticket (if it isn't there, work with the product group's QA engineer to add it) - [x] Manual QA for all new/changed functionality
2025-05-07 23:16:08 +00:00
mysql.ExecAdhocSQL(t, ts.ds, func(q sqlx.ExtContext) error {
_, err := q.ExecContext(ctx, "DELETE FROM fleet_maintained_apps; ")
return err
})
// Most tests reference FMAs by ID, and the expect the records to be inserted starting with 1, so we need to reset the auto increment.
mysql.ExecAdhocSQL(t, ts.ds, func(q sqlx.ExtContext) error {
_, err := q.ExecContext(ctx, "ALTER TABLE fleet_maintained_apps AUTO_INCREMENT = 1;")
return err
})
Check content-type header when parsing cross-origin JSON (#29497)
2025-05-29 19:26:55 +00:00
mysql.ExecAdhocSQL(t, ts.ds, func(q sqlx.ExtContext) error {
_, err := q.ExecContext(ctx, "DELETE FROM invites; ")
return err
})
Add new low_disk_space URL parameter to the GET /hosts endpoint (and GET /hosts/count) (#7853)
2022-09-21 19:16:31 +00:00
}
Add host count API (#2356) * Add host count API * Add rest api docs * Add host count for labels and address review comments * Add regex for id
2021-10-07 11:25:35 +00:00
func (ts *withServer) Do(verb, path string, params interface{}, expectedStatusCode int, queryParams ...string) *http.Response {
Refactor integration tests (#1821) * Refactor integration tests * Remove nopCloser and use io.NopCloser * Address review comments
2021-09-15 19:27:53 +00:00
t := ts.s.T()
j, err := json.Marshal(params)
require.NoError(t, err)
Add host count API (#2356) * Add host count API * Add rest api docs * Add host count for labels and address review comments * Add regex for id
2021-10-07 11:25:35 +00:00
resp := ts.DoRaw(verb, path, j, expectedStatusCode, queryParams...)
Refactor integration tests (#1821) * Refactor integration tests * Remove nopCloser and use io.NopCloser * Address review comments
2021-09-15 19:27:53 +00:00
t.Cleanup(func() {
resp.Body.Close()
})
return resp
}
Add host count API (#2356) * Add host count API * Add rest api docs * Add host count for labels and address review comments * Add regex for id
2021-10-07 11:25:35 +00:00
func (ts *withServer) DoRawWithHeaders(
verb string, path string, rawBytes []byte, expectedStatusCode int, headers map[string]string, queryParams ...string,
) *http.Response {
Replace home-made SAML implementation with https://github.com/crewjam/saml (#28486) For https://github.com/fleetdm/confidential/issues/9931. [Here](https://github.com/fleetdm/fleet/blob/ec3e8edbdc3f1b4220ada22c8290dbf0237ce1ba/docs/Contributing/Testing-and-local-development.md?plain=1#L339)'s how to test SAML locally with SimpleSAML. - [X] Changes file added for user-visible changes in `changes/`, `orbit/changes/` or `ee/fleetd-chrome/changes`. See [Changes files](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/Committing-Changes.md#changes-files) for more information. - [x] Added/updated automated tests - [x] A detailed QA plan exists on the associated ticket (if it isn't there, work with the product group's QA engineer to add it) - [x] Manual QA for all new/changed functionality <!-- This is an auto-generated comment: release notes by coderabbit.ai --> ## Summary by CodeRabbit * **New Features** * Improved SSO and SAML integration with enhanced session management using secure cookies. * Added support for IdP-initiated login flows. * Introduced new tests covering SSO login flows, metadata handling, and error scenarios. * **Bug Fixes** * Enhanced validation and error handling for invalid or tampered SAML responses. * Fixed session cookie handling during SSO and Apple MDM SSO flows. * **Refactor** * Replaced custom SAML implementation with the crewjam/saml library for improved reliability. * Simplified SAML metadata parsing and session store management. * Streamlined SSO authorization request and response processing. * Removed deprecated fields and redundant code related to SSO. * **Documentation** * Updated testing and local development docs with clearer instructions for SSO and IdP-initiated login. * **Chores** * Upgraded dependencies including crewjam/saml and related packages. * Cleaned up tests and configuration by removing deprecated fields and unused imports. <!-- end of auto-generated comment: release notes by coderabbit.ai -->
2025-07-07 18:13:46 +00:00
opts := []fleethttp.ClientOpt{}
if expectedStatusCode >= 300 && expectedStatusCode <= 399 {
opts = append(opts, fleethttp.WithFollowRedir(false))
}
client := fleethttp.NewClient(opts...)
return fleet_httptest.DoHTTPReq(ts.s.T(), client, decodeJSON, verb, rawBytes, ts.server.URL+path, headers, expectedStatusCode, queryParams...)
Added GET enterprise API endpoint. (#26555) For #26218 - Added `GET /api/_version_/fleet/android_enterprise` andpoint and tests - Set up some testing infrastructure for Android service tests -- see new README.md # Checklist for submitter - [x] Added/updated automated tests - [x] Manual QA for all new/changed functionality
2025-02-26 16:47:05 +00:00
}
Refactor integration tests (#1821) * Refactor integration tests * Remove nopCloser and use io.NopCloser * Address review comments
2021-09-15 19:27:53 +00:00
Added GET enterprise API endpoint. (#26555) For #26218 - Added `GET /api/_version_/fleet/android_enterprise` andpoint and tests - Set up some testing infrastructure for Android service tests -- see new README.md # Checklist for submitter - [x] Added/updated automated tests - [x] Manual QA for all new/changed functionality
2025-02-26 16:47:05 +00:00
func decodeJSON(r io.Reader, v interface{}) error {
return json.NewDecoder(r).Decode(v)
Refactor integration tests (#1821) * Refactor integration tests * Remove nopCloser and use io.NopCloser * Address review comments
2021-09-15 19:27:53 +00:00
}
Add host count API (#2356) * Add host count API * Add rest api docs * Add host count for labels and address review comments * Add regex for id
2021-10-07 11:25:35 +00:00
func (ts *withServer) DoRaw(verb string, path string, rawBytes []byte, expectedStatusCode int, queryParams ...string) *http.Response {
Refactor integration tests (#1821) * Refactor integration tests * Remove nopCloser and use io.NopCloser * Address review comments
2021-09-15 19:27:53 +00:00
return ts.DoRawWithHeaders(verb, path, rawBytes, expectedStatusCode, map[string]string{
"Authorization": fmt.Sprintf("Bearer %s", ts.token),
Add host count API (#2356) * Add host count API * Add rest api docs * Add host count for labels and address review comments * Add regex for id
2021-10-07 11:25:35 +00:00
}, queryParams...)
Refactor integration tests (#1821) * Refactor integration tests * Remove nopCloser and use io.NopCloser * Address review comments
2021-09-15 19:27:53 +00:00
}
CHV: implement paginated list certificates endpoints (#26554)
2025-02-24 17:52:39 +00:00
func (ts *withServer) DoRawNoAuth(verb string, path string, rawBytes []byte, expectedStatusCode int, queryParams ...string) *http.Response {
return ts.DoRawWithHeaders(verb, path, rawBytes, expectedStatusCode, nil, queryParams...)
Refactor integration tests (#1821) * Refactor integration tests * Remove nopCloser and use io.NopCloser * Address review comments
2021-09-15 19:27:53 +00:00
}
Add host count API (#2356) * Add host count API * Add rest api docs * Add host count for labels and address review comments * Add regex for id
2021-10-07 11:25:35 +00:00
func (ts *withServer) DoJSON(verb, path string, params interface{}, expectedStatusCode int, v interface{}, queryParams ...string) {
resp := ts.Do(verb, path, params, expectedStatusCode, queryParams...)
Refactor integration tests (#1821) * Refactor integration tests * Remove nopCloser and use io.NopCloser * Address review comments
2021-09-15 19:27:53 +00:00
err := json.NewDecoder(resp.Body).Decode(v)
require.NoError(ts.s.T(), err)
service.errorer to fleet.Errorer (#26362)
2025-02-14 22:19:34 +00:00
if e, ok := v.(fleet.Errorer); ok {
Refactoring service layer. Part 1 (#25945) Refactoring some functionality out of the service package so it can be reused by a different service package. - auth middleware - logging errors No functional changes.
2025-02-03 17:23:26 +00:00
require.NoError(ts.s.T(), e.Error())
Refactor integration tests (#1821) * Refactor integration tests * Remove nopCloser and use io.NopCloser * Address review comments
2021-09-15 19:27:53 +00:00
}
}
Backend for policy automation to install software (#21650) #21428 - [X] Changes file added for user-visible changes in `changes/`, `orbit/changes/` or `ee/fleetd-chrome/changes`. See [Changes files](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/Committing-Changes.md#changes-files) for more information. - [X] Input data is properly validated, `SELECT *` is avoided, SQL injection is prevented (using placeholders for values in statements) - [X] Added/updated tests - [X] If database migrations are included, checked table schema to confirm autoupdate - For database migrations: - [X] Checked schema for all modified table for columns that will auto-update timestamps during migration. - [X] Confirmed that updating the timestamps is acceptable, and will not cause unwanted side effects. - [X] Ensured the correct collation is explicitly set for character columns (`COLLATE utf8mb4_unicode_ci`). - [X] Manual QA for all new/changed functionality
2024-08-30 17:13:25 +00:00
func (ts *withServer) DoJSONWithoutAuth(verb, path string, params interface{}, expectedStatusCode int, v interface{}, queryParams ...string) {
t := ts.s.T()
rawBytes, err := json.Marshal(params)
require.NoError(t, err)
resp := ts.DoRawWithHeaders(verb, path, rawBytes, expectedStatusCode, map[string]string{}, queryParams...)
t.Cleanup(func() {
resp.Body.Close()
})
err = json.NewDecoder(resp.Body).Decode(v)
require.NoError(ts.s.T(), err)
service.errorer to fleet.Errorer (#26362)
2025-02-14 22:19:34 +00:00
if e, ok := v.(fleet.Errorer); ok {
Refactoring service layer. Part 1 (#25945) Refactoring some functionality out of the service package so it can be reused by a different service package. - auth middleware - logging errors No functional changes.
2025-02-03 17:23:26 +00:00
require.NoError(ts.s.T(), e.Error())
Backend for policy automation to install software (#21650) #21428 - [X] Changes file added for user-visible changes in `changes/`, `orbit/changes/` or `ee/fleetd-chrome/changes`. See [Changes files](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/Committing-Changes.md#changes-files) for more information. - [X] Input data is properly validated, `SELECT *` is avoided, SQL injection is prevented (using placeholders for values in statements) - [X] Added/updated tests - [X] If database migrations are included, checked table schema to confirm autoupdate - For database migrations: - [X] Checked schema for all modified table for columns that will auto-update timestamps during migration. - [X] Confirmed that updating the timestamps is acceptable, and will not cause unwanted side effects. - [X] Ensured the correct collation is explicitly set for character columns (`COLLATE utf8mb4_unicode_ci`). - [X] Manual QA for all new/changed functionality
2024-08-30 17:13:25 +00:00
}
}
Refactor integration tests (#1821) * Refactor integration tests * Remove nopCloser and use io.NopCloser * Address review comments
2021-09-15 19:27:53 +00:00
func (ts *withServer) getTestAdminToken() string {
testUser := testUsers["admin1"]
Migrate special-case endpoints to new pattern (#4511)
2022-03-08 16:27:38 +00:00
// because the login endpoint is rate-limited, use the cached admin token
// if available (if for some reason a test needs to logout the admin user,
// then set cachedAdminToken = "" so that a new token is retrieved).
if ts.cachedAdminToken == "" {
ts.cachedAdminToken = ts.getTestToken(testUser.Email, testUser.PlaintextPassword)
}
return ts.cachedAdminToken
Add team policies (#2103) * Add team policies * Add team policy documentation * Add changes file * Update titles * Fix lint * Rewrite TeamAuthorize for more clarify * Explicitly use two slices for clarity * Simplify switch
2021-09-20 14:00:57 +00:00
}
Added migration and secret variables API. (#24594) #24545 # Checklist for submitter If some of the following don't apply, delete the relevant line. <!-- Note that API documentation changes are now addressed by the product design team. --> - [x] Changes file added for user-visible changes in `changes/`, `orbit/changes/` or `ee/fleetd-chrome/changes`. See [Changes files](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/Committing-Changes.md#changes-files) for more information. - [x] Input data is properly validated, `SELECT *` is avoided, SQL injection is prevented (using placeholders for values in statements) - [x] Added/updated tests - [x] If database migrations are included, checked table schema to confirm autoupdate - For database migrations: - [x] Ensured the correct collation is explicitly set for character columns (`COLLATE utf8mb4_unicode_ci`). - [x] Manual QA for all new/changed functionality
2024-12-10 21:32:51 +00:00
func (ts *withServer) setTokenForTest(t *testing.T, email, password string) {
oldToken := ts.token
t.Cleanup(func() {
ts.token = oldToken
})
ts.token = ts.getCachedUserToken(email, password)
}
New `gitops` role (#10850) #8593 This PR adds a new role `gitops` to Fleet. MDM capabilities for the role coming on a separate PR. We need this merged ASAP so that we can unblock the UI work for this. - [X] Changes file added for user-visible changes in `changes/` or `orbit/changes/`. See [Changes files](https://fleetdm.com/docs/contributing/committing-changes#changes-files) for more information. - [x] Documented any API changes (docs/Using-Fleet/REST-API.md or docs/Contributing/API-for-contributors.md) - [X] Documented any permissions changes - ~[ ] Input data is properly validated, `SELECT *` is avoided, SQL injection is prevented (using placeholders for values in statements)~ - ~[ ] Added support on fleet's osquery simulator `cmd/osquery-perf` for new osquery data ingestion features.~ - [X] Added/updated tests - [x] Manual QA for all new/changed functionality - ~For Orbit and Fleet Desktop changes:~ - ~[ ] Manual QA must be performed in the three main OSs, macOS, Windows and Linux.~ - ~[ ] Auto-update manual QA, from released version of component to new version (see [tools/tuf/test](../tools/tuf/test/README.md)).~
2023-04-12 19:11:04 +00:00
// getCachedUserToken returns the cached auth token for the given test user email.
// If it's not found, then a login request is performed and the token cached.
func (ts *withServer) getCachedUserToken(email, password string) string {
ts.cachedTokensMu.Lock()
defer ts.cachedTokensMu.Unlock()
Add MDM configuration permissions to GitOps (#11207) #8593 Adding new MDM functionality to GitOps. - ~[ ] Changes file added for user-visible changes in `changes/` or `orbit/changes/`. See [Changes files](https://fleetdm.com/docs/contributing/committing-changes#changes-files) for more information.~ - ~[ ] Documented any API changes (docs/Using-Fleet/REST-API.md or docs/Contributing/API-for-contributors.md)~ - [X] Documented any permissions changes - ~[ ] Input data is properly validated, `SELECT *` is avoided, SQL injection is prevented (using placeholders for values in statements)~ - ~[ ] Added support on fleet's osquery simulator `cmd/osquery-perf` for new osquery data ingestion features.~ - [x] Added/updated tests - [X] Manual QA for all new/changed functionality - ~For Orbit and Fleet Desktop changes:~ - ~[ ] Manual QA must be performed in the three main OSs, macOS, Windows and Linux.~ - ~[ ] Auto-update manual QA, from released version of component to new version (see [tools/tuf/test](../tools/tuf/test/README.md)).~
2023-04-17 15:08:55 +00:00
if ts.cachedTokens == nil {
ts.cachedTokens = make(map[string]string)
}
New `gitops` role (#10850) #8593 This PR adds a new role `gitops` to Fleet. MDM capabilities for the role coming on a separate PR. We need this merged ASAP so that we can unblock the UI work for this. - [X] Changes file added for user-visible changes in `changes/` or `orbit/changes/`. See [Changes files](https://fleetdm.com/docs/contributing/committing-changes#changes-files) for more information. - [x] Documented any API changes (docs/Using-Fleet/REST-API.md or docs/Contributing/API-for-contributors.md) - [X] Documented any permissions changes - ~[ ] Input data is properly validated, `SELECT *` is avoided, SQL injection is prevented (using placeholders for values in statements)~ - ~[ ] Added support on fleet's osquery simulator `cmd/osquery-perf` for new osquery data ingestion features.~ - [X] Added/updated tests - [x] Manual QA for all new/changed functionality - ~For Orbit and Fleet Desktop changes:~ - ~[ ] Manual QA must be performed in the three main OSs, macOS, Windows and Linux.~ - ~[ ] Auto-update manual QA, from released version of component to new version (see [tools/tuf/test](../tools/tuf/test/README.md)).~
2023-04-12 19:11:04 +00:00
token, ok := ts.cachedTokens[email]
if !ok {
token = ts.getTestToken(email, password)
ts.cachedTokens[email] = token
}
return token
}
Add team policies (#2103) * Add team policies * Add team policy documentation * Add changes file * Update titles * Fix lint * Rewrite TeamAuthorize for more clarify * Explicitly use two slices for clarity * Simplify switch
2021-09-20 14:00:57 +00:00
func (ts *withServer) getTestToken(email string, password string) string {
Scaffold for new integration tests. (#26747) For #26219 Created a scaffold for server/service integration tests going forward. - separate package - no dependency on testify Suite
2025-03-04 18:04:25 +00:00
return GetToken(ts.s.T(), email, password, ts.server.URL)
}
func GetToken(t *testing.T, email string, password string, serverURL string) string {
Added scim/details endpoint (#28007) For #27281 This PR adds `/api/{version}/fleet/scim/details` endpoint, along with some frontend fixes. # Checklist for submitter - [x] If database migrations are included, checked table schema to confirm autoupdate - For database migrations: - [x] Checked schema for all modified table for columns that will auto-update timestamps during migration. - [x] Confirmed that updating the timestamps is acceptable, and will not cause unwanted side effects. - [x] Ensured the correct collation is explicitly set for character columns (`COLLATE utf8mb4_unicode_ci`). - [x] Added/updated automated tests - [x] A detailed QA plan exists on the associated ticket (if it isn't there, work with the product group's QA engineer to add it) - [x] Manual QA for all new/changed functionality
2025-04-10 19:08:45 +00:00
params := contract.LoginRequest{
Add team policies (#2103) * Add team policies * Add team policy documentation * Add changes file * Update titles * Fix lint * Rewrite TeamAuthorize for more clarify * Explicitly use two slices for clarity * Simplify switch
2021-09-20 14:00:57 +00:00
Email: email,
Password: password,
Refactor integration tests (#1821) * Refactor integration tests * Remove nopCloser and use io.NopCloser * Address review comments
2021-09-15 19:27:53 +00:00
}
j, err := json.Marshal(&params)
Scaffold for new integration tests. (#26747) For #26219 Created a scaffold for server/service integration tests going forward. - separate package - no dependency on testify Suite
2025-03-04 18:04:25 +00:00
require.NoError(t, err)
Refactor integration tests (#1821) * Refactor integration tests * Remove nopCloser and use io.NopCloser * Address review comments
2021-09-15 19:27:53 +00:00
requestBody := io.NopCloser(bytes.NewBuffer(j))
Scaffold for new integration tests. (#26747) For #26219 Created a scaffold for server/service integration tests going forward. - separate package - no dependency on testify Suite
2025-03-04 18:04:25 +00:00
resp, err := http.Post(serverURL+"/api/latest/fleet/login", "application/json", requestBody)
require.NoError(t, err)
Refactor integration tests (#1821) * Refactor integration tests * Remove nopCloser and use io.NopCloser * Address review comments
2021-09-15 19:27:53 +00:00
defer resp.Body.Close()
Scaffold for new integration tests. (#26747) For #26219 Created a scaffold for server/service integration tests going forward. - separate package - no dependency on testify Suite
2025-03-04 18:04:25 +00:00
assert.Equal(t, http.StatusOK, resp.StatusCode)
Refactor integration tests (#1821) * Refactor integration tests * Remove nopCloser and use io.NopCloser * Address review comments
2021-09-15 19:27:53 +00:00
Fix race condition in tests when using global var loginRateLimit (#5197)
2022-04-19 13:35:53 +00:00
jsn := struct {
Refactor integration tests (#1821) * Refactor integration tests * Remove nopCloser and use io.NopCloser * Address review comments
2021-09-15 19:27:53 +00:00
User *fleet.User `json:"user"`
Token string `json:"token"`
Err []map[string]string `json:"errors,omitempty"`
}{}
err = json.NewDecoder(resp.Body).Decode(&jsn)
Scaffold for new integration tests. (#26747) For #26219 Created a scaffold for server/service integration tests going forward. - separate package - no dependency on testify Suite
2025-03-04 18:04:25 +00:00
require.NoError(t, err)
require.Len(t, jsn.Err, 0)
Refactor integration tests (#1821) * Refactor integration tests * Remove nopCloser and use io.NopCloser * Address review comments
2021-09-15 19:27:53 +00:00
return jsn.Token
}
func (ts *withServer) applyConfig(spec []byte) {
var appConfigSpec interface{}
err := yaml.Unmarshal(spec, &appConfigSpec)
require.NoError(ts.s.T(), err)
Introduce API version 2022-04, deprecate use of `/global` in paths (#4731)
2022-04-05 15:35:53 +00:00
ts.Do("PATCH", "/api/latest/fleet/config", appConfigSpec, http.StatusOK)
Refactor integration tests (#1821) * Refactor integration tests * Remove nopCloser and use io.NopCloser * Address review comments
2021-09-15 19:27:53 +00:00
}
func (ts *withServer) getConfig() *appConfigResponse {
var responseBody *appConfigResponse
Introduce API version 2022-04, deprecate use of `/global` in paths (#4731)
2022-04-05 15:35:53 +00:00
ts.DoJSON("GET", "/api/latest/fleet/config", nil, http.StatusOK, &responseBody)
Refactor integration tests (#1821) * Refactor integration tests * Remove nopCloser and use io.NopCloser * Address review comments
2021-09-15 19:27:53 +00:00
return responseBody
}
add back-end implementation for SSO JIT provisioning (#7182) Related to #7053, this uses the SSO config added in #7140 to enable JIT provisioning for premium instances.
2022-08-15 17:42:33 +00:00
prevent live queries to stall if a detail query override was set for a team (#14296) alternative approach for #14286
2023-10-04 20:02:55 +00:00
func (ts *withServer) applyTeamSpec(yamlSpec []byte) {
var teamSpec any
err := yaml.Unmarshal(yamlSpec, &teamSpec)
require.NoError(ts.s.T(), err)
specsReq := map[string]any{
"specs": []any{teamSpec},
}
ts.Do("POST", "/api/latest/fleet/spec/teams", specsReq, http.StatusOK)
}
Replace home-made SAML implementation with https://github.com/crewjam/saml (#28486) For https://github.com/fleetdm/confidential/issues/9931. [Here](https://github.com/fleetdm/fleet/blob/ec3e8edbdc3f1b4220ada22c8290dbf0237ce1ba/docs/Contributing/Testing-and-local-development.md?plain=1#L339)'s how to test SAML locally with SimpleSAML. - [X] Changes file added for user-visible changes in `changes/`, `orbit/changes/` or `ee/fleetd-chrome/changes`. See [Changes files](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/Committing-Changes.md#changes-files) for more information. - [x] Added/updated automated tests - [x] A detailed QA plan exists on the associated ticket (if it isn't there, work with the product group's QA engineer to add it) - [x] Manual QA for all new/changed functionality <!-- This is an auto-generated comment: release notes by coderabbit.ai --> ## Summary by CodeRabbit * **New Features** * Improved SSO and SAML integration with enhanced session management using secure cookies. * Added support for IdP-initiated login flows. * Introduced new tests covering SSO login flows, metadata handling, and error scenarios. * **Bug Fixes** * Enhanced validation and error handling for invalid or tampered SAML responses. * Fixed session cookie handling during SSO and Apple MDM SSO flows. * **Refactor** * Replaced custom SAML implementation with the crewjam/saml library for improved reliability. * Simplified SAML metadata parsing and session store management. * Streamlined SSO authorization request and response processing. * Removed deprecated fields and redundant code related to SSO. * **Documentation** * Updated testing and local development docs with clearer instructions for SSO and IdP-initiated login. * **Chores** * Upgraded dependencies including crewjam/saml and related packages. * Cleaned up tests and configuration by removing deprecated fields and unused imports. <!-- end of auto-generated comment: release notes by coderabbit.ai -->
2025-07-07 18:13:46 +00:00
func (ts *withServer) LoginSSOUser(username, password string) string {
add back-end implementation for SSO JIT provisioning (#7182) Related to #7053, this uses the SSO config added in #7140 to enable JIT provisioning for premium instances.
2022-08-15 17:42:33 +00:00
t := ts.s.T()
Replace home-made SAML implementation with https://github.com/crewjam/saml (#28486) For https://github.com/fleetdm/confidential/issues/9931. [Here](https://github.com/fleetdm/fleet/blob/ec3e8edbdc3f1b4220ada22c8290dbf0237ce1ba/docs/Contributing/Testing-and-local-development.md?plain=1#L339)'s how to test SAML locally with SimpleSAML. - [X] Changes file added for user-visible changes in `changes/`, `orbit/changes/` or `ee/fleetd-chrome/changes`. See [Changes files](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/Committing-Changes.md#changes-files) for more information. - [x] Added/updated automated tests - [x] A detailed QA plan exists on the associated ticket (if it isn't there, work with the product group's QA engineer to add it) - [x] Manual QA for all new/changed functionality <!-- This is an auto-generated comment: release notes by coderabbit.ai --> ## Summary by CodeRabbit * **New Features** * Improved SSO and SAML integration with enhanced session management using secure cookies. * Added support for IdP-initiated login flows. * Introduced new tests covering SSO login flows, metadata handling, and error scenarios. * **Bug Fixes** * Enhanced validation and error handling for invalid or tampered SAML responses. * Fixed session cookie handling during SSO and Apple MDM SSO flows. * **Refactor** * Replaced custom SAML implementation with the crewjam/saml library for improved reliability. * Simplified SAML metadata parsing and session store management. * Streamlined SSO authorization request and response processing. * Removed deprecated fields and redundant code related to SSO. * **Documentation** * Updated testing and local development docs with clearer instructions for SSO and IdP-initiated login. * **Chores** * Upgraded dependencies including crewjam/saml and related packages. * Cleaned up tests and configuration by removing deprecated fields and unused imports. <!-- end of auto-generated comment: release notes by coderabbit.ai -->
2025-07-07 18:13:46 +00:00
res := ts.loginSSOUser(username, password, "/api/v1/fleet/sso", http.StatusOK)
gate DEP enrollment behind SSO when configured (#11309) #10739 Co-authored-by: Gabriel Hernandez <ghernandez345@gmail.com> Co-authored-by: gillespi314 <73313222+gillespi314@users.noreply.github.com>
2023-04-27 12:43:20 +00:00
defer res.Body.Close()
body, err := io.ReadAll(res.Body)
require.NoError(t, err)
Replace home-made SAML implementation with https://github.com/crewjam/saml (#28486) For https://github.com/fleetdm/confidential/issues/9931. [Here](https://github.com/fleetdm/fleet/blob/ec3e8edbdc3f1b4220ada22c8290dbf0237ce1ba/docs/Contributing/Testing-and-local-development.md?plain=1#L339)'s how to test SAML locally with SimpleSAML. - [X] Changes file added for user-visible changes in `changes/`, `orbit/changes/` or `ee/fleetd-chrome/changes`. See [Changes files](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/Committing-Changes.md#changes-files) for more information. - [x] Added/updated automated tests - [x] A detailed QA plan exists on the associated ticket (if it isn't there, work with the product group's QA engineer to add it) - [x] Manual QA for all new/changed functionality <!-- This is an auto-generated comment: release notes by coderabbit.ai --> ## Summary by CodeRabbit * **New Features** * Improved SSO and SAML integration with enhanced session management using secure cookies. * Added support for IdP-initiated login flows. * Introduced new tests covering SSO login flows, metadata handling, and error scenarios. * **Bug Fixes** * Enhanced validation and error handling for invalid or tampered SAML responses. * Fixed session cookie handling during SSO and Apple MDM SSO flows. * **Refactor** * Replaced custom SAML implementation with the crewjam/saml library for improved reliability. * Simplified SAML metadata parsing and session store management. * Streamlined SSO authorization request and response processing. * Removed deprecated fields and redundant code related to SSO. * **Documentation** * Updated testing and local development docs with clearer instructions for SSO and IdP-initiated login. * **Chores** * Upgraded dependencies including crewjam/saml and related packages. * Cleaned up tests and configuration by removing deprecated fields and unused imports. <!-- end of auto-generated comment: release notes by coderabbit.ai -->
2025-07-07 18:13:46 +00:00
return string(body)
gate DEP enrollment behind SSO when configured (#11309) #10739 Co-authored-by: Gabriel Hernandez <ghernandez345@gmail.com> Co-authored-by: gillespi314 <73313222+gillespi314@users.noreply.github.com>
2023-04-27 12:43:20 +00:00
}
func (ts *withServer) LoginMDMSSOUser(username, password string) *http.Response {
Replace home-made SAML implementation with https://github.com/crewjam/saml (#28486) For https://github.com/fleetdm/confidential/issues/9931. [Here](https://github.com/fleetdm/fleet/blob/ec3e8edbdc3f1b4220ada22c8290dbf0237ce1ba/docs/Contributing/Testing-and-local-development.md?plain=1#L339)'s how to test SAML locally with SimpleSAML. - [X] Changes file added for user-visible changes in `changes/`, `orbit/changes/` or `ee/fleetd-chrome/changes`. See [Changes files](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/Committing-Changes.md#changes-files) for more information. - [x] Added/updated automated tests - [x] A detailed QA plan exists on the associated ticket (if it isn't there, work with the product group's QA engineer to add it) - [x] Manual QA for all new/changed functionality <!-- This is an auto-generated comment: release notes by coderabbit.ai --> ## Summary by CodeRabbit * **New Features** * Improved SSO and SAML integration with enhanced session management using secure cookies. * Added support for IdP-initiated login flows. * Introduced new tests covering SSO login flows, metadata handling, and error scenarios. * **Bug Fixes** * Enhanced validation and error handling for invalid or tampered SAML responses. * Fixed session cookie handling during SSO and Apple MDM SSO flows. * **Refactor** * Replaced custom SAML implementation with the crewjam/saml library for improved reliability. * Simplified SAML metadata parsing and session store management. * Streamlined SSO authorization request and response processing. * Removed deprecated fields and redundant code related to SSO. * **Documentation** * Updated testing and local development docs with clearer instructions for SSO and IdP-initiated login. * **Chores** * Upgraded dependencies including crewjam/saml and related packages. * Cleaned up tests and configuration by removing deprecated fields and unused imports. <!-- end of auto-generated comment: release notes by coderabbit.ai -->
2025-07-07 18:13:46 +00:00
res := ts.loginSSOUser(username, password, "/api/v1/fleet/mdm/sso", http.StatusSeeOther)
gate DEP enrollment behind SSO when configured (#11309) #10739 Co-authored-by: Gabriel Hernandez <ghernandez345@gmail.com> Co-authored-by: gillespi314 <73313222+gillespi314@users.noreply.github.com>
2023-04-27 12:43:20 +00:00
return res
}
Managed Apple account user enrollment - integrate PoC changes (#30755) Fixes 30636 I am adding a handful of additional unit tests but this is ready for review now. Integrates changes from Victor's PoC for Account Driven User Enrollment including a nice end to end integration test including the SAML portion # Checklist for submitter If some of the following don't apply, delete the relevant line. <!-- Note that API documentation changes are now addressed by the product design team. --> - [x] Changes file added for user-visible changes in `changes/`, `orbit/changes/` or `ee/fleetd-chrome/changes`. See [Changes files](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/guides/committing-changes.md#changes-files) for more information. - [x] Input data is properly validated, `SELECT *` is avoided, SQL injection is prevented (using placeholders for values in statements) - [x] Added/updated automated tests - [x] Manual QA for all new/changed functionality
2025-07-15 19:02:11 +00:00
func (ts *withServer) LoginAccountDrivenEnrollUser(username, password string) *http.Response {
IdP Authentication before BYOD (#32017) fixes: #29222 This is a feature branch that was completed last week, but did not get merged in time. All pr's going in was approved, and reviewed. I will after this is merged, do a cherry pick onto the RC 4.73 branch, and initiate the FR merge process. --------- Co-authored-by: Martin Angers <martin.n.angers@gmail.com> Co-authored-by: Sarah Gillespie <73313222+gillespi314@users.noreply.github.com> Co-authored-by: Gabriel Hernandez <ghernandez345@gmail.com>
2025-08-18 16:31:53 +00:00
requestParams := initiateMDMSSORequest{
Managed Apple account user enrollment - integrate PoC changes (#30755) Fixes 30636 I am adding a handful of additional unit tests but this is ready for review now. Integrates changes from Victor's PoC for Account Driven User Enrollment including a nice end to end integration test including the SAML portion # Checklist for submitter If some of the following don't apply, delete the relevant line. <!-- Note that API documentation changes are now addressed by the product design team. --> - [x] Changes file added for user-visible changes in `changes/`, `orbit/changes/` or `ee/fleetd-chrome/changes`. See [Changes files](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/guides/committing-changes.md#changes-files) for more information. - [x] Input data is properly validated, `SELECT *` is avoided, SQL injection is prevented (using placeholders for values in statements) - [x] Added/updated automated tests - [x] Manual QA for all new/changed functionality
2025-07-15 19:02:11 +00:00
Initiator: "account_driven_enroll",
UserIdentifier: username + "@example.com",
}
body, err := json.Marshal(requestParams)
require.NoError(ts.s.T(), err)
res := ts.loginSSOUserWithBody(username, password, "/api/v1/fleet/mdm/sso", http.StatusSeeOther, body)
return res
}
Replace home-made SAML implementation with https://github.com/crewjam/saml (#28486) For https://github.com/fleetdm/confidential/issues/9931. [Here](https://github.com/fleetdm/fleet/blob/ec3e8edbdc3f1b4220ada22c8290dbf0237ce1ba/docs/Contributing/Testing-and-local-development.md?plain=1#L339)'s how to test SAML locally with SimpleSAML. - [X] Changes file added for user-visible changes in `changes/`, `orbit/changes/` or `ee/fleetd-chrome/changes`. See [Changes files](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/Committing-Changes.md#changes-files) for more information. - [x] Added/updated automated tests - [x] A detailed QA plan exists on the associated ticket (if it isn't there, work with the product group's QA engineer to add it) - [x] Manual QA for all new/changed functionality <!-- This is an auto-generated comment: release notes by coderabbit.ai --> ## Summary by CodeRabbit * **New Features** * Improved SSO and SAML integration with enhanced session management using secure cookies. * Added support for IdP-initiated login flows. * Introduced new tests covering SSO login flows, metadata handling, and error scenarios. * **Bug Fixes** * Enhanced validation and error handling for invalid or tampered SAML responses. * Fixed session cookie handling during SSO and Apple MDM SSO flows. * **Refactor** * Replaced custom SAML implementation with the crewjam/saml library for improved reliability. * Simplified SAML metadata parsing and session store management. * Streamlined SSO authorization request and response processing. * Removed deprecated fields and redundant code related to SSO. * **Documentation** * Updated testing and local development docs with clearer instructions for SSO and IdP-initiated login. * **Chores** * Upgraded dependencies including crewjam/saml and related packages. * Cleaned up tests and configuration by removing deprecated fields and unused imports. <!-- end of auto-generated comment: release notes by coderabbit.ai -->
2025-07-07 18:13:46 +00:00
func (ts *withServer) LoginSSOUserIDPInitiated(username, password, entityID string) string {
t := ts.s.T()
res := ts.loginSSOUserIDPInitiated(
username, password,
"/api/v1/fleet/sso",
fmt.Sprintf("http://127.0.0.1:9080/simplesaml/saml2/idp/SSOService.php?spentityid=%s", entityID),
http.StatusOK,
)
defer res.Body.Close()
body, err := io.ReadAll(res.Body)
require.NoError(t, err)
return string(body)
}
func (ts *withServer) doWithClient(
client *http.Client,
verb string, path string, rawBytes []byte,
expectedStatusCode int, headers map[string]string,
queryParams ...string,
) *http.Response {
return fleet_httptest.DoHTTPReq(
ts.s.T(),
client,
decodeJSON,
verb,
rawBytes,
ts.server.URL+path,
headers,
expectedStatusCode,
queryParams...,
)
}
func (ts *withServer) loginSSOUser(username, password string, basePath string, callbackStatus int) *http.Response {
Managed Apple account user enrollment - integrate PoC changes (#30755) Fixes 30636 I am adding a handful of additional unit tests but this is ready for review now. Integrates changes from Victor's PoC for Account Driven User Enrollment including a nice end to end integration test including the SAML portion # Checklist for submitter If some of the following don't apply, delete the relevant line. <!-- Note that API documentation changes are now addressed by the product design team. --> - [x] Changes file added for user-visible changes in `changes/`, `orbit/changes/` or `ee/fleetd-chrome/changes`. See [Changes files](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/guides/committing-changes.md#changes-files) for more information. - [x] Input data is properly validated, `SELECT *` is avoided, SQL injection is prevented (using placeholders for values in statements) - [x] Added/updated automated tests - [x] Manual QA for all new/changed functionality
2025-07-15 19:02:11 +00:00
return ts.loginSSOUserWithBody(username, password, basePath, callbackStatus, []byte(`{}`))
}
func (ts *withServer) loginSSOUserWithBody(username, password string, basePath string, callbackStatus int, requestBody []byte) *http.Response {
gate DEP enrollment behind SSO when configured (#11309) #10739 Co-authored-by: Gabriel Hernandez <ghernandez345@gmail.com> Co-authored-by: gillespi314 <73313222+gillespi314@users.noreply.github.com>
2023-04-27 12:43:20 +00:00
t := ts.s.T()
add back-end implementation for SSO JIT provisioning (#7182) Related to #7053, this uses the SSO config added in #7140 to enable JIT provisioning for premium instances.
2022-08-15 17:42:33 +00:00
if _, ok := os.LookupEnv("SAML_IDP_TEST"); !ok {
t.Skip("SSO tests are disabled")
}
Replace home-made SAML implementation with https://github.com/crewjam/saml (#28486) For https://github.com/fleetdm/confidential/issues/9931. [Here](https://github.com/fleetdm/fleet/blob/ec3e8edbdc3f1b4220ada22c8290dbf0237ce1ba/docs/Contributing/Testing-and-local-development.md?plain=1#L339)'s how to test SAML locally with SimpleSAML. - [X] Changes file added for user-visible changes in `changes/`, `orbit/changes/` or `ee/fleetd-chrome/changes`. See [Changes files](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/Committing-Changes.md#changes-files) for more information. - [x] Added/updated automated tests - [x] A detailed QA plan exists on the associated ticket (if it isn't there, work with the product group's QA engineer to add it) - [x] Manual QA for all new/changed functionality <!-- This is an auto-generated comment: release notes by coderabbit.ai --> ## Summary by CodeRabbit * **New Features** * Improved SSO and SAML integration with enhanced session management using secure cookies. * Added support for IdP-initiated login flows. * Introduced new tests covering SSO login flows, metadata handling, and error scenarios. * **Bug Fixes** * Enhanced validation and error handling for invalid or tampered SAML responses. * Fixed session cookie handling during SSO and Apple MDM SSO flows. * **Refactor** * Replaced custom SAML implementation with the crewjam/saml library for improved reliability. * Simplified SAML metadata parsing and session store management. * Streamlined SSO authorization request and response processing. * Removed deprecated fields and redundant code related to SSO. * **Documentation** * Updated testing and local development docs with clearer instructions for SSO and IdP-initiated login. * **Chores** * Upgraded dependencies including crewjam/saml and related packages. * Cleaned up tests and configuration by removing deprecated fields and unused imports. <!-- end of auto-generated comment: release notes by coderabbit.ai -->
2025-07-07 18:13:46 +00:00
cookieSecure = false
jar, err := cookiejar.New(nil)
require.NoError(t, err)
client := fleethttp.NewClient(
fleethttp.WithFollowRedir(false),
fleethttp.WithCookieJar(jar),
)
add back-end implementation for SSO JIT provisioning (#7182) Related to #7053, this uses the SSO config added in #7140 to enable JIT provisioning for premium instances.
2022-08-15 17:42:33 +00:00
var resIni initiateSSOResponse
Managed Apple account user enrollment - integrate PoC changes (#30755) Fixes 30636 I am adding a handful of additional unit tests but this is ready for review now. Integrates changes from Victor's PoC for Account Driven User Enrollment including a nice end to end integration test including the SAML portion # Checklist for submitter If some of the following don't apply, delete the relevant line. <!-- Note that API documentation changes are now addressed by the product design team. --> - [x] Changes file added for user-visible changes in `changes/`, `orbit/changes/` or `ee/fleetd-chrome/changes`. See [Changes files](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/guides/committing-changes.md#changes-files) for more information. - [x] Input data is properly validated, `SELECT *` is avoided, SQL injection is prevented (using placeholders for values in statements) - [x] Added/updated automated tests - [x] Manual QA for all new/changed functionality
2025-07-15 19:02:11 +00:00
httpResponse := ts.doWithClient(client, "POST", basePath, requestBody, http.StatusOK, nil)
Replace home-made SAML implementation with https://github.com/crewjam/saml (#28486) For https://github.com/fleetdm/confidential/issues/9931. [Here](https://github.com/fleetdm/fleet/blob/ec3e8edbdc3f1b4220ada22c8290dbf0237ce1ba/docs/Contributing/Testing-and-local-development.md?plain=1#L339)'s how to test SAML locally with SimpleSAML. - [X] Changes file added for user-visible changes in `changes/`, `orbit/changes/` or `ee/fleetd-chrome/changes`. See [Changes files](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/Committing-Changes.md#changes-files) for more information. - [x] Added/updated automated tests - [x] A detailed QA plan exists on the associated ticket (if it isn't there, work with the product group's QA engineer to add it) - [x] Manual QA for all new/changed functionality <!-- This is an auto-generated comment: release notes by coderabbit.ai --> ## Summary by CodeRabbit * **New Features** * Improved SSO and SAML integration with enhanced session management using secure cookies. * Added support for IdP-initiated login flows. * Introduced new tests covering SSO login flows, metadata handling, and error scenarios. * **Bug Fixes** * Enhanced validation and error handling for invalid or tampered SAML responses. * Fixed session cookie handling during SSO and Apple MDM SSO flows. * **Refactor** * Replaced custom SAML implementation with the crewjam/saml library for improved reliability. * Simplified SAML metadata parsing and session store management. * Streamlined SSO authorization request and response processing. * Removed deprecated fields and redundant code related to SSO. * **Documentation** * Updated testing and local development docs with clearer instructions for SSO and IdP-initiated login. * **Chores** * Upgraded dependencies including crewjam/saml and related packages. * Cleaned up tests and configuration by removing deprecated fields and unused imports. <!-- end of auto-generated comment: release notes by coderabbit.ai -->
2025-07-07 18:13:46 +00:00
err = json.NewDecoder(httpResponse.Body).Decode(&resIni)
require.NoError(ts.s.T(), err)
require.NoError(ts.s.T(), resIni.Error())
resp, err := client.Get(resIni.URL)
require.NoError(t, err)
// From the redirect Location header we can get the AuthState and the URL to
// which we submit the credentials
parsed, err := url.Parse(resp.Header.Get("Location"))
require.NoError(t, err)
data := url.Values{
"username": {username},
"password": {password},
"AuthState": {parsed.Query().Get("AuthState")},
}
resp, err = client.PostForm(parsed.Scheme+"://"+parsed.Host+parsed.Path, data)
require.NoError(t, err)
// The response is an HTML form, we can extract the base64-encoded response
// to submit to the Fleet server from here
defer resp.Body.Close()
body, err := io.ReadAll(resp.Body)
require.NoError(t, err)
re := regexp.MustCompile(`name="SAMLResponse" value="([^\s]*)" />`)
matches := re.FindSubmatch(body)
require.NotEmptyf(t, matches, "callback HTML doesn't contain a SAMLResponse value, got body: %s", body)
samlResponse := string(matches[1])
Managed Apple account user enrollment - integrate PoC changes (#30755) Fixes 30636 I am adding a handful of additional unit tests but this is ready for review now. Integrates changes from Victor's PoC for Account Driven User Enrollment including a nice end to end integration test including the SAML portion # Checklist for submitter If some of the following don't apply, delete the relevant line. <!-- Note that API documentation changes are now addressed by the product design team. --> - [x] Changes file added for user-visible changes in `changes/`, `orbit/changes/` or `ee/fleetd-chrome/changes`. See [Changes files](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/guides/committing-changes.md#changes-files) for more information. - [x] Input data is properly validated, `SELECT *` is avoided, SQL injection is prevented (using placeholders for values in statements) - [x] Added/updated automated tests - [x] Manual QA for all new/changed functionality
2025-07-15 19:02:11 +00:00
callbackUrl := basePath + "/callback"
res := ts.doWithClient(client, "POST", callbackUrl, nil, callbackStatus, nil, "SAMLResponse", samlResponse)
Replace home-made SAML implementation with https://github.com/crewjam/saml (#28486) For https://github.com/fleetdm/confidential/issues/9931. [Here](https://github.com/fleetdm/fleet/blob/ec3e8edbdc3f1b4220ada22c8290dbf0237ce1ba/docs/Contributing/Testing-and-local-development.md?plain=1#L339)'s how to test SAML locally with SimpleSAML. - [X] Changes file added for user-visible changes in `changes/`, `orbit/changes/` or `ee/fleetd-chrome/changes`. See [Changes files](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/Committing-Changes.md#changes-files) for more information. - [x] Added/updated automated tests - [x] A detailed QA plan exists on the associated ticket (if it isn't there, work with the product group's QA engineer to add it) - [x] Manual QA for all new/changed functionality <!-- This is an auto-generated comment: release notes by coderabbit.ai --> ## Summary by CodeRabbit * **New Features** * Improved SSO and SAML integration with enhanced session management using secure cookies. * Added support for IdP-initiated login flows. * Introduced new tests covering SSO login flows, metadata handling, and error scenarios. * **Bug Fixes** * Enhanced validation and error handling for invalid or tampered SAML responses. * Fixed session cookie handling during SSO and Apple MDM SSO flows. * **Refactor** * Replaced custom SAML implementation with the crewjam/saml library for improved reliability. * Simplified SAML metadata parsing and session store management. * Streamlined SSO authorization request and response processing. * Removed deprecated fields and redundant code related to SSO. * **Documentation** * Updated testing and local development docs with clearer instructions for SSO and IdP-initiated login. * **Chores** * Upgraded dependencies including crewjam/saml and related packages. * Cleaned up tests and configuration by removing deprecated fields and unused imports. <!-- end of auto-generated comment: release notes by coderabbit.ai -->
2025-07-07 18:13:46 +00:00
return res
}
func (ts *withServer) loginSSOUserIDPInitiated(
username, password string,
callbackBasePath string,
idpURL string,
callbackStatus int,
) *http.Response {
t := ts.s.T()
if _, ok := os.LookupEnv("SAML_IDP_TEST"); !ok {
t.Skip("SSO tests are disabled")
}
add back-end implementation for SSO JIT provisioning (#7182) Related to #7053, this uses the SSO config added in #7140 to enable JIT provisioning for premium instances.
2022-08-15 17:42:33 +00:00
jar, err := cookiejar.New(nil)
require.NoError(t, err)
client := fleethttp.NewClient(
fleethttp.WithFollowRedir(false),
fleethttp.WithCookieJar(jar),
)
Replace home-made SAML implementation with https://github.com/crewjam/saml (#28486) For https://github.com/fleetdm/confidential/issues/9931. [Here](https://github.com/fleetdm/fleet/blob/ec3e8edbdc3f1b4220ada22c8290dbf0237ce1ba/docs/Contributing/Testing-and-local-development.md?plain=1#L339)'s how to test SAML locally with SimpleSAML. - [X] Changes file added for user-visible changes in `changes/`, `orbit/changes/` or `ee/fleetd-chrome/changes`. See [Changes files](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/Committing-Changes.md#changes-files) for more information. - [x] Added/updated automated tests - [x] A detailed QA plan exists on the associated ticket (if it isn't there, work with the product group's QA engineer to add it) - [x] Manual QA for all new/changed functionality <!-- This is an auto-generated comment: release notes by coderabbit.ai --> ## Summary by CodeRabbit * **New Features** * Improved SSO and SAML integration with enhanced session management using secure cookies. * Added support for IdP-initiated login flows. * Introduced new tests covering SSO login flows, metadata handling, and error scenarios. * **Bug Fixes** * Enhanced validation and error handling for invalid or tampered SAML responses. * Fixed session cookie handling during SSO and Apple MDM SSO flows. * **Refactor** * Replaced custom SAML implementation with the crewjam/saml library for improved reliability. * Simplified SAML metadata parsing and session store management. * Streamlined SSO authorization request and response processing. * Removed deprecated fields and redundant code related to SSO. * **Documentation** * Updated testing and local development docs with clearer instructions for SSO and IdP-initiated login. * **Chores** * Upgraded dependencies including crewjam/saml and related packages. * Cleaned up tests and configuration by removing deprecated fields and unused imports. <!-- end of auto-generated comment: release notes by coderabbit.ai -->
2025-07-07 18:13:46 +00:00
resp, err := client.Get(idpURL)
add back-end implementation for SSO JIT provisioning (#7182) Related to #7053, this uses the SSO config added in #7140 to enable JIT provisioning for premium instances.
2022-08-15 17:42:33 +00:00
require.NoError(t, err)
// From the redirect Location header we can get the AuthState and the URL to
// which we submit the credentials
parsed, err := url.Parse(resp.Header.Get("Location"))
require.NoError(t, err)
data := url.Values{
"username": {username},
"password": {password},
"AuthState": {parsed.Query().Get("AuthState")},
}
resp, err = client.PostForm(parsed.Scheme+"://"+parsed.Host+parsed.Path, data)
require.NoError(t, err)
// The response is an HTML form, we can extract the base64-encoded response
// to submit to the Fleet server from here
defer resp.Body.Close()
body, err := io.ReadAll(resp.Body)
require.NoError(t, err)
Replace home-made SAML implementation with https://github.com/crewjam/saml (#28486) For https://github.com/fleetdm/confidential/issues/9931. [Here](https://github.com/fleetdm/fleet/blob/ec3e8edbdc3f1b4220ada22c8290dbf0237ce1ba/docs/Contributing/Testing-and-local-development.md?plain=1#L339)'s how to test SAML locally with SimpleSAML. - [X] Changes file added for user-visible changes in `changes/`, `orbit/changes/` or `ee/fleetd-chrome/changes`. See [Changes files](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/Committing-Changes.md#changes-files) for more information. - [x] Added/updated automated tests - [x] A detailed QA plan exists on the associated ticket (if it isn't there, work with the product group's QA engineer to add it) - [x] Manual QA for all new/changed functionality <!-- This is an auto-generated comment: release notes by coderabbit.ai --> ## Summary by CodeRabbit * **New Features** * Improved SSO and SAML integration with enhanced session management using secure cookies. * Added support for IdP-initiated login flows. * Introduced new tests covering SSO login flows, metadata handling, and error scenarios. * **Bug Fixes** * Enhanced validation and error handling for invalid or tampered SAML responses. * Fixed session cookie handling during SSO and Apple MDM SSO flows. * **Refactor** * Replaced custom SAML implementation with the crewjam/saml library for improved reliability. * Simplified SAML metadata parsing and session store management. * Streamlined SSO authorization request and response processing. * Removed deprecated fields and redundant code related to SSO. * **Documentation** * Updated testing and local development docs with clearer instructions for SSO and IdP-initiated login. * **Chores** * Upgraded dependencies including crewjam/saml and related packages. * Cleaned up tests and configuration by removing deprecated fields and unused imports. <!-- end of auto-generated comment: release notes by coderabbit.ai -->
2025-07-07 18:13:46 +00:00
re := regexp.MustCompile(`name="SAMLResponse" value="([^\s]*)" />`)
add back-end implementation for SSO JIT provisioning (#7182) Related to #7053, this uses the SSO config added in #7140 to enable JIT provisioning for premium instances.
2022-08-15 17:42:33 +00:00
matches := re.FindSubmatch(body)
require.NotEmptyf(t, matches, "callback HTML doesn't contain a SAMLResponse value, got body: %s", body)
rawSSOResp := string(matches[1])
q := url.QueryEscape(rawSSOResp)
Replace home-made SAML implementation with https://github.com/crewjam/saml (#28486) For https://github.com/fleetdm/confidential/issues/9931. [Here](https://github.com/fleetdm/fleet/blob/ec3e8edbdc3f1b4220ada22c8290dbf0237ce1ba/docs/Contributing/Testing-and-local-development.md?plain=1#L339)'s how to test SAML locally with SimpleSAML. - [X] Changes file added for user-visible changes in `changes/`, `orbit/changes/` or `ee/fleetd-chrome/changes`. See [Changes files](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/Committing-Changes.md#changes-files) for more information. - [x] Added/updated automated tests - [x] A detailed QA plan exists on the associated ticket (if it isn't there, work with the product group's QA engineer to add it) - [x] Manual QA for all new/changed functionality <!-- This is an auto-generated comment: release notes by coderabbit.ai --> ## Summary by CodeRabbit * **New Features** * Improved SSO and SAML integration with enhanced session management using secure cookies. * Added support for IdP-initiated login flows. * Introduced new tests covering SSO login flows, metadata handling, and error scenarios. * **Bug Fixes** * Enhanced validation and error handling for invalid or tampered SAML responses. * Fixed session cookie handling during SSO and Apple MDM SSO flows. * **Refactor** * Replaced custom SAML implementation with the crewjam/saml library for improved reliability. * Simplified SAML metadata parsing and session store management. * Streamlined SSO authorization request and response processing. * Removed deprecated fields and redundant code related to SSO. * **Documentation** * Updated testing and local development docs with clearer instructions for SSO and IdP-initiated login. * **Chores** * Upgraded dependencies including crewjam/saml and related packages. * Cleaned up tests and configuration by removing deprecated fields and unused imports. <!-- end of auto-generated comment: release notes by coderabbit.ai -->
2025-07-07 18:13:46 +00:00
res := ts.DoRawNoAuth("POST", callbackBasePath+"/callback?SAMLResponse="+q, nil, callbackStatus)
add back-end implementation for SSO JIT provisioning (#7182) Related to #7053, this uses the SSO config added in #7140 to enable JIT provisioning for premium instances.
2022-08-15 17:42:33 +00:00
Replace home-made SAML implementation with https://github.com/crewjam/saml (#28486) For https://github.com/fleetdm/confidential/issues/9931. [Here](https://github.com/fleetdm/fleet/blob/ec3e8edbdc3f1b4220ada22c8290dbf0237ce1ba/docs/Contributing/Testing-and-local-development.md?plain=1#L339)'s how to test SAML locally with SimpleSAML. - [X] Changes file added for user-visible changes in `changes/`, `orbit/changes/` or `ee/fleetd-chrome/changes`. See [Changes files](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/Committing-Changes.md#changes-files) for more information. - [x] Added/updated automated tests - [x] A detailed QA plan exists on the associated ticket (if it isn't there, work with the product group's QA engineer to add it) - [x] Manual QA for all new/changed functionality <!-- This is an auto-generated comment: release notes by coderabbit.ai --> ## Summary by CodeRabbit * **New Features** * Improved SSO and SAML integration with enhanced session management using secure cookies. * Added support for IdP-initiated login flows. * Introduced new tests covering SSO login flows, metadata handling, and error scenarios. * **Bug Fixes** * Enhanced validation and error handling for invalid or tampered SAML responses. * Fixed session cookie handling during SSO and Apple MDM SSO flows. * **Refactor** * Replaced custom SAML implementation with the crewjam/saml library for improved reliability. * Simplified SAML metadata parsing and session store management. * Streamlined SSO authorization request and response processing. * Removed deprecated fields and redundant code related to SSO. * **Documentation** * Updated testing and local development docs with clearer instructions for SSO and IdP-initiated login. * **Chores** * Upgraded dependencies including crewjam/saml and related packages. * Cleaned up tests and configuration by removing deprecated fields and unused imports. <!-- end of auto-generated comment: release notes by coderabbit.ai -->
2025-07-07 18:13:46 +00:00
return res
add back-end implementation for SSO JIT provisioning (#7182) Related to #7053, this uses the SSO config added in #7140 to enable JIT provisioning for premium instances.
2022-08-15 17:42:33 +00:00
}
add API endpoint to see disk encryption key (#9713) https://github.com/fleetdm/fleet/issues/8708
2023-02-08 23:20:23 +00:00
Unified Queue: add fleet initiated flag to past activities (#26451)
2025-02-19 19:55:20 +00:00
func (ts *withServer) lastActivityMatches(name, details string, id uint) uint {
return ts.lastActivityMatchesExtended(name, details, id, nil)
}
add API endpoint to see disk encryption key (#9713) https://github.com/fleetdm/fleet/issues/8708
2023-02-08 23:20:23 +00:00
// gets the latest activity and checks that it matches any provided properties.
// empty string or 0 id means do not check that property. It returns the ID of that
// latest activity.
Unified Queue: add fleet initiated flag to past activities (#26451)
2025-02-19 19:55:20 +00:00
func (ts *withServer) lastActivityMatchesExtended(name, details string, id uint, fleetInitiated *bool) uint {
add API endpoint to see disk encryption key (#9713) https://github.com/fleetdm/fleet/issues/8708
2023-02-08 23:20:23 +00:00
t := ts.s.T()
var listActivities listActivitiesResponse
ts.DoJSON("GET", "/api/latest/fleet/activities", nil, http.StatusOK, &listActivities, "order_key", "a.id", "order_direction", "desc", "per_page", "1")
require.True(t, len(listActivities.Activities) > 0)
act := listActivities.Activities[0]
if name != "" {
assert.Equal(t, name, act.Type)
}
if details != "" {
require.NotNil(t, act.Details)
assert.JSONEq(t, details, string(*act.Details))
}
if id > 0 {
assert.Equal(t, id, act.ID)
}
Unified Queue: add fleet initiated flag to past activities (#26451)
2025-02-19 19:55:20 +00:00
if fleetInitiated != nil {
assert.Equal(t, *fleetInitiated, act.FleetInitiated)
}
add API endpoint to see disk encryption key (#9713) https://github.com/fleetdm/fleet/issues/8708
2023-02-08 23:20:23 +00:00
return act.ID
}
Add enabled/disabled disk encryption activities and trigger profiles generation (#10319)
2023-03-08 13:31:53 +00:00
// gets the latest activity with the specified type name and checks that it
// matches any provided properties. empty string or 0 id means do not check
// that property. It returns the ID of that latest activity.
//
// The difference with lastActivityMatches is that the asserted activity does
// not need to be the very last one, it will look for the last one of this
// specified type, which must be in one of the last 10 activities otherwise the
// test is failed.
func (ts *withServer) lastActivityOfTypeMatches(name, details string, id uint) uint {
t := ts.s.T()
var listActivities listActivitiesResponse
ts.DoJSON("GET", "/api/latest/fleet/activities", nil, http.StatusOK,
&listActivities, "order_key", "a.id", "order_direction", "desc", "per_page", "10")
require.True(t, len(listActivities.Activities) > 0)
for _, act := range listActivities.Activities {
if act.Type == name {
if details != "" {
require.NotNil(t, act.Details)
assert.JSONEq(t, details, string(*act.Details))
}
if id > 0 {
assert.Equal(t, id, act.ID)
}
return act.ID
}
}
t.Fatalf("no activity of type %s found in the last %d activities", name, len(listActivities.Activities))
return 0
}
Profiles batch activity (#21604) #20757 API endpoint `/api/v1/fleet/mdm/profiles/batch` will now not log an activity for profile types that did not change in the database (Apple configuration profiles, Windows configuration profiles, or Apple declarations). Demo video: https://www.loom.com/share/8b75cbd8e7394c12ac6b56746b72c244 # Checklist for submitter - [x] Changes file added for user-visible changes in `changes/`, `orbit/changes/` or `ee/fleetd-chrome/changes`. See [Changes files](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/Committing-Changes.md#changes-files) for more information. - [x] Added/updated tests - [x] If database migrations are included, checked table schema to confirm autoupdate - [x] Manual QA for all new/changed functionality
2024-08-30 21:00:35 +00:00
func (ts *withServer) lastActivityOfTypeDoesNotMatch(name, details string, id uint) {
t := ts.s.T()
var listActivities listActivitiesResponse
ts.DoJSON("GET", "/api/latest/fleet/activities", nil, http.StatusOK,
&listActivities, "order_key", "a.id", "order_direction", "desc", "per_page", "10")
require.True(t, len(listActivities.Activities) > 0)
for _, act := range listActivities.Activities {
if act.Type == name {
if details != "" {
require.NotNil(t, act.Details)
assert.NotEqual(t, details, string(*act.Details))
}
if id > 0 {
assert.NotEqual(t, id, act.ID)
}
}
}
}
Add integration tests for the setup experience flow with automatic and forced release (#22909)
2024-10-14 20:41:06 +00:00
func (ts *withServer) uploadSoftwareInstaller(
t *testing.T,
payload *fleet.UploadSoftwareInstallerPayload,
expectedStatus int,
expectedError string,
Improve secret variables error on software upload. (#25052)
2024-12-31 00:46:42 +00:00
) {
ts.uploadSoftwareInstallerWithErrorNameReason(t, payload, expectedStatus, expectedError, "")
}
func (ts *withServer) uploadSoftwareInstallerWithErrorNameReason(
t *testing.T,
payload *fleet.UploadSoftwareInstallerPayload,
expectedStatus int,
expectedErrorReason string,
expectedErrorName string,
Add integration tests for the setup experience flow with automatic and forced release (#22909)
2024-10-14 20:41:06 +00:00
) {
t.Helper()
Clear unsupported params for script packages (#34297) Implements #33752. Clears unsupported parameters for `.sh` and `.ps1` installers, plus tests.
2025-10-16 00:43:58 +00:00
// Determine which file to use: either provided by test or opened from testdata
var installerFile io.Reader
if payload.InstallerFile == nil {
// Open file from testdata and close it when done
tfr, err := fleet.NewKeepFileReader(filepath.Join("testdata", "software-installers", payload.Filename))
// Try the test installers in the pkg/file testdata (to reduce clutter/copies).
if errors.Is(err, os.ErrNotExist) {
var err2 error
tfr, err2 = fleet.NewKeepFileReader(filepath.Join("..", "..", "pkg", "file", "testdata", "software-installers", payload.Filename))
if err2 == nil {
err = nil
}
Automatic install custom packages (#25021) #24385 Some docs change here: https://github.com/fleetdm/fleet/pull/25026. - [X] Changes file added for user-visible changes in `changes/`, `orbit/changes/` or `ee/fleetd-chrome/changes`. See [Changes files](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/Committing-Changes.md#changes-files) for more information. - [X] Added/updated tests - [X] Manual QA for all new/changed functionality
2024-12-27 18:10:28 +00:00
}
Clear unsupported params for script packages (#34297) Implements #33752. Clears unsupported parameters for `.sh` and `.ps1` installers, plus tests.
2025-10-16 00:43:58 +00:00
require.NoError(t, err)
defer tfr.Close()
installerFile = tfr
} else {
// Use the file provided by the test
installerFile = payload.InstallerFile
Automatic install custom packages (#25021) #24385 Some docs change here: https://github.com/fleetdm/fleet/pull/25026. - [X] Changes file added for user-visible changes in `changes/`, `orbit/changes/` or `ee/fleetd-chrome/changes`. See [Changes files](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/Committing-Changes.md#changes-files) for more information. - [X] Added/updated tests - [X] Manual QA for all new/changed functionality
2024-12-27 18:10:28 +00:00
}
Add integration tests for the setup experience flow with automatic and forced release (#22909)
2024-10-14 20:41:06 +00:00
var b bytes.Buffer
w := multipart.NewWriter(&b)
// add the software field
fw, err := w.CreateFormFile("software", payload.Filename)
require.NoError(t, err)
Clear unsupported params for script packages (#34297) Implements #33752. Clears unsupported parameters for `.sh` and `.ps1` installers, plus tests.
2025-10-16 00:43:58 +00:00
n, err := io.Copy(fw, installerFile)
Add integration tests for the setup experience flow with automatic and forced release (#22909)
2024-10-14 20:41:06 +00:00
require.NoError(t, err)
require.NotZero(t, n)
// add the team_id field
if payload.TeamID != nil {
require.NoError(t, w.WriteField("team_id", fmt.Sprintf("%d", *payload.TeamID)))
}
// add the remaining fields
require.NoError(t, w.WriteField("install_script", payload.InstallScript))
require.NoError(t, w.WriteField("pre_install_query", payload.PreInstallQuery))
require.NoError(t, w.WriteField("post_install_script", payload.PostInstallScript))
require.NoError(t, w.WriteField("uninstall_script", payload.UninstallScript))
if payload.SelfService {
require.NoError(t, w.WriteField("self_service", "true"))
}
SSVL: Add labels to upload endpoint; add validations and related datastore methods (#24733)
2024-12-17 00:17:13 +00:00
if payload.LabelsIncludeAny != nil {
Fix decoder for software installer label payloads; update tests (#24934) Co-authored-by: Jahziel Villasana-Espinoza <jahziel@fleetdm.com>
2024-12-20 16:49:28 +00:00
for _, l := range payload.LabelsIncludeAny {
require.NoError(t, w.WriteField("labels_include_any", l))
}
SSVL: Add labels to upload endpoint; add validations and related datastore methods (#24733)
2024-12-17 00:17:13 +00:00
}
if payload.LabelsExcludeAny != nil {
Fix decoder for software installer label payloads; update tests (#24934) Co-authored-by: Jahziel Villasana-Espinoza <jahziel@fleetdm.com>
2024-12-20 16:49:28 +00:00
for _, l := range payload.LabelsExcludeAny {
require.NoError(t, w.WriteField("labels_exclude_any", l))
}
SSVL: Add labels to upload endpoint; add validations and related datastore methods (#24733)
2024-12-17 00:17:13 +00:00
}
Automatic install custom packages (#25021) #24385 Some docs change here: https://github.com/fleetdm/fleet/pull/25026. - [X] Changes file added for user-visible changes in `changes/`, `orbit/changes/` or `ee/fleetd-chrome/changes`. See [Changes files](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/Committing-Changes.md#changes-files) for more information. - [X] Added/updated tests - [X] Manual QA for all new/changed functionality
2024-12-27 18:10:28 +00:00
if payload.AutomaticInstall {
require.NoError(t, w.WriteField("automatic_install", "true"))
}
Add integration tests for the setup experience flow with automatic and forced release (#22909)
2024-10-14 20:41:06 +00:00
w.Close()
headers := map[string]string{
"Content-Type": w.FormDataContentType(),
"Accept": "application/json",
"Authorization": fmt.Sprintf("Bearer %s", ts.token),
}
r := ts.DoRawWithHeaders("POST", "/api/latest/fleet/software/package", b.Bytes(), expectedStatus, headers)
defer r.Body.Close()
Improve secret variables error on software upload. (#25052)
2024-12-31 00:46:42 +00:00
if expectedErrorReason != "" || expectedErrorName != "" {
errName, errReason := extractServerErrorNameReason(r.Body)
if expectedErrorName != "" {
require.Equal(t, expectedErrorName, errName)
}
if expectedErrorReason != "" {
require.Contains(t, errReason, expectedErrorReason)
}
Add integration tests for the setup experience flow with automatic and forced release (#22909)
2024-10-14 20:41:06 +00:00
}
}
fix: add missing field (#24977) > Related issue: #24970 # Checklist for submitter If some of the following don't apply, delete the relevant line. <!-- Note that API documentation changes are now addressed by the product design team. --> - [x] Added/updated tests - [x] Manual QA for all new/changed functionality
2024-12-24 17:30:46 +00:00
func (ts *withServer) updateSoftwareInstaller(
t *testing.T,
payload *fleet.UpdateSoftwareInstallerPayload,
expectedStatus int,
expectedError string,
) {
t.Helper()
var b bytes.Buffer
w := multipart.NewWriter(&b)
// add the software field
software categories: backend (#28479) > For #28138 # Checklist for submitter If some of the following don't apply, delete the relevant line. <!-- Note that API documentation changes are now addressed by the product design team. --> - [x] Changes file added for user-visible changes in `changes/`, `orbit/changes/` or `ee/fleetd-chrome/changes`. See [Changes files](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/Committing-Changes.md#changes-files) for more information. - [x] Input data is properly validated, `SELECT *` is avoided, SQL injection is prevented (using placeholders for values in statements) - [x] If database migrations are included, checked table schema to confirm autoupdate - For database migrations: - [x] Ensured the correct collation is explicitly set for character columns (`COLLATE utf8mb4_unicode_ci`). - [x] Added/updated automated tests - [x] A detailed QA plan exists on the associated ticket (if it isn't there, work with the product group's QA engineer to add it) - [x] Manual QA for all new/changed functionality --------- Co-authored-by: Ian Littman <iansltx@gmail.com>
2025-05-02 15:41:26 +00:00
if payload.Filename != "" && payload.InstallerFile != nil {
Fix broken installer PATCH (always failing with "missing install script" error) on EXEs (#28670) For #28543 # Checklist for submitter If some of the following don't apply, delete the relevant line. <!-- Note that API documentation changes are now addressed by the product design team. --> - [x] Changes file added for user-visible changes in `changes/`, `orbit/changes/` or `ee/fleetd-chrome/changes`. See [Changes files](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/Committing-Changes.md#changes-files) for more information. - [x] Input data is properly validated, `SELECT *` is avoided, SQL injection is prevented (using placeholders for values in statements) - [x] Added/updated automated tests - [x] A detailed QA plan exists on the associated ticket (if it isn't there, work with the product group's QA engineer to add it) - [x] Manual QA for all new/changed functionality
2025-04-29 22:53:52 +00:00
fw, err := w.CreateFormFile("software", payload.Filename)
require.NoError(t, err)
n, err := io.Copy(fw, payload.InstallerFile)
require.NoError(t, err)
require.NotZero(t, n)
}
fix: add missing field (#24977) > Related issue: #24970 # Checklist for submitter If some of the following don't apply, delete the relevant line. <!-- Note that API documentation changes are now addressed by the product design team. --> - [x] Added/updated tests - [x] Manual QA for all new/changed functionality
2024-12-24 17:30:46 +00:00
// add the team_id field
var tmID uint
if payload.TeamID != nil {
tmID = *payload.TeamID
}
require.NoError(t, w.WriteField("team_id", fmt.Sprintf("%d", tmID)))
// add the remaining fields
if payload.InstallScript != nil {
require.NoError(t, w.WriteField("install_script", *payload.InstallScript))
}
if payload.PreInstallQuery != nil {
require.NoError(t, w.WriteField("pre_install_query", *payload.PreInstallQuery))
}
if payload.PostInstallScript != nil {
require.NoError(t, w.WriteField("post_install_script", *payload.PostInstallScript))
}
if payload.UninstallScript != nil {
require.NoError(t, w.WriteField("uninstall_script", *payload.UninstallScript))
}
if payload.SelfService != nil {
if *payload.SelfService {
require.NoError(t, w.WriteField("self_service", "true"))
} else {
require.NoError(t, w.WriteField("self_service", "false"))
}
}
fix: retrigger automatic installations after label scope changes (#25163) > Related issue: #25071 # Checklist for submitter If some of the following don't apply, delete the relevant line. <!-- Note that API documentation changes are now addressed by the product design team. --> - [x] Input data is properly validated, `SELECT *` is avoided, SQL injection is prevented (using placeholders for values in statements) - [x] Added/updated automated tests - [x] A detailed QA plan exists on the associated ticket (if it isn't there, work with the product group's QA engineer to add it) - [x] Manual QA for all new/changed functionality
2025-01-06 17:18:16 +00:00
if payload.LabelsIncludeAny != nil {
for _, l := range payload.LabelsIncludeAny {
require.NoError(t, w.WriteField("labels_include_any", l))
}
}
if payload.LabelsExcludeAny != nil {
for _, l := range payload.LabelsExcludeAny {
require.NoError(t, w.WriteField("labels_exclude_any", l))
}
}
software categories: backend (#28479) > For #28138 # Checklist for submitter If some of the following don't apply, delete the relevant line. <!-- Note that API documentation changes are now addressed by the product design team. --> - [x] Changes file added for user-visible changes in `changes/`, `orbit/changes/` or `ee/fleetd-chrome/changes`. See [Changes files](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/Committing-Changes.md#changes-files) for more information. - [x] Input data is properly validated, `SELECT *` is avoided, SQL injection is prevented (using placeholders for values in statements) - [x] If database migrations are included, checked table schema to confirm autoupdate - For database migrations: - [x] Ensured the correct collation is explicitly set for character columns (`COLLATE utf8mb4_unicode_ci`). - [x] Added/updated automated tests - [x] A detailed QA plan exists on the associated ticket (if it isn't there, work with the product group's QA engineer to add it) - [x] Manual QA for all new/changed functionality --------- Co-authored-by: Ian Littman <iansltx@gmail.com>
2025-05-02 15:41:26 +00:00
if payload.Categories != nil {
for _, c := range payload.Categories {
require.NoError(t, w.WriteField("categories", c))
}
}
fix: add missing field (#24977) > Related issue: #24970 # Checklist for submitter If some of the following don't apply, delete the relevant line. <!-- Note that API documentation changes are now addressed by the product design team. --> - [x] Added/updated tests - [x] Manual QA for all new/changed functionality
2024-12-24 17:30:46 +00:00
w.Close()
headers := map[string]string{
"Content-Type": w.FormDataContentType(),
"Accept": "application/json",
"Authorization": fmt.Sprintf("Bearer %s", ts.token),
}
r := ts.DoRawWithHeaders("PATCH", fmt.Sprintf("/api/latest/fleet/software/titles/%d/package", payload.TitleID), b.Bytes(), expectedStatus, headers)
defer r.Body.Close()
if expectedError != "" {
errMsg := extractServerErrorText(r.Body)
require.Contains(t, errMsg, expectedError)
}
}
Reference in a new issue Copy permalink