fleet/server/service/linux_mdm.go

package service

import (
	"context"

	"github.com/fleetdm/fleet/v4/server/contexts/ctxerr"
	"github.com/fleetdm/fleet/v4/server/fleet"
)

func (svc *Service) LinuxHostDiskEncryptionStatus(ctx context.Context, host fleet.Host) (fleet.HostMDMDiskEncryption, error) {
	if !host.IsLUKSSupported() {
		return fleet.HostMDMDiskEncryption{}, nil
	}

	actionRequired := fleet.DiskEncryptionActionRequired
	verified := fleet.DiskEncryptionVerified
	failed := fleet.DiskEncryptionFailed

	key, err := svc.ds.GetHostDiskEncryptionKey(ctx, host.ID)
	if err != nil {
		if fleet.IsNotFound(err) {
			return fleet.HostMDMDiskEncryption{
				Status: &actionRequired,
			}, nil
		}
		return fleet.HostMDMDiskEncryption{}, err
	}

	if key.ClientError != "" {
		return fleet.HostMDMDiskEncryption{
			Status: &failed,
			Detail: key.ClientError,
		}, nil
	}

	if key.Base64Encrypted == "" {
		return fleet.HostMDMDiskEncryption{
			Status: &actionRequired,
		}, nil
	}

	return fleet.HostMDMDiskEncryption{
		Status: &verified,
	}, nil
}

func (svc *Service) GetMDMLinuxProfilesSummary(ctx context.Context, teamId *uint) (summary fleet.MDMProfilesSummary, err error) {
	if err = svc.authz.Authorize(ctx, fleet.MDMConfigProfileAuthz{TeamID: teamId}, fleet.ActionRead); err != nil {
		return summary, ctxerr.Wrap(ctx, err)
	}

	// Linux doesn't have configuration profiles, so if we aren't enforcing disk encryption we have nothing to report
	includeDiskEncryptionStats, err := svc.ds.GetConfigEnableDiskEncryption(ctx, teamId)
	if err != nil {
		return summary, ctxerr.Wrap(ctx, err)
	} else if !includeDiskEncryptionStats {
		return summary, nil
	}

	counts, err := svc.ds.GetLinuxDiskEncryptionSummary(ctx, teamId)
	if err != nil {
		return summary, ctxerr.Wrap(ctx, err)
	}

	return fleet.MDMProfilesSummary{
		Verified: counts.Verified,
		Pending:  counts.ActionRequired,
		Failed:   counts.Failed,
	}, nil
}
Add Linux encryption states to APIs (#23806) 2024-11-19 20:11:59 +00:00			`package service`

			`import (`
			`"context"`

Include Linux disk encryption status in configuration profiles aggregate status response when applicable, fix disk encryption/MDM configuration order-of-operations issues, add integration tests for LUKS (#24114) ## Addresses #24112, #24116, #23587 For #24112, Counts included: <img width="1392" alt="Screenshot 2024-11-22 at 5 31 06 PM" src="https://github.com/user-attachments/assets/2bb306d7-1130-4106-aef8-475b8be1f6b2"> - [x] Include counts when disk encryption is enforced - [x] Exclude counts when disk encryption isn't enforced __ - [x] Added/updated tests --------- Co-authored-by: Jacob Shandling <jacob@fleetdm.com> Co-authored-by: Ian Littman <iansltx@gmail.com> 2024-11-25 14:34:43 +00:00			`"github.com/fleetdm/fleet/v4/server/contexts/ctxerr"`
Add Linux encryption states to APIs (#23806) 2024-11-19 20:11:59 +00:00			`"github.com/fleetdm/fleet/v4/server/fleet"`
			`)`

			`func (svc *Service) LinuxHostDiskEncryptionStatus(ctx context.Context, host fleet.Host) (fleet.HostMDMDiskEncryption, error) {`
			`if !host.IsLUKSSupported() {`
			`return fleet.HostMDMDiskEncryption{}, nil`
			`}`

			`actionRequired := fleet.DiskEncryptionActionRequired`
			`verified := fleet.DiskEncryptionVerified`
			`failed := fleet.DiskEncryptionFailed`

			`key, err := svc.ds.GetHostDiskEncryptionKey(ctx, host.ID)`
			`if err != nil {`
			`if fleet.IsNotFound(err) {`
			`return fleet.HostMDMDiskEncryption{`
			`Status: &actionRequired,`
			`}, nil`
			`}`
			`return fleet.HostMDMDiskEncryption{}, err`
			`}`

			`if key.ClientError != "" {`
			`return fleet.HostMDMDiskEncryption{`
			`Status: &failed,`
			`Detail: key.ClientError,`
			`}, nil`
			`}`

			`if key.Base64Encrypted == "" {`
			`return fleet.HostMDMDiskEncryption{`
			`Status: &actionRequired,`
			`}, nil`
			`}`

			`return fleet.HostMDMDiskEncryption{`
			`Status: &verified,`
			`}, nil`
			`}`
Include Linux disk encryption status in configuration profiles aggregate status response when applicable, fix disk encryption/MDM configuration order-of-operations issues, add integration tests for LUKS (#24114) ## Addresses #24112, #24116, #23587 For #24112, Counts included: <img width="1392" alt="Screenshot 2024-11-22 at 5 31 06 PM" src="https://github.com/user-attachments/assets/2bb306d7-1130-4106-aef8-475b8be1f6b2"> - [x] Include counts when disk encryption is enforced - [x] Exclude counts when disk encryption isn't enforced __ - [x] Added/updated tests --------- Co-authored-by: Jacob Shandling <jacob@fleetdm.com> Co-authored-by: Ian Littman <iansltx@gmail.com> 2024-11-25 14:34:43 +00:00
			`func (svc Service) GetMDMLinuxProfilesSummary(ctx context.Context, teamId uint) (summary fleet.MDMProfilesSummary, err error) {`
			`if err = svc.authz.Authorize(ctx, fleet.MDMConfigProfileAuthz{TeamID: teamId}, fleet.ActionRead); err != nil {`
			`return summary, ctxerr.Wrap(ctx, err)`
			`}`

			`// Linux doesn't have configuration profiles, so if we aren't enforcing disk encryption we have nothing to report`
			`includeDiskEncryptionStats, err := svc.ds.GetConfigEnableDiskEncryption(ctx, teamId)`
			`if err != nil {`
			`return summary, ctxerr.Wrap(ctx, err)`
			`} else if !includeDiskEncryptionStats {`
			`return summary, nil`
			`}`

			`counts, err := svc.ds.GetLinuxDiskEncryptionSummary(ctx, teamId)`
			`if err != nil {`
			`return summary, ctxerr.Wrap(ctx, err)`
			`}`

			`return fleet.MDMProfilesSummary{`
			`Verified: counts.Verified,`
			`Pending: counts.ActionRequired,`
			`Failed: counts.Failed,`
			`}, nil`
			`}`