Elgato_dark/fleet
1
0
Fork 0
mirror of https://github.com/fleetdm/fleet synced 2026-05-23 08:58:41 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 114
fleet/server/service/devices_test.go

614 lines
19 KiB
Go
Raw Normal View History

base logic to show/hide the new Migrate to Fleet FD menu (#11679) Related to #11670
2023-05-15 20:00:52 +00:00
package service
import (
"context"
Host mdminfo remover (#19885) #17278
2024-06-28 15:09:22 +00:00
"database/sql"
Add LUKS escrow trigger and orbit config endpoints, persist/retrieve LUKS passphrase (#23763) #23583, #23584 # Checklist for submitter If some of the following don't apply, delete the relevant line. <!-- Note that API documentation changes are now addressed by the product design team. --> - [x] Input data is properly validated, `SELECT *` is avoided, SQL injection is prevented (using placeholders for values in statements) - [x] Added/updated tests - [x] If database migrations are included, checked table schema to confirm autoupdate - For database migrations: - [x] Checked schema for all modified table for columns that will auto-update timestamps during migration. - [x] Confirmed that updating the timestamps is acceptable, and will not cause unwanted side effects. - [x] Ensured the correct collation is explicitly set for character columns (`COLLATE utf8mb4_unicode_ci`). - [ ] Manual QA for all new/changed functionality -- should be tested end-to-end --------- Co-authored-by: Jacob Shandling <jacob@fleetdm.com>
2024-11-18 22:44:25 +00:00
"errors"
base logic to show/hide the new Migrate to Fleet FD menu (#11679) Related to #11670
2023-05-15 20:00:52 +00:00
"fmt"
"testing"
"time"
Add LUKS escrow trigger and orbit config endpoints, persist/retrieve LUKS passphrase (#23763) #23583, #23584 # Checklist for submitter If some of the following don't apply, delete the relevant line. <!-- Note that API documentation changes are now addressed by the product design team. --> - [x] Input data is properly validated, `SELECT *` is avoided, SQL injection is prevented (using placeholders for values in statements) - [x] Added/updated tests - [x] If database migrations are included, checked table schema to confirm autoupdate - For database migrations: - [x] Checked schema for all modified table for columns that will auto-update timestamps during migration. - [x] Confirmed that updating the timestamps is acceptable, and will not cause unwanted side effects. - [x] Ensured the correct collation is explicitly set for character columns (`COLLATE utf8mb4_unicode_ci`). - [ ] Manual QA for all new/changed functionality -- should be tested end-to-end --------- Co-authored-by: Jacob Shandling <jacob@fleetdm.com>
2024-11-18 22:44:25 +00:00
"github.com/fleetdm/fleet/v4/pkg/optjson"
base logic to show/hide the new Migrate to Fleet FD menu (#11679) Related to #11670
2023-05-15 20:00:52 +00:00
"github.com/fleetdm/fleet/v4/server/fleet"
"github.com/fleetdm/fleet/v4/server/mock"
"github.com/fleetdm/fleet/v4/server/ptr"
add migration support to FD and orbit (#11741) https://github.com/fleetdm/fleet/issues/11534
2023-05-18 17:21:54 +00:00
"github.com/fleetdm/fleet/v4/server/test"
Hide "Self-service" in Fleet Desktop and My device page (#20047) #19651 Hide "Self-service" in Fleet Desktop and My device page if there is no self-service software available # Checklist for submitter <!-- Note that API documentation changes are now addressed by the product design team. --> - [x] Changes file added for user-visible changes in `changes/`, `orbit/changes/` or `ee/fleetd-chrome/changes`. See [Changes files](https://fleetdm.com/docs/contributing/committing-changes#changes-files) for more information. - [x] Added/updated tests - [x] Manual QA for all new/changed functionality - For Orbit and Fleet Desktop changes: - [x] Manual QA must be performed in the three main OSs, macOS, Windows and Linux. - [x] Auto-update manual QA, from released version of component to new version (see [tools/tuf/test](../tools/tuf/test/README.md)).
2024-07-02 16:32:49 +00:00
"github.com/stretchr/testify/assert"
base logic to show/hide the new Migrate to Fleet FD menu (#11679) Related to #11670
2023-05-15 20:00:52 +00:00
"github.com/stretchr/testify/require"
)
func TestGetFleetDesktopSummary(t *testing.T) {
t.Run("free implementation", func(t *testing.T) {
ds := new(mock.Store)
svc, ctx := newTestService(t, ds, nil, nil)
sum, err := svc.GetFleetDesktopSummary(ctx)
require.ErrorIs(t, err, fleet.ErrMissingLicense)
require.Empty(t, sum)
})
add migration support to FD and orbit (#11741) https://github.com/fleetdm/fleet/issues/11534
2023-05-18 17:21:54 +00:00
t.Run("different app config values for managed host", func(t *testing.T) {
base logic to show/hide the new Migrate to Fleet FD menu (#11679) Related to #11670
2023-05-15 20:00:52 +00:00
ds := new(mock.Store)
license := &fleet.LicenseInfo{Tier: fleet.TierPremium, Expiration: time.Now().Add(24 * time.Hour)}
svc, ctx := newTestService(t, ds, nil, nil, &TestServerOpts{License: license, SkipCreateTestUsers: true})
ds.FailingPoliciesCountFunc = func(ctx context.Context, host *fleet.Host) (uint, error) {
return uint(1), nil
}
Hide "Self-service" in Fleet Desktop and My device page (#20047) #19651 Hide "Self-service" in Fleet Desktop and My device page if there is no self-service software available # Checklist for submitter <!-- Note that API documentation changes are now addressed by the product design team. --> - [x] Changes file added for user-visible changes in `changes/`, `orbit/changes/` or `ee/fleetd-chrome/changes`. See [Changes files](https://fleetdm.com/docs/contributing/committing-changes#changes-files) for more information. - [x] Added/updated tests - [x] Manual QA for all new/changed functionality - For Orbit and Fleet Desktop changes: - [x] Manual QA must be performed in the three main OSs, macOS, Windows and Linux. - [x] Auto-update manual QA, from released version of component to new version (see [tools/tuf/test](../tools/tuf/test/README.md)).
2024-07-02 16:32:49 +00:00
const expectedPlatform = "darwin"
ds.HasSelfServiceSoftwareInstallersFunc = func(ctx context.Context, platform string, teamID *uint) (bool, error) {
assert.Equal(t, expectedPlatform, platform)
return true, nil
}
base logic to show/hide the new Migrate to Fleet FD menu (#11679) Related to #11670
2023-05-15 20:00:52 +00:00
cases := []struct {
Track host DEP assignments in new table (#11875)
2023-05-23 18:01:04 +00:00
mdm fleet.MDM
depAssigned bool
out fleet.DesktopNotifications
base logic to show/hide the new Migrate to Fleet FD menu (#11679) Related to #11670
2023-05-15 20:00:52 +00:00
}{
{
mdm: fleet.MDM{
EnabledAndConfigured: true,
MacOSMigration: fleet.MacOSMigration{
Enable: true,
},
},
Track host DEP assignments in new table (#11875)
2023-05-23 18:01:04 +00:00
depAssigned: true,
base logic to show/hide the new Migrate to Fleet FD menu (#11679) Related to #11670
2023-05-15 20:00:52 +00:00
out: fleet.DesktopNotifications{
add migration support to FD and orbit (#11741) https://github.com/fleetdm/fleet/issues/11534
2023-05-18 17:21:54 +00:00
NeedsMDMMigration: true,
RenewEnrollmentProfile: false,
base logic to show/hide the new Migrate to Fleet FD menu (#11679) Related to #11670
2023-05-15 20:00:52 +00:00
},
},
Track host DEP assignments in new table (#11875)
2023-05-23 18:01:04 +00:00
{
mdm: fleet.MDM{
EnabledAndConfigured: true,
MacOSMigration: fleet.MacOSMigration{
Enable: true,
},
},
depAssigned: false,
out: fleet.DesktopNotifications{
NeedsMDMMigration: false,
RenewEnrollmentProfile: false,
},
},
base logic to show/hide the new Migrate to Fleet FD menu (#11679) Related to #11670
2023-05-15 20:00:52 +00:00
{
mdm: fleet.MDM{
EnabledAndConfigured: false,
MacOSMigration: fleet.MacOSMigration{
Enable: true,
},
},
Track host DEP assignments in new table (#11875)
2023-05-23 18:01:04 +00:00
depAssigned: true,
base logic to show/hide the new Migrate to Fleet FD menu (#11679) Related to #11670
2023-05-15 20:00:52 +00:00
out: fleet.DesktopNotifications{
add migration support to FD and orbit (#11741) https://github.com/fleetdm/fleet/issues/11534
2023-05-18 17:21:54 +00:00
NeedsMDMMigration: false,
RenewEnrollmentProfile: false,
base logic to show/hide the new Migrate to Fleet FD menu (#11679) Related to #11670
2023-05-15 20:00:52 +00:00
},
},
{
mdm: fleet.MDM{
EnabledAndConfigured: true,
MacOSMigration: fleet.MacOSMigration{
Enable: false,
},
},
Track host DEP assignments in new table (#11875)
2023-05-23 18:01:04 +00:00
depAssigned: true,
base logic to show/hide the new Migrate to Fleet FD menu (#11679) Related to #11670
2023-05-15 20:00:52 +00:00
out: fleet.DesktopNotifications{
add migration support to FD and orbit (#11741) https://github.com/fleetdm/fleet/issues/11534
2023-05-18 17:21:54 +00:00
NeedsMDMMigration: false,
RenewEnrollmentProfile: false,
base logic to show/hide the new Migrate to Fleet FD menu (#11679) Related to #11670
2023-05-15 20:00:52 +00:00
},
},
{
mdm: fleet.MDM{
EnabledAndConfigured: false,
MacOSMigration: fleet.MacOSMigration{
Enable: false,
},
},
Track host DEP assignments in new table (#11875)
2023-05-23 18:01:04 +00:00
depAssigned: true,
base logic to show/hide the new Migrate to Fleet FD menu (#11679) Related to #11670
2023-05-15 20:00:52 +00:00
out: fleet.DesktopNotifications{
add migration support to FD and orbit (#11741) https://github.com/fleetdm/fleet/issues/11534
2023-05-18 17:21:54 +00:00
NeedsMDMMigration: false,
RenewEnrollmentProfile: false,
base logic to show/hide the new Migrate to Fleet FD menu (#11679) Related to #11670
2023-05-15 20:00:52 +00:00
},
},
}
for _, c := range cases {
upgrade Go version to 1.21.1 (#13877) For #13715, this: - Upgrades the Go version to `1.21.1`, infrastructure changes are addressed separately at https://github.com/fleetdm/fleet/pull/13878 - Upgrades the linter version, as the current version doesn't work well after the Go upgrade - Fixes new linting errors (we now get errors for memory aliasing in loops! 🎉 ) After this is merged people will need to: 1. Update their Go version. I use `gvm` and I did it like: ``` $ gvm install go1.21.1 $ gvm use go1.21.1 --default ``` 2. Update the local version of `golangci-lint`: ``` $ go install github.com/golangci/golangci-lint/cmd/golangci-lint@v1.54.2 ``` 3. (optional) depending on your setup, you might need to re-install some packages, for example: ``` # goimports to automatically import libraries $ go install golang.org/x/tools/cmd/goimports@latest # gopls for the language server $ go install golang.org/x/tools/gopls@latest # etc... ```
2023-09-13 18:59:35 +00:00
c := c
base logic to show/hide the new Migrate to Fleet FD menu (#11679) Related to #11670
2023-05-15 20:00:52 +00:00
ds.AppConfigFunc = func(ctx context.Context) (*fleet.AppConfig, error) {
appCfg := fleet.AppConfig{}
appCfg.MDM = c.mdm
return &appCfg, nil
}
don't rely on MDM solution name to know if the host has Fleet MDM on (#19688) for #18977 # Checklist for submitter If some of the following don't apply, delete the relevant line. <!-- Note that API documentation changes are now addressed by the product design team. --> - [x] Changes file added for user-visible changes in `changes/`, `orbit/changes/` or `ee/fleetd-chrome/changes`. See [Changes files](https://fleetdm.com/docs/contributing/committing-changes#changes-files) for more information. - [x] Input data is properly validated, `SELECT *` is avoided, SQL injection is prevented (using placeholders for values in statements) - [x] Added/updated tests - [x] Manual QA for all new/changed functionality
2024-06-14 18:01:12 +00:00
ds.IsHostConnectedToFleetMDMFunc = func(ctx context.Context, host *fleet.Host) (bool, error) {
return false, nil
}
Host mdminfo remover (#19885) #17278
2024-06-28 15:09:22 +00:00
ds.GetHostMDMFunc = func(ctx context.Context, hostID uint) (*fleet.HostMDM, error) {
return &fleet.HostMDM{
Prevent MDM migration without assigned ADE profile (#17999) for #15929 this prevents us sending the notification to start the MDM migration if the device doesn't have the right JSON profile assigned.
2024-04-08 14:10:29 +00:00
IsServer: false,
InstalledFromDep: true,
Enrolled: true,
Name: fleet.WellKnownMDMIntune,
DEPProfileAssignStatus: ptr.String(string(fleet.DEPAssignProfileResponseSuccess)),
Host mdminfo remover (#19885) #17278
2024-06-28 15:09:22 +00:00
}, nil
}
ctx := test.HostContext(ctx, &fleet.Host{
OsqueryHostID: ptr.String("test"),
DEPAssignedToFleet: &c.depAssigned,
Hide "Self-service" in Fleet Desktop and My device page (#20047) #19651 Hide "Self-service" in Fleet Desktop and My device page if there is no self-service software available # Checklist for submitter <!-- Note that API documentation changes are now addressed by the product design team. --> - [x] Changes file added for user-visible changes in `changes/`, `orbit/changes/` or `ee/fleetd-chrome/changes`. See [Changes files](https://fleetdm.com/docs/contributing/committing-changes#changes-files) for more information. - [x] Added/updated tests - [x] Manual QA for all new/changed functionality - For Orbit and Fleet Desktop changes: - [x] Manual QA must be performed in the three main OSs, macOS, Windows and Linux. - [x] Auto-update manual QA, from released version of component to new version (see [tools/tuf/test](../tools/tuf/test/README.md)).
2024-07-02 16:32:49 +00:00
Platform: expectedPlatform,
Host mdminfo remover (#19885) #17278
2024-06-28 15:09:22 +00:00
})
base logic to show/hide the new Migrate to Fleet FD menu (#11679) Related to #11670
2023-05-15 20:00:52 +00:00
sum, err := svc.GetFleetDesktopSummary(ctx)
require.NoError(t, err)
require.Equal(t, c.out, sum.Notifications, fmt.Sprintf("enabled_and_configured: %t | macos_migration.enable: %t", c.mdm.EnabledAndConfigured, c.mdm.MacOSMigration.Enable))
require.EqualValues(t, 1, *sum.FailingPolicies)
Hide "Self-service" in Fleet Desktop and My device page (#20047) #19651 Hide "Self-service" in Fleet Desktop and My device page if there is no self-service software available # Checklist for submitter <!-- Note that API documentation changes are now addressed by the product design team. --> - [x] Changes file added for user-visible changes in `changes/`, `orbit/changes/` or `ee/fleetd-chrome/changes`. See [Changes files](https://fleetdm.com/docs/contributing/committing-changes#changes-files) for more information. - [x] Added/updated tests - [x] Manual QA for all new/changed functionality - For Orbit and Fleet Desktop changes: - [x] Manual QA must be performed in the three main OSs, macOS, Windows and Linux. - [x] Auto-update manual QA, from released version of component to new version (see [tools/tuf/test](../tools/tuf/test/README.md)).
2024-07-02 16:32:49 +00:00
assert.Equal(t, ptr.Bool(true), sum.SelfService)
base logic to show/hide the new Migrate to Fleet FD menu (#11679) Related to #11670
2023-05-15 20:00:52 +00:00
}
})
add migration support to FD and orbit (#11741) https://github.com/fleetdm/fleet/issues/11534
2023-05-18 17:21:54 +00:00
t.Run("different app config values for unmanaged host", func(t *testing.T) {
ds := new(mock.Store)
license := &fleet.LicenseInfo{Tier: fleet.TierPremium, Expiration: time.Now().Add(24 * time.Hour)}
svc, ctx := newTestService(t, ds, nil, nil, &TestServerOpts{License: license, SkipCreateTestUsers: true})
ds.FailingPoliciesCountFunc = func(ctx context.Context, host *fleet.Host) (uint, error) {
return uint(1), nil
}
Hide "Self-service" in Fleet Desktop and My device page (#20047) #19651 Hide "Self-service" in Fleet Desktop and My device page if there is no self-service software available # Checklist for submitter <!-- Note that API documentation changes are now addressed by the product design team. --> - [x] Changes file added for user-visible changes in `changes/`, `orbit/changes/` or `ee/fleetd-chrome/changes`. See [Changes files](https://fleetdm.com/docs/contributing/committing-changes#changes-files) for more information. - [x] Added/updated tests - [x] Manual QA for all new/changed functionality - For Orbit and Fleet Desktop changes: - [x] Manual QA must be performed in the three main OSs, macOS, Windows and Linux. - [x] Auto-update manual QA, from released version of component to new version (see [tools/tuf/test](../tools/tuf/test/README.md)).
2024-07-02 16:32:49 +00:00
ds.HasSelfServiceSoftwareInstallersFunc = func(ctx context.Context, platform string, teamID *uint) (bool, error) {
return true, nil
}
add migration support to FD and orbit (#11741) https://github.com/fleetdm/fleet/issues/11534
2023-05-18 17:21:54 +00:00
cases := []struct {
Track host DEP assignments in new table (#11875)
2023-05-23 18:01:04 +00:00
mdm fleet.MDM
depAssigned bool
out fleet.DesktopNotifications
add migration support to FD and orbit (#11741) https://github.com/fleetdm/fleet/issues/11534
2023-05-18 17:21:54 +00:00
}{
{
mdm: fleet.MDM{
EnabledAndConfigured: true,
MacOSMigration: fleet.MacOSMigration{
Enable: true,
},
},
Track host DEP assignments in new table (#11875)
2023-05-23 18:01:04 +00:00
depAssigned: true,
add migration support to FD and orbit (#11741) https://github.com/fleetdm/fleet/issues/11534
2023-05-18 17:21:54 +00:00
out: fleet.DesktopNotifications{
NeedsMDMMigration: false,
RenewEnrollmentProfile: true,
},
},
{
mdm: fleet.MDM{
EnabledAndConfigured: false,
MacOSMigration: fleet.MacOSMigration{
Enable: true,
},
},
Track host DEP assignments in new table (#11875)
2023-05-23 18:01:04 +00:00
depAssigned: true,
add migration support to FD and orbit (#11741) https://github.com/fleetdm/fleet/issues/11534
2023-05-18 17:21:54 +00:00
out: fleet.DesktopNotifications{
NeedsMDMMigration: false,
RenewEnrollmentProfile: false,
},
},
{
mdm: fleet.MDM{
EnabledAndConfigured: true,
MacOSMigration: fleet.MacOSMigration{
Enable: false,
},
},
Track host DEP assignments in new table (#11875)
2023-05-23 18:01:04 +00:00
depAssigned: true,
add migration support to FD and orbit (#11741) https://github.com/fleetdm/fleet/issues/11534
2023-05-18 17:21:54 +00:00
out: fleet.DesktopNotifications{
NeedsMDMMigration: false,
RenewEnrollmentProfile: false,
},
},
{
mdm: fleet.MDM{
EnabledAndConfigured: false,
MacOSMigration: fleet.MacOSMigration{
Enable: false,
},
},
Track host DEP assignments in new table (#11875)
2023-05-23 18:01:04 +00:00
depAssigned: true,
add migration support to FD and orbit (#11741) https://github.com/fleetdm/fleet/issues/11534
2023-05-18 17:21:54 +00:00
out: fleet.DesktopNotifications{
NeedsMDMMigration: false,
RenewEnrollmentProfile: false,
},
},
}
Host mdminfo remover (#19885) #17278
2024-06-28 15:09:22 +00:00
mdmInfo := &fleet.HostMDM{
IsServer: false,
InstalledFromDep: true,
Enrolled: false,
Name: fleet.WellKnownMDMFleet,
DEPProfileAssignStatus: ptr.String(string(fleet.DEPAssignProfileResponseSuccess)),
}
add migration support to FD and orbit (#11741) https://github.com/fleetdm/fleet/issues/11534
2023-05-18 17:21:54 +00:00
for _, c := range cases {
upgrade Go version to 1.21.1 (#13877) For #13715, this: - Upgrades the Go version to `1.21.1`, infrastructure changes are addressed separately at https://github.com/fleetdm/fleet/pull/13878 - Upgrades the linter version, as the current version doesn't work well after the Go upgrade - Fixes new linting errors (we now get errors for memory aliasing in loops! 🎉 ) After this is merged people will need to: 1. Update their Go version. I use `gvm` and I did it like: ``` $ gvm install go1.21.1 $ gvm use go1.21.1 --default ``` 2. Update the local version of `golangci-lint`: ``` $ go install github.com/golangci/golangci-lint/cmd/golangci-lint@v1.54.2 ``` 3. (optional) depending on your setup, you might need to re-install some packages, for example: ``` # goimports to automatically import libraries $ go install golang.org/x/tools/cmd/goimports@latest # gopls for the language server $ go install golang.org/x/tools/gopls@latest # etc... ```
2023-09-13 18:59:35 +00:00
c := c
add migration support to FD and orbit (#11741) https://github.com/fleetdm/fleet/issues/11534
2023-05-18 17:21:54 +00:00
ds.AppConfigFunc = func(ctx context.Context) (*fleet.AppConfig, error) {
appCfg := fleet.AppConfig{}
appCfg.MDM = c.mdm
return &appCfg, nil
}
don't rely on MDM solution name to know if the host has Fleet MDM on (#19688) for #18977 # Checklist for submitter If some of the following don't apply, delete the relevant line. <!-- Note that API documentation changes are now addressed by the product design team. --> - [x] Changes file added for user-visible changes in `changes/`, `orbit/changes/` or `ee/fleetd-chrome/changes`. See [Changes files](https://fleetdm.com/docs/contributing/committing-changes#changes-files) for more information. - [x] Input data is properly validated, `SELECT *` is avoided, SQL injection is prevented (using placeholders for values in statements) - [x] Added/updated tests - [x] Manual QA for all new/changed functionality
2024-06-14 18:01:12 +00:00
ds.IsHostConnectedToFleetMDMFunc = func(ctx context.Context, host *fleet.Host) (bool, error) {
return false, nil
}
add migration support to FD and orbit (#11741) https://github.com/fleetdm/fleet/issues/11534
2023-05-18 17:21:54 +00:00
Host mdminfo remover (#19885) #17278
2024-06-28 15:09:22 +00:00
ds.GetHostMDMFunc = func(ctx context.Context, hostID uint) (*fleet.HostMDM, error) {
return mdmInfo, nil
}
add migration support to FD and orbit (#11741) https://github.com/fleetdm/fleet/issues/11534
2023-05-18 17:21:54 +00:00
ctx = test.HostContext(ctx, &fleet.Host{
Track host DEP assignments in new table (#11875)
2023-05-23 18:01:04 +00:00
OsqueryHostID: ptr.String("test"),
DEPAssignedToFleet: &c.depAssigned,
Host mdminfo remover (#19885) #17278
2024-06-28 15:09:22 +00:00
})
add migration support to FD and orbit (#11741) https://github.com/fleetdm/fleet/issues/11534
2023-05-18 17:21:54 +00:00
sum, err := svc.GetFleetDesktopSummary(ctx)
require.NoError(t, err)
require.Equal(t, c.out, sum.Notifications, fmt.Sprintf("enabled_and_configured: %t | macos_migration.enable: %t", c.mdm.EnabledAndConfigured, c.mdm.MacOSMigration.Enable))
require.EqualValues(t, 1, *sum.FailingPolicies)
}
})
base logic to show/hide the new Migrate to Fleet FD menu (#11679) Related to #11670
2023-05-15 20:00:52 +00:00
t.Run("different host attributes", func(t *testing.T) {
ds := new(mock.Store)
license := &fleet.LicenseInfo{Tier: fleet.TierPremium, Expiration: time.Now().Add(24 * time.Hour)}
svc, ctx := newTestService(t, ds, nil, nil, &TestServerOpts{License: license, SkipCreateTestUsers: true})
// context without a host
sum, err := svc.GetFleetDesktopSummary(ctx)
require.Empty(t, sum)
var authErr *fleet.AuthRequiredError
require.ErrorAs(t, err, &authErr)
ds.FailingPoliciesCountFunc = func(ctx context.Context, host *fleet.Host) (uint, error) {
return uint(1), nil
}
ds.AppConfigFunc = func(ctx context.Context) (*fleet.AppConfig, error) {
appCfg := fleet.AppConfig{}
appCfg.MDM.EnabledAndConfigured = true
appCfg.MDM.MacOSMigration.Enable = true
return &appCfg, nil
}
Hide "Self-service" in Fleet Desktop and My device page (#20047) #19651 Hide "Self-service" in Fleet Desktop and My device page if there is no self-service software available # Checklist for submitter <!-- Note that API documentation changes are now addressed by the product design team. --> - [x] Changes file added for user-visible changes in `changes/`, `orbit/changes/` or `ee/fleetd-chrome/changes`. See [Changes files](https://fleetdm.com/docs/contributing/committing-changes#changes-files) for more information. - [x] Added/updated tests - [x] Manual QA for all new/changed functionality - For Orbit and Fleet Desktop changes: - [x] Manual QA must be performed in the three main OSs, macOS, Windows and Linux. - [x] Auto-update manual QA, from released version of component to new version (see [tools/tuf/test](../tools/tuf/test/README.md)).
2024-07-02 16:32:49 +00:00
ds.HasSelfServiceSoftwareInstallersFunc = func(ctx context.Context, platform string, teamID *uint) (bool, error) {
return false, nil
}
base logic to show/hide the new Migrate to Fleet FD menu (#11679) Related to #11670
2023-05-15 20:00:52 +00:00
cases := []struct {
Host mdminfo remover (#19885) #17278
2024-06-28 15:09:22 +00:00
name string
host *fleet.Host
hostMDM *fleet.HostMDM
err error
out fleet.DesktopNotifications
base logic to show/hide the new Migrate to Fleet FD menu (#11679) Related to #11670
2023-05-15 20:00:52 +00:00
}{
{
name: "not enrolled into osquery",
host: &fleet.Host{OsqueryHostID: nil},
err: nil,
out: fleet.DesktopNotifications{
add migration support to FD and orbit (#11741) https://github.com/fleetdm/fleet/issues/11534
2023-05-18 17:21:54 +00:00
NeedsMDMMigration: false,
RenewEnrollmentProfile: false,
base logic to show/hide the new Migrate to Fleet FD menu (#11679) Related to #11670
2023-05-15 20:00:52 +00:00
},
},
{
name: "manually enrolled into another MDM",
host: &fleet.Host{
Track host DEP assignments in new table (#11875)
2023-05-23 18:01:04 +00:00
OsqueryHostID: ptr.String("test"),
DEPAssignedToFleet: ptr.Bool(false),
Host mdminfo remover (#19885) #17278
2024-06-28 15:09:22 +00:00
},
hostMDM: &fleet.HostMDM{
IsServer: false,
InstalledFromDep: false,
Enrolled: true,
Name: fleet.WellKnownMDMIntune,
DEPProfileAssignStatus: ptr.String(string(fleet.DEPAssignProfileResponseSuccess)),
},
base logic to show/hide the new Migrate to Fleet FD menu (#11679) Related to #11670
2023-05-15 20:00:52 +00:00
err: nil,
out: fleet.DesktopNotifications{
add migration support to FD and orbit (#11741) https://github.com/fleetdm/fleet/issues/11534
2023-05-18 17:21:54 +00:00
NeedsMDMMigration: false,
RenewEnrollmentProfile: false,
base logic to show/hide the new Migrate to Fleet FD menu (#11679) Related to #11670
2023-05-15 20:00:52 +00:00
},
},
{
name: "DEP capable, but already unenrolled",
host: &fleet.Host{
Track host DEP assignments in new table (#11875)
2023-05-23 18:01:04 +00:00
DEPAssignedToFleet: ptr.Bool(true),
OsqueryHostID: ptr.String("test"),
Host mdminfo remover (#19885) #17278
2024-06-28 15:09:22 +00:00
},
hostMDM: &fleet.HostMDM{
IsServer: false,
InstalledFromDep: true,
Enrolled: false,
Name: fleet.WellKnownMDMFleet,
DEPProfileAssignStatus: ptr.String(string(fleet.DEPAssignProfileResponseSuccess)),
},
base logic to show/hide the new Migrate to Fleet FD menu (#11679) Related to #11670
2023-05-15 20:00:52 +00:00
err: nil,
out: fleet.DesktopNotifications{
add migration support to FD and orbit (#11741) https://github.com/fleetdm/fleet/issues/11534
2023-05-18 17:21:54 +00:00
NeedsMDMMigration: false,
RenewEnrollmentProfile: true,
base logic to show/hide the new Migrate to Fleet FD menu (#11679) Related to #11670
2023-05-15 20:00:52 +00:00
},
},
{
name: "DEP capable, but enrolled into Fleet",
host: &fleet.Host{
Track host DEP assignments in new table (#11875)
2023-05-23 18:01:04 +00:00
DEPAssignedToFleet: ptr.Bool(true),
OsqueryHostID: ptr.String("test"),
Host mdminfo remover (#19885) #17278
2024-06-28 15:09:22 +00:00
},
hostMDM: &fleet.HostMDM{
IsServer: false,
InstalledFromDep: true,
Enrolled: true,
Name: fleet.WellKnownMDMFleet,
DEPProfileAssignStatus: ptr.String(string(fleet.DEPAssignProfileResponseSuccess)),
},
Prevent MDM migration without assigned ADE profile (#17999) for #15929 this prevents us sending the notification to start the MDM migration if the device doesn't have the right JSON profile assigned.
2024-04-08 14:10:29 +00:00
err: nil,
out: fleet.DesktopNotifications{
NeedsMDMMigration: false,
RenewEnrollmentProfile: false,
},
},
{
name: "failed ADE assignment status",
host: &fleet.Host{
DEPAssignedToFleet: ptr.Bool(true),
OsqueryHostID: ptr.String("test"),
Host mdminfo remover (#19885) #17278
2024-06-28 15:09:22 +00:00
},
hostMDM: &fleet.HostMDM{
IsServer: false,
InstalledFromDep: true,
Enrolled: true,
Name: fleet.WellKnownMDMIntune,
DEPProfileAssignStatus: ptr.String(string(fleet.DEPAssignProfileResponseFailed)),
},
Prevent MDM migration without assigned ADE profile (#17999) for #15929 this prevents us sending the notification to start the MDM migration if the device doesn't have the right JSON profile assigned.
2024-04-08 14:10:29 +00:00
err: nil,
out: fleet.DesktopNotifications{
NeedsMDMMigration: false,
RenewEnrollmentProfile: false,
},
},
{
name: "not accessible ADE assignment status",
host: &fleet.Host{
DEPAssignedToFleet: ptr.Bool(true),
OsqueryHostID: ptr.String("test"),
Host mdminfo remover (#19885) #17278
2024-06-28 15:09:22 +00:00
},
hostMDM: &fleet.HostMDM{
IsServer: false,
InstalledFromDep: true,
Enrolled: true,
Name: fleet.WellKnownMDMIntune,
DEPProfileAssignStatus: ptr.String(string(fleet.DEPAssignProfileResponseNotAccessible)),
},
Prevent MDM migration without assigned ADE profile (#17999) for #15929 this prevents us sending the notification to start the MDM migration if the device doesn't have the right JSON profile assigned.
2024-04-08 14:10:29 +00:00
err: nil,
out: fleet.DesktopNotifications{
NeedsMDMMigration: false,
RenewEnrollmentProfile: false,
},
},
{
name: "empty ADE assignment status",
host: &fleet.Host{
DEPAssignedToFleet: ptr.Bool(true),
OsqueryHostID: ptr.String("test"),
Host mdminfo remover (#19885) #17278
2024-06-28 15:09:22 +00:00
},
hostMDM: &fleet.HostMDM{
IsServer: false,
InstalledFromDep: true,
Enrolled: true,
Name: fleet.WellKnownMDMIntune,
DEPProfileAssignStatus: ptr.String(""),
},
Prevent MDM migration without assigned ADE profile (#17999) for #15929 this prevents us sending the notification to start the MDM migration if the device doesn't have the right JSON profile assigned.
2024-04-08 14:10:29 +00:00
err: nil,
out: fleet.DesktopNotifications{
NeedsMDMMigration: false,
RenewEnrollmentProfile: false,
},
},
{
name: "nil ADE assignment status",
host: &fleet.Host{
DEPAssignedToFleet: ptr.Bool(true),
OsqueryHostID: ptr.String("test"),
Host mdminfo remover (#19885) #17278
2024-06-28 15:09:22 +00:00
},
hostMDM: &fleet.HostMDM{
IsServer: false,
InstalledFromDep: true,
Enrolled: true,
Name: fleet.WellKnownMDMIntune,
DEPProfileAssignStatus: nil,
},
base logic to show/hide the new Migrate to Fleet FD menu (#11679) Related to #11670
2023-05-15 20:00:52 +00:00
err: nil,
out: fleet.DesktopNotifications{
add migration support to FD and orbit (#11741) https://github.com/fleetdm/fleet/issues/11534
2023-05-18 17:21:54 +00:00
NeedsMDMMigration: false,
RenewEnrollmentProfile: false,
base logic to show/hide the new Migrate to Fleet FD menu (#11679) Related to #11670
2023-05-15 20:00:52 +00:00
},
},
{
name: "all conditions met",
host: &fleet.Host{
Track host DEP assignments in new table (#11875)
2023-05-23 18:01:04 +00:00
DEPAssignedToFleet: ptr.Bool(true),
OsqueryHostID: ptr.String("test"),
Host mdminfo remover (#19885) #17278
2024-06-28 15:09:22 +00:00
},
hostMDM: &fleet.HostMDM{
IsServer: false,
InstalledFromDep: true,
Enrolled: true,
Name: fleet.WellKnownMDMIntune,
DEPProfileAssignStatus: ptr.String(string(fleet.DEPAssignProfileResponseSuccess)),
},
base logic to show/hide the new Migrate to Fleet FD menu (#11679) Related to #11670
2023-05-15 20:00:52 +00:00
err: nil,
out: fleet.DesktopNotifications{
add migration support to FD and orbit (#11741) https://github.com/fleetdm/fleet/issues/11534
2023-05-18 17:21:54 +00:00
NeedsMDMMigration: true,
RenewEnrollmentProfile: false,
base logic to show/hide the new Migrate to Fleet FD menu (#11679) Related to #11670
2023-05-15 20:00:52 +00:00
},
},
}
for _, c := range cases {
t.Run(c.name, func(t *testing.T) {
add migration support to FD and orbit (#11741) https://github.com/fleetdm/fleet/issues/11534
2023-05-18 17:21:54 +00:00
ctx = test.HostContext(ctx, c.host)
Host mdminfo remover (#19885) #17278
2024-06-28 15:09:22 +00:00
ds.GetHostMDMFunc = func(ctx context.Context, hostID uint) (*fleet.HostMDM, error) {
if c.hostMDM == nil {
return nil, sql.ErrNoRows
}
return c.hostMDM, nil
}
ds.IsHostConnectedToFleetMDMFunc = func(ctx context.Context, host *fleet.Host) (bool, error) {
return c.hostMDM != nil && c.hostMDM.Enrolled == true && c.hostMDM.Name == fleet.WellKnownMDMFleet, nil
}
base logic to show/hide the new Migrate to Fleet FD menu (#11679) Related to #11670
2023-05-15 20:00:52 +00:00
sum, err := svc.GetFleetDesktopSummary(ctx)
if c.err != nil {
require.ErrorIs(t, err, c.err)
require.Empty(t, sum)
} else {
require.NoError(t, err)
require.Equal(t, c.out, sum.Notifications)
require.EqualValues(t, 1, *sum.FailingPolicies)
}
})
}
})
}
Add LUKS escrow trigger and orbit config endpoints, persist/retrieve LUKS passphrase (#23763) #23583, #23584 # Checklist for submitter If some of the following don't apply, delete the relevant line. <!-- Note that API documentation changes are now addressed by the product design team. --> - [x] Input data is properly validated, `SELECT *` is avoided, SQL injection is prevented (using placeholders for values in statements) - [x] Added/updated tests - [x] If database migrations are included, checked table schema to confirm autoupdate - For database migrations: - [x] Checked schema for all modified table for columns that will auto-update timestamps during migration. - [x] Confirmed that updating the timestamps is acceptable, and will not cause unwanted side effects. - [x] Ensured the correct collation is explicitly set for character columns (`COLLATE utf8mb4_unicode_ci`). - [ ] Manual QA for all new/changed functionality -- should be tested end-to-end --------- Co-authored-by: Jacob Shandling <jacob@fleetdm.com>
2024-11-18 22:44:25 +00:00
func TestTriggerLinuxDiskEncryptionEscrow(t *testing.T) {
t.Run("unavailable in Fleet Free", func(t *testing.T) {
ds := new(mock.Store)
svc, ctx := newTestService(t, ds, nil, nil, &TestServerOpts{SkipCreateTestUsers: true})
err := svc.TriggerLinuxDiskEncryptionEscrow(ctx, &fleet.Host{ID: 1})
require.ErrorIs(t, err, fleet.ErrMissingLicense)
})
t.Run("no-op on already pending", func(t *testing.T) {
ds := new(mock.Store)
svc, ctx := newTestService(t, ds, nil, nil, &TestServerOpts{License: &fleet.LicenseInfo{Tier: fleet.TierPremium}, SkipCreateTestUsers: true})
ds.IsHostPendingEscrowFunc = func(ctx context.Context, hostID uint) bool {
return true
}
err := svc.TriggerLinuxDiskEncryptionEscrow(ctx, &fleet.Host{ID: 1})
require.NoError(t, err)
require.True(t, ds.IsHostPendingEscrowFuncInvoked)
})
28342: Do not report error if host already escrowed (#30652) For #28342 Do not report escrow error on a host page if the user clicks multiple times on the 'Create key' CTA on the 'My Device' page.
2025-07-09 16:47:17 +00:00
t.Run("encryption key is already escrowed", func(t *testing.T) {
ds := new(mock.Store)
svc, ctx := newTestService(t, ds, nil, nil, &TestServerOpts{License: &fleet.LicenseInfo{Tier: fleet.TierPremium}, SkipCreateTestUsers: true})
var reportedErrors []string
host := &fleet.Host{ID: 1, Platform: "rhel", OSVersion: "Red Hat Enterprise Linux 9.0.0"}
ds.ReportEscrowErrorFunc = func(ctx context.Context, hostID uint, err string) error {
require.Equal(t, hostID, host.ID)
reportedErrors = append(reportedErrors, err)
return nil
}
orbitInfo := &fleet.HostOrbitInfo{Version: fleet.MinOrbitLUKSVersion}
ds.IsHostPendingEscrowFunc = func(ctx context.Context, hostID uint) bool {
return false
}
ds.GetHostOrbitInfoFunc = func(ctx context.Context, id uint) (*fleet.HostOrbitInfo, error) {
return orbitInfo, nil
}
ds.AssertHasNoEncryptionKeyStoredFunc = func(ctx context.Context, hostID uint) error {
return errors.New("encryption key is already escrowed")
}
err := svc.TriggerLinuxDiskEncryptionEscrow(ctx, host)
require.ErrorContains(t, err, "encryption key is already escrowed")
require.Len(t, reportedErrors, 0, "No error should be reported when key is already escrowed")
})
Add LUKS escrow trigger and orbit config endpoints, persist/retrieve LUKS passphrase (#23763) #23583, #23584 # Checklist for submitter If some of the following don't apply, delete the relevant line. <!-- Note that API documentation changes are now addressed by the product design team. --> - [x] Input data is properly validated, `SELECT *` is avoided, SQL injection is prevented (using placeholders for values in statements) - [x] Added/updated tests - [x] If database migrations are included, checked table schema to confirm autoupdate - For database migrations: - [x] Checked schema for all modified table for columns that will auto-update timestamps during migration. - [x] Confirmed that updating the timestamps is acceptable, and will not cause unwanted side effects. - [x] Ensured the correct collation is explicitly set for character columns (`COLLATE utf8mb4_unicode_ci`). - [ ] Manual QA for all new/changed functionality -- should be tested end-to-end --------- Co-authored-by: Jacob Shandling <jacob@fleetdm.com>
2024-11-18 22:44:25 +00:00
t.Run("validation failures", func(t *testing.T) {
ds := new(mock.Store)
svc, ctx := newTestService(t, ds, nil, nil, &TestServerOpts{License: &fleet.LicenseInfo{Tier: fleet.TierPremium}, SkipCreateTestUsers: true})
ds.IsHostPendingEscrowFunc = func(ctx context.Context, hostID uint) bool {
return false
}
var reportedErrors []string
host := &fleet.Host{ID: 1, Platform: "rhel", OSVersion: "Red Hat Enterprise Linux 9.0.0"}
28342: Do not report error if host already escrowed (#30652) For #28342 Do not report escrow error on a host page if the user clicks multiple times on the 'Create key' CTA on the 'My Device' page.
2025-07-09 16:47:17 +00:00
ds.AssertHasNoEncryptionKeyStoredFunc = func(ctx context.Context, hostID uint) error { return nil }
Add LUKS escrow trigger and orbit config endpoints, persist/retrieve LUKS passphrase (#23763) #23583, #23584 # Checklist for submitter If some of the following don't apply, delete the relevant line. <!-- Note that API documentation changes are now addressed by the product design team. --> - [x] Input data is properly validated, `SELECT *` is avoided, SQL injection is prevented (using placeholders for values in statements) - [x] Added/updated tests - [x] If database migrations are included, checked table schema to confirm autoupdate - For database migrations: - [x] Checked schema for all modified table for columns that will auto-update timestamps during migration. - [x] Confirmed that updating the timestamps is acceptable, and will not cause unwanted side effects. - [x] Ensured the correct collation is explicitly set for character columns (`COLLATE utf8mb4_unicode_ci`). - [ ] Manual QA for all new/changed functionality -- should be tested end-to-end --------- Co-authored-by: Jacob Shandling <jacob@fleetdm.com>
2024-11-18 22:44:25 +00:00
ds.ReportEscrowErrorFunc = func(ctx context.Context, hostID uint, err string) error {
require.Equal(t, hostID, host.ID)
reportedErrors = append(reportedErrors, err)
return nil
}
// invalid platform
err := svc.TriggerLinuxDiskEncryptionEscrow(ctx, host)
Improve LUKS escrow trigger error messages (#24030) - [x] Added/updated tests ~~- [ ] Manual QA for all new/changed functionality~~ Testing as part of E2E QA
2024-11-21 19:33:37 +00:00
require.ErrorContains(t, err, "Fleet does not yet support creating LUKS disk encryption keys on this platform.")
Add LUKS escrow trigger and orbit config endpoints, persist/retrieve LUKS passphrase (#23763) #23583, #23584 # Checklist for submitter If some of the following don't apply, delete the relevant line. <!-- Note that API documentation changes are now addressed by the product design team. --> - [x] Input data is properly validated, `SELECT *` is avoided, SQL injection is prevented (using placeholders for values in statements) - [x] Added/updated tests - [x] If database migrations are included, checked table schema to confirm autoupdate - For database migrations: - [x] Checked schema for all modified table for columns that will auto-update timestamps during migration. - [x] Confirmed that updating the timestamps is acceptable, and will not cause unwanted side effects. - [x] Ensured the correct collation is explicitly set for character columns (`COLLATE utf8mb4_unicode_ci`). - [ ] Manual QA for all new/changed functionality -- should be tested end-to-end --------- Co-authored-by: Jacob Shandling <jacob@fleetdm.com>
2024-11-18 22:44:25 +00:00
require.True(t, ds.IsHostPendingEscrowFuncInvoked)
// valid platform, no-team, encryption not enabled
host.OSVersion = "Fedora 32.0.0"
appConfig := &fleet.AppConfig{MDM: fleet.MDM{EnableDiskEncryption: optjson.SetBool(false)}}
ds.AppConfigFunc = func(ctx context.Context) (*fleet.AppConfig, error) {
return appConfig, nil
}
err = svc.TriggerLinuxDiskEncryptionEscrow(ctx, host)
Improve LUKS escrow trigger error messages (#24030) - [x] Added/updated tests ~~- [ ] Manual QA for all new/changed functionality~~ Testing as part of E2E QA
2024-11-21 19:33:37 +00:00
require.ErrorContains(t, err, "Disk encryption is not enabled for hosts not assigned to a team.")
Add LUKS escrow trigger and orbit config endpoints, persist/retrieve LUKS passphrase (#23763) #23583, #23584 # Checklist for submitter If some of the following don't apply, delete the relevant line. <!-- Note that API documentation changes are now addressed by the product design team. --> - [x] Input data is properly validated, `SELECT *` is avoided, SQL injection is prevented (using placeholders for values in statements) - [x] Added/updated tests - [x] If database migrations are included, checked table schema to confirm autoupdate - For database migrations: - [x] Checked schema for all modified table for columns that will auto-update timestamps during migration. - [x] Confirmed that updating the timestamps is acceptable, and will not cause unwanted side effects. - [x] Ensured the correct collation is explicitly set for character columns (`COLLATE utf8mb4_unicode_ci`). - [ ] Manual QA for all new/changed functionality -- should be tested end-to-end --------- Co-authored-by: Jacob Shandling <jacob@fleetdm.com>
2024-11-18 22:44:25 +00:00
// valid platform, team, encryption not enabled
host.TeamID = ptr.Uint(1)
teamConfig := &fleet.TeamMDM{}
ds.TeamMDMConfigFunc = func(ctx context.Context, teamID uint) (*fleet.TeamMDM, error) {
require.Equal(t, uint(1), teamID)
return teamConfig, nil
}
err = svc.TriggerLinuxDiskEncryptionEscrow(ctx, host)
Improve LUKS escrow trigger error messages (#24030) - [x] Added/updated tests ~~- [ ] Manual QA for all new/changed functionality~~ Testing as part of E2E QA
2024-11-21 19:33:37 +00:00
require.ErrorContains(t, err, "Disk encryption is not enabled for this host's team.")
Add LUKS escrow trigger and orbit config endpoints, persist/retrieve LUKS passphrase (#23763) #23583, #23584 # Checklist for submitter If some of the following don't apply, delete the relevant line. <!-- Note that API documentation changes are now addressed by the product design team. --> - [x] Input data is properly validated, `SELECT *` is avoided, SQL injection is prevented (using placeholders for values in statements) - [x] Added/updated tests - [x] If database migrations are included, checked table schema to confirm autoupdate - For database migrations: - [x] Checked schema for all modified table for columns that will auto-update timestamps during migration. - [x] Confirmed that updating the timestamps is acceptable, and will not cause unwanted side effects. - [x] Ensured the correct collation is explicitly set for character columns (`COLLATE utf8mb4_unicode_ci`). - [ ] Manual QA for all new/changed functionality -- should be tested end-to-end --------- Co-authored-by: Jacob Shandling <jacob@fleetdm.com>
2024-11-18 22:44:25 +00:00
// valid platform, team, host disk is not encrypted or unknown encryption state
teamConfig = &fleet.TeamMDM{EnableDiskEncryption: true}
err = svc.TriggerLinuxDiskEncryptionEscrow(ctx, host)
Improve LUKS escrow trigger error messages (#24030) - [x] Added/updated tests ~~- [ ] Manual QA for all new/changed functionality~~ Testing as part of E2E QA
2024-11-21 19:33:37 +00:00
require.ErrorContains(t, err, "Host's disk is not encrypted. Please encrypt your disk first.")
Add LUKS escrow trigger and orbit config endpoints, persist/retrieve LUKS passphrase (#23763) #23583, #23584 # Checklist for submitter If some of the following don't apply, delete the relevant line. <!-- Note that API documentation changes are now addressed by the product design team. --> - [x] Input data is properly validated, `SELECT *` is avoided, SQL injection is prevented (using placeholders for values in statements) - [x] Added/updated tests - [x] If database migrations are included, checked table schema to confirm autoupdate - For database migrations: - [x] Checked schema for all modified table for columns that will auto-update timestamps during migration. - [x] Confirmed that updating the timestamps is acceptable, and will not cause unwanted side effects. - [x] Ensured the correct collation is explicitly set for character columns (`COLLATE utf8mb4_unicode_ci`). - [ ] Manual QA for all new/changed functionality -- should be tested end-to-end --------- Co-authored-by: Jacob Shandling <jacob@fleetdm.com>
2024-11-18 22:44:25 +00:00
host.DiskEncryptionEnabled = ptr.Bool(false)
err = svc.TriggerLinuxDiskEncryptionEscrow(ctx, host)
Improve LUKS escrow trigger error messages (#24030) - [x] Added/updated tests ~~- [ ] Manual QA for all new/changed functionality~~ Testing as part of E2E QA
2024-11-21 19:33:37 +00:00
require.ErrorContains(t, err, "Host's disk is not encrypted. Please encrypt your disk first.")
Add LUKS escrow trigger and orbit config endpoints, persist/retrieve LUKS passphrase (#23763) #23583, #23584 # Checklist for submitter If some of the following don't apply, delete the relevant line. <!-- Note that API documentation changes are now addressed by the product design team. --> - [x] Input data is properly validated, `SELECT *` is avoided, SQL injection is prevented (using placeholders for values in statements) - [x] Added/updated tests - [x] If database migrations are included, checked table schema to confirm autoupdate - For database migrations: - [x] Checked schema for all modified table for columns that will auto-update timestamps during migration. - [x] Confirmed that updating the timestamps is acceptable, and will not cause unwanted side effects. - [x] Ensured the correct collation is explicitly set for character columns (`COLLATE utf8mb4_unicode_ci`). - [ ] Manual QA for all new/changed functionality -- should be tested end-to-end --------- Co-authored-by: Jacob Shandling <jacob@fleetdm.com>
2024-11-18 22:44:25 +00:00
Fix Orbit version check in LUKS escrow trigger endpoint (#24026) The host context never includes Orbit version (only the hosts/{id} endpoint does) so we need to grab that data when we need it. # Checklist for submitter - [x] Added/updated tests ~~- [ ] Manual QA for all new/changed functionality~~ will be part of E2E QA
2024-11-21 18:41:38 +00:00
// No Fleet Desktop
Add LUKS escrow trigger and orbit config endpoints, persist/retrieve LUKS passphrase (#23763) #23583, #23584 # Checklist for submitter If some of the following don't apply, delete the relevant line. <!-- Note that API documentation changes are now addressed by the product design team. --> - [x] Input data is properly validated, `SELECT *` is avoided, SQL injection is prevented (using placeholders for values in statements) - [x] Added/updated tests - [x] If database migrations are included, checked table schema to confirm autoupdate - For database migrations: - [x] Checked schema for all modified table for columns that will auto-update timestamps during migration. - [x] Confirmed that updating the timestamps is acceptable, and will not cause unwanted side effects. - [x] Ensured the correct collation is explicitly set for character columns (`COLLATE utf8mb4_unicode_ci`). - [ ] Manual QA for all new/changed functionality -- should be tested end-to-end --------- Co-authored-by: Jacob Shandling <jacob@fleetdm.com>
2024-11-18 22:44:25 +00:00
host.DiskEncryptionEnabled = ptr.Bool(true)
Fix Orbit version check in LUKS escrow trigger endpoint (#24026) The host context never includes Orbit version (only the hosts/{id} endpoint does) so we need to grab that data when we need it. # Checklist for submitter - [x] Added/updated tests ~~- [ ] Manual QA for all new/changed functionality~~ will be part of E2E QA
2024-11-21 18:41:38 +00:00
orbitInfo := &fleet.HostOrbitInfo{Version: "1.35.1"}
ds.GetHostOrbitInfoFunc = func(ctx context.Context, id uint) (*fleet.HostOrbitInfo, error) {
return orbitInfo, nil
}
Add LUKS escrow trigger and orbit config endpoints, persist/retrieve LUKS passphrase (#23763) #23583, #23584 # Checklist for submitter If some of the following don't apply, delete the relevant line. <!-- Note that API documentation changes are now addressed by the product design team. --> - [x] Input data is properly validated, `SELECT *` is avoided, SQL injection is prevented (using placeholders for values in statements) - [x] Added/updated tests - [x] If database migrations are included, checked table schema to confirm autoupdate - For database migrations: - [x] Checked schema for all modified table for columns that will auto-update timestamps during migration. - [x] Confirmed that updating the timestamps is acceptable, and will not cause unwanted side effects. - [x] Ensured the correct collation is explicitly set for character columns (`COLLATE utf8mb4_unicode_ci`). - [ ] Manual QA for all new/changed functionality -- should be tested end-to-end --------- Co-authored-by: Jacob Shandling <jacob@fleetdm.com>
2024-11-18 22:44:25 +00:00
err = svc.TriggerLinuxDiskEncryptionEscrow(ctx, host)
Improve LUKS escrow trigger error messages (#24030) - [x] Added/updated tests ~~- [ ] Manual QA for all new/changed functionality~~ Testing as part of E2E QA
2024-11-21 19:33:37 +00:00
require.ErrorContains(t, err, "Your version of fleetd does not support creating disk encryption keys on Linux. Please upgrade fleetd, then click Refetch, then try again.")
Add LUKS escrow trigger and orbit config endpoints, persist/retrieve LUKS passphrase (#23763) #23583, #23584 # Checklist for submitter If some of the following don't apply, delete the relevant line. <!-- Note that API documentation changes are now addressed by the product design team. --> - [x] Input data is properly validated, `SELECT *` is avoided, SQL injection is prevented (using placeholders for values in statements) - [x] Added/updated tests - [x] If database migrations are included, checked table schema to confirm autoupdate - For database migrations: - [x] Checked schema for all modified table for columns that will auto-update timestamps during migration. - [x] Confirmed that updating the timestamps is acceptable, and will not cause unwanted side effects. - [x] Ensured the correct collation is explicitly set for character columns (`COLLATE utf8mb4_unicode_ci`). - [ ] Manual QA for all new/changed functionality -- should be tested end-to-end --------- Co-authored-by: Jacob Shandling <jacob@fleetdm.com>
2024-11-18 22:44:25 +00:00
28342: Do not report error if host already escrowed (#30652) For #28342 Do not report escrow error on a host page if the user clicks multiple times on the 'Create key' CTA on the 'My Device' page.
2025-07-09 16:47:17 +00:00
require.Len(t, reportedErrors, 6)
Add LUKS escrow trigger and orbit config endpoints, persist/retrieve LUKS passphrase (#23763) #23583, #23584 # Checklist for submitter If some of the following don't apply, delete the relevant line. <!-- Note that API documentation changes are now addressed by the product design team. --> - [x] Input data is properly validated, `SELECT *` is avoided, SQL injection is prevented (using placeholders for values in statements) - [x] Added/updated tests - [x] If database migrations are included, checked table schema to confirm autoupdate - For database migrations: - [x] Checked schema for all modified table for columns that will auto-update timestamps during migration. - [x] Confirmed that updating the timestamps is acceptable, and will not cause unwanted side effects. - [x] Ensured the correct collation is explicitly set for character columns (`COLLATE utf8mb4_unicode_ci`). - [ ] Manual QA for all new/changed functionality -- should be tested end-to-end --------- Co-authored-by: Jacob Shandling <jacob@fleetdm.com>
2024-11-18 22:44:25 +00:00
})
t.Run("validation success", func(t *testing.T) {
ds := new(mock.Store)
svc, ctx := newTestService(t, ds, nil, nil, &TestServerOpts{License: &fleet.LicenseInfo{Tier: fleet.TierPremium}, SkipCreateTestUsers: true})
ds.IsHostPendingEscrowFunc = func(ctx context.Context, hostID uint) bool {
return false
}
ds.AppConfigFunc = func(ctx context.Context) (*fleet.AppConfig, error) {
return &fleet.AppConfig{MDM: fleet.MDM{EnableDiskEncryption: optjson.SetBool(true)}}, nil
}
Fix Orbit version check in LUKS escrow trigger endpoint (#24026) The host context never includes Orbit version (only the hosts/{id} endpoint does) so we need to grab that data when we need it. # Checklist for submitter - [x] Added/updated tests ~~- [ ] Manual QA for all new/changed functionality~~ will be part of E2E QA
2024-11-21 18:41:38 +00:00
ds.GetHostOrbitInfoFunc = func(ctx context.Context, id uint) (*fleet.HostOrbitInfo, error) {
return &fleet.HostOrbitInfo{Version: "1.36.0", DesktopVersion: ptr.String("42")}, nil
}
Add LUKS escrow trigger and orbit config endpoints, persist/retrieve LUKS passphrase (#23763) #23583, #23584 # Checklist for submitter If some of the following don't apply, delete the relevant line. <!-- Note that API documentation changes are now addressed by the product design team. --> - [x] Input data is properly validated, `SELECT *` is avoided, SQL injection is prevented (using placeholders for values in statements) - [x] Added/updated tests - [x] If database migrations are included, checked table schema to confirm autoupdate - For database migrations: - [x] Checked schema for all modified table for columns that will auto-update timestamps during migration. - [x] Confirmed that updating the timestamps is acceptable, and will not cause unwanted side effects. - [x] Ensured the correct collation is explicitly set for character columns (`COLLATE utf8mb4_unicode_ci`). - [ ] Manual QA for all new/changed functionality -- should be tested end-to-end --------- Co-authored-by: Jacob Shandling <jacob@fleetdm.com>
2024-11-18 22:44:25 +00:00
ds.AssertHasNoEncryptionKeyStoredFunc = func(ctx context.Context, hostID uint) error {
return nil
}
host := &fleet.Host{ID: 1, Platform: "ubuntu", DiskEncryptionEnabled: ptr.Bool(true), OrbitVersion: ptr.String(fleet.MinOrbitLUKSVersion)}
ds.QueueEscrowFunc = func(ctx context.Context, hostID uint) error {
require.Equal(t, uint(1), hostID)
return nil
}
err := svc.TriggerLinuxDiskEncryptionEscrow(ctx, host)
require.NoError(t, err)
require.True(t, ds.QueueEscrowFuncInvoked)
})
}
Reference in a new issue Copy permalink