sails.log('Syncing Fleet instance data with Vanta for '+allActiveVantaConnections.length+(allActiveVantaConnections.length>1?' connections.':' connection.'));
// Create an empty object to store caught errors. We don't want this script to stop running if there is an error with a single Vanta integration, so instead, we'll store any errors that occur and bail early for that connection if any occur, and we'll log them individually before the script is done.
leterrorReportById={};
// use sails.helpers.flow.simutaniouslyForEach to send data for each connection record.
.tolerate((err)=>{// If an error occurs while sending a request to the Fleet instance, we'll add the error to the errorReportById object, with this connections ID set as the key.
errorReportById[connectionIdAsString]=newError(`When sending a request to the /users endpoint of a Fleet instance for a VantaConnection (id: ${connectionIdAsString}), the Fleet instance returned an Error: ${err}`);
});
if(errorReportById[connectionIdAsString]){// If there was an error with the previous request, bail early for this Vanta connection.
return;
}
letusersToSyncWithVanta=[];
// Iterate through the users list, creating user objects to send to Vanta.
// Set the permissionLevel using the user's global_role value.
letpermissionLevel='BASE';
if(user.global_role==='admin'){
permissionLevel='ADMIN';
}elseif(user.global_role==='maintainer'){
permissionLevel='EDITOR';
}
// Create a user object for this Fleet user.
letuserToSyncWithVanta={
displayName:user.name,
uniqueId:String(user.id),// Vanta requires this value to be a string.
fullName:user.name,
accountName:user.name,
email:user.email,
createdTimestamp:user.created_at,
status:'ACTIVE',// Always set to 'ACTIVE', if a user is removed from the Fleet instance, it will not be included in the response from the Fleet instance's /users endpoint.
.tolerate(()=>{// If an error occurs while sending a request to the Fleet instance, we'll add the error to the errorReportById object, with this connections ID set as the key.
errorReportById[connectionIdAsString]=newError(`When requesting all hosts from a Fleet instance for a VantaConnection (id: ${connectionIdAsString}), the Fleet instance did not respond with all of it's hosts in the set amount of time.`);
});
if(errorReportById[connectionIdAsString]){// If an error occured in the previous request, we'll bail early for this connection.
osName:'macOS',// Setting the osName for all macOS hosts to 'macOS'. Different versions of macOS have different prefixes, (e.g., a macOS host running 12.6 would be returned as "macOS 12.6.1", while a mac running version 10.15.7 would be displayed as "Mac OS X 10.15.7")
osVersion:host.os_version.replace(/^([\D]+)\s(.+)/g,'$2'),// removing everything but the version number (XX.XX.XX) from the host's os_version value.
hardwareUuid:host.uuid,
serialNumber:host.hardware_serial,
applications:[],
browserExtensions:[],
drives:[],
users:[],// Sending an empty array of users.
systemScreenlockPolicies:[],// Sending an empty array of screenlock policies.
isManaged:false,// Defaulting to false
autoUpdatesEnabled:false,// Always sending this value as false
// If the host has an mdm property, set the `isManaged` parameter to true if the hosts's mdm enrollment_status is either "On (automatic)" or "On (manual)")
// If this host's MDM status is pending (MDM is not yet fully turned on for this host), then it doesn't have comprehensive vitals nor a complete host details page thus we'll exclude it from the hosts we sync with Vanta.
// More info about pending hosts: https://github.com/fleetdm/fleet/blob/3cc7c971c2c24e28d06323c329475ae32e9a8198/docs/Using-Fleet/MDM-setup.md#pending-hosts
.intercept((err)=>{// If an error occurs while sending a request to the Fleet instance, we'll throw an error.
returnnewError(`When sending a request to the Fleet instance's /hosts/${host.id} endpoint for a Vanta connection (id: ${connectionIdAsString}), an error occurred: ${err}`);
softwareToAdd.bundleId=software.bundle_identifier?software.bundle_identifier:' ';// If the software is missing a bundle identifier, we'll set it to a blank string.
}).tolerate((err)=>{// If an error occurs while sending requests for each host, add the error to the errorReportById object.
errorReportById[connectionIdAsString]=newError(`When building an array of macOS hosts for a Vanta connection (id: ${connectionIdAsString}), an error occured: ${err}`);
});// After every macOS host
if(errorReportById[connectionIdAsString]){// If an error occured while gathering detailed host information, we'll bail early for this connection.
// If the host has an mdm property, set the `isManaged` parameter to true if the hosts's mdm enrollment_status is either "On (automatic)" or "On (manual)")
.intercept((err)=>{// If an error occurs while sending a request to the Fleet instance, we'll throw an error.
returnnewError(`When sending a request to the Fleet instance's /hosts/${host.id} endpoint for a Vanta connection (id: ${connectionIdAsString}), an error occurred: ${err}`);
}).tolerate((err)=>{// If an error occurs while sending requests for each host, add the error to the errorReportById object.
errorReportById[connectionIdAsString]=newError(`When building an array of Windows hosts for a Vanta connection (id: ${connectionIdAsString}), an error occured: ${err}`);
});// After every Windows host
if(errorReportById[connectionIdAsString]){// If an error occured while gathering detailed host information, we'll bail early for this connection.
.tolerate((err)=>{// If an error occurs while sending a request to Vanta, we'll add the error to the errorReportById object, with this connections ID set as the key.
errorReportById[connectionIdAsString]=newError(`vantaError: When sending a PUT request to the Vanta's '/user_account/sync_all' endpoint for a Vanta connection (id: ${connectionIdAsString}), an error occurred: ${err}`);
});
if(errorReportById[connectionIdAsString]){// If an error occured in the previous request, we'll bail early for this connection.
.tolerate((err)=>{// If an error occurs while sending a request to Vanta, we'll add the error to the errorReportById object, with this connections ID set as the key.
errorReportById[connectionIdAsString]=newError(`vantaError: When sending a PUT request to the Vanta's '/macos_user_computer/sync_all' endpoint for a Vanta connection (id: ${connectionIdAsString}), an error occurred: ${err}`);
});
if(errorReportById[connectionIdAsString]){// If an error occured in the previous request, we'll bail early for this connection.
.tolerate((err)=>{// If an error occurs while sending a request to Vanta, we'll add the error to the errorReportById object, with this connections ID set as the key.
errorReportById[connectionIdAsString]=newError(`vantaError: When sending a PUT request to the Vanta's '/macos_user_computer/sync_all' endpoint for a Vanta connection (id: ${connectionIdAsString}), an error occurred: ${err}`);
});
if(errorReportById[connectionIdAsString]){// If an error occured in the previous request, we'll bail early for this connection.
sails.log.warn('An error occurred while syncing the vanta connection for VantaCustomer with id '+connectionIdAsString+'. Logged error:\n'+errorReportById[connectionIdAsString]);
sails.log('Information has been sent to Vanta for '+(allActiveVantaConnections.length-numberOfLoggedErrors)+(allActiveVantaConnections.length-numberOfLoggedErrors>1||numberOfLoggedErrors===allActiveVantaConnections.length?' connections.':' connection.'));
