From 643705795860a18be390c3b51e869a3d7b993403 Mon Sep 17 00:00:00 2001 From: Jahziel Villasana-Espinoza Date: Thu, 23 May 2024 10:29:33 -0400 Subject: [PATCH 1/3] feat: refactor db method --- server/datastore/mysql/apple_mdm.go | 29 ++++++++ server/datastore/mysql/apple_mdm_test.go | 93 +++++++++++++++--------- server/fleet/datastore.go | 2 + server/fleet/mdm.go | 5 ++ 4 files changed, 94 insertions(+), 35 deletions(-) diff --git a/server/datastore/mysql/apple_mdm.go b/server/datastore/mysql/apple_mdm.go index be5ecd2148..8fd8a298af 100644 --- a/server/datastore/mysql/apple_mdm.go +++ b/server/datastore/mysql/apple_mdm.go @@ -4116,3 +4116,32 @@ VALUES return nil } + +func (ds *Datastore) InsertMDMConfigAssets(ctx context.Context, assets []fleet.MDMConfigAsset) error { + stmt := ` +INSERT INTO + mdm_config_assets ( + name, + value + ) +VALUES + %s + ` + + var args []any + var insertVals strings.Builder + + for _, a := range assets { + insertVals.WriteString(`(?, ?),`) + args = append(args, a.Name, a.Value) + } + + stmt = fmt.Sprintf(stmt, strings.TrimSuffix(insertVals.String(), ",")) + + err := ds.withRetryTxx(ctx, func(tx sqlx.ExtContext) error { + _, err := tx.ExecContext(ctx, stmt, args...) + return err + }) + + return ctxerr.Wrap(ctx, err, "writing mdm config assets to db") +} diff --git a/server/datastore/mysql/apple_mdm_test.go b/server/datastore/mysql/apple_mdm_test.go index 43ec3a7812..541ee5153a 100644 --- a/server/datastore/mysql/apple_mdm_test.go +++ b/server/datastore/mysql/apple_mdm_test.go @@ -39,41 +39,42 @@ func TestMDMApple(t *testing.T) { name string fn func(t *testing.T, ds *Datastore) }{ - {"TestNewMDMAppleConfigProfileDuplicateName", testNewMDMAppleConfigProfileDuplicateName}, - {"TestNewMDMAppleConfigProfileLabels", testNewMDMAppleConfigProfileLabels}, - {"TestNewMDMAppleConfigProfileDuplicateIdentifier", testNewMDMAppleConfigProfileDuplicateIdentifier}, - {"TestDeleteMDMAppleConfigProfile", testDeleteMDMAppleConfigProfile}, - {"TestDeleteMDMAppleConfigProfileByTeamAndIdentifier", testDeleteMDMAppleConfigProfileByTeamAndIdentifier}, - {"TestListMDMAppleConfigProfiles", testListMDMAppleConfigProfiles}, - {"TestHostDetailsMDMProfiles", testHostDetailsMDMProfiles}, - {"TestBatchSetMDMAppleProfiles", testBatchSetMDMAppleProfiles}, - {"TestMDMAppleProfileManagement", testMDMAppleProfileManagement}, - {"TestMDMAppleProfileManagementBatch2", testMDMAppleProfileManagementBatch2}, - {"TestMDMAppleProfileManagementBatch3", testMDMAppleProfileManagementBatch3}, - {"TestGetMDMAppleProfilesContents", testGetMDMAppleProfilesContents}, - {"TestAggregateMacOSSettingsStatusWithFileVault", testAggregateMacOSSettingsStatusWithFileVault}, - {"TestMDMAppleHostsProfilesStatus", testMDMAppleHostsProfilesStatus}, - {"TestMDMAppleIdPAccount", testMDMAppleIdPAccount}, - {"TestIgnoreMDMClientError", testDoNotIgnoreMDMClientError}, - {"TestDeleteMDMAppleProfilesForHost", testDeleteMDMAppleProfilesForHost}, - {"TestGetMDMAppleCommandResults", testGetMDMAppleCommandResults}, - {"TestBulkUpsertMDMAppleConfigProfiles", testBulkUpsertMDMAppleConfigProfile}, - {"TestMDMAppleBootstrapPackageCRUD", testMDMAppleBootstrapPackageCRUD}, - {"TestListMDMAppleCommands", testListMDMAppleCommands}, - {"TestMDMAppleSetupAssistant", testMDMAppleSetupAssistant}, - {"TestMDMAppleEnrollmentProfile", testMDMAppleEnrollmentProfile}, - {"TestListMDMAppleSerials", testListMDMAppleSerials}, - {"TestMDMAppleDefaultSetupAssistant", testMDMAppleDefaultSetupAssistant}, - {"TestSetVerifiedMacOSProfiles", testSetVerifiedMacOSProfiles}, - {"TestMDMAppleConfigProfileHash", testMDMAppleConfigProfileHash}, - {"TestMDMAppleResetEnrollment", testMDMAppleResetEnrollment}, - {"TestMDMAppleDeleteHostDEPAssignments", testMDMAppleDeleteHostDEPAssignments}, - {"LockUnlockWipeMacOS", testLockUnlockWipeMacOS}, - {"ScreenDEPAssignProfileSerialsForCooldown", testScreenDEPAssignProfileSerialsForCooldown}, - {"MDMAppleDDMDeclarationsToken", testMDMAppleDDMDeclarationsToken}, - {"MDMAppleSetPendingDeclarationsAs", testMDMAppleSetPendingDeclarationsAs}, - {"SetOrUpdateMDMAppleDeclaration", testSetOrUpdateMDMAppleDDMDeclaration}, - {"DEPAssignmentUpdates", testMDMAppleDEPAssignmentUpdates}, + // {"TestNewMDMAppleConfigProfileDuplicateName", testNewMDMAppleConfigProfileDuplicateName}, + // {"TestNewMDMAppleConfigProfileLabels", testNewMDMAppleConfigProfileLabels}, + // {"TestNewMDMAppleConfigProfileDuplicateIdentifier", testNewMDMAppleConfigProfileDuplicateIdentifier}, + // {"TestDeleteMDMAppleConfigProfile", testDeleteMDMAppleConfigProfile}, + // {"TestDeleteMDMAppleConfigProfileByTeamAndIdentifier", testDeleteMDMAppleConfigProfileByTeamAndIdentifier}, + // {"TestListMDMAppleConfigProfiles", testListMDMAppleConfigProfiles}, + // {"TestHostDetailsMDMProfiles", testHostDetailsMDMProfiles}, + // {"TestBatchSetMDMAppleProfiles", testBatchSetMDMAppleProfiles}, + // {"TestMDMAppleProfileManagement", testMDMAppleProfileManagement}, + // {"TestMDMAppleProfileManagementBatch2", testMDMAppleProfileManagementBatch2}, + // {"TestMDMAppleProfileManagementBatch3", testMDMAppleProfileManagementBatch3}, + // {"TestGetMDMAppleProfilesContents", testGetMDMAppleProfilesContents}, + // {"TestAggregateMacOSSettingsStatusWithFileVault", testAggregateMacOSSettingsStatusWithFileVault}, + // {"TestMDMAppleHostsProfilesStatus", testMDMAppleHostsProfilesStatus}, + // {"TestMDMAppleIdPAccount", testMDMAppleIdPAccount}, + // {"TestIgnoreMDMClientError", testDoNotIgnoreMDMClientError}, + // {"TestDeleteMDMAppleProfilesForHost", testDeleteMDMAppleProfilesForHost}, + // {"TestGetMDMAppleCommandResults", testGetMDMAppleCommandResults}, + // {"TestBulkUpsertMDMAppleConfigProfiles", testBulkUpsertMDMAppleConfigProfile}, + // {"TestMDMAppleBootstrapPackageCRUD", testMDMAppleBootstrapPackageCRUD}, + // {"TestListMDMAppleCommands", testListMDMAppleCommands}, + // {"TestMDMAppleSetupAssistant", testMDMAppleSetupAssistant}, + // {"TestMDMAppleEnrollmentProfile", testMDMAppleEnrollmentProfile}, + // {"TestListMDMAppleSerials", testListMDMAppleSerials}, + // {"TestMDMAppleDefaultSetupAssistant", testMDMAppleDefaultSetupAssistant}, + // {"TestSetVerifiedMacOSProfiles", testSetVerifiedMacOSProfiles}, + // {"TestMDMAppleConfigProfileHash", testMDMAppleConfigProfileHash}, + // {"TestMDMAppleResetEnrollment", testMDMAppleResetEnrollment}, + // {"TestMDMAppleDeleteHostDEPAssignments", testMDMAppleDeleteHostDEPAssignments}, + // {"LockUnlockWipeMacOS", testLockUnlockWipeMacOS}, + // {"ScreenDEPAssignProfileSerialsForCooldown", testScreenDEPAssignProfileSerialsForCooldown}, + // {"MDMAppleDDMDeclarationsToken", testMDMAppleDDMDeclarationsToken}, + // {"MDMAppleSetPendingDeclarationsAs", testMDMAppleSetPendingDeclarationsAs}, + // {"SetOrUpdateMDMAppleDeclaration", testSetOrUpdateMDMAppleDDMDeclaration}, + // {"DEPAssignmentUpdates", testMDMAppleDEPAssignmentUpdates}, + {"TestInsertMDMAsset", testInsertMDMAsset}, } for _, c := range cases { @@ -5497,3 +5498,25 @@ func createRawAppleCmd(reqType, cmdUUID string) string { `, reqType, cmdUUID) } + +func testInsertMDMAsset(t *testing.T, ds *Datastore) { + ctx := context.Background() + assets := []fleet.MDMConfigAsset{ + { + Name: fleet.MDMAssetCACert, + Value: []byte("some bytes"), + }, + { + Name: fleet.MDMAssetCAKey, + Value: []byte("some bytes"), + }, + } + + err := ds.InsertMDMConfigAssets(ctx, assets) + require.NoError(t, err) + + var a []fleet.MDMConfigAsset + + require.NoError(t, sqlx.SelectContext(ctx, ds.reader(ctx), &a, `SELECT name, value FROM mdm_config_assets`)) + require.Len(t, a, 2) +} diff --git a/server/fleet/datastore.go b/server/fleet/datastore.go index 32cd2f14c4..643df67787 100644 --- a/server/fleet/datastore.go +++ b/server/fleet/datastore.go @@ -1249,6 +1249,8 @@ type Datastore interface { // the provided value. MDMAppleSetPendingDeclarationsAs(ctx context.Context, hostUUID string, status *MDMDeliveryStatus, detail string) error + InsertMDMConfigAssets(ctx context.Context, assets []MDMConfigAsset) error + /////////////////////////////////////////////////////////////////////////////// // Microsoft MDM diff --git a/server/fleet/mdm.go b/server/fleet/mdm.go index 4323d79abf..a02f72e693 100644 --- a/server/fleet/mdm.go +++ b/server/fleet/mdm.go @@ -562,3 +562,8 @@ const ( // that can be used for the authentication process with the ABM API MDMAssetABMToken MDMAssetName = "abm_token" ) + +type MDMConfigAsset struct { + Name MDMAssetName `db:"name"` + Value []byte `db:"value"` +} From 93493d8ba38b2c0099a6c571414bfdf82d4f8be2 Mon Sep 17 00:00:00 2001 From: Jahziel Villasana-Espinoza Date: Thu, 23 May 2024 10:37:53 -0400 Subject: [PATCH 2/3] chore: generate mocks --- server/mock/datastore_mock.go | 12 ++++++++++++ 1 file changed, 12 insertions(+) diff --git a/server/mock/datastore_mock.go b/server/mock/datastore_mock.go index ee251dce6a..f760447715 100644 --- a/server/mock/datastore_mock.go +++ b/server/mock/datastore_mock.go @@ -821,6 +821,8 @@ type MDMAppleStoreDDMStatusReportFunc func(ctx context.Context, hostUUID string, type MDMAppleSetPendingDeclarationsAsFunc func(ctx context.Context, hostUUID string, status *fleet.MDMDeliveryStatus, detail string) error +type InsertMDMConfigAssetsFunc func(ctx context.Context, assets []fleet.MDMConfigAsset) error + type WSTEPStoreCertificateFunc func(ctx context.Context, name string, crt *x509.Certificate) error type WSTEPNewSerialFunc func(ctx context.Context) (*big.Int, error) @@ -2157,6 +2159,9 @@ type DataStore struct { MDMAppleSetPendingDeclarationsAsFunc MDMAppleSetPendingDeclarationsAsFunc MDMAppleSetPendingDeclarationsAsFuncInvoked bool + InsertMDMConfigAssetsFunc InsertMDMConfigAssetsFunc + InsertMDMConfigAssetsFuncInvoked bool + WSTEPStoreCertificateFunc WSTEPStoreCertificateFunc WSTEPStoreCertificateFuncInvoked bool @@ -5165,6 +5170,13 @@ func (s *DataStore) MDMAppleSetPendingDeclarationsAs(ctx context.Context, hostUU return s.MDMAppleSetPendingDeclarationsAsFunc(ctx, hostUUID, status, detail) } +func (s *DataStore) InsertMDMConfigAssets(ctx context.Context, assets []fleet.MDMConfigAsset) error { + s.mu.Lock() + s.InsertMDMConfigAssetsFuncInvoked = true + s.mu.Unlock() + return s.InsertMDMConfigAssetsFunc(ctx, assets) +} + func (s *DataStore) WSTEPStoreCertificate(ctx context.Context, name string, crt *x509.Certificate) error { s.mu.Lock() s.WSTEPStoreCertificateFuncInvoked = true From 1857f74113282da3b743fe659a3b6b98673504ec Mon Sep 17 00:00:00 2001 From: Jahziel Villasana-Espinoza Date: Thu, 23 May 2024 10:40:38 -0400 Subject: [PATCH 3/3] chore: uncomment test --- server/datastore/mysql/apple_mdm_test.go | 70 ++++++++++++------------ 1 file changed, 35 insertions(+), 35 deletions(-) diff --git a/server/datastore/mysql/apple_mdm_test.go b/server/datastore/mysql/apple_mdm_test.go index 541ee5153a..0c593974f4 100644 --- a/server/datastore/mysql/apple_mdm_test.go +++ b/server/datastore/mysql/apple_mdm_test.go @@ -39,41 +39,41 @@ func TestMDMApple(t *testing.T) { name string fn func(t *testing.T, ds *Datastore) }{ - // {"TestNewMDMAppleConfigProfileDuplicateName", testNewMDMAppleConfigProfileDuplicateName}, - // {"TestNewMDMAppleConfigProfileLabels", testNewMDMAppleConfigProfileLabels}, - // {"TestNewMDMAppleConfigProfileDuplicateIdentifier", testNewMDMAppleConfigProfileDuplicateIdentifier}, - // {"TestDeleteMDMAppleConfigProfile", testDeleteMDMAppleConfigProfile}, - // {"TestDeleteMDMAppleConfigProfileByTeamAndIdentifier", testDeleteMDMAppleConfigProfileByTeamAndIdentifier}, - // {"TestListMDMAppleConfigProfiles", testListMDMAppleConfigProfiles}, - // {"TestHostDetailsMDMProfiles", testHostDetailsMDMProfiles}, - // {"TestBatchSetMDMAppleProfiles", testBatchSetMDMAppleProfiles}, - // {"TestMDMAppleProfileManagement", testMDMAppleProfileManagement}, - // {"TestMDMAppleProfileManagementBatch2", testMDMAppleProfileManagementBatch2}, - // {"TestMDMAppleProfileManagementBatch3", testMDMAppleProfileManagementBatch3}, - // {"TestGetMDMAppleProfilesContents", testGetMDMAppleProfilesContents}, - // {"TestAggregateMacOSSettingsStatusWithFileVault", testAggregateMacOSSettingsStatusWithFileVault}, - // {"TestMDMAppleHostsProfilesStatus", testMDMAppleHostsProfilesStatus}, - // {"TestMDMAppleIdPAccount", testMDMAppleIdPAccount}, - // {"TestIgnoreMDMClientError", testDoNotIgnoreMDMClientError}, - // {"TestDeleteMDMAppleProfilesForHost", testDeleteMDMAppleProfilesForHost}, - // {"TestGetMDMAppleCommandResults", testGetMDMAppleCommandResults}, - // {"TestBulkUpsertMDMAppleConfigProfiles", testBulkUpsertMDMAppleConfigProfile}, - // {"TestMDMAppleBootstrapPackageCRUD", testMDMAppleBootstrapPackageCRUD}, - // {"TestListMDMAppleCommands", testListMDMAppleCommands}, - // {"TestMDMAppleSetupAssistant", testMDMAppleSetupAssistant}, - // {"TestMDMAppleEnrollmentProfile", testMDMAppleEnrollmentProfile}, - // {"TestListMDMAppleSerials", testListMDMAppleSerials}, - // {"TestMDMAppleDefaultSetupAssistant", testMDMAppleDefaultSetupAssistant}, - // {"TestSetVerifiedMacOSProfiles", testSetVerifiedMacOSProfiles}, - // {"TestMDMAppleConfigProfileHash", testMDMAppleConfigProfileHash}, - // {"TestMDMAppleResetEnrollment", testMDMAppleResetEnrollment}, - // {"TestMDMAppleDeleteHostDEPAssignments", testMDMAppleDeleteHostDEPAssignments}, - // {"LockUnlockWipeMacOS", testLockUnlockWipeMacOS}, - // {"ScreenDEPAssignProfileSerialsForCooldown", testScreenDEPAssignProfileSerialsForCooldown}, - // {"MDMAppleDDMDeclarationsToken", testMDMAppleDDMDeclarationsToken}, - // {"MDMAppleSetPendingDeclarationsAs", testMDMAppleSetPendingDeclarationsAs}, - // {"SetOrUpdateMDMAppleDeclaration", testSetOrUpdateMDMAppleDDMDeclaration}, - // {"DEPAssignmentUpdates", testMDMAppleDEPAssignmentUpdates}, + {"TestNewMDMAppleConfigProfileDuplicateName", testNewMDMAppleConfigProfileDuplicateName}, + {"TestNewMDMAppleConfigProfileLabels", testNewMDMAppleConfigProfileLabels}, + {"TestNewMDMAppleConfigProfileDuplicateIdentifier", testNewMDMAppleConfigProfileDuplicateIdentifier}, + {"TestDeleteMDMAppleConfigProfile", testDeleteMDMAppleConfigProfile}, + {"TestDeleteMDMAppleConfigProfileByTeamAndIdentifier", testDeleteMDMAppleConfigProfileByTeamAndIdentifier}, + {"TestListMDMAppleConfigProfiles", testListMDMAppleConfigProfiles}, + {"TestHostDetailsMDMProfiles", testHostDetailsMDMProfiles}, + {"TestBatchSetMDMAppleProfiles", testBatchSetMDMAppleProfiles}, + {"TestMDMAppleProfileManagement", testMDMAppleProfileManagement}, + {"TestMDMAppleProfileManagementBatch2", testMDMAppleProfileManagementBatch2}, + {"TestMDMAppleProfileManagementBatch3", testMDMAppleProfileManagementBatch3}, + {"TestGetMDMAppleProfilesContents", testGetMDMAppleProfilesContents}, + {"TestAggregateMacOSSettingsStatusWithFileVault", testAggregateMacOSSettingsStatusWithFileVault}, + {"TestMDMAppleHostsProfilesStatus", testMDMAppleHostsProfilesStatus}, + {"TestMDMAppleIdPAccount", testMDMAppleIdPAccount}, + {"TestIgnoreMDMClientError", testDoNotIgnoreMDMClientError}, + {"TestDeleteMDMAppleProfilesForHost", testDeleteMDMAppleProfilesForHost}, + {"TestGetMDMAppleCommandResults", testGetMDMAppleCommandResults}, + {"TestBulkUpsertMDMAppleConfigProfiles", testBulkUpsertMDMAppleConfigProfile}, + {"TestMDMAppleBootstrapPackageCRUD", testMDMAppleBootstrapPackageCRUD}, + {"TestListMDMAppleCommands", testListMDMAppleCommands}, + {"TestMDMAppleSetupAssistant", testMDMAppleSetupAssistant}, + {"TestMDMAppleEnrollmentProfile", testMDMAppleEnrollmentProfile}, + {"TestListMDMAppleSerials", testListMDMAppleSerials}, + {"TestMDMAppleDefaultSetupAssistant", testMDMAppleDefaultSetupAssistant}, + {"TestSetVerifiedMacOSProfiles", testSetVerifiedMacOSProfiles}, + {"TestMDMAppleConfigProfileHash", testMDMAppleConfigProfileHash}, + {"TestMDMAppleResetEnrollment", testMDMAppleResetEnrollment}, + {"TestMDMAppleDeleteHostDEPAssignments", testMDMAppleDeleteHostDEPAssignments}, + {"LockUnlockWipeMacOS", testLockUnlockWipeMacOS}, + {"ScreenDEPAssignProfileSerialsForCooldown", testScreenDEPAssignProfileSerialsForCooldown}, + {"MDMAppleDDMDeclarationsToken", testMDMAppleDDMDeclarationsToken}, + {"MDMAppleSetPendingDeclarationsAs", testMDMAppleSetPendingDeclarationsAs}, + {"SetOrUpdateMDMAppleDeclaration", testSetOrUpdateMDMAppleDDMDeclaration}, + {"DEPAssignmentUpdates", testMDMAppleDEPAssignmentUpdates}, {"TestInsertMDMAsset", testInsertMDMAsset}, }