diff --git a/cmd/fleetctl/preview.go b/cmd/fleetctl/preview.go index 1bd76d88b7..f54336409b 100644 --- a/cmd/fleetctl/preview.go +++ b/cmd/fleetctl/preview.go @@ -690,34 +690,33 @@ func killFromPIDFile(destDir string, pidFileName string, expectedExecName string func loadPolicies(client *service.Client) error { policies := []struct { - name, query, description, resolution string + name, query, description, resolution, platform string }{ { "Is Gatekeeper enabled on macOS devices?", "SELECT 1 FROM gatekeeper WHERE assessments_enabled = 1;", "Checks to make sure that the Gatekeeper feature is enabled on macOS devices. Gatekeeper tries to ensure only trusted software is run on a mac machine.", "Run the following command in the Terminal app: /usr/sbin/spctl --master-enable", + "darwin", }, { "Is disk encryption enabled on Windows devices?", "SELECT 1 FROM bitlocker_info where protection_status = 1;", "Checks to make sure that device encryption is enabled on Windows devices.", "Option 1: Select the Start button. Select Settings > Update & Security > Device encryption. If Device encryption doesn't appear, skip to Option 2. If device encryption is turned off, select Turn on. Option 2: Select the Start button. Under Windows System, select Control Panel. Select System and Security. Under BitLocker Drive Encryption, select Manage BitLocker. Select Turn on BitLocker and then follow the instructions.", + "windows", }, { "Is Filevault enabled on macOS devices?", `SELECT 1 FROM disk_encryption WHERE user_uuid IS NOT "" AND filevault_status = 'on' LIMIT 1;`, "Checks to make sure that the Filevault feature is enabled on macOS devices.", "Choose Apple menu > System Preferences, then click Security & Privacy. Click the FileVault tab. Click the Lock icon, then enter an administrator name and password. Click Turn On FileVault.", + "darwin", }, } for _, policy := range policies { - q, err := client.CreateQuery(policy.name, policy.query, policy.description) - if err != nil { - return fmt.Errorf("creating query: %w", err) - } - err = client.CreatePolicy(&q.ID, policy.resolution) + err := client.CreateGlobalPolicy(policy.name, policy.query, policy.description, policy.resolution, policy.platform) if err != nil { return fmt.Errorf("creating policy: %w", err) } diff --git a/server/service/client_policies.go b/server/service/client_policies.go index 0788d7b990..9a443c4612 100644 --- a/server/service/client_policies.go +++ b/server/service/client_policies.go @@ -1,9 +1,12 @@ package service -func (c *Client) CreatePolicy(queryID *uint, resolution string) error { +func (c *Client) CreateGlobalPolicy(name, query, description, resolution, platform string) error { req := globalPolicyRequest{ - QueryID: queryID, - Resolution: resolution, + Name: name, + Query: query, + Description: description, + Resolution: resolution, + Platform: platform, } verb, path := "POST", "/api/v1/fleet/global/policies" var responseBody globalPolicyResponse diff --git a/server/service/global_policies.go b/server/service/global_policies.go index c3c4b55c4a..d66e777342 100644 --- a/server/service/global_policies.go +++ b/server/service/global_policies.go @@ -21,7 +21,7 @@ type globalPolicyRequest struct { Name string `json:"name"` Description string `json:"description"` Resolution string `json:"resolution"` - Platforms string `json:"platforms"` + Platform string `json:"platform"` } type globalPolicyResponse struct { @@ -39,7 +39,7 @@ func globalPolicyEndpoint(ctx context.Context, request interface{}, svc fleet.Se Name: req.Name, Description: req.Description, Resolution: req.Resolution, - Platform: req.Platforms, + Platform: req.Platform, }) if err != nil { return globalPolicyResponse{Err: err}, nil diff --git a/server/service/integration_core_test.go b/server/service/integration_core_test.go index 72d829f27d..3f499c0954 100644 --- a/server/service/integration_core_test.go +++ b/server/service/integration_core_test.go @@ -793,7 +793,7 @@ func (s *integrationTestSuite) TestGlobalPoliciesProprietary() { Query: "select * from osquery;", Description: "Some description", Resolution: "some global resolution", - Platforms: "darwin", + Platform: "darwin", } gpResp := globalPolicyResponse{} s.DoJSON("POST", "/api/v1/fleet/global/policies", gpParams, http.StatusOK, &gpResp) @@ -909,7 +909,7 @@ func (s *integrationTestSuite) TestTeamPoliciesProprietary() { Query: "select * from osquery;", Description: "Some description", Resolution: "some team resolution", - Platforms: "darwin", + Platform: "darwin", } tpResp := teamPolicyResponse{} s.DoJSON("POST", fmt.Sprintf("/api/v1/fleet/teams/%d/policies", team1.ID), tpParams, http.StatusOK, &tpResp) @@ -1060,10 +1060,10 @@ func (s *integrationTestSuite) TestTeamPoliciesProprietaryInvalid() { } { t.Run(tc.tname, func(t *testing.T) { tpReq := teamPolicyRequest{ - QueryID: tc.queryID, - Name: tc.name, - Query: tc.query, - Platforms: tc.platforms, + QueryID: tc.queryID, + Name: tc.name, + Query: tc.query, + Platform: tc.platforms, } tpResp := teamPolicyResponse{} s.DoJSON("POST", fmt.Sprintf("/api/v1/fleet/teams/%d/policies", team1.ID), tpReq, http.StatusBadRequest, &tpResp) @@ -1084,10 +1084,10 @@ func (s *integrationTestSuite) TestTeamPoliciesProprietaryInvalid() { } gpReq := globalPolicyRequest{ - QueryID: tc.queryID, - Name: tc.name, - Query: tc.query, - Platforms: tc.platforms, + QueryID: tc.queryID, + Name: tc.name, + Query: tc.query, + Platform: tc.platforms, } gpResp := globalPolicyResponse{} s.DoJSON("POST", "/api/v1/fleet/global/policies", gpReq, http.StatusBadRequest, &gpResp) diff --git a/server/service/team_policies.go b/server/service/team_policies.go index f70246981a..b7ddc6a730 100644 --- a/server/service/team_policies.go +++ b/server/service/team_policies.go @@ -23,7 +23,7 @@ type teamPolicyRequest struct { Name string `json:"name"` Description string `json:"description"` Resolution string `json:"resolution"` - Platforms string `json:"platforms"` + Platform string `json:"platform"` } type teamPolicyResponse struct { @@ -41,7 +41,7 @@ func teamPolicyEndpoint(ctx context.Context, request interface{}, svc fleet.Serv Query: req.Query, Description: req.Description, Resolution: req.Resolution, - Platform: req.Platforms, + Platform: req.Platform, }) if err != nil { return teamPolicyResponse{Err: err}, nil