allow to start Fleet MDM without configuring Apple BM (#10453)

Related to https://github.com/fleetdm/fleet/issues/10299, this allows to start the Fleet server with MDM enabled without having to provide ABM configs. I have tested this with: 1. Premium account, no ABM config: the server starts normally, but without ABM features 2. Premium account, invalid ABM config: error starting the server 3. Premium account, valid ABM config: ABM features enabled 4. Free account, no ABM config: the server starts normally 5. Free account, any ABM config: error due to invalid license
2026-05-23 08:58:41 +00:00 · 2023-03-13 18:16:11 -03:00 · 2023-03-13 18:16:11 -03:00 · 61f276fe44
commit 61f276fe44
parent ce5a1b44cd
3 changed files with 26 additions and 16 deletions
--- a/changes/10299-mdm-no-abm
+++ b/changes/10299-mdm-no-abm
@ -0,0 +1 @@
+* Fixed a bug that prevented starting the Fleet server with MDM features if Apple Business Manager (ABM) was not configured.
--- a/cmd/fleet/serve.go
+++ b/cmd/fleet/serve.go
@ -527,13 +527,6 @@ the way that the Fleet server works.
 					initFatal(errors.New("Apple APNs and SCEP configuration must be provided to enable MDM"), "validate Apple MDM")
 				}

-				// TODO: for now (dogfood), Apple BM must be set when MDM is enabled,
-				// but when the MDM will be production-ready, Apple BM will be
-				// optional.
-				if !config.MDM.IsAppleBMSet() {
-					initFatal(errors.New("Apple BM configuration must be provided to enable MDM"), "validate Apple MDM")
-				}
-
 				scepStorage, err = mds.NewSCEPDepot(appleSCEPCertPEM, appleSCEPKeyPEM)
 				if err != nil {
 					initFatal(err, "initialize mdm apple scep storage")
@ -678,10 +671,13 @@ the way that the Fleet server works.
 			}

 			if config.MDMApple.Enable {
-				if err := cronSchedules.StartCronSchedule(func() (fleet.CronSchedule, error) {
-					return newAppleMDMDEPProfileAssigner(ctx, instanceID, config.MDMApple.DEP.SyncPeriodicity, ds, depStorage, logger, config.Logging.Debug)
-				}); err != nil {
-					initFatal(err, "failed to register apple_mdm_dep_profile_assigner schedule")
+
+				if license.IsPremium() && config.MDM.IsAppleBMSet() {
+					if err := cronSchedules.StartCronSchedule(func() (fleet.CronSchedule, error) {
+						return newAppleMDMDEPProfileAssigner(ctx, instanceID, config.MDMApple.DEP.SyncPeriodicity, ds, depStorage, logger, config.Logging.Debug)
+					}); err != nil {
+						initFatal(err, "failed to register apple_mdm_dep_profile_assigner schedule")
+					}
 				}
 				if err := cronSchedules.StartCronSchedule(func() (fleet.CronSchedule, error) {
 					return newMDMAppleProfileManager(
--- a/frontend/pages/admin/IntegrationsPage/cards/MdmSettings/MdmSettings.tsx
+++ b/frontend/pages/admin/IntegrationsPage/cards/MdmSettings/MdmSettings.tsx
@ -1,6 +1,7 @@
 import React, { useContext, useState } from "react";
 import { useQuery } from "react-query";
 import FileSaver from "file-saver";
+import { AxiosError } from "axios";

 import { AppContext } from "context/app";
 import { NotificationContext } from "context/notification";
@ -39,11 +40,12 @@ const Mdm = (): JSX.Element => {
    data: appleAPNInfo,
    isLoading: isLoadingMdmApple,
    error: errorMdmApple,
-  } = useQuery<IMdmApple, Error, IMdmApple>(
+  } = useQuery<IMdmApple, AxiosError, IMdmApple>(
    ["appleAPNInfo"],
    () => mdmAppleAPI.getAppleAPNInfo(),
    {
-      enabled: isPremiumTier && config?.mdm.enabled_and_configured,
+      retry: (tries, error) => error.status !== 404 && tries <= 3,
+      enabled: config?.mdm.enabled_and_configured,
      staleTime: 5000,
    }
  );
@ -52,10 +54,11 @@ const Mdm = (): JSX.Element => {
    data: mdmAppleBm,
    isLoading: isLoadingMdmAppleBm,
    error: errorMdmAppleBm,
-  } = useQuery<IMdmAppleBm, Error, IMdmAppleBm>(
+  } = useQuery<IMdmAppleBm, AxiosError, IMdmAppleBm>(
    ["mdmAppleBmAPI"],
    () => mdmAppleBmAPI.getAppleBMInfo(),
    {
+      retry: (tries, error) => error.status !== 404 && tries <= 3,
      enabled: isPremiumTier && config?.mdm.enabled_and_configured,
      staleTime: 5000,
      onSuccess: (appleBmData) => {
@ -125,8 +128,13 @@ const Mdm = (): JSX.Element => {
    return false;
  };

+  // The API returns a 404 error if APNs is not configured yet, in that case we
+  // want to prompt the user to download the certs and keys to configure the
+  // server instead of the default error message.
+  const showMdmAppleError = errorMdmApple && errorMdmApple.status !== 404;
+
  const renderMdmAppleSection = () => {
-    if (errorMdmApple) {
+    if (showMdmAppleError) {
      return <DataError />;
    }

@ -195,8 +203,13 @@ const Mdm = (): JSX.Element => {
    );
  };

+  // The API returns a 404 error if ABM is not configured yet, in that case we
+  // want to prompt the user to download the certs and keys to configure the
+  // server instead of the default error message.
+  const showMdmAppleBmError = errorMdmAppleBm && errorMdmAppleBm.status !== 404;
+
  const renderMdmAppleBm = () => {
-    if (errorMdmAppleBm) {
+    if (showMdmAppleBmError) {
      return <DataError />;
    }
				`@ -0,0 +1 @@`
				`* Fixed a bug that prevented starting the Fleet server with MDM features if Apple Business Manager (ABM) was not configured.`