From 73222541da0e724c51988f7e9fb8afbd92f8b7bc Mon Sep 17 00:00:00 2001 From: Martin Angers Date: Wed, 4 Sep 2024 15:17:32 -0400 Subject: [PATCH] MABM: fix non-integrations skipped tests part 2 (#21805) --- cmd/fleetctl/gitops_test.go | 24 +++---- server/fleet/app.go | 14 ++-- server/fleet/vpp.go | 7 +- server/service/appconfig.go | 8 +-- server/service/appconfig_test.go | 64 ++++++++++++------- server/service/endpoint_utils.go | 13 ++-- server/service/handler_test.go | 6 +- server/service/mdm_test.go | 12 +++- server/service/vpp_test.go | 27 +++++--- .../generated_files/appconfig.txt | 2 +- 10 files changed, 108 insertions(+), 69 deletions(-) diff --git a/cmd/fleetctl/gitops_test.go b/cmd/fleetctl/gitops_test.go index 57c5b0d391..ba4124f4e0 100644 --- a/cmd/fleetctl/gitops_test.go +++ b/cmd/fleetctl/gitops_test.go @@ -1843,13 +1843,13 @@ software: tokens: []*fleet.ABMToken{{OrganizationName: "Fleet Device Management Inc."}}, dryRunAssertion: func(t *testing.T, appCfg *fleet.AppConfig, ds fleet.Datastore, out string, err error) { assert.NoError(t, err) - assert.Empty(t, appCfg.MDM.AppleBussinessManager.Value) + assert.Empty(t, appCfg.MDM.AppleBusinessManager.Value) assert.Empty(t, appCfg.MDM.DeprecatedAppleBMDefaultTeam) assert.Contains(t, out, "[!] gitops dry run succeeded") }, realRunAssertion: func(t *testing.T, appCfg *fleet.AppConfig, ds fleet.Datastore, out string, err error) { assert.NoError(t, err) - assert.Empty(t, appCfg.MDM.AppleBussinessManager.Value) + assert.Empty(t, appCfg.MDM.AppleBusinessManager.Value) assert.Equal(t, appCfg.MDM.DeprecatedAppleBMDefaultTeam, "💻 Workstations") assert.Contains(t, out, "[!] gitops succeeded") }, @@ -1889,7 +1889,7 @@ software: }, dryRunAssertion: func(t *testing.T, appCfg *fleet.AppConfig, ds fleet.Datastore, out string, err error) { assert.NoError(t, err) - assert.Empty(t, appCfg.MDM.AppleBussinessManager.Value) + assert.Empty(t, appCfg.MDM.AppleBusinessManager.Value) assert.Empty(t, appCfg.MDM.DeprecatedAppleBMDefaultTeam) assert.Contains(t, out, "[!] gitops dry run succeeded") }, @@ -1898,7 +1898,7 @@ software: assert.Empty(t, appCfg.MDM.DeprecatedAppleBMDefaultTeam) assert.ElementsMatch( t, - appCfg.MDM.AppleBussinessManager.Value, + appCfg.MDM.AppleBusinessManager.Value, []fleet.MDMAppleABMAssignmentInfo{ { OrganizationName: "Fleet Device Management Inc.", @@ -1930,7 +1930,7 @@ software: }, dryRunAssertion: func(t *testing.T, appCfg *fleet.AppConfig, ds fleet.Datastore, out string, err error) { assert.NoError(t, err) - assert.Empty(t, appCfg.MDM.AppleBussinessManager.Value) + assert.Empty(t, appCfg.MDM.AppleBusinessManager.Value) assert.Empty(t, appCfg.MDM.DeprecatedAppleBMDefaultTeam) assert.Contains(t, out, "[!] gitops dry run succeeded") }, @@ -1939,7 +1939,7 @@ software: assert.Empty(t, appCfg.MDM.DeprecatedAppleBMDefaultTeam) assert.ElementsMatch( t, - appCfg.MDM.AppleBussinessManager.Value, + appCfg.MDM.AppleBusinessManager.Value, []fleet.MDMAppleABMAssignmentInfo{ { OrganizationName: "Fleet Device Management Inc.", @@ -2012,7 +2012,7 @@ software: }, dryRunAssertion: func(t *testing.T, appCfg *fleet.AppConfig, ds fleet.Datastore, out string, err error) { assert.NoError(t, err) - assert.Empty(t, appCfg.MDM.AppleBussinessManager.Value) + assert.Empty(t, appCfg.MDM.AppleBusinessManager.Value) assert.Empty(t, appCfg.MDM.DeprecatedAppleBMDefaultTeam) assert.Contains(t, out, "[!] gitops dry run succeeded") }, @@ -2021,7 +2021,7 @@ software: assert.Empty(t, appCfg.MDM.DeprecatedAppleBMDefaultTeam) assert.ElementsMatch( t, - appCfg.MDM.AppleBussinessManager.Value, + appCfg.MDM.AppleBusinessManager.Value, []fleet.MDMAppleABMAssignmentInfo{ { OrganizationName: "Fleet Device Management Inc.", @@ -2045,7 +2045,7 @@ software: }, dryRunAssertion: func(t *testing.T, appCfg *fleet.AppConfig, ds fleet.Datastore, out string, err error) { assert.NoError(t, err) - assert.Empty(t, appCfg.MDM.AppleBussinessManager.Value) + assert.Empty(t, appCfg.MDM.AppleBusinessManager.Value) assert.Empty(t, appCfg.MDM.DeprecatedAppleBMDefaultTeam) assert.Contains(t, out, "[!] gitops dry run succeeded") }, @@ -2054,7 +2054,7 @@ software: assert.Empty(t, appCfg.MDM.DeprecatedAppleBMDefaultTeam) assert.ElementsMatch( t, - appCfg.MDM.AppleBussinessManager.Value, + appCfg.MDM.AppleBusinessManager.Value, []fleet.MDMAppleABMAssignmentInfo{ { OrganizationName: "Fleet Device Management Inc.", @@ -2078,13 +2078,13 @@ software: tokens: []*fleet.ABMToken{{OrganizationName: "Fleet Device Management Inc."}}, dryRunAssertion: func(t *testing.T, appCfg *fleet.AppConfig, ds fleet.Datastore, out string, err error) { assert.ErrorContains(t, err, "token with organization name Does not exist doesn't exist") - assert.Empty(t, appCfg.MDM.AppleBussinessManager.Value) + assert.Empty(t, appCfg.MDM.AppleBusinessManager.Value) assert.Empty(t, appCfg.MDM.DeprecatedAppleBMDefaultTeam) assert.NotContains(t, out, "[!] gitops dry run succeeded") }, realRunAssertion: func(t *testing.T, appCfg *fleet.AppConfig, ds fleet.Datastore, out string, err error) { assert.ErrorContains(t, err, "token with organization name Does not exist doesn't exist") - assert.Empty(t, appCfg.MDM.AppleBussinessManager.Value) + assert.Empty(t, appCfg.MDM.AppleBusinessManager.Value) assert.Empty(t, appCfg.MDM.DeprecatedAppleBMDefaultTeam) assert.NotContains(t, out, "[!] gitops dry run succeeded") }, diff --git a/server/fleet/app.go b/server/fleet/app.go index 3812c6d450..0d3b59d295 100644 --- a/server/fleet/app.go +++ b/server/fleet/app.go @@ -142,9 +142,9 @@ type MDM struct { // Deprecated: use AppleBussinessManager instead DeprecatedAppleBMDefaultTeam string `json:"apple_bm_default_team,omitempty"` - // AppleBussinessManager defines the associations between ABM tokens + // AppleBusinessManager defines the associations between ABM tokens // and the teams used to assign hosts when they're ingested from ABM. - AppleBussinessManager optjson.Slice[MDMAppleABMAssignmentInfo] `json:"apple_business_manager"` + AppleBusinessManager optjson.Slice[MDMAppleABMAssignmentInfo] `json:"apple_business_manager"` // AppleBMEnabledAndConfigured is set to true if Fleet has been // configured with the required Apple BM key pair or token. It can't be set @@ -635,12 +635,12 @@ func (c *AppConfig) Copy() *AppConfig { clone.MDM.WindowsSettings.CustomSettings = optjson.SetSlice(windowsSettings) } - if c.MDM.AppleBussinessManager.Set { - abm := make([]MDMAppleABMAssignmentInfo, len(c.MDM.AppleBussinessManager.Value)) - for i, s := range c.MDM.AppleBussinessManager.Value { + if c.MDM.AppleBusinessManager.Set { + abm := make([]MDMAppleABMAssignmentInfo, len(c.MDM.AppleBusinessManager.Value)) + for i, s := range c.MDM.AppleBusinessManager.Value { abm[i] = s } - clone.MDM.AppleBussinessManager = optjson.SetSlice(abm) + clone.MDM.AppleBusinessManager = optjson.SetSlice(abm) } @@ -878,7 +878,7 @@ func (c AppConfig) MarshalJSON() ([]byte, error) { if !c.MDM.MacOSSetup.EnableReleaseDeviceManually.Valid { c.MDM.MacOSSetup.EnableReleaseDeviceManually = optjson.SetBool(false) } - if c.MDM.AppleBussinessManager.Set { + if c.MDM.AppleBusinessManager.Set { c.MDM.DeprecatedAppleBMDefaultTeam = "" } type aliasConfig AppConfig diff --git a/server/fleet/vpp.go b/server/fleet/vpp.go index a9fa8ae451..8c5dafa15a 100644 --- a/server/fleet/vpp.go +++ b/server/fleet/vpp.go @@ -32,8 +32,11 @@ type VPPApp struct { Name string `db:"name" json:"name"` // LatestVersion is the latest version of this app. LatestVersion string `db:"latest_version" json:"latest_version"` - TeamID *uint `db:"-" json:"-"` - TitleID uint `db:"title_id" json:"-"` + // TeamID is used for authorization, it must be json serialized to be available + // to the rego script. We don't set it outside authorization anyway, so it + // won't render otherwise. + TeamID *uint `db:"-" json:"team_id,omitempty"` + TitleID uint `db:"title_id" json:"-"` CreatedAt time.Time `db:"created_at" json:"-"` UpdatedAt time.Time `db:"updated_at" json:"-"` diff --git a/server/service/appconfig.go b/server/service/appconfig.go index d8289a9dae..a130798754 100644 --- a/server/service/appconfig.go +++ b/server/service/appconfig.go @@ -545,7 +545,7 @@ func (svc *Service) ModifyAppConfig(ctx context.Context, p []byte, applyOpts fle } } - if appConfig.MDM.AppleBussinessManager.Set || appConfig.MDM.DeprecatedAppleBMDefaultTeam != "" { + if appConfig.MDM.AppleBusinessManager.Set || appConfig.MDM.DeprecatedAppleBMDefaultTeam != "" { for _, tok := range abmAssignments { if err := svc.ds.SaveABMToken(ctx, tok); err != nil { return nil, ctxerr.Wrap(ctx, err, "saving ABM token assignments") @@ -970,7 +970,7 @@ func (svc *Service) validateABMAssignments( invalid *fleet.InvalidArgumentError, license *fleet.LicenseInfo, ) ([]*fleet.ABMToken, error) { - if mdm.DeprecatedAppleBMDefaultTeam != "" && mdm.AppleBussinessManager.Set && mdm.AppleBussinessManager.Valid { + if mdm.DeprecatedAppleBMDefaultTeam != "" && mdm.AppleBusinessManager.Set && mdm.AppleBusinessManager.Valid { invalid.Append("mdm.apple_bm_default_team", fleet.AppleABMDefaultTeamDeprecatedMessage) return nil, nil } @@ -1008,7 +1008,7 @@ func (svc *Service) validateABMAssignments( return []*fleet.ABMToken{tok}, nil } - if mdm.AppleBussinessManager.Set && mdm.AppleBussinessManager.Valid { + if mdm.AppleBusinessManager.Set && mdm.AppleBusinessManager.Valid { if !license.IsPremium() { invalid.Append("mdm.apple_business_manager", ErrMissingLicense.Error()) return nil, nil @@ -1040,7 +1040,7 @@ func (svc *Service) validateABMAssignments( } var tokensToSave []*fleet.ABMToken - for _, bm := range mdm.AppleBussinessManager.Value { + for _, bm := range mdm.AppleBusinessManager.Value { for _, tmName := range []string{bm.MacOSTeam, bm.IOSTeam, bm.IpadOSTeam} { if _, ok := teamsByName[norm.NFC.String(tmName)]; !ok { invalid.Appendf("mdm.apple_business_manager", "team %s doesn't exist", tmName) diff --git a/server/service/appconfig_test.go b/server/service/appconfig_test.go index 67173e1942..0fb0d318d2 100644 --- a/server/service/appconfig_test.go +++ b/server/service/appconfig_test.go @@ -827,8 +827,6 @@ func TestTransparencyURLDowngradeLicense(t *testing.T) { } func TestMDMAppleConfig(t *testing.T) { - // FIXME - t.Skip() ds := new(mock.Store) depStorage := new(nanodep_mock.Storage) @@ -860,11 +858,13 @@ func TestMDMAppleConfig(t *testing.T) { name: "nochange", licenseTier: "free", expectedMDM: fleet.MDM{ - MacOSSetup: fleet.MacOSSetup{BootstrapPackage: optjson.String{Set: true}, MacOSSetupAssistant: optjson.String{Set: true}, EnableReleaseDeviceManually: optjson.SetBool(false)}, - MacOSUpdates: fleet.AppleOSUpdateSettings{MinimumVersion: optjson.String{Set: true}, Deadline: optjson.String{Set: true}}, - IOSUpdates: fleet.AppleOSUpdateSettings{MinimumVersion: optjson.String{Set: true}, Deadline: optjson.String{Set: true}}, - IPadOSUpdates: fleet.AppleOSUpdateSettings{MinimumVersion: optjson.String{Set: true}, Deadline: optjson.String{Set: true}}, - WindowsUpdates: fleet.WindowsUpdates{DeadlineDays: optjson.Int{Set: true}, GracePeriodDays: optjson.Int{Set: true}}, + AppleBusinessManager: optjson.Slice[fleet.MDMAppleABMAssignmentInfo]{Set: true, Value: []fleet.MDMAppleABMAssignmentInfo{}}, + MacOSSetup: fleet.MacOSSetup{BootstrapPackage: optjson.String{Set: true}, MacOSSetupAssistant: optjson.String{Set: true}, EnableReleaseDeviceManually: optjson.SetBool(false)}, + MacOSUpdates: fleet.AppleOSUpdateSettings{MinimumVersion: optjson.String{Set: true}, Deadline: optjson.String{Set: true}}, + IOSUpdates: fleet.AppleOSUpdateSettings{MinimumVersion: optjson.String{Set: true}, Deadline: optjson.String{Set: true}}, + IPadOSUpdates: fleet.AppleOSUpdateSettings{MinimumVersion: optjson.String{Set: true}, Deadline: optjson.String{Set: true}}, + VolumePurchasingProgram: optjson.Slice[fleet.MDMAppleVolumePurchasingProgramInfo]{Set: true, Value: []fleet.MDMAppleVolumePurchasingProgramInfo{}}, + WindowsUpdates: fleet.WindowsUpdates{DeadlineDays: optjson.Int{Set: true}, GracePeriodDays: optjson.Int{Set: true}}, WindowsSettings: fleet.WindowsSettings{ CustomSettings: optjson.Slice[fleet.MDMProfileSpec]{Set: true, Value: []fleet.MDMProfileSpec{}}, }, @@ -891,11 +891,13 @@ func TestMDMAppleConfig(t *testing.T) { findTeam: true, newMDM: fleet.MDM{DeprecatedAppleBMDefaultTeam: "foobar"}, expectedMDM: fleet.MDM{ + AppleBusinessManager: optjson.Slice[fleet.MDMAppleABMAssignmentInfo]{Set: true, Value: []fleet.MDMAppleABMAssignmentInfo{}}, DeprecatedAppleBMDefaultTeam: "foobar", MacOSSetup: fleet.MacOSSetup{BootstrapPackage: optjson.String{Set: true}, MacOSSetupAssistant: optjson.String{Set: true}, EnableReleaseDeviceManually: optjson.SetBool(false)}, MacOSUpdates: fleet.AppleOSUpdateSettings{MinimumVersion: optjson.String{Set: true}, Deadline: optjson.String{Set: true}}, IOSUpdates: fleet.AppleOSUpdateSettings{MinimumVersion: optjson.String{Set: true}, Deadline: optjson.String{Set: true}}, IPadOSUpdates: fleet.AppleOSUpdateSettings{MinimumVersion: optjson.String{Set: true}, Deadline: optjson.String{Set: true}}, + VolumePurchasingProgram: optjson.Slice[fleet.MDMAppleVolumePurchasingProgramInfo]{Set: true, Value: []fleet.MDMAppleVolumePurchasingProgramInfo{}}, WindowsUpdates: fleet.WindowsUpdates{DeadlineDays: optjson.Int{Set: true}, GracePeriodDays: optjson.Int{Set: true}}, WindowsSettings: fleet.WindowsSettings{ CustomSettings: optjson.Slice[fleet.MDMProfileSpec]{Set: true, Value: []fleet.MDMProfileSpec{}}, @@ -908,11 +910,13 @@ func TestMDMAppleConfig(t *testing.T) { oldMDM: fleet.MDM{DeprecatedAppleBMDefaultTeam: "bar"}, newMDM: fleet.MDM{DeprecatedAppleBMDefaultTeam: "foobar"}, expectedMDM: fleet.MDM{ + AppleBusinessManager: optjson.Slice[fleet.MDMAppleABMAssignmentInfo]{Set: true, Value: []fleet.MDMAppleABMAssignmentInfo{}}, DeprecatedAppleBMDefaultTeam: "foobar", MacOSSetup: fleet.MacOSSetup{BootstrapPackage: optjson.String{Set: true}, MacOSSetupAssistant: optjson.String{Set: true}, EnableReleaseDeviceManually: optjson.SetBool(false)}, MacOSUpdates: fleet.AppleOSUpdateSettings{MinimumVersion: optjson.String{Set: true}, Deadline: optjson.String{Set: true}}, IOSUpdates: fleet.AppleOSUpdateSettings{MinimumVersion: optjson.String{Set: true}, Deadline: optjson.String{Set: true}}, IPadOSUpdates: fleet.AppleOSUpdateSettings{MinimumVersion: optjson.String{Set: true}, Deadline: optjson.String{Set: true}}, + VolumePurchasingProgram: optjson.Slice[fleet.MDMAppleVolumePurchasingProgramInfo]{Set: true, Value: []fleet.MDMAppleVolumePurchasingProgramInfo{}}, WindowsUpdates: fleet.WindowsUpdates{DeadlineDays: optjson.Int{Set: true}, GracePeriodDays: optjson.Int{Set: true}}, WindowsSettings: fleet.WindowsSettings{ CustomSettings: optjson.Slice[fleet.MDMProfileSpec]{Set: true, Value: []fleet.MDMProfileSpec{}}, @@ -931,12 +935,14 @@ func TestMDMAppleConfig(t *testing.T) { newMDM: fleet.MDM{EndUserAuthentication: fleet.MDMEndUserAuthentication{SSOProviderSettings: fleet.SSOProviderSettings{EntityID: "foo"}}}, oldMDM: fleet.MDM{EndUserAuthentication: fleet.MDMEndUserAuthentication{SSOProviderSettings: fleet.SSOProviderSettings{EntityID: "foo"}}}, expectedMDM: fleet.MDM{ - EndUserAuthentication: fleet.MDMEndUserAuthentication{SSOProviderSettings: fleet.SSOProviderSettings{EntityID: "foo"}}, - MacOSSetup: fleet.MacOSSetup{BootstrapPackage: optjson.String{Set: true}, MacOSSetupAssistant: optjson.String{Set: true}, EnableReleaseDeviceManually: optjson.SetBool(false)}, - MacOSUpdates: fleet.AppleOSUpdateSettings{MinimumVersion: optjson.String{Set: true}, Deadline: optjson.String{Set: true}}, - IOSUpdates: fleet.AppleOSUpdateSettings{MinimumVersion: optjson.String{Set: true}, Deadline: optjson.String{Set: true}}, - IPadOSUpdates: fleet.AppleOSUpdateSettings{MinimumVersion: optjson.String{Set: true}, Deadline: optjson.String{Set: true}}, - WindowsUpdates: fleet.WindowsUpdates{DeadlineDays: optjson.Int{Set: true}, GracePeriodDays: optjson.Int{Set: true}}, + AppleBusinessManager: optjson.Slice[fleet.MDMAppleABMAssignmentInfo]{Set: true, Value: []fleet.MDMAppleABMAssignmentInfo{}}, + EndUserAuthentication: fleet.MDMEndUserAuthentication{SSOProviderSettings: fleet.SSOProviderSettings{EntityID: "foo"}}, + MacOSSetup: fleet.MacOSSetup{BootstrapPackage: optjson.String{Set: true}, MacOSSetupAssistant: optjson.String{Set: true}, EnableReleaseDeviceManually: optjson.SetBool(false)}, + MacOSUpdates: fleet.AppleOSUpdateSettings{MinimumVersion: optjson.String{Set: true}, Deadline: optjson.String{Set: true}}, + IOSUpdates: fleet.AppleOSUpdateSettings{MinimumVersion: optjson.String{Set: true}, Deadline: optjson.String{Set: true}}, + IPadOSUpdates: fleet.AppleOSUpdateSettings{MinimumVersion: optjson.String{Set: true}, Deadline: optjson.String{Set: true}}, + VolumePurchasingProgram: optjson.Slice[fleet.MDMAppleVolumePurchasingProgramInfo]{Set: true, Value: []fleet.MDMAppleVolumePurchasingProgramInfo{}}, + WindowsUpdates: fleet.WindowsUpdates{DeadlineDays: optjson.Int{Set: true}, GracePeriodDays: optjson.Int{Set: true}}, WindowsSettings: fleet.WindowsSettings{ CustomSettings: optjson.Slice[fleet.MDMProfileSpec]{Set: true, Value: []fleet.MDMProfileSpec{}}, }, @@ -952,17 +958,19 @@ func TestMDMAppleConfig(t *testing.T) { IDPName: "onelogin", }}}, expectedMDM: fleet.MDM{ + AppleBusinessManager: optjson.Slice[fleet.MDMAppleABMAssignmentInfo]{Set: true, Value: []fleet.MDMAppleABMAssignmentInfo{}}, EndUserAuthentication: fleet.MDMEndUserAuthentication{SSOProviderSettings: fleet.SSOProviderSettings{ EntityID: "fleet", IssuerURI: "http://issuer.idp.com", MetadataURL: "http://isser.metadata.com", IDPName: "onelogin", }}, - MacOSSetup: fleet.MacOSSetup{BootstrapPackage: optjson.String{Set: true}, MacOSSetupAssistant: optjson.String{Set: true}, EnableReleaseDeviceManually: optjson.SetBool(false)}, - MacOSUpdates: fleet.AppleOSUpdateSettings{MinimumVersion: optjson.String{Set: true}, Deadline: optjson.String{Set: true}}, - IOSUpdates: fleet.AppleOSUpdateSettings{MinimumVersion: optjson.String{Set: true}, Deadline: optjson.String{Set: true}}, - IPadOSUpdates: fleet.AppleOSUpdateSettings{MinimumVersion: optjson.String{Set: true}, Deadline: optjson.String{Set: true}}, - WindowsUpdates: fleet.WindowsUpdates{DeadlineDays: optjson.Int{Set: true}, GracePeriodDays: optjson.Int{Set: true}}, + MacOSSetup: fleet.MacOSSetup{BootstrapPackage: optjson.String{Set: true}, MacOSSetupAssistant: optjson.String{Set: true}, EnableReleaseDeviceManually: optjson.SetBool(false)}, + MacOSUpdates: fleet.AppleOSUpdateSettings{MinimumVersion: optjson.String{Set: true}, Deadline: optjson.String{Set: true}}, + IOSUpdates: fleet.AppleOSUpdateSettings{MinimumVersion: optjson.String{Set: true}, Deadline: optjson.String{Set: true}}, + IPadOSUpdates: fleet.AppleOSUpdateSettings{MinimumVersion: optjson.String{Set: true}, Deadline: optjson.String{Set: true}}, + VolumePurchasingProgram: optjson.Slice[fleet.MDMAppleVolumePurchasingProgramInfo]{Set: true, Value: []fleet.MDMAppleVolumePurchasingProgramInfo{}}, + WindowsUpdates: fleet.WindowsUpdates{DeadlineDays: optjson.Int{Set: true}, GracePeriodDays: optjson.Int{Set: true}}, WindowsSettings: fleet.WindowsSettings{ CustomSettings: optjson.Slice[fleet.MDMProfileSpec]{Set: true, Value: []fleet.MDMProfileSpec{}}, }, @@ -1017,12 +1025,14 @@ func TestMDMAppleConfig(t *testing.T) { EnableDiskEncryption: optjson.SetBool(false), }, expectedMDM: fleet.MDM{ - EnableDiskEncryption: optjson.Bool{Set: true, Valid: true, Value: false}, - MacOSSetup: fleet.MacOSSetup{BootstrapPackage: optjson.String{Set: true}, MacOSSetupAssistant: optjson.String{Set: true}, EnableReleaseDeviceManually: optjson.SetBool(false)}, - MacOSUpdates: fleet.AppleOSUpdateSettings{MinimumVersion: optjson.String{Set: true}, Deadline: optjson.String{Set: true}}, - IOSUpdates: fleet.AppleOSUpdateSettings{MinimumVersion: optjson.String{Set: true}, Deadline: optjson.String{Set: true}}, - IPadOSUpdates: fleet.AppleOSUpdateSettings{MinimumVersion: optjson.String{Set: true}, Deadline: optjson.String{Set: true}}, - WindowsUpdates: fleet.WindowsUpdates{DeadlineDays: optjson.Int{Set: true}, GracePeriodDays: optjson.Int{Set: true}}, + AppleBusinessManager: optjson.Slice[fleet.MDMAppleABMAssignmentInfo]{Set: true, Value: []fleet.MDMAppleABMAssignmentInfo{}}, + EnableDiskEncryption: optjson.Bool{Set: true, Valid: true, Value: false}, + MacOSSetup: fleet.MacOSSetup{BootstrapPackage: optjson.String{Set: true}, MacOSSetupAssistant: optjson.String{Set: true}, EnableReleaseDeviceManually: optjson.SetBool(false)}, + MacOSUpdates: fleet.AppleOSUpdateSettings{MinimumVersion: optjson.String{Set: true}, Deadline: optjson.String{Set: true}}, + IOSUpdates: fleet.AppleOSUpdateSettings{MinimumVersion: optjson.String{Set: true}, Deadline: optjson.String{Set: true}}, + IPadOSUpdates: fleet.AppleOSUpdateSettings{MinimumVersion: optjson.String{Set: true}, Deadline: optjson.String{Set: true}}, + VolumePurchasingProgram: optjson.Slice[fleet.MDMAppleVolumePurchasingProgramInfo]{Set: true, Value: []fleet.MDMAppleVolumePurchasingProgramInfo{}}, + WindowsUpdates: fleet.WindowsUpdates{DeadlineDays: optjson.Int{Set: true}, GracePeriodDays: optjson.Int{Set: true}}, WindowsSettings: fleet.WindowsSettings{ CustomSettings: optjson.Slice[fleet.MDMProfileSpec]{Set: true, Value: []fleet.MDMProfileSpec{}}, }, @@ -1065,6 +1075,12 @@ func TestMDMAppleConfig(t *testing.T) { ds.NewJobFunc = func(ctx context.Context, job *fleet.Job) (*fleet.Job, error) { return job, nil } + ds.ListABMTokensFunc = func(ctx context.Context) ([]*fleet.ABMToken, error) { + return []*fleet.ABMToken{{ID: 1}}, nil + } + ds.SaveABMTokenFunc = func(ctx context.Context, token *fleet.ABMToken) error { + return nil + } depStorage.RetrieveConfigFunc = func(p0 context.Context, p1 string) (*nanodep_client.Config, error) { return &nanodep_client.Config{BaseURL: depSrv.URL}, nil } diff --git a/server/service/endpoint_utils.go b/server/service/endpoint_utils.go index acb3d23c71..055eb2cba1 100644 --- a/server/service/endpoint_utils.go +++ b/server/service/endpoint_utils.go @@ -448,9 +448,12 @@ var pathReplacer = strings.NewReplacer( "}", "_", ) -func getNameFromPathAndVerb(verb, path string) string { - return strings.ToLower(verb) + "_" + - pathReplacer.Replace(strings.TrimPrefix(strings.TrimRight(path, "/"), "/api/_version_/fleet/")) +func getNameFromPathAndVerb(verb, path, startAt string) string { + prefix := strings.ToLower(verb) + "_" + if startAt != "" { + prefix += pathReplacer.Replace(startAt) + "_" + } + return prefix + pathReplacer.Replace(strings.TrimPrefix(strings.TrimRight(path, "/"), "/api/_version_/fleet/")) } func capabilitiesResponseFunc(capabilities fleet.CapabilityMap) kithttp.ServerOption { @@ -560,14 +563,14 @@ func (e *authEndpointer) handlePathHandler(path string, pathHandler func(path st } versionedPath := strings.Replace(path, "/_version_/", fmt.Sprintf("/{fleetversion:(?:%s)}/", strings.Join(versions, "|")), 1) - nameAndVerb := getNameFromPathAndVerb(verb, path) + nameAndVerb := getNameFromPathAndVerb(verb, path, e.startingAtVersion) if e.usePathPrefix { e.r.PathPrefix(versionedPath).Handler(pathHandler(versionedPath)).Name(nameAndVerb).Methods(verb) } else { e.r.Handle(versionedPath, pathHandler(versionedPath)).Name(nameAndVerb).Methods(verb) } for _, alias := range e.alternativePaths { - nameAndVerb := getNameFromPathAndVerb(verb, alias) + nameAndVerb := getNameFromPathAndVerb(verb, alias, e.startingAtVersion) versionedPath := strings.Replace(alias, "/_version_/", fmt.Sprintf("/{fleetversion:(?:%s)}/", strings.Join(versions, "|")), 1) if e.usePathPrefix { e.r.PathPrefix(versionedPath).Handler(pathHandler(versionedPath)).Name(nameAndVerb).Methods(verb) diff --git a/server/service/handler_test.go b/server/service/handler_test.go index df7ff9e04d..116b155ac9 100644 --- a/server/service/handler_test.go +++ b/server/service/handler_test.go @@ -76,7 +76,6 @@ func TestAPIRoutesConflicts(t *testing.T) { } func TestAPIRoutesMetrics(t *testing.T) { - t.Skip() ds := new(mock.Store) svc, _ := newTestService(t, ds, nil, nil) @@ -108,7 +107,8 @@ func TestAPIRoutesMetrics(t *testing.T) { routeNames := make(map[string]bool) err = router.Walk(func(route *mux.Route, _ *mux.Router, _ []*mux.Route) error { if _, ok := routeNames[route.GetName()]; ok { - t.Errorf("duplicate route name: %s", route.GetName()) + path, _ := route.GetPathTemplate() + t.Errorf("duplicate route name: %s (%s)", route.GetName(), path) } routeNames[route.GetName()] = true return nil @@ -194,7 +194,7 @@ func TestAPIRoutesMetrics(t *testing.T) { "go_memstats_alloc_bytes_total": 1, "go_memstats_buck_hash_sys_bytes": 1, "go_memstats_frees_total": 1, - "go_memstats_gc_cpu_fraction": 1, + "go_memstats_gc_cpu_fraction": 0, // does not appear to be reported anymore "go_memstats_gc_sys_bytes": 1, "go_memstats_heap_alloc_bytes": 1, "go_memstats_heap_idle_bytes": 1, diff --git a/server/service/mdm_test.go b/server/service/mdm_test.go index 731184726e..3a626af027 100644 --- a/server/service/mdm_test.go +++ b/server/service/mdm_test.go @@ -70,8 +70,6 @@ func TestGetMDMApple(t *testing.T) { } func TestMDMAppleAuthorization(t *testing.T) { - // FIXME - t.Skip() ds := new(mock.Store) license := &fleet.LicenseInfo{Tier: fleet.TierPremium} @@ -125,6 +123,16 @@ func TestMDMAppleAuthorization(t *testing.T) { return nil } + ds.ListABMTokensFunc = func(ctx context.Context) ([]*fleet.ABMToken, error) { + return nil, nil + } + ds.ListVPPTokensFunc = func(ctx context.Context) ([]*fleet.VPPTokenDB, error) { + return nil, nil + } + ds.GetVPPTokenFunc = func(ctx context.Context, id uint) (*fleet.VPPTokenDB, error) { + return nil, ¬FoundErr{} + } + ds.DeleteMDMConfigAssetsByNameFunc = func(ctx context.Context, assetNames []fleet.MDMAssetName) error { return nil } // use a custom implementation of checkAuthErr as the service call will fail diff --git a/server/service/vpp_test.go b/server/service/vpp_test.go index 1821b9926f..95b9c65ed0 100644 --- a/server/service/vpp_test.go +++ b/server/service/vpp_test.go @@ -5,6 +5,7 @@ import ( "testing" "time" + "github.com/fleetdm/fleet/v4/server/authz" "github.com/fleetdm/fleet/v4/server/contexts/viewer" "github.com/fleetdm/fleet/v4/server/fleet" "github.com/fleetdm/fleet/v4/server/mock" @@ -14,13 +15,24 @@ import ( ) func TestVPPAuth(t *testing.T) { - t.Skip() ds := new(mock.Store) license := &fleet.LicenseInfo{Tier: fleet.TierPremium, Expiration: time.Now().Add(24 * time.Hour)} svc, ctx := newTestService(t, ds, nil, nil, &TestServerOpts{License: license}) + // use a custom implementation of checkAuthErr as the service call will fail + // with a different error for in case of authorization success and the + // package-wide checkAuthErr requires no error. + checkAuthErr := func(t *testing.T, shouldFail bool, err error) { + if shouldFail { + require.Error(t, err) + require.Equal(t, (&authz.Forbidden{}).Error(), err.Error()) + } else if err != nil { + require.NotEqual(t, (&authz.Forbidden{}).Error(), err.Error()) + } + } + testCases := []struct { name string user *fleet.User @@ -64,14 +76,15 @@ func TestVPPAuth(t *testing.T) { ds.TeamExistsFunc = func(ctx context.Context, teamID uint) (bool, error) { return false, nil } - ds.GetAllMDMConfigAssetsByNameFunc = func(ctx context.Context, assetNames []fleet.MDMAssetName) (map[fleet.MDMAssetName]fleet.MDMConfigAsset, error) { return map[fleet.MDMAssetName]fleet.MDMConfigAsset{}, nil } - ds.TeamFunc = func(ctx context.Context, tid uint) (*fleet.Team, error) { return &fleet.Team{ID: 1}, nil } + ds.GetVPPTokenByTeamIDFunc = func(ctx context.Context, teamID *uint) (*fleet.VPPTokenDB, error) { + return &fleet.VPPTokenDB{ID: 1, OrgName: "org", Teams: []fleet.TeamTuple{{ID: 1}}}, nil + } // Note: these calls always return an error because they're attempting to unmarshal a // non-existent VPP token. @@ -79,18 +92,14 @@ func TestVPPAuth(t *testing.T) { if tt.teamID == nil { require.Error(t, err) } else { - if tt.shouldFailRead { - checkAuthErr(t, true, err) - } + checkAuthErr(t, tt.shouldFailRead, err) } err = svc.AddAppStoreApp(ctx, tt.teamID, fleet.VPPAppTeam{VPPAppID: fleet.VPPAppID{AdamID: "123", Platform: fleet.IOSPlatform}}) if tt.teamID == nil { require.Error(t, err) } else { - if tt.shouldFailWrite { - checkAuthErr(t, true, err) - } + checkAuthErr(t, tt.shouldFailWrite, err) } }) } diff --git a/tools/cloner-check/generated_files/appconfig.txt b/tools/cloner-check/generated_files/appconfig.txt index 9166cec7a8..86388d153e 100644 --- a/tools/cloner-check/generated_files/appconfig.txt +++ b/tools/cloner-check/generated_files/appconfig.txt @@ -97,7 +97,7 @@ github.com/fleetdm/fleet/v4/server/fleet/GoogleCalendarIntegration Domain string github.com/fleetdm/fleet/v4/server/fleet/GoogleCalendarIntegration ApiKey map[string]string github.com/fleetdm/fleet/v4/server/fleet/AppConfig MDM fleet.MDM github.com/fleetdm/fleet/v4/server/fleet/MDM DeprecatedAppleBMDefaultTeam string -github.com/fleetdm/fleet/v4/server/fleet/MDM AppleBussinessManager optjson.Slice[github.com/fleetdm/fleet/v4/server/fleet.MDMAppleABMAssignmentInfo] +github.com/fleetdm/fleet/v4/server/fleet/MDM AppleBusinessManager optjson.Slice[github.com/fleetdm/fleet/v4/server/fleet.MDMAppleABMAssignmentInfo] github.com/fleetdm/fleet/v4/pkg/optjson/Slice[github.com/fleetdm/fleet/v4/server/fleet.MDMAppleABMAssignmentInfo] Set bool github.com/fleetdm/fleet/v4/pkg/optjson/Slice[github.com/fleetdm/fleet/v4/server/fleet.MDMAppleABMAssignmentInfo] Valid bool github.com/fleetdm/fleet/v4/pkg/optjson/Slice[github.com/fleetdm/fleet/v4/server/fleet.MDMAppleABMAssignmentInfo] Value []fleet.MDMAppleABMAssignmentInfo