Elgato_dark/fleet
1
0
Fork 0
mirror of https://github.com/fleetdm/fleet synced 2026-05-24 09:28:54 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 52

don't preemptively set disk encryption as on (#14533)

Browse source 
for #14422

# Checklist for submitter

If some of the following don't apply, delete the relevant line.

- [x] Added/updated tests
- [x] Manual QA for all new/changed functionality
This commit is contained in:
Roberto Dip 2023-10-13 18:05:03 -03:00 committed by GitHub
parent eb0babe51a
commit 9172b69669
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
2 changed files with 6 additions and 5 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

5
server/service/integration_mdm_test.go
View file

@ -7209,6 +7209,11 @@ func (s *integrationMDMTestSuite) TestHostDiskEncryptionKey() {
require.NotNil(t, hdek.Decryptable)
require.True(t, *hdek.Decryptable)
// the disk encryption status of the host is not set with this request
var hostResp getHostResponse
s.DoJSON("GET", fmt.Sprintf("/api/latest/fleet/hosts/%d", host.ID), nil, http.StatusOK, &hostResp)
require.Nil(t, hostResp.Host.DiskEncryptionEnabled)
// the key is encrypted the same way as the macOS keys (except with the WSTEP
// certificate), so it can be decrypted using the same decryption function.
wstepCert, _, _, err := s.fleetCfg.MDM.MicrosoftWSTEP()

6
server/service/orbit.go
View file

@ -589,10 +589,6 @@ func (svc *Service) SetOrUpdateDiskEncryptionKey(ctx context.Context, encryption
if err := svc.ds.SetOrUpdateHostDiskEncryptionKey(ctx, host.ID, encryptedEncryptionKey, clientError, decryptable); err != nil {
return ctxerr.Wrap(ctx, err, "set or update disk encryption key")
}
if encryptedEncryptionKey != "" {
if err := svc.ds.SetOrUpdateHostDisksEncryption(ctx, host.ID, true); err != nil {
return ctxerr.Wrap(ctx, err, "set or update host disks encryption")
}
}
return nil
}