From c3e8427b13ad290d0384cc9ca48d82c39742bb96 Mon Sep 17 00:00:00 2001 From: Jahziel Villasana-Espinoza Date: Fri, 24 May 2024 10:07:50 -0400 Subject: [PATCH] feat: soft delete for mdm assets --- server/datastore/mysql/apple_mdm.go | 22 ++++++++++++++++++++ server/fleet/datastore.go | 3 +++ server/fleet/service.go | 1 + server/service/handler.go | 1 + server/service/mdm.go | 31 +++++++++++++++++++++++++++++ 5 files changed, 58 insertions(+) diff --git a/server/datastore/mysql/apple_mdm.go b/server/datastore/mysql/apple_mdm.go index 872e8e1b06..e430eeb0ab 100644 --- a/server/datastore/mysql/apple_mdm.go +++ b/server/datastore/mysql/apple_mdm.go @@ -4169,3 +4169,25 @@ WHERE return res, nil } + +func (ds *Datastore) DeleteMDMConfigAssetsByName(ctx context.Context, assetNames []fleet.MDMAssetName) error { + stmt := ` +UPDATE + mdm_config_assets +SET + deleted_at = CURRENT_TIMESTAMP(), + deletion_uuid = ? +WHERE + name IN (?) AND deletion_uuid = '' + ` + + deletionUUID := uuid.New().String() + + stmt, args, err := sqlx.In(stmt, deletionUUID, assetNames) + if err != nil { + return ctxerr.Wrap(ctx, err, "sqlx.In DeleteMDMConfigAssetsByName") + } + + _, err = ds.writer(ctx).ExecContext(ctx, stmt, args...) + return ctxerr.Wrap(ctx, err, "deleting mdm config assets") +} diff --git a/server/fleet/datastore.go b/server/fleet/datastore.go index e7cef30d2f..79c873969b 100644 --- a/server/fleet/datastore.go +++ b/server/fleet/datastore.go @@ -1255,6 +1255,9 @@ type Datastore interface { // GetMDMConfigAssetsByName returns the requested config assets. GetMDMConfigAssetsByName(ctx context.Context, assetNames []MDMAssetName) ([]MDMConfigAsset, error) + // DeleteMDMConfigAssetsByName soft deletes the given MDM config assets. + DeleteMDMConfigAssetsByName(ctx context.Context, assetNames []MDMAssetName) error + /////////////////////////////////////////////////////////////////////////////// // Microsoft MDM diff --git a/server/fleet/service.go b/server/fleet/service.go index 5f1d17e908..23e131ccb1 100644 --- a/server/fleet/service.go +++ b/server/fleet/service.go @@ -695,6 +695,7 @@ type Service interface { GetMDMAppleCSR(ctx context.Context) ([]byte, error) UploadMDMAppleAPNSCert(ctx context.Context, cert io.ReadSeeker) error + DeleteMDMAppleAPNSCert(ctx context.Context) error // GetHostDEPAssignment retrieves the host DEP assignment for the specified host. GetHostDEPAssignment(ctx context.Context, host *Host) (*HostDEPAssignment, error) diff --git a/server/service/handler.go b/server/service/handler.go index 0c26a23d96..41b0a18c3c 100644 --- a/server/service/handler.go +++ b/server/service/handler.go @@ -714,6 +714,7 @@ func attachFleetAPIRoutes(r *mux.Router, svc fleet.Service, config config.FleetC ue.GET("/api/_version_/fleet/mdm/apple/request_csr", getMDMAppleCSREndpoint, getMDMAppleCSRRequest{}) ue.POST("/api/_version_/fleet/mdm/apple/apns_certificate", uploadMDMAppleAPNSCertEndpoint, uploadMDMAppleAPNSCertRequest{}) + ue.DELETE("/api/_version_/fleet/mdm/apple/apns_certificate", deleteMDMAppleAPNSCertEndpoint, deleteMDMAppleAPNSCertRequest{}) // Deprecated: GET /mdm/apple_bm is now deprecated, replaced by the // GET /abm endpoint. diff --git a/server/service/mdm.go b/server/service/mdm.go index 343fdd3846..4291e6e55d 100644 --- a/server/service/mdm.go +++ b/server/service/mdm.go @@ -2296,3 +2296,34 @@ func (svc *Service) UploadMDMAppleAPNSCert(ctx context.Context, cert io.ReadSeek return nil } + +type deleteMDMAppleAPNSCertRequest struct{} + +type deleteMDMAppleAPNSCertResponse struct { + Err error `json:"error,omitempty"` +} + +func (r deleteMDMAppleAPNSCertResponse) error() error { + return r.Err +} + +func deleteMDMAppleAPNSCertEndpoint(ctx context.Context, request interface{}, svc fleet.Service) (errorer, error) { + if err := svc.DeleteMDMAppleAPNSCert(ctx); err != nil { + return &deleteMDMAppleAPNSCertResponse{Err: err}, nil + } + + return &deleteMDMAppleAPNSCertResponse{}, nil +} + +func (svc *Service) DeleteMDMAppleAPNSCert(ctx context.Context) error { + if err := svc.authz.Authorize(ctx, &fleet.AppleCSR{}, fleet.ActionWrite); err != nil { + return ctxerr.Wrap(ctx, err) + } + + return ctxerr.Wrap(ctx, svc.ds.DeleteMDMConfigAssetsByName(ctx, []fleet.MDMAssetName{ + fleet.MDMAssetAPNSCert, + fleet.MDMAssetAPNSKey, + fleet.MDMAssetCACert, + fleet.MDMAssetCAKey, + }), "deleting apple mdm assets") +}