Related to: https://github.com/fleetdm/fleet/issues/40127
Changes:
- Updated errors logged by Android proxy endpoints to include more
information about the error.
- Added a `deviceNoLongerManaged` exit to the `delete-android-device`
endpoint that is used when the Google API returns a "Device is no longer
being managed" error.
- Added a `policyNotFound` exit to the `modify-android-policies` and
`modify-enterprise-app-policy` endpoints that is used when the Google
API returns a 404 response
- Added a `invalidPolicyName` exit to the `modify-android-device`
endpoint that is used when the Google API returns an error related to
the policy name sent in the request body.
Changes:
- Updated the `get-enterprise-applications` Android proxy endpoint to
use the `enterprises.applications.get` method (It is currently using the
enterprises.devices.get` method)
- Updated errors returned by the `get-enterprise-applications` endpoint
to include more information from the error returned by Google.
<!-- Add the related story/sub-task/bug number, like Resolves#123, or
remove if NA -->
**Related issue:** Resolves#35211
# Checklist for submitter
- [x] QA'd all new/changed functionality manually
<!-- Add the related story/sub-task/bug number, like Resolves#123, or
remove if NA -->
**Related issue:** Resolves#36138
# Checklist for submitter
If some of the following don't apply, delete the relevant line.
- [x] Changes file added for user-visible changes in `changes/`,
`orbit/changes/` or `ee/fleetd-chrome/changes`.
See [Changes
files](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/guides/committing-changes.md#changes-files)
for more information.
## Testing
- [x] Added/updated automated tests
- [x] QA'd all new/changed functionality manually
---------
Co-authored-by: Jordan Montgomery <elijah.jordan.montgomery@gmail.com>
<!-- Add the related story/sub-task/bug number, like Resolves#123, or
remove if NA -->
**Related issue:** Resolves#34389
# Checklist for submitter
If some of the following don't apply, delete the relevant line.
- [x] Input data is properly validated, `SELECT *` is avoided, SQL
injection is prevented (using placeholders for values in statements)
## Testing
- [x] Added/updated automated tests
- [x] Where appropriate, [automated tests simulate multiple hosts and
test for host
isolation](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/reference/patterns-backend.md#unit-testing)
(updates to one hosts's records do not affect another)
- [x] QA'd all new/changed functionality manually
## Database migrations
- [x] Checked schema for all modified table for columns that will
auto-update timestamps during migration.
- [x] Ensured the correct collation is explicitly set for character
columns (`COLLATE utf8mb4_unicode_ci`).
Closes: https://github.com/fleetdm/fleet/issues/34358
Changes:
- Updated Android enterprise proxy endpoints to log an additional
warning to alert us if we exceed the Android management API rate limit.
This is another attempt at debugging/solving the current android proxy
bug.
This tries to not use the global google options, and instead just passes
the authClient directly to all google calls.
The other PR with wait, did initially succeed for me, but then failed
right after.
<!-- Add the related story/sub-task/bug number, like Resolves#123, or
remove if NA -->
**Related issue:** Attempt at debugging #34776
Another attempt to further debug this issue. This attempt tries to
verify that the scopes for the token is correct, and is not overriden by
another call to the scopes.
The reason is that the `www-authenticate` response header is saying
`error="insufficient_scope"`
<!-- Add the related story/sub-task/bug number, like Resolves#123, or
remove if NA -->
**Related issue:** Attempt at solving #34776
This was verified by extracting the create topic, and getIamPolicy, and
without the flow.build it worked fine, but when added it started
failing.
<!-- Add the related story/sub-task/bug number, like Resolves#123, or
remove if NA -->
**Related issue:** Resolves#34776
Adds delay to subsequent retries on creation of Android enterprise
---------
Co-authored-by: Eric <eashaw@sailsjs.com>
Related to: https://github.com/fleetdm/fleet/issues/34776
Changes:
- Updated the create-android-enterprise endpoint to retry the
getIamPolicy and setIamPolicy methods when creating a new android
enterprise.
This PR adds a small log warn statement to the fleetdm proxy for a 400
error on creating enterprise that is not an invalid token.
See this slack thread about the issue, and missing error log to further
debug the issue, unless running it locally, and then it is sometimes not
reproducable.
Haven't fully QA'd as I am not sure how to repro locally(when I test the
pubsub arrives before we ever run the reconciler) however this should
cause 4xx to be returned from the website instead of 5xx for android
unenrolled. We use the exact same code on a different endpoint
<!-- Add the related story/sub-task/bug number, like Resolves#123, or
remove if NA -->
**Related issue:** Resolves#34988 partially. This just helps reduce
alerts to help-p1 and implements the interface that the server is
expecting
<!-- Add the related story/sub-task/bug number, like Resolves#123, or
remove if NA -->
**Related issue:** Resolves#34299
Unreleased bug in Android Config profiles 4.75.0 feature. No changes
file as such. I'm not entirely sure how to cause this as I was unable to
repro it locally, there may be a timing issue or something, so I haven't
fully QA'd manually. QA was limited to verifying basic reconciler
functionality
Also updated Website endpoint to not throw a 5XX since we expect this to
occasionally happen
# Checklist for submitter
If some of the following don't apply, delete the relevant line.
- [x] Changes file added for user-visible changes in `changes/`,
`orbit/changes/` or `ee/fleetd-chrome/changes`.
See [Changes
files](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/guides/committing-changes.md#changes-files)
for more information.
- [x] Input data is properly validated, `SELECT *` is avoided, SQL
injection is prevented (using placeholders for values in statements)
- [x] If paths of existing endpoints are modified without backwards
compatibility, checked the frontend/CLI for any necessary changes
## Testing
- [x] Added/updated automated tests
- [x] Where appropriate, [automated tests simulate multiple hosts and
test for host
isolation](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/reference/patterns-backend.md#unit-testing)
(updates to one hosts's records do not affect another)
- [ ] QA'd all new/changed functionality manually
For unreleased bug fixes in a release candidate, one of:
- [x] Confirmed that the fix is not expected to adversely impact load
test results
Related to: https://github.com/fleetdm/fleet/issues/33266
Changes:
- Added a new helper
`sails.helpers.androidProxy.getIsEnterpriseManagedByFleet`. This helper
returns `true` if a provided Android Enterprise ID is present in the
list of all Android Enterprises managed by Fleet, or `false` if it is
not in the list.
- Updated `create-android-enrollment-token`,
`create-android-signup-url`, and `modify-android-policies` to return a
404 response to the requesting Fleet instance if their Android
Enterprise is not managed by Fleet.
Closes: https://github.com/fleetdm/fleet/issues/31506
Changes:
- Updated the `create-android-enterprise` action to return a 409
response if a database record already exists for the Android enterprise.
Closes#30935
Changes:
- Updated created-android-signup-url to return a bad request response if
a provided callback URL cannot be used to create an Android Enterprise
signup URL.
Related to: https://github.com/fleetdm/fleet/issues/26270
Changes:
- Added a new database model: `AndroidEnterprise`
- Added one new website dependency: `googleapis@148.0.0`
- Added `android-proxy/create-android-signup-url`: an endpoint that
returns a signup url used to grant access to Fleet's Android MDM
integration.
- Added `android-proxy/create-android-enterprise`: An endpoint that
creates an Android enterprise for a Fleet server
- Added `android-proxy/create-android-enrollment-token`: An endpoint
that returns an enrollment token for an Android enterprise
- Added `android-proxy/modify-android-policies`: An endpoint used to
update policies of an Android enterprise
- Added `android-proxy/delete-one-android-enterprise`: an endpoint that
deletes an Android enterprise
---------
Co-authored-by: Victor Lyuboslavsky <victor@fleetdm.com>
