fleet

Elgato_dark/fleet

Fork 0

mirror of https://github.com/fleetdm/fleet synced 2026-05-09 18:20:48 +00:00

Commit graph

Author	SHA1	Message	Date
Victor Lyuboslavsky	f79fed9712	Added auth.require_http_message_signature server option. (#30983 ) For #30947 # Checklist for submitter - [x] Input data is properly validated, `SELECT ` is avoided, SQL injection is prevented (using placeholders for values in statements) - [x] Added/updated automated tests <!-- This is an auto-generated comment: release notes by coderabbit.ai --> ## Summary by CodeRabbit New Features * Added support for requiring HTTP message signatures for fleetd requests, configurable via a new setting. * Enhanced middleware to enforce HTTP message signature requirements when enabled. * Tests * Introduced integration tests to verify host identity endpoints enforce HTTP message signature requirements. * Updated test utilities and suite setup to support configurable signature enforcement. * Chores * Refactored configuration and test server options to support the new signature enforcement feature. <!-- end of auto-generated comment: release notes by coderabbit.ai -->	2025-07-17 13:23:19 +02:00
Victor Lyuboslavsky	836cc044d2	Fleet server verifies HTTP signature (#30825 ) Fixes #30473 # Checklist for submitter - [x] Changes file added for user-visible changes in `changes/`, `orbit/changes/` or `ee/fleetd-chrome/changes`. - [x] Added/updated automated tests - [ ] Manual QA for all new/changed functionality <!-- This is an auto-generated comment: release notes by coderabbit.ai --> ## Summary by CodeRabbit * New Features * Added support for TPM-backed host identity certificates enabling hardware-backed HTTP signature authentication for hosts. * Introduced HTTP signature verification middleware for API requests, applied conditionally for premium licenses. * Hosts presenting identity certificates must authenticate with matching HTTP message signatures during enrollment and authentication. * Added SCEP-based certificate issuance for secure host identity management. * Updated enrollment endpoints to use standardized request/response contract types. * Bug Fixes * Enhanced authentication logic to verify consistency between host identity certificates and host records, preventing duplicate or mismatched identities. * Chores * Updated dependencies and test infrastructure to support HTTP signature verification and host identity certificate workflows. * Added comprehensive integration and datastore tests for host identity certificate issuance, storage, and authentication. <!-- end of auto-generated comment: release notes by coderabbit.ai -->	2025-07-16 20:08:27 +02:00

Author

SHA1

Message

Date

Victor Lyuboslavsky

f79fed9712

Added auth.require_http_message_signature server option. (#30983 )

For #30947 

# Checklist for submitter

- [x] Input data is properly validated, `SELECT *` is avoided, SQL
injection is prevented (using placeholders for values in statements)
- [x] Added/updated automated tests


<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->

## Summary by CodeRabbit

* **New Features**
* Added support for requiring HTTP message signatures for fleetd
requests, configurable via a new setting.
* Enhanced middleware to enforce HTTP message signature requirements
when enabled.

* **Tests**
* Introduced integration tests to verify host identity endpoints enforce
HTTP message signature requirements.
* Updated test utilities and suite setup to support configurable
signature enforcement.

* **Chores**
* Refactored configuration and test server options to support the new
signature enforcement feature.

<!-- end of auto-generated comment: release notes by coderabbit.ai -->

2025-07-17 13:23:19 +02:00

Victor Lyuboslavsky

836cc044d2

Fleet server verifies HTTP signature (#30825 )

Fixes #30473 

# Checklist for submitter

- [x] Changes file added for user-visible changes in `changes/`,
`orbit/changes/` or `ee/fleetd-chrome/changes`.
- [x] Added/updated automated tests
- [ ] Manual QA for all new/changed functionality

<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit

* **New Features**
* Added support for TPM-backed host identity certificates enabling
hardware-backed HTTP signature authentication for hosts.
* Introduced HTTP signature verification middleware for API requests,
applied conditionally for premium licenses.
* Hosts presenting identity certificates must authenticate with matching
HTTP message signatures during enrollment and authentication.
* Added SCEP-based certificate issuance for secure host identity
management.
* Updated enrollment endpoints to use standardized request/response
contract types.

* **Bug Fixes**
* Enhanced authentication logic to verify consistency between host
identity certificates and host records, preventing duplicate or
mismatched identities.

* **Chores**
* Updated dependencies and test infrastructure to support HTTP signature
verification and host identity certificate workflows.
* Added comprehensive integration and datastore tests for host identity
certificate issuance, storage, and authentication.
<!-- end of auto-generated comment: release notes by coderabbit.ai -->

2025-07-16 20:08:27 +02:00

2 commits