mirror of
https://github.com/fleetdm/fleet
synced 2026-05-24 09:28:54 +00:00
ba04887100
<!-- Add the related story/sub-task/bug number, like Resolves #123, or remove if NA --> **Related issue:** Resolves #40721 # Checklist for submitter If some of the following don't apply, delete the relevant line. - [x] Changes file added for user-visible changes in `changes/`, `orbit/changes/` or `ee/fleetd-chrome/changes`. See [Changes files](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/guides/committing-changes.md#changes-files) for more information. - [x] Input data is properly validated, `SELECT *` is avoided, SQL injection is prevented (using placeholders for values in statements), JS inline code is prevented especially for url redirects ## Testing - [x] Added/updated automated tests - [x] Where appropriate, [automated tests simulate multiple hosts and test for host isolation](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/reference/patterns-backend.md#unit-testing) (updates to one hosts's records do not affect another) - [ ] QA'd all new/changed functionality manually I (Martin) did test `labels_include_all` for FMA, custom installer, IPA and VPP apps, and it seemed to all work great for gitops apply and gitops generate, **except for VPP apps** which seem to have 2 important pre-existing bugs, see https://github.com/fleetdm/fleet/issues/40723#issuecomment-4041780707 ## New Fleet configuration settings - [ ] Verified that the setting is exported via `fleetctl generate-gitops` - [ ] Verified the setting is documented in a separate PR to [the GitOps documentation](https://github.com/fleetdm/fleet/blob/main/docs/Configuration/yaml-files.md#L485) - [ ] Verified that the setting is cleared on the server if it is not supplied in a YAML file (or that it is documented as being optional) - [ ] Verified that any relevant UI is disabled when GitOps mode is enabled --------- Co-authored-by: Jahziel Villasana-Espinoza <jahziel@fleetdm.com>
97 lines
2.9 KiB
Go
97 lines
2.9 KiB
Go
package service
|
|
|
|
import (
|
|
"context"
|
|
"database/sql"
|
|
"testing"
|
|
|
|
"github.com/fleetdm/fleet/v4/server/contexts/viewer"
|
|
"github.com/fleetdm/fleet/v4/server/fleet"
|
|
"github.com/fleetdm/fleet/v4/server/mock"
|
|
"github.com/fleetdm/fleet/v4/server/ptr"
|
|
"github.com/stretchr/testify/require"
|
|
)
|
|
|
|
func TestBatchAssociateVPPApps(t *testing.T) {
|
|
t.Parallel()
|
|
ds := new(mock.Store)
|
|
svc := newTestService(t, ds)
|
|
|
|
ctx := viewer.NewContext(t.Context(), viewer.Viewer{User: &fleet.User{GlobalRole: ptr.String(fleet.RoleAdmin)}})
|
|
|
|
t.Run("Fails if missing VPP token when payloads to associate", func(t *testing.T) {
|
|
ds.GetVPPTokenByTeamIDFunc = func(ctx context.Context, teamID *uint) (*fleet.VPPTokenDB, error) {
|
|
return nil, sql.ErrNoRows
|
|
}
|
|
ds.AppConfigFunc = func(ctx context.Context) (*fleet.AppConfig, error) {
|
|
return &fleet.AppConfig{}, nil
|
|
}
|
|
t.Run("dry run", func(t *testing.T) {
|
|
_, err := svc.BatchAssociateVPPApps(ctx, "", []fleet.VPPBatchPayload{
|
|
{
|
|
AppStoreID: "my-fake-app",
|
|
LabelsExcludeAny: []string{},
|
|
LabelsIncludeAny: []string{},
|
|
LabelsIncludeAll: []string{},
|
|
Categories: []string{},
|
|
Platform: fleet.MacOSPlatform,
|
|
},
|
|
}, true)
|
|
require.ErrorContains(t, err, "could not retrieve vpp token")
|
|
})
|
|
t.Run("not dry run", func(t *testing.T) {
|
|
_, err := svc.BatchAssociateVPPApps(ctx, "", []fleet.VPPBatchPayload{
|
|
{
|
|
AppStoreID: "my-fake-app",
|
|
LabelsExcludeAny: []string{},
|
|
LabelsIncludeAny: []string{},
|
|
LabelsIncludeAll: []string{},
|
|
Categories: []string{},
|
|
Platform: fleet.MacOSPlatform,
|
|
},
|
|
}, false)
|
|
require.ErrorContains(t, err, "could not retrieve vpp token")
|
|
})
|
|
})
|
|
|
|
t.Run("Fails for Fleet Agent Android apps via GitOps", func(t *testing.T) {
|
|
ds.GetSoftwareCategoryIDsFunc = func(ctx context.Context, names []string) ([]uint, error) {
|
|
return nil, nil
|
|
}
|
|
|
|
fleetAgentPackages := []string{
|
|
"com.fleetdm.agent",
|
|
"com.fleetdm.agent.pingali",
|
|
"com.fleetdm.agent.private.testuser",
|
|
}
|
|
|
|
for _, pkg := range fleetAgentPackages {
|
|
t.Run(pkg+" dry run", func(t *testing.T) {
|
|
_, err := svc.BatchAssociateVPPApps(ctx, "", []fleet.VPPBatchPayload{
|
|
{
|
|
AppStoreID: pkg,
|
|
LabelsExcludeAny: []string{},
|
|
LabelsIncludeAny: []string{},
|
|
LabelsIncludeAll: []string{},
|
|
Categories: []string{},
|
|
Platform: fleet.AndroidPlatform,
|
|
},
|
|
}, true)
|
|
require.ErrorContains(t, err, "The Fleet agent cannot be added manually")
|
|
})
|
|
t.Run(pkg+" not dry run", func(t *testing.T) {
|
|
_, err := svc.BatchAssociateVPPApps(ctx, "", []fleet.VPPBatchPayload{
|
|
{
|
|
AppStoreID: pkg,
|
|
LabelsExcludeAny: []string{},
|
|
LabelsIncludeAny: []string{},
|
|
LabelsIncludeAll: []string{},
|
|
Categories: []string{},
|
|
Platform: fleet.AndroidPlatform,
|
|
},
|
|
}, false)
|
|
require.ErrorContains(t, err, "The Fleet agent cannot be added manually")
|
|
})
|
|
}
|
|
})
|
|
}
|