Elgato_dark/fleet
1
0
Fork 0
mirror of https://github.com/fleetdm/fleet synced 2026-05-24 09:28:54 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 30
fleet/server/mdm/nanodep
History
Magnus Jensen a1b4833a82
updated default profile, added endpoint for seeing what default is applied (#44236) 
<!-- Add the related story/sub-task/bug number, like Resolves #123, or
remove if NA -->
**Related issue:** Resolves #43789

# Checklist for submitter

If some of the following don't apply, delete the relevant line.

- [x] Changes file added for user-visible changes in `changes/`,
`orbit/changes/` or `ee/fleetd-chrome/changes`.
See [Changes
files](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/guides/committing-changes.md#changes-files)
for more information.

- [x] Input data is properly validated, `SELECT *` is avoided, SQL
injection is prevented (using placeholders for values in statements), JS
inline code is prevented especially for url redirects, and untrusted
data interpolated into shell scripts/commands is validated against shell
metacharacters.
- [x] Timeouts are implemented and retries are limited to avoid infinite
loops
- [x] If paths of existing endpoints are modified without backwards
compatibility, checked the frontend/CLI for any necessary changes

## Testing

- [x] Added/updated automated tests
- [x] QA'd all new/changed functionality manually


<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit

* **New Features**
* View and download the default automatic MDM (Apple Setup Assistant)
enrollment profile via a new endpoint.
* Shows a last-updated timestamp when present; returns the in‑app
default with no timestamp if none is stored.

* **Access**
* Access follows existing team and global permission rules; not
available on Free-tier licenses.

* **Tests**
* Added unit and integration tests covering endpoint behavior and access
controls.
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
2026-04-28 07:38:15 -06:00
..
client Update server-proto version to 9, implement THROTTLED w/ 24h cooldown (#38920) 2026-01-29 15:31:28 -05:00
cmd Update golangci-lint to v2.4.0 (#33251) 2025-09-22 13:17:11 -05:00
docs Rename Apple Business Manager in UI (#42584) 2026-04-08 11:14:19 -06:00
godep updated default profile, added endpoint for seeing what default is applied (#44236) 2026-04-28 07:38:15 -06:00
http Move nanodep dependency in monorepo (#16984) 2024-02-26 10:26:00 -05:00
log Move nanodep dependency in monorepo (#16984) 2024-02-26 10:26:00 -05:00
parse Move nanodep dependency in monorepo (#16984) 2024-02-26 10:26:00 -05:00
proxy Move nanodep dependency in monorepo (#16984) 2024-02-26 10:26:00 -05:00
storage Add govet's nilness and golangci-lint nilnesserr (#33359) 2025-09-23 17:55:50 -03:00
sync Move nanodep dependency in monorepo (#16984) 2024-02-26 10:26:00 -05:00
tokenpki implement OTA enrollment (#21942) 2024-09-10 16:52:17 -03:00
tools Move nanodep dependency in monorepo (#16984) 2024-02-26 10:26:00 -05:00
LICENSE Move nanodep dependency in monorepo (#16984) 2024-02-26 10:26:00 -05:00
README.md Move nanodep dependency in monorepo (#16984) 2024-02-26 10:26:00 -05:00

README.md

NanoDEP

The contents of this directory were copied (on February 2024) from https://github.com/fleetdm/nanomdm (the apple-mdm branch) which was forked from https://github.com/micromdm/nanodep.

Go Go Reference

NanoDEP is a set of tools and a Go library powering them for communicating with Apple's Device Enrollment Program (DEP) API servers.

Getting started & Documentation

  • Quickstart A guide to get NanoDEP up and running quickly.

  • Operations Guide A brief overview of the various tools and utilities for working with NanoDEP.

Tools and utilities

NanoDEP contains a few tools and utilities. At a high level:

  • DEP configuration & reverse proxy server. The primary server component, called depserver is used for configuring NanoDEP and talking with Apple's DEP servers. It hosts its own API for configuring MDM server instances used with Apple's servers (called DEP names) and also hosts a transparently authenticating reverse proxy for talking 'directly' to Apple's DEP API endpoints.
  • Device sync & assigner. The depsyncer tool handles the device fetch/sync cursor logic to continually retrieve the assigned devices from one or more Apple DEP MDM server instance(s).
  • Scripts, tools, and helpers.
    • A set of tools and utilities for talking to the Apple DEP API services — mostly implemented as shell scripts that communicate to the depserver.
    • A stand-alone deptokens tool for locally working with certificate generation for DEP token decryption.

See the Operations Guide for more details and usage documentation.

Go library

NanoDEP is also a Go library for accessing the Apple DEP APIs. There are two components to the Go library:

  • The higher-level godep package implements Go methods and structures for talking to the individual DEP API endpoints.
  • The lower-level client package implements primitives, helpers, and middleware for authenticating to the DEP API and managing sessions tokens.

See the Go Reference documentation (or the Go source itself, of course) for details on these packages.