Elgato_dark/fleet
1
0
Fork 0
mirror of https://github.com/fleetdm/fleet synced 2026-05-24 09:28:54 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 30
fleet/server/service/client_users.go
Juan Fernandez f791f4b309
Allow the creation of API-only users (#43440) 
**Related issues:** 
- Resolves #42882 
- Resolves #42880 
- Resolves #42884 

# Changes

- Added POST /users/api_only endpoint for creating API-only users.
- Added PATCH /users/api_only/{id} for updating existing API-only users.
- Updated `fleetctl user create --api-only` removing email/password
field requirements.
2026-04-16 11:11:39 -04:00

97 lines
2.9 KiB
Go
Raw Blame History

package service
import (
"errors"
"fmt"
"github.com/fleetdm/fleet/v4/server/fleet"
)
// CreateAPIOnlyUser creates a new API-only user, returning the API token for the new user.
func (c *Client) CreateAPIOnlyUser(name string, globalRole *string, teams []fleet.UserTeam) (*string, error) {
verb, path := "POST", "/api/latest/fleet/users/api_only"
payload := fleet.UserPayload{
Name: &name,
GlobalRole: globalRole,
Teams: &teams,
}
var responseBody createUserResponse
if err := c.authenticatedRequest(payload, verb, path, &responseBody); err != nil {
return nil, err
}
return responseBody.Token, nil
}
// CreateUser creates a new user, skipping the invitation process.
//
// The session key (aka API token) is returned only when creating
// API only users.
func (c *Client) CreateUser(p fleet.UserPayload) (*string, error) {
verb, path := "POST", "/api/latest/fleet/users/admin"
var responseBody createUserResponse
if err := c.authenticatedRequest(p, verb, path, &responseBody); err != nil {
return nil, err
}
return responseBody.Token, nil
}
// ListUsers retrieves the list of users.
func (c *Client) ListUsers() ([]fleet.User, error) {
verb, path := "GET", "/api/latest/fleet/users"
var responseBody listUsersResponse
err := c.authenticatedRequest(nil, verb, path, &responseBody)
if err != nil {
return nil, err
}
return responseBody.Users, nil
}
// ApplyUsersRoleSecretSpec applies the global and team roles for users.
func (c *Client) ApplyUsersRoleSecretSpec(spec *fleet.UsersRoleSpec) error {
req := applyUserRoleSpecsRequest{Spec: spec}
verb, path := "POST", "/api/latest/fleet/users/roles/spec"
var responseBody applyUserRoleSpecsResponse
return c.authenticatedRequest(req, verb, path, &responseBody)
}
func (c *Client) userIdFromEmail(email string) (uint, error) {
verb, path := "POST", "/api/latest/fleet/translate"
var responseBody translatorResponse
params := translatorRequest{List: []fleet.TranslatePayload{
{
Type: fleet.TranslatorTypeUserEmail,
Payload: fleet.StringIdentifierToIDPayload{Identifier: email},
},
}}
err := c.authenticatedRequest(&params, verb, path, &responseBody)
if err != nil {
return 0, err
}
if len(responseBody.List) != 1 {
return 0, errors.New("Expected 1 item translated, got none")
}
return responseBody.List[0].Payload.ID, nil
}
// DeleteUser deletes the user specified by the email
func (c *Client) DeleteUser(email string) error {
userID, err := c.userIdFromEmail(email)
if err != nil {
return err
}
verb, path := "DELETE", fmt.Sprintf("/api/latest/fleet/users/%d", userID)
var responseBody deleteUserResponse
return c.authenticatedRequest(nil, verb, path, &responseBody)
}
// Me returns the user associated with the current session.
func (c *Client) Me() (*fleet.User, error) {
verb, path := "GET", "/api/latest/fleet/me"
var responseBody getUserResponse
err := c.authenticatedRequest(nil, verb, path, &responseBody)
return responseBody.User, err
}
Reference in a new issue View git blame Copy permalink