Elgato_dark/fleet
1
0
Fork 0
mirror of https://github.com/fleetdm/fleet synced 2026-05-22 16:39:01 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 121
fleet/website/api/controllers/microsoft-proxy/get-one-compliance-status-result.js
Eric 13eeebe548
Website: Add Microsoft compliance proxy endpoints. (#27403) 
Changes:
- Created a new database model: `MicrosoftComplianceTenant`. A model
that stores information about complaince tenants
- Added `/policies/is-cloud-customer`: a policy that blocks requests to
microsoft proxy endpoints if a `MS API KEY` header is missing or does
not match a new config variable
(`sails.custom.config.cloudCustomerCompliancePartnerSharedSecret`)
- Added `microsoft-proxy/create-compliance-partner-tenant`: an action
that creates a database record for a new compliance tenant and generates
an API key that is used to authenticate future requests to microsoft
proxy endpoints for an entra tenant.
- Added `microsoft-proxy/get-compliance-partner-settings`: an action
that returns information about Fleet's complaince partner entra
application and the entra tenant's admin consent status (whether or not
a tenant's entra admin has granted permissions to Fleet's compliance
partner application)
- Added `microsoft-proxy/get-tenants-admin-consent-status`: an action
that updates the admin consent status of a compliance tenant record.
- Added `microsoft-proxy/setup-compliance-partner-tenant`: an action
that provisions a compliance tenant, creates a complaince policy for
macOS devices assigns the created policy to the built-in "All users"
user group on the tenants entra instance.
- Added `microsoft-proxy/update-one-devices-compliance-status`: an
action that receives information about a device on a compliance tenant's
Fleet instance, sends that information to their Entra instance, and
returns the messsage ID returned by the asynchronus Entra API.
- Added `microsoft-proxy/get-one-compliance-status-result`: an action
that returns the result of a compliance status update from the Entra
API.
- Added `sails.helpers.microsoft-proxy.get-access-token-and-api-urls` A
helper that gets an access token for a tenant's entra instance and the
URLs of the API endpoints the microsoft proxy actions use for a tenant.
- Added `scripts/send-entra-heartbeat-requests` A script that will run
daily to keep all microsoft compliance integrations provisioned.
-

---------

Co-authored-by: Lucas Rodriguez <[email protected]>
2025-06-11 13:01:36 -05:00

75 lines
2.5 KiB
JavaScript
Vendored
Raw Blame History

module.exports = {
friendlyName: 'Get one compliance status result',
description: 'Retreives the result of a compliance status update of a Microsoft complaince tenant.',
inputs: {
entraTenantId: {
type: 'string',
required: true,
},
fleetServerSecret: {
type: 'string',
requried: true,
},
messageId: {
type: 'string',
required: true,
}
},
exits: {
tenantNotFound: {description: 'No existing Microsoft compliance tenant was found for the Fleet instance that sent the request.', responseType: 'unauthorized'}
},
fn: async function ({entraTenantId, fleetServerSecret, messageId}) {
let informationAboutThisTenant = await MicrosoftComplianceTenant.findOne({entraTenantId: entraTenantId, fleetServerSecret: fleetServerSecret});
if(!informationAboutThisTenant) {
return new Error({error: 'No MicrosoftComplianceTenant record was found that matches the provided entra_tenant_id and fleet_server_secret combination.'});
}
let tokenAndApiUrls = await sails.helpers.microsoftProxy.getAccessTokenAndApiUrls.with({
complianceTenantRecordId: informationAboutThisTenant.id
});
let accessToken = tokenAndApiUrls.manageApiAccessToken;
let deviceDataSyncUrl = tokenAndApiUrls.deviceDataSyncUrl;
let complianceStatusResultResponse = await sails.helpers.http.sendHttpRequest.with({
method: 'GET',
url: `${deviceDataSyncUrl}/DataUploadMessages(guid'${encodeURIComponent(messageId)}')?api-version=1.2`,
headers: {
'Authorization': `Bearer ${accessToken}`
}
}).intercept((err)=>{
return new Error({error: `An error occurred when retrieving a compliance status result of a device for a Microsoft compliance tenant. Full error: ${require('util').inspect(err, {depth: 3})}`});
});
let parsedComplianceUpdateResponse;
try {
parsedComplianceUpdateResponse = JSON.parse(complianceStatusResultResponse.body);
} catch(err){
throw new Error(`When parsing the JSON response body of a Microsoft compliance partner update status, an error occured. full error: ${require('util').inspect(err)}`);
}
let result = {
message_id: messageId,// eslint-disable-line camelcase
status: parsedComplianceUpdateResponse.Status
};
// If the status is "Failed", attach the error details to the response body.
if(parsedComplianceUpdateResponse.Status === 'Failed') {
result.details = parsedComplianceUpdateResponse.ErrorDetail;
}
// All done.
return result;
}
};
Reference in a new issue View git blame Copy permalink