Elgato_dark/fleet
1
0
Fork 0
mirror of https://github.com/fleetdm/fleet synced 2026-05-22 08:28:52 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 107
fleet/ee/server/service/hostidentity/config.go
Victor Lyuboslavsky b9520f6b14
Changed the default name of Host Identity CA to 'Fleet Host Identity CA' to avoid conflict with Fleet's Apple MDM CA. (#34219) 
<!-- Add the related story/sub-task/bug number, like Resolves #123, or
remove if NA -->
**Related issue:** Resolves #34217

# Checklist for submitter

If some of the following don't apply, delete the relevant line.

- [x] Changes file added for user-visible changes in `changes/`,
`orbit/changes/` or `ee/fleetd-chrome/changes`.
See [Changes
files](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/guides/committing-changes.md#changes-files)
for more information.

## Testing

- [x] QA'd all new/changed functionality manually
2025-10-15 09:52:45 -05:00

56 lines
1.7 KiB
Go
Raw Blame History

package hostidentity
import (
"context"
"fmt"
"github.com/fleetdm/fleet/v4/pkg/certificate"
"github.com/fleetdm/fleet/v4/server/fleet"
"github.com/fleetdm/fleet/v4/server/mdm/scep/depot"
)
func initAssets(ds fleet.Datastore) error {
// Check if we have existing certs and keys
expectedAssets := []fleet.MDMAssetName{
fleet.MDMAssetHostIdentityCACert,
fleet.MDMAssetHostIdentityCAKey,
}
savedAssets, err := ds.GetAllMDMConfigAssetsByName(context.Background(), expectedAssets, nil)
if err != nil {
// allow not found errors as it means we're generating the assets for the first time.
if !fleet.IsNotFound(err) {
return fmt.Errorf("loading existing host identity assets from the database: %w", err)
}
}
if len(savedAssets) != len(expectedAssets) {
// Then we should create them
caCert := depot.NewCACert(
depot.WithYears(10),
depot.WithCommonName("Fleet Host Identity CA"),
// Signal that the CA is local to the deployment and not necessarily managed by Fleet or another external vendor
depot.WithOrganization("Local Certificate Authority"),
)
scepCert, scepKey, err := depot.NewCACertKey(caCert)
if err != nil {
return fmt.Errorf("generating host identity SCEP cert and key: %w", err)
}
// Store our config assets encrypted
var assets []fleet.MDMConfigAsset
for k, v := range map[fleet.MDMAssetName][]byte{
fleet.MDMAssetHostIdentityCACert: certificate.EncodeCertPEM(scepCert),
fleet.MDMAssetHostIdentityCAKey: certificate.EncodePrivateKeyPEM(scepKey),
} {
assets = append(assets, fleet.MDMConfigAsset{
Name: k,
Value: v,
})
}
if err := ds.InsertMDMConfigAssets(context.Background(), assets, nil); err != nil {
return fmt.Errorf("inserting host identity SCEP assets: %w", err)
}
}
return nil
}
Reference in a new issue View git blame Copy permalink