Elgato_dark/fleet
1
0
Fork 0
mirror of https://github.com/fleetdm/fleet synced 2026-05-20 15:38:39 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 107
fleet/server/worker/vpp_verification.go
Martin Angers 462a2e39e5
Bugfix: apply a special-case for Xcode VPP app verification (#38539) 
<!-- Add the related story/sub-task/bug number, like Resolves #123, or
remove if NA -->
**Related issue:** Resolves #37290 

# Checklist for submitter

- [x] Changes file added for user-visible changes in `changes/`,
`orbit/changes/` or `ee/fleetd-chrome/changes`.
See [Changes
files](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/guides/committing-changes.md#changes-files)
for more information.

- [x] Input data is properly validated, `SELECT *` is avoided, SQL
injection is prevented (using placeholders for values in statements)

## Testing

- [x] Added/updated automated tests
- [x] Where appropriate, [automated tests simulate multiple hosts and
test for host
isolation](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/reference/patterns-backend.md#unit-testing)
(updates to one hosts's records do not affect another)

- [x] QA'd all new/changed functionality manually

Tested and all but the very last `InstalledApplicationList` MDM command
was sent with `ManagedOnly=false` and the VPP install transitioned to
`Verified`. It correclty sent the ManagedOnly=false right after it
received a ManagedOnly=true verification result without the Xcode
reported as "Installing".

Multiple QA passes here with screenshots (this and subsequent comments):
https://github.com/fleetdm/fleet/issues/37290#issuecomment-3778270822
2026-01-21 17:16:13 -05:00

92 lines
3.2 KiB
Go
Raw Blame History

package worker
import (
"context"
"encoding/json"
"time"
"github.com/fleetdm/fleet/v4/server/contexts/ctxerr"
"github.com/fleetdm/fleet/v4/server/fleet"
apple_mdm "github.com/fleetdm/fleet/v4/server/mdm/apple"
kitlog "github.com/go-kit/log"
"github.com/go-kit/log/level"
)
const AppleSoftwareJobName = "apple_software"
type AppleSoftwareTask string
const verifyVPPTask AppleSoftwareTask = "verify_vpp_installs"
type AppleSoftware struct {
Datastore fleet.Datastore
Commander *apple_mdm.MDMAppleCommander
Log kitlog.Logger
}
func (v *AppleSoftware) Name() string {
return AppleSoftwareJobName
}
type appleSoftwareArgs struct {
Task AppleSoftwareTask `json:"task"`
HostUUID string `json:"host_uuid"`
VerificationCommandUUID string `json:"verification_command_uuid"`
DisableManagedOnlyApps bool `json:"disable_managed_only_apps,omitempty"`
}
func (v *AppleSoftware) Run(ctx context.Context, argsJSON json.RawMessage) error {
var args appleSoftwareArgs
if err := json.Unmarshal(argsJSON, &args); err != nil {
return ctxerr.Wrap(ctx, err, "unmarshal args")
}
switch args.Task {
case verifyVPPTask:
err := v.verifyVPPInstalls(ctx, args.HostUUID, args.VerificationCommandUUID, args.DisableManagedOnlyApps)
return ctxerr.Wrap(ctx, err, "running migrate VPP token task")
default:
return ctxerr.Errorf(ctx, "unknown task: %v", args.Task)
}
}
func (v *AppleSoftware) verifyVPPInstalls(ctx context.Context, hostUUID, verificationCommandUUID string, disableManagedOnlyApps bool) error {
level.Debug(v.Log).Log("msg", "verifying VPP installs", "host_uuid", hostUUID, "verification_command_uuid", verificationCommandUUID)
newListCmdUUID := fleet.VerifySoftwareInstallCommandUUID()
// for app verification, we always request only managed apps except
// if disableManagedOnlyApps is true
err := v.Commander.InstalledApplicationList(ctx, []string{hostUUID}, newListCmdUUID, !disableManagedOnlyApps)
if err != nil {
return ctxerr.Wrap(ctx, err, "sending installed application list command in verify")
}
if err := v.Datastore.ReplaceVPPInstallVerificationUUID(ctx, verificationCommandUUID, newListCmdUUID); err != nil {
return ctxerr.Wrap(ctx, err, "update vpp install record")
}
if err := v.Datastore.ReplaceInHouseAppInstallVerificationUUID(ctx, verificationCommandUUID, newListCmdUUID); err != nil {
return ctxerr.Wrap(ctx, err, "update in-house app install record")
}
level.Debug(v.Log).Log("msg", "new installed application list command sent", "uuid", newListCmdUUID)
return nil
}
func QueueVPPInstallVerificationJob(ctx context.Context, ds fleet.Datastore, logger kitlog.Logger, requestDelay time.Duration, hostUUID, verificationCommandUUID string, disableManagedOnly bool) error {
args := &appleSoftwareArgs{
Task: verifyVPPTask,
HostUUID: hostUUID,
VerificationCommandUUID: verificationCommandUUID,
DisableManagedOnlyApps: disableManagedOnly,
}
job, err := QueueJobWithDelay(ctx, ds, AppleSoftwareJobName, args, requestDelay)
if err != nil {
return ctxerr.Wrap(ctx, err, "queueing job")
}
level.Debug(logger).Log("job_id", job.ID, "job_name", appleMDMJobName, "task", args.Task)
return nil
}
Reference in a new issue View git blame Copy permalink