Elgato_dark/fleet
1
0
Fork 0
mirror of https://github.com/fleetdm/fleet synced 2026-05-22 16:39:01 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 121
fleet/website/api/controllers/microsoft-proxy/remove-one-compliance-partner-tenant.js
Eric 13eeebe548
Website: Add Microsoft compliance proxy endpoints. (#27403) 
Changes:
- Created a new database model: `MicrosoftComplianceTenant`. A model
that stores information about complaince tenants
- Added `/policies/is-cloud-customer`: a policy that blocks requests to
microsoft proxy endpoints if a `MS API KEY` header is missing or does
not match a new config variable
(`sails.custom.config.cloudCustomerCompliancePartnerSharedSecret`)
- Added `microsoft-proxy/create-compliance-partner-tenant`: an action
that creates a database record for a new compliance tenant and generates
an API key that is used to authenticate future requests to microsoft
proxy endpoints for an entra tenant.
- Added `microsoft-proxy/get-compliance-partner-settings`: an action
that returns information about Fleet's complaince partner entra
application and the entra tenant's admin consent status (whether or not
a tenant's entra admin has granted permissions to Fleet's compliance
partner application)
- Added `microsoft-proxy/get-tenants-admin-consent-status`: an action
that updates the admin consent status of a compliance tenant record.
- Added `microsoft-proxy/setup-compliance-partner-tenant`: an action
that provisions a compliance tenant, creates a complaince policy for
macOS devices assigns the created policy to the built-in "All users"
user group on the tenants entra instance.
- Added `microsoft-proxy/update-one-devices-compliance-status`: an
action that receives information about a device on a compliance tenant's
Fleet instance, sends that information to their Entra instance, and
returns the messsage ID returned by the asynchronus Entra API.
- Added `microsoft-proxy/get-one-compliance-status-result`: an action
that returns the result of a compliance status update from the Entra
API.
- Added `sails.helpers.microsoft-proxy.get-access-token-and-api-urls` A
helper that gets an access token for a tenant's entra instance and the
URLs of the API endpoints the microsoft proxy actions use for a tenant.
- Added `scripts/send-entra-heartbeat-requests` A script that will run
daily to keep all microsoft compliance integrations provisioned.
-

---------

Co-authored-by: Lucas Rodriguez <[email protected]>
2025-06-11 13:01:36 -05:00

76 lines
2.3 KiB
JavaScript
Vendored
Raw Blame History

module.exports = {
friendlyName: 'Remove one compliance partner tenant',
description: 'Updates a microsfot compliance tenant\'s status as "deprovisioned" and deletes the associated Database record',
inputs: {
entraTenantId: {
type: 'string',
required: true,
},
fleetServerSecret: {
type: 'string',
requried: true,
},
},
exits: {
success: {
description: 'The requesting entra tenant has been successfully deprovisioned.'
},
tenantNotFound: {
description: 'A Microsoft compliance tenant could not be found using the provided information.',
responseType: 'notFound',
}
},
fn: async function ({entraTenantId, fleetServerSecret}) {
let informationAboutThisTenant = await MicrosoftComplianceTenant.findOne({entraTenantId: entraTenantId, fleetServerSecret: fleetServerSecret});
if(!informationAboutThisTenant) {
throw 'tenantNotFound';
}
// If setup was completed, we will need to deprovision this Complaince tenant, otherwise, we will only delete the databse record.
if(informationAboutThisTenant.setupCompleted){
let tokenAndApiUrls = await sails.helpers.microsoftProxy.getAccessTokenAndApiUrls.with({
complianceTenantRecordId: informationAboutThisTenant.id
});
let accessToken = tokenAndApiUrls.manageApiAccessToken;
let tenantDataSyncUrl = tokenAndApiUrls.tenantDataSyncUrl;
// Deprovison this tenant
await sails.helpers.http.sendHttpRequest.with({
method: 'PUT',
url: `${tenantDataSyncUrl}/PartnerTenants(guid'${informationAboutThisTenant.entraTenantId}')?api-version=1.6`,
headers: {
'Authorization': `Bearer ${accessToken}`
},
body: {
Provisioned: 2,// 1 = provisioned, 2 = deprovisioned.
PartnerEnrollmentUrl: `https://fleetdm.com/microsoft-compliance-partner/enroll`,
PartnerRemediationUrl: `https://fleetdm.com/microsoft-compliance-partner/remediate`,
}
}).intercept((err)=>{
return new Error({error: `an error occurred when deprovisioning a Microsoft compliance tenant. Full error: ${require('util').inspect(err, {depth: 3})}`});
});
}
await MicrosoftComplianceTenant.destroyOne({id: informationAboutThisTenant.id});
// All done.
return this.res.json({});
}
};
Reference in a new issue View git blame Copy permalink