Elgato_dark/fleet
1
0
Fork 0
mirror of https://github.com/fleetdm/fleet synced 2026-05-24 09:28:54 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 30
fleet/frontend/services/entities/disk_encryption.ts
jacobshandling 096d67dd5a
Linux disk encryption: frontend changes, backend missing private key errors, remove disk encryption endpoints dependence on MDM being enabled (#23714) 
## Addresses #22702,  #23713, #23756, #23746, #23747, and #23876
_-Note that much of this code as is will render as expected only once
integrated with the backend or if manipulated manually for testing
purposes_

**Frontend**:
- Update banners on my device page, tests
- Build new logic for calling endpoint to trigger linux key escrow on
clicking `Create key`
- Add `CreateLinuxKeyModal` to inform user of next steps after clicking
`Create key`
- Update banners on host details page, tests
- Update the Controls > OS settings section with new logic related to
linux disk encryption
- Expect and include counts of Linux hosts in aggregate disk encryption
stats UI
- Add "Linux" column to the disk encryption table
- Show disk encryption related UI for supported Linux platforms
- TODO: confirm platform string matching functionality in manual e2e
testing
- Expand capabilities of `SectionHeader` component, apply to new UI
- Flash "missing private key" error, with clickable link, when trying to
update disk encryption enabled while no server private key is present.
- TODO: QA this once other endpoints on Controls > Disk encryption are
enabled even when MDM not turned on
- Update Disk encryption key modal copy


-Other TODO:
  - Confirm when integrated with API:
    - Aggregate disk encryption counts
    - Disk encryption table Linux column
    - Show disk encryption key action on host details page when expected
    - Opens Disk encryption key modal, displays key as expected
  
**Backend**:
- For "No team" and teams, error when trying to update disk encryption
enabled while no server private key is present.
- Remove requirement of mdm being enabled for use of various endpoints
related to Linux disk encryption
- Update tests


_________
**Host details and my device page banners**

![banners](https://github.com/user-attachments/assets/b76fbfbd-0969-40eb-b8b1-9fd0d4fd0f4f)

**Create key modal**
<img width="1799" alt="create-key-modal"
src="https://github.com/user-attachments/assets/81a55ccb-b6b9-4eb6-b2ff-a463c60724c0">

**Enabling disk encryption**

![turning-on-enforcement](https://github.com/user-attachments/assets/005010b9-2238-46f8-9579-f07823898a78)

**Disk encryption: Fleet free**
<img width="1912" alt="free"
src="https://github.com/user-attachments/assets/9f9cace3-8955-47c2-87d9-24ff9387ac1a">

**Custom settings: turn on MDM**
<img width="1912" alt="turn on mdm"
src="https://github.com/user-attachments/assets/4d3ad47b-4035-4d93-86f0-dc2691b38bb4">

**Device status indicators**

![host-status-indicators](https://github.com/user-attachments/assets/5fc72c1e-816b-45b3-a650-5c1fcc48f09e)

**Encryption key action and modal**

![de-key-action-and-modal](https://github.com/user-attachments/assets/632f7b2c-c07e-4e30-87ef-e6437ae42a78)



- [x] Changes file added for user-visible changes in `changes/`
- [x] Added/updated tests
- [x] Manual QA for all new/changed functionality
  - [ ] Full e2e testing to do when integrated with backend

---------

Co-authored-by: Jacob Shandling <jacob@fleetdm.com>
Co-authored-by: Ian Littman <iansltx@gmail.com>
2024-11-20 11:58:47 -08:00

60 lines
1.9 KiB
TypeScript
Raw Blame History

import sendRequest from "services";
import endpoints from "utilities/endpoints";
import { buildQueryStringFromParams } from "utilities/url";
// TODO - move disk encryption types like this to dedicated file
import { DiskEncryptionStatus } from "interfaces/mdm";
import { APP_CONTEXT_NO_TEAM_ID } from "interfaces/team";
export interface IDiskEncryptionStatusAggregate {
macos: number;
windows: number;
linux: number;
}
export type IDiskEncryptionSummaryResponse = Record<
DiskEncryptionStatus,
IDiskEncryptionStatusAggregate
>;
const diskEncryptionService = {
getDiskEncryptionSummary: (teamId?: number) => {
let { MDM_DISK_ENCRYPTION_SUMMARY: path } = endpoints;
if (teamId) {
path = `${path}?${buildQueryStringFromParams({ team_id: teamId })}`;
}
return sendRequest("GET", path);
},
updateDiskEncryption: (enableDiskEncryption: boolean, teamId?: number) => {
// TODO - use same endpoint for both once issue with new endpoint for no team is resolved
const {
UPDATE_DISK_ENCRYPTION: teamsEndpoint,
CONFIG: noTeamsEndpoint,
} = endpoints;
if (teamId === 0) {
return sendRequest("PATCH", noTeamsEndpoint, {
mdm: {
enable_disk_encryption: enableDiskEncryption,
},
});
}
return sendRequest("POST", teamsEndpoint, {
enable_disk_encryption: enableDiskEncryption,
// TODO - it would be good to be able to use an API_CONTEXT_NO_TEAM_ID here, but that is
// currently set to 0, which should actually be undefined since the server expects teamId ==
// nil for no teams, not 0.
team_id: teamId === APP_CONTEXT_NO_TEAM_ID ? undefined : teamId,
});
},
triggerLinuxDiskEncryptionKeyEscrow: (token: string) => {
const { DEVICE_TRIGGER_LINUX_DISK_ENCRYPTION_KEY_ESCROW } = endpoints;
return sendRequest(
"POST",
DEVICE_TRIGGER_LINUX_DISK_ENCRYPTION_KEY_ESCROW(token)
);
},
};
export default diskEncryptionService;
Reference in a new issue View git blame Copy permalink