Elgato_dark/fleet
1
0
Fork 0
mirror of https://github.com/fleetdm/fleet synced 2026-05-22 16:39:01 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 121
fleet/website/api/policies/is-cloud-customer.js
Eric 13eeebe548
Website: Add Microsoft compliance proxy endpoints. (#27403) 
Changes:
- Created a new database model: `MicrosoftComplianceTenant`. A model
that stores information about complaince tenants
- Added `/policies/is-cloud-customer`: a policy that blocks requests to
microsoft proxy endpoints if a `MS API KEY` header is missing or does
not match a new config variable
(`sails.custom.config.cloudCustomerCompliancePartnerSharedSecret`)
- Added `microsoft-proxy/create-compliance-partner-tenant`: an action
that creates a database record for a new compliance tenant and generates
an API key that is used to authenticate future requests to microsoft
proxy endpoints for an entra tenant.
- Added `microsoft-proxy/get-compliance-partner-settings`: an action
that returns information about Fleet's complaince partner entra
application and the entra tenant's admin consent status (whether or not
a tenant's entra admin has granted permissions to Fleet's compliance
partner application)
- Added `microsoft-proxy/get-tenants-admin-consent-status`: an action
that updates the admin consent status of a compliance tenant record.
- Added `microsoft-proxy/setup-compliance-partner-tenant`: an action
that provisions a compliance tenant, creates a complaince policy for
macOS devices assigns the created policy to the built-in "All users"
user group on the tenants entra instance.
- Added `microsoft-proxy/update-one-devices-compliance-status`: an
action that receives information about a device on a compliance tenant's
Fleet instance, sends that information to their Entra instance, and
returns the messsage ID returned by the asynchronus Entra API.
- Added `microsoft-proxy/get-one-compliance-status-result`: an action
that returns the result of a compliance status update from the Entra
API.
- Added `sails.helpers.microsoft-proxy.get-access-token-and-api-urls` A
helper that gets an access token for a tenant's entra instance and the
URLs of the API endpoints the microsoft proxy actions use for a tenant.
- Added `scripts/send-entra-heartbeat-requests` A script that will run
daily to keep all microsoft compliance integrations provisioned.
-

---------

Co-authored-by: Lucas Rodriguez <[email protected]>
2025-06-11 13:01:36 -05:00

24 lines
759 B
JavaScript
Vendored
Raw Blame History

/**
* is-cloud-customer
*
* A simple policy that allows requests to microsoft proxy endpoints from a cloud customer.
*
* For more about how to use policies, see:
* https://sailsjs.com/config/policies
* https://sailsjs.com/docs/concepts/policies
* https://sailsjs.com/docs/concepts/policies/access-control-and-permissions
*/
module.exports = async function (req, res, proceed) {
// If an MS API KEY header was provided, check to see if it matches the entraSharedSecret.
if (req.get('MS-API-KEY')) {
if(req.get('MS-API-KEY') === sails.config.custom.cloudCustomerCompliancePartnerSharedSecret){
return proceed();
}
}
//--•
// Otherwise, this request did not come from a cloud customer.
return res.unauthorized();
};
Reference in a new issue View git blame Copy permalink