Elgato_dark/fleet
1
0
Fork 0
mirror of https://github.com/fleetdm/fleet synced 2026-05-22 08:28:52 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 107
fleet/cmd/fleetctl/apply.go
Ian Littman 0a8a396643
Ensure scripts set in no-team.yml can be used in run-script actions for No Team (#22809) 
For #22787

Also revises the spec check to explain that scripts have to be defined
"controls" when used in policies for the same team, with an explicit
call-out for no-team.yml since this fix doesn't support pulling scripts
from the global file. This is because parsing and script-matching
happens early enough that we can't throw an error in the part of the
code where we bail when controls are defined in both no-team and default
files.

To minimize diff size, we're both "passing-by-ref" and returning the
maps-by-team of scripts and installers, though the former would be
sufficient on its own.

# Checklist for submitter

If some of the following don't apply, delete the relevant line.

<!-- Note that API documentation changes are now addressed by the
product design team. -->

- N/A Changes file added for user-visible changes in `changes/`,
`orbit/changes/` or `ee/fleetd-chrome/changes`.
See [Changes
files](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/Committing-Changes.md#changes-files)
for more information.
- [x] Input data is properly validated, `SELECT *` is avoided, SQL
injection is prevented (using placeholders for values in statements)
- [x] Added/updated tests (sorta)
- [x] Manual QA for all new/changed functionality
2024-10-10 06:12:24 -05:00

104 lines
2.8 KiB
Go
Raw Blame History

package main
import (
"errors"
"fmt"
"os"
"path/filepath"
"strings"
"github.com/fleetdm/fleet/v4/pkg/spec"
"github.com/fleetdm/fleet/v4/server/fleet"
"github.com/urfave/cli/v2"
)
func applyCommand() *cli.Command {
var (
flFilename string
flForce bool
flDryRun bool
)
return &cli.Command{
Name: "apply",
Usage: "Apply files to declaratively manage osquery configurations",
UsageText: `fleetctl apply [options]`,
Flags: []cli.Flag{
&cli.StringFlag{
Name: "f",
EnvVars: []string{"FILENAME"},
Value: "",
Destination: &flFilename,
Usage: "A file to apply",
},
&cli.BoolFlag{
Name: "force",
EnvVars: []string{"FORCE"},
Destination: &flForce,
Usage: "Force applying the file even if it raises validation errors (only supported for 'config' and 'team' specs)",
},
&cli.BoolFlag{
Name: "dry-run",
EnvVars: []string{"DRY_RUN"},
Destination: &flDryRun,
Usage: "Do not apply the file, just validate it (only supported for 'config' and 'team' specs)",
},
&cli.StringFlag{
Name: "policies-team",
Usage: "A team's name, this flag is only used on policies specs (overrides 'team' key in the policies file). This allows to easily import a group of policies to a team.",
},
configFlag(),
contextFlag(),
debugFlag(),
},
Action: func(c *cli.Context) error {
if flFilename == "" {
return errors.New("-f must be specified")
}
b, err := os.ReadFile(flFilename)
if err != nil {
return err
}
fleetClient, err := clientFromCLI(c)
if err != nil {
return err
}
// Check if the file has a .yml or .yaml extension
ext := strings.ToLower(filepath.Ext(flFilename))
if ext == "" {
return errors.New("Missing file extension: only .yml or .yaml files can be applied")
}
if ext != ".yml" && ext != ".yaml" {
return fmt.Errorf("Invalid file extension %s: only .yml or .yaml files can be applied", ext)
}
specs, err := spec.GroupFromBytes(b)
if err != nil {
return err
}
logf := func(format string, a ...interface{}) {
fmt.Fprintf(c.App.Writer, format, a...)
}
opts := fleet.ApplyClientSpecOptions{
ApplySpecOptions: fleet.ApplySpecOptions{
Force: flForce,
DryRun: flDryRun,
},
}
if policiesTeamName := c.String("policies-team"); policiesTeamName != "" {
opts.TeamForPolicies = policiesTeamName
}
baseDir := filepath.Dir(flFilename)
teamsSoftwareInstallers := make(map[string][]fleet.SoftwarePackageResponse)
teamsScripts := make(map[string][]fleet.ScriptResponse)
_, _, _, err = fleetClient.ApplyGroup(c.Context, specs, baseDir, logf, nil, opts, teamsSoftwareInstallers, teamsScripts)
if err != nil {
return err
}
return nil
},
}
}
Reference in a new issue View git blame Copy permalink