mirror of
https://github.com/fleetdm/fleet
synced 2026-05-06 14:58:33 +00:00
4272df375a
Related to: https://github.com/fleetdm/fleet/issues/26270 Changes: - Added a new database model: `AndroidEnterprise` - Added one new website dependency: `[email protected]` - Added `android-proxy/create-android-signup-url`: an endpoint that returns a signup url used to grant access to Fleet's Android MDM integration. - Added `android-proxy/create-android-enterprise`: An endpoint that creates an Android enterprise for a Fleet server - Added `android-proxy/create-android-enrollment-token`: An endpoint that returns an enrollment token for an Android enterprise - Added `android-proxy/modify-android-policies`: An endpoint used to update policies of an Android enterprise - Added `android-proxy/delete-one-android-enterprise`: an endpoint that deletes an Android enterprise --------- Co-authored-by: Victor Lyuboslavsky <[email protected]>
84 lines
2.8 KiB
JavaScript
Vendored
84 lines
2.8 KiB
JavaScript
Vendored
module.exports = {
|
|
|
|
|
|
friendlyName: 'Modify android policies',
|
|
|
|
|
|
description: 'Modifies a policy of an Android enterprise',
|
|
|
|
|
|
inputs: {
|
|
androidEnterpriseId: {
|
|
type: 'string',
|
|
required: true,
|
|
},
|
|
policyId: {
|
|
type: 'string',
|
|
required: true,
|
|
},
|
|
},
|
|
|
|
|
|
exits: {
|
|
success: { description: 'The policy of an Android enterprise was successfully updated.' }
|
|
},
|
|
|
|
|
|
fn: async function ({ androidEnterpriseId, policyId}) {
|
|
|
|
// Extract fleetServerSecret from the Authorization header
|
|
let authHeader = this.req.get('authorization');
|
|
let fleetServerSecret;
|
|
|
|
if (authHeader && authHeader.startsWith('Bearer')) {
|
|
fleetServerSecret = authHeader.replace('Bearer', '').trim();
|
|
} else {
|
|
return this.res.unauthorized('Authorization header with Bearer token is required');
|
|
}
|
|
|
|
// Authenticate this request
|
|
let thisAndroidEnterprise = await AndroidEnterprise.findOne({
|
|
androidEnterpriseId: androidEnterpriseId
|
|
});
|
|
|
|
// Return a 404 response if no records are found.
|
|
if (!thisAndroidEnterprise) {
|
|
return this.res.notFound();
|
|
}
|
|
// Return an unauthorized response if the provided secret does not match.
|
|
if (thisAndroidEnterprise.fleetServerSecret !== fleetServerSecret) {
|
|
return this.res.unauthorized();
|
|
}
|
|
// Update the policy for this Android enterprise.
|
|
// Note: We're using sails.helpers.flow.build here to handle any errors that occurr using google's node library.
|
|
let modifyPoliciesResponse = await sails.helpers.flow.build(async () => {
|
|
let { google } = require('googleapis');
|
|
let androidmanagement = google.androidmanagement('v1');
|
|
let googleAuth = new google.auth.GoogleAuth({
|
|
scopes: ['https://www.googleapis.com/auth/androidmanagement'],
|
|
credentials: {
|
|
client_email: sails.config.custom.androidEnterpriseServiceAccountEmailAddress,// eslint-disable-line camelcase
|
|
private_key: sails.config.custom.androidEnterpriseServiceAccountPrivateKey,// eslint-disable-line camelcase
|
|
},
|
|
});
|
|
// Acquire the google auth client, and bind it to all future calls
|
|
let authClient = await googleAuth.getClient();
|
|
google.options({ auth: authClient });
|
|
// [?]: https://googleapis.dev/nodejs/googleapis/latest/androidmanagement/classes/Resource$Enterprises$Policies.html#patch
|
|
let patchPoliciesResponse = await androidmanagement.enterprises.policies.patch({
|
|
name: `enterprises/${androidEnterpriseId}/policies/${policyId}`,
|
|
requestBody: this.req.body,
|
|
});
|
|
return patchPoliciesResponse.data;
|
|
}).intercept((err) => {
|
|
return new Error(`When attempting to update a policy for an Android enterprise (${androidEnterpriseId}), an error occurred. Error: ${err}`);
|
|
});
|
|
|
|
|
|
// Return the modified policy back to the Fleet server.
|
|
return modifyPoliciesResponse;
|
|
|
|
}
|
|
|
|
|
|
};
|