Elgato_dark/fleet
1
0
Fork 0
mirror of https://github.com/fleetdm/fleet synced 2026-05-18 22:49:19 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 86
fleet/website/api/models/MicrosoftComplianceTenant.js
Eric 13eeebe548
Website: Add Microsoft compliance proxy endpoints. (#27403) 
Changes:
- Created a new database model: `MicrosoftComplianceTenant`. A model
that stores information about complaince tenants
- Added `/policies/is-cloud-customer`: a policy that blocks requests to
microsoft proxy endpoints if a `MS API KEY` header is missing or does
not match a new config variable
(`sails.custom.config.cloudCustomerCompliancePartnerSharedSecret`)
- Added `microsoft-proxy/create-compliance-partner-tenant`: an action
that creates a database record for a new compliance tenant and generates
an API key that is used to authenticate future requests to microsoft
proxy endpoints for an entra tenant.
- Added `microsoft-proxy/get-compliance-partner-settings`: an action
that returns information about Fleet's complaince partner entra
application and the entra tenant's admin consent status (whether or not
a tenant's entra admin has granted permissions to Fleet's compliance
partner application)
- Added `microsoft-proxy/get-tenants-admin-consent-status`: an action
that updates the admin consent status of a compliance tenant record.
- Added `microsoft-proxy/setup-compliance-partner-tenant`: an action
that provisions a compliance tenant, creates a complaince policy for
macOS devices assigns the created policy to the built-in "All users"
user group on the tenants entra instance.
- Added `microsoft-proxy/update-one-devices-compliance-status`: an
action that receives information about a device on a compliance tenant's
Fleet instance, sends that information to their Entra instance, and
returns the messsage ID returned by the asynchronus Entra API.
- Added `microsoft-proxy/get-one-compliance-status-result`: an action
that returns the result of a compliance status update from the Entra
API.
- Added `sails.helpers.microsoft-proxy.get-access-token-and-api-urls` A
helper that gets an access token for a tenant's entra instance and the
URLs of the API endpoints the microsoft proxy actions use for a tenant.
- Added `scripts/send-entra-heartbeat-requests` A script that will run
daily to keep all microsoft compliance integrations provisioned.
-

---------

Co-authored-by: Lucas Rodriguez <[email protected]>
2025-06-11 13:01:36 -05:00

74 lines
2.4 KiB
JavaScript
Vendored
Raw Blame History

/**
* MicrosoftComplianceTenant.js
*
* @description :: A model definition represents a database table/collection.
* @docs :: https://sailsjs.com/docs/concepts/models-and-orm/models
*/
module.exports = {
attributes: {
// ╔═╗╦═╗╦╔╦╗╦╔╦╗╦╦ ╦╔═╗╔═╗
// ╠═╝╠╦╝║║║║║ ║ ║╚╗╔╝║╣ ╚═╗
// ╩ ╩╚═╩╩ ╩╩ ╩ ╩ ╚╝ ╚═╝╚═╝
fleetServerSecret: {
type: 'string',
description: 'The randomly generated API token generated by the Fleet website for the Fleet server used to authenticate requests coming from this compliance tenant.'
},
entraTenantId: {
type: 'string',
description: 'The Microsoft entra tenant ID for this compliance tenant',
unique: true,
required: true,
},
fleetInstanceUrl: {
type: 'string',
description: 'The url of the connected Fleet instance.',
unique: true,
required: true,
},
setupCompleted: {
type: 'boolean',
defaultsTo: false,
description: 'Whether or not the Fleet Compliance partner application has been provisioned on the tenant, created a policy, and assigned the created policy to all users.',
},
lastHeartbeatAt: {
type: 'string',
description: 'A JS timestamp (Epoch MS) representing the last time a heartbeat was sent for this compliance tenant'
},
adminConsented: {
type: 'boolean',
description: 'Whether or not an Intune admin consented to add Fleet as a compliance partner.',
extendedDescription: 'Used only during the initial setup.',
},
stateTokenForAdminConsent: {
type: 'string',
description: 'A token used to authenticate admin consent webhook requests.',
},
setupError: {
type: 'string',
description: 'The last error logged from a Microsoft API during the initial setup of the complaince tenant (If there were any)',
}
// ╔═╗╔╦╗╔╗ ╔═╗╔╦╗╔═╗
// ║╣ ║║║╠╩╗║╣ ║║╚═╗
// ╚═╝╩ ╩╚═╝╚═╝═╩╝╚═╝
// ╔═╗╔═╗╔═╗╔═╗╔═╗╦╔═╗╔╦╗╦╔═╗╔╗╔╔═╗
// ╠═╣╚═╗╚═╗║ ║║ ║╠═╣ ║ ║║ ║║║║╚═╗
// ╩ ╩╚═╝╚═╝╚═╝╚═╝╩╩ ╩ ╩ ╩╚═╝╝╚╝╚═╝
},
};
Reference in a new issue View git blame Copy permalink