mirror of
https://github.com/fleetdm/fleet
synced 2026-05-20 07:29:08 +00:00
096d67dd5a
## Addresses #22702, #23713, #23756, #23746, #23747, and #23876 _-Note that much of this code as is will render as expected only once integrated with the backend or if manipulated manually for testing purposes_ **Frontend**: - Update banners on my device page, tests - Build new logic for calling endpoint to trigger linux key escrow on clicking `Create key` - Add `CreateLinuxKeyModal` to inform user of next steps after clicking `Create key` - Update banners on host details page, tests - Update the Controls > OS settings section with new logic related to linux disk encryption - Expect and include counts of Linux hosts in aggregate disk encryption stats UI - Add "Linux" column to the disk encryption table - Show disk encryption related UI for supported Linux platforms - TODO: confirm platform string matching functionality in manual e2e testing - Expand capabilities of `SectionHeader` component, apply to new UI - Flash "missing private key" error, with clickable link, when trying to update disk encryption enabled while no server private key is present. - TODO: QA this once other endpoints on Controls > Disk encryption are enabled even when MDM not turned on - Update Disk encryption key modal copy -Other TODO: - Confirm when integrated with API: - Aggregate disk encryption counts - Disk encryption table Linux column - Show disk encryption key action on host details page when expected - Opens Disk encryption key modal, displays key as expected **Backend**: - For "No team" and teams, error when trying to update disk encryption enabled while no server private key is present. - Remove requirement of mdm being enabled for use of various endpoints related to Linux disk encryption - Update tests _________ **Host details and my device page banners**  **Create key modal** <img width="1799" alt="create-key-modal" src="https://github.com/user-attachments/assets/81a55ccb-b6b9-4eb6-b2ff-a463c60724c0"> **Enabling disk encryption**  **Disk encryption: Fleet free** <img width="1912" alt="free" src="https://github.com/user-attachments/assets/9f9cace3-8955-47c2-87d9-24ff9387ac1a"> **Custom settings: turn on MDM** <img width="1912" alt="turn on mdm" src="https://github.com/user-attachments/assets/4d3ad47b-4035-4d93-86f0-dc2691b38bb4"> **Device status indicators**  **Encryption key action and modal**  - [x] Changes file added for user-visible changes in `changes/` - [x] Added/updated tests - [x] Manual QA for all new/changed functionality - [ ] Full e2e testing to do when integrated with backend --------- Co-authored-by: Jacob Shandling <jacob@fleetdm.com> Co-authored-by: Ian Littman <iansltx@gmail.com>
218 lines
5.3 KiB
TypeScript
218 lines
5.3 KiB
TypeScript
import { IConfigServerSettings } from "./config";
|
|
|
|
export interface IMdmApple {
|
|
common_name: string;
|
|
serial_number: string;
|
|
issuer: string;
|
|
renew_date: string;
|
|
}
|
|
|
|
export interface IMdmAppleBm {
|
|
default_team?: string;
|
|
apple_id: string;
|
|
org_name: string;
|
|
mdm_server_url: string;
|
|
renew_date: string;
|
|
}
|
|
|
|
export type ITokenTeam = {
|
|
team_id: number;
|
|
name: string;
|
|
};
|
|
|
|
export interface IMdmAbmToken {
|
|
id: number;
|
|
apple_id: string;
|
|
org_name: string;
|
|
mdm_server_url: string;
|
|
renew_date: string;
|
|
terms_expired: boolean;
|
|
macos_team: ITokenTeam;
|
|
ios_team: ITokenTeam;
|
|
ipados_team: ITokenTeam;
|
|
}
|
|
|
|
export interface IMdmVppToken {
|
|
id: number;
|
|
org_name: string;
|
|
location: string;
|
|
renew_date: string;
|
|
teams: ITokenTeam[] | null; // null means token isn't configured to a team; empty array means all teams
|
|
}
|
|
|
|
export const getMdmServerUrl = ({ server_url }: IConfigServerSettings) => {
|
|
return server_url.concat("/mdm/apple/mdm");
|
|
};
|
|
|
|
export const MDM_ENROLLMENT_STATUS = {
|
|
"On (manual)": "manual",
|
|
"On (automatic)": "automatic",
|
|
Off: "unenrolled",
|
|
Pending: "pending",
|
|
};
|
|
|
|
export type MdmEnrollmentStatus = keyof typeof MDM_ENROLLMENT_STATUS;
|
|
|
|
export interface IMdmStatusCardData {
|
|
status: MdmEnrollmentStatus;
|
|
hosts: number;
|
|
}
|
|
|
|
export interface IMdmAggregateStatus {
|
|
enrolled_manual_hosts_count: number;
|
|
enrolled_automated_hosts_count: number;
|
|
unenrolled_hosts_count: number;
|
|
pending_hosts_count?: number;
|
|
}
|
|
|
|
export interface IMdmSolution {
|
|
id: number;
|
|
name: string | null;
|
|
server_url: string;
|
|
hosts_count: number;
|
|
}
|
|
|
|
/** This is the mdm solution that comes back from the host/summary/mdm
|
|
request. We will always get a string for the solution name in this case */
|
|
export interface IMdmSummaryMdmSolution extends IMdmSolution {
|
|
name: string;
|
|
}
|
|
|
|
interface IMdmStatus {
|
|
enrolled_manual_hosts_count: number;
|
|
enrolled_automated_hosts_count: number;
|
|
unenrolled_hosts_count: number;
|
|
pending_hosts_count?: number;
|
|
hosts_count: number;
|
|
}
|
|
|
|
export interface IMdmSummaryResponse {
|
|
counts_updated_at: string;
|
|
mobile_device_management_enrollment_status: IMdmStatus;
|
|
mobile_device_management_solution: IMdmSummaryMdmSolution[] | null;
|
|
}
|
|
|
|
export type ProfilePlatform = "darwin" | "windows" | "ios" | "ipados" | "linux";
|
|
|
|
export interface IProfileLabel {
|
|
name: string;
|
|
id?: number; // id is only present when the label is not broken
|
|
broken?: boolean;
|
|
}
|
|
|
|
export interface IMdmProfile {
|
|
profile_uuid: string;
|
|
team_id: number;
|
|
name: string;
|
|
platform: ProfilePlatform;
|
|
identifier: string | null; // null for windows profiles
|
|
created_at: string;
|
|
updated_at: string;
|
|
checksum: string | null; // null for windows profiles
|
|
labels_include_all?: IProfileLabel[];
|
|
labels_include_any?: IProfileLabel[];
|
|
labels_exclude_any?: IProfileLabel[];
|
|
}
|
|
|
|
export type MdmProfileStatus = "verified" | "verifying" | "pending" | "failed";
|
|
export type MdmDDMProfileStatus =
|
|
| "success"
|
|
| "pending"
|
|
| "failed"
|
|
| "acknowledged";
|
|
|
|
export type ProfileOperationType = "remove" | "install";
|
|
|
|
export interface IHostMdmProfile {
|
|
profile_uuid: string;
|
|
name: string;
|
|
operation_type: ProfileOperationType | null;
|
|
platform: ProfilePlatform;
|
|
status: MdmProfileStatus | MdmDDMProfileStatus | LinuxDiskEncryptionStatus;
|
|
detail: string;
|
|
}
|
|
|
|
// TODO - move disk encryption related types to dedicated file
|
|
export type DiskEncryptionStatus =
|
|
| "verified"
|
|
| "verifying"
|
|
| "action_required"
|
|
| "enforcing"
|
|
| "failed"
|
|
| "removing_enforcement";
|
|
|
|
/** Currently windows disk enxryption status will only be one of these four
|
|
values. In the future we may add more. */
|
|
export type WindowsDiskEncryptionStatus = Extract<
|
|
DiskEncryptionStatus,
|
|
"verified" | "verifying" | "enforcing" | "failed"
|
|
>;
|
|
|
|
export const isWindowsDiskEncryptionStatus = (
|
|
status: DiskEncryptionStatus
|
|
): status is WindowsDiskEncryptionStatus => {
|
|
switch (status) {
|
|
case "verified":
|
|
case "verifying":
|
|
case "enforcing":
|
|
case "failed":
|
|
return true;
|
|
default:
|
|
return false;
|
|
}
|
|
};
|
|
|
|
export type LinuxDiskEncryptionStatus = Extract<
|
|
DiskEncryptionStatus,
|
|
"verified" | "failed" | "action_required"
|
|
>;
|
|
|
|
export const isLinuxDiskEncryptionStatus = (
|
|
status: DiskEncryptionStatus
|
|
): status is LinuxDiskEncryptionStatus =>
|
|
["verified", "failed", "action_required"].includes(status);
|
|
|
|
export const FLEET_FILEVAULT_PROFILE_DISPLAY_NAME = "Disk encryption";
|
|
|
|
export interface IMdmSSOReponse {
|
|
url: string;
|
|
}
|
|
|
|
export interface IBootstrapPackageMetadata {
|
|
name: string;
|
|
team_id: number;
|
|
sha256: string;
|
|
token: string;
|
|
created_at: string;
|
|
}
|
|
|
|
export interface IBootstrapPackageAggregate {
|
|
installed: number;
|
|
pending: number;
|
|
failed: number;
|
|
}
|
|
|
|
export enum BootstrapPackageStatus {
|
|
INSTALLED = "installed",
|
|
PENDING = "pending",
|
|
FAILED = "failed",
|
|
}
|
|
|
|
/**
|
|
* IMdmCommandResult is the shape of an mdm command result object
|
|
* returned by the Fleet API.
|
|
*/
|
|
export interface IMdmCommandResult {
|
|
host_uuid: string;
|
|
command_uuid: string;
|
|
/** Status is the status of the command. It can be one of Acknowledged, Error, or NotNow for
|
|
// Apple, or 200, 400, etc for Windows. */
|
|
status: string;
|
|
updated_at: string;
|
|
request_type: string;
|
|
hostname: string;
|
|
/** Payload is a base64-encoded string containing the MDM command request */
|
|
payload: string;
|
|
/** Result is a base64-enconded string containing the MDM command response */
|
|
result: string;
|
|
}
|