empayre/fleet
14
0
Fork 0
mirror of https://github.com/empayre/fleet.git synced 2024-11-06 17:05:18 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity
109dc8d8ce
fleet/server/service/handler.go

718 lines
45 KiB
Go
Raw Normal View History

Organizing go code (#241)
2016-09-26 18:48:55 +00:00
package service
go-kit server layout
2016-08-28 03:59:17 +00:00
import (
Update go-kit to 0.4.0 (#1411) Notable refactoring: - Use stdlib "context" in place of "golang.org/x/net/context" - Go-kit no longer wraps errors, so we remove the unwrap in transport_error.go - Use MakeHandler when setting up endpoint tests (fixes test bug caught during this refactoring) Closes #1411.
2017-03-15 15:55:30 +00:00
"context"
go-kit server layout
2016-08-28 03:59:17 +00:00
"net/http"
allow osqueryd endpoints to enroll before app setup is complete (#931) Closes #929
2017-01-12 00:40:58 +00:00
"strings"
go-kit server layout
2016-08-28 03:59:17 +00:00
Add v4 suffix in go.mod (#1224)
2021-06-26 04:46:51 +00:00
"github.com/fleetdm/fleet/v4/server/config"
"github.com/fleetdm/fleet/v4/server/fleet"
"github.com/fleetdm/fleet/v4/server/service/middleware/authzcheck"
"github.com/fleetdm/fleet/v4/server/service/middleware/ratelimit"
Create context packages (#228) add token context package add viewer context package add host context package update authenticated middleware to set viewer context or return error re-organize API handler
2016-09-26 17:14:39 +00:00
"github.com/go-kit/kit/endpoint"
go-kit server layout
2016-08-28 03:59:17 +00:00
kitlog "github.com/go-kit/kit/log"
Deprecate /api/v1/kolide routes (#297) - Support both /api/v1/fleet and /api/v1/kolide routes in server. - Add logging for use of deprecated routes. - Rename routes in frontend JS. - Rename routes and add notes in documentation.
2021-02-10 20:13:11 +00:00
"github.com/go-kit/kit/log/level"
go-kit server layout
2016-08-28 03:59:17 +00:00
kithttp "github.com/go-kit/kit/transport/http"
"github.com/gorilla/mux"
add prometheus metrics to every http endpoint in the app (#680) tracking the following metrics: http_request_duration_microseconds http_request_size_bytes http_response_size_bytes http_requests_total
2016-12-22 17:39:44 +00:00
"github.com/prometheus/client_golang/prometheus"
Add rate-limiting to login and password reset (#543) Prevent abuse of these endpoints with rate limiting backed by Redis. The limits assigned should be appropriate for almost any Fleet deployment. Closes #530
2021-03-26 18:23:29 +00:00
"github.com/throttled/throttled/v2"
go-kit server layout
2016-08-28 03:59:17 +00:00
)
Remove deprecated kolide names from API routes and configuration (#957) Closes #260
2021-06-04 23:51:18 +00:00
// FleetEndpoints is a collection of RPC endpoints implemented by the Fleet API.
type FleetEndpoints struct {
Add fleetctl query command (#1784) Allow queries targeted by hostname and label name.
2018-05-17 22:54:34 +00:00
Login endpoint.Endpoint
Logout endpoint.Endpoint
ForgotPassword endpoint.Endpoint
ResetPassword endpoint.Endpoint
Me endpoint.Endpoint
ChangePassword endpoint.Endpoint
Implement fleetctl user create (#9) - Allow user creation via `fleetctl user create` - Cleanup and rename existing methods for clarity Fixes https://github.com/kolide/fleet/issues/2306
2020-11-05 01:06:55 +00:00
CreateUserWithInvite endpoint.Endpoint
Add fleetctl query command (#1784) Allow queries targeted by hostname and label name.
2018-05-17 22:54:34 +00:00
CreateUser endpoint.Endpoint
GetUser endpoint.Endpoint
ListUsers endpoint.Endpoint
ModifyUser endpoint.Endpoint
Delete instead of disabling users (#622) - Migration to delete existing disabled users. - Remove enabled attribute. - Add endpoint for user deletion.
2021-04-08 23:53:33 +00:00
DeleteUser endpoint.Endpoint
Add fleetctl query command (#1784) Allow queries targeted by hostname and label name.
2018-05-17 22:54:34 +00:00
RequirePasswordReset endpoint.Endpoint
PerformRequiredPasswordReset endpoint.Endpoint
GetSessionsForUserInfo endpoint.Endpoint
DeleteSessionsForUser endpoint.Endpoint
GetSessionInfo endpoint.Endpoint
DeleteSession endpoint.Endpoint
GetAppConfig endpoint.Endpoint
ModifyAppConfig endpoint.Endpoint
Add support for multiple enroll secrets (#2238) - Support multiple enroll secrets - Record name of enroll secret used when host enrolls - Update fleetctl and UI to support these features
2020-05-29 16:12:39 +00:00
ApplyEnrollSecretSpec endpoint.Endpoint
GetEnrollSecretSpec endpoint.Endpoint
Add fleetctl query command (#1784) Allow queries targeted by hostname and label name.
2018-05-17 22:54:34 +00:00
CreateInvite endpoint.Endpoint
ListInvites endpoint.Endpoint
DeleteInvite endpoint.Endpoint
VerifyInvite endpoint.Endpoint
GetQuery endpoint.Endpoint
ListQueries endpoint.Endpoint
CreateQuery endpoint.Endpoint
ModifyQuery endpoint.Endpoint
DeleteQuery endpoint.Endpoint
Fix pack and query UI issues in Fleet 2.0 (#1829) Replaces (and appropriately refactors) a number of endpoints that were removed long ago when we decided to kill the UI with the fleetctl release. We turned out not to do this, and now need to restore these missing endpoints. This is not a straight up replacement of the existing code because of refactoring to the DB schemas that was also done in the migration. Most of the replaced code was removed in #1670 and #1686. Fixes #1811, fixes #1810
2018-06-15 14:13:11 +00:00
DeleteQueryByID endpoint.Endpoint
Add fleetctl query command (#1784) Allow queries targeted by hostname and label name.
2018-05-17 22:54:34 +00:00
DeleteQueries endpoint.Endpoint
ApplyQuerySpecs endpoint.Endpoint
GetQuerySpecs endpoint.Endpoint
GetQuerySpec endpoint.Endpoint
CreateDistributedQueryCampaign endpoint.Endpoint
CreateDistributedQueryCampaignByNames endpoint.Endpoint
Fix pack and query UI issues in Fleet 2.0 (#1829) Replaces (and appropriately refactors) a number of endpoints that were removed long ago when we decided to kill the UI with the fleetctl release. We turned out not to do this, and now need to restore these missing endpoints. This is not a straight up replacement of the existing code because of refactoring to the DB schemas that was also done in the migration. Most of the replaced code was removed in #1670 and #1686. Fixes #1811, fixes #1810
2018-06-15 14:13:11 +00:00
CreatePack endpoint.Endpoint
ModifyPack endpoint.Endpoint
Add fleetctl query command (#1784) Allow queries targeted by hostname and label name.
2018-05-17 22:54:34 +00:00
GetPack endpoint.Endpoint
ListPacks endpoint.Endpoint
DeletePack endpoint.Endpoint
Fix pack and query UI issues in Fleet 2.0 (#1829) Replaces (and appropriately refactors) a number of endpoints that were removed long ago when we decided to kill the UI with the fleetctl release. We turned out not to do this, and now need to restore these missing endpoints. This is not a straight up replacement of the existing code because of refactoring to the DB schemas that was also done in the migration. Most of the replaced code was removed in #1670 and #1686. Fixes #1811, fixes #1810
2018-06-15 14:13:11 +00:00
DeletePackByID endpoint.Endpoint
Add fleetctl query command (#1784) Allow queries targeted by hostname and label name.
2018-05-17 22:54:34 +00:00
GetScheduledQueriesInPack endpoint.Endpoint
Fix pack and query UI issues in Fleet 2.0 (#1829) Replaces (and appropriately refactors) a number of endpoints that were removed long ago when we decided to kill the UI with the fleetctl release. We turned out not to do this, and now need to restore these missing endpoints. This is not a straight up replacement of the existing code because of refactoring to the DB schemas that was also done in the migration. Most of the replaced code was removed in #1670 and #1686. Fixes #1811, fixes #1810
2018-06-15 14:13:11 +00:00
ScheduleQuery endpoint.Endpoint
GetScheduledQuery endpoint.Endpoint
ModifyScheduledQuery endpoint.Endpoint
DeleteScheduledQuery endpoint.Endpoint
Add fleetctl query command (#1784) Allow queries targeted by hostname and label name.
2018-05-17 22:54:34 +00:00
ApplyPackSpecs endpoint.Endpoint
GetPackSpecs endpoint.Endpoint
GetPackSpec endpoint.Endpoint
EnrollAgent endpoint.Endpoint
GetClientConfig endpoint.Endpoint
GetDistributedQueries endpoint.Endpoint
SubmitDistributedQueryResults endpoint.Endpoint
SubmitLogs endpoint.Endpoint
Add file carving support (#15) - Add endpoints for osquery to register and continue a carve. - Implement client functionality for retrieving carve details and contents in fleetctl. - Add documentation on using file carving with Fleet. Addresses kolide/fleet#1714
2020-11-05 04:45:16 +00:00
CarveBegin endpoint.Endpoint
CarveBlock endpoint.Endpoint
Fix labels UI issues in Fleet 2.0 (#1830) Replaces the UI endpoints for creating and modifying labels. These were removed in #1686 because we thought we were killing the UI. Now labels can be created and edited in the UI again.
2018-06-18 17:09:08 +00:00
CreateLabel endpoint.Endpoint
ModifyLabel endpoint.Endpoint
Add fleetctl query command (#1784) Allow queries targeted by hostname and label name.
2018-05-17 22:54:34 +00:00
GetLabel endpoint.Endpoint
ListLabels endpoint.Endpoint
Implement pagination of hosts in the web UI This commit takes advantage of the existing pagination APIs in the Fleet server, and provides additional APIs to support pagination in the web UI. Doing this dramatically reduces the response sizes for requests from the UI, and limits the performance impact of UI clients on the Fleet and MySQL servers.
2020-03-30 02:19:54 +00:00
ListHostsInLabel endpoint.Endpoint
Add fleetctl query command (#1784) Allow queries targeted by hostname and label name.
2018-05-17 22:54:34 +00:00
DeleteLabel endpoint.Endpoint
Fix deletion of labels in UI (#1848) - Add endpoint for deletion of label by ID - Use ID endpoint from frontend JS Fixes #1847
2018-06-25 20:56:59 +00:00
DeleteLabelByID endpoint.Endpoint
Add fleetctl query command (#1784) Allow queries targeted by hostname and label name.
2018-05-17 22:54:34 +00:00
ApplyLabelSpecs endpoint.Endpoint
GetLabelSpecs endpoint.Endpoint
GetLabelSpec endpoint.Endpoint
GetHost endpoint.Endpoint
Add fleetctl get host capability to get single host with labels Getting a single host with `fleetctl get host foobar` will look up the host with the matching hostname, uuid, osquery identifier, or node key, and provide the full host details along with the labels the host is a member of.
2020-04-22 20:54:32 +00:00
HostByIdentifier endpoint.Endpoint
Add fleetctl query command (#1784) Allow queries targeted by hostname and label name.
2018-05-17 22:54:34 +00:00
DeleteHost endpoint.Endpoint
Add refetch host API (#767) This allows the host details to be refetched on the next check in, rather than waiting for the normal interval to go by. Associated UI changes are in-progress. - Migration and service methods for requesting refetch. - Expose refetch over API. - Change detail query logic to respect this flag.
2021-05-13 20:09:22 +00:00
RefetchHost endpoint.Endpoint
Add fleetctl query command (#1784) Allow queries targeted by hostname and label name.
2018-05-17 22:54:34 +00:00
ListHosts endpoint.Endpoint
GetHostSummary endpoint.Endpoint
Move and refactor host team transfer endpoint (#778) - Move API endpoint to `/hosts/transfer`. - Refactor service and datastore methods from teams to hosts.
2021-05-17 19:23:21 +00:00
AddHostsToTeam endpoint.Endpoint
Implement add hosts to team by filters API (#866) - Add hosts to team using label, status, and query filters. - Documentation (+ docs for regular add hosts to team).
2021-05-26 04:29:52 +00:00
AddHostsToTeamByFilter endpoint.Endpoint
Add fleetctl query command (#1784) Allow queries targeted by hostname and label name.
2018-05-17 22:54:34 +00:00
SearchTargets endpoint.Endpoint
GetCertificate endpoint.Endpoint
ChangeEmail endpoint.Endpoint
InitiateSSO endpoint.Endpoint
CallbackSSO endpoint.Endpoint
SSOSettings endpoint.Endpoint
Add warning in query UI when Redis fails (#2086) - Add warning message when Redis fails - Disable query button when Redis fails - Refactor SMTP warning banner into component for reuse Closes #2073
2019-08-13 16:42:58 +00:00
StatusResultStore endpoint.Endpoint
Add ability to disable live queries (#2167) - Add toggle to disable live queries in advanced settings - Add new live query status endpoint (checks for disabled via config and Redis health) - Update QueryPage UI to use new live query status endpoint Implements #2140
2020-01-14 00:53:04 +00:00
StatusLiveQuery endpoint.Endpoint
Add file carving support (#15) - Add endpoints for osquery to register and continue a carve. - Implement client functionality for retrieving carve details and contents in fleetctl. - Add documentation on using file carving with Fleet. Addresses kolide/fleet#1714
2020-11-05 04:45:16 +00:00
ListCarves endpoint.Endpoint
Add dev infrastructure and docs for Prometheus monitoring (#33) - Set up a simple example of Prometheus monitoring in the development docker-compose.yml. - Add documentation for configuring Prometheus.
2020-11-13 03:06:56 +00:00
GetCarve endpoint.Endpoint
Add file carving support (#15) - Add endpoints for osquery to register and continue a carve. - Implement client functionality for retrieving carve details and contents in fleetctl. - Add documentation on using file carving with Fleet. Addresses kolide/fleet#1714
2020-11-05 04:45:16 +00:00
GetCarveBlock endpoint.Endpoint
Add version endpoint to API (#549) Part of #371
2021-03-27 01:03:31 +00:00
Version endpoint.Endpoint
Initial work on user team information storage and retrieval (#483) There are more migrations to come, but this is a foundation for the DB changes that will be needed for Teams.
2021-03-18 04:59:00 +00:00
CreateTeam endpoint.Endpoint
ModifyTeam endpoint.Endpoint
Implement API endpoints for Teams agent options (#757) - Add agent options endpoint. - Remove setting agent options from standard modify team endpoint.
2021-05-12 17:38:00 +00:00
ModifyTeamAgentOptions endpoint.Endpoint
Add delete teams endpoints (#666) Tested to work with frontend calls.
2021-04-20 17:20:52 +00:00
DeleteTeam endpoint.Endpoint
Add list teams endpoint (#601)
2021-04-06 18:40:14 +00:00
ListTeams endpoint.Endpoint
Add team user management (#672) - Add list team users endpoint. - Add add/delete team users endpoints. - Update list users to support filter by team.
2021-04-22 03:54:09 +00:00
ListTeamUsers endpoint.Endpoint
AddTeamUsers endpoint.Endpoint
DeleteTeamUsers endpoint.Endpoint
Refactor enroll secrets to support Teams (#903) - Add `team_id` field to secrets. - Remove secret `name` and `active` fields (migration deletes inactive secrets). - Assign hosts to Team based on secret provided. - Add API for retrieving secrets by Team.
2021-05-31 16:02:05 +00:00
TeamEnrollSecrets endpoint.Endpoint
Issue 1324 add activity feed (#1343) * Add activities generation * Add activities endpoint * Fix merge error * Fix indentation issue * Add changes file * Address PR review comments * Add mock activity func * Address codacy warings * Set foreign key but on delete set null * Make user_id set to null if deleted
2021-07-13 19:54:22 +00:00
ListActivities endpoint.Endpoint
Create context packages (#228) add token context package add viewer context package add host context package update authenticated middleware to set viewer context or return error re-organize API handler
2016-09-26 17:14:39 +00:00
}
queries and packs services via go-kit (#102) * osquery services via go-kit * Visual Studio Code configurations * create query and pack endpoints * organizing files more scalably * modify query and pack endpoints * delete query and pack endpoints * get query and pack endpoints * get all queries and packs endpoints * add and remove queries from packs * test stubs * removing some indirection * query service tests * service pack tests * transport tests * adding config file flag back * organizing package kolide * get queries in pack endpoint * run tests on 1.7? * no 1.7 image :( * typo in circle.yml
2016-09-04 05:13:42 +00:00
Remove deprecated kolide names from API routes and configuration (#957) Closes #260
2021-06-04 23:51:18 +00:00
// MakeFleetServerEndpoints creates the Fleet API endpoints.
Remove JWT in Fleet session management (#979) See #978 for motivations for this change. Closes #978.
2021-06-07 01:10:58 +00:00
func MakeFleetServerEndpoints(svc fleet.Service, urlPrefix string, limitStore throttled.GCRAStore) FleetEndpoints {
Add rate-limiting to login and password reset (#543) Prevent abuse of these endpoints with rate limiting backed by Redis. The limits assigned should be appropriate for almost any Fleet deployment. Closes #530
2021-03-26 18:23:29 +00:00
limiter := ratelimit.NewMiddleware(limitStore)
Remove deprecated kolide names from API routes and configuration (#957) Closes #260
2021-06-04 23:51:18 +00:00
return FleetEndpoints{
Add authorization checks in service (#938) - Add policy.rego file defining authorization policies. - Add Go integrations to evaluate Rego policies (via OPA). - Add middleware to ensure requests without authorization check are rejected (guard against programmer error). - Add authorization checks to most service endpoints.
2021-06-03 23:24:15 +00:00
Login: limiter.Limit(
throttled.RateQuota{MaxRate: throttled.PerMin(10), MaxBurst: 9})(
Add rate-limiting to login and password reset (#543) Prevent abuse of these endpoints with rate limiting backed by Redis. The limits assigned should be appropriate for almost any Fleet deployment. Closes #530
2021-03-26 18:23:29 +00:00
makeLoginEndpoint(svc),
),
Logout: makeLogoutEndpoint(svc),
ForgotPassword: limiter.Limit(
throttled.RateQuota{MaxRate: throttled.PerHour(10), MaxBurst: 9})(
makeForgotPasswordEndpoint(svc),
),
Implement fleetctl user create (#9) - Allow user creation via `fleetctl user create` - Cleanup and rename existing methods for clarity Fixes https://github.com/kolide/fleet/issues/2306
2020-11-05 01:06:55 +00:00
ResetPassword: makeResetPasswordEndpoint(svc),
Add authorization checks in service (#938) - Add policy.rego file defining authorization policies. - Add Go integrations to evaluate Rego policies (via OPA). - Add middleware to ensure requests without authorization check are rejected (guard against programmer error). - Add authorization checks to most service endpoints.
2021-06-03 23:24:15 +00:00
CreateUserWithInvite: makeCreateUserFromInviteEndpoint(svc),
Implement fleetctl user create (#9) - Allow user creation via `fleetctl user create` - Cleanup and rename existing methods for clarity Fixes https://github.com/kolide/fleet/issues/2306
2020-11-05 01:06:55 +00:00
VerifyInvite: makeVerifyInviteEndpoint(svc),
InitiateSSO: makeInitiateSSOEndpoint(svc),
CallbackSSO: makeCallbackSSOEndpoint(svc, urlPrefix),
SSOSettings: makeSSOSettingsEndpoint(svc),
Build endpoints for osquery service methods (#245) - Establish a pattern for host authentication - Establish a pattern for error JSON - Add transport and make endpoint functions - Fix discovered bugs + update tests
2016-09-29 04:21:39 +00:00
Fix required password reset flow (#833) Permissions errors were preventing users from completing this flow - Add separate endpoint for performing required password reset - Rewrite frontend reset to use this endpoint Fixes #792
2017-01-10 04:42:50 +00:00
// PerformRequiredPasswordReset needs only to authenticate the
// logged in user
Clean up service and return license errors (#1097) - Expose license errors instead of permission errors by adding explicit skip authorization. - Remove pre-Teams authorization checks from service. Fixes #964
2021-06-16 17:55:41 +00:00
PerformRequiredPasswordReset: canPerformPasswordReset(makePerformRequiredPasswordResetEndpoint(svc)),
// Standard user authentication routes
Me: authenticatedUser(svc, makeGetSessionUserEndpoint(svc)),
ChangePassword: authenticatedUser(svc, makeChangePasswordEndpoint(svc)),
GetUser: authenticatedUser(svc, makeGetUserEndpoint(svc)),
ListUsers: authenticatedUser(svc, makeListUsersEndpoint(svc)),
ModifyUser: authenticatedUser(svc, makeModifyUserEndpoint(svc)),
DeleteUser: authenticatedUser(svc, makeDeleteUserEndpoint(svc)),
RequirePasswordReset: authenticatedUser(svc, makeRequirePasswordResetEndpoint(svc)),
CreateUser: authenticatedUser(svc, makeCreateUserEndpoint(svc)),
GetSessionsForUserInfo: authenticatedUser(svc, makeGetInfoAboutSessionsForUserEndpoint(svc)),
DeleteSessionsForUser: authenticatedUser(svc, makeDeleteSessionsForUserEndpoint(svc)),
GetSessionInfo: authenticatedUser(svc, makeGetInfoAboutSessionEndpoint(svc)),
DeleteSession: authenticatedUser(svc, makeDeleteSessionEndpoint(svc)),
GetAppConfig: authenticatedUser(svc, makeGetAppConfigEndpoint(svc)),
ModifyAppConfig: authenticatedUser(svc, makeModifyAppConfigEndpoint(svc)),
ApplyEnrollSecretSpec: authenticatedUser(svc, makeApplyEnrollSecretSpecEndpoint(svc)),
GetEnrollSecretSpec: authenticatedUser(svc, makeGetEnrollSecretSpecEndpoint(svc)),
CreateInvite: authenticatedUser(svc, makeCreateInviteEndpoint(svc)),
ListInvites: authenticatedUser(svc, makeListInvitesEndpoint(svc)),
DeleteInvite: authenticatedUser(svc, makeDeleteInviteEndpoint(svc)),
Remove JWT in Fleet session management (#979) See #978 for motivations for this change. Closes #978.
2021-06-07 01:10:58 +00:00
GetQuery: authenticatedUser(svc, makeGetQueryEndpoint(svc)),
ListQueries: authenticatedUser(svc, makeListQueriesEndpoint(svc)),
CreateQuery: authenticatedUser(svc, makeCreateQueryEndpoint(svc)),
ModifyQuery: authenticatedUser(svc, makeModifyQueryEndpoint(svc)),
DeleteQuery: authenticatedUser(svc, makeDeleteQueryEndpoint(svc)),
DeleteQueryByID: authenticatedUser(svc, makeDeleteQueryByIDEndpoint(svc)),
DeleteQueries: authenticatedUser(svc, makeDeleteQueriesEndpoint(svc)),
ApplyQuerySpecs: authenticatedUser(svc, makeApplyQuerySpecsEndpoint(svc)),
GetQuerySpecs: authenticatedUser(svc, makeGetQuerySpecsEndpoint(svc)),
GetQuerySpec: authenticatedUser(svc, makeGetQuerySpecEndpoint(svc)),
CreateDistributedQueryCampaign: authenticatedUser(svc, makeCreateDistributedQueryCampaignEndpoint(svc)),
CreateDistributedQueryCampaignByNames: authenticatedUser(svc, makeCreateDistributedQueryCampaignByNamesEndpoint(svc)),
CreatePack: authenticatedUser(svc, makeCreatePackEndpoint(svc)),
ModifyPack: authenticatedUser(svc, makeModifyPackEndpoint(svc)),
GetPack: authenticatedUser(svc, makeGetPackEndpoint(svc)),
ListPacks: authenticatedUser(svc, makeListPacksEndpoint(svc)),
DeletePack: authenticatedUser(svc, makeDeletePackEndpoint(svc)),
DeletePackByID: authenticatedUser(svc, makeDeletePackByIDEndpoint(svc)),
GetScheduledQueriesInPack: authenticatedUser(svc, makeGetScheduledQueriesInPackEndpoint(svc)),
ScheduleQuery: authenticatedUser(svc, makeScheduleQueryEndpoint(svc)),
GetScheduledQuery: authenticatedUser(svc, makeGetScheduledQueryEndpoint(svc)),
ModifyScheduledQuery: authenticatedUser(svc, makeModifyScheduledQueryEndpoint(svc)),
DeleteScheduledQuery: authenticatedUser(svc, makeDeleteScheduledQueryEndpoint(svc)),
ApplyPackSpecs: authenticatedUser(svc, makeApplyPackSpecsEndpoint(svc)),
GetPackSpecs: authenticatedUser(svc, makeGetPackSpecsEndpoint(svc)),
GetPackSpec: authenticatedUser(svc, makeGetPackSpecEndpoint(svc)),
GetHost: authenticatedUser(svc, makeGetHostEndpoint(svc)),
HostByIdentifier: authenticatedUser(svc, makeHostByIdentifierEndpoint(svc)),
ListHosts: authenticatedUser(svc, makeListHostsEndpoint(svc)),
GetHostSummary: authenticatedUser(svc, makeGetHostSummaryEndpoint(svc)),
DeleteHost: authenticatedUser(svc, makeDeleteHostEndpoint(svc)),
AddHostsToTeam: authenticatedUser(svc, makeAddHostsToTeamEndpoint(svc)),
AddHostsToTeamByFilter: authenticatedUser(svc, makeAddHostsToTeamByFilterEndpoint(svc)),
RefetchHost: authenticatedUser(svc, makeRefetchHostEndpoint(svc)),
CreateLabel: authenticatedUser(svc, makeCreateLabelEndpoint(svc)),
ModifyLabel: authenticatedUser(svc, makeModifyLabelEndpoint(svc)),
GetLabel: authenticatedUser(svc, makeGetLabelEndpoint(svc)),
ListLabels: authenticatedUser(svc, makeListLabelsEndpoint(svc)),
ListHostsInLabel: authenticatedUser(svc, makeListHostsInLabelEndpoint(svc)),
DeleteLabel: authenticatedUser(svc, makeDeleteLabelEndpoint(svc)),
DeleteLabelByID: authenticatedUser(svc, makeDeleteLabelByIDEndpoint(svc)),
ApplyLabelSpecs: authenticatedUser(svc, makeApplyLabelSpecsEndpoint(svc)),
GetLabelSpecs: authenticatedUser(svc, makeGetLabelSpecsEndpoint(svc)),
GetLabelSpec: authenticatedUser(svc, makeGetLabelSpecEndpoint(svc)),
SearchTargets: authenticatedUser(svc, makeSearchTargetsEndpoint(svc)),
GetCertificate: authenticatedUser(svc, makeCertificateEndpoint(svc)),
ChangeEmail: authenticatedUser(svc, makeChangeEmailEndpoint(svc)),
ListCarves: authenticatedUser(svc, makeListCarvesEndpoint(svc)),
GetCarve: authenticatedUser(svc, makeGetCarveEndpoint(svc)),
GetCarveBlock: authenticatedUser(svc, makeGetCarveBlockEndpoint(svc)),
Version: authenticatedUser(svc, makeVersionEndpoint(svc)),
Clean up service and return license errors (#1097) - Expose license errors instead of permission errors by adding explicit skip authorization. - Remove pre-Teams authorization checks from service. Fixes #964
2021-06-16 17:55:41 +00:00
CreateTeam: authenticatedUser(svc, makeCreateTeamEndpoint(svc)),
ModifyTeam: authenticatedUser(svc, makeModifyTeamEndpoint(svc)),
ModifyTeamAgentOptions: authenticatedUser(svc, makeModifyTeamAgentOptionsEndpoint(svc)),
DeleteTeam: authenticatedUser(svc, makeDeleteTeamEndpoint(svc)),
ListTeams: authenticatedUser(svc, makeListTeamsEndpoint(svc)),
ListTeamUsers: authenticatedUser(svc, makeListTeamUsersEndpoint(svc)),
AddTeamUsers: authenticatedUser(svc, makeAddTeamUsersEndpoint(svc)),
DeleteTeamUsers: authenticatedUser(svc, makeDeleteTeamUsersEndpoint(svc)),
TeamEnrollSecrets: authenticatedUser(svc, makeTeamEnrollSecretsEndpoint(svc)),
Issue 1324 add activity feed (#1343) * Add activities generation * Add activities endpoint * Fix merge error * Fix indentation issue * Add changes file * Address PR review comments * Add mock activity func * Address codacy warings * Set foreign key but on delete set null * Make user_id set to null if deleted
2021-07-13 19:54:22 +00:00
ListActivities: authenticatedUser(svc, makeListActivitiesEndpoint(svc)),
Build endpoints for osquery service methods (#245) - Establish a pattern for host authentication - Establish a pattern for error JSON - Add transport and make endpoint functions - Fix discovered bugs + update tests
2016-09-29 04:21:39 +00:00
Add warning in query UI when Redis fails (#2086) - Add warning message when Redis fails - Disable query button when Redis fails - Refactor SMTP warning banner into component for reuse Closes #2073
2019-08-13 16:42:58 +00:00
// Authenticated status endpoints
Remove JWT in Fleet session management (#979) See #978 for motivations for this change. Closes #978.
2021-06-07 01:10:58 +00:00
StatusResultStore: authenticatedUser(svc, makeStatusResultStoreEndpoint(svc)),
StatusLiveQuery: authenticatedUser(svc, makeStatusLiveQueryEndpoint(svc)),
Add warning in query UI when Redis fails (#2086) - Add warning message when Redis fails - Disable query button when Redis fails - Refactor SMTP warning banner into component for reuse Closes #2073
2019-08-13 16:42:58 +00:00
Build endpoints for osquery service methods (#245) - Establish a pattern for host authentication - Establish a pattern for error JSON - Add transport and make endpoint functions - Fix discovered bugs + update tests
2016-09-29 04:21:39 +00:00
// Osquery endpoints
Clean up service and return license errors (#1097) - Expose license errors instead of permission errors by adding explicit skip authorization. - Remove pre-Teams authorization checks from service. Fixes #964
2021-06-16 17:55:41 +00:00
EnrollAgent: makeEnrollAgentEndpoint(svc),
// Authenticated osquery endpoints
Build endpoints for osquery service methods (#245) - Establish a pattern for host authentication - Establish a pattern for error JSON - Add transport and make endpoint functions - Fix discovered bugs + update tests
2016-09-29 04:21:39 +00:00
GetClientConfig: authenticatedHost(svc, makeGetClientConfigEndpoint(svc)),
GetDistributedQueries: authenticatedHost(svc, makeGetDistributedQueriesEndpoint(svc)),
SubmitDistributedQueryResults: authenticatedHost(svc, makeSubmitDistributedQueryResultsEndpoint(svc)),
SubmitLogs: authenticatedHost(svc, makeSubmitLogsEndpoint(svc)),
Add file carving support (#15) - Add endpoints for osquery to register and continue a carve. - Implement client functionality for retrieving carve details and contents in fleetctl. - Add documentation on using file carving with Fleet. Addresses kolide/fleet#1714
2020-11-05 04:45:16 +00:00
CarveBegin: authenticatedHost(svc, makeCarveBeginEndpoint(svc)),
// For some reason osquery does not provide a node key with the block
// data. Instead the carve session ID should be verified in the service
// method.
CarveBlock: makeCarveBlockEndpoint(svc),
Create context packages (#228) add token context package add viewer context package add host context package update authenticated middleware to set viewer context or return error re-organize API handler
2016-09-26 17:14:39 +00:00
}
}
queries and packs services via go-kit (#102) * osquery services via go-kit * Visual Studio Code configurations * create query and pack endpoints * organizing files more scalably * modify query and pack endpoints * delete query and pack endpoints * get query and pack endpoints * get all queries and packs endpoints * add and remove queries from packs * test stubs * removing some indirection * query service tests * service pack tests * transport tests * adding config file flag back * organizing package kolide * get queries in pack endpoint * run tests on 1.7? * no 1.7 image :( * typo in circle.yml
2016-09-04 05:13:42 +00:00
Remove deprecated kolide names from API routes and configuration (#957) Closes #260
2021-06-04 23:51:18 +00:00
type fleetHandlers struct {
Add fleetctl query command (#1784) Allow queries targeted by hostname and label name.
2018-05-17 22:54:34 +00:00
Login http.Handler
Logout http.Handler
ForgotPassword http.Handler
ResetPassword http.Handler
Me http.Handler
ChangePassword http.Handler
Implement fleetctl user create (#9) - Allow user creation via `fleetctl user create` - Cleanup and rename existing methods for clarity Fixes https://github.com/kolide/fleet/issues/2306
2020-11-05 01:06:55 +00:00
CreateUserWithInvite http.Handler
Add fleetctl query command (#1784) Allow queries targeted by hostname and label name.
2018-05-17 22:54:34 +00:00
CreateUser http.Handler
GetUser http.Handler
ListUsers http.Handler
ModifyUser http.Handler
Delete instead of disabling users (#622) - Migration to delete existing disabled users. - Remove enabled attribute. - Add endpoint for user deletion.
2021-04-08 23:53:33 +00:00
DeleteUser http.Handler
Add fleetctl query command (#1784) Allow queries targeted by hostname and label name.
2018-05-17 22:54:34 +00:00
RequirePasswordReset http.Handler
PerformRequiredPasswordReset http.Handler
GetSessionsForUserInfo http.Handler
DeleteSessionsForUser http.Handler
GetSessionInfo http.Handler
DeleteSession http.Handler
GetAppConfig http.Handler
ModifyAppConfig http.Handler
Add support for multiple enroll secrets (#2238) - Support multiple enroll secrets - Record name of enroll secret used when host enrolls - Update fleetctl and UI to support these features
2020-05-29 16:12:39 +00:00
ApplyEnrollSecretSpec http.Handler
GetEnrollSecretSpec http.Handler
Add fleetctl query command (#1784) Allow queries targeted by hostname and label name.
2018-05-17 22:54:34 +00:00
CreateInvite http.Handler
ListInvites http.Handler
DeleteInvite http.Handler
VerifyInvite http.Handler
GetQuery http.Handler
ListQueries http.Handler
CreateQuery http.Handler
ModifyQuery http.Handler
DeleteQuery http.Handler
Fix pack and query UI issues in Fleet 2.0 (#1829) Replaces (and appropriately refactors) a number of endpoints that were removed long ago when we decided to kill the UI with the fleetctl release. We turned out not to do this, and now need to restore these missing endpoints. This is not a straight up replacement of the existing code because of refactoring to the DB schemas that was also done in the migration. Most of the replaced code was removed in #1670 and #1686. Fixes #1811, fixes #1810
2018-06-15 14:13:11 +00:00
DeleteQueryByID http.Handler
Add fleetctl query command (#1784) Allow queries targeted by hostname and label name.
2018-05-17 22:54:34 +00:00
DeleteQueries http.Handler
ApplyQuerySpecs http.Handler
GetQuerySpecs http.Handler
GetQuerySpec http.Handler
CreateDistributedQueryCampaign http.Handler
CreateDistributedQueryCampaignByNames http.Handler
Fix pack and query UI issues in Fleet 2.0 (#1829) Replaces (and appropriately refactors) a number of endpoints that were removed long ago when we decided to kill the UI with the fleetctl release. We turned out not to do this, and now need to restore these missing endpoints. This is not a straight up replacement of the existing code because of refactoring to the DB schemas that was also done in the migration. Most of the replaced code was removed in #1670 and #1686. Fixes #1811, fixes #1810
2018-06-15 14:13:11 +00:00
CreatePack http.Handler
ModifyPack http.Handler
Add fleetctl query command (#1784) Allow queries targeted by hostname and label name.
2018-05-17 22:54:34 +00:00
GetPack http.Handler
ListPacks http.Handler
DeletePack http.Handler
Fix pack and query UI issues in Fleet 2.0 (#1829) Replaces (and appropriately refactors) a number of endpoints that were removed long ago when we decided to kill the UI with the fleetctl release. We turned out not to do this, and now need to restore these missing endpoints. This is not a straight up replacement of the existing code because of refactoring to the DB schemas that was also done in the migration. Most of the replaced code was removed in #1670 and #1686. Fixes #1811, fixes #1810
2018-06-15 14:13:11 +00:00
DeletePackByID http.Handler
Add fleetctl query command (#1784) Allow queries targeted by hostname and label name.
2018-05-17 22:54:34 +00:00
GetScheduledQueriesInPack http.Handler
Fix pack and query UI issues in Fleet 2.0 (#1829) Replaces (and appropriately refactors) a number of endpoints that were removed long ago when we decided to kill the UI with the fleetctl release. We turned out not to do this, and now need to restore these missing endpoints. This is not a straight up replacement of the existing code because of refactoring to the DB schemas that was also done in the migration. Most of the replaced code was removed in #1670 and #1686. Fixes #1811, fixes #1810
2018-06-15 14:13:11 +00:00
ScheduleQuery http.Handler
GetScheduledQuery http.Handler
ModifyScheduledQuery http.Handler
DeleteScheduledQuery http.Handler
Add fleetctl query command (#1784) Allow queries targeted by hostname and label name.
2018-05-17 22:54:34 +00:00
ApplyPackSpecs http.Handler
GetPackSpecs http.Handler
GetPackSpec http.Handler
EnrollAgent http.Handler
GetClientConfig http.Handler
GetDistributedQueries http.Handler
SubmitDistributedQueryResults http.Handler
SubmitLogs http.Handler
Add file carving support (#15) - Add endpoints for osquery to register and continue a carve. - Implement client functionality for retrieving carve details and contents in fleetctl. - Add documentation on using file carving with Fleet. Addresses kolide/fleet#1714
2020-11-05 04:45:16 +00:00
CarveBegin http.Handler
CarveBlock http.Handler
Fix labels UI issues in Fleet 2.0 (#1830) Replaces the UI endpoints for creating and modifying labels. These were removed in #1686 because we thought we were killing the UI. Now labels can be created and edited in the UI again.
2018-06-18 17:09:08 +00:00
CreateLabel http.Handler
ModifyLabel http.Handler
Add fleetctl query command (#1784) Allow queries targeted by hostname and label name.
2018-05-17 22:54:34 +00:00
GetLabel http.Handler
ListLabels http.Handler
Implement pagination of hosts in the web UI This commit takes advantage of the existing pagination APIs in the Fleet server, and provides additional APIs to support pagination in the web UI. Doing this dramatically reduces the response sizes for requests from the UI, and limits the performance impact of UI clients on the Fleet and MySQL servers.
2020-03-30 02:19:54 +00:00
ListHostsInLabel http.Handler
Add fleetctl query command (#1784) Allow queries targeted by hostname and label name.
2018-05-17 22:54:34 +00:00
DeleteLabel http.Handler
Fix deletion of labels in UI (#1848) - Add endpoint for deletion of label by ID - Use ID endpoint from frontend JS Fixes #1847
2018-06-25 20:56:59 +00:00
DeleteLabelByID http.Handler
Add fleetctl query command (#1784) Allow queries targeted by hostname and label name.
2018-05-17 22:54:34 +00:00
ApplyLabelSpecs http.Handler
GetLabelSpecs http.Handler
GetLabelSpec http.Handler
GetHost http.Handler
Add fleetctl get host capability to get single host with labels Getting a single host with `fleetctl get host foobar` will look up the host with the matching hostname, uuid, osquery identifier, or node key, and provide the full host details along with the labels the host is a member of.
2020-04-22 20:54:32 +00:00
HostByIdentifier http.Handler
Add fleetctl query command (#1784) Allow queries targeted by hostname and label name.
2018-05-17 22:54:34 +00:00
DeleteHost http.Handler
Add refetch host API (#767) This allows the host details to be refetched on the next check in, rather than waiting for the normal interval to go by. Associated UI changes are in-progress. - Migration and service methods for requesting refetch. - Expose refetch over API. - Change detail query logic to respect this flag.
2021-05-13 20:09:22 +00:00
RefetchHost http.Handler
Add fleetctl query command (#1784) Allow queries targeted by hostname and label name.
2018-05-17 22:54:34 +00:00
ListHosts http.Handler
GetHostSummary http.Handler
Move and refactor host team transfer endpoint (#778) - Move API endpoint to `/hosts/transfer`. - Refactor service and datastore methods from teams to hosts.
2021-05-17 19:23:21 +00:00
AddHostsToTeam http.Handler
Implement add hosts to team by filters API (#866) - Add hosts to team using label, status, and query filters. - Documentation (+ docs for regular add hosts to team).
2021-05-26 04:29:52 +00:00
AddHostsToTeamByFilter http.Handler
Add fleetctl query command (#1784) Allow queries targeted by hostname and label name.
2018-05-17 22:54:34 +00:00
SearchTargets http.Handler
GetCertificate http.Handler
ChangeEmail http.Handler
InitiateSSO http.Handler
CallbackSSO http.Handler
SettingsSSO http.Handler
Add warning in query UI when Redis fails (#2086) - Add warning message when Redis fails - Disable query button when Redis fails - Refactor SMTP warning banner into component for reuse Closes #2073
2019-08-13 16:42:58 +00:00
StatusResultStore http.Handler
Add ability to disable live queries (#2167) - Add toggle to disable live queries in advanced settings - Add new live query status endpoint (checks for disabled via config and Redis health) - Update QueryPage UI to use new live query status endpoint Implements #2140
2020-01-14 00:53:04 +00:00
StatusLiveQuery http.Handler
Add file carving support (#15) - Add endpoints for osquery to register and continue a carve. - Implement client functionality for retrieving carve details and contents in fleetctl. - Add documentation on using file carving with Fleet. Addresses kolide/fleet#1714
2020-11-05 04:45:16 +00:00
ListCarves http.Handler
Add dev infrastructure and docs for Prometheus monitoring (#33) - Set up a simple example of Prometheus monitoring in the development docker-compose.yml. - Add documentation for configuring Prometheus.
2020-11-13 03:06:56 +00:00
GetCarve http.Handler
Add file carving support (#15) - Add endpoints for osquery to register and continue a carve. - Implement client functionality for retrieving carve details and contents in fleetctl. - Add documentation on using file carving with Fleet. Addresses kolide/fleet#1714
2020-11-05 04:45:16 +00:00
GetCarveBlock http.Handler
Add version endpoint to API (#549) Part of #371
2021-03-27 01:03:31 +00:00
Version http.Handler
Initial work on user team information storage and retrieval (#483) There are more migrations to come, but this is a foundation for the DB changes that will be needed for Teams.
2021-03-18 04:59:00 +00:00
CreateTeam http.Handler
ModifyTeam http.Handler
Implement API endpoints for Teams agent options (#757) - Add agent options endpoint. - Remove setting agent options from standard modify team endpoint.
2021-05-12 17:38:00 +00:00
ModifyTeamAgentOptions http.Handler
Add delete teams endpoints (#666) Tested to work with frontend calls.
2021-04-20 17:20:52 +00:00
DeleteTeam http.Handler
Add list teams endpoint (#601)
2021-04-06 18:40:14 +00:00
ListTeams http.Handler
Add team user management (#672) - Add list team users endpoint. - Add add/delete team users endpoints. - Update list users to support filter by team.
2021-04-22 03:54:09 +00:00
ListTeamUsers http.Handler
AddTeamUsers http.Handler
DeleteTeamUsers http.Handler
Refactor enroll secrets to support Teams (#903) - Add `team_id` field to secrets. - Remove secret `name` and `active` fields (migration deletes inactive secrets). - Assign hosts to Team based on secret provided. - Add API for retrieving secrets by Team.
2021-05-31 16:02:05 +00:00
TeamEnrollSecrets http.Handler
Issue 1324 add activity feed (#1343) * Add activities generation * Add activities endpoint * Fix merge error * Fix indentation issue * Add changes file * Address PR review comments * Add mock activity func * Address codacy warings * Set foreign key but on delete set null * Make user_id set to null if deleted
2021-07-13 19:54:22 +00:00
ListActivities http.Handler
Create context packages (#228) add token context package add viewer context package add host context package update authenticated middleware to set viewer context or return error re-organize API handler
2016-09-26 17:14:39 +00:00
}
queries and packs services via go-kit (#102) * osquery services via go-kit * Visual Studio Code configurations * create query and pack endpoints * organizing files more scalably * modify query and pack endpoints * delete query and pack endpoints * get query and pack endpoints * get all queries and packs endpoints * add and remove queries from packs * test stubs * removing some indirection * query service tests * service pack tests * transport tests * adding config file flag back * organizing package kolide * get queries in pack endpoint * run tests on 1.7? * no 1.7 image :( * typo in circle.yml
2016-09-04 05:13:42 +00:00
Remove deprecated kolide names from API routes and configuration (#957) Closes #260
2021-06-04 23:51:18 +00:00
func makeKitHandlers(e FleetEndpoints, opts []kithttp.ServerOption) *fleetHandlers {
add prometheus metrics to every http endpoint in the app (#680) tracking the following metrics: http_request_duration_microseconds http_request_size_bytes http_response_size_bytes http_requests_total
2016-12-22 17:39:44 +00:00
newServer := func(e endpoint.Endpoint, decodeFn kithttp.DecodeRequestFunc) http.Handler {
Add authorization checks in service (#938) - Add policy.rego file defining authorization policies. - Add Go integrations to evaluate Rego policies (via OPA). - Add middleware to ensure requests without authorization check are rejected (guard against programmer error). - Add authorization checks to most service endpoints.
2021-06-03 23:24:15 +00:00
e = authzcheck.NewMiddleware().AuthzCheck()(e)
Update go-kit to 0.4.0 (#1411) Notable refactoring: - Use stdlib "context" in place of "golang.org/x/net/context" - Go-kit no longer wraps errors, so we remove the unwrap in transport_error.go - Use MakeHandler when setting up endpoint tests (fixes test bug caught during this refactoring) Closes #1411.
2017-03-15 15:55:30 +00:00
return kithttp.NewServer(e, decodeFn, encodeResponse, opts...)
Create context packages (#228) add token context package add viewer context package add host context package update authenticated middleware to set viewer context or return error re-organize API handler
2016-09-26 17:14:39 +00:00
}
Remove deprecated kolide names from API routes and configuration (#957) Closes #260
2021-06-04 23:51:18 +00:00
return &fleetHandlers{
Add fleetctl query command (#1784) Allow queries targeted by hostname and label name.
2018-05-17 22:54:34 +00:00
Login: newServer(e.Login, decodeLoginRequest),
Logout: newServer(e.Logout, decodeNoParamsRequest),
ForgotPassword: newServer(e.ForgotPassword, decodeForgotPasswordRequest),
ResetPassword: newServer(e.ResetPassword, decodeResetPasswordRequest),
Me: newServer(e.Me, decodeNoParamsRequest),
ChangePassword: newServer(e.ChangePassword, decodeChangePasswordRequest),
Implement fleetctl user create (#9) - Allow user creation via `fleetctl user create` - Cleanup and rename existing methods for clarity Fixes https://github.com/kolide/fleet/issues/2306
2020-11-05 01:06:55 +00:00
CreateUserWithInvite: newServer(e.CreateUserWithInvite, decodeCreateUserRequest),
Add fleetctl query command (#1784) Allow queries targeted by hostname and label name.
2018-05-17 22:54:34 +00:00
CreateUser: newServer(e.CreateUser, decodeCreateUserRequest),
GetUser: newServer(e.GetUser, decodeGetUserRequest),
ListUsers: newServer(e.ListUsers, decodeListUsersRequest),
ModifyUser: newServer(e.ModifyUser, decodeModifyUserRequest),
Delete instead of disabling users (#622) - Migration to delete existing disabled users. - Remove enabled attribute. - Add endpoint for user deletion.
2021-04-08 23:53:33 +00:00
DeleteUser: newServer(e.DeleteUser, decodeDeleteUserRequest),
Add fleetctl query command (#1784) Allow queries targeted by hostname and label name.
2018-05-17 22:54:34 +00:00
RequirePasswordReset: newServer(e.RequirePasswordReset, decodeRequirePasswordResetRequest),
PerformRequiredPasswordReset: newServer(e.PerformRequiredPasswordReset, decodePerformRequiredPasswordResetRequest),
GetSessionsForUserInfo: newServer(e.GetSessionsForUserInfo, decodeGetInfoAboutSessionsForUserRequest),
DeleteSessionsForUser: newServer(e.DeleteSessionsForUser, decodeDeleteSessionsForUserRequest),
GetSessionInfo: newServer(e.GetSessionInfo, decodeGetInfoAboutSessionRequest),
DeleteSession: newServer(e.DeleteSession, decodeDeleteSessionRequest),
GetAppConfig: newServer(e.GetAppConfig, decodeNoParamsRequest),
ModifyAppConfig: newServer(e.ModifyAppConfig, decodeModifyAppConfigRequest),
Add support for multiple enroll secrets (#2238) - Support multiple enroll secrets - Record name of enroll secret used when host enrolls - Update fleetctl and UI to support these features
2020-05-29 16:12:39 +00:00
ApplyEnrollSecretSpec: newServer(e.ApplyEnrollSecretSpec, decodeApplyEnrollSecretSpecRequest),
GetEnrollSecretSpec: newServer(e.GetEnrollSecretSpec, decodeNoParamsRequest),
Add fleetctl query command (#1784) Allow queries targeted by hostname and label name.
2018-05-17 22:54:34 +00:00
CreateInvite: newServer(e.CreateInvite, decodeCreateInviteRequest),
ListInvites: newServer(e.ListInvites, decodeListInvitesRequest),
DeleteInvite: newServer(e.DeleteInvite, decodeDeleteInviteRequest),
VerifyInvite: newServer(e.VerifyInvite, decodeVerifyInviteRequest),
GetQuery: newServer(e.GetQuery, decodeGetQueryRequest),
ListQueries: newServer(e.ListQueries, decodeListQueriesRequest),
CreateQuery: newServer(e.CreateQuery, decodeCreateQueryRequest),
ModifyQuery: newServer(e.ModifyQuery, decodeModifyQueryRequest),
DeleteQuery: newServer(e.DeleteQuery, decodeDeleteQueryRequest),
Fix pack and query UI issues in Fleet 2.0 (#1829) Replaces (and appropriately refactors) a number of endpoints that were removed long ago when we decided to kill the UI with the fleetctl release. We turned out not to do this, and now need to restore these missing endpoints. This is not a straight up replacement of the existing code because of refactoring to the DB schemas that was also done in the migration. Most of the replaced code was removed in #1670 and #1686. Fixes #1811, fixes #1810
2018-06-15 14:13:11 +00:00
DeleteQueryByID: newServer(e.DeleteQueryByID, decodeDeleteQueryByIDRequest),
Add fleetctl query command (#1784) Allow queries targeted by hostname and label name.
2018-05-17 22:54:34 +00:00
DeleteQueries: newServer(e.DeleteQueries, decodeDeleteQueriesRequest),
ApplyQuerySpecs: newServer(e.ApplyQuerySpecs, decodeApplyQuerySpecsRequest),
GetQuerySpecs: newServer(e.GetQuerySpecs, decodeNoParamsRequest),
GetQuerySpec: newServer(e.GetQuerySpec, decodeGetGenericSpecRequest),
CreateDistributedQueryCampaign: newServer(e.CreateDistributedQueryCampaign, decodeCreateDistributedQueryCampaignRequest),
CreateDistributedQueryCampaignByNames: newServer(e.CreateDistributedQueryCampaignByNames, decodeCreateDistributedQueryCampaignByNamesRequest),
Fix pack and query UI issues in Fleet 2.0 (#1829) Replaces (and appropriately refactors) a number of endpoints that were removed long ago when we decided to kill the UI with the fleetctl release. We turned out not to do this, and now need to restore these missing endpoints. This is not a straight up replacement of the existing code because of refactoring to the DB schemas that was also done in the migration. Most of the replaced code was removed in #1670 and #1686. Fixes #1811, fixes #1810
2018-06-15 14:13:11 +00:00
CreatePack: newServer(e.CreatePack, decodeCreatePackRequest),
ModifyPack: newServer(e.ModifyPack, decodeModifyPackRequest),
GetPack: newServer(e.GetPack, decodeGetPackRequest),
ListPacks: newServer(e.ListPacks, decodeListPacksRequest),
DeletePack: newServer(e.DeletePack, decodeDeletePackRequest),
DeletePackByID: newServer(e.DeletePackByID, decodeDeletePackByIDRequest),
GetScheduledQueriesInPack: newServer(e.GetScheduledQueriesInPack, decodeGetScheduledQueriesInPackRequest),
ScheduleQuery: newServer(e.ScheduleQuery, decodeScheduleQueryRequest),
GetScheduledQuery: newServer(e.GetScheduledQuery, decodeGetScheduledQueryRequest),
ModifyScheduledQuery: newServer(e.ModifyScheduledQuery, decodeModifyScheduledQueryRequest),
DeleteScheduledQuery: newServer(e.DeleteScheduledQuery, decodeDeleteScheduledQueryRequest),
ApplyPackSpecs: newServer(e.ApplyPackSpecs, decodeApplyPackSpecsRequest),
GetPackSpecs: newServer(e.GetPackSpecs, decodeNoParamsRequest),
GetPackSpec: newServer(e.GetPackSpec, decodeGetGenericSpecRequest),
EnrollAgent: newServer(e.EnrollAgent, decodeEnrollAgentRequest),
GetClientConfig: newServer(e.GetClientConfig, decodeGetClientConfigRequest),
GetDistributedQueries: newServer(e.GetDistributedQueries, decodeGetDistributedQueriesRequest),
SubmitDistributedQueryResults: newServer(e.SubmitDistributedQueryResults, decodeSubmitDistributedQueryResultsRequest),
SubmitLogs: newServer(e.SubmitLogs, decodeSubmitLogsRequest),
Add file carving support (#15) - Add endpoints for osquery to register and continue a carve. - Implement client functionality for retrieving carve details and contents in fleetctl. - Add documentation on using file carving with Fleet. Addresses kolide/fleet#1714
2020-11-05 04:45:16 +00:00
CarveBegin: newServer(e.CarveBegin, decodeCarveBeginRequest),
CarveBlock: newServer(e.CarveBlock, decodeCarveBlockRequest),
Fix labels UI issues in Fleet 2.0 (#1830) Replaces the UI endpoints for creating and modifying labels. These were removed in #1686 because we thought we were killing the UI. Now labels can be created and edited in the UI again.
2018-06-18 17:09:08 +00:00
CreateLabel: newServer(e.CreateLabel, decodeCreateLabelRequest),
ModifyLabel: newServer(e.ModifyLabel, decodeModifyLabelRequest),
Fix pack and query UI issues in Fleet 2.0 (#1829) Replaces (and appropriately refactors) a number of endpoints that were removed long ago when we decided to kill the UI with the fleetctl release. We turned out not to do this, and now need to restore these missing endpoints. This is not a straight up replacement of the existing code because of refactoring to the DB schemas that was also done in the migration. Most of the replaced code was removed in #1670 and #1686. Fixes #1811, fixes #1810
2018-06-15 14:13:11 +00:00
GetLabel: newServer(e.GetLabel, decodeGetLabelRequest),
ListLabels: newServer(e.ListLabels, decodeListLabelsRequest),
Implement pagination of hosts in the web UI This commit takes advantage of the existing pagination APIs in the Fleet server, and provides additional APIs to support pagination in the web UI. Doing this dramatically reduces the response sizes for requests from the UI, and limits the performance impact of UI clients on the Fleet and MySQL servers.
2020-03-30 02:19:54 +00:00
ListHostsInLabel: newServer(e.ListHostsInLabel, decodeListHostsInLabelRequest),
Fix pack and query UI issues in Fleet 2.0 (#1829) Replaces (and appropriately refactors) a number of endpoints that were removed long ago when we decided to kill the UI with the fleetctl release. We turned out not to do this, and now need to restore these missing endpoints. This is not a straight up replacement of the existing code because of refactoring to the DB schemas that was also done in the migration. Most of the replaced code was removed in #1670 and #1686. Fixes #1811, fixes #1810
2018-06-15 14:13:11 +00:00
DeleteLabel: newServer(e.DeleteLabel, decodeDeleteLabelRequest),
Fix deletion of labels in UI (#1848) - Add endpoint for deletion of label by ID - Use ID endpoint from frontend JS Fixes #1847
2018-06-25 20:56:59 +00:00
DeleteLabelByID: newServer(e.DeleteLabelByID, decodeDeleteLabelByIDRequest),
Fix pack and query UI issues in Fleet 2.0 (#1829) Replaces (and appropriately refactors) a number of endpoints that were removed long ago when we decided to kill the UI with the fleetctl release. We turned out not to do this, and now need to restore these missing endpoints. This is not a straight up replacement of the existing code because of refactoring to the DB schemas that was also done in the migration. Most of the replaced code was removed in #1670 and #1686. Fixes #1811, fixes #1810
2018-06-15 14:13:11 +00:00
ApplyLabelSpecs: newServer(e.ApplyLabelSpecs, decodeApplyLabelSpecsRequest),
GetLabelSpecs: newServer(e.GetLabelSpecs, decodeNoParamsRequest),
GetLabelSpec: newServer(e.GetLabelSpec, decodeGetGenericSpecRequest),
GetHost: newServer(e.GetHost, decodeGetHostRequest),
Add fleetctl get host capability to get single host with labels Getting a single host with `fleetctl get host foobar` will look up the host with the matching hostname, uuid, osquery identifier, or node key, and provide the full host details along with the labels the host is a member of.
2020-04-22 20:54:32 +00:00
HostByIdentifier: newServer(e.HostByIdentifier, decodeHostByIdentifierRequest),
Fix pack and query UI issues in Fleet 2.0 (#1829) Replaces (and appropriately refactors) a number of endpoints that were removed long ago when we decided to kill the UI with the fleetctl release. We turned out not to do this, and now need to restore these missing endpoints. This is not a straight up replacement of the existing code because of refactoring to the DB schemas that was also done in the migration. Most of the replaced code was removed in #1670 and #1686. Fixes #1811, fixes #1810
2018-06-15 14:13:11 +00:00
DeleteHost: newServer(e.DeleteHost, decodeDeleteHostRequest),
Add refetch host API (#767) This allows the host details to be refetched on the next check in, rather than waiting for the normal interval to go by. Associated UI changes are in-progress. - Migration and service methods for requesting refetch. - Expose refetch over API. - Change detail query logic to respect this flag.
2021-05-13 20:09:22 +00:00
RefetchHost: newServer(e.RefetchHost, decodeRefetchHostRequest),
Fix pack and query UI issues in Fleet 2.0 (#1829) Replaces (and appropriately refactors) a number of endpoints that were removed long ago when we decided to kill the UI with the fleetctl release. We turned out not to do this, and now need to restore these missing endpoints. This is not a straight up replacement of the existing code because of refactoring to the DB schemas that was also done in the migration. Most of the replaced code was removed in #1670 and #1686. Fixes #1811, fixes #1810
2018-06-15 14:13:11 +00:00
ListHosts: newServer(e.ListHosts, decodeListHostsRequest),
GetHostSummary: newServer(e.GetHostSummary, decodeNoParamsRequest),
Move and refactor host team transfer endpoint (#778) - Move API endpoint to `/hosts/transfer`. - Refactor service and datastore methods from teams to hosts.
2021-05-17 19:23:21 +00:00
AddHostsToTeam: newServer(e.AddHostsToTeam, decodeAddHostsToTeamRequest),
Implement add hosts to team by filters API (#866) - Add hosts to team using label, status, and query filters. - Documentation (+ docs for regular add hosts to team).
2021-05-26 04:29:52 +00:00
AddHostsToTeamByFilter: newServer(e.AddHostsToTeamByFilter, decodeAddHostsToTeamByFilterRequest),
Fix pack and query UI issues in Fleet 2.0 (#1829) Replaces (and appropriately refactors) a number of endpoints that were removed long ago when we decided to kill the UI with the fleetctl release. We turned out not to do this, and now need to restore these missing endpoints. This is not a straight up replacement of the existing code because of refactoring to the DB schemas that was also done in the migration. Most of the replaced code was removed in #1670 and #1686. Fixes #1811, fixes #1810
2018-06-15 14:13:11 +00:00
SearchTargets: newServer(e.SearchTargets, decodeSearchTargetsRequest),
GetCertificate: newServer(e.GetCertificate, decodeNoParamsRequest),
ChangeEmail: newServer(e.ChangeEmail, decodeChangeEmailRequest),
InitiateSSO: newServer(e.InitiateSSO, decodeInitiateSSORequest),
CallbackSSO: newServer(e.CallbackSSO, decodeCallbackSSORequest),
SettingsSSO: newServer(e.SSOSettings, decodeNoParamsRequest),
Add warning in query UI when Redis fails (#2086) - Add warning message when Redis fails - Disable query button when Redis fails - Refactor SMTP warning banner into component for reuse Closes #2073
2019-08-13 16:42:58 +00:00
StatusResultStore: newServer(e.StatusResultStore, decodeNoParamsRequest),
Add ability to disable live queries (#2167) - Add toggle to disable live queries in advanced settings - Add new live query status endpoint (checks for disabled via config and Redis health) - Update QueryPage UI to use new live query status endpoint Implements #2140
2020-01-14 00:53:04 +00:00
StatusLiveQuery: newServer(e.StatusLiveQuery, decodeNoParamsRequest),
Add file carving support (#15) - Add endpoints for osquery to register and continue a carve. - Implement client functionality for retrieving carve details and contents in fleetctl. - Add documentation on using file carving with Fleet. Addresses kolide/fleet#1714
2020-11-05 04:45:16 +00:00
ListCarves: newServer(e.ListCarves, decodeListCarvesRequest),
Add dev infrastructure and docs for Prometheus monitoring (#33) - Set up a simple example of Prometheus monitoring in the development docker-compose.yml. - Add documentation for configuring Prometheus.
2020-11-13 03:06:56 +00:00
GetCarve: newServer(e.GetCarve, decodeGetCarveRequest),
GetCarveBlock: newServer(e.GetCarveBlock, decodeGetCarveBlockRequest),
Add version endpoint to API (#549) Part of #371
2021-03-27 01:03:31 +00:00
Version: newServer(e.Version, decodeNoParamsRequest),
Initial work on user team information storage and retrieval (#483) There are more migrations to come, but this is a foundation for the DB changes that will be needed for Teams.
2021-03-18 04:59:00 +00:00
CreateTeam: newServer(e.CreateTeam, decodeCreateTeamRequest),
ModifyTeam: newServer(e.ModifyTeam, decodeModifyTeamRequest),
Implement API endpoints for Teams agent options (#757) - Add agent options endpoint. - Remove setting agent options from standard modify team endpoint.
2021-05-12 17:38:00 +00:00
ModifyTeamAgentOptions: newServer(e.ModifyTeamAgentOptions, decodeModifyTeamAgentOptionsRequest),
Add delete teams endpoints (#666) Tested to work with frontend calls.
2021-04-20 17:20:52 +00:00
DeleteTeam: newServer(e.DeleteTeam, decodeDeleteTeamRequest),
Add list teams endpoint (#601)
2021-04-06 18:40:14 +00:00
ListTeams: newServer(e.ListTeams, decodeListTeamsRequest),
Add team user management (#672) - Add list team users endpoint. - Add add/delete team users endpoints. - Update list users to support filter by team.
2021-04-22 03:54:09 +00:00
ListTeamUsers: newServer(e.ListTeamUsers, decodeListTeamUsersRequest),
AddTeamUsers: newServer(e.AddTeamUsers, decodeModifyTeamUsersRequest),
DeleteTeamUsers: newServer(e.DeleteTeamUsers, decodeModifyTeamUsersRequest),
Refactor enroll secrets to support Teams (#903) - Add `team_id` field to secrets. - Remove secret `name` and `active` fields (migration deletes inactive secrets). - Assign hosts to Team based on secret provided. - Add API for retrieving secrets by Team.
2021-05-31 16:02:05 +00:00
TeamEnrollSecrets: newServer(e.TeamEnrollSecrets, decodeTeamEnrollSecretsRequest),
Issue 1324 add activity feed (#1343) * Add activities generation * Add activities endpoint * Fix merge error * Fix indentation issue * Add changes file * Address PR review comments * Add mock activity func * Address codacy warings * Set foreign key but on delete set null * Make user_id set to null if deleted
2021-07-13 19:54:22 +00:00
ListActivities: newServer(e.ListActivities, decodeListActivitiesRequest),
Create context packages (#228) add token context package add viewer context package add host context package update authenticated middleware to set viewer context or return error re-organize API handler
2016-09-26 17:14:39 +00:00
}
Handler tests (#106)
2016-09-04 19:43:12 +00:00
}
update user service (#101) - Added all required methods for a UserService - Added authentication handlers `/api/login` and `/api/logout` - Added authMiddleware for authentication for `/api/v1/kolide` path - Added authorization middleware for each endoint - Added validation middleware for validating API inputs - Began work on logging middleware
2016-09-01 04:51:38 +00:00
Add rate-limiting to login and password reset (#543) Prevent abuse of these endpoints with rate limiting backed by Redis. The limits assigned should be appropriate for almost any Fleet deployment. Closes #530
2021-03-26 18:23:29 +00:00
type errorHandler struct {
logger kitlog.Logger
}
func (h *errorHandler) Handle(ctx context.Context, err error) {
// get the request path
path, _ := ctx.Value(kithttp.ContextKeyRequestPath).(string)
logger := level.Info(kitlog.With(h.logger, "path", path))
Remove kolide types and packages from backend (#974) Generally renamed `kolide` -> `fleet`
2021-06-06 22:07:29 +00:00
if e, ok := err.(fleet.ErrWithInternal); ok {
Add authorization checks in service (#938) - Add policy.rego file defining authorization policies. - Add Go integrations to evaluate Rego policies (via OPA). - Add middleware to ensure requests without authorization check are rejected (guard against programmer error). - Add authorization checks to most service endpoints.
2021-06-03 23:24:15 +00:00
logger = kitlog.With(logger, "internal", e.Internal())
}
Remove kolide types and packages from backend (#974) Generally renamed `kolide` -> `fleet`
2021-06-06 22:07:29 +00:00
if e, ok := err.(fleet.ErrWithLogFields); ok {
Log subject/object/action with authz failures (#972)
2021-06-05 13:22:13 +00:00
logger = kitlog.With(logger, e.LogFields()...)
}
Add rate-limiting to login and password reset (#543) Prevent abuse of these endpoints with rate limiting backed by Redis. The limits assigned should be appropriate for almost any Fleet deployment. Closes #530
2021-03-26 18:23:29 +00:00
switch e := err.(type) {
case ratelimit.Error:
res := e.Result()
logger.Log("err", "limit exceeded", "retry_after", res.RetryAfter)
default:
logger.Log("err", err)
}
}
Replace uses of the term "Kolide" with "Fleet" (#1999) Almost two years ago, we began referring to the project as Fleet, but there are many occurences of the term "Kolide" throughout the UI and documentation. This PR attempts to clear up those uses where it is easily achievable. The term "Kolide" is used throughout the code as well, but modifying this would be more likely to introduce bugs.
2019-01-24 17:39:32 +00:00
// MakeHandler creates an HTTP handler for the Fleet server endpoints.
Remove kolide types and packages from backend (#974) Generally renamed `kolide` -> `fleet`
2021-06-06 22:07:29 +00:00
func MakeHandler(svc fleet.Service, config config.FleetConfig, logger kitlog.Logger, limitStore throttled.GCRAStore) http.Handler {
Remove deprecated kolide names from API routes and configuration (#957) Closes #260
2021-06-04 23:51:18 +00:00
fleetAPIOptions := []kithttp.ServerOption{
Handler tests (#106)
2016-09-04 19:43:12 +00:00
kithttp.ServerBefore(
log the remote IP of the host making a request (#1653)
2017-12-01 00:52:23 +00:00
kithttp.PopulateRequestContext, // populate the request context with common fields
Remove JWT in Fleet session management (#979) See #978 for motivations for this change. Closes #978.
2021-06-07 01:10:58 +00:00
setRequestsContexts(svc),
Handler tests (#106)
2016-09-04 19:43:12 +00:00
),
Add rate-limiting to login and password reset (#543) Prevent abuse of these endpoints with rate limiting backed by Redis. The limits assigned should be appropriate for almost any Fleet deployment. Closes #530
2021-03-26 18:23:29 +00:00
//kithttp.ServerErrorLogger(logger),
kithttp.ServerErrorHandler(&errorHandler{logger}),
update how permission errors are updated to the client (#187) Closes #152 allow batching of permission errors refactor some of the error handling in encodeError clean up some of the error messages
2016-09-23 02:41:58 +00:00
kithttp.ServerErrorEncoder(encodeError),
Handler tests (#106)
2016-09-04 19:43:12 +00:00
kithttp.ServerAfter(
kithttp.SetContentType("application/json; charset=utf-8"),
),
}
go-kit server layout
2016-08-28 03:59:17 +00:00
Remove JWT in Fleet session management (#979) See #978 for motivations for this change. Closes #978.
2021-06-07 01:10:58 +00:00
fleetEndpoints := MakeFleetServerEndpoints(svc, config.Server.URLPrefix, limitStore)
Remove deprecated kolide names from API routes and configuration (#957) Closes #260
2021-06-04 23:51:18 +00:00
fleetHandlers := makeKitHandlers(fleetEndpoints, fleetAPIOptions)
Create context packages (#228) add token context package add viewer context package add host context package update authenticated middleware to set viewer context or return error re-organize API handler
2016-09-26 17:14:39 +00:00
Handler tests (#106)
2016-09-04 19:43:12 +00:00
r := mux.NewRouter()
Deprecate /api/v1/kolide routes (#297) - Support both /api/v1/fleet and /api/v1/kolide routes in server. - Add logging for use of deprecated routes. - Rename routes in frontend JS. - Rename routes and add notes in documentation.
2021-02-10 20:13:11 +00:00
Remove deprecated kolide names from API routes and configuration (#957) Closes #260
2021-06-04 23:51:18 +00:00
attachFleetAPIRoutes(r, fleetHandlers)
Deprecate /api/v1/kolide routes (#297) - Support both /api/v1/fleet and /api/v1/kolide routes in server. - Add logging for use of deprecated routes. - Rename routes in frontend JS. - Rename routes and add notes in documentation.
2021-02-10 20:13:11 +00:00
Add dev infrastructure and docs for Prometheus monitoring (#33) - Set up a simple example of Prometheus monitoring in the development docker-compose.yml. - Add documentation for configuring Prometheus.
2020-11-13 03:06:56 +00:00
// Results endpoint is handled different due to websockets use
Deprecate /api/v1/kolide routes (#297) - Support both /api/v1/fleet and /api/v1/kolide routes in server. - Add logging for use of deprecated routes. - Rename routes in frontend JS. - Rename routes and add notes in documentation.
2021-02-10 20:13:11 +00:00
r.PathPrefix("/api/v1/fleet/results/").
Remove JWT in Fleet session management (#979) See #978 for motivations for this change. Closes #978.
2021-06-07 01:10:58 +00:00
Handler(makeStreamDistributedQueryCampaignResultsHandler(svc, logger)).
Deprecate /api/v1/kolide routes (#297) - Support both /api/v1/fleet and /api/v1/kolide routes in server. - Add logging for use of deprecated routes. - Rename routes in frontend JS. - Rename routes and add notes in documentation.
2021-02-10 20:13:11 +00:00
Name("distributed_query_results")
r.PathPrefix("/api/v1/fleet/results/").
Remove JWT in Fleet session management (#979) See #978 for motivations for this change. Closes #978.
2021-06-07 01:10:58 +00:00
Handler(makeStreamDistributedQueryCampaignResultsHandler(svc, logger)).
Use sockjs to gracefully degrade websockets (#1255) Use the [SockJS Protocol](https://github.com/sockjs/sockjs-protocol) to handle bidirectional communication instead of plain websockets. This allows distributed queries to function in situations in which they previously failed (Load balancers not supporting websockets, issues with Safari and self-signed certs, etc.). Also includes fixes to the JS message handling logic where slightly different message delivery semantics (when using XHR) were exposing bugs. Fixes #1241, #1327.
2017-03-01 21:14:26 +00:00
Name("distributed_query_results")
Add dev infrastructure and docs for Prometheus monitoring (#33) - Set up a simple example of Prometheus monitoring in the development docker-compose.yml. - Add documentation for configuring Prometheus.
2020-11-13 03:06:56 +00:00
addMetrics(r)
go-kit server layout
2016-08-28 03:59:17 +00:00
return r
}
Create context packages (#228) add token context package add viewer context package add host context package update authenticated middleware to set viewer context or return error re-organize API handler
2016-09-26 17:14:39 +00:00
add prometheus metrics to every http endpoint in the app (#680) tracking the following metrics: http_request_duration_microseconds http_request_size_bytes http_response_size_bytes http_requests_total
2016-12-22 17:39:44 +00:00
// addMetrics decorates each hander with prometheus instrumentation
func addMetrics(r *mux.Router) {
walkFn := func(route *mux.Route, router *mux.Router, ancestors []*mux.Route) error {
route.Handler(prometheus.InstrumentHandler(route.GetName(), route.GetHandler()))
return nil
}
r.Walk(walkFn)
}
Remove deprecated kolide names from API routes and configuration (#957) Closes #260
2021-06-04 23:51:18 +00:00
func attachFleetAPIRoutes(r *mux.Router, h *fleetHandlers) {
Deprecate /api/v1/kolide routes (#297) - Support both /api/v1/fleet and /api/v1/kolide routes in server. - Add logging for use of deprecated routes. - Rename routes in frontend JS. - Rename routes and add notes in documentation.
2021-02-10 20:13:11 +00:00
r.Handle("/api/v1/fleet/login", h.Login).Methods("POST").Name("login")
r.Handle("/api/v1/fleet/logout", h.Logout).Methods("POST").Name("logout")
r.Handle("/api/v1/fleet/forgot_password", h.ForgotPassword).Methods("POST").Name("forgot_password")
r.Handle("/api/v1/fleet/reset_password", h.ResetPassword).Methods("POST").Name("reset_password")
r.Handle("/api/v1/fleet/me", h.Me).Methods("GET").Name("me")
r.Handle("/api/v1/fleet/change_password", h.ChangePassword).Methods("POST").Name("change_password")
r.Handle("/api/v1/fleet/perform_required_password_reset", h.PerformRequiredPasswordReset).Methods("POST").Name("perform_required_password_reset")
r.Handle("/api/v1/fleet/sso", h.InitiateSSO).Methods("POST").Name("intiate_sso")
r.Handle("/api/v1/fleet/sso", h.SettingsSSO).Methods("GET").Name("sso_config")
r.Handle("/api/v1/fleet/sso/callback", h.CallbackSSO).Methods("POST").Name("callback_sso")
r.Handle("/api/v1/fleet/users", h.ListUsers).Methods("GET").Name("list_users")
r.Handle("/api/v1/fleet/users", h.CreateUserWithInvite).Methods("POST").Name("create_user_with_invite")
r.Handle("/api/v1/fleet/users/admin", h.CreateUser).Methods("POST").Name("create_user")
r.Handle("/api/v1/fleet/users/{id}", h.GetUser).Methods("GET").Name("get_user")
r.Handle("/api/v1/fleet/users/{id}", h.ModifyUser).Methods("PATCH").Name("modify_user")
Delete instead of disabling users (#622) - Migration to delete existing disabled users. - Remove enabled attribute. - Add endpoint for user deletion.
2021-04-08 23:53:33 +00:00
r.Handle("/api/v1/fleet/users/{id}", h.DeleteUser).Methods("DELETE").Name("delete_user")
Deprecate /api/v1/kolide routes (#297) - Support both /api/v1/fleet and /api/v1/kolide routes in server. - Add logging for use of deprecated routes. - Rename routes in frontend JS. - Rename routes and add notes in documentation.
2021-02-10 20:13:11 +00:00
r.Handle("/api/v1/fleet/users/{id}/require_password_reset", h.RequirePasswordReset).Methods("POST").Name("require_password_reset")
r.Handle("/api/v1/fleet/users/{id}/sessions", h.GetSessionsForUserInfo).Methods("GET").Name("get_session_for_user")
r.Handle("/api/v1/fleet/users/{id}/sessions", h.DeleteSessionsForUser).Methods("DELETE").Name("delete_session_for_user")
r.Handle("/api/v1/fleet/sessions/{id}", h.GetSessionInfo).Methods("GET").Name("get_session_info")
r.Handle("/api/v1/fleet/sessions/{id}", h.DeleteSession).Methods("DELETE").Name("delete_session")
r.Handle("/api/v1/fleet/config/certificate", h.GetCertificate).Methods("GET").Name("get_certificate")
r.Handle("/api/v1/fleet/config", h.GetAppConfig).Methods("GET").Name("get_app_config")
r.Handle("/api/v1/fleet/config", h.ModifyAppConfig).Methods("PATCH").Name("modify_app_config")
r.Handle("/api/v1/fleet/spec/enroll_secret", h.ApplyEnrollSecretSpec).Methods("POST").Name("apply_enroll_secret_spec")
r.Handle("/api/v1/fleet/spec/enroll_secret", h.GetEnrollSecretSpec).Methods("GET").Name("get_enroll_secret_spec")
r.Handle("/api/v1/fleet/invites", h.CreateInvite).Methods("POST").Name("create_invite")
r.Handle("/api/v1/fleet/invites", h.ListInvites).Methods("GET").Name("list_invites")
r.Handle("/api/v1/fleet/invites/{id}", h.DeleteInvite).Methods("DELETE").Name("delete_invite")
r.Handle("/api/v1/fleet/invites/{token}", h.VerifyInvite).Methods("GET").Name("verify_invite")
r.Handle("/api/v1/fleet/email/change/{token}", h.ChangeEmail).Methods("GET").Name("change_email")
r.Handle("/api/v1/fleet/queries/{id}", h.GetQuery).Methods("GET").Name("get_query")
r.Handle("/api/v1/fleet/queries", h.ListQueries).Methods("GET").Name("list_queries")
r.Handle("/api/v1/fleet/queries", h.CreateQuery).Methods("POST").Name("create_query")
r.Handle("/api/v1/fleet/queries/{id}", h.ModifyQuery).Methods("PATCH").Name("modify_query")
r.Handle("/api/v1/fleet/queries/{name}", h.DeleteQuery).Methods("DELETE").Name("delete_query")
r.Handle("/api/v1/fleet/queries/id/{id}", h.DeleteQueryByID).Methods("DELETE").Name("delete_query_by_id")
r.Handle("/api/v1/fleet/queries/delete", h.DeleteQueries).Methods("POST").Name("delete_queries")
r.Handle("/api/v1/fleet/spec/queries", h.ApplyQuerySpecs).Methods("POST").Name("apply_query_specs")
r.Handle("/api/v1/fleet/spec/queries", h.GetQuerySpecs).Methods("GET").Name("get_query_specs")
r.Handle("/api/v1/fleet/spec/queries/{name}", h.GetQuerySpec).Methods("GET").Name("get_query_spec")
r.Handle("/api/v1/fleet/queries/run", h.CreateDistributedQueryCampaign).Methods("POST").Name("create_distributed_query_campaign")
r.Handle("/api/v1/fleet/queries/run_by_names", h.CreateDistributedQueryCampaignByNames).Methods("POST").Name("create_distributed_query_campaign_by_names")
r.Handle("/api/v1/fleet/packs", h.CreatePack).Methods("POST").Name("create_pack")
r.Handle("/api/v1/fleet/packs/{id}", h.ModifyPack).Methods("PATCH").Name("modify_pack")
r.Handle("/api/v1/fleet/packs/{id}", h.GetPack).Methods("GET").Name("get_pack")
r.Handle("/api/v1/fleet/packs", h.ListPacks).Methods("GET").Name("list_packs")
r.Handle("/api/v1/fleet/packs/{name}", h.DeletePack).Methods("DELETE").Name("delete_pack")
r.Handle("/api/v1/fleet/packs/id/{id}", h.DeletePackByID).Methods("DELETE").Name("delete_pack_by_id")
r.Handle("/api/v1/fleet/packs/{id}/scheduled", h.GetScheduledQueriesInPack).Methods("GET").Name("get_scheduled_queries_in_pack")
r.Handle("/api/v1/fleet/schedule", h.ScheduleQuery).Methods("POST").Name("schedule_query")
r.Handle("/api/v1/fleet/schedule/{id}", h.GetScheduledQuery).Methods("GET").Name("get_scheduled_query")
r.Handle("/api/v1/fleet/schedule/{id}", h.ModifyScheduledQuery).Methods("PATCH").Name("modify_scheduled_query")
r.Handle("/api/v1/fleet/schedule/{id}", h.DeleteScheduledQuery).Methods("DELETE").Name("delete_scheduled_query")
r.Handle("/api/v1/fleet/spec/packs", h.ApplyPackSpecs).Methods("POST").Name("apply_pack_specs")
r.Handle("/api/v1/fleet/spec/packs", h.GetPackSpecs).Methods("GET").Name("get_pack_specs")
r.Handle("/api/v1/fleet/spec/packs/{name}", h.GetPackSpec).Methods("GET").Name("get_pack_spec")
r.Handle("/api/v1/fleet/labels", h.CreateLabel).Methods("POST").Name("create_label")
r.Handle("/api/v1/fleet/labels/{id}", h.ModifyLabel).Methods("PATCH").Name("modify_label")
r.Handle("/api/v1/fleet/labels/{id}", h.GetLabel).Methods("GET").Name("get_label")
r.Handle("/api/v1/fleet/labels", h.ListLabels).Methods("GET").Name("list_labels")
r.Handle("/api/v1/fleet/labels/{id}/hosts", h.ListHostsInLabel).Methods("GET").Name("list_hosts_in_label")
r.Handle("/api/v1/fleet/labels/{name}", h.DeleteLabel).Methods("DELETE").Name("delete_label")
r.Handle("/api/v1/fleet/labels/id/{id}", h.DeleteLabelByID).Methods("DELETE").Name("delete_label_by_id")
r.Handle("/api/v1/fleet/spec/labels", h.ApplyLabelSpecs).Methods("POST").Name("apply_label_specs")
r.Handle("/api/v1/fleet/spec/labels", h.GetLabelSpecs).Methods("GET").Name("get_label_specs")
r.Handle("/api/v1/fleet/spec/labels/{name}", h.GetLabelSpec).Methods("GET").Name("get_label_spec")
r.Handle("/api/v1/fleet/hosts", h.ListHosts).Methods("GET").Name("list_hosts")
r.Handle("/api/v1/fleet/host_summary", h.GetHostSummary).Methods("GET").Name("get_host_summary")
r.Handle("/api/v1/fleet/hosts/{id}", h.GetHost).Methods("GET").Name("get_host")
r.Handle("/api/v1/fleet/hosts/identifier/{identifier}", h.HostByIdentifier).Methods("GET").Name("host_by_identifier")
r.Handle("/api/v1/fleet/hosts/{id}", h.DeleteHost).Methods("DELETE").Name("delete_host")
Move and refactor host team transfer endpoint (#778) - Move API endpoint to `/hosts/transfer`. - Refactor service and datastore methods from teams to hosts.
2021-05-17 19:23:21 +00:00
r.Handle("/api/v1/fleet/hosts/transfer", h.AddHostsToTeam).Methods("POST").Name("add_hosts_to_team")
Implement add hosts to team by filters API (#866) - Add hosts to team using label, status, and query filters. - Documentation (+ docs for regular add hosts to team).
2021-05-26 04:29:52 +00:00
r.Handle("/api/v1/fleet/hosts/transfer/filter", h.AddHostsToTeamByFilter).Methods("POST").Name("add_hosts_to_team_by_filter")
Add refetch host API (#767) This allows the host details to be refetched on the next check in, rather than waiting for the normal interval to go by. Associated UI changes are in-progress. - Migration and service methods for requesting refetch. - Expose refetch over API. - Change detail query logic to respect this flag.
2021-05-13 20:09:22 +00:00
r.Handle("/api/v1/fleet/hosts/{id}/refetch", h.RefetchHost).Methods("POST").Name("refetch_host")
Deprecate /api/v1/kolide routes (#297) - Support both /api/v1/fleet and /api/v1/kolide routes in server. - Add logging for use of deprecated routes. - Rename routes in frontend JS. - Rename routes and add notes in documentation.
2021-02-10 20:13:11 +00:00
r.Handle("/api/v1/fleet/targets", h.SearchTargets).Methods("POST").Name("search_targets")
Add version endpoint to API (#549) Part of #371
2021-03-27 01:03:31 +00:00
r.Handle("/api/v1/fleet/version", h.Version).Methods("GET").Name("version")
Deprecate /api/v1/kolide routes (#297) - Support both /api/v1/fleet and /api/v1/kolide routes in server. - Add logging for use of deprecated routes. - Rename routes in frontend JS. - Rename routes and add notes in documentation.
2021-02-10 20:13:11 +00:00
r.Handle("/api/v1/fleet/status/result_store", h.StatusResultStore).Methods("GET").Name("status_result_store")
r.Handle("/api/v1/fleet/status/live_query", h.StatusLiveQuery).Methods("GET").Name("status_live_query")
r.Handle("/api/v1/fleet/carves", h.ListCarves).Methods("GET").Name("list_carves")
r.Handle("/api/v1/fleet/carves/{id}", h.GetCarve).Methods("GET").Name("get_carve")
r.Handle("/api/v1/fleet/carves/{id}/block/{block_id}", h.GetCarveBlock).Methods("GET").Name("get_carve_block")
Add file carving support (#15) - Add endpoints for osquery to register and continue a carve. - Implement client functionality for retrieving carve details and contents in fleetctl. - Add documentation on using file carving with Fleet. Addresses kolide/fleet#1714
2020-11-05 04:45:16 +00:00
Initial work on user team information storage and retrieval (#483) There are more migrations to come, but this is a foundation for the DB changes that will be needed for Teams.
2021-03-18 04:59:00 +00:00
r.Handle("/api/v1/fleet/teams", h.CreateTeam).Methods("POST").Name("create_team")
Add list teams endpoint (#601)
2021-04-06 18:40:14 +00:00
r.Handle("/api/v1/fleet/teams", h.ListTeams).Methods("GET").Name("list_teams")
Initial work on user team information storage and retrieval (#483) There are more migrations to come, but this is a foundation for the DB changes that will be needed for Teams.
2021-03-18 04:59:00 +00:00
r.Handle("/api/v1/fleet/teams/{id}", h.ModifyTeam).Methods("PATCH").Name("modify_team")
Add delete teams endpoints (#666) Tested to work with frontend calls.
2021-04-20 17:20:52 +00:00
r.Handle("/api/v1/fleet/teams/{id}", h.DeleteTeam).Methods("DELETE").Name("delete_team")
Implement API endpoints for Teams agent options (#757) - Add agent options endpoint. - Remove setting agent options from standard modify team endpoint.
2021-05-12 17:38:00 +00:00
r.Handle("/api/v1/fleet/teams/{id}/agent_options", h.ModifyTeamAgentOptions).Methods("POST").Name("modify_team_agent_options")
Add team user management (#672) - Add list team users endpoint. - Add add/delete team users endpoints. - Update list users to support filter by team.
2021-04-22 03:54:09 +00:00
r.Handle("/api/v1/fleet/teams/{id}/users", h.ListTeamUsers).Methods("GET").Name("team_users")
r.Handle("/api/v1/fleet/teams/{id}/users", h.AddTeamUsers).Methods("PATCH").Name("add_team_users")
r.Handle("/api/v1/fleet/teams/{id}/users", h.DeleteTeamUsers).Methods("DELETE").Name("delete_team_users")
Refactor enroll secrets to support Teams (#903) - Add `team_id` field to secrets. - Remove secret `name` and `active` fields (migration deletes inactive secrets). - Assign hosts to Team based on secret provided. - Add API for retrieving secrets by Team.
2021-05-31 16:02:05 +00:00
r.Handle("/api/v1/fleet/teams/{id}/secrets", h.TeamEnrollSecrets).Methods("GET").Name("get_team_enroll_secrets")
Initial work on user team information storage and retrieval (#483) There are more migrations to come, but this is a foundation for the DB changes that will be needed for Teams.
2021-03-18 04:59:00 +00:00
add prometheus metrics to every http endpoint in the app (#680) tracking the following metrics: http_request_duration_microseconds http_request_size_bytes http_response_size_bytes http_requests_total
2016-12-22 17:39:44 +00:00
r.Handle("/api/v1/osquery/enroll", h.EnrollAgent).Methods("POST").Name("enroll_agent")
r.Handle("/api/v1/osquery/config", h.GetClientConfig).Methods("POST").Name("get_client_config")
r.Handle("/api/v1/osquery/distributed/read", h.GetDistributedQueries).Methods("POST").Name("get_distributed_queries")
r.Handle("/api/v1/osquery/distributed/write", h.SubmitDistributedQueryResults).Methods("POST").Name("submit_distributed_query_results")
r.Handle("/api/v1/osquery/log", h.SubmitLogs).Methods("POST").Name("submit_logs")
Add file carving support (#15) - Add endpoints for osquery to register and continue a carve. - Implement client functionality for retrieving carve details and contents in fleetctl. - Add documentation on using file carving with Fleet. Addresses kolide/fleet#1714
2020-11-05 04:45:16 +00:00
r.Handle("/api/v1/osquery/carve/begin", h.CarveBegin).Methods("POST").Name("carve_begin")
r.Handle("/api/v1/osquery/carve/block", h.CarveBlock).Methods("POST").Name("carve_block")
Issue 1324 add activity feed (#1343) * Add activities generation * Add activities endpoint * Fix merge error * Fix indentation issue * Add changes file * Address PR review comments * Add mock activity func * Address codacy warings * Set foreign key but on delete set null * Make user_id set to null if deleted
2021-07-13 19:54:22 +00:00
r.Handle("/api/v1/fleet/activities", h.ListActivities).Methods("GET").Name("list_activities")
Create context packages (#228) add token context package add viewer context package add host context package update authenticated middleware to set viewer context or return error re-organize API handler
2016-09-26 17:14:39 +00:00
}
create first time setup endpoint (#436) The endpoint is only active if there are no users in the datastore. While the endpoint is active, it also disables all the other API endpoints, and /config returns `{"require_setup":true}` for #378
2016-11-09 17:19:07 +00:00
Minor code/comment cleanups (#47) - Fixes an initialization error panic to a fatal log
2020-11-18 19:10:55 +00:00
// WithSetup is an http middleware that checks if setup procedures have been completed.
Licensed endpoints (#1188)
2017-02-09 18:43:45 +00:00
// If setup hasn't been completed it serves the API with a setup middleware.
create first time setup endpoint (#436) The endpoint is only active if there are no users in the datastore. While the endpoint is active, it also disables all the other API endpoints, and /config returns `{"require_setup":true}` for #378
2016-11-09 17:19:07 +00:00
// If the server is already configured, the default API handler is exposed.
Remove kolide types and packages from backend (#974) Generally renamed `kolide` -> `fleet`
2021-06-06 22:07:29 +00:00
func WithSetup(svc fleet.Service, logger kitlog.Logger, next http.Handler) http.HandlerFunc {
enbable API route after setup is complete (#564) Fixes #563
2016-12-02 18:46:31 +00:00
return func(w http.ResponseWriter, r *http.Request) {
configRouter := http.NewServeMux()
configRouter.Handle("/api/v1/setup", kithttp.NewServer(
makeSetupEndpoint(svc),
decodeSetupRequest,
encodeResponse,
))
allow osqueryd endpoints to enroll before app setup is complete (#931) Closes #929
2017-01-12 00:40:58 +00:00
// whitelist osqueryd endpoints
if strings.HasPrefix(r.URL.Path, "/api/v1/osquery") {
next.ServeHTTP(w, r)
return
}
Add authorization checks in service (#938) - Add policy.rego file defining authorization policies. - Add Go integrations to evaluate Rego policies (via OPA). - Add middleware to ensure requests without authorization check are rejected (guard against programmer error). - Add authorization checks to most service endpoints.
2021-06-03 23:24:15 +00:00
requireSetup, err := svc.SetupRequired(context.Background())
Licensed endpoints (#1188)
2017-02-09 18:43:45 +00:00
if err != nil {
logger.Log("msg", "fetching setup info from db", "err", err)
w.WriteHeader(http.StatusInternalServerError)
return
}
if requireSetup {
enbable API route after setup is complete (#564) Fixes #563
2016-12-02 18:46:31 +00:00
configRouter.ServeHTTP(w, r)
Licensed endpoints (#1188)
2017-02-09 18:43:45 +00:00
return
enbable API route after setup is complete (#564) Fixes #563
2016-12-02 18:46:31 +00:00
}
Licensed endpoints (#1188)
2017-02-09 18:43:45 +00:00
next.ServeHTTP(w, r)
create first time setup endpoint (#436) The endpoint is only active if there are no users in the datastore. While the endpoint is active, it also disables all the other API endpoints, and /config returns `{"require_setup":true}` for #378
2016-11-09 17:19:07 +00:00
}
}
Redirect frontend routes to setup if setup is not configured. (#721) Closes #617
2016-12-29 23:36:36 +00:00
// RedirectLoginToSetup detects if the setup endpoint should be used. If setup is required it redirect all
// frontend urls to /setup, otherwise the frontend router is used.
Remove kolide types and packages from backend (#974) Generally renamed `kolide` -> `fleet`
2021-06-06 22:07:29 +00:00
func RedirectLoginToSetup(svc fleet.Service, logger kitlog.Logger, next http.Handler, urlPrefix string) http.HandlerFunc {
Redirect frontend routes to setup if setup is not configured. (#721) Closes #617
2016-12-29 23:36:36 +00:00
return func(w http.ResponseWriter, r *http.Request) {
redirect := http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
removing license code (#1551)
2017-09-01 16:42:46 +00:00
if r.URL.Path == "/setup" {
Redirect frontend routes to setup if setup is not configured. (#721) Closes #617
2016-12-29 23:36:36 +00:00
next.ServeHTTP(w, r)
return
}
newURL := r.URL
Add ability to prefix Fleet URLs (#2112) - Add the server_url_prefix flag for configuring this functionality - Add prefix handling to the server routes - Refactor JS to use appropriate paths from modules - Use JS template to get URL prefix into JS environment - Update webpack config to support prefixing Thanks to securityonion.net for sponsoring the development of this feature. Closes #1661
2019-10-16 23:40:45 +00:00
newURL.Path = urlPrefix + "/setup"
Redirect frontend routes to setup if setup is not configured. (#721) Closes #617
2016-12-29 23:36:36 +00:00
http.Redirect(w, r, newURL.String(), http.StatusTemporaryRedirect)
})
Licensed endpoints (#1188)
2017-02-09 18:43:45 +00:00
Add authorization checks in service (#938) - Add policy.rego file defining authorization policies. - Add Go integrations to evaluate Rego policies (via OPA). - Add middleware to ensure requests without authorization check are rejected (guard against programmer error). - Add authorization checks to most service endpoints.
2021-06-03 23:24:15 +00:00
setupRequired, err := svc.SetupRequired(context.Background())
Licensed endpoints (#1188)
2017-02-09 18:43:45 +00:00
if err != nil {
removing license code (#1551)
2017-09-01 16:42:46 +00:00
logger.Log("msg", "fetching setupinfo from db", "err", err)
Licensed endpoints (#1188)
2017-02-09 18:43:45 +00:00
w.WriteHeader(http.StatusInternalServerError)
return
}
if setupRequired {
Redirect frontend routes to setup if setup is not configured. (#721) Closes #617
2016-12-29 23:36:36 +00:00
redirect.ServeHTTP(w, r)
Licensed endpoints (#1188)
2017-02-09 18:43:45 +00:00
return
Redirect frontend routes to setup if setup is not configured. (#721) Closes #617
2016-12-29 23:36:36 +00:00
}
Add ability to prefix Fleet URLs (#2112) - Add the server_url_prefix flag for configuring this functionality - Add prefix handling to the server routes - Refactor JS to use appropriate paths from modules - Use JS template to get URL prefix into JS environment - Update webpack config to support prefixing Thanks to securityonion.net for sponsoring the development of this feature. Closes #1661
2019-10-16 23:40:45 +00:00
RedirectSetupToLogin(svc, logger, next, urlPrefix).ServeHTTP(w, r)
create first time setup endpoint (#436) The endpoint is only active if there are no users in the datastore. While the endpoint is active, it also disables all the other API endpoints, and /config returns `{"require_setup":true}` for #378
2016-11-09 17:19:07 +00:00
}
}
removing license code (#1551)
2017-09-01 16:42:46 +00:00
// RedirectSetupToLogin forces the /setup path to be redirected to login. This middleware is used after
add middleware to redirect setup to login if the app has an admin (#900) user.
2017-01-11 19:05:07 +00:00
// the app has been setup.
Remove kolide types and packages from backend (#974) Generally renamed `kolide` -> `fleet`
2021-06-06 22:07:29 +00:00
func RedirectSetupToLogin(svc fleet.Service, logger kitlog.Logger, next http.Handler, urlPrefix string) http.HandlerFunc {
add middleware to redirect setup to login if the app has an admin (#900) user.
2017-01-11 19:05:07 +00:00
return func(w http.ResponseWriter, r *http.Request) {
if r.URL.Path == "/setup" {
newURL := r.URL
Add ability to prefix Fleet URLs (#2112) - Add the server_url_prefix flag for configuring this functionality - Add prefix handling to the server routes - Refactor JS to use appropriate paths from modules - Use JS template to get URL prefix into JS environment - Update webpack config to support prefixing Thanks to securityonion.net for sponsoring the development of this feature. Closes #1661
2019-10-16 23:40:45 +00:00
newURL.Path = urlPrefix + "/login"
add middleware to redirect setup to login if the app has an admin (#900) user.
2017-01-11 19:05:07 +00:00
http.Redirect(w, r, newURL.String(), http.StatusTemporaryRedirect)
return
}
next.ServeHTTP(w, r)
}
}
Reference in New Issue Copy Permalink