2022-06-01 23:05:05 +00:00
|
|
|
package service
|
|
|
|
|
|
|
|
import (
|
|
|
|
"bytes"
|
add headers denoting capabilities between fleet server / desktop / orbit (#7833)
This adds a new mechanism to allow us to handle compatibility issues between Orbit, Fleet Server and Fleet Desktop.
The general idea is to _always_ send a custom header of the form:
```
fleet-capabilities-header = "X-Fleet-Capabilities:" capabilities
capabilities = capability * (,)
capability = string
```
Both from the server to the clients (Orbit, Fleet Desktop) and vice-versa. For an example, see: https://github.com/fleetdm/fleet/commit/8c0bbdd291f54e03e19766bcdfead0fb8067f60c
Also, the following applies:
- Backwards compat: if the header is not present, assume that orbit/fleet doesn't have the capability
- The current capabilities endpoint will be removed
### Motivation
This solution is trying to solve the following problems:
- We have three independent processes communicating with each other (Fleet Desktop, Orbit and Fleet Server). Each process can be updated independently, and therefore we need a way for each process to know what features are supported by its peers.
- We originally implemented a dedicated API endpoint in the server that returned a list of the capabilities (or "features") enabled, we found this, and any other server-only solution (like API versioning) to be insufficient because:
- There are cases in which the server also needs to know which features are supported by its clients
- Clients needed to poll for changes to detect if the capabilities supported by the server change, by sending the capabilities on each request we have a much cleaner way to handling different responses.
- We are also introducing an unauthenticated endpoint to get the server features, this gives us flexibility if we need to implement different authentication mechanisms, and was one of the pitfalls of the first implementation.
Related to https://github.com/fleetdm/fleet/issues/7929
2022-09-26 10:53:53 +00:00
|
|
|
"io"
|
2022-06-01 23:05:05 +00:00
|
|
|
"net/http"
|
|
|
|
"testing"
|
|
|
|
|
|
|
|
"github.com/stretchr/testify/require"
|
|
|
|
)
|
|
|
|
|
|
|
|
type mockHttpClient struct {
|
|
|
|
resBody string
|
|
|
|
statusCode int
|
|
|
|
err error
|
|
|
|
}
|
|
|
|
|
|
|
|
func (m *mockHttpClient) Do(req *http.Request) (*http.Response, error) {
|
|
|
|
if m.err != nil {
|
|
|
|
return nil, m.err
|
|
|
|
}
|
|
|
|
|
|
|
|
res := &http.Response{
|
|
|
|
StatusCode: m.statusCode,
|
add headers denoting capabilities between fleet server / desktop / orbit (#7833)
This adds a new mechanism to allow us to handle compatibility issues between Orbit, Fleet Server and Fleet Desktop.
The general idea is to _always_ send a custom header of the form:
```
fleet-capabilities-header = "X-Fleet-Capabilities:" capabilities
capabilities = capability * (,)
capability = string
```
Both from the server to the clients (Orbit, Fleet Desktop) and vice-versa. For an example, see: https://github.com/fleetdm/fleet/commit/8c0bbdd291f54e03e19766bcdfead0fb8067f60c
Also, the following applies:
- Backwards compat: if the header is not present, assume that orbit/fleet doesn't have the capability
- The current capabilities endpoint will be removed
### Motivation
This solution is trying to solve the following problems:
- We have three independent processes communicating with each other (Fleet Desktop, Orbit and Fleet Server). Each process can be updated independently, and therefore we need a way for each process to know what features are supported by its peers.
- We originally implemented a dedicated API endpoint in the server that returned a list of the capabilities (or "features") enabled, we found this, and any other server-only solution (like API versioning) to be insufficient because:
- There are cases in which the server also needs to know which features are supported by its clients
- Clients needed to poll for changes to detect if the capabilities supported by the server change, by sending the capabilities on each request we have a much cleaner way to handling different responses.
- We are also introducing an unauthenticated endpoint to get the server features, this gives us flexibility if we need to implement different authentication mechanisms, and was one of the pitfalls of the first implementation.
Related to https://github.com/fleetdm/fleet/issues/7929
2022-09-26 10:53:53 +00:00
|
|
|
Body: io.NopCloser(bytes.NewBufferString(m.resBody)),
|
2022-06-01 23:05:05 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
return res, nil
|
|
|
|
}
|
|
|
|
|
add headers denoting capabilities between fleet server / desktop / orbit (#7833)
This adds a new mechanism to allow us to handle compatibility issues between Orbit, Fleet Server and Fleet Desktop.
The general idea is to _always_ send a custom header of the form:
```
fleet-capabilities-header = "X-Fleet-Capabilities:" capabilities
capabilities = capability * (,)
capability = string
```
Both from the server to the clients (Orbit, Fleet Desktop) and vice-versa. For an example, see: https://github.com/fleetdm/fleet/commit/8c0bbdd291f54e03e19766bcdfead0fb8067f60c
Also, the following applies:
- Backwards compat: if the header is not present, assume that orbit/fleet doesn't have the capability
- The current capabilities endpoint will be removed
### Motivation
This solution is trying to solve the following problems:
- We have three independent processes communicating with each other (Fleet Desktop, Orbit and Fleet Server). Each process can be updated independently, and therefore we need a way for each process to know what features are supported by its peers.
- We originally implemented a dedicated API endpoint in the server that returned a list of the capabilities (or "features") enabled, we found this, and any other server-only solution (like API versioning) to be insufficient because:
- There are cases in which the server also needs to know which features are supported by its clients
- Clients needed to poll for changes to detect if the capabilities supported by the server change, by sending the capabilities on each request we have a much cleaner way to handling different responses.
- We are also introducing an unauthenticated endpoint to get the server features, this gives us flexibility if we need to implement different authentication mechanisms, and was one of the pitfalls of the first implementation.
Related to https://github.com/fleetdm/fleet/issues/7929
2022-09-26 10:53:53 +00:00
|
|
|
func TestDeviceClientGetDesktopPayload(t *testing.T) {
|
2022-10-10 20:15:35 +00:00
|
|
|
client, err := NewDeviceClient("https://test.com", true, "")
|
|
|
|
token := "test_token"
|
2022-06-01 23:05:05 +00:00
|
|
|
require.NoError(t, err)
|
|
|
|
|
|
|
|
mockRequestDoer := &mockHttpClient{}
|
|
|
|
client.http = mockRequestDoer
|
|
|
|
|
|
|
|
t.Run("with wrong license", func(t *testing.T) {
|
|
|
|
mockRequestDoer.statusCode = http.StatusPaymentRequired
|
2022-10-12 20:13:43 +00:00
|
|
|
_, err = client.NumberOfFailingPolicies(token)
|
2022-06-01 23:05:05 +00:00
|
|
|
require.ErrorIs(t, err, ErrMissingLicense)
|
|
|
|
})
|
|
|
|
|
2022-10-12 20:13:43 +00:00
|
|
|
t.Run("with no failing policies", func(t *testing.T) {
|
2022-06-01 23:05:05 +00:00
|
|
|
mockRequestDoer.statusCode = http.StatusOK
|
2022-10-12 20:13:43 +00:00
|
|
|
mockRequestDoer.resBody = `{}`
|
|
|
|
result, err := client.NumberOfFailingPolicies(token)
|
2022-06-01 23:05:05 +00:00
|
|
|
require.NoError(t, err)
|
2022-10-12 20:13:43 +00:00
|
|
|
require.Equal(t, uint(0), result)
|
2022-09-23 19:18:19 +00:00
|
|
|
})
|
|
|
|
|
2022-10-12 20:13:43 +00:00
|
|
|
t.Run("with failing policies", func(t *testing.T) {
|
2022-09-23 19:18:19 +00:00
|
|
|
mockRequestDoer.statusCode = http.StatusOK
|
2022-10-12 20:13:43 +00:00
|
|
|
mockRequestDoer.resBody = `{"failing_policies_count": 1}`
|
|
|
|
result, err := client.NumberOfFailingPolicies(token)
|
2022-09-23 19:18:19 +00:00
|
|
|
require.NoError(t, err)
|
2022-10-12 20:13:43 +00:00
|
|
|
require.Equal(t, uint(1), result)
|
2022-06-01 23:05:05 +00:00
|
|
|
})
|
|
|
|
}
|