fleet/server/service/hosts.go

1299 lines
38 KiB
Go
Raw Normal View History

package service
import (
"bytes"
"context"
"encoding/csv"
"encoding/json"
"fmt"
"io"
"net/http"
"strings"
2021-12-14 21:34:11 +00:00
"time"
"github.com/fleetdm/fleet/v4/server/contexts/authz"
"github.com/fleetdm/fleet/v4/server/contexts/ctxerr"
"github.com/fleetdm/fleet/v4/server/contexts/logging"
"github.com/fleetdm/fleet/v4/server/contexts/viewer"
"github.com/fleetdm/fleet/v4/server/fleet"
"github.com/gocarina/gocsv"
)
2021-12-14 21:34:11 +00:00
// HostResponse is the response struct that contains the full host information
// along with the host online status and the "display text" to be used when
// rendering in the UI.
type HostResponse struct {
*fleet.Host
Status fleet.HostStatus `json:"status" csv:"status"`
DisplayText string `json:"display_text" csv:"display_text"`
2022-10-08 12:57:46 +00:00
DisplayName string `json:"display_name" csv:"display_name"`
Labels []fleet.Label `json:"labels,omitempty" csv:"-"`
Geolocation *fleet.GeoLocation `json:"geolocation,omitempty" csv:"-"`
CSVDeviceMapping string `json:"-" db:"-" csv:"device_mapping"`
2021-12-14 21:34:11 +00:00
}
func hostResponseForHost(ctx context.Context, svc fleet.Service, host *fleet.Host) (*HostResponse, error) {
return &HostResponse{
Host: host,
Status: host.Status(time.Now()),
DisplayText: host.Hostname,
2022-10-08 12:57:46 +00:00
DisplayName: host.DisplayName(),
Geolocation: svc.LookupGeoIP(ctx, host.PublicIP),
2021-12-14 21:34:11 +00:00
}, nil
}
// HostDetailResponse is the response struct that contains the full host information
// with the HostDetail details.
type HostDetailResponse struct {
fleet.HostDetail
Status fleet.HostStatus `json:"status"`
DisplayText string `json:"display_text"`
Geolocation *fleet.GeoLocation `json:"geolocation,omitempty"`
2021-12-14 21:34:11 +00:00
}
func hostDetailResponseForHost(ctx context.Context, svc fleet.Service, host *fleet.HostDetail) (*HostDetailResponse, error) {
return &HostDetailResponse{
HostDetail: *host,
Status: host.Status(time.Now()),
DisplayText: host.Hostname,
Geolocation: svc.LookupGeoIP(ctx, host.PublicIP),
2021-12-14 21:34:11 +00:00
}, nil
}
////////////////////////////////////////////////////////////////////////////////
// List Hosts
////////////////////////////////////////////////////////////////////////////////
type listHostsRequest struct {
Opts fleet.HostListOptions `url:"host_options"`
}
type listHostsResponse struct {
Hosts []HostResponse `json:"hosts"`
Software *fleet.Software `json:"software,omitempty"`
// MDMSolution is populated with the MDM solution corresponding to the mdm_id
// filter if one is provided with the request (and it exists in the
// database). It is nil otherwise and absent of the JSON response payload.
MDMSolution *fleet.MDMSolution `json:"mobile_device_management_solution,omitempty"`
// MunkiIssue is populated with the munki issue corresponding to the
// munki_issue_id filter if one is provided with the request (and it exists
// in the database). It is nil otherwise and absent of the JSON response
// payload.
MunkiIssue *fleet.MunkiIssue `json:"munki_issue,omitempty"`
Err error `json:"error,omitempty"`
}
func (r listHostsResponse) error() error { return r.Err }
func listHostsEndpoint(ctx context.Context, request interface{}, svc fleet.Service) (interface{}, error) {
req := request.(*listHostsRequest)
var software *fleet.Software
if req.Opts.SoftwareIDFilter != nil {
var err error
software, err = svc.SoftwareByID(ctx, *req.Opts.SoftwareIDFilter, false)
if err != nil {
return listHostsResponse{Err: err}, nil
}
}
var mdmSolution *fleet.MDMSolution
if req.Opts.MDMIDFilter != nil {
var err error
mdmSolution, err = svc.GetMDMSolution(ctx, *req.Opts.MDMIDFilter)
if err != nil && !fleet.IsNotFound(err) { // ignore not found, just return nil for the MDM solution in that case
return listHostsResponse{Err: err}, nil
}
}
var munkiIssue *fleet.MunkiIssue
if req.Opts.MunkiIssueIDFilter != nil {
var err error
munkiIssue, err = svc.GetMunkiIssue(ctx, *req.Opts.MunkiIssueIDFilter)
if err != nil && !fleet.IsNotFound(err) { // ignore not found, just return nil for the munki issue in that case
return listHostsResponse{Err: err}, nil
}
}
hosts, err := svc.ListHosts(ctx, req.Opts)
if err != nil {
return listHostsResponse{Err: err}, nil
}
hostResponses := make([]HostResponse, len(hosts))
for i, host := range hosts {
h, err := hostResponseForHost(ctx, svc, host)
if err != nil {
return listHostsResponse{Err: err}, nil
}
hostResponses[i] = *h
}
return listHostsResponse{
Hosts: hostResponses,
Software: software,
MDMSolution: mdmSolution,
MunkiIssue: munkiIssue,
}, nil
}
func (svc *Service) GetMDMSolution(ctx context.Context, mdmID uint) (*fleet.MDMSolution, error) {
// require list hosts permission to view this information
if err := svc.authz.Authorize(ctx, &fleet.Host{}, fleet.ActionList); err != nil {
return nil, err
}
return svc.ds.GetMDMSolution(ctx, mdmID)
}
func (svc *Service) GetMunkiIssue(ctx context.Context, munkiIssueID uint) (*fleet.MunkiIssue, error) {
// require list hosts permission to view this information
if err := svc.authz.Authorize(ctx, &fleet.Host{}, fleet.ActionList); err != nil {
return nil, err
}
return svc.ds.GetMunkiIssue(ctx, munkiIssueID)
}
2021-12-14 21:34:11 +00:00
func (svc *Service) ListHosts(ctx context.Context, opt fleet.HostListOptions) ([]*fleet.Host, error) {
if err := svc.authz.Authorize(ctx, &fleet.Host{}, fleet.ActionList); err != nil {
return nil, err
}
vc, ok := viewer.FromContext(ctx)
if !ok {
return nil, fleet.ErrNoContext
}
filter := fleet.TeamFilter{User: vc.User, IncludeObserver: true}
if !svc.license.IsPremium() {
// the low disk space filter is premium-only
opt.LowDiskSpaceFilter = nil
}
return svc.ds.ListHosts(ctx, filter, opt)
}
/////////////////////////////////////////////////////////////////////////////////
2021-12-14 21:34:11 +00:00
// Delete Hosts
/////////////////////////////////////////////////////////////////////////////////
type deleteHostsRequest struct {
IDs []uint `json:"ids"`
Filters struct {
MatchQuery string `json:"query"`
Status fleet.HostStatus `json:"status"`
LabelID *uint `json:"label_id"`
TeamID *uint `json:"team_id"`
} `json:"filters"`
}
type deleteHostsResponse struct {
Err error `json:"error,omitempty"`
}
func (r deleteHostsResponse) error() error { return r.Err }
func deleteHostsEndpoint(ctx context.Context, request interface{}, svc fleet.Service) (interface{}, error) {
req := request.(*deleteHostsRequest)
listOpt := fleet.HostListOptions{
ListOptions: fleet.ListOptions{
MatchQuery: req.Filters.MatchQuery,
},
StatusFilter: req.Filters.Status,
TeamFilter: req.Filters.TeamID,
}
err := svc.DeleteHosts(ctx, req.IDs, listOpt, req.Filters.LabelID)
if err != nil {
return deleteHostsResponse{Err: err}, nil
}
return deleteHostsResponse{}, nil
}
2021-12-14 21:34:11 +00:00
func (svc *Service) DeleteHosts(ctx context.Context, ids []uint, opts fleet.HostListOptions, lid *uint) error {
if err := svc.authz.Authorize(ctx, &fleet.Host{}, fleet.ActionList); err != nil {
return err
}
if len(ids) > 0 && (lid != nil || !opts.Empty()) {
return &fleet.BadRequestError{Message: "Cannot specify a list of ids and filters at the same time"}
}
if len(ids) > 0 {
err := svc.checkWriteForHostIDs(ctx, ids)
if err != nil {
return err
}
return svc.ds.DeleteHosts(ctx, ids)
}
hostIDs, err := svc.hostIDsFromFilters(ctx, opts, lid)
if err != nil {
return err
}
if len(hostIDs) == 0 {
return nil
}
err = svc.checkWriteForHostIDs(ctx, hostIDs)
if err != nil {
return err
}
return svc.ds.DeleteHosts(ctx, hostIDs)
}
/////////////////////////////////////////////////////////////////////////////////
// Count
/////////////////////////////////////////////////////////////////////////////////
type countHostsRequest struct {
Opts fleet.HostListOptions `url:"host_options"`
LabelID *uint `query:"label_id,optional"`
}
type countHostsResponse struct {
Count int `json:"count"`
Err error `json:"error,omitempty"`
}
func (r countHostsResponse) error() error { return r.Err }
func countHostsEndpoint(ctx context.Context, request interface{}, svc fleet.Service) (interface{}, error) {
req := request.(*countHostsRequest)
count, err := svc.CountHosts(ctx, req.LabelID, req.Opts)
if err != nil {
return countHostsResponse{Err: err}, nil
}
return countHostsResponse{Count: count}, nil
}
2021-12-14 21:34:11 +00:00
func (svc *Service) CountHosts(ctx context.Context, labelID *uint, opts fleet.HostListOptions) (int, error) {
if err := svc.authz.Authorize(ctx, &fleet.Host{}, fleet.ActionList); err != nil {
return 0, err
}
return svc.countHostFromFilters(ctx, labelID, opts)
}
2021-12-14 21:34:11 +00:00
func (svc *Service) countHostFromFilters(ctx context.Context, labelID *uint, opt fleet.HostListOptions) (int, error) {
filter, err := processHostFilters(ctx, opt, nil)
if err != nil {
return 0, err
}
if !svc.license.IsPremium() {
// the low disk space filter is premium-only
opt.LowDiskSpaceFilter = nil
}
2021-12-14 21:34:11 +00:00
var count int
if labelID != nil {
count, err = svc.ds.CountHostsInLabel(ctx, filter, *labelID, opt)
} else {
count, err = svc.ds.CountHosts(ctx, filter, opt)
}
if err != nil {
return 0, err
}
return count, nil
}
2022-06-10 18:29:45 +00:00
/////////////////////////////////////////////////////////////////////////////////
// Search
/////////////////////////////////////////////////////////////////////////////////
type searchHostsRequest struct {
// MatchQuery is the query SQL
MatchQuery string `json:"query"`
// QueryID is the ID of a saved query to run (used to determine if this is a
// query that observers can run).
QueryID *uint `json:"query_id"`
// ExcludedHostIDs is the list of IDs selected on the caller side
// (e.g. the UI) that will be excluded from the returned payload.
ExcludedHostIDs []uint `json:"excluded_host_ids"`
}
type searchHostsResponse struct {
Hosts []*hostSearchResult `json:"hosts"`
Err error `json:"error,omitempty"`
}
func (r searchHostsResponse) error() error { return r.Err }
func searchHostsEndpoint(ctx context.Context, request interface{}, svc fleet.Service) (interface{}, error) {
req := request.(*searchHostsRequest)
hosts, err := svc.SearchHosts(ctx, req.MatchQuery, req.QueryID, req.ExcludedHostIDs)
if err != nil {
return searchHostsResponse{Err: err}, nil
}
results := []*hostSearchResult{}
for _, h := range hosts {
results = append(results,
&hostSearchResult{
HostResponse{
Host: h,
Status: h.Status(time.Now()),
},
h.Hostname,
},
)
}
return searchHostsResponse{
Hosts: results,
}, nil
}
func (svc *Service) SearchHosts(ctx context.Context, matchQuery string, queryID *uint, excludedHostIDs []uint) ([]*fleet.Host, error) {
if err := svc.authz.Authorize(ctx, &fleet.Host{}, fleet.ActionRead); err != nil {
return nil, err
}
vc, ok := viewer.FromContext(ctx)
if !ok {
return nil, fleet.ErrNoContext
}
includeObserver := false
if queryID != nil {
canRun, err := svc.ds.ObserverCanRunQuery(ctx, *queryID)
if err != nil {
return nil, err
}
includeObserver = canRun
}
filter := fleet.TeamFilter{User: vc.User, IncludeObserver: includeObserver}
results := []*fleet.Host{}
hosts, err := svc.ds.SearchHosts(ctx, filter, matchQuery, excludedHostIDs...)
if err != nil {
return nil, err
}
results = append(results, hosts...)
return results, nil
}
/////////////////////////////////////////////////////////////////////////////////
// Get host
/////////////////////////////////////////////////////////////////////////////////
2021-12-14 21:34:11 +00:00
type getHostRequest struct {
ID uint `url:"id"`
}
type getHostResponse struct {
Host *HostDetailResponse `json:"host"`
Err error `json:"error,omitempty"`
}
func (r getHostResponse) error() error { return r.Err }
func getHostEndpoint(ctx context.Context, request interface{}, svc fleet.Service) (interface{}, error) {
req := request.(*getHostRequest)
opts := fleet.HostDetailOptions{
IncludeCVEScores: false,
IncludePolicies: true, // intentionally true to preserve existing behavior
}
host, err := svc.GetHost(ctx, req.ID, opts)
if err != nil {
return getHostResponse{Err: err}, nil
}
resp, err := hostDetailResponseForHost(ctx, svc, host)
if err != nil {
return getHostResponse{Err: err}, nil
}
return getHostResponse{Host: resp}, nil
}
func (svc *Service) GetHost(ctx context.Context, id uint, opts fleet.HostDetailOptions) (*fleet.HostDetail, error) {
Merge pull request from GHSA-pr2g-j78h-84cr * Fix access control issues with users * Fix access control issues with packs * Fix access control issues with software * Changes suggested by Martin * All users can access the global schedule * Restrict access to activities * Add explicit test for team admin escalation vuln * All global users should be able to read all software * Handbook editor pass - Security - GitHub Security (#5108) * Update security.md All edits are recorded by line: 395 replaced “open-source” with “open source” 411 replaced “open-source” with “open source” 439 added “the” before “comment”; replaced “repositories,” with “repositories” 445 deleted “being” before “located” 458 added “and” after “PR” 489 replaced “on” with “in” 493 replaced “open-source” with “open source”; Replaced “privileges,” with “privileges” * Update security.md line 479 * Update security.md added (static analysis tools used to identify problems in code) to line 479 * Fix UI * Fix UI * revert api v1 to latest in documentation (#5149) * revert api v1 to latest in documentation * Update fleetctl doc page Co-authored-by: Noah Talerman <noahtal@umich.edu> * Add team admin team policy automation; fix e2e * Update to company page of the handbook (#5164) Updated "Why do we use a wireframe-first approach?" section of company.md * removed extra data on smaller screens (#5154) * Update for team automations; e2e * Jira Integration: Cypress e2e tests only (#5055) * Update company.md (#5170) This is to update the formatting under "empathy" and to fix the spelling of "help text." This was done as per @mikermcneil . This is related to #https://github.com/fleetdm/fleet/pull/4941 and https://github.com/fleetdm/fleet/issues/4902 * fix update updated_at for aggregated_stats (#5112) Update the updated_at column when using ON DUPLICATE UPDATE so that the counts_updated_at is up to date * basic sql formatting in code ie whitespace around operators * Fix e2e test * Fix tests in server/authz Co-authored-by: gillespi314 <73313222+gillespi314@users.noreply.github.com> Co-authored-by: Desmi-Dizney <99777687+Desmi-Dizney@users.noreply.github.com> Co-authored-by: Michal Nicpon <39177923+michalnicp@users.noreply.github.com> Co-authored-by: Noah Talerman <noahtal@umich.edu> Co-authored-by: Mike Thomas <78363703+mike-j-thomas@users.noreply.github.com> Co-authored-by: Martavis Parker <47053705+martavis@users.noreply.github.com> Co-authored-by: RachelElysia <71795832+RachelElysia@users.noreply.github.com>
2022-04-18 17:27:30 +00:00
alreadyAuthd := svc.authz.IsAuthenticatedWith(ctx, authz.AuthnDeviceToken)
if !alreadyAuthd {
// First ensure the user has access to list hosts, then check the specific
// host once team_id is loaded.
if err := svc.authz.Authorize(ctx, &fleet.Host{}, fleet.ActionList); err != nil {
return nil, err
}
2021-12-14 21:34:11 +00:00
}
host, err := svc.ds.Host(ctx, id)
2021-12-14 21:34:11 +00:00
if err != nil {
return nil, ctxerr.Wrap(ctx, err, "get host")
}
if !alreadyAuthd {
// Authorize again with team loaded now that we have team_id
if err := svc.authz.Authorize(ctx, host, fleet.ActionRead); err != nil {
return nil, err
}
2021-12-14 21:34:11 +00:00
}
hostDetails, err := svc.getHostDetails(ctx, host, opts)
if err != nil {
return nil, err
}
return hostDetails, nil
2021-12-14 21:34:11 +00:00
}
func (svc *Service) checkWriteForHostIDs(ctx context.Context, ids []uint) error {
for _, id := range ids {
host, err := svc.ds.HostLite(ctx, id)
if err != nil {
return ctxerr.Wrap(ctx, err, "get host for delete")
}
// Authorize again with team loaded now that we have team_id
if err := svc.authz.Authorize(ctx, host, fleet.ActionWrite); err != nil {
return err
}
}
return nil
}
////////////////////////////////////////////////////////////////////////////////
// Get Host Summary
////////////////////////////////////////////////////////////////////////////////
type getHostSummaryRequest struct {
TeamID *uint `query:"team_id,optional"`
Platform *string `query:"platform,optional"`
LowDiskSpace *int `query:"low_disk_space,optional"`
}
type getHostSummaryResponse struct {
fleet.HostSummary
Err error `json:"error,omitempty"`
}
func (r getHostSummaryResponse) error() error { return r.Err }
func getHostSummaryEndpoint(ctx context.Context, request interface{}, svc fleet.Service) (interface{}, error) {
req := request.(*getHostSummaryRequest)
if req.LowDiskSpace != nil {
if *req.LowDiskSpace < 1 || *req.LowDiskSpace > 100 {
err := ctxerr.Errorf(ctx, "invalid low_disk_space threshold, must be between 1 and 100: %d", *req.LowDiskSpace)
return getHostSummaryResponse{Err: err}, nil
}
}
summary, err := svc.GetHostSummary(ctx, req.TeamID, req.Platform, req.LowDiskSpace)
if err != nil {
return getHostSummaryResponse{Err: err}, nil
}
resp := getHostSummaryResponse{
HostSummary: *summary,
}
return resp, nil
}
func (svc *Service) GetHostSummary(ctx context.Context, teamID *uint, platform *string, lowDiskSpace *int) (*fleet.HostSummary, error) {
if err := svc.authz.Authorize(ctx, &fleet.Host{TeamID: teamID}, fleet.ActionList); err != nil {
return nil, err
}
vc, ok := viewer.FromContext(ctx)
if !ok {
return nil, fleet.ErrNoContext
}
filter := fleet.TeamFilter{User: vc.User, IncludeObserver: true, TeamID: teamID}
if !svc.license.IsPremium() {
lowDiskSpace = nil
}
hostSummary, err := svc.ds.GenerateHostStatusStatistics(ctx, filter, svc.clock.Now(), platform, lowDiskSpace)
if err != nil {
return nil, err
}
linuxCount := uint(0)
for _, p := range hostSummary.Platforms {
if fleet.IsLinux(p.Platform) {
linuxCount += p.HostsCount
}
}
hostSummary.AllLinuxCount = linuxCount
labelsSummary, err := svc.ds.LabelsSummary(ctx)
if err != nil {
return nil, err
}
// TODO: should query for "All linux" label be updated to use `platform` from `os_version` table
// so that the label tracks the way platforms are handled here in the host summary?
var builtinLabels []*fleet.LabelSummary
for _, l := range labelsSummary {
if l.LabelType == fleet.LabelTypeBuiltIn {
builtinLabels = append(builtinLabels, l)
}
}
hostSummary.BuiltinLabels = builtinLabels
return hostSummary, nil
}
2021-12-14 21:34:11 +00:00
////////////////////////////////////////////////////////////////////////////////
// Get Host By Identifier
////////////////////////////////////////////////////////////////////////////////
type hostByIdentifierRequest struct {
Identifier string `url:"identifier"`
}
func hostByIdentifierEndpoint(ctx context.Context, request interface{}, svc fleet.Service) (interface{}, error) {
req := request.(*hostByIdentifierRequest)
opts := fleet.HostDetailOptions{
IncludeCVEScores: false,
IncludePolicies: true, // intentionally true to preserve existing behavior
}
host, err := svc.HostByIdentifier(ctx, req.Identifier, opts)
2021-12-14 21:34:11 +00:00
if err != nil {
return getHostResponse{Err: err}, nil
}
resp, err := hostDetailResponseForHost(ctx, svc, host)
if err != nil {
return getHostResponse{Err: err}, nil
}
return getHostResponse{
Host: resp,
}, nil
}
func (svc *Service) HostByIdentifier(ctx context.Context, identifier string, opts fleet.HostDetailOptions) (*fleet.HostDetail, error) {
2021-12-14 21:34:11 +00:00
if err := svc.authz.Authorize(ctx, &fleet.Host{}, fleet.ActionList); err != nil {
return nil, err
}
host, err := svc.ds.HostByIdentifier(ctx, identifier)
if err != nil {
return nil, ctxerr.Wrap(ctx, err, "get host by identifier")
}
// Authorize again with team loaded now that we have team_id
if err := svc.authz.Authorize(ctx, host, fleet.ActionRead); err != nil {
return nil, err
}
hostDetails, err := svc.getHostDetails(ctx, host, opts)
if err != nil {
return nil, err
}
return hostDetails, nil
2021-12-14 21:34:11 +00:00
}
////////////////////////////////////////////////////////////////////////////////
// Delete Host
////////////////////////////////////////////////////////////////////////////////
type deleteHostRequest struct {
ID uint `url:"id"`
}
type deleteHostResponse struct {
Err error `json:"error,omitempty"`
}
func (r deleteHostResponse) error() error { return r.Err }
func deleteHostEndpoint(ctx context.Context, request interface{}, svc fleet.Service) (interface{}, error) {
req := request.(*deleteHostRequest)
err := svc.DeleteHost(ctx, req.ID)
if err != nil {
return deleteHostResponse{Err: err}, nil
}
return deleteHostResponse{}, nil
}
func (svc *Service) DeleteHost(ctx context.Context, id uint) error {
if err := svc.authz.Authorize(ctx, &fleet.Host{}, fleet.ActionList); err != nil {
return err
}
host, err := svc.ds.HostLite(ctx, id)
2021-12-14 21:34:11 +00:00
if err != nil {
return ctxerr.Wrap(ctx, err, "get host for delete")
}
// Authorize again with team loaded now that we have team_id
if err := svc.authz.Authorize(ctx, host, fleet.ActionWrite); err != nil {
return err
}
return svc.ds.DeleteHost(ctx, id)
}
////////////////////////////////////////////////////////////////////////////////
// Add Hosts to Team
////////////////////////////////////////////////////////////////////////////////
type addHostsToTeamRequest struct {
TeamID *uint `json:"team_id"`
HostIDs []uint `json:"hosts"`
}
type addHostsToTeamResponse struct {
Err error `json:"error,omitempty"`
}
func (r addHostsToTeamResponse) error() error { return r.Err }
func addHostsToTeamEndpoint(ctx context.Context, request interface{}, svc fleet.Service) (interface{}, error) {
req := request.(*addHostsToTeamRequest)
err := svc.AddHostsToTeam(ctx, req.TeamID, req.HostIDs)
if err != nil {
return addHostsToTeamResponse{Err: err}, nil
}
return addHostsToTeamResponse{}, err
}
func (svc *Service) AddHostsToTeam(ctx context.Context, teamID *uint, hostIDs []uint) error {
// This is currently treated as a "team write". If we ever give users
// besides global admins permissions to modify team hosts, we will need to
// check that the user has permissions for both the source and destination
// teams.
if err := svc.authz.Authorize(ctx, &fleet.Host{TeamID: teamID}, fleet.ActionWrite); err != nil {
return err
}
return svc.ds.AddHostsToTeam(ctx, teamID, hostIDs)
}
////////////////////////////////////////////////////////////////////////////////
// Add Hosts to Team by Filter
////////////////////////////////////////////////////////////////////////////////
type addHostsToTeamByFilterRequest struct {
TeamID *uint `json:"team_id"`
Filters struct {
MatchQuery string `json:"query"`
Status fleet.HostStatus `json:"status"`
LabelID *uint `json:"label_id"`
} `json:"filters"`
}
type addHostsToTeamByFilterResponse struct {
Err error `json:"error,omitempty"`
}
func (r addHostsToTeamByFilterResponse) error() error { return r.Err }
func addHostsToTeamByFilterEndpoint(ctx context.Context, request interface{}, svc fleet.Service) (interface{}, error) {
req := request.(*addHostsToTeamByFilterRequest)
listOpt := fleet.HostListOptions{
ListOptions: fleet.ListOptions{
MatchQuery: req.Filters.MatchQuery,
},
StatusFilter: req.Filters.Status,
}
err := svc.AddHostsToTeamByFilter(ctx, req.TeamID, listOpt, req.Filters.LabelID)
if err != nil {
return addHostsToTeamByFilterResponse{Err: err}, nil
}
return addHostsToTeamByFilterResponse{}, err
}
func (svc *Service) AddHostsToTeamByFilter(ctx context.Context, teamID *uint, opt fleet.HostListOptions, lid *uint) error {
// This is currently treated as a "team write". If we ever give users
// besides global admins permissions to modify team hosts, we will need to
// check that the user has permissions for both the source and destination
// teams.
if err := svc.authz.Authorize(ctx, &fleet.Host{TeamID: teamID}, fleet.ActionWrite); err != nil {
return err
}
hostIDs, err := svc.hostIDsFromFilters(ctx, opt, lid)
if err != nil {
return err
}
if len(hostIDs) == 0 {
return nil
}
// Apply the team to the selected hosts.
return svc.ds.AddHostsToTeam(ctx, teamID, hostIDs)
}
////////////////////////////////////////////////////////////////////////////////
// Refetch Host
////////////////////////////////////////////////////////////////////////////////
type refetchHostRequest struct {
ID uint `url:"id"`
}
type refetchHostResponse struct {
Err error `json:"error,omitempty"`
}
func (r refetchHostResponse) error() error { return r.Err }
func refetchHostEndpoint(ctx context.Context, request interface{}, svc fleet.Service) (interface{}, error) {
req := request.(*refetchHostRequest)
err := svc.RefetchHost(ctx, req.ID)
if err != nil {
return refetchHostResponse{Err: err}, nil
}
return refetchHostResponse{}, nil
}
func (svc *Service) RefetchHost(ctx context.Context, id uint) error {
Merge pull request from GHSA-pr2g-j78h-84cr * Fix access control issues with users * Fix access control issues with packs * Fix access control issues with software * Changes suggested by Martin * All users can access the global schedule * Restrict access to activities * Add explicit test for team admin escalation vuln * All global users should be able to read all software * Handbook editor pass - Security - GitHub Security (#5108) * Update security.md All edits are recorded by line: 395 replaced “open-source” with “open source” 411 replaced “open-source” with “open source” 439 added “the” before “comment”; replaced “repositories,” with “repositories” 445 deleted “being” before “located” 458 added “and” after “PR” 489 replaced “on” with “in” 493 replaced “open-source” with “open source”; Replaced “privileges,” with “privileges” * Update security.md line 479 * Update security.md added (static analysis tools used to identify problems in code) to line 479 * Fix UI * Fix UI * revert api v1 to latest in documentation (#5149) * revert api v1 to latest in documentation * Update fleetctl doc page Co-authored-by: Noah Talerman <noahtal@umich.edu> * Add team admin team policy automation; fix e2e * Update to company page of the handbook (#5164) Updated "Why do we use a wireframe-first approach?" section of company.md * removed extra data on smaller screens (#5154) * Update for team automations; e2e * Jira Integration: Cypress e2e tests only (#5055) * Update company.md (#5170) This is to update the formatting under "empathy" and to fix the spelling of "help text." This was done as per @mikermcneil . This is related to #https://github.com/fleetdm/fleet/pull/4941 and https://github.com/fleetdm/fleet/issues/4902 * fix update updated_at for aggregated_stats (#5112) Update the updated_at column when using ON DUPLICATE UPDATE so that the counts_updated_at is up to date * basic sql formatting in code ie whitespace around operators * Fix e2e test * Fix tests in server/authz Co-authored-by: gillespi314 <73313222+gillespi314@users.noreply.github.com> Co-authored-by: Desmi-Dizney <99777687+Desmi-Dizney@users.noreply.github.com> Co-authored-by: Michal Nicpon <39177923+michalnicp@users.noreply.github.com> Co-authored-by: Noah Talerman <noahtal@umich.edu> Co-authored-by: Mike Thomas <78363703+mike-j-thomas@users.noreply.github.com> Co-authored-by: Martavis Parker <47053705+martavis@users.noreply.github.com> Co-authored-by: RachelElysia <71795832+RachelElysia@users.noreply.github.com>
2022-04-18 17:27:30 +00:00
if !svc.authz.IsAuthenticatedWith(ctx, authz.AuthnDeviceToken) {
if err := svc.authz.Authorize(ctx, &fleet.Host{}, fleet.ActionList); err != nil {
return err
}
2021-12-14 21:34:11 +00:00
host, err := svc.ds.HostLite(ctx, id)
if err != nil {
return ctxerr.Wrap(ctx, err, "find host for refetch")
}
2021-12-14 21:34:11 +00:00
// We verify fleet.ActionRead instead of fleet.ActionWrite because we want to allow
// observers to be able to refetch hosts.
if err := svc.authz.Authorize(ctx, host, fleet.ActionRead); err != nil {
return err
}
2021-12-14 21:34:11 +00:00
}
if err := svc.ds.UpdateHostRefetchRequested(ctx, id, true); err != nil {
2021-12-14 21:34:11 +00:00
return ctxerr.Wrap(ctx, err, "save host")
}
return nil
}
func (svc *Service) getHostDetails(ctx context.Context, host *fleet.Host, opts fleet.HostDetailOptions) (*fleet.HostDetail, error) {
if err := svc.ds.LoadHostSoftware(ctx, host, opts.IncludeCVEScores); err != nil {
2021-12-14 21:34:11 +00:00
return nil, ctxerr.Wrap(ctx, err, "load host software")
}
labels, err := svc.ds.ListLabelsForHost(ctx, host.ID)
if err != nil {
return nil, ctxerr.Wrap(ctx, err, "get labels for host")
}
packs, err := svc.ds.ListPacksForHost(ctx, host.ID)
if err != nil {
return nil, ctxerr.Wrap(ctx, err, "get packs for host")
}
bats, err := svc.ds.ListHostBatteries(ctx, host.ID)
if err != nil {
return nil, ctxerr.Wrap(ctx, err, "get batteries for host")
}
// Due to a known osquery issue with M1 Macs, we are ignoring the stored value in the db
// and replacing it at the service layer with custom values determined by the cycle count.
// See https://github.com/fleetdm/fleet/issues/6763.
// TODO: Update once the underlying osquery issue has been resolved.
for _, b := range bats {
if b.CycleCount < 1000 {
b.Health = "Normal"
} else {
b.Health = "Replacement recommended"
}
}
var policies *[]*fleet.HostPolicy
if opts.IncludePolicies {
hp, err := svc.ds.ListPoliciesForHost(ctx, host)
if err != nil {
return nil, ctxerr.Wrap(ctx, err, "get policies for host")
}
if hp == nil {
hp = []*fleet.HostPolicy{}
}
policies = &hp
2021-12-14 21:34:11 +00:00
}
return &fleet.HostDetail{
Host: *host,
Labels: labels,
Packs: packs,
Policies: policies,
Batteries: &bats,
}, nil
2021-12-14 21:34:11 +00:00
}
func (svc *Service) hostIDsFromFilters(ctx context.Context, opt fleet.HostListOptions, lid *uint) ([]uint, error) {
filter, err := processHostFilters(ctx, opt, lid)
if err != nil {
return nil, err
}
// Load hosts, either from label if provided or from all hosts.
var hosts []*fleet.Host
if lid != nil {
hosts, err = svc.ds.ListHostsInLabel(ctx, filter, *lid, opt)
} else {
hosts, err = svc.ds.ListHosts(ctx, filter, opt)
}
if err != nil {
return nil, err
}
if len(hosts) == 0 {
return nil, nil
}
hostIDs := make([]uint, 0, len(hosts))
for _, h := range hosts {
hostIDs = append(hostIDs, h.ID)
}
return hostIDs, nil
}
func processHostFilters(ctx context.Context, opt fleet.HostListOptions, lid *uint) (fleet.TeamFilter, error) {
vc, ok := viewer.FromContext(ctx)
if !ok {
return fleet.TeamFilter{}, fleet.ErrNoContext
}
filter := fleet.TeamFilter{User: vc.User, IncludeObserver: true}
if opt.StatusFilter != "" && lid != nil {
return fleet.TeamFilter{}, fleet.NewInvalidArgumentError("status", "may not be provided with label_id")
}
opt.PerPage = fleet.PerPageUnlimited
return filter, nil
}
////////////////////////////////////////////////////////////////////////////////
// List Host Device Mappings
////////////////////////////////////////////////////////////////////////////////
type listHostDeviceMappingRequest struct {
ID uint `url:"id"`
}
type listHostDeviceMappingResponse struct {
HostID uint `json:"host_id"`
DeviceMapping []*fleet.HostDeviceMapping `json:"device_mapping"`
Err error `json:"error,omitempty"`
}
func (r listHostDeviceMappingResponse) error() error { return r.Err }
func listHostDeviceMappingEndpoint(ctx context.Context, request interface{}, svc fleet.Service) (interface{}, error) {
req := request.(*listHostDeviceMappingRequest)
dms, err := svc.ListHostDeviceMapping(ctx, req.ID)
if err != nil {
return listHostDeviceMappingResponse{Err: err}, nil
}
return listHostDeviceMappingResponse{HostID: req.ID, DeviceMapping: dms}, nil
}
func (svc *Service) ListHostDeviceMapping(ctx context.Context, id uint) ([]*fleet.HostDeviceMapping, error) {
Merge pull request from GHSA-pr2g-j78h-84cr * Fix access control issues with users * Fix access control issues with packs * Fix access control issues with software * Changes suggested by Martin * All users can access the global schedule * Restrict access to activities * Add explicit test for team admin escalation vuln * All global users should be able to read all software * Handbook editor pass - Security - GitHub Security (#5108) * Update security.md All edits are recorded by line: 395 replaced “open-source” with “open source” 411 replaced “open-source” with “open source” 439 added “the” before “comment”; replaced “repositories,” with “repositories” 445 deleted “being” before “located” 458 added “and” after “PR” 489 replaced “on” with “in” 493 replaced “open-source” with “open source”; Replaced “privileges,” with “privileges” * Update security.md line 479 * Update security.md added (static analysis tools used to identify problems in code) to line 479 * Fix UI * Fix UI * revert api v1 to latest in documentation (#5149) * revert api v1 to latest in documentation * Update fleetctl doc page Co-authored-by: Noah Talerman <noahtal@umich.edu> * Add team admin team policy automation; fix e2e * Update to company page of the handbook (#5164) Updated "Why do we use a wireframe-first approach?" section of company.md * removed extra data on smaller screens (#5154) * Update for team automations; e2e * Jira Integration: Cypress e2e tests only (#5055) * Update company.md (#5170) This is to update the formatting under "empathy" and to fix the spelling of "help text." This was done as per @mikermcneil . This is related to #https://github.com/fleetdm/fleet/pull/4941 and https://github.com/fleetdm/fleet/issues/4902 * fix update updated_at for aggregated_stats (#5112) Update the updated_at column when using ON DUPLICATE UPDATE so that the counts_updated_at is up to date * basic sql formatting in code ie whitespace around operators * Fix e2e test * Fix tests in server/authz Co-authored-by: gillespi314 <73313222+gillespi314@users.noreply.github.com> Co-authored-by: Desmi-Dizney <99777687+Desmi-Dizney@users.noreply.github.com> Co-authored-by: Michal Nicpon <39177923+michalnicp@users.noreply.github.com> Co-authored-by: Noah Talerman <noahtal@umich.edu> Co-authored-by: Mike Thomas <78363703+mike-j-thomas@users.noreply.github.com> Co-authored-by: Martavis Parker <47053705+martavis@users.noreply.github.com> Co-authored-by: RachelElysia <71795832+RachelElysia@users.noreply.github.com>
2022-04-18 17:27:30 +00:00
if !svc.authz.IsAuthenticatedWith(ctx, authz.AuthnDeviceToken) {
if err := svc.authz.Authorize(ctx, &fleet.Host{}, fleet.ActionList); err != nil {
return nil, err
}
host, err := svc.ds.HostLite(ctx, id)
if err != nil {
return nil, ctxerr.Wrap(ctx, err, "get host")
}
// Authorize again with team loaded now that we have team_id
if err := svc.authz.Authorize(ctx, host, fleet.ActionRead); err != nil {
return nil, err
}
}
return svc.ds.ListHostDeviceMapping(ctx, id)
}
////////////////////////////////////////////////////////////////////////////////
// Macadmins
////////////////////////////////////////////////////////////////////////////////
type getMacadminsDataRequest struct {
ID uint `url:"id"`
}
type getMacadminsDataResponse struct {
Err error `json:"error,omitempty"`
Macadmins *fleet.MacadminsData `json:"macadmins"`
}
func (r getMacadminsDataResponse) error() error { return r.Err }
func getMacadminsDataEndpoint(ctx context.Context, request interface{}, svc fleet.Service) (interface{}, error) {
req := request.(*getMacadminsDataRequest)
data, err := svc.MacadminsData(ctx, req.ID)
if err != nil {
return getMacadminsDataResponse{Err: err}, nil
}
return getMacadminsDataResponse{Macadmins: data}, nil
}
func (svc *Service) MacadminsData(ctx context.Context, id uint) (*fleet.MacadminsData, error) {
Merge pull request from GHSA-pr2g-j78h-84cr * Fix access control issues with users * Fix access control issues with packs * Fix access control issues with software * Changes suggested by Martin * All users can access the global schedule * Restrict access to activities * Add explicit test for team admin escalation vuln * All global users should be able to read all software * Handbook editor pass - Security - GitHub Security (#5108) * Update security.md All edits are recorded by line: 395 replaced “open-source” with “open source” 411 replaced “open-source” with “open source” 439 added “the” before “comment”; replaced “repositories,” with “repositories” 445 deleted “being” before “located” 458 added “and” after “PR” 489 replaced “on” with “in” 493 replaced “open-source” with “open source”; Replaced “privileges,” with “privileges” * Update security.md line 479 * Update security.md added (static analysis tools used to identify problems in code) to line 479 * Fix UI * Fix UI * revert api v1 to latest in documentation (#5149) * revert api v1 to latest in documentation * Update fleetctl doc page Co-authored-by: Noah Talerman <noahtal@umich.edu> * Add team admin team policy automation; fix e2e * Update to company page of the handbook (#5164) Updated "Why do we use a wireframe-first approach?" section of company.md * removed extra data on smaller screens (#5154) * Update for team automations; e2e * Jira Integration: Cypress e2e tests only (#5055) * Update company.md (#5170) This is to update the formatting under "empathy" and to fix the spelling of "help text." This was done as per @mikermcneil . This is related to #https://github.com/fleetdm/fleet/pull/4941 and https://github.com/fleetdm/fleet/issues/4902 * fix update updated_at for aggregated_stats (#5112) Update the updated_at column when using ON DUPLICATE UPDATE so that the counts_updated_at is up to date * basic sql formatting in code ie whitespace around operators * Fix e2e test * Fix tests in server/authz Co-authored-by: gillespi314 <73313222+gillespi314@users.noreply.github.com> Co-authored-by: Desmi-Dizney <99777687+Desmi-Dizney@users.noreply.github.com> Co-authored-by: Michal Nicpon <39177923+michalnicp@users.noreply.github.com> Co-authored-by: Noah Talerman <noahtal@umich.edu> Co-authored-by: Mike Thomas <78363703+mike-j-thomas@users.noreply.github.com> Co-authored-by: Martavis Parker <47053705+martavis@users.noreply.github.com> Co-authored-by: RachelElysia <71795832+RachelElysia@users.noreply.github.com>
2022-04-18 17:27:30 +00:00
if !svc.authz.IsAuthenticatedWith(ctx, authz.AuthnDeviceToken) {
if err := svc.authz.Authorize(ctx, &fleet.Host{}, fleet.ActionList); err != nil {
return nil, err
}
host, err := svc.ds.HostLite(ctx, id)
if err != nil {
return nil, ctxerr.Wrap(ctx, err, "find host for macadmins")
}
if err := svc.authz.Authorize(ctx, host, fleet.ActionRead); err != nil {
return nil, err
}
}
var munkiInfo *fleet.HostMunkiInfo
switch version, err := svc.ds.GetHostMunkiVersion(ctx, id); {
case err != nil && !fleet.IsNotFound(err):
return nil, err
case err == nil:
munkiInfo = &fleet.HostMunkiInfo{Version: version}
}
var mdm *fleet.HostMDM
switch hmdm, err := svc.ds.GetHostMDM(ctx, id); {
case err != nil && !fleet.IsNotFound(err):
return nil, err
case err == nil:
mdm = hmdm
}
var munkiIssues []*fleet.HostMunkiIssue
switch issues, err := svc.ds.GetHostMunkiIssues(ctx, id); {
case err != nil:
return nil, err
case err == nil:
munkiIssues = issues
}
if munkiInfo == nil && mdm == nil && len(munkiIssues) == 0 {
return nil, nil
}
data := &fleet.MacadminsData{
Munki: munkiInfo,
MDM: mdm,
MunkiIssues: munkiIssues,
}
return data, nil
}
////////////////////////////////////////////////////////////////////////////////
// Aggregated Macadmins
////////////////////////////////////////////////////////////////////////////////
type getAggregatedMacadminsDataRequest struct {
TeamID *uint `query:"team_id,optional"`
}
type getAggregatedMacadminsDataResponse struct {
Err error `json:"error,omitempty"`
Macadmins *fleet.AggregatedMacadminsData `json:"macadmins"`
}
func (r getAggregatedMacadminsDataResponse) error() error { return r.Err }
func getAggregatedMacadminsDataEndpoint(ctx context.Context, request interface{}, svc fleet.Service) (interface{}, error) {
req := request.(*getAggregatedMacadminsDataRequest)
data, err := svc.AggregatedMacadminsData(ctx, req.TeamID)
if err != nil {
return getAggregatedMacadminsDataResponse{Err: err}, nil
}
return getAggregatedMacadminsDataResponse{Macadmins: data}, nil
}
func (svc *Service) AggregatedMacadminsData(ctx context.Context, teamID *uint) (*fleet.AggregatedMacadminsData, error) {
if err := svc.authz.Authorize(ctx, &fleet.Host{TeamID: teamID}, fleet.ActionList); err != nil {
return nil, err
}
if teamID != nil {
_, err := svc.ds.Team(ctx, *teamID)
if err != nil {
return nil, err
}
}
agg := &fleet.AggregatedMacadminsData{}
versions, munkiUpdatedAt, err := svc.ds.AggregatedMunkiVersion(ctx, teamID)
if err != nil {
return nil, err
}
agg.MunkiVersions = versions
issues, munkiIssUpdatedAt, err := svc.ds.AggregatedMunkiIssues(ctx, teamID)
if err != nil {
return nil, err
}
agg.MunkiIssues = issues
status, mdmUpdatedAt, err := svc.ds.AggregatedMDMStatus(ctx, teamID)
if err != nil {
return nil, err
}
agg.MDMStatus = status
solutions, mdmSolutionsUpdatedAt, err := svc.ds.AggregatedMDMSolutions(ctx, teamID)
if err != nil {
return nil, err
}
agg.MDMSolutions = solutions
agg.CountsUpdatedAt = munkiUpdatedAt
if munkiIssUpdatedAt.After(agg.CountsUpdatedAt) {
agg.CountsUpdatedAt = munkiIssUpdatedAt
}
if mdmUpdatedAt.After(agg.CountsUpdatedAt) {
agg.CountsUpdatedAt = mdmUpdatedAt
}
if mdmSolutionsUpdatedAt.After(agg.CountsUpdatedAt) {
agg.CountsUpdatedAt = mdmSolutionsUpdatedAt
}
return agg, nil
}
////////////////////////////////////////////////////////////////////////////////
// Hosts Report in CSV downloadable file
////////////////////////////////////////////////////////////////////////////////
type hostsReportRequest struct {
Opts fleet.HostListOptions `url:"host_options"`
LabelID *uint `query:"label_id,optional"`
Format string `query:"format"`
Columns string `query:"columns,optional"`
}
type hostsReportResponse struct {
Columns []string `json:"-"` // used to control the generated csv, see the hijackRender method
Hosts []*HostResponse `json:"-"` // they get rendered explicitly, in csv
Err error `json:"error,omitempty"`
}
func (r hostsReportResponse) error() error { return r.Err }
func (r hostsReportResponse) hijackRender(ctx context.Context, w http.ResponseWriter) {
// post-process the Device Mappings for CSV rendering
for _, h := range r.Hosts {
if h.DeviceMapping != nil {
// return the list of emails, comma-separated, as part of that single CSV field
var dms []struct {
Email string `json:"email"`
}
if err := json.Unmarshal(*h.DeviceMapping, &dms); err != nil {
// log the error but keep going
logging.WithErr(ctx, err)
continue
}
var sb strings.Builder
for i, dm := range dms {
if i > 0 {
sb.WriteString(",")
}
sb.WriteString(dm.Email)
}
h.CSVDeviceMapping = sb.String()
}
}
var buf bytes.Buffer
if err := gocsv.Marshal(r.Hosts, &buf); err != nil {
logging.WithErr(ctx, err)
encodeError(ctx, ctxerr.New(ctx, "failed to generate CSV file"), w)
return
}
returnAll := len(r.Columns) == 0
var outRows [][]string
if !returnAll {
// read back the CSV to filter out any unwanted columns
recs, err := csv.NewReader(&buf).ReadAll()
if err != nil {
logging.WithErr(ctx, err)
encodeError(ctx, ctxerr.New(ctx, "failed to generate CSV file"), w)
return
}
if len(recs) > 0 {
// map the header names to their field index
hdrs := make(map[string]int, len(recs))
for i, hdr := range recs[0] {
hdrs[hdr] = i
}
outRows = make([][]string, len(recs))
for i, rec := range recs {
for _, col := range r.Columns {
colIx, ok := hdrs[col]
if !ok {
// invalid column name - it would be nice to catch this in the
// endpoint before processing the results, but it would require
// duplicating the list of columns from the Host's struct tags to a
// map and keep this in sync, for what is essentially a programmer
// mistake that should be caught and corrected early.
encodeError(ctx, &fleet.BadRequestError{Message: fmt.Sprintf("invalid column name: %q", col)}, w)
return
}
outRows[i] = append(outRows[i], rec[colIx])
}
}
}
}
w.Header().Add("Content-Disposition", fmt.Sprintf(`attachment; filename="Hosts %s.csv"`, time.Now().Format("2006-01-02")))
w.Header().Set("Content-Type", "text/csv")
w.WriteHeader(http.StatusOK)
var err error
if returnAll {
_, err = io.Copy(w, &buf)
} else {
err = csv.NewWriter(w).WriteAll(outRows)
}
if err != nil {
logging.WithErr(ctx, err)
}
}
func hostsReportEndpoint(ctx context.Context, request interface{}, svc fleet.Service) (interface{}, error) {
req := request.(*hostsReportRequest)
// for now, only csv format is allowed
if req.Format != "csv" {
// prevent returning an "unauthorized" error, we want that specific error
if az, ok := authz.FromContext(ctx); ok {
az.SetChecked()
}
err := ctxerr.Wrap(ctx, fleet.NewInvalidArgumentError("format", "unsupported or unspecified report format").
WithStatus(http.StatusUnsupportedMediaType))
return hostsReportResponse{Err: err}, nil
}
req.Opts.DisableFailingPolicies = false
req.Opts.AdditionalFilters = nil
req.Opts.Page = 0
req.Opts.PerPage = 0 // explicitly disable any limit, we want all matching hosts
req.Opts.After = ""
req.Opts.DeviceMapping = false
rawCols := strings.Split(req.Columns, ",")
var cols []string
for _, rawCol := range rawCols {
if rawCol = strings.TrimSpace(rawCol); rawCol != "" {
cols = append(cols, rawCol)
if rawCol == "device_mapping" {
req.Opts.DeviceMapping = true
}
}
}
if len(cols) == 0 {
// enable device_mapping retrieval, as no column means all columns
req.Opts.DeviceMapping = true
}
var (
hosts []*fleet.Host
err error
)
if req.LabelID == nil {
hosts, err = svc.ListHosts(ctx, req.Opts)
} else {
hosts, err = svc.ListHostsInLabel(ctx, *req.LabelID, req.Opts)
}
if err != nil {
return hostsReportResponse{Err: err}, nil
}
hostResps := make([]*HostResponse, len(hosts))
for i, h := range hosts {
hr, err := hostResponseForHost(ctx, svc, h)
if err != nil {
return hostsReportResponse{Err: err}, nil
}
hostResps[i] = hr
}
return hostsReportResponse{Columns: cols, Hosts: hostResps}, nil
}
2022-03-28 15:15:45 +00:00
type osVersionsRequest struct {
TeamID *uint `query:"team_id,optional"`
Platform *string `query:"platform,optional"`
Name *string `query:"os_name,optional"`
Version *string `query:"os_name,optional"`
2022-03-28 15:15:45 +00:00
}
type osVersionsResponse struct {
CountsUpdatedAt *time.Time `json:"counts_updated_at"`
OSVersions []fleet.OSVersion `json:"os_versions"`
2022-03-28 15:15:45 +00:00
Err error `json:"error,omitempty"`
}
func (r osVersionsResponse) error() error { return r.Err }
func osVersionsEndpoint(ctx context.Context, request interface{}, svc fleet.Service) (interface{}, error) {
req := request.(*osVersionsRequest)
osVersions, err := svc.OSVersions(ctx, req.TeamID, req.Platform, req.Name, req.Version)
2022-03-28 15:15:45 +00:00
if err != nil {
return &osVersionsResponse{Err: err}, nil
}
return &osVersionsResponse{
CountsUpdatedAt: &osVersions.CountsUpdatedAt,
OSVersions: osVersions.OSVersions,
}, nil
}
func (svc *Service) OSVersions(ctx context.Context, teamID *uint, platform *string, name *string, version *string) (*fleet.OSVersions, error) {
2022-03-28 15:15:45 +00:00
if err := svc.authz.Authorize(ctx, &fleet.Host{TeamID: teamID}, fleet.ActionList); err != nil {
return nil, err
}
if name != nil && version == nil {
return nil, &fleet.BadRequestError{Message: "Cannot specify os_name without os_version"}
}
if name == nil && version != nil {
return nil, &fleet.BadRequestError{Message: "Cannot specify os_version without os_name"}
}
osVersions, err := svc.ds.OSVersions(ctx, teamID, platform, name, version)
if err != nil && fleet.IsNotFound(err) {
// differentiate case where team was added after UpdateOSVersions last ran
if teamID != nil {
// most of the time, team should exist so checking here saves unnecessary db calls
_, err := svc.ds.Team(ctx, *teamID)
if err != nil {
return nil, err
}
}
// if team exists but stats have not yet been gathered, return empty JSON array
osVersions = &fleet.OSVersions{}
} else if err != nil {
2022-03-28 15:15:45 +00:00
return nil, err
}
return osVersions, nil
}