empayre/fleet
14
0
Fork 0
mirror of https://github.com/empayre/fleet.git synced 2024-11-07 01:15:22 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity
8cdf61f8df
fleet/server/service/service_appconfig.go

434 lines
11 KiB
Go
Raw Normal View History

Organizing go code (#241)
2016-09-26 18:48:55 +00:00
package service
App config api (#223) Add GET and PATCH endpoints for /kolide/config to get/update current app configuration
2016-09-22 00:45:57 +00:00
import (
Update go-kit to 0.4.0 (#1411) Notable refactoring: - Use stdlib "context" in place of "golang.org/x/net/context" - Go-kit no longer wraps errors, so we remove the unwrap in transport_error.go - Use MakeHandler when setting up endpoint tests (fixes test bug caught during this refactoring) Closes #1411.
2017-03-15 15:55:30 +00:00
"context"
Make SMTP configuration work (#877) * add a js validator that makes smtp server port required * specifying that the InputField should be a number. this doesn't work, but i think that it should. * casting the port as an int as a stop-gap fix * email doesn't already have to be enabled to be enabled * don't return the smtp password from the API * show a fake placeholder password if the username is also set * error type for @groob
2017-01-11 02:00:46 +00:00
"fmt"
Use Github hosted assets in emails sent by Fleet (#2090) This change allows the images in Fleet emails to load properly from any device with connectivity to github.com. Previously, emails might try to load resources from a Kolide server not accessible from the email client. The asset URL will be based on the most recent git tag to accomodate backwards-compatibility if the assets in the repo change. Closes #1471
2019-08-02 21:08:42 +00:00
"html/template"
Added code to trim whitespace and trim trailing slash from input server url (#1442)
2017-03-22 19:40:01 +00:00
"strings"
App Settings - /admin/settings #363 (#590)
2016-12-20 21:54:30 +00:00
Issue 1435 software to cpe (#1488) * WIP * WIP * Make path optional and fix tests * Add first generate * Move to nvd package * remove replace * Re-add replace * It's path, not file name * Change how db path is set and use etag * Fix typos * Make db generation faster * Remove quotes * Doesn't like comments * Samitize etag and save to file * Refactor some things and improve writing of etagenv * Compress file and truncate amount of items for faster testing * Remove quotes * Try to improve performance * Ignore truncate error if not exists * Minor cleanup and make sqlite have cpe prefix * Simplify code and test sync * Add VCR for sync test * Check for nvdRelease nil * Add test for the actual translation * Address review comments * Rename generate command because we'll have a cve one too * Move to its own dir * Address review comments
2021-07-29 16:10:34 +00:00
"github.com/fleetdm/fleet/v4/server"
"github.com/fleetdm/fleet/v4/server/ptr"
Add v4 suffix in go.mod (#1224)
2021-06-26 04:46:51 +00:00
"github.com/fleetdm/fleet/v4/server/contexts/viewer"
"github.com/fleetdm/fleet/v4/server/fleet"
"github.com/fleetdm/fleet/v4/server/mail"
Add version endpoint to API (#549) Part of #371
2021-03-27 01:03:31 +00:00
"github.com/kolide/kit/version"
always generate random enroll secret on setup (#1129) Updated now that the UI has the ability to manage the enroll secret.
2017-01-30 17:48:43 +00:00
"github.com/pkg/errors"
App config api (#223) Add GET and PATCH endpoints for /kolide/config to get/update current app configuration
2016-09-22 00:45:57 +00:00
)
Make SMTP configuration work (#877) * add a js validator that makes smtp server port required * specifying that the InputField should be a number. this doesn't work, but i think that it should. * casting the port as an int as a stop-gap fix * email doesn't already have to be enabled to be enabled * don't return the smtp password from the API * show a fake placeholder password if the username is also set * error type for @groob
2017-01-11 02:00:46 +00:00
// mailError is set when an error performing mail operations
type mailError struct {
message string
}
func (e mailError) Error() string {
return fmt.Sprintf("a mail error occurred: %s", e.message)
}
func (e mailError) MailError() []map[string]string {
return []map[string]string{
Add authorization checks in service (#938) - Add policy.rego file defining authorization policies. - Add Go integrations to evaluate Rego policies (via OPA). - Add middleware to ensure requests without authorization check are rejected (guard against programmer error). - Add authorization checks to most service endpoints.
2021-06-03 23:24:15 +00:00
{
Make SMTP configuration work (#877) * add a js validator that makes smtp server port required * specifying that the InputField should be a number. this doesn't work, but i think that it should. * casting the port as an int as a stop-gap fix * email doesn't already have to be enabled to be enabled * don't return the smtp password from the API * show a fake placeholder password if the username is also set * error type for @groob
2017-01-11 02:00:46 +00:00
"name": "base",
"reason": e.message,
},
}
}
Remove kolide types and packages from backend (#974) Generally renamed `kolide` -> `fleet`
2021-06-06 22:07:29 +00:00
func (svc *Service) NewAppConfig(ctx context.Context, p fleet.AppConfigPayload) (*fleet.AppConfig, error) {
Add authorization checks in service (#938) - Add policy.rego file defining authorization policies. - Add Go integrations to evaluate Rego policies (via OPA). - Add middleware to ensure requests without authorization check are rejected (guard against programmer error). - Add authorization checks to most service endpoints.
2021-06-03 23:24:15 +00:00
// skipauth: No user context yet when the app config is first created.
svc.authz.SkipAuthorization(ctx)
App Settings - /admin/settings #363 (#590)
2016-12-20 21:54:30 +00:00
config, err := svc.ds.AppConfig()
if err != nil {
return nil, err
}
move osquery enroll secret to appconfig (#1004) For #995
2017-01-20 19:48:54 +00:00
fromPayload := appConfigFromAppConfigPayload(p, *config)
Add support for multiple enroll secrets (#2238) - Support multiple enroll secrets - Record name of enroll secret used when host enrolls - Update fleetctl and UI to support these features
2020-05-29 16:12:39 +00:00
Backend and fleetctl for usage analytics (#1167) - Add enable_analytics column to database. - Allow enable_analytics to be set via API. - Add messaging in fleetctl setup. Note that this defaults to off for existing installations, and defaults on for newly set up installs. No collection or sending of analytics yet exists, we are strictly storing the preference at this time. Part of #454
2021-06-23 01:02:20 +00:00
// Usage analytics are on by default in new installations.
fromPayload.EnableAnalytics = true
move osquery enroll secret to appconfig (#1004) For #995
2017-01-20 19:48:54 +00:00
newConfig, err := svc.ds.NewAppConfig(fromPayload)
App config api (#223) Add GET and PATCH endpoints for /kolide/config to get/update current app configuration
2016-09-22 00:45:57 +00:00
if err != nil {
return nil, err
}
Add support for multiple enroll secrets (#2238) - Support multiple enroll secrets - Record name of enroll secret used when host enrolls - Update fleetctl and UI to support these features
2020-05-29 16:12:39 +00:00
// Set up a default enroll secret
Issue 1278 select leader (#1367) * Add leader selection * remove comment * Address review comments * Add changes file * Simplify implementation * Simplify further * Whoops, removed a little too much
2021-07-19 18:08:41 +00:00
secret, err := server.GenerateRandomText(fleet.EnrollSecretDefaultLength)
Add support for multiple enroll secrets (#2238) - Support multiple enroll secrets - Record name of enroll secret used when host enrolls - Update fleetctl and UI to support these features
2020-05-29 16:12:39 +00:00
if err != nil {
return nil, errors.Wrap(err, "generate enroll secret string")
}
Remove kolide types and packages from backend (#974) Generally renamed `kolide` -> `fleet`
2021-06-06 22:07:29 +00:00
secrets := []*fleet.EnrollSecret{
Refactor enroll secrets to support Teams (#903) - Add `team_id` field to secrets. - Remove secret `name` and `active` fields (migration deletes inactive secrets). - Assign hosts to Team based on secret provided. - Add API for retrieving secrets by Team.
2021-05-31 16:02:05 +00:00
{
Secret: secret,
Add support for multiple enroll secrets (#2238) - Support multiple enroll secrets - Record name of enroll secret used when host enrolls - Update fleetctl and UI to support these features
2020-05-29 16:12:39 +00:00
},
}
Refactor enroll secrets to support Teams (#903) - Add `team_id` field to secrets. - Remove secret `name` and `active` fields (migration deletes inactive secrets). - Assign hosts to Team based on secret provided. - Add API for retrieving secrets by Team.
2021-05-31 16:02:05 +00:00
err = svc.ds.ApplyEnrollSecrets(nil, secrets)
Add support for multiple enroll secrets (#2238) - Support multiple enroll secrets - Record name of enroll secret used when host enrolls - Update fleetctl and UI to support these features
2020-05-29 16:12:39 +00:00
if err != nil {
return nil, errors.Wrap(err, "save enroll secret")
}
store WebAddress config in datastore (#421) moves web address config to datastore so that it can be configured by a user in the Web UI. rename OrgInfo struct to AppConfig. For #363 For #378
2016-11-04 20:44:38 +00:00
return newConfig, nil
App config api (#223) Add GET and PATCH endpoints for /kolide/config to get/update current app configuration
2016-09-22 00:45:57 +00:00
}
Remove kolide types and packages from backend (#974) Generally renamed `kolide` -> `fleet`
2021-06-06 22:07:29 +00:00
func (svc *Service) AppConfig(ctx context.Context) (*fleet.AppConfig, error) {
if err := svc.authz.Authorize(ctx, &fleet.AppConfig{}, fleet.ActionRead); err != nil {
Add authorization checks in service (#938) - Add policy.rego file defining authorization policies. - Add Go integrations to evaluate Rego policies (via OPA). - Add middleware to ensure requests without authorization check are rejected (guard against programmer error). - Add authorization checks to most service endpoints.
2021-06-03 23:24:15 +00:00
return nil, err
}
store WebAddress config in datastore (#421) moves web address config to datastore so that it can be configured by a user in the Web UI. rename OrgInfo struct to AppConfig. For #363 For #378
2016-11-04 20:44:38 +00:00
return svc.ds.AppConfig()
App config api (#223) Add GET and PATCH endpoints for /kolide/config to get/update current app configuration
2016-09-22 00:45:57 +00:00
}
Remove kolide types and packages from backend (#974) Generally renamed `kolide` -> `fleet`
2021-06-06 22:07:29 +00:00
func (svc *Service) sendTestEmail(ctx context.Context, config *fleet.AppConfig) error {
Simplifying SMTP Logic (#892) * Simplifying SMTP Logic This commit breaks the test email sending into it's own service method (thus removing the capability from the API- if we want it back, we can wire up another endpoint for just that). Additionally, error wrapping is used through the new ModifyAppConfig service method to ensure that an error or failed email will always result in an error while ensuring that the submitted record always get committed (unless a serious error happens). * never wrap a nil error * use err instead of individual errors
2017-01-11 08:27:09 +00:00
vc, ok := viewer.FromContext(ctx)
if !ok {
Remove kolide types and packages from backend (#974) Generally renamed `kolide` -> `fleet`
2021-06-06 22:07:29 +00:00
return fleet.ErrNoContext
App config api (#223) Add GET and PATCH endpoints for /kolide/config to get/update current app configuration
2016-09-22 00:45:57 +00:00
}
SMTP API changes (#883) * SMTP API changes * remove smtp buttons * remove password from api response * no fields are required in the patch request
2017-01-11 04:41:58 +00:00
Remove kolide types and packages from backend (#974) Generally renamed `kolide` -> `fleet`
2021-06-06 22:07:29 +00:00
testMail := fleet.Email{
Replace uses of the term "Kolide" with "Fleet" (#1999) Almost two years ago, we began referring to the project as Fleet, but there are many occurences of the term "Kolide" throughout the UI and documentation. This PR attempts to clear up those uses where it is easily achievable. The term "Kolide" is used throughout the code as well, but modifying this would be more likely to introduce bugs.
2019-01-24 17:39:32 +00:00
Subject: "Hello from Fleet",
Simplifying SMTP Logic (#892) * Simplifying SMTP Logic This commit breaks the test email sending into it's own service method (thus removing the capability from the API- if we want it back, we can wire up another endpoint for just that). Additionally, error wrapping is used through the new ModifyAppConfig service method to ensure that an error or failed email will always result in an error while ensuring that the submitted record always get committed (unless a serious error happens). * never wrap a nil error * use err instead of individual errors
2017-01-11 08:27:09 +00:00
To: []string{vc.User.Email},
Allow import of github.com/kolide/fleet (#2213) Previously a Go package attempting to import Fleet packages would run into an error like "server/kolide/emails.go:93:23: undefined: Asset". This commit refactors bindata asset handling to allow importing Fleet as a library without changing the typical developer experience.
2020-03-30 02:22:04 +00:00
Mailer: &mail.SMTPTestMailer{
Continue to update names in backend code and docs (#976)
2021-06-06 23:58:23 +00:00
BaseURL: template.URL(config.ServerURL + svc.config.Server.URLPrefix),
Add ability to prefix Fleet URLs (#2112) - Add the server_url_prefix flag for configuring this functionality - Add prefix handling to the server routes - Refactor JS to use appropriate paths from modules - Use JS template to get URL prefix into JS environment - Update webpack config to support prefixing Thanks to securityonion.net for sponsoring the development of this feature. Closes #1661
2019-10-16 23:40:45 +00:00
AssetURL: getAssetURL(),
Simplifying SMTP Logic (#892) * Simplifying SMTP Logic This commit breaks the test email sending into it's own service method (thus removing the capability from the API- if we want it back, we can wire up another endpoint for just that). Additionally, error wrapping is used through the new ModifyAppConfig service method to ensure that an error or failed email will always result in an error while ensuring that the submitted record always get committed (unless a serious error happens). * never wrap a nil error * use err instead of individual errors
2017-01-11 08:27:09 +00:00
},
Config: config,
}
if err := mail.Test(svc.mailService, testMail); err != nil {
return mailError{message: err.Error()}
}
return nil
SMTP API changes (#883) * SMTP API changes * remove smtp buttons * remove password from api response * no fields are required in the patch request
2017-01-11 04:41:58 +00:00
Simplifying SMTP Logic (#892) * Simplifying SMTP Logic This commit breaks the test email sending into it's own service method (thus removing the capability from the API- if we want it back, we can wire up another endpoint for just that). Additionally, error wrapping is used through the new ModifyAppConfig service method to ensure that an error or failed email will always result in an error while ensuring that the submitted record always get committed (unless a serious error happens). * never wrap a nil error * use err instead of individual errors
2017-01-11 08:27:09 +00:00
}
Minor App Config API tweaks requested by @mikestone14 (#681) * Minor App Config API tweaks requested by @mikestone14 * Refactored mail test into separate method, implemented code review changes
2016-12-22 14:12:34 +00:00
Remove kolide types and packages from backend (#974) Generally renamed `kolide` -> `fleet`
2021-06-06 22:07:29 +00:00
func (svc *Service) ModifyAppConfig(ctx context.Context, p fleet.AppConfigPayload) (*fleet.AppConfig, error) {
if err := svc.authz.Authorize(ctx, &fleet.AppConfig{}, fleet.ActionWrite); err != nil {
Add authorization checks in service (#938) - Add policy.rego file defining authorization policies. - Add Go integrations to evaluate Rego policies (via OPA). - Add middleware to ensure requests without authorization check are rejected (guard against programmer error). - Add authorization checks to most service endpoints.
2021-06-03 23:24:15 +00:00
return nil, err
}
Simplifying SMTP Logic (#892) * Simplifying SMTP Logic This commit breaks the test email sending into it's own service method (thus removing the capability from the API- if we want it back, we can wire up another endpoint for just that). Additionally, error wrapping is used through the new ModifyAppConfig service method to ensure that an error or failed email will always result in an error while ensuring that the submitted record always get committed (unless a serious error happens). * never wrap a nil error * use err instead of individual errors
2017-01-11 08:27:09 +00:00
oldAppConfig, err := svc.AppConfig(ctx)
if err != nil {
fix various issues with SMTP configuration (#1001) * fix various issues with SMTP configuration * handle SplitHostPort error
2017-01-18 15:05:09 +00:00
return nil, err
Simplifying SMTP Logic (#892) * Simplifying SMTP Logic This commit breaks the test email sending into it's own service method (thus removing the capability from the API- if we want it back, we can wire up another endpoint for just that). Additionally, error wrapping is used through the new ModifyAppConfig service method to ensure that an error or failed email will always result in an error while ensuring that the submitted record always get committed (unless a serious error happens). * never wrap a nil error * use err instead of individual errors
2017-01-11 08:27:09 +00:00
}
config := appConfigFromAppConfigPayload(p, *oldAppConfig)
App config api (#223) Add GET and PATCH endpoints for /kolide/config to get/update current app configuration
2016-09-22 00:45:57 +00:00
Simplifying SMTP Logic (#892) * Simplifying SMTP Logic This commit breaks the test email sending into it's own service method (thus removing the capability from the API- if we want it back, we can wire up another endpoint for just that). Additionally, error wrapping is used through the new ModifyAppConfig service method to ensure that an error or failed email will always result in an error while ensuring that the submitted record always get committed (unless a serious error happens). * never wrap a nil error * use err instead of individual errors
2017-01-11 08:27:09 +00:00
if p.SMTPSettings != nil {
Allow update of settings page without enabling SMTP (#1903) Fixes #1871
2018-09-07 22:37:35 +00:00
enabled := p.SMTPSettings.SMTPEnabled
if (enabled == nil && oldAppConfig.SMTPConfigured) || (enabled != nil && *enabled) {
Add authorization checks in service (#938) - Add policy.rego file defining authorization policies. - Add Go integrations to evaluate Rego policies (via OPA). - Add middleware to ensure requests without authorization check are rejected (guard against programmer error). - Add authorization checks to most service endpoints.
2021-06-03 23:24:15 +00:00
if err = svc.sendTestEmail(ctx, config); err != nil {
Allow update of settings page without enabling SMTP (#1903) Fixes #1871
2018-09-07 22:37:35 +00:00
return nil, err
}
config.SMTPConfigured = true
} else if enabled != nil && !*enabled {
config.SMTPConfigured = false
App Settings - /admin/settings #363 (#590)
2016-12-20 21:54:30 +00:00
}
}
SMTP API changes (#883) * SMTP API changes * remove smtp buttons * remove password from api response * no fields are required in the patch request
2017-01-11 04:41:58 +00:00
Simplifying SMTP Logic (#892) * Simplifying SMTP Logic This commit breaks the test email sending into it's own service method (thus removing the capability from the API- if we want it back, we can wire up another endpoint for just that). Additionally, error wrapping is used through the new ModifyAppConfig service method to ensure that an error or failed email will always result in an error while ensuring that the submitted record always get committed (unless a serious error happens). * never wrap a nil error * use err instead of individual errors
2017-01-11 08:27:09 +00:00
if err := svc.ds.SaveAppConfig(config); err != nil {
fix various issues with SMTP configuration (#1001) * fix various issues with SMTP configuration * handle SplitHostPort error
2017-01-18 15:05:09 +00:00
return nil, err
App config api (#223) Add GET and PATCH endpoints for /kolide/config to get/update current app configuration
2016-09-22 00:45:57 +00:00
}
fix various issues with SMTP configuration (#1001) * fix various issues with SMTP configuration * handle SplitHostPort error
2017-01-18 15:05:09 +00:00
return config, nil
store WebAddress config in datastore (#421) moves web address config to datastore so that it can be configured by a user in the Web UI. rename OrgInfo struct to AppConfig. For #363 For #378
2016-11-04 20:44:38 +00:00
}
Added code to trim whitespace and trim trailing slash from input server url (#1442)
2017-03-22 19:40:01 +00:00
func cleanupURL(url string) string {
return strings.TrimRight(strings.Trim(url, " \t\n"), "/")
}
Remove kolide types and packages from backend (#974) Generally renamed `kolide` -> `fleet`
2021-06-06 22:07:29 +00:00
func appConfigFromAppConfigPayload(p fleet.AppConfigPayload, config fleet.AppConfig) *fleet.AppConfig {
store WebAddress config in datastore (#421) moves web address config to datastore so that it can be configured by a user in the Web UI. rename OrgInfo struct to AppConfig. For #363 For #378
2016-11-04 20:44:38 +00:00
if p.OrgInfo != nil && p.OrgInfo.OrgLogoURL != nil {
config.OrgLogoURL = *p.OrgInfo.OrgLogoURL
}
if p.OrgInfo != nil && p.OrgInfo.OrgName != nil {
config.OrgName = *p.OrgInfo.OrgName
}
Backend and fleetctl for usage analytics (#1167) - Add enable_analytics column to database. - Allow enable_analytics to be set via API. - Add messaging in fleetctl setup. Note that this defaults to off for existing installations, and defaults on for newly set up installs. No collection or sending of analytics yet exists, we are strictly storing the preference at this time. Part of #454
2021-06-23 01:02:20 +00:00
if p.ServerSettings != nil {
if p.ServerSettings.ServerURL != nil {
config.ServerURL = cleanupURL(*p.ServerSettings.ServerURL)
}
if p.ServerSettings.LiveQueryDisabled != nil {
config.LiveQueryDisabled = *p.ServerSettings.LiveQueryDisabled
}
if p.ServerSettings.EnableAnalytics != nil {
config.EnableAnalytics = *p.ServerSettings.EnableAnalytics
}
Add ability to disable live queries (#2167) - Add toggle to disable live queries in advanced settings - Add new live query status endpoint (checks for disabled via config and Redis health) - Update QueryPage UI to use new live query status endpoint Implements #2140
2020-01-14 00:53:04 +00:00
}
fix various issues with SMTP configuration (#1001) * fix various issues with SMTP configuration * handle SplitHostPort error
2017-01-18 15:05:09 +00:00
Server Side SSO Support (#1498) This PR partially addresses #1456, providing SSO SAML support. The flow of the code is as follows. A Kolide user attempts to access a protected resource and is directed to log in. If SSO identity providers (IDP) have been configured by an admin, the user is presented with SSO log in. The user selects SSO, which invokes a call the InitiateSSO passing the URL of the protected resource that the user was originally trying access. Kolide server loads the IDP metadata and caches it along with the URL. We then build an auth request URL for the IDP which is returned to the front end. The IDP calls the server, invoking CallbackSSO with the auth response. We extract the original request id from the response and use it to fetch the cached metadata and the URL. We check the signature of the response, and validate the timestamps. If everything passes we get the user id from the IDP response and use it to create a login session. We then build a page which executes some javascript that will write the token to web local storage, and redirect to the original URL. I've created a test web page in tools/app/authtest.html that can be used to test and debug new IDP's which also illustrates how a front end would interact with the IDP and the server. This page can be loaded by starting Kolide with the environment variable KOLIDE_TEST_PAGE_PATH to the full path of the page and then accessed at https://localhost:8080/test
2017-05-09 00:43:48 +00:00
if p.SSOSettings != nil {
if p.SSOSettings.EnableSSO != nil {
config.EnableSSO = *p.SSOSettings.EnableSSO
}
Add support for IdP-initiated SSO login (#556) This feature is off by default due to minor potential security concerns with IdP-initiated SSO (see https://auth0.com/docs/protocols/saml-protocol/saml-configuration-options/identity-provider-initiated-single-sign-on#risks-of-using-an-identity-provider-initiated-sso-flow). Closes #478
2021-03-30 19:56:20 +00:00
if p.SSOSettings.EnableSSOIdPLogin != nil {
config.EnableSSOIdPLogin = *p.SSOSettings.EnableSSOIdPLogin
}
Server Side SSO Support (#1498) This PR partially addresses #1456, providing SSO SAML support. The flow of the code is as follows. A Kolide user attempts to access a protected resource and is directed to log in. If SSO identity providers (IDP) have been configured by an admin, the user is presented with SSO log in. The user selects SSO, which invokes a call the InitiateSSO passing the URL of the protected resource that the user was originally trying access. Kolide server loads the IDP metadata and caches it along with the URL. We then build an auth request URL for the IDP which is returned to the front end. The IDP calls the server, invoking CallbackSSO with the auth response. We extract the original request id from the response and use it to fetch the cached metadata and the URL. We check the signature of the response, and validate the timestamps. If everything passes we get the user id from the IDP response and use it to create a login session. We then build a page which executes some javascript that will write the token to web local storage, and redirect to the original URL. I've created a test web page in tools/app/authtest.html that can be used to test and debug new IDP's which also illustrates how a front end would interact with the IDP and the server. This page can be loaded by starting Kolide with the environment variable KOLIDE_TEST_PAGE_PATH to the full path of the page and then accessed at https://localhost:8080/test
2017-05-09 00:43:48 +00:00
if p.SSOSettings.EntityID != nil {
config.EntityID = *p.SSOSettings.EntityID
}
if p.SSOSettings.IDPImageURL != nil {
config.IDPImageURL = *p.SSOSettings.IDPImageURL
}
if p.SSOSettings.IDPName != nil {
config.IDPName = *p.SSOSettings.IDPName
}
if p.SSOSettings.IssuerURI != nil {
config.IssuerURI = *p.SSOSettings.IssuerURI
}
if p.SSOSettings.Metadata != nil {
config.Metadata = *p.SSOSettings.Metadata
}
if p.SSOSettings.MetadataURL != nil {
config.MetadataURL = *p.SSOSettings.MetadataURL
}
}
Add automatic host expiration capability (#2117) When configured, this feature will delete hosts that have not checked in after the specified number of days. Closes #1860.
2019-10-16 23:35:17 +00:00
if p.HostExpirySettings != nil {
if p.HostExpirySettings.HostExpiryEnabled != nil {
config.HostExpiryEnabled = *p.HostExpirySettings.HostExpiryEnabled
}
if p.HostExpirySettings.HostExpiryWindow != nil {
config.HostExpiryWindow = *p.HostExpirySettings.HostExpiryWindow
}
}
Add capability to collect "additional" information from hosts (#2236) Additional information is collected when host details are updated using the queries specified in the Fleet configuration. This additional information is then available in the host API responses.
2020-05-21 15:36:00 +00:00
if settings := p.HostSettings; settings != nil {
if settings.AdditionalQueries != nil {
config.AdditionalQueries = settings.AdditionalQueries
}
Make it possible to clear host settings from app config (#1339)
2021-07-09 18:13:11 +00:00
} else {
config.AdditionalQueries = nil
Add capability to collect "additional" information from hosts (#2236) Additional information is collected when host details are updated using the queries specified in the Fleet configuration. This additional information is then available in the host API responses.
2020-05-21 15:36:00 +00:00
}
Agent options added to organization settings (#1120) * #511 refactored update options - new params & ts * updated server to include agent_options for read and update * added agent options form to org settings * #511 finished connecting agent form to server * #511 fixing api to save/read agent options * #511 linted * #511 fixed reading & updating agent options * #511 api fixes to support agent options * #511 removed log * Fix json.RawMessage pointers in tests Co-authored-by: Zach Wasserman <zach@fleetdm.com>
2021-06-17 20:47:15 +00:00
if p.AgentOptions != nil {
config.AgentOptions = p.AgentOptions
}
Remove kolide types and packages from backend (#974) Generally renamed `kolide` -> `fleet`
2021-06-06 22:07:29 +00:00
populateSMTP := func(p *fleet.SMTPSettingsPayload) {
fix various issues with SMTP configuration (#1001) * fix various issues with SMTP configuration * handle SplitHostPort error
2017-01-18 15:05:09 +00:00
if p.SMTPAuthenticationMethod != nil {
switch *p.SMTPAuthenticationMethod {
Remove kolide types and packages from backend (#974) Generally renamed `kolide` -> `fleet`
2021-06-06 22:07:29 +00:00
case fleet.AuthMethodNameCramMD5:
config.SMTPAuthenticationMethod = fleet.AuthMethodCramMD5
case fleet.AuthMethodNamePlain:
config.SMTPAuthenticationMethod = fleet.AuthMethodPlain
case fleet.AuthMethodNameLogin:
config.SMTPAuthenticationMethod = fleet.AuthMethodLogin
fix various issues with SMTP configuration (#1001) * fix various issues with SMTP configuration * handle SplitHostPort error
2017-01-18 15:05:09 +00:00
default:
panic("unknown SMTP AuthMethod: " + *p.SMTPAuthenticationMethod)
}
Minor App Config API tweaks requested by @mikestone14 (#681) * Minor App Config API tweaks requested by @mikestone14 * Refactored mail test into separate method, implemented code review changes
2016-12-22 14:12:34 +00:00
}
fix various issues with SMTP configuration (#1001) * fix various issues with SMTP configuration * handle SplitHostPort error
2017-01-18 15:05:09 +00:00
if p.SMTPAuthenticationType != nil {
switch *p.SMTPAuthenticationType {
Remove kolide types and packages from backend (#974) Generally renamed `kolide` -> `fleet`
2021-06-06 22:07:29 +00:00
case fleet.AuthTypeNameUserNamePassword:
config.SMTPAuthenticationType = fleet.AuthTypeUserNamePassword
case fleet.AuthTypeNameNone:
config.SMTPAuthenticationType = fleet.AuthTypeNone
fix various issues with SMTP configuration (#1001) * fix various issues with SMTP configuration * handle SplitHostPort error
2017-01-18 15:05:09 +00:00
default:
panic("unknown SMTP AuthType: " + *p.SMTPAuthenticationType)
}
}
if p.SMTPDomain != nil {
config.SMTPDomain = *p.SMTPDomain
}
if p.SMTPEnableStartTLS != nil {
config.SMTPEnableStartTLS = *p.SMTPEnableStartTLS
}
if p.SMTPEnableTLS != nil {
config.SMTPEnableTLS = *p.SMTPEnableTLS
}
Add fleetctl get/apply config (#2143) Implements #1953
2019-11-20 05:13:15 +00:00
if p.SMTPPassword != nil && *p.SMTPPassword != "********" {
fix various issues with SMTP configuration (#1001) * fix various issues with SMTP configuration * handle SplitHostPort error
2017-01-18 15:05:09 +00:00
config.SMTPPassword = *p.SMTPPassword
Minor App Config API tweaks requested by @mikestone14 (#681) * Minor App Config API tweaks requested by @mikestone14 * Refactored mail test into separate method, implemented code review changes
2016-12-22 14:12:34 +00:00
}
App Settings - /admin/settings #363 (#590)
2016-12-20 21:54:30 +00:00
fix various issues with SMTP configuration (#1001) * fix various issues with SMTP configuration * handle SplitHostPort error
2017-01-18 15:05:09 +00:00
if p.SMTPPort != nil {
config.SMTPPort = *p.SMTPPort
}
if p.SMTPSenderAddress != nil {
config.SMTPSenderAddress = *p.SMTPSenderAddress
}
if p.SMTPServer != nil {
config.SMTPServer = *p.SMTPServer
}
if p.SMTPUserName != nil {
config.SMTPUserName = *p.SMTPUserName
}
if p.SMTPVerifySSLCerts != nil {
config.SMTPVerifySSLCerts = *p.SMTPVerifySSLCerts
}
App Settings - /admin/settings #363 (#590)
2016-12-20 21:54:30 +00:00
}
fix various issues with SMTP configuration (#1001) * fix various issues with SMTP configuration * handle SplitHostPort error
2017-01-18 15:05:09 +00:00
if p.SMTPSettings != nil {
populateSMTP(p.SMTPSettings)
App Settings - /admin/settings #363 (#590)
2016-12-20 21:54:30 +00:00
}
Issue 1435 software to cpe (#1488) * WIP * WIP * Make path optional and fix tests * Add first generate * Move to nvd package * remove replace * Re-add replace * It's path, not file name * Change how db path is set and use etag * Fix typos * Make db generation faster * Remove quotes * Doesn't like comments * Samitize etag and save to file * Refactor some things and improve writing of etagenv * Compress file and truncate amount of items for faster testing * Remove quotes * Try to improve performance * Ignore truncate error if not exists * Minor cleanup and make sqlite have cpe prefix * Simplify code and test sync * Add VCR for sync test * Check for nvdRelease nil * Add test for the actual translation * Address review comments * Rename generate command because we'll have a cve one too * Move to its own dir * Address review comments
2021-07-29 16:10:34 +00:00
if p.VulnerabilitySettings != nil {
config.VulnerabilityDatabasesPath = ptr.String(p.VulnerabilitySettings.DatabasesPath)
} else {
config.VulnerabilityDatabasesPath = nil
}
fix various issues with SMTP configuration (#1001) * fix various issues with SMTP configuration * handle SplitHostPort error
2017-01-18 15:05:09 +00:00
return &config
App Settings - /admin/settings #363 (#590)
2016-12-20 21:54:30 +00:00
}
Add support for multiple enroll secrets (#2238) - Support multiple enroll secrets - Record name of enroll secret used when host enrolls - Update fleetctl and UI to support these features
2020-05-29 16:12:39 +00:00
Remove kolide types and packages from backend (#974) Generally renamed `kolide` -> `fleet`
2021-06-06 22:07:29 +00:00
func (svc *Service) ApplyEnrollSecretSpec(ctx context.Context, spec *fleet.EnrollSecretSpec) error {
if err := svc.authz.Authorize(ctx, &fleet.EnrollSecret{}, fleet.ActionWrite); err != nil {
Add authorization checks in service (#938) - Add policy.rego file defining authorization policies. - Add Go integrations to evaluate Rego policies (via OPA). - Add middleware to ensure requests without authorization check are rejected (guard against programmer error). - Add authorization checks to most service endpoints.
2021-06-03 23:24:15 +00:00
return err
}
Make name and secret required for enroll secrets (#207) Adds a check to prevent users from unintentionally setting empty secrets. Fixes #188
2021-01-19 22:49:53 +00:00
for _, s := range spec.Secrets {
if s.Secret == "" {
return errors.New("enroll secret must not be empty")
}
}
Refactor enroll secrets to support Teams (#903) - Add `team_id` field to secrets. - Remove secret `name` and `active` fields (migration deletes inactive secrets). - Assign hosts to Team based on secret provided. - Add API for retrieving secrets by Team.
2021-05-31 16:02:05 +00:00
return svc.ds.ApplyEnrollSecrets(nil, spec.Secrets)
Add support for multiple enroll secrets (#2238) - Support multiple enroll secrets - Record name of enroll secret used when host enrolls - Update fleetctl and UI to support these features
2020-05-29 16:12:39 +00:00
}
Remove kolide types and packages from backend (#974) Generally renamed `kolide` -> `fleet`
2021-06-06 22:07:29 +00:00
func (svc *Service) GetEnrollSecretSpec(ctx context.Context) (*fleet.EnrollSecretSpec, error) {
if err := svc.authz.Authorize(ctx, &fleet.EnrollSecret{}, fleet.ActionRead); err != nil {
Add authorization checks in service (#938) - Add policy.rego file defining authorization policies. - Add Go integrations to evaluate Rego policies (via OPA). - Add middleware to ensure requests without authorization check are rejected (guard against programmer error). - Add authorization checks to most service endpoints.
2021-06-03 23:24:15 +00:00
return nil, err
}
Refactor enroll secrets to support Teams (#903) - Add `team_id` field to secrets. - Remove secret `name` and `active` fields (migration deletes inactive secrets). - Assign hosts to Team based on secret provided. - Add API for retrieving secrets by Team.
2021-05-31 16:02:05 +00:00
secrets, err := svc.ds.GetEnrollSecrets(nil)
if err != nil {
return nil, err
}
Remove kolide types and packages from backend (#974) Generally renamed `kolide` -> `fleet`
2021-06-06 22:07:29 +00:00
return &fleet.EnrollSecretSpec{Secrets: secrets}, nil
Add support for multiple enroll secrets (#2238) - Support multiple enroll secrets - Record name of enroll secret used when host enrolls - Update fleetctl and UI to support these features
2020-05-29 16:12:39 +00:00
}
Add version endpoint to API (#549) Part of #371
2021-03-27 01:03:31 +00:00
Refactor teams service methods (#910) - Move team-related service methods to `ee/server/service`. - Instantiate different service on startup based on license key. - Refactor service errors into separate package. - Add support for running E2E tests in both Core and Basic tiers.
2021-06-01 00:07:51 +00:00
func (svc *Service) Version(ctx context.Context) (*version.Info, error) {
Remove kolide types and packages from backend (#974) Generally renamed `kolide` -> `fleet`
2021-06-06 22:07:29 +00:00
if err := svc.authz.Authorize(ctx, &fleet.AppConfig{}, fleet.ActionRead); err != nil {
Add authorization checks in service (#938) - Add policy.rego file defining authorization policies. - Add Go integrations to evaluate Rego policies (via OPA). - Add middleware to ensure requests without authorization check are rejected (guard against programmer error). - Add authorization checks to most service endpoints.
2021-06-03 23:24:15 +00:00
return nil, err
}
Add version endpoint to API (#549) Part of #371
2021-03-27 01:03:31 +00:00
info := version.Version()
return &info, nil
}
Stub out licensing API (#810) - Add config option for license key. - Define license details data structure. - Include license details in app config API responses. Currently any non-empty value for `--license_key` behaves as though the installation is licensed for `basic`. If the license key is empty, `core` is returned. Still to come is the appropriate parsing for the license key.
2021-05-20 00:29:38 +00:00
Remove kolide types and packages from backend (#974) Generally renamed `kolide` -> `fleet`
2021-06-06 22:07:29 +00:00
func (svc *Service) License(ctx context.Context) (*fleet.LicenseInfo, error) {
if err := svc.authz.Authorize(ctx, &fleet.AppConfig{}, fleet.ActionRead); err != nil {
Add authorization checks in service (#938) - Add policy.rego file defining authorization policies. - Add Go integrations to evaluate Rego policies (via OPA). - Add middleware to ensure requests without authorization check are rejected (guard against programmer error). - Add authorization checks to most service endpoints.
2021-06-03 23:24:15 +00:00
return nil, err
}
Stub out licensing API (#810) - Add config option for license key. - Define license details data structure. - Include license details in app config API responses. Currently any non-empty value for `--license_key` behaves as though the installation is licensed for `basic`. If the license key is empty, `core` is returned. Still to come is the appropriate parsing for the license key.
2021-05-20 00:29:38 +00:00
return &svc.license, nil
}
Add authorization checks in service (#938) - Add policy.rego file defining authorization policies. - Add Go integrations to evaluate Rego policies (via OPA). - Add middleware to ensure requests without authorization check are rejected (guard against programmer error). - Add authorization checks to most service endpoints.
2021-06-03 23:24:15 +00:00
func (svc *Service) SetupRequired(ctx context.Context) (bool, error) {
Remove kolide types and packages from backend (#974) Generally renamed `kolide` -> `fleet`
2021-06-06 22:07:29 +00:00
users, err := svc.ds.ListUsers(fleet.UserListOptions{ListOptions: fleet.ListOptions{Page: 0, PerPage: 1}})
Add authorization checks in service (#938) - Add policy.rego file defining authorization policies. - Add Go integrations to evaluate Rego policies (via OPA). - Add middleware to ensure requests without authorization check are rejected (guard against programmer error). - Add authorization checks to most service endpoints.
2021-06-03 23:24:15 +00:00
if err != nil {
return false, err
}
if len(users) == 0 {
return true, nil
}
return false, nil
}
add logging settings to config api response (#1467) - add docker-compose file for locally testing aws dependencies - update firehose & kinesis configs to optionally supply endpoint url override - serialize `logging` field in appconfig api response
2021-07-30 15:45:49 +00:00
func (svc *Service) LoggingConfig(ctx context.Context) (*fleet.Logging, error) {
if err := svc.authz.Authorize(ctx, &fleet.AppConfig{}, fleet.ActionRead); err != nil {
return nil, err
}
conf := svc.config
logging := &fleet.Logging{
Debug: conf.Logging.Debug,
Json: conf.Logging.JSON,
}
switch conf.Osquery.StatusLogPlugin {
case "", "filesystem":
logging.Status = fleet.LoggingPlugin{
Plugin: "filesystem",
Config: fleet.FilesystemConfig{FilesystemConfig: conf.Filesystem},
}
case "kinesis":
logging.Status = fleet.LoggingPlugin{
Plugin: "kinesis",
Config: fleet.KinesisConfig{
Region: conf.Kinesis.Region,
StatusStream: conf.Kinesis.StatusStream,
ResultStream: conf.Kinesis.ResultStream,
},
}
case "firehose":
logging.Status = fleet.LoggingPlugin{
Plugin: "firehose",
Config: fleet.FirehoseConfig{
Region: conf.Firehose.Region,
StatusStream: conf.Firehose.StatusStream,
ResultStream: conf.Firehose.ResultStream,
},
}
case "lambda":
logging.Status = fleet.LoggingPlugin{
Plugin: "lambda",
Config: fleet.LambdaConfig{
Region: conf.Lambda.Region,
StatusFunction: conf.Lambda.StatusFunction,
ResultFunction: conf.Lambda.ResultFunction,
},
}
case "pubsub":
logging.Status = fleet.LoggingPlugin{
Plugin: "pubsub",
Config: fleet.PubSubConfig{PubSubConfig: conf.PubSub},
}
case "stdout":
logging.Status = fleet.LoggingPlugin{Plugin: "stdout"}
default:
return nil, errors.Errorf("unrecognized logging plugin: %s", conf.Osquery.StatusLogPlugin)
}
switch conf.Osquery.ResultLogPlugin {
case "", "filesystem":
logging.Result = fleet.LoggingPlugin{
Plugin: "filesystem",
Config: fleet.FilesystemConfig{FilesystemConfig: conf.Filesystem},
}
case "kinesis":
logging.Result = fleet.LoggingPlugin{
Plugin: "kinesis",
Config: fleet.KinesisConfig{
Region: conf.Kinesis.Region,
StatusStream: conf.Kinesis.StatusStream,
ResultStream: conf.Kinesis.ResultStream,
},
}
case "firehose":
logging.Result = fleet.LoggingPlugin{
Plugin: "firehose",
Config: fleet.FirehoseConfig{
Region: conf.Firehose.Region,
StatusStream: conf.Firehose.StatusStream,
ResultStream: conf.Firehose.ResultStream,
},
}
case "lambda":
logging.Result = fleet.LoggingPlugin{
Plugin: "lambda",
Config: fleet.LambdaConfig{
Region: conf.Lambda.Region,
StatusFunction: conf.Lambda.StatusFunction,
ResultFunction: conf.Lambda.ResultFunction,
},
}
case "pubsub":
logging.Result = fleet.LoggingPlugin{
Plugin: "pubsub",
Config: fleet.PubSubConfig{PubSubConfig: conf.PubSub},
}
case "stdout":
logging.Result = fleet.LoggingPlugin{
Plugin: "stdout",
}
default:
return nil, errors.Errorf("unrecognized logging plugin: %s", conf.Osquery.ResultLogPlugin)
}
return logging, nil
}
Reference in New Issue Copy Permalink