empayre/fleet
14
0
Fork 0
mirror of https://github.com/empayre/fleet.git synced 2024-11-07 09:18:59 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity
955972e1a1
fleet/server/kolide/app.go

249 lines
9.2 KiB
Go
Raw Normal View History

App config api (#223) Add GET and PATCH endpoints for /kolide/config to get/update current app configuration
2016-09-22 00:45:57 +00:00
package kolide
Simplifying SMTP Logic (#892) * Simplifying SMTP Logic This commit breaks the test email sending into it's own service method (thus removing the capability from the API- if we want it back, we can wire up another endpoint for just that). Additionally, error wrapping is used through the new ModifyAppConfig service method to ensure that an error or failed email will always result in an error while ensuring that the submitted record always get committed (unless a serious error happens). * never wrap a nil error * use err instead of individual errors
2017-01-11 08:27:09 +00:00
import (
Update go-kit to 0.4.0 (#1411) Notable refactoring: - Use stdlib "context" in place of "golang.org/x/net/context" - Go-kit no longer wraps errors, so we remove the unwrap in transport_error.go - Use MakeHandler when setting up endpoint tests (fixes test bug caught during this refactoring) Closes #1411.
2017-03-15 15:55:30 +00:00
"context"
Simplifying SMTP Logic (#892) * Simplifying SMTP Logic This commit breaks the test email sending into it's own service method (thus removing the capability from the API- if we want it back, we can wire up another endpoint for just that). Additionally, error wrapping is used through the new ModifyAppConfig service method to ensure that an error or failed email will always result in an error while ensuring that the submitted record always get committed (unless a serious error happens). * never wrap a nil error * use err instead of individual errors
2017-01-11 08:27:09 +00:00
)
App config api (#223) Add GET and PATCH endpoints for /kolide/config to get/update current app configuration
2016-09-22 00:45:57 +00:00
// AppConfigStore contains method for saving and retrieving
// application configuration
type AppConfigStore interface {
store WebAddress config in datastore (#421) moves web address config to datastore so that it can be configured by a user in the Web UI. rename OrgInfo struct to AppConfig. For #363 For #378
2016-11-04 20:44:38 +00:00
NewAppConfig(info *AppConfig) (*AppConfig, error)
AppConfig() (*AppConfig, error)
SaveAppConfig(info *AppConfig) error
App config api (#223) Add GET and PATCH endpoints for /kolide/config to get/update current app configuration
2016-09-22 00:45:57 +00:00
}
// AppConfigService provides methods for configuring
Replace uses of the term "Kolide" with "Fleet" (#1999) Almost two years ago, we began referring to the project as Fleet, but there are many occurences of the term "Kolide" throughout the UI and documentation. This PR attempts to clear up those uses where it is easily achievable. The term "Kolide" is used throughout the code as well, but modifying this would be more likely to introduce bugs.
2019-01-24 17:39:32 +00:00
// the Fleet application
App config api (#223) Add GET and PATCH endpoints for /kolide/config to get/update current app configuration
2016-09-22 00:45:57 +00:00
type AppConfigService interface {
store WebAddress config in datastore (#421) moves web address config to datastore so that it can be configured by a user in the Web UI. rename OrgInfo struct to AppConfig. For #363 For #378
2016-11-04 20:44:38 +00:00
NewAppConfig(ctx context.Context, p AppConfigPayload) (info *AppConfig, err error)
AppConfig(ctx context.Context) (info *AppConfig, err error)
ModifyAppConfig(ctx context.Context, p AppConfigPayload) (info *AppConfig, err error)
Simplifying SMTP Logic (#892) * Simplifying SMTP Logic This commit breaks the test email sending into it's own service method (thus removing the capability from the API- if we want it back, we can wire up another endpoint for just that). Additionally, error wrapping is used through the new ModifyAppConfig service method to ensure that an error or failed email will always result in an error while ensuring that the submitted record always get committed (unless a serious error happens). * never wrap a nil error * use err instead of individual errors
2017-01-11 08:27:09 +00:00
SendTestEmail(ctx context.Context, config *AppConfig) error
add endpoint to serve the kolide certificate back to the user (#1025) add endpoint to serve the kolide certificate back to the user The API will attempt to establish a TLS connection and fetch the certificate from the TLS ConnectionState. The PEM encoded certificate will be served to the client in a JSON response as a base64 encoded string. Closes #1012
2017-01-20 19:32:10 +00:00
// Certificate returns the PEM encoded certificate chain for osqueryd TLS termination.
// For cases where the connection is self-signed, the server will attempt to
// connect using the InsecureSkipVerify option in tls.Config.
CertificateChain(ctx context.Context) (cert []byte, err error)
App config api (#223) Add GET and PATCH endpoints for /kolide/config to get/update current app configuration
2016-09-22 00:45:57 +00:00
}
Minor App Config API tweaks requested by @mikestone14 (#681) * Minor App Config API tweaks requested by @mikestone14 * Refactored mail test into separate method, implemented code review changes
2016-12-22 14:12:34 +00:00
// SMTP settings names returned from API, these map to SMTPAuthType and
// SMTPAuthMethod
const (
AuthMethodNameCramMD5 = "authmethod_cram_md5"
Add Support for SMTP LOGIN Authentication Method (#1988) This PR adds support for the SMTP LOGIN authentication method. Office 365 Exchange removed support for PLAIN authentication some time ago, and only supports LOGIN and an OAuth2 authentication method. This patch has been tested with a licensed O365 account. This method should also be usable with any other email server that advertises LOGIN in its 250-AUTH response. Note: If using this with O365, the account used must not have MFA enabled. Closes #1663
2019-01-14 20:35:23 +00:00
AuthMethodNameLogin = "authmethod_login"
Minor App Config API tweaks requested by @mikestone14 (#681) * Minor App Config API tweaks requested by @mikestone14 * Refactored mail test into separate method, implemented code review changes
2016-12-22 14:12:34 +00:00
AuthMethodNamePlain = "authmethod_plain"
AuthTypeNameUserNamePassword = "authtype_username_password"
AuthTypeNameNone = "authtype_none"
)
App Settings - /admin/settings #363 (#590)
2016-12-20 21:54:30 +00:00
type SMTPAuthType int
const (
AuthTypeUserNamePassword SMTPAuthType = iota
AuthTypeNone
)
Minor App Config API tweaks requested by @mikestone14 (#681) * Minor App Config API tweaks requested by @mikestone14 * Refactored mail test into separate method, implemented code review changes
2016-12-22 14:12:34 +00:00
func (a SMTPAuthType) String() string {
switch a {
case AuthTypeUserNamePassword:
return AuthTypeNameUserNamePassword
case AuthTypeNone:
return AuthTypeNameNone
default:
return ""
}
}
App Settings - /admin/settings #363 (#590)
2016-12-20 21:54:30 +00:00
type SMTPAuthMethod int
const (
AuthMethodPlain SMTPAuthMethod = iota
AuthMethodCramMD5
Add Support for SMTP LOGIN Authentication Method (#1988) This PR adds support for the SMTP LOGIN authentication method. Office 365 Exchange removed support for PLAIN authentication some time ago, and only supports LOGIN and an OAuth2 authentication method. This patch has been tested with a licensed O365 account. This method should also be usable with any other email server that advertises LOGIN in its 250-AUTH response. Note: If using this with O365, the account used must not have MFA enabled. Closes #1663
2019-01-14 20:35:23 +00:00
AuthMethodLogin
App Settings - /admin/settings #363 (#590)
2016-12-20 21:54:30 +00:00
)
Minor App Config API tweaks requested by @mikestone14 (#681) * Minor App Config API tweaks requested by @mikestone14 * Refactored mail test into separate method, implemented code review changes
2016-12-22 14:12:34 +00:00
func (m SMTPAuthMethod) String() string {
switch m {
case AuthMethodPlain:
return AuthMethodNamePlain
case AuthMethodCramMD5:
return AuthMethodNameCramMD5
Add Support for SMTP LOGIN Authentication Method (#1988) This PR adds support for the SMTP LOGIN authentication method. Office 365 Exchange removed support for PLAIN authentication some time ago, and only supports LOGIN and an OAuth2 authentication method. This patch has been tested with a licensed O365 account. This method should also be usable with any other email server that advertises LOGIN in its 250-AUTH response. Note: If using this with O365, the account used must not have MFA enabled. Closes #1663
2019-01-14 20:35:23 +00:00
case AuthMethodLogin:
return AuthMethodNameLogin
Minor App Config API tweaks requested by @mikestone14 (#681) * Minor App Config API tweaks requested by @mikestone14 * Refactored mail test into separate method, implemented code review changes
2016-12-22 14:12:34 +00:00
default:
return ""
}
}
Replace uses of the term "Kolide" with "Fleet" (#1999) Almost two years ago, we began referring to the project as Fleet, but there are many occurences of the term "Kolide" throughout the UI and documentation. This PR attempts to clear up those uses where it is easily achievable. The term "Kolide" is used throughout the code as well, but modifying this would be more likely to introduce bugs.
2019-01-24 17:39:32 +00:00
// AppConfig holds configuration about the Fleet application.
// AppConfig data can be managed by a Fleet API user.
store WebAddress config in datastore (#421) moves web address config to datastore so that it can be configured by a user in the Web UI. rename OrgInfo struct to AppConfig. For #363 For #378
2016-11-04 20:44:38 +00:00
type AppConfig struct {
App Settings - /admin/settings #363 (#590)
2016-12-20 21:54:30 +00:00
ID uint
Datastore refactor (#439) Removed Gorm, replaced it with Sqlx * Added SQL bundling command to Makfile * Using go-kit logger * Added soft delete capability * Changed SearchLabel to accept a variadic param for optional omit list instead of array * Gorm removed * Refactor table structures to use CURRENT_TIMESTAMP mysql function * Moved Inmem datastore into it's own package * Updated README * Implemented code review suggestions from @zwass * Removed reference to Gorm from glide.yaml
2016-11-16 13:47:49 +00:00
OrgName string `db:"org_name"`
OrgLogoURL string `db:"org_logo_url"`
KolideServerURL string `db:"kolide_server_url"`
move osquery enroll secret to appconfig (#1004) For #995
2017-01-20 19:48:54 +00:00
// EnrollSecret is the config value that must be given by osqueryd hosts
// on enrollment.
// See https://osquery.readthedocs.io/en/stable/deployment/remote/#remote-authentication
EnrollSecret string `db:"osquery_enroll_secret"`
App Settings - /admin/settings #363 (#590)
2016-12-20 21:54:30 +00:00
// SMTPConfigured is a flag that indicates if smtp has been successfully
// tested with the settings provided by an admin user.
SMTPConfigured bool `db:"smtp_configured"`
// SMTPSenderAddress is the email address that will appear in emails sent
Replace uses of the term "Kolide" with "Fleet" (#1999) Almost two years ago, we began referring to the project as Fleet, but there are many occurences of the term "Kolide" throughout the UI and documentation. This PR attempts to clear up those uses where it is easily achievable. The term "Kolide" is used throughout the code as well, but modifying this would be more likely to introduce bugs.
2019-01-24 17:39:32 +00:00
// from Fleet
App Settings - /admin/settings #363 (#590)
2016-12-20 21:54:30 +00:00
SMTPSenderAddress string `db:"smtp_sender_address"`
Replace uses of the term "Kolide" with "Fleet" (#1999) Almost two years ago, we began referring to the project as Fleet, but there are many occurences of the term "Kolide" throughout the UI and documentation. This PR attempts to clear up those uses where it is easily achievable. The term "Kolide" is used throughout the code as well, but modifying this would be more likely to introduce bugs.
2019-01-24 17:39:32 +00:00
// SMTPServer is the host name of the SMTP server Fleet will use to send mail
App Settings - /admin/settings #363 (#590)
2016-12-20 21:54:30 +00:00
SMTPServer string `db:"smtp_server"`
// SMTPPort port SMTP server will use
SMTPPort uint `db:"smtp_port"`
// SMTPAuthenticationType type of authentication for SMTP
SMTPAuthenticationType SMTPAuthType `db:"smtp_authentication_type"`
// SMTPUserName must be provided if SMTPAuthenticationType is UserNamePassword
SMTPUserName string `db:"smtp_user_name"`
// SMTPPassword must be provided if SMTPAuthenticationType is UserNamePassword
SMTPPassword string `db:"smtp_password"`
// SMTPEnableSSLTLS whether to use SSL/TLS for SMTP
SMTPEnableTLS bool `db:"smtp_enable_ssl_tls"`
// SMTPAuthenticationMethod authentication method smtp server will use
SMTPAuthenticationMethod SMTPAuthMethod `db:"smtp_authentication_method"`
// SMTPDomain optional domain for SMTP
SMTPDomain string `db:"smtp_domain"`
// SMTPVerifySSLCerts defaults to true but can be turned off if self signed
// SSL certs are used by the SMTP server
SMTPVerifySSLCerts bool `db:"smtp_verify_ssl_certs"`
// SMTPEnableStartTLS detects of TLS is enabled on mail server and starts to use it (default true)
SMTPEnableStartTLS bool `db:"smtp_enable_start_tls"`
Server Side SSO Support (#1498) This PR partially addresses #1456, providing SSO SAML support. The flow of the code is as follows. A Kolide user attempts to access a protected resource and is directed to log in. If SSO identity providers (IDP) have been configured by an admin, the user is presented with SSO log in. The user selects SSO, which invokes a call the InitiateSSO passing the URL of the protected resource that the user was originally trying access. Kolide server loads the IDP metadata and caches it along with the URL. We then build an auth request URL for the IDP which is returned to the front end. The IDP calls the server, invoking CallbackSSO with the auth response. We extract the original request id from the response and use it to fetch the cached metadata and the URL. We check the signature of the response, and validate the timestamps. If everything passes we get the user id from the IDP response and use it to create a login session. We then build a page which executes some javascript that will write the token to web local storage, and redirect to the original URL. I've created a test web page in tools/app/authtest.html that can be used to test and debug new IDP's which also illustrates how a front end would interact with the IDP and the server. This page can be loaded by starting Kolide with the environment variable KOLIDE_TEST_PAGE_PATH to the full path of the page and then accessed at https://localhost:8080/test
2017-05-09 00:43:48 +00:00
// EntityID is a uri that identifies this service provider
EntityID string `db:"entity_id"`
// IssuerURI is the uri that identifies the identity provider
IssuerURI string `db:"issuer_uri"`
// IDPImageURL is a link to a logo or other image that is used for UX
IDPImageURL string `db:"idp_image_url"`
// Metadata contains IDP metadata XML
Metadata string `db:"metadata"`
// MetadataURL is a URL provided by the IDP which can be used to download
// metadata
MetadataURL string `db:"metadata_url"`
Fix documentation typos (#1682)
2017-12-22 02:37:32 +00:00
// IDPName is a human friendly name for the IDP
Server Side SSO Support (#1498) This PR partially addresses #1456, providing SSO SAML support. The flow of the code is as follows. A Kolide user attempts to access a protected resource and is directed to log in. If SSO identity providers (IDP) have been configured by an admin, the user is presented with SSO log in. The user selects SSO, which invokes a call the InitiateSSO passing the URL of the protected resource that the user was originally trying access. Kolide server loads the IDP metadata and caches it along with the URL. We then build an auth request URL for the IDP which is returned to the front end. The IDP calls the server, invoking CallbackSSO with the auth response. We extract the original request id from the response and use it to fetch the cached metadata and the URL. We check the signature of the response, and validate the timestamps. If everything passes we get the user id from the IDP response and use it to create a login session. We then build a page which executes some javascript that will write the token to web local storage, and redirect to the original URL. I've created a test web page in tools/app/authtest.html that can be used to test and debug new IDP's which also illustrates how a front end would interact with the IDP and the server. This page can be loaded by starting Kolide with the environment variable KOLIDE_TEST_PAGE_PATH to the full path of the page and then accessed at https://localhost:8080/test
2017-05-09 00:43:48 +00:00
IDPName string `db:"idp_name"`
// EnableSSO flag to determine whether or not to enable SSO
EnableSSO bool `db:"enable_sso"`
Fix documentation typos (#1682)
2017-12-22 02:37:32 +00:00
// FIMInterval defines the interval when file integrity checks will occur
Added FIM support (#1548) This PR adds support for file integrity monitoring. This is done by providing a simplified API that can be used to PATCH/GET FIM configurations. There is also code to build the FIM configuration to send back to osquery. Each PATCH request, if successful, replaces Fleet's existing FIM configuration. For example: curl -X "PATCH" "https://localhost:8080/api/v1/kolide/fim" \ -H "Authorization: Bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzZXNzaW9uX2tleSI6IkVhaFhvZWswMGtWSEdaTTNCWndIMnhpYWxkNWZpcVFDR2hEcW1HK2UySmRNOGVFVE1DeTNTaUlFWmhZNUxhdW1ueFZDV2JiR1Bwdm5TKzdyK3NJUzNnPT0ifQ.SDCHAUA1vTuWGjXtcQds2GZLM27HAAiOUhR4WvgvTNY" \ -H "Content-Type: application/json; charset=utf-8" \ -d $'{ "interval": 500, "file_paths": { "etc": [ "/etc/%%" ], "users": [ "/Users/%/Library/%%", "/Users/%/Documents/%%" ], "usr": [ "/usr/bin/%%" ] } }'
2017-08-18 15:37:33 +00:00
FIMInterval int `db:"fim_interval"`
Add FileAccesses to FIM Configuration (#1717) - Close #1708 - Fix FIM interval not being stored
2018-02-26 20:54:13 +00:00
// FIMFileAccess defines the FIMSections which will be monitored for file access events as a JSON formatted array
FIMFileAccesses string `db:"fim_file_accesses"`
App Settings - /admin/settings #363 (#590)
2016-12-20 21:54:30 +00:00
}
// ModifyAppConfigRequest contains application configuration information
// sent from front end and used to change app config elements.
type ModifyAppConfigRequest struct {
// TestSMTP is this is set to true, the SMTP configuration will be tested
// with the results of the test returned to caller. No config changes
// will be applied.
TestSMTP bool `json:"test_smtp"`
AppConfig AppConfig `json:"app_config"`
}
Server Side SSO Support (#1498) This PR partially addresses #1456, providing SSO SAML support. The flow of the code is as follows. A Kolide user attempts to access a protected resource and is directed to log in. If SSO identity providers (IDP) have been configured by an admin, the user is presented with SSO log in. The user selects SSO, which invokes a call the InitiateSSO passing the URL of the protected resource that the user was originally trying access. Kolide server loads the IDP metadata and caches it along with the URL. We then build an auth request URL for the IDP which is returned to the front end. The IDP calls the server, invoking CallbackSSO with the auth response. We extract the original request id from the response and use it to fetch the cached metadata and the URL. We check the signature of the response, and validate the timestamps. If everything passes we get the user id from the IDP response and use it to create a login session. We then build a page which executes some javascript that will write the token to web local storage, and redirect to the original URL. I've created a test web page in tools/app/authtest.html that can be used to test and debug new IDP's which also illustrates how a front end would interact with the IDP and the server. This page can be loaded by starting Kolide with the environment variable KOLIDE_TEST_PAGE_PATH to the full path of the page and then accessed at https://localhost:8080/test
2017-05-09 00:43:48 +00:00
// SSOSettingsPayload wire format for SSO settings
type SSOSettingsPayload struct {
// EntityID is a uri that identifies this service provider
EntityID *string `json:"entity_id"`
// IssuerURI is the uri that identifies the identity provider
IssuerURI *string `json:"issuer_uri"`
// IDPImageURL is a link to a logo or other image that is used for UX
IDPImageURL *string `json:"idp_image_url"`
// Metadata contains IDP metadata XML
Metadata *string `json:"metadata"`
// MetadataURL is a URL provided by the IDP which can be used to download
// metadata
MetadataURL *string `json:"metadata_url"`
Fix documentation typos (#1682)
2017-12-22 02:37:32 +00:00
// IDPName is a human friendly name for the IDP
Server Side SSO Support (#1498) This PR partially addresses #1456, providing SSO SAML support. The flow of the code is as follows. A Kolide user attempts to access a protected resource and is directed to log in. If SSO identity providers (IDP) have been configured by an admin, the user is presented with SSO log in. The user selects SSO, which invokes a call the InitiateSSO passing the URL of the protected resource that the user was originally trying access. Kolide server loads the IDP metadata and caches it along with the URL. We then build an auth request URL for the IDP which is returned to the front end. The IDP calls the server, invoking CallbackSSO with the auth response. We extract the original request id from the response and use it to fetch the cached metadata and the URL. We check the signature of the response, and validate the timestamps. If everything passes we get the user id from the IDP response and use it to create a login session. We then build a page which executes some javascript that will write the token to web local storage, and redirect to the original URL. I've created a test web page in tools/app/authtest.html that can be used to test and debug new IDP's which also illustrates how a front end would interact with the IDP and the server. This page can be loaded by starting Kolide with the environment variable KOLIDE_TEST_PAGE_PATH to the full path of the page and then accessed at https://localhost:8080/test
2017-05-09 00:43:48 +00:00
IDPName *string `json:"idp_name"`
// EnableSSO flag to determine whether or not to enable SSO
EnableSSO *bool `json:"enable_sso"`
}
fix various issues with SMTP configuration (#1001) * fix various issues with SMTP configuration * handle SplitHostPort error
2017-01-18 15:05:09 +00:00
// SMTPSettingsPayload is part of the AppConfigPayload which defines the wire representation
App Settings - /admin/settings #363 (#590)
2016-12-20 21:54:30 +00:00
// of the app config endpoints
fix various issues with SMTP configuration (#1001) * fix various issues with SMTP configuration * handle SplitHostPort error
2017-01-18 15:05:09 +00:00
type SMTPSettingsPayload struct {
Allow update of settings page without enabling SMTP (#1903) Fixes #1871
2018-09-07 22:37:35 +00:00
// SMTPEnabled indicates whether the user has selected that SMTP is
// enabled in the UI.
SMTPEnabled *bool `json:"enable_smtp"`
App Settings - /admin/settings #363 (#590)
2016-12-20 21:54:30 +00:00
// SMTPConfigured is a flag that indicates if smtp has been successfully
// tested with the settings provided by an admin user.
fix various issues with SMTP configuration (#1001) * fix various issues with SMTP configuration * handle SplitHostPort error
2017-01-18 15:05:09 +00:00
SMTPConfigured *bool `json:"configured"`
App Settings - /admin/settings #363 (#590)
2016-12-20 21:54:30 +00:00
// SMTPSenderAddress is the email address that will appear in emails sent
Replace uses of the term "Kolide" with "Fleet" (#1999) Almost two years ago, we began referring to the project as Fleet, but there are many occurences of the term "Kolide" throughout the UI and documentation. This PR attempts to clear up those uses where it is easily achievable. The term "Kolide" is used throughout the code as well, but modifying this would be more likely to introduce bugs.
2019-01-24 17:39:32 +00:00
// from Fleet
fix various issues with SMTP configuration (#1001) * fix various issues with SMTP configuration * handle SplitHostPort error
2017-01-18 15:05:09 +00:00
SMTPSenderAddress *string `json:"sender_address"`
Replace uses of the term "Kolide" with "Fleet" (#1999) Almost two years ago, we began referring to the project as Fleet, but there are many occurences of the term "Kolide" throughout the UI and documentation. This PR attempts to clear up those uses where it is easily achievable. The term "Kolide" is used throughout the code as well, but modifying this would be more likely to introduce bugs.
2019-01-24 17:39:32 +00:00
// SMTPServer is the host name of the SMTP server Fleet will use to send mail
fix various issues with SMTP configuration (#1001) * fix various issues with SMTP configuration * handle SplitHostPort error
2017-01-18 15:05:09 +00:00
SMTPServer *string `json:"server"`
App Settings - /admin/settings #363 (#590)
2016-12-20 21:54:30 +00:00
// SMTPPort port SMTP server will use
fix various issues with SMTP configuration (#1001) * fix various issues with SMTP configuration * handle SplitHostPort error
2017-01-18 15:05:09 +00:00
SMTPPort *uint `json:"port"`
App Settings - /admin/settings #363 (#590)
2016-12-20 21:54:30 +00:00
// SMTPAuthenticationType type of authentication for SMTP
fix various issues with SMTP configuration (#1001) * fix various issues with SMTP configuration * handle SplitHostPort error
2017-01-18 15:05:09 +00:00
SMTPAuthenticationType *string `json:"authentication_type"`
App Settings - /admin/settings #363 (#590)
2016-12-20 21:54:30 +00:00
// SMTPUserName must be provided if SMTPAuthenticationType is UserNamePassword
fix various issues with SMTP configuration (#1001) * fix various issues with SMTP configuration * handle SplitHostPort error
2017-01-18 15:05:09 +00:00
SMTPUserName *string `json:"user_name"`
App Settings - /admin/settings #363 (#590)
2016-12-20 21:54:30 +00:00
// SMTPPassword must be provided if SMTPAuthenticationType is UserNamePassword
fix various issues with SMTP configuration (#1001) * fix various issues with SMTP configuration * handle SplitHostPort error
2017-01-18 15:05:09 +00:00
SMTPPassword *string `json:"password"`
App Settings - /admin/settings #363 (#590)
2016-12-20 21:54:30 +00:00
// SMTPEnableSSLTLS whether to use SSL/TLS for SMTP
fix various issues with SMTP configuration (#1001) * fix various issues with SMTP configuration * handle SplitHostPort error
2017-01-18 15:05:09 +00:00
SMTPEnableTLS *bool `json:"enable_ssl_tls"`
App Settings - /admin/settings #363 (#590)
2016-12-20 21:54:30 +00:00
// SMTPAuthenticationMethod authentication method smtp server will use
fix various issues with SMTP configuration (#1001) * fix various issues with SMTP configuration * handle SplitHostPort error
2017-01-18 15:05:09 +00:00
SMTPAuthenticationMethod *string `json:"authentication_method"`
App Settings - /admin/settings #363 (#590)
2016-12-20 21:54:30 +00:00
// SMTPDomain optional domain for SMTP
fix various issues with SMTP configuration (#1001) * fix various issues with SMTP configuration * handle SplitHostPort error
2017-01-18 15:05:09 +00:00
SMTPDomain *string `json:"domain"`
App Settings - /admin/settings #363 (#590)
2016-12-20 21:54:30 +00:00
// SMTPVerifySSLCerts defaults to true but can be turned off if self signed
// SSL certs are used by the SMTP server
fix various issues with SMTP configuration (#1001) * fix various issues with SMTP configuration * handle SplitHostPort error
2017-01-18 15:05:09 +00:00
SMTPVerifySSLCerts *bool `json:"verify_ssl_certs"`
App Settings - /admin/settings #363 (#590)
2016-12-20 21:54:30 +00:00
// SMTPEnableStartTLS detects of TLS is enabled on mail server and starts to use it (default true)
fix various issues with SMTP configuration (#1001) * fix various issues with SMTP configuration * handle SplitHostPort error
2017-01-18 15:05:09 +00:00
SMTPEnableStartTLS *bool `json:"enable_start_tls"`
store WebAddress config in datastore (#421) moves web address config to datastore so that it can be configured by a user in the Web UI. rename OrgInfo struct to AppConfig. For #363 For #378
2016-11-04 20:44:38 +00:00
}
App Settings - /admin/settings #363 (#590)
2016-12-20 21:54:30 +00:00
// AppConfigPayload contains request/response format of
// the AppConfig endpoints.
store WebAddress config in datastore (#421) moves web address config to datastore so that it can be configured by a user in the Web UI. rename OrgInfo struct to AppConfig. For #363 For #378
2016-11-04 20:44:38 +00:00
type AppConfigPayload struct {
fix various issues with SMTP configuration (#1001) * fix various issues with SMTP configuration * handle SplitHostPort error
2017-01-18 15:05:09 +00:00
OrgInfo *OrgInfo `json:"org_info"`
ServerSettings *ServerSettings `json:"server_settings"`
SMTPSettings *SMTPSettingsPayload `json:"smtp_settings"`
App Settings - /admin/settings #363 (#590)
2016-12-20 21:54:30 +00:00
// SMTPTest is a flag that if set will cause the server to test email configuration
SMTPTest *bool `json:"smtp_test,omitempty"`
Server Side SSO Support (#1498) This PR partially addresses #1456, providing SSO SAML support. The flow of the code is as follows. A Kolide user attempts to access a protected resource and is directed to log in. If SSO identity providers (IDP) have been configured by an admin, the user is presented with SSO log in. The user selects SSO, which invokes a call the InitiateSSO passing the URL of the protected resource that the user was originally trying access. Kolide server loads the IDP metadata and caches it along with the URL. We then build an auth request URL for the IDP which is returned to the front end. The IDP calls the server, invoking CallbackSSO with the auth response. We extract the original request id from the response and use it to fetch the cached metadata and the URL. We check the signature of the response, and validate the timestamps. If everything passes we get the user id from the IDP response and use it to create a login session. We then build a page which executes some javascript that will write the token to web local storage, and redirect to the original URL. I've created a test web page in tools/app/authtest.html that can be used to test and debug new IDP's which also illustrates how a front end would interact with the IDP and the server. This page can be loaded by starting Kolide with the environment variable KOLIDE_TEST_PAGE_PATH to the full path of the page and then accessed at https://localhost:8080/test
2017-05-09 00:43:48 +00:00
// SSOSettings single sign settings
SSOSettings *SSOSettingsPayload `json:"sso_settings"`
store WebAddress config in datastore (#421) moves web address config to datastore so that it can be configured by a user in the Web UI. rename OrgInfo struct to AppConfig. For #363 For #378
2016-11-04 20:44:38 +00:00
}
Replace uses of the term "Kolide" with "Fleet" (#1999) Almost two years ago, we began referring to the project as Fleet, but there are many occurences of the term "Kolide" throughout the UI and documentation. This PR attempts to clear up those uses where it is easily achievable. The term "Kolide" is used throughout the code as well, but modifying this would be more likely to introduce bugs.
2019-01-24 17:39:32 +00:00
// OrgInfo contains general info about the organization using Fleet.
App config api (#223) Add GET and PATCH endpoints for /kolide/config to get/update current app configuration
2016-09-22 00:45:57 +00:00
type OrgInfo struct {
Add fleetctl config and auth commands (#1751) ``` $ fleetctl config set address https://localhost:8080 [+] Set the "address" config key to "https://localhost:8080" in the "default" context $ fleetctl config set ignore_tls true [+] Set the "ignore_tls" config key to "true" in the "default" context $ fleetctl setup --email mike@arpaia.co --password "abc123" [+] Fleet setup successful and context configured! $ cat ~/.fleet/config contexts: default: address: https://localhost:8080 email: mike@arpaia.co ignore_tls: true token: eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzZXNzaW9uX2tleSI6IlUvdm05Vk9wSG0xUlA4SUtjQnBhb2ovWlo1TXppSEVXcFRCNFNPb2tHQnNLUFpDQXFieVpWWnpJb0UvczQzcWkyd1pHZXJOa29SNFVIQ2hNZUc0K09RPT0ifQ.rHawSN8JvD4jjWAPTYX2Ep9ZpMt3u4mSIQcu920C-_s $ fleetctl logout [+] Fleet logout successful and local token cleared! $ cat ~/.fleet/config contexts: default: address: https://localhost:8080 email: mike@arpaia.co ignore_tls: true token: "" ```
2018-05-04 16:53:21 +00:00
OrgName *string `json:"org_name,omitempty"`
OrgLogoURL *string `json:"org_logo_url,omitempty"`
App config api (#223) Add GET and PATCH endpoints for /kolide/config to get/update current app configuration
2016-09-22 00:45:57 +00:00
}
store WebAddress config in datastore (#421) moves web address config to datastore so that it can be configured by a user in the Web UI. rename OrgInfo struct to AppConfig. For #363 For #378
2016-11-04 20:44:38 +00:00
// ServerSettings contains general settings about the kolide App.
type ServerSettings struct {
Add fleetctl config and auth commands (#1751) ``` $ fleetctl config set address https://localhost:8080 [+] Set the "address" config key to "https://localhost:8080" in the "default" context $ fleetctl config set ignore_tls true [+] Set the "ignore_tls" config key to "true" in the "default" context $ fleetctl setup --email mike@arpaia.co --password "abc123" [+] Fleet setup successful and context configured! $ cat ~/.fleet/config contexts: default: address: https://localhost:8080 email: mike@arpaia.co ignore_tls: true token: eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzZXNzaW9uX2tleSI6IlUvdm05Vk9wSG0xUlA4SUtjQnBhb2ovWlo1TXppSEVXcFRCNFNPb2tHQnNLUFpDQXFieVpWWnpJb0UvczQzcWkyd1pHZXJOa29SNFVIQ2hNZUc0K09RPT0ifQ.rHawSN8JvD4jjWAPTYX2Ep9ZpMt3u4mSIQcu920C-_s $ fleetctl logout [+] Fleet logout successful and local token cleared! $ cat ~/.fleet/config contexts: default: address: https://localhost:8080 email: mike@arpaia.co ignore_tls: true token: "" ```
2018-05-04 16:53:21 +00:00
KolideServerURL *string `json:"kolide_server_url,omitempty"`
EnrollSecret *string `json:"osquery_enroll_secret,omitempty"`
App config api (#223) Add GET and PATCH endpoints for /kolide/config to get/update current app configuration
2016-09-22 00:45:57 +00:00
}
Add pagination to List* endpoints (#309) - Introduce kolide.ListOptions to store pagination params (in the future it can also store ordering/filtering params) - Refactor service/datastore methods to take kolide.ListOptions - Implement pagination
2016-10-13 18:21:47 +00:00
Add ordering options for List* methods (#318)
2016-10-17 14:01:14 +00:00
type OrderDirection int
const (
OrderAscending OrderDirection = iota
OrderDescending
)
Add pagination to List* endpoints (#309) - Introduce kolide.ListOptions to store pagination params (in the future it can also store ordering/filtering params) - Refactor service/datastore methods to take kolide.ListOptions - Implement pagination
2016-10-13 18:21:47 +00:00
// ListOptions defines options related to paging and ordering to be used when
// listing objects
type ListOptions struct {
// Which page to return (must be positive integer)
Page uint
// How many results per page (must be positive integer, 0 indicates
// unlimited)
PerPage uint
Add ordering options for List* methods (#318)
2016-10-17 14:01:14 +00:00
// Key to use for ordering
OrderKey string
// Direction of ordering
OrderDirection OrderDirection
Add pagination to List* endpoints (#309) - Introduce kolide.ListOptions to store pagination params (in the future it can also store ordering/filtering params) - Refactor service/datastore methods to take kolide.ListOptions - Implement pagination
2016-10-13 18:21:47 +00:00
}
Reference in New Issue Copy Permalink