empayre/fleet
14
0
Fork 0
mirror of https://github.com/empayre/fleet.git synced 2024-11-06 17:05:18 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity
d7eeb10a7c
fleet/cmd/fleetctl/get_test.go

1739 lines
50 KiB
Go
Raw Normal View History

Issue 1362 fleetctl user roles (#1397) * WIP * Add get user_roles and apply for a user_roles spec to fleetctl * Uncomment other tests * Update test to check output * Update test with the new struct * Mock token so that it doesn't pick up the one in the local machine * Address review comments * Fix printJSON and printYaml * Fix merge conflict error * If both roles are specified, fail * Fix test * Switch arguments around * Update test with the new rule * Fix other tests that fell through the cracks
2021-07-16 18:28:13 +00:00
package main
import (
Add support for context in datastore/mysql layer (#1962) This is just to pass down the context to the datastore layer, it doesn't use it just yet - this will be in a follow-up PR.
2021-09-14 12:11:07 +00:00
"context"
Issue 1361 fleetctl teams (#1405) * WIP * Add get user_roles and apply for a user_roles spec to fleetctl * Uncomment other tests * Update test to check output * Update test with the new struct * Mock token so that it doesn't pick up the one in the local machine * Address review comments * Fix printJSON and printYaml * Fix merge conflict error * WIP * wip * wip * Finish implementation * Address review comments * Fix flaky test
2021-07-19 19:48:49 +00:00
"encoding/json"
Make `fleetctl get teams --yaml` output compatible with `fleetctl apply -f` (#9626) #9535 - [X] Changes file added for user-visible changes in `changes/` or `orbit/changes/`. See [Changes files](https://fleetdm.com/docs/contributing/committing-changes#changes-files) for more information. - ~[ ] Documented any API changes (docs/Using-Fleet/REST-API.md or docs/Contributing/API-for-contributors.md)~ - ~[ ] Documented any permissions changes~ - ~[ ] Input data is properly validated, `SELECT *` is avoided, SQL injection is prevented (using placeholders for values in statements)~ - ~[ ] Added support on fleet's osquery simulator `cmd/osquery-perf` for new osquery data ingestion features.~ - [X] Added/updated tests - [X] Manual QA for all new/changed functionality - ~For Orbit and Fleet Desktop changes:~ - ~[ ] Manual QA must be performed in the three main OSs, macOS, Windows and Linux.~ - ~[ ] Auto-update manual QA, from released version of component to new version (see [tools/tuf/test](../tools/tuf/test/README.md)).~
2023-02-02 17:46:50 +00:00
"fmt"
fix get hosts command to properly output json/yaml (#1774) * fix get hosts command to properly output json/yaml based on command line flag * add changes file * added tests for get hosts when specifiying host * added additional hosts to be returned in test cases * go fmt
2021-08-31 15:37:03 +00:00
"io/ioutil"
"path/filepath"
Prettify and compare strings instead of structs in fleetctl get tests (#3047) * Prettify and compare strings instead of structs in fleetctl get tests * Prettify JSON testdata * Simplify scanner for multi json
2021-11-22 15:20:09 +00:00
"strings"
Issue 1362 fleetctl user roles (#1397) * WIP * Add get user_roles and apply for a user_roles spec to fleetctl * Uncomment other tests * Update test to check output * Update test with the new struct * Mock token so that it doesn't pick up the one in the local machine * Address review comments * Fix printJSON and printYaml * Fix merge conflict error * If both roles are specified, fail * Fix test * Switch arguments around * Update test with the new rule * Fix other tests that fell through the cracks
2021-07-16 18:28:13 +00:00
"testing"
"time"
Add support for context in datastore/mysql layer (#1962) This is just to pass down the context to the datastore layer, it doesn't use it just yet - this will be in a follow-up PR.
2021-09-14 12:11:07 +00:00
"github.com/ghodss/yaml"
Move specs parsing functionality to a new pkg/spec package (#7050)
2022-08-05 22:07:32 +00:00
"github.com/fleetdm/fleet/v4/pkg/spec"
Issue 1362 fleetctl user roles (#1397) * WIP * Add get user_roles and apply for a user_roles spec to fleetctl * Uncomment other tests * Update test to check output * Update test with the new struct * Mock token so that it doesn't pick up the one in the local machine * Address review comments * Fix printJSON and printYaml * Fix merge conflict error * If both roles are specified, fail * Fix test * Switch arguments around * Update test with the new rule * Fix other tests that fell through the cracks
2021-07-16 18:28:13 +00:00
"github.com/fleetdm/fleet/v4/server/fleet"
"github.com/fleetdm/fleet/v4/server/ptr"
Issue 1361 fleetctl teams (#1405) * WIP * Add get user_roles and apply for a user_roles spec to fleetctl * Uncomment other tests * Update test to check output * Update test with the new struct * Mock token so that it doesn't pick up the one in the local machine * Address review comments * Fix printJSON and printYaml * Fix merge conflict error * WIP * wip * wip * Finish implementation * Address review comments * Fix flaky test
2021-07-19 19:48:49 +00:00
"github.com/fleetdm/fleet/v4/server/service"
Issue 1362 fleetctl user roles (#1397) * WIP * Add get user_roles and apply for a user_roles spec to fleetctl * Uncomment other tests * Update test to check output * Update test with the new struct * Mock token so that it doesn't pick up the one in the local machine * Address review comments * Fix printJSON and printYaml * Fix merge conflict error * If both roles are specified, fail * Fix test * Switch arguments around * Update test with the new rule * Fix other tests that fell through the cracks
2021-07-16 18:28:13 +00:00
"github.com/stretchr/testify/assert"
Issue 1361 fleetctl teams (#1405) * WIP * Add get user_roles and apply for a user_roles spec to fleetctl * Uncomment other tests * Update test to check output * Update test with the new struct * Mock token so that it doesn't pick up the one in the local machine * Address review comments * Fix printJSON and printYaml * Fix merge conflict error * WIP * wip * wip * Finish implementation * Address review comments * Fix flaky test
2021-07-19 19:48:49 +00:00
"github.com/stretchr/testify/require"
Issue 1362 fleetctl user roles (#1397) * WIP * Add get user_roles and apply for a user_roles spec to fleetctl * Uncomment other tests * Update test to check output * Update test with the new struct * Mock token so that it doesn't pick up the one in the local machine * Address review comments * Fix printJSON and printYaml * Fix merge conflict error * If both roles are specified, fail * Fix test * Switch arguments around * Update test with the new rule * Fix other tests that fell through the cracks
2021-07-16 18:28:13 +00:00
)
var userRoleList = []*fleet.User{
Add support for context in datastore/mysql layer (#1962) This is just to pass down the context to the datastore layer, it doesn't use it just yet - this will be in a follow-up PR.
2021-09-14 12:11:07 +00:00
{
Issue 1362 fleetctl user roles (#1397) * WIP * Add get user_roles and apply for a user_roles spec to fleetctl * Uncomment other tests * Update test to check output * Update test with the new struct * Mock token so that it doesn't pick up the one in the local machine * Address review comments * Fix printJSON and printYaml * Fix merge conflict error * If both roles are specified, fail * Fix test * Switch arguments around * Update test with the new rule * Fix other tests that fell through the cracks
2021-07-16 18:28:13 +00:00
UpdateCreateTimestamps: fleet.UpdateCreateTimestamps{
CreateTimestamp: fleet.CreateTimestamp{CreatedAt: time.Now()},
UpdateTimestamp: fleet.UpdateTimestamp{UpdatedAt: time.Now()},
},
ID: 42,
Name: "Test Name admin1@example.com",
Email: "admin1@example.com",
GlobalRole: ptr.String(fleet.RoleAdmin),
},
Add support for context in datastore/mysql layer (#1962) This is just to pass down the context to the datastore layer, it doesn't use it just yet - this will be in a follow-up PR.
2021-09-14 12:11:07 +00:00
{
Issue 1362 fleetctl user roles (#1397) * WIP * Add get user_roles and apply for a user_roles spec to fleetctl * Uncomment other tests * Update test to check output * Update test with the new struct * Mock token so that it doesn't pick up the one in the local machine * Address review comments * Fix printJSON and printYaml * Fix merge conflict error * If both roles are specified, fail * Fix test * Switch arguments around * Update test with the new rule * Fix other tests that fell through the cracks
2021-07-16 18:28:13 +00:00
UpdateCreateTimestamps: fleet.UpdateCreateTimestamps{
CreateTimestamp: fleet.CreateTimestamp{CreatedAt: time.Now()},
UpdateTimestamp: fleet.UpdateTimestamp{UpdatedAt: time.Now()},
},
ID: 23,
Name: "Test Name2 admin2@example.com",
Email: "admin2@example.com",
GlobalRole: nil,
Teams: []fleet.UserTeam{
Add support for context in datastore/mysql layer (#1962) This is just to pass down the context to the datastore layer, it doesn't use it just yet - this will be in a follow-up PR.
2021-09-14 12:11:07 +00:00
{
Issue 1362 fleetctl user roles (#1397) * WIP * Add get user_roles and apply for a user_roles spec to fleetctl * Uncomment other tests * Update test to check output * Update test with the new struct * Mock token so that it doesn't pick up the one in the local machine * Address review comments * Fix printJSON and printYaml * Fix merge conflict error * If both roles are specified, fail * Fix test * Switch arguments around * Update test with the new rule * Fix other tests that fell through the cracks
2021-07-16 18:28:13 +00:00
Team: fleet.Team{
ID: 1,
CreatedAt: time.Now(),
Name: "team1",
UserCount: 1,
HostCount: 1,
},
Role: fleet.RoleMaintainer,
},
},
},
}
func TestGetUserRoles(t *testing.T) {
Refactor integration tests (#1821) * Refactor integration tests * Remove nopCloser and use io.NopCloser * Address review comments
2021-09-15 19:27:53 +00:00
_, ds := runServerWithMockedDS(t)
Issue 1362 fleetctl user roles (#1397) * WIP * Add get user_roles and apply for a user_roles spec to fleetctl * Uncomment other tests * Update test to check output * Update test with the new struct * Mock token so that it doesn't pick up the one in the local machine * Address review comments * Fix printJSON and printYaml * Fix merge conflict error * If both roles are specified, fail * Fix test * Switch arguments around * Update test with the new rule * Fix other tests that fell through the cracks
2021-07-16 18:28:13 +00:00
Add support for context in datastore/mysql layer (#1962) This is just to pass down the context to the datastore layer, it doesn't use it just yet - this will be in a follow-up PR.
2021-09-14 12:11:07 +00:00
ds.ListUsersFunc = func(ctx context.Context, opt fleet.UserListOptions) ([]*fleet.User, error) {
Issue 1362 fleetctl user roles (#1397) * WIP * Add get user_roles and apply for a user_roles spec to fleetctl * Uncomment other tests * Update test to check output * Update test with the new struct * Mock token so that it doesn't pick up the one in the local machine * Address review comments * Fix printJSON and printYaml * Fix merge conflict error * If both roles are specified, fail * Fix test * Switch arguments around * Update test with the new rule * Fix other tests that fell through the cracks
2021-07-16 18:28:13 +00:00
return userRoleList, nil
}
expectedText := `+-------------------------------+-------------+
| USER | GLOBAL ROLE |
+-------------------------------+-------------+
| Test Name admin1@example.com | admin |
+-------------------------------+-------------+
| Test Name2 admin2@example.com | |
+-------------------------------+-------------+
`
expectedYaml := `---
apiVersion: v1
kind: user_roles
spec:
roles:
admin1@example.com:
global_role: admin
teams: null
admin2@example.com:
global_role: null
teams:
- role: maintainer
team: team1
`
expectedJson := `{"kind":"user_roles","apiVersion":"v1","spec":{"roles":{"admin1@example.com":{"global_role":"admin","teams":null},"admin2@example.com":{"global_role":null,"teams":[{"team":"team1","role":"maintainer"}]}}}}
`
assert.Equal(t, expectedText, runAppForTest(t, []string{"get", "user_roles"}))
Add team failing policies webhook (#4633) * add config to teams * update api docs * update tests
2022-03-21 19:16:47 +00:00
assert.YAMLEq(t, expectedYaml, runAppForTest(t, []string{"get", "user_roles", "--yaml"}))
assert.JSONEq(t, expectedJson, runAppForTest(t, []string{"get", "user_roles", "--json"}))
Issue 1362 fleetctl user roles (#1397) * WIP * Add get user_roles and apply for a user_roles spec to fleetctl * Uncomment other tests * Update test to check output * Update test with the new struct * Mock token so that it doesn't pick up the one in the local machine * Address review comments * Fix printJSON and printYaml * Fix merge conflict error * If both roles are specified, fail * Fix test * Switch arguments around * Update test with the new rule * Fix other tests that fell through the cracks
2021-07-16 18:28:13 +00:00
}
Issue 1361 fleetctl teams (#1405) * WIP * Add get user_roles and apply for a user_roles spec to fleetctl * Uncomment other tests * Update test to check output * Update test with the new struct * Mock token so that it doesn't pick up the one in the local machine * Address review comments * Fix printJSON and printYaml * Fix merge conflict error * WIP * wip * wip * Finish implementation * Address review comments * Fix flaky test
2021-07-19 19:48:49 +00:00
func TestGetTeams(t *testing.T) {
Amend policy creation and spec (for proprietary query), and add update APIs (#2890) * Amend policy creation (proprietary query), add update APIs * Fix Datastore.SavePolicy bug (and add tests) * Add integration tests for new policy APIs * Add author email * Add activities * Push breaking changes for return policy fields * WIP * Add integration test for host policies * Make more improvements to policy representation * Improve upgrade code (from PR review comments) * PR changes * Revert activities for policies * Use *uint instead of uint for queryID, use fleet.PolicyPayload * Filter out other schemas * New policy flow (#2922) * created new policy flow -- no API connection * added api props * fixed prop name * lint fixes * removed unused modal; fixed style * name, desc icons; created global components * lint fixes * ignoring certain files and lines for prettier * Update frontend/pages/policies/PolicyPage/PolicyPage.tsx * Make policy names unique across deployment * Amend upgrade script * Fix migration for unique names * Do not deduplicate but instead rename policies Co-authored-by: Martavis Parker <47053705+martavis@users.noreply.github.com>
2021-11-24 17:16:42 +00:00
var expiredBanner strings.Builder
fleet.WriteExpiredLicenseBanner(&expiredBanner)
require.Contains(t, expiredBanner.String(), "Your license for Fleet Premium is about to expire")
Issue 1600 fleetctl license expiration (#1800) * Show banner in fleet and fleetctl if license expired * Ignore if license is nil or tier is core * Address review comments
2021-08-26 13:28:53 +00:00
testCases := []struct {
name string
license *fleet.LicenseInfo
shouldHaveExpiredBanner bool
}{
{
"not expired license",
Rename core->free and basic->premium (#1870) * Rename core->free and basic->premium * Fix lint js * Comment out portion of test that seems to timeout * Rename tier to premium if basic is still loaded
2021-09-03 16:05:23 +00:00
&fleet.LicenseInfo{Tier: fleet.TierPremium, Expiration: time.Now().Add(24 * time.Hour)},
Issue 1600 fleetctl license expiration (#1800) * Show banner in fleet and fleetctl if license expired * Ignore if license is nil or tier is core * Address review comments
2021-08-26 13:28:53 +00:00
false,
},
{
"expired license",
Rename core->free and basic->premium (#1870) * Rename core->free and basic->premium * Fix lint js * Comment out portion of test that seems to timeout * Rename tier to premium if basic is still loaded
2021-09-03 16:05:23 +00:00
&fleet.LicenseInfo{Tier: fleet.TierPremium, Expiration: time.Now().Add(-24 * time.Hour)},
Issue 1600 fleetctl license expiration (#1800) * Show banner in fleet and fleetctl if license expired * Ignore if license is nil or tier is core * Address review comments
2021-08-26 13:28:53 +00:00
true,
},
Issue 1361 fleetctl teams (#1405) * WIP * Add get user_roles and apply for a user_roles spec to fleetctl * Uncomment other tests * Update test to check output * Update test with the new struct * Mock token so that it doesn't pick up the one in the local machine * Address review comments * Fix printJSON and printYaml * Fix merge conflict error * WIP * wip * wip * Finish implementation * Address review comments * Fix flaky test
2021-07-19 19:48:49 +00:00
}
Issue 1600 fleetctl license expiration (#1800) * Show banner in fleet and fleetctl if license expired * Ignore if license is nil or tier is core * Address review comments
2021-08-26 13:28:53 +00:00
for _, tt := range testCases {
t.Run(tt.name, func(t *testing.T) {
license := tt.license
Support async saving of hosts' last seen time (#5640)
2022-05-10 15:29:17 +00:00
_, ds := runServerWithMockedDS(t, &service.TestServerOpts{License: license})
Issue 1600 fleetctl license expiration (#1800) * Show banner in fleet and fleetctl if license expired * Ignore if license is nil or tier is core * Address review comments
2021-08-26 13:28:53 +00:00
agentOpts := json.RawMessage(`{"config":{"foo":"bar"},"overrides":{"platforms":{"darwin":{"foo":"override"}}}}`)
enable controlled rollout of features by teams (#7408)
2022-08-30 11:13:09 +00:00
additionalQueries := json.RawMessage(`{"foo":"bar"}`)
Add support for context in datastore/mysql layer (#1962) This is just to pass down the context to the datastore layer, it doesn't use it just yet - this will be in a follow-up PR.
2021-09-14 12:11:07 +00:00
ds.ListTeamsFunc = func(ctx context.Context, filter fleet.TeamFilter, opt fleet.ListOptions) ([]*fleet.Team, error) {
Issue 1600 fleetctl license expiration (#1800) * Show banner in fleet and fleetctl if license expired * Ignore if license is nil or tier is core * Address review comments
2021-08-26 13:28:53 +00:00
created_at, err := time.Parse(time.RFC3339, "1999-03-10T02:45:06.371Z")
require.NoError(t, err)
return []*fleet.Team{
{
ID: 42,
CreatedAt: created_at,
Name: "team1",
Description: "team1 description",
UserCount: 99,
Make `fleetctl get teams --yaml` output compatible with `fleetctl apply -f` (#9626) #9535 - [X] Changes file added for user-visible changes in `changes/` or `orbit/changes/`. See [Changes files](https://fleetdm.com/docs/contributing/committing-changes#changes-files) for more information. - ~[ ] Documented any API changes (docs/Using-Fleet/REST-API.md or docs/Contributing/API-for-contributors.md)~ - ~[ ] Documented any permissions changes~ - ~[ ] Input data is properly validated, `SELECT *` is avoided, SQL injection is prevented (using placeholders for values in statements)~ - ~[ ] Added support on fleet's osquery simulator `cmd/osquery-perf` for new osquery data ingestion features.~ - [X] Added/updated tests - [X] Manual QA for all new/changed functionality - ~For Orbit and Fleet Desktop changes:~ - ~[ ] Manual QA must be performed in the three main OSs, macOS, Windows and Linux.~ - ~[ ] Auto-update manual QA, from released version of component to new version (see [tools/tuf/test](../tools/tuf/test/README.md)).~
2023-02-02 17:46:50 +00:00
HostCount: 42,
enable controlled rollout of features by teams (#7408)
2022-08-30 11:13:09 +00:00
Config: fleet.TeamConfig{
Features: fleet.Features{
EnableHostUsers: true,
EnableSoftwareInventory: true,
},
},
Issue 1600 fleetctl license expiration (#1800) * Show banner in fleet and fleetctl if license expired * Ignore if license is nil or tier is core * Address review comments
2021-08-26 13:28:53 +00:00
},
{
Add team failing policies webhook (#4633) * add config to teams * update api docs * update tests
2022-03-21 19:16:47 +00:00
ID: 43,
CreatedAt: created_at,
Name: "team2",
Description: "team2 description",
UserCount: 87,
Make `fleetctl get teams --yaml` output compatible with `fleetctl apply -f` (#9626) #9535 - [X] Changes file added for user-visible changes in `changes/` or `orbit/changes/`. See [Changes files](https://fleetdm.com/docs/contributing/committing-changes#changes-files) for more information. - ~[ ] Documented any API changes (docs/Using-Fleet/REST-API.md or docs/Contributing/API-for-contributors.md)~ - ~[ ] Documented any permissions changes~ - ~[ ] Input data is properly validated, `SELECT *` is avoided, SQL injection is prevented (using placeholders for values in statements)~ - ~[ ] Added support on fleet's osquery simulator `cmd/osquery-perf` for new osquery data ingestion features.~ - [X] Added/updated tests - [X] Manual QA for all new/changed functionality - ~For Orbit and Fleet Desktop changes:~ - ~[ ] Manual QA must be performed in the three main OSs, macOS, Windows and Linux.~ - ~[ ] Auto-update manual QA, from released version of component to new version (see [tools/tuf/test](../tools/tuf/test/README.md)).~
2023-02-02 17:46:50 +00:00
HostCount: 43,
Add team failing policies webhook (#4633) * add config to teams * update api docs * update tests
2022-03-21 19:16:47 +00:00
Config: fleet.TeamConfig{
AgentOptions: &agentOpts,
enable controlled rollout of features by teams (#7408)
2022-08-30 11:13:09 +00:00
Features: fleet.Features{
AdditionalQueries: &additionalQueries,
},
add mdm root key and macos_updates to app and team configs (#9442) Related to https://github.com/fleetdm/fleet/issues/9345, https://github.com/fleetdm/fleet/issues/9358 and https://github.com/fleetdm/fleet/issues/9346 this adds: 1. The ability to configure `mdm.macos_updates` via `PATCH /config` and `PATCH /teams/{id}` 3. The ability to configure `mdm.macos_updates` by using `fleetctl apply -f` for teams and global config.
2023-01-24 16:20:02 +00:00
MDM: fleet.TeamMDM{
MacOSUpdates: fleet.MacOSUpdates{
MinimumVersion: "12.3.1",
Deadline: "2021-12-14",
},
},
Add team failing policies webhook (#4633) * add config to teams * update api docs * update tests
2022-03-21 19:16:47 +00:00
},
Issue 1600 fleetctl license expiration (#1800) * Show banner in fleet and fleetctl if license expired * Ignore if license is nil or tier is core * Address review comments
2021-08-26 13:28:53 +00:00
},
}, nil
}
Make `fleetctl get teams --yaml` output compatible with `fleetctl apply -f` (#9626) #9535 - [X] Changes file added for user-visible changes in `changes/` or `orbit/changes/`. See [Changes files](https://fleetdm.com/docs/contributing/committing-changes#changes-files) for more information. - ~[ ] Documented any API changes (docs/Using-Fleet/REST-API.md or docs/Contributing/API-for-contributors.md)~ - ~[ ] Documented any permissions changes~ - ~[ ] Input data is properly validated, `SELECT *` is avoided, SQL injection is prevented (using placeholders for values in statements)~ - ~[ ] Added support on fleet's osquery simulator `cmd/osquery-perf` for new osquery data ingestion features.~ - [X] Added/updated tests - [X] Manual QA for all new/changed functionality - ~For Orbit and Fleet Desktop changes:~ - ~[ ] Manual QA must be performed in the three main OSs, macOS, Windows and Linux.~ - ~[ ] Auto-update manual QA, from released version of component to new version (see [tools/tuf/test](../tools/tuf/test/README.md)).~
2023-02-02 17:46:50 +00:00
expectedText := `+-----------+------------+------------+
| TEAM NAME | HOST COUNT | USER COUNT |
+-----------+------------+------------+
| team1 | 42 | 99 |
+-----------+------------+------------+
| team2 | 43 | 87 |
+-----------+------------+------------+
Issue 1361 fleetctl teams (#1405) * WIP * Add get user_roles and apply for a user_roles spec to fleetctl * Uncomment other tests * Update test to check output * Update test with the new struct * Mock token so that it doesn't pick up the one in the local machine * Address review comments * Fix printJSON and printYaml * Fix merge conflict error * WIP * wip * wip * Finish implementation * Address review comments * Fix flaky test
2021-07-19 19:48:49 +00:00
`
Issue 1600 fleetctl license expiration (#1800) * Show banner in fleet and fleetctl if license expired * Ignore if license is nil or tier is core * Address review comments
2021-08-26 13:28:53 +00:00
expectedYaml := `---
Issue 1361 fleetctl teams (#1405) * WIP * Add get user_roles and apply for a user_roles spec to fleetctl * Uncomment other tests * Update test to check output * Update test with the new struct * Mock token so that it doesn't pick up the one in the local machine * Address review comments * Fix printJSON and printYaml * Fix merge conflict error * WIP * wip * wip * Finish implementation * Address review comments * Fix flaky test
2021-07-19 19:48:49 +00:00
apiVersion: v1
kind: team
spec:
team:
enable controlled rollout of features by teams (#7408)
2022-08-30 11:13:09 +00:00
features:
enable_host_users: true
enable_software_inventory: true
add mdm root key and macos_updates to app and team configs (#9442) Related to https://github.com/fleetdm/fleet/issues/9345, https://github.com/fleetdm/fleet/issues/9358 and https://github.com/fleetdm/fleet/issues/9346 this adds: 1. The ability to configure `mdm.macos_updates` via `PATCH /config` and `PATCH /teams/{id}` 3. The ability to configure `mdm.macos_updates` by using `fleetctl apply -f` for teams and global config.
2023-01-24 16:20:02 +00:00
mdm:
macos_updates:
minimum_version: ""
deadline: ""
Issue 1361 fleetctl teams (#1405) * WIP * Add get user_roles and apply for a user_roles spec to fleetctl * Uncomment other tests * Update test to check output * Update test with the new struct * Mock token so that it doesn't pick up the one in the local machine * Address review comments * Fix printJSON and printYaml * Fix merge conflict error * WIP * wip * wip * Finish implementation * Address review comments * Fix flaky test
2021-07-19 19:48:49 +00:00
name: team1
---
apiVersion: v1
kind: team
spec:
team:
agent_options:
config:
foo: bar
overrides:
platforms:
darwin:
foo: override
enable controlled rollout of features by teams (#7408)
2022-08-30 11:13:09 +00:00
features:
additional_queries:
foo: bar
enable_host_users: false
enable_software_inventory: false
add mdm root key and macos_updates to app and team configs (#9442) Related to https://github.com/fleetdm/fleet/issues/9345, https://github.com/fleetdm/fleet/issues/9358 and https://github.com/fleetdm/fleet/issues/9346 this adds: 1. The ability to configure `mdm.macos_updates` via `PATCH /config` and `PATCH /teams/{id}` 3. The ability to configure `mdm.macos_updates` by using `fleetctl apply -f` for teams and global config.
2023-01-24 16:20:02 +00:00
mdm:
macos_updates:
minimum_version: "12.3.1"
deadline: "2021-12-14"
Issue 1361 fleetctl teams (#1405) * WIP * Add get user_roles and apply for a user_roles spec to fleetctl * Uncomment other tests * Update test to check output * Update test with the new struct * Mock token so that it doesn't pick up the one in the local machine * Address review comments * Fix printJSON and printYaml * Fix merge conflict error * WIP * wip * wip * Finish implementation * Address review comments * Fix flaky test
2021-07-19 19:48:49 +00:00
name: team2
`
Make `fleetctl get teams --yaml` output compatible with `fleetctl apply -f` (#9626) #9535 - [X] Changes file added for user-visible changes in `changes/` or `orbit/changes/`. See [Changes files](https://fleetdm.com/docs/contributing/committing-changes#changes-files) for more information. - ~[ ] Documented any API changes (docs/Using-Fleet/REST-API.md or docs/Contributing/API-for-contributors.md)~ - ~[ ] Documented any permissions changes~ - ~[ ] Input data is properly validated, `SELECT *` is avoided, SQL injection is prevented (using placeholders for values in statements)~ - ~[ ] Added support on fleet's osquery simulator `cmd/osquery-perf` for new osquery data ingestion features.~ - [X] Added/updated tests - [X] Manual QA for all new/changed functionality - ~For Orbit and Fleet Desktop changes:~ - ~[ ] Manual QA must be performed in the three main OSs, macOS, Windows and Linux.~ - ~[ ] Auto-update manual QA, from released version of component to new version (see [tools/tuf/test](../tools/tuf/test/README.md)).~
2023-02-02 17:46:50 +00:00
expectedJson := `{"kind":"team","apiVersion":"v1","spec":{"team":{"id":42,"created_at":"1999-03-10T02:45:06.371Z","name":"team1","description":"team1 description","webhook_settings":{"failing_policies_webhook":{"enable_failing_policies_webhook":false,"destination_url":"","policy_ids":null,"host_batch_size":0}},"integrations":{"jira":null,"zendesk":null},"features":{"enable_host_users":true,"enable_software_inventory":true},"mdm":{"macos_updates":{"minimum_version":"","deadline":""}},"user_count":99,"host_count":42}}}
{"kind":"team","apiVersion":"v1","spec":{"team":{"id":43,"created_at":"1999-03-10T02:45:06.371Z","name":"team2","description":"team2 description","agent_options":{"config":{"foo":"bar"},"overrides":{"platforms":{"darwin":{"foo":"override"}}}},"webhook_settings":{"failing_policies_webhook":{"enable_failing_policies_webhook":false,"destination_url":"","policy_ids":null,"host_batch_size":0}},"integrations":{"jira":null,"zendesk":null},"features":{"enable_host_users":false,"enable_software_inventory":false,"additional_queries":{"foo":"bar"}},"mdm":{"macos_updates":{"minimum_version":"12.3.1","deadline":"2021-12-14"}},"user_count":87,"host_count":43}}}
Issue 1361 fleetctl teams (#1405) * WIP * Add get user_roles and apply for a user_roles spec to fleetctl * Uncomment other tests * Update test to check output * Update test with the new struct * Mock token so that it doesn't pick up the one in the local machine * Address review comments * Fix printJSON and printYaml * Fix merge conflict error * WIP * wip * wip * Finish implementation * Address review comments * Fix flaky test
2021-07-19 19:48:49 +00:00
`
Make `fleetctl get teams --yaml` output compatible with `fleetctl apply -f` (#9626) #9535 - [X] Changes file added for user-visible changes in `changes/` or `orbit/changes/`. See [Changes files](https://fleetdm.com/docs/contributing/committing-changes#changes-files) for more information. - ~[ ] Documented any API changes (docs/Using-Fleet/REST-API.md or docs/Contributing/API-for-contributors.md)~ - ~[ ] Documented any permissions changes~ - ~[ ] Input data is properly validated, `SELECT *` is avoided, SQL injection is prevented (using placeholders for values in statements)~ - ~[ ] Added support on fleet's osquery simulator `cmd/osquery-perf` for new osquery data ingestion features.~ - [X] Added/updated tests - [X] Manual QA for all new/changed functionality - ~For Orbit and Fleet Desktop changes:~ - ~[ ] Manual QA must be performed in the three main OSs, macOS, Windows and Linux.~ - ~[ ] Auto-update manual QA, from released version of component to new version (see [tools/tuf/test](../tools/tuf/test/README.md)).~
2023-02-02 17:46:50 +00:00
Issue 1600 fleetctl license expiration (#1800) * Show banner in fleet and fleetctl if license expired * Ignore if license is nil or tier is core * Address review comments
2021-08-26 13:28:53 +00:00
if tt.shouldHaveExpiredBanner {
Amend policy creation and spec (for proprietary query), and add update APIs (#2890) * Amend policy creation (proprietary query), add update APIs * Fix Datastore.SavePolicy bug (and add tests) * Add integration tests for new policy APIs * Add author email * Add activities * Push breaking changes for return policy fields * WIP * Add integration test for host policies * Make more improvements to policy representation * Improve upgrade code (from PR review comments) * PR changes * Revert activities for policies * Use *uint instead of uint for queryID, use fleet.PolicyPayload * Filter out other schemas * New policy flow (#2922) * created new policy flow -- no API connection * added api props * fixed prop name * lint fixes * removed unused modal; fixed style * name, desc icons; created global components * lint fixes * ignoring certain files and lines for prettier * Update frontend/pages/policies/PolicyPage/PolicyPage.tsx * Make policy names unique across deployment * Amend upgrade script * Fix migration for unique names * Do not deduplicate but instead rename policies Co-authored-by: Martavis Parker <47053705+martavis@users.noreply.github.com>
2021-11-24 17:16:42 +00:00
expectedJson = expiredBanner.String() + expectedJson
expectedText = expiredBanner.String() + expectedText
Issue 1600 fleetctl license expiration (#1800) * Show banner in fleet and fleetctl if license expired * Ignore if license is nil or tier is core * Address review comments
2021-08-26 13:28:53 +00:00
}
Issue 1361 fleetctl teams (#1405) * WIP * Add get user_roles and apply for a user_roles spec to fleetctl * Uncomment other tests * Update test to check output * Update test with the new struct * Mock token so that it doesn't pick up the one in the local machine * Address review comments * Fix printJSON and printYaml * Fix merge conflict error * WIP * wip * wip * Finish implementation * Address review comments * Fix flaky test
2021-07-19 19:48:49 +00:00
Make `fleetctl get teams --yaml` output compatible with `fleetctl apply -f` (#9626) #9535 - [X] Changes file added for user-visible changes in `changes/` or `orbit/changes/`. See [Changes files](https://fleetdm.com/docs/contributing/committing-changes#changes-files) for more information. - ~[ ] Documented any API changes (docs/Using-Fleet/REST-API.md or docs/Contributing/API-for-contributors.md)~ - ~[ ] Documented any permissions changes~ - ~[ ] Input data is properly validated, `SELECT *` is avoided, SQL injection is prevented (using placeholders for values in statements)~ - ~[ ] Added support on fleet's osquery simulator `cmd/osquery-perf` for new osquery data ingestion features.~ - [X] Added/updated tests - [X] Manual QA for all new/changed functionality - ~For Orbit and Fleet Desktop changes:~ - ~[ ] Manual QA must be performed in the three main OSs, macOS, Windows and Linux.~ - ~[ ] Auto-update manual QA, from released version of component to new version (see [tools/tuf/test](../tools/tuf/test/README.md)).~
2023-02-02 17:46:50 +00:00
assert.Equal(t, expectedText, runAppForTest(t, []string{"get", "teams"}))
Issue 1600 fleetctl license expiration (#1800) * Show banner in fleet and fleetctl if license expired * Ignore if license is nil or tier is core * Address review comments
2021-08-26 13:28:53 +00:00
assert.Equal(t, expectedJson, runAppForTest(t, []string{"get", "teams", "--json"}))
Make `fleetctl get teams --yaml` output compatible with `fleetctl apply -f` (#9626) #9535 - [X] Changes file added for user-visible changes in `changes/` or `orbit/changes/`. See [Changes files](https://fleetdm.com/docs/contributing/committing-changes#changes-files) for more information. - ~[ ] Documented any API changes (docs/Using-Fleet/REST-API.md or docs/Contributing/API-for-contributors.md)~ - ~[ ] Documented any permissions changes~ - ~[ ] Input data is properly validated, `SELECT *` is avoided, SQL injection is prevented (using placeholders for values in statements)~ - ~[ ] Added support on fleet's osquery simulator `cmd/osquery-perf` for new osquery data ingestion features.~ - [X] Added/updated tests - [X] Manual QA for all new/changed functionality - ~For Orbit and Fleet Desktop changes:~ - ~[ ] Manual QA must be performed in the three main OSs, macOS, Windows and Linux.~ - ~[ ] Auto-update manual QA, from released version of component to new version (see [tools/tuf/test](../tools/tuf/test/README.md)).~
2023-02-02 17:46:50 +00:00
actualYaml := runAppForTest(t, []string{"get", "teams", "--yaml"})
if tt.shouldHaveExpiredBanner {
require.True(t, strings.HasPrefix(actualYaml, expiredBanner.String()))
actualYaml = strings.TrimPrefix(actualYaml, expiredBanner.String())
}
assert.YAMLEq(t, expectedYaml, actualYaml)
Issue 1600 fleetctl license expiration (#1800) * Show banner in fleet and fleetctl if license expired * Ignore if license is nil or tier is core * Address review comments
2021-08-26 13:28:53 +00:00
})
}
Issue 1361 fleetctl teams (#1405) * WIP * Add get user_roles and apply for a user_roles spec to fleetctl * Uncomment other tests * Update test to check output * Update test with the new struct * Mock token so that it doesn't pick up the one in the local machine * Address review comments * Fix printJSON and printYaml * Fix merge conflict error * WIP * wip * wip * Finish implementation * Address review comments * Fix flaky test
2021-07-19 19:48:49 +00:00
}
update printHost to serialize HostResponse rather than just Host (#1440) * update printHost to serialize HostResponse rather than just Host * added change log file * Update changes/issue-1373-add-status-to-fleetctl-get-command Co-authored-by: Tomas Touceda <chiiph@gmail.com>
2021-07-23 14:48:40 +00:00
Add get team by name to fleetctl (#4202)
2022-02-15 18:48:09 +00:00
func TestGetTeamsByName(t *testing.T) {
Support async saving of hosts' last seen time (#5640)
2022-05-10 15:29:17 +00:00
_, ds := runServerWithMockedDS(t, &service.TestServerOpts{License: &fleet.LicenseInfo{Tier: fleet.TierPremium, Expiration: time.Now().Add(24 * time.Hour)}})
Add get team by name to fleetctl (#4202)
2022-02-15 18:48:09 +00:00
ds.ListTeamsFunc = func(ctx context.Context, filter fleet.TeamFilter, opt fleet.ListOptions) ([]*fleet.Team, error) {
require.Equal(t, "test1", opt.MatchQuery)
created_at, err := time.Parse(time.RFC3339, "1999-03-10T02:45:06.371Z")
require.NoError(t, err)
return []*fleet.Team{
{
ID: 42,
CreatedAt: created_at,
Name: "team1",
Description: "team1 description",
UserCount: 99,
Make `fleetctl get teams --yaml` output compatible with `fleetctl apply -f` (#9626) #9535 - [X] Changes file added for user-visible changes in `changes/` or `orbit/changes/`. See [Changes files](https://fleetdm.com/docs/contributing/committing-changes#changes-files) for more information. - ~[ ] Documented any API changes (docs/Using-Fleet/REST-API.md or docs/Contributing/API-for-contributors.md)~ - ~[ ] Documented any permissions changes~ - ~[ ] Input data is properly validated, `SELECT *` is avoided, SQL injection is prevented (using placeholders for values in statements)~ - ~[ ] Added support on fleet's osquery simulator `cmd/osquery-perf` for new osquery data ingestion features.~ - [X] Added/updated tests - [X] Manual QA for all new/changed functionality - ~For Orbit and Fleet Desktop changes:~ - ~[ ] Manual QA must be performed in the three main OSs, macOS, Windows and Linux.~ - ~[ ] Auto-update manual QA, from released version of component to new version (see [tools/tuf/test](../tools/tuf/test/README.md)).~
2023-02-02 17:46:50 +00:00
HostCount: 43,
Add get team by name to fleetctl (#4202)
2022-02-15 18:48:09 +00:00
},
}, nil
}
Make `fleetctl get teams --yaml` output compatible with `fleetctl apply -f` (#9626) #9535 - [X] Changes file added for user-visible changes in `changes/` or `orbit/changes/`. See [Changes files](https://fleetdm.com/docs/contributing/committing-changes#changes-files) for more information. - ~[ ] Documented any API changes (docs/Using-Fleet/REST-API.md or docs/Contributing/API-for-contributors.md)~ - ~[ ] Documented any permissions changes~ - ~[ ] Input data is properly validated, `SELECT *` is avoided, SQL injection is prevented (using placeholders for values in statements)~ - ~[ ] Added support on fleet's osquery simulator `cmd/osquery-perf` for new osquery data ingestion features.~ - [X] Added/updated tests - [X] Manual QA for all new/changed functionality - ~For Orbit and Fleet Desktop changes:~ - ~[ ] Manual QA must be performed in the three main OSs, macOS, Windows and Linux.~ - ~[ ] Auto-update manual QA, from released version of component to new version (see [tools/tuf/test](../tools/tuf/test/README.md)).~
2023-02-02 17:46:50 +00:00
expectedText := `+-----------+------------+------------+
| TEAM NAME | HOST COUNT | USER COUNT |
+-----------+------------+------------+
| team1 | 43 | 99 |
+-----------+------------+------------+
Add get team by name to fleetctl (#4202)
2022-02-15 18:48:09 +00:00
`
assert.Equal(t, expectedText, runAppForTest(t, []string{"get", "teams", "--name", "test1"}))
}
update printHost to serialize HostResponse rather than just Host (#1440) * update printHost to serialize HostResponse rather than just Host * added change log file * Update changes/issue-1373-add-status-to-fleetctl-get-command Co-authored-by: Tomas Touceda <chiiph@gmail.com>
2021-07-23 14:48:40 +00:00
func TestGetHosts(t *testing.T) {
Refactor integration tests (#1821) * Refactor integration tests * Remove nopCloser and use io.NopCloser * Address review comments
2021-09-15 19:27:53 +00:00
_, ds := runServerWithMockedDS(t)
update printHost to serialize HostResponse rather than just Host (#1440) * update printHost to serialize HostResponse rather than just Host * added change log file * Update changes/issue-1373-add-status-to-fleetctl-get-command Co-authored-by: Tomas Touceda <chiiph@gmail.com>
2021-07-23 14:48:40 +00:00
fix get hosts command to properly output json/yaml (#1774) * fix get hosts command to properly output json/yaml based on command line flag * add changes file * added tests for get hosts when specifiying host * added additional hosts to be returned in test cases * go fmt
2021-08-31 15:37:03 +00:00
// this func is called when no host is specified i.e. `fleetctl get hosts --json`
Add support for context in datastore/mysql layer (#1962) This is just to pass down the context to the datastore layer, it doesn't use it just yet - this will be in a follow-up PR.
2021-09-14 12:11:07 +00:00
ds.ListHostsFunc = func(ctx context.Context, filter fleet.TeamFilter, opt fleet.HostListOptions) ([]*fleet.Host, error) {
Expose additional queries in fleetctl get hosts (#2349)
2021-10-04 18:18:02 +00:00
additional := json.RawMessage(`{"query1": [{"col1": "val", "col2": 42}]}`)
update printHost to serialize HostResponse rather than just Host (#1440) * update printHost to serialize HostResponse rather than just Host * added change log file * Update changes/issue-1373-add-status-to-fleetctl-get-command Co-authored-by: Tomas Touceda <chiiph@gmail.com>
2021-07-23 14:48:40 +00:00
hosts := []*fleet.Host{
{
UpdateCreateTimestamps: fleet.UpdateCreateTimestamps{
CreateTimestamp: fleet.CreateTimestamp{CreatedAt: time.Time{}},
UpdateTimestamp: fleet.UpdateTimestamp{UpdatedAt: time.Time{}},
},
HostSoftware: fleet.HostSoftware{},
DetailUpdatedAt: time.Time{},
LabelUpdatedAt: time.Time{},
LastEnrolledAt: time.Time{},
SeenTime: time.Time{},
ComputerName: "test_host",
Hostname: "test_host",
Expose additional queries in fleetctl get hosts (#2349)
2021-10-04 18:18:02 +00:00
Additional: &additional,
update printHost to serialize HostResponse rather than just Host (#1440) * update printHost to serialize HostResponse rather than just Host * added change log file * Update changes/issue-1373-add-status-to-fleetctl-get-command Co-authored-by: Tomas Touceda <chiiph@gmail.com>
2021-07-23 14:48:40 +00:00
},
fix get hosts command to properly output json/yaml (#1774) * fix get hosts command to properly output json/yaml based on command line flag * add changes file * added tests for get hosts when specifiying host * added additional hosts to be returned in test cases * go fmt
2021-08-31 15:37:03 +00:00
{
UpdateCreateTimestamps: fleet.UpdateCreateTimestamps{
CreateTimestamp: fleet.CreateTimestamp{CreatedAt: time.Time{}},
UpdateTimestamp: fleet.UpdateTimestamp{UpdatedAt: time.Time{}},
},
HostSoftware: fleet.HostSoftware{},
DetailUpdatedAt: time.Time{},
LabelUpdatedAt: time.Time{},
LastEnrolledAt: time.Time{},
SeenTime: time.Time{},
ComputerName: "test_host2",
Hostname: "test_host2",
},
update printHost to serialize HostResponse rather than just Host (#1440) * update printHost to serialize HostResponse rather than just Host * added change log file * Update changes/issue-1373-add-status-to-fleetctl-get-command Co-authored-by: Tomas Touceda <chiiph@gmail.com>
2021-07-23 14:48:40 +00:00
}
return hosts, nil
}
fix get hosts command to properly output json/yaml (#1774) * fix get hosts command to properly output json/yaml based on command line flag * add changes file * added tests for get hosts when specifiying host * added additional hosts to be returned in test cases * go fmt
2021-08-31 15:37:03 +00:00
// these are run when host is specified `fleetctl get hosts --json test_host`
Add support for context in datastore/mysql layer (#1962) This is just to pass down the context to the datastore layer, it doesn't use it just yet - this will be in a follow-up PR.
2021-09-14 12:11:07 +00:00
ds.HostByIdentifierFunc = func(ctx context.Context, identifier string) (*fleet.Host, error) {
fix get hosts command to properly output json/yaml (#1774) * fix get hosts command to properly output json/yaml based on command line flag * add changes file * added tests for get hosts when specifiying host * added additional hosts to be returned in test cases * go fmt
2021-08-31 15:37:03 +00:00
require.NotEmpty(t, identifier)
return &fleet.Host{
UpdateCreateTimestamps: fleet.UpdateCreateTimestamps{
CreateTimestamp: fleet.CreateTimestamp{CreatedAt: time.Time{}},
UpdateTimestamp: fleet.UpdateTimestamp{UpdatedAt: time.Time{}},
},
HostSoftware: fleet.HostSoftware{},
DetailUpdatedAt: time.Time{},
LabelUpdatedAt: time.Time{},
LastEnrolledAt: time.Time{},
SeenTime: time.Time{},
ComputerName: "test_host",
Amend policy creation and spec (for proprietary query), and add update APIs (#2890) * Amend policy creation (proprietary query), add update APIs * Fix Datastore.SavePolicy bug (and add tests) * Add integration tests for new policy APIs * Add author email * Add activities * Push breaking changes for return policy fields * WIP * Add integration test for host policies * Make more improvements to policy representation * Improve upgrade code (from PR review comments) * PR changes * Revert activities for policies * Use *uint instead of uint for queryID, use fleet.PolicyPayload * Filter out other schemas * New policy flow (#2922) * created new policy flow -- no API connection * added api props * fixed prop name * lint fixes * removed unused modal; fixed style * name, desc icons; created global components * lint fixes * ignoring certain files and lines for prettier * Update frontend/pages/policies/PolicyPage/PolicyPage.tsx * Make policy names unique across deployment * Amend upgrade script * Fix migration for unique names * Do not deduplicate but instead rename policies Co-authored-by: Martavis Parker <47053705+martavis@users.noreply.github.com>
2021-11-24 17:16:42 +00:00
Hostname: "test_host",
}, nil
fix get hosts command to properly output json/yaml (#1774) * fix get hosts command to properly output json/yaml based on command line flag * add changes file * added tests for get hosts when specifiying host * added additional hosts to be returned in test cases * go fmt
2021-08-31 15:37:03 +00:00
}
update printHost to serialize HostResponse rather than just Host (#1440) * update printHost to serialize HostResponse rather than just Host * added change log file * Update changes/issue-1373-add-status-to-fleetctl-get-command Co-authored-by: Tomas Touceda <chiiph@gmail.com>
2021-07-23 14:48:40 +00:00
Sync CVE scores periodically (#5838)
2022-06-01 16:06:57 +00:00
ds.LoadHostSoftwareFunc = func(ctx context.Context, host *fleet.Host, includeCVEScores bool) error {
fix get hosts command to properly output json/yaml (#1774) * fix get hosts command to properly output json/yaml based on command line flag * add changes file * added tests for get hosts when specifiying host * added additional hosts to be returned in test cases * go fmt
2021-08-31 15:37:03 +00:00
return nil
}
Add support for context in datastore/mysql layer (#1962) This is just to pass down the context to the datastore layer, it doesn't use it just yet - this will be in a follow-up PR.
2021-09-14 12:11:07 +00:00
ds.ListLabelsForHostFunc = func(ctx context.Context, hid uint) ([]*fleet.Label, error) {
fix get hosts command to properly output json/yaml (#1774) * fix get hosts command to properly output json/yaml based on command line flag * add changes file * added tests for get hosts when specifiying host * added additional hosts to be returned in test cases * go fmt
2021-08-31 15:37:03 +00:00
return make([]*fleet.Label, 0), nil
}
Add support for context in datastore/mysql layer (#1962) This is just to pass down the context to the datastore layer, it doesn't use it just yet - this will be in a follow-up PR.
2021-09-14 12:11:07 +00:00
ds.ListPacksForHostFunc = func(ctx context.Context, hid uint) (packs []*fleet.Pack, err error) {
fix get hosts command to properly output json/yaml (#1774) * fix get hosts command to properly output json/yaml based on command line flag * add changes file * added tests for get hosts when specifiying host * added additional hosts to be returned in test cases * go fmt
2021-08-31 15:37:03 +00:00
return make([]*fleet.Pack, 0), nil
}
Add battery info in host details response (#6394)
2022-06-28 18:11:49 +00:00
ds.ListHostBatteriesFunc = func(ctx context.Context, hid uint) (batteries []*fleet.HostBattery, err error) {
return nil, nil
}
Amend policy creation and spec (for proprietary query), and add update APIs (#2890) * Amend policy creation (proprietary query), add update APIs * Fix Datastore.SavePolicy bug (and add tests) * Add integration tests for new policy APIs * Add author email * Add activities * Push breaking changes for return policy fields * WIP * Add integration test for host policies * Make more improvements to policy representation * Improve upgrade code (from PR review comments) * PR changes * Revert activities for policies * Use *uint instead of uint for queryID, use fleet.PolicyPayload * Filter out other schemas * New policy flow (#2922) * created new policy flow -- no API connection * added api props * fixed prop name * lint fixes * removed unused modal; fixed style * name, desc icons; created global components * lint fixes * ignoring certain files and lines for prettier * Update frontend/pages/policies/PolicyPage/PolicyPage.tsx * Make policy names unique across deployment * Amend upgrade script * Fix migration for unique names * Do not deduplicate but instead rename policies Co-authored-by: Martavis Parker <47053705+martavis@users.noreply.github.com>
2021-11-24 17:16:42 +00:00
defaultPolicyQuery := "select 1 from osquery_info where start_time > 1;"
Add `platforms` field to policies (#3181) * Add platforms field to policies * Fix fleetctl tests * PR review changes * Add missing tests * Add changes for ListPoliciesForHost
2021-12-03 18:33:33 +00:00
ds.ListPoliciesForHostFunc = func(ctx context.Context, host *fleet.Host) ([]*fleet.HostPolicy, error) {
Issue 1890 host details policy (#2410) * wip * Add policies to hosts
2021-10-07 11:11:10 +00:00
return []*fleet.HostPolicy{
{
Amend policy creation and spec (for proprietary query), and add update APIs (#2890) * Amend policy creation (proprietary query), add update APIs * Fix Datastore.SavePolicy bug (and add tests) * Add integration tests for new policy APIs * Add author email * Add activities * Push breaking changes for return policy fields * WIP * Add integration test for host policies * Make more improvements to policy representation * Improve upgrade code (from PR review comments) * PR changes * Revert activities for policies * Use *uint instead of uint for queryID, use fleet.PolicyPayload * Filter out other schemas * New policy flow (#2922) * created new policy flow -- no API connection * added api props * fixed prop name * lint fixes * removed unused modal; fixed style * name, desc icons; created global components * lint fixes * ignoring certain files and lines for prettier * Update frontend/pages/policies/PolicyPage/PolicyPage.tsx * Make policy names unique across deployment * Amend upgrade script * Fix migration for unique names * Do not deduplicate but instead rename policies Co-authored-by: Martavis Parker <47053705+martavis@users.noreply.github.com>
2021-11-24 17:16:42 +00:00
PolicyData: fleet.PolicyData{
ID: 1,
Name: "query1",
Query: defaultPolicyQuery,
Description: "Some description",
AuthorID: ptr.Uint(1),
AuthorName: "Alice",
AuthorEmail: "alice@example.com",
Resolution: ptr.String("Some resolution"),
TeamID: ptr.Uint(1),
},
Response: "passes",
Issue 1890 host details policy (#2410) * wip * Add policies to hosts
2021-10-07 11:11:10 +00:00
},
{
Amend policy creation and spec (for proprietary query), and add update APIs (#2890) * Amend policy creation (proprietary query), add update APIs * Fix Datastore.SavePolicy bug (and add tests) * Add integration tests for new policy APIs * Add author email * Add activities * Push breaking changes for return policy fields * WIP * Add integration test for host policies * Make more improvements to policy representation * Improve upgrade code (from PR review comments) * PR changes * Revert activities for policies * Use *uint instead of uint for queryID, use fleet.PolicyPayload * Filter out other schemas * New policy flow (#2922) * created new policy flow -- no API connection * added api props * fixed prop name * lint fixes * removed unused modal; fixed style * name, desc icons; created global components * lint fixes * ignoring certain files and lines for prettier * Update frontend/pages/policies/PolicyPage/PolicyPage.tsx * Make policy names unique across deployment * Amend upgrade script * Fix migration for unique names * Do not deduplicate but instead rename policies Co-authored-by: Martavis Parker <47053705+martavis@users.noreply.github.com>
2021-11-24 17:16:42 +00:00
PolicyData: fleet.PolicyData{
ID: 2,
Name: "query2",
Query: defaultPolicyQuery,
Description: "",
AuthorID: ptr.Uint(1),
AuthorName: "Alice",
AuthorEmail: "alice@example.com",
Resolution: nil,
TeamID: nil,
},
Response: "fails",
Issue 1890 host details policy (#2410) * wip * Add policies to hosts
2021-10-07 11:11:10 +00:00
},
}, nil
}
fix get hosts command to properly output json/yaml (#1774) * fix get hosts command to properly output json/yaml based on command line flag * add changes file * added tests for get hosts when specifiying host * added additional hosts to be returned in test cases * go fmt
2021-08-31 15:37:03 +00:00
Include MIA hosts under total count for Offline hosts (#5854)
2022-05-23 19:11:02 +00:00
expectedText := `+------+------------+----------+-----------------+---------+
| UUID | HOSTNAME | PLATFORM | OSQUERY VERSION | STATUS |
+------+------------+----------+-----------------+---------+
| | test_host | | | offline |
+------+------------+----------+-----------------+---------+
| | test_host2 | | | offline |
+------+------------+----------+-----------------+---------+
update printHost to serialize HostResponse rather than just Host (#1440) * update printHost to serialize HostResponse rather than just Host * added change log file * Update changes/issue-1373-add-status-to-fleetctl-get-command Co-authored-by: Tomas Touceda <chiiph@gmail.com>
2021-07-23 14:48:40 +00:00
`
fix get hosts command to properly output json/yaml (#1774) * fix get hosts command to properly output json/yaml based on command line flag * add changes file * added tests for get hosts when specifiying host * added additional hosts to be returned in test cases * go fmt
2021-08-31 15:37:03 +00:00
Prettify and compare strings instead of structs in fleetctl get tests (#3047) * Prettify and compare strings instead of structs in fleetctl get tests * Prettify JSON testdata * Simplify scanner for multi json
2021-11-22 15:20:09 +00:00
jsonPrettify := func(t *testing.T, v string) string {
var i interface{}
err := json.Unmarshal([]byte(v), &i)
require.NoError(t, err)
indented, err := json.MarshalIndent(i, "", " ")
require.NoError(t, err)
return string(indented)
}
yamlPrettify := func(t *testing.T, v string) string {
var i interface{}
err := yaml.Unmarshal([]byte(v), &i)
require.NoError(t, err)
indented, err := yaml.Marshal(i)
require.NoError(t, err)
return string(indented)
}
fix get hosts command to properly output json/yaml (#1774) * fix get hosts command to properly output json/yaml based on command line flag * add changes file * added tests for get hosts when specifiying host * added additional hosts to be returned in test cases * go fmt
2021-08-31 15:37:03 +00:00
tests := []struct {
Prettify and compare strings instead of structs in fleetctl get tests (#3047) * Prettify and compare strings instead of structs in fleetctl get tests * Prettify JSON testdata * Simplify scanner for multi json
2021-11-22 15:20:09 +00:00
name string
goldenFile string
scanner func(s string) []string
prettifier func(t *testing.T, v string) string
args []string
fix get hosts command to properly output json/yaml (#1774) * fix get hosts command to properly output json/yaml based on command line flag * add changes file * added tests for get hosts when specifiying host * added additional hosts to be returned in test cases * go fmt
2021-08-31 15:37:03 +00:00
}{
{
Prettify and compare strings instead of structs in fleetctl get tests (#3047) * Prettify and compare strings instead of structs in fleetctl get tests * Prettify JSON testdata * Simplify scanner for multi json
2021-11-22 15:20:09 +00:00
name: "get hosts --json",
goldenFile: "expectedListHostsJson.json",
fix get hosts command to properly output json/yaml (#1774) * fix get hosts command to properly output json/yaml based on command line flag * add changes file * added tests for get hosts when specifiying host * added additional hosts to be returned in test cases * go fmt
2021-08-31 15:37:03 +00:00
scanner: func(s string) []string {
Prettify and compare strings instead of structs in fleetctl get tests (#3047) * Prettify and compare strings instead of structs in fleetctl get tests * Prettify JSON testdata * Simplify scanner for multi json
2021-11-22 15:20:09 +00:00
parts := strings.Split(s, "}\n{")
return []string{parts[0] + "}", "{" + parts[1]}
fix get hosts command to properly output json/yaml (#1774) * fix get hosts command to properly output json/yaml based on command line flag * add changes file * added tests for get hosts when specifiying host * added additional hosts to be returned in test cases * go fmt
2021-08-31 15:37:03 +00:00
},
Prettify and compare strings instead of structs in fleetctl get tests (#3047) * Prettify and compare strings instead of structs in fleetctl get tests * Prettify JSON testdata * Simplify scanner for multi json
2021-11-22 15:20:09 +00:00
args: []string{"get", "hosts", "--json"},
prettifier: jsonPrettify,
fix get hosts command to properly output json/yaml (#1774) * fix get hosts command to properly output json/yaml based on command line flag * add changes file * added tests for get hosts when specifiying host * added additional hosts to be returned in test cases * go fmt
2021-08-31 15:37:03 +00:00
},
{
Prettify and compare strings instead of structs in fleetctl get tests (#3047) * Prettify and compare strings instead of structs in fleetctl get tests * Prettify JSON testdata * Simplify scanner for multi json
2021-11-22 15:20:09 +00:00
name: "get hosts --json test_host",
goldenFile: "expectedHostDetailResponseJson.json",
scanner: func(s string) []string { return []string{s} },
args: []string{"get", "hosts", "--json", "test_host"},
prettifier: jsonPrettify,
fix get hosts command to properly output json/yaml (#1774) * fix get hosts command to properly output json/yaml based on command line flag * add changes file * added tests for get hosts when specifiying host * added additional hosts to be returned in test cases * go fmt
2021-08-31 15:37:03 +00:00
},
{
Prettify and compare strings instead of structs in fleetctl get tests (#3047) * Prettify and compare strings instead of structs in fleetctl get tests * Prettify JSON testdata * Simplify scanner for multi json
2021-11-22 15:20:09 +00:00
name: "get hosts --yaml",
goldenFile: "expectedListHostsYaml.yml",
fix get hosts command to properly output json/yaml (#1774) * fix get hosts command to properly output json/yaml based on command line flag * add changes file * added tests for get hosts when specifiying host * added additional hosts to be returned in test cases * go fmt
2021-08-31 15:37:03 +00:00
scanner: func(s string) []string {
return []string{s}
},
Prettify and compare strings instead of structs in fleetctl get tests (#3047) * Prettify and compare strings instead of structs in fleetctl get tests * Prettify JSON testdata * Simplify scanner for multi json
2021-11-22 15:20:09 +00:00
args: []string{"get", "hosts", "--yaml"},
prettifier: yamlPrettify,
fix get hosts command to properly output json/yaml (#1774) * fix get hosts command to properly output json/yaml based on command line flag * add changes file * added tests for get hosts when specifiying host * added additional hosts to be returned in test cases * go fmt
2021-08-31 15:37:03 +00:00
},
{
Prettify and compare strings instead of structs in fleetctl get tests (#3047) * Prettify and compare strings instead of structs in fleetctl get tests * Prettify JSON testdata * Simplify scanner for multi json
2021-11-22 15:20:09 +00:00
name: "get hosts --yaml test_host",
goldenFile: "expectedHostDetailResponseYaml.yml",
fix get hosts command to properly output json/yaml (#1774) * fix get hosts command to properly output json/yaml based on command line flag * add changes file * added tests for get hosts when specifiying host * added additional hosts to be returned in test cases * go fmt
2021-08-31 15:37:03 +00:00
scanner: func(s string) []string {
Move specs parsing functionality to a new pkg/spec package (#7050)
2022-08-05 22:07:32 +00:00
return spec.SplitYaml(s)
fix get hosts command to properly output json/yaml (#1774) * fix get hosts command to properly output json/yaml based on command line flag * add changes file * added tests for get hosts when specifiying host * added additional hosts to be returned in test cases * go fmt
2021-08-31 15:37:03 +00:00
},
Prettify and compare strings instead of structs in fleetctl get tests (#3047) * Prettify and compare strings instead of structs in fleetctl get tests * Prettify JSON testdata * Simplify scanner for multi json
2021-11-22 15:20:09 +00:00
args: []string{"get", "hosts", "--yaml", "test_host"},
prettifier: yamlPrettify,
fix get hosts command to properly output json/yaml (#1774) * fix get hosts command to properly output json/yaml based on command line flag * add changes file * added tests for get hosts when specifiying host * added additional hosts to be returned in test cases * go fmt
2021-08-31 15:37:03 +00:00
},
}
for _, tt := range tests {
t.Run(tt.name, func(t *testing.T) {
expected, err := ioutil.ReadFile(filepath.Join("testdata", tt.goldenFile))
require.NoError(t, err)
expectedResults := tt.scanner(string(expected))
actualResult := tt.scanner(runAppForTest(t, tt.args))
Prettify and compare strings instead of structs in fleetctl get tests (#3047) * Prettify and compare strings instead of structs in fleetctl get tests * Prettify JSON testdata * Simplify scanner for multi json
2021-11-22 15:20:09 +00:00
require.Equal(t, len(expectedResults), len(actualResult))
for i := range expectedResults {
require.Equal(t, tt.prettifier(t, expectedResults[i]), tt.prettifier(t, actualResult[i]))
fix get hosts command to properly output json/yaml (#1774) * fix get hosts command to properly output json/yaml based on command line flag * add changes file * added tests for get hosts when specifiying host * added additional hosts to be returned in test cases * go fmt
2021-08-31 15:37:03 +00:00
}
})
}
update printHost to serialize HostResponse rather than just Host (#1440) * update printHost to serialize HostResponse rather than just Host * added change log file * Update changes/issue-1373-add-status-to-fleetctl-get-command Co-authored-by: Tomas Touceda <chiiph@gmail.com>
2021-07-23 14:48:40 +00:00
assert.Equal(t, expectedText, runAppForTest(t, []string{"get", "hosts"}))
}
Issue 1588 allow disabling host users (#1611) * Allow users to disable host_users * Add missing files * Address review comments * Fix tests * Check additional queries for nil, not the whole hostsettings * Finally fix tests
2021-08-11 17:56:11 +00:00
func TestGetConfig(t *testing.T) {
Refactor integration tests (#1821) * Refactor integration tests * Remove nopCloser and use io.NopCloser * Address review comments
2021-09-15 19:27:53 +00:00
_, ds := runServerWithMockedDS(t)
Issue 1588 allow disabling host users (#1611) * Allow users to disable host_users * Add missing files * Address review comments * Fix tests * Check additional queries for nil, not the whole hostsettings * Finally fix tests
2021-08-11 17:56:11 +00:00
Add support for context in datastore/mysql layer (#1962) This is just to pass down the context to the datastore layer, it doesn't use it just yet - this will be in a follow-up PR.
2021-09-14 12:11:07 +00:00
ds.AppConfigFunc = func(ctx context.Context) (*fleet.AppConfig, error) {
Issue 1588 allow disabling host users (#1611) * Allow users to disable host_users * Add missing files * Address review comments * Fix tests * Check additional queries for nil, not the whole hostsettings * Finally fix tests
2021-08-11 17:56:11 +00:00
return &fleet.AppConfig{
deprecate host_settings in favor of features (#7358) Related to #7312, this makes use of the changes introduced in #7353 to rename host_settings to features while keeping backwards compatibility.
2022-08-25 16:41:50 +00:00
Features: fleet.Features{EnableHostUsers: true},
Refactor app config (POC, for now) (#1685)
2021-08-20 15:27:41 +00:00
VulnerabilitySettings: fleet.VulnerabilitySettings{DatabasesPath: "/some/path"},
Issue 1588 allow disabling host users (#1611) * Allow users to disable host_users * Add missing files * Address review comments * Fix tests * Check additional queries for nil, not the whole hostsettings * Finally fix tests
2021-08-11 17:56:11 +00:00
}, nil
}
Add test for fleetctl preview (#2388) * Start a fleetctl preview test * Add tests for fleetctl preview * Fix setting of fleetctl auth token in test * Add fleet instance vulnerabilities config to response of GetAppConfig * Add checks that fleetctl preview enables vulnerability detection * Adjust doc for get config API response * Add the include-server-config flag to fleetctl get config * Update test now that some of the PRs have been merged Co-authored-by: Tomas Touceda <chiiph@gmail.com>
2021-10-07 13:19:10 +00:00
t.Run("AppConfig", func(t *testing.T) {
expectedYaml := `---
Issue 1588 allow disabling host users (#1611) * Allow users to disable host_users * Add missing files * Address review comments * Fix tests * Check additional queries for nil, not the whole hostsettings * Finally fix tests
2021-08-11 17:56:11 +00:00
apiVersion: v1
kind: config
spec:
Add new `fleet_desktop` property to config object (#6151)
2022-06-10 15:39:02 +00:00
fleet_desktop:
transparency_url: https://fleetdm.com/transparency
Issue 1588 allow disabling host users (#1611) * Allow users to disable host_users * Add missing files * Address review comments * Fix tests * Check additional queries for nil, not the whole hostsettings * Finally fix tests
2021-08-11 17:56:11 +00:00
host_expiry_settings:
host_expiry_enabled: false
host_expiry_window: 0
deprecate host_settings in favor of features (#7358) Related to #7312, this makes use of the changes introduced in #7353 to rename host_settings to features while keeping backwards compatibility.
2022-08-25 16:41:50 +00:00
features:
Issue 1588 allow disabling host users (#1611) * Allow users to disable host_users * Add missing files * Address review comments * Fix tests * Check additional queries for nil, not the whole hostsettings * Finally fix tests
2021-08-11 17:56:11 +00:00
enable_host_users: true
Issue 1632 software inventory config (#1636) * Add config option for software inventory * Add documentation for the new config
2021-08-11 18:57:53 +00:00
enable_software_inventory: false
Add Jira integrations config support (#4863)
2022-03-30 13:10:02 +00:00
integrations:
jira: null
Add Zendesk external service integration for vulnerability automations (#5372)
2022-05-02 20:58:34 +00:00
zendesk: null
Add new configuration option to set default team for Apple Business Manager (#9062)
2023-01-03 22:14:18 +00:00
mdm:
Flag when the Apple BM terms have expired (#9091) #8862 Co-authored-by: Roberto Dip <dip.jesusr@gmail.com> Co-authored-by: gillespi314 <73313222+gillespi314@users.noreply.github.com>
2023-01-06 20:44:20 +00:00
apple_bm_terms_expired: false
Add readonly MDM.EnabledAndConfigured to app config and device responses (#9575) Related to #9571, this adds a new value to both responses which is calculated when the Fleet server is started, and only set to `true` if the server is properly configured for MDM. This helps the UI to determine wether or not we should show certain UI elements that we only want to show to servers with MDM enabled.
2023-02-01 17:47:52 +00:00
enabled_and_configured: false
Add new configuration option to set default team for Apple Business Manager (#9062)
2023-01-03 22:14:18 +00:00
apple_bm_default_team: ""
add mdm root key and macos_updates to app and team configs (#9442) Related to https://github.com/fleetdm/fleet/issues/9345, https://github.com/fleetdm/fleet/issues/9358 and https://github.com/fleetdm/fleet/issues/9346 this adds: 1. The ability to configure `mdm.macos_updates` via `PATCH /config` and `PATCH /teams/{id}` 3. The ability to configure `mdm.macos_updates` by using `fleetctl apply -f` for teams and global config.
2023-01-24 16:20:02 +00:00
macos_updates:
minimum_version: ""
deadline: ""
Issue 1588 allow disabling host users (#1611) * Allow users to disable host_users * Add missing files * Address review comments * Fix tests * Check additional queries for nil, not the whole hostsettings * Finally fix tests
2021-08-11 17:56:11 +00:00
org_info:
org_logo_url: ""
org_name: ""
server_settings:
Serialize hosts writes per instance (#2753) * Serialize hosts writes per instance * Write hosts asynchronously * Dont make the save in a goroutine * Revert "Dont make the save in a goroutine" This reverts commit 4a890c5271142755dec69a741582e7eca5c4c62c. * Make all savehosts async * Address review comments and make this approach configurable * Address review comments * Disable bulk seen time marking for a test * Move host seen times to a new table * Remove unused * Add seen_time to list hosts * Add some jitter to seen time flushing * Remove unused * Add timeout to deferred save host * Add tests for serialSaveHost * Update hosts in labels and policy executions in a serial way * Address review comments and remove fk constraints in host software * Make errCh buffered * Add changes file * Readd key
2021-11-08 14:42:37 +00:00
deferred_save_host: false
Issue 1588 allow disabling host users (#1611) * Allow users to disable host_users * Add missing files * Address review comments * Fix tests * Check additional queries for nil, not the whole hostsettings * Finally fix tests
2021-08-11 17:56:11 +00:00
enable_analytics: false
live_query_disabled: false
server_url: ""
smtp_settings:
Refactor app config (POC, for now) (#1685)
2021-08-20 15:27:41 +00:00
authentication_method: ""
authentication_type: ""
Issue 1588 allow disabling host users (#1611) * Allow users to disable host_users * Add missing files * Address review comments * Fix tests * Check additional queries for nil, not the whole hostsettings * Finally fix tests
2021-08-11 17:56:11 +00:00
configured: false
domain: ""
enable_smtp: false
enable_ssl_tls: false
enable_start_tls: false
Refactor app config (POC, for now) (#1685)
2021-08-20 15:27:41 +00:00
password: ""
Issue 1588 allow disabling host users (#1611) * Allow users to disable host_users * Add missing files * Address review comments * Fix tests * Check additional queries for nil, not the whole hostsettings * Finally fix tests
2021-08-11 17:56:11 +00:00
port: 0
sender_address: ""
server: ""
user_name: ""
verify_ssl_certs: false
sso_settings:
add application config setting to enable JIT provisioning (#7140) As part of #7053, this adds a config setting to enable JIT provisioning.
2022-08-10 18:15:35 +00:00
enable_jit_provisioning: false
Issue 1588 allow disabling host users (#1611) * Allow users to disable host_users * Add missing files * Address review comments * Fix tests * Check additional queries for nil, not the whole hostsettings * Finally fix tests
2021-08-11 17:56:11 +00:00
enable_sso: false
enable_sso_idp_login: false
entity_id: ""
idp_image_url: ""
idp_name: ""
issuer_uri: ""
metadata: ""
metadata_url: ""
vulnerability_settings:
databases_path: /some/path
Issue 1599 offline webhook (#1777) * wip * Add tests and finish implementation * Add proper default for periodicity, changes file, and documentation * Fix tests and add defaults also to new installs * EnableHostUsers should be true if undefined as well * In some cases, periodicity can be zero because of the migrations * Apply defaults when migrating appconfig * Fix lint * lint * Address review comments
2021-08-27 14:15:36 +00:00
webhook_settings:
Global policies automation webhooks (#3378) * Add webhook to app config * Add redis failing policies set and webhook * Add basic webhook test * Store hostname in redis * Global policy deletion to remove policy ID from set and config * Also process new passing policies * Fix unit test * Sort hosts * Add more tests * Add ListSets to the failing policies interface * Fix server URL and garbage collect on the triggering side * Do not use Redis SCAN * Fix Redis operation order * Add API changes to doc * Add comments * Add more tests * Fix tests * Add tests for config update upon deletion of policies * Run make dump-test-schema * Ignore policies that failed to run * Add proper unit tests to trigger logic * Fix comments * WIP * Add tests to service_osquerty_test.go * Use SSCAN for listing hosts instead of SMEMBERS * Add failing policies to docs/01-Using-Fleet/configuration-files/README.md * Remove skip * Fix PR comments
2021-12-23 21:26:55 +00:00
failing_policies_webhook:
destination_url: ""
enable_failing_policies_webhook: false
host_batch_size: 0
policy_ids: null
Issue 1599 offline webhook (#1777) * wip * Add tests and finish implementation * Add proper default for periodicity, changes file, and documentation * Fix tests and add defaults also to new installs * EnableHostUsers should be true if undefined as well * In some cases, periodicity can be zero because of the migrations * Apply defaults when migrating appconfig * Fix lint * lint * Address review comments
2021-08-27 14:15:36 +00:00
host_status_webhook:
days_count: 0
destination_url: ""
enable_host_status_webhook: false
host_percentage: 0
interval: 0s
Add vulnerabilities webhook config (#3897) * Add vulnerabilities webhook config * Fix tests * Update documentation * Update docs
2022-01-27 13:48:46 +00:00
vulnerabilities_webhook:
destination_url: ""
enable_vulnerabilities_webhook: false
host_batch_size: 0
Issue 1588 allow disabling host users (#1611) * Allow users to disable host_users * Add missing files * Address review comments * Fix tests * Check additional queries for nil, not the whole hostsettings * Finally fix tests
2021-08-11 17:56:11 +00:00
`
Feature 7076: Ingest installed windows updates (#7138) * Ingest installed Windows updates and store them in the windows_updates table. * Added config option for enabling/disabling Windows update ingestion and Windows OS vuln. detection.
2022-08-26 18:55:03 +00:00
expectedJson := `
add application config setting to enable JIT provisioning (#7140) As part of #7053, this adds a config setting to enable JIT provisioning.
2022-08-10 18:15:35 +00:00
{
"kind": "config",
"apiVersion": "v1",
"spec": {
"org_info": { "org_name": "", "org_logo_url": "" },
"server_settings": {
"server_url": "",
"live_query_disabled": false,
"enable_analytics": false,
"deferred_save_host": false
},
"smtp_settings": {
"enable_smtp": false,
"configured": false,
"sender_address": "",
"server": "",
"port": 0,
"authentication_type": "",
"user_name": "",
"password": "",
"enable_ssl_tls": false,
"authentication_method": "",
"domain": "",
"verify_ssl_certs": false,
"enable_start_tls": false
},
"host_expiry_settings": {
"host_expiry_enabled": false,
"host_expiry_window": 0
},
deprecate host_settings in favor of features (#7358) Related to #7312, this makes use of the changes introduced in #7353 to rename host_settings to features while keeping backwards compatibility.
2022-08-25 16:41:50 +00:00
"features": {
add application config setting to enable JIT provisioning (#7140) As part of #7053, this adds a config setting to enable JIT provisioning.
2022-08-10 18:15:35 +00:00
"enable_host_users": true,
"enable_software_inventory": false
},
add mdm root key and macos_updates to app and team configs (#9442) Related to https://github.com/fleetdm/fleet/issues/9345, https://github.com/fleetdm/fleet/issues/9358 and https://github.com/fleetdm/fleet/issues/9346 this adds: 1. The ability to configure `mdm.macos_updates` via `PATCH /config` and `PATCH /teams/{id}` 3. The ability to configure `mdm.macos_updates` by using `fleetctl apply -f` for teams and global config.
2023-01-24 16:20:02 +00:00
"mdm": {
"macos_updates": {
"minimum_version": "",
"deadline": ""
}
},
add application config setting to enable JIT provisioning (#7140) As part of #7053, this adds a config setting to enable JIT provisioning.
2022-08-10 18:15:35 +00:00
"sso_settings": {
"entity_id": "",
"issuer_uri": "",
"idp_image_url": "",
"metadata": "",
"metadata_url": "",
"idp_name": "",
"enable_jit_provisioning": false,
"enable_sso": false,
"enable_sso_idp_login": false
},
"fleet_desktop": { "transparency_url": "https://fleetdm.com/transparency" },
"vulnerability_settings": { "databases_path": "/some/path" },
"webhook_settings": {
"host_status_webhook": {
"enable_host_status_webhook": false,
"destination_url": "",
"host_percentage": 0,
"days_count": 0
},
"failing_policies_webhook": {
"enable_failing_policies_webhook": false,
"destination_url": "",
"policy_ids": null,
"host_batch_size": 0
},
"vulnerabilities_webhook": {
"enable_vulnerabilities_webhook": false,
"destination_url": "",
"host_batch_size": 0
},
"interval": "0s"
},
Add new configuration option to set default team for Apple Business Manager (#9062)
2023-01-03 22:14:18 +00:00
"integrations": { "jira": null, "zendesk": null },
add mdm root key and macos_updates to app and team configs (#9442) Related to https://github.com/fleetdm/fleet/issues/9345, https://github.com/fleetdm/fleet/issues/9358 and https://github.com/fleetdm/fleet/issues/9346 this adds: 1. The ability to configure `mdm.macos_updates` via `PATCH /config` and `PATCH /teams/{id}` 3. The ability to configure `mdm.macos_updates` by using `fleetctl apply -f` for teams and global config.
2023-01-24 16:20:02 +00:00
"mdm": {
"apple_bm_terms_expired": false,
Add readonly MDM.EnabledAndConfigured to app config and device responses (#9575) Related to #9571, this adds a new value to both responses which is calculated when the Fleet server is started, and only set to `true` if the server is properly configured for MDM. This helps the UI to determine wether or not we should show certain UI elements that we only want to show to servers with MDM enabled.
2023-02-01 17:47:52 +00:00
"enabled_and_configured": false,
add mdm root key and macos_updates to app and team configs (#9442) Related to https://github.com/fleetdm/fleet/issues/9345, https://github.com/fleetdm/fleet/issues/9358 and https://github.com/fleetdm/fleet/issues/9346 this adds: 1. The ability to configure `mdm.macos_updates` via `PATCH /config` and `PATCH /teams/{id}` 3. The ability to configure `mdm.macos_updates` by using `fleetctl apply -f` for teams and global config.
2023-01-24 16:20:02 +00:00
"apple_bm_default_team": "",
"macos_updates": {
"minimum_version": "",
"deadline": ""
}
}
add application config setting to enable JIT provisioning (#7140) As part of #7053, this adds a config setting to enable JIT provisioning.
2022-08-10 18:15:35 +00:00
}
}
Add test for fleetctl preview (#2388) * Start a fleetctl preview test * Add tests for fleetctl preview * Fix setting of fleetctl auth token in test * Add fleet instance vulnerabilities config to response of GetAppConfig * Add checks that fleetctl preview enables vulnerability detection * Adjust doc for get config API response * Add the include-server-config flag to fleetctl get config * Update test now that some of the PRs have been merged Co-authored-by: Tomas Touceda <chiiph@gmail.com>
2021-10-07 13:19:10 +00:00
`
add application config setting to enable JIT provisioning (#7140) As part of #7053, this adds a config setting to enable JIT provisioning.
2022-08-10 18:15:35 +00:00
assert.YAMLEq(t, expectedYaml, runAppForTest(t, []string{"get", "config"}))
assert.YAMLEq(t, expectedYaml, runAppForTest(t, []string{"get", "config", "--yaml"}))
Feature 7076: Ingest installed windows updates (#7138) * Ingest installed Windows updates and store them in the windows_updates table. * Added config option for enabling/disabling Windows update ingestion and Windows OS vuln. detection.
2022-08-26 18:55:03 +00:00
assert.JSONEq(t, expectedJson, runAppForTest(t, []string{"get", "config", "--json"}))
Add test for fleetctl preview (#2388) * Start a fleetctl preview test * Add tests for fleetctl preview * Fix setting of fleetctl auth token in test * Add fleet instance vulnerabilities config to response of GetAppConfig * Add checks that fleetctl preview enables vulnerability detection * Adjust doc for get config API response * Add the include-server-config flag to fleetctl get config * Update test now that some of the PRs have been merged Co-authored-by: Tomas Touceda <chiiph@gmail.com>
2021-10-07 13:19:10 +00:00
})
t.Run("IncludeServerConfig", func(t *testing.T) {
improve vuln cpe matching on macos (#6985) * add cpe translations * fix matching on target_sw
2022-09-01 16:02:07 +00:00
expectedYAML := `---
Add test for fleetctl preview (#2388) * Start a fleetctl preview test * Add tests for fleetctl preview * Fix setting of fleetctl auth token in test * Add fleet instance vulnerabilities config to response of GetAppConfig * Add checks that fleetctl preview enables vulnerability detection * Adjust doc for get config API response * Add the include-server-config flag to fleetctl get config * Update test now that some of the PRs have been merged Co-authored-by: Tomas Touceda <chiiph@gmail.com>
2021-10-07 13:19:10 +00:00
apiVersion: v1
kind: config
spec:
Add new `fleet_desktop` property to config object (#6151)
2022-06-10 15:39:02 +00:00
fleet_desktop:
transparency_url: https://fleetdm.com/transparency
Add test for fleetctl preview (#2388) * Start a fleetctl preview test * Add tests for fleetctl preview * Fix setting of fleetctl auth token in test * Add fleet instance vulnerabilities config to response of GetAppConfig * Add checks that fleetctl preview enables vulnerability detection * Adjust doc for get config API response * Add the include-server-config flag to fleetctl get config * Update test now that some of the PRs have been merged Co-authored-by: Tomas Touceda <chiiph@gmail.com>
2021-10-07 13:19:10 +00:00
host_expiry_settings:
host_expiry_enabled: false
host_expiry_window: 0
deprecate host_settings in favor of features (#7358) Related to #7312, this makes use of the changes introduced in #7353 to rename host_settings to features while keeping backwards compatibility.
2022-08-25 16:41:50 +00:00
features:
Add test for fleetctl preview (#2388) * Start a fleetctl preview test * Add tests for fleetctl preview * Fix setting of fleetctl auth token in test * Add fleet instance vulnerabilities config to response of GetAppConfig * Add checks that fleetctl preview enables vulnerability detection * Adjust doc for get config API response * Add the include-server-config flag to fleetctl get config * Update test now that some of the PRs have been merged Co-authored-by: Tomas Touceda <chiiph@gmail.com>
2021-10-07 13:19:10 +00:00
enable_host_users: true
enable_software_inventory: false
Add Jira integrations config support (#4863)
2022-03-30 13:10:02 +00:00
integrations:
jira: null
Add Zendesk external service integration for vulnerability automations (#5372)
2022-05-02 20:58:34 +00:00
zendesk: null
Add new configuration option to set default team for Apple Business Manager (#9062)
2023-01-03 22:14:18 +00:00
mdm:
apple_bm_default_team: ""
Flag when the Apple BM terms have expired (#9091) #8862 Co-authored-by: Roberto Dip <dip.jesusr@gmail.com> Co-authored-by: gillespi314 <73313222+gillespi314@users.noreply.github.com>
2023-01-06 20:44:20 +00:00
apple_bm_terms_expired: false
Add readonly MDM.EnabledAndConfigured to app config and device responses (#9575) Related to #9571, this adds a new value to both responses which is calculated when the Fleet server is started, and only set to `true` if the server is properly configured for MDM. This helps the UI to determine wether or not we should show certain UI elements that we only want to show to servers with MDM enabled.
2023-02-01 17:47:52 +00:00
enabled_and_configured: false
add mdm root key and macos_updates to app and team configs (#9442) Related to https://github.com/fleetdm/fleet/issues/9345, https://github.com/fleetdm/fleet/issues/9358 and https://github.com/fleetdm/fleet/issues/9346 this adds: 1. The ability to configure `mdm.macos_updates` via `PATCH /config` and `PATCH /teams/{id}` 3. The ability to configure `mdm.macos_updates` by using `fleetctl apply -f` for teams and global config.
2023-01-24 16:20:02 +00:00
macos_updates:
minimum_version: ""
deadline: ""
Add test for fleetctl preview (#2388) * Start a fleetctl preview test * Add tests for fleetctl preview * Fix setting of fleetctl auth token in test * Add fleet instance vulnerabilities config to response of GetAppConfig * Add checks that fleetctl preview enables vulnerability detection * Adjust doc for get config API response * Add the include-server-config flag to fleetctl get config * Update test now that some of the PRs have been merged Co-authored-by: Tomas Touceda <chiiph@gmail.com>
2021-10-07 13:19:10 +00:00
license:
expiration: "0001-01-01T00:00:00Z"
tier: free
logging:
debug: true
json: false
result:
config:
enable_log_compression: false
enable_log_rotation: false
result_log_file: /dev/null
status_log_file: /dev/null
Generate audit logs for activities (#9001) * Generate audit logs for activities * Fix config tests * Fix TestGetConfig/IncludeServerConfig * Fix use of AddAttributes in results only * Stream activities asynchronously * Fix index and add logging * Revert change * Documentation fixes
2022-12-23 22:04:13 +00:00
audit_log_file: /dev/null
Add test for fleetctl preview (#2388) * Start a fleetctl preview test * Add tests for fleetctl preview * Fix setting of fleetctl auth token in test * Add fleet instance vulnerabilities config to response of GetAppConfig * Add checks that fleetctl preview enables vulnerability detection * Adjust doc for get config API response * Add the include-server-config flag to fleetctl get config * Update test now that some of the PRs have been merged Co-authored-by: Tomas Touceda <chiiph@gmail.com>
2021-10-07 13:19:10 +00:00
plugin: filesystem
status:
config:
enable_log_compression: false
enable_log_rotation: false
result_log_file: /dev/null
status_log_file: /dev/null
Generate audit logs for activities (#9001) * Generate audit logs for activities * Fix config tests * Fix TestGetConfig/IncludeServerConfig * Fix use of AddAttributes in results only * Stream activities asynchronously * Fix index and add logging * Revert change * Documentation fixes
2022-12-23 22:04:13 +00:00
audit_log_file: /dev/null
plugin: filesystem
audit:
config:
enable_log_compression: false
enable_log_rotation: false
result_log_file: /dev/null
status_log_file: /dev/null
audit_log_file: /dev/null
Add test for fleetctl preview (#2388) * Start a fleetctl preview test * Add tests for fleetctl preview * Fix setting of fleetctl auth token in test * Add fleet instance vulnerabilities config to response of GetAppConfig * Add checks that fleetctl preview enables vulnerability detection * Adjust doc for get config API response * Add the include-server-config flag to fleetctl get config * Update test now that some of the PRs have been merged Co-authored-by: Tomas Touceda <chiiph@gmail.com>
2021-10-07 13:19:10 +00:00
plugin: filesystem
org_info:
org_logo_url: ""
org_name: ""
server_settings:
Serialize hosts writes per instance (#2753) * Serialize hosts writes per instance * Write hosts asynchronously * Dont make the save in a goroutine * Revert "Dont make the save in a goroutine" This reverts commit 4a890c5271142755dec69a741582e7eca5c4c62c. * Make all savehosts async * Address review comments and make this approach configurable * Address review comments * Disable bulk seen time marking for a test * Move host seen times to a new table * Remove unused * Add seen_time to list hosts * Add some jitter to seen time flushing * Remove unused * Add timeout to deferred save host * Add tests for serialSaveHost * Update hosts in labels and policy executions in a serial way * Address review comments and remove fk constraints in host software * Make errCh buffered * Add changes file * Readd key
2021-11-08 14:42:37 +00:00
deferred_save_host: false
Add test for fleetctl preview (#2388) * Start a fleetctl preview test * Add tests for fleetctl preview * Fix setting of fleetctl auth token in test * Add fleet instance vulnerabilities config to response of GetAppConfig * Add checks that fleetctl preview enables vulnerability detection * Adjust doc for get config API response * Add the include-server-config flag to fleetctl get config * Update test now that some of the PRs have been merged Co-authored-by: Tomas Touceda <chiiph@gmail.com>
2021-10-07 13:19:10 +00:00
enable_analytics: false
live_query_disabled: false
server_url: ""
smtp_settings:
authentication_method: ""
authentication_type: ""
configured: false
domain: ""
enable_smtp: false
enable_ssl_tls: false
enable_start_tls: false
password: ""
port: 0
sender_address: ""
server: ""
user_name: ""
verify_ssl_certs: false
sso_settings:
add application config setting to enable JIT provisioning (#7140) As part of #7053, this adds a config setting to enable JIT provisioning.
2022-08-10 18:15:35 +00:00
enable_jit_provisioning: false
Add test for fleetctl preview (#2388) * Start a fleetctl preview test * Add tests for fleetctl preview * Fix setting of fleetctl auth token in test * Add fleet instance vulnerabilities config to response of GetAppConfig * Add checks that fleetctl preview enables vulnerability detection * Adjust doc for get config API response * Add the include-server-config flag to fleetctl get config * Update test now that some of the PRs have been merged Co-authored-by: Tomas Touceda <chiiph@gmail.com>
2021-10-07 13:19:10 +00:00
enable_sso: false
enable_sso_idp_login: false
entity_id: ""
idp_image_url: ""
idp_name: ""
issuer_uri: ""
metadata: ""
metadata_url: ""
update_interval:
Humanize duration values returned by fleetctl (#5123) * Bug 5066: Format config durations Change duration values returned by 'fleetctl get config --include-server-config' from nanoseconds to a human readable format.
2022-04-19 13:29:50 +00:00
osquery_detail: 1h0m0s
osquery_policy: 1h0m0s
Add test for fleetctl preview (#2388) * Start a fleetctl preview test * Add tests for fleetctl preview * Fix setting of fleetctl auth token in test * Add fleet instance vulnerabilities config to response of GetAppConfig * Add checks that fleetctl preview enables vulnerability detection * Adjust doc for get config API response * Add the include-server-config flag to fleetctl get config * Update test now that some of the PRs have been merged Co-authored-by: Tomas Touceda <chiiph@gmail.com>
2021-10-07 13:19:10 +00:00
vulnerabilities:
cpe_database_url: ""
improve vuln cpe matching on macos (#6985) * add cpe translations * fix matching on target_sw
2022-09-01 16:02:07 +00:00
cpe_translations_url: ""
Add test for fleetctl preview (#2388) * Start a fleetctl preview test * Add tests for fleetctl preview * Fix setting of fleetctl auth token in test * Add fleet instance vulnerabilities config to response of GetAppConfig * Add checks that fleetctl preview enables vulnerability detection * Adjust doc for get config API response * Add the include-server-config flag to fleetctl get config * Update test now that some of the PRs have been merged Co-authored-by: Tomas Touceda <chiiph@gmail.com>
2021-10-07 13:19:10 +00:00
current_instance_checks: ""
cve_feed_prefix_url: ""
databases_path: ""
disable_data_sync: false
Feature 7076: Ingest installed windows updates (#7138) * Ingest installed Windows updates and store them in the windows_updates table. * Added config option for enabling/disabling Windows update ingestion and Windows OS vuln. detection.
2022-08-26 18:55:03 +00:00
disable_win_os_vulnerabilities: false
Humanize duration values returned by fleetctl (#5123) * Bug 5066: Format config durations Change duration values returned by 'fleetctl get config --include-server-config' from nanoseconds to a human readable format.
2022-04-19 13:29:50 +00:00
periodicity: 0s
recent_vulnerability_max_age: 0s
Add test for fleetctl preview (#2388) * Start a fleetctl preview test * Add tests for fleetctl preview * Fix setting of fleetctl auth token in test * Add fleet instance vulnerabilities config to response of GetAppConfig * Add checks that fleetctl preview enables vulnerability detection * Adjust doc for get config API response * Add the include-server-config flag to fleetctl get config * Update test now that some of the PRs have been merged Co-authored-by: Tomas Touceda <chiiph@gmail.com>
2021-10-07 13:19:10 +00:00
vulnerability_settings:
databases_path: /some/path
webhook_settings:
Global policies automation webhooks (#3378) * Add webhook to app config * Add redis failing policies set and webhook * Add basic webhook test * Store hostname in redis * Global policy deletion to remove policy ID from set and config * Also process new passing policies * Fix unit test * Sort hosts * Add more tests * Add ListSets to the failing policies interface * Fix server URL and garbage collect on the triggering side * Do not use Redis SCAN * Fix Redis operation order * Add API changes to doc * Add comments * Add more tests * Fix tests * Add tests for config update upon deletion of policies * Run make dump-test-schema * Ignore policies that failed to run * Add proper unit tests to trigger logic * Fix comments * WIP * Add tests to service_osquerty_test.go * Use SSCAN for listing hosts instead of SMEMBERS * Add failing policies to docs/01-Using-Fleet/configuration-files/README.md * Remove skip * Fix PR comments
2021-12-23 21:26:55 +00:00
failing_policies_webhook:
destination_url: ""
enable_failing_policies_webhook: false
host_batch_size: 0
policy_ids: null
Add test for fleetctl preview (#2388) * Start a fleetctl preview test * Add tests for fleetctl preview * Fix setting of fleetctl auth token in test * Add fleet instance vulnerabilities config to response of GetAppConfig * Add checks that fleetctl preview enables vulnerability detection * Adjust doc for get config API response * Add the include-server-config flag to fleetctl get config * Update test now that some of the PRs have been merged Co-authored-by: Tomas Touceda <chiiph@gmail.com>
2021-10-07 13:19:10 +00:00
host_status_webhook:
days_count: 0
destination_url: ""
enable_host_status_webhook: false
host_percentage: 0
interval: 0s
Add vulnerabilities webhook config (#3897) * Add vulnerabilities webhook config * Fix tests * Update documentation * Update docs
2022-01-27 13:48:46 +00:00
vulnerabilities_webhook:
destination_url: ""
enable_vulnerabilities_webhook: false
host_batch_size: 0
Add test for fleetctl preview (#2388) * Start a fleetctl preview test * Add tests for fleetctl preview * Fix setting of fleetctl auth token in test * Add fleet instance vulnerabilities config to response of GetAppConfig * Add checks that fleetctl preview enables vulnerability detection * Adjust doc for get config API response * Add the include-server-config flag to fleetctl get config * Update test now that some of the PRs have been merged Co-authored-by: Tomas Touceda <chiiph@gmail.com>
2021-10-07 13:19:10 +00:00
`
add application config setting to enable JIT provisioning (#7140) As part of #7053, this adds a config setting to enable JIT provisioning.
2022-08-10 18:15:35 +00:00
expectedJSON := `
{
"kind": "config",
"apiVersion": "v1",
"spec": {
Feature 7076: Ingest installed windows updates (#7138) * Ingest installed Windows updates and store them in the windows_updates table. * Added config option for enabling/disabling Windows update ingestion and Windows OS vuln. detection.
2022-08-26 18:55:03 +00:00
"org_info": {
"org_name": "",
"org_logo_url": ""
},
add application config setting to enable JIT provisioning (#7140) As part of #7053, this adds a config setting to enable JIT provisioning.
2022-08-10 18:15:35 +00:00
"server_settings": {
"server_url": "",
"live_query_disabled": false,
"enable_analytics": false,
"deferred_save_host": false
},
"smtp_settings": {
"enable_smtp": false,
"configured": false,
"sender_address": "",
"server": "",
"port": 0,
"authentication_type": "",
"user_name": "",
"password": "",
"enable_ssl_tls": false,
"authentication_method": "",
"domain": "",
"verify_ssl_certs": false,
"enable_start_tls": false
},
"host_expiry_settings": {
"host_expiry_enabled": false,
"host_expiry_window": 0
},
deprecate host_settings in favor of features (#7358) Related to #7312, this makes use of the changes introduced in #7353 to rename host_settings to features while keeping backwards compatibility.
2022-08-25 16:41:50 +00:00
"features": {
add application config setting to enable JIT provisioning (#7140) As part of #7053, this adds a config setting to enable JIT provisioning.
2022-08-10 18:15:35 +00:00
"enable_host_users": true,
"enable_software_inventory": false
},
add mdm root key and macos_updates to app and team configs (#9442) Related to https://github.com/fleetdm/fleet/issues/9345, https://github.com/fleetdm/fleet/issues/9358 and https://github.com/fleetdm/fleet/issues/9346 this adds: 1. The ability to configure `mdm.macos_updates` via `PATCH /config` and `PATCH /teams/{id}` 3. The ability to configure `mdm.macos_updates` by using `fleetctl apply -f` for teams and global config.
2023-01-24 16:20:02 +00:00
"mdm": {
"macos_updates": {
"minimum_version": "",
"deadline": ""
}
},
add application config setting to enable JIT provisioning (#7140) As part of #7053, this adds a config setting to enable JIT provisioning.
2022-08-10 18:15:35 +00:00
"sso_settings": {
"enable_jit_provisioning": false,
"entity_id": "",
"issuer_uri": "",
"idp_image_url": "",
"metadata": "",
"metadata_url": "",
"idp_name": "",
"enable_sso": false,
"enable_sso_idp_login": false
},
Feature 7076: Ingest installed windows updates (#7138) * Ingest installed Windows updates and store them in the windows_updates table. * Added config option for enabling/disabling Windows update ingestion and Windows OS vuln. detection.
2022-08-26 18:55:03 +00:00
"fleet_desktop": {
"transparency_url": "https://fleetdm.com/transparency"
},
"vulnerability_settings": {
"databases_path": "/some/path"
},
add application config setting to enable JIT provisioning (#7140) As part of #7053, this adds a config setting to enable JIT provisioning.
2022-08-10 18:15:35 +00:00
"webhook_settings": {
"host_status_webhook": {
"enable_host_status_webhook": false,
"destination_url": "",
"host_percentage": 0,
"days_count": 0
},
"failing_policies_webhook": {
"enable_failing_policies_webhook": false,
"destination_url": "",
"policy_ids": null,
"host_batch_size": 0
},
"vulnerabilities_webhook": {
"enable_vulnerabilities_webhook": false,
"destination_url": "",
"host_batch_size": 0
},
"interval": "0s"
},
Feature 7076: Ingest installed windows updates (#7138) * Ingest installed Windows updates and store them in the windows_updates table. * Added config option for enabling/disabling Windows update ingestion and Windows OS vuln. detection.
2022-08-26 18:55:03 +00:00
"integrations": {
"jira": null,
"zendesk": null
},
add mdm root key and macos_updates to app and team configs (#9442) Related to https://github.com/fleetdm/fleet/issues/9345, https://github.com/fleetdm/fleet/issues/9358 and https://github.com/fleetdm/fleet/issues/9346 this adds: 1. The ability to configure `mdm.macos_updates` via `PATCH /config` and `PATCH /teams/{id}` 3. The ability to configure `mdm.macos_updates` by using `fleetctl apply -f` for teams and global config.
2023-01-24 16:20:02 +00:00
"mdm": {
Flag when the Apple BM terms have expired (#9091) #8862 Co-authored-by: Roberto Dip <dip.jesusr@gmail.com> Co-authored-by: gillespi314 <73313222+gillespi314@users.noreply.github.com>
2023-01-06 20:44:20 +00:00
"apple_bm_default_team": "",
add mdm root key and macos_updates to app and team configs (#9442) Related to https://github.com/fleetdm/fleet/issues/9345, https://github.com/fleetdm/fleet/issues/9358 and https://github.com/fleetdm/fleet/issues/9346 this adds: 1. The ability to configure `mdm.macos_updates` via `PATCH /config` and `PATCH /teams/{id}` 3. The ability to configure `mdm.macos_updates` by using `fleetctl apply -f` for teams and global config.
2023-01-24 16:20:02 +00:00
"apple_bm_terms_expired": false,
Add readonly MDM.EnabledAndConfigured to app config and device responses (#9575) Related to #9571, this adds a new value to both responses which is calculated when the Fleet server is started, and only set to `true` if the server is properly configured for MDM. This helps the UI to determine wether or not we should show certain UI elements that we only want to show to servers with MDM enabled.
2023-02-01 17:47:52 +00:00
"enabled_and_configured": false,
add mdm root key and macos_updates to app and team configs (#9442) Related to https://github.com/fleetdm/fleet/issues/9345, https://github.com/fleetdm/fleet/issues/9358 and https://github.com/fleetdm/fleet/issues/9346 this adds: 1. The ability to configure `mdm.macos_updates` via `PATCH /config` and `PATCH /teams/{id}` 3. The ability to configure `mdm.macos_updates` by using `fleetctl apply -f` for teams and global config.
2023-01-24 16:20:02 +00:00
"macos_updates": {
"minimum_version": "",
"deadline": ""
}
},
add application config setting to enable JIT provisioning (#7140) As part of #7053, this adds a config setting to enable JIT provisioning.
2022-08-10 18:15:35 +00:00
"update_interval": {
"osquery_detail": "1h0m0s",
"osquery_policy": "1h0m0s"
},
"vulnerabilities": {
"databases_path": "",
"periodicity": "0s",
"cpe_database_url": "",
improve vuln cpe matching on macos (#6985) * add cpe translations * fix matching on target_sw
2022-09-01 16:02:07 +00:00
"cpe_translations_url": "",
add application config setting to enable JIT provisioning (#7140) As part of #7053, this adds a config setting to enable JIT provisioning.
2022-08-10 18:15:35 +00:00
"cve_feed_prefix_url": "",
"current_instance_checks": "",
"disable_data_sync": false,
Feature 7076: Ingest installed windows updates (#7138) * Ingest installed Windows updates and store them in the windows_updates table. * Added config option for enabling/disabling Windows update ingestion and Windows OS vuln. detection.
2022-08-26 18:55:03 +00:00
"recent_vulnerability_max_age": "0s",
"disable_win_os_vulnerabilities": false
},
"license": {
"tier": "free",
"expiration": "0001-01-01T00:00:00Z"
add application config setting to enable JIT provisioning (#7140) As part of #7053, this adds a config setting to enable JIT provisioning.
2022-08-10 18:15:35 +00:00
},
"logging": {
"debug": true,
"json": false,
"result": {
"plugin": "filesystem",
"config": {
"enable_log_compression": false,
"enable_log_rotation": false,
"result_log_file": "/dev/null",
Generate audit logs for activities (#9001) * Generate audit logs for activities * Fix config tests * Fix TestGetConfig/IncludeServerConfig * Fix use of AddAttributes in results only * Stream activities asynchronously * Fix index and add logging * Revert change * Documentation fixes
2022-12-23 22:04:13 +00:00
"status_log_file": "/dev/null",
"audit_log_file": "/dev/null"
add application config setting to enable JIT provisioning (#7140) As part of #7053, this adds a config setting to enable JIT provisioning.
2022-08-10 18:15:35 +00:00
}
},
"status": {
"plugin": "filesystem",
"config": {
"enable_log_compression": false,
"enable_log_rotation": false,
"result_log_file": "/dev/null",
Generate audit logs for activities (#9001) * Generate audit logs for activities * Fix config tests * Fix TestGetConfig/IncludeServerConfig * Fix use of AddAttributes in results only * Stream activities asynchronously * Fix index and add logging * Revert change * Documentation fixes
2022-12-23 22:04:13 +00:00
"status_log_file": "/dev/null",
"audit_log_file": "/dev/null"
}
},
"audit": {
"plugin": "filesystem",
"config": {
"enable_log_compression": false,
"enable_log_rotation": false,
"result_log_file": "/dev/null",
"status_log_file": "/dev/null",
"audit_log_file": "/dev/null"
add application config setting to enable JIT provisioning (#7140) As part of #7053, this adds a config setting to enable JIT provisioning.
2022-08-10 18:15:35 +00:00
}
}
}
}
}
Issue 1588 allow disabling host users (#1611) * Allow users to disable host_users * Add missing files * Address review comments * Fix tests * Check additional queries for nil, not the whole hostsettings * Finally fix tests
2021-08-11 17:56:11 +00:00
`
improve vuln cpe matching on macos (#6985) * add cpe translations * fix matching on target_sw
2022-09-01 16:02:07 +00:00
assert.YAMLEq(t, expectedYAML, runAppForTest(t, []string{"get", "config", "--include-server-config"}))
assert.YAMLEq(t, expectedYAML, runAppForTest(t, []string{"get", "config", "--include-server-config", "--yaml"}))
add application config setting to enable JIT provisioning (#7140) As part of #7053, this adds a config setting to enable JIT provisioning.
2022-08-10 18:15:35 +00:00
require.JSONEq(t, expectedJSON, runAppForTest(t, []string{"get", "config", "--include-server-config", "--json"}))
Add test for fleetctl preview (#2388) * Start a fleetctl preview test * Add tests for fleetctl preview * Fix setting of fleetctl auth token in test * Add fleet instance vulnerabilities config to response of GetAppConfig * Add checks that fleetctl preview enables vulnerability detection * Adjust doc for get config API response * Add the include-server-config flag to fleetctl get config * Update test now that some of the PRs have been merged Co-authored-by: Tomas Touceda <chiiph@gmail.com>
2021-10-07 13:19:10 +00:00
})
Issue 1588 allow disabling host users (#1611) * Allow users to disable host_users * Add missing files * Address review comments * Fix tests * Check additional queries for nil, not the whole hostsettings * Finally fix tests
2021-08-11 17:56:11 +00:00
}
Implement fleetctl get software and the underlying API (#1999) * Implement fleetctl get software and the underlying API * Add documentation * Simplify list software implementation * Lint fixes * Make team name unique * Address review comments * Fix lint * Fix tests
2021-09-14 13:58:48 +00:00
Run network test serially to prevent timeouts on Github CI (#5557) * Run network test serially to prevent timeouts on Github CI * Revert lint changes * Add simple file lock * Revert test change * Clarify error check
2022-05-10 14:52:33 +00:00
func TestGetSoftware(t *testing.T) {
Refactor integration tests (#1821) * Refactor integration tests * Remove nopCloser and use io.NopCloser * Address review comments
2021-09-15 19:27:53 +00:00
_, ds := runServerWithMockedDS(t)
Implement fleetctl get software and the underlying API (#1999) * Implement fleetctl get software and the underlying API * Add documentation * Simplify list software implementation * Lint fixes * Make team name unique * Address review comments * Fix lint * Fix tests
2021-09-14 13:58:48 +00:00
foo001 := fleet.Software{
Name: "foo", Version: "0.0.1", Source: "chrome_extensions", GenerateCPE: "somecpe",
Include CVE scores when listing software (#5673)
2022-05-20 16:58:40 +00:00
Vulnerabilities: fleet.Vulnerabilities{
Implement fleetctl get software and the underlying API (#1999) * Implement fleetctl get software and the underlying API * Add documentation * Simplify list software implementation * Lint fixes * Make team name unique * Address review comments * Fix lint * Fix tests
2021-09-14 13:58:48 +00:00
{CVE: "cve-321-432-543", DetailsLink: "https://nvd.nist.gov/vuln/detail/cve-321-432-543"},
{CVE: "cve-333-444-555", DetailsLink: "https://nvd.nist.gov/vuln/detail/cve-333-444-555"},
},
}
Remove host counts from software (#3082) * Remove host counts from software * Actually remove the host count from the struct * Fix get test
2021-11-23 18:50:51 +00:00
foo002 := fleet.Software{Name: "foo", Version: "0.0.2", Source: "chrome_extensions"}
foo003 := fleet.Software{Name: "foo", Version: "0.0.3", Source: "chrome_extensions", GenerateCPE: "someothercpewithoutvulns"}
bar003 := fleet.Software{Name: "bar", Version: "0.0.3", Source: "deb_packages", BundleIdentifier: "bundle"}
Implement fleetctl get software and the underlying API (#1999) * Implement fleetctl get software and the underlying API * Add documentation * Simplify list software implementation * Lint fixes * Make team name unique * Address review comments * Fix lint * Fix tests
2021-09-14 13:58:48 +00:00
var gotTeamID *uint
Add vulnerable filter for software and also wire up the query search (#2604) * Add vulnerable filter for software and also wire up the query search * Add documentation * Update to use software list options
2021-10-20 21:01:20 +00:00
ds.ListSoftwareFunc = func(ctx context.Context, opt fleet.SoftwareListOptions) ([]fleet.Software, error) {
gotTeamID = opt.TeamID
Implement fleetctl get software and the underlying API (#1999) * Implement fleetctl get software and the underlying API * Add documentation * Simplify list software implementation * Lint fixes * Make team name unique * Address review comments * Fix lint * Fix tests
2021-09-14 13:58:48 +00:00
return []fleet.Software{foo001, foo002, foo003, bar003}, nil
}
expected := `+------+---------+-------------------+--------------------------+-----------+
| NAME | VERSION | SOURCE | CPE | # OF CVES |
+------+---------+-------------------+--------------------------+-----------+
| foo | 0.0.1 | chrome_extensions | somecpe | 2 |
+------+---------+-------------------+--------------------------+-----------+
| foo | 0.0.2 | chrome_extensions | | 0 |
+------+---------+-------------------+--------------------------+-----------+
| foo | 0.0.3 | chrome_extensions | someothercpewithoutvulns | 0 |
+------+---------+-------------------+--------------------------+-----------+
| bar | 0.0.3 | deb_packages | | 0 |
+------+---------+-------------------+--------------------------+-----------+
`
expectedYaml := `---
apiVersion: "1"
kind: software
spec:
- generated_cpe: somecpe
id: 0
name: foo
source: chrome_extensions
version: 0.0.1
vulnerabilities:
- cve: cve-321-432-543
details_link: https://nvd.nist.gov/vuln/detail/cve-321-432-543
- cve: cve-333-444-555
details_link: https://nvd.nist.gov/vuln/detail/cve-333-444-555
- generated_cpe: ""
id: 0
name: foo
source: chrome_extensions
version: 0.0.2
vulnerabilities: null
- generated_cpe: someothercpewithoutvulns
id: 0
name: foo
source: chrome_extensions
version: 0.0.3
vulnerabilities: null
Add bundle identifier to software when available (#2220) * Add bundle identifier to software when available * Update docs * Delete unneeded test
2021-09-28 21:13:34 +00:00
- bundle_identifier: bundle
generated_cpe: ""
Implement fleetctl get software and the underlying API (#1999) * Implement fleetctl get software and the underlying API * Add documentation * Simplify list software implementation * Lint fixes * Make team name unique * Address review comments * Fix lint * Fix tests
2021-09-14 13:58:48 +00:00
id: 0
name: bar
source: deb_packages
version: 0.0.3
vulnerabilities: null
`
Include CVE scores when listing software (#5673)
2022-05-20 16:58:40 +00:00
expectedJson := `
{
"kind": "software",
"apiVersion": "1",
"spec": [
{
"id": 0,
"name": "foo",
"version": "0.0.1",
"source": "chrome_extensions",
"generated_cpe": "somecpe",
"vulnerabilities": [
{
"cve": "cve-321-432-543",
"details_link": "https://nvd.nist.gov/vuln/detail/cve-321-432-543"
},
{
"cve": "cve-333-444-555",
"details_link": "https://nvd.nist.gov/vuln/detail/cve-333-444-555"
}
]
},
{
"id": 0,
"name": "foo",
"version": "0.0.2",
"source": "chrome_extensions",
"generated_cpe": "",
"vulnerabilities": null
},
{
"id": 0,
"name": "foo",
"version": "0.0.3",
"source": "chrome_extensions",
"generated_cpe": "someothercpewithoutvulns",
"vulnerabilities": null
},
{
"id": 0,
"name": "bar",
"version": "0.0.3",
"bundle_identifier": "bundle",
"source": "deb_packages",
"generated_cpe": "",
"vulnerabilities": null
}
]
}
Implement fleetctl get software and the underlying API (#1999) * Implement fleetctl get software and the underlying API * Add documentation * Simplify list software implementation * Lint fixes * Make team name unique * Address review comments * Fix lint * Fix tests
2021-09-14 13:58:48 +00:00
`
assert.Equal(t, expected, runAppForTest(t, []string{"get", "software"}))
Include CVE scores when listing software (#5673)
2022-05-20 16:58:40 +00:00
assert.YAMLEq(t, expectedYaml, runAppForTest(t, []string{"get", "software", "--yaml"}))
assert.JSONEq(t, expectedJson, runAppForTest(t, []string{"get", "software", "--json"}))
Implement fleetctl get software and the underlying API (#1999) * Implement fleetctl get software and the underlying API * Add documentation * Simplify list software implementation * Lint fixes * Make team name unique * Address review comments * Fix lint * Fix tests
2021-09-14 13:58:48 +00:00
runAppForTest(t, []string{"get", "software", "--json", "--team", "999"})
require.NotNil(t, gotTeamID)
assert.Equal(t, uint(999), *gotTeamID)
}
Simplify fleetctl implementation and improve testing (#3830) * Simplify fleetctl implementation and improve testing * Add a few more * Handle not founds better * Fix tests * Check that logout ds func is called
2022-01-24 19:40:51 +00:00
func TestGetLabels(t *testing.T) {
_, ds := runServerWithMockedDS(t)
ds.GetLabelSpecsFunc = func(ctx context.Context) ([]*fleet.LabelSpec, error) {
return []*fleet.LabelSpec{
{
ID: 32,
Name: "label1",
Description: "some description",
Query: "select 1;",
Platform: "windows",
},
{
ID: 33,
Name: "label2",
Description: "some other description",
Query: "select 42;",
Platform: "linux",
},
}, nil
}
expected := `+--------+----------+------------------------+------------+
| NAME | PLATFORM | DESCRIPTION | QUERY |
+--------+----------+------------------------+------------+
| label1 | windows | some description | select 1; |
+--------+----------+------------------------+------------+
| label2 | linux | some other description | select 42; |
+--------+----------+------------------------+------------+
`
expectedYaml := `---
apiVersion: v1
kind: label
spec:
description: some description
id: 32
label_membership_type: dynamic
name: label1
platform: windows
query: select 1;
---
apiVersion: v1
kind: label
spec:
description: some other description
id: 33
label_membership_type: dynamic
name: label2
platform: linux
query: select 42;
`
expectedJson := `{"kind":"label","apiVersion":"v1","spec":{"id":32,"name":"label1","description":"some description","query":"select 1;","platform":"windows","label_membership_type":"dynamic"}}
{"kind":"label","apiVersion":"v1","spec":{"id":33,"name":"label2","description":"some other description","query":"select 42;","platform":"linux","label_membership_type":"dynamic"}}
`
assert.Equal(t, expected, runAppForTest(t, []string{"get", "labels"}))
assert.Equal(t, expectedYaml, runAppForTest(t, []string{"get", "labels", "--yaml"}))
assert.Equal(t, expectedJson, runAppForTest(t, []string{"get", "labels", "--json"}))
}
func TestGetLabel(t *testing.T) {
_, ds := runServerWithMockedDS(t)
ds.GetLabelSpecFunc = func(ctx context.Context, name string) (*fleet.LabelSpec, error) {
if name != "label1" {
return nil, nil
}
return &fleet.LabelSpec{
ID: 32,
Name: "label1",
Description: "some description",
Query: "select 1;",
Platform: "windows",
}, nil
}
expectedYaml := `---
apiVersion: v1
kind: label
spec:
description: some description
id: 32
label_membership_type: dynamic
name: label1
platform: windows
query: select 1;
`
expectedJson := `{"kind":"label","apiVersion":"v1","spec":{"id":32,"name":"label1","description":"some description","query":"select 1;","platform":"windows","label_membership_type":"dynamic"}}
`
assert.Equal(t, expectedYaml, runAppForTest(t, []string{"get", "label", "label1"}))
assert.Equal(t, expectedYaml, runAppForTest(t, []string{"get", "label", "--yaml", "label1"}))
assert.Equal(t, expectedJson, runAppForTest(t, []string{"get", "label", "--json", "label1"}))
}
func TestGetEnrollmentSecrets(t *testing.T) {
_, ds := runServerWithMockedDS(t)
ds.GetEnrollSecretsFunc = func(ctx context.Context, teamID *uint) ([]*fleet.EnrollSecret, error) {
return []*fleet.EnrollSecret{
{
Secret: "abcd",
TeamID: nil,
},
{
Secret: "efgh",
TeamID: nil,
},
}, nil
}
expectedYaml := `---
apiVersion: v1
kind: enroll_secret
spec:
secrets:
- created_at: "0001-01-01T00:00:00Z"
secret: abcd
- created_at: "0001-01-01T00:00:00Z"
secret: efgh
`
expectedJson := `{"kind":"enroll_secret","apiVersion":"v1","spec":{"secrets":[{"secret":"abcd","created_at":"0001-01-01T00:00:00Z"},{"secret":"efgh","created_at":"0001-01-01T00:00:00Z"}]}}
`
assert.Equal(t, expectedYaml, runAppForTest(t, []string{"get", "enroll_secrets"}))
assert.Equal(t, expectedYaml, runAppForTest(t, []string{"get", "enroll_secrets", "--yaml"}))
assert.Equal(t, expectedJson, runAppForTest(t, []string{"get", "enroll_secrets", "--json"}))
}
func TestGetPacks(t *testing.T) {
_, ds := runServerWithMockedDS(t)
ds.GetPackSpecsFunc = func(ctx context.Context) ([]*fleet.PackSpec, error) {
return []*fleet.PackSpec{
{
ID: 7,
Name: "pack1",
Description: "some desc",
Platform: "darwin",
Disabled: false,
},
}, nil
}
expected := `+-------+----------+-------------+----------+
| NAME | PLATFORM | DESCRIPTION | DISABLED |
+-------+----------+-------------+----------+
| pack1 | darwin | some desc | false |
+-------+----------+-------------+----------+
`
expectedYaml := `---
apiVersion: v1
kind: pack
spec:
description: some desc
disabled: false
id: 7
name: pack1
platform: darwin
targets:
labels: null
Add team targets to pack spec (#4272) * skip flaky tests
2022-02-21 16:18:58 +00:00
teams: null
Simplify fleetctl implementation and improve testing (#3830) * Simplify fleetctl implementation and improve testing * Add a few more * Handle not founds better * Fix tests * Check that logout ds func is called
2022-01-24 19:40:51 +00:00
`
Add team targets to pack spec (#4272) * skip flaky tests
2022-02-21 16:18:58 +00:00
expectedJson := `
{
"kind": "pack",
"apiVersion": "v1",
"spec": {
"id": 7,
"name": "pack1",
"description": "some desc",
"platform": "darwin",
"disabled": false,
"targets": {
"labels": null,
"teams": null
}
}
}
Simplify fleetctl implementation and improve testing (#3830) * Simplify fleetctl implementation and improve testing * Add a few more * Handle not founds better * Fix tests * Check that logout ds func is called
2022-01-24 19:40:51 +00:00
`
assert.Equal(t, expected, runAppForTest(t, []string{"get", "packs"}))
Add team targets to pack spec (#4272) * skip flaky tests
2022-02-21 16:18:58 +00:00
assert.YAMLEq(t, expectedYaml, runAppForTest(t, []string{"get", "packs", "--yaml"}))
assert.JSONEq(t, expectedJson, runAppForTest(t, []string{"get", "packs", "--json"}))
Simplify fleetctl implementation and improve testing (#3830) * Simplify fleetctl implementation and improve testing * Add a few more * Handle not founds better * Fix tests * Check that logout ds func is called
2022-01-24 19:40:51 +00:00
}
func TestGetPack(t *testing.T) {
_, ds := runServerWithMockedDS(t)
ds.PackByNameFunc = func(ctx context.Context, name string, opts ...fleet.OptionalArg) (*fleet.Pack, bool, error) {
if name != "pack1" {
return nil, false, nil
}
return &fleet.Pack{
ID: 7,
Name: "pack1",
Description: "some desc",
Platform: "darwin",
Disabled: false,
}, true, nil
}
ds.GetPackSpecFunc = func(ctx context.Context, name string) (*fleet.PackSpec, error) {
if name != "pack1" {
return nil, nil
}
return &fleet.PackSpec{
ID: 7,
Name: "pack1",
Description: "some desc",
Platform: "darwin",
Disabled: false,
}, nil
}
expectedYaml := `---
apiVersion: v1
kind: pack
spec:
description: some desc
disabled: false
id: 7
name: pack1
platform: darwin
targets:
labels: null
Add team targets to pack spec (#4272) * skip flaky tests
2022-02-21 16:18:58 +00:00
teams: null
Simplify fleetctl implementation and improve testing (#3830) * Simplify fleetctl implementation and improve testing * Add a few more * Handle not founds better * Fix tests * Check that logout ds func is called
2022-01-24 19:40:51 +00:00
`
Add team targets to pack spec (#4272) * skip flaky tests
2022-02-21 16:18:58 +00:00
expectedJson := `
{
"kind": "pack",
"apiVersion": "v1",
"spec": {
"id": 7,
"name": "pack1",
"description": "some desc",
"platform": "darwin",
"disabled": false,
"targets": {
"labels": null,
"teams": null
}
}
}
Simplify fleetctl implementation and improve testing (#3830) * Simplify fleetctl implementation and improve testing * Add a few more * Handle not founds better * Fix tests * Check that logout ds func is called
2022-01-24 19:40:51 +00:00
`
Add team targets to pack spec (#4272) * skip flaky tests
2022-02-21 16:18:58 +00:00
assert.YAMLEq(t, expectedYaml, runAppForTest(t, []string{"get", "packs", "pack1"}))
assert.YAMLEq(t, expectedYaml, runAppForTest(t, []string{"get", "packs", "--yaml", "pack1"}))
assert.JSONEq(t, expectedJson, runAppForTest(t, []string{"get", "packs", "--json", "pack1"}))
Simplify fleetctl implementation and improve testing (#3830) * Simplify fleetctl implementation and improve testing * Add a few more * Handle not founds better * Fix tests * Check that logout ds func is called
2022-01-24 19:40:51 +00:00
}
func TestGetQueries(t *testing.T) {
_, ds := runServerWithMockedDS(t)
ds.ListQueriesFunc = func(ctx context.Context, opt fleet.ListQueryOptions) ([]*fleet.Query, error) {
return []*fleet.Query{
{
ID: 33,
Name: "query1",
Description: "some desc",
Query: "select 1;",
Saved: false,
ObserverCanRun: false,
},
{
ID: 12,
Name: "query2",
Description: "some desc 2",
Query: "select 2;",
Saved: true,
ObserverCanRun: false,
},
}, nil
}
expected := `+--------+-------------+-----------+
| NAME | DESCRIPTION | QUERY |
+--------+-------------+-----------+
| query1 | some desc | select 1; |
+--------+-------------+-----------+
| query2 | some desc 2 | select 2; |
+--------+-------------+-----------+
`
expectedYaml := `---
apiVersion: v1
kind: query
spec:
description: some desc
name: query1
query: select 1;
---
apiVersion: v1
kind: query
spec:
description: some desc 2
name: query2
query: select 2;
`
expectedJson := `{"kind":"query","apiVersion":"v1","spec":{"name":"query1","description":"some desc","query":"select 1;"}}
{"kind":"query","apiVersion":"v1","spec":{"name":"query2","description":"some desc 2","query":"select 2;"}}
`
assert.Equal(t, expected, runAppForTest(t, []string{"get", "queries"}))
assert.Equal(t, expectedYaml, runAppForTest(t, []string{"get", "queries", "--yaml"}))
assert.Equal(t, expectedJson, runAppForTest(t, []string{"get", "queries", "--json"}))
}
func TestGetQuery(t *testing.T) {
_, ds := runServerWithMockedDS(t)
ds.QueryByNameFunc = func(ctx context.Context, name string, opts ...fleet.OptionalArg) (*fleet.Query, error) {
if name != "query1" {
return nil, nil
}
return &fleet.Query{
ID: 33,
Name: "query1",
Description: "some desc",
Query: "select 1;",
Saved: false,
ObserverCanRun: false,
}, nil
}
expectedYaml := `---
apiVersion: v1
kind: query
spec:
description: some desc
name: query1
query: select 1;
`
expectedJson := `{"kind":"query","apiVersion":"v1","spec":{"name":"query1","description":"some desc","query":"select 1;"}}
`
assert.Equal(t, expectedYaml, runAppForTest(t, []string{"get", "query", "query1"}))
assert.Equal(t, expectedYaml, runAppForTest(t, []string{"get", "query", "--yaml", "query1"}))
assert.Equal(t, expectedJson, runAppForTest(t, []string{"get", "query", "--json", "query1"}))
}
deprecate host_settings in favor of features (#7358) Related to #7312, this makes use of the changes introduced in #7353 to rename host_settings to features while keeping backwards compatibility.
2022-08-25 16:41:50 +00:00
func TestEnrichedAppConfig(t *testing.T) {
t.Run("deprecated fields", func(t *testing.T) {
resp := []byte(`
{
"org_info": {
"org_name": "Fleet for osquery",
"org_logo_url": ""
},
"server_settings": {
"server_url": "https://localhost:8412",
"live_query_disabled": false,
"enable_analytics": false,
"deferred_save_host": false
},
"smtp_settings": {
"enable_smtp": false,
"configured": false,
"sender_address": "",
"server": "",
"port": 587,
"authentication_type": "authtype_username_password",
"user_name": "",
"password": "",
"enable_ssl_tls": true,
"authentication_method": "authmethod_plain",
"domain": "",
"verify_ssl_certs": true,
"enable_start_tls": true
},
"host_expiry_settings": {
"host_expiry_enabled": false,
"host_expiry_window": 0
},
"host_settings": {
"enable_host_users": true,
"enable_software_inventory": true
},
"agent_options": {
"config": {
"options": {
"logger_plugin": "tls",
"pack_delimiter": "/",
"logger_tls_period": 10,
"distributed_plugin": "tls",
"disable_distributed": false,
"logger_tls_endpoint": "/api/osquery/log",
"distributed_interval": 10,
"distributed_tls_max_attempts": 3
},
"decorators": {
"load": [
"SELECT uuid AS host_uuid FROM system_info;",
"SELECT hostname AS hostname FROM system_info;"
]
}
},
"overrides": {}
},
"sso_settings": {
"entity_id": "",
"issuer_uri": "",
"idp_image_url": "",
"metadata": "",
"metadata_url": "",
"idp_name": "",
"enable_sso": false,
"enable_sso_idp_login": false,
"enable_jit_provisioning": false
},
"fleet_desktop": {
"transparency_url": "https://fleetdm.com/transparency"
},
"vulnerability_settings": {
"databases_path": ""
},
"webhook_settings": {
"host_status_webhook": {
"enable_host_status_webhook": false,
"destination_url": "",
"host_percentage": 0,
"days_count": 0
},
"failing_policies_webhook": {
"enable_failing_policies_webhook": false,
"destination_url": "",
"policy_ids": null,
"host_batch_size": 0
},
"vulnerabilities_webhook": {
"enable_vulnerabilities_webhook": false,
"destination_url": "",
"host_batch_size": 0
},
"interval": "24h0m0s"
},
"integrations": {
"jira": null,
"zendesk": null
},
"update_interval": {
"osquery_detail": 3600000000000,
"osquery_policy": 3600000000000
},
"vulnerabilities": {
"databases_path": "/vulndb",
"periodicity": 300000000000,
"cpe_database_url": "",
"cve_feed_prefix_url": "",
"current_instance_checks": "yes",
"disable_data_sync": false,
"recent_vulnerability_max_age": 2592000000000000
},
"license": {
"tier": "free",
"expiration": "0001-01-01T00:00:00Z"
},
"logging": {
"debug": true,
"json": true,
"result": {
"plugin": "filesystem",
"config": {
"status_log_file": "/logs/osqueryd.status.log",
"result_log_file": "/logs/osqueryd.results.log",
"enable_log_rotation": false,
"enable_log_compression": false
}
},
"status": {
"plugin": "filesystem",
"config": {
"status_log_file": "/logs/osqueryd.status.log",
"result_log_file": "/logs/osqueryd.results.log",
"enable_log_rotation": false,
"enable_log_compression": false
}
}
}
}
`)
var enriched fleet.EnrichedAppConfig
err := json.Unmarshal(resp, &enriched)
require.NoError(t, err)
require.NotNil(t, enriched.Vulnerabilities)
require.Equal(t, "yes", enriched.Vulnerabilities.CurrentInstanceChecks)
require.True(t, enriched.Features.EnableSoftwareInventory)
require.Equal(t, "free", enriched.License.Tier)
require.Equal(t, "filesystem", enriched.Logging.Status.Plugin)
})
}
Implement fleetctl get mdm-apple (#8786)
2022-12-05 16:35:45 +00:00
func TestGetAppleMDM(t *testing.T) {
runServerWithMockedDS(t)
// can only test when no MDM cert is provided, otherwise they would have to
// be valid Apple APNs and SCEP certs.
expected := `Error: No Apple Push Notification service (APNs) certificate found.`
assert.Contains(t, runAppForTest(t, []string{"get", "mdm_apple"}), expected)
}
report errors that can occur during file carving (#8972) related to https://github.com/fleetdm/fleet/issues/8117
2022-12-09 16:21:30 +00:00
Add command `get mdm-apple-bm` to fleetctl (#8949)
2022-12-12 20:45:53 +00:00
func TestGetAppleBM(t *testing.T) {
t.Run("free license", func(t *testing.T) {
runServerWithMockedDS(t)
expected := `could not get Apple BM information: missing or invalid license`
_, err := runAppNoChecks([]string{"get", "mdm_apple_bm"})
require.Error(t, err)
assert.Contains(t, err.Error(), expected)
})
t.Run("premium license", func(t *testing.T) {
runServerWithMockedDS(t, &service.TestServerOpts{License: &fleet.LicenseInfo{Tier: fleet.TierPremium}})
expected := `No Apple Business Manager server token found`
assert.Contains(t, runAppForTest(t, []string{"get", "mdm_apple_bm"}), expected)
})
}
report errors that can occur during file carving (#8972) related to https://github.com/fleetdm/fleet/issues/8117
2022-12-09 16:21:30 +00:00
func TestGetCarves(t *testing.T) {
_, ds := runServerWithMockedDS(t)
createdAt, err := time.Parse(time.RFC3339, "1999-03-10T02:45:06.371Z")
require.NoError(t, err)
ds.ListCarvesFunc = func(ctx context.Context, opts fleet.CarveListOptions) ([]*fleet.CarveMetadata, error) {
return []*fleet.CarveMetadata{
{
HostId: 1,
Name: "foobar",
BlockCount: 10,
BlockSize: 12,
CarveSize: 123,
CarveId: "carve_id_1",
RequestId: "request_id_1",
SessionId: "session_id_1",
CreatedAt: createdAt,
},
{
HostId: 2,
Name: "barfoo",
BlockCount: 20,
BlockSize: 44,
CarveSize: 123,
CarveId: "carve_id_2",
RequestId: "request_id_2",
SessionId: "session_id_2",
CreatedAt: createdAt,
Error: ptr.String("test error"),
},
}, nil
}
expected := `+----+--------------------------------+--------------+------------+------------+---------+
| ID | CREATED AT | REQUEST ID | CARVE SIZE | COMPLETION | ERRORED |
+----+--------------------------------+--------------+------------+------------+---------+
| 0 | 1999-03-10 02:45:06.371 +0000 | request_id_1 | 123 | 10% | no |
| | UTC | | | | |
+----+--------------------------------+--------------+------------+------------+---------+
| 0 | 1999-03-10 02:45:06.371 +0000 | request_id_2 | 123 | 5% | yes |
| | UTC | | | | |
+----+--------------------------------+--------------+------------+------------+---------+
`
assert.Equal(t, expected, runAppForTest(t, []string{"get", "carves"}))
}
func TestGetCarve(t *testing.T) {
_, ds := runServerWithMockedDS(t)
createdAt, err := time.Parse(time.RFC3339, "1999-03-10T02:45:06.371Z")
require.NoError(t, err)
ds.CarveFunc = func(ctx context.Context, carveID int64) (*fleet.CarveMetadata, error) {
return &fleet.CarveMetadata{
HostId: 1,
Name: "foobar",
BlockCount: 10,
BlockSize: 12,
CarveSize: 123,
CarveId: "carve_id_1",
RequestId: "request_id_1",
SessionId: "session_id_1",
CreatedAt: createdAt,
}, nil
}
expectedOut := `---
block_count: 10
block_size: 12
carve_id: carve_id_1
carve_size: 123
created_at: "1999-03-10T02:45:06.371Z"
error: null
expired: false
host_id: 1
id: 0
max_block: 0
name: foobar
request_id: request_id_1
session_id: session_id_1
`
assert.Equal(t, expectedOut, runAppForTest(t, []string{"get", "carve", "1"}))
}
func TestGetCarveWithError(t *testing.T) {
_, ds := runServerWithMockedDS(t)
createdAt, err := time.Parse(time.RFC3339, "1999-03-10T02:45:06.371Z")
require.NoError(t, err)
ds.CarveFunc = func(ctx context.Context, carveID int64) (*fleet.CarveMetadata, error) {
return &fleet.CarveMetadata{
HostId: 1,
Name: "foobar",
BlockCount: 10,
BlockSize: 12,
CarveSize: 123,
CarveId: "carve_id_1",
RequestId: "request_id_1",
SessionId: "session_id_1",
CreatedAt: createdAt,
Error: ptr.String("test error"),
}, nil
}
runAppCheckErr(t, []string{"get", "carve", "1"}, "test error")
}
Make `fleetctl get teams --yaml` output compatible with `fleetctl apply -f` (#9626) #9535 - [X] Changes file added for user-visible changes in `changes/` or `orbit/changes/`. See [Changes files](https://fleetdm.com/docs/contributing/committing-changes#changes-files) for more information. - ~[ ] Documented any API changes (docs/Using-Fleet/REST-API.md or docs/Contributing/API-for-contributors.md)~ - ~[ ] Documented any permissions changes~ - ~[ ] Input data is properly validated, `SELECT *` is avoided, SQL injection is prevented (using placeholders for values in statements)~ - ~[ ] Added support on fleet's osquery simulator `cmd/osquery-perf` for new osquery data ingestion features.~ - [X] Added/updated tests - [X] Manual QA for all new/changed functionality - ~For Orbit and Fleet Desktop changes:~ - ~[ ] Manual QA must be performed in the three main OSs, macOS, Windows and Linux.~ - ~[ ] Auto-update manual QA, from released version of component to new version (see [tools/tuf/test](../tools/tuf/test/README.md)).~
2023-02-02 17:46:50 +00:00
// TestGetTeamsYAMLAndApply checks that the output of `get teams --yaml` can be applied
// via the `apply` command.
func TestGetTeamsYAMLAndApply(t *testing.T) {
_, ds := runServerWithMockedDS(t, &service.TestServerOpts{
License: &fleet.LicenseInfo{Tier: fleet.TierPremium, Expiration: time.Now().Add(24 * time.Hour)},
})
created_at, err := time.Parse(time.RFC3339, "1999-03-10T02:45:06.371Z")
require.NoError(t, err)
agentOpts := json.RawMessage(`
{
"config": {
"options": {
"distributed_interval": 10
}
},
"overrides": {
"platforms": {
"darwin": {
"options": {
"distributed_interval": 5
}
}
}
}
}`)
additionalQueries := json.RawMessage(`{"time":"SELECT * FROM time;"}`)
team1 := &fleet.Team{
ID: 42,
CreatedAt: created_at,
Name: "team1",
Description: "team1 description",
UserCount: 99,
Config: fleet.TeamConfig{
Features: fleet.Features{
EnableHostUsers: true,
EnableSoftwareInventory: true,
},
},
}
team2 := &fleet.Team{
ID: 43,
CreatedAt: created_at,
Name: "team2",
Description: "team2 description",
UserCount: 87,
Config: fleet.TeamConfig{
AgentOptions: &agentOpts,
Features: fleet.Features{
AdditionalQueries: &additionalQueries,
},
MDM: fleet.TeamMDM{
MacOSUpdates: fleet.MacOSUpdates{
MinimumVersion: "12.3.1",
Deadline: "2021-12-14",
},
},
},
}
ds.ListTeamsFunc = func(ctx context.Context, filter fleet.TeamFilter, opt fleet.ListOptions) ([]*fleet.Team, error) {
return []*fleet.Team{team1, team2}, nil
}
ds.AppConfigFunc = func(ctx context.Context) (*fleet.AppConfig, error) {
return &fleet.AppConfig{AgentOptions: &agentOpts}, nil
}
ds.SaveTeamFunc = func(ctx context.Context, team *fleet.Team) (*fleet.Team, error) {
return team, nil
}
ds.ApplyEnrollSecretsFunc = func(ctx context.Context, teamID *uint, secrets []*fleet.EnrollSecret) error {
return nil
}
ds.NewActivityFunc = func(ctx context.Context, user *fleet.User, activity fleet.ActivityDetails) error {
return nil
}
ds.TeamByNameFunc = func(ctx context.Context, name string) (*fleet.Team, error) {
if name == "team1" {
return team1, nil
} else if name == "team2" {
return team2, nil
}
return nil, fmt.Errorf("team not found: %s", name)
}
actualYaml := runAppForTest(t, []string{"get", "teams", "--yaml"})
yamlFilePath := writeTmpYml(t, actualYaml)
require.Equal(t, "[+] applied 2 teams\n", runAppForTest(t, []string{"apply", "-f", yamlFilePath}))
}
Reference in New Issue Copy Permalink