Fleet desktop should use lightweight endpoint for getting failing policies count (#8159)

Fleet desktop should use lightweight endpoint for getting failing policies count
2024-11-06 08:55:24 +00:00 · 2022-10-12 16:13:43 -04:00 · 2022-10-12 16:13:43 -04:00 · 6939af045d
commit 6939af045d
parent 91ea7bf244
6 changed files with 63 additions and 42 deletions
--- a/changes/feature-6946-fleet-desktop-uses-minimal-endpoint
+++ b/changes/feature-6946-fleet-desktop-uses-minimal-endpoint
@ -0,0 +1,2 @@
+- Updated Fleet Desktop to use the new endpoint introduced in
+  https://github.com/fleetdm/fleet/issues/7084
--- a/orbit/cmd/desktop/desktop.go
+++ b/orbit/cmd/desktop/desktop.go
@ -120,7 +120,7 @@ func main() {

 				for {
 					refetchToken()
-					_, err := client.ListDevicePolicies(tokenReader.GetCached())
+					_, err := client.NumberOfFailingPolicies(tokenReader.GetCached())

 					if err == nil || errors.Is(err, service.ErrMissingLicense) {
 						log.Debug().Msg("enabling tray items")
@ -173,7 +173,7 @@ func main() {
 			defer tic.Stop()

 			for {
-				policies, err := client.ListDevicePolicies(tokenReader.GetCached())
+				failingPolicies, err := client.NumberOfFailingPolicies(tokenReader.GetCached())
 				switch {
 				case err == nil:
 					// OK
@ -185,28 +185,21 @@ func main() {
 					<-checkToken()
 					continue
 				default:
-					log.Error().Err(err).Msg("get device URL")
+					log.Error().Err(err).Msg("get failing policies")
 					continue
 				}

-				failedPolicyCount := 0
-				for _, policy := range policies {
-					if policy.Response != "pass" {
-						failedPolicyCount++
-					}
-				}
-
-				if failedPolicyCount > 0 {
+				if failingPolicies > 0 {
 					if runtime.GOOS == "windows" {
 						// Windows (or maybe just the systray library?) doesn't support color emoji
 						// in the system tray menu, so we use text as an alternative.
-						if failedPolicyCount == 1 {
+						if failingPolicies == 1 {
 							myDeviceItem.SetTitle("My device (1 issue)")
 						} else {
-							myDeviceItem.SetTitle(fmt.Sprintf("My device (%d issues)", failedPolicyCount))
+							myDeviceItem.SetTitle(fmt.Sprintf("My device (%d issues)", failingPolicies))
 						}
 					} else {
-						myDeviceItem.SetTitle(fmt.Sprintf("🔴 My device (%d)", failedPolicyCount))
+						myDeviceItem.SetTitle(fmt.Sprintf("🔴 My device (%d)", failingPolicies))
 					}
 				} else {
 					if runtime.GOOS == "windows" {
--- a/server/service/device_client.go
+++ b/server/service/device_client.go
@ -49,17 +49,6 @@ func (dc *DeviceClient) request(verb string, path string, query string, response
 	return dc.parseResponse(verb, path, response, responseDest)
 }

-// ListDevicePolicies fetches all policies for the device with the provided token
-func (dc *DeviceClient) ListDevicePolicies(token string) ([]*fleet.HostPolicy, error) {
-	verb, path := "GET", "/api/latest/fleet/device/"+token+"/policies"
-	var responseBody listDevicePoliciesResponse
-	err := dc.request(verb, path, "", &responseBody)
-	if err != nil {
-		return nil, err
-	}
-	return responseBody.Policies, nil
-}
-
 // TransparencyURL returns an URL that the server will use to redirect to the
 // transparency URL configured by the user
 func (dc *DeviceClient) TransparencyURL(token string) string {
@ -74,8 +63,8 @@ func (dc *DeviceClient) DeviceURL(token string) string {
 // CheckToken checks if a token is valid by making an authenticated request to
 // the server
 func (dc *DeviceClient) CheckToken(token string) error {
-	verb, path := "GET", "/api/latest/fleet/device/"+token+"/policies"
-	return dc.request(verb, path, "", &FleetDesktopResponse{})
+	_, err := dc.NumberOfFailingPolicies(token)
+	return err
 }

 // Ping sends a ping to the server using the device/ping endpoint
@ -91,3 +80,41 @@ func (dc *DeviceClient) Ping() error {

 	return err
 }
+
+func (dc *DeviceClient) getListDevicePolicies(token string) ([]*fleet.HostPolicy, error) {
+	verb, path := "GET", "/api/latest/fleet/device/"+token+"/policies"
+	var responseBody listDevicePoliciesResponse
+	err := dc.request(verb, path, "", &responseBody)
+	return responseBody.Policies, err
+}
+
+func (dc *DeviceClient) getMinDesktopPayload(token string) (fleetDesktopResponse, error) {
+	verb, path := "GET", "/api/latest/fleet/device/"+token+"/desktop"
+	var r fleetDesktopResponse
+	err := dc.request(verb, path, "", &r)
+	return r, err
+}
+
+func (dc *DeviceClient) NumberOfFailingPolicies(token string) (uint, error) {
+	r, err := dc.getMinDesktopPayload(token)
+	if err == nil {
+		return uintValueOrZero(r.FailingPolicies), nil
+	}
+
+	if errors.Is(err, notFoundErr{}) {
+		policies, err := dc.getListDevicePolicies(token)
+		if err != nil {
+			return 0, err
+		}
+
+		var failingPolicies uint
+		for _, policy := range policies {
+			if policy.Response != "pass" {
+				failingPolicies++
+			}
+		}
+		return failingPolicies, nil
+	}
+
+	return 0, err
+}
--- a/server/service/device_client_test.go
+++ b/server/service/device_client_test.go
@ -38,24 +38,23 @@ func TestDeviceClientGetDesktopPayload(t *testing.T) {

 	t.Run("with wrong license", func(t *testing.T) {
 		mockRequestDoer.statusCode = http.StatusPaymentRequired
-		_, err = client.ListDevicePolicies(token)
+		_, err = client.NumberOfFailingPolicies(token)
 		require.ErrorIs(t, err, ErrMissingLicense)
 	})

-	t.Run("with empty policies", func(t *testing.T) {
+	t.Run("with no failing policies", func(t *testing.T) {
 		mockRequestDoer.statusCode = http.StatusOK
-		mockRequestDoer.resBody = `{"policies": []}`
-		policies, err := client.ListDevicePolicies(token)
+		mockRequestDoer.resBody = `{}`
+		result, err := client.NumberOfFailingPolicies(token)
 		require.NoError(t, err)
-		require.Len(t, policies, 0)
+		require.Equal(t, uint(0), result)
 	})

-	t.Run("with policies", func(t *testing.T) {
+	t.Run("with failing policies", func(t *testing.T) {
 		mockRequestDoer.statusCode = http.StatusOK
-		mockRequestDoer.resBody = `{"policies": [{"id": 1}]}`
-		policies, err := client.ListDevicePolicies(token)
+		mockRequestDoer.resBody = `{"failing_policies_count": 1}`
+		result, err := client.NumberOfFailingPolicies(token)
 		require.NoError(t, err)
-		require.Len(t, policies, 1)
-		require.Equal(t, uint(1), policies[0].ID)
+		require.Equal(t, uint(1), result)
 	})
 }
--- a/server/service/devices.go
+++ b/server/service/devices.go
@ -41,7 +41,7 @@ func (svc *Service) DisableAuthForPing(ctx context.Context) {
 // Fleet Desktop endpoints
 /////////////////////////////////////////////////////////////////////////////////

-type FleetDesktopResponse struct {
+type fleetDesktopResponse struct {
 	Err             error `json:"error,omitempty"`
 	FailingPolicies *uint `json:"failing_policies_count,omitempty"`
 }
@ -61,15 +61,15 @@ func getFleetDesktopEndpoint(ctx context.Context, request interface{}, svc fleet

 	if !ok {
 		err := ctxerr.Wrap(ctx, fleet.NewAuthRequiredError("internal error: missing host from request context"))
-		return FleetDesktopResponse{Err: err}, nil
+		return fleetDesktopResponse{Err: err}, nil
 	}

 	r, err := svc.FailingPoliciesCount(ctx, host)
 	if err != nil {
-		return FleetDesktopResponse{Err: err}, nil
+		return fleetDesktopResponse{Err: err}, nil
 	}

-	return FleetDesktopResponse{FailingPolicies: &r}, nil
+	return fleetDesktopResponse{FailingPolicies: &r}, nil
 }

 /////////////////////////////////////////////////////////////////////////////////
--- a/server/service/integration_enterprise_test.go
+++ b/server/service/integration_enterprise_test.go
@ -1278,7 +1278,7 @@ func (s *integrationEnterpriseTestSuite) TestListDevicePolicies() {
 	require.Len(t, *getDeviceHostResp.Host.Policies, 2)

 	// GET `/api/_version_/fleet/device/{token}/desktop`
-	getDesktopResp := FleetDesktopResponse{}
+	getDesktopResp := fleetDesktopResponse{}
 	res = s.DoRawNoAuth("GET", "/api/latest/fleet/device/"+token+"/desktop", nil, http.StatusOK)
 	json.NewDecoder(res.Body).Decode(&getDesktopResp)
 	res.Body.Close()