Commit Graph

71 Commits

Author SHA1 Message Date
Lucas Manuel Rodriguez
2a532ede94
Do not return empty SSO and SMTP settings for non-global-admins (#12180)
#11266

PS: I first attempted a serialization trick by introducing a new
`appConfigResponse` and implementing `json.Marshal` to exclude these
fields but it was too hacky and hard to maintain moving forward, so I'm
bitting the bullet now. Happy to hear other ideas.

- [X] Changes file added for user-visible changes in `changes/` or
`orbit/changes/`.
See [Changes
files](https://fleetdm.com/docs/contributing/committing-changes#changes-files)
for more information.
- ~[ ] Documented any API changes (docs/Using-Fleet/REST-API.md or
docs/Contributing/API-for-contributors.md)~
- ~[ ] Documented any permissions changes~
- ~[ ] Input data is properly validated, `SELECT *` is avoided, SQL
injection is prevented (using placeholders for values in statements)~
- ~[ ] Added support on fleet's osquery simulator `cmd/osquery-perf` for
new osquery data ingestion features.~
- [X] Added/updated tests
- [X] Manual QA for all new/changed functionality
  - ~For Orbit and Fleet Desktop changes:~
- ~[ ] Manual QA must be performed in the three main OSs, macOS, Windows
and Linux.~
- ~[ ] Auto-update manual QA, from released version of component to new
version (see [tools/tuf/test](../tools/tuf/test/README.md)).~
2023-06-07 16:06:36 -03:00
Lucas Manuel Rodriguez
1ebfbb14eb
New gitops role (#10850)
#8593

This PR adds a new role `gitops` to Fleet.
MDM capabilities for the role coming on a separate PR. We need this
merged ASAP so that we can unblock the UI work for this.

- [X] Changes file added for user-visible changes in `changes/` or
`orbit/changes/`.
See [Changes
files](https://fleetdm.com/docs/contributing/committing-changes#changes-files)
for more information.
- [x] Documented any API changes (docs/Using-Fleet/REST-API.md or
docs/Contributing/API-for-contributors.md)
- [X] Documented any permissions changes
- ~[ ] Input data is properly validated, `SELECT *` is avoided, SQL
injection is prevented (using placeholders for values in statements)~
- ~[ ] Added support on fleet's osquery simulator `cmd/osquery-perf` for
new osquery data ingestion features.~
- [X] Added/updated tests
- [x] Manual QA for all new/changed functionality
  - ~For Orbit and Fleet Desktop changes:~
- ~[ ] Manual QA must be performed in the three main OSs, macOS, Windows
and Linux.~
- ~[ ] Auto-update manual QA, from released version of component to new
version (see [tools/tuf/test](../tools/tuf/test/README.md)).~
2023-04-12 16:11:04 -03:00
Benjamin Edwards
6f836d60cb
add support for AWS SES email backend (#10847) 2023-04-06 13:21:07 -05:00
Lucas Manuel Rodriguez
e1bbcfcfda
Generate audit logs for activities (#9001)
* Generate audit logs for activities

* Fix config tests

* Fix TestGetConfig/IncludeServerConfig

* Fix use of AddAttributes in results only

* Stream activities asynchronously

* Fix index and add logging

* Revert change

* Documentation fixes
2022-12-23 19:04:13 -03:00
Martin Angers
472c8bafb3
Refactor license so it is stored in the context (#8544) 2022-11-15 09:08:05 -05:00
Michal Nicpon
0709d1bc5c
improve vuln cpe matching on macos (#6985)
* add cpe translations
* fix matching on target_sw
2022-09-01 10:02:07 -06:00
Juan Fernandez
3048a07fd1
Feature 7076: Ingest installed windows updates (#7138)
* Ingest installed Windows updates and store them in the windows_updates table. 
* Added config option for enabling/disabling Windows update ingestion and Windows OS vuln. detection.
2022-08-26 14:55:03 -04:00
Roberto Dip
6faee84f57
allow to configure a default global enroll secret (#6609)
Related to #6365 this adds a new config to set a global enroll token that will be used by the server.
2022-07-12 19:12:10 -03:00
Martin Angers
a23e0c41ff
Support failing policies integrations (#5973) 2022-06-06 10:41:51 -04:00
Lucas Manuel Rodriguez
9080563b7d
Fix some go lint warnings (#5888)
* Fix go lint warnings

* Add test for SMTPConfigured update
2022-05-31 07:19:57 -03:00
gillespi314
8e333509b1
Add license object to GET /fleet/device/{token} response (#5820) 2022-05-19 16:28:49 -05:00
gillespi314
1dabf52834
Add Zendesk external service integration for vulnerability automations (#5372) 2022-05-02 15:58:34 -05:00
Martin Angers
a4be69d9d1
Return the new recent_vulnerability_max_age config in the REST API config payload (#5107) 2022-04-13 12:05:57 -04:00
Martin Angers
ae85d9d069
Rename jira integration password to api_token, as that is what it is (#5068) 2022-04-12 10:56:05 -04:00
Martin Angers
193843a97d
Make a test request to Jira when saving AppConfig with an enabled jira integration (#4954) 2022-04-06 07:55:25 -04:00
Martin Angers
8b8cebb6fe
Migrate remaining user-authenticated endpoints (#3796) 2022-01-25 09:34:00 -05:00
Martin Angers
69a4985cac
Use new error handling approach in other packages (#2954) 2021-11-22 09:13:26 -05:00
Lucas Manuel Rodriguez
59e01fbe08
Make fleetctl apply -f fail with unknown kind: config fields (#3026)
* Make fleetctl apply fail with unknown fields

* Add unit test
2021-11-19 12:37:36 -03:00
dsbaha
51e35e1ba0
Implementation of a Kafka REST Proxy logging plugin (#2534)
This PR implements the status/result logger functions necessary interface with a Kafka REST Proxy service.  

Specifically, this is compatible with the [Confluent KAFKA Rest Proxy Service ](https://docs.confluent.io/1.0/kafka-rest/docs/intro.html).
2021-10-27 21:51:17 -07:00
Martin Angers
3aef96e15c
Add test for fleetctl preview (#2388)
* Start a fleetctl preview test

* Add tests for fleetctl preview

* Fix setting of fleetctl auth token in test

* Add fleet instance vulnerabilities config to response of GetAppConfig

* Add checks that fleetctl preview enables vulnerability detection

* Adjust doc for get config API response

* Add the include-server-config flag to fleetctl get config

* Update test now that some of the PRs have been merged

Co-authored-by: Tomas Touceda <chiiph@gmail.com>
2021-10-07 10:19:10 -03:00
Tomas Touceda
2033d8208c
Add policy updated at (#2246)
* wip

* Add policy updated at interval and update the UI to use that

* Update rest api

* Fix tests
2021-09-27 16:27:38 -03:00
Martin Angers
4f4185372d
Add support for context in datastore/mysql layer (#1962)
This is just to pass down the context to the datastore layer, it doesn't
use it just yet - this will be in a follow-up PR.
2021-09-14 08:11:07 -04:00
Tomas Touceda
a8642493ad
Add global policies (#1750)
* Add global policies

* Update documentation and add extra parameter to config

* Fix failing tests

* Store historic policy records

* Address review comments

And also remove other inmem references I saw by chance

* Add documentation for get by id request

* Add parameter doc

* Move schema generation to a cmd instead of a test

Otherwise it messes up running all tests sometimes depending on how parallel it does

* Remove brain dump for another task

* Make migration tests a separate beast

* Make schema generation idempotent and move dbutils cmd to tools

* Allow all filters and add counts to Policy

* Add test for Policy
2021-08-24 17:24:52 -03:00
Tomas Touceda
c6c63ab12a
Refactor app config (POC, for now) (#1685) 2021-08-20 12:27:41 -03:00
Tomas Touceda
ae2bd137b1
Issue 1632 software inventory config (#1636)
* Add config option for software inventory

* Add documentation for the new config
2021-08-11 15:57:53 -03:00
Tomas Touceda
11dff7ca92
Issue 1588 allow disabling host users (#1611)
* Allow users to disable host_users

* Add missing files

* Address review comments

* Fix tests

* Check additional queries for nil, not the whole hostsettings

* Finally fix tests
2021-08-11 14:56:11 -03:00
Benjamin Edwards
c18214be37
add logging settings to config api response (#1467)
- add docker-compose file for locally testing aws dependencies
- update firehose & kinesis configs to optionally supply endpoint url override
- serialize `logging` field in appconfig api response
2021-07-30 11:45:49 -04:00
Tomas Touceda
46b0b7765b
Issue 1435 software to cpe (#1488)
* WIP

* WIP

* Make path optional and fix tests

* Add first generate

* Move to nvd package

* remove replace

* Re-add replace

* It's path, not file name

* Change how db path is set and use etag

* Fix typos

* Make db generation faster

* Remove quotes

* Doesn't like comments

* Samitize etag and save to file

* Refactor some things and improve writing of etagenv

* Compress file and truncate amount of items for faster testing

* Remove quotes

* Try to improve performance

* Ignore truncate error if not exists

* Minor cleanup and make sqlite have cpe prefix

* Simplify code and test sync

* Add VCR for sync test

* Check for nvdRelease nil

* Add test for the actual translation

* Address review comments

* Rename generate command because we'll have a cve one too

* Move to its own dir

* Address review comments
2021-07-29 13:10:34 -03:00
Tomas Touceda
29570bd860
Issue 1278 select leader (#1367)
* Add leader selection

* remove comment

* Address review comments

* Add changes file

* Simplify implementation

* Simplify further

* Whoops, removed a little too much
2021-07-19 15:08:41 -03:00
Tomas Touceda
7d3d84faaf
Make it possible to clear host settings from app config (#1339) 2021-07-09 15:13:11 -03:00
Zach Wasserman
c5280c0517
Add v4 suffix in go.mod (#1224) 2021-06-25 21:46:51 -07:00
Zach Wasserman
0a77f79d22
Backend and fleetctl for usage analytics (#1167)
- Add enable_analytics column to database.
- Allow enable_analytics to be set via API.
- Add messaging in fleetctl setup.

Note that this defaults to off for existing installations, and defaults
on for newly set up installs.

No collection or sending of analytics yet exists, we are strictly
storing the preference at this time.

Part of #454
2021-06-22 18:02:20 -07:00
Martavis Parker
5b2cac31d9
Agent options added to organization settings (#1120)
* #511 refactored update options - new params & ts

* updated server to include agent_options for read and update

* added agent options form to org settings

* #511 finished connecting agent form to server

* #511 fixing api to save/read agent options

* #511 linted

* #511 fixed reading & updating agent options

* #511 api fixes to support agent options

* #511 removed log

* Fix json.RawMessage pointers in tests

Co-authored-by: Zach Wasserman <zach@fleetdm.com>
2021-06-17 13:47:15 -07:00
Zach Wasserman
db459d3363
Continue to update names in backend code and docs (#976) 2021-06-06 16:58:23 -07:00
Zach Wasserman
fb32f0cf40
Remove kolide types and packages from backend (#974)
Generally renamed `kolide` -> `fleet`
2021-06-06 15:07:29 -07:00
Zach Wasserman
18faa5a06b
Add authorization checks in service (#938)
- Add policy.rego file defining authorization policies.
- Add Go integrations to evaluate Rego policies (via OPA).
- Add middleware to ensure requests without authorization check are rejected (guard against programmer error).
- Add authorization checks to most service endpoints.
2021-06-03 16:24:15 -07:00
Zach Wasserman
417ef2c9b6
Refactor teams service methods (#910)
- Move team-related service methods to `ee/server/service`.
- Instantiate different service on startup based on license key.
- Refactor service errors into separate package.
- Add support for running E2E tests in both Core and Basic tiers.
2021-05-31 17:07:51 -07:00
Zach Wasserman
64f2cfc9cd
Refactor enroll secrets to support Teams (#903)
- Add `team_id` field to secrets.
- Remove secret `name` and `active` fields (migration deletes inactive secrets).
- Assign hosts to Team based on secret provided.
- Add API for retrieving secrets by Team.
2021-05-31 09:02:05 -07:00
Zach Wasserman
83b7f79699
Stub out licensing API (#810)
- Add config option for license key.
- Define license details data structure.
- Include license details in app config API responses.

Currently any non-empty value for `--license_key` behaves as though the
installation is licensed for `basic`. If the license key is empty,
`core` is returned.

Still to come is the appropriate parsing for the license key.
2021-05-19 17:29:38 -07:00
Zach Wasserman
2203bd81a2
Add support for IdP-initiated SSO login (#556)
This feature is off by default due to minor potential security concerns
with IdP-initiated SSO (see
https://auth0.com/docs/protocols/saml-protocol/saml-configuration-options/identity-provider-initiated-single-sign-on#risks-of-using-an-identity-provider-initiated-sso-flow).

Closes #478
2021-03-30 12:56:20 -07:00
Zach Wasserman
0bd6903b2d
Add version endpoint to API (#549)
Part of #371
2021-03-26 18:03:31 -07:00
Zach Wasserman
f254a9a343
Make name and secret required for enroll secrets (#207)
Adds a check to prevent users from unintentionally setting empty
secrets.

Fixes #188
2021-01-19 14:49:53 -08:00
Mike Arpaia
af96e52a00
Update the Go import paths to new repo name (#27) 2020-11-11 09:59:12 -08:00
Zachary Wasserman
c1aa8355cb
Add support for multiple enroll secrets (#2238)
- Support multiple enroll secrets
- Record name of enroll secret used when host enrolls
- Update fleetctl and UI to support these features
2020-05-29 09:12:39 -07:00
Zachary Wasserman
619e36755c
Add capability to collect "additional" information from hosts (#2236)
Additional information is collected when host details are updated using
the queries specified in the Fleet configuration. This additional
information is then available in the host API responses.
2020-05-21 08:36:00 -07:00
Zachary Wasserman
45f6a74740
Allow import of github.com/kolide/fleet (#2213)
Previously a Go package attempting to import Fleet packages would run
into an error like "server/kolide/emails.go:93:23: undefined: Asset".

This commit refactors bindata asset handling to allow importing Fleet as
a library without changing the typical developer experience.
2020-03-29 19:22:04 -07:00
billcobbler
a83a26b279 Add ability to disable live queries (#2167)
- Add toggle to disable live queries in advanced settings
- Add new live query status endpoint (checks for disabled via config and Redis health)
- Update QueryPage UI to use new live query status endpoint

Implements #2140
2020-01-13 16:53:04 -08:00
billcobbler
a856fd5c0b Add fleetctl get/apply config (#2143)
Implements #1953
2019-11-19 21:13:15 -08:00
Zachary Wasserman
adf87140a7
Add ability to prefix Fleet URLs (#2112)
- Add the server_url_prefix flag for configuring this functionality
- Add prefix handling to the server routes
- Refactor JS to use appropriate paths from modules
- Use JS template to get URL prefix into JS environment
- Update webpack config to support prefixing

Thanks to securityonion.net for sponsoring the development of this feature.

Closes #1661
2019-10-16 16:40:45 -07:00
Austin Burnett
59efb495ca Add automatic host expiration capability (#2117)
When configured, this feature will delete hosts that have not checked in after the specified number of days.

Closes #1860.
2019-10-16 16:35:17 -07:00