Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Implement separate "device policies" API for checking Desktop notifications #5685

Closed
Tracked by #5684
zwass opened this issue May 11, 2022 · 4 comments
Closed
Tracked by #5684

Implement separate "device policies" API for checking Desktop notifications #5685

zwass opened this issue May 11, 2022 · 4 comments
Assignees
@roperzh
Labels
~fleet-desktop Involves changes to Fleet Desktop #legacy-platform-group Legacy: platform group
Milestone
4.16.0

Comments

@zwass
Copy link
Member

zwass commented May 11, 2022
edited by lucasmrod
Loading

As discussed in #5579 (comment), this should be completed before bringing Desktop out of beta.

Currently defined /device endpoints:

fleet/server/service/handler.go

Lines 391 to 396 in d84d600

// device-authenticated endpoints
de := newDeviceAuthenticatedEndpointer(svc, logger, opts, r, apiVersions...)
de.GET("/api/_version_/fleet/device/{token}", getDeviceHostEndpoint, getDeviceHostRequest{})
de.POST("/api/_version_/fleet/device/{token}/refetch", refetchDeviceHostEndpoint, refetchDeviceHostRequest{})
de.GET("/api/_version_/fleet/device/{token}/device_mapping", listDeviceHostDeviceMappingEndpoint, listDeviceHostDeviceMappingRequest{})
de.GET("/api/_version_/fleet/device/{token}/macadmins", getDeviceMacadminsDataEndpoint, getDeviceMacadminsDataRequest{})

We need to add one to fetch the host's policies (+ their results, similar to how they are returned in the /api/_version_/fleet/device/{token} endpoint).

NOTE(lucas): We should expose this endpoint to be used by Go code (the Fleet Desktop tray application is made in Go: orbit/cmd/desktop/desktop.go). Should be similar to what we have for fleetctl in the server/service/client_*.go files.
Why? @sharvilshah had to copy the types to be able to make requests and parse the responses: e.g.

fleet/orbit/cmd/desktop/desktop.go

Lines 22 to 49 in 8e5cedf

type Response struct {
Host struct {
Policies []struct {
ID int `json:"id"`
Name string `json:"name"`
Query string `json:"query"`
Description string `json:"description"`
AuthorID int `json:"author_id"`
AuthorName string `json:"author_name"`
AuthorEmail string `json:"author_email"`
TeamID interface{} `json:"team_id"`
Resolution string `json:"resolution"`
Platform string `json:"platform"`
CreatedAt time.Time `json:"created_at"`
UpdatedAt time.Time `json:"updated_at"`
Response string `json:"response"`
} `json:"policies"`
Status string `json:"status"`
DisplayText string `json:"display_text"`
} `json:"host"`
License struct {
Tier string `json:"tier"`
Organization string `json:"organization"`
DeviceCount int `json:"device_count"`
Expiration time.Time `json:"expiration"`
Note string `json:"note"`
} `json:"license"`
}

@zwass zwass mentioned this issue May 11, 2022
Closed
15 tasks
@zwass zwass added the ~fleet-desktop Involves changes to Fleet Desktop label May 11, 2022
@zwass zwass moved this to 🥚 Prioritized in ⚗️ ‎‎Roadmap May 11, 2022
@zwass zwass added the #legacy-platform-group Legacy: platform group label May 11, 2022
@zwass
Copy link
Member Author

zwass commented May 11, 2022

@chiiph can you please take this over for planning as discussed in #5579? Feel free to edit the top comment description.

I've moved it into the "Prioritized" column to indicate we should try to get it ready for scheduling in the upcoming release (4.16.0).

@lucasmrod lucasmrod changed the title Use separate API for checking Desktop notifications Use separate "device policies" API for checking Desktop notifications May 11, 2022
@lucasmrod lucasmrod mentioned this issue May 11, 2022
Closed
@zwass zwass changed the title Use separate "device policies" API for checking Desktop notifications Implement separate "device policies" API for checking Desktop notifications May 19, 2022
@roperzh roperzh assigned roperzh and unassigned chiiph May 26, 2022
@roperzh roperzh moved this to 🥚 Ready in 🚀 Release May 26, 2022
@roperzh roperzh moved this from 🥚 Ready to 🐣 In progress in 🚀 Release May 26, 2022
@roperzh
Copy link
Contributor

roperzh commented May 27, 2022
edited
Loading

NOTE(lucas): We should expose this endpoint to be used by Go code (the Fleet Desktop tray application is made in Go: orbit/cmd/desktop/desktop.go). Should be similar to what we have for fleetctl in the server/service/client_*.go files.

@lucasmrod would you mind thinking through this with me to make sure we're on the same page? First thing that comes to mind is to add a new public method to server/service/client_*.go, initialize a new client in fleet desktop and use it.

Is this what you had in mind? What makes me think is that there must be a reason why we copied the type declaration instead of just using Client.HostByIdentifier in the current implementation. Was just to speed up the feature without having to deal with setting up a new Client instance?

edit: I was just confused about ^, but I would still be helpful to hear you thoughts about adding a new server/service/client_*.go file vs putting the code somewhere else

@roperzh
Copy link
Contributor

roperzh commented May 27, 2022

we discussed in a call with @lucasmrod , we're going to:

  • If possible, reuse the same client we have in server/service/client.go
  • If the client assumes a bearer token (these endpoints are authenticated via the device token), create a new client
  • Import github.com/fleetdm/fleet/server/service into orbit, keep an eye on increased build size, but we suspect this shouldn't be a problem

@roperzh roperzh mentioned this issue May 30, 2022
Merged
5 tasks
@lucasmrod
Copy link
Member

If possible, reuse the same client we have in server/service/client.go

Introducing a separate DeviceClient type in such package makes more sense (as the authentication AND API are different).

Import github.com/fleetdm/fleet/server/service into orbit, keep an eye on increased build size, but we suspect this shouldn't be a problem

+1, can be tackled at a later iteration.

roperzh added a commit that referenced this issue May 31, 2022
@roperzh
add premium, device authed endpoint to retrieve policies (#5967)
eb8defd 
This adds a new device authenticated endpoint, `/api/_version_/fleet/device/{token}/policies` to retrieve the device policies.

An example request / response looks like:

```bash
curl  https://localhost:8080/api/latest/fleet/device/1804e808-171f-4dda-9bec-f695b2f2371a/policies
```

```json
{
  "policies": [
    {
      "id": 3,
      "name": "Antivirus healthy (Linux)",
      "query": "SELECT score FROM (SELECT case when COUNT(*) = 2 then 1 ELSE 0 END AS score FROM processes WHERE (name = 'clamd') OR (name = 'freshclam')) WHERE score == 1;",
      "description": "Checks that both ClamAV's daemon and its updater service (freshclam) are running.",
      "author_id": 1,
      "author_name": "Admin",
      "author_email": "[email protected]",
      "team_id": null,
      "resolution": "Ensure ClamAV and Freshclam are installed and running.",
      "platform": "darwin,windows,linux",
      "created_at": "2022-05-23T20:53:36Z",
      "updated_at": "2022-05-23T20:53:36Z",
      "response": "fail"
    }
  ]
}
```

Related to [#5685](#5685), in another changeset I will be adding "client" endpoints so we can consume this endpoint from Fleet Desktop
@roperzh roperzh mentioned this issue Jun 1, 2022
Merged
2 tasks
@roperzh roperzh moved this from 🐣 In progress to ✨ ‎ ‎In review in 🚀 Release Jun 1, 2022
@roperzh roperzh added the 3 label Jun 1, 2022
roperzh added a commit that referenced this issue Jun 1, 2022
@roperzh
add Go client to consume device endpoints (#5987)
842ebbb 
This adds a new API client named DeviceClient to server/service, meant to consume device endpoints and be used from Fleet Desktop.

Some of the logic to make requests and parse responses was very repetitive, so I introduced a private baseClient type and moved some of the logic of the existent Client there.

Related to #5685 and #5697
@roperzh roperzh moved this from ✨ ‎ ‎In review to ✔️ ‎ ‎‎‎Awaiting QA in 🚀 Release Jun 2, 2022
@xpkoala xpkoala moved this from ✔️ ‎ ‎‎‎Awaiting QA to ✅ Ready for release in 🚀 Release Jun 14, 2022
@lukeheath lukeheath added this to the 4.16.0 milestone Jun 21, 2022
Repository owner moved this from ✅ Ready for release to ✔️ ‎ ‎‎‎Awaiting QA in 🚀 Release Jun 21, 2022
@lukeheath lukeheath moved this from ✔️ ‎ ‎‎‎Awaiting QA to ✅ Ready for release in 🚀 Release Jun 21, 2022
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@roperzh roperzh

Labels
~fleet-desktop Involves changes to Fleet Desktop #legacy-platform-group Legacy: platform group
Milestone
4.16.0
Development

No branches or pull requests
5 participants
@chiiph @zwass @lucasmrod @lukeheath @roperzh