Skip to content

Commit

Permalink
Fixed Windows verification issue.
Browse files Browse the repository at this point in the history
  • Loading branch information
getvictor committed Dec 31, 2024
1 parent 034ed0b commit fe269bf
Show file tree
Hide file tree
Showing 3 changed files with 24 additions and 0 deletions.
3 changes: 3 additions & 0 deletions server/fleet/datastore.go
Original file line number Diff line number Diff line change
Expand Up @@ -1954,6 +1954,9 @@ type ProfileVerificationStore interface {
// profile status. It deletes the row if the profile operation is "remove"
// and the status is "verifying" (i.e. successfully removed).
UpdateOrDeleteHostMDMAppleProfile(ctx context.Context, profile *HostMDMAppleProfile) error
// ExpandEmbeddedSecrets expands the fleet secrets in a
// document using the secrets stored in the datastore.
ExpandEmbeddedSecrets(ctx context.Context, document string) (string, error)
}

var _ ProfileVerificationStore = (Datastore)(nil)
Expand Down
6 changes: 6 additions & 0 deletions server/mdm/microsoft/profile_verifier.go
Original file line number Diff line number Diff line change
Expand Up @@ -9,6 +9,7 @@ import (
"io"
"strings"

"github.com/fleetdm/fleet/v4/server/contexts/ctxerr"
"github.com/fleetdm/fleet/v4/server/fleet"
"github.com/fleetdm/fleet/v4/server/mdm"
)
Expand All @@ -31,6 +32,11 @@ func LoopHostMDMLocURIs(
return fmt.Errorf("getting host profiles for verification: %w", err)
}
for _, expectedProf := range profileMap {
expanded, err := ds.ExpandEmbeddedSecrets(ctx, string(expectedProf.RawProfile))
if err != nil {
return ctxerr.Wrapf(ctx, err, "expanding embedded secrets for profile %s", expectedProf.Name)
}
expectedProf.RawProfile = []byte(expanded)
var prof fleet.SyncMLCmd
wrappedBytes := fmt.Sprintf("<Atomic>%s</Atomic>", expectedProf.RawProfile)
if err := xml.Unmarshal([]byte(wrappedBytes), &prof); err != nil {
Expand Down
15 changes: 15 additions & 0 deletions server/mdm/microsoft/profile_verifier_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -4,6 +4,7 @@ import (
"context"
"encoding/xml"
"io"
"strings"
"testing"
"time"

Expand Down Expand Up @@ -159,6 +160,16 @@ func TestVerifyHostMDMProfilesHappyPaths(t *testing.T) {
toFail: []string{},
toRetry: []string{},
},
{
name: "single profile with secret variables reported and verified",
hostProfiles: []hostProfile{
{"N1", syncml.ForTestWithData(map[string]string{"L1": "$FLEET_SECRET_VALUE"}), 0},
},
report: []osqueryReport{{"N1", "200", "L1", "D1"}},
toVerify: []string{"N1"},
toFail: []string{},
toRetry: []string{},
},
{
name: "Get succeeds but has missing data",
hostProfiles: []hostProfile{
Expand Down Expand Up @@ -296,6 +307,10 @@ func TestVerifyHostMDMProfilesHappyPaths(t *testing.T) {
return out, nil
}

ds.ExpandEmbeddedSecretsFunc = func(ctx context.Context, document string) (string, error) {
return strings.ReplaceAll(document, "$FLEET_SECRET_VALUE", "D1"), nil
}

out, err := xml.Marshal(msg)
require.NoError(t, err)
require.NoError(t, VerifyHostMDMProfiles(ctx, ds, host, out))
Expand Down

0 comments on commit fe269bf

Please sign in to comment.