Skip to content

Commit

Permalink
New gitops role (#10850)
Browse files Browse the repository at this point in the history 
#8593

This PR adds a new role `gitops` to Fleet.
MDM capabilities for the role coming on a separate PR. We need this
merged ASAP so that we can unblock the UI work for this.

- [X] Changes file added for user-visible changes in `changes/` or
`orbit/changes/`.
See [Changes
files](https://fleetdm.com/docs/contributing/committing-changes#changes-files)
for more information.
- [x] Documented any API changes (docs/Using-Fleet/REST-API.md or
docs/Contributing/API-for-contributors.md)
- [X] Documented any permissions changes
- ~[ ] Input data is properly validated, `SELECT *` is avoided, SQL
injection is prevented (using placeholders for values in statements)~
- ~[ ] Added support on fleet's osquery simulator `cmd/osquery-perf` for
new osquery data ingestion features.~
- [X] Added/updated tests
- [x] Manual QA for all new/changed functionality
  - ~For Orbit and Fleet Desktop changes:~
- ~[ ] Manual QA must be performed in the three main OSs, macOS, Windows
and Linux.~
- ~[ ] Auto-update manual QA, from released version of component to new
version (see [tools/tuf/test](../tools/tuf/test/README.md)).~
  • Loading branch information
@lucasmrod
lucasmrod authored Apr 12, 2023
1 parent 3c177aa commit 1ebfbb1
Show file tree
Hide file tree
Showing 27 changed files with 2,317 additions and 457 deletions.
1 change: 1 addition & 0 deletions changes/8593-gitops
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1 @@
* Add `gitops` user role to Fleet. GitOps users are users that can manage configuration.
17 changes: 11 additions & 6 deletions cmd/fleetctl/api.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -16,6 +16,7 @@ import (
"github.com/fleetdm/fleet/v4/pkg/fleethttp"
"github.com/fleetdm/fleet/v4/server/fleet"
"github.com/fleetdm/fleet/v4/server/service"
kithttp "github.com/go-kit/kit/transport/http"
"github.com/kolide/kit/version"
"github.com/urfave/cli/v2"
)
Expand Down Expand Up @@ -81,14 +82,18 @@ func clientFromCLI(c *cli.Context) (*service.Client, error) {
}

// check that AppConfig's Apple BM terms are not expired.
appCfg, err := fleetClient.GetAppConfig()
if err != nil {
var sce kithttp.StatusCoder
switch appCfg, err := fleetClient.GetAppConfig(); {
case err == nil:
if appCfg.MDM.AppleBMTermsExpired {
fleet.WriteAppleBMTermsExpiredBanner(os.Stderr)
// This is just a warning, continue ...
}
case errors.As(err, &sce) && sce.StatusCode() == http.StatusForbidden:
// OK, could be a user without permissions to read app config (e.g. gitops).
default:
return nil, err
}
if appCfg.MDM.AppleBMTermsExpired {
fleet.WriteAppleBMTermsExpiredBanner(os.Stderr)
// This is just a warning, continue ...
}

return fleetClient, nil
}
Expand Down
Loading

0 comments on commit 1ebfbb1

Please sign in to comment.