further config struct updates

fleetdm · Dec 18, 2024 · 0b43dc7 · 0b43dc7
1 parent bb01de6
commit 0b43dc7
Show file tree

Hide file tree

Showing 3 changed files with 30 additions and 14 deletions.
diff --git a/server/fleet/app.go b/server/fleet/app.go
@@ -39,6 +39,13 @@ const (
 )
 
 type SSOProviderSettings struct {
+	// The non-embedded fields of `SSOSettings`, since now `omitempty`ed, won't
+	// show up for any viewer when they are unset. Since this struct is embedded there, these fields are returned at the same nesting
+	// level, and so should also be `omitempty`ed for consistency.
+
+	// Since this struct is also embedded in `MDMEndUserAuthentication` which is embedded in `MDM`,
+	// this omits these fields from that object as well.
+
 	// EntityID is a uri that identifies this service provider
 	EntityID string `json:"entity_id,omitempty"`
 	// IssuerURI is the uri that identifies the identity provider
@@ -58,7 +65,11 @@ func (s SSOProviderSettings) IsEmpty() bool {
 
 // SSOSettings wire format for SSO settings
 type SSOSettings struct {
-	SSOProviderSettings
+	// `json:",omitempty"`ing all but `enable_sso` allows surfacing only that field for team-level
+	// admins
+
+	// pointer to be able to omit
+	*SSOProviderSettings `json:",omitempty"`
 
 	// IDPImageURL is a link to a logo or other image that is used for UX
 	IDPImageURL string `json:"idp_image_url,omitempty"`
@@ -189,11 +200,13 @@ type MDM struct {
 	// WindowsUpdates defines the OS update settings for Windows devices.
 	WindowsUpdates WindowsUpdates `json:"windows_updates"`
 
-	MacOSSettings           MacOSSettings            `json:"macos_settings"`
-	MacOSSetup              MacOSSetup               `json:"macos_setup"`
-	MacOSMigration          MacOSMigration           `json:"macos_migration"`
-	WindowsMigrationEnabled bool                     `json:"windows_migration_enabled"`
-	EndUserAuthentication   MDMEndUserAuthentication `json:"end_user_authentication"`
+	MacOSSettings           MacOSSettings  `json:"macos_settings"`
+	MacOSSetup              MacOSSetup     `json:"macos_setup"`
+	MacOSMigration          MacOSMigration `json:"macos_migration"`
+	WindowsMigrationEnabled bool           `json:"windows_migration_enabled"`
+	// all subfields of `MDMEndUserAuthentication` (which just embedds `SSOProviderSettings`) are
+	// `omitempty`ed, so `omitempty`ing it as well for consistency
+	EndUserAuthentication *MDMEndUserAuthentication `json:"end_user_authentication,omitempty"`
 
 	// WindowsEnabledAndConfigured indicates if Fleet MDM is enabled for Windows.
 	// There is no other configuration required for Windows other than enabling

diff --git a/server/service/appconfig.go b/server/service/appconfig.go
@@ -1394,9 +1394,9 @@ func validateSSOSettings(p fleet.AppConfig, existing *fleet.AppConfig, invalid *
 
 		var existingSSOProviderSettings fleet.SSOProviderSettings
 		if existing.SSOSettings != nil {
-			existingSSOProviderSettings = existing.SSOSettings.SSOProviderSettings
+			existingSSOProviderSettings = *existing.SSOSettings.SSOProviderSettings
 		}
-		validateSSOProviderSettings(p.SSOSettings.SSOProviderSettings, existingSSOProviderSettings, invalid)
+		validateSSOProviderSettings(*p.SSOSettings.SSOProviderSettings, existingSSOProviderSettings, invalid)
 
 		if !license.IsPremium() {
 			if p.SSOSettings.EnableJITProvisioning {

diff --git a/server/service/sessions.go b/server/service/sessions.go
@@ -169,10 +169,13 @@ func loginEndpoint(ctx context.Context, request interface{}, svc fleet.Service)
 
 //goland:noinspection GoErrorStringFormat
 var sendingMFAEmail = errors.New("sending MFA email")
-var noMFASupported = errors.New("client with no MFA email support")
-var mfaNotSupportedForClient = badRequestErr(
-	"Your login client does not support MFA. Please log in via the web, then use an API token to authenticate.",
-	noMFASupported,
+
+var (
+	noMFASupported           = errors.New("client with no MFA email support")
+	mfaNotSupportedForClient = badRequestErr(
+		"Your login client does not support MFA. Please log in via the web, then use an API token to authenticate.",
+		noMFASupported,
+	)
 )
 
 func (svc *Service) Login(ctx context.Context, email, password string, supportsEmailVerification bool) (*fleet.User, *fleet.Session, error) {
@@ -397,7 +400,7 @@ func (svc *Service) InitiateSSO(ctx context.Context, redirectURL string) (string
 		return "", ctxerr.Wrap(ctx, newSSOError(err, ssoOrgDisabled), "initiate sso")
 	}
 
-	metadata, err := sso.GetMetadata(&appConfig.SSOSettings.SSOProviderSettings)
+	metadata, err := sso.GetMetadata(appConfig.SSOSettings.SSOProviderSettings)
 	if err != nil {
 		return "", ctxerr.Wrap(ctx, badRequestErr("Could not get SSO Metadata. Check your SSO settings.", err))
 	}
@@ -557,7 +560,7 @@ func (svc *Service) InitSSOCallback(ctx context.Context, auth fleet.Auth) (strin
 	if appConfig.SSOSettings.EnableSSOIdPLogin && auth.RequestID() == "" {
 		// Missing request ID indicates this was IdP-initiated. Only allow if
 		// configured to do so.
-		metadata, err = sso.GetMetadata(&appConfig.SSOSettings.SSOProviderSettings)
+		metadata, err = sso.GetMetadata(appConfig.SSOSettings.SSOProviderSettings)
 		if err != nil {
 			return "", ctxerr.Wrap(ctx, err, "get sso metadata")
 		}