From 0b43dc7f3b4f61164219319a09bdcf6099ef23ed Mon Sep 17 00:00:00 2001 From: Jacob Shandling Date: Tue, 17 Dec 2024 17:41:52 -0800 Subject: [PATCH] further config struct updates --- server/fleet/app.go | 25 +++++++++++++++++++------ server/service/appconfig.go | 4 ++-- server/service/sessions.go | 15 +++++++++------ 3 files changed, 30 insertions(+), 14 deletions(-) diff --git a/server/fleet/app.go b/server/fleet/app.go index 7b03f3fd4d13..6fad664cc6b7 100644 --- a/server/fleet/app.go +++ b/server/fleet/app.go @@ -39,6 +39,13 @@ const ( ) type SSOProviderSettings struct { + // The non-embedded fields of `SSOSettings`, since now `omitempty`ed, won't + // show up for any viewer when they are unset. Since this struct is embedded there, these fields are returned at the same nesting + // level, and so should also be `omitempty`ed for consistency. + + // Since this struct is also embedded in `MDMEndUserAuthentication` which is embedded in `MDM`, + // this omits these fields from that object as well. + // EntityID is a uri that identifies this service provider EntityID string `json:"entity_id,omitempty"` // IssuerURI is the uri that identifies the identity provider @@ -58,7 +65,11 @@ func (s SSOProviderSettings) IsEmpty() bool { // SSOSettings wire format for SSO settings type SSOSettings struct { - SSOProviderSettings + // `json:",omitempty"`ing all but `enable_sso` allows surfacing only that field for team-level + // admins + + // pointer to be able to omit + *SSOProviderSettings `json:",omitempty"` // IDPImageURL is a link to a logo or other image that is used for UX IDPImageURL string `json:"idp_image_url,omitempty"` @@ -189,11 +200,13 @@ type MDM struct { // WindowsUpdates defines the OS update settings for Windows devices. WindowsUpdates WindowsUpdates `json:"windows_updates"` - MacOSSettings MacOSSettings `json:"macos_settings"` - MacOSSetup MacOSSetup `json:"macos_setup"` - MacOSMigration MacOSMigration `json:"macos_migration"` - WindowsMigrationEnabled bool `json:"windows_migration_enabled"` - EndUserAuthentication MDMEndUserAuthentication `json:"end_user_authentication"` + MacOSSettings MacOSSettings `json:"macos_settings"` + MacOSSetup MacOSSetup `json:"macos_setup"` + MacOSMigration MacOSMigration `json:"macos_migration"` + WindowsMigrationEnabled bool `json:"windows_migration_enabled"` + // all subfields of `MDMEndUserAuthentication` (which just embedds `SSOProviderSettings`) are + // `omitempty`ed, so `omitempty`ing it as well for consistency + EndUserAuthentication *MDMEndUserAuthentication `json:"end_user_authentication,omitempty"` // WindowsEnabledAndConfigured indicates if Fleet MDM is enabled for Windows. // There is no other configuration required for Windows other than enabling diff --git a/server/service/appconfig.go b/server/service/appconfig.go index 9dd67c8dbb42..e0311b04d91a 100644 --- a/server/service/appconfig.go +++ b/server/service/appconfig.go @@ -1394,9 +1394,9 @@ func validateSSOSettings(p fleet.AppConfig, existing *fleet.AppConfig, invalid * var existingSSOProviderSettings fleet.SSOProviderSettings if existing.SSOSettings != nil { - existingSSOProviderSettings = existing.SSOSettings.SSOProviderSettings + existingSSOProviderSettings = *existing.SSOSettings.SSOProviderSettings } - validateSSOProviderSettings(p.SSOSettings.SSOProviderSettings, existingSSOProviderSettings, invalid) + validateSSOProviderSettings(*p.SSOSettings.SSOProviderSettings, existingSSOProviderSettings, invalid) if !license.IsPremium() { if p.SSOSettings.EnableJITProvisioning { diff --git a/server/service/sessions.go b/server/service/sessions.go index 6ae7a28203d5..ab5bce401dfb 100644 --- a/server/service/sessions.go +++ b/server/service/sessions.go @@ -169,10 +169,13 @@ func loginEndpoint(ctx context.Context, request interface{}, svc fleet.Service) //goland:noinspection GoErrorStringFormat var sendingMFAEmail = errors.New("sending MFA email") -var noMFASupported = errors.New("client with no MFA email support") -var mfaNotSupportedForClient = badRequestErr( - "Your login client does not support MFA. Please log in via the web, then use an API token to authenticate.", - noMFASupported, + +var ( + noMFASupported = errors.New("client with no MFA email support") + mfaNotSupportedForClient = badRequestErr( + "Your login client does not support MFA. Please log in via the web, then use an API token to authenticate.", + noMFASupported, + ) ) func (svc *Service) Login(ctx context.Context, email, password string, supportsEmailVerification bool) (*fleet.User, *fleet.Session, error) { @@ -397,7 +400,7 @@ func (svc *Service) InitiateSSO(ctx context.Context, redirectURL string) (string return "", ctxerr.Wrap(ctx, newSSOError(err, ssoOrgDisabled), "initiate sso") } - metadata, err := sso.GetMetadata(&appConfig.SSOSettings.SSOProviderSettings) + metadata, err := sso.GetMetadata(appConfig.SSOSettings.SSOProviderSettings) if err != nil { return "", ctxerr.Wrap(ctx, badRequestErr("Could not get SSO Metadata. Check your SSO settings.", err)) } @@ -557,7 +560,7 @@ func (svc *Service) InitSSOCallback(ctx context.Context, auth fleet.Auth) (strin if appConfig.SSOSettings.EnableSSOIdPLogin && auth.RequestID() == "" { // Missing request ID indicates this was IdP-initiated. Only allow if // configured to do so. - metadata, err = sso.GetMetadata(&appConfig.SSOSettings.SSOProviderSettings) + metadata, err = sso.GetMetadata(appConfig.SSOSettings.SSOProviderSettings) if err != nil { return "", ctxerr.Wrap(ctx, err, "get sso metadata") }