Closed roperzh closed 11 months ago
I've just tried this, and it fails with the errors below
feat-bitlocker
branchtest_disk_encryption_off.yml
kind: config
spec:
mdm:
enable_disk_encryption: false
test_disk_encryption_on.yml
kind: config
spec:
mdm:
enable_disk_encryption: true
fleetctl apply -f test_disk_encryption_off.yml
{"component":"http","err":"disable no-team filevault and escrow: disabling FileVault: : MDMAppleConfigProfile identifier: com.fleetdm.fleet.mdm.filevault, team_id: 824643003336 was not found in the datastore","level":"error","method":"PATCH","took":"3.740298ms","ts":"2023-10-03T21:11:36.202380222Z","uri":"/api/latest/fleet/config","user":"testadmin@example.com","uuid":"910158fc-5bf8-43cb-802e-18d61e064d71"}
fleetctl apply -f test_disk_encryption_on.yml
{"component":"http","err":"enable no-team filevault and escrow: enabling FileVault: Apple MDM SCEP configuration: no certificate provided","level":"error","method":"PATCH","took":"3.065636ms","ts":"2023-10-03T21:13:56.419927786Z","uri":"/api/latest/fleet/config","user":"testadmin@example.com"}
Windows, Mac both shine, In cloud city, encryption, Safeguards all design.
Fleet version: unreleased feature branch
feat-bitlocker
💥 Actual behavior
mdm.enable_disk_encryption
can only be turned on if macOS MDM is configured, however you might want to enable disk encryption if you have windows-only MDM configured.🧑💻 Steps to reproduce
fleetctl apply -f
using the YML belowGlobal disk encryption setting YML
This will cause fleetctl to return the followinge error
If both Windows and MacOS MDM are disabled and the YML above is applied, the following error appear. Notice that MacOS reference shouldn't be here