search

fleetdm / fleet

Open-source platform for IT, security, and infrastructure teams. (Linux, macOS, Chrome, Windows, cloud, data center)
https://fleetdm.com
Other
3.02k stars 419 forks source link

Update profile delivery mechanism for Windows hosts #14595

Closed roperzh closed 11 months ago

roperzh commented 11 months ago

Context

Current macOS logic works using algebra of sets to diff host_mdm_apple_profiles (current state) and mdm_apple_configuration_profiles (desired state) to calculate which profiles need to be installed/deleted on each host.

image

Changes

The diffing and assignment logic happens in two places, both need to be updated:

Cron job

There's a cron job that runs every 30 seconds and calls the ReconcileProfiles service method. This method needs to be updated to account for Windows hosts

https://github.com/fleetdm/fleet/blob/8950d46cbc9f746435fe1990a65733bd1b3253b5/server/service/apple_mdm.go#L2499

Operations that trigger profile changes

Any operation that changes the team of a host, creates a host, etc. calls the BulkSetPendingMDMAppleHostProfiles function with different arguments depending on the context.

Update the function definition to account for windows profiles.

https://github.com/fleetdm/fleet/blob/8950d46cbc9f746435fe1990a65733bd1b3253b5/server/datastore/mysql/apple_mdm.go#L1252

fleet-release commented 11 months ago

Windows hosts align, Like leaves in the cloud city, Profiles refined, shine.