Skip to content

Commit

Permalink
Added Windows secret test.
Browse files Browse the repository at this point in the history
  • Loading branch information
@getvictor
getvictor committed Dec 17, 2024
1 parent e08d457 commit 16af18d
Showing 1 changed file with 76 additions and 0 deletions.
76 changes: 76 additions & 0 deletions server/service/integration_mdm_test.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -7119,6 +7119,82 @@ func (s *integrationMDMTestSuite) TestWindowsMDM() {
}, getMDMCmdResp.Results[0])
}

func (s *integrationMDMTestSuite) TestWindowsMDMCommandWithSecret() {
t := s.T()
orbitHost, d := createWindowsHostThenEnrollMDM(s.ds, s.server.URL, t)

secretValue := "abcd1234"
req := secretVariablesRequest{
SecretVariables: []fleet.SecretVariable{
{
Name: "FLEET_SECRET_DATA",
Value: secretValue,
},
},
}
secretResp := secretVariablesResponse{}
s.DoJSON("PUT", "/api/latest/fleet/spec/secret_variables", req, http.StatusOK, &secretResp)

cmdOneUUID := uuid.New().String()
commandOne := &fleet.MDMWindowsCommand{
CommandUUID: cmdOneUUID,
RawCommand: []byte(fmt.Sprintf(`
<Exec>
<CmdID>%s</CmdID>
<Item>
<Target>
<LocURI>./Device/Vendor/MSFT/Reboot/RebootNow</LocURI>
</Target>
<Meta>
<Format xmlns="syncml:metinf">null</Format>
<Type>text/plain</Type>
</Meta>
<Data>$FLEET_SECRET_DATA</Data>
</Item>
</Exec>
`, cmdOneUUID)),
TargetLocURI: "./Device/Vendor/MSFT/Reboot/RebootNow",
}
err := s.ds.MDMWindowsInsertCommandForHosts(context.Background(), []string{orbitHost.UUID}, commandOne)
require.NoError(t, err)

cmds, err := d.StartManagementSession()
require.NoError(t, err)
// 2 Status + 1 Exec
require.Len(t, cmds, 3)
receivedCmd := cmds[cmdOneUUID]
require.NotNil(t, receivedCmd)
require.Equal(t, receivedCmd.Verb, fleet.CmdExec)
require.Len(t, receivedCmd.Cmd.Items, 1)
require.EqualValues(t, "./Device/Vendor/MSFT/Reboot/RebootNow", *receivedCmd.Cmd.Items[0].Target)
assert.EqualValues(t, secretValue, receivedCmd.Cmd.Items[0].Data.Content)

msgID, err := d.GetCurrentMsgID()
require.NoError(t, err)

d.AppendResponse(fleet.SyncMLCmd{
XMLName: xml.Name{Local: fleet.CmdStatus},
MsgRef: &msgID,
CmdRef: &cmdOneUUID,
Cmd: ptr.String("Exec"),
Data: ptr.String("200"),
Items: nil,
CmdID: fleet.CmdID{Value: uuid.NewString()},
})
cmds, err = d.SendResponse()
require.NoError(t, err)
// the ack of the message should be the only returned command
require.Len(t, cmds, 1)

var getMDMCmdResp getMDMCommandResultsResponse
s.DoJSON("GET", "/api/latest/fleet/commands/results", nil, http.StatusOK, &getMDMCmdResp, "command_uuid", cmdOneUUID)
require.Len(t, getMDMCmdResp.Results, 1)
// The secret value should not be exposed via the regular API.
assert.NotContains(t, string(getMDMCmdResp.Results[0].Payload), secretValue)
assert.Contains(t, string(getMDMCmdResp.Results[0].Payload), "$FLEET_SECRET_DATA")

}

func (s *integrationMDMTestSuite) TestWindowsAutomaticEnrollmentCommands() {
t := s.T()
ctx := context.Background()
Expand Down

0 comments on commit 16af18d

Please sign in to comment.