Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

#23235 API docs: Add certificates to host vitals for macOS, iOS, iPadOS #25317

Merged
merged 4 commits into from
Jan 10, 2025
Merged

#23235 API docs: Add certificates to host vitals for macOS, iOS, iPadOS #25317

merged 4 commits into from
Jan 10, 2025

Conversation

rachaelshaw
Copy link
Member

@rachaelshaw rachaelshaw commented Jan 9, 2025
edited
Loading

For #23235

Add certificates to "Get host" and "Get host by device token" endpoints.
This list will be available for macOS, iOS, and iPadOS hosts. It will be omitted for other platforms.

rachaelshaw
rachaelshaw commented Jan 9, 2025
View reviewed changes
docs/REST API/rest-api.md
Comment on lines +2760 to +2785
"certificates": [ // Available for macOS/iOS/iPadOS hosts
{
"id": 3,
"not_valid_after": "2021-08-19T02:02:17Z",
"not_valid_before": "2021-08-19T02:02:17Z",
"certificate_authority": true,
"common_name": "FleetDM",
"key_algorithm": "rsaEncryption",
"key_strength": 2048,
"key_usage": "CRL Sign, Key Cert Sign",
"serial": 1,
"signing_algorithm": "sha256WithRSAEncryption",
"subject": {
"country": "US",
"organization": "Fleet Device Management Inc.",
"organizational_unit": "Fleet Device Management Inc.",
"common_name": "FleetDM"
},
"issuer": {
"country": "US",
"organization": "Fleet Device Management Inc.",
"organizational_unit": "Fleet Device Management Inc.",
"common_name": "FleetDM"
},
}
],
Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Dev note:

Omitted from response if platform is not macOS, iOS, or iPadOS.

rachaelshaw
rachaelshaw commented Jan 9, 2025
View reviewed changes
docs/REST API/rest-api.md
Comment on lines +3231 to +3256
"certificates": [ // Available for macOS/iOS/iPadOS hosts
{
"id": 3,
"not_valid_after": "2021-08-19T02:02:17Z",
"not_valid_before": "2021-08-19T02:02:17Z",
"certificate_authority": true,
"common_name": "FleetDM",
"key_algorithm": "rsaEncryption",
"key_strength": 2048,
"key_usage": "CRL Sign, Key Cert Sign",
"serial": 1,
"signing_algorithm": "sha256WithRSAEncryption",
"subject": {
"country": "US",
"organization": "Fleet Device Management Inc.",
"organizational_unit": "Fleet Device Management Inc.",
"common_name": "FleetDM"
},
"issuer": {
"country": "US",
"organization": "Fleet Device Management Inc.",
"organizational_unit": "Fleet Device Management Inc.",
"common_name": "FleetDM"
},
}
],
Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Dev note:

Omitted from response if platform is not macOS, iOS, or iPadOS.

@rachaelshaw rachaelshaw changed the title #23235 API design #23235 API docs: Add certificates to host vitals for macOS, iOS, iPadOS Jan 9, 2025
@rachaelshaw rachaelshaw added the ~api-or-yaml-design Used for pull requests (PRs) with proposed API and YAML changes label Jan 9, 2025
@rachaelshaw rachaelshaw mentioned this pull request Jan 9, 2025
Open
15 tasks
rachaelshaw
rachaelshaw commented Jan 10, 2025
View reviewed changes
docs/REST API/rest-api.md
Comment on lines +2772 to +2783
"subject": {
"country": "US",
"organization": "Fleet Device Management Inc.",
"organizational_unit": "Fleet Device Management Inc.",
"common_name": "FleetDM"
},
"issuer": {
"country": "US",
"organization": "Fleet Device Management Inc.",
"organizational_unit": "Fleet Device Management Inc.",
"common_name": "FleetDM"
},
Copy link
Member Author

@rachaelshaw rachaelshaw Jan 10, 2025
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Dev note:

subject and issuer data from osquery looks like this:

/C=US/O=Fleet Device Management Inc./OU=Fleet Device Management Inc./CN=FleetDM

Ccountry
Oorganization
OUorganizational_unit
CNcommon_name

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

With the number of potential certs on a device I don't think we should stuff all of this into host details.

My recommendation is that we have the list with total count and the first 5 name expiry and id.

Then a separate paginated response for full cert details.

@rachaelshaw rachaelshaw merged commit 0c52178 into docs-v4.64.0 Jan 10, 2025
5 checks passed
@rachaelshaw rachaelshaw deleted the 23235-certificates-api-design branch January 10, 2025 16:49
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@georgekarrv georgekarrv georgekarrv left review comments

@fleet-release fleet-release fleet-release approved these changes

Assignees
No one assigned
Labels
~api-or-yaml-design Used for pull requests (PRs) with proposed API and YAML changes
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@rachaelshaw @georgekarrv @fleet-release