https://github.com/osquery/osquery logo
#fleet
Title
# fleet
o

oneiroi

09/27/2022, 3:55 PM
Hi All, I'm working on a script to populate policies from existing queries, however when I am sending a POST to https://fleet.fqdn.tld/api/v1/fleet/global/policies following this documentation despite setting the "Authorization: Bearer $TOKEN" header, I keep seeing a 401 Authentication required response , Any ideas what I may be doing wrong ?
k

Kathy Satterlee

09/27/2022, 4:01 PM
Testing myself just to see what happens!
Never hurts to check... everything worked fine for me. It could be that the variable isn't set up properly. How are you sending the request?
o

oneiroi

09/27/2022, 4:15 PM
python requests:
Copy code
...
    fleetURL = "<https://fleet.FQDN.tld>"
    policyURI = "/api/v1/fleet/global/policies"
    fleet_token = os.getenv("FLEET_TOKEN")
    if not fleet_token:
        getpass("Please enter your FLEET API token:")
    headers = {"Authorization":"Bearer "+fleet_token}
    req = <http://requests.post|requests.post>(fleetURL + policyURI, json=payload, headers=headers)
...
payload for example is built out as follows:
Copy code
{
  "name": "audit_gatekeeper_disabled",
  "query": "SELECT 1 as compliant WHERE NOT EXISTS (SELECT assessments_enabled AS compliant FROM gatekeeper where compliant !=1);",
  "description": "FleetDM audit check policy foraudit_gatekeeper_disabled",
  "resolution": "Please contact #it-helpdesk on slack for assistance",
  "platform": "darwin"
}
k

Kathy Satterlee

09/27/2022, 4:20 PM
What happens if you directly copy/paste your token rather than using the variable?
(Just for testing purposes)
o

oneiroi

09/27/2022, 4:22 PM
Same response when sending a POST
🤦‍♂️ p.e.b.k.a.c seems my API token changed and I was not using the latest one
k

Kathy Satterlee

09/27/2022, 4:25 PM
Ah! I should have included "fetch your API token again to make sure it's current" to that step. Filing that away for the future 🙂
It looks like this is something you'll be running on demand rather than on a scheduled basis, so you might want to consider adding a login to the flow.
b

Benjamin Edwards

09/27/2022, 4:35 PM
Create API only user IMO. Then token doesn't expire.