Hi All, I'm working on a script to populate polic...
# fleet
Hi All, I'm working on a script to populate policies from existing queries, however when I am sending a POST to https://fleet.fqdn.tld/api/v1/fleet/global/policies following this documentation despite setting the "Authorization: Bearer $TOKEN" header, I keep seeing a 401 Authentication required response , Any ideas what I may be doing wrong ?
Testing myself just to see what happens!
Never hurts to check... everything worked fine for me. It could be that the variable isn't set up properly. How are you sending the request?
python requests:
Copy code
    fleetURL = "<https://fleet.FQDN.tld>"
    policyURI = "/api/v1/fleet/global/policies"
    fleet_token = os.getenv("FLEET_TOKEN")
    if not fleet_token:
        getpass("Please enter your FLEET API token:")
    headers = {"Authorization":"Bearer "+fleet_token}
    req = <http://requests.post|requests.post>(fleetURL + policyURI, json=payload, headers=headers)
payload for example is built out as follows:
Copy code
  "name": "audit_gatekeeper_disabled",
  "query": "SELECT 1 as compliant WHERE NOT EXISTS (SELECT assessments_enabled AS compliant FROM gatekeeper where compliant !=1);",
  "description": "FleetDM audit check policy foraudit_gatekeeper_disabled",
  "resolution": "Please contact #it-helpdesk on slack for assistance",
  "platform": "darwin"
What happens if you directly copy/paste your token rather than using the variable?
(Just for testing purposes)
Same response when sending a POST
🤦‍♂️ p.e.b.k.a.c seems my API token changed and I was not using the latest one
Ah! I should have included "fetch your API token again to make sure it's current" to that step. Filing that away for the future 🙂
It looks like this is something you'll be running on demand rather than on a scheduled basis, so you might want to consider adding a login to the flow.
Create API only user IMO. Then token doesn't expire.