wire up linux DE summary to aggregate endpoint

Author: Jacob Shandling

server/fleet/mdm.go

@@ -310,8 +310,8 @@ type MDMDiskEncryptionSummary struct {
 	RemovingEnforcement MDMPlatformsCounts `db:"removing_enforcement" json:"removing_enforcement"`
 }
 
-// MDMProfilesSummary reports the number of hosts being managed with MDM configuration
-// profiles. Each host may be counted in only one of four mutually-exclusive categories:
+// MDMProfilesSummary reports the number of hosts being managed with configuration
+// profiles and/or disk encryption. Each host may be counted in only one of four mutually-exclusive categories:
 // Failed, Pending, Verifying, or Verified.
 type MDMProfilesSummary struct {
 	// Verified includes each host where Fleet has verified the installation of all of the

server/fleet/service.go

@@ -1059,6 +1059,12 @@ type Service interface {
 	// Returns empty status if the host is not a supported Linux host
 	LinuxHostDiskEncryptionStatus(ctx context.Context, host Host) (HostMDMDiskEncryption, error)
 
+	// GetLinuxDiskEncryptionSummary summarizes the current state of disk encryption for
+	// supported Linux hosts in the specified team (or, if no team is specified, each host that is not assigned to any team).
+
+	// TODO - custom return type, or just use relevant fields?
+	GetLinuxDiskEncryptionSummary(ctx context.Context, teamId *uint) (*MDMLinuxDiskEncryptionSummary, error)
+
 	///////////////////////////////////////////////////////////////////////////////
 	// Common MDM
 

server/service/linux_mdm.go

@@ -3,6 +3,7 @@ package service
 import (
 	"context"
 
+	"github.com/fleetdm/fleet/v4/server/contexts/ctxerr"
 	"github.com/fleetdm/fleet/v4/server/fleet"
 )
 
@@ -42,3 +43,20 @@ func (svc *Service) LinuxHostDiskEncryptionStatus(ctx context.Context, host flee
 		Status: &verified,
 	}, nil
 }
+
+func (svc *Service) GetLinuxDiskEncryptionSummary(ctx context.Context, teamId *uint) (*fleet.MDMLinuxDiskEncryptionSummary, error) {
+	if err := svc.authz.Authorize(ctx, fleet.MDMConfigProfileAuthz{TeamID: teamId}, fleet.ActionRead); err != nil {
+		return nil, ctxerr.Wrap(ctx, err)
+	}
+
+	if svc.config.Server.PrivateKey == "" {
+		return nil, ctxerr.New(ctx, "Missing required private key. Learn how to configure the private key here: https://fleetdm.com/learn-more-about/fleet-server-private-key")
+	}
+
+	ps, err := svc.ds.GetLinuxDiskEncryptionSummary(ctx, teamId)
+	if err != nil {
+		return nil, ctxerr.Wrap(ctx, err)
+	}
+
+	return &ps, nil
+}

server/service/mdm.go

@@ -907,7 +907,8 @@ func (svc *Service) GetMDMDiskEncryptionSummary(ctx context.Context, teamID *uin
 }
 
 ////////////////////////////////////////////////////////////////////////////////
-// GET /mdm/profiles/summary
+// GET /mdm/profiles/summary (deprecated)
+// GET /configuration_profiles/summary
 ////////////////////////////////////////////////////////////////////////////////
 
 type getMDMProfilesSummaryRequest struct {
@@ -935,10 +936,15 @@ func getMDMProfilesSummaryEndpoint(ctx context.Context, request interface{}, svc
 		return &getMDMProfilesSummaryResponse{Err: err}, nil
 	}
 
-	res.Verified = as.Verified + ws.Verified
+	lx, err := svc.GetLinuxDiskEncryptionSummary(ctx, req.TeamID)
+	if err != nil {
+		return &getMDMProfilesSummaryResponse{Err: err}, nil
+	}
+
+	res.Verified = as.Verified + ws.Verified + lx.Verified
 	res.Verifying = as.Verifying + ws.Verifying
-	res.Failed = as.Failed + ws.Failed
-	res.Pending = as.Pending + ws.Pending
+	res.Failed = as.Failed + ws.Failed + lx.Failed
+	res.Pending = as.Pending + ws.Pending + lx.ActionRequired
 
 	return &res, nil
 }