chore: swap app config defaults to schema.sql

SpecterOps · Aug 7, 2024 · e570b41 · e570b41
1 parent 6485d57
commit e570b41
Show file tree

Hide file tree

Showing 3 changed files with 19 additions and 81 deletions.
diff --git a/cmd/api/src/database/migration/app_config.go b/cmd/api/src/database/migration/app_config.go
diff --git a/cmd/api/src/database/migration/migration.go b/cmd/api/src/database/migration/migration.go
@@ -62,9 +62,5 @@ func (s *Migrator) Migrate() error {
 		return fmt.Errorf("failed to execute stepwise migrations: %w", err)
 	}
 
-	if err := s.setAppConfigDefaults(); err != nil {
-		return err
-	}
-
 	return nil
 }
diff --git a/cmd/api/src/database/migration/migrations/schema.sql b/cmd/api/src/database/migration/migrations/schema.sql
@@ -670,3 +670,22 @@ INSERT INTO roles_permissions (role_id, permission_id) VALUES ((SELECT id FROM r
 INSERT INTO roles_permissions (role_id, permission_id) VALUES ((SELECT id FROM roles WHERE roles.name  = 'Read-Only'), (SELECT id FROM permissions WHERE permissions.authority  = 'graphdb'  and permissions.name = 'Read'));
 INSERT INTO roles_permissions (role_id, permission_id) VALUES ((SELECT id FROM roles WHERE roles.name  = 'Upload-Only'), (SELECT id FROM permissions WHERE permissions.authority  = 'clients'  and permissions.name = 'Tasking'));
 INSERT INTO roles_permissions (role_id, permission_id) VALUES ((SELECT id FROM roles WHERE roles.name  = 'Upload-Only'), (SELECT id FROM permissions WHERE permissions.authority  = 'graphdb'  and permissions.name = 'Write'));
+
+-- Populate feature_flags table
+
+INSERT INTO feature_flags (id, created_at, updated_at, key, name, description, enabled, user_updatable) VALUES (1, current_timestamp, current_timestamp, 'dark_mode', 'Dark Mode', 'Allows users to enable or disable dark mode via a toggle in the settings menu', false, true);
+INSERT INTO feature_flags (id, created_at, updated_at, key, name, description, enabled, user_updatable) VALUES (2, current_timestamp, current_timestamp, 'enable_saml_sso', 'SAML Single Sign-On Support', 'Enables SSO authentication flows and administration panels to third party SAML identity providers.', true, false);
+INSERT INTO feature_flags (id, created_at, updated_at, key, name, description, enabled, user_updatable) VALUES (3, current_timestamp, current_timestamp, 'scope_collection_by_ou', 'Enable SharpHound OU Scoped Collections', 'Enables scoping SharpHound collections to specific lists of OUs.', true, false);
+INSERT INTO feature_flags (id, created_at, updated_at, key, name, description, enabled, user_updatable) VALUES (4, current_timestamp, current_timestamp, 'clear_graph_data', 'Clear Graph Data', 'Enables the ability to delete all nodes and edges from the graph database.', true, false);
+INSERT INTO feature_flags (id, created_at, updated_at, key, name, description, enabled, user_updatable) VALUES (5, current_timestamp, current_timestamp, 'fedramp_eula', 'FedRAMP EULA', 'Enables showing the FedRAMP EULA on every login. (Enterprise only)', false, false);
+INSERT INTO feature_flags (id, created_at, updated_at, key, name, description, enabled, user_updatable) VALUES (6, current_timestamp, current_timestamp, 'adcs', 'Enable collection and processing of Active Directory Certificate Services Data', 'Enables the ability to collect, analyze, and explore Active Directory Certificate Services data and previews new attack paths.', false, false);
+INSERT INTO feature_flags (id, created_at, updated_at, key, name, description, enabled, user_updatable) VALUES (7, current_timestamp, current_timestamp, 'risk_exposure_new_calculation', 'Use new tier zero risk exposure calculation', 'Enables the use of new tier zero risk exposure metatree metrics.', false, false);
+INSERT INTO feature_flags (id, created_at, updated_at, key, name, description, enabled, user_updatable) VALUES (8, current_timestamp, current_timestamp, 'butterfly_analysis', 'Enhanced Asset Inbound-Outbound Exposure Analysis', 'Enables more extensive analysis of attack path findings that allows BloodHound to help the user prioritize remediation of the most exposed assets.', false, false);
+INSERT INTO feature_flags (id, created_at, updated_at, key, name, description, enabled, user_updatable) VALUES (9, current_timestamp, current_timestamp, 'azure_support', 'Enable Azure Support', 'Enables Azure support.', true, false);
+INSERT INTO feature_flags (id, created_at, updated_at, key, name, description, enabled, user_updatable) VALUES (10, current_timestamp, current_timestamp, 'reconciliation', 'Reconciliation', 'Enables Reconciliation', true, false);
+INSERT INTO feature_flags (id, created_at, updated_at, key, name, description, enabled, user_updatable) VALUES (11, current_timestamp, current_timestamp, 'entity_panel_cache', 'Enable application level caching', 'Enables the use of application level caching for entity panel queries', true, false);
+
+-- Populate parameters table
+
+INSERT INTO parameters (key, name, description, value, id, created_at, updated_at) VALUES ('auth.password_expiration_window', 'Local Auth Password Expiry Window', 'This configuration parameter sets the local auth password expiry window for users that have valid auth secrets. Values for this configuration must follow the duration specification of ISO-8601.', '{"duration": "P90D"}', 1, current_timestamp, current_timestamp);
+INSERT INTO parameters (key, name, description, value, id, created_at, updated_at) VALUES ('neo4j.configuration', 'Neo4j Configuration Parameters', 'This configuration parameter sets the BatchWriteSize and the BatchFlushSize for Neo4J.', '{"batch_write_size": 20000, "write_flush_size": 100000}', 2, current_timestamp, current_timestamp);