Elgato_dark/fleet
1
0
Fork 0
mirror of https://github.com/fleetdm/fleet synced 2026-05-22 16:39:01 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 121

Merge branch 'mike-j-thomas-patch-1' of https://github.com/fleetdm/fleet into mike-j-thomas-patch-1

Browse source
This commit is contained in:
eashaw 2021-09-28 21:10:54 -05:00
commit 65af0eb8dd
253 changed files with 8215 additions and 3139 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

67
.github/ISSUE_TEMPLATE/smoke-tests.md vendored Normal file
View file

@ -0,0 +1,67 @@
---
name: Release QA
about: Checklist of required tests prior to release
title: ''
labels: ''
assignees: ''
---
# Goal: easy-to-follow test steps for sanity checking a release manually
**Fleet version** (Head to the "My account" page in the Fleet UI or run `fleetctl version`):
**Web browser** _(e.g. Chrome 88.0.4324)_:
# Important reference data
1. [fleetctl preview setup](https://fleetdm.com/get-started)
2. [permissions documentation](https://fleetdm.com/docs/using-fleet/permissions)
# Smoke Tests
Smoke tests are limited to core functionality and serve as a sanity test. If smoke tests are failing, a release cannot proceed.
## Prerequisites
1. `fleetctrl preview` is set up and running the desired test version using `--tag` parameters.
2. Unless you are explicitly testing older browser versions, browser is up to date.
3. Certificate & flagfile are in place to create new host.
## Instructions
<table>
<tr><th>Test name</th><th>Step instructions</th><th>Expected result</th><th>pass/fail</td></tr>
<tr><td>$Name</td><td>{what a tester should do}</td><td>{what a tester should see when they do that}</td><td>pass/fail</td></tr>
<tr><td>Update flow</td><td>
1. Prereq: previous version is set up with data.
2. Update fleet to testing version
</td><td>No data should be lost in update</td><td>pass/fail</td></tr>
<tr><td>Login flow</td><td>
1. navigate to the login page and attempt to login with both valid and invalid credentials to verify some combination of expected results.
2. Login with SSO
</td><td>
1. text fields prompt when blank
2. correct error message is "authentication failed"
3. forget password link prompts for email
4. valid credentials result in a successful login. </td><td>pass/fail</td></tr>
<tr><td>Query flow</td><td>Create, edit, run, and delete queries. </td><td>
1. permissions regarding creating/editing/deleting queries are up to date with documentation
2. syntax errors result in error messaging
3. queries can be run manually
</td><td>pass/fail</td></tr>
<tr><td>Host Flow</td><td>Verify a new host can be added and removed following modal instructions using your own device.</td><td>
1. Host is added via command line
2. Host serial number and date added are accurate
3. Host is not visible after it is deleted
4. Warning and informational modals show when expected and make sense
</td><td>pass/fail</td></tr>
</table>
# Notes
* {any notes}

9
.github/pull_request_template.md vendored
View file

@ -1,8 +1,9 @@
# Checklist for submitter
If some of the following don't apply, please write a short explanation why.
If some of the following don't apply, delete the relevant line.
- [ ] Changes file added (if needed)
- [ ] Changes file added (for user-visible changes)
- [ ] Documented any API changes
- [ ] Added tests for all functionality
- [ ] Manual QA for all functionality
- [ ] Documented any permissions changes
- [ ] Added/updated tests
- [ ] Manual QA for all new/changed functionality

1
.github/workflows/docs.yml vendored
View file

@ -9,7 +9,6 @@ jobs:
- uses: actions/checkout@master
- uses: gaurav-nelson/github-action-markdown-link-check@v1
with:
check-modified-files-only: 'yes'
use-quiet-mode: 'yes'
config-file: .github/workflows/markdown-link-check-config.json
base-branch: ${{ github.base_ref }}

2
.github/workflows/golangci-lint.yml vendored
View file

@ -17,4 +17,4 @@ jobs:
# specified without patch version: we always use the latest patch
# version.
version: v1.42
args: --timeout 3m
args: --timeout 10m

77
.github/workflows/goreleaser-snapshot-fleet.yaml vendored Normal file
View file

@ -0,0 +1,77 @@
name: Docker publish
on:
push:
branches:
- main
- patch-*
pull_request:
jobs:
# This check-secrets job is used to gate execution of the main job. External PRs will not have
# access to the necessary secrets for pushing an image, so we want to skip that job if the secret
# is unavailable.
check-secrets:
environment: Docker Hub
runs-on: ubuntu-latest
outputs:
available: ${{ steps.check-secrets.outputs.available }}
steps:
- name: Check Secrets availability
id: check-secrets
run: |
if [ ! -z "${{ secrets.DOCKERHUB_USERNAME }}" ]; then
echo "::set-output name=available::true"
fi
# If the secrets are available, build and publish a Docker image.
publish:
needs:
- check-secrets
if: ${{ needs.check-secrets.outputs.available == 'true' }}
runs-on: ubuntu-latest
environment: Docker Hub
steps:
- name: Checkout (PR)
if: ${{ github.event.pull_request.head.sha }}
uses: actions/checkout@v2
with:
ref: ${{ github.event.pull_request.head.sha }}
- name: Checkout (main)
if: ${{ !github.event.pull_request.head.sha }}
uses: actions/checkout@v2
- name: Login to Docker Hub
uses: docker/login-action@f054a8b539a109f9f41c372932f1ae047eff08c9 # v1.10.0
with:
username: ${{ secrets.DOCKERHUB_USERNAME }}
password: ${{ secrets.DOCKERHUB_ACCESS_TOKEN }}
- name: Set up Go
uses: actions/setup-go@v2
with:
go-version: 1.16.5
- name: Install JS Dependencies
run: make deps-js
- name: Install Go Dependencies
run: make deps-go
- name: Run GoReleaser
uses: goreleaser/goreleaser-action@ac067437f516133269923265894e77920c3dce18 # v2.6.1
with:
distribution: goreleaser-pro
version: latest
args: release --snapshot --rm-dist -f .goreleaser-snapshot.yml
env:
GORELEASER_KEY: ${{ secrets.GORELEASER_KEY }}
- name: Tag image with branch name
if: ${{ !github.event.pull_request.head.sha }}
run: docker tag fleetdm/fleet:$(git rev-parse --short HEAD) fleetdm/fleet:$(git rev-parse --abbrev-ref HEAD)
# Explicitly push the docker images as GoReleaser will not do so in snapshot mode
- name: Publish Docker images
run: docker push fleetdm/fleet --all-tags

3
.github/workflows/markdown-link-check-config.json vendored
View file

@ -12,6 +12,9 @@
{
"pattern": "fleet.corp.example.com"
},
{
"pattern": "fleet.example.com"
},
{
"pattern": "/server/datastore/mysql/migrations/"
},

46
.github/workflows/push-osquery-perf-to-ecr.yml vendored Normal file
View file

@ -0,0 +1,46 @@
name: Build docker image and publish to ECR
on:
workflow_dispatch:
inputs:
enroll_secret:
description: 'Enroll Secret'
required: true
url:
description: 'Fleet server URL'
required: true
host_count:
description: 'Amount of hosts to emulate'
required: true
default: 20
tag:
description: 'docker image tag'
required: true
default: latest
jobs:
build-docker:
runs-on: ubuntu-latest
steps:
- name: Checkout Code
uses: actions/checkout@v2
- name: Configure AWS credentials
uses: aws-actions/configure-aws-credentials@v1
with:
aws-access-key-id: ${{ secrets.LOADTEST_AWS_ACCESS_KEY_ID }}
aws-secret-access-key: ${{ secrets.LOADTEST_AWS_SECRET_ACCESS_KEY }}
aws-region: us-east-2
- name: Login to Amazon ECR
id: login-ecr
uses: aws-actions/amazon-ecr-login@v1
- name: Build, tag, and push image to Amazon ECR
env:
ECR_REGISTRY: ${{ steps.login-ecr.outputs.registry }}
ECR_REPOSITORY: osquery-perf
IMAGE_TAG: ${{ github.event.inputs.tag }}
run: |
docker build -t $ECR_REGISTRY/$ECR_REPOSITORY:$IMAGE_TAG --build-arg ENROLL_SECRET=${{ github.event.inputs.enroll_secret }} --build-arg HOST_COUNT=${{ github.event.inputs.host_count }} --build-arg SERVER_URL=${{ github.event.inputs.url }} -f Dockerfile.osquery-perf .
docker push $ECR_REGISTRY/$ECR_REPOSITORY:$IMAGE_TAG

2
.github/workflows/test-go.yaml vendored
View file

@ -41,7 +41,7 @@ jobs:
- name: Run Go Tests
run: |
MYSQL_TEST=1 make test-go
NETWORK_TEST=1 REDIS_TEST=1 MYSQL_TEST=1 make test-go
- name: Upload to Codecov
uses: codecov/codecov-action@v2

8
.gitignore vendored
View file

@ -50,5 +50,11 @@ backup.sql.gz
# committing a package-lock.json. Fleet app uses Yarn with yarn.lock.
package-lock.json
# infra
.terraform
.terraform.tfstate*
.terraform.lock*
terraform.tfstate*
# generated installers
orbit-osquery*
orbit-osquery*

74
.goreleaser-snapshot.yml Normal file
View file

@ -0,0 +1,74 @@
project_name: fleet
monorepo:
tag_prefix: fleet-
dir: .
before:
hooks:
- make deps
- make generate
gomod:
proxy: true
builds:
- id: fleet
dir: ./cmd/fleet/
binary: fleet
env:
- CGO_ENABLED=1
goos:
- linux
goarch:
- amd64
flags:
- -tags=full,fts5,netgo
- -trimpath
ldflags:
- -extldflags "-static"
- -X github.com/kolide/kit/version.appName={{ .ArtifactName }}
- -X github.com/kolide/kit/version.version={{ .Version }}
- -X github.com/kolide/kit/version.branch={{ .Branch }}
- -X github.com/kolide/kit/version.revision={{ .FullCommit }}
- -X github.com/kolide/kit/version.buildDate={{ time "2006-01-02" }}
- -X github.com/kolide/kit/version.buildUser={{ .Env.USER }}
- id: fleetctl
dir: ./cmd/fleetctl/
binary: fleetctl
env:
- CGO_ENABLED=0
goos:
- linux
goarch:
- amd64
flags:
- -trimpath
ldflags:
- -X github.com/kolide/kit/version.appName={{ .ArtifactName }}
- -X github.com/kolide/kit/version.version={{ .Version }}
- -X github.com/kolide/kit/version.branch={{ .Branch }}
- -X github.com/kolide/kit/version.revision={{ .FullCommit }}
- -X github.com/kolide/kit/version.buildDate={{ time "2006-01-02" }}
- -X github.com/kolide/kit/version.buildUser={{ .Env.USER }}
dockers:
- goos: linux
goarch: amd64
ids:
- fleet
- fleetctl
dockerfile: tools/docker/fleet.Dockerfile
image_templates:
- 'fleetdm/fleet:{{ .ShortCommit }}'
- goos: linux
goarch: amd64
ids:
- fleetctl
dockerfile: tools/docker/fleetctl.Dockerfile
image_templates:
- 'fleetdm/fleetctl:{{ .ShortCommit }}'

44
CHANGELOG.md
View file

@ -1,3 +1,33 @@
## Fleet 4.3.1 (Sept 21, 2021)
* Add `fleetctl get software` command to list all software and the detected vulnerabilities. The Vulnerable software feature is currently in Beta. For information on how to configure the Vulnerable software feature and how exactly Fleet processes vulnerabilities, check out the [Vulnerability processing documentation](https://fleetdm.com/docs/using-fleet/vulnerability-processing).
* Add `fleetctl vulnerability-data-stream` command to sync the vulnerabilities processing data streams by hand.
* Add `disable_data_sync` vulnerabilities configuration option to avoid downloading the data streams. Documentation for this configuration option can be found [here on fleetdm.com/docs](https://fleetdm.com/docs/deploying/configuration#disable-data-sync).
* Only show observers the queries they have permissions to run on the **Queries** page. In, Fleet 4.0.0, the Admin, Maintainer, and Observer user roles were introduced. Documentation for the permissions associated with each role can be found [here on fleetdm.com/docs](https://fleetdm.com/docs/using-fleet/permissions).
* Add `connect_retry_attempts` Redis configuration option to retry failed connections. Documentation for this configuration option can be found [here on fleetdm.com/docs](https://fleetdm.com/docs/deploying/configuration#redis-connect-retry-attempts).
* Add `cluster_follow_redirections` Redis configuration option to follow cluster redirections. Documentation for this configuration option can be found [here on fleetdm.com/docs](https://fleetdm.com/docs/deploying/configuration#redis-cluster-follow-redirections).
* Add `max_jitter_percent` osquery configuration option to prevent all hosts from returning data at roughly the same time. Note that this improves the Fleet server performance, but it will now take longer for new labels to populate. Documentation for this configuration option can be found [here on fleetdm.com/docs](https://fleetdm.com/docs/deploying/configuration#osquery-max-jitter-percent).
* Improve the performance of database migrations.
* Reduce database load for label membership recording.
* Fail early if the process does not have permissions to write to the logging file.
* Completely skip trying to save a host's users and software inventory if it's disabled to reduce database load.
* Fix a bug in which team maintainers were unable to run live queries against the hosts assigned to their team(s).
* Fix a bug in which a blank screen would intermittently appear on the **Hosts** page.
* Fix a bug detecting disk space for hosts.
## Fleet 4.3.0 (Sept 13, 2021)
* Add Policies feature for detecting device compliance with organizational policies.
@ -138,7 +168,7 @@
* Add ability to create a Team schedule in Fleet. The Schedule feature was released in Fleet 4.1.0. For more information on the new Schedule feature, check out the [Fleet 4.1.0 release blog post](https://blog.fleetdm.com/fleet-4-1-0-57dfa25e89c1). *Available for Fleet Basic customers*.
* Add Beta Vulnerable software feature which surfaces vulnerable software on the **Host details** page and the `GET /api/v1/fleet/hosts/{id}` API route. For information on how to configure the Vulnerable software feature and how exactly Fleet processes vulnerabilities, check out the [Vulnerability processing documentation](https://github.com/fleetdm/fleet/blob/main/docs/1-Using-Fleet/13-Vulnerability-Processing.md#vulnerability-processing).
* Add Beta Vulnerable software feature which surfaces vulnerable software on the **Host details** page and the `GET /api/v1/fleet/hosts/{id}` API route. For information on how to configure the Vulnerable software feature and how exactly Fleet processes vulnerabilities, check out the [Vulnerability processing documentation](https://github.com/fleetdm/fleet/blob/main/docs/01-Using-Fleet/13-Vulnerability-Processing.md#vulnerability-processing).
* Add ability to see which logging destination is configured for Fleet in the Fleet UI. To see this information, head to the **Schedule** page and then select "Schedule a query." Configured logging destination information is also available in the `GET api/v1/fleet/config` API route.
@ -148,9 +178,9 @@
* Add ability to modify scheduled queries in your Schedule in Fleet. The Schedule feature was released in Fleet 4.1.0. For more information on the new Schedule feature, check out the [Fleet 4.1.0 release blog post](https://blog.fleetdm.com/fleet-4-1-0-57dfa25e89c1).
* Add ability to disable the Users feature in Fleet by setting the new `enable_host_users` key to `true` in the `config` yaml, configuration file. For documentation on using configuration files in yaml syntax, check out the [Using yaml files in Fleet](https://github.com/fleetdm/fleet/tree/main/docs/1-Using-Fleet/configuration-files#using-yaml-files-in-fleet) documentation.
* Add ability to disable the Users feature in Fleet by setting the new `enable_host_users` key to `true` in the `config` yaml, configuration file. For documentation on using configuration files in yaml syntax, check out the [Using yaml files in Fleet](https://github.com/fleetdm/fleet/tree/main/docs/01-Using-Fleet/configuration-files#using-yaml-files-in-fleet) documentation.
* Improve performance of the Software inventory feature. Software inventory is currently under a feature flag. To enable this feature flag, check out the [feature flag documentation](https://github.com/fleetdm/fleet/blob/main/docs/2-Deploying/2-Configuration.md#feature-flags).
* Improve performance of the Software inventory feature. Software inventory is currently under a feature flag. To enable this feature flag, check out the [feature flag documentation](https://github.com/fleetdm/fleet/blob/main/docs/02-Deploying/02-Configuration.md#feature-flags).
* Improve performance of inserting `pack_stats` in the database. The `pack_stats` information is used to display "Frequency" and "Last run" information for a specific host's scheduled queries. You can find this information on the **Host details** page.
@ -329,9 +359,9 @@ There are currently no known issues in this release. However, we recommend only
The primary additions in Fleet 4.0.0 are the new Role-based access control (RBAC) and Teams features.
RBAC adds the ability to define a user's access to information and features in Fleet. This way, more individuals in an organization can utilize Fleet with appropriate levels of access. Check out the [permissions documentation](https://github.com/fleetdm/fleet/blob/main/docs/1-Using-Fleet/9-Permissions.md) for a breakdown of the new user roles and their respective capabilities.
RBAC adds the ability to define a user's access to information and features in Fleet. This way, more individuals in an organization can utilize Fleet with appropriate levels of access. Check out the [permissions documentation](https://github.com/fleetdm/fleet/blob/main/docs/01-Using-Fleet/09-Permissions.md) for a breakdown of the new user roles and their respective capabilities.
Teams adds the ability to separate hosts into exclusive groups. This way, users can easily observe and apply operations to consistent groups of hosts. Read more about the Teams feature in [the documentation here](https://github.com/fleetdm/fleet/blob/main/docs/1-Using-Fleet/10-Teams.md).
Teams adds the ability to separate hosts into exclusive groups. This way, users can easily observe and apply operations to consistent groups of hosts. Read more about the Teams feature in [the documentation here](https://github.com/fleetdm/fleet/blob/main/docs/01-Using-Fleet/10-Teams.md).
There are several known issues that will be fixed for the stable release of Fleet 4.0.0. Therefore, we recommend only upgrading to Fleet 4.0.0 RC1 for testing purposes. Please file a GitHub issue for any issues discovered when testing Fleet 4.0.0!
@ -399,7 +429,7 @@ Fleet 4.0.0 is a major release and introduces several breaking changes and datab
* Improve Fleet performance by batch updating host seen time instead of updating synchronously. This improvement reduces MySQL CPU usage by ~33% with 4,000 simulated hosts and MySQL running in Docker.
* Add support for software inventory, introducing a list of installed software items on each host's respective _Host details_ page. This feature is flagged off by default (for now). Check out [the feature flag documentation for instructions on how to turn this feature on](./docs/2-Deploying/2-Configuration.md#software-inventory).
* Add support for software inventory, introducing a list of installed software items on each host's respective _Host details_ page. This feature is flagged off by default (for now). Check out [the feature flag documentation for instructions on how to turn this feature on](./docs/02-Deploying/02-Configuration.md#software-inventory).
* Add Windows support for `fleetctl` agent autoupdates. The `fleetctl updates` command provides the ability to self-manage an agent update server. Available for Fleet Basic customers.
@ -867,7 +897,7 @@ to 2.0.0.
## Kolide Fleet 2.0.0 (currently preparing for release)
The primary new addition in Fleet 2 is the new `fleetctl` CLI and file-format, which dramatically increases the flexibility and control that administrators have over their osquery deployment. The CLI and the file format are documented [in the Fleet documentation](https://github.com/fleetdm/fleet/blob/main/docs/1-Using-Fleet/2-fleetctl-CLI.md).
The primary new addition in Fleet 2 is the new `fleetctl` CLI and file-format, which dramatically increases the flexibility and control that administrators have over their osquery deployment. The CLI and the file format are documented [in the Fleet documentation](https://github.com/fleetdm/fleet/blob/main/docs/01-Using-Fleet/02-fleetctl-CLI.md).
### New Features

16
Dockerfile.osquery-perf Normal file
View file

@ -0,0 +1,16 @@
FROM golang:1.17.1-alpine
ARG ENROLL_SECRET
ARG HOST_COUNT
ARG SERVER_URL
ENV ENROLL_SECRET ${ENROLL_SECRET}
ENV HOST_COUNT ${HOST_COUNT}
ENV SERVER_URL ${SERVER_URL}
COPY ./cmd/osquery-perf/agent.go ./go.mod ./go.sum ./cmd/osquery-perf/mac10.14.6.tmpl /osquery-perf/
WORKDIR /osquery-perf/
RUN go mod download
RUN go build -o osquery-perf
CMD ./osquery-perf -enroll_secret $ENROLL_SECRET -host_count $HOST_COUNT -server_url $SERVER_URL

2
README.md
View file

@ -24,7 +24,7 @@ The Fleet UI is now available at http://localhost:1337.
#### Now what?
Check out the [Ask questions about your devices tutorial](./docs/1-Using-Fleet/tutorials/Ask-questions-about-your-devices.md) to learn where to see your devices in Fleet, how to add Fleet's standard query library, and how to ask questions about your devices by running queries.
Check out the [Ask questions about your devices tutorial](./docs/01-Using-Fleet/00-Learn-how-to-use-Fleet.md#how-to-ask-questions-about-your-devices) to learn where to see your devices in Fleet, how to add Fleet's standard query library, and how to ask questions about your devices by running queries.
## Team
Fleet is [independently backed](https://linkedin.com/company/fleetdm) and actively maintained with the help of many amazing [contributors](https://github.com/fleetdm/fleet/graphs/contributors).

1
changes/add-policy-updated-at Normal file
View file

@ -0,0 +1 @@
* Add interval to policies to prevent running them every time the host checks in.

1
changes/ensure-only-one-row-disk-space
View file

@ -1 +0,0 @@
* Ensure only one row is returned when checking for disk space in hosts.

1
changes/issue-1894-surface-inherited-queries Normal file
View file

@ -0,0 +1 @@
* Fleet premium teams schedules surfaces inherited queries from All teams (global) schedule

2
changes/issue-1963-vulnerabilities-no-sync
View file

@ -1,2 +0,0 @@
* Add fleetctl vulnerability-data-stream command to sync the vulnerabilities processing data streams by hand.
* Add vulnerabilities.disable_data_sync config to fleet serve to avoid downloading the data streams.

1
changes/issue-1964-list-software
View file

@ -1 +0,0 @@
* Add `fleetctl get software` to list all software and the detected vulnerabilities.

1
changes/issue-1984-label-count-on-edit Normal file
View file

@ -0,0 +1 @@
* Do not reset label counts when modifying them.

1
changes/issue-2078-enter-submits-create-team Normal file
View file

@ -0,0 +1 @@
- Fix create team modal to submit with Enter key

1
changes/issue-2160-straighten-permissions-around-policies Normal file
View file

@ -0,0 +1 @@
* Expand and improve how roles interact with policies.

1
changes/issue-2201-global-maintainer-create-query Normal file
View file

@ -0,0 +1 @@
- Bug fix: Global maintainer can create and save a new query

1
changes/reduce-sql-queries-per-host Normal file
View file

@ -0,0 +1 @@
* Reduce the amount of queries to the database when a host checks in.

4
charts/fleet/Chart.yaml
View file

@ -4,8 +4,8 @@ name: fleet
keywords:
- fleet
- osquery
version: v4.3.0
version: v4.3.1
home: https://github.com/fleetdm/fleet
sources:
- https://github.com/fleetdm/fleet.git
appVersion: v4.3.0
appVersion: v4.3.1

2
charts/fleet/values.yaml
View file

@ -2,7 +2,7 @@
# All settings related to how Fleet is deployed in Kubernetes
hostName: fleet.localhost
replicas: 3 # The number of Fleet instances to deploy
imageTag: v4.3.0 # Version of Fleet to deploy
imageTag: v4.3.1 # Version of Fleet to deploy
createIngress: true # Whether or not to automatically create an Ingress
ingressAnnotations: {} # Additional annotation to add to the Ingress
podAnnotations: {} # Additional annotations to add to the Fleet pod

24
cmd/fleet/serve.go
View file

@ -200,21 +200,21 @@ the way that the Fleet server works.
}
}
redisPool, err := redis.NewRedisPool(
config.Redis.Address,
config.Redis.Password,
config.Redis.Database,
config.Redis.UseTLS,
config.Redis.ConnectTimeout,
config.Redis.KeepAlive,
)
redisPool, err := redis.NewRedisPool(redis.PoolConfig{
Server: config.Redis.Address,
Password: config.Redis.Password,
Database: config.Redis.Database,
UseTLS: config.Redis.UseTLS,
ConnTimeout: config.Redis.ConnectTimeout,
KeepAlive: config.Redis.KeepAlive,
ConnectRetryAttempts: config.Redis.ConnectRetryAttempts,
ClusterFollowRedirections: config.Redis.ClusterFollowRedirections,
})
if err != nil {
initFatal(err, "initialize Redis")
}
resultStore := pubsub.NewRedisQueryResults(redisPool, config.Redis.DuplicateResults)
liveQueryStore := live_query.NewRedisLiveQuery(redisPool)
// TODO: should that only be done when a certain "migrate" flag is set,
// to prevent affecting every startup?
if err := liveQueryStore.MigrateKeys(); err != nil {
level.Info(logger).Log(
"err", err,
@ -509,6 +509,10 @@ func cronCleanups(ctx context.Context, ds fleet.Datastore, logger kitlog.Logger,
if err != nil {
level.Error(logger).Log("err", "cleaning scheduled query stats", "details", err)
}
err = ds.CleanupOrphanLabelMembership(ctx)
if err != nil {
level.Error(logger).Log("err", "cleaning label_membership", "details", err)
}
err = trySendStatistics(ctx, ds, fleet.StatisticsFrequency, "https://fleetdm.com/api/v1/webhooks/receive-usage-analytics")
if err != nil {

11
cmd/fleetctl/apply_test.go
View file

@ -41,8 +41,7 @@ var userRoleSpecList = []*fleet.User{
}
func TestApplyUserRoles(t *testing.T) {
server, ds := runServerWithMockedDS(t)
defer server.Close()
_, ds := runServerWithMockedDS(t)
ds.ListUsersFunc = func(ctx context.Context, opt fleet.UserListOptions) ([]*fleet.User, error) {
return userRoleSpecList, nil
@ -102,11 +101,10 @@ spec:
func TestApplyTeamSpecs(t *testing.T) {
license := &fleet.LicenseInfo{Tier: fleet.TierPremium, Expiration: time.Now().Add(24 * time.Hour)}
server, ds := runServerWithMockedDS(t, service.TestServerOpts{License: license})
defer server.Close()
_, ds := runServerWithMockedDS(t, service.TestServerOpts{License: license})
teamsByName := map[string]*fleet.Team{
"team1": &fleet.Team{
"team1": {
ID: 42,
Name: "team1",
Description: "team1 description",
@ -185,8 +183,7 @@ func writeTmpYml(t *testing.T, contents string) string {
}
func TestApplyAppConfig(t *testing.T) {
server, ds := runServerWithMockedDS(t)
defer server.Close()
_, ds := runServerWithMockedDS(t)
ds.ListUsersFunc = func(ctx context.Context, opt fleet.UserListOptions) ([]*fleet.User, error) {
return userRoleSpecList, nil

2
cmd/fleetctl/convert_test.go
View file

@ -11,7 +11,6 @@ import (
)
func TestConvertFileOutput(t *testing.T) {
t.Parallel()
// setup the cli and the convert command
app := cli.NewApp()
app.Commands = []*cli.Command{convertCommand()}
@ -41,7 +40,6 @@ func TestConvertFileOutput(t *testing.T) {
}
func TestConvertFileStdout(t *testing.T) {
t.Parallel()
r, w, _ := os.Pipe()
os.Stdout = w

3
cmd/fleetctl/debug_test.go
View file

@ -44,8 +44,7 @@ oug6edBNpdhp8r2/4t6n3AouK0/zG2naAlmXV0JoFuEvy2bX0BbbbPg+v4WNZIsC
func TestDebugConnectionCommand(t *testing.T) {
t.Run("without certificate", func(t *testing.T) {
server, ds := runServerWithMockedDS(t)
defer server.Close()
_, ds := runServerWithMockedDS(t)
ds.VerifyEnrollSecretFunc = func(ctx context.Context, secret string) (*fleet.EnrollSecret, error) {
return nil, errors.New("invalid")

15
cmd/fleetctl/get_test.go
View file

@ -55,8 +55,7 @@ var userRoleList = []*fleet.User{
}
func TestGetUserRoles(t *testing.T) {
server, ds := runServerWithMockedDS(t)
defer server.Close()
_, ds := runServerWithMockedDS(t)
ds.ListUsersFunc = func(ctx context.Context, opt fleet.UserListOptions) ([]*fleet.User, error) {
return userRoleList, nil
@ -114,8 +113,7 @@ func TestGetTeams(t *testing.T) {
for _, tt := range testCases {
t.Run(tt.name, func(t *testing.T) {
license := tt.license
server, ds := runServerWithMockedDS(t, service.TestServerOpts{License: license})
defer server.Close()
_, ds := runServerWithMockedDS(t, service.TestServerOpts{License: license})
agentOpts := json.RawMessage(`{"config":{"foo":"bar"},"overrides":{"platforms":{"darwin":{"foo":"override"}}}}`)
ds.ListTeamsFunc = func(ctx context.Context, filter fleet.TeamFilter, opt fleet.ListOptions) ([]*fleet.Team, error) {
@ -196,8 +194,7 @@ spec:
}
func TestGetHosts(t *testing.T) {
server, ds := runServerWithMockedDS(t)
defer server.Close()
_, ds := runServerWithMockedDS(t)
// this func is called when no host is specified i.e. `fleetctl get hosts --json`
ds.ListHostsFunc = func(ctx context.Context, filter fleet.TeamFilter, opt fleet.HostListOptions) ([]*fleet.Host, error) {
@ -343,8 +340,7 @@ func TestGetHosts(t *testing.T) {
}
func TestGetConfig(t *testing.T) {
server, ds := runServerWithMockedDS(t)
defer server.Close()
_, ds := runServerWithMockedDS(t)
ds.AppConfigFunc = func(ctx context.Context) (*fleet.AppConfig, error) {
return &fleet.AppConfig{
@ -412,8 +408,7 @@ spec:
}
func TestGetSoftawre(t *testing.T) {
server, ds := runServerWithMockedDS(t)
defer server.Close()
_, ds := runServerWithMockedDS(t)
foo001 := fleet.Software{
Name: "foo", Version: "0.0.1", Source: "chrome_extensions", GenerateCPE: "somecpe",

15
cmd/fleetctl/hosts_test.go
View file

@ -10,8 +10,7 @@ import (
)
func TestHostTransferFlagChecks(t *testing.T) {
server, _ := runServerWithMockedDS(t)
defer server.Close()
runServerWithMockedDS(t)
runAppCheckErr(t,
[]string{"hosts", "transfer", "--team", "team1", "--hosts", "host1", "--label", "AAA"},
@ -24,8 +23,7 @@ func TestHostTransferFlagChecks(t *testing.T) {
}
func TestHostsTransferByHosts(t *testing.T) {
server, ds := runServerWithMockedDS(t)
defer server.Close()
_, ds := runServerWithMockedDS(t)
ds.HostByIdentifierFunc = func(ctx context.Context, identifier string) (*fleet.Host, error) {
require.Equal(t, "host1", identifier)
@ -48,8 +46,7 @@ func TestHostsTransferByHosts(t *testing.T) {
}
func TestHostsTransferByLabel(t *testing.T) {
server, ds := runServerWithMockedDS(t)
defer server.Close()
_, ds := runServerWithMockedDS(t)
ds.HostByIdentifierFunc = func(ctx context.Context, identifier string) (*fleet.Host, error) {
require.Equal(t, "host1", identifier)
@ -83,8 +80,7 @@ func TestHostsTransferByLabel(t *testing.T) {
}
func TestHostsTransferByStatus(t *testing.T) {
server, ds := runServerWithMockedDS(t)
defer server.Close()
_, ds := runServerWithMockedDS(t)
ds.HostByIdentifierFunc = func(ctx context.Context, identifier string) (*fleet.Host, error) {
require.Equal(t, "host1", identifier)
@ -118,8 +114,7 @@ func TestHostsTransferByStatus(t *testing.T) {
}
func TestHostsTransferByStatusAndSearchQuery(t *testing.T) {
server, ds := runServerWithMockedDS(t)
defer server.Close()
_, ds := runServerWithMockedDS(t)
ds.HostByIdentifierFunc = func(ctx context.Context, identifier string) (*fleet.Host, error) {
require.Equal(t, "host1", identifier)

6
cmd/fleetctl/package_test.go
View file

@ -1,12 +1,16 @@
package main
import (
"github.com/stretchr/testify/require"
"os"
"testing"
"github.com/stretchr/testify/require"
)
func TestPackage(t *testing.T) {
if os.Getenv("NETWORK_TEST") == "" {
t.Skip("set environment variable NETWORK_TEST=1 to run")
}
// --type is required
runAppCheckErr(t, []string{"package", "deb"}, "Required flag \"type\" not set")

12
cmd/fleetctl/preview.go
View file

@ -22,8 +22,9 @@ import (
const (
downloadUrl = "https://github.com/fleetdm/osquery-in-a-box/archive/master.zip"
standardQueryLibraryUrl = "https://raw.githubusercontent.com/fleetdm/fleet/main/docs/1-Using-Fleet/standard-query-library/standard-query-library.yml"
standardQueryLibraryUrl = "https://raw.githubusercontent.com/fleetdm/fleet/main/docs/01-Using-Fleet/standard-query-library/standard-query-library.yml"
licenseKeyFlagName = "license-key"
tagFlagName = "tag"
)
func previewCommand() *cli.Command {
@ -45,6 +46,11 @@ Use the stop and reset subcommands to manage the server and dependencies once st
Name: licenseKeyFlagName,
Usage: "License key to enable Fleet Premium (optional)",
},
&cli.StringFlag{
Name: tagFlagName,
Usage: "Run a specific version of Fleet",
Value: "latest",
},
},
Action: func(c *cli.Context) error {
if err := checkDocker(); err != nil {
@ -72,6 +78,10 @@ Use the stop and reset subcommands to manage the server and dependencies once st
return errors.Wrap(err, "make logs writable")
}
if err := os.Setenv("FLEET_VERSION", c.String(tagFlagName)); err != nil {
return errors.Wrap(err, "failed to set Fleet version")
}
fmt.Println("Pulling Docker dependencies...")
out, err := exec.Command("docker-compose", "pull").CombinedOutput()
if err != nil {

3
cmd/fleetctl/query_test.go
View file

@ -16,8 +16,7 @@ import (
func TestLiveQuery(t *testing.T) {
rs := pubsub.NewInmemQueryResults()
lq := new(live_query.MockLiveQuery)
server, ds := runServerWithMockedDS(t, service.TestServerOpts{Rs: rs, Lq: lq})
defer server.Close()
_, ds := runServerWithMockedDS(t, service.TestServerOpts{Rs: rs, Lq: lq})
ds.HostIDsByNameFunc = func(ctx context.Context, filter fleet.TeamFilter, hostnames []string) ([]uint, error) {
return []uint{1234}, nil

2
cmd/fleetctl/testdata/expectedHostDetailResponseJson.json vendored
View file

@ -1 +1 @@
{"kind":"host","apiVersion":"v1","spec":{"created_at":"0001-01-01T00:00:00Z","updated_at":"0001-01-01T00:00:00Z","id":0,"detail_updated_at":"0001-01-01T00:00:00Z","label_updated_at":"0001-01-01T00:00:00Z","last_enrolled_at":"0001-01-01T00:00:00Z","seen_time":"0001-01-01T00:00:00Z","refetch_requested":false,"hostname":"test_host","uuid":"","platform":"","osquery_version":"","os_version":"","build":"","platform_like":"","code_name":"","uptime":0,"memory":0,"cpu_type":"","cpu_subtype":"","cpu_brand":"","cpu_physical_cores":0,"cpu_logical_cores":0,"hardware_vendor":"","hardware_model":"","hardware_version":"","hardware_serial":"","computer_name":"test_host","primary_ip":"","primary_mac":"","distributed_interval":0,"config_tls_refresh":0,"logger_tls_period":0,"team_id":null,"pack_stats":null,"team_name":null,"gigs_disk_space_available":0,"percent_disk_space_available":0,"labels":[],"packs":[],"status":"mia","display_text":"test_host"}}
{"kind":"host","apiVersion":"v1","spec":{"created_at":"0001-01-01T00:00:00Z","updated_at":"0001-01-01T00:00:00Z","id":0,"detail_updated_at":"0001-01-01T00:00:00Z","label_updated_at":"0001-01-01T00:00:00Z","policy_updated_at":"0001-01-01T00:00:00Z","last_enrolled_at":"0001-01-01T00:00:00Z","seen_time":"0001-01-01T00:00:00Z","refetch_requested":false,"hostname":"test_host","uuid":"","platform":"","osquery_version":"","os_version":"","build":"","platform_like":"","code_name":"","uptime":0,"memory":0,"cpu_type":"","cpu_subtype":"","cpu_brand":"","cpu_physical_cores":0,"cpu_logical_cores":0,"hardware_vendor":"","hardware_model":"","hardware_version":"","hardware_serial":"","computer_name":"test_host","primary_ip":"","primary_mac":"","distributed_interval":0,"config_tls_refresh":0,"logger_tls_period":0,"team_id":null,"pack_stats":null,"team_name":null,"gigs_disk_space_available":0,"percent_disk_space_available":0,"labels":[],"packs":[],"status":"mia","display_text":"test_host"}}

1
cmd/fleetctl/testdata/expectedHostDetailResponseYaml.yml vendored
View file

@ -34,6 +34,7 @@ spec:
percent_disk_space_available: 0
platform: ""
platform_like: ""
policy_updated_at: "0001-01-01T00:00:00Z"
primary_ip: ""
primary_mac: ""
refetch_requested: false

4
cmd/fleetctl/testdata/expectedListHostsJson.json vendored
View file

@ -1,2 +1,2 @@
{"kind":"host","apiVersion":"v1","spec":{"created_at":"0001-01-01T00:00:00Z","updated_at":"0001-01-01T00:00:00Z","id":0,"detail_updated_at":"0001-01-01T00:00:00Z","label_updated_at":"0001-01-01T00:00:00Z","last_enrolled_at":"0001-01-01T00:00:00Z","seen_time":"0001-01-01T00:00:00Z","refetch_requested":false,"hostname":"test_host","uuid":"","platform":"","osquery_version":"","os_version":"","build":"","platform_like":"","code_name":"","uptime":0,"memory":0,"cpu_type":"","cpu_subtype":"","cpu_brand":"","cpu_physical_cores":0,"cpu_logical_cores":0,"hardware_vendor":"","hardware_model":"","hardware_version":"","hardware_serial":"","computer_name":"test_host","primary_ip":"","primary_mac":"","distributed_interval":0,"config_tls_refresh":0,"logger_tls_period":0,"team_id":null,"pack_stats":null,"team_name":null,"gigs_disk_space_available":0,"percent_disk_space_available":0,"status":"mia","display_text":"test_host"}}
{"kind":"host","apiVersion":"v1","spec":{"created_at":"0001-01-01T00:00:00Z","updated_at":"0001-01-01T00:00:00Z","id":0,"detail_updated_at":"0001-01-01T00:00:00Z","label_updated_at":"0001-01-01T00:00:00Z","last_enrolled_at":"0001-01-01T00:00:00Z","seen_time":"0001-01-01T00:00:00Z","refetch_requested":false,"hostname":"test_host2","uuid":"","platform":"","osquery_version":"","os_version":"","build":"","platform_like":"","code_name":"","uptime":0,"memory":0,"cpu_type":"","cpu_subtype":"","cpu_brand":"","cpu_physical_cores":0,"cpu_logical_cores":0,"hardware_vendor":"","hardware_model":"","hardware_version":"","hardware_serial":"","computer_name":"test_host2","primary_ip":"","primary_mac":"","distributed_interval":0,"config_tls_refresh":0,"logger_tls_period":0,"team_id":null,"pack_stats":null,"team_name":null,"gigs_disk_space_available":0,"percent_disk_space_available":0,"status":"mia","display_text":"test_host2"}}
{"kind":"host","apiVersion":"v1","spec":{"created_at":"0001-01-01T00:00:00Z","updated_at":"0001-01-01T00:00:00Z","id":0,"detail_updated_at":"0001-01-01T00:00:00Z","label_updated_at":"0001-01-01T00:00:00Z","last_enrolled_at":"0001-01-01T00:00:00Z","seen_time":"0001-01-01T00:00:00Z","refetch_requested":false,"hostname":"test_host","uuid":"","platform":"","osquery_version":"","os_version":"","build":"","platform_like":"","policy_updated_at":"0001-01-01T00:00:00Z","code_name":"","uptime":0,"memory":0,"cpu_type":"","cpu_subtype":"","cpu_brand":"","cpu_physical_cores":0,"cpu_logical_cores":0,"hardware_vendor":"","hardware_model":"","hardware_version":"","hardware_serial":"","computer_name":"test_host","primary_ip":"","primary_mac":"","distributed_interval":0,"config_tls_refresh":0,"logger_tls_period":0,"team_id":null,"pack_stats":null,"team_name":null,"gigs_disk_space_available":0,"percent_disk_space_available":0,"status":"mia","display_text":"test_host"}}
{"kind":"host","apiVersion":"v1","spec":{"created_at":"0001-01-01T00:00:00Z","updated_at":"0001-01-01T00:00:00Z","id":0,"detail_updated_at":"0001-01-01T00:00:00Z","label_updated_at":"0001-01-01T00:00:00Z","last_enrolled_at":"0001-01-01T00:00:00Z","seen_time":"0001-01-01T00:00:00Z","refetch_requested":false,"hostname":"test_host2","uuid":"","platform":"","osquery_version":"","os_version":"","build":"","platform_like":"","policy_updated_at":"0001-01-01T00:00:00Z","code_name":"","uptime":0,"memory":0,"cpu_type":"","cpu_subtype":"","cpu_brand":"","cpu_physical_cores":0,"cpu_logical_cores":0,"hardware_vendor":"","hardware_model":"","hardware_version":"","hardware_serial":"","computer_name":"test_host2","primary_ip":"","primary_mac":"","distributed_interval":0,"config_tls_refresh":0,"logger_tls_period":0,"team_id":null,"pack_stats":null,"team_name":null,"gigs_disk_space_available":0,"percent_disk_space_available":0,"status":"mia","display_text":"test_host2"}}

2
cmd/fleetctl/testdata/expectedListHostsYaml.yml vendored
View file

@ -32,6 +32,7 @@ spec:
percent_disk_space_available: 0
platform: ""
platform_like: ""
policy_updated_at: "0001-01-01T00:00:00Z"
primary_ip: ""
primary_mac: ""
refetch_requested: false
@ -76,6 +77,7 @@ spec:
percent_disk_space_available: 0
platform: ""
platform_like: ""
policy_updated_at: "0001-01-01T00:00:00Z"
primary_ip: ""
primary_mac: ""
refetch_requested: false

3
cmd/fleetctl/users_test.go
View file

@ -9,8 +9,7 @@ import (
)
func TestUserDelete(t *testing.T) {
server, ds := runServerWithMockedDS(t)
defer server.Close()
_, ds := runServerWithMockedDS(t)
ds.UserByEmailFunc = func(ctx context.Context, email string) (*fleet.User, error) {
return &fleet.User{

4
cmd/fleetctl/vulnerability_data_stream_test.go
View file

@ -12,6 +12,10 @@ import (
)
func TestVulnerabilityDataStream(t *testing.T) {
if os.Getenv("NETWORK_TEST") == "" {
t.Skip("set environment variable NETWORK_TEST=1 to run")
}
runAppCheckErr(t, []string{"vulnerability-data-stream"}, "No directory provided")
vulnPath := t.TempDir()

82
cmd/osquery-perf/README.md Normal file
View file

@ -0,0 +1,82 @@
# Osquery Server Performance Tester
> **TODO: Archive this repo and move its contents inline into https://github.com/fleetdm/fleet**
This repository provides a tool to generate realistic traffic to an osquery
management server (primarily, [Fleet](https://github.com/fleetdm/fleet)). With
this tool, many thousands of hosts can be simulated from a single host.
## Requirements
The only requirement for running this tool is a working installation of
[Go](https://golang.org/doc/install).
## Usage
Typically `go run` is used:
```
go run agent.go --help
Usage of agent.go:
-config_interval duration
Interval for config requests (default 1m0s)
-enroll_secret string
Enroll secret to authenticate enrollment
-host_count int
Number of hosts to start (default 10) (default 10)
-query_interval duration
Interval for live query requests (default 10s)
-seed int
Seed for random generator (default current time) (default 1586310930917739000)
-server_url string
URL (with protocol and port of osquery server) (default "https://localhost:8080")
-start_period duration
Duration to spread start of hosts over (default 10s)
exit status 2
```
The tool should be invoked with the appropriate enroll secret. A typical
invocation looks like:
```
go run agent.go --enroll_secret hgh4hk3434l2jjf
```
When starting many hosts, it is a good idea to extend the intervals, and also
the period over which the hosts are started:
```
go run agent.go --enroll_secret hgh4hk3434l2jjf --host_count 5000 --start_period 5m --query_interval 60s --config_interval 5m
```
This will start 5,000 hosts over a period of 5 minutes. Each host will check in
for live queries at a 1 minute interval, and for configuration at a 5 minute
interval. Starting over a 5 minute period ensures that the configuration
requests are spread evenly over the 5 minute interval.
It can be useful to start the "same" hosts. This can be achieved with the
`--seed` parameter:
```
go run agent.go --enroll_secret hgh4hk3434l2jjf --seed 0
```
By using the same seed, along with other values, we usually get hosts that look
the same to the server. This is not guaranteed, but it is a useful technique.
### Resource Limits
On many systems, trying to simulate a large number of hosts will result in hitting system resource limits (such as number of open file descriptors).
If you see errors such as `dial tcp: lookup localhost: no such host` or `read: connection reset by peer`, try increasing these limits.
#### macOS
Run the following command in the shell before running the Fleet server _and_ before running `agent.go` (run it once in each shell):
``` sh
ulimit -n 64000
```
## Bugs
To report a bug, [click here](https://github.com/fleetdm/fleet).

285
cmd/osquery-perf/agent.go Normal file
View file

@ -0,0 +1,285 @@
package main
import (
"bytes"
"crypto/tls"
"encoding/json"
"flag"
"fmt"
"log"
"math/rand"
"net/http"
"strings"
"text/template"
"time"
"github.com/google/uuid"
)
type Agent struct {
ServerAddress string
EnrollSecret string
NodeKey string
UUID string
Client http.Client
ConfigInterval time.Duration
QueryInterval time.Duration
Templates *template.Template
strings map[string]string
}
func NewAgent(serverAddress, enrollSecret string, templates *template.Template, configInterval, queryInterval time.Duration) *Agent {
transport := http.DefaultTransport.(*http.Transport).Clone()
transport.TLSClientConfig = &tls.Config{InsecureSkipVerify: true}
transport.DisableCompression = true
return &Agent{
ServerAddress: serverAddress,
EnrollSecret: enrollSecret,
Templates: templates,
ConfigInterval: configInterval,
QueryInterval: queryInterval,
UUID: uuid.New().String(),
Client: http.Client{Transport: transport},
strings: make(map[string]string),
}
}
type enrollResponse struct {
NodeKey string `json:"node_key"`
}
type distributedReadResponse struct {
Queries map[string]string `json:"queries"`
}
func (a *Agent) runLoop() {
a.Enroll()
a.Config()
resp, err := a.DistributedRead()
if err != nil {
log.Println(err)
} else {
if len(resp.Queries) > 0 {
a.DistributedWrite(resp.Queries)
}
}
configTicker := time.Tick(a.ConfigInterval)
liveQueryTicker := time.Tick(a.QueryInterval)
for {
select {
case <-configTicker:
a.Config()
case <-liveQueryTicker:
resp, err := a.DistributedRead()
if err != nil {
log.Println(err)
} else {
if len(resp.Queries) > 0 {
a.DistributedWrite(resp.Queries)
}
}
}
}
}
const stringVals = "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789-_."
func (a *Agent) randomString(n int) string {
sb := strings.Builder{}
sb.Grow(n)
for i := 0; i < n; i++ {
sb.WriteByte(stringVals[rand.Int63()%int64(len(stringVals))])
}
return sb.String()
}
func (a *Agent) CachedString(key string) string {
if val, ok := a.strings[key]; ok {
return val
}
val := a.randomString(12)
a.strings[key] = val
return val
}
func (a *Agent) Enroll() {
var body bytes.Buffer
if err := a.Templates.ExecuteTemplate(&body, "enroll", a); err != nil {
log.Println("execute template:", err)
return
}
req, err := http.NewRequest("POST", a.ServerAddress+"/api/v1/osquery/enroll", &body)
if err != nil {
log.Println("create request:", err)
return
}
req.Header.Add("Content-Type", "application/json")
req.Header.Add("Accept", "application/json")
req.Header.Add("User-Agent", "osquery/4.6.0")
resp, err := a.Client.Do(req)
if err != nil {
log.Println("do request:", err)
return
}
defer resp.Body.Close()
if resp.StatusCode != http.StatusOK {
log.Println("status:", resp.Status)
return
}
var parsedResp enrollResponse
if err := json.NewDecoder(resp.Body).Decode(&parsedResp); err != nil {
log.Println("json parse:", err)
return
}
a.NodeKey = parsedResp.NodeKey
}
func (a *Agent) Config() {
body := bytes.NewBufferString(`{"node_key": "` + a.NodeKey + `"}`)
req, err := http.NewRequest("POST", a.ServerAddress+"/api/v1/osquery/config", body)
if err != nil {
log.Println("create config request:", err)
return
}
req.Header.Add("Content-Type", "application/json")
req.Header.Add("Accept", "application/json")
req.Header.Add("User-Agent", "osquery/4.6.0")
resp, err := a.Client.Do(req)
if err != nil {
log.Println("do config request:", err)
return
}
defer resp.Body.Close()
if resp.StatusCode != http.StatusOK {
log.Println("config status:", resp.Status)
return
}
// No need to read the config body
}
func (a *Agent) DistributedRead() (*distributedReadResponse, error) {
body := bytes.NewBufferString(`{"node_key": "` + a.NodeKey + `"}`)
req, err := http.NewRequest("POST", a.ServerAddress+"/api/v1/osquery/distributed/read", body)
if err != nil {
return nil, fmt.Errorf("create distributed read request: %s", err)
}
req.Header.Add("Content-Type", "application/json")
req.Header.Add("Accept", "application/json")
req.Header.Add("User-Agent", "osquery/4.6.0")
resp, err := a.Client.Do(req)
if err != nil {
return nil, fmt.Errorf("do distributed read request: %s", err)
}
defer resp.Body.Close()
if resp.StatusCode != http.StatusOK {
return nil, fmt.Errorf("distributed read status: %s", resp.Status)
}
var parsedResp distributedReadResponse
if err := json.NewDecoder(resp.Body).Decode(&parsedResp); err != nil {
return nil, fmt.Errorf("json parse distributed read response: %s", err)
}
return &parsedResp, nil
}
type distributedWriteRequest struct {
Queries map[string]json.RawMessage `json:"queries"`
Statuses map[string]string `json:"statuses"`
NodeKey string `json:"node_key"`
}
var defaultQueryResult = json.RawMessage(`[{"foo": "bar"}]`)
const statusSuccess = "0"
func (a *Agent) DistributedWrite(queries map[string]string) {
var body bytes.Buffer
if _, ok := queries["fleet_detail_query_network_interface"]; ok {
// Respond to label/detail queries
a.Templates.ExecuteTemplate(&body, "distributed_write", a)
} else {
// Return a generic response for any other queries
req := distributedWriteRequest{
Queries: make(map[string]json.RawMessage),
Statuses: make(map[string]string),
NodeKey: a.NodeKey,
}
for name := range queries {
req.Queries[name] = defaultQueryResult
req.Statuses[name] = statusSuccess
}
json.NewEncoder(&body).Encode(req)
}
req, err := http.NewRequest("POST", a.ServerAddress+"/api/v1/osquery/distributed/write", &body)
if err != nil {
log.Println("create distributed write request:", err)
return
}
req.Header.Add("Content-Type", "application/json")
req.Header.Add("Accept", "application/json")
req.Header.Add("User-Agent", "osquery/4.6.0")
resp, err := a.Client.Do(req)
if err != nil {
log.Println("do distributed write request:", err)
return
}
defer resp.Body.Close()
if resp.StatusCode != http.StatusOK {
log.Println("distributed write status:", resp.Status)
return
}
// No need to read the distributed write body
}
func main() {
serverURL := flag.String("server_url", "https://localhost:8080", "URL (with protocol and port of osquery server)")
enrollSecret := flag.String("enroll_secret", "", "Enroll secret to authenticate enrollment")
hostCount := flag.Int("host_count", 10, "Number of hosts to start (default 10)")
randSeed := flag.Int64("seed", time.Now().UnixNano(), "Seed for random generator (default current time)")
startPeriod := flag.Duration("start_period", 10*time.Second, "Duration to spread start of hosts over")
configInterval := flag.Duration("config_interval", 1*time.Minute, "Interval for config requests")
queryInterval := flag.Duration("query_interval", 10*time.Second, "Interval for live query requests")
flag.Parse()
rand.Seed(*randSeed)
tmpl, err := template.ParseGlob("*.tmpl")
if err != nil {
log.Fatal("parse templates: ", err)
}
// Spread starts over the interval to prevent thunering herd
sleepTime := *startPeriod / time.Duration(*hostCount)
var agents []*Agent
for i := 0; i < *hostCount; i++ {
a := NewAgent(*serverURL, *enrollSecret, tmpl, *configInterval, *queryInterval)
agents = append(agents, a)
go a.runLoop()
time.Sleep(sleepTime)
}
fmt.Println("Agents running. Kill with C-c.")
<-make(chan struct{})
}

309
cmd/osquery-perf/mac10.14.6.tmpl Normal file
View file

@ -0,0 +1,309 @@
{{ define "enroll" -}}
{
"enroll_secret": "{{ .EnrollSecret }}",
"host_details": {
"os_version": {
"build": "18G3020",
"major": "10",
"minor": "14",
"name": "Mac OS X",
"patch": "6",
"platform": "darwin",
"platform_like": "darwin",
"version": "10.14.6"
},
"osquery_info": {
"build_distro": "10.12",
"build_platform": "darwin",
"config_hash": "",
"config_valid": "0",
"extensions": "inactive",
"instance_id": "{{ .UUID }}",
"pid": "12947",
"platform_mask": "21",
"start_time": "1580931224",
"uuid": "{{ .UUID }}",
"version": "4.6.0",
"watcher": "12946"
},
"platform_info": {
"address": "0xff990000",
"date": "12/16/2019 ",
"extra": "MBP114; 196.0.0.0.0; root@xapp160; Mon Dec 16 15:55:18 PST 2019; 196 (B&I); F000_B00; Official Build, Release; Apple LLVM version 5.0 (clang-500.0.68) (based on LLVM 3.3svn)",
"revision": "196 (B&I)",
"size": "8388608",
"vendor": "Apple Inc. ",
"version": "196.0.0.0.0 ",
"volume_size": "1507328"
},
"system_info": {
"computer_name": "{{ .CachedString "hostname" }}",
"cpu_brand": "Intel(R) Core(TM) i7-4770HQ CPU @ 2.20GHz\u0000\u0000\u0000\u0000\u0000\u0000\u0000",
"cpu_logical_cores": "8",
"cpu_physical_cores": "4",
"cpu_subtype": "Intel x86-64h Haswell",
"cpu_type": "x86_64h",
"hardware_model": "MacBookPro11,4",
"hardware_serial": "D02R835DG8WK",
"hardware_vendor": "Apple Inc.",
"hardware_version": "1.0",
"hostname": "{{ .CachedString "hostname" }}",
"local_hostname": "{{ .CachedString "hostname" }}",
"physical_memory": "17179869184",
"uuid": "{{ .UUID }}"
}
},
"host_identifier": "{{ .CachedString "hostname" }}",
"platform_type": "21"
}
{{- end }}
{{ define "distributed_write" -}}
{
"queries":{
"fleet_detail_query_network_interface":[
{
"point_to_point":"",
"address":"fe80::8cb:112d:ff51:1e5d%en0",
"mask":"ffff:ffff:ffff:ffff::",
"broadcast":"",
"interface":"en0",
"mac":"f8:2d:88:93:56:5c",
"type":"6",
"mtu":"1500",
"metric":"0",
"ipackets":"278493",
"opackets":"206238",
"ibytes":"275799040",
"obytes":"37720064",
"ierrors":"0",
"oerrors":"0",
"idrops":"0",
"odrops":"0",
"last_change":"1582848084"
},
{
"point_to_point":"",
"address":"192.168.1.3",
"mask":"255.255.255.0",
"broadcast":"192.168.1.255",
"interface":"en0",
"mac":"f5:5a:80:92:52:5b",
"type":"6",
"mtu":"1500",
"metric":"0",
"ipackets":"278493",
"opackets":"206238",
"ibytes":"275799040",
"obytes":"37720064",
"ierrors":"0",
"oerrors":"0",
"idrops":"0",
"odrops":"0",
"last_change":"1582848084"
},
{
"point_to_point":"127.0.0.1",
"address":"127.0.0.1",
"mask":"255.0.0.0",
"broadcast":"",
"interface":"lo0",
"mac":"00:00:00:00:00:00",
"type":"24",
"mtu":"16384",
"metric":"0",
"ipackets":"132952",
"opackets":"132952",
"ibytes":"67053568",
"obytes":"67053568",
"ierrors":"0",
"oerrors":"0",
"idrops":"0",
"odrops":"0",
"last_change":"1582840871"
},
{
"point_to_point":"::1",
"address":"::1",
"mask":"ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff",
"broadcast":"",
"interface":"lo0",
"mac":"00:00:00:00:00:00",
"type":"24",
"mtu":"16384",
"metric":"0",
"ipackets":"132952",
"opackets":"132952",
"ibytes":"67053568",
"obytes":"67053568",
"ierrors":"0",
"oerrors":"0",
"idrops":"0",
"odrops":"0",
"last_change":"1582840871"
},
{
"point_to_point":"",
"address":"fe80::1%lo0",
"mask":"ffff:ffff:ffff:ffff::",
"broadcast":"",
"interface":"lo0",
"mac":"00:00:00:00:00:00",
"type":"24",
"mtu":"16384",
"metric":"0",
"ipackets":"132952",
"opackets":"132952",
"ibytes":"67053568",
"obytes":"67053568",
"ierrors":"0",
"oerrors":"0",
"idrops":"0",
"odrops":"0",
"last_change":"1582840871"
},
{
"point_to_point":"",
"address":"fe80::3a:84ff:fe6b:bf75%awdl0",
"mask":"ffff:ffff:ffff:ffff::",
"broadcast":"",
"interface":"awdl0",
"mac":"03:3b:94:5b:be:75",
"type":"6",
"mtu":"1484",
"metric":"0",
"ipackets":"0",
"opackets":"16",
"ibytes":"0",
"obytes":"3072",
"ierrors":"0",
"oerrors":"0",
"idrops":"0",
"odrops":"0",
"last_change":"1582842892"
},
{
"point_to_point":"",
"address":"fe80::6eaf:9721:3476:b691%utun0",
"mask":"ffff:ffff:ffff:ffff::",
"broadcast":"",
"interface":"utun0",
"mac":"00:00:00:00:00:00",
"type":"1",
"mtu":"2000",
"metric":"0",
"ipackets":"0",
"opackets":"2",
"ibytes":"0",
"obytes":"0",
"ierrors":"0",
"oerrors":"0",
"idrops":"0",
"odrops":"0",
"last_change":"1582840897"
}
],
"fleet_detail_query_os_version":[
{
"name":"Mac OS X",
"version":"10.14.6",
"major":"10",
"minor":"14",
"patch":"6",
"build":"18G3020",
"platform":"darwin",
"platform_like":"darwin",
"codename":""
}
],
"fleet_detail_query_osquery_flags":[
{
"name":"config_refresh",
"value":"{{ printf "%.0f" .ConfigInterval.Seconds }}"
},
{
"name":"distributed_interval",
"value":"{{ printf "%.0f" .QueryInterval.Seconds }}"
},
{
"name":"logger_tls_period",
"value":"99999"
}
],
"fleet_detail_query_osquery_info":[
{
"pid":"11287",
"uuid":"{{ .UUID }}",
"instance_id":"{{ .UUID }}",
"version":"4.1.2",
"config_hash":"b01efbf375ac6767f259ae98751154fef727ce35",
"config_valid":"1",
"extensions":"inactive",
"build_platform":"darwin",
"build_distro":"10.12",
"start_time":"1582857555",
"watcher":"11286",
"platform_mask":"21"
}
],
"fleet_detail_query_system_info":[
{
"hostname":"{{ .CachedString "hostname" }}",
"uuid":"4740D59F-699E-5B29-960B-979AAF9BBEEB",
"cpu_type":"x86_64h",
"cpu_subtype":"Intel x86-64h Haswell",
"cpu_brand":"Intel(R) Core(TM) i7-4770HQ CPU @ 2.20GHz",
"cpu_physical_cores":"4",
"cpu_logical_cores":"8",
"cpu_microcode":"",
"physical_memory":"17179869184",
"hardware_vendor":"Apple Inc.",
"hardware_model":"MacBookPro11,4",
"hardware_version":"1.0",
"hardware_serial":"C02R262BM8LN",
"computer_name":"{{ .CachedString "hostname" }}",
"local_hostname":"{{ .CachedString "hostname" }}"
}
],
"fleet_detail_query_uptime":[
{
"days":"0",
"hours":"4",
"minutes":"38",
"seconds":"11",
"total_seconds":"16691"
}
]
},
"statuses":{
"fleet_detail_query_network_interface":0,
"fleet_detail_query_os_version":0,
"fleet_detail_query_osquery_flags":0,
"fleet_detail_query_osquery_info":0,
"fleet_detail_query_system_info":0,
"fleet_detail_query_uptime":0
},
"node_key":"{{ .NodeKey }}"
}
{{- end }}

6
cypress-free.json
View file

@ -1,5 +1,9 @@
{
"baseUrl": "https://localhost:8642",
"fixturesFolder": false,
"testFiles": "{all,free}/**/*.spec.ts"
"testFiles": "{all,free}/**/*.spec.ts",
"retries": {
"runMode": 1,
"openMode": 0
}
}

6
cypress-premium.json
View file

@ -1,5 +1,9 @@
{
"baseUrl": "https://localhost:8642",
"fixturesFolder": false,
"testFiles": "{all,premium}/**/*.spec.ts"
"testFiles": "{all,premium}/**/*.spec.ts",
"retries": {
"runMode": 1,
"openMode": 0
}
}

6
cypress.json
View file

@ -2,5 +2,9 @@
"baseUrl": "https://localhost:8642",
"fixturesFolder": false,
"testFiles": "**/*.ts",
"defaultCommandTimeout": 8000
"defaultCommandTimeout": 8000,
"retries": {
"runMode": 1,
"openMode": 0
}
}

4
cypress/README.md
View file

@ -1,6 +1,6 @@
# Cypress Testing
Cypress tests are designed solely for end-to-end testing. If this is your first time developing or running end-to-end tests, [Fleet testing documentation](../docs/3-Contributing/2-Testing.md) includes git instructions for test preparation and running tests.
Cypress tests are designed solely for end-to-end testing. If this is your first time developing or running end-to-end tests, [Fleet testing documentation](../docs/03-Contributing/02-Testing.md) includes git instructions for test preparation and running tests.
## Fleet Cypress directories
@ -37,6 +37,6 @@ As much as possible, assert that the code is only selecting 1 item or that the f
## Resources
- [Fleet testing documentation](../docs/3-Contributing/2-Testing.md)
- [Fleet testing documentation](../docs/03-Contributing/02-Testing.md)
- [Cypress documentation](https://docs.cypress.io/api/table-of-contents)
- [React testing-library query documentation](https://testing-library.com/docs/queries/about)

4
cypress/integration/all/app/hosts.spec.ts
View file

@ -10,6 +10,7 @@ describe(
cy.setup();
cy.login();
cy.addDockerHost();
cy.clearDownloads();
});
afterEach(() => {
@ -45,9 +46,6 @@ describe(
cy.get("input[disabled]").should("have.value", contents);
});
// ensure load
cy.wait(5000); // eslint-disable-line cypress/no-unnecessary-waiting
// Wait until the host becomes available (usually immediate in local
// testing, but may vary by environment).
cy.waitUntil(

10
cypress/integration/all/app/manageUsers.spec.ts
View file

@ -6,15 +6,7 @@ describe("Manage Users", () => {
});
it("Searching for a user", () => {
cy.intercept({
method: "GET",
url: "/api/v1/fleet/users",
}).as("getUsers");
cy.visit("/settings/users");
cy.url().should("match", /\/settings\/users$/i);
cy.wait("@getUsers");
cy.findByText("admin@example.com").should("exist");
cy.findByText("maintainer@example.com").should("exist");
@ -23,8 +15,6 @@ describe("Manage Users", () => {
cy.findByPlaceholderText("Search").type("admin");
cy.wait("@getUsers");
cy.findByText("admin@example.com").should("exist");
cy.findByText("maintainer@example.com").should("not.exist");
cy.findByText("observer@example.com").should("not.exist");

136
cypress/integration/all/app/queryflow.spec.ts
View file

@ -9,50 +9,43 @@ describe(
cy.login();
});
// TODO - Fix tests according to improved query experience - MP
it("Create, check, edit, and delete a query successfully and create, edit, and delete a global scheduled query successfully", () => {
cy.visit("/queries/manage");
cy.findByRole("button", { name: /create new query/i }).should("exist");
// cy.findByRole("button", { name: /create new query/i }).click();
cy.findByRole("button", { name: /create new query/i }).click();
// cy.findByLabelText(/query name/i)
// .click()
// .type("Query all window crashes");
// Using class selector because third party element doesn't work with Cypress Testing Selector Library
cy.get(".ace_scroller")
.click({ force: true })
.type("{selectall}SELECT * FROM windows_crashes;");
// // Using class selector because third party element doesn't work with Cypress Testing Selector Library
// cy.get(".ace_scroller")
// .click({ force: true })
// .type("{selectall}{backspace}SELECT * FROM windows_crashes;");
cy.findByRole("button", { name: /save/i }).click();
// cy.findByLabelText(/description/i)
// .click()
// .type("See all window crashes");
cy.findByLabelText(/name/i).click().type("Query all window crashes");
// cy.findByRole("button", { name: /save/i }).click();
cy.findByLabelText(/description/i)
.click()
.type("See all window crashes");
// cy.findByRole("button", { name: /save as new/i }).click();
cy.findByRole("button", { name: /save query/i }).click();
// Just refreshes to create new query, needs success alert to user that they created a query
// cy.visit("/queries/manage");
cy.findByText(/query created/i).should("exist");
cy.findByText(/back to queries/i).should("exist");
cy.visit("/queries/manage");
// cy.findByText(/query all/i).click();
cy.findByText(/query all/i).click();
// cy.findByText(/edit & run query/i).should("exist");
cy.findByText(/run query/i).should("exist");
// cy.get(".ace_scroller")
// .click({ force: true })
// .type(
// "{selectall}{backspace}SELECT datetime, username FROM windows_crashes;"
// );
cy.get(".ace_scroller")
.click({ force: true })
.type("{selectall}SELECT datetime, username FROM windows_crashes;");
// cy.findByRole("button", { name: /save/i }).click();
cy.findByRole("button", { name: /^Save$/ }).click();
// cy.findByRole("button", { name: /save changes/i }).click();
cy.findByText(/query updated/i).should("be.visible");
// cy.findByText(/query updated/i).should("be.visible");
// // Test Schedules
// // Start e2e test for schedules
// cy.visit("/schedule/manage");
// cy.wait(1000); // eslint-disable-line cypress/no-unnecessary-waiting
@ -85,64 +78,67 @@ describe(
// .contains("button", /schedule/i)
// .click();
// cy.visit("/schedule/manage");
// cy.visit("/schedule/manage");
// cy.wait(3000); // eslint-disable-line cypress/no-unnecessary-waiting
// cy.findByText(/query all window crashes/i).should("exist");
// cy.wait(2000); // eslint-disable-line cypress/no-unnecessary-waiting
// cy.findByText(/query all window crashes/i).should("exist");
// cy.findByText(/actions/i).click();
// cy.findByText(/edit/i).click();
// cy.findByText(/actions/i).click();
// cy.findByText(/edit/i).click();
// cy.get(
// ".schedule-editor-modal__form-field--frequency > .dropdown__select"
// ).click();
// cy.get(
// ".schedule-editor-modal__form-field--frequency > .dropdown__select"
// ).click();
// cy.findByText(/every 6 hours/i).click();
// cy.findByText(/every 6 hours/i).click();
// cy.findByText(/show advanced options/i).click();
// cy.findByText(/show advanced options/i).click();
// cy.findByText(/ignore removals/i).click();
// cy.findByText(/snapshot/i).click();
// cy.findByText(/ignore removals/i).click();
// cy.findByText(/snapshot/i).click();
// cy.get(".schedule-editor-modal__form-field--shard > .input-field")
// .click()
// .type("{selectall}{backspace}10");
// cy.get(".schedule-editor-modal__form-field--shard > .input-field")
// .click()
// .type("{selectall}{backspace}10");
// cy.get(".schedule-editor-modal__btn-wrap")
// .contains("button", /schedule/i)
// .click();
// cy.get(".schedule-editor-modal__btn-wrap")
// .contains("button", /schedule/i)
// .click();
// cy.wait(1000); // eslint-disable-line cypress/no-unnecessary-waiting
// cy.findByText(/actions/i).click();
// cy.findByText(/remove/i).click();
// cy.visit("/schedule/manage");
// cy.get(".remove-scheduled-query-modal__btn-wrap")
// .contains("button", /remove/i)
// .click();
// cy.wait(2000); // eslint-disable-line cypress/no-unnecessary-waiting
// cy.findByText(/actions/i).click();
// cy.findByText(/remove/i).click();
// cy.findByText(/query all window crashes/i).should("not.exist");
// // End Test Schedules
// cy.get(".remove-scheduled-query-modal__btn-wrap")
// .contains("button", /remove/i)
// .click();
// cy.visit("/queries/manage");
// cy.findByText(/query all window crashes/i).should("not.exist");
// cy.findByText(/query all window crashes/i)
// .parent()
// .parent()
// .within(() => {
// cy.get(".fleet-checkbox__input").check({ force: true });
// });
// // End e2e test for schedules
// cy.findByRole("button", { name: /delete/i }).click();
cy.visit("/queries/manage");
// // Can't figure out how attach findByRole onto modal button
// // Can't use findByText because delete button under modal
// cy.get(".remove-query-modal")
// .contains("button", /delete/i)
// .click();
cy.findByText(/query all window crashes/i)
.parent()
.parent()
.within(() => {
cy.get(".fleet-checkbox__input").check({ force: true });
});
// cy.findByText(/successfully removed query/i).should("be.visible");
cy.findByRole("button", { name: /delete/i }).click();
// cy.findByText(/query all/i).should("not.exist");
// Can't figure out how attach findByRole onto modal button
// Can't use findByText because delete button under modal
cy.get(".remove-query-modal")
.contains("button", /delete/i)
.click();
cy.findByText(/successfully removed query/i).should("be.visible");
cy.findByText(/query all/i).should("not.exist");
});
}
);

13
cypress/integration/all/app/resetsessions.spec.ts
View file

@ -20,14 +20,11 @@ describe("Reset user sessions flow", () => {
// first select the table cell with the user's email address then go back up to the containing row
// so we can select reset sessions from actions dropdown
cy.get("tbody>tr>td")
.contains(/admin@example.com/i)
.parent()
.parent()
.within(() => {
cy.findByText(/actions/i).click();
cy.findByText(/reset sessions/i).click();
});
cy.contains("div.Select-placeholder", /actions/i);
// eslint-disable-next-line cypress/no-unnecessary-waiting
cy.wait(500);
cy.contains("div.Select-placeholder", /actions/i).click();
cy.contains(/reset sessions/i).click();
cy.get(".modal__modal_container").within(() => {
cy.findByText(/reset sessions/i).should("exist");

13
cypress/integration/free/observer.spec.ts
View file

@ -65,20 +65,11 @@ describe("Free tier - Observer user", () => {
cy.findByText(/show sql/i).click();
cy.findByRole("button", { name: /run query/i }).should("exist");
cy.visit("/queries/manage");
cy.findByText(/get authorized/i).click();
cy.findByText(/packs/i).should("not.exist");
cy.findByLabelText(/query name/i).should("not.exist");
cy.findByLabelText(/sql/i).should("not.exist");
cy.findByLabelText(/description/i).should("not.exist");
cy.findByLabelText(/observer can run/i).should("not.exist");
cy.findByText(/show sql/i).click();
cy.findByRole("button", { name: /run query/i }).should("not.exist");
// On the Profile page, they should…
// See Observer in Role section, and no Team section
cy.visit("/profile");
cy.wait(2000); // eslint-disable-line cypress/no-unnecessary-waiting
cy.findByText(/teams/i).should("not.exist");
cy.findByText("Role")
.next()

94
cypress/integration/premium/teamflow.spec.ts
View file

@ -5,12 +5,13 @@ describe("Teams flow", () => {
cy.viewport(1200, 660);
});
/* TODO fix and reenable
This test is causing major flake issues due to the dropdown menu */
it("Create, edit, and delete a team successfully", () => {
cy.visit("/settings/teams");
cy.wait(2000); // eslint-disable-line cypress/no-unnecessary-waiting
cy.findByRole("button", { name: /create team/i }).click();
cy.findByRole("button", { name: /create team/i }).click({ force: true });
cy.findByLabelText(/team name/i)
.click()
@ -28,24 +29,92 @@ describe("Teams flow", () => {
cy.findByText(/agent options/i).click();
cy.get(".ace_content")
.click()
.type("{selectall}{backspace}apiVersion: v1{enter}kind: options");
cy.contains(".ace_content", "config:");
cy.get(".ace_text-input")
.first()
.focus()
.type("{selectall}{backspace}config:\n options:");
cy.findByRole("button", { name: /save options/i }).click();
cy.contains("span", /successfully saved/i);
cy.visit("/settings/teams/1/options");
cy.contains(/apiVersion: v1/i).should("be.visible");
cy.contains(/kind: options/i).should("be.visible");
cy.contains(/config:/i).should("be.visible");
cy.contains(/options:/i).should("be.visible");
// Check team in schedules
cy.visit("/queries/manage");
cy.findByRole("button", { name: /create new query/i }).click();
// Using class selector because third party element doesn't work with Cypress Testing Selector Library
cy.get(".ace_scroller")
.click({ force: true })
.type("{selectall}SELECT * FROM windows_crashes;");
cy.findByRole("button", { name: /save/i }).click();
cy.findByLabelText(/name/i).click().type("Query all window crashes");
cy.findByLabelText(/description/i)
.click()
.type("See all window crashes");
cy.findByRole("button", { name: /save query/i }).click();
cy.visit("/schedule/manage");
cy.wait(1000); // eslint-disable-line cypress/no-unnecessary-waiting
cy.findByRole("button", { name: /schedule a query/i }).click();
cy.findByText(/select query/i).click();
cy.findByText(/query all window crashes/i).click();
cy.get(
".schedule-editor-modal__form-field--frequency > .dropdown__select"
).click();
cy.findByText(/every week/i).click();
cy.findByText(/show advanced options/i).click();
cy.get(
".schedule-editor-modal__form-field--logging > .dropdown__select"
).click();
cy.findByText(/ignore removals/i).click();
cy.get(".schedule-editor-modal__form-field--shard > .input-field")
.click()
.type("50");
cy.get(".schedule-editor-modal__btn-wrap")
.contains("button", /schedule/i)
.click();
cy.visit("/schedule/manage");
cy.wait(2000); // eslint-disable-line cypress/no-unnecessary-waiting
cy.findByText(/all teams/i).click();
cy.findByText(/valor/i).click();
cy.wait(1000); // eslint-disable-line cypress/no-unnecessary-waiting
cy.findByText(/query all window crashes/i).should("not.exist");
cy.findByText(/inherited query/i).click();
cy.findByText(/query all window crashes/i).should("exist");
// Edit Team
cy.visit("/settings/teams");
cy.contains("Valor").get(".Select-arrow-zone").click();
// need force:true for dropdown
cy.findByText(/edit/i).click({ force: true });
cy.wait(1000); // eslint-disable-line cypress/no-unnecessary-waiting
cy.findByText(/actions/i).click({ force: true });
cy.findByText(/edit/i).click({ force: true }); // need force:true for dropdown
cy.wait(1000); // eslint-disable-line cypress/no-unnecessary-waiting
cy.findByLabelText(/team name/i)
.click()
.type("{selectall}{backspace}Mystic");
@ -61,6 +130,7 @@ describe("Teams flow", () => {
cy.findByText(/delete/i).click({ force: true });
cy.wait(1000); // eslint-disable-line cypress/no-unnecessary-waiting
cy.findByRole("button", { name: /delete/i }).click();
cy.findByText(/successfully deleted/i).should("be.visible");

4
cypress/support/commands.ts
View file

@ -285,3 +285,7 @@ Cypress.Commands.add("stopDockerHost", () => {
},
});
});
Cypress.Commands.add("clearDownloads", () => {
cy.exec(`rm -rf ${Cypress.config("downloadsFolder")}`);
});

13
docs/1-Using-Fleet/0-Learn-how-to-use-Fleet.md → docs/01-Using-Fleet/00-Learn-how-to-use-Fleet.md
View file

@ -28,19 +28,14 @@ So, let's start by asking the following questions about Fleet's 7 simulated Linu
2. Do these devices have a high severity vulnerable version of OpenSSL installed?
These questions can easily be answered, by running the following query: "Detect Linux hosts with high severity vulnerable versions of OpenSSL."
These questions can easily be answered, by running this simple query: "Get OpenSSL versions."
On the **Queries** page, enter the query name, "Detect Linux hosts with high severity vulnerable versions of OpenSSL," in the search box, select the query from the results table, and navigate to the **Edit or run query** page.
On the **Queries** page, enter the query name, "Get OpenSSL versions," in the search box, and select it to enter the **query console**. Then from the **query console**, hit "Run query", and from the "Select targets" page, select "All hosts," to run this query against all hosts enrolled in your Fleet. Then hit the "Run" button to execute the query.
<img src="https://user-images.githubusercontent.com/78363703/128487468-7961c509-d0ba-48be-a0e8-54bfb4c371d5.png" alt="Fleet query search"/>
<img src="https://user-images.githubusercontent.com/78363703/134630888-da9e7244-7d5d-4724-87ef-1bb41737308f.png" alt="Fleet select targets"/>
On the **Edit or run query** page, open the "Select targets" dropdown, and press the purple "+" icon to the right of "All hosts," to run this query against all hosts enrolled in your Fleet. Then hit the "Run" button to execute the query.
<img src="https://user-images.githubusercontent.com/78363703/128487638-7d779d89-f3fa-42dd-903f-070dc9347a9b.png" alt="Fleet select targets"/>
The query may take several seconds to complete, because Fleet has to wait for the osquery agents to respond with results.
> Fleet's query response time is inherently variable because of osquery's heartbeat response time. This helps prevent performance issues on hosts.
@ -48,7 +43,7 @@ The query may take several seconds to complete, because Fleet has to wait for th
When the query has finished, you should see 4 columns and several rows in the "Results" table:
<img src="https://user-images.githubusercontent.com/78363703/128488112-56c762da-5029-42d1-8f5d-e74f22aa39cd.png" alt="Fleet query results"/>
<img src="https://user-images.githubusercontent.com/78363703/134631391-cb62fbd4-81ab-4ea6-8e38-807cccc9c6cc.png" alt="Fleet query results"/>
- The "hostname" column answers: which device responded for a given row of results?

2
docs/1-Using-Fleet/1-Fleet-UI.md → docs/01-Using-Fleet/01-Fleet-UI.md
View file

@ -27,7 +27,7 @@ To add queries to a pack, use the right-hand sidebar. You can take an existing s
![Schedule Query Sidebar](https://raw.githubusercontent.com/fleetdm/fleet/main/docs/images/schedule-query-sidebar.png)
Once you've scheduled queries and curated your packs, you can read our guide to [Working With Osquery Logs](../1-Using-Fleet/5-Osquery-logs.md).
Once you've scheduled queries and curated your packs, you can read our guide to [Working With Osquery Logs](../01-Using-Fleet/05-Osquery-logs.md).
## Configuring agent options

4
docs/1-Using-Fleet/2-fleetctl-CLI.md → docs/01-Using-Fleet/02-fleetctl-CLI.md
View file

@ -24,7 +24,7 @@ This guide illustrates:
### Running Fleet
For the sake of this tutorial, we will be using the local development Docker Compose infrastructure to run Fleet locally. This is documented in some detail in the [developer documentation](../3-Contributing/1-Building-Fleet.md#development-infrastructure), but the following are the minimal set of commands that you can run from the root of the repository (assuming that you have a working Go/JavaScript toolchain installed along with Docker Compose):
For the sake of this tutorial, we will be using the local development Docker Compose infrastructure to run Fleet locally. This is documented in some detail in the [developer documentation](../03-Contributing/01-Building-Fleet.md#development-infrastructure), but the following are the minimal set of commands that you can run from the root of the repository (assuming that you have a working Go/JavaScript toolchain installed along with Docker Compose):
```
docker-compose up -d
@ -186,7 +186,7 @@ spec:
Fleet supports osquery's file carving functionality as of Fleet 3.3.0. This allows the Fleet server to request files (and sets of files) from osquery agents, returning the full contents to Fleet.
File carving data can be either stored in Fleet's database or to an external S3 bucket. For information on how to configure the latter, consult the [configuration docs](../2-Deploying/2-Configuration.md#s3-file-carving-backend).
File carving data can be either stored in Fleet's database or to an external S3 bucket. For information on how to configure the latter, consult the [configuration docs](../02-Deploying/02-Configuration.md#s3-file-carving-backend).
### Configuration

665
docs/1-Using-Fleet/3-REST-API.md → docs/01-Using-Fleet/03-REST-API.md
View file

File diff suppressed because it is too large Load diff

2
docs/1-Using-Fleet/4-Adding-hosts.md → docs/01-Using-Fleet/04-Adding-hosts.md
View file

@ -135,4 +135,4 @@ Multiple enroll secrets can be set to allow different groups of hosts to
authenticate with Fleet. When a host enrolls, the corresponding enroll secret is
recorded and can be used to segment hosts.
To set the enroll secret, use the `fleetctl` tool to apply an [enroll secret spec](../1-Using-Fleet/2-fleetctl-CLI.md#enroll-secrets)
To set the enroll secret, use the `fleetctl` tool to apply an [enroll secret spec](../01-Using-Fleet/02-fleetctl-CLI.md#enroll-secrets)

14
docs/1-Using-Fleet/5-Osquery-logs.md → docs/01-Using-Fleet/05-Osquery-logs.md
View file

@ -22,21 +22,21 @@ Fleet supports the following logging plugins for osquery logs:
- [PubSub](#pubsub) - Logs are written to Google Cloud PubSub topics.
- [Stdout](#stdout) - Logs are written to stdout.
To set the osquery logging plugins, use the `--osquery_result_log_plugin` and `--osquery_status_log_plugin` flags (or [equivalents for environment variables or configuration files](../2-Deploying/2-Configuration.md#options)).
To set the osquery logging plugins, use the `--osquery_result_log_plugin` and `--osquery_status_log_plugin` flags (or [equivalents for environment variables or configuration files](../02-Deploying/02-Configuration.md#options)).
### Filesystem
The default logging plugin.
- Plugin name: `filesystem`
- Flag namespace: [filesystem](../2-Deploying/2-Configuration.md#filesystem)
- Flag namespace: [filesystem](../02-Deploying/02-Configuration.md#filesystem)
With the filesystem plugin, osquery result and/or status logs are written to the local filesystem on the Fleet server. This is typically used with a log forwarding agent on the Fleet server that will push the logs into a logging pipeline. Note that if multiple load-balanced Fleet servers are used, the logs will be load-balanced across those servers (not duplicated).
### Firehose
- Plugin name: `firehose`
- Flag namespace: [firehose](../2-Deploying/2-Configuration.md#firehose)
- Flag namespace: [firehose](../02-Deploying/02-Configuration.md#firehose)
With the Firehose plugin, osquery result and/or status logs are written to [AWS Firehose](https://aws.amazon.com/kinesis/data-firehose/) streams. This is a very good method for aggregating osquery logs into AWS S3 storage.
@ -45,7 +45,7 @@ Note that Firehose logging has limits [discussed in the documentation](https://d
### Kinesis
- Plugin name: `kinesis`
- Flag namespace: [kinesis](../2-Deploying/2-Configuration.md#kinesis)
- Flag namespace: [kinesis](../02-Deploying/02-Configuration.md#kinesis)
With the Kinesis plugin, osquery result and/or status logs are written to
[AWS Kinesis](https://aws.amazon.com/kinesis/data-streams) streams.
@ -58,7 +58,7 @@ output in the Fleet logs and those logs _will not_ be sent to Kinesis.
### Lambda
- Plugin name: `lambda`
- Flag namespace: [lambda](../2-Deploying/2-Configuration.md#lambda)
- Flag namespace: [lambda](../02-Deploying/02-Configuration.md#lambda)
With the Lambda plugin, osquery result and/or status logs are written to
[AWS Lambda](https://aws.amazon.com/lambda/) functions.
@ -79,7 +79,7 @@ Keep this in mind when using Lambda, as you're charged based on the number of re
### PubSub
- Plugin name: `pubsub`
- Flag namespace: [pubsub](../2-Deploying/2-Configuration.md#pubsub)
- Flag namespace: [pubsub](../02-Deploying/02-Configuration.md#pubsub)
With the PubSub plugin, osquery result and/or status logs are written to [PubSub](https://cloud.google.com/pubsub/) topics.
@ -88,7 +88,7 @@ Note that messages over 10MB will be dropped, with a notification sent to the fl
### Stdout
- Plugin name: `stdout`
- Flag namespace: [stdout](../2-Deploying/2-Configuration.md#stdout)
- Flag namespace: [stdout](../02-Deploying/02-Configuration.md#stdout)
With the stdout plugin, osquery result and/or status logs are written to stdout
on the Fleet server. This is typically used for debugging or with a log

6
docs/1-Using-Fleet/6-Monitoring-Fleet.md → docs/01-Using-Fleet/06-Monitoring-Fleet.md
View file

@ -54,7 +54,7 @@ Scaling Fleet horizontally is as simple as running more Fleet server processes c
The Fleet/osquery system is resilient to loss of availability. Osquery agents will continue executing the existing configuration and buffering result logs during downtime due to lack of network connectivity, server maintenance, or any other reason. Buffering in osquery can be configured with the `--buffered_log_max` flag.
Note that short downtimes are expected during [Fleet server upgrades](./8-Updating-Fleet.md)-fleet.md) that require database migrations.
Note that short downtimes are expected during [Fleet server upgrades](./08-Updating-Fleet.md)-fleet.md) that require database migrations.
### Debugging performance issues
@ -68,7 +68,7 @@ For performance issues in the Fleet server process, please [file an issue](https
##### Generate debug archive (Fleet 3.4.0+)
Use the `fleetctl archive` command to generate an archive of Fleet's full suite of debug profiles. See the [fleetctl setup guide](./2-fleetctl-CLI.md)) for details on configuring `fleetctl`.
Use the `fleetctl debug archive` command to generate an archive of Fleet's full suite of debug profiles. See the [fleetctl setup guide](./02-fleetctl-CLI.md)) for details on configuring `fleetctl`.
The generated `.tar.gz` archive will be available in the current directory.
@ -86,4 +86,4 @@ fleetctl debug archive --context server-a
###### Confidential information
The `fleetctl archive` command retrieves information generated by Go's [`net/http/pprof`](https://golang.org/pkg/net/http/pprof/) package. In most scenarios this should not include sensitive information, however it does include command line arguments to the Fleet server. If the Fleet server receives sensitive credentials via CLI argument (not environment variables or config file), this information should be scrubbed from the archive in the `cmdline` file.
The `fleetctl debug archive` command retrieves information generated by Go's [`net/http/pprof`](https://golang.org/pkg/net/http/pprof/) package. In most scenarios this should not include sensitive information, however it does include command line arguments to the Fleet server. If the Fleet server receives sensitive credentials via CLI argument (not environment variables or config file), this information should be scrubbed from the archive in the `cmdline` file.

2
docs/1-Using-Fleet/7-Security-best-practices.md → docs/01-Using-Fleet/07-Security-best-practices.md
View file

@ -33,7 +33,7 @@ Passwords are never stored in plaintext in the database. We store a `bcrypt`ed h
### Authentication tokens
The size and expiration time of session tokens is admin-configurable. See [The documentation on session duration](../2-Deploying/2-Configuration.md#session_duration).
The size and expiration time of session tokens is admin-configurable. See [The documentation on session duration](../02-Deploying/02-Configuration.md#session_duration).
It is possible to revoke all session tokens for a user by forcing a password reset.

4
docs/1-Using-Fleet/8-Updating-Fleet.md → docs/01-Using-Fleet/08-Updating-Fleet.md
View file

@ -7,7 +7,7 @@
## Overview
This guide explains how to update and run new versions of Fleet. For initial installation instructions, see [Installing Fleet](../2-Deploying/1-Installation.md).
This guide explains how to update and run new versions of Fleet. For initial installation instructions, see [Installing Fleet](../02-Deploying/01-Installation.md).
There are two steps to perform a typical Fleet update. If any other steps are required, they will be noted in the release notes.
@ -18,7 +18,7 @@ As with any enterprise software update, it's a good idea to back up your MySQL d
## Updating the Fleet binary
To update to a new version of Fleet, follow the [same binary install instructions](../2-Deploying/1-Installation.md) from the original installation method you used to install Fleet.
To update to a new version of Fleet, follow the [same binary install instructions](../02-Deploying/01-Installation.md) from the original installation method you used to install Fleet.
### Raw binaries

8
docs/1-Using-Fleet/9-Permissions.md → docs/01-Using-Fleet/09-Permissions.md
View file

@ -16,6 +16,8 @@ The following table depicts various permissions levels for each role.
| ---------------------------------------------------- | -------- | ---------- | ----- |
| Browse all hosts | ✅ | ✅ | ✅ |
| Filter hosts using labels | ✅ | ✅ | ✅ |
| Browse all policies | ✅ | ✅ | ✅ |
| Filter hosts using policies | ✅ | ✅ | ✅ |
| Target hosts using labels | ✅ | ✅ | ✅ |
| Run saved queries as live queries against all hosts | ✅ | ✅ | ✅ |
| Run custom queries as live queries against all hosts | | ✅ | ✅ |
@ -33,6 +35,8 @@ The following table depicts various permissions levels for each role.
| Create labels | | ✅ | ✅ |
| Edit labels | | ✅ | ✅ |
| Delete labels | | ✅ | ✅ |
| Create new global policies | | ✅ | ✅ |
| Delete global policies | | ✅ | ✅ |
| Create users | | | ✅ |
| Edit users | | | ✅ |
| Delete users | | | ✅ |
@ -66,9 +70,13 @@ The following table depicts various permissions levels in a team.
| Action | Observer | Maintainer |
| ------------------------------------------------------------ | -------- | ---------- |
| Browse hosts assigned to team | ✅ | ✅ |
| Browse policies for hosts assigned to team | ✅ | ✅ |
| Filter hosts assigned to team using policies | ✅ | ✅ |
| Filter hosts assigned to team using labels | ✅ | ✅ |
| Target hosts assigned to team using labels | ✅ | ✅ |
| Run saved queries as live queries on hosts assigned to team | ✅ | ✅ |
| Create new team policies | | ✅ |
| Delete team policies | | ✅ |
| Run custom queries as live queries on hosts assigned to team | | ✅ |
| Enroll hosts to member team | | ✅ |
| Delete hosts belonging to member team | | ✅ |

2
docs/1-Using-Fleet/10-Teams.md → docs/01-Using-Fleet/10-Teams.md
View file

@ -94,7 +94,7 @@ To add users to a team:
4. Select one or more users by searching for their full name and confirm the action.
Users will be given the [Observer role](./9-Permissions.md#team-member-permissions) when added to the team. The [Edit a member's role](#edit-a-members-role) provides instructions on changing the permission level of users on a team.
Users will be given the [Observer role](./09-Permissions.md#team-member-permissions) when added to the team. The [Edit a member's role](#edit-a-members-role) provides instructions on changing the permission level of users on a team.
## Edit a member's role

0
docs/1-Using-Fleet/11-Usage-statistics.md → docs/01-Using-Fleet/11-Usage-statistics.md
View file

5
docs/1-Using-Fleet/12-Supported-browsers.md → docs/01-Using-Fleet/12-Supported-browsers.md
View file

@ -19,4 +19,7 @@ We test each browser on Windows whenever possible, because our engineering team
- Mobile Safari on iOS 10
- Mobile Chrome on Android 6
**Note:** Mobile web is not yet supported in the Fleet Product.
### Note
> - Mobile web is not yet supported in the Fleet product.
> - The Fleet user interface [may not be fully supported](https://github.com/fleetdm/fleet/issues/969) in Google Chrome when the browser is running on Chrome OS

2
docs/1-Using-Fleet/13-Vulnerability-Processing.md → docs/01-Using-Fleet/13-Vulnerability-Processing.md
View file

@ -69,6 +69,6 @@ FLEET_VULNERABILITIES_DATABASES_PATH=/some/path
The path specified needs to exist and Fleet needs to be able to read and write to and from it. This is the only mandatory
configuration needed for vulnerability processing to work. Additional options, like vulnerability check frequency, can be
found in the [configuration documentation](../2-Deploying/2-Configuration.md#vulnerabilities).
found in the [configuration documentation](../02-Deploying/02-Configuration.md#vulnerabilities).
You'll need to restart the Fleet instances after changing these settings.

33
docs/1-Using-Fleet/FAQ.md → docs/01-Using-Fleet/FAQ.md
View file

@ -13,6 +13,7 @@
- [Why arent my live queries being logged?](#why-arent-my-live-queries-being-logged)
- [Can I use the Fleet API to fetch results from a scheduled query pack?](#can-i-use-the-fleet-api-to-fetch-results-from-a-scheduled-query-pack)
- [How do I automatically add hosts to packs when the hosts enroll to Fleet?](#how-do-i-automatically-add-hosts-to-packs-when-the-hosts-enroll-to-Fleet)
- [How do I automatically assign a host to a team when it enrolls with Fleet?](#how-do-i-automatically-assign-a-host-to-a-team-when-it-enrolls-with-fleet)
- [How do I resolve an "unknown column" error when upgrading Fleet?](#how-do-i-resolve-an-unknown-column-error-when-upgrading-fleet)
## What do I need to do to switch from Kolide Fleet to FleetDM Fleet?
@ -21,7 +22,7 @@ The upgrade from kolide/fleet to fleetdm/fleet works the same as any minor versi
Minor version upgrades in Kolide Fleet often included database migrations and the recommendation to back up the database before migrating. The same goes for FleetDM Fleet versions.
To migrate from Kolide Fleet to FleetDM Fleet, please follow the steps outlined in the [Updating Fleet section](./8-Updating-Fleet.md) of the documentation.
To migrate from Kolide Fleet to FleetDM Fleet, please follow the steps outlined in the [Updating Fleet section](./08-Updating-Fleet.md) of the documentation.
## Has anyone stress tested Fleet? How many clients can the Fleet server handle?
@ -33,13 +34,13 @@ Its standard deployment practice to have multiple Fleet servers behind a load
No, currently, theres no way to retrieve the name of the enroll secret with a query. This means that there's no way to create a label using your hosts' enroll secrets and then use this label as a target for queries or query packs.
Typically folks will use some other unique identifier to create labels that distinguish each type of device. As a workaround, [Fleet's manual labels](./2-fleetctl-CLI.md#host-labels) provide a way to create groups of hosts without a query. These manual labels can then be used as targets for queries or query packs.
Typically folks will use some other unique identifier to create labels that distinguish each type of device. As a workaround, [Fleet's manual labels](./02-fleetctl-CLI.md#host-labels) provide a way to create groups of hosts without a query. These manual labels can then be used as targets for queries or query packs.
There is, however, a way to accomplish this even though the answer to the question remains "no": Teams. As of Fleet v4.0.0, you can group hosts in Teams either by enrolling them with a team specific secret, or by transferring hosts to a team. One the hosts you want to target are part of a team, you can create a query and target the team in question.
## How often do labels refresh? Is the refresh frequency configurable?
The update frequency for labels is configurable with the [—osquery_label_update_interval](../2-Deploying/2-Configuration.md#osquery_label_update_interval) flag (default 1 hour).
The update frequency for labels is configurable with the [—osquery_label_update_interval](../02-Deploying/02-Configuration.md#osquery_label_update_interval) flag (default 1 hour).
## How do I revoke the authorization tokens for a user?
@ -51,7 +52,7 @@ Fleet can live query the `osquery_schedule` table. Performing this live query al
## How do I monitor a Fleet server?
Fleet provides standard interfaces for monitoring and alerting. See the [Monitoring Fleet](./6-Monitoring-Fleet.md) documentation for details.
Fleet provides standard interfaces for monitoring and alerting. See the [Monitoring Fleet](./06-Monitoring-Fleet.md) documentation for details.
## Why is the “Add User” button disabled?
@ -76,7 +77,7 @@ Live query results (executed in the web UI or `fleetctl query`) are pushed direc
### Scheduled Queries
Scheduled query results (queries that are scheduled to run in Packs) are typically sent to the Fleet server, and will be available on the filesystem of the server at the path configurable by [`--osquery_result_log_file`](../2-Deploying/2-Configuration.md#osquery_result_log_file). This defaults to `/tmp/osquery_result`.
Scheduled query results (queries that are scheduled to run in Packs) are typically sent to the Fleet server, and will be available on the filesystem of the server at the path configurable by [`--osquery_result_log_file`](../02-Deploying/02-Configuration.md#osquery_result_log_file). This defaults to `/tmp/osquery_result`.
It is possible to configure osqueryd to log query results outside of Fleet. For results to go to Fleet, the `--logger_plugin` flag must be set to `tls`.
@ -84,7 +85,7 @@ It is possible to configure osqueryd to log query results outside of Fleet. For
Folks typically use Fleet to ship logs to data aggregation systems like Splunk, the ELK stack, and Graylog.
The [logger configuration options](../2-Deploying/2-Configuration.md#osquery_status_log_plugin) allow you to select the log output plugin. Using the log outputs you can route the logs to your chosen aggregation system.
The [logger configuration options](../02-Deploying/02-Configuration.md#osquery_status_log_plugin) allow you to select the log output plugin. Using the log outputs you can route the logs to your chosen aggregation system.
### Troubleshooting
@ -94,7 +95,7 @@ Expecting results, but not seeing anything in the logs?
- Check whether the query is scheduled in differential mode. If so, new results will only be logged when the result set changes.
- Ensure that the query is scheduled to run on the intended platforms, and that the tables queried are supported by those platforms.
- Use live query to `SELECT * FROM osquery_schedule` to check whether the query has been scheduled on the host.
- Look at the status logs provided by osquery. In a standard configuration these are available on the filesystem of the Fleet server at the path configurable by [`--filesystem_status_log_file`](../2-Deploying/2-Configuration.md#filesystem_status_log_file). This defaults to `/tmp/osquery_status`. The host will output a status log each time it executes the query.
- Look at the status logs provided by osquery. In a standard configuration these are available on the filesystem of the Fleet server at the path configurable by [`--filesystem_status_log_file`](../02-Deploying/02-Configuration.md#filesystem_status_log_file). This defaults to `/tmp/osquery_status`. The host will output a status log each time it executes the query.
## Why arent my live queries being logged?
@ -104,17 +105,17 @@ Live query results are never logged to the filesystem of the Fleet server. See [
You cannot. Scheduled query results are logged to whatever logging plugin you have configured and are not stored in the Fleet DB.
However, the Fleet API exposes a significant amount of host information via the [`api/v1/fleet/hosts`](./3-REST-API.md#list-hosts) and the [`api/v1/fleet/hosts/{id}`](./3-REST-API.md#get-host) API endpoints. The `api/v1/fleet/hosts` [can even be configured to return additional host information](https://github.com/fleetdm/fleet/blob/9fb9da31f5462fa7dda4819a114bbdbc0252c347/docs/1-Using-Fleet/2-fleetctl-CLI.md#fleet-configuration-options).
However, the Fleet API exposes a significant amount of host information via the [`api/v1/fleet/hosts`](./03-REST-API.md#list-hosts) and the [`api/v1/fleet/hosts/{id}`](./03-REST-API.md#get-host) API endpoints. The `api/v1/fleet/hosts` [can even be configured to return additional host information](https://github.com/fleetdm/fleet/blob/9fb9da31f5462fa7dda4819a114bbdbc0252c347/docs/1-Using-Fleet/2-fleetctl-CLI.md#fleet-configuration-options).
As an example, let's say you want to retrieve a host's OS version, installed software, and kernel version:
Each hosts OS version is available using the `api/v1/fleet/hosts` API endpoint. [Check out the API documentation for this endpoint](./3-REST-API.md#list-hosts).
Each hosts OS version is available using the `api/v1/fleet/hosts` API endpoint. [Check out the API documentation for this endpoint](./03-REST-API.md#list-hosts).
The ability to view each hosts installed software was released behind a feature flag in Fleet 3.11.0 and called Software inventory. [Check out the feature flag documentation for instructions on turning on Software inventory in Fleet](../2-Deploying/2-Configuration.md#feature-flags).
The ability to view each hosts installed software was released behind a feature flag in Fleet 3.11.0 and called Software inventory. [Check out the feature flag documentation for instructions on turning on Software inventory in Fleet](../02-Deploying/02-Configuration.md#feature-flags).
Once the Software inventory feature is turned on, a list of a specific hosts installed software is available using the `api/v1/fleet/hosts/{id}` endpoint. [Check out the documentation for this endpoint](./3-REST-API.md#get-host).
Once the Software inventory feature is turned on, a list of a specific hosts installed software is available using the `api/v1/fleet/hosts/{id}` endpoint. [Check out the documentation for this endpoint](./03-REST-API.md#get-host).
Its possible in Fleet to retrieve each hosts kernel version, using the Fleet API, through `additional_queries`. The Fleet configuration options yaml file includes an `additional_queries` property that allows you to append custom query results to the host details returned by the `api/v1/fleet/hosts` endpoint. [Check out an example configuration file with the additional_queries field](./2-fleetctl-CLI.md#fleet-configuration-options).
Its possible in Fleet to retrieve each hosts kernel version, using the Fleet API, through `additional_queries`. The Fleet configuration options yaml file includes an `additional_queries` property that allows you to append custom query results to the host details returned by the `api/v1/fleet/hosts` endpoint. [Check out an example configuration file with the additional_queries field](./02-fleetctl-CLI.md#fleet-configuration-options).
## How do I automatically add hosts to packs when the hosts enroll to Fleet?
@ -122,10 +123,14 @@ You can accomplish this by adding specific labels as targets of your pack. First
When your hosts enroll to Fleet, they will become a member of the label and, because the label is a target of your pack, these hosts will automatically become targets of the pack.
You can also do this by setting the `targets` field in the [YAML configuration file](./2-fleetctl-CLI.md#query-packs) that manages the packs that are added to your Fleet instance.
You can also do this by setting the `targets` field in the [YAML configuration file](./02-fleetctl-CLI.md#query-packs) that manages the packs that are added to your Fleet instance.
## How do I automatically assign a host to a team when it enrolls with Fleet?
[Team Enroll Secrets](https://github.com/fleetdm/fleet/blob/main/docs/01-Using-Fleet/10-Teams.md#enroll-hosts-to-a-team) allow you to automatically assign a host to a team.
## How do I resolve an "unknown column" error when upgrading Fleet?
The `unknown column` error typically occurs when the database migrations haven't been run during the upgrade process.
Check out the [documentation on running database migrations](./8-Updating-Fleet.md#running-database-migrations) to resolve this issue.
Check out the [documentation on running database migrations](./08-Updating-Fleet.md#running-database-migrations) to resolve this issue.

16
docs/1-Using-Fleet/README.md → docs/01-Using-Fleet/README.md
View file

@ -1,27 +1,27 @@
# Using Fleet
### [Fleet UI](./1-Fleet-UI.md)
### [Fleet UI](./01-Fleet-UI.md)
Provides documentation about running and scheduling queries from within the Fleet UI
### [fleetctl CLI](./2-fleetctl-CLI.md)
### [fleetctl CLI](./02-fleetctl-CLI.md)
Includes resources for setting up and configuring Fleet via the fleetctl CLI
### [REST API](./3-REST-API.md)
### [REST API](./03-REST-API.md)
Provides resources for working with Fleet's API and includes example code for endpoints
### [Adding hosts](./4-Adding-hosts.md)
### [Adding hosts](./04-Adding-hosts.md)
Provides resources for enrolling your hosts to Fleet
### [Osquery logs](./5-Osquery-logs.md)
### [Osquery logs](./05-Osquery-logs.md)
Includes documentation on the plugin options for working with osquery logs
### [Monitoring Fleet](./6-Monitoring-Fleet.md)
### [Monitoring Fleet](./06-Monitoring-Fleet.md)
Provides documentation for load balancer health checks and working with Fleet server metrics and performance
### [Security best practices](./7-Security-best-practices.md)
### [Security best practices](./07-Security-best-practices.md)
Includes resources for ways to mitigate against the OWASP top 10 issues
### [Updating Fleet](./8-Updating-Fleet.md)
### [Updating Fleet](./08-Updating-Fleet.md)
Includes a guide for how to update and run new versions of Fleet
### [FAQ](./FAQ.md)

0
docs/1-Using-Fleet/configuration-files/README.md → docs/01-Using-Fleet/configuration-files/README.md
View file

0
docs/1-Using-Fleet/configuration-files/kubernetes/fleet-deployment.yml → docs/01-Using-Fleet/configuration-files/kubernetes/fleet-deployment.yml
View file

0
docs/1-Using-Fleet/configuration-files/kubernetes/fleet-migrations.yml → docs/01-Using-Fleet/configuration-files/kubernetes/fleet-migrations.yml
View file

38
docs/1-Using-Fleet/configuration-files/kubernetes/fleet-service.yml → docs/01-Using-Fleet/configuration-files/kubernetes/fleet-service.yml
View file

@ -1,19 +1,19 @@
apiVersion: v1
kind: Service
metadata:
name: fleet-loadbalancer
labels:
app: fleet-loadbalancer
spec:
type: LoadBalancer
ports:
- name: proxy-tls
port: 443
targetPort: 443
protocol: TCP
- name: proxy-http
port: 80
targetPort: 80
protocol: TCP
selector:
app: fleet-webserver
apiVersion: v1
kind: Service
metadata:
name: fleet-loadbalancer
labels:
app: fleet-loadbalancer
spec:
type: LoadBalancer
ports:
- name: proxy-tls
port: 443
targetPort: 443
protocol: TCP
- name: proxy-http
port: 80
targetPort: 80
protocol: TCP
selector:
app: fleet-webserver

0
docs/1-Using-Fleet/configuration-files/multi-file-configuration/enroll-secrets.yml → docs/01-Using-Fleet/configuration-files/multi-file-configuration/enroll-secrets.yml
View file

0
docs/1-Using-Fleet/configuration-files/multi-file-configuration/labels.yml → docs/01-Using-Fleet/configuration-files/multi-file-configuration/labels.yml
View file

0
docs/1-Using-Fleet/configuration-files/multi-file-configuration/organization-settings.yml → docs/01-Using-Fleet/configuration-files/multi-file-configuration/organization-settings.yml
View file

0
docs/1-Using-Fleet/configuration-files/multi-file-configuration/pack.yml → docs/01-Using-Fleet/configuration-files/multi-file-configuration/pack.yml
View file

0
docs/1-Using-Fleet/configuration-files/multi-file-configuration/queries.yml → docs/01-Using-Fleet/configuration-files/multi-file-configuration/queries.yml
View file

24
docs/01-Using-Fleet/configuration-files/multi-file-configuration/team.yml Normal file
View file

@ -0,0 +1,24 @@
---
apiVersion: v1
kind: team
spec:
team:
name: Client Platform Engineerin
agent_options:
config:
decorators:
load:
- SELECT uuid AS host_uuid FROM system_info;
- SELECT hostname AS hostname FROM system_info;
options:
disable_distributed: false
distributed_interval: 10
distributed_plugin: tls
distributed_tls_max_attempts: 3
logger_plugin: tls
logger_tls_endpoint: /api/v1/osquery/log
logger_tls_period: 10
pack_delimiter: /
overrides: {}
secrets:
- secret: RzTlxPvugG4o4O5IKS/HqEDJUmI1hwBoffff

0
docs/1-Using-Fleet/configuration-files/single-file-configuration.yml → docs/01-Using-Fleet/configuration-files/single-file-configuration.yml
View file

0
docs/1-Using-Fleet/standard-query-library/README.md → docs/01-Using-Fleet/standard-query-library/README.md
View file

10
docs/1-Using-Fleet/standard-query-library/standard-query-library.yml → docs/01-Using-Fleet/standard-query-library/standard-query-library.yml
View file

@ -446,13 +446,13 @@ spec:
query: SELECT name, path, pid FROM processes WHERE on_disk = 0;
purpose: Incident response
contributors: alphabrevity
---
---
apiVersion: v1
kind: query
spec:
name: Get user files matching a specific hash
platforms: macOS, Linux
Description: Looks for specific hash in the Users/ directories for files that are less than 50MB (osquery file size limitation.)
description: Looks for specific hash in the Users/ directories for files that are less than 50MB (osquery file size limitation.)
query: SELECT path,sha256 FROM hash WHERE path in (SELECT path FROM file WHERE size < 50000000 AND path LIKE ""/Users/%/Documents/%%"") AND sha256 = ""16d28cd1d78b823c4f961a6da78d67a8975d66cde68581798778ed1f98a56d75"";
purpose: Informational
contributors: alphabrevity
@ -466,13 +466,13 @@ spec:
query: SELECT uid, username, type, groupname FROM users u JOIN groups g ON g.gid = u.gid;
purpose: Informational
contributors: alphabrevity
--
---
apiVersion: v1
kind: query
spec:
name: Get all listening ports, by process
platforms: Linux, macOS, Windows
Description: List ports that are listening on all interfaces, along with the process to which they are attached.
description: List ports that are listening on all interfaces, along with the process to which they are attached.
query: SELECT lp.address, lp.pid, lp.port, lp.protocol, p.name, p.path, p.cmdline FROM listening_ports lp JOIN processes p ON lp.pid = p.pid WHERE lp.address = "0.0.0.0";
purpose: Informational
contributors: alphabrevity
@ -482,7 +482,7 @@ kind: query
spec:
name: Get whether TeamViewer is installed/running
platforms: Windows
description: Description: Looks for the TeamViewer service running on machines. This is used often when attackers gain access to a machine, running TeamViewer to allow them to access a machine.
description: Looks for the TeamViewer service running on machines. This is used often when attackers gain access to a machine, running TeamViewer to allow them to access a machine.
query: SELECT display_name,status,s.pid,p.path FROM services AS s JOIN processes AS p USING(pid) WHERE s.name LIKE "%teamviewer%";
purpose: Informational
contributors: alphabrevity

10
docs/2-Deploying/1-Installation.md → docs/02-Deploying/01-Installation.md
View file

@ -15,7 +15,7 @@ The Fleet application is distributed as a single static binary. This binary serv
- The Fleet application API endpoints
- The osquery TLS server API endpoints
All of these are served via a built-in HTTP server, so there is no need for complex web server configurations. Once you've installed the `fleet` binary and it's infrastructure dependencies as illustrated below, refer to the [Configuration](./2-Configuration.md) documentation for information on how to use and configure the Fleet application.
All of these are served via a built-in HTTP server, so there is no need for complex web server configurations. Once you've installed the `fleet` binary and it's infrastructure dependencies as illustrated below, refer to the [Configuration](./02-Configuration.md) documentation for information on how to use and configure the Fleet application.
## Installing the Fleet binary
@ -29,7 +29,7 @@ Pull the latest Fleet docker image:
docker pull fleetdm/fleet
```
For more information on using Fleet, refer to the [Configuration](./2-Configuration.md) documentation.
For more information on using Fleet, refer to the [Configuration](./02-Configuration.md) documentation.
### Raw binaries
@ -47,7 +47,7 @@ unzip fleet.zip 'linux/*' -d fleet
./fleet/linux/fleet_linux_amd64 --help
```
For more information on using Fleet, refer to the [Configuration](./2-Configuration.md) documentation.
For more information on using Fleet, refer to the [Configuration](./02-Configuration.md) documentation.
## TLS configuration
@ -65,7 +65,7 @@ Fleet currently has two infrastructure dependencies in addition to the `fleet` w
### MySQL
Fleet uses MySQL extensively as its main database. Many cloud providers (such as [AWS](https://aws.amazon.com/rds/mysql/) and [GCP](https://cloud.google.com/sql/)) host reliable MySQL services which you may consider for this purpose. A well supported MySQL [Docker container](https://hub.docker.com/_/mysql/) also exists if you would rather run MySQL in a container. For more information on how to configure the `fleet` binary to use the correct MySQL instance, see the [Configuration](./2-Configuration.md) document.
Fleet uses MySQL extensively as its main database. Many cloud providers (such as [AWS](https://aws.amazon.com/rds/mysql/) and [GCP](https://cloud.google.com/sql/)) host reliable MySQL services which you may consider for this purpose. A well supported MySQL [Docker container](https://hub.docker.com/_/mysql/) also exists if you would rather run MySQL in a container. For more information on how to configure the `fleet` binary to use the correct MySQL instance, see the [Configuration](./02-Configuration.md) document.
Fleet requires at least MySQL version 5.7.
@ -73,4 +73,4 @@ For host expiry configuration, the [event scheduler](https://dev.mysql.com/doc/r
### Redis
Fleet uses Redis to ingest and queue the results of distributed queries, cache data, etc. Many cloud providers (such as [AWS](https://aws.amazon.com/elasticache/) and [GCP](https://console.cloud.google.com/launcher/details/click-to-deploy-images/redis)) host reliable Redis services which you may consider for this purpose. A well supported Redis [Docker container](https://hub.docker.com/_/redis/) also exists if you would rather run Redis in a container. For more information on how to configure the `fleet` binary to use the correct Redis instance, see the [Configuration](./2-Configuration.md) document.
Fleet uses Redis to ingest and queue the results of distributed queries, cache data, etc. Many cloud providers (such as [AWS](https://aws.amazon.com/elasticache/) and [GCP](https://console.cloud.google.com/launcher/details/click-to-deploy-images/redis)) host reliable Redis services which you may consider for this purpose. A well supported Redis [Docker container](https://hub.docker.com/_/redis/) also exists if you would rather run Redis in a container. For more information on how to configure the `fleet` binary to use the correct Redis instance, see the [Configuration](./02-Configuration.md) document.

173
docs/2-Deploying/2-Configuration.md → docs/02-Deploying/02-Configuration.md
View file

@ -131,7 +131,9 @@ All duration-based settings accept valid time units of `s`, `m`, `h`.
##### MySQL
This section describes the configuration options for the primary - if you also want to setup a read replica, the options are the same, except that the yaml section is `mysql_read_replica`, and the flags have the `mysql_read_replica_` prefix instead of `mysql_` (the corresponding environment variables follow the same transformation). Note that there is no default value for `mysql_read_replica_address`, it must be set explicitly for fleet to use a read replica.
This section describes the configuration options for the primary - if you also want to setup a read replica, the options are the same, except that the yaml section is `mysql_read_replica`, and the flags have the `mysql_read_replica_` prefix instead of `mysql_` (the corresponding environment variables follow the same transformation). Note that there is no default value for `mysql_read_replica_address`, it must be set explicitly for fleet to use a read replica, and it is recommended in that case to set a non-zero value for `mysql_read_replica_conn_max_lifetime` as in some environments, the replica's address may dynamically change to point
from the primary to an actual distinct replica based on auto-scaling options, so existing idle connections need to be recycled
periodically.
###### mysql_address
@ -289,7 +291,7 @@ Maximum idle connections to database. This value should be equal to or less than
max_idle_conns: 50
```
###### conn_max_lifetime
###### mysql_conn_max_lifetime
Maximum amount of time, in seconds, a connection may be reused.
@ -358,7 +360,7 @@ Whether or not to duplicate Live Query results to another Redis channel named `L
###### redis_connect_timeout
Timeout for redis connection.
Timeout for redis connection.
- Default value: 5s
- Environment variable: `FLEET_REDIS_CONNECT_TIMEOUT`
@ -382,6 +384,38 @@ Interval between keep alive probes.
keep_alive: 30s
```
###### redis_connect_retry_attempts
Maximum number of attempts to retry a failed connection to a redis node. Only
certain type of errors are retried, such as connection timeouts.
- Default value: 0 (no retry)
- Environment variable: `FLEET_REDIS_CONNECT_RETRY_ATTEMPTS`
- Config file format:
```
redis:
connect_retry_attempts: 2
```
###### redis_cluster_follow_redirections
Whether or not to automatically follow redirection errors received from the
Redis server. Applies only to Redis Cluster setups, ignored in standalone
Redis. In Redis Cluster, keys can be moved around to different nodes when the
cluster is unstable and reorganizing the data. With this configuration option
set to true, those (typically short and transient) redirection errors can be
handled transparently instead of ending in an error.
- Default value: false
- Environment variable: `FLEET_REDIS_CLUSTER_FOLLOW_REDIRECTIONS`
- Config file format:
```
redis:
cluster_follow_redirections: true
```
##### Server
###### server_address
@ -401,7 +435,7 @@ The address to serve the Fleet webserver.
The TLS cert to use when terminating TLS.
See [TLS certificate considerations](./1-Installation.md#tls-certificate-considerations) for more information about certificates and Fleet.
See [TLS certificate considerations](./01-Installation.md#tls-certificate-considerations) for more information about certificates and Fleet.
- Default value: `./tools/osquery/fleet.crt`
- Environment variable: `FLEET_SERVER_CERT`
@ -647,6 +681,23 @@ Valid time units are `s`, `m`, `h`.
osquery:
label_update_interval: 30m
```
###### osquery_policy_update_interval
The interval at which Fleet will ask osquery agents to update their results for policy queries.
Setting this to a higher value can reduce baseline load on the Fleet server in larger deployments.
Valid time units are `s`, `m`, `h`.
- Default value: `1h`
- Environment variable: `FLEET_OSQUERY_POLICY_UPDATE_INTERVAL`
- Config file format:
```
osquery:
policy_update_interval: 30m
```
###### osquery_detail_update_interval
@ -695,6 +746,24 @@ Options are `filesystem`, `firehose`, `kinesis`, `lambda`, `pubsub`, and `stdout
result_log_plugin: firehose
```
###### osquery_max_jitter_percent
Given an update interval (label, or details), this will add up to the defined percentage in randomness to the interval.
The goal of this is to prevent all hosts from checking in with data at the same time.
So for example, if the label_update_interval is 1h, and this is set to 10. It'll add up a random number between 0 and 6 minutes
to the amount of time it takes for fleet to give the host the label queries.
- Default value: `10`
- Environment variable: `FLEET_OSQUERY_MAX_JITTER_PERCENT`
- Config file format:
```
osquery:
max_jitter_percent: 10
```
##### Logging (Fleet server logging)
###### logging_debug
@ -1296,13 +1365,13 @@ When `current_instance_checks` is set to `auto` (the default), Fleet instances w
How often vulnerabilities are checked.
- Default value: `1hr`
- Default value: `1h`
- Environment variable: `FLEET_VULNERABILITIES_PERIODICITY`
- Config file format:
```
vulnerabilities:
periodicity: 1hr
periodicity: 1h
```
###### cpe_database_url
@ -1412,7 +1481,7 @@ sudo systemctl daemon-reload
sudo systemctl restart fleet.service
```
## Configuring Single Sign On
## Configuring Single Sign On (SSO)
Fleet supports SAML single sign on capability.
@ -1422,33 +1491,22 @@ Fleet supports the SAML Web Browser SSO Profile using the HTTP Redirect Binding.
### Identity Provider (IDP) Configuration
Setting up the connected application (Fleet) with an identity provider generally requires the following information:
Setting up the service provider (Fleet) with an identity provider generally requires the following information:
- _Assertion Consumer Service_ - This is the call back URL that the identity provider
will use to send security assertions to Fleet. In Okta, this field is called _Single sign on URL_. The value that you supply will be a fully qualified URL
consisting of your Fleet web address and the callback path `/api/v1/fleet/sso/callback`. For example,
if your Fleet web address is https://fleet.acme.org, then the value you would
use in the identity provider configuration would be:
will use to send security assertions to Fleet. In Okta, this field is called _Single sign on URL_. On Google it is "ACS URL". The value that you supply will be a fully qualified URL consisting of your Fleet web address and the callback path `/api/v1/fleet/sso/callback`. For example, if your Fleet web address is https://fleet.example.com, then the value you would use in the identity provider configuration would be:
```
https://fleet.acme.org/api/v1/fleet/sso/callback
https://fleet.example.com/api/v1/fleet/sso/callback
```
- _Entity ID_ - This value is a URI that you define. It identifies your Fleet instance as the service provider that issues authorization requests. The value must exactly match the Entity ID that you define in the Fleet SSO configuration.
- _Entity ID_ - This value is an identifier that you choose. It identifies your Fleet instance as the service provider that issues authorization requests. The value must exactly match the Entity ID that you define in the Fleet SSO configuration.
- _Name ID Format_ - The value should be `urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress`. This may be shortened in the IDP setup to something like `email` or `EmailAddress`.
- _Subject Type (Application username in Okta)_ - `email`.
After supplying the above information, the IDP will generate an issuer URI and a metadata URL that will be used to configure Fleet as a service provider.
#### Example Okta IDP Configuration
![Example Okta IDP Configuration](https://raw.githubusercontent.com/fleetdm/fleet/main/docs/images/okta-idp-setup.png)
> The names of the items required to configure an Identity Provider may vary from provider to provider and may not conform to the SAML spec.
> Individual users must also be setup on the IDP before they can sign in to Fleet.
After supplying the above information, the IDP will generate an issuer URI and a metadata that will be used to configure Fleet as a service provider.
### Fleet SSO Configuration
@ -1458,12 +1516,10 @@ If your IDP supports dynamic configuration, like Okta, you only need to provide
Otherwise, the following values are required:
- _Identity Provider Name_ - A human friendly name of the IDP.
- _Identity Provider Name_ - A human readable name of the IDP. This is rendered on the login page.
- _Entity ID_ - A URI that identifies your Fleet instance as the issuer of authorization
requests. Assuming your company name is Acme, an example might be `fleet.acme.org` although
the value could be anything as long as it is unique to Fleet as a service provider
and matches the entity provider value used in the IDP configuration.
requests (eg. `fleet.example.com`). This much match the _Entity ID_ configured with the IDP.
- _Issuer URI_ - This value is obtained from the IDP.
@ -1487,6 +1543,69 @@ It is strongly recommended that at least one admin user is set up to use the tra
based log in so that there is a fallback method for logging into Fleet in the event of SSO
configuration problems.
#### Okta IDP Configuration
![Example Okta IDP Configuration](https://raw.githubusercontent.com/fleetdm/fleet/main/docs/images/okta-idp-setup.png)
> The names of the items required to configure an Identity Provider may vary from provider to provider and may not conform to the SAML spec.
> Individual users must also be setup on the IDP before they can sign in to Fleet.
### Google Workspace IDP Configuration
Follow these steps to configure Fleet SSO with Google Workspace. This will require administrator permissions in Google Workspace.
1. Navigate to the [Web and Mobile Apps](https://admin.google.com/ac/apps/unified) section of the Google Workspace dashboard. Click _Add App -> Add custom SAML app_.
<img width="1904" alt="Screen Shot 2021-09-15 at 2 47 36 PM" src="https://user-images.githubusercontent.com/575602/133529965-cb067c4a-3d11-460e-aa72-958a6462a6ae.png">
2. Enter `Fleet` for the _App name_ and click _Continue_.
<img width="1904" alt="Screen Shot 2021-09-15 at 2 50 06 PM" src="https://user-images.githubusercontent.com/575602/133530058-95183355-6e6b-4dfd-b622-1b012809a1bd.png">
3. Click _Download Metadata_, saving the metadata to your computer. Copy the _SSO URL_. Click _Continue_.
<img width="1904" alt="Screen Shot 2021-09-15 at 2 52 56 PM" src="https://user-images.githubusercontent.com/575602/133530200-af839b88-0eba-4403-b095-2fed4632b6be.png">
4. In Fleet, navigate to the _Organization Settings_ page. Configure the _SAML Single Sign On Options_ section.
- Check the _Enable Single Sign On_ checkbox.
- For _Identity Provider Name_ use `Google`.
- For _Entity ID_, use a unique identifier such as `fleet.example.com`. Note that Google seems to error when the provided ID includes `https://`.
- For _Issuer URI_, paste the _SSO URL_ copied from step 3.
- For _Metadata_, paste the contents of the downloaded metadata XML from step 3.
- All other fields can be left blank.
Click _Update settings_ at the bottom of the page.
<img width="1904" alt="Screen Shot 2021-09-15 at 5 32 25 PM" src="https://user-images.githubusercontent.com/575602/133530548-4651bf76-e0fc-489d-b84a-755736474dc5.png">
5. In Google Workspace, configure the _Service provider details_.
- For _ACS URL_, use `https://<your_fleet_url>/api/v1/fleet/sso/callback` (eg. `https://fleet.example.com/api/v1/fleet/sso/callback`).
- For Entity ID, use **the same unique identifier from step 4** (eg. `fleet.example.com`).
- For _Name ID format_ choose `EMAIL`.
- For _Name ID_ choose `Basic Information > Primary email`.
- All other fields can be left blank.
Click _Continue_ at the bottom of the page.
<img width="1860" alt="Screen Shot 2021-09-15 at 5 36 56 PM" src="https://user-images.githubusercontent.com/575602/133530896-af561c81-ae54-4ee6-acca-5a6473b38b6b.png">
6. Click _Finish_.
<img width="1904" alt="Screen Shot 2021-09-15 at 2 57 20 PM" src="https://user-images.githubusercontent.com/575602/133530932-9157c17b-ee84-46d9-9520-8faa864d872b.png">
7. Click the down arrow on the _User access_ section of the app details page.
<img width="1904" alt="Screen Shot 2021-09-15 at 2 57 51 PM" src="https://user-images.githubusercontent.com/575602/133531007-a3a00a3f-65d4-46b0-9d39-eb74abda0901.png">
8. Check _ON for everyone_. Click _Save_.
<img width="1904" alt="Screen Shot 2021-09-15 at 2 58 09 PM" src="https://user-images.githubusercontent.com/575602/133531039-93e29f0f-ef20-423b-bc31-8cef05a61b13.png">
9. Enable SSO for a test user and try logging in. Note that Google sometimes takes a long time to propagate the SSO configuration, and it can help to try logging in to Fleet with an Incognito/Private window in the browser.
## Feature flags
Fleet features are sometimes gated behind feature flags. This will usually be due to not-yet-stable APIs, or not-fully-tested performance characteristics.

18
docs/2-Deploying/3-Example-deployment-scenarios.md → docs/02-Deploying/03-Example-deployment-scenarios.md
View file

@ -48,7 +48,7 @@ vagrant ssh
### Installing Fleet
To [install Fleet](https://github.com/fleetdm/fleet/blob/main/docs/2-Deploying/1-Installation.md), download, unzip, and move the latest Fleet binary to your desired install location.
To [install Fleet](https://github.com/fleetdm/fleet/blob/main/docs/02-Deploying/01-Installation.md), download, unzip, and move the latest Fleet binary to your desired install location.
For example, after downloading:
```sh
@ -190,11 +190,11 @@ Now, if you go to [https://localhost:8080](https://localhost:8080) in your local
### Running Fleet with systemd
See [Running with systemd](./2-Configuration.md#running-with-systemd) for documentation on running fleet as a background process and managing the fleet server logs.
See [Running with systemd](./02-Configuration.md#running-with-systemd) for documentation on running fleet as a background process and managing the fleet server logs.
### Installing and running osquery
> Note that this whole process is outlined in more detail in the [Adding Hosts To Fleet](../1-Using-Fleet/4-Adding-hosts.md) document. The steps are repeated here for the sake of a continuous tutorial.
> Note that this whole process is outlined in more detail in the [Adding Hosts To Fleet](../01-Using-Fleet/04-Adding-hosts.md) document. The steps are repeated here for the sake of a continuous tutorial.
To install osquery on CentOS, you can run the following:
@ -357,11 +357,11 @@ Now, if you go to [https://localhost:8080](https://localhost:8080) in your local
### Running Fleet with systemd
See [Running with systemd](./2-Configuration.md#running-with-systemd) for documentation on running fleet as a background process and managing the fleet server logs.
See [Running with systemd](./02-Configuration.md#running-with-systemd) for documentation on running fleet as a background process and managing the fleet server logs.
### Installing and running osquery
> Note that this whole process is outlined in more detail in the [Adding Hosts To Fleet](../1-Using-Fleet/4-Adding-hosts.md) document. The steps are repeated here for the sake of a continuous tutorial.
> Note that this whole process is outlined in more detail in the [Adding Hosts To Fleet](../01-Using-Fleet/04-Adding-hosts.md) document. The steps are repeated here for the sake of a continuous tutorial.
To install osquery on Ubuntu, you can run the following:
@ -453,14 +453,14 @@ We will use this address when we configure the Kubernetes deployment and databas
The last step is to run the Fleet database migrations on your new MySQL server. To do this, run the following:
```
kubectl create -f ./docs/1-Using-Fleet/configuration-files/kubernetes/fleet-migrations.yml
kubectl create -f ./docs/01-Using-Fleet/configuration-files/kubernetes/fleet-migrations.yml
```
In Kubernetes, you can only run a job once. If you'd like to run it again (i.e.: you'd like to run the migrations again using the same file), you must delete the job before re-creating it. To delete the job and re-run it, you can run the following commands:
```
kubectl delete -f ./docs/1-Using-Fleet/configuration-files/kubernetes/fleet-migrations.yml
kubectl create -f ./docs/1-Using-Fleet/configuration-files/kubernetes/fleet-migrations.yml
kubectl delete -f ./docs/01-Using-Fleet/configuration-files/kubernetes/fleet-migrations.yml
kubectl create -f ./docs/01-Using-Fleet/configuration-files/kubernetes/fleet-migrations.yml
```
#### Redis
@ -536,7 +536,7 @@ ts=2017-11-16T02:48:38.441148166Z transport=https address=0.0.0.0:443 msg=listen
Now that the Fleet server is running on our cluster, we have to expose the Fleet webservers to the internet via a load balancer. To create a Kubernetes `Service` of type `LoadBalancer`, run the following:
```
kubectl apply -f ./docs/1-Using-Fleet/configuration-files/kubernetes/fleet-service.yml
kubectl apply -f ./docs/01-Using-Fleet/configuration-files/kubernetes/fleet-service.yml
```
#### Configure DNS

0
docs/2-Deploying/4-fleetctl-agent-updates.md → docs/02-Deploying/04-fleetctl-agent-updates.md
View file

20
docs/2-Deploying/FAQ.md → docs/02-Deploying/FAQ.md
View file

@ -12,6 +12,8 @@
- [Why am I receiving a database connection error when attempting to "prepare" the database?](#why-am-i-receiving-a-database-connection-error-when-attempting-to-prepare-the-database)
- [Is Fleet available as a SaaS product?](#is-fleet-available-as-a-saas-product)
- [Is Fleet compatible with X flavor of MySQL?](#is-fleet-compatible-with-x-flavor-of-mysql)
- [What are the MySQL user access requirements?](#what-are-the-mysql-user-requirements)
- [What is duplicate enrollment and how do I fix it?](#what-is-duplicate-enrollment-and-how-do-i-fix-it)
## How do I get support for working with Fleet?
@ -25,7 +27,7 @@ Yes. Fleet scales horizontally out of the box as long as all of the Fleet server
Note that osquery logs will be distributed across the Fleet servers.
Read the [performance documentation](../1-Using-Fleet/6-Monitoring-Fleet.md#fleet-server-performance) for more.
Read the [performance documentation](../01-Using-Fleet/06-Monitoring-Fleet.md#fleet-server-performance) for more.
## Why aren't my osquery agents connecting to Fleet?
@ -71,15 +73,15 @@ These configurations cannot be managed centrally from Fleet.
## What do I do about "too many open files" errors?
This error usually indicates that the Fleet server has run out of file descriptors. Fix this by increasing the `ulimit` on the Fleet process. See the `LimitNOFILE` setting in the [example systemd unit file](./2-Configuration.md#runing-with-systemd) for an example of how to do this with systemd.
This error usually indicates that the Fleet server has run out of file descriptors. Fix this by increasing the `ulimit` on the Fleet process. See the `LimitNOFILE` setting in the [example systemd unit file](./02-Configuration.md#runing-with-systemd) for an example of how to do this with systemd.
Some deployments may benefit by setting the [`--server_keepalive`](./2-Configuration.md#server_keepalive) flag to false.
Some deployments may benefit by setting the [`--server_keepalive`](./02-Configuration.md#server_keepalive) flag to false.
This was also seen as a symptom of a different issue: if you're deploying on AWS on T type instances, there are different scenarios where the activity can increase and the instances will burst. If they run out of credits, then they'll stop processing leaving the file descriptors open.
## I upgraded my database, but Fleet is still running slowly. What could be going on?
This could be caused by a mismatched connection limit between the Fleet server and the MySQL server that prevents Fleet from fully utilizing the database. First [determine how many open connections your MySQL server supports](https://dev.mysql.com/doc/refman/8.0/en/too-many-connections.html). Now set the [`--mysql_max_open_conns`](./2-Configuration.md#mysql_max_open_conns) and [`--mysql_max_idle_conns`](./2-Configuration.md#mysql_max_idle_conns) flags appropriately.
This could be caused by a mismatched connection limit between the Fleet server and the MySQL server that prevents Fleet from fully utilizing the database. First [determine how many open connections your MySQL server supports](https://dev.mysql.com/doc/refman/8.0/en/too-many-connections.html). Now set the [`--mysql_max_open_conns`](./02-Configuration.md#mysql_max_open_conns) and [`--mysql_max_idle_conns`](./02-Configuration.md#mysql_max_idle_conns) flags appropriately.
## Why am I receiving a database connection error when attempting to "prepare" the database?
@ -104,3 +106,13 @@ No. Currently, Fleet is only available for self-hosting on premises or in the cl
## Is Fleet compatible with X flavor of MySQL?
Fleet is built to run on MySQL 5.7 or above. However, particularly with AWS Aurora, we recommend 2.10.0 and above, as we've seen issues with anything below that.
## What are the MySQL user requirements?
The user `fleet prepare db` (via environment variable `FLEET_MYSQL_USERNAME` or command line flag `--mysql_username=<username>`) uses to interact with the database needs to be able to create, alter, and drop tables as well as the ability to create temporary tables.
## What is duplicate enrollment and how do I fix it?
Duplicate host enrollment is when more than one host enrolls in Fleet using the same identifier (hardware UUID or osquery generated UUID). This can be caused by cloning a VM Image with an already enrolled
osquery client. To resolve the issues, it's advised to configure `--osquery_host_identifier` to `uuid`, and then delete the single host record for that whole set of hosts in the Fleet UI. You can find more information about
[host identifiers here](https://github.com/fleetdm/fleet/blob/main/docs/02-Deploying/02-Configuration.md#osquery_host_identifier).

8
docs/2-Deploying/README.md → docs/02-Deploying/README.md
View file

@ -1,15 +1,15 @@
# Deployment
### [Installation](./1-Installation.md)
### [Installation](./01-Installation.md)
Provides documentation on installing the Fleet binary and Fleets infrastructure dependencies
### [Configuration](./2-Configuration.md)
### [Configuration](./02-Configuration.md)
Includes resources for configuring the Fleet binary, managing osquery configurations, and running with systemd
### [Example deployment scenarios](./3-Example-deployment-scenarios.md)
### [Example deployment scenarios](./03-Example-deployment-scenarios.md)
Includes deployment walkthroughs for Fleet on CentOS, Ubuntu, and Kubernetes.
### [Self-managed agent updates](./4-fleetctl-agent-updates.md)
### [Self-managed agent updates](./04-fleetctl-agent-updates.md)
Information about running an update server with fleetctl.
### [FAQ](./FAQ.md)

0
docs/3-Contributing/1-Building-Fleet.md → docs/03-Contributing/01-Building-Fleet.md
View file

61
docs/3-Contributing/2-Testing.md → docs/03-Contributing/02-Testing.md
View file

@ -7,7 +7,7 @@
- [Test hosts](#test-hosts)
- [Email](#email)
- [Database backup/restore](#database-backuprestore)
- [Teams seed data](#teams-seed-data)
- [Seeding Data](./06-Seeding-Data.md)
- [MySQL shell](#mysql-shell)
- [Testing SSO](#testing-sso)
@ -40,7 +40,7 @@ go install github.com/golangci/golangci-lint/cmd/golangci-lint@v1.42.0
Make sure it is available in your PATH. To execute the basic unit and integration tests, run the following from the root of the repository:
```
MYSQL_TEST=1 make test
REDIS_TEST=1 MYSQL_TEST=1 make test
```
It is a good idea to run `make test` before submitting a Pull Request.
@ -50,7 +50,7 @@ It is a good idea to run `make test` before submitting a Pull Request.
To run all Go unit tests, run the following:
```
make test-go
REDIS_TEST=1 MYSQL_TEST=1 make test-go
```
#### Go linters
@ -105,6 +105,14 @@ To run email related integration tests using MailHog set environment as follows:
MAIL_TEST=1 make test-go
```
#### Network tests
A few tests require network access as they make requests to external hosts. Given that the network is unreliable, may not be available, and those hosts may also not be unavailable, those tests are skipped by default and are opt-in via the `NETWORK_TEST` environment variable. To run them:
```
NETWORK_TEST=1 make test-go
```
### Viewing test coverage
When you run `make test` or `make test-go` from the root of the repository, test coverage reports are generated in every subpackage. For example, the `server` subpackage will have a coverage report generated in `./server/server.cover`
@ -129,7 +137,7 @@ E2E tests are run using Docker and Cypress.
#### Preparation
Make sure dependencies are up to date and the [Fleet binaries are built locally](./1-Building-Fleet.md).
Make sure dependencies are up to date and the [Fleet binaries are built locally](./01-Building-Fleet.md).
For Fleet Free tests:
@ -223,51 +231,6 @@ Restore:
Note that a "restore" will replace the state of the development database with the state from the backup.
## Teams seed data
When developing Fleet, it may be useful to create seed data that includes users and teams.
Check out this Loom demo video that walks through creating teams seed data:
https://www.loom.com/share/1c41a1540e8f41328a7a6cfc56ad0a01
For a text-based walkthrough, check out the following steps:
First, create a `env` file with the following contents:
```
export SERVER_URL=https://localhost:8080 # your fleet server url and port
export CURL_FLAGS='-k -s' # set insecure flag
export TOKEN=eyJhbGciOi... # your login token
```
Next, set the `FLEET_ENV_PATH` to point to the `env` file. This will let the scripts in the `fleet/` folder source the env file.
```
export FLEET_ENV_PATH=/Users/victor/fleet_env
```
Finally run one of the bash scripts located in the [/tools/api](../../tools/api/README.md) directory.
The `fleet/create_free` script will generate an environment to roughly reflect an installation of Fleet Free. The script creates 3 users with different roles.
```
./tools/api/fleet/teams/create_free
```
The `fleet/create_premium` script will generate an environment to roughly reflect an installation of Fleet Premium. The script will create 2 teams 4 users with different roles.
```
./tools/api/fleet/teams/create_premium
```
The `fleet/create_figma` script will generate an environment to reflect the mockups in the Fleet EE (current) Figma file. The script creates 3 teams and 12 users with different roles.
```
./tools/api/fleet/teams/create_figma
```
Each user generated by the script has their password set to `user123#`.
## MySQL shell
Connect to the MySQL shell to view and interact directly with the contents of the development database.

0
docs/3-Contributing/3-Migrations.md → docs/03-Contributing/03-Migrations.md
View file

5
docs/3-Contributing/4-Committing-Changes.md → docs/03-Contributing/04-Committing-Changes.md
View file

@ -12,11 +12,14 @@ For significant changes, it is a good idea to discuss the proposal with the Flee
Please keep in mind that any code merged to the Fleet repository becomes the responsibility of the Fleet team to maintain. Because of this, we are careful to ensure any contributions fit Fleet's vision, are well-tested, and high quality. We will work with contributors to ensure the appropriate standards are met.
## Fleet Device Management team members
Fleet Device Management team members may not copy queries from external sources except when that content has an explicit license allowing such use, or permission has been granted by the creator.
## Pull Requests
Each developer (internal or external) creates a fork of the Fleet repository, committing changes to a branch within their fork. Changes are submitted by PR to be merged into Fleet.
GitHub Actions automatically runs testers and linters on each PR. Please ensure that these checks pass. Checks can be run locally as described in [2-Testing.md](./2-Testing.md).
GitHub Actions automatically runs testers and linters on each PR. Please ensure that these checks pass. Checks can be run locally as described in [02-Testing.md](./02-Testing.md).
For features that are still in-progress, the Pull Request can be marked as a "Draft". This helps make it clear which PRs are ready for review and merge.

0
docs/3-Contributing/5-Releasing-Fleet.md → docs/03-Contributing/05-Releasing-Fleet.md
View file

44
docs/03-Contributing/06-Seeding-Data.md Normal file
View file

@ -0,0 +1,44 @@
# Seeding Data
When developing Fleet, it may be useful to create seed data that includes users and teams.
Check out this Loom demo video that walks through creating teams seed data:
https://www.loom.com/share/1c41a1540e8f41328a7a6cfc56ad0a01
For a text-based walkthrough, check out the following steps:
First, create a `env` file with the following contents:
```
export SERVER_URL=https://localhost:8080 # your fleet server url and port
export CURL_FLAGS='-k -s' # set insecure flag
export TOKEN=eyJhbGciOi... # your login token
```
Next, set the `FLEET_ENV_PATH` to point to the `env` file. This will let the scripts in the `fleet/` folder source the env file.
```
export FLEET_ENV_PATH=/Users/victor/fleet_env
```
Finally run one of the bash scripts located in the [/tools/api](../../tools/api/README.md) directory.
The `fleet/create_free` script will generate an environment to roughly reflect an installation of Fleet Free. The script creates 3 users with different roles.
```
./tools/api/fleet/teams/create_free
```
The `fleet/create_premium` script will generate an environment to roughly reflect an installation of Fleet Premium. The script will create 2 teams 4 users with different roles.
```
./tools/api/fleet/teams/create_premium
```
The `fleet/create_figma` script will generate an environment to reflect the mockups in the Fleet EE (current) Figma file. The script creates 3 teams and 12 users with different roles.
```
./tools/api/fleet/teams/create_figma
```
Each user generated by the script has their password set to `user123#`.

2
docs/3-Contributing/FAQ.md → docs/03-Contributing/FAQ.md
View file

@ -25,7 +25,7 @@ server/fleet/emails.go:90:23: undefined: Asset
make: *** [fleet] Error 2
```
If you get an `undefined: Asset` error it is likely because you did not run `make generate` before `make build`. See [Building Fleet](./1-Building-Fleet.md) for additional documentation on compiling the `fleet` binary.
If you get an `undefined: Asset` error it is likely because you did not run `make generate` before `make build`. See [Building Fleet](./01-Building-Fleet.md) for additional documentation on compiling the `fleet` binary.
## Adding hosts for testing

10
docs/3-Contributing/README.md → docs/03-Contributing/README.md
View file

@ -1,18 +1,18 @@
# Contribution
### [Building Fleet](./1-Building-Fleet.md)
### [Building Fleet](./01-Building-Fleet.md)
Provides documentation about building the code, development infrastructure, and database migrations
### [Testing](./2-Testing.md)
### [Testing](./02-Testing.md)
Includes documentation about Fleet's full test suite and integration tests
### [Migrations](./3-Migrations.md)
### [Migrations](./03-Migrations.md)
Information about creating and updating database migrations
### [Committing Changes](./4-Committing-Changes.md)
### [Committing Changes](./04-Committing-Changes.md)
Contains information about how to merge changes into the codebase
### [Releasing Fleet](./5-Releasing-Fleet.md)
### [Releasing Fleet](./05-Releasing-Fleet.md)
Provides a guide for Fleet's release process
### [FAQ](./FAQ.md)

6
docs/README.md
View file

@ -2,13 +2,13 @@
Welcome to the documentation for the Fleet osquery fleet manager.
### [Using Fleet](./1-Using-Fleet/README.md)
### [Using Fleet](./01-Using-Fleet/README.md)
Resources for using the Fleet UI, fleetctl CLI, and Fleet REST API.
### [Deploying](./2-Deploying/README.md)
### [Deploying](./02-Deploying/README.md)
Resources for installing Fleet's infrastructure dependencies, configuring Fleet, deploying osquery to hosts, and viewing example deployment scenarios.
### [Contributing](./3-Contributing/README.md)
### [Contributing](./03-Contributing/README.md)
If you're interested in interacting with the Fleet source code, you'll find information on modifying and building the code here.
---

295
frontend/README.md
View file

@ -1,34 +1,40 @@
# Fleet Front-End
The Fleet front-end is a Single Page Application using React and Redux.
The Fleet front-end is a Single Page Application using React with Typescript and Hooks.
## Table of Contents
- [Running the Fleet web app](#running-the-fleet-web-app)
- [Directory Structure](#directory-structure)
- [Deprecated](#deprecated)
- [Patterns](#patterns)
- [Typing](#typing)
- [React Hooks (Functional Components)](#react-hooks-functional-components)
- [React Context](#react-context)
- [Fleet API Calls](#fleet-api-calls)
- [Page Routing](#page-routing)
- [Other](#other)
## Running the Fleet web app
For details instruction on building and serving the Fleet web application
consult the [Contributing documentation](../docs/3-Contributing/README.md).
consult the [Contributing documentation](../docs/03-Contributing/README.md).
## Directory Structure
Component directories in the Fleet front-end application encapsulate the entire
component, including files for the component, helper functions, styles, and tests. The
component, including files for the component and its styles. The
typical directory structure for a component is as follows:
```
|-- ComponentName
| |-- _styles.scss
| |-- ComponentName.jsx
| |-- ComponentName.tests.jsx
| |-- helpers.js
| |-- helpers.tests.js
| |-- index.js
└── ComponentName
├── _styles.scss
├── ComponentName.tsx
├── index.ts
```
- `_styles.scss`: The component css styles
- `ComponentName.jsx`: The React component
- `ComponentName.tests.jsx`: The React component tests
- `helpers.js`: Helper functions used by the component
- `helpers.tests.js`: Tests for the component's helper functions
- `index.js`: Exports the React component
- `ComponentName.tsx`: The React component
- `index.ts`: Exports the React component
- This file is helpful as it allows other components to import the component
by it's directory name. Without this file the component name would have to
be duplicated during imports (`components/ComponentName` vs. `components/ComponentName/ComponentName`).
@ -46,40 +52,34 @@ The component directory contains the React components rendered by pages. They
are typically not connected to the redux state but receive props from their
parent components to render data and handle user interactions.
### [context](./context)
The context directory contains the React Context API pattern for various entities.
Only entities that are needed across the app has a global context. For example,
the [logged in user](./context/app.tsx) (`currentUser`) has multiple pages and components
where its information is pulled.
### [interfaces](./interfaces)
Files in the interfaces directory are used to specify the PropTypes for a reusable Fleet
Files in the interfaces directory are used to specify the Typescript interface for a reusable Fleet
entity. This is designed to DRY up the code and increase re-usability. These
interfaces are imported into component files and implemented when defining the
component's PropTypes.
interfaces are imported in to component files and implemented when defining the
component's props.
### [fleet](./fleet)
The default export of the `fleet` directory is the API client. More info can be
found at the [API client documentation page](./fleet/README.md).
**Additionally, local interfaces are used for props of local components.**
### [layouts](https://github.com/fleetdm/fleet/tree/main/frontend/layouts)
The Fleet application has only 1 layout, the [Core Layout](./layouts/CoreLayout/CoreLayout.jsx).
The Layout is rendered from the [router](./router/index.jsx) and are used to set up the general app UI (header, sidebar) and render child components.
The Layout is rendered from the [router](./router/index.tsx) and are used to set up the general
app UI (header, sidebar) and render child components.
The child components rendered by the layout are typically page components.
### [pages](./pages)
Page components are React components typically rendered from the [router](./router).
These components are connected to redux state and are used to gather data from
redux and pass that data to child components (located in the [components
directory](./components). As
connected components, Pages are also used to dispatch actions. Actions
dispatched from Pages are intended to update redux state and oftentimes include
making a call to the Fleet API.
### [redux](./redux)
The redux directory holds all of the application's redux middleware, actions,
and reducers. The redux directory also creates the [store](./redux/store.js) which is used in the router.
More information about the redux configuration can be found at the [Redux
Documentation page](./redux/README.md)
React Router passed props to these pages in case they are needed. Examples include
the `router`, `location`, and `params` objects.
### [router](./router)
@ -90,6 +90,10 @@ file which holds the application paths as string constants for reference
throughout the app. These paths are typically referenced from the [App
Constants](./app_constants) object.
### [services](./services)
CRUD functions for all Fleet entities (e.g. `query`) that link directly to the Fleet API.
### [styles](./styles)
The styles directory contains the general app style setup and variables. It
@ -100,22 +104,221 @@ includes variables for the app color hex codes, fonts (families, weights and siz
The templates directory contains the HTML file that renders the React application via including the `bundle.js`
and `bundle.css` files. The HTML page also includes the HTML element in which the React application is mounted.
### [test](./test)
The test directory includes test helpers, API request mocks, and stubbed data entities for use in test files.
More on test helpers, stubs, and request mocks [here](./test/README.md).
### [utilities](./utilities)
The utilities directory contains re-usable functions for use throughout the
The utilities directory contains re-usable functions and constants for use throughout the
application. The functions include helpers to convert an array of objects to
CSV, debounce functions to prevent multiple form submissions, format API errors,
etc.
## Forms
## Deprecated
For details on creating a Fleet form visit the [Fleet Form Documentation](./components/forms/README.md).
These directories and files are still used (as of 9/14/21) but are being replaced by newer code:
## API Client
- [fleet](./fleet), now using [services](./services)
- [redux](./redux), now using [services](./services), local states, and various entities directly (e.g. React Router)
- [Form.jsx Higher Order Component](./components/forms/README.md), now creating forms with local states with React Hooks (i.e. `useState`)
For details on the Fleet API Client visit the [Fleet API Client Documentation](./fleet/README.md).
To view the deprecated documentation, [click here](./README_deprecated.md).
## Patterns
### Typing
All Javascript and React files use Typescript, meaning the extensions are `.ts` and `.tsx`. Here are the guidelines on how we type at Fleet:
- Use *[global entity interfaces](#interfaces)* when interfaces are used multiple times across the app
- Use *local interfaces* when typing entities limited to the specific page or component
- Local interfaces for page and component props
```typescript
// page
interface IPageProps {
prop1: string;
prop2: number;
...
}
// Note: Destructure props in page/component signature
const PageOrComponent = ({
prop1,
prop2,
}: IPageProps) => {
return (
// ...
);
};
```
- Local states
```typescript
const [item, setItem] = useState<string>("");
```
- Fetch function signatures (i.e. `react-query`)
```typescript
useQuery<IHostResponse, Error, IHost>(params)
```
- Custom functions, including callbacks
```typescript
const functionWithTableName = (tableName: string): boolean => {
// do something
};
```
### React Hooks (Functional Components)
[Hooks](https://reactjs.org/docs/hooks-intro.html) are used to track state and use other features
of React. Hooks are only allowed in functional components, which are created like so:
```typescript
import React, { useState, useEffect } from "React";
const PageOrComponent = (props) => {
const [item, setItem] = useState<string>("");
// runs only on first mount (replaces componentDidMount)
useEffect(() => {
// do something
}, []);
// runs only when `item` changes (replaces componentDidUpdate)
useEffect(() => {
// do something
}, [item]);
return (
// ...
);
};
```
**Note: Other hooks are available per [React's documentation](https://reactjs.org/docs/hooks-intro.html).**
### React Context
[React Context](https://reactjs.org/docs/context.html) is a store similar to Redux. It stores
data that is desired and allows for retrieval of that data in whatever component is in need.
View currently working contexts in the [context directory](./context).
### Fleet API Calls
**Deprecated:**
Redux was used to make API calls, along with the [fleet](./fleet) directory.
**Current:**
The [services](./services) directory stores all API calls and is to be used in two ways:
- A direct `async/await` assignment
- Using `react-query` if requirements call for loading data right away or based on dependencies.
Examples below:
*Direct assignment*
```typescript
// page
import ...
import queryAPI from "services/entities/queries";
const PageOrComponent = (props) => {
const doSomething = async () => {
const response = await queryAPI.load(param);
// do something
};
return (
// ...
);
};
```
*React Query*
`react-query` ([docs here](https://react-query.tanstack.com/overview)) is a data-fetching library that
gives us the ability to fetch, cache, sync and update data with a myriad of options and properties.
```typescript
import ...
import { useQuery, useMutation } from "react-query";
import queryAPI from "services/entities/queries";
const PageOrComponent = (props) => {
// retrieve the query based on page/component load
// and dependencies for when to refetch
const {
isLoading,
data,
error,
...otherProps,
} = useQuery<IResponse, Error, IData>(
"query",
() => queryAPI.load(param),
{
...options
}
);
// `props` is a bucket of properties that can be used when
// updating data. for example, if you need to know whether
// a mutation is loading, there is a prop for that.
const { ...props } = useMutation((formData: IForm) =>
queryAPI.create(formData)
);
return (
// ...
);
};
```
### Page Routing
**Deprecated:**
Redux was used to manage redirecting to different pages of the app.
**Current:**
We use React Router directly to navigate between pages. For page components,
React Router (v3) supplies a `router` prop that can be easily accessed.
When needed, the `router` object contains a `push` function that redirects
a user to whatever page desired. For example:
```typescript
// page
import PATHS from "router/paths";
interface IPageProps {
router: any; // no typing in react-router v3
}
const PageOrComponent = ({
router,
}: IPageProps) => {
const doSomething = async () => {
router.push(PATHS.HOME);
};
return (
// ...
);
};
```
### Other
**Local states**
Our first line of defense for state management is local states (i.e. `useState`). We
use local states to keep pages/components separate from one another and easy to
maintain. If states need to be passed to direct children, then prop-drilling should
suffice as long as we do not go more than two levels deep. Otherwise, if states need
to be used across multiple unrelated components or 3+ levels from a parent,
then the [app's context](#react-context) should be used.
**File size**
The recommend line limit per page/component is 500 lines. This is only a recommendation.
Larger files are to be split into multiple files if possible.

128
frontend/README_deprecated.md Normal file
View file

@ -0,0 +1,128 @@
**This documentation has many deprecated patterns. Please follow the current [README](./README.md).**
# Fleet Front-End
**Note: Redux is deprecated.**
The Fleet front-end is a Single Page Application using React and Redux.
## Running the Fleet web app
For details instruction on building and serving the Fleet web application
consult the [Contributing documentation](../docs/03-Contributing/README.md).
## Directory Structure
Component directories in the Fleet front-end application encapsulate the entire
component, including files for the component, helper functions, styles, and tests. The
typical directory structure for a component is as follows:
**Note: `.jsx` and `.js` is deprecated.**
```
|-- ComponentName
| |-- _styles.scss
| |-- ComponentName.jsx
| |-- ComponentName.tests.jsx // deprecated
| |-- helpers.js
| |-- helpers.tests.js
| |-- index.js
```
- `_styles.scss`: The component css styles
- `ComponentName.jsx`: The React component
- `ComponentName.tests.jsx`: The React component tests `Deprecated`
- `helpers.js`: Helper functions used by the component
- `helpers.tests.js`: Tests for the component's helper functions
- `index.js`: Exports the React component
- This file is helpful as it allows other components to import the component
by it's directory name. Without this file the component name would have to
be duplicated during imports (`components/ComponentName` vs. `components/ComponentName/ComponentName`).
### [app_constants](./app_constants)
The app_constants directory exports the constants used in the app. Examples
include the app's URL paths, settings, and http statuses. When building features
that require constants, the constants should be added here for accessibility
throughout the application.
### [components](./components)
The component directory contains the React components rendered by pages. They
are typically not connected to the redux state but receive props from their
parent components to render data and handle user interactions.
### [interfaces](./interfaces)
**Note: PropTypes is deprecated.**
Files in the interfaces directory are used to specify the PropTypes for a reusable Fleet
entity. This is designed to DRY up the code and increase re-usability. These
interfaces are imported into component files and implemented when defining the
component's PropTypes.
### [fleet](./fleet) `Deprecated`
The default export of the `fleet` directory is the API client. More info can be
found at the [API client documentation page](./fleet/README.md).
### [layouts](https://github.com/fleetdm/fleet/tree/main/frontend/layouts)
The Fleet application has only 1 layout, the [Core Layout](./layouts/CoreLayout/CoreLayout.jsx).
The Layout is rendered from the [router](./router/index.tsx) and are used to set up the general app UI (header, sidebar) and render child components.
The child components rendered by the layout are typically page components.
### [pages](./pages)
Page components are React components typically rendered from the [router](./router).
These components are connected to redux state and are used to gather data from
redux and pass that data to child components (located in the [components
directory](./components). As
connected components, Pages are also used to dispatch actions. Actions
dispatched from Pages are intended to update redux state and oftentimes include
making a call to the Fleet API.
### [redux](./redux) `Deprecated`
The redux directory holds all of the application's redux middleware, actions,
and reducers. The redux directory also creates the [store](./redux/store.js) which is used in the router.
More information about the redux configuration can be found at the [Redux
Documentation page](./redux/README.md)
### [router](./router)
The router directory is where the react router lives. The router decides which
component will render at a given URL. Components rendered from the router are
typically located in the [pages directory](./pages). The router directory also holds a `paths`
file which holds the application paths as string constants for reference
throughout the app. These paths are typically referenced from the [App
Constants](./app_constants) object.
### [styles](./styles)
The styles directory contains the general app style setup and variables. It
includes variables for the app color hex codes, fonts (families, weights and sizes), and padding.
### [templates](./templates)
The templates directory contains the HTML file that renders the React application via including the `bundle.js`
and `bundle.css` files. The HTML page also includes the HTML element in which the React application is mounted.
### [test](./test) `Deprecated`
The test directory includes test helpers, API request mocks, and stubbed data entities for use in test files.
More on test helpers, stubs, and request mocks [here](./test/README.md).
### [utilities](./utilities)
The utilities directory contains re-usable functions for use throughout the
application. The functions include helpers to convert an array of objects to
CSV, debounce functions to prevent multiple form submissions, format API errors,
etc.
## Forms
For details on creating a Fleet form visit the [Fleet Form Documentation](./components/forms/README.md).
## API Client
For details on the Fleet API Client visit the [Fleet API Client Documentation](./fleet/README.md).

Some files were not shown because too many files have changed in this diff Show more