From a540e0e38b1c0cb3d406c2ff8df3e2be4e94d962 Mon Sep 17 00:00:00 2001 From: Luke Heath Date: Thu, 23 May 2024 11:11:28 -0500 Subject: [PATCH] Adding changes for Fleet v4.50.0 (#19191) --- CHANGELOG.md | 51 +++++++++++++++++++ ...2619-fixed-activities-sort-buffer-overflow | 1 - changes/14921-software-installers-sg | 4 -- ...-merge-inherited-and-team-queries-policies | 2 - changes/16562-deadlock | 1 - changes/16562-policy_stats-lock | 1 - changes/16989-delete-activities | 1 - changes/16989-ui-to-delete-old-activities | 1 - changes/17110-win-os-reporting | 1 - changes/17170-hyphen-delimiter | 1 - changes/17321-zsh-support | 1 - changes/17360-better-url-email-validators | 1 - changes/17771-invalid-query-platforms | 1 - changes/17865-get-install-results | 2 - changes/18039-private-IPv6-address | 1 - .../18079-query-results-bug-transfer-hosts | 1 - ...-install-commands-of-fleetd-on-windows-mdm | 1 - changes/18118-run-script-updates | 1 - changes/18121-api-command | 1 - changes/18157-update-platform-policy-stats | 1 - changes/18173-linux-async-wipe | 1 - changes/18187-ai-generated-backend | 8 --- changes/18221-host_software-count | 1 - .../18318-extract-metadata-from-installers | 1 - changes/18319-api-to-list-host-software | 1 - .../18325-add-software-installers-to-fleetctl | 1 - changes/18329-storage-for-software-installers | 1 - changes/18330-global-activites | 1 - ...8363-bugfix-count-hosts-in-label-endpoints | 1 - changes/18394-print-team-id | 1 - changes/18424-fix-users-query-for-linux | 1 - .../18467-provide-way-to-escape-env-variables | 1 - changes/18470-vuln-links | 1 - changes/18477-apply-builtin-labels | 4 -- changes/18506-linux-icon-bug | 1 - changes/18531-failed-mdm-profs | 1 - changes/18558-windows-mdm-start | 1 - changes/18597-missing-tooltips | 2 - changes/18601-add-ubuntu-oval | 1 - changes/18605-host-expiry-window-setting | 1 - changes/18640-gitops-remove-teams | 4 -- changes/18662-fix-accordion-text | 1 - .../18673-cleanup-unused-software-installers | 1 - ...rbit-endpoint-for-software-install-results | 1 - changes/18766-updating-user | 1 - ...2-add-software-installs-to-host-activities | 1 - changes/18808-macadmins-sofa-tables | 1 - ...ailable-installers-to-list-software-titles | 1 - changes/18838-master-db-read-reduction | 1 - changes/18852-sw-versions-tooltips-bug | 1 - changes/18937-hide-severity-column | 1 - changes/18944-chrome-detailed-queries | 1 - .../18953-case-insensitive-host-queries-sort | 1 - changes/19149-fix-cron-scep | 1 - changes/19153-duplicate | 1 - changes/hosts-lifecycle | 1 - changes/issue-18326-ui-add-software | 1 - ...-updates-to-software-page-for-add-software | 1 - ...loading-signed-apple-mobileconfig-profiles | 1 - changes/issue-18898-external-id | 1 - changes/jve-fix-script-typo | 1 - changes/jve-fix-software-package | 1 - charts/fleet/Chart.yaml | 2 +- charts/fleet/values.yaml | 2 +- .../dogfood/terraform/aws/variables.tf | 2 +- .../dogfood/terraform/gcp/variables.tf | 2 +- terraform/README.md | 2 +- terraform/byo-vpc/README.md | 2 +- terraform/byo-vpc/byo-db/byo-ecs/variables.tf | 2 +- terraform/byo-vpc/byo-db/variables.tf | 2 +- terraform/byo-vpc/example/main.tf | 2 +- terraform/byo-vpc/variables.tf | 2 +- terraform/example/main.tf | 4 +- terraform/variables.tf | 2 +- tools/fleetctl-npm/package.json | 2 +- 75 files changed, 65 insertions(+), 94 deletions(-) delete mode 100644 changes/12619-fixed-activities-sort-buffer-overflow delete mode 100644 changes/14921-software-installers-sg delete mode 100644 changes/15605-merge-inherited-and-team-queries-policies delete mode 100644 changes/16562-deadlock delete mode 100644 changes/16562-policy_stats-lock delete mode 100644 changes/16989-delete-activities delete mode 100644 changes/16989-ui-to-delete-old-activities delete mode 100644 changes/17110-win-os-reporting delete mode 100644 changes/17170-hyphen-delimiter delete mode 100644 changes/17321-zsh-support delete mode 100644 changes/17360-better-url-email-validators delete mode 100644 changes/17771-invalid-query-platforms delete mode 100644 changes/17865-get-install-results delete mode 100644 changes/18039-private-IPv6-address delete mode 100644 changes/18079-query-results-bug-transfer-hosts delete mode 100644 changes/18085-fix-repeated-install-commands-of-fleetd-on-windows-mdm delete mode 100644 changes/18118-run-script-updates delete mode 100644 changes/18121-api-command delete mode 100644 changes/18157-update-platform-policy-stats delete mode 100644 changes/18173-linux-async-wipe delete mode 100644 changes/18187-ai-generated-backend delete mode 100644 changes/18221-host_software-count delete mode 100644 changes/18318-extract-metadata-from-installers delete mode 100644 changes/18319-api-to-list-host-software delete mode 100644 changes/18325-add-software-installers-to-fleetctl delete mode 100644 changes/18329-storage-for-software-installers delete mode 100644 changes/18330-global-activites delete mode 100644 changes/18363-bugfix-count-hosts-in-label-endpoints delete mode 100644 changes/18394-print-team-id delete mode 100644 changes/18424-fix-users-query-for-linux delete mode 100644 changes/18467-provide-way-to-escape-env-variables delete mode 100644 changes/18470-vuln-links delete mode 100644 changes/18477-apply-builtin-labels delete mode 100644 changes/18506-linux-icon-bug delete mode 100644 changes/18531-failed-mdm-profs delete mode 100644 changes/18558-windows-mdm-start delete mode 100644 changes/18597-missing-tooltips delete mode 100644 changes/18601-add-ubuntu-oval delete mode 100644 changes/18605-host-expiry-window-setting delete mode 100644 changes/18640-gitops-remove-teams delete mode 100644 changes/18662-fix-accordion-text delete mode 100644 changes/18673-cleanup-unused-software-installers delete mode 100644 changes/18675-add-orbit-endpoint-for-software-install-results delete mode 100644 changes/18766-updating-user delete mode 100644 changes/18772-add-software-installs-to-host-activities delete mode 100644 changes/18808-macadmins-sofa-tables delete mode 100644 changes/18831-add-available-installers-to-list-software-titles delete mode 100644 changes/18838-master-db-read-reduction delete mode 100644 changes/18852-sw-versions-tooltips-bug delete mode 100644 changes/18937-hide-severity-column delete mode 100644 changes/18944-chrome-detailed-queries delete mode 100644 changes/18953-case-insensitive-host-queries-sort delete mode 100644 changes/19149-fix-cron-scep delete mode 100644 changes/19153-duplicate delete mode 100644 changes/hosts-lifecycle delete mode 100644 changes/issue-18326-ui-add-software delete mode 100644 changes/issue-18328-updates-to-software-page-for-add-software delete mode 100644 changes/issue-18389-fix-uploading-signed-apple-mobileconfig-profiles delete mode 100644 changes/issue-18898-external-id delete mode 100644 changes/jve-fix-script-typo delete mode 100644 changes/jve-fix-software-package diff --git a/CHANGELOG.md b/CHANGELOG.md index 0619b9982f..903b2e9352 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,3 +1,54 @@ +## Fleet 4.50.0 (May 22, 2024) + +### Endpoint Operations + +- Added optional AI-generated policy descriptions and remediations. +- Added flag to enable deletion of old activities and associated data in cleanup cron job. +- Added support for escaping `$` (with `\`) in gitops yaml files. +- Optimized policy_stats updates to not lock the policy_membership table. +- Optimized the hourly host_software count query to reduce individual query runtime. +- Updated built-in labels to support being applied via `fleetctl apply`. + +### Device Management (MDM) + +- Added endpoints to upload, delete, and download software installers. +- Added ability to upload software from the UI. +- Added functionality to filter hosts by software installer status. +- Added support to the global activity feed for "Added software" and "Deleted software" actions. +- Added the `POST /api/fleet/orbit/software_install/result` endpoint for fleetd to send results for a software installation attempt. +- Added the `GET /api/v1/fleet/hosts/{id}/software` endpoint to list the installed software for the host. +- Added support for uploading and running zsh scripts on macOS and Linux hosts. +- Added the `cron` job to periodically remove unused software installers from the store. +- Added a new command `fleetctl api` to easily use fleetctl to hit any REST endpoint via the CLI. +- Added support to extract package name and version from software installers. +- Added the uninstalled but available software installers to the response payload of the "List software titles" endpoint. +- Updated MySQL host_operating_system insert statement to reduce table lock time. +- Updated software page to support new add software feature. +- Updated fleetctl to print team id as part of the `fleetctl get teams` command. +- Implemented an S3-based and local filesystem-based storage abstraction for software installers. + +### Vulnerability Management + +- Added OVAL vulnerability scanning support on Ubuntu 22.10, 23.04, 23.10, and 24.04. + +### Bug fixes and improvements + +- Fixed ingestion of private IPv6 address from agent. +- Fixed a bug where a singular software version in the Software table generated a tooltip unnecessarily. +- Fixed bug where updating user via `/api/v1/fleet/users/:id` endpoint sometimes did not update activity feed. +- Fixed bug where hosts query results were not cleared after transferring the host to other teams. +- Fixed a bug where the returned `count` field included hosts that the user did not have permission to see. +- Fixed issue where resolved_in_version was not returning if the version number differed by a 4th part. +- Fixed MySQL sort buffer overflow when fetching activities. +- Fixed a bug with users not being collected on Linux devices. +- Fixed typo in Powershell scripts for installing Windows software. +- Fixed an issue with software severity column display in Fleet UI. +- Fixed the icon on Software OS table to show a Linux icon for Linux operating systems. +- Fixed missing tooltips in disabled "Calendar events" manage automations dropdown option. +- Updated switched accordion text. +- Updated sort the host details page queries table case-insensitively. +- Added support for ExternalId in STS Assume Role APIs. + ## Fleet 4.49.4 (May 20, 2024) ### Bug fixes diff --git a/changes/12619-fixed-activities-sort-buffer-overflow b/changes/12619-fixed-activities-sort-buffer-overflow deleted file mode 100644 index 93ba207fad..0000000000 --- a/changes/12619-fixed-activities-sort-buffer-overflow +++ /dev/null @@ -1 +0,0 @@ -Fixed MySQL sort buffer overflow when fetching activities. This issue happened when activities contained very large details, such as large SQL queries. diff --git a/changes/14921-software-installers-sg b/changes/14921-software-installers-sg deleted file mode 100644 index 9bd8a1b260..0000000000 --- a/changes/14921-software-installers-sg +++ /dev/null @@ -1,4 +0,0 @@ -- Added functionality to filter hosts by software installer status. -- Added endpoints to upload, delete, and download software installers. -- Added endpoints to get host software install results. -- Updated activity feeds to include software installer activities. diff --git a/changes/15605-merge-inherited-and-team-queries-policies b/changes/15605-merge-inherited-and-team-queries-policies deleted file mode 100644 index 0841ea667f..0000000000 --- a/changes/15605-merge-inherited-and-team-queries-policies +++ /dev/null @@ -1,2 +0,0 @@ -- UI Change: Team queries page renders team level and inherited queries in a single table set by a new merge_inherited API parameter -- UI Change: Team policies page renders team level and inherited policies in a single table set by a new merge_inherited API parameter diff --git a/changes/16562-deadlock b/changes/16562-deadlock deleted file mode 100644 index 16675fd8c5..0000000000 --- a/changes/16562-deadlock +++ /dev/null @@ -1 +0,0 @@ -Updated MySQL host_operating_system insert statement to reduce table lock time and optimize performance for the common case. diff --git a/changes/16562-policy_stats-lock b/changes/16562-policy_stats-lock deleted file mode 100644 index 6c9b551037..0000000000 --- a/changes/16562-policy_stats-lock +++ /dev/null @@ -1 +0,0 @@ -Optimized policy_stats updates to NOT lock the policy_membership table. This should improve performance on deployments with a large number of global policies and team hosts. diff --git a/changes/16989-delete-activities b/changes/16989-delete-activities deleted file mode 100644 index b90414df7e..0000000000 --- a/changes/16989-delete-activities +++ /dev/null @@ -1 +0,0 @@ -- Added flag to enable deletion of old activities and associated data in cleanup cron job (`activity_expiry_settings.activity_expiry_enabled` and `activity_expiry_settings.activity_expiry_window`). The cleanup cron job deletes up to 5000 expired activities on each hourly run (thus, up to ~120,000 expired activities are cleaned up a day). diff --git a/changes/16989-ui-to-delete-old-activities b/changes/16989-ui-to-delete-old-activities deleted file mode 100644 index 6897b0212a..0000000000 --- a/changes/16989-ui-to-delete-old-activities +++ /dev/null @@ -1 +0,0 @@ -- Add advanced setting to set expiry window for activity log diff --git a/changes/17110-win-os-reporting b/changes/17110-win-os-reporting deleted file mode 100644 index 967432dafc..0000000000 --- a/changes/17110-win-os-reporting +++ /dev/null @@ -1 +0,0 @@ -- improved Windows OS version reporting \ No newline at end of file diff --git a/changes/17170-hyphen-delimiter b/changes/17170-hyphen-delimiter deleted file mode 100644 index 032612fc97..0000000000 --- a/changes/17170-hyphen-delimiter +++ /dev/null @@ -1 +0,0 @@ -- fixed issue where resolved_in_version was not returning if the version number differed by a 4th part \ No newline at end of file diff --git a/changes/17321-zsh-support b/changes/17321-zsh-support deleted file mode 100644 index 9ade50c170..0000000000 --- a/changes/17321-zsh-support +++ /dev/null @@ -1 +0,0 @@ -* Add support for uploading and running zsh scripts on macOS and Linux hosts diff --git a/changes/17360-better-url-email-validators b/changes/17360-better-url-email-validators deleted file mode 100644 index 079733c24e..0000000000 --- a/changes/17360-better-url-email-validators +++ /dev/null @@ -1 +0,0 @@ -- UI: Improve URL and email validation \ No newline at end of file diff --git a/changes/17771-invalid-query-platforms b/changes/17771-invalid-query-platforms deleted file mode 100644 index 963a27eccc..0000000000 --- a/changes/17771-invalid-query-platforms +++ /dev/null @@ -1 +0,0 @@ -* Add an informative flash message when the user tries to save a query with invalid platform(s). diff --git a/changes/17865-get-install-results b/changes/17865-get-install-results deleted file mode 100644 index 46a6cdd5bd..0000000000 --- a/changes/17865-get-install-results +++ /dev/null @@ -1,2 +0,0 @@ -- Adds the `/software/install/results/:install_uuid` endpoint, which can be used to get the results - for a software install attempt. \ No newline at end of file diff --git a/changes/18039-private-IPv6-address b/changes/18039-private-IPv6-address deleted file mode 100644 index a07285324b..0000000000 --- a/changes/18039-private-IPv6-address +++ /dev/null @@ -1 +0,0 @@ -Fixed ingestion of private IPv6 address from agent. Host details page can now display private IPv6 address if private IPv4 does not exist. diff --git a/changes/18079-query-results-bug-transfer-hosts b/changes/18079-query-results-bug-transfer-hosts deleted file mode 100644 index 1e114771da..0000000000 --- a/changes/18079-query-results-bug-transfer-hosts +++ /dev/null @@ -1 +0,0 @@ -* Fixed bug where hosts query results were not cleared after transferring the host to other teams. diff --git a/changes/18085-fix-repeated-install-commands-of-fleetd-on-windows-mdm b/changes/18085-fix-repeated-install-commands-of-fleetd-on-windows-mdm deleted file mode 100644 index ee04c643b4..0000000000 --- a/changes/18085-fix-repeated-install-commands-of-fleetd-on-windows-mdm +++ /dev/null @@ -1 +0,0 @@ -* Fixed an issue on Windows hosts enrolled in MDM via Azure AD where the command to install Fleetd on the device was sent repeatedly, even though `fleetd` had been properly installed. diff --git a/changes/18118-run-script-updates b/changes/18118-run-script-updates deleted file mode 100644 index a2a42465ad..0000000000 --- a/changes/18118-run-script-updates +++ /dev/null @@ -1 +0,0 @@ -Added `--async` and `--quiet` to `fleetctl run-script` as well as allowing the contents of the script to be inline. diff --git a/changes/18121-api-command b/changes/18121-api-command deleted file mode 100644 index 48795b50ab..0000000000 --- a/changes/18121-api-command +++ /dev/null @@ -1 +0,0 @@ -Added a new command `fleetctl api` to be able to easily use fleetctl to hit any REST endpoint via the cli. diff --git a/changes/18157-update-platform-policy-stats b/changes/18157-update-platform-policy-stats deleted file mode 100644 index fdaa87d56d..0000000000 --- a/changes/18157-update-platform-policy-stats +++ /dev/null @@ -1 +0,0 @@ -When updating a policy's 'platform' field, the aggregated policy stats are now cleared. diff --git a/changes/18173-linux-async-wipe b/changes/18173-linux-async-wipe deleted file mode 100644 index c127c851d2..0000000000 --- a/changes/18173-linux-async-wipe +++ /dev/null @@ -1 +0,0 @@ -* Fixed bug where Linux host wipe would repeat if the host got re-enrolled diff --git a/changes/18187-ai-generated-backend b/changes/18187-ai-generated-backend deleted file mode 100644 index 2ed32e723d..0000000000 --- a/changes/18187-ai-generated-backend +++ /dev/null @@ -1,8 +0,0 @@ -Added `/api/_version_/fleet/autofill/policy` endpoint to get autogenerated policy description and resolution for a given SQL query. -- Fleet server will communicate with https://fleetdm.com to get the AI generated policy description and resolution. - -Added `server_settings.ai_features_disabled` setting to disable the above endpoint. - -For Google calendar integration, -- changed the event title to: "💻🚫 Scheduled maintenance" -- updated event description to include policy description and resolution if only one policy is failing diff --git a/changes/18221-host_software-count b/changes/18221-host_software-count deleted file mode 100644 index 04856df18b..0000000000 --- a/changes/18221-host_software-count +++ /dev/null @@ -1 +0,0 @@ -Broke apart the hourly host_software count query to reduce the individual query runtime. This fixes timeouts seen when host_software table has over 25 million records. diff --git a/changes/18318-extract-metadata-from-installers b/changes/18318-extract-metadata-from-installers deleted file mode 100644 index c504760224..0000000000 --- a/changes/18318-extract-metadata-from-installers +++ /dev/null @@ -1 +0,0 @@ -* Added support to extract package name and version from software installers. diff --git a/changes/18319-api-to-list-host-software b/changes/18319-api-to-list-host-software deleted file mode 100644 index feaf6422d1..0000000000 --- a/changes/18319-api-to-list-host-software +++ /dev/null @@ -1 +0,0 @@ -* Added the `GET /api/v1/fleet/hosts/{id}/software` (and corresponding token-authenticated endpoint for the "My device" page) to list the installed (and available for install) software for the host. diff --git a/changes/18325-add-software-installers-to-fleetctl b/changes/18325-add-software-installers-to-fleetctl deleted file mode 100644 index 9171ee5219..0000000000 --- a/changes/18325-add-software-installers-to-fleetctl +++ /dev/null @@ -1 +0,0 @@ -* Added `software` team setting to add software installers in YAML files for `fleetctl apply` and `fleetctl gitops`. diff --git a/changes/18329-storage-for-software-installers b/changes/18329-storage-for-software-installers deleted file mode 100644 index bb091e01cb..0000000000 --- a/changes/18329-storage-for-software-installers +++ /dev/null @@ -1 +0,0 @@ -* Implemented an S3-based and local filesystem-based storage abstraction for software installers. diff --git a/changes/18330-global-activites b/changes/18330-global-activites deleted file mode 100644 index 0c292425fa..0000000000 --- a/changes/18330-global-activites +++ /dev/null @@ -1 +0,0 @@ -- Adds support to the global activity feed for "Added software" and "Deleted software" actions. \ No newline at end of file diff --git a/changes/18363-bugfix-count-hosts-in-label-endpoints b/changes/18363-bugfix-count-hosts-in-label-endpoints deleted file mode 100644 index fad18f1f14..0000000000 --- a/changes/18363-bugfix-count-hosts-in-label-endpoints +++ /dev/null @@ -1 +0,0 @@ -* Fixed a bug where the returned `count` field (the count of hosts in a label) as returned by the "Add label", "Update label" and "Get label" endpoints included hosts that the user did not have the permission to see, unlike the "List labels" endpoint which was correct. diff --git a/changes/18394-print-team-id b/changes/18394-print-team-id deleted file mode 100644 index 3dec347385..0000000000 --- a/changes/18394-print-team-id +++ /dev/null @@ -1 +0,0 @@ -* fleetctl prints team id as part of the `fleetctl get teams` command diff --git a/changes/18424-fix-users-query-for-linux b/changes/18424-fix-users-query-for-linux deleted file mode 100644 index cf4c0affc2..0000000000 --- a/changes/18424-fix-users-query-for-linux +++ /dev/null @@ -1 +0,0 @@ -* Fixed a bug with users not gathered on Linux devices. diff --git a/changes/18467-provide-way-to-escape-env-variables b/changes/18467-provide-way-to-escape-env-variables deleted file mode 100644 index 2e009e89ed..0000000000 --- a/changes/18467-provide-way-to-escape-env-variables +++ /dev/null @@ -1 +0,0 @@ -* Add support for escaping `$` (with `\`) in gitops yaml files. diff --git a/changes/18470-vuln-links b/changes/18470-vuln-links deleted file mode 100644 index 0dc05553fc..0000000000 --- a/changes/18470-vuln-links +++ /dev/null @@ -1 +0,0 @@ -- Update Windows vulnerabilities to link to NVD instead of Microsoft, aligning with all other vulnerabilities. diff --git a/changes/18477-apply-builtin-labels b/changes/18477-apply-builtin-labels deleted file mode 100644 index 70a008e744..0000000000 --- a/changes/18477-apply-builtin-labels +++ /dev/null @@ -1,4 +0,0 @@ -Built-in labels can now be applied via `fleetctl apply` as long as no changes are made to them. This allows the following workflow: - 1. `fleetctl get labels --yaml > labels.yml` - 2. (Optional) Edit/add non-built in labels in labels.yml - 3. `fleetctl apply -f labels.yml` diff --git a/changes/18506-linux-icon-bug b/changes/18506-linux-icon-bug deleted file mode 100644 index 9315ad5a0f..0000000000 --- a/changes/18506-linux-icon-bug +++ /dev/null @@ -1 +0,0 @@ -- UI: Fix icon on Software OS table to show a Linux icon for Linux operating systems diff --git a/changes/18531-failed-mdm-profs b/changes/18531-failed-mdm-profs deleted file mode 100644 index 049cbc3ac8..0000000000 --- a/changes/18531-failed-mdm-profs +++ /dev/null @@ -1 +0,0 @@ -- Fixes a bug where an MDM profile that wasn't present on a host wasn't removed from it in Fleet. \ No newline at end of file diff --git a/changes/18558-windows-mdm-start b/changes/18558-windows-mdm-start deleted file mode 100644 index 13e96aab57..0000000000 --- a/changes/18558-windows-mdm-start +++ /dev/null @@ -1 +0,0 @@ -* Fixed a bug that prevented the Fleet server to start if Windows MDM was configured but Apple MDM wasn't diff --git a/changes/18597-missing-tooltips b/changes/18597-missing-tooltips deleted file mode 100644 index 2aead74598..0000000000 --- a/changes/18597-missing-tooltips +++ /dev/null @@ -1,2 +0,0 @@ -* Restore missing tooltips when hovering over the disabled "Calendar events" manage automations -dropdown option. diff --git a/changes/18601-add-ubuntu-oval b/changes/18601-add-ubuntu-oval deleted file mode 100644 index 32538b41a5..0000000000 --- a/changes/18601-add-ubuntu-oval +++ /dev/null @@ -1 +0,0 @@ -- now supporting oval vulnerability scanning on Ubuntu 22.10, 23.04, 23.10, and 24.04 \ No newline at end of file diff --git a/changes/18605-host-expiry-window-setting b/changes/18605-host-expiry-window-setting deleted file mode 100644 index 594d274512..0000000000 --- a/changes/18605-host-expiry-window-setting +++ /dev/null @@ -1 +0,0 @@ -- UI: Fix host expiry window setting to be able to save \ No newline at end of file diff --git a/changes/18640-gitops-remove-teams b/changes/18640-gitops-remove-teams deleted file mode 100644 index 4fccef8b17..0000000000 --- a/changes/18640-gitops-remove-teams +++ /dev/null @@ -1,4 +0,0 @@ -Improvements to `fleetctl gitops` command: -- Added the ability to pass multiple files, like `fleetctl gitops -f file1 -f file2`, where the first file must be the global configuration -- Added the ability to remove teams that were not specified in team configs using the switch `--delete-other-teams` -- When passing a global config and team config during initial configuration, the `org_settings.mdm.apple_bm_default_team` value can be set to match the team that will be created by the provided team config. diff --git a/changes/18662-fix-accordion-text b/changes/18662-fix-accordion-text deleted file mode 100644 index 9eb729ba6a..0000000000 --- a/changes/18662-fix-accordion-text +++ /dev/null @@ -1 +0,0 @@ -- Update switched accordion text \ No newline at end of file diff --git a/changes/18673-cleanup-unused-software-installers b/changes/18673-cleanup-unused-software-installers deleted file mode 100644 index 1e39a89f2d..0000000000 --- a/changes/18673-cleanup-unused-software-installers +++ /dev/null @@ -1 +0,0 @@ -* Added a `cron` job to periodically remove unused software installers from the store. diff --git a/changes/18675-add-orbit-endpoint-for-software-install-results b/changes/18675-add-orbit-endpoint-for-software-install-results deleted file mode 100644 index 5cc376d760..0000000000 --- a/changes/18675-add-orbit-endpoint-for-software-install-results +++ /dev/null @@ -1 +0,0 @@ -* Added the `POST /api/fleet/orbit/software_install/result` endpoint for fleetd to send results for a software installation attempt. diff --git a/changes/18766-updating-user b/changes/18766-updating-user deleted file mode 100644 index b6fdc8628e..0000000000 --- a/changes/18766-updating-user +++ /dev/null @@ -1 +0,0 @@ -Fixed bug where updating user via `/api/v1/fleet/users/:id` endpoint sometimes did not update the activity feed and returned the un-updated user object. diff --git a/changes/18772-add-software-installs-to-host-activities b/changes/18772-add-software-installs-to-host-activities deleted file mode 100644 index c0b36638fa..0000000000 --- a/changes/18772-add-software-installs-to-host-activities +++ /dev/null @@ -1 +0,0 @@ -* Added software installation to the host's upcoming and past activities. diff --git a/changes/18808-macadmins-sofa-tables b/changes/18808-macadmins-sofa-tables deleted file mode 100644 index 9edbd94306..0000000000 --- a/changes/18808-macadmins-sofa-tables +++ /dev/null @@ -1 +0,0 @@ -Added the new `sofa_security_release_info` and `sofa_unpatched_cves` tables from `macadmins/osquery-extension` 1.0.1 diff --git a/changes/18831-add-available-installers-to-list-software-titles b/changes/18831-add-available-installers-to-list-software-titles deleted file mode 100644 index 8b01544862..0000000000 --- a/changes/18831-add-available-installers-to-list-software-titles +++ /dev/null @@ -1 +0,0 @@ -* Added the uninstalled but available software installers to the response payload of the "List software titles" endpoint (`GET /software/titles`). diff --git a/changes/18838-master-db-read-reduction b/changes/18838-master-db-read-reduction deleted file mode 100644 index 5b0346ee8f..0000000000 --- a/changes/18838-master-db-read-reduction +++ /dev/null @@ -1 +0,0 @@ -Optimized master DB accesses during host software ingestion. diff --git a/changes/18852-sw-versions-tooltips-bug b/changes/18852-sw-versions-tooltips-bug deleted file mode 100644 index 798bbc7c4d..0000000000 --- a/changes/18852-sw-versions-tooltips-bug +++ /dev/null @@ -1 +0,0 @@ -- Fix a bug where a singular software version in the Software table generated a tooltip unnecessarily. diff --git a/changes/18937-hide-severity-column b/changes/18937-hide-severity-column deleted file mode 100644 index 1356b2dac8..0000000000 --- a/changes/18937-hide-severity-column +++ /dev/null @@ -1 +0,0 @@ -- Fleet UI Bug fix: Fleet free doesn't return software severity so that column should be hidden diff --git a/changes/18944-chrome-detailed-queries b/changes/18944-chrome-detailed-queries deleted file mode 100644 index 140d9f73d7..0000000000 --- a/changes/18944-chrome-detailed-queries +++ /dev/null @@ -1 +0,0 @@ -Removed unsupported detailed queries for fleetd-chrome hosts. diff --git a/changes/18953-case-insensitive-host-queries-sort b/changes/18953-case-insensitive-host-queries-sort deleted file mode 100644 index cc1ea8be17..0000000000 --- a/changes/18953-case-insensitive-host-queries-sort +++ /dev/null @@ -1 +0,0 @@ -- Sort the host details page queries table case-insensitively. diff --git a/changes/19149-fix-cron-scep b/changes/19149-fix-cron-scep deleted file mode 100644 index 0464492d33..0000000000 --- a/changes/19149-fix-cron-scep +++ /dev/null @@ -1 +0,0 @@ -* Fixed an issue with SCEP renewals that could prevent commands to renew to be enqueued. diff --git a/changes/19153-duplicate b/changes/19153-duplicate deleted file mode 100644 index 584cb9fc3f..0000000000 --- a/changes/19153-duplicate +++ /dev/null @@ -1 +0,0 @@ -- Fixes a bug that caused the `GET /software/titles` endpoint to ignore the team filter for uploaded software. \ No newline at end of file diff --git a/changes/hosts-lifecycle b/changes/hosts-lifecycle deleted file mode 100644 index 9c4876c678..0000000000 --- a/changes/hosts-lifecycle +++ /dev/null @@ -1 +0,0 @@ -* Improved handling of different scenarios and edge cases when hosts turn on/off MDM. diff --git a/changes/issue-18326-ui-add-software b/changes/issue-18326-ui-add-software deleted file mode 100644 index 297caae502..0000000000 --- a/changes/issue-18326-ui-add-software +++ /dev/null @@ -1 +0,0 @@ -- add ability to upload software from the UI diff --git a/changes/issue-18328-updates-to-software-page-for-add-software b/changes/issue-18328-updates-to-software-page-for-add-software deleted file mode 100644 index b3b9a84add..0000000000 --- a/changes/issue-18328-updates-to-software-page-for-add-software +++ /dev/null @@ -1 +0,0 @@ -- udpates software page to support new add software feature. diff --git a/changes/issue-18389-fix-uploading-signed-apple-mobileconfig-profiles b/changes/issue-18389-fix-uploading-signed-apple-mobileconfig-profiles deleted file mode 100644 index b6b57c9f29..0000000000 --- a/changes/issue-18389-fix-uploading-signed-apple-mobileconfig-profiles +++ /dev/null @@ -1 +0,0 @@ -- fix issue with uploading of some signed apple mobileconfig profiles diff --git a/changes/issue-18898-external-id b/changes/issue-18898-external-id deleted file mode 100644 index 47a310be06..0000000000 --- a/changes/issue-18898-external-id +++ /dev/null @@ -1 +0,0 @@ -Add support for ExternalId in STS Assume Role APIs diff --git a/changes/jve-fix-script-typo b/changes/jve-fix-script-typo deleted file mode 100644 index 8f4ab4fbe4..0000000000 --- a/changes/jve-fix-script-typo +++ /dev/null @@ -1 +0,0 @@ -- Fixes some typos that were in the Powershell scripts for installing Windows software. \ No newline at end of file diff --git a/changes/jve-fix-software-package b/changes/jve-fix-software-package deleted file mode 100644 index ca614bff40..0000000000 --- a/changes/jve-fix-software-package +++ /dev/null @@ -1 +0,0 @@ -- Adds a missing field `software_package` to the response from the List Software Titles endpoint. \ No newline at end of file diff --git a/charts/fleet/Chart.yaml b/charts/fleet/Chart.yaml index cb5e685dc9..4f19441dff 100644 --- a/charts/fleet/Chart.yaml +++ b/charts/fleet/Chart.yaml @@ -8,7 +8,7 @@ version: v6.0.2 home: https://github.com/fleetdm/fleet sources: - https://github.com/fleetdm/fleet.git -appVersion: v4.49.4 +appVersion: v4.50.0 dependencies: - name: mysql condition: mysql.enabled diff --git a/charts/fleet/values.yaml b/charts/fleet/values.yaml index 9d01b2ab52..bc1cbc230f 100644 --- a/charts/fleet/values.yaml +++ b/charts/fleet/values.yaml @@ -2,7 +2,7 @@ # All settings related to how Fleet is deployed in Kubernetes hostName: fleet.localhost replicas: 3 # The number of Fleet instances to deploy -imageTag: v4.49.4 # Version of Fleet to deploy +imageTag: v4.50.0 # Version of Fleet to deploy podAnnotations: {} # Additional annotations to add to the Fleet pod serviceAccountAnnotations: {} # Additional annotations to add to the Fleet service account resources: diff --git a/infrastructure/dogfood/terraform/aws/variables.tf b/infrastructure/dogfood/terraform/aws/variables.tf index e7ebf26e3e..792548284b 100644 --- a/infrastructure/dogfood/terraform/aws/variables.tf +++ b/infrastructure/dogfood/terraform/aws/variables.tf @@ -56,7 +56,7 @@ variable "database_name" { variable "fleet_image" { description = "the name of the container image to run" - default = "fleetdm/fleet:v4.49.4" + default = "fleetdm/fleet:v4.50.0" } variable "software_inventory" { diff --git a/infrastructure/dogfood/terraform/gcp/variables.tf b/infrastructure/dogfood/terraform/gcp/variables.tf index cf1c9e7df6..96d6a46d05 100644 --- a/infrastructure/dogfood/terraform/gcp/variables.tf +++ b/infrastructure/dogfood/terraform/gcp/variables.tf @@ -68,5 +68,5 @@ variable "redis_mem" { } variable "image" { - default = "fleet:v4.49.4" + default = "fleet:v4.50.0" } diff --git a/terraform/README.md b/terraform/README.md index 8e3afe418f..4ab1239c1a 100644 --- a/terraform/README.md +++ b/terraform/README.md @@ -75,7 +75,7 @@ No resources. | [alb\_config](#input\_alb\_config) | n/a | 
object({
    name                 = optional(string, "fleet")
    security_groups      = optional(list(string), [])
    access_logs          = optional(map(string), {})
    allowed_cidrs        = optional(list(string), ["0.0.0.0/0"])
    allowed_ipv6_cidrs   = optional(list(string), ["::/0"])
    egress_cidrs         = optional(list(string), ["0.0.0.0/0"])
    egress_ipv6_cidrs    = optional(list(string), ["::/0"])
    extra_target_groups  = optional(any, [])
    https_listener_rules = optional(any, [])
    tls_policy           = optional(string, "ELBSecurityPolicy-TLS-1-2-2017-01")
    idle_timeout         = optional(number, 60)
  })
| `{}` | no | | [certificate\_arn](#input\_certificate\_arn) | n/a | `string` | n/a | yes | | [ecs\_cluster](#input\_ecs\_cluster) | The config for the terraform-aws-modules/ecs/aws module | 
object({
    autoscaling_capacity_providers = optional(any, {})
    cluster_configuration = optional(any, {
      execute_command_configuration = {
        logging = "OVERRIDE"
        log_configuration = {
          cloud_watch_log_group_name = "/aws/ecs/aws-ec2"
        }
      }
    })
    cluster_name = optional(string, "fleet")
    cluster_settings = optional(map(string), {
      "name" : "containerInsights",
      "value" : "enabled",
    })
    create                                = optional(bool, true)
    default_capacity_provider_use_fargate = optional(bool, true)
    fargate_capacity_providers = optional(any, {
      FARGATE = {
        default_capacity_provider_strategy = {
          weight = 100
        }
      }
      FARGATE_SPOT = {
        default_capacity_provider_strategy = {
          weight = 0
        }
      }
    })
    tags = optional(map(string))
  })
| 
{
  "autoscaling_capacity_providers": {},
  "cluster_configuration": {
    "execute_command_configuration": {
      "log_configuration": {
        "cloud_watch_log_group_name": "/aws/ecs/aws-ec2"
      },
      "logging": "OVERRIDE"
    }
  },
  "cluster_name": "fleet",
  "cluster_settings": {
    "name": "containerInsights",
    "value": "enabled"
  },
  "create": true,
  "default_capacity_provider_use_fargate": true,
  "fargate_capacity_providers": {
    "FARGATE": {
      "default_capacity_provider_strategy": {
        "weight": 100
      }
    },
    "FARGATE_SPOT": {
      "default_capacity_provider_strategy": {
        "weight": 0
      }
    }
  },
  "tags": {}
}
| no | -| [fleet\_config](#input\_fleet\_config) | The configuration object for Fleet itself. Fields that default to null will have their respective resources created if not specified. | 
object({
    mem                          = optional(number, 4096)
    cpu                          = optional(number, 512)
    image                        = optional(string, "fleetdm/fleet:v4.49.4")
    family                       = optional(string, "fleet")
    sidecars                     = optional(list(any), [])
    depends_on                   = optional(list(any), [])
    mount_points                 = optional(list(any), [])
    volumes                      = optional(list(any), [])
    extra_environment_variables  = optional(map(string), {})
    extra_iam_policies           = optional(list(string), [])
    extra_execution_iam_policies = optional(list(string), [])
    extra_secrets                = optional(map(string), {})
    security_groups              = optional(list(string), null)
    security_group_name          = optional(string, "fleet")
    iam_role_arn                 = optional(string, null)
    repository_credentials       = optional(string, "")
    service = optional(object({
      name = optional(string, "fleet")
      }), {
      name = "fleet"
    })
    database = optional(object({
      password_secret_arn = string
      user                = string
      database            = string
      address             = string
      rr_address          = optional(string, null)
      }), {
      password_secret_arn = null
      user                = null
      database            = null
      address             = null
      rr_address          = null
    })
    redis = optional(object({
      address = string
      use_tls = optional(bool, true)
      }), {
      address = null
      use_tls = true
    })
    awslogs = optional(object({
      name      = optional(string, null)
      region    = optional(string, null)
      create    = optional(bool, true)
      prefix    = optional(string, "fleet")
      retention = optional(number, 5)
      }), {
      name      = null
      region    = null
      prefix    = "fleet"
      retention = 5
    })
    loadbalancer = optional(object({
      arn = string
      }), {
      arn = null
    })
    extra_load_balancers = optional(list(any), [])
    networking = optional(object({
      subnets         = list(string)
      security_groups = optional(list(string), null)
      }), {
      subnets         = null
      security_groups = null
    })
    autoscaling = optional(object({
      max_capacity                 = optional(number, 5)
      min_capacity                 = optional(number, 1)
      memory_tracking_target_value = optional(number, 80)
      cpu_tracking_target_value    = optional(number, 80)
      }), {
      max_capacity                 = 5
      min_capacity                 = 1
      memory_tracking_target_value = 80
      cpu_tracking_target_value    = 80
    })
    iam = optional(object({
      role = optional(object({
        name        = optional(string, "fleet-role")
        policy_name = optional(string, "fleet-iam-policy")
        }), {
        name        = "fleet-role"
        policy_name = "fleet-iam-policy"
      })
      execution = optional(object({
        name        = optional(string, "fleet-execution-role")
        policy_name = optional(string, "fleet-execution-role")
        }), {
        name        = "fleet-execution-role"
        policy_name = "fleet-iam-policy-execution"
      })
      }), {
      name = "fleetdm-execution-role"
    })
  })
| 
{
  "autoscaling": {
    "cpu_tracking_target_value": 80,
    "max_capacity": 5,
    "memory_tracking_target_value": 80,
    "min_capacity": 1
  },
  "awslogs": {
    "create": true,
    "name": null,
    "prefix": "fleet",
    "region": null,
    "retention": 5
  },
  "cpu": 256,
  "database": {
    "address": null,
    "database": null,
    "password_secret_arn": null,
    "rr_address": null,
    "user": null
  },
  "depends_on": [],
  "extra_environment_variables": {},
  "extra_execution_iam_policies": [],
  "extra_iam_policies": [],
  "extra_load_balancers": [],
  "extra_secrets": {},
  "family": "fleet",
  "iam": {
    "execution": {
      "name": "fleet-execution-role",
      "policy_name": "fleet-iam-policy-execution"
    },
    "role": {
      "name": "fleet-role",
      "policy_name": "fleet-iam-policy"
    }
  },
  "iam_role_arn": null,
  "image": "fleetdm/fleet:v4.31.1",
  "loadbalancer": {
    "arn": null
  },
  "mem": 512,
  "mount_points": [],
  "networking": {
    "security_groups": null,
    "subnets": null
  },
  "redis": {
    "address": null,
    "use_tls": true
  },
  "repository_credentials": "",
  "security_group_name": "fleet",
  "security_groups": null,
  "service": {
    "name": "fleet"
  },
  "sidecars": [],
  "volumes": []
}
| no | +| [fleet\_config](#input\_fleet\_config) | The configuration object for Fleet itself. Fields that default to null will have their respective resources created if not specified. | 
object({
    mem                          = optional(number, 4096)
    cpu                          = optional(number, 512)
    image                        = optional(string, "fleetdm/fleet:v4.50.0")
    family                       = optional(string, "fleet")
    sidecars                     = optional(list(any), [])
    depends_on                   = optional(list(any), [])
    mount_points                 = optional(list(any), [])
    volumes                      = optional(list(any), [])
    extra_environment_variables  = optional(map(string), {})
    extra_iam_policies           = optional(list(string), [])
    extra_execution_iam_policies = optional(list(string), [])
    extra_secrets                = optional(map(string), {})
    security_groups              = optional(list(string), null)
    security_group_name          = optional(string, "fleet")
    iam_role_arn                 = optional(string, null)
    repository_credentials       = optional(string, "")
    service = optional(object({
      name = optional(string, "fleet")
      }), {
      name = "fleet"
    })
    database = optional(object({
      password_secret_arn = string
      user                = string
      database            = string
      address             = string
      rr_address          = optional(string, null)
      }), {
      password_secret_arn = null
      user                = null
      database            = null
      address             = null
      rr_address          = null
    })
    redis = optional(object({
      address = string
      use_tls = optional(bool, true)
      }), {
      address = null
      use_tls = true
    })
    awslogs = optional(object({
      name      = optional(string, null)
      region    = optional(string, null)
      create    = optional(bool, true)
      prefix    = optional(string, "fleet")
      retention = optional(number, 5)
      }), {
      name      = null
      region    = null
      prefix    = "fleet"
      retention = 5
    })
    loadbalancer = optional(object({
      arn = string
      }), {
      arn = null
    })
    extra_load_balancers = optional(list(any), [])
    networking = optional(object({
      subnets         = list(string)
      security_groups = optional(list(string), null)
      }), {
      subnets         = null
      security_groups = null
    })
    autoscaling = optional(object({
      max_capacity                 = optional(number, 5)
      min_capacity                 = optional(number, 1)
      memory_tracking_target_value = optional(number, 80)
      cpu_tracking_target_value    = optional(number, 80)
      }), {
      max_capacity                 = 5
      min_capacity                 = 1
      memory_tracking_target_value = 80
      cpu_tracking_target_value    = 80
    })
    iam = optional(object({
      role = optional(object({
        name        = optional(string, "fleet-role")
        policy_name = optional(string, "fleet-iam-policy")
        }), {
        name        = "fleet-role"
        policy_name = "fleet-iam-policy"
      })
      execution = optional(object({
        name        = optional(string, "fleet-execution-role")
        policy_name = optional(string, "fleet-execution-role")
        }), {
        name        = "fleet-execution-role"
        policy_name = "fleet-iam-policy-execution"
      })
      }), {
      name = "fleetdm-execution-role"
    })
  })
| 
{
  "autoscaling": {
    "cpu_tracking_target_value": 80,
    "max_capacity": 5,
    "memory_tracking_target_value": 80,
    "min_capacity": 1
  },
  "awslogs": {
    "create": true,
    "name": null,
    "prefix": "fleet",
    "region": null,
    "retention": 5
  },
  "cpu": 256,
  "database": {
    "address": null,
    "database": null,
    "password_secret_arn": null,
    "rr_address": null,
    "user": null
  },
  "depends_on": [],
  "extra_environment_variables": {},
  "extra_execution_iam_policies": [],
  "extra_iam_policies": [],
  "extra_load_balancers": [],
  "extra_secrets": {},
  "family": "fleet",
  "iam": {
    "execution": {
      "name": "fleet-execution-role",
      "policy_name": "fleet-iam-policy-execution"
    },
    "role": {
      "name": "fleet-role",
      "policy_name": "fleet-iam-policy"
    }
  },
  "iam_role_arn": null,
  "image": "fleetdm/fleet:v4.31.1",
  "loadbalancer": {
    "arn": null
  },
  "mem": 512,
  "mount_points": [],
  "networking": {
    "security_groups": null,
    "subnets": null
  },
  "redis": {
    "address": null,
    "use_tls": true
  },
  "repository_credentials": "",
  "security_group_name": "fleet",
  "security_groups": null,
  "service": {
    "name": "fleet"
  },
  "sidecars": [],
  "volumes": []
}
| no | | [migration\_config](#input\_migration\_config) | The configuration object for Fleet's migration task. | 
object({
    mem = number
    cpu = number
  })
| 
{
  "cpu": 1024,
  "mem": 2048
}
| no | | [rds\_config](#input\_rds\_config) | The config for the terraform-aws-modules/rds-aurora/aws module | 
object({
    name                            = optional(string, "fleet")
    engine_version                  = optional(string, "8.0.mysql_aurora.3.04.2")
    instance_class                  = optional(string, "db.t4g.large")
    subnets                         = optional(list(string), [])
    allowed_security_groups         = optional(list(string), [])
    allowed_cidr_blocks             = optional(list(string), [])
    apply_immediately               = optional(bool, true)
    monitoring_interval             = optional(number, 10)
    db_parameter_group_name         = optional(string)
    db_parameters                   = optional(map(string), {})
    db_cluster_parameter_group_name = optional(string)
    db_cluster_parameters           = optional(map(string), {})
    enabled_cloudwatch_logs_exports = optional(list(string), [])
    master_username                 = optional(string, "fleet")
    snapshot_identifier             = optional(string)
    cluster_tags                    = optional(map(string), {})
  })
| 
{
  "allowed_cidr_blocks": [],
  "allowed_security_groups": [],
  "apply_immediately": true,
  "cluster_tags": {},
  "db_cluster_parameter_group_name": null,
  "db_cluster_parameters": {},
  "db_parameter_group_name": null,
  "db_parameters": {},
  "enabled_cloudwatch_logs_exports": [],
  "engine_version": "8.0.mysql_aurora.3.04.2",
  "instance_class": "db.t4g.large",
  "master_username": "fleet",
  "monitoring_interval": 10,
  "name": "fleet",
  "snapshot_identifier": null,
  "subnets": []
}
| no | | [redis\_config](#input\_redis\_config) | n/a | 
object({
    name                          = optional(string, "fleet")
    replication_group_id          = optional(string)
    elasticache_subnet_group_name = optional(string)
    allowed_security_group_ids    = optional(list(string), [])
    subnets                       = optional(list(string))
    availability_zones            = optional(list(string))
    cluster_size                  = optional(number, 3)
    instance_type                 = optional(string, "cache.m5.large")
    apply_immediately             = optional(bool, true)
    automatic_failover_enabled    = optional(bool, false)
    engine_version                = optional(string, "6.x")
    family                        = optional(string, "redis6.x")
    at_rest_encryption_enabled    = optional(bool, true)
    transit_encryption_enabled    = optional(bool, true)
    parameter = optional(list(object({
      name  = string
      value = string
    })), [])
    log_delivery_configuration = optional(list(map(any)), [])
    tags                       = optional(map(string), {})
  })
| 
{
  "allowed_security_group_ids": [],
  "apply_immediately": true,
  "at_rest_encryption_enabled": true,
  "automatic_failover_enabled": false,
  "availability_zones": null,
  "cluster_size": 3,
  "elasticache_subnet_group_name": null,
  "engine_version": "6.x",
  "family": "redis6.x",
  "instance_type": "cache.m5.large",
  "log_delivery_configuration": [],
  "name": "fleet",
  "parameter": [],
  "replication_group_id": null,
  "subnets": null,
  "tags": {},
  "transit_encryption_enabled": true
}
| no | diff --git a/terraform/byo-vpc/README.md b/terraform/byo-vpc/README.md index 5a1164ec25..28b7c9201a 100644 --- a/terraform/byo-vpc/README.md +++ b/terraform/byo-vpc/README.md @@ -34,7 +34,7 @@ No requirements. | [alb\_config](#input\_alb\_config) | n/a | 
object({
    name                 = optional(string, "fleet")
    subnets              = list(string)
    security_groups      = optional(list(string), [])
    access_logs          = optional(map(string), {})
    certificate_arn      = string
    allowed_cidrs        = optional(list(string), ["0.0.0.0/0"])
    allowed_ipv6_cidrs   = optional(list(string), ["::/0"])
    egress_cidrs         = optional(list(string), ["0.0.0.0/0"])
    egress_ipv6_cidrs    = optional(list(string), ["::/0"])
    extra_target_groups  = optional(any, [])
    https_listener_rules = optional(any, [])
    tls_policy           = optional(string, "ELBSecurityPolicy-TLS-1-2-2017-01")
    idle_timeout         = optional(number, 60)
  })
| n/a | yes | | [ecs\_cluster](#input\_ecs\_cluster) | The config for the terraform-aws-modules/ecs/aws module | 
object({
    autoscaling_capacity_providers = optional(any, {})
    cluster_configuration = optional(any, {
      execute_command_configuration = {
        logging = "OVERRIDE"
        log_configuration = {
          cloud_watch_log_group_name = "/aws/ecs/aws-ec2"
        }
      }
    })
    cluster_name = optional(string, "fleet")
    cluster_settings = optional(map(string), {
      "name" : "containerInsights",
      "value" : "enabled",
    })
    create                                = optional(bool, true)
    default_capacity_provider_use_fargate = optional(bool, true)
    fargate_capacity_providers = optional(any, {
      FARGATE = {
        default_capacity_provider_strategy = {
          weight = 100
        }
      }
      FARGATE_SPOT = {
        default_capacity_provider_strategy = {
          weight = 0
        }
      }
    })
    tags = optional(map(string))
  })
| 
{
  "autoscaling_capacity_providers": {},
  "cluster_configuration": {
    "execute_command_configuration": {
      "log_configuration": {
        "cloud_watch_log_group_name": "/aws/ecs/aws-ec2"
      },
      "logging": "OVERRIDE"
    }
  },
  "cluster_name": "fleet",
  "cluster_settings": {
    "name": "containerInsights",
    "value": "enabled"
  },
  "create": true,
  "default_capacity_provider_use_fargate": true,
  "fargate_capacity_providers": {
    "FARGATE": {
      "default_capacity_provider_strategy": {
        "weight": 100
      }
    },
    "FARGATE_SPOT": {
      "default_capacity_provider_strategy": {
        "weight": 0
      }
    }
  },
  "tags": {}
}
| no | <<<<<<< HEAD -| [fleet\_config](#input\_fleet\_config) | The configuration object for Fleet itself. Fields that default to null will have their respective resources created if not specified. | 
object({
    mem                          = optional(number, 4096)
    cpu                          = optional(number, 512)
    image                        = optional(string, "fleetdm/fleet:v4.49.4")
    family                       = optional(string, "fleet")
    sidecars                     = optional(list(any), [])
    depends_on                   = optional(list(any), [])
    mount_points                 = optional(list(any), [])
    volumes                      = optional(list(any), [])
    extra_environment_variables  = optional(map(string), {})
    extra_iam_policies           = optional(list(string), [])
    extra_execution_iam_policies = optional(list(string), [])
    extra_secrets                = optional(map(string), {})
    security_groups              = optional(list(string), null)
    security_group_name          = optional(string, "fleet")
    iam_role_arn                 = optional(string, null)
    service = optional(object({
      name = optional(string, "fleet")
      }), {
      name = "fleet"
    })
    database = optional(object({
      password_secret_arn = string
      user                = string
      database            = string
      address             = string
      rr_address          = optional(string, null)
      }), {
      password_secret_arn = null
      user                = null
      database            = null
      address             = null
      rr_address          = null
    })
    redis = optional(object({
      address = string
      use_tls = optional(bool, true)
      }), {
      address = null
      use_tls = true
    })
    awslogs = optional(object({
      name      = optional(string, null)
      region    = optional(string, null)
      create    = optional(bool, true)
      prefix    = optional(string, "fleet")
      retention = optional(number, 5)
      }), {
      name      = null
      region    = null
      prefix    = "fleet"
      retention = 5
    })
    loadbalancer = optional(object({
      arn = string
      }), {
      arn = null
    })
    extra_load_balancers = optional(list(any), [])
    networking = optional(object({
      subnets         = list(string)
      security_groups = optional(list(string), null)
      }), {
      subnets         = null
      security_groups = null
    })
    autoscaling = optional(object({
      max_capacity                 = optional(number, 5)
      min_capacity                 = optional(number, 1)
      memory_tracking_target_value = optional(number, 80)
      cpu_tracking_target_value    = optional(number, 80)
      }), {
      max_capacity                 = 5
      min_capacity                 = 1
      memory_tracking_target_value = 80
      cpu_tracking_target_value    = 80
    })
    iam = optional(object({
      role = optional(object({
        name        = optional(string, "fleet-role")
        policy_name = optional(string, "fleet-iam-policy")
        }), {
        name        = "fleet-role"
        policy_name = "fleet-iam-policy"
      })
      execution = optional(object({
        name        = optional(string, "fleet-execution-role")
        policy_name = optional(string, "fleet-execution-role")
        }), {
        name        = "fleet-execution-role"
        policy_name = "fleet-iam-policy-execution"
      })
      }), {
      name = "fleetdm-execution-role"
    })
  })
| 
{
  "autoscaling": {
    "cpu_tracking_target_value": 80,
    "max_capacity": 5,
    "memory_tracking_target_value": 80,
    "min_capacity": 1
  },
  "awslogs": {
    "create": true,
    "name": null,
    "prefix": "fleet",
    "region": null,
    "retention": 5
  },
  "cpu": 256,
  "database": {
    "address": null,
    "database": null,
    "password_secret_arn": null,
    "rr_address": null,
    "user": null
  },
  "depends_on": [],
  "extra_environment_variables": {},
  "extra_execution_iam_policies": [],
  "extra_iam_policies": [],
  "extra_load_balancers": [],
  "extra_secrets": {},
  "family": "fleet",
  "iam": {
    "execution": {
      "name": "fleet-execution-role",
      "policy_name": "fleet-iam-policy-execution"
    },
    "role": {
      "name": "fleet-role",
      "policy_name": "fleet-iam-policy"
    }
  },
  "iam_role_arn": null,
  "image": "fleetdm/fleet:v4.31.1",
  "loadbalancer": {
    "arn": null
  },
  "mem": 512,
  "mount_points": [],
  "networking": {
    "security_groups": null,
    "subnets": null
  },
  "redis": {
    "address": null,
    "use_tls": true
  },
  "security_group_name": "fleet",
  "security_groups": null,
  "service": {
    "name": "fleet"
  },
  "sidecars": [],
  "volumes": []
}
| no | +| [fleet\_config](#input\_fleet\_config) | The configuration object for Fleet itself. Fields that default to null will have their respective resources created if not specified. | 
object({
    mem                          = optional(number, 4096)
    cpu                          = optional(number, 512)
    image                        = optional(string, "fleetdm/fleet:v4.50.0")
    family                       = optional(string, "fleet")
    sidecars                     = optional(list(any), [])
    depends_on                   = optional(list(any), [])
    mount_points                 = optional(list(any), [])
    volumes                      = optional(list(any), [])
    extra_environment_variables  = optional(map(string), {})
    extra_iam_policies           = optional(list(string), [])
    extra_execution_iam_policies = optional(list(string), [])
    extra_secrets                = optional(map(string), {})
    security_groups              = optional(list(string), null)
    security_group_name          = optional(string, "fleet")
    iam_role_arn                 = optional(string, null)
    service = optional(object({
      name = optional(string, "fleet")
      }), {
      name = "fleet"
    })
    database = optional(object({
      password_secret_arn = string
      user                = string
      database            = string
      address             = string
      rr_address          = optional(string, null)
      }), {
      password_secret_arn = null
      user                = null
      database            = null
      address             = null
      rr_address          = null
    })
    redis = optional(object({
      address = string
      use_tls = optional(bool, true)
      }), {
      address = null
      use_tls = true
    })
    awslogs = optional(object({
      name      = optional(string, null)
      region    = optional(string, null)
      create    = optional(bool, true)
      prefix    = optional(string, "fleet")
      retention = optional(number, 5)
      }), {
      name      = null
      region    = null
      prefix    = "fleet"
      retention = 5
    })
    loadbalancer = optional(object({
      arn = string
      }), {
      arn = null
    })
    extra_load_balancers = optional(list(any), [])
    networking = optional(object({
      subnets         = list(string)
      security_groups = optional(list(string), null)
      }), {
      subnets         = null
      security_groups = null
    })
    autoscaling = optional(object({
      max_capacity                 = optional(number, 5)
      min_capacity                 = optional(number, 1)
      memory_tracking_target_value = optional(number, 80)
      cpu_tracking_target_value    = optional(number, 80)
      }), {
      max_capacity                 = 5
      min_capacity                 = 1
      memory_tracking_target_value = 80
      cpu_tracking_target_value    = 80
    })
    iam = optional(object({
      role = optional(object({
        name        = optional(string, "fleet-role")
        policy_name = optional(string, "fleet-iam-policy")
        }), {
        name        = "fleet-role"
        policy_name = "fleet-iam-policy"
      })
      execution = optional(object({
        name        = optional(string, "fleet-execution-role")
        policy_name = optional(string, "fleet-execution-role")
        }), {
        name        = "fleet-execution-role"
        policy_name = "fleet-iam-policy-execution"
      })
      }), {
      name = "fleetdm-execution-role"
    })
  })
| 
{
  "autoscaling": {
    "cpu_tracking_target_value": 80,
    "max_capacity": 5,
    "memory_tracking_target_value": 80,
    "min_capacity": 1
  },
  "awslogs": {
    "create": true,
    "name": null,
    "prefix": "fleet",
    "region": null,
    "retention": 5
  },
  "cpu": 256,
  "database": {
    "address": null,
    "database": null,
    "password_secret_arn": null,
    "rr_address": null,
    "user": null
  },
  "depends_on": [],
  "extra_environment_variables": {},
  "extra_execution_iam_policies": [],
  "extra_iam_policies": [],
  "extra_load_balancers": [],
  "extra_secrets": {},
  "family": "fleet",
  "iam": {
    "execution": {
      "name": "fleet-execution-role",
      "policy_name": "fleet-iam-policy-execution"
    },
    "role": {
      "name": "fleet-role",
      "policy_name": "fleet-iam-policy"
    }
  },
  "iam_role_arn": null,
  "image": "fleetdm/fleet:v4.31.1",
  "loadbalancer": {
    "arn": null
  },
  "mem": 512,
  "mount_points": [],
  "networking": {
    "security_groups": null,
    "subnets": null
  },
  "redis": {
    "address": null,
    "use_tls": true
  },
  "security_group_name": "fleet",
  "security_groups": null,
  "service": {
    "name": "fleet"
  },
  "sidecars": [],
  "volumes": []
}
| no | ======= | [fleet\_config](#input\_fleet\_config) | The configuration object for Fleet itself. Fields that default to null will have their respective resources created if not specified. | 
object({
    mem                          = optional(number, 4096)
    cpu                          = optional(number, 512)
    image                        = optional(string, "fleetdm/fleet:v4.48.0")
    family                       = optional(string, "fleet")
    sidecars                     = optional(list(any), [])
    depends_on                   = optional(list(any), [])
    mount_points                 = optional(list(any), [])
    volumes                      = optional(list(any), [])
    extra_environment_variables  = optional(map(string), {})
    extra_iam_policies           = optional(list(string), [])
    extra_execution_iam_policies = optional(list(string), [])
    extra_secrets                = optional(map(string), {})
    security_groups              = optional(list(string), null)
    security_group_name          = optional(string, "fleet")
    iam_role_arn                 = optional(string, null)
    repository_credentials       = optional(string, "")
    service = optional(object({
      name = optional(string, "fleet")
      }), {
      name = "fleet"
    })
    database = optional(object({
      password_secret_arn = string
      user                = string
      database            = string
      address             = string
      rr_address          = optional(string, null)
      }), {
      password_secret_arn = null
      user                = null
      database            = null
      address             = null
      rr_address          = null
    })
    redis = optional(object({
      address = string
      use_tls = optional(bool, true)
      }), {
      address = null
      use_tls = true
    })
    awslogs = optional(object({
      name      = optional(string, null)
      region    = optional(string, null)
      create    = optional(bool, true)
      prefix    = optional(string, "fleet")
      retention = optional(number, 5)
      }), {
      name      = null
      region    = null
      prefix    = "fleet"
      retention = 5
    })
    loadbalancer = optional(object({
      arn = string
      }), {
      arn = null
    })
    extra_load_balancers = optional(list(any), [])
    networking = optional(object({
      subnets         = list(string)
      security_groups = optional(list(string), null)
      }), {
      subnets         = null
      security_groups = null
    })
    autoscaling = optional(object({
      max_capacity                 = optional(number, 5)
      min_capacity                 = optional(number, 1)
      memory_tracking_target_value = optional(number, 80)
      cpu_tracking_target_value    = optional(number, 80)
      }), {
      max_capacity                 = 5
      min_capacity                 = 1
      memory_tracking_target_value = 80
      cpu_tracking_target_value    = 80
    })
    iam = optional(object({
      role = optional(object({
        name        = optional(string, "fleet-role")
        policy_name = optional(string, "fleet-iam-policy")
        }), {
        name        = "fleet-role"
        policy_name = "fleet-iam-policy"
      })
      execution = optional(object({
        name        = optional(string, "fleet-execution-role")
        policy_name = optional(string, "fleet-execution-role")
        }), {
        name        = "fleet-execution-role"
        policy_name = "fleet-iam-policy-execution"
      })
      }), {
      name = "fleetdm-execution-role"
    })
  })
| 
{
  "autoscaling": {
    "cpu_tracking_target_value": 80,
    "max_capacity": 5,
    "memory_tracking_target_value": 80,
    "min_capacity": 1
  },
  "awslogs": {
    "create": true,
    "name": null,
    "prefix": "fleet",
    "region": null,
    "retention": 5
  },
  "cpu": 256,
  "database": {
    "address": null,
    "database": null,
    "password_secret_arn": null,
    "rr_address": null,
    "user": null
  },
  "depends_on": [],
  "extra_environment_variables": {},
  "extra_execution_iam_policies": [],
  "extra_iam_policies": [],
  "extra_load_balancers": [],
  "extra_secrets": {},
  "family": "fleet",
  "iam": {
    "execution": {
      "name": "fleet-execution-role",
      "policy_name": "fleet-iam-policy-execution"
    },
    "role": {
      "name": "fleet-role",
      "policy_name": "fleet-iam-policy"
    }
  },
  "iam_role_arn": null,
  "image": "fleetdm/fleet:v4.31.1",
  "loadbalancer": {
    "arn": null
  },
  "mem": 512,
  "mount_points": [],
  "networking": {
    "security_groups": null,
    "subnets": null
  },
  "redis": {
    "address": null,
    "use_tls": true
  },
  "repository_credentials": "",
  "security_group_name": "fleet",
  "security_groups": null,
  "service": {
    "name": "fleet"
  },
  "sidecars": [],
  "volumes": []
}
| no | >>>>>>> 025004bcf (support private registry in the ecs task definition) diff --git a/terraform/byo-vpc/byo-db/byo-ecs/variables.tf b/terraform/byo-vpc/byo-db/byo-ecs/variables.tf index ff5763afc8..cbbf1e2cb3 100644 --- a/terraform/byo-vpc/byo-db/byo-ecs/variables.tf +++ b/terraform/byo-vpc/byo-db/byo-ecs/variables.tf @@ -13,7 +13,7 @@ variable "fleet_config" { type = object({ mem = optional(number, 4096) cpu = optional(number, 512) - image = optional(string, "fleetdm/fleet:v4.49.4") + image = optional(string, "fleetdm/fleet:v4.50.0") family = optional(string, "fleet") sidecars = optional(list(any), []) depends_on = optional(list(any), []) diff --git a/terraform/byo-vpc/byo-db/variables.tf b/terraform/byo-vpc/byo-db/variables.tf index 00ef37941f..e07b46fbc5 100644 --- a/terraform/byo-vpc/byo-db/variables.tf +++ b/terraform/byo-vpc/byo-db/variables.tf @@ -74,7 +74,7 @@ variable "fleet_config" { type = object({ mem = optional(number, 4096) cpu = optional(number, 512) - image = optional(string, "fleetdm/fleet:v4.49.4") + image = optional(string, "fleetdm/fleet:v4.50.0") family = optional(string, "fleet") sidecars = optional(list(any), []) depends_on = optional(list(any), []) diff --git a/terraform/byo-vpc/example/main.tf b/terraform/byo-vpc/example/main.tf index 77f82c48c1..72dab81e75 100644 --- a/terraform/byo-vpc/example/main.tf +++ b/terraform/byo-vpc/example/main.tf @@ -17,7 +17,7 @@ provider "aws" { } locals { - fleet_image = "fleetdm/fleet:v4.49.4" + fleet_image = "fleetdm/fleet:v4.50.0" domain_name = "example.com" } diff --git a/terraform/byo-vpc/variables.tf b/terraform/byo-vpc/variables.tf index d368ca2bef..437ee96fce 100644 --- a/terraform/byo-vpc/variables.tf +++ b/terraform/byo-vpc/variables.tf @@ -167,7 +167,7 @@ variable "fleet_config" { type = object({ mem = optional(number, 4096) cpu = optional(number, 512) - image = optional(string, "fleetdm/fleet:v4.49.4") + image = optional(string, "fleetdm/fleet:v4.50.0") family = optional(string, "fleet") sidecars = optional(list(any), []) depends_on = optional(list(any), []) diff --git a/terraform/example/main.tf b/terraform/example/main.tf index ce6d77b1f6..be3c20a582 100644 --- a/terraform/example/main.tf +++ b/terraform/example/main.tf @@ -59,8 +59,8 @@ module "fleet" { fleet_config = { # To avoid pull-rate limiting from dockerhub, consider using our quay.io mirror - # for the Fleet image. e.g. "quay.io/fleetdm/fleet:v4.49.4" - image = "fleetdm/fleet:v4.49.4" # override default to deploy the image you desire + # for the Fleet image. e.g. "quay.io/fleetdm/fleet:v4.50.0" + image = "fleetdm/fleet:v4.50.0" # override default to deploy the image you desire # See https://fleetdm.com/docs/deploy/reference-architectures#aws for appropriate scaling # memory and cpu. autoscaling = { diff --git a/terraform/variables.tf b/terraform/variables.tf index db10a5ad99..de14e21f9f 100644 --- a/terraform/variables.tf +++ b/terraform/variables.tf @@ -215,7 +215,7 @@ variable "fleet_config" { type = object({ mem = optional(number, 4096) cpu = optional(number, 512) - image = optional(string, "fleetdm/fleet:v4.49.4") + image = optional(string, "fleetdm/fleet:v4.50.0") family = optional(string, "fleet") sidecars = optional(list(any), []) depends_on = optional(list(any), []) diff --git a/tools/fleetctl-npm/package.json b/tools/fleetctl-npm/package.json index c0269fa5c4..a3764831a3 100644 --- a/tools/fleetctl-npm/package.json +++ b/tools/fleetctl-npm/package.json @@ -1,6 +1,6 @@ { "name": "fleetctl", - "version": "v4.49.4", + "version": "v4.50.0", "description": "Installer for the fleetctl CLI tool", "bin": { "fleetctl": "./run.js"