Commit graph

8 commits

Author SHA1 Message Date
Scott Gress
e62bdf17b6
Remove UI gating in GitOps mode for excepted entities (#42486)
<!-- Add the related story/sub-task/bug number, like Resolves #123, or
remove if NA -->
**Related issue:** Resolves #42184 

# Checklist for submitter

If some of the following don't apply, delete the relevant line.

- [ ] Changes file added for user-visible changes in `changes/`,
`orbit/changes/` or `ee/fleetd-chrome/changes`.
See [Changes
files](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/guides/committing-changes.md#changes-files)
for more information.

- [ ] Input data is properly validated, `SELECT *` is avoided, SQL
injection is prevented (using placeholders for values in statements), JS
inline code is prevented especially for url redirects, and untrusted
data interpolated into shell scripts/commands is validated against shell
metacharacters.
- [ ] If paths of existing endpoints are modified without backwards
compatibility, checked the frontend/CLI for any necessary changes

## Testing

- [ ] Added/updated automated tests
- [ ] Where appropriate, [automated tests simulate multiple hosts and
test for host
isolation](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/reference/patterns-backend.md#unit-testing)
(updates to one hosts's records do not affect another)

- [ ] QA'd all new/changed functionality manually

For unreleased bug fixes in a release candidate, one of:

- [ ] Confirmed that the fix is not expected to adversely impact load
test results
- [ ] Alerted the release DRI if additional load testing is needed

## Database migrations

- [ ] Checked schema for all modified table for columns that will
auto-update timestamps during migration.
- [ ] Confirmed that updating the timestamps is acceptable, and will not
cause unwanted side effects.
- [ ] Ensured the correct collation is explicitly set for character
columns (`COLLATE utf8mb4_unicode_ci`).

## New Fleet configuration settings

- [ ] Setting(s) is/are explicitly excluded from GitOps

If you didn't check the box above, follow this checklist for
GitOps-enabled settings:

- [ ] Verified that the setting is exported via `fleetctl
generate-gitops`
- [ ] Verified the setting is documented in a separate PR to [the GitOps
documentation](https://github.com/fleetdm/fleet/blob/main/docs/Configuration/yaml-files.md#L485)
- [ ] Verified that the setting is cleared on the server if it is not
supplied in a YAML file (or that it is documented as being optional)
- [ ] Verified that any relevant UI is disabled when GitOps mode is
enabled

## fleetd/orbit/Fleet Desktop

- [ ] Verified compatibility with the latest released version of Fleet
(see [Must
rule](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/workflows/fleetd-development-and-release-strategy.md))
- [ ] If the change applies to only one platform, confirmed that
`runtime.GOOS` is used as needed to isolate changes
- [ ] Verified that fleetd runs on macOS, Linux and Windows
- [ ] Verified auto-update works from the released version of component
to the new version (see [tools/tuf/test](../tools/tuf/test/README.md))


<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->

## Summary by CodeRabbit

## Release Notes

* **New Features**
* Added support for GitOps exceptions per entity type (labels, software,
secrets), allowing specific areas to bypass GitOps mode restrictions
when configured.

* **Bug Fixes**
* Improved GitOps mode behavior to properly respect per-entity-type
exception settings across software, labels, and secrets management.

* **Tests**
  * Extended test coverage for GitOps exception handling scenarios.

<!-- end of auto-generated comment: release notes by coderabbit.ai -->
2026-03-31 09:10:56 -05:00
Nico
ffe0f71c83
Technician role FE changes (#39494)
<!-- Add the related story/sub-task/bug number, like Resolves #123, or
remove if NA -->
**Related issue:** Resolves #38630

## Testing

- [x] QA'd all new/changed functionality manually

Screenshots below were taken with a **Team Technician** user. Same
changes apply for a **Global Technician**.

#### Controls > OS settings > Disk encryption

- Shows table without controls below.
- Shows empty state (doesn't allow to turn it on).

<img width="1915" height="886" alt="Screenshot 2026-02-10 at 12 24
25 PM"
src="https://github.com/user-attachments/assets/3f44d338-e728-4eb2-ad93-e30844201b52"
/>
<img width="1913" height="907" alt="Screenshot 2026-02-10 at 12 31
38 PM"
src="https://github.com/user-attachments/assets/71706e9e-0540-4c25-b5c0-3f7ccff3ba5a"
/>

#### Controls > OS settings > Custom settings

- Changed description to say **View configuration profiles that apply
custom settings.** instead of **Create and upload configuration profiles
to apply custom settings.**.
- **Add profile** not shown within table header.
- Trash can icon not shown when hovering over a row within the table.
- **Add profile** card not shown on empty state. Instead, "No
configuration profiles have been added." is shown.

<img width="1911" height="729" alt="Screenshot 2026-02-10 at 12 24
39 PM"
src="https://github.com/user-attachments/assets/aa68cbaf-4772-402d-9288-b4be2ddd3250"
/>
<img width="1912" height="650" alt="Screenshot 2026-02-10 at 12 28
48 PM"
src="https://github.com/user-attachments/assets/6a186172-b01f-4314-bb50-4cb533e13bce"
/>

#### Controls > Scripts > Library

- **Add script** not shown within table header.
- No actions shown when hovering over a table row.
- Can view script by clicking on a table row.
- Removed **To run the script across multiple hosts, add a policy
automation on the Policies page** line below **To run this script on a
host, go to the Hosts page and select a host.**.
- Updated copy to `To run this script on a host, go to the Hosts page
and select a host. Then, click Actions > Run script.`

<img width="1912" height="772" alt="Screenshot 2026-02-10 at 12 25
46 PM"
src="https://github.com/user-attachments/assets/83fbc1ec-3a6e-4bb5-865e-b5e7faef1e37"
/>

<img width="1732" height="761" alt="Screenshot 2026-02-11 at 3 50 33 PM"
src="https://github.com/user-attachments/assets/6dda97d7-fde2-4bcd-94b3-fa7368c65528"
/>


#### Labels

Can add label and filter by label

<img width="160" height="247" alt="Screenshot 2026-02-10 at 12 51 24 PM"
src="https://github.com/user-attachments/assets/ed63b708-27f8-4363-9d4f-9a7b0bf82b21"
/>

<img width="1901" height="856" alt="Screenshot 2026-02-10 at 12 35
07 PM"
src="https://github.com/user-attachments/assets/c2ef5e21-03ab-4955-a22f-cd6ca32f3179"
/>

<img width="1903" height="937" alt="Screenshot 2026-02-10 at 12 36
11 PM"
src="https://github.com/user-attachments/assets/d9d9f3bc-4d71-4c4b-902a-455eec9e057c"
/>

Can edit/delete labels created by themselves.
NOTE: my technician user ID is 37 - note that the **x** label belongs to
a different user id, while the second label belongs to ID 37, therefore
it can be edited and deleted.

<img width="1915" height="1152" alt="Screenshot 2026-02-10 at 12 38
29 PM"
src="https://github.com/user-attachments/assets/21f44c11-4e2d-456b-8547-90936b5d7602"
/>
<img width="1911" height="1154" alt="Screenshot 2026-02-10 at 12 38
42 PM"
src="https://github.com/user-attachments/assets/f9f7ea30-11b2-4d2d-9d71-de7299e4b451"
/>

Can delete manual label from host



https://github.com/user-attachments/assets/b64ba6dd-3f54-4dcd-9c57-7bede65122da

#### Host details

Can run scripts and view their results

<img width="1908" height="472" alt="Screenshot 2026-02-10 at 12 52
33 PM"
src="https://github.com/user-attachments/assets/d1e40339-ec52-47ff-bc53-c311498ffe80"
/>
<img width="1882" height="716" alt="Screenshot 2026-02-10 at 12 52
40 PM"
src="https://github.com/user-attachments/assets/dd0c2ec3-8cb8-4835-9c6d-f731a7434637"
/>
<img width="1915" height="718" alt="Screenshot 2026-02-10 at 12 52
48 PM"
src="https://github.com/user-attachments/assets/5e7a73e0-ac5b-4d38-b635-770f53dea9e3"
/>
<img width="1914" height="718" alt="Screenshot 2026-02-10 at 12 52
55 PM"
src="https://github.com/user-attachments/assets/b199c796-66b1-46bc-b2b5-fd35e8aa7a7c"
/>

Can run query associated to host as a live query




https://github.com/user-attachments/assets/7aea6f63-e443-4fa0-87dc-48bef84efa2f

#### Software

Doesn't show trash can icon on software installer card, just the
download one.

<img width="1423" height="838" alt="Screenshot 2026-02-10 at 1 33 53 PM"
src="https://github.com/user-attachments/assets/3a55c226-0bba-43ac-8594-7b5ac0a3684a"
/>

Can install/uninstall software on a host. Note that **Add software**
button is hidden (technicians can't add software).

<img width="1378" height="277" alt="Screenshot 2026-02-10 at 3 08 55 PM"
src="https://github.com/user-attachments/assets/bf413467-2071-48b6-b62b-f3a721b6057c"
/>



#### Queries

- Can run inherited queries on all hosts


https://github.com/user-attachments/assets/09f07e6b-a8c1-453e-81fd-4deb16005836

- Can run team queries on all hosts


https://github.com/user-attachments/assets/18b62dea-e159-40ea-b0ed-1d96b6bd40e7

- Can't manage automations or add queries (buttons are not shown at the
top-right corner)

#### Policies

Same as Queries



https://github.com/user-attachments/assets/2c24514a-2ae0-47a6-b631-6f9e48fc7b9c

#### Protected routes

Tested that I can't access routes that have restricted functionality for
this role, such as:

- **/controls/os-updates**, **/controls/setup-experience** and
**/controls/os-settings/certificates** => redirects to
**/controls/os-settings** 
- **/controls/scripts/progress** => redirects to
**/controls/scripts/library** 
- **/queries/new** and **/software/add/*** => renders access denied page


---------

Co-authored-by: Lucas Manuel Rodriguez <lucas@fleetdm.com>
2026-02-11 18:38:41 -03:00
Ian Littman
8e4e89f4e9
API + auth + UI changes for team labels (#37208)
Covers #36760, #36758.

# Checklist for submitter

If some of the following don't apply, delete the relevant line.

- [x] Changes file added for user-visible changes in `changes/`,
`orbit/changes/` or `ee/fleetd-chrome/changes`.
See [Changes
files](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/guides/committing-changes.md#changes-files)
for more information.

- [x] Input data is properly validated, `SELECT *` is avoided, SQL
injection is prevented (using placeholders for values in statements)

## Testing

- [x] Added/updated automated tests
- [x] Where appropriate, [automated tests simulate multiple hosts and
test for host
isolation](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/reference/patterns-backend.md#unit-testing)
(updates to one hosts's records do not affect another)

- [ ] QA'd all new/changed functionality manually
2025-12-29 21:28:45 -06:00
jacobshandling
45eccc1be1
Map raw label membership type to copy meant for render (#34387)
<!-- Add the related story/sub-task/bug number, like Resolves #123, or
remove if NA -->
**Related issue:** Resolves #34239

<img width="1765" height="1146" alt="Screenshot 2025-10-16 at 12 11
39 PM"
src="https://github.com/user-attachments/assets/4735012d-6ddc-45cd-87a8-f92c9b7283b0"
/>

- [x] Added/updated automated tests
- [x] QA'd all new/changed functionality manually
2025-10-16 13:05:43 -07:00
jacobshandling
94d801f9e1
3 Unreleased bug fixes (#34218)
# 3 unreleased bug fixes:

## Resolves #34123 
Footer when paginated:
<img width="1519" height="1123" alt="Screenshot 2025-10-14 at 1 23
00 PM"
src="https://github.com/user-attachments/assets/d69d27b4-44e4-4458-92be-e0dfaeab527f"
/>

No footer when only one page:
<img width="1523" height="1007" alt="Screenshot 2025-10-14 at 1 20
45 PM"
src="https://github.com/user-attachments/assets/2d8266bb-c872-4888-98b1-3af7147fd27f"
/>


## Resolves #34169 
Name + description are now truncated:
<img width="1732" height="710" alt="Screenshot 2025-10-14 at 11 11
32 AM"
src="https://github.com/user-attachments/assets/02a60892-e678-413e-a7d4-5c6d39980cd2"
/>


## Resolves #34170 
Labels page no longer re-renders unnecessarily

- [x] QA'd all new/changed functionality manually
- [x] Confirmed that the fix is not expected to adversely impact load
test results
2025-10-15 15:03:54 -07:00
Ian Littman
13c98e158f
Don't show edit option for host vitals labels, error if landing on edit UI for a host vitals label (#34139)
Fixes #34010. Also switches the landing page on edit error to the labels
list from hosts filtered by the label, since the next step is likely
"delete the label and add it back."

<!-- Add the related story/sub-task/bug number, like Resolves #123, or
remove if NA -->
**Related issue:** Resolves #

# Checklist for submitter

If some of the following don't apply, delete the relevant line.

- [x] Input data is properly validated, `SELECT *` is avoided, SQL
injection is prevented (using placeholders for values in statements)

## Testing

- [x] QA'd all new/changed functionality manually

For unreleased bug fixes in a release candidate, one of:

- [x] Confirmed that the fix is not expected to adversely impact load
test results
2025-10-14 10:52:03 -05:00
RachelElysia
4be5f35822
Fleet UI: Update labels page styling (#33628) 2025-09-30 13:43:54 -04:00
jacobshandling
7085a731d6
UI: Labels page (#33079)
## For #29721 
- Build the new Labels page
- Forward to the Labels page after saving a label

### [Demo
video](https://drive.google.com/file/d/1iArnSiVn7CSwOpCrKEdO9HByHu9qga3L/view?usp=sharing)

<img width="1798" height="1082" alt="Screenshot 2025-09-17 at 4 00
55 PM"
src="https://github.com/user-attachments/assets/6a51f48c-07c3-44d9-b2bf-07025ffa61ed"
/>



- [x] Changes file added for user-visible changes in `changes/`
- [x] Added/updated automated tests
- [x] QA'd all new/changed functionality manually

---------

Co-authored-by: Jacob Shandling <jacob@fleetdm.com>
2025-09-18 09:38:45 -07:00