<!-- Add the related story/sub-task/bug number, like Resolves#123, or
remove if NA -->
**Related issue:** Resolves#34376
# Checklist for submitter
If some of the following don't apply, delete the relevant line.
- [x] Changes file added for user-visible changes in `changes/`,
`orbit/changes/` or `ee/fleetd-chrome/changes`.
See [Changes
files](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/guides/committing-changes.md#changes-files)
for more information.
- [x] Input data is properly validated, `SELECT *` is avoided, SQL
injection is prevented (using placeholders for values in statements)
## Testing
- [x] Added/updated automated tests
- [x] Where appropriate, [automated tests simulate multiple hosts and
test for host
isolation](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/reference/patterns-backend.md#unit-testing)
(updates to one hosts's records do not affect another)
- [x] QA'd all new/changed functionality manually
## New Fleet configuration settings
If you didn't check the box above, follow this checklist for
GitOps-enabled settings:
- [x] Verified that the setting is exported via `fleetctl
generate-gitops`
- [x] Verified that the setting is cleared on the server if it is not
supplied in a YAML file (or that it is documented as being optional)
<!-- Add the related story/sub-task/bug number, like Resolves#123, or
remove if NA -->
**Related issue:** Resolves#36762
<img width="852" height="624" alt="Screenshot 2025-12-05 at 1 07 26 PM"
src="https://github.com/user-attachments/assets/f8624566-faaf-4c56-a1b5-608ea2bb976d"
/>
# Checklist for submitter
If some of the following don't apply, delete the relevant line.
- [x] Changes file added for user-visible changes in `changes/
- [x] QA'd all new/changed functionality manually
<!-- Add the related story/sub-task/bug number, like Resolves#123, or
remove if NA -->
**Related issue:** Resolves#36533
If variables can't be interpolated return 400.
# Checklist for submitter
If some of the following don't apply, delete the relevant line.
- [X] Changes file added for user-visible changes in `changes/`,
`orbit/changes/` or `ee/fleetd-chrome/changes`.
See [Changes
files](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/guides/committing-changes.md#changes-files)
for more information.
## Testing
- [X] Added/updated automated tests
<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit
* **Bug Fixes**
* Corrected HTTP status code returned when certificate template variable
interpolation fails
* Certificate delivery status now properly reflects failed
interpolation, improving visibility into deployment issues
<sub>✏️ Tip: You can customize this high-level summary in your review
settings.</sub>
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
---------
Co-authored-by: Victor Lyuboslavsky <2685025+getvictor@users.noreply.github.com>
<!-- Add the related story/sub-task/bug number, like Resolves#123, or
remove if NA -->
**Related issue:** Resolves#36731
- [x] Changes file added for user-visible changes in `changes/`
- [x] QA'd all new/changed functionality manually
<!-- Add the related story/sub-task/bug number, like Resolves#123, or
remove if NA -->
**Related issue:** Resolves#34072
# Checklist for submitter
If some of the following don't apply, delete the relevant line.
- [x] Changes file added for user-visible changes in `changes/`
- [x] Added/updated automated tests
- [x] QA'd all new/changed functionality manually
<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit
* **Bug Fixes**
* Improved request validation: filtering software titles by platform now
requires a team_id. The system returns a clear error message if platform
filtering is attempted without specifying a team.
* **Tests**
* Added test coverage for platform-based software title filtering and
validation scenarios.
<sub>✏️ Tip: You can customize this high-level summary in your review
settings.</sub>
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
<!-- Add the related story/sub-task/bug number, like Resolves#123, or
remove if NA -->
**Related issue:** Resolves#35058
- Open the Query save or save-as-new-ing flows in the UI even when a
syntax error is found in the Query's SQL.
- Continue blocking save when the query is empty
- Update tests
- JS –> TS housekeeping
<img width="1162" height="1248" alt="Screenshot 2025-12-02 at 4 31
47 PM"
src="https://github.com/user-attachments/assets/23b4e70d-f104-4b0e-b316-c03fb6492f59"
/>
<img width="1162" height="1248" alt="Screenshot 2025-12-02 at 4 31
50 PM"
src="https://github.com/user-attachments/assets/5b5ad0b7-36f0-4c5e-a2ff-e9665263c8f1"
/>
# Checklist for submitter
If some of the following don't apply, delete the relevant line.
- [x] Changes file added for user-visible changes in `changes/`
- [x] Added/updated automated tests
- [x] QA'd all new/changed functionality manually
* "invalid" according to Fleet's UI. Though we make efforts to fix false
negatives here as we become aware of them, that parsing is imperfectly
aligned with SQL that osquery considers valid
**Related issue:** Resolves#36287
Updated 'fleetd/certificates/<id>' and 'fleetd/certificates/<id>/status'
to authenticate using the orbit_node_key provided in the
'Authentication' header.
<!-- Add the related story/sub-task/bug number, like Resolves#123, or
remove if NA -->
**Related issue:** Resolves#35296
This makes the TurnOnMDMMessage component more generic and display a
configurage "Turn on" message. We then are able to use this in the End
user auth page on the controls page.
- [x] Changes file added for user-visible changes in `changes/`,
`orbit/changes/` or `ee/fleetd-chrome/changes`.
See [Changes
files](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/guides/committing-changes.md#changes-files)
for more information.
- [x] QA'd all new/changed functionality manually
<!-- Add the related story/sub-task/bug number, like Resolves#123, or
remove if NA -->
**Related issue:** Resolves#35371
This makes the spacing between UI elements on the mdm page consistant.
Specifically we just remove margins around the video element in the end
user migration section
- [x] Changes file added for user-visible changes in `changes/`,
`orbit/changes/` or `ee/fleetd-chrome/changes`.
- [x] QA'd all new/changed functionality manually
**Related issue:** Resolves#35465
# Checklist for submitter
If some of the following don't apply, delete the relevant line.
- [x] Changes file added for user-visible changes in `changes/`,
`orbit/changes/` or `ee/fleetd-chrome/changes`.
See [Changes
files](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/guides/committing-changes.md#changes-files)
for more information.
- [x] Input data is properly validated, `SELECT *` is avoided, SQL
injection is prevented (using placeholders for values in statements)
## Testing
- [x] Added/updated automated tests
- [ ] QA'd all new/changed functionality manually
<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit
## Release Notes
* **New Features**
* Added certificate template delivery support for MDM-enrolled Android
devices via managed configurations.
* Enhanced certificate templates with delivery status, challenge
information, and certificate authority type details.
* Improved host certificate template management with expanded database
operations for lookup, insertion, and status updates.
<sub>✏️ Tip: You can customize this high-level summary in your review
settings.</sub>
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
**Related issue:** Resolves#31973
Addresses a few closely related issues around determining the
appropriate UI to display for installed software
- Pass the inherited host's `softwareUpdatedAt` to the handler
responsible for determining the software's "UI display status" so it can
calculate whether it is "recently installed", as intended.
- In the scenario where the above is _not_ passed in for some reason,
default to "installed" ui display status any time the software's status
is "installed"
- Add a check that ensures the above default "installed" ui status is
captured even when `installed_versions` is `null`. This scenario
previously returned an "uninstalled" ui display status, which caused
this bug initially
<img width="1720" height="880" alt="Screenshot 2025-12-01 at 12 02
29 PM"
src="https://github.com/user-attachments/assets/20874ff5-133c-4b74-8634-2cdc2d3a1497"
/>
- [x] Changes file added for user-visible changes in `changes/
- [x] Added/updated automated tests
- [x] QA'd all new/changed functionality manually
**Related issue:** Resolves#36292
- Allow clients to specify details about the certificate template status
change.
- Allow clients to see the details of the certificate template status
change.
---------
Co-authored-by: Lucas Manuel Rodriguez <lucas@fleetdm.com>
<!-- Add the related story/sub-task/bug number, like Resolves#123, or
remove if NA -->
**Related issue:** Resolves#35601
# Checklist for submitter
If some of the following don't apply, delete the relevant line.
- [x] Changes file added for user-visible changes in `changes/`,
`orbit/changes/` or `ee/fleetd-chrome/changes`.
See [Changes
files](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/guides/committing-changes.md#changes-files)
for more information.
## Testing
- [x] QA'd all new/changed functionality manually
<!-- Add the related story/sub-task/bug number, like Resolves#123, or
remove if NA -->
**Related issue:** Resolves#33922
# Details
This PR addresses issues discovered with our on-the-fly calculations of
host `last_restarted_at` date, where it would drift slightly between
refreshes. Some users are relying on this value not changing between
restarts, so this PR moves to a strategy where we persist the date and,
when host details are refreshed, compare the new calculated date to the
persisted one and ignore changes < 30 seconds.
# Checklist for submitter
If some of the following don't apply, delete the relevant line.
- [X] Changes file added for user-visible changes in `changes/`,
`orbit/changes/` or `ee/fleetd-chrome/changes`.
See [Changes
files](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/guides/committing-changes.md#changes-files)
for more information.
- [X] Input data is properly validated, `SELECT *` is avoided, SQL
injection is prevented (using placeholders for values in statements)
## Testing
- [X] Added/updated automated tests
- [X] QA'd all new/changed functionality manually
## Database migrations
- [X] Checked schema for all modified table for columns that will
auto-update timestamps during migration.
- [X] Confirmed that updating the timestamps is acceptable, and will not
cause unwanted side effects.
- [X] Ensured the correct collation is explicitly set for character
columns (`COLLATE utf8mb4_unicode_ci`).
<!-- Add the related story/sub-task/bug number, like Resolves#123, or
remove if NA -->
**Related issue:** Resolves#35452
# Details
This adds the `PUT /api/fleetd/certificates/:id/status` endpoint that a
host can use to tell the server the status of a certificate
installation. The endpoint uses `node_key` in the body for
authentication, `id` in the URL to specify the certificate template and
`status` to indicate the status (`pending`, `verifying`, `verified` or
`failed`).
# Checklist for submitter
If some of the following don't apply, delete the relevant line.
- [X] Changes file added for user-visible changes in `changes/`,
`orbit/changes/` or `ee/fleetd-chrome/changes`.
See [Changes
files](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/guides/committing-changes.md#changes-files)
for more information.
- [X] Input data is properly validated, `SELECT *` is avoided, SQL
injection is prevented (using placeholders for values in statements)
## Testing
- [X] Added/updated automated tests
- [ ] QA'd all new/changed functionality manually
---------
Co-authored-by: Konstantin Sykulev <konst@sykulev.com>
**Related issue:** Resolves#32009
This updates where we fire off the mdm_enrolled activity. We had it in
the Authenticate method in the mdm checking and commands struct and move
it into our lifecycle module. In the lifecycle module we place it in the
turnOnApple method which already had checks to see if we were on the
first TokenUpdate command. This means this activity should only
fire on the initial TokenUpdate command the host gets.
- [x] Changes file added for user-visible changes in `changes/`,
`orbit/changes/` or `ee/fleetd-chrome/changes`.
- [x] Added/updated automated tests
- [ ] QA'd all new/changed functionality manually
<!-- Add the related story/sub-task/bug number, like Resolves#123, or
remove if NA -->
**Related issue:** Resolves#36138
# Checklist for submitter
If some of the following don't apply, delete the relevant line.
- [x] Changes file added for user-visible changes in `changes/`,
`orbit/changes/` or `ee/fleetd-chrome/changes`.
See [Changes
files](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/guides/committing-changes.md#changes-files)
for more information.
## Testing
- [x] Added/updated automated tests
- [x] QA'd all new/changed functionality manually
---------
Co-authored-by: Jordan Montgomery <elijah.jordan.montgomery@gmail.com>
**Related issue:** Resolves#35460, #35462
# Checklist for submitter
- [x] Changes file added for user-visible changes in `changes/`,
`orbit/changes/` or `ee/fleetd-chrome/changes`.
See [Changes
files](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/guides/committing-changes.md#changes-files)
for more information.
- [x] Input data is properly validated, `SELECT *` is avoided, SQL
injection is prevented (using placeholders for values in statements)
## Testing
- [x] Added/updated automated tests
- [x] Where appropriate, [automated tests simulate multiple hosts and
test for host
isolation](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/reference/patterns-backend.md#unit-testing)
(updates to one hosts's records do not affect another)
- [x] QA'd all new/changed functionality manually
## Database migrations
- [x] Checked schema for all modified table for columns that will
auto-update timestamps during migration.
- [x] Confirmed that updating the timestamps is acceptable, and will not
cause unwanted side effects.
- [x] Ensured the correct collation is explicitly set for character
columns (`COLLATE utf8mb4_unicode_ci`).
<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit
## Release Notes
* **New Features**
* Added certificate templates for managing Android device certificates
at global and team levels
* Introduced API endpoints to create, list, retrieve, and delete
certificate templates
* Enabled GitOps workflow support for certificate template
specifications
* Implemented automatic variable substitution in certificate subjects
for host identifiers
<sub>✏️ Tip: You can customize this high-level summary in your review
settings.</sub>
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
---------
Co-authored-by: Scott Gress <scottmgress@gmail.com>
Co-authored-by: Scott Gress <scott@fleetdm.com>
# Checklist for submitter
If some of the following don't apply, delete the relevant line.
- [X] Changes file added for user-visible changes in `changes/`,
`orbit/changes/` or `ee/fleetd-chrome/changes`.
See [Changes
files](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/guides/committing-changes.md#changes-files)
for more information.
Co-authored-by: Jordan Montgomery <elijah.jordan.montgomery@gmail.com>
Fixes#34364, #34716.
# Checklist for submitter
If some of the following don't apply, delete the relevant line.
- [x] Changes file added for user-visible changes in `changes/`,
`orbit/changes/` or `ee/fleetd-chrome/changes`.
See [Changes
files](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/guides/committing-changes.md#changes-files)
for more information.
- [x] Input data is properly validated, `SELECT *` is avoided, SQL
injection is prevented (using placeholders for values in statements)
## Testing
- [x] Added/updated automated tests
- [ ] QA'd all new/changed functionality manually
---------
Co-authored-by: Magnus Jensen <magnus@fleetdm.com>
**Related issue:** Resolves#35729
- Fixed url prop mapping rule on Custom EST certs form.
- When editing the url field, include credentials to PATH end-point.
# Checklist for submitter
If some of the following don't apply, delete the relevant line.
- [X] Changes file added for user-visible changes in `changes/`,
`orbit/changes/` or `ee/fleetd-chrome/changes`.
See [Changes
files](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/guides/committing-changes.md#changes-files)
for more information.
## Testing
- [X] QA'd all new/changed functionality manually
<!-- Add the related story/sub-task/bug number, like Resolves#123, or
remove if NA -->
**Related issue:** Resolves#34183
# Checklist for submitter
If some of the following don't apply, delete the relevant line.
- [X] Changes file added for user-visible changes in `changes/`,
`orbit/changes/` or `ee/fleetd-chrome/changes`.
See [Changes
files](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/guides/committing-changes.md#changes-files)
for more information.
- [X] Input data is properly validated, `SELECT *` is avoided, SQL
injection is prevented (using placeholders for values in statements)
## Testing
- [X] Added/updated automated tests
- [X] QA'd all new/changed functionality manually
---------
Co-authored-by: Ian Littman <iansltx@gmail.com>
**Related issue:** Resolves#35310
This adds the UI for the new windows mdm page. This adds an option to
allow windows hosts to manually enroll into fleet mdm.
- [x] Changes file added for user-visible changes in `changes/`,
`orbit/changes/` or `ee/fleetd-chrome/changes`.
- [ ] Added/updated automated tests
- [ ] QA'd all new/changed functionality manually
---------
Co-authored-by: Jordan Montgomery <elijah.jordan.montgomery@gmail.com>
<!-- Add the related story/sub-task/bug number, like Resolves#123, or
remove if NA -->
**Related issue:** Resolves#34677 and Resolves#35349
Loadtest results:
```text
Description Average Worst Results
----------- ------- ----- -------
Page 0, DESC order 441ms 506ms 20 items
Page 0, ASC order 1.099s 1.8s 20 items
Page 1000, DESC order 484ms 641ms 20 items
100 per_page 426ms 450ms 100 items
With CVE scores 467ms 630ms 20 items
Order by name, page 0 7.589s 7.812s 20 items
Order by name, page 1000 9.103s 9.656s 20 items
Vulnerable only 6.098s 6.34s 20 items
Search 'chrome' 14.305s 14.868s 20 items
Known exploit filter 20.253s 21.238s 20 items
Min CVSS score 7.0 33.743s 35.169s 20 items
Max CVSS score 8.0 39.825s 41.83s 20 items
CVSS range 7.0-9.0 42.556s 43.267s 20 items
```
Follow-up issue: https://github.com/fleetdm/fleet/issues/35799
# Checklist for submitter
- [x] Changes file added for user-visible changes in `changes/`,
`orbit/changes/` or `ee/fleetd-chrome/changes`.
See [Changes
files](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/guides/committing-changes.md#changes-files)
for more information.
## Testing
- [x] Added/updated automated tests
- [x] Where appropriate, [automated tests simulate multiple hosts and
test for host
isolation](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/reference/patterns-backend.md#unit-testing)
(updates to one hosts's records do not affect another)
- [x] QA'd all new/changed functionality manually
## Database migrations
- [x] Checked schema for all modified table for columns that will
auto-update timestamps during migration.
<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit
* **Refactor**
* Improved software listing and counting performance via database index
and query optimizations, resulting in faster retrieval and reduced load
times for software lists across team and global views.
* **Chores**
* Added a migration to apply the index changes and updated migration
tracking.
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
<!-- Add the related story/sub-task/bug number, like Resolves#123, or
remove if NA -->
**Related issue:** Resolves#34042
# Checklist for submitter
If some of the following don't apply, delete the relevant line.
- [X] Changes file added for user-visible changes in `changes/`,
`orbit/changes/` or `ee/fleetd-chrome/changes`.
See [Changes
files](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/guides/committing-changes.md#changes-files)
for more information.
## Testing
- [X] Added/updated automated tests
- [X] QA'd all new/changed functionality manually
Tested on iPad and iOS.
Full disclosure, VPP installs on my devices seemed to sometimes (not not
always) fail silently the first time I tried them, with no `error`
showing in the setup experience results. This could be due to the
vagaries of user-based vpp licensing vs. device-based, which is perhaps
not a real-world situation, or something else I'm not following with
[how VPP license assignments
work](10889199a1/ee/server/service/software_installers.go (L1299-L1310)).
I'll continue trying to reproduce it but it's difficult since it only
seems to happen once per app at most, and I can't remove the user
licenses from a device without wiping it (I don't have any physical
devices I can do this on).
<!-- Add the related story/sub-task/bug number, like Resolves#123, or
remove if NA -->
**Related issue:** Resolves#34539
Figma:
https://www.figma.com/design/OgQ8SyLK8Sw5thXtF1eiNP/-31909-Conditional-access-w--Okta
Requires backend PR https://github.com/fleetdm/fleet/pull/35526 to view
Apple profile.
# Checklist for submitter
- [x] Changes file added for user-visible changes in `changes/`,
`orbit/changes/` or `ee/fleetd-chrome/changes`.
- [x] Input data is properly validated, `SELECT *` is avoided, SQL
injection is prevented (using placeholders for values in statements)
## Testing
- [x] Added/updated automated tests
- [x] QA'd all new/changed functionality manually
<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit
* **New Features**
* Added Okta as a conditional access provider alongside Microsoft Entra
* Users can now configure both identity providers simultaneously or use
either independently
* Updated configuration interface with new Okta-specific settings
* Redesigned UI with separate provider cards for improved clarity
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
---------
Co-authored-by: Jacob Shandling <jacob@shandling.dev>
<!-- Add the related story/sub-task/bug number, like Resolves#123, or
remove if NA -->
**Related issue:** Resolves#35307
# Checklist for submitter
If some of the following don't apply, delete the relevant line.
- [x] Changes file added for user-visible changes in `changes/`,
`orbit/changes/` or `ee/fleetd-chrome/changes`.
See [Changes
files](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/guides/committing-changes.md#changes-files)
for more information.
- [x] Input data is properly validated, `SELECT *` is avoided, SQL
injection is prevented (using placeholders for values in statements)
- [x] If paths of existing endpoints are modified without backwards
compatibility, checked the frontend/CLI for any necessary changes
## Testing
- [x] Added/updated automated tests
- [x] Where appropriate, [automated tests simulate multiple hosts and
test for host
isolation](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/reference/patterns-backend.md#unit-testing)
(updates to one hosts's records do not affect another)
- [x] QA'd all new/changed functionality manually
## Database migrations
- [x] Checked schema for all modified table for columns that will
auto-update timestamps during migration.
## New Fleet configuration settings
- [ ] Setting(s) is/are explicitly excluded from GitOps
If you didn't check the box above, follow this checklist for
GitOps-enabled settings:
- [x] Verified that the setting is exported via `fleetctl
generate-gitops`
- [x] Verified the setting is documented in a separate PR to [the GitOps
documentation](https://github.com/fleetdm/fleet/blob/main/docs/Configuration/yaml-files.md#L485)
- [x] Verified that the setting is cleared on the server if it is not
supplied in a YAML file (or that it is documented as being optional)
- [x] Verified that any relevant UI is disabled when GitOps mode is
enabled
<!-- Add the related story/sub-task/bug number, like Resolves#123, or
remove if NA -->
**Related issue:** Resolves#35376
# Details
This PR updates the "list labels" (`GET /labels`) API by adding an
optional `include_host_counts` parameter, which defaults to `true`. If
explicitly set to `false`, the underlying db code will skip doing an
expensive subquery which returns the number of hosts that are members of
each label. The UI will now default to setting this to `false` in its
calls, because:
1. This is an N+1 query pattern which scales poorly as the # of labels
and hosts increases (see associated ticket as well as
https://github.com/fleetdm/fleet/issues/4890)
1. _We don't use this data anywhere._ At least no where I could find in
the front end or back end (besides a test specifically for this
functionality). So we're doing this work for nothing.
Since this is a public API we can't just [drop the functionality
entirely](https://github.com/fleetdm/fleet/pull/35763) as that would be
a breaking change.
# Checklist for submitter
If some of the following don't apply, delete the relevant line.
- [X] Changes file added for user-visible changes in `changes/`,
`orbit/changes/` or `ee/fleetd-chrome/changes`.
See [Changes
files](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/guides/committing-changes.md#changes-files)
for more information.
- [X] Input data is properly validated, `SELECT *` is avoided, SQL
injection is prevented (using placeholders for values in statements)
## Testing
- [X] QA'd all new/changed functionality manually
The only place that I could find that lists host counts for labels is
the Packs UI, which uses a different endpoint and database method (`GET
/targets` and `SearchLabels()`
**Related issue:** Resolves#35357
# Checklist for submitter
If some of the following don't apply, delete the relevant line.
- [x] Changes file added for user-visible changes in `changes/`,
`orbit/changes/` or `ee/fleetd-chrome/changes`.
See [Changes
files](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/guides/committing-changes.md#changes-files)
for more information.
- [x] Input data is properly validated, `SELECT *` is avoided, SQL
injection is prevented (using placeholders for values in statements)
## Testing
- [x] Added/updated automated tests
- [ ] QA'd all new/changed functionality manually
<!-- Add the related story/sub-task/bug number, like Resolves#123, or
remove if NA -->
**Related issue:** Resolves#35309
Followup changes, see
https://fleetdm.slack.com/archives/C019WG4GH0A/p1763137466439419 for
more context. We decided not to use the initially proposed PUT endpoint
at all and update the existing POST endpoint to have the desired
behavior
# Checklist for submitter
If some of the following don't apply, delete the relevant line.
- [x] Changes file added for user-visible changes in `changes/`,
`orbit/changes/` or `ee/fleetd-chrome/changes`.
See [Changes
files](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/guides/committing-changes.md#changes-files)
for more information.
- [x] Input data is properly validated, `SELECT *` is avoided, SQL
injection is prevented (using placeholders for values in statements)
- [x] If paths of existing endpoints are modified without backwards
compatibility, checked the frontend/CLI for any necessary changes
## Testing
- [x] Added/updated automated tests
- [x] Where appropriate, [automated tests simulate multiple hosts and
test for host
isolation](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/reference/patterns-backend.md#unit-testing)
(updates to one hosts's records do not affect another)
- [x] QA'd all new/changed functionality manually
This commit fixes two related bugs with Android MDM:
1. Android profiles now download correctly as .json files instead of
.xml
- Before: profiles downloaded as .xml with content '[object Object]'
- After: profiles download as .json with properly formatted JSON content
- Fixed by adding Android platform check in createProfileExtension() and
createFileContent()
2. Custom Settings page now recognizes Android MDM
- Before: showed 'MDM must be turned on' error even when Android MDM was
enabled
- After: properly detects Android MDM and allows profile management
- Fixed by adding android_enabled_and_configured check to mdmEnabled
- Backend middleware now supports Android MDM for profile endpoints
a) Added VerifyAnyMDMConfigured() to support Apple, Windows, and Android
MDM
b) Updated profile endpoints to use VerifyAnyMDM() middleware
**Related issue:** Resolves#35023
# Checklist for submitter
- [x] Changes file added for user-visible changes in `changes/`
- [x] Input data is properly validated, `SELECT *` is avoided, SQL
injection is prevented (using placeholders for values in statements)
- [x] If paths of existing endpoints are modified without backwards
compatibility, checked the frontend/CLI for any necessary changes
## Testing
- [x] Added/updated automated tests
- [x] QA'd all new/changed functionality manually
## Database migrations
_No database migrations in this PR_
## New Fleet configuration settings
_No new Fleet configuration settings in this PR_
## fleetd/orbit/Fleet Desktop
_This PR does not affect fleetd/orbit/Fleet Desktop_
<!-- Add the related story/sub-task/bug number, like Resolves#123, or
remove if NA -->
**Related issue:** Resolves#35503
For this one I opted for a simple approach of just duplicating the
arrays one for user, and one for device, then with the first loc uri
that checks in of either device or user, sets the respective arrays, I
thought while this was more LOC's it was easier to look at and maintain
compared to regex matches etc, let me know if you think otherwise.
# Checklist for submitter
If some of the following don't apply, delete the relevant line.
- [x] Changes file added for user-visible changes in `changes/`,
`orbit/changes/` or `ee/fleetd-chrome/changes`.
See [Changes
files](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/guides/committing-changes.md#changes-files)
for more information.
## Testing
- [x] Added/updated automated tests
- [x] QA'd all new/changed functionality manually
<!-- Add the related story/sub-task/bug number, like Resolves#123, or
remove if NA -->
**Related issue:** Resolves#35309
Related doc update #35736
Adds a PUT endpoint for setting setup experience scripts, as opposed to
the current POST implementation(which errors if the script is already
set, which is why gitops calls DELETE first every time). If the contents
change, the new endpoint has the same effect as DELETE then POST today,
however if the contents are unchanged no changes occur, allowing gitops
runs to avoid cancelling script executions.
Also switched gitops over to the new PUT endpoint and removed the DELETE
in the "set" path.
# Checklist for submitter
If some of the following don't apply, delete the relevant line.
- [x] Changes file added for user-visible changes in `changes/`,
`orbit/changes/` or `ee/fleetd-chrome/changes`.
See [Changes
files](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/guides/committing-changes.md#changes-files)
for more information.
- [x] Input data is properly validated, `SELECT *` is avoided, SQL
injection is prevented (using placeholders for values in statements)
- [x] If paths of existing endpoints are modified without backwards
compatibility, checked the frontend/CLI for any necessary changes
## Testing
- [x] Added/updated automated tests
- [x] Where appropriate, [automated tests simulate multiple hosts and
test for host
isolation](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/reference/patterns-backend.md#unit-testing)
(updates to one hosts's records do not affect another)
- [ ] QA'd all new/changed functionality manually
