Elgato_dark/fleet
1
0
Fork 0
mirror of https://github.com/fleetdm/fleet synced 2026-05-21 07:58:31 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 110
15177 commits 3312 branches 575 tags 2.3 GiB
Commit graph

65 commits

Author SHA1 Message Date
Tim Lee
7b86f1ee6f
Add Linux encryption states to APIs (#23806) 2024-11-19 13:11:59 -07:00
Victor Lyuboslavsky
f85b6f776f
Updating golangci-lint to 1.61.0 (#22973) 2024-10-18 12:38:26 -05:00
Tim Lee
98c0bd8d12
Add Fedora built in label (#22465) 2024-09-30 10:02:54 -06:00
Dante Catalfamo
031e5b9c71
Delete apps associated with VPP tokens when they're moved or deleted (#21852) 
#21804
 2024-09-06 09:14:09 -04:00
Martin Angers
5b1a603d3b
MABM bugfix: fix the expected format of the migrated VPP token (#21761) 2024-09-03 13:23:44 -04:00
Lucas Manuel Rodriguez
fcdda20664
Backend for policy automation to install software (#21650) 
#21428

- [X] Changes file added for user-visible changes in `changes/`,
`orbit/changes/` or `ee/fleetd-chrome/changes`.
See [Changes
files](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/Committing-Changes.md#changes-files)
for more information.
- [X] Input data is properly validated, `SELECT *` is avoided, SQL
injection is prevented (using placeholders for values in statements)
- [X] Added/updated tests
- [X] If database migrations are included, checked table schema to
confirm autoupdate
- For database migrations:
- [X] Checked schema for all modified table for columns that will
auto-update timestamps during migration.
- [X] Confirmed that updating the timestamps is acceptable, and will not
cause unwanted side effects.
- [X] Ensured the correct collation is explicitly set for character
columns (`COLLATE utf8mb4_unicode_ci`).
- [X] Manual QA for all new/changed functionality
 2024-08-30 14:13:25 -03:00
Jahziel Villasana-Espinoza
a00559e732
feat: enable multiple ABM and VPP tokens (#21693) 
> Related issue: #9956 

# Checklist for submitter

If some of the following don't apply, delete the relevant line.

<!-- Note that API documentation changes are now addressed by the
product design team. -->

- [x] Changes file added for user-visible changes in `changes/`,
`orbit/changes/` or `ee/fleetd-chrome/changes`.
See [Changes
files](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/Committing-Changes.md#changes-files)
for more information.
- [x] Input data is properly validated, `SELECT *` is avoided, SQL
injection is prevented (using placeholders for values in statements)
- [x] Added/updated tests
- [x] If paths of existing endpoints are modified without backwards
compatibility, checked the frontend/CLI for any necessary changes
- [x] If database migrations are included, checked table schema to
confirm autoupdate
- For database migrations:
- [x] Checked schema for all modified table for columns that will
auto-update timestamps during migration.
- [x] Confirmed that updating the timestamps is acceptable, and will not
cause unwanted side effects.
- [x] Ensured the correct collation is explicitly set for character
columns (`COLLATE utf8mb4_unicode_ci`).
- [x] Manual QA for all new/changed functionality

---------

Co-authored-by: Martin Angers <martin.n.angers@gmail.com>
Co-authored-by: Gabriel Hernandez <ghernandez345@gmail.com>
Co-authored-by: Roberto Dip <rroperzh@gmail.com>
Co-authored-by: Sarah Gillespie <73313222+gillespi314@users.noreply.github.com>
Co-authored-by: Dante Catalfamo <43040593+dantecatalfamo@users.noreply.github.com>
Co-authored-by: Roberto Dip <dip.jesusr@gmail.com>
 2024-08-29 18:51:46 -04:00
Lucas Manuel Rodriguez
28ca463d13
iOS/iPadOS as platforms/labels (#20126) 
#19963 

- [X] Changes file added for user-visible changes in `changes/`,
`orbit/changes/` or `ee/fleetd-chrome/changes`.
See [Changes
files](https://fleetdm.com/docs/contributing/committing-changes#changes-files)
for more information.
- [X] Input data is properly validated, `SELECT *` is avoided, SQL
injection is prevented (using placeholders for values in statements)
- [X] Added/updated tests
- [X] If database migrations are included, checked table schema to
confirm autoupdate
- For database migrations:
- [X] Checked schema for all modified table for columns that will
auto-update timestamps during migration.
- [X] Confirmed that updating the timestamps is acceptable, and will not
cause unwanted side effects.
- [X] Ensured the correct collation is explicitly set for character
columns (`COLLATE utf8mb4_unicode_ci`).
- [X] Manual QA for all new/changed functionality

---

# API changes for dashboard UI changes

## Main dashboard page

`GET /api/latest/fleet/host_summary?low_disk_space=32` (see
`ios`/`ipados` platforms and `iOS`/`iPadOS` labels)
```json
{
  "totals_hosts_count": 9,
  "online_count": 0,
  "offline_count": 9,
  "mia_count": 0,
  "missing_30_days_count": 0,
  "new_count": 0,
  "all_linux_count": 2,
  "low_disk_space_count": 3,
  "builtin_labels": [
    {
      "id": 1,
      "name": "macOS 14+ (Sonoma+)",
      "description": "macOS hosts with version 14 and above",
      "label_type": "builtin"
    },
    {
      "id": 7,
      "name": "All Hosts",
      "description": "All hosts which have enrolled in Fleet",
      "label_type": "builtin"
    },
    {
      "id": 8,
      "name": "macOS",
      "description": "All macOS hosts",
      "label_type": "builtin"
    },
    {
      "id": 9,
      "name": "Ubuntu Linux",
      "description": "All Ubuntu hosts",
      "label_type": "builtin"
    },
    {
      "id": 10,
      "name": "CentOS Linux",
      "description": "All CentOS hosts",
      "label_type": "builtin"
    },
    {
      "id": 11,
      "name": "MS Windows",
      "description": "All Windows hosts",
      "label_type": "builtin"
    },
    {
      "id": 12,
      "name": "Red Hat Linux",
      "description": "All Red Hat Enterprise Linux hosts",
      "label_type": "builtin"
    },
    {
      "id": 13,
      "name": "All Linux",
      "description": "All Linux distributions",
      "label_type": "builtin"
    },
    {
      "id": 14,
      "name": "chrome",
      "description": "All Chrome hosts",
      "label_type": "builtin"
    },
    {
      "id": 15,
      "name": "iOS",
      "description": "All iOS hosts",
      "label_type": "builtin"
    },
    {
      "id": 16,
      "name": "iPadOS",
      "description": "All iPadOS hosts",
      "label_type": "builtin"
    }
  ],
  "platforms": [
    {
      "platform": "darwin",
      "hosts_count": 3
    },
    {
      "platform": "ios",
      "hosts_count": 1
    },
    {
      "platform": "ipados",
      "hosts_count": 1
    },
    {
      "platform": "rhel",
      "hosts_count": 1
    },
    {
      "platform": "ubuntu",
      "hosts_count": 1
    },
    {
      "platform": "windows",
      "hosts_count": 2
    }
  ]
}
```

## After selecting a platform

`GET /api/latest/fleet/host_summary?platform=ios&low_disk_space=100`
(similar with `ipados`)
```json
{
  "totals_hosts_count": 1,
  "online_count": 0,
  "offline_count": 1,
  "mia_count": 0,
  "missing_30_days_count": 0,
  "new_count": 0,
  "all_linux_count": 0,
  "low_disk_space_count": 1,
  "builtin_labels": [
    {
      "id": 1,
      "name": "macOS 14+ (Sonoma+)",
      "description": "macOS hosts with version 14 and above",
      "label_type": "builtin"
    },
    {
      "id": 7,
      "name": "All Hosts",
      "description": "All hosts which have enrolled in Fleet",
      "label_type": "builtin"
    },
    {
      "id": 8,
      "name": "macOS",
      "description": "All macOS hosts",
      "label_type": "builtin"
    },
    {
      "id": 9,
      "name": "Ubuntu Linux",
      "description": "All Ubuntu hosts",
      "label_type": "builtin"
    },
    {
      "id": 10,
      "name": "CentOS Linux",
      "description": "All CentOS hosts",
      "label_type": "builtin"
    },
    {
      "id": 11,
      "name": "MS Windows",
      "description": "All Windows hosts",
      "label_type": "builtin"
    },
    {
      "id": 12,
      "name": "Red Hat Linux",
      "description": "All Red Hat Enterprise Linux hosts",
      "label_type": "builtin"
    },
    {
      "id": 13,
      "name": "All Linux",
      "description": "All Linux distributions",
      "label_type": "builtin"
    },
    {
      "id": 14,
      "name": "chrome",
      "description": "All Chrome hosts",
      "label_type": "builtin"
    },
    {
      "id": 15,
      "name": "iOS",
      "description": "All iOS hosts",
      "label_type": "builtin"
    },
    {
      "id": 16,
      "name": "iPadOS",
      "description": "All iPadOS hosts",
      "label_type": "builtin"
    }
  ],
  "platforms": [
    {
      "platform": "ios",
      "hosts_count": 1
    }
  ]
}
```

### To populate list of MDM solutions of a selected platform

`GET /api/latest/fleet/hosts/summary/mdm\?platform=ios` (similar with
`ipados`)

```json
{
  "counts_updated_at": "2024-06-27T21:56:45Z",
  "mobile_device_management_enrollment_status": {
    "enrolled_manual_hosts_count": 0,
    "enrolled_automated_hosts_count": 1,
    "pending_hosts_count": 0,
    "unenrolled_hosts_count": 0,
    "hosts_count": 1
  },
  "mobile_device_management_solution": [
    {
      "id": 1,
      "name": "Fleet",
      "server_url": "https://lucas-fleet.ngrok.app/mdm/apple/mdm",
      "hosts_count": 1
    }
  ]
}
```

### To populate OS versions of a selected platform

`GET /api/latest/fleet/os_versions?platform=ipados` (similar with `ios`)
```json
{
  "meta": {
    "has_next_results": false,
    "has_previous_results": false
  },
  "count": 1,
  "counts_updated_at": "2024-06-27T21:36:12Z",
  "os_versions": [
    {
      "os_version_id": 7,
      "hosts_count": 1,
      "name": "iPadOS 17.5.1",
      "name_only": "iPadOS",
      "version": "17.5.1",
      "platform": "ipados",
      "vulnerabilities": []
    }
  ]
}
```

## Filtering hosts by the two new `iOS`/`iPadOS` labels

Works the same as with other labels.
 2024-07-08 18:05:29 -03:00
gillespi314
3b3f815a42 Merge conflicts 2024-04-16 10:20:59 -05:00
Martin Angers
47279ca2a9 Fix conflicts 2024-04-15 16:10:10 -04:00
Sarah Gillespie
05ccf9ee23
Fix issues related to Fleet builtin labels and reserved MDM profile names (#18043) 2024-04-08 14:34:55 -05:00
Lucas Manuel Rodriguez
e58e72fb77
Prevent empty logging_type when creating and editing queries (#14575) 
#14551

- ~[ ] Changes file added for user-visible changes in `changes/` or
`orbit/changes/`.
See [Changes
files](https://fleetdm.com/docs/contributing/committing-changes#changes-files)
for more information.~
- ~[ ] Documented any API changes (docs/Using-Fleet/REST-API.md or
docs/Contributing/API-for-contributors.md)~
- ~[ ] Documented any permissions changes (docs/Using
Fleet/manage-access.md)~
- ~[ ] Input data is properly validated, `SELECT *` is avoided, SQL
injection is prevented (using placeholders for values in statements)~
- ~[ ] Added support on fleet's osquery simulator `cmd/osquery-perf` for
new osquery data ingestion features.~
- [X] Added/updated tests
- [x] Manual QA for all new/changed functionality
  - ~For Orbit and Fleet Desktop changes:~
- ~[ ] Manual QA must be performed in the three main OSs, macOS, Windows
and Linux.~
- ~[ ] Auto-update manual QA, from released version of component to new
version (see [tools/tuf/test](../tools/tuf/test/README.md)).~
 2023-10-16 19:33:39 -03:00
Lucas Manuel Rodriguez
2afbd24021
Combine Schedules and Queries: API changes (#12778) 
Combining schedules and queries API changes.
 2023-07-24 20:17:20 -04:00
Juan Fernandez
ae5057f760
Moar refactoring 2023-07-07 09:46:06 -04:00
Juan Fernandez
6a69604c62
Updated factory method for creating queries in tests 2023-07-07 09:05:51 -04:00
Juan Fernandez
8a1ffc97ea
Refactored Apply test 2023-07-07 08:51:51 -04:00
Lucas Manuel Rodriguez
1ebfbb14eb
New gitops role (#10850) 
#8593

This PR adds a new role `gitops` to Fleet.
MDM capabilities for the role coming on a separate PR. We need this
merged ASAP so that we can unblock the UI work for this.

- [X] Changes file added for user-visible changes in `changes/` or
`orbit/changes/`.
See [Changes
files](https://fleetdm.com/docs/contributing/committing-changes#changes-files)
for more information.
- [x] Documented any API changes (docs/Using-Fleet/REST-API.md or
docs/Contributing/API-for-contributors.md)
- [X] Documented any permissions changes
- ~[ ] Input data is properly validated, `SELECT *` is avoided, SQL
injection is prevented (using placeholders for values in statements)~
- ~[ ] Added support on fleet's osquery simulator `cmd/osquery-perf` for
new osquery data ingestion features.~
- [X] Added/updated tests
- [x] Manual QA for all new/changed functionality
  - ~For Orbit and Fleet Desktop changes:~
- ~[ ] Manual QA must be performed in the three main OSs, macOS, Windows
and Linux.~
- ~[ ] Auto-update manual QA, from released version of component to new
version (see [tools/tuf/test](../tools/tuf/test/README.md)).~
 2023-04-12 16:11:04 -03:00
Lucas Manuel Rodriguez
a756614c1a
New observer_plus role (#10675) 
#8593

This PR adds a new role `observer_plus` to Fleet. (The `GitOps` role
will be added on a separate PR.)

- [X] Changes file added for user-visible changes in `changes/` or
`orbit/changes/`.
See [Changes
files](https://fleetdm.com/docs/contributing/committing-changes#changes-files)
for more information.
- [X] Documented any API changes (docs/Using-Fleet/REST-API.md or
docs/Contributing/API-for-contributors.md)
- [X] Documented any permissions changes
- ~[ ] Input data is properly validated, `SELECT *` is avoided, SQL
injection is prevented (using placeholders for values in statements)~
- ~[ ] Added support on fleet's osquery simulator `cmd/osquery-perf` for
new osquery data ingestion features.~
- [X] Added/updated tests
- [X] Manual QA for all new/changed functionality
  - ~For Orbit and Fleet Desktop changes:~
- ~[ ] Manual QA must be performed in the three main OSs, macOS, Windows
and Linux.~
- ~[ ] Auto-update manual QA, from released version of component to new
version (see [tools/tuf/test](../tools/tuf/test/README.md)).~
 2023-04-05 15:23:49 -03:00
Lucas Manuel Rodriguez
40265d0e6f
Fix SMTP e-mail send when SMTP server has credentials (#10758) 
#9609

This PR also fixes #10777.

The issue is: We were using `svc.AppConfig` instead of
`svc.ds.AppConfig` to retrieve the SMTP credentials.
`svc.AppConfig` obfuscates credentials, whereas `svc.ds.AppConfig` does
not.
To help prevent this from happening again I've renamed `svc.AppConfig`
to `svc.AppConfigObfuscated`.
I've also added a new test SMTP server
(https://github.com/axllent/mailpit) that supports Basic Authentication
and tests that make use of it to catch these kind of bugs (the tests are
executed when running `go test` with `MAIL_TEST=1`).

- [X] Changes file added for user-visible changes in `changes/` or
`orbit/changes/`.
See [Changes
files](https://fleetdm.com/docs/contributing/committing-changes#changes-files)
for more information.
- ~[ ] Documented any API changes (docs/Using-Fleet/REST-API.md or
docs/Contributing/API-for-contributors.md)~
- ~[ ] Documented any permissions changes~
- ~[ ] Input data is properly validated, `SELECT *` is avoided, SQL
injection is prevented (using placeholders for values in statements)~
- ~[ ] Added support on fleet's osquery simulator `cmd/osquery-perf` for
new osquery data ingestion features.~
- [X] Added/updated tests
- [X] Manual QA for all new/changed functionality
  - ~For Orbit and Fleet Desktop changes:~
- ~[ ] Manual QA must be performed in the three main OSs, macOS, Windows
and Linux.~
- ~[ ] Auto-update manual QA, from released version of component to new
version (see [tools/tuf/test](../tools/tuf/test/README.md)).~
 2023-03-28 15:23:15 -03:00
Martin Angers
e360013dc3
Implement API endpoint for MDM manual enrollment profile download (#9232) 2023-01-16 10:22:12 -05:00
gillespi314
94dd1c3745
Ingest pending MDM hosts (#9065) 
Co-authored-by @roperzh
 2022-12-26 15:32:39 -06:00
Martin Angers
472c8bafb3
Refactor license so it is stored in the context (#8544) 2022-11-15 09:08:05 -05:00
Frank Sievertsen
baa1ddc0f2
Add MDM detection for windows and mdm endpoints (#8479) 2022-11-01 18:22:07 +01:00
Frank Sievertsen
e9f7066d87
7135 host display name (#7873) 2022-10-08 08:57:46 -04:00
Juan Fernandez
ef73039559
Improve vulnerability detection for Ubuntu (#6102) 
Feature: Improve our capability to detect vulnerable software on Ubuntu hosts

To improve the capability of detecting vulnerable software on Ubuntu, we are now using OVAL definitions to detect vulnerable software on Ubuntu hosts. If data sync is enabled (disable_data_sync=false) OVAL definitions are automatically kept up to date (they are 'refreshed' once per day) - there's also the option to manually download the OVAL definitions using the 'fleetctl vulnerability-data-stream' command. Downloaded definitions are then parsed into an intermediary format and then used to identify vulnerable software on Ubuntu hosts. Finally, any 'recent' detected vulnerabilities are sent to any third-party integrations.
 2022-06-07 21:09:47 -04:00
gillespi314
4a4e832d3a
Increase minimum password length to 12 characters (#5712) 2022-05-18 12:03:00 -05:00
Martin Angers
9a0f749641
Add hosts_count field to "list software" endpoint (#3873) 2022-01-26 09:47:56 -05:00
Lucas Manuel Rodriguez
25fd04ea18
Fix team packs rego policy rules (#3356) 2021-12-13 20:53:29 -08:00
Lucas Manuel Rodriguez
e64a88d8b1
Add COALESCEs on all host_seen_times JOINs (#3147) 
* Add COALESCEs on all host_seen_times JOINs

* Use tx instead of d.writer

* Add unit tests

* Fix compile test
 2021-12-01 09:05:23 -03:00
Lucas Manuel Rodriguez
cb54d9a8dc
Fix duplicate schedules and platform matching on scheduled queries (#2977) 
* Fix duplicate schedules and platform matching on scheduled queries

* scheduled_queries.platform can be NULL

* Add unit tests

* Add rhel host and check zero stats
 2021-11-17 19:03:30 -03:00
Tomas Touceda
b802af6f44
Add host count to software API (#2879) 
* Add host count to software API

* Update docs

* Update fleetctl tests to account for host counts

* Update docs to mention host_count special case

* Update func comment
 2021-11-11 08:49:17 -03:00
Tomas Touceda
d3a0d62902
Issue 2456 policies yaml (#2512) 
* wip

* Add policy specs support

* Add documentation

* Make policy apply idempotent

* Fold in code

* Improve tests and simplify auth checks

* Lint and fix test
 2021-10-15 07:34:11 -03:00
Tomas Touceda
2033d8208c
Add policy updated at (#2246) 
* wip

* Add policy updated at interval and update the UI to use that

* Update rest api

* Fix tests
 2021-09-27 16:27:38 -03:00
Martin Angers
4f4185372d
Add support for context in datastore/mysql layer (#1962) 
This is just to pass down the context to the datastore layer, it doesn't
use it just yet - this will be in a follow-up PR.
 2021-09-14 08:11:07 -04:00
Tomas Touceda
7c34956d31
Add coverage to uncovered mysql code (#1855) 
* Add coverage to uncovered mysql code

* Add deleted method and update mock

* Fix test
 2021-09-07 13:48:04 -03:00
Tomas Touceda
c6c63ab12a
Refactor app config (POC, for now) (#1685) 2021-08-20 12:27:41 -03:00
Tomas Touceda
29570bd860
Issue 1278 select leader (#1367) 
* Add leader selection

* remove comment

* Address review comments

* Add changes file

* Simplify implementation

* Simplify further

* Whoops, removed a little too much
 2021-07-19 15:08:41 -03:00
Tomas Touceda
322ac3c8f6
Make roles for users mandatory (#1338) 
* Make roles for users mandatory

* Remove nop migration

* Add missing test for wrong role

* Properly validate global and team roles

* Address codacy issues

* Address codacy review

* No need to check for nil
 2021-07-13 16:33:04 -03:00
Zach Wasserman
c5280c0517
Add v4 suffix in go.mod (#1224) 2021-06-25 21:46:51 -07:00
RachelElysia
aeb852e168
Remove username from UI (#1168) 
* Remove username from UI code
* Remove username from tests
* Remove username from database
* Modify server endpoints for removing username
* Implement backend aspects of removing username
* Update API docs
* Add name to fleetctl
 2021-06-24 13:42:29 -07:00
Zach Wasserman
1417d01407
Make naming of host columns consistent (#1183) 
Adding consistency between API and DB helps to make it easier for users
and developers working with the API to correctly order things.

Closes #317
 2021-06-23 17:32:19 -07:00
Zach Wasserman
19e8da177f
Allow Packs to be targeted to Teams (#1130) 
- Add additional target type for packs.
- Refactor pack target datastore.
- Fixes for frontend target selector tier logic on packs page.
 2021-06-18 09:43:16 -07:00
Zach Wasserman
fb32f0cf40
Remove kolide types and packages from backend (#974) 
Generally renamed `kolide` -> `fleet`
 2021-06-06 15:07:29 -07:00
Zach Wasserman
18faa5a06b
Add authorization checks in service (#938) 
- Add policy.rego file defining authorization policies.
- Add Go integrations to evaluate Rego policies (via OPA).
- Add middleware to ensure requests without authorization check are rejected (guard against programmer error).
- Add authorization checks to most service endpoints.
 2021-06-03 16:24:15 -07:00
Zach Wasserman
15b81824f5
Filter query page API responses based on team membership (#850) 
- Include only hosts that the user has access to in search targets API.
- Add parameter to specify whether `observer` hosts should be included.
- Generate counts based on which hosts user can access.
- Update API doc.
 2021-05-24 21:34:08 -07:00
Noah Talerman
72882e8f9f Merge branch 'master' into teams 2021-05-19 13:16:54 -04:00
WangXiang
468754f2b9
Format and clean code (#774) 
1. use [staticcheck](https://staticcheck.io/) to check the code, and fix some issues.
2. use `go fmt` to format the code.
3. use `go mod tidy` clean the go mod.
 2021-05-17 10:29:50 -07:00
Zach Wasserman
f788254e61
Implement storage of scheduled query statistics (#735) 
Track all data from the osquery_schedule table on a per-host basis. This
data is now returned when retrieving host details in the API.
 2021-05-06 21:05:09 -07:00
Zach Wasserman
a17556b2db Merge branch 'master' into teams 2021-04-30 09:40:10 -07:00
Zach Wasserman
e8669818eb
Initial backend software inventory implementation (#678) 
- Maintain software inventory with detail queries.
- Associated database migrations.
- Feature flagged off by default (see documentation for details to turn on).
- Documentation.
- New test helper for slice element comparisons skipping ID.
 2021-04-26 08:44:22 -07:00