## PR 2/2 for #32037
- Implements update for the Linux setup experience from the end-user's
point of view (the "My device" page).
- Works in concert with the new endpoints implemented in
https://github.com/fleetdm/fleet/pull/32493
- My device page calls a new endpoint to get in-progress setup
experience software installations. If there are any, the page is
replaced with a "Setting up your device" page
- The UI polls this endpoint until all such installations are either
successful or failed (including canceled)
- Setting up your device page includes a table displaying the name and
status of each software installation
- Once all installations are finished (succeed/fail), renders the
regular My device page
- Add a handler for the new API call for relevant tests
## Testing
Can use [this branch with fake
data](https://github.com/fleetdm/fleet/tree/32037-end-user-fake-data) to
help test this PR
- [x] Changes file added for user-visible changes in `changes/`
- [x] Added/updated automated tests - additional tests coming in
follow-up
- [x] QA'd all new/changed functionality manually
---------
Co-authored-by: Jacob Shandling <jacob@fleetdm.com>
For #29478, sans GitOps.
---------
Co-authored-by: RachelElysia <71795832+RachelElysia@users.noreply.github.com>
Co-authored-by: Konstantin Sykulev <konst@sykulev.com>
resolves#31166
This adds a user icon and tooltip if the custom profile is user scoped
<img width="236" height="114" alt="image"
src="https://github.com/user-attachments/assets/be8e241d-6f70-40dc-808d-625245eb771f"
/>
- [x] Changes file added for user-visible changes in `changes/`,
`orbit/changes/` or `ee/fleetd-chrome/changes`.
- [x] QA'd all new/changed functionality manually
For #29426
For #30941
We didn't have an activities subtask for Hydrant so some changes related
to them were unfortunately missed and discovered during engineering
test. This addresses that and also fixes one other API issue noticed
where the GET endpoint was not returning the proper timestamps. No
changes file added because the Hydrant story changes file already covers
this feature
# Checklist for submitter
If some of the following don't apply, delete the relevant line.
- [x] Input data is properly validated, `SELECT *` is avoided, SQL
injection is prevented (using placeholders for values in statements)
- [x] If paths of existing endpoints are modified without backwards
compatibility, checked the frontend/CLI for any necessary changes
## Testing
- [x] Added/updated automated tests
- [x] QA'd all new/changed functionality manually
## PR 1/2 for #32037
- Implements update for the Linux setup experience from the IT admin's
point of view. Updates for the end-user ("My device" page) to follow
- Works in concert with the new endpoints implemented in
https://github.com/fleetdm/fleet/pull/32493
- Splits Controls > Setup experience > Install software into 3 tabbed
sections, one for each of macOS, Windows (placeholder state for now, to
be implemented in following iteration), and Linux.
- Dynamically calls new GET and PUT endpoints and routes data
accordingly depending on which platform software for install is being
updated for.
- Update the software selection modal to display software package
versions, including the package type (deb, rpm, or tar) for Linux
software packges.
- New activity feed item
- Update relevant tests
_Note that the lower-right-hand image in this GIF is outdated and will
be updated with new content once this entire feature is integrated_
~- [ ] Changes file added for user-visible changes in `changes/`~ will
include in PR 2/2
- [x] Added/updated automated tests
- [x] QA'd all new/changed functionality manually
- [x] Verified that any relevant UI is disabled when GitOps mode is
enabled
---------
Co-authored-by: Jacob Shandling <jacob@fleetdm.com>
There are still some TODOs particularly within Gitops test code which
will be worked on in a followup PR
# Checklist for submitter
If some of the following don't apply, delete the relevant line.
- [x] Changes file added for user-visible changes in `changes/`,
`orbit/changes/` or `ee/fleetd-chrome/changes`.
See [Changes
files](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/guides/committing-changes.md#changes-files)
for more information.
- [x] Input data is properly validated, `SELECT *` is avoided, SQL
injection is prevented (using placeholders for values in statements)
- [x] If paths of existing endpoints are modified without backwards
compatibility, checked the frontend/CLI for any necessary changes
## Testing
- [x] Added/updated automated tests
- [x] Where appropriate, [automated tests simulate multiple hosts and
test for host
isolation](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/reference/patterns-backend.md#unit-testing)
(updates to one hosts's records do not affect another)
- [ ] QA'd all new/changed functionality manually
For unreleased bug fixes in a release candidate, one of:
- [x] Confirmed that the fix is not expected to adversely impact load
test results
- [x] Alerted the release DRI if additional load testing is needed
## Database migrations
- [x] Checked table schema to confirm autoupdate
- [x] Checked schema for all modified table for columns that will
auto-update timestamps during migration.
- [x] Confirmed that updating the timestamps is acceptable, and will not
cause unwanted side effects.
- [x] Ensured the correct collation is explicitly set for character
columns (`COLLATE utf8mb4_unicode_ci`).
## New Fleet configuration settings
- [ ] Setting(s) is/are explicitly excluded from GitOps
If you didn't check the box above, follow this checklist for
GitOps-enabled settings:
- [ ] Verified that the setting is exported via `fleetctl
generate-gitops`
- [x] Verified the setting is documented in a separate PR to [the GitOps
documentation](https://github.com/fleetdm/fleet/blob/main/docs/Configuration/yaml-files.md#L485)
- [x] Verified that the setting is cleared on the server if it is not
supplied in a YAML file (or that it is documented as being optional)
- [x] Verified that any relevant UI is disabled when GitOps mode is
enabled
---------
Co-authored-by: Gabriel Hernandez <ghernandez345@gmail.com>
Co-authored-by: Magnus Jensen <magnus@fleetdm.com>
Co-authored-by: Sarah Gillespie <73313222+gillespi314@users.noreply.github.com>
## For #31226
New features:
- Dynamic header for each possible state of a batch script run: Started,
Scheduled, and Finished (corresponds to tabs at
`/controls/scripts/progress`
- Unique tabs for each possible status of hosts targeted by a batch
script run: Ran, Errored, Pending, Incompatible, Canceled.
- Within each tab, sortable, paginated host results with output preview
and execution time.
- View script/run details, cancel a batch, view manage hosts page
filtered for the script batch run and a status.
- Global script batch runs activities and and Scripts progress rows now
navigate to this details page.
Cleanups and improvements:
- Expand tab count badge options using “alert”/“pending” variants across
hosts, policies, and query results.
- Misc cleanups and improvements
- [x] Changes file added for user-visible changes in `changes/`,
- [x] Updated automated tests - new tests tracked for follow-up work
- [x] QA'd all new/changed functionality manually
---------
Co-authored-by: Jacob Shandling <jacob@fleetdm.com>
for #31532
# Details
This PR adds templates for displaying the "Scheduled batch script" and
"Canceled batch script" global activity feed items. It also updates the
"Cancel batch script?" modal to show a spinner on the cancel button when
applicable.
# Checklist for submitter
## Testing
- [X] QA'd all new/changed functionality manually
<img width="820" height="210" alt="image"
src="https://github.com/user-attachments/assets/45c8b15c-b100-4356-aa65-24441ecc16a0"
/>
## Issue
Closes#31629
## Description
- Added temporary "Updated" status requires a new UI status and to check
refetch time stamps against `last_install` WITH updates available to
ensure showing "Updated" instead of "Updates available'
- wrote tests
- Added temporary "Installed" status requires a new UI status and to
check refetch time stamps against `last_install` to ensure "installed"
vs. "whatever other status would show"
- wrote tests
- Added temporary "---" status requires a new UI status and to check
refetch time stamps against `last_uninstall` to ensure "---" vs.
"whatever other status would show"
- wrote tests
- Added tooltips to all 3 temporary statuses to ensure users know it's a
temporary status "Fleet successfully [installed/uninstalled/updated]
software and is fetching latest software inventory."
## Screenrecording of mini feature
It works!
https://fleetdm.zoom.us/clips/share/6EPbQs2_R4mqWaqbNpd1iQ
All 3 temporary statuses (watch in 2x)
https://fleetdm.zoom.us/clips/share/iRSdgb5HQ6uEJv3wkhmXtA
# Checklist for submitter
## Testing
- [x] Added/updated automated tests
- [x] QA'd all new/changed functionality manually
---------
Co-authored-by: Ian Littman <iansltx@gmail.com>
for #31182
# Details
This PR implements the "Action Required" state for Windows host disk
encryption. This includes updates to reporting for:
* disk encryption summary (`GET /fleet/disk_encryption`)
* config profiles summary (`GET /configuration_profiles/summary`)
* config profile status ( `GET
/configuration_profiles/{profile_uuid}/status`)
For disk encryption summary, the statuses are now determined according
to [the rules in the
Figma](https://www.figma.com/design/XbhlPuEJxQtOgTZW9EOJZp/-28133-Enforce-BitLocker-PIN?node-id=5484-928&t=JB13g8zQ2QDVEmPB-0).
TL;DR if the criteria for "verified" or "verifying" are set, but a
required PIN is not set, we report a host as "action required".
For profiles, I followed what seems to be the existing pattern and set
the profile status to "pending" if the disk encryption status is "action
required". This is what we do for hosts with the "enforcing" or
"removing enforcement" statuses.
A lot of the changes in these files are due to the creation of the
`fleet.DiskEncryptionConfig` struct to hold info about disk encryption
config, and passing variables of that type to various functions instead
of passing a `bool` to indicate whether encryption is enabled. Other
than that, the functional changes are constrained to a few files.
> Note: to get the "require bitlocker pin" UI, compile the front end
with:
```
SHOW_BITLOCKER_PIN_OPTION=true NODE_ENV=development yarn run webpack --progress --watch
```
# Checklist for submitter
If some of the following don't apply, delete the relevant line.
- [ ] Changes file added for user-visible changes in `changes/`,
`orbit/changes/` or `ee/fleetd-chrome/changes`.
See [Changes
files](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/guides/committing-changes.md#changes-files)
for more information.
Changelog will be added when feature is complete.
- [X] Input data is properly validated, `SELECT *` is avoided, SQL
injection is prevented (using placeholders for values in statements)
## Testing
- [X] Added/updated automated tests
- [X] Where appropriate, [automated tests simulate multiple hosts and
test for host
isolation](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/reference/patterns-backend.md#unit-testing)
(updates to one hosts's records do not affect another)
- [ ] QA'd all new/changed functionality manually
Could use some help testing this end-to-end. I was able to test the
banners showing up correctly, but testing the Disk Encryption table
requires some Windows-MDM-fu (I just get all zeroes).
## Database migrations
- [X] Checked table schema to confirm autoupdate
- [X] Checked schema for all modified table for columns that will
auto-update timestamps during migration.
- [X] Confirmed that updating the timestamps is acceptable, and will not
cause unwanted side effects.
- [X] Ensured the correct collation is explicitly set for character
columns (`COLLATE utf8mb4_unicode_ci`).
# #30860
## Summary
* **New Features**
* Introduced dedicated modals for viewing install and uninstall details
for both VPP and non-VPP software, providing clearer and more consistent
information.
* Added support for displaying detailed install information for VPP host
software and improved handling of install status actions.
* Added an Inventory Versions modal to display detailed version history
for installed software on a host.
* **Improvements**
* Standardized and improved the design and behavior of install/uninstall
detail modals across the app.
* Refined callbacks and state management for launching modals from host
and self-service software tables.
* **Bug Fixes**
* Addressed issues with property naming and callback signatures in
install status handling.
* Addressed inconsistencies in displaying software details and status
across different components.
* **Refactor**
* Streamlined component props, callback signatures, and data models for
improved maintainability.
* Updated test cases and interfaces to align with the new modal and
callback structure.
* Removed legacy software details modal and related code, streamlining
the user interface.
* **Style**
* Updated modal and table styles for improved readability and
consistency.
## *Important note: Host software library modals for VPP apps currently
show only installed versions due to [an API bug that is being
addressed](https://github.com/fleetdm/fleet/issues/31459)
## Install details modal in various locations and states :
### Activity feeds (global, host details), non-VPP:
### Device user page self-service, non-VPP (with Retry functionality):
### Host software library, non-VPP:
### Activity feeds (global, host details), VPP apps:
### Device user page self-service, VPP apps (with Retry functionality):
### Uninstall modal samples - TODO
- [x] Changes file added for user-visible changes in `changes/`
## Testing
- [x] Added/updated automated tests
- [x] QA'd all new/changed functionality manually
---------
Co-authored-by: Jacob Shandling <jacob@fleetdm.com>
Co-authored-by: RachelElysia <rachel@fleetdm.com>
This change allows configuring a separate URL for SSO callbacks, which
is useful when organizations have different URLs for admin access vs
agent/API access.
Fixes#31480 the SSO issue where organizations with dual URL setups were
getting 'Destination does not match requested URL' errors after
upgrading to v4.71.0 with the new SAML library.
Video demo: https://www.youtube.com/watch?v=dFzNpUY3XKI
# Checklist for submitter
If some of the following don't apply, delete the relevant line.
- [x] Changes file added for user-visible changes in `changes/`,
`orbit/changes/` or `ee/fleetd-chrome/changes`.
See [Changes
files](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/guides/committing-changes.md#changes-files)
for more information.
## Testing
- [x] Added/updated automated tests
- [ ] QA'd all new/changed functionality manually
## New Fleet configuration settings
- [x] Verified that the setting is exported via `fleetctl
generate-gitops`
- [x] Verified the setting is documented in a separate PR to [the GitOps
documentation](https://github.com/fleetdm/fleet/blob/main/docs/Configuration/yaml-files.md#L485)
- Same PR since this is going to be a 4.71.1 patch
- [ ] Verified that the setting is cleared on the server if it is not
supplied in a YAML file (or that it is documented as being optional)
- [x] Verified that any relevant UI is disabled when GitOps mode is
enabled
<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit
## Summary by CodeRabbit
* **New Features**
* Added support for configuring a dedicated SSO URL, allowing
organizations to restrict SSO authentication to a specific URL.
* The new SSO URL option is available in both the UI and API
configuration settings.
* **Documentation**
* Updated configuration and API documentation to include the new SSO URL
option with usage examples.
* **Bug Fixes**
* Resolved authentication issues for organizations using separate URLs
for admin and agent/API access.
* **Tests**
* Added new unit and integration tests to verify SSO behavior with and
without the dedicated SSO URL.
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
quick change to host table to show "Not supported" for the serial number
cell for persaonl devices enrolled in mdm.
I've pulled out the check if a host is a personal device enrolled in mdm
and have used this where needed.
related to [#30627](https://github.com/fleetdm/fleet/issues/30627)
Updates to the integration page that creates new sections ABM and
Windows autopilot sections and updates copy for the cards.
<img width="808" height="579" alt="image"
src="https://github.com/user-attachments/assets/ec2e2123-6b87-4a2a-9209-a4a796413296"
/>
- [ ] Changes file added for user-visible changes in `changes/`,
`orbit/changes/` or `ee/fleetd-chrome/changes`.
- [x] Added/updated automated tests
- [x] Manual QA for all new/changed functionality
For [#30782](https://github.com/fleetdm/fleet/issues/30782)
This contains UI wide updates to support personal devices enrolled into
MDM. This includes:
**host details about card updates**
<img width="536" height="169" alt="image"
src="https://github.com/user-attachments/assets/a6e608e2-28b3-4bcc-ac03-4c45128bae66"
/>
**host details host actions dropdown updates (we will only show transfer
and delete for host
personal devices enrolled into MDM**
<img width="217" height="193" alt="image"
src="https://github.com/user-attachments/assets/7295e91a-7ceb-49f9-8351-5f2f4de7c450"
/>
**dashboard page MDM card updates. We've added a new row for personal
devices enrolled in mdm**
<img width="775" height="448" alt="image"
src="https://github.com/user-attachments/assets/ee819f16-faa4-437f-a6e8-2f6f8e6535dc"
/>
## NOTE
**We've also changed all instances of `On (automatic)` to `On
(company-owned)`. The API still returns `On (automatic)` so this is done
on the client side.**
- [x] Changes file added for user-visible changes in `changes/`,
`orbit/changes/` or `ee/fleetd-chrome/changes`.
- [x] Added/updated automated tests
- [x] Manual QA for all new/changed functionality
Found one during testing of Entra Conditional Access and then ran
https://github.com/crate-ci/typos to fix a few more.
<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit
* **Bug Fixes**
* Corrected various typographical errors in user-facing text, tooltips,
table headers, and messages across the application to improve clarity
and professionalism.
* Fixed spelling mistakes in success and error messages, tooltips, and
descriptive text on multiple pages.
* Updated test setup to use the correct sort type value for CSV
conversion tests.
* Improved consistency in UI labels and documentation comments.
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
## #14801
### [Demo
video](https://drive.google.com/file/d/1Lovk7iwvgUv1NpfsqSt-Is0yTBt0SZ5O/view?usp=sharing)
<img width="1624" alt="Screenshot 2025-07-02 at 4 58 33 PM"
src="https://github.com/user-attachments/assets/86c7b214-e8e4-4e58-9969-b1373ed97691"
/>
* **New Features**
* Added the ability to select a team and update the name when saving a
query as a new copy, using a dedicated modal dialog.
* **Improvements**
* Enhanced the team selection dropdown with new styling options and
clarified prop names.
* Updated query editing workflow to use a modal for "Save as new"
actions.
* Improved type safety and clarity in several interfaces and utility
functions.
* **Bug Fixes**
* Fixed inconsistencies in prop naming for team dropdown components.
* Ensured "Discard data" setting is maintained when "Save as new"ing a
query - it was previously not maintained correctly
* **Tests**
* Updated and removed tests to align with the new "Save as new" query
workflow and prop changes.
* Added utilities for creating mock location objects in tests.
* **Style**
* Added a new light grey color to the UI color palette.
- [x] Changes file added for user-visible changes in `changes/`
- [x] Added/updated automated tests
- [x] Manual QA for all new/changed functionality
---------
Co-authored-by: Jacob Shandling <jacob@fleetdm.com>
#29609
Verified the changes with [Entra ID's
validator](https://scimvalidator.microsoft.com/) and adding the
department attribute to the tester:
<img width="1312" alt="Screenshot 2025-06-27 at 8 54 32 AM"
src="https://github.com/user-attachments/assets/45a5deb8-7c65-49df-b3e8-eb05bea11f6b"
/>
<img width="1312" alt="Screenshot 2025-06-27 at 8 54 21 AM"
src="https://github.com/user-attachments/assets/91b554b5-b0b9-4bb6-a0cf-4e3b40e6ce21"
/>
- Tested with Okta
- TODO: Test with Entra ID and Google Workspace.
- I decided to not fail profile deployment if a user has no department
because it's not a required attribute, instead the
`FLEET_VAR_HOST_END_USER_IDP_DEPARTMENT` will be replaced with the empty
string.
---
- [X] Changes file added for user-visible changes in `changes/`,
`orbit/changes/` or `ee/fleetd-chrome/changes`.
See [Changes
files](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/guides/committing-changes.md#changes-files)
for more information.
- [X] Input data is properly validated, `SELECT *` is avoided, SQL
injection is prevented (using placeholders for values in statements)
- [X] If database migrations are included, checked table schema to
confirm autoupdate
(https://github.com/fleetdm/fleet/blob/main/docs/Configuration/yaml-files.md#L485)
- For database migrations:
- [X] Checked schema for all modified table for columns that will
auto-update timestamps during migration.
- [X] Confirmed that updating the timestamps is acceptable, and will not
cause unwanted side effects.
- [X] Ensured the correct collation is explicitly set for character
columns (`COLLATE utf8mb4_unicode_ci`).
- [X] Added/updated automated tests
- [X] Manual QA for all new/changed functionality
For #30001
# Details
When Fleet is started with logging configured in a way such that the
logging plugin has no `config`, clicking "Manage Automations" on the
manage queries page results in a 500 page. An example config would be:
```
fdm up --server_address=localhost:8080 --dev --dev_license --logging_debug --osquery_result_log_plugin=stdout --osquery_status_log_plugin=stdout --activity_audit_log_plugin=stdout
```
This PR fixes the issue by adding null protection for cases where the
`config` object is empty for the logging plugin.
# Checklist for submitter
If some of the following don't apply, delete the relevant line.
<!-- Note that API documentation changes are now addressed by the
product design team. -->
- [X] Changes file added for user-visible changes in `changes/`,
`orbit/changes/` or `ee/fleetd-chrome/changes`.
See [Changes
files](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/guides/committing-changes.md#changes-files)
for more information.
- [X] Manual QA for all new/changed functionality
For #27042.
Ready for review, just missing integration tests that I will be writing
today.
- [X] Changes file added for user-visible changes in `changes/`,
`orbit/changes/` or `ee/fleetd-chrome/changes`.
See [Changes
files](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/guides/committing-changes.md#changes-files)
for more information.
- [X] Input data is properly validated, `SELECT *` is avoided, SQL
injection is prevented (using placeholders for values in statements)
- [ ] Added support on fleet's osquery simulator `cmd/osquery-perf` for
new osquery data ingestion features.
- [X] If database migrations are included, checked table schema to
confirm autoupdate
- For new Fleet configuration settings
- [X] Verified that the setting can be managed via GitOps, or confirmed
that the setting is explicitly being excluded from GitOps. If managing
via Gitops:
- [X] Verified that the setting is exported via `fleetctl
generate-gitops`
- [X] Added the setting to [the GitOps
documentation](https://github.com/fleetdm/fleet/blob/main/docs/Configuration/yaml-files.md#L485)
- [X] Verified that the setting is cleared on the server if it is not
supplied in a YAML file (or that it is documented as being optional)
- [x] Verified that any relevant UI is disabled when GitOps mode is
enabled
- For database migrations:
- [X] Checked schema for all modified table for columns that will
auto-update timestamps during migration.
- [X] Confirmed that updating the timestamps is acceptable, and will not
cause unwanted side effects.
- [X] Ensured the correct collation is explicitly set for character
columns (`COLLATE utf8mb4_unicode_ci`).
- [x] Added/updated automated tests
- [X] Manual QA for all new/changed functionality
---------
Co-authored-by: jacobshandling <61553566+jacobshandling@users.noreply.github.com>
Co-authored-by: Jacob Shandling <jacob@fleetdm.com>
Added `neon` to list of Linux platforms associated with hosts so that
Linux-specific detail queries and policies will be sent to hosts running
the XDE Neon operating system.
This does not guarantee full compatibility with Neon, but will improve
telemetry.
Resolves#28560
# Checklist for submitter
If some of the following don't apply, delete the relevant line.
<!-- Note that API documentation changes are now addressed by the
product design team. -->
- [x] Changes file added for user-visible changes in `changes/`,
`orbit/changes/` or `ee/fleetd-chrome/changes`.
See [Changes
files](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/Committing-Changes.md#changes-files)
for more information.
- [x] Added/updated automated tests
- [ ] A detailed QA plan exists on the associated ticket (if it isn't
there, work with the product group's QA engineer to add it)
- [ ] Manual QA for all new/changed functionality
