Customers that have deployed the Fleet agent with the Fleet Desktop
application enabled sometimes want a method to arbitrarily disable Fleet
Desktop without deploying a new Fleet agent package installer.
This workflow writes a script & a Launch Daemon on a macOS Host which is
executed as a background process (because it must stop & restart the
Fleet agent) in order to disable the Fleet Desktop application by
modifying the Fleet agent configuration.
Updated the docs based on our experience QA-ing
https://github.com/fleetdm/fleet/issues/19372
There will be a follow-up PR with some details for generating the base
installer during development.
#22187
Similar fix to #22555: resolve paths at spec parsing time rather than
when trying to grab files
# Checklist for submitter
If some of the following don't apply, delete the relevant line.
<!-- Note that API documentation changes are now addressed by the
product design team. -->
- [x] Changes file added for user-visible changes in `changes/`,
`orbit/changes/` or `ee/fleetd-chrome/changes`.
See [Changes
files](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/Committing-Changes.md#changes-files)
for more information.
- [x] Added/updated tests
- [x] Manual QA for all new/changed functionality
This is a really bad PR. I am sorry. I previewed it and I know it looks
horrible. Please consider it only little stickerboard of ideas.
I do, however, stand by these ideas (though not my execution of them):
- changing the first sentence to clarify whether or not this is SSO for
the Fleet console GUI/CLI experience, or if we're talking about end user
admin for employees using Fleet Desktop / getting "zero touched"
(signing into their ABM'd or autopiloted devices)
- finding some way to name Okta, and ideally the other examples I
provided, for SEO, to give people examples from a set, to get
recognizable names of the integratiion above the fold, to give people a
dash of personality by including authentik
- consolidating JIT and the other SAML implementation details into a
sentence
- unhoisting it downards (though not in the weird way I did it) -
> References:
> - ["Why read
documentation?"](https://fleetdm.com/handbook/company/why-this-way#why-read-documentation)
---------
Co-authored-by: Noah Talerman <47070608+noahtalerman@users.noreply.github.com>
Took a stab at implementing #23314 since it is a text change only.
Documentation changes are
[here](https://github.com/fleetdm/fleet/pull/23375); if this gets merged
I'll make a new PR to the v4.60.0 docs.
---------
Co-authored-by: Ian Littman <iansltx@gmail.com>
- Update section headers so that config options show up in the right
side bar. Today, there's only one header that shows up in the sidebar:
- Remove "Example YAML" sections b/c they're redundant. More to maintain
Changes:
- Updated the styles and layout of the article template page sidebar to
match the latest wireframes
- Updated the scrolling function for sticky sidebars on articles and
docs pages
- Updated the sidebar CTA on article pages to check `typeof me` instead
of `me`.
We discussed at backend sync today (2024-11-05) that we'd like to start
adding READMEs in the codebase for very tactical documentation.
This is an inital README for the cron/scheduling machinery.
Automated update of MIN_OSQUERY_VERSION_OPTIONS with any new osquery
release. (Note: This automatic update is the solution to issue #21431)
Co-authored-by: RachelElysia <RachelElysia@users.noreply.github.com>
Closes: https://github.com/fleetdm/confidential/issues/8672
Changes:
- Updated the pricing page script to switch the pricing table to a
different buying mode if a user visits /pricing#it or /pricing#security
Related to: https://github.com/fleetdm/fleet/issues/19312
Changes:
- Updated the send-data-to-vanta script to exclude hosts on a specific
team when it runs for Fleet's Vanta integration.
---------
Co-authored-by: Ian Littman <iansltx@gmail.com>
relates to #23128
updates mock service worker package as it was using a version of
`path-to-regexp` that had a high security vulnerability. This updated
version of msw uses a newer version of the package that does not have
this vulnerability
I had to add the `jest-fixed-dom` package to update msw as well as
update our version of typescript to 4.7
#22269
# Checklist for submitter
If some of the following don't apply, delete the relevant line.
<!-- Note that API documentation changes are now addressed by the
product design team. -->
- [x] Changes file added for user-visible changes in `changes/`,
`orbit/changes/` or `ee/fleetd-chrome/changes`.
See [Changes
files](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/Committing-Changes.md#changes-files)
for more information.
- [x] Added/updated tests
- [x] Manual QA for all new/changed functionality
#23204
When deleting Pending hosts, using the standard `ds.DeleteHosts` method.
This seems cleaner and more scalable than trying to handle every host
table in cleanups cron.
# Checklist for submitter
- [x] Added/updated tests
- [x] Manual QA for all new/changed functionality
relates to #21633
This adds an info banner for cloud customers to help them with their
Windows autoenrollment setup.
- [x] Changes file added for user-visible changes in `changes/`,
`orbit/changes/` or `ee/fleetd-chrome/changes`.
- [x] Manual QA for all new/changed functionality
#23258 (see
[comment](https://github.com/fleetdm/fleet/issues/23258#issuecomment-2443304838)
for rationale)
Validated by removing the two places that would create the directory
(early in scanVulnerabilities in cron.go, partway through download in
download.go) and ensuring the test failed (timeout after 10s).
Both dir creations happen early in the vulns cron so I was able to
drastically tighten the timing on the periodic check on this test, so
this tests completes way quicker than before as an added benefit
(automatic test parallelism notwithstanding).
The panic recovery here theoretically shouldn't be necessary, as on a
passed test the context will get cancelled while syncing the CPE sqlite,
but is included to ensure the test doesn't flake if the implementation
of the vulnerabilities cron changes such that we _would_ get a panic by
cancelling the context this early.
# Checklist for submitter
- [x] Added/updated tests
From discussions with @jahzielv.
QAing ADE flows:
1. New version of fleetd is pushed to `edge`
2. QA folks can trigger this new workflow and download the generated
`fleetd-base.pkg` and `fleetd-base-manifest.plist`.
3. Host the downloaded files (in `foobar/`) in their ngroks URLs (using
e.g. `go tools ./tools/file-server 8085 foobar/`)
4. Use Fleet's `FLEET_DEV_DOWNLOAD_FLEETDM_URL` to point the Fleet
server to their ngrok URL.
#23505
Unreleased NDES bug
Profile error was being overwritten by a subsequent DB update.
# Checklist for submitter
- [x] Added/updated tests
- [x] Manual QA for all new/changed functionality
