#21998
While looking through this I noticed a few other issues:
1. We seem to be inconsistent about what time we pick for OS update
deadlines. For profiles [it's noon local
time](2e5bf75b6d/ee/server/service/mdm.go (L1096)),
while for Nudge [it appears to be 4am...server time or
UTC](2e5bf75b6d/server/fleet/nudge.go (L53-L57))?
#9013 also mentions "noon UTC-8/Pacific Standard Time", which is neither
of the above (and means that, if implemented as spec'd, the deadline
would shift by an hour during DST), while docs prior to this PR
mentioned 4am UTC-8. Maybe we don't care enough to fix the Nudge
behavior since macOS 14 (which no longer requires Nudge) came out over a
year ago, but we should at least agree on desired behavior for DDM and
document that (which is what I've done for iOS/iPad OS since they don't
use Nudge).
2. The [REST API
docs](2e5bf75b6d/docs/REST%20API/rest-api.md (L1720-L1757))
don't seem to match the description of macOS behavior in the article;
the former indicates that OS updates pop up with increasing frequency
post-deadline, rather than having an impassible dialog. This may be
because behavior changed from Nudge to DDM, but iOS/iPadOS got
copy-pasted from the macOS REST docs and they never used Nudge. My guess
is that we should describe DDM behavior here.
Tagging in @mna as he looks to have implemented DDM OS updates so should
have some context here, and @noahtalerman to confirm desired behavior,
particularly on the deadline side.
---------
Co-authored-by: Rachael Shaw <r@rachael.wtf>
This applies some consistency fixes as well (e.g. noting that Mac/Win
enforcement requires MDM). Also removed mention of MDM on iOS/iPadOS
enforcement as if an iOS/iPadOS host is enrolled, it's enrolled via MDM.
See #21998
Closes https://github.com/fleetdm/fleet/issues/22951
- Updated the guides listed on
https://fleetdm.com/docs/get-started/tutorials-and-guides to only
include the most essential onboarding guides. Guides are listed in the
following order:
- Deploying Fleet
- Organizational units
- Controls
- Installing software
- Admin
- Added archive notices to the three "How to install osquery..."
articles
- Added "Further reading" links to the bottom of the Queries guide and
Policies guide to point to related advanced topics
- Renamed "Managing labels in Fleet" to "Labels" for parallelism with
our other guides (left the URL as is, no redirect necessary)
- Renamed "What are Fleet policies" to "Policies" for parallelism with
our other guides (left the URL as is, no redirect necessary)
- Update guides to reflect use case: automatically run scripts and
install software
- @noahtalerman: I removed top image from "Automatically run scripts"
b/c I think it looked rushed/unexpected
- Update "execute" language to "run" and add "manual" language
- Clarify when a policy's host counts are reset
- Clarify support for policy automations: team v. default (global) v. no
team
- Update `software.packages` example to best practice: separate file
- Inline is supported for backwards compatibility
- Remove `policies` and `controls` call outs about "No team." This info
is covered in the starter filed in fleetdm/gitops. For an example, see
`teams/no-teams.yml` here:
https://github.com/fleetdm/fleet-gitops/blob/main/teams/no-team.yml
# Checklist for submitter
If some of the following don't apply, delete the relevant line.
<!-- Note that API documentation changes are now addressed by the
product design team. -->
- [x] Changes file added for user-visible changes in `changes/`,
`orbit/changes/` or `ee/fleetd-chrome/changes`.
See [Changes
files](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/Committing-Changes.md#changes-files)
for more information.
- [x] Manual QA for all new/changed functionality
> No issue, just a fix from a customer convo today
# Checklist for submitter
If some of the following don't apply, delete the relevant line.
<!-- Note that API documentation changes are now addressed by the
product design team. -->
Cleaned up instructions.
# Checklist for submitter
If some of the following don't apply, delete the relevant line.
<!-- Note that API documentation changes are now addressed by the
product design team. -->
- [ ] Changes file added for user-visible changes in `changes/`,
`orbit/changes/` or `ee/fleetd-chrome/changes`.
See [Changes
files](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/Committing-Changes.md#changes-files)
for more information.
- [ ] Input data is properly validated, `SELECT *` is avoided, SQL
injection is prevented (using placeholders for values in statements)
- [ ] Added support on fleet's osquery simulator `cmd/osquery-perf` for
new osquery data ingestion features.
- [ ] Added/updated tests
- [ ] If paths of existing endpoints are modified without backwards
compatibility, checked the frontend/CLI for any necessary changes
- [ ] If database migrations are included, checked table schema to
confirm autoupdate
- For database migrations:
- [ ] Checked schema for all modified table for columns that will
auto-update timestamps during migration.
- [ ] Confirmed that updating the timestamps is acceptable, and will not
cause unwanted side effects.
- [ ] Ensured the correct collation is explicitly set for character
columns (`COLLATE utf8mb4_unicode_ci`).
- [ ] Manual QA for all new/changed functionality
- For Orbit and Fleet Desktop changes:
- [ ] Orbit runs on macOS, Linux and Windows. Check if the orbit
feature/bugfix should only apply to one platform (`runtime.GOOS`).
- [ ] Manual QA must be performed in the three main OSs, macOS, Windows
and Linux.
- [ ] Auto-update manual QA, from released version of component to new
version (see [tools/tuf/test](../tools/tuf/test/README.md)).
---------
Co-authored-by: Rachael Shaw <r@rachael.wtf>
- Add examples that make it clear that these are label names (not IDs)
---------
Co-authored-by: Allen Houchins <32207388+allenhouchins@users.noreply.github.com>
For #21955 (the story has a video demo of core functionality)
Follow up for PR #22542
# Checklist for submitter
- [x] Added/updated tests
- [x] Manual QA for all new/changed functionality
Remove any reference to CLI only flag`disable_tables` in
`agent_options.config.options` and added a reference to
`agent_options.command_line_flags`
# Checklist for submitter
If some of the following don't apply, delete the relevant line.
<!-- Note that API documentation changes are now addressed by the
product design team. -->
-Documentation only change, thanks to @rebeccaui for calling it out!
effort to compile all the resources we have scattered about MDM and
document a few fleet-specific behaviors.
---------
Co-authored-by: Victor Lyuboslavsky <victor.lyuboslavsky@gmail.com>
Co-authored-by: mostlikelee <tim@mostlikelee.com>
Annotations file feedback row 15.3: Clarity is needed in order to track
what steps are required to successfully complete a deployment.
# Checklist for submitter
If some of the following don't apply, delete the relevant line.
<!-- Note that API documentation changes are now addressed by the
product design team. -->
---------
Co-authored-by: Joey Salazar <jgsal@yahoo.com>
Co-authored-by: Rachael Shaw <r@rachael.wtf>
#22424, #22705
TODO: integration test updates
# Checklist for submitter
If some of the following don't apply, delete the relevant line.
<!-- Note that API documentation changes are now addressed by the
product design team. -->
- [x] Changes file added for user-visible changes in `changes/`,
`orbit/changes/` or `ee/fleetd-chrome/changes`.
See [Changes
files](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/Committing-Changes.md#changes-files)
for more information.
- [x] Input data is properly validated, `SELECT *` is avoided, SQL
injection is prevented (using placeholders for values in statements)
- [x] Added/updated tests
- [x] If database migrations are included, checked table schema to
confirm autoupdate
- For database migrations:
- [x] Checked schema for all modified table for columns that will
auto-update timestamps during migration.
- [x] Confirmed that updating the timestamps is acceptable, and will not
cause unwanted side effects.
- [x] Ensured the correct collation is explicitly set for character
columns (`COLLATE utf8mb4_unicode_ci`).
- [x] Manual QA for all new/changed functionality
#22692
# Checklist for submitter
If some of the following don't apply, delete the relevant line.
<!-- Note that API documentation changes are now addressed by the
product design team. -->
- [x] Changes file added for user-visible changes in `changes/`,
`orbit/changes/` or `ee/fleetd-chrome/changes`.
See [Changes
files](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/Committing-Changes.md#changes-files)
for more information.
- [x] Input data is properly validated, `SELECT *` is avoided, SQL
injection is prevented (using placeholders for values in statements)
- [x] Added/updated tests
- [x] If database migrations are included, checked table schema to
confirm autoupdate
- For database migrations:
- [x] Checked schema for all modified table for columns that will
auto-update timestamps during migration.
- [x] Confirmed that updating the timestamps is acceptable, and will not
cause unwanted side effects.
- [x] Ensured the correct collation is explicitly set for character
columns (`COLLATE utf8mb4_unicode_ci`).
- [x] Manual QA for all new/changed functionality
# Checklist for submitter
If some of the following don't apply, delete the relevant line.
<!-- Note that API documentation changes are now addressed by the
product design team. -->
- [ ] Changes file added for user-visible changes in `changes/`,
`orbit/changes/` or `ee/fleetd-chrome/changes`.
See [Changes
files](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/Committing-Changes.md#changes-files)
for more information.
- [ ] Input data is properly validated, `SELECT *` is avoided, SQL
injection is prevented (using placeholders for values in statements)
- [ ] Added support on fleet's osquery simulator `cmd/osquery-perf` for
new osquery data ingestion features.
- [ ] Added/updated tests
- [ ] If paths of existing endpoints are modified without backwards
compatibility, checked the frontend/CLI for any necessary changes
- [ ] If database migrations are included, checked table schema to
confirm autoupdate
- For database migrations:
- [ ] Checked schema for all modified table for columns that will
auto-update timestamps during migration.
- [ ] Confirmed that updating the timestamps is acceptable, and will not
cause unwanted side effects.
- [ ] Ensured the correct collation is explicitly set for character
columns (`COLLATE utf8mb4_unicode_ci`).
- [ ] Manual QA for all new/changed functionality
- For Orbit and Fleet Desktop changes:
- [ ] Orbit runs on macOS, Linux and Windows. Check if the orbit
feature/bugfix should only apply to one platform (`runtime.GOOS`).
- [ ] Manual QA must be performed in the three main OSs, macOS, Windows
and Linux.
- [ ] Auto-update manual QA, from released version of component to new
version (see [tools/tuf/test](../tools/tuf/test/README.md)).
Updated the "How to uninstall osquery" document to no longer reference
older osquery references and file paths that no longer exist.
---------
Co-authored-by: JD <spokanemac@users.noreply.github.com>
Co-authored-by: Eric <eashaw@sailsjs.com>
API changes for #22069.
---------
Co-authored-by: Marko Lisica <83164494+marko-lisica@users.noreply.github.com>
Co-authored-by: Ian Littman <iansltx@gmail.com>
Co-authored-by: Noah Talerman <noahtal@umich.edu>
Co-authored-by: Rachael Shaw <r@rachael.wtf>
Co-authored-by: mostlikelee <tim@mostlikelee.com>
Co-authored-by: Tim Lee <timlee@fleetdm.com>
Co-authored-by: Marko Lisica <markol.lisica@gmail.com>
Co-authored-by: Ian Littman <iansltx@gmail.com>
Co-authored-by: Luke Heath <luke@fleetdm.com>
GitOps and API changes for the following story:
- #9956
DONE:
- ~~Contributor API endpoints to support best practice GitOps (`fleetctl
gitops`) and backwards compatibility GitOps (`fleetctl apply`)~~
- https://github.com/fleetdm/fleet/pull/21043#issuecomment-2338218929
---------
Co-authored-by: Martin Angers <martin.n.angers@gmail.com>
Co-authored-by: Dante Catalfamo <43040593+dantecatalfamo@users.noreply.github.com>
Co-authored-by: Marko Lisica <83164494+marko-lisica@users.noreply.github.com>
Co-authored-by: George Karr <georgekarrv@users.noreply.github.com>
Co-authored-by: Gabriel Hernandez <ghernandez345@gmail.com>
Co-authored-by: Rachael Shaw <r@rachael.wtf>
Also adds a line in the makefile help for generate-doc, as it took me
way too long to find that command this time.
# Checklist for submitter
- [x] Manual QA for all new/changed functionality
