Closes: https://github.com/fleetdm/fleet/issues/35222
Changes:
- Updated the `view-fleet-premium-trial-or-redirect` action to redirect
users who have purchased a self-service Fleet Premium license to their
customer dashboard.
<!-- Add the related story/sub-task/bug number, like Resolves#123, or
remove if NA -->
**Related issue:** Attempt at debugging #34776
Another attempt to further debug this issue. This attempt tries to
verify that the scopes for the token is correct, and is not overriden by
another call to the scopes.
The reason is that the `www-authenticate` response header is saying
`error="insufficient_scope"`
<!-- Add the related story/sub-task/bug number, like Resolves#123, or
remove if NA -->
**Related issue:** Attempt at solving #34776
This was verified by extracting the create topic, and getIamPolicy, and
without the flow.build it worked fine, but when added it started
failing.
<!-- Add the related story/sub-task/bug number, like Resolves#123, or
remove if NA -->
**Related issue:** Resolves#34776
Adds delay to subsequent retries on creation of Android enterprise
---------
Co-authored-by: Eric <eashaw@sailsjs.com>
Related to: https://github.com/fleetdm/fleet/issues/34776
Changes:
- Updated the create-android-enterprise endpoint to retry the
getIamPolicy and setIamPolicy methods when creating a new android
enterprise.
This PR adds a small log warn statement to the fleetdm proxy for a 400
error on creating enterprise that is not an invalid token.
See this slack thread about the issue, and missing error log to further
debug the issue, unless running it locally, and then it is sometimes not
reproducable.
<!-- Add the related story/sub-task/bug number, like Resolves#123, or
remove if NA -->
**Related issue:** Resolves #
# Checklist for submitter
If some of the following don't apply, delete the relevant line.
- [ ] Changes file added for user-visible changes in `changes/`,
`orbit/changes/` or `ee/fleetd-chrome/changes`.
See [Changes
files](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/guides/committing-changes.md#changes-files)
for more information.
- [ ] Input data is properly validated, `SELECT *` is avoided, SQL
injection is prevented (using placeholders for values in statements)
- [ ] If paths of existing endpoints are modified without backwards
compatibility, checked the frontend/CLI for any necessary changes
## Testing
- [ ] Added/updated automated tests
- [ ] Where appropriate, [automated tests simulate multiple hosts and
test for host
isolation](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/reference/patterns-backend.md#unit-testing)
(updates to one hosts's records do not affect another)
- [ ] QA'd all new/changed functionality manually
For unreleased bug fixes in a release candidate, one of:
- [ ] Confirmed that the fix is not expected to adversely impact load
test results
- [ ] Alerted the release DRI if additional load testing is needed
## Database migrations
- [ ] Checked schema for all modified table for columns that will
auto-update timestamps during migration.
- [ ] Confirmed that updating the timestamps is acceptable, and will not
cause unwanted side effects.
- [ ] Ensured the correct collation is explicitly set for character
columns (`COLLATE utf8mb4_unicode_ci`).
## New Fleet configuration settings
- [ ] Setting(s) is/are explicitly excluded from GitOps
If you didn't check the box above, follow this checklist for
GitOps-enabled settings:
- [ ] Verified that the setting is exported via `fleetctl
generate-gitops`
- [ ] Verified the setting is documented in a separate PR to [the GitOps
documentation](https://github.com/fleetdm/fleet/blob/main/docs/Configuration/yaml-files.md#L485)
- [ ] Verified that the setting is cleared on the server if it is not
supplied in a YAML file (or that it is documented as being optional)
- [ ] Verified that any relevant UI is disabled when GitOps mode is
enabled
## fleetd/orbit/Fleet Desktop
- [ ] Verified compatibility with the latest released version of Fleet
(see [Must
rule](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/workflows/fleetd-development-and-release-strategy.md))
- [ ] If the change applies to only one platform, confirmed that
`runtime.GOOS` is used as needed to isolate changes
- [ ] Verified that fleetd runs on macOS, Linux and Windows
- [ ] Verified auto-update works from the released version of component
to the new version (see [tools/tuf/test](../tools/tuf/test/README.md))
Haven't fully QA'd as I am not sure how to repro locally(when I test the
pubsub arrives before we ever run the reconciler) however this should
cause 4xx to be returned from the website instead of 5xx for android
unenrolled. We use the exact same code on a different endpoint
<!-- Add the related story/sub-task/bug number, like Resolves#123, or
remove if NA -->
**Related issue:** Resolves#34988 partially. This just helps reduce
alerts to help-p1 and implements the interface that the server is
expecting
Changes:
- Updated who gets assigned a Render trial instance in the website's
signup action
- Updated how RenderProofOfValue records are sorted when they are
assigned to a user
Related to: https://github.com/fleetdm/fleet/issues/33798
Changes:
- Updated the redirects for logged-in users for the /login and /register
pages to take users to the /try page.
- Updated the primary button color in the query generator and the
landing page generator stylesheet template
Changes:
- Updated the "Try it now" button on the website's header navigation, it
will now open a signup/login modal on every page (excluding the
dedicated /register and /login pages)
- Updated the website to assign Fleet Premium instances hosted on Render
to eligible users. All other users will be given a 30-day Fleet Premium
trial license key to use with their deployment method of choice.
- Added a script that creates and manages a pool of Render instances.
- Added a new database model: `RenderProofOfValue`
- Added four new email templates
- Updated primary button colors to match the core product.
- Removed the organization requirement for new users signing up.
- Added a new component: `<signup-modal>`
- Added a new attribute to the User model: `fleetPremiumTrialType`
Introduces a new event type for GitHub contributions to the
fleetdm/fleet repository across webhook controller and Salesforce helper
modules. This enables tracking and handling of user contributions in
addition to existing GitHub events.
<!-- Add the related story/sub-task/bug number, like Resolves#123, or
remove if NA -->
**Related issue:** Resolves#34299
Unreleased bug in Android Config profiles 4.75.0 feature. No changes
file as such. I'm not entirely sure how to cause this as I was unable to
repro it locally, there may be a timing issue or something, so I haven't
fully QA'd manually. QA was limited to verifying basic reconciler
functionality
Also updated Website endpoint to not throw a 5XX since we expect this to
occasionally happen
# Checklist for submitter
If some of the following don't apply, delete the relevant line.
- [x] Changes file added for user-visible changes in `changes/`,
`orbit/changes/` or `ee/fleetd-chrome/changes`.
See [Changes
files](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/guides/committing-changes.md#changes-files)
for more information.
- [x] Input data is properly validated, `SELECT *` is avoided, SQL
injection is prevented (using placeholders for values in statements)
- [x] If paths of existing endpoints are modified without backwards
compatibility, checked the frontend/CLI for any necessary changes
## Testing
- [x] Added/updated automated tests
- [x] Where appropriate, [automated tests simulate multiple hosts and
test for host
isolation](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/reference/patterns-backend.md#unit-testing)
(updates to one hosts's records do not affect another)
- [ ] QA'd all new/changed functionality manually
For unreleased bug fixes in a release candidate, one of:
- [x] Confirmed that the fix is not expected to adversely impact load
test results
Added 'GitHub - Stared fleetdm/fleet' and 'GitHub - Forked
fleetdm/fleet' to the activity type arrays in webhook and Salesforce
helper modules to track new forms of user engagement.
<!-- Add the related story/sub-task/bug number, like Resolves#123, or
remove if NA -->
**Related issue:** Resolves#33848
<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit
- New Features
- Added support for the Security & Compliance project within the GitHub
integration, enabling tracking and visibility alongside existing
projects.
- Refactor
- Streamlined project mapping logic to improve consistency when
processing updates from GitHub; behavior for existing projects remains
unchanged.
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
Related to: https://github.com/fleetdm/fleet/issues/33266
Changes:
- Added a new helper
`sails.helpers.androidProxy.getIsEnterpriseManagedByFleet`. This helper
returns `true` if a provided Android Enterprise ID is present in the
list of all Android Enterprises managed by Fleet, or `false` if it is
not in the list.
- Updated `create-android-enrollment-token`,
`create-android-signup-url`, and `modify-android-policies` to return a
404 response to the requesting Fleet instance if their Android
Enterprise is not managed by Fleet.
Closes: #33548
Changes:
- Added a new configuration variable
`sails.config.custom.bannedEmailDomainsForContactFormSubmissions` that
contains a list of domains (currently a single domain) that cannot be
used to submit the contact form
- Updated the `bannedEmailDomainsForWebsiteSubmissions` list to include
`example.com`
- Updated the deliver-contact-form-message action to return an
`invalidEmailDomain` exit if the contact form is submitted with an email
domain in the `bannedEmailDomainsForContactFormSubmissions` list
Closes: #33548
Changes:
- Added `isEmail` validation to emailAddress inputs. The updated
endpoints will now return 400 responses if a user bypasses the frontend
validation.
Closes: #33454
Changes:
- Updated the receive-from-github webhook to log warnings that includes
information about the affected issue/pr if requests to the GitHub API
fail.
Changes:
- Updated the receive-from-clay webhook's inputs to have the same `isIn`
lists as the helpers the webhook uses.
- Removed the `invalidContactOrAccountCriteria` and
`invalidHistoricalEventCriteria` exits in the receive from clay webhook.
Related to: https://github.com/fleetdm/confidential/issues/11779
Changes:
- Updated the `deliver-talk-to-us-form-submission` to use information
returned by the getEnriched helper to determine the Calendly event users
are taken to when they submit the form.
Closes: https://github.com/fleetdm/confidential/issues/12218
Changes:
- Added a testimonial from David Bodmer
- Updated the device management testimonials shown on the MDM page,
homepage, and testimonials page
Related to: https://github.com/fleetdm/confidential/issues/10737
Changes:
- Added `docs/scripts.yml`, a YAML file that contains a list of scripts
- Added `docs/mdm-commands.yml`, a YAML file that contains Windows and
Apple MDM commands
- Added `/mdm-commands`, a page that contains a list of MDM commands for
Windows and Apple commands
- Added `/scripts`, a page that contains a list of scripts
- Updated the `<docs-nav-and-search>` component to have a link to the
controls library, and reordered the lists.
- Updated the build static content script to add the scripts and mdm
commands from scripts.yml and mdm-commands.yml to the website's
`builtStaticContent` configuration.
- Updated the layout of the os-settings page to match the latest
wireframes
Closes: https://github.com/fleetdm/fleet/issues/33148
Changes:
- Updated the receive-from-zoom webhook to return a `zoomApiError` exit
when Zoom returns a non-200 response when it sends an API request to get
information about a call.
