For #26623
- Updated `github.com/groob/plist` to `github.com/micromdm/plist` -- it
was renamed
- Added validation that restricts DigiCert Fleet variables to
`com.apple.security.pkcs12` payloads plus additional restrictions
- Added validation that restricts Custom SCEP Fleet variables to
`com.apple.security.scep` payloads plus additional restrictions
- Enabled multiple CAs (Fleet variables) to be present in an Apple MDM
profile. But each CA can only be used once. For example, we can have
DigiCert CA and Custom SCEP CA in one Apple profile.
# Checklist for submitter
- [x] If database migrations are included, checked table schema to
confirm autoupdate
- For database migrations:
- [x] Checked schema for all modified table for columns that will
auto-update timestamps during migration.
- [x] Confirmed that updating the timestamps is acceptable, and will not
cause unwanted side effects.
- [x] Ensured the correct collation is explicitly set for character
columns (`COLLATE utf8mb4_unicode_ci`).
- [x] Added/updated automated tests
- [x] A detailed QA plan exists on the associated ticket (if it isn't
there, work with the product group's QA engineer to add it)
- [x] Manual QA for all new/changed functionality
For #26623
This PR enables deploying an Apple configuration profile with Fleet
proxying a custom SCEP server.
# Checklist for submitter
- [x] Changes file added for user-visible changes in `changes/`,
`orbit/changes/` or `ee/fleetd-chrome/changes`.
- [x] If database migrations are included, checked table schema to
confirm autoupdate
- For database migrations:
- [x] Checked schema for all modified table for columns that will
auto-update timestamps during migration.
- [x] Confirmed that updating the timestamps is acceptable, and will not
cause unwanted side effects.
- [x] Ensured the correct collation is explicitly set for character
columns (`COLLATE utf8mb4_unicode_ci`).
- [x] Added/updated automated tests
- [x] A detailed QA plan exists on the associated ticket (if it isn't
there, work with the product group's QA engineer to add it)
- [x] Manual QA for all new/changed functionality
> For #26345
# Checklist for submitter
If some of the following don't apply, delete the relevant line.
<!-- Note that API documentation changes are now addressed by the
product design team. -->
- [x] Changes file added for user-visible changes in `changes/`,
`orbit/changes/` or `ee/fleetd-chrome/changes`.
See [Changes
files](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/Committing-Changes.md#changes-files)
for more information.
- [x] Added/updated automated tests
- [x] A detailed QA plan exists on the associated ticket (if it isn't
there, work with the product group's QA engineer to add it)
- [x] Manual QA for all new/changed functionality
Documentation changes for the 4.65.0 release
---------
Co-authored-by: Marko Lisica <83164494+marko-lisica@users.noreply.github.com>
Co-authored-by: Noah Talerman <47070608+noahtalerman@users.noreply.github.com>
Co-authored-by: Sarah Gillespie <73313222+gillespi314@users.noreply.github.com>
Co-authored-by: Ian Littman <iansltx@gmail.com>
Co-authored-by: Eric <eashaw@sailsjs.com>
Co-authored-by: Janis Watts <184028114+jmwatts@users.noreply.github.com>
Co-authored-by: Victor Lyuboslavsky <victor@fleetdm.com>
Hi Fleet team!
I'm an engineer at authentik and I've been working on a guide to help
our users integrate Fleet with authentik as an identity provider. While
our own documentation is still in progress, I wanted to contribute this
guide to the Fleet documentation to help our users get started with SSO.
This PR expands Fleet's Single Sign-on guide to include a section for
[authentik](https://goauthentik.io) as an identity provider.
Please let me know if I can provide any additional information or make
any changes to this PR.
Thank you for considering this contribution!
Remove settings that aren't minimally required to make it simpler to
follow along
@rfairburn @edwardsb @lukeheath Y'all, please stop me if this is a bad
idea.
I found that `GET /api/v1/fleet/vpp` isn't working, but is still
documented. I believe we moved to new endpoint to manage VPP tokens:
`GET /api/v1/fleet/vpp_tokens`
## For #25034
### API changes:
[this PR diff](https://github.com/fleetdm/fleet/pull/25013/files)
("available_teams" change is adding missing documentation for current
API behavior)
### schema changes:
- new col in `users` table, `settings`, type `json`. Defaults to `{}`.
New setting, `hidden_host_columns`, added or updated on first relevant
API call per user.
### semantics
- **null** `"hidden_host_columns"` field means "not yet set, use
defaults": `{"settings":{"hidden_host_columns": null}}`
- **included and empty** `"hidden_host_columns"` field means "no columns
hidden, show all columns in the UI":
`{"settings":{"hidden_host_columns": []}}`
### Updates 1/7/25 per discussion with @rachaelshaw @lucasmrod
@sgress454:
- Optional query param `include_ui_settings=true` included with `GET`s
to `/me` or `/users/:id` will trigger considering the API call to be a
contributor API call, giving more flexibility for future changes. Note
that this is the first time we have one endpoint that can be
conditionally considered a contributor endpoint depending on how it is
called.
---------
Co-authored-by: Jacob Shandling <jacob@fleetdm.com>
For #26933.
# Checklist for submitter
If some of the following don't apply, delete the relevant line.
<!-- Note that API documentation changes are now addressed by the
product design team. -->
- [x] Changes file added for user-visible changes in `changes/`,
`orbit/changes/` or `ee/fleetd-chrome/changes`.
See [Changes
files](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/Committing-Changes.md#changes-files)
for more information.
- [x] Input data is properly validated, `SELECT *` is avoided, SQL
injection is prevented (using placeholders for values in statements)
- [x] Added/updated automated tests
- [x] A detailed QA plan exists on the associated ticket (if it isn't
there, work with the product group's QA engineer to add it)
- [x] Manual QA for all new/changed functionality
---------
Co-authored-by: Rachael Shaw <r@rachael.wtf>
Cleaning up and standardizing use of quotations in YAML.
1. Updated to use single quotes
2. Updated to use double quotes to enclose single quote references.
3. Removed extraneous quotes around strings.
Replacing an old screenshot for SSO-Setup that removes the `issuer URI`
field that is no longer needed nor available in Fleet
---------
Co-authored-by: Eric <eashaw@sailsjs.com>
Softwares query for macOS corrected in Vitals. Was showing query for
linux.
# Checklist for submitter
If some of the following don't apply, delete the relevant line.
<!-- Note that API documentation changes are now addressed by the
product design team. -->
- [ ] Input data is properly validated, `SELECT *` is avoided, SQL
injection is prevented (using placeholders for values in statements)
- [ ] Manual QA for all new/changed functionality
---------
Co-authored-by: Rachael Shaw <r@rachael.wtf>
For #26218
- Added `users_deleted` table to track user actions if the user was
actually deleted.
- Added enable/disable Android MDM activities
Note: I could not auto-generate fleet.Service mock because it has issues
with methods that don't return anything. I ended up using testify mock
instead.
# Checklist for submitter
- [x] If database migrations are included, checked table schema to
confirm autoupdate
- For database migrations:
- [x] Checked schema for all modified table for columns that will
auto-update timestamps during migration.
- [x] Confirmed that updating the timestamps is acceptable, and will not
cause unwanted side effects.
- [x] Ensured the correct collation is explicitly set for character
columns (`COLLATE utf8mb4_unicode_ci`).
- [x] Added/updated automated tests
- [x] Manual QA for all new/changed functionality
A new feature in osquery `5.16` was created to allow for scanning of
user directories for python packages. If the new version of osquery is
detected use the new query, otherwise use the old query.
https://github.com/fleetdm/fleet/issues/26423
- [x] Changes file added for user-visible changes in `changes/`,
`orbit/changes/` or `ee/fleetd-chrome/changes`.
See [Changes
files](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/Committing-Changes.md#changes-files)
for more information.
- [x] Added/updated automated tests
- [x] A detailed QA plan exists on the associated ticket (if it isn't
there, work with the product group's QA engineer to add it)
- [x] Manual QA for all new/changed functionality
Updated top text area for legibility and to call out what happens to
missing or mispelled settings.
These changes were prompted by
https://github.com/fleetdm/fleet/issues/26450
---------
Co-authored-by: Noah Talerman <47070608+noahtalerman@users.noreply.github.com>
Changes:
- Updated the query-detail, vital-detail, and policy-detail pages to
have a tab for bash commands.
- Updated queries, vitals, and policies to have a bash command that
returns the same results as the SQL query.
