Commit graph

3803 commits

Author SHA1 Message Date
Magnus Jensen
66248c738f
fix windows configuration profile failing to verify if using CDATA escape (#31564)
fixes #29769 

See comment for more context:
https://github.com/fleetdm/fleet/issues/29769#issuecomment-3150798557

# Checklist for submitter

If some of the following don't apply, delete the relevant line.

- [x] Changes file added for user-visible changes in `changes/`,
`orbit/changes/` or `ee/fleetd-chrome/changes`.
See [Changes
files](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/guides/committing-changes.md#changes-files)
for more information.

## Testing

- [x] Added/updated automated tests
- [x] QA'd all new/changed functionality manually
2025-08-04 17:04:59 +02:00
Victor Lyuboslavsky
a0e9d88e0d
Updated SQL modes in tests to match production. (#31445)
Fixes #31444 

The changes are primarily in tests. The only changes in production code
are a couple validations/checks for invalid values in:
- mysql/apple_mdm.go
- mysql/hosts.go
- mysql/queries.go

# Checklist for submitter

If some of the following don't apply, delete the relevant line.

- [x] Changes file added for user-visible changes in `changes/`,
`orbit/changes/` or `ee/fleetd-chrome/changes`.
See [Changes
files](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/guides/committing-changes.md#changes-files)
for more information.

## Testing

- [x] Added/updated automated tests
- [x] QA'd all new/changed functionality manually

<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->

## Summary by CodeRabbit

* **Bug Fixes**
* Improved handling of timestamp and default values across various
features to prevent database errors and warnings.
* Enhanced validation and data consistency for Apple Business Manager
tokens and MDM profiles.
* Updated test data and logic to comply with stricter database
constraints and realistic scenarios, including date handling and field
lengths.

* **Chores**
* Updated test setups to reflect schema changes, improve data integrity,
and avoid future compatibility issues.
  * Standardized SQL mode and timestamp usage in test environments.
* Refined test data for VPP apps, software installers, and device
enrollments for better reliability.

* **Tests**
* Expanded and updated tests to cover new fields, stricter validation,
and more accurate simulation of real-world conditions.

<!-- end of auto-generated comment: release notes by coderabbit.ai -->
2025-08-03 08:18:13 +02:00
jacobshandling
edf7bec845
UI: Make consistent and update the Install and Uninstall detail modals for VPP and non-VPP apps across the Fleet UI (#31420)
# #30860 

## Summary
* **New Features**
* Introduced dedicated modals for viewing install and uninstall details
for both VPP and non-VPP software, providing clearer and more consistent
information.
* Added support for displaying detailed install information for VPP host
software and improved handling of install status actions.
* Added an Inventory Versions modal to display detailed version history
for installed software on a host.

* **Improvements**
* Standardized and improved the design and behavior of install/uninstall
detail modals across the app.
* Refined callbacks and state management for launching modals from host
and self-service software tables.

* **Bug Fixes**
* Addressed issues with property naming and callback signatures in
install status handling.
* Addressed inconsistencies in displaying software details and status
across different components.

* **Refactor**
* Streamlined component props, callback signatures, and data models for
improved maintainability.
* Updated test cases and interfaces to align with the new modal and
callback structure.
* Removed legacy software details modal and related code, streamlining
the user interface.

* **Style**
* Updated modal and table styles for improved readability and
consistency.


## *Important note: Host software library modals for VPP apps currently
show only installed versions due to [an API bug that is being
addressed](https://github.com/fleetdm/fleet/issues/31459)


## Install details modal in various locations and states :

### Activity feeds (global, host details), non-VPP:

![ezgif-7af8221d19cd91](https://github.com/user-attachments/assets/bb90dcb6-6d99-455b-8e70-0cd905dd7b2d)

### Device user page self-service, non-VPP (with Retry functionality):

![ezgif-7d1b107f56dc16](https://github.com/user-attachments/assets/e4b91bf6-01bf-423e-9542-3ae4d2d17422)

### Host software library, non-VPP:

![ezgif-76c029bd028544](https://github.com/user-attachments/assets/931b6076-87d5-4e77-92ab-86fad323d396)

### Activity feeds (global, host details), VPP apps:

![ezgif-75eb0ebecb1893](https://github.com/user-attachments/assets/084eca68-4cf7-423a-8cb9-b14ea6d4c2d3)

### Device user page self-service, VPP apps (with Retry functionality):

![ezgif-728e4e8c2a595e](https://github.com/user-attachments/assets/969d1d49-b014-49a2-9c64-3c0dd88b05cc)

### Uninstall modal samples - TODO

- [x] Changes file added for user-visible changes in `changes/`

## Testing

- [x] Added/updated automated tests
- [x] QA'd all new/changed functionality manually

---------

Co-authored-by: Jacob Shandling <jacob@fleetdm.com>
Co-authored-by: RachelElysia <rachel@fleetdm.com>
2025-08-01 12:45:09 -07:00
Konstantin Sykulev
2fae481a25
Retain vpp apps last install information after inventoried by osquery (#31520)
fixes #31459

# Checklist for submitter

- [x] Changes file added for user-visible changes in `changes/`,
`orbit/changes/` or `ee/fleetd-chrome/changes`.
See [Changes
files](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/guides/committing-changes.md#changes-files)
for more information.

## Testing

- [x] Added/updated automated tests
- [x] QA'd all new/changed functionality manually

---------

Co-authored-by: Jahziel Villasana-Espinoza <jahziel@fleetdm.com>
2025-08-01 13:39:51 -05:00
Victor Lyuboslavsky
949a1eeabb
Add sso_server_url configuration for dual URL SSO setups (#31497)
This change allows configuring a separate URL for SSO callbacks, which
is useful when organizations have different URLs for admin access vs
agent/API access.

Fixes #31480 the SSO issue where organizations with dual URL setups were
getting 'Destination does not match requested URL' errors after
upgrading to v4.71.0 with the new SAML library.

Video demo: https://www.youtube.com/watch?v=dFzNpUY3XKI

# Checklist for submitter

If some of the following don't apply, delete the relevant line.

- [x] Changes file added for user-visible changes in `changes/`,
`orbit/changes/` or `ee/fleetd-chrome/changes`.
See [Changes
files](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/guides/committing-changes.md#changes-files)
for more information.

## Testing

- [x] Added/updated automated tests
- [ ] QA'd all new/changed functionality manually

## New Fleet configuration settings

- [x] Verified that the setting is exported via `fleetctl
generate-gitops`
- [x] Verified the setting is documented in a separate PR to [the GitOps
documentation](https://github.com/fleetdm/fleet/blob/main/docs/Configuration/yaml-files.md#L485)
  - Same PR since this is going to be a 4.71.1 patch
- [ ] Verified that the setting is cleared on the server if it is not
supplied in a YAML file (or that it is documented as being optional)
- [x] Verified that any relevant UI is disabled when GitOps mode is
enabled

<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit

## Summary by CodeRabbit

* **New Features**
* Added support for configuring a dedicated SSO URL, allowing
organizations to restrict SSO authentication to a specific URL.
* The new SSO URL option is available in both the UI and API
configuration settings.

* **Documentation**
* Updated configuration and API documentation to include the new SSO URL
option with usage examples.

* **Bug Fixes**
* Resolved authentication issues for organizations using separate URLs
for admin and agent/API access.

* **Tests**
* Added new unit and integration tests to verify SSO behavior with and
without the dedicated SSO URL.
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
2025-08-01 20:32:15 +02:00
Juan Fernandez
6d45bc8c4f
Ability to set TPM PIN protector policy on host. (#31484)
For #31193.

Added a new detail query used for determining whether the user is able to set up a TPM PIN protector, if not able, an MDM command is queued up to apply the proper policy on the host.
2025-08-01 13:32:19 -04:00
Konstantin Sykulev
828504d038
Automatic install policies in ListHostSoftware (#31469)
Fixes #30197
# Checklist for submitter

- [x] Changes file added for user-visible changes in `changes/`,
`orbit/changes/` or `ee/fleetd-chrome/changes`.
See [Changes
files](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/guides/committing-changes.md#changes-files)
for more information.

## Testing

- [x] Added/updated automated tests
- [x] QA'd all new/changed functionality manually
2025-08-01 10:22:14 -05:00
Gabriel Hernandez
05d6cbc3c8
change button styles for turn on mdm info banner (#31374)
fixes #29410 

quick update to the turn on mdm button in the info banner.

- [x] Changes file added for user-visible changes in `changes/`,
`orbit/changes/` or `ee/fleetd-chrome/changes`.
- [x] QA'd all new/changed functionality manually
2025-08-01 15:36:03 +01:00
Magnus Jensen
c7c87fce4f
Enforce FileVault at login when manually enrolled (#31170)
Done by not allowing any deferrals as before one deferral was allowed

fixes: #29250 

_There is no doc change as we nowhere state that we allow one deferral,
let me know if we want to write somewhere that this is now the standard
behaviour._

_I also investigated trying to force it directly when the profile
arrived but without any luck, so still need a logout/login to get
filevault enabled, but it's no longer possible to cancel/defer it._

**Do verify when testing in automatic enrollment that FileVault is still
enforced as I can't test Automatic enrollment yet.**

# Checklist for submitter

If some of the following don't apply, delete the relevant line.

<!-- Note that API documentation changes are now addressed by the
product design team. -->

- [x] Changes file added for user-visible changes in `changes/`,
`orbit/changes/` or `ee/fleetd-chrome/changes`.
See [Changes
files](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/guides/committing-changes.md#changes-files)
for more information.
- [x] If database migrations are included, checked table schema to
confirm autoupdate **not relevant as it does not update any schema just
modifies existing entries.**
- For database migrations:
- [x] Checked schema for all modified table for columns that will
auto-update timestamps during migration.
- [x] Confirmed that updating the timestamps is acceptable, and will not
cause unwanted side effects.
- [x] Ensured the correct collation is explicitly set for character
columns (`COLLATE utf8mb4_unicode_ci`).
- [x] Added/updated automated tests
- [x] Manual QA for all new/changed functionality
2025-08-01 15:15:11 +02:00
Victor Lyuboslavsky
9ef1772771
Fixed issue ingesting certs with long country codes. (#31443)
Fixes #30390 

# Checklist for submitter

If some of the following don't apply, delete the relevant line.

- [x] Changes file added for user-visible changes in `changes/`,
`orbit/changes/` or `ee/fleetd-chrome/changes`.
See [Changes
files](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/guides/committing-changes.md#changes-files)
for more information.

## Testing

- [x] Added/updated automated tests
- [x] QA'd all new/changed functionality manually

## Database migrations

- [x] Checked table schema to confirm autoupdate

<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->

## Summary by CodeRabbit

* **New Features**
* Expanded support for certificate country codes up to 32 characters,
allowing non-standard country code values.
* **Bug Fixes**
* Improved certificate ingestion to handle and log fields that exceed
maximum allowed lengths instead of causing failures.
* **Tests**
* Added tests to verify handling of long country codes and truncation of
overly long certificate fields.
* **Chores**
* Updated database schema to increase the allowed length for country
code fields in certificates.

<!-- end of auto-generated comment: release notes by coderabbit.ai -->
2025-07-31 23:06:36 +02:00
Magnus Jensen
57566301e1
Wait for expected profiles to be sent before releasing device (#31381)
This PR addresses the concern of potentially being able to release a
device before any profile is sent, and the check thinking there is no
pending. It addresses both the release worker, but also the orbit setup
experience endpoint, even though that is less likely.

_Checked the query against my host on dogfood where it took 0.1 seconds,
with the single host._

fixes: #31143 

_I also ended up putting my main test in a new file
`integration_mdm_release_worker_test.go` and decided not to do fancy
setup, as there is only one test so no recurring things, and based on
our retro talk also moved the setup experience related tests inside of
`integration_mdm_dep_test.go` into their separate file
`integration_mdm_setup_experience_test.go`_

# Checklist for submitter

If some of the following don't apply, delete the relevant line.

- [x] Changes file added for user-visible changes in `changes/`,
`orbit/changes/` or `ee/fleetd-chrome/changes`.
See [Changes
files](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/guides/committing-changes.md#changes-files)
for more information.

- [x] Input data is properly validated, `SELECT *` is avoided, SQL
injection is prevented (using placeholders for values in statements)

## Testing

- [x] Added/updated automated tests

- [ ] QA'd all new/changed functionality manually (No, since this one is
hard to reproduce, but instead wrote an integration test before doing
the change to verify the behaviour.)
2025-07-31 17:50:57 +02:00
Gabriel Hernandez
24e7934646
dont show os updates page for users who are not global admin or the team admin (#31410)
fixes #25367 

this doesnt show the os updates page for users who are not global admins
or the current team admin. we also redirect users to the os settings
page if they try to navigate to the os updates page and dont have
permission

- [x] Changes file added for user-visible changes in `changes/`,
`orbit/changes/` or `ee/fleetd-chrome/changes`.
- [x] QA'd all new/changed functionality manually
2025-07-31 12:04:06 +01:00
Konstantin Sykulev
68c3ade0b2
Removed fleet secret validation during gitops dry runs (#31402)
Fixes #30853

Install and uninstall scripts that contain fleet secrets do not need to
be validated in the `batchSetSoftwareInstallersEndpoint` during gitops
dry runs. These secrets are already validated on the gitops side.

# Checklist for submitter

If some of the following don't apply, delete the relevant line.

- [x] Changes file added for user-visible changes in `changes/`,
`orbit/changes/` or `ee/fleetd-chrome/changes`.
See [Changes
files](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/guides/committing-changes.md#changes-files)
for more information.

## Testing

- [x] Added/updated automated tests
- [x] QA'd all new/changed functionality manually
2025-07-30 13:12:39 -05:00
Jordan Montgomery
f048df9d60
Add MS-MDE2 Request/Enrollment version 7.0 to allowlist to fix Windows enrollments (#31412)
Fixes #31232

The Microsoft documentation does not directly address
RequestVersion/EnrollmentVersion 7.0 in the allowed versions lists but
grepping the MS-MDE2 protocol docs for EnrollmentVersion finds a few
references related to Federated Authentication and this specifically
seems to be a changeset introduced for AzureAD/Intune related features
and does not impact how we do enrollments, as best I can tell.

# Checklist for submitter

If some of the following don't apply, delete the relevant line.

- [x] Changes file added for user-visible changes in `changes/`,
`orbit/changes/` or `ee/fleetd-chrome/changes`.
See [Changes
files](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/guides/committing-changes.md#changes-files)
for more information.

- [x] Input data is properly validated, `SELECT *` is avoided, SQL
injection is prevented (using placeholders for values in statements)

## Testing

- [x] Added/updated automated tests
- [x] Where appropriate, [automated tests simulate multiple hosts and
test for host
isolation](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/reference/patterns-backend.md#unit-testing)
(updates to one hosts's records do not affect another)

- [x] QA'd all new/changed functionality manually
2025-07-30 11:53:27 -04:00
Victor Lyuboslavsky
34c45b256f
Host identity cert renewal (#31372)
For #30476

Contributor doc updates: https://github.com/fleetdm/fleet/pull/31371

# Checklist for submitter

If some of the following don't apply, delete the relevant line.

- [x] Changes file added for user-visible changes in `changes/`,
`orbit/changes/` or `ee/fleetd-chrome/changes`.
See [Changes
files](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/guides/committing-changes.md#changes-files)
for more information.

## Testing

- [x] Added/updated automated tests
- [x] Where appropriate, [automated tests simulate multiple hosts and
test for host
isolation](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/reference/patterns-backend.md#unit-testing)
(updates to one hosts's records do not affect another)

- [x] QA'd all new/changed functionality manually

## fleetd/orbit/Fleet Desktop

- [x] Verified compatibility with the latest released version of Fleet
(see [Must
rule](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/workflows/fleetd-development-and-release-strategy.md))
- [x] If the change applies to only one platform, confirmed that
`runtime.GOOS` is used as needed to isolate changes
- [x] Verified that fleetd runs on macOS, Linux and Windows
- [x] Verified auto-update works from the released version of component
to the new version (see [tools/tuf/test](../tools/tuf/test/README.md))


<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->

## Summary by CodeRabbit

* **New Features**
* Automated certificate renewal is now supported, including
proof-of-possession for enhanced security.
* Certificate renewal can be triggered when the existing certificate is
within 180 days of expiration.
* Dynamic configuration of certificate validity period via environment
variable.
  * Improved TPM hardware integration for certificate management.

* **Bug Fixes**
* Enhanced error handling and logging for TPM device closure and
certificate operations.

* **Tests**
* Extended integration tests to cover certificate renewal flows, host
deletion, and TPM-based scenarios for improved reliability.

<!-- end of auto-generated comment: release notes by coderabbit.ai -->
2025-07-30 16:46:36 +02:00
Victor Lyuboslavsky
761169afb4
Move 31286 changes file. (#31327)
Moved #31286 changes since this is a packaging change (part of
fleet/fleetctl release) and not part of orbit release.
2025-07-30 07:24:43 +02:00
Juan Fernandez
eac86a1224
Added new orbit config flag. (#31332)
For #31065 

Added new orbit config flag 'EnableBitLockerPINProtectorConfig' set iff Disk encryption is enforced and the RequireBitLockerPIN server config flag is set.
2025-07-29 19:22:36 -04:00
Ian Littman
89ca35c66b
Switch vulns cron false positive clear to clear vulns based on when the vulns run started, rather than based on periodicity (#31364)
Fixes #26404.

This means that for long vulns runs vulns will stick around longer, so
we don't wind up nuking vulns that were added earlier in the run, and in
cases where the vulns run takes less than 2h we'll see vulns clear
cleanly more quickly.

# Checklist for submitter

If some of the following don't apply, delete the relevant line.

- [x] Changes file added for user-visible changes in `changes/`,
`orbit/changes/` or `ee/fleetd-chrome/changes`.
See [Changes
files](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/guides/committing-changes.md#changes-files)
for more information.

- [x] Input data is properly validated, `SELECT *` is avoided, SQL
injection is prevented (using placeholders for values in statements)

## Testing

- [x] Added/updated automated tests

- [ ] QA'd all new/changed functionality manually

---------

Co-authored-by: Jahziel Villasana-Espinoza <jahziel@fleetdm.com>
2025-07-29 10:14:14 -05:00
Dan Fuhry
60b3b514c2
[fleetctl] api command: support request body, including file uploads (#30806)
Add the capability to build a request body with `fleetctl api`,
including uploading files.

Example command to upload a software package:

```sh
fleetctl api --debug -X POST -F team_id=0 -F 'software=@./server/service/testdata/software-installers/ruby.deb' software/package
```

Unit tests are included for both simple POST requests and file uploads.

Closes #21754.

# Checklist for submitter

If some of the following don't apply, delete the relevant line.

<!-- Note that API documentation changes are now addressed by the
product design team. -->

- [x] Changes file added for user-visible changes in `changes/`,
`orbit/changes/` or `ee/fleetd-chrome/changes`.
See [Changes
files](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/guides/committing-changes.md#changes-files)
for more information.
- [x] Added/updated automated tests
- [x] Manual QA for all new/changed functionality
2025-07-29 08:15:23 -05:00
Ian Littman
a24500c937
Skip software installers for which we can't, or don't need to, parse package IDs/create uninstall scripts (#31347)
Fixes #30565. Applies to FMA-only extensions (DMG, ZIP), EXEs, and
tarballs. This means that MSI/PKG FMAs will still have package IDs
populated a day after server start if they aren't filled in, on the off
chance that admins use $PACKAGE_ID on uninstall scripts on either of
those, replicating existing behavior.

# Checklist for submitter

If some of the following don't apply, delete the relevant line.

- [x] Changes file added for user-visible changes in `changes/`,
`orbit/changes/` or `ee/fleetd-chrome/changes`.
See [Changes
files](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/guides/committing-changes.md#changes-files)
for more information.

- [x] Input data is properly validated, `SELECT *` is avoided, SQL
injection is prevented (using placeholders for values in statements)

## Testing

- [x] Added/updated automated tests

- [x] QA'd all new/changed functionality manually
2025-07-28 13:58:19 -05:00
RachelElysia
80b4c34a52
Fleet UI: Remove unintended broken sort on type column (#31264) 2025-07-28 09:08:34 -04:00
Scott Gress
02c5026436
Allow ESCAPE in LIKE clauses to be valid SQL (#31222)
for #30109

# Details

This PR fixes an issue in our current SQL parsing library that was
causing queries like this to be marked invalid:

```
SELECT * FROM table_name WHERE column_name LIKE '\_%' ESCAPE '\'
```

This is valid in SQLite because the `\` is not considered an escape
character by default. From [the SQLite
docs](https://www.sqlite.org/lang_expr.html) (see section 3 "Literal
Values (Constants)"; emphasis mine):

> A string constant is formed by enclosing the string in single quotes
('). A single quote within the string can be encoded by putting two
single quotes in a row - as in Pascal. C-style escapes using the
backslash character are not supported because they are not standard SQL.

# Use of forked code

Part of the fix for this was [submitted as a PR to the node-sql-parser
library](https://github.com/taozhi8833998/node-sql-parser/pull/2496) we
now use, and merged. I then found that another fix was needed, which I
submitted as [a separate
PR](https://github.com/taozhi8833998/node-sql-parser/pull/2512). As
these fixes have yet to be made part of an official release of the
library, I made a fork off of the release we were using (5.3.10) and
bundled the necessary build artifacts with Fleet. We have an [ADR
proposing the use of submodules for this
purpose](https://github.com/fleetdm/fleet/pull/31079); I'm happy to
implement that instead if we approve that, although for a front-end
module with a build step it's a bit more complicated. Hopefully this
code will be released in `node-sql-parser` soon and we can revert back
to using the dependency.

Here is the [full set of
changes](https://github.com/taozhi8833998/node-sql-parser/compare/master...sgress454:node-sql-parser:5.3.10-plus).

# Checklist for submitter

- [X] Changes file added for user-visible changes in `changes/`,
`orbit/changes/` or `ee/fleetd-chrome/changes`.
See [Changes
files](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/guides/committing-changes.md#changes-files)
for more information.
- [X] Manual QA for all new/changed functionality
2025-07-25 10:13:55 -05:00
Ian Littman
bed1c6a318
Add software sanitation on ingest back, use it to fix DCV Viewer versions (#31251)
We'll want to pull this into a feed so fixes don't take a Fleet release
to propagate, and some fixes currently in the vulns mutations list
should probably move over here (as they're also dealing with non-semver
versions), but that's out of scope for this particular fix.

Fixes #31123.

# Checklist for submitter

If some of the following don't apply, delete the relevant line.

<!-- Note that API documentation changes are now addressed by the
product design team. -->

- [x] Changes file added for user-visible changes in `changes/`,
`orbit/changes/` or `ee/fleetd-chrome/changes`.
See [Changes
files](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/guides/committing-changes.md#changes-files)
for more information.
- [x] Input data is properly validated, `SELECT *` is avoided, SQL
injection is prevented (using placeholders for values in statements)
- [x] Added/updated automated tests
- [x] Manual QA for all new/changed functionality
2025-07-25 08:45:39 -05:00
RachelElysia
ef712b7ba6
Fleet UI: Add update details modal (#31250) 2025-07-25 09:28:25 -04:00
Ian Littman
71d54e1847
Populate version for macOS Chrome FMA on import, use Chrome Enterprise PKG instead of DMG, add tooltip on "latest" version when adding FMA (#30926)
Fixes #27919.

Here's how the `latest` version shows up in the UI:

<img width="513" height="288" alt="image"
src="https://github.com/user-attachments/assets/76842d1c-36f6-400c-8621-8d067ee410c6"
/>

<img width="785" height="318" alt="image"
src="https://github.com/user-attachments/assets/7077644e-7a0e-4fa4-87ce-56f54db41eb2"
/>

# Checklist for submitter

If some of the following don't apply, delete the relevant line.

<!-- Note that API documentation changes are now addressed by the
product design team. -->

- [x] Changes file added for user-visible changes in `changes/`,
`orbit/changes/` or `ee/fleetd-chrome/changes`.
See [Changes
files](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/guides/committing-changes.md#changes-files)
for more information.
- [x] Input data is properly validated, `SELECT *` is avoided, SQL
injection is prevented (using placeholders for values in statements)
- [x] Added/updated automated tests
- [x] Manual QA for all new/changed functionality

---------

Co-authored-by: Konstantin Sykulev <konst@sykulev.com>
2025-07-24 16:14:01 -05:00
Dante Catalfamo
cbc7c29dff
Better gitops unmarshal type errors (#30647)
#21973
2025-07-24 13:49:17 -04:00
Luke Heath
99a0217db6
Adding changes for Fleet v4.71.0 (#30599) (#31198) 2025-07-23 16:04:33 -06:00
Scott Gress
ed7dd59e39
Prevent double banner on host details page (#31001)
for #29451 

# Details

This PR does a slight refactor of the MainContent, HostDetailsBanners
and HostDetailsPage components to prevent host-details-specific banner
from being shown on the Host Details page if any app-wide banners are
being displayed.

It does this by allowing the child of a `<MainContent>` node to be a
function which takes a parameter indicating whether app-wide banners are
present. The HostDetailsPage uses this new functionality to suppress
host details banners when that's the case. The HostDetailsBanners
component is updated to remove logic that previously attempted to detect
app-wide banners, using similar logic to what MainContent does to decide
whether to show banners. Instead of repeating this logic in two places,
HostDetailsBanners now just renders banners.

# Checklist for submitter

- [X] Changes file added for user-visible changes in `changes/`,
`orbit/changes/` or `ee/fleetd-chrome/changes`.
See [Changes
files](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/guides/committing-changes.md#changes-files)
for more information.
- [X] Manual QA for all new/changed functionality

I tested this by temporarily forcing an app-wide banner (by setting
[this
code](52cd0588b6/frontend/components/MainContent/MainContent.tsx (L61))
to `if (true)`), then similarly doing the same for host banners by
changing [this
code](89cdf9f61a/frontend/pages/hosts/details/HostDetailsPage/components/HostDetailsBanners/HostDetailsBanners.tsx (L79-L85))
to always run.

On the main branch, this shows two banners:
<img width="1142" height="186" alt="image"
src="https://github.com/user-attachments/assets/30645470-d1db-476d-bb76-2b48fedcc75a"
/>

On this branch, only the app-wide banner is shown.

Note that this was _only_ happening in the case of the disk encryption
banner, since there was logic in place in HostDetailsBanners to prevent
showing host banners if an app-wide banner was present. That logic was
just missing from the disk encryption case, and we'd have to continue to
keep that logic in sync with the login in MainContent any time we added
a new host banner. This refactor DRYs out the code a bit so we don't
have that concern going forward.
2025-07-23 14:38:11 -05:00
Lucas Manuel Rodriguez
4263489456
Rename flags and types for TPM work (#31176)
Victor suggested the following renames on previous PRs:

- Consider updating TEE terminology to SecureHW or TPM.
-
https://fleetdm.slack.com/archives/C084F4MKYSJ/p1752834365688019?thread_ts=1752600813.175889&cid=C084F4MKYSJ
2025-07-23 14:30:44 -03:00
Allen Houchins
10d9bccfc1
Add waits + norestart to MSI uninstall scripts (#31078)
Closes #31077.

- Added logic to wait for the uninstall command to finish running before
exiting the script.
- Also added the `/norestart` flag so users who click uninstall in
self-service aren't at risk of a sudden and unintentional reboot as the
result of software uninstalling.


# Checklist for submitter

If some of the following don't apply, delete the relevant line.

<!-- Note that API documentation changes are now addressed by the
product design team. -->

- [x] Changes file added for user-visible changes in `changes/`,
`orbit/changes/` or `ee/fleetd-chrome/changes`.
See [Changes
files](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/guides/committing-changes.md#changes-files)
for more information.

---------

Co-authored-by: Ian Littman <iansltx@gmail.com>
2025-07-23 09:27:59 -05:00
Gabriel Hernandez
4d0518137e
Add service discovery API endpoint (#31089)
relates to #31057 

adds an endpoint to expose the fleet handled service discovery endpoint.

> NOTE: test will be done in a follow up PR

- [x] Changes file added for user-visible changes in `changes/`,
`orbit/changes/` or `ee/fleetd-chrome/changes`.
See [Changes
files](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/guides/committing-changes.md#changes-files)
for more information.
2025-07-23 12:11:32 +01:00
Magnus Jensen
6147a12ece
Fix stale pending remove apple declarations if host was offline for add and remove declaration (#30981)
Fixes: #29824 

This PR fixes a situtation where Apple Declarations could be lingering
around for hosts, if they were offline when the decl. was added and
removed, and no further declaration config is pushed to force a status
update.

It tackles it by deleting the pending and failed installs from the
table, before setting the remaining (verified and verifying) to be
remove operation, as those have hit the host.

I couldn't come up with a way that would auto-fix the hosts we see in
dogfood, as those have the same declaration identifier and token for
both an install row and pending remove row. Those needs to manually be
adjusted and then it should be good.

# Checklist for submitter

If some of the following don't apply, delete the relevant line.

<!-- Note that API documentation changes are now addressed by the
product design team. -->

- [x] Changes file added for user-visible changes in `changes/`,
`orbit/changes/` or `ee/fleetd-chrome/changes`.
See [Changes
files](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/guides/committing-changes.md#changes-files)
for more information.
- [x] Input data is properly validated, `SELECT *` is avoided, SQL
injection is prevented (using placeholders for values in statements)
- [x] Added/updated automated tests
- [x] Manual QA for all new/changed functionality
2025-07-22 11:22:04 +02:00
Lucas Manuel Rodriguez
d256bfdc71
Add arm64 support for fleetd extensions and fixes on test scripts (#31084)
This was required to test https://github.com/fleetdm/fleet/pull/30864 on
Apple Silicon.

I've created https://github.com/fleetdm/fleet/issues/31092 for tracking
purposes.

Fixes:
- Build univeral binary extension on macOS to test on VMs without
Rosetta.
- Add support for linux and Windows arm64. Which is also needed to test
Linux and Windows on UTM on Apple Silicon.
- Add Linux arm64 & Windows arm64 to the test scripts.

---

- [X] Changes file added for user-visible changes in `changes/`,
`orbit/changes/` or `ee/fleetd-chrome/changes`.
See [Changes
files](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/guides/committing-changes.md#changes-files)
for more information.
- [X] Added/updated automated tests
- [X] Manual QA for all new/changed functionality
- For Orbit and Fleet Desktop changes:
- [X] Make sure fleetd is compatible with the latest released version of
Fleet (see [Must
rule](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/workflows/fleetd-development-and-release-strategy.md)).
- [x] Orbit runs on macOS, Linux and Windows. Check if the orbit
feature/bugfix should only apply to one platform (`runtime.GOOS`).
- [x] Manual QA must be performed in the three main OSs, macOS, Windows
and Linux.
- [x] Auto-update manual QA, from released version of component to new
version (see [tools/tuf/test](../tools/tuf/test/README.md)).
2025-07-21 15:47:59 -03:00
Gabriel Hernandez
e89881402e
Updates across UI to support personal devices enrolled in MDM (#30830)
For [#30782](https://github.com/fleetdm/fleet/issues/30782)

This contains UI wide updates to support personal devices enrolled into
MDM. This includes:

**host details about card updates**

<img width="536" height="169" alt="image"
src="https://github.com/user-attachments/assets/a6e608e2-28b3-4bcc-ac03-4c45128bae66"
/>

**host details host actions dropdown updates (we will only show transfer
and delete for host
personal devices enrolled into MDM**

<img width="217" height="193" alt="image"
src="https://github.com/user-attachments/assets/7295e91a-7ceb-49f9-8351-5f2f4de7c450"
/>

**dashboard page MDM card updates. We've added a new row for personal
devices enrolled in mdm**

<img width="775" height="448" alt="image"
src="https://github.com/user-attachments/assets/ee819f16-faa4-437f-a6e8-2f6f8e6535dc"
/>

## NOTE

**We've also changed all instances of `On (automatic)` to `On
(company-owned)`. The API still returns `On (automatic)` so this is done
on the client side.**

- [x] Changes file added for user-visible changes in `changes/`,
`orbit/changes/` or `ee/fleetd-chrome/changes`.
- [x] Added/updated automated tests
- [x] Manual QA for all new/changed functionality
2025-07-21 12:07:03 +01:00
Tim Lee
c5f1955ca6
Add FMA icons and icon tool (#30933) 2025-07-18 13:58:45 -06:00
Dante Catalfamo
587e21aef5
Allow manual label with empty host list in gitops (#30756)
#30481
2025-07-18 11:07:19 -04:00
Lucas Manuel Rodriguez
4948325892
fleetd generate TPM key and issue SCEP certificate (#30932)
#30461

This PR contains the changes for the happy path.
On a separate PR we will be adding tests and further fixes for edge
cases.

- [X] Changes file added for user-visible changes in `changes/`,
`orbit/changes/` or `ee/fleetd-chrome/changes`.
See [Changes
files](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/guides/committing-changes.md#changes-files)
for more information.
- [ ] Added/updated automated tests
- [x] Manual QA for all new/changed functionality
- For Orbit and Fleet Desktop changes:
- [ ] Make sure fleetd is compatible with the latest released version of
Fleet (see [Must
rule](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/workflows/fleetd-development-and-release-strategy.md)).
- [ ] Orbit runs on macOS, Linux and Windows. Check if the orbit
feature/bugfix should only apply to one platform (`runtime.GOOS`).
- [ ] Manual QA must be performed in the three main OSs, macOS, Windows
and Linux.
- [ ] Auto-update manual QA, from released version of component to new
version (see [tools/tuf/test](../tools/tuf/test/README.md)).

<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit

* **New Features**
* Added support for using a TPM-backed key and SCEP-issued certificate
to sign HTTP requests, enhancing security through hardware-based key
management.
* Introduced new CLI and environment flags to enable TPM-backed client
certificates for Linux packages and Orbit.
* Added a local HTTPS proxy that automatically signs requests using the
TPM-backed key.

* **Bug Fixes**
* Improved cleanup and restart behavior when authentication fails with a
host identity certificate.

* **Tests**
* Added comprehensive tests for SCEP client functionality and TPM
integration.

* **Chores**
* Updated scripts and documentation to support TPM-backed client
certificate packaging and configuration.
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
2025-07-18 11:31:52 -03:00
Magnus Jensen
163800cc71
Remove additional / from MDM EULA urls (#30985)
Fixes: #30359 

# Checklist for submitter

If some of the following don't apply, delete the relevant line.

<!-- Note that API documentation changes are now addressed by the
product design team. -->

- [x] Changes file added for user-visible changes in `changes/`,
`orbit/changes/` or `ee/fleetd-chrome/changes`.
See [Changes
files](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/guides/committing-changes.md#changes-files)
for more information.
- [x] Manual QA for all new/changed functionality (@ghernandez345
verified the EULA after automatic enrolment SSO still worked)
2025-07-18 13:30:32 +01:00
jacobshandling
7ff7d70d09
Allow users of Fleet in Primo mode to access Software automations and Failing policy ticket & webhook automations (#30865)
## For #30749, #31013

This PR implements changes to the UI and back end to accommodate
Software automations and Failing policy Ticket and Webhook automations
when Fleet is in Primo mode. Follow-up to
https://github.com/fleetdm/fleet/pull/30291

### Software automations
- When on the `/software` page and in Primo mode, the UI is, under the
hood, on "No team," though any reference to "team"s is hidden as much as
possible. In "normal" Fleet, Software automations can only be accessed
when on "All teams." This PR implements a special case in Primo mode:
when on No team and Primo mode is enabled, the user can now access the
"Software automations" modal to configure automation settings, which are
global.
- Simplified some conditions
- Moved logic living in the parent Software page that was specific to
the `SoftwareAutomations` modal into the modal for better encapsulation.

### Policy automations
The calendar, software, and scripts failing policy automations are
currently only configurable on a team (including No team) and not for
All teams. Ticket and webhook automations, accessible via the "Other
workflows" modal, by contrast, are only configurable for All teams and
teams other than No team, but not for No team. This PR updates the
Policies page, when in Primo mode (and therefore forced to be on "No
team") to:
- Continue providing "No team" data to the first 3 mentioned policy
automations modals.
- Include an enabled Other workflows option in the automations dropdown
- Update the submission handler of the Other workflows modal to update
the relevant _global_ config values
- The backend is updated to recognize this case (Failing policy webhook
/ ticket destination, policy on No team, in Primo mode) and handle it
using the global config, making the above logic sound

_Product should consider if any of these changes should be implemented
for "normal" Fleet_

### Listing and deleting policies

- Primo mode presents a pseudo-team-less UX. However, it is still
possible for earlier clients to have policies on "All teams." This
implements the ability to both see and delete "teamless" (No team under
the hood) policies and any such inherited global policies

### Other UI considerations
- Remove teams-related functionality in a couple more places - see
#31013

### Demos

- [Deleting policies, including any potentially inherited from All teams
(possible from before Primo
mode)](https://drive.google.com/file/d/1ZI4MNM3bkiOtD5MInAU32htQw8kDEupK/view?usp=drive_link)

- [x] Changes file added for user-visible changes in `changes/
- [x] Added/updated automated tests
- [x] Manual QA for all new/changed functionality

---------

Co-authored-by: Jacob Shandling <jacob@fleetdm.com>
2025-07-17 15:53:31 -07:00
Ian Littman
ab958704f7
Fix insufficient deduplication on vulnerabilities count query (#31021)
Fixes #27580.

# Checklist for submitter

If some of the following don't apply, delete the relevant line.

<!-- Note that API documentation changes are now addressed by the
product design team. -->

- [x] Changes file added for user-visible changes in `changes/`,
`orbit/changes/` or `ee/fleetd-chrome/changes`.
See [Changes
files](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/guides/committing-changes.md#changes-files)
for more information.
- [x] Input data is properly validated, `SELECT *` is avoided, SQL
injection is prevented (using placeholders for values in statements)
- [x] Added/updated automated tests
- [x] Manual QA for all new/changed functionality
2025-07-17 17:40:21 -05:00
Sarah Gillespie
ce02856f85
Potential datastore optimizations for concurrent use of list mdm command API to poll results by host identifier (#30804) 2025-07-17 15:25:31 -05:00
Jahziel Villasana-Espinoza
3324157511
Use upgrade code if available to improve accuracy of auto-install policy (#30977)
> Closes #27447

# Checklist for submitter

If some of the following don't apply, delete the relevant line.

<!-- Note that API documentation changes are now addressed by the
product design team. -->

- [x] Changes file added for user-visible changes in `changes/`,
`orbit/changes/` or `ee/fleetd-chrome/changes`.
See [Changes
files](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/guides/committing-changes.md#changes-files)
for more information.
- [x] Added/updated automated tests
- [x] Manual QA for all new/changed functionality

---------

Co-authored-by: Ian Littman <iansltx@gmail.com>
2025-07-17 12:18:06 -04:00
Ian Littman
c6ab9939b5
Extract UpgradeCode from MSI custom packages, use for better uninstall script generation (#30969)
Fixes #27758.

<img width="807" height="303" alt="image"
src="https://github.com/user-attachments/assets/58e5b9bc-42d6-4195-868e-bf6206ec9cd5"
/>

# Checklist for submitter

If some of the following don't apply, delete the relevant line.

<!-- Note that API documentation changes are now addressed by the
product design team. -->

- [x] Changes file added for user-visible changes in `changes/`,
`orbit/changes/` or `ee/fleetd-chrome/changes`.
See [Changes
files](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/guides/committing-changes.md#changes-files)
for more information.
- [x] Input data is properly validated, `SELECT *` is avoided, SQL
injection is prevented (using placeholders for values in statements)
- [x] If database migrations are included, checked table schema to
confirm autoupdate
- For database migrations:
- [x] Checked schema for all modified table for columns that will
auto-update timestamps during migration.
- [x] Confirmed that updating the timestamps is acceptable, and will not
cause unwanted side effects.
- [x] Ensured the correct collation is explicitly set for character
columns (`COLLATE utf8mb4_unicode_ci`).
- [x] Added/updated automated tests
- [x] Manual QA for all new/changed functionality
2025-07-17 10:33:23 -05:00
Juan Fernandez
fdfef5adf1
30311: Fix race condition in test (#30903)
For #30311 

Refactored `AddHostsToTeam` so that batch size can be specified via a
parameter and not a global variable.
2025-07-17 10:20:49 -04:00
Konstantin Sykulev
97120876cd
Sort package ids to ensure consistent uninstall script generation (#30968)
Fixes #29286

- [x] Changes file added for user-visible changes in `changes/`,
`orbit/changes/` or `ee/fleetd-chrome/changes`.
See [Changes
files](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/guides/committing-changes.md#changes-files)
for more information.
- [x] Added/updated automated tests
- [x] Manual QA for all new/changed functionality
2025-07-16 20:44:30 -05:00
Juan Fernandez
049e28ca02
For 29994: Use comshim for proper COM initialization (#30920)
For #29994 

The `mdm_bridge` Orbit table was not using comshim for initializing the multi-threaded COM apartment which was causing panics.
2025-07-16 14:40:28 -04:00
Victor Lyuboslavsky
836cc044d2
Fleet server verifies HTTP signature (#30825)
Fixes #30473 

# Checklist for submitter

- [x] Changes file added for user-visible changes in `changes/`,
`orbit/changes/` or `ee/fleetd-chrome/changes`.
- [x] Added/updated automated tests
- [ ] Manual QA for all new/changed functionality

<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit

* **New Features**
* Added support for TPM-backed host identity certificates enabling
hardware-backed HTTP signature authentication for hosts.
* Introduced HTTP signature verification middleware for API requests,
applied conditionally for premium licenses.
* Hosts presenting identity certificates must authenticate with matching
HTTP message signatures during enrollment and authentication.
* Added SCEP-based certificate issuance for secure host identity
management.
* Updated enrollment endpoints to use standardized request/response
contract types.

* **Bug Fixes**
* Enhanced authentication logic to verify consistency between host
identity certificates and host records, preventing duplicate or
mismatched identities.

* **Chores**
* Updated dependencies and test infrastructure to support HTTP signature
verification and host identity certificate workflows.
* Added comprehensive integration and datastore tests for host identity
certificate issuance, storage, and authentication.
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
2025-07-16 20:08:27 +02:00
Magnus Jensen
dcd751d66e
Fix declaration status conditions not following profile status conditions (#30911)
Profile status respect remove operation for pending and failed status,
where the declarations did not, meaning the host would show up with a
wrong status if only a declaration was pending or failed removal.

This was also affecting the `os_setting` api filter option for list
hosts (maybe elsewhere), which is also fixed by this change.

A part of #29824
2025-07-16 18:03:16 +02:00
Ian Littman
694f67a26c
Filter out DEB/RPM installers in ListHostSoftware when they're incompatible with the target host's distro (#30852)
Fixes #29849.

- [x] Changes file added for user-visible changes in `changes/`,
`orbit/changes/` or `ee/fleetd-chrome/changes`.
See [Changes
files](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/guides/committing-changes.md#changes-files)
for more information.
- [x] Input data is properly validated, `SELECT *` is avoided, SQL
injection is prevented (using placeholders for values in statements)
- [x] Added/updated automated tests
- [x] Manual QA for all new/changed functionality
2025-07-15 15:41:42 -05:00
Magnus Jensen
c007c6e665
Fix host certificate parsing with embedded slash (#30827)
Fixes: #28996 - Verified by installing the [failing
certificate](https://ssl-tools.net/subjects/b0e31e6fe1b4e58b38cd4664dd9184b2eead11f6)
on a local host, and then seeing the certificate appear in Fleet host
details.
2025-07-15 21:24:15 +02:00
Ian Littman
4c6699ab27
Revise OS vuln query to avoid duplicate entries (#30812)
Fixes #27061.

# Checklist for submitter

If some of the following don't apply, delete the relevant line.

<!-- Note that API documentation changes are now addressed by the
product design team. -->

- [x] Changes file added for user-visible changes in `changes/`,
`orbit/changes/` or `ee/fleetd-chrome/changes`.
See [Changes
files](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/guides/committing-changes.md#changes-files)
for more information.
- [x] Input data is properly validated, `SELECT *` is avoided, SQL
injection is prevented (using placeholders for values in statements)
- [x] Added/updated automated tests
- [x] Manual QA for all new/changed functionality
2025-07-15 14:03:25 -05:00
Jordan Montgomery
7c2c6736cc
Managed Apple account user enrollment - integrate PoC changes (#30755)
Fixes 30636

I am adding a handful of additional unit tests but this is ready for
review now. Integrates changes from Victor's PoC for Account Driven User
Enrollment including a nice end to end integration test including the
SAML portion

# Checklist for submitter

If some of the following don't apply, delete the relevant line.

<!-- Note that API documentation changes are now addressed by the
product design team. -->

- [x] Changes file added for user-visible changes in `changes/`,
`orbit/changes/` or `ee/fleetd-chrome/changes`.
See [Changes
files](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/guides/committing-changes.md#changes-files)
for more information.
- [x] Input data is properly validated, `SELECT *` is avoided, SQL
injection is prevented (using placeholders for values in statements)
- [x] Added/updated automated tests
- [x] Manual QA for all new/changed functionality
2025-07-15 15:02:11 -04:00
Ian Littman
84be9d0f95
Fix handling of software policy automations when a hash is specified inside a software file (#30814)
Fixes #30435.

# Checklist for submitter

If some of the following don't apply, delete the relevant line.

<!-- Note that API documentation changes are now addressed by the
product design team. -->

- [x] Changes file added for user-visible changes in `changes/`,
`orbit/changes/` or `ee/fleetd-chrome/changes`.
See [Changes
files](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/guides/committing-changes.md#changes-files)
for more information.
- [x] Input data is properly validated, `SELECT *` is avoided, SQL
injection is prevented (using placeholders for values in statements)
- [x] Added/updated automated tests
- [x] Manual QA for all new/changed functionality
2025-07-15 13:24:24 -05:00
jacobshandling
555ae5441e
Update Go to 1.24.5 (#30770)
## #30730 
- Update Go version
- Update the docs for this process
- Confirmed `fleet`, `fleetctl`, and related docker images build
successfully
- Note that failing tests are unrelated: see [Slack
thread](https://fleetdm.slack.com/archives/C019WG4GH0A/p1752175318523689)

---------

Co-authored-by: Jacob Shandling <jacob@fleetdm.com>
2025-07-15 10:59:17 -07:00
Ian Littman
2a94c1da8c
Add changes file for #30797 (#30798) 2025-07-11 14:41:00 -05:00
Konstantin Sykulev
6957f84f28
Manual labels no longer factor in created_at time for exclusions (#30745)
Fixes https://github.com/fleetdm/fleet/issues/29315

- [x] Changes file added for user-visible changes in `changes/`,
`orbit/changes/` or `ee/fleetd-chrome/changes`.
See [Changes
files](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/guides/committing-changes.md#changes-files)
for more information.
- [x] Input data is properly validated, `SELECT *` is avoided, SQL
injection is prevented (using placeholders for values in statements)
- [x] Added/updated automated tests
- [x] Manual QA for all new/changed functionality

<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->

## Summary by CodeRabbit

* **Bug Fixes**
* The "created_at" label no longer affects manual label scoping for
software packages, ensuring more accurate filtering.
* Device authentication tokens are now validated solely by their value,
not by their expiration time.

* **Tests**
* Added new tests to verify label scoping logic, ensuring correct
handling of dynamic and manual labels based on timestamps.

<!-- end of auto-generated comment: release notes by coderabbit.ai -->
2025-07-11 12:18:34 -05:00
Jahziel Villasana-Espinoza
c2ab39c9f9
fix issue with CVE showing wrong date (#30768)
> Closes #26618

# Checklist for submitter

If some of the following don't apply, delete the relevant line.

<!-- Note that API documentation changes are now addressed by the
product design team. -->

- [x] Changes file added for user-visible changes in `changes/`,
`orbit/changes/` or `ee/fleetd-chrome/changes`.
See [Changes
files](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/guides/committing-changes.md#changes-files)
for more information.
- [x] Input data is properly validated, `SELECT *` is avoided, SQL
injection is prevented (using placeholders for values in statements)
- [x] Added/updated automated tests
- [x] Manual QA for all new/changed functionality
2025-07-10 22:38:22 -04:00
Ian Littman
b88c2c3d67
Fix OS vulnerability expiration due to avoiding updating updated_at, while avoiding test flakiness (#30713)
Fixes #29988.

# Checklist for submitter

If some of the following don't apply, delete the relevant line.

<!-- Note that API documentation changes are now addressed by the
product design team. -->

- [x] Changes file added for user-visible changes in `changes/`,
`orbit/changes/` or `ee/fleetd-chrome/changes`.
See [Changes
files](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/guides/committing-changes.md#changes-files)
for more information.
- [x] Input data is properly validated, `SELECT *` is avoided, SQL
injection is prevented (using placeholders for values in statements)
- [x] Added/updated automated tests
- [x] Manual QA for all new/changed functionality
2025-07-10 15:42:26 -05:00
Dante Catalfamo
cf67627653
Set enable_software_inventory to default true in gitops (#30744)
#30157
2025-07-10 16:38:56 -04:00
Dante Catalfamo
39b1a51229
Default to Details tab on device page (#30698)
#30653
2025-07-10 14:57:06 -04:00
George Karr
39e381be96
Adding changes for Fleet v4.70.1 (#30606) (#30733)
Co-authored-by: Dante Catalfamo
<43040593+dantecatalfamo@users.noreply.github.com>

Co-authored-by: Dante Catalfamo <43040593+dantecatalfamo@users.noreply.github.com>
2025-07-10 10:57:37 -05:00
Luke Heath
6c7d103fcd
Adding changes for Fleet v4.70.0 (#30048) (#30729)
Co-authored-by: Lucas Manuel Rodriguez <lucas@fleetdm.com>
Co-authored-by: Gabriel Hernandez <ghernandez345@gmail.com>
Co-authored-by: Ian Littman <iansltx@gmail.com>
Co-authored-by: jacobshandling
<61553566+jacobshandling@users.noreply.github.com>
Co-authored-by: Jacob Shandling <jacob@fleetdm.com>
Co-authored-by: Dante Catalfamo
<43040593+dantecatalfamo@users.noreply.github.com>
Co-authored-by: RachelElysia
<71795832+RachelElysia@users.noreply.github.com>
Co-authored-by: github-actions[bot]
<41898282+github-actions[bot]@users.noreply.github.com>
Co-authored-by: RachelElysia <RachelElysia@users.noreply.github.com>
Co-authored-by: Noah Talerman
<47070608+noahtalerman@users.noreply.github.com>
Co-authored-by: Juan Fernandez <juan-fdz-hawa@users.noreply.github.com>
Co-authored-by: George Karr <georgekarrv@gmail.com>

Co-authored-by: Lucas Manuel Rodriguez <lucas@fleetdm.com>
Co-authored-by: Gabriel Hernandez <ghernandez345@gmail.com>
Co-authored-by: Ian Littman <iansltx@gmail.com>
Co-authored-by: jacobshandling <61553566+jacobshandling@users.noreply.github.com>
Co-authored-by: Jacob Shandling <jacob@fleetdm.com>
Co-authored-by: Dante Catalfamo <43040593+dantecatalfamo@users.noreply.github.com>
Co-authored-by: RachelElysia <71795832+RachelElysia@users.noreply.github.com>
Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
Co-authored-by: RachelElysia <RachelElysia@users.noreply.github.com>
Co-authored-by: Noah Talerman <47070608+noahtalerman@users.noreply.github.com>
Co-authored-by: Juan Fernandez <juan-fdz-hawa@users.noreply.github.com>
Co-authored-by: George Karr <georgekarrv@gmail.com>
2025-07-10 10:31:41 -05:00
Dante Catalfamo
8615dd0c0b
Add missing webhook tooltip URL (#30603)
#29848
2025-07-09 14:37:54 -04:00
Juan Fernandez
78696906fc
28342: Do not report error if host already escrowed (#30652)
For #28342 

Do not report escrow error on a host page if the user clicks multiple
times on the 'Create key' CTA on the 'My Device' page.
2025-07-09 12:47:17 -04:00
Ian Littman
7fb9a94384
Use install path on packageInfo XML if it's a .app before falling back to bundle ID for PKG name extraction (#30669)
Fixes #25587. SubEthaEdit packgeInfo file is a bit bigger, but the only
thing different is the list of package IDs included, and that's not what
was broken/fixed here, so went with an abbreviated version that better
demonstrates what got fixed here.

# Checklist for submitter

If some of the following don't apply, delete the relevant line.

<!-- Note that API documentation changes are now addressed by the
product design team. -->

- [x] Changes file added for user-visible changes in `changes/`,
`orbit/changes/` or `ee/fleetd-chrome/changes`.
See [Changes
files](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/guides/committing-changes.md#changes-files)
for more information.
- [x] Input data is properly validated, `SELECT *` is avoided, SQL
injection is prevented (using placeholders for values in statements)
- [x] Added/updated automated tests
- [x] Manual QA for all new/changed functionality

<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit

* **New Features**
* Improved extraction of application names from uploaded PKG packages by
using the install path as a fallback method.

* **Tests**
* Added a new test case to verify correct name extraction from PKG
packages using the install path.
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
2025-07-09 08:21:10 -05:00
Dante Catalfamo
8a15bdf4fd
Fixed panic caused by missing SSO settings in gitops generate (#30654)
#30621
2025-07-08 16:56:07 -04:00
Dante Catalfamo
ae1c2b9463
Check nullable SSO Settings fields in frontend (#30648)
#30131
2025-07-08 16:14:03 -04:00
Zach Wasserman
11097befb4
Add last used information for Windows software (programs) (#30577)
For #28819
2025-07-08 12:58:25 -07:00
Lucas Manuel Rodriguez
c69d56ed64
Replace home-made SAML implementation with https://github.com/crewjam/saml (#28486)
For https://github.com/fleetdm/confidential/issues/9931.


[Here](ec3e8edbdc/docs/Contributing/Testing-and-local-development.md (L339))'s
how to test SAML locally with SimpleSAML.

- [X] Changes file added for user-visible changes in `changes/`,
`orbit/changes/` or `ee/fleetd-chrome/changes`.
See [Changes
files](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/Committing-Changes.md#changes-files)
for more information.
- [x] Added/updated automated tests
- [x] A detailed QA plan exists on the associated ticket (if it isn't
there, work with the product group's QA engineer to add it)
- [x] Manual QA for all new/changed functionality

<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit

* **New Features**
* Improved SSO and SAML integration with enhanced session management
using secure cookies.
  * Added support for IdP-initiated login flows.
* Introduced new tests covering SSO login flows, metadata handling, and
error scenarios.

* **Bug Fixes**
* Enhanced validation and error handling for invalid or tampered SAML
responses.
  * Fixed session cookie handling during SSO and Apple MDM SSO flows.

* **Refactor**
* Replaced custom SAML implementation with the crewjam/saml library for
improved reliability.
  * Simplified SAML metadata parsing and session store management.
  * Streamlined SSO authorization request and response processing.
  * Removed deprecated fields and redundant code related to SSO.

* **Documentation**
* Updated testing and local development docs with clearer instructions
for SSO and IdP-initiated login.

* **Chores**
  * Upgraded dependencies including crewjam/saml and related packages.
* Cleaned up tests and configuration by removing deprecated fields and
unused imports.
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
2025-07-07 15:13:46 -03:00
Konstantin Sykulev
b643b326ee
Generate SHA from file if FMA sha is no_check (#30558)
fixes: #30325

Related to incorrect behavior introduced at
https://github.com/fleetdm/fleet/pull/28945

- [x] Changes file added for user-visible changes in `changes/`,
`orbit/changes/` or `ee/fleetd-chrome/changes`.
See [Changes
files](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/guides/committing-changes.md#changes-files)
for more information.
- [x] Added/updated automated tests
- [x] Manual QA for all new/changed functionality


<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit

* **New Features**
* When uploading software batches, if the installer SHA is set to
"no_check," the system will now automatically generate and use the
SHA256 checksum of the installer file.
* **Bug Fixes**
* Fixed an issue ensuring the latest Google Chrome version is pulled
during Fleet-maintained app updates.
* Corrected the display of the SHA256 hash in the UI and API to show
valid values.
* Improved handling of installer uploads to ensure a valid SHA256
checksum is always applied, even when "no_check" is specified.
* **Tests**
* Added a test to verify correct SHA256 hash calculation for installer
files.
* Extended integration tests to validate batch software installer
operations for maintained apps with SHA256 hash checks.
* Added tests covering behavior when SHA256 checksum is marked as
"no_check" for maintained apps.
<!-- end of auto-generated comment: release notes by coderabbit.ai -->

---------

Co-authored-by: Ian Littman <iansltx@gmail.com>
2025-07-07 11:05:19 -05:00
jacobshandling
5f820febdc
UI: New side nav styles, abstractions (#30568)
## #16846 


[Demo](https://drive.google.com/file/d/1xocZDfOUbu29tPpf2J6dngy3pLACIe62/view?usp=drivesdk)

- [x] Changes file added for user-visible changes in `changes/`
- [x] Manual QA for all new/changed functionality

<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit

* **New Features**
* Added tooltips to navigation and category menu items for improved
accessibility and clarity.
* Introduced a new optional tooltip position setting, allowing tooltips
to appear on any side of the element.
  * Expanded the color palette with a new light shade option.

* **Style**
* Refactored navigation and category menu styles to use centralized,
reusable mixins for a more consistent appearance.
* Updated navigation and category menu layouts for better structure and
maintainability.

* **Chores**
* Added new SCSS mixins for navigation styling, improving code
maintainability and consistency.
<!-- end of auto-generated comment: release notes by coderabbit.ai -->

---------

Co-authored-by: Jacob Shandling <jacob@fleetdm.com>
2025-07-07 08:29:09 -07:00
Dante Catalfamo
6847f12a6f
API only users show a different avatar in the activity feed (#30512)
#28501
2025-07-07 10:45:51 -04:00
jacobshandling
dd26fb9c8b
UI: Move SSO and Host status webhook settings (#30582) 2025-07-07 07:37:13 -07:00
Sarah Gillespie
302a021315
Update PATCH /fleet/scim/Groups/<group name> endpoint to handle duplicate entries (#30533) 2025-07-07 09:33:17 -05:00
Ian Littman
0609b9b446
Bump page size to 10 for software title versions list (#30588)
Fixes #30393.

# Checklist for submitter

If some of the following don't apply, delete the relevant line.

<!-- Note that API documentation changes are now addressed by the
product design team. -->

- [x] Changes file added for user-visible changes in `changes/`,
`orbit/changes/` or `ee/fleetd-chrome/changes`.
See [Changes
files](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/guides/committing-changes.md#changes-files)
for more information.
- [x] Added/updated automated tests
- [x] Manual QA for all new/changed functionality

<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit

* **New Features**
* Increased the number of software versions displayed per page from 5 to
10 on the software view page.

* **Tests**
* Updated tests to reflect the increased number of displayed versions
and adjusted assertions accordingly.
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
2025-07-07 09:22:52 -05:00
Ian Littman
d78a76010e
Properly filter host certificates by host on update when multiple hosts share the same certificate (#30578)
Fixes #30574.

# Checklist for submitter

If some of the following don't apply, delete the relevant line.

<!-- Note that API documentation changes are now addressed by the
product design team. -->

- [x] Changes file added for user-visible changes in `changes/`,
`orbit/changes/` or `ee/fleetd-chrome/changes`.
See [Changes
files](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/guides/committing-changes.md#changes-files)
for more information.
- [x] Input data is properly validated, `SELECT *` is avoided, SQL
injection is prevented (using placeholders for values in statements)
- [x] Added/updated automated tests
- [x] Manual QA for all new/changed functionality

<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->

## Summary by CodeRabbit

* **Bug Fixes**
* Resolved issues with recording host certificate sources when multiple
hosts share the same certificate but have different usernames, improving
accuracy and performance.
* Addressed related performance and database load problems for these
scenarios.

* **Tests**
* Added new tests to ensure certificate source records remain properly
isolated per host, even when certificates are shared across hosts.

<!-- end of auto-generated comment: release notes by coderabbit.ai -->
2025-07-05 19:44:31 -05:00
Ian Littman
2d5d69fcf9
Check for new Fleet-maintained apps hourly instead of daily (#30563)
# Checklist for submitter

If some of the following don't apply, delete the relevant line.

<!-- Note that API documentation changes are now addressed by the
product design team. -->

- [x] Changes file added for user-visible changes in `changes/`,
`orbit/changes/` or `ee/fleetd-chrome/changes`.
See [Changes
files](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/guides/committing-changes.md#changes-files)
for more information.
- [ ] Manual QA for all new/changed functionality

<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->

## Summary by CodeRabbit

* **Chores**
* Increased the frequency of checks for new Fleet-maintained
applications from once per day to once per hour.

<!-- end of auto-generated comment: release notes by coderabbit.ai -->
2025-07-03 19:53:10 -05:00
jacobshandling
f0d3809b22
UI: Allow editing the name and team of a "Save as new" query (#30544)
## #14801 
### [Demo
video](https://drive.google.com/file/d/1Lovk7iwvgUv1NpfsqSt-Is0yTBt0SZ5O/view?usp=sharing)
<img width="1624" alt="Screenshot 2025-07-02 at 4 58 33 PM"
src="https://github.com/user-attachments/assets/86c7b214-e8e4-4e58-9969-b1373ed97691"
/>


* **New Features**
* Added the ability to select a team and update the name when saving a
query as a new copy, using a dedicated modal dialog.

* **Improvements**
* Enhanced the team selection dropdown with new styling options and
clarified prop names.
* Updated query editing workflow to use a modal for "Save as new"
actions.
* Improved type safety and clarity in several interfaces and utility
functions.

* **Bug Fixes**
  * Fixed inconsistencies in prop naming for team dropdown components.
* Ensured "Discard data" setting is maintained when "Save as new"ing a
query - it was previously not maintained correctly

* **Tests**
* Updated and removed tests to align with the new "Save as new" query
workflow and prop changes.
  * Added utilities for creating mock location objects in tests.

* **Style**
  * Added a new light grey color to the UI color palette.

- [x] Changes file added for user-visible changes in `changes/`
- [x] Added/updated automated tests
- [x] Manual QA for all new/changed functionality

---------

Co-authored-by: Jacob Shandling <jacob@fleetdm.com>
2025-07-03 13:11:06 -07:00
Lucas Manuel Rodriguez
dc5c396f35
Add retry mechanism to SavePolicy to reduce/eliminate deadlock errors… (#30550)
For #29400.

Added test fails without the change to retry upon deadlocks.

How to reproduce in UI:
1. Create 10 policies on a team.
2. Refetch host to have results for the policies.
3. Add (could be the same) or update the installer associated to the 10
policies in "Manage automations" > "Software".
4. Hit `Save`.

- [X] Changes file added for user-visible changes in `changes/`,
`orbit/changes/` or `ee/fleetd-chrome/changes`.
See [Changes
files](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/guides/committing-changes.md#changes-files)
for more information.
- [X] Added/updated automated tests
- [X] Manual QA for all new/changed functionality

<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->

## Summary by CodeRabbit

* **Bug Fixes**
* Improved the reliability of policy updates on the "Manage automations"
page by automatically retrying requests in case of deadlock errors.

* **Tests**
* Added a test to verify that concurrent policy updates handle deadlocks
correctly and complete without errors.

<!-- end of auto-generated comment: release notes by coderabbit.ai -->
2025-07-03 14:29:16 -03:00
Dante Catalfamo
5170613a66
Use user full name for login activity instead of email (#30553)
#29962
2025-07-03 13:02:19 -04:00
Ian Littman
6aa3455634
Ensure a host vitals refetch is queued when installs/uninstalls are successful (#30505)
Fixes #29916.

# Checklist for submitter

If some of the following don't apply, delete the relevant line.

<!-- Note that API documentation changes are now addressed by the
product design team. -->

- [x] Changes file added for user-visible changes in `changes/`,
`orbit/changes/` or `ee/fleetd-chrome/changes`.
See [Changes
files](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/guides/committing-changes.md#changes-files)
for more information.
- [x] Added/updated automated tests
- [x] Manual QA for all new/changed functionality

<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit

* **New Features**
* Host vitals data now refreshes automatically after successful software
installation or uninstallation, ensuring up-to-date status information.

* **Tests**
* Enhanced tests to verify that host vitals are only refreshed after
successful software changes, improving reliability and accuracy of the
system’s behavior.
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
2025-07-03 09:22:20 -05:00
Konstantin Sykulev
536db91fd1
Setup experience flag for InstalledSoftware activity (#30433)
Since setup experience triggered acitivites do not have a policy id, add
an additional boolean that can be set and checked in the
`WasFromAutomation` method.

https://github.com/fleetdm/fleet/issues/29897

- [x] Changes file added for user-visible changes in `changes/`,
`orbit/changes/` or `ee/fleetd-chrome/changes`.
See [Changes
files](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/guides/committing-changes.md#changes-files)
for more information.
- [x] Added/updated automated tests
- [ ] Manual QA for all new/changed functionality
2025-07-02 16:43:08 -05:00
Ian Littman
3c739af744
Decrease software batch apply polling interval from 5s to 1s (#30414)
For #30385.

# Checklist for submitter

If some of the following don't apply, delete the relevant line.

<!-- Note that API documentation changes are now addressed by the
product design team. -->

- [x] Changes file added for user-visible changes in `changes/`,
`orbit/changes/` or `ee/fleetd-chrome/changes`.
See [Changes
files](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/guides/committing-changes.md#changes-files)
for more information.
- [x] Manual QA for all new/changed functionality
2025-07-02 15:49:37 -05:00
Sarah Gillespie
848d3aec28
Update GET /hosts/:id/encryption_key to return archived key when current key is unavailable (#30396) 2025-07-02 14:57:25 -05:00
Ian Littman
5ef6904b13
Skip software_id=0 and log, but otherwise complete counts, when counting host software on a host_software table including rows with software ID zero (#30523)
Fixes #30522.

# Checklist for submitter

If some of the following don't apply, delete the relevant line.

<!-- Note that API documentation changes are now addressed by the
product design team. -->

- [x] Changes file added for user-visible changes in `changes/`,
`orbit/changes/` or `ee/fleetd-chrome/changes`.
See [Changes
files](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/guides/committing-changes.md#changes-files)
for more information.
- [x] Input data is properly validated, `SELECT *` is avoided, SQL
injection is prevented (using placeholders for values in statements)
- [x] Added/updated automated tests
- [ ] Manual QA for all new/changed functionality

<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->

## Summary by CodeRabbit

* **Bug Fixes**
* Resolved an issue where host software counts were not updated if the
database contained rows with a zero software ID.

* **Tests**
* Enhanced tests to verify correct handling of host software records
with a zero software ID.

<!-- end of auto-generated comment: release notes by coderabbit.ai -->
2025-07-02 13:47:51 -05:00
Gabriel Hernandez
ea4bb9aa62
premium tier message for certificates section in integrations (#30509)
Fixes #29505

This adds a premium permission tier message to the UI for the
certificates section in the ingrations page

- [x] Changes file added for user-visible changes in `changes/`,
`orbit/changes/` or `ee/fleetd-chrome/changes`.
- [x] Manual QA for all new/changed functionality
2025-07-02 17:03:34 +01:00
Jordan Montgomery
5263e95067
29867 Block profile PayloadScope changes (#30429)
For #29867 . Includes latest copy requested by product.

# Checklist for submitter

If some of the following don't apply, delete the relevant line.

<!-- Note that API documentation changes are now addressed by the
product design team. -->

- [x] Changes file added for user-visible changes in `changes/`,
`orbit/changes/` or `ee/fleetd-chrome/changes`.
See [Changes
files](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/guides/committing-changes.md#changes-files)
for more information.
- [x] Input data is properly validated, `SELECT *` is avoided, SQL
injection is prevented (using placeholders for values in statements)
- [x] Added/updated automated tests
- [x] Manual QA for all new/changed functionality
2025-07-02 10:54:54 -04:00
Scott Gress
c1c078795e
Fix macos_setup not always being exported correctly by generate-gitops (#30504)
for #30502

# Details

This PR fixes an issue where `fleetctl generate-gitops` would not always
add a `macos_setup` setting to a .yml file even if the team had a setup
experience configured. This was due to relying on the `MacOSSetup`
config returned by app/team config APIs to have this data populated,
which turned out to be an incorrect assumption. Instead, we now utilize
various APIs to check for the presence of setup software, scripts,
bootstrap packages and profiles.

Note that for now, `generate-gitops` will only output a `TODO` line if
setup experience is detected;
https://github.com/fleetdm/fleet/issues/30210 is open to flesh this out.
In the meantime `fleetctl gitops` will fail if this TODO is inserted, so
that the user must go and fix it manually.

# Checklist for submitter

If some of the following don't apply, delete the relevant line.

<!-- Note that API documentation changes are now addressed by the
product design team. -->

- [X] Changes file added for user-visible changes in `changes/`,
`orbit/changes/` or `ee/fleetd-chrome/changes`.
- [X] Added/updated automated tests
- [X] Manual QA for all new/changed functionality

# Testing

I set up MDM on a local instance and tried the following both on No Team
and a regular team:

* Turned "End user authentication on", verified that `fleetctl
generate-gitops` output a `macos_setup` setting for the team. Turned it
back off and verified that `macos_setup` was no longer exported by
`fleetctl generate-gitops`.
* Did the same for bootstrap package.
* Did the same for install software, and additionally verified that
having software available but _not_ selected did not cause `macos_setup`
to be exported. Same for teams with no software available at all.
* Did the same for setup assistant.

I also tested that changes to No Team didn't affect the output when
exporting a regular team.

---------

Co-authored-by: Lucas Rodriguez <lucas@fleetdm.com>
2025-07-02 09:07:58 -03:00
jkatz01
5fa2550614
30259 - fix linux uninstall script (#30488)
I tested the uninstall script by:
- Making a new agent package and installing it
- Checking with `dpkg --get-selections | grep 'fleet'` that
fleet-osquery is installed
- Checking with `sudo systemctl list-units | grep 'orbit'` that
orbit.service is running
- Uninstalling the package with uninstall-fleetd-linux.sh
- Checking the above commands again to see that fleet-osquery and
orbit.service are uninstalled.

# Checklist for submitter

If some of the following don't apply, delete the relevant line.

<!-- Note that API documentation changes are now addressed by the
product design team. -->

- [x] Changes file added for user-visible changes in `changes/`,
`orbit/changes/` or `ee/fleetd-chrome/changes`.
See [Changes
files](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/guides/committing-changes.md#changes-files)
for more information.

- For Orbit and Fleet Desktop changes:
   - [x] Manual QA done on one Linux machine (Ubuntu 24 on HP laptop).
2025-07-01 17:50:47 -05:00
RachelElysia
933909f489
Fleet UI: VPP command copy includes command verification nuance (#30431)
## Issue
Closes #29893 

## Description
- Update text for VPP command for pending_install and failed_install to
include verification nuance
- Add related tests

## Note
- Original PR pointing to `vpp-verify-followup` but should be repointed
to `main` once that branch is merged in


# Checklist for submitter

If some of the following don't apply, delete the relevant line.

<!-- Note that API documentation changes are now addressed by the
product design team. -->

- [x] Changes file added for user-visible changes in `changes/`,
`orbit/changes/` or `ee/fleetd-chrome/changes`.
- [x] Added/updated automated tests
- [ ] Manual QA for all new/changed functionality

---------

Co-authored-by: Ian Littman <iansltx@gmail.com>
2025-07-01 12:07:13 -05:00
Gabriel Hernandez
e470a1ea22
Add ability to upload EULA via gitops (#30332)
relates to [#28691](https://github.com/fleetdm/fleet/issues/28691)

This adds the ability to upload the EULA users see during the setup
experience via gitops. It follows patterns used for uploading the
bootstrap package via gitops.

I've also added a sha256 column to the `eulas` table in order to easily
compare the existing eula with a new one to see if we need to perform an
upload.

Finally I added the support to generate this new gitops setting with the
`generate-gitops` command


- [x] Changes file added for user-visible changes in `changes/`,
`orbit/changes/` or `ee/fleetd-chrome/changes`.
- [x] If database migrations are included, checked table schema to
confirm autoupdate
- For new Fleet configuration settings
- [x] Verified that the setting can be managed via GitOps, or confirmed
that the setting is explicitly being excluded from GitOps. If managing
via Gitops:
- [x] Verified that the setting is exported via `fleetctl
generate-gitops`
- [x] Added the setting to [the GitOps
documentation](https://github.com/fleetdm/fleet/blob/main/docs/Configuration/yaml-files.md#L485)
- [x] Verified that the setting is cleared on the server if it is not
supplied in a YAML file (or that it is documented as being optional)
- [x] Verified that any relevant UI is disabled when GitOps mode is
enabled
- For database migrations:
- [x] Added/updated automated tests
- [x] Manual QA for all new/changed functionality
2025-07-01 17:28:13 +01:00
Konstantin Sykulev
f008d72107
available_for_install false hides uninstalled software (#30404)
https://github.com/fleetdm/fleet/issues/30188

- [x] Changes file added for user-visible changes in `changes/`,
`orbit/changes/` or `ee/fleetd-chrome/changes`.
See [Changes
files](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/guides/committing-changes.md#changes-files)
for more information.
- [x] Input data is properly validated, `SELECT *` is avoided, SQL
injection is prevented (using placeholders for values in statements)
- [x] Added/updated automated tests
- [x] Manual QA for all new/changed functionality

---------

Co-authored-by: Ian Littman <iansltx@gmail.com>
2025-07-01 11:08:15 -05:00
Jacob Burley
a5691d8f0a
Specify binary-identifier when signing fleetctl for macOS (#30374)
This PR specifies a binary identifier for `fleetctl` on macOS, which
resolves the codesignature testing issue from #30352.

# Tests
To test this, I unsigned an affected version of `fleetctl`:
```shell
codesign --remove-signature fleetctl
```

I then installed `rcodesign` 0.29.0, and signed the binary myself, with
the added `--binary-identifier` flag:
```shell
./rcodesign sign --p12-file Certificates.p12 --p12-password-file=.p12_password --for-notarization --binary-identifier com.fleetdm.fleetctl fleetctl
```

Then, I obtained the codesigning requirement from my newly signed
binary:
```shell
$ codesign -d -r- fleetctl                                                                   
Executable=/Users/jacob.burley/Downloads/fleetctl_v4.67.3_macos/fleetctl
designated => identifier "com.fleetdm.fleetctl" and anchor apple generic and certificate 1[field.1.2.840.113635.100.6.2.6] /* exists */ and certificate leaf[field.1.2.840.113635.100.6.1.13] /* exists */ and certificate leaf[subject.OU] = "XXXXXXXXXX"
```

I then tested the code signature with the designated requirement given:
```shell
$ codesign --test-requirement='=identifier "com.fleetdm.fleetctl" and anchor apple generic and certificate 1[field.1.2.840.113635.100.6.2.6] /* exists */ and certificate leaf[field.1.2.840.113635.100.6.1.13] /* exists */ and certificate leaf[subject.OU] = "XXXXXXXXXX"' --verbose=2 --verify fleetctl
fleetctl: valid on disk
fleetctl: satisfies its Designated Requirement
fleetctl: explicit requirement satisfied
```

# Checklist for submitter

If some of the following don't apply, delete the relevant line.

<!-- Note that API documentation changes are now addressed by the
product design team. -->

- [x] Changes file added for user-visible changes in `changes/`,
`orbit/changes/` or `ee/fleetd-chrome/changes`.
See [Changes
files](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/guides/committing-changes.md#changes-files)
for more information.
2025-07-01 10:38:15 -04:00
Juan Fernandez
33ae39aee0
29619: Validate required default.yml on gitops run (#30360)
For #29619 

When running gitops validate that default.yml is provided if scripts are
specified in the no-team.yml artifact.
2025-06-30 21:04:37 -04:00
Dante Catalfamo
77f2a25fda
Add api_only key to activities API (#30353)
#28502
2025-06-30 16:49:04 -04:00
Lucas Manuel Rodriguez
404f0d3ac0
Migrate from aws-sdk-go v1 to v2 (#30308)
#29482

[Migrate to the AWS SDK for Go
v2](https://docs.aws.amazon.com/sdk-for-go/v2/developer-guide/migrate-gosdk.html)
documents how to migrate codebases.

QA on features that use AWS SDK Go:
- Bootstrap package:
  - upload:  
  - download: 
  - cleanup: 
- Software (upload, download, installation, etc.) 
  - Cloudfront: Luckly, this feature was already using aws-sdk-go-v2.
- Carves 
- Logging:
	- Firehose 
	- Kinesis 
- Lambda  (tested result logs to a lambda function on our AWS Dogfood
account)
- Email:
	- Amazon SES TODO ⚠️ (this is what Dogfood uses and a few customers)
- We cannot easily test locally, we can use dogfood or load testing
(AWS) environments.

---

- [X] Changes file added for user-visible changes in `changes/`,
`orbit/changes/` or `ee/fleetd-chrome/changes`.
See [Changes
files](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/guides/committing-changes.md#changes-files)
for more information.
- [ ] Manual QA for all new/changed functionality
2025-06-30 17:45:39 -03:00
Scott Gress
05108066ba
Add cron job to update host vitals label membership every 5 minutes (#30330)
# Details

This PR adds on to the https://github.com/fleetdm/fleet/pull/30278 which
added support for host vitals labels, by adding a cron job which updates
host vitals label membership every 5 minutes.

Unlike "dynamic" label types, where the hosts determine membership
themselves and report their decision to Fleet when they check in, "host
vitals" label membership is determine by Fleet. This means they can be
applied to hosts which don't check in at the `/distributed/write`
endpoint (like mobile devices).

The mechanism in the cron job is pretty naïve, it just lists all the
labels, post-filters for "host vitals" labels and updates membership for
each. Since the # of labels on an instance tends not to be excessive,
and since updating membership consists of one `DELETE` query and one
`INSERT...SELECT` query, this is not expected to contribute significant
load, but load testing should verify this.

# Checklist for submitter

- [X] Changes file added for user-visible changes in `changes/`,
`orbit/changes/` or `ee/fleetd-chrome/changes`.
See [Changes
files](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/guides/committing-changes.md#changes-files)
for more information.
- [X] Input data is properly validated, `SELECT *` is avoided, SQL
injection is prevented (using placeholders for values in statements)
- [X] Added/updated automated tests
- [X] Manual QA for all new/changed functionality

# Testing

Tested by manually adding scim groups, users etc. in the db and adding a
couple of new host vitals labels using the API. I've uploaded a folder
containing a db snapshot and creds to [Google Drive](
https://drive.google.com/drive/folders/1pDlg2XtS139d3sxq9iFqFs6vez8LeUgg?usp=sharing).
To use it, create a new folder
`~/.fleet/snapshots/test_host_vitals_labels`, download the `db.sql.gz`
file into it, then do `fdm restore --prep` and select
"test_host_vitals_labels". After starting the server you can trigger the
new job using `fleetctl trigger --name host_vitals_label_membership` or
wait five minutes.

New automated tests were added for a small change to the `GetLabels()`
method, and for the new cron job. Tests for other functionality were
added in https://github.com/fleetdm/fleet/pull/30278.
2025-06-30 13:00:55 -05:00
jacobshandling
48ea14abbd
UI: Labels by IdP (#30368) 2025-06-30 10:05:03 -07:00
Lucas Manuel Rodriguez
608f768dd7
Add support for IdP department to SCIM and add FLEET_VAR_HOST_END_USER_IDP_DEPARTMENT fleet variable (#30375)
#29609

Verified the changes with [Entra ID's
validator](https://scimvalidator.microsoft.com/) and adding the
department attribute to the tester:
<img width="1312" alt="Screenshot 2025-06-27 at 8 54 32 AM"
src="https://github.com/user-attachments/assets/45a5deb8-7c65-49df-b3e8-eb05bea11f6b"
/>
<img width="1312" alt="Screenshot 2025-06-27 at 8 54 21 AM"
src="https://github.com/user-attachments/assets/91b554b5-b0b9-4bb6-a0cf-4e3b40e6ce21"
/>

- Tested with Okta
- TODO: Test with Entra ID and Google Workspace.
- I decided to not fail profile deployment if a user has no department
because it's not a required attribute, instead the
`FLEET_VAR_HOST_END_USER_IDP_DEPARTMENT` will be replaced with the empty
string.

---

- [X] Changes file added for user-visible changes in `changes/`,
`orbit/changes/` or `ee/fleetd-chrome/changes`.
See [Changes
files](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/guides/committing-changes.md#changes-files)
for more information.
- [X] Input data is properly validated, `SELECT *` is avoided, SQL
injection is prevented (using placeholders for values in statements)
- [X] If database migrations are included, checked table schema to
confirm autoupdate

(https://github.com/fleetdm/fleet/blob/main/docs/Configuration/yaml-files.md#L485)
- For database migrations:
- [X] Checked schema for all modified table for columns that will
auto-update timestamps during migration.
- [X] Confirmed that updating the timestamps is acceptable, and will not
cause unwanted side effects.
- [X] Ensured the correct collation is explicitly set for character
columns (`COLLATE utf8mb4_unicode_ci`).
- [X] Added/updated automated tests
- [X] Manual QA for all new/changed functionality
2025-06-29 15:23:03 -03:00
Dante Catalfamo
e1b311a7f7
Windows 10 CIS 3.0 (#30288)
#25807
2025-06-27 11:14:40 -04:00
Jahziel Villasana-Espinoza
0c4af0b985
Verify VPP: core implementation (#30295)
# Checklist for submitter

If some of the following don't apply, delete the relevant line.

<!-- Note that API documentation changes are now addressed by the
product design team. -->

- [x] Changes file added for user-visible changes in `changes/`,
`orbit/changes/` or `ee/fleetd-chrome/changes`.
See [Changes
files](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/guides/committing-changes.md#changes-files)
for more information.
- [x] Input data is properly validated, `SELECT *` is avoided, SQL
injection is prevented (using placeholders for values in statements)
- For database migrations:
- [x] Ensured the correct collation is explicitly set for character
columns (`COLLATE utf8mb4_unicode_ci`).
- [x] Added/updated automated tests
- [x] Manual QA for all new/changed functionality
2025-06-26 17:55:43 -04:00
Ian Littman
9bee64bf2d
Persist download URL when adding FMAs via non-GitOps API, fix software versions on GitOps YAML generation (#30331)
Fixes #29618, #30282.

# Checklist for submitter

If some of the following don't apply, delete the relevant line.

<!-- Note that API documentation changes are now addressed by the
product design team. -->

- [x] Changes file added for user-visible changes in `changes/`,
`orbit/changes/` or `ee/fleetd-chrome/changes`.
See [Changes
files](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/guides/committing-changes.md#changes-files)
for more information.
- [x] Input data is properly validated, `SELECT *` is avoided, SQL
injection is prevented (using placeholders for values in statements)
- [x] Added/updated automated tests
- [x] Manual QA for all new/changed functionality
2025-06-26 14:29:23 -05:00
Sarah Gillespie
bce10924d0
Disallow lock request for unenrolled macOS hosts (#30313) 2025-06-25 13:31:33 -05:00
jacobshandling
e74e30105b
UI: In Primo mode, enforce No team or All teams, depending on the page, to preserve premium functionality (#30291)
## #30198 

[Video
demo](https://drive.google.com/file/d/1RBk5QNQdQvXTHJveCNkIeMXj5hWFA5Ft/view?usp=sharing)

- Implement the following logic for `teamId` in the UI when in Primo
mode:
<img width="870" alt="Screenshot 2025-06-24 at 12 47 48 PM"
src="https://github.com/user-attachments/assets/8ae81c3f-223f-4dda-954d-c42c7008de45"
/>
- Above logic is enforced - if trying to change/add/remove `team_id`,
automatically pushed to appropriate team

- Fixes originally reported issue - user in Primo mode can access
installable software (on the hidden "No team" which is now enforced):
  - Software page on No team
    - Update header help text 

![ezgif-49ce1977ab6474](https://github.com/user-attachments/assets/0d011f94-7c90-4d42-92ec-135baafe7927)


- Handle UI edge cases the above surfaces:
  - Queries page on All teams (No team not supported):
<img width="1624" alt="Screenshot 2025-06-24 at 1 10 40 PM"
src="https://github.com/user-attachments/assets/84bb2ca0-b8e7-44e8-9bf5-9f8f243d5584"
/>

  - Policies page on No team:
<img width="1624" alt="Screenshot 2025-06-24 at 1 10 53 PM"
src="https://github.com/user-attachments/assets/144d745f-e9b0-4933-be45-2db4fe428cfe"
/>

- update `useTeamIdParam` hook's strip query params on change team logic
to optionally also consider the current team

**Important notes**
- Software page: Software automations are only accessible via All teams,
while Add software is only accessible on a team, including No team. In
lieu of specs around this, I decided to favor Add software functionality
over Software automations functionality, aka, push to "No team" on this
page. Enabling _both_ functionalities would be a very large ticket and
need to go through a proper drafting process, since Fleet doesn't
currently support both in any state.
- Policies page:
- "Other workflows" (tickets and webhooks) is available on All Teams and
specific teams, but not on No Team, so "Other workflows" is currently
unavailable in Primo mode
- If any of the Primo customers have created policies on All Teams
already, they won't be able to manage automations on them anymore. All
Teams policies can only have ticket/webhook workflows


- [x] Changes file added for user-visible changes in `changes/`
- [x] Manual QA for all new/changed functionality

---------

Co-authored-by: Jacob Shandling <jacob@fleetdm.com>
2025-06-25 09:26:36 -07:00
Martin Angers
4994571c22
DCLK: add mechanism to verify user-scoped profiles (#30110) 2025-06-25 09:51:43 -04:00
Dhruv Trivedi
f4d6e35409
fix: Include Software URLs in fleet generate-gitops when software has URL (#30177)
fixes: https://github.com/fleetdm/fleet/issues/29617
# Checklist for submitter

- [x] Input data is properly validated, `SELECT *` is avoided, SQL
injection is prevented (using placeholders for values in statements)
- [x] Manual QA for all new/changed functionality


I implemented support for exporting the url field in fleetctl
generate-gitops when it's available in the software installer metadata.
During testing, I found that although some Fleet-maintained apps (like
Brave and Cloudflare WARP) show URLs in the UI, those URLs are not
persisted to the database—hence they don’t appear in the generated YAML
unless added manually. I confirmed the url field is supported in the
database and properly handled in the insertion logic. The version field
does get populated when the software is installed on a host. This patch
completes the GitOps export part, but the root issue may lie in the
ingestion flow of the url.


![image](https://github.com/user-attachments/assets/422c04cc-26f8-4607-83e0-b1772b8d81cf)

---------

Co-authored-by: Ian Littman <iansltx@gmail.com>
2025-06-24 16:42:59 -05:00
Jordan Montgomery
d225d5e297
Update windows CSP verification logic (#30203)
Fixes #28499 

# Checklist for submitter

If some of the following don't apply, delete the relevant line.

<!-- Note that API documentation changes are now addressed by the
product design team. -->

- [x] Changes file added for user-visible changes in `changes/`,
`orbit/changes/` or `ee/fleetd-chrome/changes`.
See [Changes
files](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/guides/committing-changes.md#changes-files)
for more information.
- [x] Input data is properly validated, `SELECT *` is avoided, SQL
injection is prevented (using placeholders for values in statements)
- [x] Added/updated automated tests
- [x] Manual QA for all new/changed functionality
2025-06-24 15:18:38 -04:00
RachelElysia
ef6b49dc6e
Fleet API: Return 0 hosts instead of 404 when filtering hosts by team x software non existent on that team (#30249)
## Issue
Closes #26258 

## Description
Returns 0 hosts instead of some random VPP error when software_status is
valid but software_title_id doesn't exist on that team

## Screenshot of fix
<img width="1186" alt="Screenshot 2025-06-23 at 2 04 52 PM"
src="https://github.com/user-attachments/assets/577cc05a-c8e4-4aaf-85c4-38ab9403018b"
/>


## Screenshot of before

<img width="1176" alt="Screenshot 2025-06-23 at 1 50 40 PM"
src="https://github.com/user-attachments/assets/cb0b6ccd-79dd-4309-ae5d-c1c1b938292d"
/>

# Checklist for submitter

If some of the following don't apply, delete the relevant line.

<!-- Note that API documentation changes are now addressed by the
product design team. -->

- [x] Added/updated automated tests
- [x] Manual QA for all new/changed functionality

---------

Co-authored-by: Ian Littman <iansltx@gmail.com>
2025-06-24 11:32:37 -04:00
Ian Littman
e71d00c688
Use dedicated, string-interpolated queries for single-host MDM status checks to reduce prepared statement usage (#30264)
For #30199 

The hottest path for these changes is the Orbit config getter, which
runs every 30 seconds for each host. That means that for 10k enrolled
hosts this will save ~333 prepares per second...which adds up.

There are a few other places that use this query, but not on as hot of a
path.

Safe despite not using prepared statements because you can't SQL-inject
a number. Existing tests cover this path well, hence no new ones.

Needs manual MDM testing.

# Checklist for submitter

If some of the following don't apply, delete the relevant line.

<!-- Note that API documentation changes are now addressed by the
product design team. -->

- [x] Changes file added for user-visible changes in `changes/`,
`orbit/changes/` or `ee/fleetd-chrome/changes`.
See [Changes
files](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/guides/committing-changes.md#changes-files)
for more information.
- [x] Input data is properly validated, `SELECT *` is avoided, SQL
injection is prevented (using placeholders for values in statements)
2025-06-24 10:12:33 -05:00
Ian Littman
2e58aabeee
Avoid unnecessary prepared statements in "select config from team" uncached queries (#30206)
For #30199. This is one of a few approaches to mitigate the issue the
customer is seeing.

This is SQLi-safe because we're dealing with an unsigned int parameter,
sprintf'd %d. Existing tests fully cover this path.

# Checklist for submitter

<!-- Note that API documentation changes are now addressed by the
product design team. -->

- [x] Changes file added for user-visible changes in `changes/`,
`orbit/changes/` or `ee/fleetd-chrome/changes`.
See [Changes
files](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/guides/committing-changes.md#changes-files)
for more information.
- [x] Input data is properly validated, `SELECT *` is avoided, SQL
injection is prevented (using placeholders for values in statements)
- [ ] Manual QA for all new/changed functionality
2025-06-23 21:09:55 -05:00
Juan Fernandez
47992b4fce
Handle null HostID on calendar webhook endpoint (#30130)
For 10744

When making a POST request to the calendar/webhook endpoint, do not error out if host record does not exists.
2025-06-23 13:10:10 -04:00
Juan Fernandez
e7519eef48
29762: Fixed bug with run script modal on FreeTier. (#30138)
For #29762 

When running on FreeTier do not apply teamId criteria on end-point used by the Run Script modal.
2025-06-23 13:03:22 -04:00
Juan Fernandez
81abc49786
28224: Added missing property to hosts/identifier/:id endpoint (#30097)
For #28224 

Added missing team_name property on /api/v1/fleet/hosts/identifier/:id endpoint.
2025-06-23 13:01:33 -04:00
jacobshandling
0c139c98e7
UI: Hide teams dropdown on software details pages in Primo mode (#30218)
## #30200 


![ezgif-73f99c5eaa3368](https://github.com/user-attachments/assets/77e10692-04c8-4021-b9dc-8bd4fcd90726)


- [x] Changes file added for user-visible changes in `changes/`
- [x] Manual QA for all new/changed functionality

---------

Co-authored-by: Jacob Shandling <jacob@fleetdm.com>
2025-06-23 09:55:36 -07:00
Sarah Gillespie
15b60c1f41
Delete iOS host refetch commands on MDM re-enrollment (#30158) 2025-06-23 10:14:00 -05:00
Dante Catalfamo
b80d79f6d8
Fixed broken macos users causing errors during query ingestion (#30128)
#29632
2025-06-23 09:37:35 -04:00
Gabriel Hernandez
34270c23bd
disable uploading EULA in UI when gitops is enabled (#30174)
Relates to #28143

remove ability to upload a EULA in the UI if gitops is enabled

- [x] Changes file added for user-visible changes in `changes/`,
`orbit/changes/` or `ee/fleetd-chrome/changes`.
See [Changes
files](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/guides/committing-changes.md#changes-files)
for more information.
- [s] Manual QA for all new/changed functionality
2025-06-23 14:27:33 +01:00
RachelElysia
3715545e67
Fleet UI: Revamp host > software page with inventory/library tabs (#29759) 2025-06-20 15:02:22 -04:00
Jahziel Villasana-Espinoza
1047a5eb29
stop erroring if a VPP app with darwin and ios versions is added to setup experience (#30187)
> Closes #29506

# Checklist for submitter

If some of the following don't apply, delete the relevant line.

<!-- Note that API documentation changes are now addressed by the
product design team. -->

- [x] Changes file added for user-visible changes in `changes/`,
`orbit/changes/` or `ee/fleetd-chrome/changes`.
See [Changes
files](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/guides/committing-changes.md#changes-files)
for more information.
- [x] Input data is properly validated, `SELECT *` is avoided, SQL
injection is prevented (using placeholders for values in statements)
- [x] Added/updated automated tests
- [x] Manual QA for all new/changed functionality
2025-06-20 13:17:25 -04:00
Gabriel Hernandez
63ace13b11
Fix issue where you cant delete a bootstrap package (#30146)
Fixes [#30059](https://github.com/fleetdm/fleet/issues/30059)

Fixes an issue where you couldn't delete a bootstrap package. The issue
was an unused json struct tag for DryRun on the
`deleteBootstrapPackageRequest` struct.

I also updated the UI to use the current endpoint to delete a bootstrap
package

- [x] Changes file added for user-visible changes in `changes/`,
`orbit/changes/` or `ee/fleetd-chrome/changes`.
- [x] Manual QA for all new/changed functionality
2025-06-20 17:05:16 +01:00
Gabriel Hernandez
a5c69a60a4
Fix bug for not being to reenable end user migration in UI (#30106)
Fixes #30063

This fixes an issue added in the
[PR](https://github.com/fleetdm/fleet/pull/29968) where the user was not
able to reenable the end user migration form.

I've also added improved a11y attributes to the slider component,
ensured we are functionally disabling the form controls during gitops
mode and not just visually, and updated/added tests for the
EndUserMigrationSection component.


- [x] Changes file added for user-visible changes in `changes/`,
`orbit/changes/` or `ee/fleetd-chrome/changes`.
- [x] Added/updated automated tests
- [x] Manual QA for all new/changed functionality
2025-06-20 17:04:30 +01:00
Konstantin Sykulev
d9b373e0c2
FMA uninstall (#29977)
Modified the FMA uninstall global script to better handle deleting files
as specified from pkgutil

[#29220](https://github.com/fleetdm/fleet/issues/29220)
[#29221](https://github.com/fleetdm/fleet/issues/29221)

- [x] Changes file added for user-visible changes in `changes/`,
`orbit/changes/` or `ee/fleetd-chrome/changes`.
See [Changes
files](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/guides/committing-changes.md#changes-files)
for more information.
- [x] Added/updated automated tests
- [x] Manual QA for all new/changed functionality
2025-06-19 16:14:06 -05:00
Scott Gress
becb7a3b5b
Add null check to fix manage automations issue (#30154)
For #30001

# Details

When Fleet is started with logging configured in a way such that the
logging plugin has no `config`, clicking "Manage Automations" on the
manage queries page results in a 500 page. An example config would be:

```
fdm up --server_address=localhost:8080 --dev --dev_license --logging_debug --osquery_result_log_plugin=stdout --osquery_status_log_plugin=stdout --activity_audit_log_plugin=stdout
```

This PR fixes the issue by adding null protection for cases where the
`config` object is empty for the logging plugin.

# Checklist for submitter

If some of the following don't apply, delete the relevant line.

<!-- Note that API documentation changes are now addressed by the
product design team. -->

- [X] Changes file added for user-visible changes in `changes/`,
`orbit/changes/` or `ee/fleetd-chrome/changes`.
See [Changes
files](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/guides/committing-changes.md#changes-files)
for more information.
- [X] Manual QA for all new/changed functionality
2025-06-19 14:51:49 -05:00
Dante Catalfamo
f25ed917d3
Fixed tooltip not showing the correct log destination (#30124)
#28613
2025-06-19 10:39:07 -04:00
Gabriel Hernandez
afffad11a0
fix typos and add premium feature message to idp integration page (#30079)
Fixes #29505

Quick fix to show the premium feature message for idp integrations card

- [x] Changes file added for user-visible changes in `changes/`,
`orbit/changes/` or `ee/fleetd-chrome/changes`.
- [x] Manual QA for all new/changed functionality
2025-06-19 12:34:53 +01:00
Gabriel Hernandez
8b25a1bae7
fix truncation of mdm server url value in about card (#30085)
Fixes #29696

fixes truncation of the mdm server url value on the about card.

- [x] Changes file added for user-visible changes in `changes/`,
`orbit/changes/` or `ee/fleetd-chrome/changes`.
- [x] Manual QA for all new/changed functionality
2025-06-19 12:34:06 +01:00
Victor Lyuboslavsky
3e88653dcc
Fixed error deleting calendar event for non-existent user. (#30009)
Fixes #27961

# Checklist for submitter

- [x] Changes file added for user-visible changes in `changes/`,
`orbit/changes/` or `ee/fleetd-chrome/changes`.
- [x] Added/updated automated tests
- [x] Manual QA for all new/changed functionality
2025-06-18 17:03:06 -05:00
Dante Catalfamo
78ba04ff10
Fix policy autofill using incorrect media-type for query (#30112)
#30066
2025-06-18 13:12:58 -04:00
Ian Littman
ea1e8b428f
Clean up OVAL-sourced vulnerabilities reported on Amazon Linux 2 hosts prior to v4.56 (#30078)
Fixed #21947.

# Checklist for submitter

If some of the following don't apply, delete the relevant line.

<!-- Note that API documentation changes are now addressed by the
product design team. -->

- [x] Changes file added for user-visible changes in `changes/`,
`orbit/changes/` or `ee/fleetd-chrome/changes`.
See [Changes
files](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/guides/committing-changes.md#changes-files)
for more information.
- [x] Input data is properly validated, `SELECT *` is avoided, SQL
injection is prevented (using placeholders for values in statements)
- [x] If database migrations are included, checked table schema to
confirm autoupdate
- For database migrations:
- [x] Checked schema for all modified table for columns that will
auto-update timestamps during migration.
- [x] Confirmed that updating the timestamps is acceptable, and will not
cause unwanted side effects.
- [x] Ensured the correct collation is explicitly set for character
columns (`COLLATE utf8mb4_unicode_ci`).
- [x] Added/updated automated tests
- [x] Manual QA for all new/changed functionality
2025-06-17 09:15:15 -05:00
RachelElysia
b29cb6bfd3
Fleet UI: Fix os settings tooltips from flashing during refetch (#30080) 2025-06-17 09:35:03 -04:00
RachelElysia
1d2b71857b
Host API: Return empty array instead of 404 for software filter not found (#30045) 2025-06-17 09:20:09 -04:00
Jordan Montgomery
b0e6a872df
Apple mdm user channel initial support (#29882)
Adds support for the Apple MDM user channel however we are waiting on
stories around verification among other things for this and we are not
shipping as part of 4.70 so this can be reviewed but should not be
merged yet

# Checklist for submitter

If some of the following don't apply, delete the relevant line.

<!-- Note that API documentation changes are now addressed by the
product design team. -->

- [x] Changes file added for user-visible changes in `changes/`,
`orbit/changes/` or `ee/fleetd-chrome/changes`.
See [Changes
files](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/guides/committing-changes.md#changes-files)
for more information.
- [x] Input data is properly validated, `SELECT *` is avoided, SQL
injection is prevented (using placeholders for values in statements)
- [x] If database migrations are included, checked table schema to
confirm autoupdate
- For database migrations:
- [x] Checked schema for all modified table for columns that will
auto-update timestamps during migration.
- [x] Confirmed that updating the timestamps is acceptable, and will not
cause unwanted side effects.
- [x] Ensured the correct collation is explicitly set for character
columns (`COLLATE utf8mb4_unicode_ci`).
- [x] Added/updated automated tests
- [x] Manual QA for all new/changed functionality

---------

Co-authored-by: Martin Angers <martin.n.angers@gmail.com>
2025-06-16 16:46:38 -04:00
Martin Angers
fbc8fc031a
Speedup worker-based device release on ADE enrollment setup (#29892) 2025-06-16 13:14:25 -04:00
Luke Heath
653291c6b4
Prepare Fleet v4.69.0 (#30024) 2025-06-16 10:43:20 -05:00
RachelElysia
999207bd33
Fleet UI: Improved error and loading state for self-service page (#30042) 2025-06-16 11:23:19 -04:00
Lucas Manuel Rodriguez
5646062c85
Update go to 1.24.4 and add some automation (#29954)
Fixes CVE-2025-22874 reported by
https://github.com/fleetdm/fleet/actions/runs/15601368321/job/43941793647.

(IMO not a critical CVE, so it doesn't need to be cherry-picked into
v4.69.0.)

Added automation to make this easier next time.
2025-06-13 13:08:14 -05:00
Victor Lyuboslavsky
9ba6e74940
Update 26519-android changelog (#29996) 2025-06-13 13:27:44 -04:00
Victor Lyuboslavsky
6a1c7902c8
Updating Android changelog. (#29995)
Fixes #26519
2025-06-13 12:27:30 -04:00
jacobshandling
69cd060b9a
UI: Consistent password field styling (#29984) 2025-06-13 11:37:26 -04:00
RachelElysia
b763b6860f
Uploading new installer to FMA turns FMA to custom package (#29959) 2025-06-13 11:36:10 -04:00
Jahziel Villasana-Espinoza
15bdf03512
use a check for dir existence that doesn't set exit code 1 if the dir doesn't exist (#29952)
> Closes #27577

# Checklist for submitter

If some of the following don't apply, delete the relevant line.

<!-- Note that API documentation changes are now addressed by the
product design team. -->

- [x] Changes file added for user-visible changes in `changes/`,
`orbit/changes/` or `ee/fleetd-chrome/changes`.
See [Changes
files](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/guides/committing-changes.md#changes-files)
for more information.
- [x] Manual QA for all new/changed functionality

---------

Co-authored-by: Ian Littman <iansltx@gmail.com>
2025-06-13 10:26:54 -04:00
Gabriel Hernandez
03a7b27633
update host details cert card (#29827)
Relates to  [#29324](https://github.com/fleetdm/fleet/issues/29324)

updates certificates card UI on the host details and my devices page.
changes some copy and adds a new Keychain column.


![image](https://github.com/user-attachments/assets/3310cd61-4447-499b-8d03-9a987fbcaed7)

- [x] Changes file added for user-visible changes in `changes/`,
`orbit/changes/` or `ee/fleetd-chrome/changes`.
See [Changes
files](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/guides/committing-changes.md#changes-files)
for more information.
- [x] Manual QA for all new/changed functionality
2025-06-13 13:00:41 +01:00
Victor Lyuboslavsky
1577d491b2
Hook up Android fleetdm.com/proxy (#29645)
For #26519 

This PR allows Fleet server to use Android with either fleetdm.com proxy
or locally. It also removes the Android feature flag from the backend.
The frontend changes and proxy API documentation will be in separate
PRs.

Updated contributor docs:
https://github.com/fleetdm/fleet/pull/29880/files

Integration tests are missing and tracked as a separate issue:
https://github.com/fleetdm/fleet/issues/27080

# Checklist for submitter

- [x] Changes file added for user-visible changes in `changes/`,
`orbit/changes/` or `ee/fleetd-chrome/changes`.
- [x] Added/updated automated tests
- [x] Manual QA for all new/changed functionality
2025-06-12 19:42:15 -05:00
jacobshandling
37856d28b8
UI: Disable MDM > End user migration section when GitOps mode enabled (#29968)
## For #28823

<img width="1071" alt="Screenshot 2025-06-12 at 11 29 29 AM"
src="https://github.com/user-attachments/assets/f8ea9022-9bbd-4405-943b-923910265be5"
/>


- [x] Changes file added for user-visible changes in `changes/`
- [x] Manual QA for all new/changed functionality

---------

Co-authored-by: Jacob Shandling <jacob@fleetdm.com>
2025-06-12 15:21:01 -07:00
Sarah Gillespie
b216219c44
Fix DB migration bug when adding MDM enroll tables (#29963) 2025-06-12 17:13:58 -05:00
Dante Catalfamo
ab12f475c2
Remove username requirement from some CIS policies (#29842)
#29127
2025-06-12 15:22:35 -04:00
RachelElysia
4277a9e93e
Fleet UI: Remove unsupported sorting arrows from host software table (#29966) 2025-06-12 14:30:38 -04:00
George Karr
7086c017e6
Adding optional parameter outfile to fleetctl package (#29579)
Fixes #29581 

# Checklist for submitter

If some of the following don't apply, delete the relevant line.

<!-- Note that API documentation changes are now addressed by the
product design team. -->

- [ ] Changes file added for user-visible changes in `changes/`,
`orbit/changes/` or `ee/fleetd-chrome/changes`.
See [Changes
files](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/guides/committing-changes.md#changes-files)
for more information.
- [ ] Input data is properly validated, `SELECT *` is avoided, SQL
injection is prevented (using placeholders for values in statements)
- [ ] Added support on fleet's osquery simulator `cmd/osquery-perf` for
new osquery data ingestion features.
- [ ] If paths of existing endpoints are modified without backwards
compatibility, checked the frontend/CLI for any necessary changes
- [ ] If database migrations are included, checked table schema to
confirm autoupdate
- For new Fleet configuration settings
- [ ] Verified that the setting can be managed via GitOps, or confirmed
that the setting is explicitly being excluded from GitOps. If managing
via Gitops:
- [ ] Verified that the setting is exported via `fleetctl
generate-gitops`
- [ ] Added the setting to [the GitOps
documentation](https://github.com/fleetdm/fleet/blob/main/docs/Configuration/yaml-files.md#L485)
- [ ] Verified that the setting is cleared on the server if it is not
supplied in a YAML file (or that it is documented as being optional)
- [ ] Verified that any relevant UI is disabled when GitOps mode is
enabled
- For database migrations:
- [ ] Checked schema for all modified table for columns that will
auto-update timestamps during migration.
- [ ] Confirmed that updating the timestamps is acceptable, and will not
cause unwanted side effects.
- [ ] Ensured the correct collation is explicitly set for character
columns (`COLLATE utf8mb4_unicode_ci`).
- [ ] Added/updated automated tests
- [ ] Manual QA for all new/changed functionality
- For Orbit and Fleet Desktop changes:
- [ ] Make sure fleetd is compatible with the latest released version of
Fleet (see [Must
rule](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/workflows/fleetd-development-and-release-strategy.md)).
- [ ] Orbit runs on macOS, Linux and Windows. Check if the orbit
feature/bugfix should only apply to one platform (`runtime.GOOS`).
- [ ] Manual QA must be performed in the three main OSs, macOS, Windows
and Linux.
- [ ] Auto-update manual QA, from released version of component to new
version (see [tools/tuf/test](../tools/tuf/test/README.md)).
- [ ] For unreleased bug fixes in a release candidate, confirmed that
the fix is not expected to adversely impact load test results or alerted
the release DRI if additional load testing is needed.
2025-06-12 10:25:40 -05:00
Sarah Gillespie
9fcd2e15c2
Add one-time challenge support to custom SCEP proxy (#29832) 2025-06-12 08:56:13 -05:00
jacobshandling
b4311f735d
UI: Make teams dropdowns searchable (#29928)
## For #28822 

- Enable searching the teams dropdown
- Ensure right-scrolling per usual text input fields when search text is
long
- Ensure neighboring elements are not moved when search text is long


![ezgif-5b014b0a03dc31](https://github.com/user-attachments/assets/30f98ea6-c7f8-4566-bfef-4e1a6eb0b55d)

- [x] Changes file added for user-visible changes in `changes/`
- [x] Manual QA for all new/changed functionality

---------

Co-authored-by: Jacob Shandling <jacob@fleetdm.com>
2025-06-11 15:11:12 -07:00
Juan Fernandez
d847ec8ed4
21979: Extended wipe end-point to allow for doWipe Win CMD (#29770)
For #21979

Extended POST /api/v1/fleet/hosts/:id/wipe end-point to allow users to
specify an optional payload for specifying what type of remote wipe to
perform on Win hosts.

---------

Co-authored-by: Rachael Shaw <r@rachael.wtf>
2025-06-11 13:56:07 -04:00
Lucas Manuel Rodriguez
1c5700a8c4
Microsoft Compliance Partner backend changes (#29540)
For #27042.

Ready for review, just missing integration tests that I will be writing
today.

- [X] Changes file added for user-visible changes in `changes/`,
`orbit/changes/` or `ee/fleetd-chrome/changes`.
See [Changes
files](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/guides/committing-changes.md#changes-files)
for more information.
- [X] Input data is properly validated, `SELECT *` is avoided, SQL
injection is prevented (using placeholders for values in statements)
- [ ] Added support on fleet's osquery simulator `cmd/osquery-perf` for
new osquery data ingestion features.
- [X] If database migrations are included, checked table schema to
confirm autoupdate
- For new Fleet configuration settings
- [X] Verified that the setting can be managed via GitOps, or confirmed
that the setting is explicitly being excluded from GitOps. If managing
via Gitops:
- [X] Verified that the setting is exported via `fleetctl
generate-gitops`
- [X] Added the setting to [the GitOps
documentation](https://github.com/fleetdm/fleet/blob/main/docs/Configuration/yaml-files.md#L485)
- [X] Verified that the setting is cleared on the server if it is not
supplied in a YAML file (or that it is documented as being optional)
- [x] Verified that any relevant UI is disabled when GitOps mode is
enabled
- For database migrations:
- [X] Checked schema for all modified table for columns that will
auto-update timestamps during migration.
- [X] Confirmed that updating the timestamps is acceptable, and will not
cause unwanted side effects.
- [X] Ensured the correct collation is explicitly set for character
columns (`COLLATE utf8mb4_unicode_ci`).
- [x] Added/updated automated tests
- [X] Manual QA for all new/changed functionality

---------

Co-authored-by: jacobshandling <61553566+jacobshandling@users.noreply.github.com>
Co-authored-by: Jacob Shandling <jacob@fleetdm.com>
2025-06-11 14:22:46 -03:00
Martin Angers
604464f60f
DCLK: Ingest login-keychain certificates for macOS (#29555) 2025-06-11 11:13:44 -04:00
RachelElysia
c574c4db25
Fleet UI: Consistent font size across input fields and dropdowns (#29865) 2025-06-10 15:04:18 -04:00
Ian Littman
3b340ee26f
Allow configuring SSO timeout (both standard and MDM SSO), replacing hard-coded 5-minute validity period (#29854)
For #29614.

# Checklist for submitter

If some of the following don't apply, delete the relevant line.

<!-- Note that API documentation changes are now addressed by the
product design team. -->

- [x] Changes file added for user-visible changes in `changes/`,
`orbit/changes/` or `ee/fleetd-chrome/changes`.
See [Changes
files](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/guides/committing-changes.md#changes-files)
for more information.
- [x] Input data is properly validated, `SELECT *` is avoided, SQL
injection is prevented (using placeholders for values in statements)
- For new Fleet configuration settings
- [x] Verified that the setting can be managed via GitOps, or confirmed
that the setting is explicitly being excluded from GitOps. - Excluded
from GitOps (env var)
- [x] Added/updated automated tests
- [x] Manual QA for all new/changed functionality
2025-06-10 10:45:00 -05:00
jacobshandling
e57452de6c
UI: Filter hosts by batch execution status (#29612)
## For #29444

- Update script batch summary modal status rows to link to the hosts
page filtered by the appropriate batch script run and status
- Add above filtering capabilities to the hosts page

<img width="1912" alt="Screenshot 2025-05-30 at 12 39 54 PM"
src="https://github.com/user-attachments/assets/4299ecaa-10bd-49f4-b0f8-cd0e71108e04"
/>

<img width="1912" alt="Screenshot 2025-05-30 at 12 40 22 PM"
src="https://github.com/user-attachments/assets/8252560e-59a2-42a9-bd0c-e5ca05c53390"
/>


- [x] Changes file added for user-visible changes in `changes/`
- [x] Manual QA for all new/changed functionality

---------

Co-authored-by: Jacob Shandling <jacob@fleetdm.com>
2025-06-09 10:53:17 -07:00
Dante Catalfamo
7644a27679
Select hosts for gitops labels using hardware_serial (#29639)
#28511
2025-06-09 13:37:00 -04:00
Dante Catalfamo
a18d22f05d
Don't allow fleetctl apply with builtin label type (#29601)
#28338
2025-06-09 13:05:11 -04:00
Martin Angers
33454fc6e9
Bugfix: wiped ADE-enrolled iOS device remains wiped on re-enroll (#29715) 2025-06-09 10:18:03 -04:00
Juan Fernandez
1c7d2a0c8a
Removes duplicates when listing software titles on 'All teams' (#29459)
For #26375. 

When listing software titles for 'All teams', do not join against
software installers nor vpps to avoid duplicates.

Since filters related to software installers/VPP apps are no longer used
when viewing titles for 'All teams', the filter dropdown is disabled if
'All teams' is selected.
2025-06-07 10:47:53 -04:00
Victor Lyuboslavsky
2d24008091
Fix Microsoft UTF16 endianness. (#29708)
Fixes #28488

Microsoft uses UTF16LE and not UTF16BE

# Checklist for submitter
- [x] Changes file added for user-visible changes in `changes/`,
`orbit/changes/` or `ee/fleetd-chrome/changes`.
- [x] Added/updated automated tests
- [x] Manual QA for all new/changed functionality

---------

Co-authored-by: Herman Slatman <hslatman@users.noreply.github.com>
2025-06-04 12:02:28 -06:00
Konstantin Sykulev
8109f2021b
Switched to DeleteObject for gcp interoperability (#29553)
[28420](https://github.com/fleetdm/fleet/issues/28420)

- [x] Changes file added for user-visible changes in `changes/`,
`orbit/changes/` or `ee/fleetd-chrome/changes`.
See [Changes
files](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/guides/committing-changes.md#changes-files)
for more information.
2025-06-02 20:07:15 -05:00
Ian Littman
502aa8bafb
When MDM SSO rate limit is supplied, split rate limit bucket (#29663)
Also adds some more rate limiter tests to make sure separate rate limit
buckets interact as expected.

Fixes #29614.

# Checklist for submitter

If some of the following don't apply, delete the relevant line.

<!-- Note that API documentation changes are now addressed by the
product design team. -->

- [x] Changes file added for user-visible changes in `changes/`,
`orbit/changes/` or `ee/fleetd-chrome/changes`.
See [Changes
files](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/guides/committing-changes.md#changes-files)
for more information.
- [x] Input data is properly validated, `SELECT *` is avoided, SQL
injection is prevented (using placeholders for values in statements)
- For new Fleet configuration settings
- [x] Verified that the setting can be managed via GitOps, or confirmed
that the setting is explicitly being excluded from GitOps. (excluded;
env var or YAML)
- [x] Added/updated automated tests
- [ ] Manual QA for all new/changed functionality

---------

Co-authored-by: George Karr <georgekarrv@users.noreply.github.com>
Co-authored-by: Noah Talerman <47070608+noahtalerman@users.noreply.github.com>
2025-06-02 16:18:58 -06:00
Jordan Montgomery
6812275565
Honor "include any" when querying profiles for verification (#29557)
Fixes #28589 

Previously "include any" was not being properly honored when we queried
profiles for verification and so we never would actually verify profiles
where the user had an include any rule with multiple labels and the host
included a subset of the labels. Updated the query that returns profiles
to verify for Windows and Apple to return those profiles with "include
any" labels and a nonzero number of the targeted labels applied

Also rearranged and refactored the associated tests slightly and added a
single test that does the various permutations of "include all" "include
any" and "exclude any"

# Checklist for submitter

If some of the following don't apply, delete the relevant line.

<!-- Note that API documentation changes are now addressed by the
product design team. -->

- [ ] Changes file added for user-visible changes in `changes/`,
`orbit/changes/` or `ee/fleetd-chrome/changes`.
See [Changes
files](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/guides/committing-changes.md#changes-files)
for more information.
- [ ] Input data is properly validated, `SELECT *` is avoided, SQL
injection is prevented (using placeholders for values in statements)
- [x] Added/updated automated tests
- [x] Manual QA for all new/changed functionality
2025-06-02 10:03:02 -04:00
Juan Fernandez
ec42e2d416
Fixes 29044: UI bug due to missing style for tooltip. (#29556)
For #29044 

Fixed styling issues with 'Observers can run this query' tooltip on the queries page.
2025-05-30 19:02:58 -04:00
Ian Littman
37c062e8a3
Allow overriding MDM SSO rate limit with an env var or config (#29640)
Env var: `FLEET_MDM_SSO_RATE_LIMIT_PER_MINUTE`. **Not** managed via
GitOps.

# Checklist for submitter

If some of the following don't apply, delete the relevant line.

<!-- Note that API documentation changes are now addressed by the
product design team. -->

- [x] Changes file added for user-visible changes in `changes/`,
`orbit/changes/` or `ee/fleetd-chrome/changes`.
See [Changes
files](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/guides/committing-changes.md#changes-files)
for more information.
- [x] Input data is properly validated, `SELECT *` is avoided, SQL
injection is prevented (using placeholders for values in statements)
- For new Fleet configuration settings
- [x] Verified that the setting can be managed via GitOps, or confirmed
that the setting is explicitly being excluded from GitOps.
- [ ] Added/updated automated tests
- [ ] Manual QA for all new/changed functionality
2025-05-30 17:34:47 -05:00
Luke Heath
3ef7caef9d
Apply starter library during new Fleet instance setup (#29564) 2025-05-30 16:27:33 -05:00
Juan Fernandez
d6b3caf1db
Fixes 28109: UI bug related to policy reported results (#29562)
For #28109 

When running a policy, base the number of results on the number of 'sucessful' hosts.
2025-05-30 16:34:52 -04:00
Jahziel Villasana-Espinoza
9d2b07f76f
add a test that checks collation on new migrations (#29309)
> closes #26403

# Checklist for submitter

If some of the following don't apply, delete the relevant line.

<!-- Note that API documentation changes are now addressed by the
product design team. -->

- [x] If database migrations are included, checked table schema to
confirm autoupdate
- For database migrations:
- [x] Ensured the correct collation is explicitly set for character
columns (`COLLATE utf8mb4_unicode_ci`).
- [x] Added/updated automated tests
- [x] Manual QA for all new/changed functionality
2025-05-29 17:00:30 -04:00
Dante Catalfamo
12851f5679
Check content-type header when parsing cross-origin JSON (#29497) 2025-05-29 15:26:55 -04:00
Dante Catalfamo
3d60a28bce
Prevent user invite race condition (#29559) 2025-05-29 15:26:02 -04:00
Ian Littman
7a54a2de22
Include non-primary CVSS scores from NVD when a primary score doesn'texist for a given CVSS version (#29199)
Fixes #28261.

~~Of note, this logic will prefer a non-primary CVSSv3.1 score over a
primary CVSSv3.0 score if 3.1 doesn't have primary but 3.0 does. I
haven't seen any evidence of this in our dataset (looked at 2024
output).~~

Updated with logic that will prefer a primary CVSSv3.0 score over a
secondary CVSSv3.1 score for a given vulnerability. In the test dataset
(2023 vuln snapshot, ~20k vulns) there were no cases where this
situation presented itself, so output was identical to the prior
implementation.

Validated by comparing a vulns run from GitHub Actions to a local run
with the new code, and confirmed that existing v3 scores weren't
replaced when they already existed (just got adds of v2 when only v3
existed, and v2/v3 adds when no scoring existed).

Confirmed that all three CVEs mentioned in #28261 show up in feed data.
Added spot-checks for secondary CVSS scores to the feed validator tool.

# Checklist for submitter

If some of the following don't apply, delete the relevant line.

<!-- Note that API documentation changes are now addressed by the
product design team. -->

- [x] Changes file added for user-visible changes in `changes/`,
`orbit/changes/` or `ee/fleetd-chrome/changes`.
See [Changes
files](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/Committing-Changes.md#changes-files)
for more information.
- [x] Input data is properly validated, `SELECT *` is avoided, SQL
injection is prevented (using placeholders for values in statements)
- [x] Manual QA for all new/changed functionality
2025-05-29 13:03:19 -05:00
Jahziel Villasana-Espinoza
c237ea53b9
add activity for automatic install policy creation (#29409)
> Closes #28259

# Checklist for submitter

If some of the following don't apply, delete the relevant line.

<!-- Note that API documentation changes are now addressed by the
product design team. -->

- [x] Changes file added for user-visible changes in `changes/`,
`orbit/changes/` or `ee/fleetd-chrome/changes`.
See [Changes
files](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/guides/committing-changes.md#changes-files)
for more information.
- [x] Input data is properly validated, `SELECT *` is avoided, SQL
injection is prevented (using placeholders for values in statements)
- [x] Added/updated automated tests
- [x] Manual QA for all new/changed functionality
2025-05-28 17:58:58 -04:00
jacobshandling
d51ea2279e
UI: Update query automations modal (#29517)
## For #28884 

<img width="803" alt="Screenshot 2025-05-27 at 6 45 14 PM"
src="https://github.com/user-attachments/assets/f4bd431e-3df8-464b-b871-8baeba5cf86c"
/>


- [x] Changes file added for user-visible changes in `changes/`
- [x] Manual QA for all new/changed functionality

---------

Co-authored-by: Jacob Shandling <jacob@fleetdm.com>
2025-05-28 13:06:33 -07:00
jacobshandling
4b5f5e9406
UI: Update disk encryption key font (#29514)
## For #28865 

**Before**:
<img width="656" alt="Screenshot 2025-05-27 at 4 08 48 PM"
src="https://github.com/user-attachments/assets/42a97b6a-2612-47f0-8a04-ef2864a4b896"
/>

**Now**:
<img width="656" alt="Screenshot 2025-05-27 at 4 13 07 PM"
src="https://github.com/user-attachments/assets/f65c399b-16b8-498b-90ba-454333543c19"
/>


- [x] Changes file added for user-visible changes in `changes/`
- [x] Manual QA for all new/changed functionality

---------

Co-authored-by: Jacob Shandling <jacob@fleetdm.com>
2025-05-28 09:44:04 -07:00
jacobshandling
b7d84bca33
UI: Query "frequency" -> "interval" (#29518)
## For #28821 

- Update UI-rendered references to `/(F|f)requency/` to refer to
`/(I|i)nterval/` instead


![ezgif-60c1b29b41ce29](https://github.com/user-attachments/assets/d2012116-bfe7-4a0c-8056-e4d3e61e623d)

- More info: Note that this PR only changes copy actually rendered in
the UI (and an associated test), and is low-risk, so can be merged and
QAed quickly. [This
branch](https://github.com/fleetdm/fleet/tree/28821-add-on-update-code)
contains updates to variables, constants, and class names, more
error-prone changes that, if review and QA capacity allow, can be PRed
for consistency between the code and the copy, but is not critical for
the desired UI updates.

- [x] Changes file added for user-visible changes in `changes/`
- [x] Added/updated automated tests
- [x] Manual QA for all new/changed functionality

---------

Co-authored-by: Jacob Shandling <jacob@fleetdm.com>
2025-05-28 09:40:13 -07:00
Martin Angers
b287dbaf9f
Bugfix: Activate next activity on delete script (#29361) 2025-05-27 14:18:34 -04:00
Scott Gress
b7d0297d03
Update OPA dependency to v1.4.2 (#29454)
# Checklist for submitter

- [X] Changes file added for user-visible changes in `changes/`,
`orbit/changes/` or `ee/fleetd-chrome/changes`.
See [Changes
files](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/guides/committing-changes.md#changes-files)
for more information.
- [X] Added/updated automated tests
- [X] Manual QA for all new/changed functionality

## Details

This PR updates the Open Policy Agent (github.com/open-policy-agent/opa)
to version 1.4.2, and does the necessary test updates to handle the
indirect upgrade of Viper (which no longer supports YAML 1.1).

Once this is done we can also [upgrade
NFPM](https://github.com/fleetdm/fleet). I chose not to do that in this
PR to keep it to one change at a time.
2025-05-27 11:48:38 -05:00
Dante Catalfamo
5789d3f3c9
Add macOS redis cluster support (#29433) 2025-05-27 11:38:59 -04:00
Sharon Katz
103239105f
Fix #27888 (#29040)
This is fixing a misinterpretation of the [CIS
document](https://drive.google.com/file/d/1Bq6GSn_wRMp2JKbYsRt51V5BXV1gizDp/view?usp=drive_link)
for Macos 15/

In the doc search for:  "show full Website". 
The Audit bash script is:
```
% /usr/bin/sudo /usr/sbin/system_profiler SPConfigurationProfileDataType |
/usr/bin/grep ShowFullURLInSmartSearchField | /usr/bin/tr -d ' '

Result on my Mac:
ShowFullURLInSmartSearchField = 1;
```
This should be interpreted as 'Any user who has this setting is ok'. Not
looking for an empty user.
We have 48 other occurrences that we will discuss outside the scope of
this issue.

QA:
Applying the profile for my main user worked.
Adding a test user
The configuration was applied to it without the need to redeploy the
profile.

--> Hence, we are good with the way CIS recommends auditing.

checking with a query finds both accounts with the proper settign:

![image](https://github.com/user-attachments/assets/258c4183-dc76-49aa-a022-63954f1733dc)



# Checklist for submitter

If some of the following don't apply, delete the relevant line.

<!-- Note that API documentation changes are now addressed by the
product design team. -->

- [x] Changes file added for user-visible changes in `changes/`,
`orbit/changes/` or `ee/fleetd-chrome/changes`.
See [Changes
files](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/Committing-Changes.md#changes-files)
for more information.
2025-05-23 10:19:23 -04:00
jacobshandling
e25c1c3728
UI: Add ability to run a script on all hosts that match a set of supported filters; Add UI to view batch run summaries (#29025)
_Only merge to `main` after [back
end](https://github.com/fleetdm/fleet/pull/29149) and [back end
extension](https://github.com/fleetdm/fleet/pull/29312)_

## For #28699, #29143, #29281

- Run scripts by filter
- View batch script run summary via activity feed
- Code clean up

### Run scripts by filter:
<img width="1280" alt="Screenshot 2025-05-09 at 5 21 51 PM"
src="https://github.com/user-attachments/assets/bcf2e275-f229-461b-8411-0e99c34af5bf"
/>
<img width="1280" alt="Screenshot 2025-05-09 at 5 22 47 PM"
src="https://github.com/user-attachments/assets/d4882ed3-cfa6-4952-acbe-89c60d65d482"
/>

### View script run summary:

![ezgif-4ebaf9c57d6e57](https://github.com/user-attachments/assets/4201ff85-04e3-473f-8a82-969f85e59558)

- [x] Changes file added for user-visible changes in `changes/`
- [x] A detailed QA plan exists on the associated ticket (if it isn't
there, work with the product group's QA engineer to add it)
- [x] Manual QA for all new/changed functionality

---------

Co-authored-by: Jacob Shandling <jacob@fleetdm.com>
2025-05-22 16:45:43 -07:00
Ian Littman
ca09fa509b
Add OVAL supported OS mappings for Ubuntu 24.10 and 25.04 (#29381)
For #29345.

Tested with Ubuntu 24.10. Can test again with 25.04 once
https://github.com/fleetdm/nvd/pull/42 is merged.

# Checklist for submitter

If some of the following don't apply, delete the relevant line.

<!-- Note that API documentation changes are now addressed by the
product design team. -->

- [x] Changes file added for user-visible changes in `changes/`,
`orbit/changes/` or `ee/fleetd-chrome/changes`.
See [Changes
files](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/guides/committing-changes.md#changes-files)
for more information.
- [x] Manual QA for all new/changed functionality
2025-05-22 18:05:51 -05:00
Scott Gress
bb09925d73
Add ability to bulk execute scripts based on filters (#29149)
for #28700 

# Checklist for submitter

- [X] Changes file added for user-visible changes in `changes/`,
`orbit/changes/` or `ee/fleetd-chrome/changes`.

## Details

This PR adds the ability to use filters to select a subset of hosts to
run a script on, using the existing batch execution system. Due to the
scale limitations of the framework, we limit this to 5,000 hosts (we may
lift this limit in the future as we iterate on this feature).

The implementation follows the same basic strategy as the "transfer
hosts to team by filter" endpoint. If filters are supplied, they are
used to get host records using `ListHosts` or `ListHostsInLabel`. If IDs
are supplied, `ListHostsLiteByIDs` is used. From there, we do the same
validation as in the previous iteration, and send the host IDs to the
batch execution function.

There are many avenues for optimization here, some of which I already
have in a branch, but this is a very low-touch solution to get us larger
batch sizes right now. To do this at true scale warrants some cross-team
architecture discussions.

## Testing

**Automated:**

New automated tests were added for the existing `BatchExecuteScript`
service method, and verified that they still pass with the code updates.

**Manual testing:**

* Tested running a script on a subset of hosts on a single page (no team
and real team)
* Tested running a script on a subset of hosts using a query filter (no
team and real team)
* Tested running a script on a subset of hosts using a label filter (no
team and real team)
2025-05-22 16:44:34 -05:00
Juan Fernandez
55fec5283e
Re-verify Linux disk encryption #26693 (#29034)
Fixes #26693 

Added functionality to verify that the escrowed LUKS disk encryption key is valid. To achieve this, two new fleetd tables were added: lsblk and  cryptsetup_luks_salt/table to compare the stored encryption key with the ones present on the host.
2025-05-22 16:15:26 -04:00
Scott Gress
c8312c83c3
Add batch script execution summary endpoint (#29312)
# Checklist for submitter

- [X] Changes file added for user-visible changes in `changes/`,
`orbit/changes/` or `ee/fleetd-chrome/changes`.
See [Changes
files](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/guides/committing-changes.md#changes-files)
for more information.
- [X] Input data is properly validated, `SELECT *` is avoided, SQL
injection is prevented (using placeholders for values in statements)
- [X] Added/updated automated tests
- [X] Manual QA for all new/changed functionality

## Details

This PR adds a new `GET /scripts/batch/summary/:batch_execution_id`
endpoint that returns a summary of the current state of a batch script
execution, including some basic info about the script being executed and
a breakdown of how hosts have responded. See
https://github.com/fleetdm/fleet/pull/29200 for API response.
2025-05-22 15:07:35 -05:00
Dante Catalfamo
0b6ee9392f
Windows 11 Enterprise CIS 4.0 (#29191)
#27396 

## Results

First Column:

-   `+` = Added
-   D = Duplicate
-   X = Updated/Removed
-   ? = Unclear/un-actionable

Tested Column:

-   Yes = Works as described
- NF = Could not find GP setting, but registry key exists and editing it
makes the policy pass
- NA = Not available. Could not find GP setting, registry setting
doesn't exist

| | Tested | Type | Comment |
|--- |------- |------
|-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
|
| + | NF | ADD | 5 (L2) Ensure 'WinHTTP Web Proxy Auto-Discovery Service
(WinHttpAutoProxySvc)' is set to 'Disabled' |
| + | Yes | ADD | 18.10.58 (L1) Ensure 'Turn on Basic feed
authentication over HTTP' is set to 'Disabled' |
| + | Yes | ADD | 2.3.11 (L1) Ensure 'Network security: LDAP client
encryption requirements' is set to 'Negotiate sealing' or higher |
| + | Yes | ADD | 18.6.4 (L1) Ensure 'Configure multicast DNS (mDNS)
protocol' is set to 'Disabled' |
| + | Yes | ADD | 18.6.4 (L2) Ensure 'Turn off default IPv6 DNS Servers'
is set to 'Enabled' |
| + | Yes | ADD | 18.6.7 (L1) Ensure 'Audit client does not support
encryption' is set to 'Enabled' |
| + | Yes | ADD | 18.6.7 (L1) Ensure 'Audit client does not support
signing' is set to 'Enabled' |
| + | Yes | ADD | 18.6.7 (L1) Ensure 'Audit insecure guest logon' is set
to 'Enabled' |
| + | Yes | ADD | 18.6.7 (L1) Ensure 'Enable authentication rate
limiter' is set to 'Enabled' |
| + | Yes | ADD | 18.6.7 (L1) Ensure 'Enable remote mailslots' is set to
'Disabled' |
| + | Yes | ADD | 18.6.7 (L1) Ensure 'Mandate the minimum version of
SMB' is set to 'Enabled: 3.1.1' |
| + | Yes | ADD | 18.6.7 (L1) Ensure 'Set authentication rate limiter
delay (milliseconds)' is set to 'Enabled: 2000' or more |
| + | Yes | ADD | 18.6.8 (L1) Ensure 'Audit insecure guest logon' is set
to 'Enabled' |
| + | Yes | ADD | 18.6.8 (L1) Ensure 'Audit server does not support
encryption' is set to 'Enabled' |
| + | Yes | ADD | 18.6.8 (L1) Ensure 'Audit server does not support
signing' is set to 'Enabled' |
| D | -- | ADD | 18.6.8 (L1) Ensure 'Enable remote mailslots' is set to
'Disabled' |
| D | -- | ADD | 18.6.8 (L1) Ensure 'Mandate the minimum version of SMB'
is set to 'Enabled: 3.1.1' |
| + | Yes | ADD | 18.7 (L2) Ensure 'Configure Windows protected print'
is set to 'Enabled' |
| + | Yes | ADD | 18.9 (L1) Ensure 'Configure the behavior of the sudo
command' is set to 'Enabled: Disabled' |
| + | Yes | ADD | 18.9.30.1 (L1) Ensure 'Block NetBIOS-based discovery
for domain controller location' is set to 'Enabled' |
| + | Yes | ADD | 18.9.39 (L1) Ensure 'Configure SAM change password RPC
methods policy' is set to 'Enabled: Block all change password RPC
methods' |
| + | Yes | ADD | 18.10.3 (L2) Ensure 'Turn off API Sampling' is set to
'Enabled' |
| + | Yes | ADD | 18.10.3 (L2) Ensure 'Turn off Application Footprint'
is set to 'Enabled' |
| + | Yes | ADD | 18.10.3 (L2) Ensure 'Turn off Install Tracing' is set
to 'Enabled' |
| + | Yes | ADD | 18.10.4 (L1) Ensure 'Not allow per-user unsigned
packages to install by default (requires explicitly allow per install)'
is set to 'Enabled' |
| + | Yes | ADD | 18.10.18 (L1) Ensure 'Enable App Installer Local
Archive Malware Scan Override' is set to 'Disabled' |
| + | Yes | ADD | 18.10.18 (L1) Ensure 'Enable App Installer Microsoft
Store Source Certificate Validation Bypass' is set to 'Disabled' |
| + | Yes | ADD | 18.10.18 (L2) Ensure 'Enable Windows Package Manager
command line interfaces' is set to 'Disabled' |
| + | Yes | ADD | 18.10.29 (L1) Ensure 'Do not apply the Mark of the Web
tag to files copied from insecure sources' is set to 'Disabled' |
| + | Yes | ADD | 18.10.43 (L1) Ensure 'Control whether exclusions are
visible to local users' is set to 'Enabled' |
| + | Yes | ADD | 18.10.43.4 (L1) Ensure 'Enable EDR in block mode' is
set to 'Enabled' |
| + | Yes | ADD | 18.10.43.8 (L2) Ensure 'Convert warn verdict to block'
is set to 'Enabled' |
| + | Yes | ADD | 18.10.43.10 (L1) Ensure 'Configure real-time
protection and Security Intelligence Updates during OOBE' is set to
'Enabled' |
| + | Yes | ADD | 18.10.43.11.1.1 (L2) Ensure 'Configure Brute-Force
Protection aggressiveness' is set to 'Enabled: Medium' or higher |
| + | Yes | ADD | 18.10.43.11.1.1 (L1) Ensure 'Configure Remote
Encryption Protection Mode' is set to 'Enabled: Audit' or higher |
| + | Yes | ADD | 18.10.43.11.1.2 (L2) Ensure 'Configure how
aggressively Remote Encryption Protection blocks threats' is set to
'Enabled: Medium' or higher |
| + | Yes | ADD | 18.10.43.13 (L1) Ensure 'Scan excluded files and
directories during quick scans' is set to 'Enabled: 1' |
| + | Yes | ADD | 18.10.43.13 (L1) Ensure 'Trigger a quick scan after X
days without any scans' is set to 'Enabled: 7' |
| + | Yes | ADD | 18.10.57.3.3 (L2) Ensure 'Restrict clipboard transfer
from server to client' is set to 'Enabled: Disable clipboard transfers
from server to client' |
| + | NA | ADD | 19.7.40 (L1) Ensure 'Turn off Windows Copilot' is set
to 'Enabled' |
| + | NF | ADD | 5 (L2) Ensure 'GameInput Service (GameInputSvc)' is set
to 'Disabled' |
| + | Yes | ADD | 18.6.8 (L1) Ensure 'Require Encryption' is set to
'Enabled' |
| + | Yes | ADD | 18.10.91 (L2) Ensure 'Allow mapping folders into
Windows Sandbox' is set to 'Disabled' |
| X | Yes | MOVE | 18.4.1 (L1) Ensure 'Configure RPC packet level
privacy setting for incoming connections' is set to 'Enabled' TO 18.7 |
| X | Yes | REMOVE | 18.10.42 Ensure 'Turn off Microsoft Defender
AntiVirus' is set to 'Disabled' |
| X | Yes | REMOVE | 18.10.15 (L1) Ensure 'Toggle user control over
Insider builds' is set to 'Disabled' |
| X | Yes | REMOVE | 18.10.66 (L1) Ensure 'Only display the private
store within the Microsoft Store' is set to 'Enabled' |
| X | Yes | REMOVE | 2.3.1 (L1) Ensure 'Accounts: Block Microsoft
accounts' is set to 'Users can't add or log on with Microsoft accounts'
|
| X | Yes | REMOVE | 18.9.7.1 (BL) Ensure 'Prevent installation of
devices that match any of these device IDs: Prevent installation of
devices that match any of these device IDs' is set to
'PCI\CC<sub>0C0A</sub>' |
| X | Yes | REMOVE | 18.9.7 (BL) Ensure 'Prevent installation of devices
that match any of these device IDs: Also apply to matching devices that
are already installed.' is set to 'True' (checked) |
| X | Yes | REMOVE | 18.9.7 (BL) Ensure 'Prevent installation of devices
that match any of these device IDs' is set to 'Enabled' |
| X | Yes | REMOVE | 5 (L2) Ensure 'Peer Name Resolution Protocol
(PNRPsvc)' is set to 'Disabled' |
| X | Yes | REMOVE | 5 (L2) Ensure 'Peer Networking Grouping (p2psvc)'
is set to 'Disabled' |
| X | Yes | REMOVE | 5 (L2) Ensure 'Peer Networking Identity Manager
(p2pimsvc)' is set to 'Disabled' |
| X | Yes | REMOVE | 5 (L2) Ensure 'PNRP Machine Name Publication
Service (PNRPAutoReg)' is set to 'Disabled' |
| X | Yes | REMOVE | 18.6.4 (L1) Ensure ‘Configure DNS over HTTPS (DoH)
name resolution' is set to 'Enabled: Allow DoH' or higher |
| X | Yes | RENAME | 2.2 (L1) Configure 'Create symbolic links' TO (L1)
Ensure 'Create symbolic links' is set to 'Administrators'23528 |
| X | Yes | RENAME | 2.2 (L2) Configure 'Log on as a service' TO (L2)
Ensure 'Log on as a service' is configured |
| + | Yes | RENAME | 18.10.82.1 (L1) Ensure 'Enable MPR notifications
for the system' TO 'Configure the transmission of the user's password in
the content of MPR notifications sent by winlogon.' |
| X | Yes | UPDATE | 18.10.17 (L1 -> L2) Ensure 'Enable App Installer'
is set to 'Disabled' |
| X | Yes | UPDATE | 18.4 (L1) Ensure 'Enable Certificate Padding' TO
Allow REG<sub>DWORD</sub> or REG<sub>SZ</sub> |
| X | NA | UPDATE | 18.9.26 Ensure 'Configures LSASS to run as a
protected process' is set to 'Enabled: Enabled with UEFI Lock' |
| ? | Unknown | UPDATE | Section 17 Auditpol commands to use Policy
GUIDs |
| ? | Unknown | UPDATE | 18.4 (L1) Ensure 'Enable Certificate Padding'
is set to 'Enabled' |
| ? | Unknown | UPDATE | Section changes from Windows 11 Release 23H2
v2.0 Administrative Templates |
| ? | Unknown | UPDATE | Section changes from Windows 11 Release 24H2
Administrative Templates |
| ? | Unknown | UPDATE | User Overview (Section 19) |
| ? | Unknown | UPDATE | Profile Names |
| ? | Unknown | UPDATE | General Overview and Intended Audience Section
|
| ? | Unknown | UPDATE | BitLocker Operating System Drive Section |
| ? | Unknown | UPDATE | 18.10.93.4 (L1) Ensure 'Enable optional
updates' is set to 'Disabled' |
2025-05-22 15:55:45 -04:00
Dante Catalfamo
a202e31929
Add SMTP settings save tooltip (#29112) 2025-05-22 14:47:38 -04:00
Jordan Montgomery
149cd9daca
Tweak MDM detection query to return the proper enrollment when there are multiple entries (#29360)
This change is deceptively simple but helps us choose the right one in
cases like #29042 where there are multiple enrollments in the registry.
In this case the customer seems to have been using something like
co-management(though even using their MDM we have not repro'd
internally) which leads to 2 registry keys in the registry with a UPN
node. I believe the way some MDM services handle unenroll can also leave
the registry keys in this state. Either way, because of this, and the
fact that we have a LIMIT 1 in the query, we were, in 50% of the cases
where we had multiple keys, returning the less useful of the nodes from
the query and because no Server URL was coming back we were treating it
as if the host was not MDM enrolled and thus, not unenrolling it, and
leading to enrollment failing.

With this change we'll return the proper registry key which should allow
us to, in the case of migration, properly unenroll the host and even in
the case where a customer isn't using Fleet MDM will allow us to display
the correct information from the registry.

# Checklist for submitter

If some of the following don't apply, delete the relevant line.

<!-- Note that API documentation changes are now addressed by the
product design team. -->

- [x] Changes file added for user-visible changes in `changes/`,
`orbit/changes/` or `ee/fleetd-chrome/changes`.
See [Changes
files](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/guides/committing-changes.md#changes-files)
for more information.
- [x] Input data is properly validated, `SELECT *` is avoided, SQL
injection is prevented (using placeholders for values in statements)
- [x] Manual QA for all new/changed functionality
2025-05-22 14:08:05 -04:00
Luke Heath
45742e946f
Adding changes for Fleet v4.68.0 (#28800) 2025-05-22 11:47:40 -05:00
RachelElysia
0ae3abd5d6
Fleet UI: Allow gitOps mode to add package to view YAML (#29274) 2025-05-22 09:47:57 -04:00
Scott Gress
2e89780c6d
add HostIDs to label API (#29185)
for #27701

# Checklist for submitter

- [X] Changes file added for user-visible changes in `changes/`,
`orbit/changes/` or `ee/fleetd-chrome/changes`.
See [Changes
files](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/Committing-Changes.md#changes-files)
for more information.
- [X] Manual QA for all new/changed functionality

## Details

This PR fixes an issue where adding or removing a single host on a
manual label in the UI had unexpected results when that host's serial
number was not unique. When adding the host, all other hosts with the
same serial # would be added. When removing the host, _no_ hosts would
be removed unless _all_ the hosts with the matching serial # were
removed. The fix here is to introduce a new API param `host_ids` which
allows sending explicit Fleet host IDs to the add/update label APIs.
These are guaranteed to be unique.

## Testing

* Added new automated tests for the `NewLabel` and `ModifyLabel`
services
* Manually tested adding and modifying labels using hosts with duplicate
serials (I manually updated serials in my local db to get duplicates)

## Notes

* The existing `hosts` param is preserved (and tested) since API-only
users may rely on it.
* A separate API docs PR will be opened.
2025-05-22 08:20:35 -05:00
Dante Catalfamo
405dd55371
Make read_host_disk_encryption_key a host activity (#28858)
#28521
2025-05-21 16:47:11 -04:00
jacobshandling
bf9e9566a8
UI: Fix permissions for accessing queries table Edit UX (#29319)
## For #28532 

#### As global observer:
![Screenshot 2025-05-20 at 10 03
59 PM](https://github.com/user-attachments/assets/8ad9d01d-d0cb-402c-b32b-1928a494054e)

#### As global admin:
![Screenshot 2025-05-20 at 10 04
01 PM](https://github.com/user-attachments/assets/6f8fdfd5-9255-4865-b91a-0d2fd4a22121)


- [x] Changes file added for user-visible changes in `changes/`
- [x] Manual QA for all new/changed functionality

---------

Co-authored-by: Jacob Shandling <jacob@fleetdm.com>
2025-05-21 10:40:57 -07:00
Gabriel Hernandez
725e7336b9
add host filtering by mdm config profile and the profile status (#29287)
For [#28761](https://github.com/fleetdm/fleet/issues/28761)

This adds the ability to filter the hosts by `profile_uuid` and
`profile_status` query params. This was added for the following
endpoints:

```
GET /hosts
GET /hosts/count
GET /hosts/reports
```

This also adds the UI needed to send the query params to the API
correctly when exporting a CSV of the hosts

- [x] Changes file added for user-visible changes in `changes/`,
`orbit/changes/` or `ee/fleetd-chrome/changes`.
- [x] Added/updated automated tests
- [x] Manual QA for all new/changed functionality
2025-05-21 18:29:13 +01:00
Dante Catalfamo
54efd74f77
Cancel upcoming scripts on edit (#28924)
#28701
2025-05-21 13:04:59 -04:00
Konstantin Sykulev
a42167462f
Added SHA256 hash from mac apps on install paths (#29280)
https://github.com/fleetdm/fleet/issues/25545

- [x] Changes file added for user-visible changes in `changes/`,
`orbit/changes/` or `ee/fleetd-chrome/changes`.
See [Changes
files](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/guides/committing-changes.md#changes-files)
for more information.
- [x] Input data is properly validated, `SELECT *` is avoided, SQL
injection is prevented (using placeholders for values in statements)
- [ ] Added support on fleet's osquery simulator `cmd/osquery-perf` for
new osquery data ingestion features.
- [x] Added/updated automated tests
- [x] Manual QA for all new/changed functionality
- For Orbit and Fleet Desktop changes:
- [ ] Make sure fleetd is compatible with the latest released version of
Fleet (see [Must
rule](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/workflows/fleetd-development-and-release-strategy.md)).
- [x] Orbit runs on macOS, Linux and Windows. Check if the orbit
feature/bugfix should only apply to one platform (`runtime.GOOS`).
- [x] Manual QA must be performed in the three main OSs, macOS, Windows
and Linux.
- [ ] Auto-update manual QA, from released version of component to new
version (see [tools/tuf/test](../tools/tuf/test/README.md)).
2025-05-20 23:38:59 -05:00
jacobshandling
19fe0ff5ce
UI: Improve TooltipTruncatedText and now underlying useCheckTruncatedElement (#29232)
## For #27667 

- Have `TooltipTruncatedText` component use `useCheckTruncatedElement`
to track its current state of truncation.
- Update `useCheckTruncatedElement` to re-evaluate truncation state
based on changes to the width of
the element itself as opposed to changes to viewport width. This
facilitates truncation when the
width of the element is updated due to user interaction / change in UI
state other than window resize, e.g. checking a policy in the policy
software automations modal (see issue description for details
reproduction instructions there).

**Truncation with tooltip successful for UI state changes:**

![ezgif-27969fb4a17d3e](https://github.com/user-attachments/assets/66156bd5-7948-4e73-9c11-4a08fde44189)

Truncation with tooltip successful for viewport resizing:

![ezgif-2515f715b05436](https://github.com/user-attachments/assets/8ef70579-1e89-4a4b-9fd0-93a4776d3151)

![ezgif-24a953c65500d9](https://github.com/user-attachments/assets/fc2f302b-6f7e-463e-97d2-9978b97c5601)

- [x] Changes file added for user-visible changes in `changes/⁄
- [x] Manual QA for all new/changed functionality

---------

Co-authored-by: Jacob Shandling <jacob@fleetdm.com>
2025-05-20 15:41:53 -07:00
Scott Gress
28ba274f1f
Fix SQL query editor cursor alignment issue (#28878)
for #27233 

# Checklist for submitter

- [X] Changes file added for user-visible changes in `changes/`,
`orbit/changes/` or `ee/fleetd-chrome/changes`.
See [Changes
files](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/Committing-Changes.md#changes-files)
for more information.

## Details

This PR fixes an issue where the cursor in the SQL editor would become
misaligned under some circumstances. I was never able to reproduce this
personally, but big thanks to @mason-buettner for both the reproduction
and testing this fix.

The issue seems to stem from the Ace editor having a hard time dealing
with CSS scaling. I'm not sure what circumstances actually cause this to
occur, but a combination of Google and ChatGPT lead me to
https://github.com/securingsincity/react-ace/issues/750 and
https://github.com/ajaxorg/ace/issues/4794 which I combined for this fix
which seems to work.
2025-05-20 16:56:52 -05:00
jacobshandling
b4a1042d3e
Re-calculate host failing policy and total issue counts whenever GET ing that host (#29109)
## For #27085 


![ezgif-4c995b0462ebed](https://github.com/user-attachments/assets/a1c1b2d1-c585-42c9-9db7-b45f4853e90b)


- [x] Changes file added for user-visible changes in `changes/`
- [x] Added/updated automated tests
- [x] Manual QA for all new/changed functionality

---------

Co-authored-by: Jacob Shandling <jacob@fleetdm.com>
2025-05-20 13:41:38 -07:00
Victor Lyuboslavsky
01b3a6e2d2
Remove webview when IdP not enabled. (#29283)
For #26996 and #28452

Demo video: https://www.youtube.com/shorts/WGS3JmKiZTs

The device/machine info is extracted from the PKCS7 signed body of the
POST request.

I did manual QA on iPhone since I don't have an ADE macOS device with
me.

# Checklist for submitter

- [x] Changes file added for user-visible changes in `changes/`,
`orbit/changes/` or `ee/fleetd-chrome/changes`.
- [x] Input data is properly validated, `SELECT *` is avoided, SQL
injection is prevented (using placeholders for values in statements)
- [x] Added/updated automated tests
- [x] Manual QA for all new/changed functionality
2025-05-20 22:50:48 +03:00
Jahziel Villasana-Espinoza
0e030eb458
handle case when fleet maintained apps list is null (#29296)
> For #29197 

# Checklist for submitter

If some of the following don't apply, delete the relevant line.

<!-- Note that API documentation changes are now addressed by the
product design team. -->

- [x] Changes file added for user-visible changes in `changes/`,
`orbit/changes/` or `ee/fleetd-chrome/changes`.
See [Changes
files](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/guides/committing-changes.md#changes-files)
for more information.
- [x] Manual QA for all new/changed functionality
2025-05-20 15:42:35 -04:00
Sarah Gillespie
b8acdfacdf
Fix MDM lifecycle bug when deleting multiple hosts (#29278) 2025-05-20 14:22:40 -05:00
Martin Angers
6051c28b55
BRP: cancel single profile on delete via UI (#29107) 2025-05-20 08:55:51 -04:00
Sarah Gillespie
aea4406b4f
Improve MDM device-to-user mapping for Apple devices (#29239) 2025-05-19 13:29:46 -05:00
Scott Gress
26e4395926
Allow GitOps to clear global settings more easily using overwrite option (#29215)
for #28118 

# Checklist for submitter

- [X] Manual QA for all new/changed functionality

## Details

This PR adds an `overwrite` option to the "modify app config" API which,
if set, causes the code to replace certain keys in the existing config
with keys from the incoming config, without attempting any merge. This
is then used by GitOps to allow it to easily clear settings that were
otherwise being merged together or ignored entirely due to the PATCH
semantics expected for the `fleetctl apply` use case.

The new setting is utilized in this first pass for the following
settings:

* `sso_settings`
* `smtp_settings`
* `features`
* `mdm.end_user_authentication`

It could be expanded to several more keys that we currently handle
piecemeal in the GitOps code by attempting to send empty values to the
server (with varying success).

Targeting `mdm.end_user_authentication` vs. all of `mdm` is based on
[this bug](https://github.com/fleetdm/fleet/issues/26175) being opened.
The concern with doing all of `mdm` would be that anyone who had e.g.
VPP set up in their app and hadn't set it up in GitOps would have it
wiped out. If we're comfortable with that risk I can update that here
and update the warning accordingly.

### More detail 

**The way this code works _without_ Overwrite mode on**

1. We unmarshall the incoming JSON from GitOps into a fresh AppConfig
struct `newAppConfig`. Anything keys not present in the incoming JSON
will result in default values being set in `newAppConfig`
2. We unmarshall the incoming JSON from GitOps into the current
`appConfig`. This uses an internal merge algorithm where keys not
present in the JSON will generally leave the matching keys in
`appConfig` untouched. We've been dealing with this by having GitOps
find missing keys and explicitly set them to non-nil empty states. When
arrays are encountered, they are _merged_, not replaced, which is
problematic for the `features.additional_queries` use case and probably
others.
3. We piecemeal replace certain data in `appConfig` with data from
`newAppConfig`, and save it to the db.

**The way this works _with_ Overwrite mode on**

Between steps 1 and 2 above, we _copy_ certain keys from `newAppConfig`
to `appConfig`. If the incoming JSON didn't have a key, the effect will
be that `appConfig` now has default values for that key. For nested
arrays like `features.additionalQueries`, the value in `appConfig` will
be precisely what the user put in GitOps.

## Testing

I tested adding/removing these settings with GitOps manually via
`fleetctl gitops`. On the main branch I could reproduce the issue where
omitting out these keys in my YAML did not lead to the settings being
reset on my instance. With the Features settings, the issue was more
granular, with inconsistent behavior when trying to remove individual
nested settings. On this branch, the settings are cleared as expected at
all levels of granularity.

I also added some new automated tests to verify the expected behavior
for these keys. All existing tests pass.

If accepted this PR would supercede
https://github.com/fleetdm/fleet/pull/29180 which approaches the issue
from the GitOps side for sso, smtp and mdm. Adapting that approach for
`features` would require custom logic to declare nested properties as
"cleared".
2025-05-19 11:18:28 -05:00
Ian Littman
aa733e66d5
Properly decode MSI product names from Windows-1252 (#29245)
For #27522.

See GDrive installer testdata for the Google Workspace Sync MSI used for
testing this.

# Checklist for submitter

If some of the following don't apply, delete the relevant line.

<!-- Note that API documentation changes are now addressed by the
product design team. -->

- [x] Changes file added for user-visible changes in `changes/`,
`orbit/changes/` or `ee/fleetd-chrome/changes`.
See [Changes
files](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/Committing-Changes.md#changes-files)
for more information.
- [x] Input data is properly validated, `SELECT *` is avoided, SQL
injection is prevented (using placeholders for values in statements)
- [x] Manual QA for all new/changed functionality
2025-05-19 10:39:57 -05:00
Ian Littman
980adc0c45
Improve .pkg metadata extraction for names and bundle IDs, let custom package metadata extraction tool check an entire directory at a time (#29249)
For #24083, #26597.

# Checklist for submitter

If some of the following don't apply, delete the relevant line.

<!-- Note that API documentation changes are now addressed by the
product design team. -->

- [x] Changes file added for user-visible changes in `changes/`,
`orbit/changes/` or `ee/fleetd-chrome/changes`.
See [Changes
files](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/Committing-Changes.md#changes-files)
for more information.
- [x] Input data is properly validated, `SELECT *` is avoided, SQL
injection is prevented (using placeholders for values in statements)
- [x] Added/updated automated tests
- [x] Manual QA for all new/changed functionality
2025-05-19 10:32:36 -05:00
Ian Littman
21006a1bd7
Batch host_software inserts in macOS names migration to improve performance for large host counts (#29238)
For https://github.com/fleetdm/confidential/issues/10596

# Checklist for submitter

If some of the following don't apply, delete the relevant line.

<!-- Note that API documentation changes are now addressed by the
product design team. -->

- [x] Changes file added for user-visible changes in `changes/`,
`orbit/changes/` or `ee/fleetd-chrome/changes`.
See [Changes
files](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/Committing-Changes.md#changes-files)
for more information.
- [x] Input data is properly validated, `SELECT *` is avoided, SQL
injection is prevented (using placeholders for values in statements)
- [x] If database migrations are included, checked table schema to
confirm autoupdate
- For database migrations:
- [x] Checked schema for all modified table for columns that will
auto-update timestamps during migration.
- [x] Confirmed that updating the timestamps is acceptable, and will not
cause unwanted side effects.
- [x] Ensured the correct collation is explicitly set for character
columns (`COLLATE utf8mb4_unicode_ci`).
- [x] Manual QA for all new/changed functionality
2025-05-17 12:42:01 -05:00
Jordan Montgomery
38811da1c0
Hold off on policy queries until after setup experience (#29159)
For #28205 

During setup experience customers often install all or most of the
software that would otherwise be installed based on the results of
policy queries. If we run policy queries during setup experience we end
up trying to install some software twice which, at best, leads to
confusing activities listed for the host. With these changes we will not
run policy queries on macOS hosts until after the host has exited setup
experience, at which point we should be able to avoid duplicate installs

# Checklist for submitter

If some of the following don't apply, delete the relevant line.

<!-- Note that API documentation changes are now addressed by the
product design team. -->

- [x] Changes file added for user-visible changes in `changes/`,
`orbit/changes/` or `ee/fleetd-chrome/changes`.
See [Changes
files](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/Committing-Changes.md#changes-files)
for more information.
- [x] Input data is properly validated, `SELECT *` is avoided, SQL
injection is prevented (using placeholders for values in statements)
- [x] Added/updated automated tests
- [x] Manual QA for all new/changed functionality
2025-05-16 14:56:27 -04:00
Gabriel Hernandez
9a32be0540
enable fleet secret variables in the macos setup script in gitops (#29164)
For #28215

Allows users to use fleet secret variables for macos setup script for
gitops.


- [x] Changes file added for user-visible changes in `changes/`,
`orbit/changes/` or `ee/fleetd-chrome/changes`.
- [ ] Added/updated automated tests
- [x] Manual QA for all new/changed functionality
2025-05-16 19:05:33 +01:00
Victor Lyuboslavsky
bfad93a1f0
Fixing issues with Apple DDM profile status (#29059)
For #27979 

This PR fixes Apple declarations issues:
- P2 issue with hashing the declaration token
- When declaration items are requested, mark any outstanding "remove"
operations as pending. This prevents "remove" operations from being
stuck in pending in some cases because they were actually already
processed.
- When updating verification status, don't update "remove" operations --
we don't update their status and we just delete them. This prevents the
issue where a "remove" operation got the updated status and the
"install" operation got stuck in verifying forever.
- when adding a declaration that has a matching remove outstanding, mark
the declaration verified. This prevents "install" operations from being
stuck in pending/verifying. Why? Because there is nothing for the host
to do if the same declaration was removed and then immediately added
back.
- migration to delete "remove" operations with non-nil and non-pending
status. These are the only legal statuses for remove operations.

# Checklist for submitter
- [x] Changes file added for user-visible changes in `changes/`,
`orbit/changes/` or `ee/fleetd-chrome/changes`.
- [x] If database migrations are included, checked table schema to
confirm autoupdate
- For database migrations:
- [x] Checked schema for all modified table for columns that will
auto-update timestamps during migration.
- [x] Confirmed that updating the timestamps is acceptable, and will not
cause unwanted side effects.
- [x] Ensured the correct collation is explicitly set for character
columns (`COLLATE utf8mb4_unicode_ci`).
- [x] Added/updated automated tests
- [x] A detailed QA plan exists on the associated ticket (if it isn't
there, work with the product group's QA engineer to add it)
- [x] Manual QA for all new/changed functionality
2025-05-15 13:05:25 -05:00
Victor Lyuboslavsky
890042d27a
Force enrollment profile sync when an Apple device was added to ABM. (#29147)
For #27854

I was able to reproduce the issue by simply unassigning device from an
MDM server, and then assigning back. Once assigned back, Fleet did not
resend the profile to ABM, and device was not able to enroll into MDM.

# Checklist for submitter

- [x] Changes file added for user-visible changes in `changes/`,
`orbit/changes/` or `ee/fleetd-chrome/changes`.
See [Changes
files](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/Committing-Changes.md#changes-files)
for more information.
- [x] Added/updated automated tests
- [x] Manual QA for all new/changed functionality
2025-05-15 12:29:38 -05:00
RachelElysia
4dc5f30dc1
Fleet UI: Surface copyable SHA256 hash on software details page (#29152) 2025-05-15 12:20:22 -04:00
Gabriel Hernandez
63b2e19630
allow turning off mdm for iphone and ipad hosts (#29087)
For [#23784](https://github.com/fleetdm/fleet/issues/23784)

This adds the "turn off mdm" option don't he host details page for
iPhone and iPad devices.

- [x] Changes file added for user-visible changes in `changes/`,
`orbit/changes/` or `ee/fleetd-chrome/changes`.
- [ ] Added/updated automated tests
- [ ] Manual QA for all new/changed functionality
2025-05-15 12:38:07 +01:00
Gabriel Hernandez
5815dc4e54
Feat UI host filter by custom profiles (#29038)
For #28759

This is the UI work for being able to filter hosts by a configuration
profile status. There are also added tests in this PR.


![image](https://github.com/user-attachments/assets/b2585093-b191-4dc5-a11e-55ad4156d713)


- [x] Changes file added for user-visible changes in `changes/`,
`orbit/changes/` or `ee/fleetd-chrome/changes`.
- [x] Added/updated automated tests
- [x] Manual QA for all new/changed functionality
2025-05-15 12:37:45 +01:00
Martin Angers
7f5fc14f59
Immediately ask for a host refetch when a host re-enrolls and reuses an existing host row (#29081) 2025-05-14 09:38:53 -04:00
Juan Fernandez
3f298ac218
Error when deleting non managed GitOps labels #28440 (#29067)
Fixes #28440 

When running GitOps, delete any non-managed labels as the last step to avoid any DB constraint issues.
2025-05-13 20:16:16 -04:00
jacobshandling
28ea0f0589
UI: User menu style fix (#29066)
## For #27609 

<img width="180" alt="Screenshot 2025-05-12 at 4 00 52 PM"
src="https://github.com/user-attachments/assets/1aabd897-ecae-45f0-9b53-c81677a47d55"
/>

- [x] Changes file added for user-visible changes in `changes/`
- [x] Manual QA for all new/changed functionality

---------

Co-authored-by: Jacob Shandling <jacob@fleetdm.com>
2025-05-13 11:49:48 -07:00
jacobshandling
9bd3a3df8d
UI: Hide script contents for saved script run activity details (#29064)
## For #27255 

- Hide script contents when a saved script was run
- Clean up code

<img width="1276" alt="Screenshot 2025-05-12 at 3 39 32 PM"
src="https://github.com/user-attachments/assets/e057820e-3db0-4ac0-be7c-38abf20cfadc"
/>


- [x] Changes file added for user-visible changes in `changes/`
- [x] Manual QA for all new/changed functionality

---------

Co-authored-by: Jacob Shandling <jacob@fleetdm.com>
2025-05-13 11:16:27 -07:00
Ian Littman
3edf684db1
Add backend for uninstalls in My device UI (#29035)
For #28846. Intentionally not limited to self-service/in-scope apps,
though we don't have any software listing changes in this PR to show
more titles in the self-service list.

QA plan is a bit light due to ticket being underspec'd. Can figure out
how we deal with that later.

# Checklist for submitter

If some of the following don't apply, delete the relevant line.

<!-- Note that API documentation changes are now addressed by the
product design team. -->

- [x] Changes file added for user-visible changes in `changes/`,
`orbit/changes/` or `ee/fleetd-chrome/changes`.
See [Changes
files](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/Committing-Changes.md#changes-files)
for more information.
- [x] Input data is properly validated, `SELECT *` is avoided, SQL
injection is prevented (using placeholders for values in statements)
- [x] Added/updated automated tests
- [ ] A detailed QA plan exists on the associated ticket (if it isn't
there, work with the product group's QA engineer to add it)
- [x] Manual QA for all new/changed functionality
2025-05-13 12:14:45 -05:00
Scott Gress
ecb1a1caca
Add retry when applying queries (#28951)
for #28642

> Note: this PR diff is easier to view [with whitespace
off](https://github.com/fleetdm/fleet/pull/28951/files?w=1).

## Details

This PR adds retry to the "Apply Queries" logic, in an attempt to
alleviate deadlock issues when applying queries via GitOps. The
`applyQueriesInTx` now uses `withRetryTxx` instead of starting a
transaction with `BeginTxx`. This requires some downstream updates to
`updateQueryLabels` and `updateQueryLabelsInTx`, see PR comments for
details.

This is a first (and hopefully only necessary) step to fixing the
deadlock issues. If needed, we have other steps we can take like
batching the query inserts and splitting the read/write in
saveHostPackStatsDB
(see
https://github.com/fleetdm/fleet/issues/28642#issuecomment-2845804689)

## Testing

I tested this manually using `fleetctl gitops` to apply queries with and
without labels. Existing automated tests for Apply Queries still pass.
2025-05-13 12:06:20 -05:00
RachelElysia
175f110f86
Fleet UI: Created consistent UI for the copy button of an input field (#29056) 2025-05-13 10:24:32 -04:00
Jordan Montgomery
db3e3ff70b
Fix MDM last checkin and enrollment names to match API spec (#29073)
For #17710 

I focused too much on making sure we were returning the requested data
and got the actual property names wrong.

See https://github.com/fleetdm/fleet/pull/28940/files for proper names

- [x] Changes file added for user-visible changes in `changes/`,
`orbit/changes/` or `ee/fleetd-chrome/changes`.
See [Changes
files](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/Committing-Changes.md#changes-files)
for more information.
- [x] Input data is properly validated, `SELECT *` is avoided, SQL
injection is prevented (using placeholders for values in statements)
- [x] Added/updated automated tests
- [x] Manual QA for all new/changed functionality
2025-05-13 08:17:11 -04:00
Katheryn Satterlee
9ea5ecde68
Add neon to Linux platform list (#28977)
Added `neon` to list of Linux platforms associated with hosts so that
Linux-specific detail queries and policies will be sent to hosts running
the XDE Neon operating system.

This does not guarantee full compatibility with Neon, but will improve
telemetry.

Resolves #28560 


# Checklist for submitter


If some of the following don't apply, delete the relevant line.

<!-- Note that API documentation changes are now addressed by the
product design team. -->

- [x] Changes file added for user-visible changes in `changes/`,
`orbit/changes/` or `ee/fleetd-chrome/changes`.
See [Changes
files](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/Committing-Changes.md#changes-files)
for more information.
- [x] Added/updated automated tests
- [ ] A detailed QA plan exists on the associated ticket (if it isn't
there, work with the product group's QA engineer to add it)
- [ ] Manual QA for all new/changed functionality
2025-05-12 17:37:21 -05:00
jacobshandling
262832bfff
UI: Warn before saving script contents (#29026)
## For #28699 auxiliary feature


![ezgif-28c6ba4048c004](https://github.com/user-attachments/assets/2631286a-b4bd-431a-8ea1-5b962af933dd)

- [x] Changes file added for user-visible changes in `changes/`
- [x] A detailed QA plan exists on the associated ticket (if it isn't
there, work with the product group's QA engineer to add it)
- [x] Manual QA for all new/changed functionality

---------

Co-authored-by: Jacob Shandling <jacob@fleetdm.com>
2025-05-12 13:51:38 -07:00
RachelElysia
7463fb18b4
Fleet Desktop: Update component level error states (#28816) 2025-05-12 09:25:09 -04:00
Victor Lyuboslavsky
7b1187de0f
SCIM support for authentik (#29002)
SCIM support for authentik appears to work in Dogfood and also works in
the local environment on main.

We need to QA for official support.
2025-05-09 15:06:03 -04:00
Jordan Montgomery
ca149a0cdb
Add host apple MDM timestamps to host detail responses (#28998)
For #17710 

Adds mdm_last_seen_at and mdm_last_enrolled_at to the host details
response for Apple platforms

Still testing with actual hardware to make sure the timestamps update
when expected

- [x] Changes file added for user-visible changes in `changes/`,
`orbit/changes/` or `ee/fleetd-chrome/changes`.
See [Changes
files](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/Committing-Changes.md#changes-files)
for more information.
- [x] Input data is properly validated, `SELECT *` is avoided, SQL
injection is prevented (using placeholders for values in statements)
- [x] Added/updated automated tests
- [x] A detailed QA plan exists on the associated ticket (if it isn't
there, work with the product group's QA engineer to add it)
2025-05-09 14:18:48 -04:00
Gabriel Hernandez
b9e321e545
Add UI for viewing config profile install status and enable resending profiles to failed hosts. (#28964)
For [#28757](https://github.com/fleetdm/fleet/issues/28757)

implements UI for viewing a config profiles install status info as well
as allows user to resend the profile to hosts that it failed on. this
includes

**New info icon on the profile list item**

<img width="618" alt="image"
src="https://github.com/user-attachments/assets/2eb515fe-caea-43da-8e1c-02672825cf84"
/>

**modal to show config profile install status**

<img width="656" alt="image"
src="https://github.com/user-attachments/assets/21b6c483-1d36-40d9-9e5c-a74e7a9fcd50"
/>

**modal to confirm resending profile to failed hosts** 

<img width="666" alt="image"
src="https://github.com/user-attachments/assets/c29d0d24-f6ba-4567-b954-f3908cdfed85"
/>



- [x] Changes file added for user-visible changes in `changes/`,
`orbit/changes/` or `ee/fleetd-chrome/changes`.
- [ ] Added/updated automated tests
- [x] Manual QA for all new/changed functionality
2025-05-09 16:46:09 +01:00
Ian Littman
c06fab3dae
Add spot check on 2024 and 2025 NVD feeds to ensure VulnCheck enrichment (#28952)
For #28857.

# Checklist for submitter

If some of the following don't apply, delete the relevant line.

<!-- Note that API documentation changes are now addressed by the
product design team. -->

- [x] Changes file added for user-visible changes in `changes/`,
`orbit/changes/` or `ee/fleetd-chrome/changes`.
See [Changes
files](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/Committing-Changes.md#changes-files)
for more information.
- [x] Input data is properly validated, `SELECT *` is avoided, SQL
injection is prevented (using placeholders for values in statements)
- [x] Manual QA for all new/changed functionality
2025-05-08 22:13:46 -05:00
Victor Lyuboslavsky
6f9030ee3c
SCIM Entra ID support (#28832)
For #28196

This PR adds full patching for SCIM Users and Groups, and adds the
ability to filter Groups by displayName.

The changes have been tested with [Entra ID SCIM
Validator](67dfd91c0c/docs/Contributing/SCIM-integration.md (entra-id-integration))
and Okta SCIM 2.0 SPEC Test (to make sure we didn't break Okta).

# Checklist for submitter
- [x] Changes file added for user-visible changes in `changes/`,
`orbit/changes/` or `ee/fleetd-chrome/changes`.
- [x] Added/updated automated tests
- [x] A detailed QA plan exists on the associated ticket (if it isn't
there, work with the product group's QA engineer to add it)
- [x] Manual QA for all new/changed functionality
2025-05-08 13:02:49 -05:00
RachelElysia
7a66e37ec4
Fleet UI: Add FMA gitops to FMA details and update activity feed (#27878) 2025-05-08 09:22:55 -04:00
Konstantin Sykulev
a3ae1a6f91
Support for fleet maintained apps in gitops (#28751)
https://github.com/fleetdm/fleet/issues/24469

- [x] Changes file added for user-visible changes in `changes/`,
`orbit/changes/` or `ee/fleetd-chrome/changes`.
See [Changes
files](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/Committing-Changes.md#changes-files)
for more information.
- [x] Input data is properly validated, `SELECT *` is avoided, SQL
injection is prevented (using placeholders for values in statements)
- [x] If paths of existing endpoints are modified without backwards
compatibility, checked the frontend/CLI for any necessary changes
- [x] Added/updated automated tests
- [x] A detailed QA plan exists on the associated ticket (if it isn't
there, work with the product group's QA engineer to add it)
- [x] Manual QA for all new/changed functionality
2025-05-07 18:16:08 -05:00
Martin Angers
48de857dca
BRP: add batch-resend profile to hosts endpoint based on status (#28871) 2025-05-07 16:48:18 -04:00
Luke Heath
c247a2b784
Prepare Fleet v4.67.3 (#28883) 2025-05-06 15:29:34 -05:00
Scott Gress
ee7e085c15
update docs about disk_info table (#28795)
for #26674 

# Checklist for submitter

- [X] Changes file added for user-visible changes in `changes/`,
`orbit/changes/` or `ee/fleetd-chrome/changes`.
See [Changes
files](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/Committing-Changes.md#changes-files)
for more information.

## Details

This PR adds text to the existing `disk_info` notes in the UI,
clarifying that in ChromeOS, the table will only return data about
removable storage media. After researching the issue and trying various
alternatives, my conclusion is that ChromeOS is purposely designed to
make it very difficult to obtain hardware information (including
internal disk space and usage) via extensions. In order to actual do
this reporting, we'd need to integrate the [Chrome Admin
API](https://developers.google.com/workspace/admin/directory/reference/rest/v1/chromeosdevices#ChromeOsDevice)
into Fleet, which requires more design and planning.
2025-05-06 15:28:07 -05:00
Scott Gress
d716265641
Add "generate-gitops" command (#28555)
For #27476

# Checklist for submitter

- [X] Changes file added for user-visible changes in `changes/`,
`orbit/changes/` or `ee/fleetd-chrome/changes`.
See [Changes
files](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/Committing-Changes.md#changes-files)
for more information.
- [X] Input data is properly validated, `SELECT *` is avoided, SQL
injection is prevented (using placeholders for values in statements)

# Details

This PR adds a new command `generate-gitops` to the `fleetctl` tool. The
purpose of this command is to output GitOps-ready files that can then be
used with `fleetctl-gitops`.

The general usage of the command is:

```
fleectl generate-gitops --dir /path/to/dir/to/add/files/to
```

By default, the outputted files will not contain sensitive data, but
will instead add comments where the data needs to be replaced by a user.
In cases where sensitive data is redacted, the tool outputs warnings to
the user indicating which keys need to be updated.

The tool uses existing APIs to gather data for use in generating
configuration files. In some cases new API client methods needed to be
added to support the tool:

* ListConfigurationProfiles
* GetProfileContents
* GetScriptContents
* GetSoftwareTitleByID

Additionally, the response for the /api/latest/fleet/software/batch
endpoint was updated slightly to return `HashSHA256` for the software
installers. This allows policies that automatically install software to
refer to that software by hash.

Other options that we may or may not choose to document at this time:

* `--insecure`: outputs sensitive data in plaintext instead of leaving
comments
* `--print`: prints the output to stdout instead of writing files
* `--key`: outputs the value at a keypath to stdout, e.g. `--key
agent_options.config`
* `--team`: only generates config for the specified team name
* `--force`: overwrites files in the given directory (defaults to false,
which errors if the dir is not empty)

# Technical notes

The command is implemented using a `GenerateGitopsCommand` type which
holds some state (like a list of software and scripts encountered) as
well as a Fleet client instance (which may be a mock instance for tests)
and the CLI context (containing things like flags and output writers).
The actual "action" of the CLI command calls the `Run()` method of the
`GenerateGitopsCommand` var, which delegates most of the work to other
methods like `generateOrgSettings()`, `generateControls()`, etc.

Wherever possible, the subroutines use reflection to translate Go struct
fields into JSON property names. This guarantees that the correct keys
are written to config files, and protects against the unlikely event of
keys changing.

When sensitive data is encountered, the subroutines call `AddComment()`
to get a new token to add to the config files. These tokens are replaced
with comments like `# TODO - Add your enrollment secrets here` in the
final output.

# Known issues / TODOs:

* The `macos_setup` configuration is not output by this tool yet. More
planning is required for this. In the meantime, if the tool detects that
`macos_setup` is configured on the server, it outputs a key with an
invalid value and prints a warning to the user that they'll need to
configure it themselves.
* `yara_rules` are not output yet. The tool adds a warning that if you
have Yara rules (which you can only upload via GitOps right now) that
you'll have to migrate them manually. Supporting this will require a new
API that we'll have to discuss the authz for, so punting on it for now.
* Fleet maintained apps are not supported by GitOps yet (coming in
https://github.com/fleetdm/fleet/issues/24469). In the meantime, this
tool will output a `fleet_maintained_apps` key and trigger a warning,
and GitOps will fail if that key is present.

---------

Co-authored-by: Lucas Manuel Rodriguez <lucas@fleetdm.com>
Co-authored-by: Noah Talerman <47070608+noahtalerman@users.noreply.github.com>
2025-05-06 15:25:44 -05:00
Lucas Manuel Rodriguez
bfe3b186d3
Fix detected CVEs and docker scout exit code to fail the Github Action (#28836)
For #28837.

Fixing this all of this because we got multiple reports from the
community and customers and these were also detected by Amazon
Inspector.

- Fixes CVE-2025-22871 by upgrading Go from 1.24.1 to 1.24.2.
- `docker scout` now fails the daily scheduled action if there are
CRITICAL,HIGH CVEs (we missed setting `exit-code: true`).
- Report CVE-2025-46569 as not affected by it because of our use of
OPA's go package.
- Report CVE-2024-8260 as not affected by it because Fleet doesn't run
on Windows.
- The `security/status.md` shows a lot of changes because we are now
sorting CVEs so that newest come first.

---

- [X] Changes file added for user-visible changes in `changes/`,
`orbit/changes/` or `ee/fleetd-chrome/changes`.
See [Changes
files](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/Committing-Changes.md#changes-files)
for more information.
- [ ] Manual QA for all new/changed functionality
- For Orbit and Fleet Desktop changes:
- [ ] Make sure fleetd is compatible with the latest released version of
Fleet (see [Must
rule](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/fleetd-development-and-release-strategy.md)).
- [ ] Orbit runs on macOS, Linux and Windows. Check if the orbit
feature/bugfix should only apply to one platform (`runtime.GOOS`).
- [ ] Manual QA must be performed in the three main OSs, macOS, Windows
and Linux.
- [ ] Auto-update manual QA, from released version of component to new
version (see [tools/tuf/test](../tools/tuf/test/README.md)).
- [ ] For unreleased bug fixes in a release candidate, confirmed that
the fix is not expected to adversely impact load test results or alerted
the release DRI if additional load testing is needed.
2025-05-06 13:35:27 -03:00
Victor Lyuboslavsky
8ad9da71d6
Only allow distribution packages for bootstrap package (#28787)
For #27700 
When uploading bootstrap package for macOS setup experience, validate
that it is a Distribution package since that is required by Apple's
InstallEnterpriseApplication MDM command.


# Checklist for submitter

- [x] Changes file added for user-visible changes in `changes/`,
`orbit/changes/` or `ee/fleetd-chrome/changes`.
- [x] Added/updated automated tests
- [x] A detailed QA plan exists on the associated ticket (if it isn't
there, work with the product group's QA engineer to add it)
- [x] Manual QA for all new/changed functionality
2025-05-06 11:02:13 -05:00
Tim Lee
14967172a7
Downgrade sotware paths error (#28736) 2025-05-05 14:47:59 -06:00
Luke Heath
c2a6c9febe
Catch up 4.67.2 (#28780) 2025-05-02 15:48:29 -05:00
jacobshandling
722f4a03d8
UI: Premium feature message when viewing GitOps Mode toggle on Fleet Free (#28744)
## For #28743 

<img width="1350" alt="Screenshot 2025-05-01 at 3 19 24 PM"
src="https://github.com/user-attachments/assets/1fb56a1b-ce8c-4e8c-b8b6-be1d23f91380"
/>

- [x] Changes file added for user-visible changes in `changes/`
- [x] Manual QA for all new/changed functionality

---------

Co-authored-by: Jacob Shandling <jacob@fleetdm.com>
2025-05-02 09:34:37 -07:00
jacobshandling
19c2e9197d
UI: Enable Integrations > Advanced save button in GitOps Mode (#28748)
## For #28747 

<img width="639" alt="Screenshot 2025-05-01 at 4 28 22 PM"
src="https://github.com/user-attachments/assets/0808d9fd-8866-4eb1-a84e-bef1efdd6919"
/>

- [x] Changes file added for user-visible changes in `changes/
- [x] Manual QA for all new/changed functionality

---------

Co-authored-by: Jacob Shandling <jacob@fleetdm.com>
2025-05-02 09:32:34 -07:00
jacobshandling
dfa5573469
UI: Allow VPP token upload in GitOps mode (#28746)
## For #27941  


![ezgif-45eb8e193cea86](https://github.com/user-attachments/assets/4dee3f31-e087-4c3c-a101-3c228c5be38b)

- [x] Changes file added for user-visible changes in `changes/
- [x] Manual QA for all new/changed functionality

---------

Co-authored-by: Jacob Shandling <jacob@fleetdm.com>
2025-05-02 09:31:36 -07:00
jacobshandling
dc490c236d
UI: Clean up various states on the Settings page (#28752)
## For #28266 

<img width="1912" alt="Screenshot 2025-05-01 at 9 48 06 PM"
src="https://github.com/user-attachments/assets/f8b66d86-79c5-4166-b328-4befc3bd51f9"
/>
<img width="1912" alt="Screenshot 2025-05-01 at 9 48 44 PM"
src="https://github.com/user-attachments/assets/c7ddf782-4cfe-45a3-b291-86a61d127264"
/>
<img width="1912" alt="Screenshot 2025-05-01 at 9 49 43 PM"
src="https://github.com/user-attachments/assets/354ccdb6-f7f9-41c6-aceb-b08d2c8b76f0"
/>
<img width="1912" alt="Screenshot 2025-05-01 at 9 51 42 PM"
src="https://github.com/user-attachments/assets/d9405f9b-1146-47ea-a18c-8047cbfecffd"
/>

- [x] Changes file added for user-visible changes in `changes/`
- [x] Manual QA for all new/changed functionality

---------

Co-authored-by: Jacob Shandling <jacob@fleetdm.com>
2025-05-02 09:14:30 -07:00
jacobshandling
5c082647bc
UI: Support webhook logging configuration (#28737)
## For #28166 

- Support new webhook logging configuration
- Update and improve types

<img width="420" alt="Screenshot 2025-05-01 at 12 15 25 PM"
src="https://github.com/user-attachments/assets/0e624c6a-3d69-4c9d-a64b-2a27533e6d44"
/>

- [x] Changes file added for user-visible changes in `changes/`
- [x] Manual QA for all new/changed functionality

---------

Co-authored-by: Jacob Shandling <jacob@fleetdm.com>
2025-05-02 09:04:05 -07:00
Jahziel Villasana-Espinoza
db5444d6cd
software categories: backend (#28479)
> For #28138 

# Checklist for submitter

If some of the following don't apply, delete the relevant line.

<!-- Note that API documentation changes are now addressed by the
product design team. -->

- [x] Changes file added for user-visible changes in `changes/`,
`orbit/changes/` or `ee/fleetd-chrome/changes`.
See [Changes
files](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/Committing-Changes.md#changes-files)
for more information.
- [x] Input data is properly validated, `SELECT *` is avoided, SQL
injection is prevented (using placeholders for values in statements)
- [x] If database migrations are included, checked table schema to
confirm autoupdate
- For database migrations:
- [x] Ensured the correct collation is explicitly set for character
columns (`COLLATE utf8mb4_unicode_ci`).
- [x] Added/updated automated tests
- [x] A detailed QA plan exists on the associated ticket (if it isn't
there, work with the product group's QA engineer to add it)
- [x] Manual QA for all new/changed functionality

---------

Co-authored-by: Ian Littman <iansltx@gmail.com>
2025-05-02 11:41:26 -04:00
RachelElysia
12a14ea2a9
Fleet UI: Surface policy count triggering automatic installations (#28726) 2025-05-02 11:01:26 -04:00
RachelElysia
e5f56fc9fa
Fleet UI: VPP apps with self service shows correct install status (#28739) 2025-05-02 10:41:06 -04:00
RachelElysia
c68de7c953
Fleet UI: Upload and install tarball archives (#27839) 2025-05-02 10:17:09 -04:00
Dante Catalfamo
98e92aa9b4
Webhook logging destination (#28692)
#27445
2025-05-01 16:13:04 -04:00
jacobshandling
1f1ef3f8ef
Update Google Calendar event bodies and relevant previews in the Fleet UI (#28715)
## For #27458 

- Update Calendar events modal:
  - not-configured preview image
  - preview modal
- Update Google calendar event body

### In Google Calendar:
<img width="453" alt="Screenshot 2025-04-29 at 3 48 38 PM"
src="https://github.com/user-attachments/assets/6f7a7486-ab8d-448c-8e12-3ab9ac32b5ac"
/>

### In Fleet UI:
<img width="736" alt="Screenshot 2025-04-30 at 4 03 28 PM"
src="https://github.com/user-attachments/assets/5850f062-3ae9-4523-9c02-e2c52c3586c0"
/>


<img width="736" alt="Screenshot 2025-04-30 at 4 04 57 PM"
src="https://github.com/user-attachments/assets/6f6104a1-b3e7-4d40-8af0-5c264f93f2dc"
/>


- [x] Changes file added for user-visible changes in `changes/`, 
- [x] A detailed QA plan exists on the associated ticket (if it isn't
there, work with the product group's QA engineer to add it)
- [x] Manual QA for all new/changed functionality

---------

Co-authored-by: Jacob Shandling <jacob@fleetdm.com>
2025-05-01 13:12:53 -07:00
Dante Catalfamo
1815440a93
Add query IDs to query automation logs (#28570)
#27436

The `query_id` field is only added for responses where we have the query
in the database, to prevent unnecessary remarshaling during ingestion.
2025-05-01 15:21:30 -04:00
jacobshandling
9ab0eb2acd
UI: Update conditional access on a per-policy basis (#28658)
## For #28049 , #28610

- **Implement front end ability to enable or disable conditional access
on a per-policy basis**
- **Update policy status UI to include new "action required" state,
representing a failed policy on a host with conditional access enabled**
- Additional improvements

<img width="1624" alt="Screenshot 2025-04-29 at 1 32 33 PM"
src="https://github.com/user-attachments/assets/960b3348-b0e2-48b8-bcff-28f91f64fd01"
/>

<img width="1624" alt="Screenshot 2025-04-29 at 12 15 39 PM"
src="https://github.com/user-attachments/assets/b0e0cf1f-a693-4e0b-b18a-a44ee258975f"
/>

<img width="1624" alt="Screenshot 2025-04-29 at 12 15 49 PM"
src="https://github.com/user-attachments/assets/15f7bea1-7338-4997-93bf-8baeb308e3f0"
/>

<img width="1400" alt="updated policies table headers"
src="https://github.com/user-attachments/assets/164fd84a-a9ee-4dfe-8d73-b4e82e27edbc"
/>

- [x] Changes file added for user-visible changes in `changes/`
- [ ] Added/updated automated tests
- [x] A detailed QA plan exists on the associated ticket (if it isn't
there, work with the product group's QA engineer to add it)
- [x] Manual QA for all new/changed functionality

---------

Co-authored-by: Jacob Shandling <jacob@fleetdm.com>
2025-05-01 11:43:38 -07:00
Jordan Montgomery
87d05b3ed8
Display host certificate decimal serials in addition to hex for smaller values to match keychain (#28732)
For #27007 

# Checklist for submitter

If some of the following don't apply, delete the relevant line.

<!-- Note that API documentation changes are now addressed by the
product design team. -->

- [x] Changes file added for user-visible changes in `changes/`,
`orbit/changes/` or `ee/fleetd-chrome/changes`.
See [Changes
files](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/Committing-Changes.md#changes-files)
for more information.
- [x] Input data is properly validated, `SELECT *` is avoided, SQL
injection is prevented (using placeholders for values in statements)
- [x] A detailed QA plan exists on the associated ticket (if it isn't
there, work with the product group's QA engineer to add it)
- [x] Manual QA for all new/changed functionality
2025-05-01 14:29:11 -04:00
Victor Lyuboslavsky
d0d65b6dec
NDES cert renewal (#28712)
For #24880 

This includes a logic to gather the expiration date of managed NDES
certs and renewal of these certs. This PR includes some validation logic
(needed to not interfere with custom SCEP validation). The rest of
validation will be implemented as part of #24878

# Checklist for submitter
- [x] Changes file added for user-visible changes in `changes/`,
`orbit/changes/` or `ee/fleetd-chrome/changes`.
- [x] Added/updated automated tests
- [x] A detailed QA plan exists on the associated ticket (if it isn't
there, work with the product group's QA engineer to add it)
- [x] Manual QA for all new/changed functionality
2025-05-01 12:16:45 -05:00
jacobshandling
2beed5a2ec
UI: Fix live policy response percentage rounding (#28719)
## For #27052 

- Use `round` instead of `ceil` and `floor`

<img width="144" alt="Screenshot 2025-04-30 at 10 20 09 PM"
src="https://github.com/user-attachments/assets/48a64558-6aca-4cd0-be9e-a526f9e6219d"
/>


- [x] Changes file added for user-visible changes in `changes/`
- [x] Manual QA for all new/changed functionality

---------

Co-authored-by: Jacob Shandling <jacob@fleetdm.com>
2025-05-01 10:03:23 -07:00
Jordan Montgomery
e514fc4881
Custom SCEP renewal (#28616)
For https://github.com/fleetdm/fleet/issues/27984

# Checklist for submitter

If some of the following don't apply, delete the relevant line.

<!-- Note that API documentation changes are now addressed by the
product design team. -->

- [x] Changes file added for user-visible changes in `changes/`,
`orbit/changes/` or `ee/fleetd-chrome/changes`.
See [Changes
files](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/Committing-Changes.md#changes-files)
for more information.
- [x] Input data is properly validated, `SELECT *` is avoided, SQL
injection is prevented (using placeholders for values in statements)
- [x] If paths of existing endpoints are modified without backwards
compatibility, checked the frontend/CLI for any necessary changes
- [x] Added/updated automated tests
- [x] A detailed QA plan exists on the associated ticket (if it isn't
there, work with the product group's QA engineer to add it)
- [x] Manual QA for all new/changed functionality
2025-04-30 15:31:45 -04:00
Dante Catalfamo
1ab7bdc923
Bulk script execution backend (#28299)
#28158
2025-04-30 12:54:46 -04:00
Ian Littman
2febdbaee8
Fix broken installer PATCH (always failing with "missing install script" error) on EXEs (#28670)
For #28543

# Checklist for submitter

If some of the following don't apply, delete the relevant line.

<!-- Note that API documentation changes are now addressed by the
product design team. -->

- [x] Changes file added for user-visible changes in `changes/`,
`orbit/changes/` or `ee/fleetd-chrome/changes`.
See [Changes
files](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/Committing-Changes.md#changes-files)
for more information.
- [x] Input data is properly validated, `SELECT *` is avoided, SQL
injection is prevented (using placeholders for values in statements)
- [x] Added/updated automated tests
- [x] A detailed QA plan exists on the associated ticket (if it isn't
there, work with the product group's QA engineer to add it)
- [x] Manual QA for all new/changed functionality
2025-04-29 17:53:52 -05:00
Victor Lyuboslavsky
27b6174543
Fixed fleetctl gitops issue where creating a new team containing VPP apps caused an error. (#28624)
For #26114 

# Checklist for submitter
- [x] Changes file added for user-visible changes in `changes/`,
`orbit/changes/` or `ee/fleetd-chrome/changes`.
- [x] Added/updated automated tests
- [x] Manual QA for all new/changed functionality
2025-04-29 16:28:25 -05:00
Juan Fernandez
0e35aa85c0
Exclude certain sections from var interpolation when running gitops cmd (#28625)
Fixes #27477 

When running the gitops command do not perform variable interpolation inside the 'description' nor the 'resolution' sections.
2025-04-29 15:09:25 -04:00
Scott Gress
4b5f8de637
Add syntax highlighting support for shell and powershell scripts (#28417)
# Checklist for submitter

If some of the following don't apply, delete the relevant line.

<!-- Note that API documentation changes are now addressed by the
product design team. -->

- [X] Changes file added for user-visible changes in `changes/`,
`orbit/changes/` or `ee/fleetd-chrome/changes`.
See [Changes
files](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/Committing-Changes.md#changes-files)
for more information.

# Details

This PR adds syntax highlighting for shell scripts and Powershell
scripts. It switches highlighting mode based on the extension of the
file.

**Shell:**
<img width="775" alt="image"
src="https://github.com/user-attachments/assets/712ef7db-cf33-4bd7-b620-e4b55225ecf5"
/>

**Powershell:**
<img width="773" alt="image"
src="https://github.com/user-attachments/assets/8a9fedb8-d8e3-4285-9ae6-d6f17c760e52"
/>
2025-04-29 10:24:05 -05:00
Sarah Gillespie
9e535425cd
Handle wide logos in MDM setup experience and migration dialog on Apple devices (#28539) 2025-04-29 09:39:28 -05:00
Gabriel Hernandez
789b56000f
Add UI for enabling manual agent install of a bootstrap package (#28550)
For #[26070](https://github.com/fleetdm/fleet/issues/26070)

This adds the UI for enabling a manual agent install for a bootstrap
package. This includes:

**The new form option for enabling manual agent install of a bootstrap
package**


![image](https://github.com/user-attachments/assets/5d271136-e41b-4c03-bbd8-09450ded82dc)

**disabling adding install software and run script options when user has
enabled manual agent install**


![image](https://github.com/user-attachments/assets/24e3ce6e-8c8f-4987-91e6-8f3fa721d67b)


![image](https://github.com/user-attachments/assets/41be4090-b97f-4ffb-ad76-001232ccd434)


**improvements to the setup experience content styling. I've created a
`SetupExperienceContentContainer` component to centralise the styles for
the content of these sub sections.**

**updates to the preview sections copy and replacing the gifs with
videos**

- [x] Changes file added for user-visible changes in `changes/`,
`orbit/changes/` or `ee/fleetd-chrome/changes`.
- [ ] Added/updated automated tests
- [x] Manual QA for all new/changed functionality

---------

Co-authored-by: Sarah Gillespie <73313222+gillespi314@users.noreply.github.com>
2025-04-29 15:29:21 +01:00
Ian Littman
174322e89d
Add temporary index during migration to update host software installed paths more quickly (#28627)
Found while migration testing ahead of cloud environment migrations.
Speedup is on the order of 75x.

- [x] Changes file added for user-visible changes in `changes/`,
`orbit/changes/` or `ee/fleetd-chrome/changes`.
See [Changes
files](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/Committing-Changes.md#changes-files)
for more information.
- [x] Input data is properly validated, `SELECT *` is avoided, SQL
injection is prevented (using placeholders for values in statements)
- [x] If database migrations are included, checked table schema to
confirm autoupdate
- For database migrations:
- [x] Checked schema for all modified table for columns that will
auto-update timestamps during migration.
- [x] Confirmed that updating the timestamps is acceptable, and will not
cause unwanted side effects.
- [x] Ensured the correct collation is explicitly set for character
columns (`COLLATE utf8mb4_unicode_ci`).
- [x] Manual QA for all new/changed functionality
2025-04-28 20:38:40 -05:00
jacobshandling
85e826a094
UI: Add ability to run scripts on batches of hosts (#28563)
## For #28159 

- Implement UI capability to run scripts on batches of hosts at a time
  - Add new hosts table `Run script` primary action, triggers
- new `RunScriptBatch` modal, allows running scripts on the selected
batch of hosts
- new `RunScriptBatchPaginatedList`, handles logic specific to this
modal, and utilizes the now more flexible `PaginatedList` component
- Widen capabilities of `PaginatedList` component to elegantly handle
more diverse applications, including this one
- Widen capabilities of `ScriptDetailsModal` component to elegantly
handle more diverse applications, including this one
- Streamline updating `state`s on manage hosts page
- Clearer, more concise naming

- [x] Changes file added for user-visible changes in `changes/`
- [x] A detailed QA plan exists on the associated ticket (if it isn't
there, work with the product group's QA engineer to add it)
- [x] Manual QA for all new/changed functionality

---------

Co-authored-by: Jacob Shandling <jacob@fleetdm.com>
2025-04-28 16:32:41 -07:00
RachelElysia
3b42be5571
Fleet UI: Device user/Host details page layout changing including split out host header and summary card (#28598) 2025-04-28 13:00:13 -04:00
Gabriel Hernandez
9ec9995560
add truncation and tooltip to host details host with long name (#28547)
For [#27198](https://github.com/fleetdm/fleet/issues/27198)

Adds truncation and conditional tooltip to the host name on the host
details page.

- [x] Changes file added for user-visible changes in `changes/`,
`orbit/changes/` or `ee/fleetd-chrome/changes`.
- [x] Manual QA for all new/changed functionality
2025-04-28 17:09:42 +01:00
Ian Littman
37adfd4535
Fix software naming migration duplicate software collection query, add host software installed path remapping to migration to avoid orphaned paths (#28601)
For #28586.

Originally hotfixed into 4.67.2 in #28588. Merging back into `main`
here.
2025-04-28 09:52:57 -05:00
Ian Littman
c4e8197e61
Revert to first-in-wins on names in the software table (#28581)
For #28565. Merged into 4.67.0 via #28569. This lets us cleanly evaluate
where we stand and fix forward on top of what's already (about to be)
out in the wild.

Co-authored-by: Jahziel Villasana-Espinoza <jahziel@fleetdm.com>
2025-04-25 18:56:47 -05:00
Gabriel Hernandez
8a33a07cb1
Add keyboard accessibility controls to the activity items on host details and dashboard pages (#28433)
For [#26505](https://github.com/fleetdm/fleet/issues/26505)

This adds keyboard a11y controls to the activity items. We use a button
element for the clickable area around a button as this gives us all the
default keyboard control functionality out of the box.

https://www.loom.com/share/311d684c5df145d1b32b83c8c0285133

- [x] Changes file added for user-visible changes in `changes/`,
`orbit/changes/` or `ee/fleetd-chrome/changes`.
See [Changes
files](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/Committing-Changes.md#changes-files)
for more information.
- [x] Manual QA for all new/changed functionality
2025-04-25 10:21:56 +01:00
Luke Heath
7a20a24cbe
Adding changes for Fleet v4.67.0 (#28129) 2025-04-24 16:05:58 -05:00
Victor Lyuboslavsky
510a9bbc44
Added macos_setup.manual_agent_install to global/team config (#28419)
For #26071 and #26089

Added `macos_setup.manual_agent_install` boolean option. No validation
(pushed to another story due to complications caused by bug #28497)

Tests are failing due to vulnerability issues that are not related to
this feature. All tests were passing earlier.

# Checklist for submitter

- [x] Changes file added for user-visible changes in `changes/`,
`orbit/changes/` or `ee/fleetd-chrome/changes`.
- [x] Added/updated automated tests
- [x] A detailed QA plan exists on the associated ticket (if it isn't
there, work with the product group's QA engineer to add it)
- [x] Manual QA for all new/changed functionality
2025-04-24 15:18:01 -05:00
Ian Littman
49c49c7433
Implement self-service install status endpoints (#28424)
For #28411.

# Checklist for submitter

If some of the following don't apply, delete the relevant line.

<!-- Note that API documentation changes are now addressed by the
product design team. -->

- [x] Changes file added for user-visible changes in `changes/`,
`orbit/changes/` or `ee/fleetd-chrome/changes`.
See [Changes
files](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/Committing-Changes.md#changes-files)
for more information.
- [x] Input data is properly validated, `SELECT *` is avoided, SQL
injection is prevented (using placeholders for values in statements)
- [x] Added/updated automated tests
- [x] A detailed QA plan exists on the associated ticket (if it isn't
there, work with the product group's QA engineer to add it)
- [x] Manual QA for all new/changed functionality
2025-04-24 12:20:21 -05:00
Scott Gress
5c9afd3508
Add hash_sha256 field to "List Software Titles" API response (#28447)
# Checklist for submitter

If some of the following don't apply, delete the relevant line.

<!-- Note that API documentation changes are now addressed by the
product design team. -->

- [X] Changes file added for user-visible changes in `changes/`,
`orbit/changes/` or `ee/fleetd-chrome/changes`.
See [Changes
files](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/Committing-Changes.md#changes-files)
for more information.
- [X] Input data is properly validated, `SELECT *` is avoided, SQL
injection is prevented (using placeholders for values in statements)

# Details

To facilitate using the work of
[#23497](https://github.com/fleetdm/fleet/issues/23497) in the new
fleetctl generate-gitops command, we need to be able to retrieve the
hash values of the current software installers for a team. This PR adds
a new `hash_sha256` field to the response for the GET /software/titles
API in order to do that.

# Testing

Updated an existing automated test to check for the presence of the new
field when expected. Other tests still pass without it, as it's omitted
when the underlying `storage_id` db column is null 👍

I verified that the API response is as expected in Fleet:
<img width="361" alt="image"
src="https://github.com/user-attachments/assets/498b0a95-f35c-4ff5-8831-e4c5c68e5f94"
/>

# Docs

See https://github.com/fleetdm/fleet/pull/28453
2025-04-24 12:08:59 -05:00
Dante Catalfamo
4934aee8fb
Add To: header when constructing emails (#28507)
#28032
2025-04-24 09:00:35 -04:00
Jordan Montgomery
862739292e
Renewal of DigiCert certificates on macOS (#28449)
Adds renewal of Digicert certificates:
https://github.com/fleetdm/fleet/issues/26553 . Does not attempt to
renew custom SCEP or NDES. Also we aren't actually calling the DigiCert
renewal endpoint at this time because we don't believe we need to and we
can't necessarily do that as we weren't previously storing the serial
number however this change adds storage of the serial number.


# Checklist for submitter

If some of the following don't apply, delete the relevant line.

<!-- Note that API documentation changes are now addressed by the
product design team. -->

- [x] Changes file added for user-visible changes in `changes/`,
`orbit/changes/` or `ee/fleetd-chrome/changes`.
See [Changes
files](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/Committing-Changes.md#changes-files)
for more information.
- [x] Input data is properly validated, `SELECT *` is avoided, SQL
injection is prevented (using placeholders for values in statements)
- [x] If database migrations are included, checked table schema to
confirm autoupdate
- For database migrations:
- [x] Checked schema for all modified table for columns that will
auto-update timestamps during migration.
- [x] Confirmed that updating the timestamps is acceptable, and will not
cause unwanted side effects.
- [x] Ensured the correct collation is explicitly set for character
columns (`COLLATE utf8mb4_unicode_ci`).
- [x] Added/updated automated tests
- [x] A detailed QA plan exists on the associated ticket (if it isn't
there, work with the product group's QA engineer to add it)
2025-04-24 08:35:15 -04:00
Victor Lyuboslavsky
94aa81e42d
Removing Apple MDM profile validation checks for some com.apple.MCX keys (#28498)
For #28343 

Connects to #28343

Removing Apple MDM profile validation checks for com.apple.MCX keys
(dontAllowFDEDisable and dontAllowFDEEnable) due to customer feedback.

# Checklist for submitter

- [x] Changes file added for user-visible changes in `changes/`,
`orbit/changes/` or `ee/fleetd-chrome/changes`.
- [x] Added/updated automated tests
- [x] Manual QA for all new/changed functionality
2025-04-23 14:06:17 -05:00
Jordan Montgomery
97d261968b
Clear host_mdm table row when existing Windows hosts enroll as a different OS (#28463)
For https://github.com/fleetdm/fleet/issues/27501 . We wanted the fix to
be as simple and targeted as possible so I made it only happen when an
existing Windows host enrolls as a different OS.

# Checklist for submitter

If some of the following don't apply, delete the relevant line.

<!-- Note that API documentation changes are now addressed by the
product design team. -->

- [x] Changes file added for user-visible changes in `changes/`,
`orbit/changes/` or `ee/fleetd-chrome/changes`.
See [Changes
files](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/Committing-Changes.md#changes-files)
for more information.
- [x] Input data is properly validated, `SELECT *` is avoided, SQL
injection is prevented (using placeholders for values in statements)
- [x] Added/updated automated tests
- [x] A detailed QA plan exists on the associated ticket (if it isn't
there, work with the product group's QA engineer to add it)
- [x] Manual QA for all new/changed functionality
2025-04-23 08:53:24 -04:00
Gabriel Hernandez
de0b046453
remove no team gitops setting when no-team.yml is not supplied (#28082)
For #26148

remove gitops settings when deleting no-team.yml from the gitops repo.


- [x] Changes file added for user-visible changes in `changes/`,
`orbit/changes/` or `ee/fleetd-chrome/changes`.
- [x] Added/updated automated tests
- [x] Manual QA for all new/changed functionality
2025-04-22 16:40:17 +01:00
Martin Angers
bb9a3790a2
IdP vars: Populate IdP fleet variables in macOS configuration profiles (#28291) 2025-04-22 09:09:00 -04:00
Jahziel Villasana-Espinoza
abd01f2428
enable specifying installers by SHA256 in gitops (#28349)
> For #23497

# Checklist for submitter

If some of the following don't apply, delete the relevant line.

<!-- Note that API documentation changes are now addressed by the
product design team. -->

- [x] Changes file added for user-visible changes in `changes/`,
`orbit/changes/` or `ee/fleetd-chrome/changes`.
See [Changes
files](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/Committing-Changes.md#changes-files)
for more information.
- [x] Input data is properly validated, `SELECT *` is avoided, SQL
injection is prevented (using placeholders for values in statements)
- [x] Added/updated automated tests
- [x] A detailed QA plan exists on the associated ticket (if it isn't
there, work with the product group's QA engineer to add it)
- [x] Manual QA for all new/changed functionality
2025-04-18 16:41:41 -04:00
Sarah Gillespie
fc3381a8a9
Fix CleanupExpiredHosts to prevent deletion of DEP-assigned hosts (#28313) 2025-04-18 12:49:03 -05:00
Victor Lyuboslavsky
162f974a67
Log invalid SOAP message and return 400 (#28340)
For #28240

# Checklist for submitter

- [x] Changes file added for user-visible changes in `changes/`,
`orbit/changes/` or `ee/fleetd-chrome/changes`.
- [x] Manual QA for all new/changed functionality
2025-04-18 11:13:30 -05:00
Jordan Montgomery
de7ce439ec
Update WLAN XML profile verification so they aren't resent (#28296)
Fixes https://github.com/fleetdm/fleet/issues/24394 by adding new
verification logic to detect and verify these profiles. We only verify a
subset of the properties because there are certain settings such as the
Authentication which Windows seems to upgrade in circumstances where it
can(e.g. WPA2 specified but interface + router supports WPA3 results in
WPA3 on the client and there are likely other similar scenarios). After
discussion with design team we've decided the limited verification is
better than what we had before and a good solution for now.

I know this is extremely heavy on comments but the behavior is strange
and non obvious.

Also see latest comment on the issue for some testing discussion:
https://github.com/fleetdm/fleet/issues/24394#issuecomment-2810261844

# Checklist for submitter

If some of the following don't apply, delete the relevant line.

<!-- Note that API documentation changes are now addressed by the
product design team. -->

- [x] Changes file added for user-visible changes in `changes/`,
`orbit/changes/` or `ee/fleetd-chrome/changes`.
See [Changes
files](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/Committing-Changes.md#changes-files)
for more information.
- [x] Added/updated automated tests
- [x] A detailed QA plan exists on the associated ticket (if it isn't
there, work with the product group's QA engineer to add it)
- [x] Manual QA for all new/changed functionality
2025-04-18 08:45:18 -04:00
Scott Gress
47ac964768
Don't validate software/profile labels in dry run mode (#28201)
For #28154

This PR fixes a bug where GitOps dry runs would fail when software
installers or profiles referenced labels that were created in the same
run. The issue is that GitOps utilizes the real APIs for batch
software/profile creation for validation, sending a `dryRun` flag to
prevent those APIs from actually writing data. In dry run mode, no
labels are actually created, so validation checks for "don't use labels
that don't exist" will always fail when new labels are referenced.
Recent updates to GitOps have given it the ability to validate the
labels itself, removing the need to use the API for this check.

I added a new test for this in the mdm profiles tests. The test suite
for software installers is a little more challenging to update for this
case, and since it's not a happy path test I'm not prioritizing it, but
will try to add one time permitting.
2025-04-17 08:39:24 -05:00
RachelElysia
3cf9202e39
Fleet UI: Added hover cursors to checkbox and radio components (#28113) 2025-04-16 13:29:08 -04:00
Dante Catalfamo
f59713b7ce
Removed indicator for background LUKS validation (#28218)
#25700
2025-04-16 12:25:41 -04:00
Scott Gress
183d0d8150
Update SQL parser to handle more modern syntax (#28211)
For #26366

# Checklist for submitter

- [X] Changes file added for user-visible changes in `changes/`,
`orbit/changes/` or `ee/fleetd-chrome/changes`.
See [Changes
files](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/Committing-Changes.md#changes-files)
for more information.

# Details

This PR fixes an issue where the SQL parser in the UI doesn't recognize
window functions like `OVER()` and marks the SQL as having syntax
errors. The fix here is to update to a more modern parsing library. This
involved updating some AST-parsing code we have for determining which
tables are used in a query, for the purposes of feeding autocomplete and
determining query compatibility.

# Testing

I tested this with the query mentioned in #26366 in Chrome, Firefox and
Safari on MacOS. I also added new unit tests for our SQL helper
functions.

# Notes

During testing I discovered that we were bundling two versions of the
ACE editor into our frontend package. By upgrading one version by a
couple of patches to make the two dependencies equal, we chop out ~300k
from our bundle.
2025-04-16 10:10:52 -05:00
Scott Gress
dc3edfb3c7
Fx query page clearing selection after load (#28228)
# Checklist for submitter

- [X] Changes file added for user-visible changes in `changes/`,
`orbit/changes/` or `ee/fleetd-chrome/changes`.
See [Changes
files](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/Committing-Changes.md#changes-files)
for more information.

# Details

This PR fixes an issue where any selection made in the table on the
Manage Queries page would be cleared a few seconds after the page
loaded. The issue was due to a re-render happening after the `staleTime`
period elapsed, coupled with an array that was being re-created on every
render.
2025-04-16 10:10:21 -05:00
Gabriel Hernandez
97d0611b92
Fix host upcoming activites showing wrong created at date in tooltip (#28242)
For #27775

fixes an issue where the host upcoming activities were showing the
incorrect created at dates in the tooltip.

<!-- Note that API documentation changes are now addressed by the
product design team. -->

- [x] Changes file added for user-visible changes in `changes/`,
`orbit/changes/` or `ee/fleetd-chrome/changes`.
- [x] Manual QA for all new/changed functionality
2025-04-16 10:17:48 +01:00
jacobshandling
f58519914b
UI: Conditional access - Microsoft Entra (#27982)
_Note - currently feature flagged. Build frontend with
`ALLOW_CONDITIONAL_ACCESS=true NODE_ENV=development yarn run webpack
--progress --watch` to enable this feature. Also, all of this
functionality depends on the new `config.license.managed_cloud` being
true, so you'll need to mock that data somehow. [This
branch](https://github.com/fleetdm/fleet/tree/27043-fake-data) has the
appropriate fake data for testing_

## For #27043, #27864

### Build front end for Fleet's integration with Microsoft Entra,
allowing conditional preventtion of single sign-on for hosts failing any
policies on a team

#### Trigger the integration

![trigger](https://github.com/user-attachments/assets/4578568a-f64a-4390-83d9-fbec751d4b14)

#### Triggered, but configuration still not verified
<img width="1348" alt="√ not-verified-return-to-prefilled-form"
src="https://github.com/user-attachments/assets/44d0c21f-2554-40a8-9158-d1107cff2d09"
/>

#### Verified, short and long tenant ids:

![ezgif-75f82492180d28](https://github.com/user-attachments/assets/015f3605-81e8-463a-be74-07bab99d9724)

#### Verified –> Deleted
![√ verified - delete -
deleted](https://github.com/user-attachments/assets/44b8ba70-49c9-43e7-be54-8474756a5b50)

#### Enable for policies of a team
![√
enable-for-team](https://github.com/user-attachments/assets/9454b0da-059d-4991-a3ff-14e74257a3a7)

#### Activities
<img width="886" alt="√ activities"
src="https://github.com/user-attachments/assets/d21e6185-c2f2-40b2-9c69-9b92fab58766"
/>

#### Unavailable for self-hosted Fleet instances:

![no-access-self-hosted](https://github.com/user-attachments/assets/56213522-b721-472f-9174-c8dac0df61f3)

#### Premium only
![√
premium-only](https://github.com/user-attachments/assets/97373960-6b38-458b-be37-4c3868469182)


- [x] Changes file added for user-visible changes in `changes/`
- [x] Added/updated automated tests
- [x] A detailed QA plan exists on the associated ticket (if it isn't
there, work with the product group's QA engineer to add it)
- [ ] Manual QA for all new/changed functionality

---------

Co-authored-by: Jacob Shandling <jacob@fleetdm.com>
2025-04-15 13:55:07 -07:00
Sarah Gillespie
1758641677
Update API message for Windows MDM not configured error (#28247) 2025-04-15 13:52:17 -05:00
Sharon Katz
85f0638f4f
Add statistic to measure ABM pending hosts (#28226)
Co-authored-by: Lucas Manuel Rodriguez <lucas@fleetdm.com>
2025-04-15 11:30:07 -04:00
Lucas Manuel Rodriguez
0f06ecb8f4
Update changelog for fleetd 1.41.0 release (#28206) 2025-04-15 11:45:45 -03:00
Jahziel Villasana-Espinoza
fa8c087abf
fix: change how macOS software names are calculated to avoid erroneous duplicates (#28037)
> For #24087 

# Checklist for submitter

If some of the following don't apply, delete the relevant line.

<!-- Note that API documentation changes are now addressed by the
product design team. -->

- [x] Changes file added for user-visible changes in `changes/`,
`orbit/changes/` or `ee/fleetd-chrome/changes`.
See [Changes
files](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/Committing-Changes.md#changes-files)
for more information.
- [x] Input data is properly validated, `SELECT *` is avoided, SQL
injection is prevented (using placeholders for values in statements)
- [x] Added support on fleet's osquery simulator `cmd/osquery-perf` for
new osquery data ingestion features.
- [x] If database migrations are included, checked table schema to
confirm autoupdate
- For database migrations:
- [x] Checked schema for all modified table for columns that will
auto-update timestamps during migration.
- [x] Ensured the correct collation is explicitly set for character
columns (`COLLATE utf8mb4_unicode_ci`).
- [x] Added/updated automated tests
- [x] A detailed QA plan exists on the associated ticket (if it isn't
there, work with the product group's QA engineer to add it)
- [x] Manual QA for all new/changed functionality
2025-04-11 19:19:07 -04:00
Dante Catalfamo
94f6127edc
Orbit for Windows ARM64 (#27882)
#27275 and #27274

- [x] Changes file added for user-visible changes in `changes/`,
`orbit/changes/` or `ee/fleetd-chrome/changes`.
See [Changes
files](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/Committing-Changes.md#changes-files)
for more information.
- [x] Added/updated automated tests
- [x] Manual QA for all new/changed functionality
- For Orbit and Fleet Desktop changes:
- [x] Make sure fleetd is compatible with the latest released version of
Fleet (see [Must
rule](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/fleetd-development-and-release-strategy.md)).
- [x] Orbit runs on macOS, Linux and Windows. Check if the orbit
feature/bugfix should only apply to one platform (`runtime.GOOS`).
- [x] Auto-update manual QA, from released version of component to new
version (see [tools/tuf/test](../tools/tuf/test/README.md)).

---------

Co-authored-by: Lucas Rodriguez <lucas@fleetdm.com>
2025-04-11 10:18:28 -04:00
Konstantin Sykulev
82c0491b51
Refactoring ListHostSoftware (#27490)
# Checklist for submitter

https://github.com/fleetdm/fleet/issues/27003

If some of the following don't apply, delete the relevant line.

<!-- Note that API documentation changes are now addressed by the
product design team. -->

- [x] Changes file added for user-visible changes in `changes/`,
`orbit/changes/` or `ee/fleetd-chrome/changes`.
See [Changes
files](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/Committing-Changes.md#changes-files)
for more information.
- [x] Input data is properly validated, `SELECT *` is avoided, SQL
injection is prevented (using placeholders for values in statements)
- [x] Added/updated automated tests
- [ ] A detailed QA plan exists on the associated ticket (if it isn't
there, work with the product group's QA engineer to add it)
- [x] Manual QA for all new/changed functionality

---------

Co-authored-by: Ian Littman <iansltx@gmail.com>
2025-04-10 17:29:15 -05:00
Jordan Montgomery
7426919237
Add timeout for tray app startup (#28097)
Fixes https://github.com/fleetdm/fleet/issues/27419 by adding a timeout
so the tray app gets restarted if initialization hangs up. One reason we
know of that it can hang up seems to be a strange bug where Windows
Explorer, early in the initialization process, returns an "unspecified
error" when attempting to initialize the tray app but there could be
other reasons. In these cases if the tray never gets the onReady
callback, killing it seems to be a good way to get it to restart, retry
initialization and hopefully succeed(in my testing this works great).

# Checklist for submitter

If some of the following don't apply, delete the relevant line.

<!-- Note that API documentation changes are now addressed by the
product design team. -->

- [x] Changes file added for user-visible changes in `changes/`,
`orbit/changes/` or `ee/fleetd-chrome/changes`.
See [Changes
files](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/Committing-Changes.md#changes-files)
for more information.
- For Orbit and Fleet Desktop changes:
- [x] Make sure fleetd is compatible with the latest released version of
Fleet (see [Must
rule](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/fleetd-development-and-release-strategy.md)).
- [x] Orbit runs on macOS, Linux and Windows. Check if the orbit
feature/bugfix should only apply to one platform (`runtime.GOOS`).
- [ ] Manual QA must be performed in the three main OSs, macOS, Windows
and Linux.
- [ ] Auto-update manual QA, from released version of component to new
version (see [tools/tuf/test](../tools/tuf/test/README.md)).


For testing this under the customer-reported Autopilot scenario,
assuming you already have the basic Autopilot flow working with the QA
fleet server, you'll want to use a locally generated MSI installer
package from a local TUF repo and you'll want to point
FLEET_DEV_DOWNLOAD_FLEETDM_URL at that installer package. I did the
following to do that using the local QA fleet server since it is setup
for autopilot:

1. Setup one ngrok URL for TUF pointed at localhost:8081
2. Setup another ngrok URL for installers pointed at localhost:8085
3. (note this will spin up the TUF fileserver)
```
#!/bin/bash
set -e
SYSTEMS="windows" \
MSI_FLEET_URL=https://qa.fleetdm.com \
MSI_TUF_URL=https://[ngrok pointed at localhost:8081] \
GENERATE_MSI=1 \
ENROLL_SECRET=[enroll secret] \
FLEET_DESKTOP=1 \
TUF_PORT=8081 \
DEBUG=1 \
./tools/tuf/test/main.sh
```

Then to serve the installers

```
mkdir -p tmp/fleetd-base-dir/stable
cp fleet-osquery.msi tmp/fleetd-base-dir/stable/fleetd-base.msi
sha256sum tmp/fleetd-base-dir/stable/fleetd-base.msi
```

then create a meta.json containing the following under
tmp/fleetd-base-dir/stable:
```
{
  "fleetd_base_msi_url": "[your localhost:8085 ngrok URL]/stable/fleetd-base.msi",
  "fleetd_base_msi_sha256": "[the sha 256 sum]"
}
```

Then
go run ./tools/file-server 8085 ./tmp/fleetd-base-dir

Then update FLEET_DEV_DOWNLOAD_FLEETDM_URL on the QA server to point to
the ngrok URL pointing to localhost:8085
2025-04-10 17:19:53 -04:00
jacobshandling
bc6dc21ac9
Add host id to fleet enrolled activity (#28068)
## For #26695 

<img width="1795" alt="Screenshot 2025-04-09 at 7 25 25 PM"
src="https://github.com/user-attachments/assets/edeb5c51-9643-4fe0-8171-0400f513373f"
/>


- [x] Changes file added for user-visible changes in `changes/`
- [x] Added/updated automated tests
- [x] A detailed QA plan exists on the associated ticket (if it isn't
there, work with the product group's QA engineer to add it)
- [x] Manual QA for all new/changed functionality

---------

Co-authored-by: Jacob Shandling <jacob@fleetdm.com>
2025-04-10 13:50:14 -07:00
RachelElysia
00c3611712
Fleet UI: Table improvements (tooltips, tab-ability) (#27986) 2025-04-10 15:42:10 -04:00
RachelElysia
a8d9839bba
Fleet UI: Move view all host link onto host count (#28042) 2025-04-10 09:14:28 -04:00
Victor Lyuboslavsky
3d0025c570
SCIM + host integration (#27880)
For #27284

This PR:
- Adds SCIM as a fallback for username during macOS end user
authentication during setup experience
- Adds SCIM/endUsers details to host details

# Checklist for submitter
- [x] Changes file added for user-visible changes in `changes/`,
`orbit/changes/` or `ee/fleetd-chrome/changes`.
See [Changes
files](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/Committing-Changes.md#changes-files)
for more information.
- [x] Added/updated automated tests
- [x] A detailed QA plan exists on the associated ticket (if it isn't
there, work with the product group's QA engineer to add it)
- [x] Manual QA for all new/changed functionality
2025-04-08 09:35:06 -05:00
Lucas Manuel Rodriguez
94ec77f6f0
Update apmhttp to fix upload of software packages in Dogfood (#27929)
For #27235.

This is updating the dependency after fixing the bug in
https://github.com/elastic/apm-agent-go/pull/1707.

The issue with the upload of medium/big sized packages can be reproduced
by running `fleet serve` with `FLEET_LOGGING_TRACING_ENABLED=1
FLEET_LOGGING_TRACING_TYPE=elasticapm`. We have reproduced this issue in
Dogfood only because it's the only production environment where APM
tracing is enabled. We also have APM enabled in our internal
load-testing to collect data during troubleshooting.

- [X] Changes file added for user-visible changes in `changes/`,
`orbit/changes/` or `ee/fleetd-chrome/changes`.
See [Changes
files](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/Committing-Changes.md#changes-files)
for more information.
- [x] A detailed QA plan exists on the associated ticket (if it isn't
there, work with the product group's QA engineer to add it)
- [X] Manual QA for all new/changed functionality
2025-04-08 10:28:31 -03:00
RachelElysia
df61e6b7f5
Fleet UI: Fix platform resetting on pagination of OS table (#27896) 2025-04-07 09:45:45 -04:00
Gabriel Hernandez
fc63a2c237
add cancel upcoming host activities in the UI (#27879)
For #27410

add UI for canceling upcoming host activities and displaying canceled
activities in global and past activity feeds. This includes:

**ability to cancel upcoming activity**


![image](https://github.com/user-attachments/assets/1fdafb05-dc0c-4025-8389-e9a0b9da2673)

**Confirmation modal to cancel activity**


![image](https://github.com/user-attachments/assets/e765c60b-2b5e-43ca-a31b-2a7af0d64247)

**new global activities when upcoming activities are canceled**


![image](https://github.com/user-attachments/assets/04f368cb-f66c-4802-b3fb-79fd5f7b06bb)

**new past activities when upcoming activities are canceled**


![image](https://github.com/user-attachments/assets/b2d0a50e-58e8-4677-84bd-9c645651b9ab)


<!-- Note that API documentation changes are now addressed by the
product design team. -->

- [x] Changes file added for user-visible changes in `changes/`,
`orbit/changes/` or `ee/fleetd-chrome/changes`.
- [x] Added/updated automated tests
- [x] Manual QA for all new/changed functionality
2025-04-07 12:11:24 +01:00
Luke Heath
9b73f629b2
Adding changes for Fleet v4.66.0 (#27407) 2025-04-04 14:02:20 -05:00
Luke Heath
fe6c5df3ac
Remove change files from 4.64.0 (#27886) 2025-04-04 13:17:45 -05:00
Luke Heath
2d19865ab0
Remove change files from v4.63.0 (#27885) 2025-04-04 12:31:15 -05:00
Scott Gress
fca1e1ab42
Add GitOps for policy labels (#27781)
For #27301 

# Checklist for submitter

<!-- Note that API documentation changes are now addressed by the
product design team. -->

- [X] Changes file added for user-visible changes in `changes/`,
`orbit/changes/` or `ee/fleetd-chrome/changes`.
See [Changes
files](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/Committing-Changes.md#changes-files)
for more information.
- [X] Input data is properly validated, `SELECT *` is avoided, SQL
injection is prevented (using placeholders for values in statements)
- [X] Added/updated automated tests
- [X] A detailed QA plan exists on the associated ticket (if it isn't
there, work with the product group's QA engineer to add it)
- [X] Manual QA for all new/changed functionality

# Details

This PR adds the ability to set/unset labels on policies via GitOps. It
builds on https://github.com/fleetdm/fleet/pull/27575 (back end for
policy labels) and updates the `PolicySpec` type and `ApplyPolicySpecs`
methods to update the `policy_labels` table where needed.

## Testing

1. Create a few labels in the UI
1. Create a global policy "foo" in the UI without labels
2. Create a global policy "bar" in the UI with labels
2. Create a global policy "baz" in the UI with labels
4. Use `fleetctl gitops` with a global .yml file, and under `policies:`
add "foo", "bar", "baz" and "boop".
  * Add labels to "foo" with `labels_include_any:`
  * Don't add `labels_include_any:` to "bar"
* Add labels to "baz" with `labels_include_any:`, but different labels
than what you added in the UI
  * Add labels to "boop" with `labels_include_any:`

The expected outcome when viewing the queries in the UI (on the "edit
query" screen)
* Foo, Baz and Boop should have the labels specified in gitops
* Bar should have no labels

Repeat testing with _excluded_ labels.

---------

Co-authored-by: dantecatalfamo <dante.catalfamo@gmail.com>
Co-authored-by: Dante Catalfamo <43040593+dantecatalfamo@users.noreply.github.com>
2025-04-04 09:46:51 -05:00
Gabriel Hernandez
d7629b08ea
Feat UI idp host details (#27730)
For #27283

This includes the work to add the new users card on host details and
show the new idp information as well as google profiles and other
emails.

This includes:

**new user card on the host details and my device page**


![image](https://github.com/user-attachments/assets/f02badbf-85a2-4198-a30c-ace0e08ac843)


**rework of the grid layout on the host page**

**removal of unneeded device mapping code on host details and my device
page**



I've changed how we are using the grid layout in CSS to better support
dynamic rendering content


<!-- Note that API documentation changes are now addressed by the
product design team. -->

- [x] Changes file added for user-visible changes in `changes/`,
`orbit/changes/` or `ee/fleetd-chrome/changes`.
- [ ] Added/updated automated tests
- [ ] Manual QA for all new/changed functionality
2025-04-04 15:46:22 +01:00
Scott Gress
d6eaa0913a
Add ability to target labels on policies (#27599)
For #27276 

# Details

This PR adds the ability to select labels when saving or editing a query
in the UI, so that the query will only target hosts with those labels.
It follows the API design from
https://github.com/fleetdm/fleet/pull/27196, utilizing the
labels_include_any and labels_exclude_any fields. The expectation is
that when creating or updating a query, labels_include_any and
labels_exclude_any are arrays of label names, and when fetching a single
query, they are arrays of objects with a name and an id key.

Other updates in this PR:

* Removed colons from various headings on the Save Policy Modal and Edit
Policy form
* Updated the "Delete label" text
* Removed "Policy runs on all hosts with these platforms." subheading
underneath the platform selector
* TargetLabelSelector component now has `suppressTitle` flag to turn off
the "Target" title.
2025-04-02 16:31:03 -05:00
Dante Catalfamo
37932e0f97
Custom targets for policies - backend (#27575)
#27277
2025-04-02 12:36:03 -04:00
Martin Angers
69fcda9686
Cancel upcoming activities: DB schema and backend (#27710) 2025-04-01 14:08:56 -04:00
Ian Littman
0293d99800
Remove default EXE install/uninstall scripts, require entering install/uninstall scripts on EXE upload (#27268)
For #27267.

Below is what's shown immediately after selecting an EXE:

<img width="1254" alt="image"
src="https://github.com/user-attachments/assets/a28d8565-de88-448a-bdbc-92aefc34ad55"
/>


TODO:

* Tests
* GitOps requirements changes
* Disabling add button/adding errors when required scripts aren't
specified

# Checklist for submitter

If some of the following don't apply, delete the relevant line.

- [x] Changes file added for user-visible changes in `changes/`,
`orbit/changes/` or `ee/fleetd-chrome/changes`.
See [Changes
files](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/Committing-Changes.md#changes-files)
for more information.
- [x] Input data is properly validated, `SELECT *` is avoided, SQL
injection is prevented (using placeholders for values in statements)
- [x] Added/updated automated tests
- [x] A detailed QA plan exists on the associated ticket (if it isn't
there, work with the product group's QA engineer to add it)
- [x] Manual QA for all new/changed functionality

---------

Co-authored-by: Luke Heath <luke@fleetdm.com>
Co-authored-by: Noah Talerman <47070608+noahtalerman@users.noreply.github.com>
Co-authored-by: RachelElysia <rachel@fleetdm.com>
2025-03-31 13:52:06 -05:00
Scott Gress
59f96651b6
Update to Go 1.24.1 (#27506)
For #26713 

# Details

This PR updates Fleet and its related tools and binaries to use Go
version 1.24.1.

Scanning through the changelog, I didn't see anything relevant to Fleet
that requires action. The only possible breaking change I spotted was:

> As [announced](https://tip.golang.org/doc/go1.23#linux) in the Go 1.23
release notes, Go 1.24 requires Linux kernel version 3.2 or later.

Linux kernel 3.2 was released in January of 2012, so I think we can
commit to dropping support for earlier kernel versions.

The new [tools directive](https://tip.golang.org/doc/go1.24#tools) is
interesting as it means we can move away from using `tools.go` files,
but it's not a required update.

# Checklist for submitter

If some of the following don't apply, delete the relevant line.

<!-- Note that API documentation changes are now addressed by the
product design team. -->

- [X] Changes file added for user-visible changes in `changes/`,
`orbit/changes/` or `ee/fleetd-chrome/changes`.
- [x] Manual QA for all new/changed functionality
- For Orbit and Fleet Desktop changes:
- [X] Make sure fleetd is compatible with the latest released version of
Fleet
   - [x] Orbit runs on macOS  , Linux   and Windows. 
- [x] Manual QA must be performed in the three main OSs, macOS ,
Windows and Linux .
2025-03-31 11:14:09 -05:00
Martin Angers
f3d7ed86a8
Bugfix: support removing labels associated with profiles (custom settings) in gitops (#27546) 2025-03-31 11:42:43 -04:00
Sarah Gillespie
8d17956f7b
Skip bootstrap package and other setup items when renewing Apple MDM enrollment profiles (#27560) 2025-03-28 16:33:22 -05:00
Dante Catalfamo
97e3943dfa
A third and mysterious attempt at gitops ui mode (#27585)
#27294
2025-03-28 11:18:22 -04:00
Gabriel Hernandez
626ff8a467
add new idp section on integrations page and show the users idp connection with fleet (#27566)
For #27282

add new idp section on the integration page. This page will show the
different statuses for the users idp connection with fleet.

**not connected**


![image](https://github.com/user-attachments/assets/13fb46c6-64ca-43fa-a259-e7cf3fdb82b1)

**successful connection**


![image](https://github.com/user-attachments/assets/de80eea5-8d76-4b50-8024-5f702e85f88a)

**failed connection**


![image](https://github.com/user-attachments/assets/bbfcfcf8-51aa-4c08-b57f-cb0c2842313a)

<!-- Note that API documentation changes are now addressed by the
product design team. -->

- [x] Changes file added for user-visible changes in `changes/`,
`orbit/changes/` or `ee/fleetd-chrome/changes`.
See [Changes
files](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/Committing-Changes.md#changes-files)
for more information.
- [ ] Added/updated automated tests
- [x] Manual QA for all new/changed functionality
2025-03-28 11:23:07 +00:00
Ian Littman
e5ebc3e20b
Drop request timeout on FMA add endpoint (#27602)
If the Fleet server is on a connection that can't pull ~150 Mbps down,
it'll time out before being able to add Microsoft Word for macOS, due to
the 100-second default timeout. This skips that behavior.

# Checklist for submitter

If some of the following don't apply, delete the relevant line.

<!-- Note that API documentation changes are now addressed by the
product design team. -->

- [x] Changes file added for user-visible changes in `changes/`,
`orbit/changes/` or `ee/fleetd-chrome/changes`.
See [Changes
files](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/Committing-Changes.md#changes-files)
for more information.
2025-03-27 17:01:47 -05:00
jacobshandling
748b5bcd51
Full-stack: Make "Server url" validation conditions consistent across Fleet, update Web Address form validation and submission logic per Fleet best practices (frontend/docs/patterns.md) (#27455)
## For #27454 

Consider Fleet web URL to be valid if it:

- (Front end and back end): uses “https://” or “http://” scheme
 and
- (Front end) accepts only valid or "localhost" hosts (e.g., "a.b.cc" or
"localhost", but not "a.b")
- (Back end) accepts any host (e.g., "localhost", "a.b.cc", or even
"a.b")


### Setup flow UI URL validation:

![setup](https://github.com/user-attachments/assets/34a428d2-5731-46f2-b708-c88b790e3667)

### Org settings UI URL validation:

![org-settings](https://github.com/user-attachments/assets/147916c8-9c5b-4ae7-9e14-625c65b42d0a)

### Server URL validation:
<img width="1464" alt="invalid-url-server"
src="https://github.com/user-attachments/assets/83a112e1-6318-4b09-864d-fe66a223835d"
/>

### Invalid Fleet server URL in DB error:

![invalid-url-in-db](https://github.com/user-attachments/assets/aae591fb-6cc3-49bd-8556-22129be4c2c4)


- [x] Changes file added for user-visible changes in `changes/`,
- [x] Added/updated automated tests
- [ ] A detailed QA plan exists on the associated ticket (if it isn't
there, work with the product group's QA engineer to add it)
- [x] Manual QA for all new/changed functionality

---------

Co-authored-by: Jacob Shandling <jacob@fleetdm.com>
2025-03-27 13:56:38 -07:00
Dante Catalfamo
36e6ba3569
Add vmodule flag to list of hidden osquery flags (#25789)
#25487
2025-03-27 11:05:00 -04:00
Jahziel Villasana-Espinoza
5f628a1c59
remove the standard timeout for software installer downloads (#27550)
> For #27548

# Checklist for submitter

If some of the following don't apply, delete the relevant line.

<!-- Note that API documentation changes are now addressed by the
product design team. -->

- [x] Changes file added for user-visible changes in `changes/`,
`orbit/changes/` or `ee/fleetd-chrome/changes`.
See [Changes
files](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/Committing-Changes.md#changes-files)
for more information.
- [x] A detailed QA plan exists on the associated ticket (if it isn't
there, work with the product group's QA engineer to add it)
- [x] Manual QA for all new/changed functionality
2025-03-26 17:19:22 -04:00
Dante Catalfamo
587b2fc7b7
Check for invalid default serial number when fetching host details (#27470)
For #25993
2025-03-26 16:23:50 -04:00
Martin Angers
78c0d67e78
Bugfix: re-create deleted iOS/iPadOS host entries in Fleet if it checks in again via MDM (#27231) 2025-03-26 09:33:38 -04:00
Victor Lyuboslavsky
09c2e2ff72
Added Apple Root Cert for gdmf request. (#27483)
I manually verified this fix by running the new
`github.com/fleetdm/fleet/v4/server/mdm/apple/gdmf/integrationtest` test
with and without the fix on a cloud Ubuntu server.

Without fix:
```
=== RUN   TestGetAssetMetadata
    gdmf_test.go:14:
        	Error Trace:	/root/fleet/server/mdm/apple/gdmf/integrationtest/gdmf_test.go:14
        	Error:      	Received unexpected error:
        	            	retrieving asset metadata: Get "https://gdmf.apple.com/v2/pmv": tls: failed to verify certificate: x509: certificate signed by unknown authority
        	Test:       	TestGetAssetMetadata
--- FAIL: TestGetAssetMetadata (3.53s)
FAIL
FAIL	github.com/fleetdm/fleet/v4/server/mdm/apple/gdmf/integrationtest	3.542s
FAIL
```

With fix:
```
=== RUN   TestGetAssetMetadata
--- PASS: TestGetAssetMetadata (0.39s)
PASS
ok  	github.com/fleetdm/fleet/v4/server/mdm/apple/gdmf/integrationtest	0.397s
```

# Checklist for submitter

- [x] Changes file added for user-visible changes in `changes/`,
`orbit/changes/` or `ee/fleetd-chrome/changes`.
- [x] Added/updated automated tests
- [x] Manual QA for all new/changed functionality
2025-03-24 19:26:36 -05:00
Dante Catalfamo
593df5d2d9
Fix deadlock: reduce number rows deleted at per iter, add retry (#27027)
#27002
2025-03-21 13:48:39 -04:00
Konstantin Sykulev
beb7dfee99
Updated ListHostSoftware vulnerability filtering (#27020)
Include vulnerability filtering conditions on vpp apps and latest host
software installs/uninstalls

https://github.com/fleetdm/fleet/issues/26824

- [x] Changes file added for user-visible changes in `changes/`,
`orbit/changes/` or `ee/fleetd-chrome/changes`.
See [Changes
files](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/Committing-Changes.md#changes-files)
for more information.
- [x] Input data is properly validated, `SELECT *` is avoided, SQL
injection is prevented (using placeholders for values in statements)
- [x] Added/updated automated tests
- [x] A detailed QA plan exists on the associated ticket (if it isn't
there, work with the product group's QA engineer to add it)
- [x] Manual QA for all new/changed functionality

---------

Co-authored-by: RachelElysia <rachel@fleetdm.com>
Co-authored-by: Jahziel Villasana-Espinoza <jahzielv@gmail.com>
2025-03-21 11:02:55 -05:00
Victor Lyuboslavsky
e7e9f54071
Updated FileVault and BitLocker error messages (#27365)
For #24862

# Checklist for submitter

If some of the following don't apply, delete the relevant line.

<!-- Note that API documentation changes are now addressed by the
product design team. -->

- [x] Changes file added for user-visible changes in `changes/`,
`orbit/changes/` or `ee/fleetd-chrome/changes`.
- [x] Added/updated automated tests
- [x] A detailed QA plan exists on the associated ticket (if it isn't
there, work with the product group's QA engineer to add it)
- [x] Manual QA for all new/changed functionality
2025-03-21 09:56:50 -05:00
Benjamin Edwards
c6178c64cd
add configuration setting for forcing h2c (#26799) 2025-03-21 09:38:21 -04:00
RachelElysia
ea37ad6df3
Fleet UI: Surface Windows FMA (#27068) 2025-03-21 09:33:06 -04:00
Dante Catalfamo
e9f1d52f6a
Fix multi-row-select cell firing onClickRow twice (#27010)
#26564
2025-03-20 16:36:59 -04:00
Scott Gress
7b4d9aa487
Add labels to queries using gitops (#27259)
For #24473 

This PR allows users to add / update / remove labels from queries via
Gitops.

## Testing

1. Create a few labels in the UI
1. Create a global query "foo" in the UI without labels
2. Create a global query "bar" in the UI with labels
2. Create a global query "baz" in the UI with labels
4. Use `fleetctl gitops` with a global .yml file, and under `queries:`
and "foo", "bar", "baz" and "boop".
  * Add labels to "foo" with `labels_include_any:`
  * Don't add `labels_include_any:` to "bar"
* Add labels to "baz" with `labels_include_any:`, but different labels
than what you added in the UI
  * Add labels to "boop" with `labels_include_any:`

The expected outcome when viewing the queries in the UI (on the "edit
query" screen)
* Foo, Baz and Boop should have the labels specified in gitops
* Bar should have no labels
2025-03-20 15:32:52 -05:00
Victor Lyuboslavsky
93bdb437ac
Resend Windows profiles on change (#27308)
For #25030 

This PR includes the bug fix and tests.

It also includes the `secrets_updated_at` columns needed for story
#27351. These columns are currently unused and always NULL.

# Checklist for submitter
- [x] Changes file added for user-visible changes in `changes/`,
`orbit/changes/` or `ee/fleetd-chrome/changes`.
See [Changes
files](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/Committing-Changes.md#changes-files)
for more information.
- [x] If database migrations are included, checked table schema to
confirm autoupdate
- For database migrations:
- [x] Checked schema for all modified table for columns that will
auto-update timestamps during migration.
- [x] Confirmed that updating the timestamps is acceptable, and will not
cause unwanted side effects.
- [x] Ensured the correct collation is explicitly set for character
columns (`COLLATE utf8mb4_unicode_ci`).
- [x] Added/updated automated tests
- [x] A detailed QA plan exists on the associated ticket (if it isn't
there, work with the product group's QA engineer to add it)
- [x] Manual QA for all new/changed functionality
2025-03-20 14:43:04 -05:00
RachelElysia
7f8073624a
FE: Refactor pagination to be a single component (#27224) 2025-03-20 12:40:43 -04:00
Ian Littman
8ef3ff2ae5
Fix non-Windows false positive for CVE-2024-6286 (#27325)
For #27193.

# Checklist for submitter

If some of the following don't apply, delete the relevant line.

<!-- Note that API documentation changes are now addressed by the
product design team. -->

- [x] Changes file added for user-visible changes in `changes/`,
`orbit/changes/` or `ee/fleetd-chrome/changes`.
See [Changes
files](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/Committing-Changes.md#changes-files)
for more information.
- [x] Added/updated automated tests
- [x] A detailed QA plan exists on the associated ticket (if it isn't
there, work with the product group's QA engineer to add it)
- [ ] Manual QA for all new/changed functionality
2025-03-20 09:21:42 -05:00
Lucas Manuel Rodriguez
e6cb16453e
Added more logging for troubleshooting of software package installation (#27291)
For #27234.

- Improved logging in orbit to help us during troubleshooting.
- Added some documentation on how to grep for errors related to software
package installation in orbit.
- Added `took` to server request error logs (it was only present when
the request succeeds).

---

- [X] Changes file added for user-visible changes in `changes/`,
`orbit/changes/` or `ee/fleetd-chrome/changes`.
See [Changes
files](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/Committing-Changes.md#changes-files)
for more information.
- [x] A detailed QA plan exists on the associated ticket (if it isn't
there, work with the product group's QA engineer to add it)
- [X] Manual QA for all new/changed functionality
- For Orbit and Fleet Desktop changes:
- [x] Make sure fleetd is compatible with the latest released version of
Fleet (see [Must
rule](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/fleetd-development-and-release-strategy.md)).
- [x] Orbit runs on macOS, Linux and Windows. Check if the orbit
feature/bugfix should only apply to one platform (`runtime.GOOS`).
- [x] Manual QA must be performed in the three main OSs, macOS, Windows
and Linux.
- [x] Auto-update manual QA, from released version of component to new
version (see [tools/tuf/test](../tools/tuf/test/README.md)).
2025-03-20 11:09:57 -03:00
RachelElysia
3d3c901d3c
Fleet UI: Disable unsupported auto install of .exe during add flow (#27315) 2025-03-20 09:16:37 -04:00
Jahziel Villasana-Espinoza
31273203fd
report an installer download error as an installation failure to Fleet (#27264)
> For #24710

# Checklist for submitter

If some of the following don't apply, delete the relevant line.

<!-- Note that API documentation changes are now addressed by the
product design team. -->

- [x] Changes file added for user-visible changes in `changes/`,
`orbit/changes/` or `ee/fleetd-chrome/changes`.
See [Changes
files](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/Committing-Changes.md#changes-files)
for more information.
- [x] Added/updated automated tests
- [x] A detailed QA plan exists on the associated ticket (if it isn't
there, work with the product group's QA engineer to add it)
- [x] Manual QA for all new/changed functionality
- For Orbit and Fleet Desktop changes:
- [x] Make sure fleetd is compatible with the latest released version of
Fleet (see [Must
rule](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/fleetd-development-and-release-strategy.md)).
- [x] Orbit runs on macOS, Linux and Windows. Check if the orbit
feature/bugfix should only apply to one platform (`runtime.GOOS`).
- [x] Manual QA must be performed in the three main OSs, macOS, Windows
and Linux.
- [x] Auto-update manual QA, from released version of component to new
version (see [tools/tuf/test](../tools/tuf/test/README.md)).
2025-03-19 21:00:44 -04:00
jacobshandling
c2df8703df
UI: Truncate MDM server url and serial number (#27175)
## For #26295 

<img width="965" alt="Screenshot 2025-03-14 at 4 10 31 PM"
src="https://github.com/user-attachments/assets/908772ef-a666-46ab-82f4-6dbceca17f70"
/>
<img width="965" alt="Screenshot 2025-03-14 at 4 10 26 PM"
src="https://github.com/user-attachments/assets/897c1174-7965-4c3b-8055-6bc2718c2110"
/>



- [x] Changes file added for user-visible changes in `changes/`
- [ ] A detailed QA plan exists on the associated ticket (if it isn't
there, work with the product group's QA engineer to add it)
- [x] Manual QA for all new/changed functionality

---------

Co-authored-by: Jacob Shandling <jacob@fleetdm.com>
2025-03-19 09:55:03 -07:00
jacobshandling
915cf416d6
Full-stack: Granular host count data for live queries/policies (#27258)
## For #24950 

- Track more granular host count data when running a live query/policy,
and return it in two new fields of each `"status"`-typed websocket
message
- On completion of live query/policy, display that granular data in a
tooltip in the UI
- Streamline and clarify frontend live query logic
- Update types and field names to better reflect the data they contain
and the sources from which that data is derived
- Add comments to clearly define what various fields of data represent
- Update heading copy rendered while live queries and policies are
running

###
[Demo](https://www.loom.com/share/ad1d64cf527f4fbc981df58ad581242f?sid=a0dc1269-a049-43c3-afdb-65c0bb946ece)

 

![ezgif-6ecb9c3895acd4](https://github.com/user-attachments/assets/02c3ad40-c874-4978-af28-bdaec098906a)



- [x] Changes file added for user-visible changes in `changes/`
- [x] A detailed QA plan exists on the associated ticket (if it isn't
there, work with the product group's QA engineer to add it)
- [x] Manual QA for all new/changed functionality

---------

Co-authored-by: Jacob Shandling <jacob@fleetdm.com>
2025-03-19 09:53:55 -07:00
jacobshandling
11307525d1
UI: Validate both org logo URLs, accept data URIs (#27160)
## For #26271 


![ezgif-582a8acaa8686e](https://github.com/user-attachments/assets/4284bbf7-8708-46f3-b020-f4039f8bd1b0)

- [x] Changes file added for user-visible changes in `changes/`
- [x] Manual QA for all new/changed functionality

---------

Co-authored-by: Jacob Shandling <jacob@fleetdm.com>
2025-03-18 12:57:07 -07:00
jacobshandling
7953fe2e2c
UI: Simplify New policy flow (#27173)
## For #26052 

- Remove add policy modal from flow
- Update "Schema" links
- Add "Examples" link


![add-policy](https://github.com/user-attachments/assets/69d60573-f6a6-45e8-92ff-4faa29f224a9)




- [x] Changes file added for user-visible changes in `changes/
- [x] A detailed QA plan exists on the associated ticket (if it isn't
there, work with the product group's QA engineer to add it)
- [x] Manual QA for all new/changed functionality

---------

Co-authored-by: Jacob Shandling <jacob@fleetdm.com>
2025-03-18 12:56:05 -07:00
Sarah Gillespie
e9e0f7b7e3
Update activity log UI for certificate authority features (#27227) 2025-03-18 14:41:03 -05:00
Dante Catalfamo
02ee1f8372
Add printing for query labels in cli (#26957)
#26650
2025-03-18 14:05:54 -04:00
Dante Catalfamo
c5bffe7c0d
Allow team gitops to run without global config (#26969)
#26171
2025-03-18 12:24:35 -04:00
Luke Heath
d7f6ddb6d0
Adding changes for Fleet v4.65.0 (#26698) (#27166) 2025-03-18 11:18:10 -05:00
Martin Angers
738db5a215
Bugfix: ignore Linux hosts in disk encryption stats and filters if disk encryption is disabled (#27187) 2025-03-18 08:36:38 -04:00
jacobshandling
cc64856ee7
fleetctl: Handle "password reset required" errors (#27132) 2025-03-17 09:44:59 -07:00
Victor Lyuboslavsky
131a52695b
Custom SCEP integration (#27121)
For #26623 

This PR enables deploying an Apple configuration profile with Fleet
proxying a custom SCEP server.

# Checklist for submitter

- [x] Changes file added for user-visible changes in `changes/`,
`orbit/changes/` or `ee/fleetd-chrome/changes`.
- [x] If database migrations are included, checked table schema to
confirm autoupdate
- For database migrations:
- [x] Checked schema for all modified table for columns that will
auto-update timestamps during migration.
- [x] Confirmed that updating the timestamps is acceptable, and will not
cause unwanted side effects.
- [x] Ensured the correct collation is explicitly set for character
columns (`COLLATE utf8mb4_unicode_ci`).
- [x] Added/updated automated tests
- [x] A detailed QA plan exists on the associated ticket (if it isn't
there, work with the product group's QA engineer to add it)
- [x] Manual QA for all new/changed functionality
2025-03-17 10:59:07 -05:00
RachelElysia
0c77e61cfa
Rest API: Add platform to endpoints with software packages and vpp apps (#27124) 2025-03-17 09:59:03 -04:00
Jahziel Villasana-Espinoza
d0f70c5980
fix: report a failure in setup experience if a VPP app installation fails due to lack of licenses (#27163)
> For #26345

# Checklist for submitter

If some of the following don't apply, delete the relevant line.

<!-- Note that API documentation changes are now addressed by the
product design team. -->

- [x] Changes file added for user-visible changes in `changes/`,
`orbit/changes/` or `ee/fleetd-chrome/changes`.
See [Changes
files](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/Committing-Changes.md#changes-files)
for more information.
- [x] Added/updated automated tests
- [x] A detailed QA plan exists on the associated ticket (if it isn't
there, work with the product group's QA engineer to add it)
- [x] Manual QA for all new/changed functionality
2025-03-17 09:43:51 -04:00
Dan Tsekhanskiy
f63afc8253
Ignore comments at the top of XML files (#27176)
Allows comments to be at the top of Fleet XML CSP files (addresses
https://github.com/fleetdm/fleet/issues/26443)

We should validate that this fixes the errors with GitOps pushes, but I
don't know how to do that without pushing this change through to QA.

# Checklist for submitter

If some of the following don't apply, delete the relevant line.

<!-- Note that API documentation changes are now addressed by the
product design team. -->

- [x] Changes file added for user-visible changes in `changes/`,
`orbit/changes/` or `ee/fleetd-chrome/changes`.
See [Changes
files](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/Committing-Changes.md#changes-files)
for more information.
- [x] Added/updated automated tests
- [x] Manual QA for all new/changed functionality
2025-03-15 10:40:50 -05:00
Konstantin Sykulev
997adcebe0
Batched getPoliciesBySoftwareTitleIDs (#27062)
Mysql has a max of 65535 placeholders in a sql statement. When > 33k
title ids are passed to `getPoliciesBySoftwareTitleIDs` this causes a
`Prepared statement contains too many placeholders` error. Fixed this by
splitting up the query into multiple queries and aggregating the results
in memory.

https://github.com/fleetdm/fleet/issues/26753

- [x] Changes file added for user-visible changes in `changes/`,
`orbit/changes/` or `ee/fleetd-chrome/changes`.
See [Changes
files](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/Committing-Changes.md#changes-files)
for more information.
- [x] Input data is properly validated, `SELECT *` is avoided, SQL
injection is prevented (using placeholders for values in statements)
- [x] Added/updated automated tests
- [x] A detailed QA plan exists on the associated ticket (if it isn't
there, work with the product group's QA engineer to add it)
- [x] Manual QA for all new/changed functionality
2025-03-12 14:48:52 -05:00
Martin Angers
29b06a61f1
Bugfix: Ignore non-Fleet-MDM-enrolled Windows hosts in disk encryption stats and filters (#27066) 2025-03-12 15:31:23 -04:00
Scott Gress
096a747739
Ability to add labels to queries (front end) (#26867)
For #26649 

# Checklist for submitter

- [X] Changes file added for user-visible changes in `changes/`,
`orbit/changes/` or `ee/fleetd-chrome/changes`.
See [Changes
files](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/Committing-Changes.md#changes-files)
for more information.

## Details

This PR adds the ability to select labels when saving or editing a query
in the UI, so that the query will only target hosts with those labels.
It follows the API design from
https://github.com/fleetdm/fleet/pull/26589, utilizing the
`labels_include_any` field. The expectation is that when creating or
updating a query, `labels_include_any` is an array of label names, and
when fetching a single query, `labels_include_any` is an array of
objects with a `name` and an `id` key.

As part of this work the `TargetLabelSelector` component is updated to
allow it to show a message in place of the dropdown when there are no
custom options (e.g. "include any", "include all", "exclude any") to
choose from.
2025-03-12 11:54:29 -07:00
Ian Littman
cc352970c0
Dedupe MSRC downloads/deletes when enrolled hosts include multiple builds of the same version of Windows (#27060)
For #25090.

# Checklist for submitter

If some of the following don't apply, delete the relevant line.

<!-- Note that API documentation changes are now addressed by the
product design team. -->

- [x] Changes file added for user-visible changes in `changes/`,
`orbit/changes/` or `ee/fleetd-chrome/changes`.
See [Changes
files](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/Committing-Changes.md#changes-files)
for more information.
- [x] Input data is properly validated, `SELECT *` is avoided, SQL
injection is prevented (using placeholders for values in statements)
- [x] Added/updated automated tests
- [x] A detailed QA plan exists on the associated ticket (if it isn't
there, work with the product group's QA engineer to add it)
- [x] Manual QA for all new/changed functionality
2025-03-12 13:22:56 -05:00
Jahziel Villasana-Espinoza
5451cd13d4
pad macOS versions with an extra 0 during CPE generations so that we can match vulncheck versions (#27069)
> For #26561

# Checklist for submitter

If some of the following don't apply, delete the relevant line.

<!-- Note that API documentation changes are now addressed by the
product design team. -->

- [x] Changes file added for user-visible changes in `changes/`,
`orbit/changes/` or `ee/fleetd-chrome/changes`.
See [Changes
files](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/Committing-Changes.md#changes-files)
for more information.
- [x] Added/updated automated tests
- [x] A detailed QA plan exists on the associated ticket (if it isn't
there, work with the product group's QA engineer to add it)
- [x] Manual QA for all new/changed functionality
2025-03-12 13:01:37 -04:00
RachelElysia
dafb0c89f7
Host Software Table: Add vulnerability filters to API and UI (#26995) 2025-03-12 11:26:12 -04:00
jacobshandling
25a3835067
UI - Update label chooser empty state (#27019)
## For #23830 

No labels state –> label present state in 4 places:


![ezgif-38e21421995afd](https://github.com/user-attachments/assets/d71c6a41-ab13-45b1-b6a1-ec1de14fad96)

- [x] Changes file added for user-visible changes in `changes/`
- [x] Manual QA for all new/changed functionality

---------

Co-authored-by: Jacob Shandling <jacob@fleetdm.com>
2025-03-11 09:37:23 -07:00
Dante Catalfamo
7be7d17489
Identify if the release is older than npm, publish with tag (#26787)
#26520
2025-03-11 09:46:01 -04:00
Dante Catalfamo
d5e9153cea
Add LabelsIncludeAny to queries endpoint (#26823)
#16413 

---------

Co-authored-by: Scott Gress <scottmgress@gmail.com>
2025-03-11 09:45:01 -04:00
Dante Catalfamo
fd9664ce4d
Respect user input whitespace when previewing calendar event (#26920)
# 26689
2025-03-11 09:44:02 -04:00
Ian Littman
32143284f6
Force a user to click through to redeem MFA if they aren't on a browser that started the MFA process (#26980)
For #26976.

<img width="384" alt="image"
src="https://github.com/user-attachments/assets/8d057ec2-c3b0-45d1-bb8c-9745b426e27d"
/>

An example of such a browser would be an email link scanner, so this
*should* fix cases where link-scanning was redeeming the MFA link before
the intended user could get to it. Real users can still click through if
they wind up on this page, e.g. if they logged in with a different
browser than the one used to open the MFA link.

Users redeeming MFA with the same browser that initiated the login skp
the button and redeem/land on the dashboard automatically.

# Checklist for submitter

If some of the following don't apply, delete the relevant line.

<!-- Note that API documentation changes are now addressed by the
product design team. -->

- [x] Changes file added for user-visible changes in `changes/`,
`orbit/changes/` or `ee/fleetd-chrome/changes`.
See [Changes
files](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/Committing-Changes.md#changes-files)
for more information.
- [x] Input data is properly validated, `SELECT *` is avoided, SQL
injection is prevented (using placeholders for values in statements)
- [x] A detailed QA plan exists on the associated ticket (if it isn't
there, work with the product group's QA engineer to add it)
- [x] Manual QA for all new/changed functionality

---------

Co-authored-by: Rachael Shaw <r@rachael.wtf>
2025-03-10 13:56:25 -05:00
Victor Lyuboslavsky
b42dbf2ff7
DigiCert backend (#26914)
For #26609 

This PR includes
- ability to get a DigiCert certificate to a macOS device
- integration test for the above
- some validation

This PR does not include the following. They will be included in
subsequent PRs:
- support for User Principal Name in certificate
- support for $FLEET_VAR_HOST_HARDWARE_SERIAL
- saving certificate expiration date
- not resending DigiCert profile after failure

# Checklist for submitter
- [x] Changes file added for user-visible changes in `changes/`,
`orbit/changes/` or `ee/fleetd-chrome/changes`.
See [Changes
files](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/Committing-Changes.md#changes-files)
for more information.
- [x] Added/updated automated tests
- [x] A detailed QA plan exists on the associated ticket (if it isn't
there, work with the product group's QA engineer to add it)
- [x] Manual QA for all new/changed functionality
2025-03-10 13:02:49 -05:00
RachelElysia
aad8d858cc
Fleet UI: Never truncate host count on Dashboard > Software table (#26777) 2025-03-10 14:02:13 -04:00
Dante Catalfamo
b49d131a05
Parse top-level json array when request arrives, before service func (#26665)
#24390
2025-03-10 13:27:17 -04:00
Jahziel Villasana-Espinoza
7c7d9cb30a
add batching logic when we pull windows profiles to install or remove (#26964)
> For #26918

# Checklist for submitter

If some of the following don't apply, delete the relevant line.

<!-- Note that API documentation changes are now addressed by the
product design team. -->

- [x] Changes file added for user-visible changes in `changes/`,
`orbit/changes/` or `ee/fleetd-chrome/changes`.
See [Changes
files](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/Committing-Changes.md#changes-files)
for more information.
- [x] Added/updated automated tests
- [x] A detailed QA plan exists on the associated ticket (if it isn't
there, work with the product group's QA engineer to add it)
- [x] Manual QA for all new/changed functionality

---------

Co-authored-by: Ian Littman <iansltx@gmail.com>
2025-03-10 09:12:24 -05:00
Ian Littman
b2efa09e2b
Add new archive URL as data source for Mac Office release notes (#26978)
For #26977.

# Checklist for submitter

If some of the following don't apply, delete the relevant line.

<!-- Note that API documentation changes are now addressed by the
product design team. -->

- [x] Changes file added for user-visible changes in `changes/`,
`orbit/changes/` or `ee/fleetd-chrome/changes`.
See [Changes
files](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/Committing-Changes.md#changes-files)
for more information.
- [x] Input data is properly validated, `SELECT *` is avoided, SQL
injection is prevented (using placeholders for values in statements)
- [x] Added/updated automated tests
- [x] A detailed QA plan exists on the associated ticket (if it isn't
there, work with the product group's QA engineer to add it)
- [x] Manual QA for all new/changed functionality
2025-03-10 08:46:18 -05:00
Ian Littman
014f10fb46
Add experimental software title name update endpoint for titles with a bundle ID (#26938)
For #26933.

# Checklist for submitter

If some of the following don't apply, delete the relevant line.

<!-- Note that API documentation changes are now addressed by the
product design team. -->

- [x] Changes file added for user-visible changes in `changes/`,
`orbit/changes/` or `ee/fleetd-chrome/changes`.
See [Changes
files](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/Committing-Changes.md#changes-files)
for more information.
- [x] Input data is properly validated, `SELECT *` is avoided, SQL
injection is prevented (using placeholders for values in statements)
- [x] Added/updated automated tests
- [x] A detailed QA plan exists on the associated ticket (if it isn't
there, work with the product group's QA engineer to add it)
- [x] Manual QA for all new/changed functionality

---------

Co-authored-by: Rachael Shaw <r@rachael.wtf>
2025-03-07 11:36:17 -06:00
George Karr
36aba531f4
Revert "Disallow user-scoped profiles for Windows MDM" (#26940)
Reverts fleetdm/fleet#26153
2025-03-07 08:33:40 -06:00
Lucas Manuel Rodriguez
5d43907765
Move changes file to orbit/changes (#26890)
For #25616.
2025-03-06 15:36:12 -03:00
Dante Catalfamo
98fb2f2d8b
Remove min-height from Upcoming/PastActivityFeed (#26783) 2025-03-06 13:31:55 -05:00
RachelElysia
88d4f8b4c6
Fleet UI: Surface policy automation scripts error messages (#26764) 2025-03-05 16:11:04 -05:00
Lucas Manuel Rodriguez
fc96cc4e91
Merge commit from fork 2025-03-05 07:31:17 -06:00
Jahziel Villasana-Espinoza
4834a70e47
fix: move logic for mutating software versions so that Fleet shows the expected versions (#26789)
> For #24784

# Checklist for submitter

If some of the following don't apply, delete the relevant line.

<!-- Note that API documentation changes are now addressed by the
product design team. -->

- [x] Changes file added for user-visible changes in `changes/`,
`orbit/changes/` or `ee/fleetd-chrome/changes`.
See [Changes
files](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/Committing-Changes.md#changes-files)
for more information.
- [x] Added/updated automated tests
- [x] A detailed QA plan exists on the associated ticket (if it isn't
there, work with the product group's QA engineer to add it)
- [x] Manual QA for all new/changed functionality
2025-03-04 16:22:03 -05:00
jacobshandling
ee9d9092e8
fleetctl: update package command output (#26500)
For #26489

---------

Co-authored-by: Jacob Shandling <jacob@fleetdm.com>
2025-03-04 13:21:07 -05:00
RachelElysia
452650c03a
My device page: Fix 'show details' to open software details modal (#26771) 2025-03-03 16:21:51 -05:00
Ian Littman
e3b12ab0f1
Add missing changes file for PowerShell CVE fix (#26666) 2025-02-28 09:33:02 -06:00
RachelElysia
a3e92d0f93
Fleet UI: Fix policy software automation fail to report as failing (#26044) 2025-02-28 08:45:33 -05:00
Jahziel Villasana-Espinoza
f64bd5cf28
fix: parse out update section of CPE, fix CVE-2024-12254 Windows false positive (#26634)
For #25882
For #26615 

# Checklist for submitter

If some of the following don't apply, delete the relevant line.

<!-- Note that API documentation changes are now addressed by the
product design team. -->

- [x] Changes file added for user-visible changes in `changes/`,
`orbit/changes/` or `ee/fleetd-chrome/changes`.
See [Changes
files](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/Committing-Changes.md#changes-files)
for more information.
- [x] Added/updated automated tests
- [x] A detailed QA plan exists on the associated ticket (if it isn't
there, work with the product group's QA engineer to add it)
- [x] Manual QA for all new/changed functionality
2025-02-28 08:12:19 -05:00
Ian Littman
201762b3e7
Add table default encodings/charsets to all migrations missing them, retrofit existing DB schema (#26670)
For #25353.

This both fixes new installs going forward (in which case the final
migration is a no-op) and cleans up existing installs that have the
wrong collations (in the new migration).

# Checklist for submitter

If some of the following don't apply, delete the relevant line.

<!-- Note that API documentation changes are now addressed by the
product design team. -->

- [x] Changes file added for user-visible changes in `changes/`,
`orbit/changes/` or `ee/fleetd-chrome/changes`.
See [Changes
files](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/Committing-Changes.md#changes-files)
for more information.
- [x] Input data is properly validated, `SELECT *` is avoided, SQL
injection is prevented (using placeholders for values in statements)
- [x] If database migrations are included, checked table schema to
confirm autoupdate
- For database migrations:
- [x] Checked schema for all modified table for columns that will
auto-update timestamps during migration.
- [x] Confirmed that updating the timestamps is acceptable, and will not
cause unwanted side effects.
- [x] Ensured the correct collation is explicitly set for character
columns (`COLLATE utf8mb4_unicode_ci`).
- [x] Manual QA for all new/changed functionality
2025-02-27 17:25:20 -06:00
Gabriel Hernandez
0da4826480
Feat UI byod landing page (#26592)
For #26211 and #26210

Add Android to byod enrollment landing page. this includes:

**new android section in add hosts modal:**


![image](https://github.com/user-attachments/assets/f951df0c-4654-4434-8c95-8b57634d4921)

**messaging when visiting from non android, ios, ipad device:**


![image](https://github.com/user-attachments/assets/169903a9-8d5e-4e3b-9b78-378a0e791b22)

**enroll into android mdm UI:**


![image](https://github.com/user-attachments/assets/79c9c116-e003-4a80-b0e9-8fbe8775a82c)

**various error states (secret is invalid, android or mac os mdm not
enabled):**


![image](https://github.com/user-attachments/assets/bc0035ac-b2ed-47e5-8e25-8716fc642e70)


![image](https://github.com/user-attachments/assets/87b8ca87-3352-47fe-8dbf-1bc2a49553b1)


![image](https://github.com/user-attachments/assets/5a378f5f-84d3-4738-aab3-0f68760d317d)

- [x] Changes file added for user-visible changes in `changes/`,
`orbit/changes/` or `ee/fleetd-chrome/changes`.
- [x] Manual QA for all new/changed functionality
2025-02-27 19:35:42 +00:00
George Karr
b47e4a51ce
Drop support for macOS 13 (#26525)
Drop support for macOS 13 and no longer need to validate nudge updates
2025-02-27 13:34:59 -06:00
Scott Gress
973fe46c5e
Add pagination to manage automations (#26414)
For #23243 

# Checklist for submitter

<!-- Note that API documentation changes are now addressed by the
product design team. -->

- [x] Changes file added for user-visible changes in `changes/`,
`orbit/changes/` or `ee/fleetd-chrome/changes`.
See [Changes
files](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/Committing-Changes.md#changes-files)
for more information.
- [x] Added/updated automated tests
- [ ] A detailed QA plan exists on the associated ticket (if it isn't
there, work with the product group's QA engineer to add it)
- [x] Manual QA for all new/changed functionality

## Details

This PR updates the policy Manage Automations modals to support
pagination. Previously, these modals received a list of policies from
the main Manage Policies page, which is itself paginated, so that a user
could only add automations to whatever policies were currently listed on
the Manage Automations page. This PR does some refactoring via the
creation of a new PaginatedList component which:

* accepts a `fetchPage` property it can call to get a page of data, 
* renders the data in a list with checkboxes and optional custom markup
(e.g. dropdowns)
* keeps track of changed ("dirty") items in the list, even across page
changes
* allows parent components to access the list of dirty items via a React
`ref`

For this specific use case, there's also a new `PoliciesPaginatedList`
which implements the `fetchPage` for getting a page of policies, and
adds Save and Cancel buttons. Each of the updated modals uses
`PoliciesPaginatedList` to replace its current code for rendering
policies in a list, and delegates much of the logic around change
tracking to the new components.
2025-02-27 12:43:38 -06:00
Sarah Gillespie
f43fb9538a
Merge branch 'main' into feat-23235-host-certificates 2025-02-27 11:41:34 -06:00
RachelElysia
769154b821
Fleet UI: Fix several team ids that were dropping in certain flows (#26590) 2025-02-27 10:53:34 -05:00
Gabriel Hernandez
1a655bf89a
UI activites for android mdm (#26647) 2025-02-27 14:07:34 +00:00
RachelElysia
7b7fa2fcd1
Fleet UI: Component fixes (styling bugs and code cleanup) (#26149) 2025-02-26 13:47:28 -05:00
gillespi314
c5386b1290 Merge branch 'main' into feat-23235-host-certificates 2025-02-26 12:43:19 -06:00
Dante Catalfamo
347ab3955a
Always allow passwords for users (#26334)
For #25834
2025-02-25 16:27:58 -05:00
Martin Angers
0adf67e538 Fix conflicts 2025-02-25 14:39:35 -05:00
Jahziel Villasana-Espinoza
7ec49e1c63
fix: improve sanitation of python version strings to match CPEs (#26538)
> for #25991

![Screenshot 2025-02-21 at 3 33
00 PM](https://github.com/user-attachments/assets/a0ba59d5-40cc-48a9-9ba1-0e0beecafd44)


# Checklist for submitter

If some of the following don't apply, delete the relevant line.

<!-- Note that API documentation changes are now addressed by the
product design team. -->

- [x] Changes file added for user-visible changes in `changes/`,
`orbit/changes/` or `ee/fleetd-chrome/changes`.
See [Changes
files](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/Committing-Changes.md#changes-files)
for more information.
- [x] Added/updated automated tests
- [x] A detailed QA plan exists on the associated ticket (if it isn't
there, work with the product group's QA engineer to add it)
- [x] Manual QA for all new/changed functionality
2025-02-25 13:59:35 -05:00
Scott Gress
e013ce742a
Show "Manage Automations" dropdown when no policies are present (#26298)
For #23243 

# Checklist for submitter

<!-- Note that API documentation changes are now addressed by the
product design team. -->

- [X] Changes file added for user-visible changes in `changes/`,
`orbit/changes/` or `ee/fleetd-chrome/changes`.
See [Changes
files](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/Committing-Changes.md#changes-files)
for more information.

## Details

This PR changes the behavior of the Manage Automations dropdown on the
Manage Policies page. Any user that has permission to manage policies
will now always see the dropdown. If there are no policies added for the
selected team (or no policies at all, in the case of "All teams" or
users on the free tier), the dropdown is disabled with a tooltip.

## Screenshots

**Free tier:**
<img width="753" alt="image"
src="https://github.com/user-attachments/assets/37a3b97a-74b3-4495-ace4-bfece30b3822"
/>

---

**Premium tier, All Teams:**
<img width="736" alt="image"
src="https://github.com/user-attachments/assets/bedd9a5f-e2aa-49da-8943-61bc69af9744"
/>

---

**Premium tier, team selected:**
<img width="744" alt="image"
src="https://github.com/user-attachments/assets/e1c2397b-1d19-46f2-b78d-e7a923f91c8f"
/>
2025-02-25 11:10:33 -06:00
Jahziel Villasana-Espinoza
dfc58d9600
fix: add index to os cve column (#26576)
> for #26178

# Checklist for submitter

If some of the following don't apply, delete the relevant line.

<!-- Note that API documentation changes are now addressed by the
product design team. -->

- [x] Changes file added for user-visible changes in `changes/`,
`orbit/changes/` or `ee/fleetd-chrome/changes`.
See [Changes
files](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/Committing-Changes.md#changes-files)
for more information.
- [x] If database migrations are included, checked table schema to
confirm autoupdate
- [x] Manual QA for all new/changed functionality

---------

Co-authored-by: Ian Littman <iansltx@gmail.com>
2025-02-24 21:59:56 -05:00
Jahziel Villasana-Espinoza
e6c5cf002a
fix: don't re-use title ID from a windows app for a vpp app (#26546)
> for #25651

# Checklist for submitter

If some of the following don't apply, delete the relevant line.

<!-- Note that API documentation changes are now addressed by the
product design team. -->

- [x] Changes file added for user-visible changes in `changes/`,
`orbit/changes/` or `ee/fleetd-chrome/changes`.
See [Changes
files](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/Committing-Changes.md#changes-files)
for more information.
- [x] Added/updated automated tests
- [x] A detailed QA plan exists on the associated ticket (if it isn't
there, work with the product group's QA engineer to add it)
- [x] Manual QA for all new/changed functionality
2025-02-24 17:51:12 -05:00
Ian Littman
f5ca50a340
Always record uploaded pkg files as "apps" source if they have a bundle ID to avoid conflicts with the same package appearing in inventory later (#26374)
For #26373.

# Checklist for submitter

If some of the following don't apply, delete the relevant line.

<!-- Note that API documentation changes are now addressed by the
product design team. -->

- [x] Changes file added for user-visible changes in `changes/`,
`orbit/changes/` or `ee/fleetd-chrome/changes`.
See [Changes
files](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/Committing-Changes.md#changes-files)
for more information.
- [x] A detailed QA plan exists on the associated ticket (if it isn't
there, work with the product group's QA engineer to add it)
- [x] Manual QA for all new/changed functionality

Autoated tests cover the code in the changes.
2025-02-24 16:38:57 -06:00
Ian Littman
91c90b681f
Change default vuln feed concurrency from 5 to 1 (#26565)
We're seeing database load issues at the default concurrency level, so
need to pick a significantly more conservative default, which we've
rolled out to a number of environments already as an override.

QA'd by adding the following at the top of `newVulnerabilitiesSchedule`
in `cron.go`:

```go
	fmt.Printf("%+v\n", config)
```

# Checklist for submitter

If some of the following don't apply, delete the relevant line.

<!-- Note that API documentation changes are now addressed by the
product design team. -->

- [x] Changes file added for user-visible changes in `changes/`,
`orbit/changes/` or `ee/fleetd-chrome/changes`.
See [Changes
files](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/Committing-Changes.md#changes-files)
for more information.
- [x] A detailed QA plan exists on the associated ticket (if it isn't
there, work with the product group's QA engineer to add it)
- [x] Manual QA for all new/changed functionality
2025-02-24 15:15:04 -06:00
RachelElysia
e98a93e8bc
Fleet UI: Auto-install VPP apps (#26455) 2025-02-24 16:01:55 -05:00
Martin Angers
8477856886 FIx conflicts 2025-02-24 14:28:34 -05:00
Martin Angers
a141830f76
CHV: implement paginated list certificates endpoints (#26554) 2025-02-24 12:52:39 -05:00
Scott Gress
0c95c50a41
Make desktop server display manager restart (#26526)
For #25616 

# Checklist for submitter

- [X] Changes file added for user-visible changes in `changes/`,
`orbit/changes/` or `ee/fleetd-chrome/changes`.
See [Changes
files](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/Committing-Changes.md#changes-files)
for more information.
- For Orbit and Fleet Desktop changes:
- [X] Manual QA must be performed in the three main OSs, macOS, Windows
and Linux.
- Tested on macOS, Windows, Ubuntu, Fedora (w/ and without system tray)
and Debian (w/ and without system tray)

## Details

This PR addresses the issue that on Ubuntu, if a user restarts their
display manager (e.g. with `sudo systemctl restart gdm3`), the Fleet
Desktop tray icon disappears and doesn't come back. The solution in this
PR is to add a function that runs in a loop and checks whether the tray
icon still exists, and if not, kills the Fleet Desktop process. The
parent Orbit process already has code to restart the desktop if it dies.
We also update the Orbit checker to run every 15 seconds, to limit the
delay in the icon coming back after a restart.

Also included in this PR is a rename from `desktop_unix.go` to
`desktop_linux.go`, which will be used automatically for linux builds,
and a new `desktop_darwin.go` for macos builds, and the removal of
redundant build directives for all.
2025-02-24 10:14:45 -06:00
jacobshandling
b990b3c6d9
UI - GitOps Mode, 3/3 (#26537)
## For #26229 

- Remove feature flag
- Undo updates to 4 Policies automation modals to facilitate refactor
being implemented in parallel
- Remaining specs:

**Manage teams:**

![manage-teams](https://github.com/user-attachments/assets/af8d8d10-2add-4d8d-8961-61d0de44b067)

Empty:
<img width="1464" alt="Screenshot 2025-02-21 at 4 27 30 PM"
src="https://github.com/user-attachments/assets/17cf4fc2-cc4e-4f63-8276-3db79b44e9e1"
/>

**Team users:**

![team-users](https://github.com/user-attachments/assets/1bf106c1-bdf7-442c-a957-6c9eea6af14d)
Empty:
<img width="1464" alt="Screenshot 2025-02-21 at 4 29 01 PM"
src="https://github.com/user-attachments/assets/46dd0e44-2af3-4ca7-a0be-628e358a61d7"
/>

**Team agent options:**

![team-agent-options](https://github.com/user-attachments/assets/7d4ee8b6-03c7-48d2-8337-b2c33e50abe9)

**Team settings:**

![team-settings](https://github.com/user-attachments/assets/a67b45fc-a5ce-4267-b8fd-2f1e300d1fd8)


- [x] Changes file added for user-visible changes in `changes/`
- [x] Added/updated automated tests
- [ ] A detailed QA plan exists on the associated ticket (if it isn't
there, work with the product group's QA engineer to add it)
- [x] Manual QA for all new/changed functionality

---------

Co-authored-by: Jacob Shandling <jacob@fleetdm.com>
2025-02-21 16:56:20 -08:00
Ian Littman
ce36352fcd
Allow automatic creation of software install policy for VPP and FMA apps in API (#26440)
For #26190. FMA is included here because the previous implementation was
client-side. QA'd manually. Follow-up PR soon with automated test coverage.

# Checklist for submitter

If some of the following don't apply, delete the relevant line.

<!-- Note that API documentation changes are now addressed by the
product design team. -->

- [x] Changes file added for user-visible changes in `changes/`,
`orbit/changes/` or `ee/fleetd-chrome/changes`.
See [Changes
files](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/Committing-Changes.md#changes-files)
for more information.
- [x] Input data is properly validated, `SELECT *` is avoided, SQL
injection is prevented (using placeholders for values in statements)
- [ ] Added/updated automated tests
- [x] A detailed QA plan exists on the associated ticket (if it isn't
there, work with the product group's QA engineer to add it)
- [x] Manual QA for all new/changed functionality
2025-02-21 18:08:48 -06:00
Sarah Gillespie
ea35a2d77d
Cleanup host_certificates table on host deletion (#26524) 2025-02-21 15:57:09 -06:00
Ian Littman
f6f540b74e
Add created_at/updated_at timestamps to VPP apps teams table, return as added_at (#26442)
For #23744.

Splitting into another PR: query to pull more accurate timestamps from
activity feed

# Checklist for submitter

If some of the following don't apply, delete the relevant line.

<!-- Note that API documentation changes are now addressed by the
product design team. -->

- [x] Changes file added for user-visible changes in `changes/`,
`orbit/changes/` or `ee/fleetd-chrome/changes`.
See [Changes
files](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/Committing-Changes.md#changes-files)
for more information.
- [x] Input data is properly validated, `SELECT *` is avoided, SQL
injection is prevented (using placeholders for values in statements)
- [x] If database migrations are included, checked table schema to
confirm autoupdate
- For database migrations:
- [x] Checked schema for all modified table for columns that will
auto-update timestamps during migration.
- [x] Confirmed that updating the timestamps is acceptable, and will not
cause unwanted side effects.
- [x] Ensured the correct collation is explicitly set for character
columns (`COLLATE utf8mb4_unicode_ci`).
- [x] Added/updated automated tests
- [x] A detailed QA plan exists on the associated ticket (if it isn't
there, work with the product group's QA engineer to add it)
- [x] Manual QA for all new/changed functionality
2025-02-21 15:07:52 -06:00
Gabriel Hernandez
a748e923c8
add UI for turning android mdm on/off (#26517)
For #26207

Adds UI for turning the android mdm on and off. This is currently hidden
behind a feature flag. To enable use FLEET_DEV_ANDROID_ENABLED=1 when
running your fleet server.

This includes:

**android mdm on and off card:**


![image](https://github.com/user-attachments/assets/4205f364-7c90-47c5-bb67-37a571e6a713)


![image](https://github.com/user-attachments/assets/67839f8f-fc51-43bc-b1ce-86b793b60ed2)

**Android mdm page off state**


![image](https://github.com/user-attachments/assets/fe12d0ac-9395-42a2-ab10-ea027bc560ba)

**Andoid mdm page on state**


![image](https://github.com/user-attachments/assets/d1ca80b1-6794-47ce-ab16-d0603295d581)

**Turn off android mdm modal**


![image](https://github.com/user-attachments/assets/18e69319-5b29-4d70-a9e0-7ff3c489e2aa)

> NOTE: will need to come back and revisit this for the SSE handling
when android mdm is successfully turned on.

- [x] Changes file added for user-visible changes in `changes/`,
`orbit/changes/` or `ee/fleetd-chrome/changes`.
See [Changes
files](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/Committing-Changes.md#changes-files)
for more information.
- [ ] Added/updated automated tests
- [x] Manual QA for all new/changed functionality
2025-02-21 17:23:38 +00:00
Gabriel Hernandez
76e16f0ec2
UI for certificate details on host details and my device pages (#26380)
For #25464

Implements the UI for viewing certification details on the host details
and my device pages.

This includes:

**Certs card and table on host details and my device page**


![image](https://github.com/user-attachments/assets/e685e55f-d982-43a7-91ff-e6d033b758f5)

**Cert details modal**


![image](https://github.com/user-attachments/assets/4a1d7421-85b8-4b3e-a010-ea752e7c6bdf)

- includes some work around normalising the details section card header
styles on these pages.
- includes extending DataSet component to add a `horizontal` orientation
when rendering the data


> NOTE: We still need to integrate with the API endpoints when they are
ready.

- [x] Changes file added for user-visible changes in `changes/`,
`orbit/changes/` or `ee/fleetd-chrome/changes`.
- [ ] Added/updated automated tests
- [x] Manual QA for all new/changed functionality
2025-02-21 11:52:41 +00:00
Scott Gress
8bab38b75a
Update "used by" display and tooltip styling (#26262)
For #25283 

# Checklist for submitter

- [X] Changes file added for user-visible changes in `changes/`,
`orbit/changes/` or `ee/fleetd-chrome/changes`.
See [Changes
files](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/Committing-Changes.md#changes-files)
for more information.

## Details

This PR updates the styling on the "Used by" line of the host details
page in the following ways:

* Updated color of the "more..." text
* Truncated long email address with ellipses
* Tooltip displays _all_ email addresses (in case the first one was
truncated)

## Screenshots

With extra long email:
<img width="353" alt="image"
src="https://github.com/user-attachments/assets/1e6dc535-c40d-44b6-a3ad-86920ac06772"
/>

---

Tooltips:
<img width="386" alt="image"
src="https://github.com/user-attachments/assets/8138e666-18f9-4e3b-a26a-99dc5b0492e7"
/>
<img width="455" alt="image"
src="https://github.com/user-attachments/assets/ef3ac552-b4ee-42ca-a522-aefacb4c9227"
/>

---

With regular email:
<img width="273" alt="image"
src="https://github.com/user-attachments/assets/88fae2c8-a2c8-4dd7-8a67-a8d9e33b7f08"
/>

---

With one email:
<img width="220" alt="image"
src="https://github.com/user-attachments/assets/198cf108-a8b7-4856-aa46-46e4a7676ef5"
/>

---

With one long email:
<img width="314" alt="image"
src="https://github.com/user-attachments/assets/0d781689-3140-41e2-be8c-a0c9b2542b35"
/>
2025-02-20 12:08:25 -06:00
Dante Catalfamo
739ca1e8c2
Remove restriction on setting both metadata and metadata_url (#26279)
For #26075
2025-02-19 10:11:52 -05:00
Martin Angers
6049b3919f
Unified Queue: add DB migration for existing pending activities (#26413) 2025-02-19 08:29:14 -05:00
Gabriel Hernandez
a669f3938b
fix issue with resetting abm token teams (#26259)
For #24040

Add gitops option for the request to modify the app config.

There was an issue with the abm token teams getting reset to default
anytime the `PATCH /fleet/config` endpoint was called. @jahzielv and I
discussed various options on how to solve this and agreed that the
approach taken in this PR was the quickest but not the best. Ideally,
we'd like the gitops client to send back the data to the endpoint that
its going to update. This will allow the `PATCH /fleet/config` endpoint
to work like a standard `PATCH` request and only update the options
provided instead of updating the app config differently depending on the
client calling the endpoint.

- [x] Changes file added for user-visible changes in `changes/`,
`orbit/changes/` or `ee/fleetd-chrome/changes`.
See [Changes
files](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/Committing-Changes.md#changes-files)
for more information.
- [x] Added/updated automated tests
- [x] Manual QA for all new/changed functionality
2025-02-18 20:08:06 +00:00
Scott Gress
403deb1e3e
Don't truncate text in SQL editor (#26292)
For #25921 

# Checklist for submitter

- [X] Changes file added for user-visible changes in `changes/`,
`orbit/changes/` or `ee/fleetd-chrome/changes`.
See [Changes
files](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/Committing-Changes.md#changes-files)
for more information.

## Details

This PR fixes an issue where the SQL editor would truncate large
queries, because it was setting a mandatory height on the content
element rather than letting the element use its own computed height.

## Screenshots

**Before:**

![25921-before](https://github.com/user-attachments/assets/19e6e4ea-6ec4-4451-80c7-c5fa061353d7)

**After:**

![25921-after](https://github.com/user-attachments/assets/26c80f89-4bd7-4f43-9d28-531fff945aba)
2025-02-18 11:10:16 -06:00
Scott Gress
f200bb38c0
Revert "Add "ExcludeFleetMaintainedApps" option to software titles query (#26383)
This feature was requested by a customer that has since decided not to
continue using the MSP dashboard. We had identified some edge cases with
the feature that we wanted to add patches for, so rather than leave it
in the current state (which isn't being used) we decided to back the
code out entirely.

This is a revert of commit
8419b8e87a.
2025-02-18 10:46:47 -06:00
Jahziel Villasana-Espinoza
07486aef30
fix: update App Store app versions on an hourly basis (#26326)
> For #24222

# Checklist for submitter

If some of the following don't apply, delete the relevant line.

<!-- Note that API documentation changes are now addressed by the
product design team. -->

- [x] Changes file added for user-visible changes in `changes/`,
`orbit/changes/` or `ee/fleetd-chrome/changes`.
See [Changes
files](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/Committing-Changes.md#changes-files)
for more information.
- [x] Input data is properly validated, `SELECT *` is avoided, SQL
injection is prevented (using placeholders for values in statements)
- [x] Added/updated automated tests
- [x] A detailed QA plan exists on the associated ticket (if it isn't
there, work with the product group's QA engineer to add it)
- [x] Manual QA for all new/changed functionality
2025-02-17 14:56:24 -05:00
Gabriel Hernandez
63bec832aa
Feat UI host transfer delete warnings (#26287)
For #25656

changed the copy for the delete and transfer host modal to be more clear
about the disk encryption key behaviour

**delete host modal**


![image](https://github.com/user-attachments/assets/e2f74f3b-fdd1-4cae-970e-44035c7630af)

**Transfer host modal**


![image](https://github.com/user-attachments/assets/8271eaae-9d80-4385-9704-860d7dc02588)


If some of the following don't apply, delete the relevant line.

<!-- Note that API documentation changes are now addressed by the
product design team. -->

- [x] Changes file added for user-visible changes in `changes/`,
`orbit/changes/` or `ee/fleetd-chrome/changes`.
- [x ] Added/updated automated tests
- [x] Manual QA for all new/changed functionality
2025-02-17 13:25:22 +00:00
Jahziel Villasana-Espinoza
5e48e3d4f3
fix: add an index to mitigate vuln processing resource spikes (#26331)
> For #26178

# Checklist for submitter

## Data from testing

We tested the changes out by directly creating the index in our dogfood
env. We saw a decrease in resource usage, captured in these screenshots:

DB load (taller spike towards the left is without the index, subsequent
spikes are after the index was added)

![image
(1)](https://github.com/user-attachments/assets/141f8066-89e9-4a8e-ba7c-9fd3a09afea4)

DB load over a longer period (overnight 2025-02-12 -> 2025-02-13)

![Screenshot 2025-02-13 at 9 05
05 AM](https://github.com/user-attachments/assets/bb0c6744-537d-4aec-960b-d100c4285d00)

CPU utilization

![Screenshot 2025-02-13 at 10 25
17 AM](https://github.com/user-attachments/assets/eeea9ae5-5a10-4d50-91bc-3a806b359b39)

Memory usage

![Screenshot 2025-02-13 at 10 26
52 AM](https://github.com/user-attachments/assets/bb77cdd8-41ef-4d90-a707-70b6d2976a59)


---


If some of the following don't apply, delete the relevant line.

<!-- Note that API documentation changes are now addressed by the
product design team. -->

- [x] Changes file added for user-visible changes in `changes/`,
`orbit/changes/` or `ee/fleetd-chrome/changes`.
See [Changes
files](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/Committing-Changes.md#changes-files)
for more information.
- [x] Input data is properly validated, `SELECT *` is avoided, SQL
injection is prevented (using placeholders for values in statements)
- [x] If database migrations are included, checked table schema to
confirm autoupdate
- [x] A detailed QA plan exists on the associated ticket (if it isn't
there, work with the product group's QA engineer to add it)
- [x] Manual QA for all new/changed functionality
2025-02-14 12:53:41 -05:00
Dante Catalfamo
b2a8b5c70e
Add fix for software installers breaking with old fleet version (#26297)
#26283
2025-02-12 12:49:17 -05:00
Jahziel Villasana-Espinoza
c7881be451
fix: add check to max concurrency value (#26240)
> For #26177

# Checklist for submitter

If some of the following don't apply, delete the relevant line.

<!-- Note that API documentation changes are now addressed by the
product design team. -->

- [x] Changes file added for user-visible changes in `changes/`,
`orbit/changes/` or `ee/fleetd-chrome/changes`.
See [Changes
files](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/Committing-Changes.md#changes-files)
for more information.
- [x] Added/updated automated tests
- [x] Manual QA for all new/changed functionality
2025-02-12 12:24:35 -05:00
Ian Littman
30e5043919
Switch to a simpler, more reliable query for checking if the initial admin user has been added (#26012)
For #26011, follow-up work for #26003.

# Checklist for submitter

If some of the following don't apply, delete the relevant line.

<!-- Note that API documentation changes are now addressed by the
product design team. -->

- [x] Changes file added for user-visible changes in `changes/`,
`orbit/changes/` or `ee/fleetd-chrome/changes`.
See [Changes
files](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/Committing-Changes.md#changes-files)
for more information.
- [x] Input data is properly validated, `SELECT *` is avoided, SQL
injection is prevented (using placeholders for values in statements)
- [x] Added/updated automated tests
- [x] A detailed QA plan exists on the associated ticket (if it isn't
there, work with the product group's QA engineer to add it)
- [x] Manual QA for all new/changed functionality
2025-02-12 07:52:31 -06:00
Martin Angers
606df3f349
Upcoming Activities feature branch (#25450) 2025-02-11 14:53:11 -05:00
Sarah Gillespie
2dce287704
Update device user UI with improved instructions to turn on MDM (#26193) 2025-02-11 12:22:18 -06:00
Konstantin Sykulev
2b0be3771d
Removing usage of semver in resolved in version resolution (#26062)
The host software version and VersionEndExcluding did not always get
parsed by semver properly. Switching to using `SmartVerCmp` from the
nvdtools code. This is much more relaxed when parsing versions.

https://github.com/fleetdm/fleet/issues/24810

- [x] Changes file added for user-visible changes in `changes/`,
`orbit/changes/` or `ee/fleetd-chrome/changes`.
See [Changes
files](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/Committing-Changes.md#changes-files)
for more information.
- [x] Added/updated automated tests
- [ ] A detailed QA plan exists on the associated ticket (if it isn't
there, work with the product group's QA engineer to add it)
- [x] Manual QA for all new/changed functionality
2025-02-11 12:21:42 -06:00
Sarah Gillespie
daabdb6531
Disallow user-scoped profiles for Windows MDM (#26153) 2025-02-10 14:17:04 -06:00
Victor Lyuboslavsky
2eb5119efb
Clear bootstrap package and enrollment profile with GitOps (#26095)
For #25648 

Fixed issue where `fleetctl gitops` was NOT deleting macOS setup
experience bootstrap package and enrollment profile. GitOps should clear
all settings that are not explicitly set in YAML config files.

# Checklist for submitter

- [x] Changes file added for user-visible changes in `changes/`,
`orbit/changes/` or `ee/fleetd-chrome/changes`.
See [Changes
files](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/Committing-Changes.md#changes-files)
for more information.
- [x] Added/updated automated tests
- [x] A detailed QA plan exists on the associated ticket (if it isn't
there, work with the product group's QA engineer to add it)
- [x] Manual QA for all new/changed functionality
2025-02-07 14:35:51 -06:00
Dante Catalfamo
1a9f4012b3
Update wine to version 10, replace wine64 with wine (#25997)
#25872
2025-02-07 11:05:07 -05:00
Victor Lyuboslavsky
55423f67e2
Fixed parsing of relative paths for MDM profiles in gitops no-team.yml (#26046)
For #25770 

We already unmarshal macOS/Windows settings (added by Martin), so we
replace the path with an absolute file path and keep them unmarshalled
so they don't have to be re-unmarshalled later. Note: the custom
UnmarshalJSON method on these structs checks for (and handles) legacy
format (before labels were added).

Also some refactorings:
- extracted `extractControlsForNoTeam`
- reorganized `TestGitOpsBasicGlobalAndNoTeam` with subtests -- I did
not actually change functionality of this test

# Checklist for submitter

- [x] Changes file added for user-visible changes in `changes/`,
`orbit/changes/` or `ee/fleetd-chrome/changes`.
See [Changes
files](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/Committing-Changes.md#changes-files)
for more information.
- [x] Added/updated automated tests
- [x] A detailed QA plan exists on the associated ticket (if it isn't
there, work with the product group's QA engineer to add it)
- [x] Manual QA for all new/changed functionality
2025-02-06 16:39:15 -06:00
Scott Gress
3e3d19c6d4
Update policies and queries empty states (#26124)
For #23312 

# Overview

Update to previous work on Policies page to match expedited design.

## Details

* Remove the "all teams" verbiage in free edition
* Move the CTA (Add policy / Add query) buttons to the top right (where
they are in the non-empty state)
* Make Query page match Policies page with new verbiage and button
placement
* Remove "0 queries" label in Queries page header when there are no
queries, to be consistent with Policies.

## Screenshots

Policies page on All Teams w/ no results:
<img width="1055" alt="image"
src="https://github.com/user-attachments/assets/2e25bff4-db58-448c-b573-cc55425f1e46"
/>

"Add" button moved to top right.

---

Policies page on single team w/ no results:
<img width="1073" alt="image"
src="https://github.com/user-attachments/assets/1a9d69cf-c228-44f2-825a-ceab69e62075"
/>

"Add" button moved to top right.

---

Policies page on free tier w/ no results:
<img width="1055" alt="image"
src="https://github.com/user-attachments/assets/d557f139-3890-42b8-9fc9-1f943d5a3f26"
/>

"Add" button moved to top right, language now reads "You don't have any
policies".

---

Queries page on on All Teams w/ no results:
<img width="1057" alt="image"
src="https://github.com/user-attachments/assets/fc707460-37b1-465b-8e9b-32d14cfd2287"
/>

"Add" button moved to top right, no query count, language says "You
don't have any queries that apply to all teams"

---

Queries page on on single team w/ no results:
<img width="1051" alt="image"
src="https://github.com/user-attachments/assets/9c30502c-5ecb-4473-80c5-142419c7e676"
/>

"Add" button moved to top right, no query count, language says "You
don't have any queries that apply to this team"

---

Queries page on free tier w/ no results:
<img width="1050" alt="image"
src="https://github.com/user-attachments/assets/def51c25-53ac-4ee1-ab4c-48607aaae34d"
/>

"Add" button moved to top right, no query count
2025-02-06 11:25:43 -08:00
Dante Catalfamo
f8de2d9e50
Follow redis redirects by default (#26043)
#22791

This will prevent the occasional redirect from breaking live queries.
Customers can still disable the redirects by setting
`redis.cluster_follow_redirections` to `false`.
2025-02-06 13:32:31 -05:00
RachelElysia
44102f7299
Fleet UI: Fix small teamId routing bug (#26105) 2025-02-06 09:37:05 -05:00
Ian Littman
136e5f8a6e
Add CPE translation mapping for IntelliJ CE for Windows (#25971)
Won't solve the false positive issues due to version number mismatches,
but will fix the false negative where CE wasn't matching at all, and
this is a full fix for IJ CE installed via JetBrains Toolbox.

For #25662.

# Checklist for submitter

If some of the following don't apply, delete the relevant line.

<!-- Note that API documentation changes are now addressed by the
product design team. -->

- [x] Changes file added for user-visible changes in `changes/`,
`orbit/changes/` or `ee/fleetd-chrome/changes`.
See [Changes
files](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/Committing-Changes.md#changes-files)
for more information.
- [x] Added/updated automated tests
- [x] A detailed QA plan exists on the associated ticket (if it isn't
there, work with the product group's QA engineer to add it)
- [x] Manual QA for all new/changed functionality
2025-02-05 17:07:34 -06:00
jacobshandling
4b1472d4a6
UI -Only show new policy target checkboxes in modal (#26059)
## For #26049 


![ezgif-222a20b7ee822](https://github.com/user-attachments/assets/148e46a2-91bd-4636-b710-daa09c66a77c)

- [x] Changes file added for user-visible changes in `changes/`
- [x] Manual QA for all new/changed functionality

---------

Co-authored-by: Jacob Shandling <jacob@fleetdm.com>
2025-02-05 09:56:08 -08:00
Luke Heath
5e83ba6cc8
Adding changes for Fleet v4.63.0 (#25433) 2025-02-04 13:55:00 -06:00
RachelElysia
df8e753e71
Fleet UI: Consistent table row clickability (#26022) 2025-02-04 14:05:22 -05:00
Ian Littman
805a0e9179
Allow use of bash as a script interpreter (#25449)
For #24470.

---------

Co-authored-by: dantecatalfamo <dante.catalfamo@gmail.com>
Co-authored-by: Dante Catalfamo <43040593+dantecatalfamo@users.noreply.github.com>
2025-02-04 12:42:40 -05:00
jacobshandling
53afcecaff
UI – Add on-hover shadow and on row click functionality to script list items (#25995) 2025-02-04 09:27:52 -08:00
Victor Lyuboslavsky
a0497ecd77
Added debug logging to declaration configurations status. (#26020)
For #25812 

I am adding some debug logging for DDM configuration profile status to
assist in future potential debug. This change should have no noticeable
functional changes.

# Checklist for submitter

- [x] Changes file added for user-visible changes in `changes/`,
`orbit/changes/` or `ee/fleetd-chrome/changes`.
See [Changes
files](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/Committing-Changes.md#changes-files)
for more information.
- [x] Manual QA for all new/changed functionality
2025-02-04 11:15:29 -06:00
Gabriel Hernandez
686b56f892
update UI tooltip for deadline input on the os settings target form (#25980)
For #25159

This updates the os settings Target form deadline input tooltip to make
it more correct for how the
deadline works for hosts. Macos, ios, and iPad all return the same
tooltip text now.

- [x] Changes file added for user-visible changes in `changes/`,
`orbit/changes/` or `ee/fleetd-chrome/changes`.
- [x] Manual QA for all new/changed functionality
2025-02-04 15:14:41 +00:00
jacobshandling
ee47556053
UI - Fix team admin ability to edit MFA (#26002)
## For #25956 

- include the `mfa_enabled` field when rendering the edit user modal
- Include `mfa_enabled` as a changeable field in the form submission
logic


![ezgif-119080b112463](https://github.com/user-attachments/assets/83baafff-d7ec-4732-a5c0-c1878965d8ce)

- [x] Changes file added for user-visible changes in `changes/`
- [x] A detailed QA plan exists on the associated ticket (if it isn't
there, work with the product group's QA engineer to add it)
- [x] Manual QA for all new/changed functionality

---------

Co-authored-by: Jacob Shandling <jacob@fleetdm.com>
2025-02-03 17:03:22 -08:00
Dante Catalfamo
de58010510
Edit script modal (#25926)
For #24601

- [x] Changes file added for user-visible changes in `changes/`,
`orbit/changes/` or `ee/fleetd-chrome/changes`.
See [Changes
files](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/Committing-Changes.md#changes-files)
for more information.
- [x] A detailed QA plan exists on the associated ticket (if it isn't
there, work with the product group's QA engineer to add it)
	- Click pencil
	- Edit script
	- Save
	- Check script was saved
	- Check activities
- [x] Manual QA for all new/changed functionality
2025-02-03 14:27:44 -08:00
RachelElysia
28d458b948
Fleet UI: Add target labels for VPP apps (#25815) 2025-02-03 17:10:22 -05:00
jacobshandling
dcc94cd534
UI - Fix policies team pagination (#25744)
## For #24886 

### [Demo
video](https://drive.google.com/file/d/1yjhxohFTPP0RvHIyZvMn9m0l3oepus8L/view?usp=sharing)

- [x] Changes file added for user-visible changes in `changes/`
- [x] Manual QA for all new/changed functionality

---------

Co-authored-by: Jacob Shandling <jacob@fleetdm.com>
2025-02-03 13:02:28 -08:00
jacobshandling
a4c6c2375a
change file (#25962)
## Change file for #25305 which was a community contribution

Co-authored-by: Jacob Shandling <jacob@fleetdm.com>
2025-02-03 11:25:10 -08:00
Konstantin Sykulev
1b02fbb617
Added software_titles unique index idx_unique_sw_titles (#25794)
For #25235

This allows software with different names but the same bundle identifier
to be grouped under the same title. It also allows for software with the
same name but different bundle identifiers to be under two separate
titles.

- [x] Changes file added for user-visible changes in `changes/`,
`orbit/changes/` or `ee/fleetd-chrome/changes`.
See [Changes
files](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/Committing-Changes.md#changes-files)
for more information.
- [x] If database migrations are included, checked table schema to
confirm autoupdate
- For database migrations:
- [x] Checked schema for all modified table for columns that will
auto-update timestamps during migration.
- [x] Confirmed that updating the timestamps is acceptable, and will not
cause unwanted side effects.
- [x] Ensured the correct collation is explicitly set for character
columns (`COLLATE utf8mb4_unicode_ci`).
- [x] Added/updated automated tests
- [x] A detailed QA plan exists on the associated ticket (if it isn't
there, work with the product group's QA engineer to add it)
- [x] Manual QA for all new/changed functionality
2025-02-03 13:23:21 -06:00
Sarah Gillespie
57ae189f86
Fix issue related to verification of Windows disk encryption (#25875) 2025-02-03 09:31:00 -06:00
Ian Littman
9145709c0e
Switch "Disk encryption" casing for Windows/Linux profiles (#25801)
For #25191

# Checklist for submitter

If some of the following don't apply, delete the relevant line.

- [x] Changes file added for user-visible changes in `changes/`,
`orbit/changes/` or `ee/fleetd-chrome/changes`.
See [Changes
files](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/Committing-Changes.md#changes-files)
for more information.
- [x] Manual QA for all new/changed functionality

I can QA this later but @RachelElysia lmk if you can beat me to it.
Requires a Linux host and a Windows host enrolled, which I'll have soon
but don't have right this second.
2025-02-01 20:14:03 -06:00
Lucas Manuel Rodriguez
1b03714dff
Added support for event format on query reports (#25876)
For #23465.

- [X] Changes file added for user-visible changes in `changes/`,
`orbit/changes/` or `ee/fleetd-chrome/changes`.
See [Changes
files](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/Committing-Changes.md#changes-files)
for more information.
- [X] Added/updated automated tests
- [x] A detailed QA plan exists on the associated ticket (if it isn't
there, work with the product group's QA engineer to add it)
- [X] Manual QA for all new/changed functionality
2025-01-31 16:26:24 -03:00
jacobshandling
fa7a6c810f
UI - Replace "Include Fleet desktop" with host type radio selection buttons when adding Windows or Linux hosts. (#25914)
## For #25306 


![ezgif-548801a08fef2](https://github.com/user-attachments/assets/e91c7c18-50e8-4a69-aad8-6c97ebc59bce)


- [x] Changes file added for user-visible changes in `changes/`
- [x] Manual QA for all new/changed functionality

---------

Co-authored-by: Jacob Shandling <jacob@fleetdm.com>
2025-01-31 10:37:15 -08:00
Scott Gress
764bc1dd68
Update tooltip for query compatibility (#25892)
For #25553 

# Checklist for submitter

<!-- Note that API documentation changes are now addressed by the
product design team. -->

- [X] Changes file added for user-visible changes in `changes/`,
`orbit/changes/` or `ee/fleetd-chrome/changes`.
See [Changes
files](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/Committing-Changes.md#changes-files)
for more information.

Quick update to the "compatibility" tooltip to clarify that it applies
only to tables, and user should check the columns they use to ensure
full compatibility.

<img width="327" alt="image"
src="https://github.com/user-attachments/assets/50c69a40-26c3-4b1a-8792-72925e1f41bc"
/>
2025-01-31 09:56:12 -06:00
Scott Gress
1cd37ef966
Update NewLabel method to use more efficient update mechanism (#25777)
For #25555 

# Checklist for submitter

- [X] Changes file added for user-visible changes in `changes/`,
`orbit/changes/` or `ee/fleetd-chrome/changes`.
See [Changes
files](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/Committing-Changes.md#changes-files)
for more information.
- [X] Input data is properly validated, `SELECT *` is avoided, SQL
injection is prevented (using placeholders for values in statements)

This PR updates the `NewLabel` service to use the
`UpdateLabelMembershipByHostIDs` method previously added by
@jacobshandling rather than using `ApplyLabels`. The latter method has
performance issues when adding large numbers of hosts at once to a
manual label (see #25555) because it does an expensive lookup of host
names before transforming those into Fleet host IDs. The new code skips
the middleman and transforms host identifiers directly to Fleet host
IDs, and does so using a batching strategy to ensure the queries don't
get too large.

This PR does update `UpdateLabelMembershipByHostIDs` slightly to return
an updated Label object and host IDs array, as this is the expected
return value for `NewLabel`. I update the method's tests accordingly. I
don't think any new tests for `NewLabel` are needed as it should have
the same functionality and return values.

## Manual Testing

On the main branch, I launched my local MySQL with the thread stack size
set to the minimal allowed, and used the API to try and create a new
label with 5,000 hosts attached, and received a 422 response from the
server. Server logs showed:
```
level=error ts=2025-01-28T15:08:20.465401Z component=http user=scott@fleetdm.com method=POST 
uri=/api/latest/fleet/labels took=16.610292ms err="get hostnames by identifiers: Error 1436 (HY000): Thread stack 
overrun:  111136 bytes used of a 131072 byte stack, and 20000 bytes needed.  Use 'mysqld --thread_stack=#' to specify 
a bigger stack."
```

On this branch, I kept the same MySQL settings and tried my API request
again and it was successful:
<img width="776" alt="image"
src="https://github.com/user-attachments/assets/c4f0f52b-4d09-457b-8096-4dd3a747b1f4"
/>

## QA

The script I used to create a new manual label with lots of hosts is at:
https://gist.github.com/sgress454/84f12064c437da456c456e25c26d9069

To run it, first grab a bearer token from any API request by opening the
network tab, clicking a Fleet API request, and in the headers tab
scrolling down to Authorization:
<img width="892" alt="image"
src="https://github.com/user-attachments/assets/5680f3bf-8db8-469a-9f03-000b86622c04"
/>
(only take the part _after_ "Bearer")

Then download the script from that gist and in its folder run:
```
NODE_TLS_REJECT_UNAUTHORIZED=0 node ./add_hosts_to_label.js <the bearer token> "<a label name>"
```
e.g.
```
NODE_TLS_REJECT_UNAUTHORIZED=0 node ./add_hosts_to_label.js U3HpbdtadmJXGKYSB0U/PbwfOpHbBt7FpkWmGKKYolOO1moLNZA6XxP+QO5LVukvAotZ7d+JbNUEEhYHZtxoqg== "some test label"
```
This will invoke the API on https://localhost:8080 and try to add 5000
hosts a new label "some test label".

If you need to change the # of hosts or the url of the server, there are
additional arguments:
```
NODE_TLS_REJECT_UNAUTHORIZED=0 node ./add_hosts_to_label.js <the bearer token> "<a label name>" <number of hosts> <url>
```
e.g.
```
NODE_TLS_REJECT_UNAUTHORIZED=0 node ./add_hosts_to_label.js U3HpbdtadmJXGKYSB0U/PbwfOpHbBt7FpkWmGKKYolOO1moLNZA6XxP+QO5LVukvAotZ7d+JbNUEEhYHZtxoqg== "some test label" 10000 https://foo.bar
```
2025-01-31 09:19:36 -06:00
Gabriel Hernandez
49fe510ab0
fix for window profiles error message being cut off on OS settings modal (#25922)
relates to #24901

Fixes an issue where the error messages were being cut off for windows
profiles in the OS settings modal. Also added some tests for this
component.


![image](https://github.com/user-attachments/assets/16382a83-d92e-4c44-96ea-18416663700e)

- [x] Changes file added for user-visible changes in `changes/`,
`orbit/changes/` or `ee/fleetd-chrome/changes`.
- [x] Added/updated automated tests
- [x] Manual QA for all new/changed functionality
2025-01-31 14:40:24 +00:00
Gabriel Hernandez
eb9b1d615c
improve verified and verifying tooltips in profile status UI (#25886)
Fpr #24824

Updates the verified and verifying tooltips to be a bit more clear on
the Profile Status Aggregate component/

<!-- Note that API documentation changes are now addressed by the
product design team. -->

- [x] Changes file added for user-visible changes in `changes/`,
`orbit/changes/` or `ee/fleetd-chrome/changes`.
- [x] Manual QA for all new/changed functionality
2025-01-31 12:24:31 +00:00
Luke Heath
8d5154c015
Build fleetctl linux arm64 binary (#25905) 2025-01-30 15:39:53 -06:00
Dante Catalfamo
3c8033fa8e
Edible Scripts Backend (#25739)
#24602
2025-01-30 13:01:51 -05:00
jacobshandling
8d9ca0eabf
Require a password when changing a user from SSO to password-based authentication (#25843)
## For #24754

- Backend:
- Return an error when a PATCH attempts to update a user's
authentication from SSO to password but doesn't include a password
  - Add checks to integration test.
- Frontend:
- Form error when attempting to switch a user who is currently
SSO-authed to password without a password
- Refactor upstream inherited errors to allow for disabling the form
submission button when errors are present
  - Other improvements to user form validation

**[UI
Demo](https://drive.google.com/file/d/1-BIzCpqu0zjYHf7zxiZL_7kVoE2sLwtx/view?usp=sharing)**
**[API
Demo](https://drive.google.com/file/d/19lQ7Pvfmq3MwEjHw0_r9IoxVuNaSNwGb/view?usp=sharing)**

<img width="994" alt="Screenshot 2025-01-28 at 3 38 11 PM"
src="https://github.com/user-attachments/assets/304f8def-2656-43f7-97e5-8be1fc679814"
/>

<img width="660" alt="Screenshot 2025-01-28 at 3 39 41 PM"
src="https://github.com/user-attachments/assets/77283520-b313-4743-96df-06c55e573496"
/>


- [x] Changes file added for user-visible changes in `changes/`
- [x] Added/updated automated tests
- [ ] A detailed QA plan exists on the associated ticket (if it isn't
there, work with the product group's QA engineer to add it)
- [x] Manual QA for all new/changed functionality

---------

Co-authored-by: Jacob Shandling <jacob@fleetdm.com>
2025-01-30 09:32:11 -08:00
Scott Gress
8419b8e87a
Add "ExcludeFleetMaintainedApps" option to software titles query (#25649)
for #25427 

# Checklist for submitter

<!-- Note that API documentation changes are now addressed by the
product design team. -->

- [X] Changes file added for user-visible changes in `changes/`,
`orbit/changes/` or `ee/fleetd-chrome/changes`.
See [Changes
files](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/Committing-Changes.md#changes-files)
for more information.
- [X] Input data is properly validated, `SELECT *` is avoided, SQL
injection is prevented (using placeholders for values in statements)

This PR adds a new `ExcludeFleetMaintainedApps` option to the
ListSoftwareTitles datastore method, and the equivalent
`exclude_fleet_maintained_apps` to the `GET
/api/v1/fleet/software/titles` API.

The new functionality works by doing a left join from the
`software_titles` table to the `fleet_library_apps` table by bundle
identifier, and excluding any rows that are present in the
`fleet_library_apps` table.

New tests verify that the filtering works as expected and doesn't
interfere with other functions of the method.
2025-01-30 11:22:12 -06:00
RachelElysia
c6a7868ce5
Fleet UI: New Dashboard host count cards (+ their responsiveness to 320px) (#25694) 2025-01-29 15:15:49 -05:00
Sharon Katz
b07d8bee6b
increase stats freq to 1H (#16865) 2025-01-29 15:08:44 -05:00
Scott Gress
e247a3b871
Update policies page empty state (#25726)
for #23312 

# Checklist for submitter

- [X] Changes file added for user-visible changes in `changes/`,
`orbit/changes/` or `ee/fleetd-chrome/changes`.
See [Changes
files](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/Committing-Changes.md#changes-files)
for more information.

This PR updates the verbiage on the Policies page when no policies are
present for the selected team (or All Teams). It also does a little bit
of code cleanup. Existing test was updated and a new test added. I've
also added VSCode test runners to easily run Jest tests from the IDE.

The [original request](https://github.com/fleetdm/fleet/issues/23073)
mentioned removing the button from the page if All Teams is selected,
but I don't think we should do that -- you can add All Teams policies
with it.

## Screenshots

Empty state for "All teams" (admin):
<img width="658" alt="image"
src="https://github.com/user-attachments/assets/3db674ef-b83e-4a4f-9ba9-adaf0ff17d3d"
/>

Empty state for a team (admin):
<img width="699" alt="image"
src="https://github.com/user-attachments/assets/49b966ff-f335-43c6-b1ed-b6f11b167c68"
/>

Empty state for "All teams" (non-admin):
<img width="663" alt="image"
src="https://github.com/user-attachments/assets/b9685b40-3b42-43f0-a0ff-09602b9d532a"
/>

Empty state for a team (non-admin):
<img width="643" alt="image"
src="https://github.com/user-attachments/assets/034566d2-7c1b-42c8-8655-99447193d099"
/>
2025-01-29 11:12:28 -06:00
Gabriel Hernandez
1c5f13589f
fix 500 page when filtering by vulnerabilities on host software (#25816)
For #25735

This is a fix for the 500 page appearing when filtering for vulnerable
software on the host details page.

Also adds some missing docs for vulnerable query param filter on `GET
hosts/:id/software` endpoint

- [x] Changes file added for user-visible changes in `changes/`,
`orbit/changes/` or `ee/fleetd-chrome/changes`.
See [Changes
files](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/Committing-Changes.md#changes-files)
for more information.
- [x] Manual QA for all new/changed functionality
2025-01-29 12:09:28 +00:00
jacobshandling
1d582260ca
UI - Maintain user's updates to the team agent options form when they navigate away and back again (#25803)
## For #24035 

- disable associated `useQuery`'s `refetchOnWindowFocus`


![ezgif-7c05abdfe4c30](https://github.com/user-attachments/assets/434e8b9e-a795-4173-8875-794736620753)

- [x] Changes file added for user-visible changes in `changes/`
- [x] Manual QA for all new/changed functionality

---------

Co-authored-by: Jacob Shandling <jacob@fleetdm.com>
2025-01-28 15:20:46 -08:00
Lucas Manuel Rodriguez
a4db139e82
Remove fleetctl binary from fleetdm/fleet image and remove unused Dockerfile (#25749)
For #25748.

Manually tested by:
1. Building a `fleet` executable for Linux on a Ubuntu VM (with
`-extldflags "-static"`) for Alpine.
2. Placing the executable in `tools/fleet-docker`.
3. Building a local docker image using `docker build -t
fleetdm/fleet:v42.42.42 --platform=linux/amd64 .`.
4. Running the docker image (using `docker run`) and use Fleet on the
browser.
```
docker run -v $(pwd)/../osquery:/run -p 8412:8412 -e FLEET_MYSQL_ADDRESS=host.docker.internal:3306 -e FLEET_MYSQL_DATABASE=fleet -e FLEET_MYSQL_USERNAME=fleet -e FLEET_MYSQL_PASSWORD=insecure -e FLEET_REDIS_ADDRESS=host.docker.internal:6379 -e FLEET_SERVER_ADDRESS=0.0.0.0:8412 -e FLEET_SERVER_CERT=/run/fleet.crt -e FLEET_SERVER_KEY=/run/fleet.key -e FLEET_LOGGING_JSON='true' -e FLEET_VULNERABILITIES_CURRENT_INSTANCE_CHECKS="yes" -e FLEET_VULNERABILITIES_DATABASES_PATH=/vulndb -e FLEET_LOGGING_DEBUG='true' -it fleetdm/fleet:v42.42.42
```

- [X] Changes file added for user-visible changes in `changes/`,
`orbit/changes/` or `ee/fleetd-chrome/changes`.
See [Changes
files](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/Committing-Changes.md#changes-files)
for more information.
- [x] Manual QA for all new/changed functionality
2025-01-28 19:58:20 -03:00
jacobshandling
a5eceb8605
UI - Improve handling of long team names by teams dropdown (#25802)
## For #23924 

- Disallow text wrapping on the "manage hosts" button
- Allow dynamic width of teams dropdown values
- Hide and ellipsize team name overflow from dropdown container



![ezgif-748697f5cc45e](https://github.com/user-attachments/assets/751c0032-b8d5-4402-94dd-aae804e0e9ba)


![ezgif-7d1797450417e](https://github.com/user-attachments/assets/c40ce7a5-3c9a-485b-95e3-c9af20c79a23)

- [x] Changes file added for user-visible changes in `changes/`
- [x] Manual QA for all new/changed functionality

---------

Co-authored-by: Jacob Shandling <jacob@fleetdm.com>
2025-01-28 10:27:02 -08:00
Dante Catalfamo
05fe5b78ea
Utilize custom SMTP domain if set (#25669)
#25241

---------

Co-authored-by: Tommy McCormick <mccormickt9@gmail.com>
2025-01-28 11:10:52 -05:00
RachelElysia
9b70a2c819
Fleet UI: Surface download URL for Fleet-maintained app when adding (#25762) 2025-01-27 16:23:08 -05:00
RachelElysia
98f0728cee
Fleet UI: Update FMA API errors in UI (#25646) 2025-01-27 15:32:12 -05:00
Victor Lyuboslavsky
89e314e86e
Illegal argument errors will no longer be logged at the ERROR level (#25761)
For #25759 

# Checklist for submitter

- [x] Changes file added for user-visible changes in `changes/`,
`orbit/changes/` or `ee/fleetd-chrome/changes`.
See [Changes
files](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/Committing-Changes.md#changes-files)
for more information.
- [x] A detailed QA plan exists on the associated ticket (if it isn't
there, work with the product group's QA engineer to add it)
- [x] Manual QA for all new/changed functionality
2025-01-27 14:03:38 -06:00
Ian Littman
8ee29dc895
Include current host status and pending action in lock, unlock, and wipe API calls (#25754)
For #23241.

# Checklist for submitter

If some of the following don't apply, delete the relevant line.

<!-- Note that API documentation changes are now addressed by the
product design team. -->

- [x] Changes file added for user-visible changes in `changes/`,
`orbit/changes/` or `ee/fleetd-chrome/changes`.
See [Changes
files](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/Committing-Changes.md#changes-files)
for more information.
- [x] Added/updated automated tests
- [x] A detailed QA plan exists on the associated ticket (if it isn't
there, work with the product group's QA engineer to add it)
- [x] Manual QA for all new/changed functionality
- [x] Docs re-PR'd
2025-01-27 12:06:09 -06:00
RachelElysia
42d7227611
Fleet UI: Fix Manage automation dropdown styling (#25753) 2025-01-27 09:14:16 -05:00
Jordan Wright
d074ba2b48
Fix incorrect source in device mapping REST API docs (#25641)
### Summary

This PR closes #25640 by fixing the incorrect `source` value in the
device mapping REST API docs.

The real value is `mdm_idp_accounts` which can be found
[here](15ac793238/server/fleet/hosts.go (L894)).

### Test Plan

- [x] Changes file added for user-visible changes in `changes/`,
`orbit/changes/` or `ee/fleetd-chrome/changes`.
See [Changes
files](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/Committing-Changes.md#changes-files)
for more information.

I couldn't find any other references to `identity_provider`, so I think
these two were all of them.
2025-01-24 16:32:03 -06:00
jacobshandling
55fd95d760
UI – Updates to confirm invite flow (#25583)
## For #24486 

- Check invite validity before rendering form, error if invalid
- Use data returned from validity check to pre-populate form
- Remove dependence of flow on URL params other than token
- Remove other URL params from link generated in invite confirmation
email
- Refactor form from JS to TS
- Refactor form from class to functional components
- Cleanup unused logic
- Improve error handling

**Invalid invite**

![invalid](https://github.com/user-attachments/assets/c42c47ca-6a0d-4112-89ea-68b77e748d12)


**Valid invite**

![valid-login-flow](https://github.com/user-attachments/assets/f2b97306-a1bd-47be-9725-968a3c4ad8a8)



- [x] Changes file added for user-visible changes in `changes/`
- [x] Updated tests
- [ ] A detailed QA plan exists on the associated ticket (if it isn't
there, work with the product group's QA engineer to add it)
- [x] Manual QA for all new/changed functionality

---------

Co-authored-by: Jacob Shandling <jacob@fleetdm.com>
2025-01-24 10:55:39 -08:00
Scott Gress
382a2f132e
Hide manage automations from maintainers (#25727)
for #25346

# Checklist for submitter

If some of the following don't apply, delete the relevant line.

<!-- Note that API documentation changes are now addressed by the
product design team. -->

- [X] Changes file added for user-visible changes in `changes/`,
`orbit/changes/` or `ee/fleetd-chrome/changes`.
See [Changes
files](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/Committing-Changes.md#changes-files)
for more information.

This PR removes the "manage automations" link in the activity feed for
anyone who isn't an admin. Previously this link appeared for maintainers
as well, but they [don't have
permission](https://github.com/fleetdm/fleet/blob/sgress454/23312-update-all-teams-policies-empty-state/articles/role-based-access.md#user-permissions)
to manage automations.
2025-01-24 11:17:14 -06:00
RachelElysia
3060f452c2
Fleet UI: Fix user management page overflow (#25733) 2025-01-24 10:06:49 -05:00
jacobshandling
f93b869f26
Update label membership by host IDs directly (#25687)
## For #25261 

<img width="826" alt="Screenshot 2025-01-23 at 11 07 19 AM"
src="https://github.com/user-attachments/assets/3a2f5d75-c0bf-445a-80dc-976914ff434e"
/>

### [Demo
video](https://drive.google.com/file/d/1ZFcrizkZ6zNODnTXjRC1f-Oeght5zOP4/view?usp=sharing)
- [x] Changes file added for user-visible changes in `changes/`, 
- [x] Added/updated automated tests
- [ ] A detailed QA plan exists on the associated ticket (if it isn't
there, work with the product group's QA engineer to add it)
- [x] Manual QA for all new/changed functionality

---------

Co-authored-by: Jacob Shandling <jacob@fleetdm.com>
2025-01-23 12:38:57 -08:00
Lucas Manuel Rodriguez
148d914f01
Optimize software_titles query to use indexes (#25722)
For #25160.

Measured improvement by splitting the MySQL query into two queries to
use the indexes more efficiently:
- ~8s vs ~100ms for ~30k entries in software_titles for ~1.7k incoming
software without bundle_identifier (linux software).
- ~1.64s vs ~2ms for 25k entries in software_titles and ~500 incoming
new software with bundle_identifier + ~200 new software without
bundle_identifier (macOS software).

---

- [X] Changes file added for user-visible changes in `changes/`,
`orbit/changes/` or `ee/fleetd-chrome/changes`.
See [Changes
files](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/Committing-Changes.md#changes-files)
for more information.
- [X] Input data is properly validated, `SELECT *` is avoided, SQL
injection is prevented (using placeholders for values in statements)
- [X] Added support on fleet's osquery simulator `cmd/osquery-perf` for
new osquery data ingestion features.
- [X] Added/updated automated tests
- [x] A detailed QA plan exists on the associated ticket (if it isn't
there, work with the product group's QA engineer to add it)
- [X] Manual QA for all new/changed functionality
2025-01-23 15:48:21 -03:00
Konstantin Sykulev
84e3c2fb76
Added url property on get fleet maintained app endpoint (#25660)
for https://github.com/fleetdm/fleet/issues/25251

- [x] Changes file added for user-visible changes in `changes/`,
`orbit/changes/` or `ee/fleetd-chrome/changes`.
See [Changes
files](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/Committing-Changes.md#changes-files)
for more information.
- [x] Added/updated automated tests
2025-01-23 10:23:05 -06:00
Konstantin Sykulev
d8930250f8
Added util func around semver to allow for custom preprocessing. Upgraded semver lib (#25437)
For https://github.com/fleetdm/fleet/issues/22919

- [x] Changes file added for user-visible changes in `changes/`,
`orbit/changes/` or `ee/fleetd-chrome/changes`.
See [Changes
files](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/Committing-Changes.md#changes-files)
for more information.
- [x] Added/updated automated tests
- [ ] A detailed QA plan exists on the associated ticket (if it isn't
there, work with the product group's QA engineer to add it)
- [ ] Manual QA for all new/changed functionality
2025-01-23 10:21:15 -06:00
Gabriel Hernandez
a3b06fa0f6
normalise spacing for lists and help text across various modals (#25663)
For #24992

Normalises the padding around lists, list headers, and help text across
various modals.

**manage automation modal:**


![image](https://github.com/user-attachments/assets/bd5fa4cc-7ef0-4030-92fe-3d4914c2fa8c)

**calander events modal:**


![image](https://github.com/user-attachments/assets/9f284a5a-ec8a-46fb-acf8-b205eb31fc60)

**install software policy modal:**


![image](https://github.com/user-attachments/assets/eaf961a3-87c4-4e45-b3f8-5b2d64eb346d)

**Run script policy modal**


![image](https://github.com/user-attachments/assets/6b2d75de-5a6c-4c0f-b82b-5f8006fc9ab0)


- [x] Changes file added for user-visible changes in `changes/`,
`orbit/changes/` or `ee/fleetd-chrome/changes`.
- [x] Manual QA for all new/changed functionality
2025-01-23 15:47:38 +00:00
jacobshandling
126426b213
UI - Update metadata error states on Sso settings form (#25614)
## For #25318 

<img width="1464" alt="Screenshot 2025-01-20 at 12 29 32 PM"
src="https://github.com/user-attachments/assets/80512d78-03e6-40fe-a098-109b0c731fe7"
/>

- [x] Changes file added for user-visible changes in `changes/`
- [x] Manual QA for all new/changed functionality

---------

Co-authored-by: Jacob Shandling <jacob@fleetdm.com>
2025-01-22 15:01:52 -08:00
Victor Lyuboslavsky
62b7412243
Disk encryption keys are now archived when created/updated (#25638)
For #25609 

Manual QA in progress. Putting this "In Review" since it is a P1.

Video explaining the PR: https://youtu.be/bUwIdjBLqiM

# Checklist for submitter

- [x] Changes file added for user-visible changes in `changes/`,
`orbit/changes/` or `ee/fleetd-chrome/changes`.
- [x] If database migrations are included, checked table schema to
confirm autoupdate
- For database migrations:
- [x] Checked schema for all modified table for columns that will
auto-update timestamps during migration.
- [x] Confirmed that updating the timestamps is acceptable, and will not
cause unwanted side effects.
- [x] Ensured the correct collation is explicitly set for character
columns (`COLLATE utf8mb4_unicode_ci`).
- [x] Added/updated automated tests
- [x] A detailed QA plan exists on the associated ticket (if it isn't
there, work with the product group's QA engineer to add it)
- [x] Manual QA for all new/changed functionality
2025-01-22 14:54:40 -06:00
Dante Catalfamo
347c65b5c6
Add options to populate users and labels on list hosts endpoint (#25621)
#22464

---------

Co-authored-by: Lucas Manuel Rodriguez <lucas@fleetdm.com>
2025-01-22 11:17:26 -05:00
Dante Catalfamo
3e06ca21d9
Delete duplicate linux lock/wipe scripts (#25611)
#22544

The Linux wipe/lock scripts have lived as duplicated in two locations
for a long time. This removes the copy that isn't used.

The remaining scripts in the `ee/server/service/embedded_scripts` folder
are pulled in here.

12d8017ff9/ee/server/service/hosts.go (L499-L508)

It looks like the `wipe` script in `scripts/mdm/linux` was even slightly
out of date compared with the one in the `ee/` folder.
2025-01-22 10:46:59 -05:00
RachelElysia
c4a556618f
Fleet UI: Updates to dropdown selected states (#25635) 2025-01-22 10:22:59 -05:00
Jahziel Villasana-Espinoza
bb8054bbcd
fix: correctly get VPP token ID when doing a renewal (#25657)
> For #25567

# Checklist for submitter

If some of the following don't apply, delete the relevant line.

<!-- Note that API documentation changes are now addressed by the
product design team. -->

- [x] Changes file added for user-visible changes in `changes/`,
`orbit/changes/` or `ee/fleetd-chrome/changes`.
See [Changes
files](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/Committing-Changes.md#changes-files)
for more information.
- [x] Added/updated automated tests
- [x] A detailed QA plan exists on the associated ticket (if it isn't
there, work with the product group's QA engineer to add it)
- [x] Manual QA for all new/changed functionality

---------

Co-authored-by: Ian Littman <iansltx@gmail.com>
2025-01-22 09:55:49 -05:00
Dante Catalfamo
ee54c67187
Add link to learn more about installing fleetd (#25610)
#25307
2025-01-22 09:19:10 -05:00
Ian Littman
26de929d97
Compress CSS and JS with gzip before serving to reduce load time/page weight (#25658)
For #24732.

# Checklist for submitter

If some of the following don't apply, delete the relevant line.

<!-- Note that API documentation changes are now addressed by the
product design team. -->

- [x] Changes file added for user-visible changes in `changes/`,
`orbit/changes/` or `ee/fleetd-chrome/changes`.
See [Changes
files](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/Committing-Changes.md#changes-files)
for more information.
- [x] A detailed QA plan exists on the associated ticket (if it isn't
there, work with the product group's QA engineer to add it)
- [x] Manual QA for all new/changed functionality
2025-01-21 20:15:08 -06:00
Ian Littman
4792d0bf7b
Map product/vendor for homebrew "pass" package, skip "jira" python package as it has no CVEs (#25626)
For #25597. Needs to be QA'd pre-merge /cc @jmwatts 

# Checklist for submitter

If some of the following don't apply, delete the relevant line.

<!-- Note that API documentation changes are now addressed by the
product design team. -->

- [x] Changes file added for user-visible changes in `changes/`,
`orbit/changes/` or `ee/fleetd-chrome/changes`.
See [Changes
files](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/Committing-Changes.md#changes-files)
for more information.
- [x] Added/updated automated tests
- [x] A detailed QA plan exists on the associated ticket (if it isn't
there, work with the product group's QA engineer to add it)
- [x] Manual QA for all new/changed functionality
2025-01-21 15:34:44 -06:00
Dante Catalfamo
1ad76c5253
Fix upcoming activities for ABM-deleted hosts (#25530)
#22353
2025-01-21 15:26:00 -05:00
Gabriel Hernandez
027bf09eac
update message for failed windows disk encryption and dont show resend button (#25630)
For #21691

This fixes an issue for windows disk encryption profiles. We now disable
to resend button and add some messaging to the user that this will retry
automatically.


![image](https://github.com/user-attachments/assets/58eb57cb-1e28-4820-ba91-fdd7513a7b00)

- [x] Changes file added for user-visible changes in `changes/`,
`orbit/changes/` or `ee/fleetd-chrome/changes`.
- [x] Manual QA for all new/changed functionality
2025-01-21 17:07:44 +00:00
Victor Lyuboslavsky
086099631e
Fix issue where Windows MDM profiles are not sent to offline hosts (#25619)
For #25615 

The actual fix is these two lines, where we only delete the command from
the queue for the specific host we're processing:
```
const dequeueCommandsStmt = `DELETE FROM windows_mdm_command_queue WHERE enrollment_id = ? AND command_uuid IN (?)`
stmt, params, err = sqlx.In(dequeueCommandsStmt, enrolledDevice.ID, matchingUUIDs)
```

Everything else is tests, cleanup, refactoring for readability.

# Checklist for submitter

- [x] Changes file added for user-visible changes in `changes/`,
`orbit/changes/` or `ee/fleetd-chrome/changes`.
See [Changes
files](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/Committing-Changes.md#changes-files)
for more information.
- [x] Added/updated automated tests
- [x] A detailed QA plan exists on the associated ticket (if it isn't
there, work with the product group's QA engineer to add it)
- [x] Manual QA for all new/changed functionality
2025-01-21 09:59:32 -06:00
Ian Littman
65f9ef4967
Bump Node version to 20.18.1 (#25591)
For #25590.

# Checklist for submitter

If some of the following don't apply, delete the relevant line.

<!-- Note that API documentation changes are now addressed by the
product design team. -->

- [x] Changes file added for user-visible changes in `changes/`,
`orbit/changes/` or `ee/fleetd-chrome/changes`.
See [Changes
files](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/Committing-Changes.md#changes-files)
for more information.
- [x] Manual QA for all new/changed functionality
2025-01-20 15:50:28 -06:00
Ian Littman
66045dbb26
Allow software installers with unknown versions through rather than failing the upload (#25426)
For #25201.

<img width="435" alt="image"
src="https://github.com/user-attachments/assets/c499902b-d461-4621-b2fc-7cb845ce71c4"
/>

# Checklist for submitter

If some of the following don't apply, delete the relevant line.

<!-- Note that API documentation changes are now addressed by the
product design team. -->

- [x] Changes file added for user-visible changes in `changes/`,
`orbit/changes/` or `ee/fleetd-chrome/changes`.
See [Changes
files](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/Committing-Changes.md#changes-files)
for more information.
- [x] Input data is properly validated, `SELECT *` is avoided, SQL
injection is prevented (using placeholders for values in statements)
- [x] Added/updated automated tests
- [x] A detailed QA plan exists on the associated ticket (if it isn't
there, work with the product group's QA engineer to add it)
- [x] Manual QA for all new/changed functionality
2025-01-20 11:49:52 -06:00
Victor Lyuboslavsky
a7b5aee6c2
Allow Windows SessionID=0 (#25582)
For #25581 

# Checklist for submitter

- [x] Changes file added for user-visible changes in `changes/`,
`orbit/changes/` or `ee/fleetd-chrome/changes`.
- [x] Added/updated automated tests
- [x] Manual QA for all new/changed functionality
2025-01-20 09:12:33 -06:00
Gabriel Hernandez
cdefa0c9e9
Chore rework UI activities (#25539)
For #23912

new UI for activities on the global, past, and upcoming feeds. These are
the same changes in [this
PR](https://github.com/fleetdm/fleet/pull/25329), except we are
reverting the changes around fleet initiated activities as that is not
in the current activities API.

We are doing this so that the new activities can go out in a release
while the backend is still being built and will be ready later.

> NOTE: this does contain the code for cancel activity functionality but
it hidden from the user.

- [x] Changes file added for user-visible changes in `changes/`,
`orbit/changes/` or `ee/fleetd-chrome/changes`.
- [x] Added/updated automated tests
- [x] Manual QA for all new/changed functionality
2025-01-20 10:39:46 +00:00
Luke Heath
7a04f879f8
Remove 4.62.2 change files (#25573) 2025-01-17 15:16:21 -06:00
Victor Lyuboslavsky
e6e7c3fa06
Fixes issue verifying Windows CSP profiles that contain ADMX policies. (#25528)
For #24790 

Support verifying Windows CSPs with ADMX policies.

https://learn.microsoft.com/en-us/windows/client-management/understanding-admx-backed-policies

# Checklist for submitter

- [x] Changes file added for user-visible changes in `changes/`,
`orbit/changes/` or `ee/fleetd-chrome/changes`.
- [x] Added/updated automated tests
- [x] Manual QA for all new/changed functionality
2025-01-17 14:56:25 -06:00
Ian Littman
9a5d74cfc6
Exempt bootstrap package uploads from server-side request timeout (#25536)
For #25533

- [x] Changes file added for user-visible changes in `changes/`,
`orbit/changes/` or `ee/fleetd-chrome/changes`.
See [Changes
files](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/Committing-Changes.md#changes-files)
for more information.
- [x] A detailed QA plan exists on the associated ticket (if it isn't
there, work with the product group's QA engineer to add it)
- [x] Manual QA for all new/changed functionality
2025-01-17 10:39:59 -06:00
Gabriel Hernandez
22baa5af94
bump action/cache to version 4.2.0 (#25508)
For #25507

A bump to the latest version to the github `cache` action to 4.2.0. our
current version (v2) was deprecated. more info for the deprecation can
be found here https://github.com/actions/cache/discussions/1510

- [x] Changes file added for user-visible changes in `changes/`,
`orbit/changes/` or `ee/fleetd-chrome/changes`.
2025-01-17 15:01:27 +00:00
Jahziel Villasana-Espinoza
8407aefc73
fix: add translation for iterm2 (#25477)
> For #25130 

# Checklist for submitter

If some of the following don't apply, delete the relevant line.

<!-- Note that API documentation changes are now addressed by the
product design team. -->

- [x] Changes file added for user-visible changes in `changes/`,
`orbit/changes/` or `ee/fleetd-chrome/changes`.
See [Changes
files](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/Committing-Changes.md#changes-files)
for more information.
- [x] Added/updated automated tests
- [x] A detailed QA plan exists on the associated ticket (if it isn't
there, work with the product group's QA engineer to add it)
- [x] Manual QA for all new/changed functionality
2025-01-16 20:17:10 -05:00
jacobshandling
a4d501e67c
UI - Coordinate multiple error inputs to successfully display server errors as UserForm field errors (#25476)
## For #24948 


![ezgif-3-a357750dbe](https://github.com/user-attachments/assets/e3fdc103-df93-4286-af63-df87330c3f1d)

- [x] Changes file added for user-visible changes in `changes/`
- [x] A detailed QA plan exists on the associated ticket (if it isn't
there, work with the product group's QA engineer to add it)
- [x] Manual QA for all new/changed functionality

---------

Co-authored-by: Jacob Shandling <jacob@fleetdm.com>
2025-01-16 13:23:00 -08:00
Dante Catalfamo
3a2a689796
Don't expire iOS devices prematurely (#25436)
#25406 

The `last_seen_times` table is only updates when osquery hits one of its
authenticated endpoints, meaning it isn't updated when devices without
osquery, like iphones, are enrolled. I've left a
[comment](https://github.com/fleetdm/fleet/issues/25406#issuecomment-2590637318)
on the original issue explaining how this happens. Originally, if there
was no `last_seen_time`, the fallback value would be the `created_at`
value on the `hosts` table, so ios devices would always get deleted once
they were added X number of days ago.

In its place, I've added the `detail_updated_at` column on the `hosts`
table as the fallback value, and only use `created_at` if that is also
empty. `detail_updated_at` is updated every time a full detail refetch
completes. In the case of ios/ipados, [this is done using
MDM](cd5c0e8aed/server/service/apple_mdm.go (L3101)).
`detail_updated_at` is updated less frequently than `last_seen_times`,
only once every hour or so instead of every 30 seconds, but since
expiration policies are set on the scale of days instead of hours, this
should be fine.

The way I've QA'd this is by adding an iOS device to my fleet instance,
waited 24 hours, and set the expiration policy to 24 hours.
2025-01-16 10:13:22 -05:00
Dante Catalfamo
39466cb644
Use webhooks settings from gitops even when empty (#25347)
#24958

---------

Co-authored-by: Scott Gress <scottmgress@gmail.com>
2025-01-15 11:31:48 -05:00
jacobshandling
36cba79e19
UI - Ungate user form SSO field for non-admins, handle subtle UX bug (#25351)
_Merge only _after_ https://github.com/fleetdm/fleet/pull/25322_
## For #25319 

- Team admin can access SSO and 2FA options in user form when they are
enabled (see api response to right):

<img width="1799" alt="Screenshot 2025-01-10 at 1 36 10 PM"
src="https://github.com/user-attachments/assets/66bd5eea-dc1d-4e5b-85fc-b377520f337a"
/>

- [x] Changes file added for user-visible changes in `changes/`,
- [ ] A detailed QA plan exists on the associated ticket (if it isn't
there, work with the product group's QA engineer to add it)
- [x] Manual QA for all new/changed functionality

---------

Co-authored-by: Jacob Shandling <jacob@fleetdm.com>
2025-01-14 09:54:02 -08:00
Jahziel Villasana-Espinoza
e76c3638ff
fix: do not remove VPP apps from team if not strictly necessary (#25411)
> For #25194

# Checklist for submitter

If some of the following don't apply, delete the relevant line.

<!-- Note that API documentation changes are now addressed by the
product design team. -->

- [x] Changes file added for user-visible changes in `changes/`,
`orbit/changes/` or `ee/fleetd-chrome/changes`.
See [Changes
files](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/Committing-Changes.md#changes-files)
for more information.
- [x] Input data is properly validated, `SELECT *` is avoided, SQL
injection is prevented (using placeholders for values in statements)
- [x] Added/updated automated tests
- [x] A detailed QA plan exists on the associated ticket (if it isn't
there, work with the product group's QA engineer to add it)
- [x] Manual QA for all new/changed functionality
2025-01-14 12:31:04 -05:00
Victor Lyuboslavsky
3665a7c494
Fixed issue with incorrect batch DDM update activity. (#25372)
For batch upload of Apple DDM profiles with `fleetctl gitops`, fixed
issue where activity feed was showing a change when profiles didn't
actually change.
For #25244

The root cause of the bug was using `NULLIF` instead of the correct
`IFNULL` MySQL command. (Seriously, who named these?).

Also, refactored
[batchSetMDMAppleDeclarations](https://github.com/fleetdm/fleet/blob/victor/25244-batchsetMDMprofile/server/datastore/mysql/apple_mdm.go#L4224)
method to speed up future changes/fixes.

# Checklist for submitter
- [x] Changes file added for user-visible changes in `changes/`,
`orbit/changes/` or `ee/fleetd-chrome/changes`.
See [Changes
files](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/Committing-Changes.md#changes-files)
for more information.
- [x] Added/updated automated tests -- Actually, fixed test that was
already failing
- [x] Manual QA for all new/changed functionality
2025-01-14 11:24:36 -06:00
Sarah Gillespie
d6eeaaa2f9
Hide dropdown filter in software card on "My device" page (#25371) 2025-01-14 10:45:00 -06:00
RachelElysia
43628439d8
Fleet UI: VPP auto install software on failed policies, filter software compatible to policy's target platform, etc (#25202) 2025-01-13 16:45:16 -08:00
jacobshandling
7b1fa550ac
UI – Exclude self-service URL path from DUP when not a valid option for the host (#25383)
## For #24421

- Filter out self-service path in this case
- Remove a number of redundant states by having local variables depend
on useQuery's internal state


![ezgif-7-e252c26029](https://github.com/user-attachments/assets/ad1b2012-3604-4250-a227-d2f66a84bc86)

- [x] Changes file added for user-visible changes in `changes/`
- [x] Manual QA for all new/changed functionality

---------

Co-authored-by: Jacob Shandling <jacob@fleetdm.com>
2025-01-13 14:48:39 -08:00
jacobshandling
8c4275a467
UI - Update validation pattern on SSO settings form (#25387)
## For #25264 


https://github.com/user-attachments/assets/031f3636-3c0e-4439-969d-716cb08b2449

- [x] Changes file added for user-visible changes in `changes/`
- [x] Manual QA for all new/changed functionality

---------

Co-authored-by: Jacob Shandling <jacob@fleetdm.com>
2025-01-13 14:47:02 -08:00
Tim Lee
80f503ab6a
Optimize vulnerability host counts (#24914) 2025-01-13 15:44:02 -07:00
Luke Heath
4cca22384d
Adding changes for Fleet v4.62.0 (#25092)
Ready for review.
2025-01-13 16:23:26 -06:00
Ian Littman
f1949ac2bf
Add VPP policy automation support to backend (#25154)
For #23529, #23530.

# Checklist for submitter

If some of the following don't apply, delete the relevant line.

<!-- Note that API documentation changes are now addressed by the
product design team. -->

- [x] Changes file added for user-visible changes in `changes/`,
`orbit/changes/` or `ee/fleetd-chrome/changes`.
See [Changes
files](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/Committing-Changes.md#changes-files)
for more information.
- [x] Input data is properly validated, `SELECT *` is avoided, SQL
injection is prevented (using placeholders for values in statements)
- [x] If database migrations are included, checked table schema to
confirm autoupdate
- For database migrations:
- [x] Checked schema for all modified table for columns that will
auto-update timestamps during migration.
- [x] Confirmed that updating the timestamps is acceptable, and will not
cause unwanted side effects.
- [x] Ensured the correct collation is explicitly set for character
columns (`COLLATE utf8mb4_unicode_ci`).
- [x] Added/updated automated tests
- [x] A detailed QA plan exists on the associated ticket (if it isn't
there, work with the product group's QA engineer to add it)
- [x] Manual QA for all new/changed functionality
2025-01-13 15:53:24 -06:00
jacobshandling
4346b63ac5
UI – Render default empty cell when host has no UUID (#25362)
## For #23811 
<img width="868" alt="Screenshot 2025-01-10 at 3 29 28 PM"
src="https://github.com/user-attachments/assets/2f95a2d6-7050-4f64-be73-51b6f4a5d422"
/>

- [x] Changes file added for user-visible changes in `changes/`
- [x] Manual QA for all new/changed functionality

---------

Co-authored-by: Jacob Shandling <jacob@fleetdm.com>
2025-01-10 16:07:21 -08:00
Victor Lyuboslavsky
7aa3fee45b
Fix issue when identical MDM commands are sent twice to the same device when replica DB is being used. (#25355)
For #24816
Fix issue when identical MDM commands are sent twice to the same device
when replica DB is being used.

Root cause was that ctxdb.RequirePrimary wasn't used correctly, and
proper test was missing.

# Checklist for submitter

- [x] Changes file added for user-visible changes in `changes/`,
`orbit/changes/` or `ee/fleetd-chrome/changes`.
- [x] Added/updated automated tests
- [x] Manual QA for all new/changed functionality
2025-01-10 16:50:22 -06:00
Jahziel Villasana-Espinoza
cf3a3cfbd2
fix: use a new strategy for finding the app name in case the title is wrong (#25297)
> For #24873

# Checklist for submitter

If some of the following don't apply, delete the relevant line.

<!-- Note that API documentation changes are now addressed by the
product design team. -->

- [x] Changes file added for user-visible changes in `changes/`,
`orbit/changes/` or `ee/fleetd-chrome/changes`.
See [Changes
files](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/Committing-Changes.md#changes-files)
for more information.
- [x] Added/updated automated tests
- [x] A detailed QA plan exists on the associated ticket (if it isn't
there, work with the product group's QA engineer to add it)
- [x] Manual QA for all new/changed functionality

---------

Co-authored-by: Ian Littman <iansltx@gmail.com>
2025-01-10 16:42:06 -05:00
jacobshandling
98b839c616
Replace email logo with one that looks good in both light and dark mode (#25192)
## For #24618

**Change email:**
<img width="1012" alt="Screenshot 2025-01-06 at 3 50 27 PM"
src="https://github.com/user-attachments/assets/1a6ec908-0720-4794-a628-46137d1070b8"
/>

**Invite user:**
<img width="1012" alt="Screenshot 2025-01-06 at 4 15 05 PM"
src="https://github.com/user-attachments/assets/b8edf904-f704-45c4-97bf-2d1e6e7daf0b"
/>

**Enable MFA:**
<img width="1012" alt="Screenshot 2025-01-06 at 4 21 46 PM"
src="https://github.com/user-attachments/assets/a7507fa4-637c-4934-8c60-ec0e8c4fa60d"
/>

**Reset password:**
<img width="1012" alt="Screenshot 2025-01-06 at 4 25 54 PM"
src="https://github.com/user-attachments/assets/74bf4ca1-1960-4923-b8a3-b42ea7ff78ba"
/>


**Setup smtp:**
<img width="1012" alt="Screenshot 2025-01-06 at 4 28 29 PM"
src="https://github.com/user-attachments/assets/53993a5c-697c-4dc5-8005-ad286bf7a55e"
/>



- [x] Changes file added for user-visible changes in `changes/`
- [x] Manual QA for all new/changed functionality

---------

Co-authored-by: Jacob Shandling <jacob@fleetdm.com>
2025-01-10 10:42:44 -08:00
Dante Catalfamo
b4a2115b2c
Display correct key path to user for agent options (#25199)
#24038
2025-01-10 13:13:28 -05:00
Jahziel Villasana-Espinoza
863a37a3e5
fix: update install script for FMAs to improve re-install process (#25238)
> For #24148

# Checklist for submitter

If some of the following don't apply, delete the relevant line.

<!-- Note that API documentation changes are now addressed by the
product design team. -->

- [x] Changes file added for user-visible changes in `changes/`,
`orbit/changes/` or `ee/fleetd-chrome/changes`.
See [Changes
files](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/Committing-Changes.md#changes-files)
for more information.
- [x] Input data is properly validated, `SELECT *` is avoided, SQL
injection is prevented (using placeholders for values in statements)
- [x] If database migrations are included, checked table schema to
confirm autoupdate
- For database migrations:
- [x] Checked schema for all modified table for columns that will
auto-update timestamps during migration.
- [x] Confirmed that updating the timestamps is acceptable, and will not
cause unwanted side effects.
- [x] Ensured the correct collation is explicitly set for character
columns (`COLLATE utf8mb4_unicode_ci`).
- [x] Added/updated automated tests
- [x] A detailed QA plan exists on the associated ticket (if it isn't
there, work with the product group's QA engineer to add it)
- [x] Manual QA for all new/changed functionality
2025-01-09 14:22:21 -05:00
jacobshandling
689e78a598
UI - use new db user settings to persist user's host table column preferences (#25185)
## For #25032

<img width="1792" alt="Screenshot 2025-01-07 at 6 50 39 PM"
src="https://github.com/user-attachments/assets/17a63b3d-a983-433a-a3c4-6c66dbb08fce"
/>

- Add new `include_ui_settings` query param to `GET` `/me` calls
- Use new `settings` in response to set settings into UI context
- On hosts page, use that context, if present, to set which columns are
hidden. Fallback to a default set of hidden columns.
- When updating visible columns, persist preference via `PATCH` to
`/users/:id` with a new `settings` payload

- [x] Changes file added for user-visible changes in `changes/`
- [x] Manual QA for all new/changed functionality

---------

Co-authored-by: Jacob Shandling <jacob@fleetdm.com>
2025-01-09 10:53:43 -08:00
RachelElysia
12ca927d43
Fleet UI: Fix overflow of software title in 2 more modals (#25294) 2025-01-09 13:42:58 -05:00
jacobshandling
d1335986dd
UI – Include team-level queries in Select query modal, only call for queries when needed (#25286)
## For #25114

- When host is on a team, include both the team's and global queries in
list presented to the user
- Optimize by only calling queries API when needed

<img width="1464" alt="Screenshot 2025-01-08 at 6 47 06 PM"
src="https://github.com/user-attachments/assets/9ed6fb1b-7cc3-4e34-a38d-4c7baecedf4c"
/>

- [x] Changes file added for user-visible changes in `changes/`
- [x] Manual QA for all new/changed functionality

---------

Co-authored-by: Jacob Shandling <jacob@fleetdm.com>
2025-01-09 10:08:46 -08:00
Sarah Gillespie
69459efd1d
Remove arrow icon from MDM solution table (#25211) 2025-01-08 17:41:26 -06:00
Victor Lyuboslavsky
992144bd59
Downgraded expected/common "BootstrapPackage not found" server error to a debug message. (#25266)
For #25265
Downgraded expected/common "BootstrapPackage not found" server error to
a debug message. Occurs when UI/API checks if bootstrap package exists.

# Checklist for submitter
- [x] Changes file added for user-visible changes in `changes/`,
`orbit/changes/` or `ee/fleetd-chrome/changes`.
- [x] Manual QA for all new/changed functionality
2025-01-08 17:14:10 -06:00
RachelElysia
800aa7ecbd
Fleet UI: Fix software name from overflowing (#25262) 2025-01-08 16:35:48 -05:00
Sarah Gillespie
459a393f21
Hide updated time when loading OS versions table data (#25200) 2025-01-07 12:29:13 -06:00
RachelElysia
d079b63e2e
Fleet UI: Add timestamps to host count on software detail pages (#25143) 2025-01-07 09:22:41 -05:00
jacobshandling
b17767ef65
Never include sender address in update email success message (#25178)
## For #24366


![ezgif-1-7fab23822d](https://github.com/user-attachments/assets/486286af-db0d-4ce9-9667-fe8471b36f76)

- [x] Changes file added for user-visible changes in `changes/`
- [x] Manual QA for all new/changed functionality

---------

Co-authored-by: Jacob Shandling <jacob@fleetdm.com>
2025-01-06 15:16:54 -08:00
Victor Lyuboslavsky
7e1a808a8c
Fixing issue where deleted profiles were being sent to devices. (#25095)
#24804 

# Checklist for submitter

- [x] Changes file added for user-visible changes in `changes/`,
`orbit/changes/` or `ee/fleetd-chrome/changes`.
See [Changes
files](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/Committing-Changes.md#changes-files)
for more information.
- [x] Added/updated tests
- [x] If database migrations are included, checked table schema to
confirm autoupdate
- [x] Manual QA for all new/changed functionality
2025-01-06 13:16:34 -06:00
jacobshandling
aef4bb579e
UI – Clarify expected behavior of policy host counts, dashboard controls software count, and controls os updates versions count (#25150)
## For #23512 

<img width="1392" alt="Screenshot 2025-01-03 at 4 13 33 PM"
src="https://github.com/user-attachments/assets/0244a2db-eb97-4cf6-b50f-fd7567e14e40"
/>

<img width="860" alt="Screenshot 2025-01-03 at 3 59 56 PM"
src="https://github.com/user-attachments/assets/cc2e6adb-ac09-4f02-8e1b-4df060e90de8"
/>

<img width="1392" alt="Screenshot 2025-01-03 at 4 14 40 PM"
src="https://github.com/user-attachments/assets/316c359e-4081-4858-b890-f8d6c8052934"
/>

- [x] Changes file added for user-visible changes in `changes/`
- [x] Manual QA for all new/changed functionality

---------

Co-authored-by: Jacob Shandling <jacob@fleetdm.com>
2025-01-06 10:55:28 -08:00
Dante Catalfamo
d48c9baafa
Add instructions for command line installation on pkg gen (#25166)
#25004
2025-01-06 13:04:12 -05:00
Victor Lyuboslavsky
e0d0e80315
Cloudfront URL config changes (#25145)
For #24868 (subtask)

# Checklist for submitter

- [x] Changes file added for user-visible changes in `changes/`,
`orbit/changes/` or `ee/fleetd-chrome/changes`.
See [Changes
files](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/Committing-Changes.md#changes-files)
for more information.
- [x] Input data is properly validated, `SELECT *` is avoided, SQL
injection is prevented (using placeholders for values in statements)
- [x] Added/updated automated tests
- [x] Manual QA for all new/changed functionality
2025-01-06 11:33:24 -06:00
Ian Littman
efe3315a1b
Fix detection of uninstall scripts when recording script results after a host has had MDM actions taken (#25157)
For #25144.

# Checklist for submitter

If some of the following don't apply, delete the relevant line.

<!-- Note that API documentation changes are now addressed by the
product design team. -->

- [x] Changes file added for user-visible changes in `changes/`,
`orbit/changes/` or `ee/fleetd-chrome/changes`.
See [Changes
files](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/Committing-Changes.md#changes-files)
for more information.
- [x] Input data is properly validated, `SELECT *` is avoided, SQL
injection is prevented (using placeholders for values in statements)
- [x] Added/updated automated tests
- [x] A detailed QA plan exists on the associated ticket (if it isn't
there, work with the product group's QA engineer to add it)
- [x] Manual QA for all new/changed functionality
2025-01-06 07:57:17 -06:00
jacobshandling
338a00a693
UI: only setEditingExistingQuery in the edit query form if the query has been modified (#25115)
## #24653 

- This bug was more generally that live query runs from the Edit query
form did not include the `query_id` in the `run` API call.


![ezgif-6-8ef29273dc](https://github.com/user-attachments/assets/d6792037-5d91-4f6f-84d9-640133df0522)


- [x] Changes file added for user-visible changes in `changes/`
- [x] Manual QA for all new/changed functionality

---------

Co-authored-by: Jacob Shandling <jacob@fleetdm.com>
2025-01-03 10:46:03 -08:00
RachelElysia
5eace25c69
Fleet UI: Fix software actions dropdown styling bug (#25102) 2025-01-03 09:32:31 -05:00
RachelElysia
645d4d8c25
Fleet UI: Clarify VPP app teams (#25111) 2025-01-03 09:31:25 -05:00
RachelElysia
ece080fbe3
Fleet UI: Fix app id link not row id (#25113) 2025-01-03 09:30:59 -05:00
RachelElysia
486357326e
Fleet UI: Update bad links in setup experience (#25110) 2025-01-03 09:29:38 -05:00
Ian Littman
9eb115cf7c
Ignore CVE-2024-10327 since it's iOS-only (#25083)
For #25075

# Checklist for submitter

- [x] Changes file added for user-visible changes in `changes/`,
`orbit/changes/` or `ee/fleetd-chrome/changes`.
See [Changes
files](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/Committing-Changes.md#changes-files)
for more information.
- [x] Added/updated tests
- [x] Manual QA for all new/changed functionality
2025-01-02 13:07:02 -06:00
jacobshandling
495fddc4e6
UI - Improve validation of SMTP settings form (#25051)
## #25009 

- Update validation to match pattern defined in
`frontend/docs/patterns.md`
- Validate email even when not enabling the feature, since we allow
setting it
- Remove "CONFIGURED" and "NOT CONFIGURED" copy

<img width="838" alt="Screenshot 2024-12-30 at 11 27 08 AM"
src="https://github.com/user-attachments/assets/42132ea2-3364-412a-bb35-2c35f9f6caea"
/>

<img width="838" alt="Screenshot 2024-12-30 at 11 27 16 AM"
src="https://github.com/user-attachments/assets/f9f3c1c0-a166-4ea0-aaa6-b356e7cf9c69"
/>

<img width="838" alt="Screenshot 2024-12-30 at 11 27 24 AM"
src="https://github.com/user-attachments/assets/8685d01d-b2ae-4bc5-addc-80b326f18863"
/>

<img width="706" alt="Screenshot 2024-12-30 at 11 44 10 AM"
src="https://github.com/user-attachments/assets/af8f0f5f-588f-4226-b7e7-8cf753f4822b"
/>



- [x] Changes file added for user-visible changes in `changes/`
- [x] Manual QA for all new/changed functionality

---------

Co-authored-by: Jacob Shandling <jacob@fleetdm.com>
2025-01-02 10:30:41 -08:00
Ian Littman
bbc35cb76b
Include pre-releases when building osquery version list constant (#25089)
Also updates said constant via this script to include 5.15.0. Idea for
this is that including pre-releases as they're published ensures that by
the time the corresponding Fleet release ships we have a current list,
without having to cherry-pick these updates.

# Checklist for submitter

If some of the following don't apply, delete the relevant line.

<!-- Note that API documentation changes are now addressed by the
product design team. -->

- [x] Changes file added for user-visible changes in `changes/`,
`orbit/changes/` or `ee/fleetd-chrome/changes`.
See [Changes
files](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/Committing-Changes.md#changes-files)
for more information.
- [x] Manual QA for all new/changed functionality
2025-01-02 11:38:15 -06:00
Ian Littman
5beeb248f7
Handle long interned strings in MSI parsing (#25079)
For #24720. Used
https://github.com/ChaelChu/msi-props-reader/blob/master/src/msiPropsReader.ts
as inspiration. Not sure why the shift is 17 bits rather than 16 here
but confirmed that 17 works and 16 doesn't.

Tested against both existing GDrive MSIs for regression testing, plus
the one mentioned in the ticket.

# Checklist for submitter

If some of the following don't apply, delete the relevant line.

<!-- Note that API documentation changes are now addressed by the
product design team. -->

- [x] Changes file added for user-visible changes in `changes/`,
`orbit/changes/` or `ee/fleetd-chrome/changes`.
See [Changes
files](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/Committing-Changes.md#changes-files)
for more information.
- [x] Manual QA for all new/changed functionality
2025-01-02 10:41:08 -06:00
Victor Lyuboslavsky
eef175756a
Removed invalid UUID error from Apple MDM UDID. (#25074)
#24961 

# Checklist for submitter

- [x] Changes file added for user-visible changes in `changes/`,
`orbit/changes/` or `ee/fleetd-chrome/changes`.
See [Changes
files](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/Committing-Changes.md#changes-files)
for more information.
- [x] Manual QA for all new/changed functionality
2025-01-01 18:44:09 -06:00
Ian Littman
5a30b477c6
Fall back to FileVersion when an EXE installer has FileVersion but not ProductVersion (#25070)
For #23541

# Checklist for submitter

If some of the following don't apply, delete the relevant line.

<!-- Note that API documentation changes are now addressed by the
product design team. -->

- [x] Changes file added for user-visible changes in `changes/`,
`orbit/changes/` or `ee/fleetd-chrome/changes`.
See [Changes
files](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/Committing-Changes.md#changes-files)
for more information.
- [x] Manual QA for all new/changed functionality
2024-12-31 14:28:15 -06:00
Victor Lyuboslavsky
bd51e858ac
Update Apple config/DDM profiles if secret variables changed (#24995)
#24900 

This PR includes and depends on PR #25012, which should be
reviewed/merged before this one.

Windows profiles are not included in this PR due to issue #25030

This PR adds the following functionality: Apple config/DDM profile is
resent to the device when the profile contains secret variables, and the
values of those variables have changed. For example.
- Upload secret variables
- Upload profile
- Device gets profile
- Upload the same profile
- Nothing happens
- Upload a different secret variable value
- Upload the same profile
- Device gets updated profile

# Checklist for submitter

- [x] Changes file added for user-visible changes in `changes/`,
`orbit/changes/` or `ee/fleetd-chrome/changes`.
See [Changes
files](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/Committing-Changes.md#changes-files)
for more information.
- [x] Added/updated tests
- [x] If database migrations are included, checked table schema to
confirm autoupdate
- For database migrations:
- [x] Checked schema for all modified table for columns that will
auto-update timestamps during migration.
- [x] Manual QA for all new/changed functionality
2024-12-30 17:58:39 -06:00
jacobshandling
c2bd802fa4
UI - Refactor to TooltipWrapper and add offset to the tooltips on hover of the profile aggregate status indicators (#25039)
## #25038 

Refactor to TooltipWrapper and add offset to the tooltips on hover of
the profile aggregate status indicators.

<img width="1345" alt="Screenshot 2024-12-29 at 9 00 38 PM"
src="https://github.com/user-attachments/assets/3bf5cf3c-e9fc-47dc-aa07-9cef42edcae0"
/>

- [x] Changes file added for user-visible changes in `changes/`, 
- [x] Manual QA for all new/changed functionality

---------

Co-authored-by: Jacob Shandling <jacob@fleetdm.com>
2024-12-30 08:17:12 -08:00
Ian Littman
1725eff39c
Allow software uninstalls, script-based lock/unlock/wipe, while scripts are globally disabled (#24815)
For #22875.

# Checklist for submitter

If some of the following don't apply, delete the relevant line.

<!-- Note that API documentation changes are now addressed by the
product design team. -->

- [x] Changes file added for user-visible changes in `changes/`,
`orbit/changes/` or `ee/fleetd-chrome/changes`.
See [Changes
files](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/Committing-Changes.md#changes-files)
for more information.
- [x] Input data is properly validated, `SELECT *` is avoided, SQL
injection is prevented (using placeholders for values in statements)
- [x] Added/updated tests
- [x] If database migrations are included, checked table schema to
confirm autoupdate
- For database migrations:
- [x] Checked schema for all modified table for columns that will
auto-update timestamps during migration.
- [x] Confirmed that updating the timestamps is acceptable, and will not
cause unwanted side effects.
- [x] Ensured the correct collation is explicitly set for character
columns (`COLLATE utf8mb4_unicode_ci`).
- [x] Manual QA for all new/changed functionality
2024-12-30 08:32:48 -06:00
Lucas Manuel Rodriguez
963cc7e22c
Automatic install custom packages (#25021)
#24385

Some docs change here: https://github.com/fleetdm/fleet/pull/25026.

- [X] Changes file added for user-visible changes in `changes/`,
`orbit/changes/` or `ee/fleetd-chrome/changes`.
See [Changes
files](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/Committing-Changes.md#changes-files)
for more information.
- [X] Added/updated tests
- [X] Manual QA for all new/changed functionality
2024-12-27 15:10:28 -03:00
jacobshandling
32c42c301f
UI - Show software details My device page (#25022)
## #23315 

- On device user page > Software, make rows clickable and on click, open
the Software details modal to display information about the installation
on the host.
- Update Software details modal copy and allow long file paths to wrap


https://github.com/user-attachments/assets/1e714c5e-1614-46c0-bb56-d6dc8ad4f8ae

<img width="1350" alt="Screenshot 2024-12-26 at 10 27 44 AM"
src="https://github.com/user-attachments/assets/5cefc45a-b0ef-41d9-84e6-21ac17aaeffe"
/>
<img width="1350" alt="Screenshot 2024-12-26 at 10 27 19 AM"
src="https://github.com/user-attachments/assets/e0866961-31a4-4bd3-82e8-18f72cf4dc30"
/>
<img width="1350" alt="Screenshot 2024-12-26 at 10 27 37 AM"
src="https://github.com/user-attachments/assets/2bf6c880-664d-4315-8a40-8de61a5e4748"
/>


- [x] Changes file added for user-visible changes in `changes/`, 
- [x] Manual QA for all new/changed functionality

---------

Co-authored-by: Jacob Shandling <jacob@fleetdm.com>
2024-12-26 14:51:28 -08:00
Tim Lee
f6f35be694
Remove homebrew app casks (#24593) 2024-12-24 13:25:53 -07:00
RachelElysia
d8129bf139
Fleet UI: Allow select target search for labels and teams (#24798) 2024-12-23 16:20:51 -05:00
George Karr
38fcc30b5c
Feature: Scope Fleet-maintained apps and custom packages via labels (#24976)
Issue #22813

# Checklist for submitter

If some of the following don't apply, delete the relevant line.

<!-- Note that API documentation changes are now addressed by the
product design team. -->

- [x] Changes file added for user-visible changes in `changes/`,
`orbit/changes/` or `ee/fleetd-chrome/changes`.
See [Changes
files](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/Committing-Changes.md#changes-files)
for more information.
- [x] Input data is properly validated, `SELECT *` is avoided, SQL
injection is prevented (using placeholders for values in statements)
- [x] Added/updated tests
- [x] If database migrations are included, checked table schema to
confirm autoupdate
- For database migrations:
- [x] Checked schema for all modified table for columns that will
auto-update timestamps during migration.
- [x] Confirmed that updating the timestamps is acceptable, and will not
cause unwanted side effects.
- [x] Ensured the correct collation is explicitly set for character
columns (`COLLATE utf8mb4_unicode_ci`).
- [x] Manual QA for all new/changed functionality
2024-12-23 11:38:39 -06:00
Ian Littman
329c283aa9
Don't show macOS hosts as disk encryption verifying when they're also in the action-required group (#24844)
This happens when the disk encryption profile has been sent successfully
and verified by MDM, but we haven't been sent the (encrypted) key via
Orbit yet because the end user needs to log out or restart their machine
to finish key rotation.

For #24244.

# Checklist for submitter

If some of the following don't apply, delete the relevant line.

<!-- Note that API documentation changes are now addressed by the
product design team. -->

- [x] Changes file added for user-visible changes in `changes/`,
`orbit/changes/` or `ee/fleetd-chrome/changes`.
See [Changes
files](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/Committing-Changes.md#changes-files)
for more information.
- [x] Input data is properly validated, `SELECT *` is avoided, SQL
injection is prevented (using placeholders for values in statements)
- [x] Added/updated tests
- [x] Manual QA for all new/changed functionality
2024-12-23 08:10:45 -06:00
gillespi314
c79875c963 Add changes file 2024-12-20 17:12:56 -06:00
gillespi314
c78002747f Merge branch 'main' into feat-labels-scoped-software 2024-12-20 17:06:48 -06:00
Dante Catalfamo
1ac4be3cc7
Update windows policy constants (#24971)
#24315

Closes #23970
2024-12-20 17:17:54 -05:00
Dante Catalfamo
effd3563c8
Add secrets software script support (#24912)
#24899
2024-12-20 17:17:18 -05:00
Ian Littman
1f3971701f
Bump max length for installer URLs supplied in GitOps to 4000 characters (#24942)
For #24917. Should be worth the extra byte per row for the varchar
field.

# Checklist for submitter

- [x] Changes file added for user-visible changes in `changes/`,
`orbit/changes/` or `ee/fleetd-chrome/changes`.
See [Changes
files](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/Committing-Changes.md#changes-files)
for more information.
- [x] Added/updated tests
- [x] If database migrations are included, checked table schema to
confirm autoupdate
- For database migrations:
- [x] Checked schema for all modified table for columns that will
auto-update timestamps during migration.
- [x] Confirmed that updating the timestamps is acceptable, and will not
cause unwanted side effects.
- [x] Ensured the correct collation is explicitly set for character
columns (`COLLATE utf8mb4_unicode_ci`).
- [x] Manual QA for all new/changed functionality
2024-12-20 11:58:21 -06:00
Sarah Gillespie
7aa0433f70
Fix UI pagination bug on manage controls page (#24928) 2024-12-20 10:00:12 -06:00
Tim Lee
320ccaf01e
minio vulnerability (#24931) 2024-12-19 15:17:40 -07:00
Scott Gress
6bd9cc8a44
Monitor and alert on errors in cron jobs (#24347)
for #19930 

# Checklist for submitter

- [X] Changes file added for user-visible changes in `changes/`,
`orbit/changes/` or `ee/fleetd-chrome/changes`.
- [X] Input data is properly validated, `SELECT *` is avoided, SQL
injection is prevented (using placeholders for values in statements)
- [X] Added/updated tests
- [X] If database migrations are included, checked table schema to
confirm autoupdate
- [X] Manual QA for all new/changed functionality

# Details

This PR adds a new feature to the existing monitoring add-on. The add-on
will now send an SNS alert whenever a scheduled job like
"vulnerabilities" or "apple_mdm_apns_pusher" exits early due to errors.
The alert contains the job type and the set of errors (there can be
multiple, since jobs can have multiple sub-jobs). By default the SNS
topic for this new alert is the same as the one for the existing cron
system alerts, but it can be configured to use a separate topic (e.g.
dogfood instance will post to a separate slack channel).

The actual changes are:

**On the server side:**

- Add errors field to cron_stats table (json DEFAULT NULL)
- Added errors var to `Schedule` struct to collect errors from jobs
- In `RunAllJobs`, collect err from job into new errors var
- Update `Schedule.updateStats`and `CronStats.UpdateCronStats`to accept
errors argument
- If provided, update errors field of cron_stats table

**On the monitor side:**

- Add new SQL query to look for all completed schedules since last run
with non-null errors
- send SNS with job ID, name, errors

# Testing

New automated testing was added for the functional code that gathers and
stores errors from cron runs in the database. To test the actual Lambda,
I added a row in my `cron_stats` table with errors, then compiled and
ran the Lambda executable locally, pointing it to my local mysql and
localstack instances:

```
2024/12/03 14:43:54 main.go:258: Lambda execution environment not found.  Falling back to local execution.
2024/12/03 14:43:54 main.go:133: Connected to database!
2024/12/03 14:43:54 main.go:161: Row vulnerabilities last updated at 2024-11-27 03:30:03 +0000 UTC
2024/12/03 14:43:54 main.go:163: *** 1h hasn't updated in more than vulnerabilities, alerting! (status completed)
2024/12/03 14:43:54 main.go:70: Sending SNS Message
2024/12/03 14:43:54 main.go:74: Sending 'Environment: dev
Message: Fleet cron 'vulnerabilities' hasn't updated in more than 1h. Last status was 'completed' at 2024-11-27 03:30:03 +0000 UTC.' to 'arn:aws:sns:us-east-1:000000000000:topic1'
2024/12/03 14:43:54 main.go:82: {
  MessageId: "260864ff-4cc9-4951-acea-cef883b2de5f"
}
2024/12/03 14:43:54 main.go:198: *** mdm_apple_profile_manager job had errors, alerting! (errors {"something": "wrong"})
2024/12/03 14:43:54 main.go:70: Sending SNS Message
2024/12/03 14:43:54 main.go:74: Sending 'Environment: dev
Message: Fleet cron 'mdm_apple_profile_manager' (last updated 2024-12-03 20:34:14 +0000 UTC) raised errors during its run:
{"something": "wrong"}.' to 'arn:aws:sns:us-east-1:000000000000:topic1'
2024/12/03 14:43:54 main.go:82: {
  MessageId: "5cd085ef-89f6-42c1-8470-d80a22b295f8"
2024-12-19 15:55:29 -06:00
Ian Littman
4f547902a6
Ignore iOS-only Firefox vulnerability (CVE-2024-10004) since we don't support iOS vulns (#24892)
For #23579

# Checklist for submitter

- [x] Changes file added for user-visible changes in `changes/`,
`orbit/changes/` or `ee/fleetd-chrome/changes`.
See [Changes
files](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/Committing-Changes.md#changes-files)
for more information.
- [x] Added/updated tests
- [x] Manual QA for all new/changed functionality

QA'd locally successfully. It just took a bit longer for the vuln showed
up.
2024-12-19 14:05:58 -06:00
Gabriel Hernandez
89862b012b Merge branch 'main' into feat-labels-scoped-software 2024-12-19 10:52:22 -06:00
Luke Heath
ace2fa3f9f
Adding changes for Fleet v4.61.0 (#24407) (#24904) 2024-12-19 10:09:22 -06:00
Gabriel Hernandez
9057bf62a3 Merge branch 'main' into feat-labels-scoped-software 2024-12-18 15:36:20 -06:00
Victor Lyuboslavsky
9d9fc9b5cd
Replace script/profile secrets. (#24841)
#24548

This PR covers Apple legacy commands, Windows commands, and scripts.
Apple DDM commands and Software install/uninstall scripts will be
covered in separate PRs.

# Checklist for submitter
- [x] Changes file added for user-visible changes in `changes/`,
`orbit/changes/` or `ee/fleetd-chrome/changes`.
See [Changes
files](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/Committing-Changes.md#changes-files)
for more information.
- [x] Added/updated tests
- [x] Manual QA for all new/changed functionality
2024-12-18 15:27:35 -06:00
jacobshandling
4767382a1f
UI - Display the correct percentage of hosts online, 0, when there are no hosts online. (#24858)
## #23800 

<img width="535" alt="Screenshot 2024-12-17 at 6 13 37 PM"
src="https://github.com/user-attachments/assets/5600a288-9b97-4b69-a561-43244c936de5"
/>

- [x] Changes file added for user-visible changes in `changes/`
- [x] Manual QA for all new/changed functionality

---------

Co-authored-by: Jacob Shandling <jacob@fleetdm.com>
2024-12-18 12:53:06 -08:00
Tim Lee
09235486b4
Process all vulncheck data (#24318) 2024-12-18 10:53:46 -07:00
Robert Fairburn
acdc526d1b
Initial support for helm cloudsql proxy in migrations (#24412)
# Checklist for submitter

If some of the following don't apply, delete the relevant line.

<!-- Note that API documentation changes are now addressed by the
product design team. -->

- [x] Changes file added for user-visible changes in `changes/`,
`orbit/changes/` or `ee/fleetd-chrome/changes`.
See [Changes
files](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/Committing-Changes.md#changes-files)
for more information.
2024-12-18 11:44:32 -06:00
RachelElysia
8888127998
Fleetctl: Update dependencies, improve error handling, ensure compatibility (#24845) 2024-12-18 11:22:01 -05:00
Jahziel Villasana-Espinoza
fe8324b48d
feat: skip automatic install policy if installer is not scoped to host (#24843)
> Related issue: #24533

- We're still running the policy, but in the handler for the results we
check if the software is in label scope. If not, we set the policy to be
"undetermined" and we do not add an installation request
- Added checks for label scoping to the "install software" and "self
service install" endpoints

# Checklist for submitter

If some of the following don't apply, delete the relevant line.

<!-- Note that API documentation changes are now addressed by the
product design team. -->

- [x] Changes file added for user-visible changes in `changes/`,
`orbit/changes/` or `ee/fleetd-chrome/changes`.
See [Changes
files](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/Committing-Changes.md#changes-files)
for more information.
- [x] Input data is properly validated, `SELECT *` is avoided, SQL
injection is prevented (using placeholders for values in statements)
- [x] Added/updated tests
- [x] Manual QA for all new/changed functionality
2024-12-18 10:58:28 -05:00
Martin Angers
14fc86d5e7
SSVL: update activities to add labels include/exclude (backend changes) (#24839) 2024-12-18 08:16:36 -05:00
Dante Catalfamo
c9bdae8fb3
Embedded secrets validation (#24624)
#24549

Co-authored-by: Victor Lyuboslavsky <victor.lyuboslavsky@gmail.com>
2024-12-17 17:14:12 -05:00
RachelElysia
474d5c4260
Fleet UI: Clean up table text wrapping (#24827) 2024-12-17 15:22:33 -05:00
Martin Angers
79ac8fa4a1
SSVL: implement gitops support for labels include/exclude on software packages (#24663) 2024-12-17 14:28:17 -05:00
Konstantin Sykulev
57e82c1357
Added optional team_id parameter to query report endpoint (#24811)
If the `team_id` parameter is included the query report will filter the
hosts by the team id specified. The `team_id` parameter is included by
default from the front end queries pages.

https://github.com/fleetdm/fleet/issues/24006

# Checklist for submitter

If some of the following don't apply, delete the relevant line.

<!-- Note that API documentation changes are now addressed by the
product design team. -->

- [X] Changes file added for user-visible changes in `changes/`,
`orbit/changes/` or `ee/fleetd-chrome/changes`.
See [Changes
files](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/Committing-Changes.md#changes-files)
for more information.
- [X] Added/updated tests
- [X] Manual QA for all new/changed functionality

---------

Co-authored-by: Ian Littman <iansltx@gmail.com>
2024-12-17 13:26:35 -06:00
jacobshandling
af12ba144a
Include disk encryption stats only if setting is enabled for Linux host (#24457)
## Addresses #24456

- host detail response (for Host details page and My device page)
excludes `mdm.os_settings` field if disk encryption isn't enabled for
the host
- confirmed it is still included when setting is enabled
- confirmed expected banner is still shown when setting enabled

<img width="2555" alt="Screenshot 2024-12-05 at 10 10 48 PM"
src="https://github.com/user-attachments/assets/e3852b7f-51ae-4e87-bceb-476ccdba2459">


- [x] Changes file added for user-visible changes in `changes/`, 
- [x] Added/updated tests
- [x] Manual QA for all new/changed functionality

---------

Co-authored-by: Jacob Shandling <jacob@fleetdm.com>
2024-12-17 09:43:35 -08:00
jacobshandling
885e1d5a25
UI - Determine query result column sort type from actual data present (#24734)
## Addresses #23011 

- In the same scan through results that the UI currently determines
unique column names, determine which of thsoe columns can be sorted as
alphanumeric.

<img width="1464" alt="Screenshot 2024-12-12 at 3 15 24 PM"
src="https://github.com/user-attachments/assets/49c7c7a5-632a-475f-9e16-891119274708"
/>

<img width="1464" alt="Screenshot 2024-12-12 at 3 14 25 PM"
src="https://github.com/user-attachments/assets/2ede4f28-4c00-43af-b144-3828c42b7fbc"
/>


- [x] Changes file added for user-visible changes in `changes/`,
- [x] Manual QA for all new/changed functionality

---------

Co-authored-by: Jacob Shandling <jacob@fleetdm.com>
2024-12-17 09:41:30 -08:00
Gabriel Hernandez
eb41e7ce8e Merge branch 'main' into feat-labels-scoped-software 2024-12-17 10:58:04 -06:00
Gabriel Hernandez
0876a9d695
Add UI for scoping software to fleet apps and custom packages via labels (#24793)
relates to #24538, #24542, #24540, #24537

implements the UI for scoping software to fleet maintained apps and
custom packages. This includes:

**adding custom target label selection to fleet maintained app form**

<img width="824" alt="image"
src="https://github.com/user-attachments/assets/b0e18841-e5c5-406a-b83f-ce2b5a8f8472"
/>

**adding custom target label selection to custom package form**

<img width="821" alt="image"
src="https://github.com/user-attachments/assets/06279121-69bd-4663-aebd-930cd7c02190"
/>

***adding custom target label selection on edit software modals**

<img width="796" alt="image"
src="https://github.com/user-attachments/assets/c15a8236-1b02-4d17-9245-e24967190eaf"
/>

also includes various small copy changes.

- [x] Changes file added for user-visible changes in `changes/`,
`orbit/changes/` or `ee/fleetd-chrome/changes`.
- [ ] Added/updated tests
- [x] Manual QA for all new/changed functionality
2024-12-17 10:41:57 -06:00
Gabriel Hernandez
e78bf6e8b1
Add helpful tooltip to install software setup experience (#24799)
relates to #24795

Add a helpful tooltip to the install software section for the setup
experience page

<img width="445" alt="image"
src="https://github.com/user-attachments/assets/49b0d9d5-0126-4165-abfb-b5cf9a2f8321"
/>

- [x] Changes file added for user-visible changes in `changes/`,
`orbit/changes/` or `ee/fleetd-chrome/changes`.
- [x] Manual QA for all new/changed functionality
2024-12-17 10:31:00 -06:00
Jacob Burley
78cab5b8a8
Add Mastodon link to server email templates (#23309)
- Adds a link to FleetDM's Mastodon account to emails sent by the
FleetDM server
- Adds a Mastodon PNG image to the repo
2024-12-16 17:03:33 -06:00
Jahziel Villasana-Espinoza
7e3a7ba6ee
feat: filter host software by label scoping (#24801)
> Related issue: #24534

# Checklist for submitter

If some of the following don't apply, delete the relevant line.

<!-- Note that API documentation changes are now addressed by the
product design team. -->

- [x] Changes file added for user-visible changes in `changes/`,
`orbit/changes/` or `ee/fleetd-chrome/changes`.
See [Changes
files](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/Committing-Changes.md#changes-files)
for more information.
- [x] Input data is properly validated, `SELECT *` is avoided, SQL
injection is prevented (using placeholders for values in statements)
- [x] Added/updated tests
- [x] Manual QA for all new/changed functionality
2024-12-16 17:02:06 -05:00
Ian Littman
57e979f0a4
Swap JetBrains EAP versions for maxed last major release for vuln check purposes (#24783)
For #22723.

# Checklist for submitter

If some of the following don't apply, delete the relevant line.

<!-- Note that API documentation changes are now addressed by the
product design team. -->

- [x] Changes file added for user-visible changes in `changes/`,
`orbit/changes/` or `ee/fleetd-chrome/changes`.
See [Changes
files](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/Committing-Changes.md#changes-files)
for more information.
- [x] Added/updated tests
- [x] Manual QA for all new/changed functionality
2024-12-16 14:01:38 -06:00
Gabriel Hernandez
12bf9880ad Merge branch 'main' into feat-labels-scoped-software 2024-12-16 12:35:18 -06:00
Konstantin Sykulev
7e1478589b
Delete pending installs/scripts on policy delete (#24463)
When a policy is deleted clean up any pending software installs or
scripts generated from the policy

https://github.com/fleetdm/fleet/issues/23886

If some of the following don't apply, delete the relevant line.

<!-- Note that API documentation changes are now addressed by the
product design team. -->

- [x] Changes file added for user-visible changes in `changes/`,
`orbit/changes/` or `ee/fleetd-chrome/changes`.
See [Changes
files](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/Committing-Changes.md#changes-files)
for more information.
- [x] Input data is properly validated, `SELECT *` is avoided, SQL
injection is prevented (using placeholders for values in statements)
- [x] Added/updated tests
- [x] Manual QA for all new/changed functionality
2024-12-16 11:47:34 -06:00
Ian Littman
a86caed431
Replace CRLF with LF on script upload (#24760)
For #24166

# Checklist for submitter

If some of the following don't apply, delete the relevant line.

<!-- Note that API documentation changes are now addressed by the
product design team. -->

- [x] Changes file added for user-visible changes in `changes/`,
`orbit/changes/` or `ee/fleetd-chrome/changes`.
See [Changes
files](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/Committing-Changes.md#changes-files)
for more information.
- [x] Added/updated tests
- [x] Manual QA for all new/changed functionality
2024-12-16 11:25:12 -06:00
Victor Lyuboslavsky
1e5da18963
Fixed potential deadlocks when deploying Apple configuration profiles. (#24777)
#24771

Fixing deadlocks found in loadtest:
https://docs.google.com/document/d/1-Q6qFTd7CDm-lh7MVRgpNlNNJijk6JZ4KO49R1fp80U/edit?tab=t.0
- added retries to statements prone to deadlocks

# Checklist for submitter

- [x] Changes file added for user-visible changes in `changes/`,
`orbit/changes/` or `ee/fleetd-chrome/changes`.
- [x] Manual QA for all new/changed functionality
2024-12-16 11:16:42 -06:00
Gabriel Hernandez
8ecf75ae2b Merge branch 'main' into feat-labels-scoped-software 2024-12-16 10:40:19 -06:00
Victor Lyuboslavsky
48e3654d75
Adding secret support to profiles via gitops. (#24675)
#24547

# Checklist for submitter

- [x] Changes file added for user-visible changes in `changes/`,
`orbit/changes/` or `ee/fleetd-chrome/changes`.
See [Changes
files](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/Committing-Changes.md#changes-files)
for more information.
- [x] Added/updated tests
- [x] Manual QA for all new/changed functionality
2024-12-13 15:41:23 -06:00
jacobshandling
7e5000cf52
UI - Redirect on invalid URL parameter to /software/add/fleet-maintained/:id (#24637)
## #24636

Redirect when NaN "foobar" provided as software id in url:

https://github.com/user-attachments/assets/e1b0ce3d-f494-447c-a452-285f0e6758af

- [x] Changes file added for user-visible changes in `changes/`,
- [x] Manual QA for all new/changed functionality

---------

Co-authored-by: Jacob Shandling <jacob@fleetdm.com>
2024-12-13 10:40:58 -08:00
Ian Littman
42186b1ad9
Fix nil pointer dereference on CVEs when OS versions list hasn't been populated yet (#24735)
For #22523.

# Checklist for submitter

- [x] Changes file added for user-visible changes in `changes/`,
`orbit/changes/` or `ee/fleetd-chrome/changes`.
See [Changes
files](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/Committing-Changes.md#changes-files)
for more information.
- [x] Added/updated tests
- [x] Manual QA for all new/changed functionality
2024-12-12 17:23:27 -06:00
Victor Lyuboslavsky
3d671f110d
Removed server error if no private IP was found by detail_query_network_interface (#24726)
#24725

# Checklist for submitter
- [x] Changes file added for user-visible changes in `changes/`,
`orbit/changes/` or `ee/fleetd-chrome/changes`.
- [x] Added/updated tests
- [x] Manual QA for all new/changed functionality
2024-12-12 15:45:26 -06:00
Konstantin Sykulev
669e944f50
Team policy endpoint now accepts null to unset a script or software installer (#24658)
https://github.com/fleetdm/fleet/issues/23490

# Checklist for submitter

- [x] Changes file added for user-visible changes in `changes/`,
`orbit/changes/` or `ee/fleetd-chrome/changes`.
See [Changes
files](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/Committing-Changes.md#changes-files)
for more information.
- [x] Added/updated tests
- [x] Manual QA for all new/changed functionality

---------

Co-authored-by: Ian Littman <iansltx@gmail.com>
2024-12-12 13:33:19 -06:00
RachelElysia
95ae7c3c5f
Fleet UI: Fix policy truncation and add tooltip (#24659) 2024-12-12 09:11:26 -05:00
Ian Littman
4dd152c011
Allow pulling the base list of Fleet Maintained Apps without requiring a team ID (#24595)
For #24509

# Checklist for submitter

If some of the following don't apply, delete the relevant line.

<!-- Note that API documentation changes are now addressed by the
product design team. -->

- [x] Changes file added for user-visible changes in `changes/`,
`orbit/changes/` or `ee/fleetd-chrome/changes`.
See [Changes
files](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/Committing-Changes.md#changes-files)
for more information.
- [x] Input data is properly validated, `SELECT *` is avoided, SQL
injection is prevented (using placeholders for values in statements)
- [x] Added/updated tests
- [x] Manual QA for all new/changed functionality
2024-12-11 21:12:38 -06:00
Martin Angers
23a6146966
SSVL: prevent deletion of a label if used to scope software installers (#24644) 2024-12-11 14:21:10 -05:00
jacobshandling
2118616f64
21855 – Paginate and filter Queries on the server, update platform filtering from compatible to targeted platforms (#24446)
## Addresses #21855 and all of its subtasks

**Frontend:**
- Update list queries API call to include pagination and filter-related
query params, including new `platform` param for filtering queries by
platforms they've been set to target
- Convert all filtering, sorting, and pagination functionality of the
Manage queries page from client-side to server-side
- Remove unneeded variable declarations / logic
- Various typing and naming improvements

**Server:**
- Add new `platform` `ListQueryOption`
- Update service and datastore level list queries logic to handle
filtering queries by targeted platform
- Update service and datastore level list queries logic to include
`meta` and `count` fields in addition to filtered/paginated queries


- [x] Changes file added for user-visible changes in `changes/`, `
- [x] Added/updated tests
  - [x] update DB, integration
  - [x] add integration (pagination)
  - [x] add integration (platform filter)
  - [x] add DB (pagination)
  - [x] add DB (platform filter)
- [x] Manual QA for all new/changed functionality

---------

Co-authored-by: Jacob Shandling <jacob@fleetdm.com>
2024-12-11 10:50:28 -08:00
RachelElysia
7ecd6d9377
Fleet UI: Fix bug hiding manage automations dropdown from maintainers (#23808) 2024-12-11 10:19:33 -05:00