Commit graph

3803 commits

Author SHA1 Message Date
Jahziel Villasana-Espinoza
0c4af0b985
Verify VPP: core implementation (#30295)
# Checklist for submitter

If some of the following don't apply, delete the relevant line.

<!-- Note that API documentation changes are now addressed by the
product design team. -->

- [x] Changes file added for user-visible changes in `changes/`,
`orbit/changes/` or `ee/fleetd-chrome/changes`.
See [Changes
files](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/guides/committing-changes.md#changes-files)
for more information.
- [x] Input data is properly validated, `SELECT *` is avoided, SQL
injection is prevented (using placeholders for values in statements)
- For database migrations:
- [x] Ensured the correct collation is explicitly set for character
columns (`COLLATE utf8mb4_unicode_ci`).
- [x] Added/updated automated tests
- [x] Manual QA for all new/changed functionality
2025-06-26 17:55:43 -04:00
Ian Littman
9bee64bf2d
Persist download URL when adding FMAs via non-GitOps API, fix software versions on GitOps YAML generation (#30331)
Fixes #29618, #30282.

# Checklist for submitter

If some of the following don't apply, delete the relevant line.

<!-- Note that API documentation changes are now addressed by the
product design team. -->

- [x] Changes file added for user-visible changes in `changes/`,
`orbit/changes/` or `ee/fleetd-chrome/changes`.
See [Changes
files](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/guides/committing-changes.md#changes-files)
for more information.
- [x] Input data is properly validated, `SELECT *` is avoided, SQL
injection is prevented (using placeholders for values in statements)
- [x] Added/updated automated tests
- [x] Manual QA for all new/changed functionality
2025-06-26 14:29:23 -05:00
Sarah Gillespie
bce10924d0
Disallow lock request for unenrolled macOS hosts (#30313) 2025-06-25 13:31:33 -05:00
jacobshandling
e74e30105b
UI: In Primo mode, enforce No team or All teams, depending on the page, to preserve premium functionality (#30291)
## #30198 

[Video
demo](https://drive.google.com/file/d/1RBk5QNQdQvXTHJveCNkIeMXj5hWFA5Ft/view?usp=sharing)

- Implement the following logic for `teamId` in the UI when in Primo
mode:
<img width="870" alt="Screenshot 2025-06-24 at 12 47 48 PM"
src="https://github.com/user-attachments/assets/8ae81c3f-223f-4dda-954d-c42c7008de45"
/>
- Above logic is enforced - if trying to change/add/remove `team_id`,
automatically pushed to appropriate team

- Fixes originally reported issue - user in Primo mode can access
installable software (on the hidden "No team" which is now enforced):
  - Software page on No team
    - Update header help text 

![ezgif-49ce1977ab6474](https://github.com/user-attachments/assets/0d011f94-7c90-4d42-92ec-135baafe7927)


- Handle UI edge cases the above surfaces:
  - Queries page on All teams (No team not supported):
<img width="1624" alt="Screenshot 2025-06-24 at 1 10 40 PM"
src="https://github.com/user-attachments/assets/84bb2ca0-b8e7-44e8-9bf5-9f8f243d5584"
/>

  - Policies page on No team:
<img width="1624" alt="Screenshot 2025-06-24 at 1 10 53 PM"
src="https://github.com/user-attachments/assets/144d745f-e9b0-4933-be45-2db4fe428cfe"
/>

- update `useTeamIdParam` hook's strip query params on change team logic
to optionally also consider the current team

**Important notes**
- Software page: Software automations are only accessible via All teams,
while Add software is only accessible on a team, including No team. In
lieu of specs around this, I decided to favor Add software functionality
over Software automations functionality, aka, push to "No team" on this
page. Enabling _both_ functionalities would be a very large ticket and
need to go through a proper drafting process, since Fleet doesn't
currently support both in any state.
- Policies page:
- "Other workflows" (tickets and webhooks) is available on All Teams and
specific teams, but not on No Team, so "Other workflows" is currently
unavailable in Primo mode
- If any of the Primo customers have created policies on All Teams
already, they won't be able to manage automations on them anymore. All
Teams policies can only have ticket/webhook workflows


- [x] Changes file added for user-visible changes in `changes/`
- [x] Manual QA for all new/changed functionality

---------

Co-authored-by: Jacob Shandling <jacob@fleetdm.com>
2025-06-25 09:26:36 -07:00
Martin Angers
4994571c22
DCLK: add mechanism to verify user-scoped profiles (#30110) 2025-06-25 09:51:43 -04:00
Dhruv Trivedi
f4d6e35409
fix: Include Software URLs in fleet generate-gitops when software has URL (#30177)
fixes: https://github.com/fleetdm/fleet/issues/29617
# Checklist for submitter

- [x] Input data is properly validated, `SELECT *` is avoided, SQL
injection is prevented (using placeholders for values in statements)
- [x] Manual QA for all new/changed functionality


I implemented support for exporting the url field in fleetctl
generate-gitops when it's available in the software installer metadata.
During testing, I found that although some Fleet-maintained apps (like
Brave and Cloudflare WARP) show URLs in the UI, those URLs are not
persisted to the database—hence they don’t appear in the generated YAML
unless added manually. I confirmed the url field is supported in the
database and properly handled in the insertion logic. The version field
does get populated when the software is installed on a host. This patch
completes the GitOps export part, but the root issue may lie in the
ingestion flow of the url.


![image](https://github.com/user-attachments/assets/422c04cc-26f8-4607-83e0-b1772b8d81cf)

---------

Co-authored-by: Ian Littman <iansltx@gmail.com>
2025-06-24 16:42:59 -05:00
Jordan Montgomery
d225d5e297
Update windows CSP verification logic (#30203)
Fixes #28499 

# Checklist for submitter

If some of the following don't apply, delete the relevant line.

<!-- Note that API documentation changes are now addressed by the
product design team. -->

- [x] Changes file added for user-visible changes in `changes/`,
`orbit/changes/` or `ee/fleetd-chrome/changes`.
See [Changes
files](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/guides/committing-changes.md#changes-files)
for more information.
- [x] Input data is properly validated, `SELECT *` is avoided, SQL
injection is prevented (using placeholders for values in statements)
- [x] Added/updated automated tests
- [x] Manual QA for all new/changed functionality
2025-06-24 15:18:38 -04:00
RachelElysia
ef6b49dc6e
Fleet API: Return 0 hosts instead of 404 when filtering hosts by team x software non existent on that team (#30249)
## Issue
Closes #26258 

## Description
Returns 0 hosts instead of some random VPP error when software_status is
valid but software_title_id doesn't exist on that team

## Screenshot of fix
<img width="1186" alt="Screenshot 2025-06-23 at 2 04 52 PM"
src="https://github.com/user-attachments/assets/577cc05a-c8e4-4aaf-85c4-38ab9403018b"
/>


## Screenshot of before

<img width="1176" alt="Screenshot 2025-06-23 at 1 50 40 PM"
src="https://github.com/user-attachments/assets/cb0b6ccd-79dd-4309-ae5d-c1c1b938292d"
/>

# Checklist for submitter

If some of the following don't apply, delete the relevant line.

<!-- Note that API documentation changes are now addressed by the
product design team. -->

- [x] Added/updated automated tests
- [x] Manual QA for all new/changed functionality

---------

Co-authored-by: Ian Littman <iansltx@gmail.com>
2025-06-24 11:32:37 -04:00
Ian Littman
e71d00c688
Use dedicated, string-interpolated queries for single-host MDM status checks to reduce prepared statement usage (#30264)
For #30199 

The hottest path for these changes is the Orbit config getter, which
runs every 30 seconds for each host. That means that for 10k enrolled
hosts this will save ~333 prepares per second...which adds up.

There are a few other places that use this query, but not on as hot of a
path.

Safe despite not using prepared statements because you can't SQL-inject
a number. Existing tests cover this path well, hence no new ones.

Needs manual MDM testing.

# Checklist for submitter

If some of the following don't apply, delete the relevant line.

<!-- Note that API documentation changes are now addressed by the
product design team. -->

- [x] Changes file added for user-visible changes in `changes/`,
`orbit/changes/` or `ee/fleetd-chrome/changes`.
See [Changes
files](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/guides/committing-changes.md#changes-files)
for more information.
- [x] Input data is properly validated, `SELECT *` is avoided, SQL
injection is prevented (using placeholders for values in statements)
2025-06-24 10:12:33 -05:00
Ian Littman
2e58aabeee
Avoid unnecessary prepared statements in "select config from team" uncached queries (#30206)
For #30199. This is one of a few approaches to mitigate the issue the
customer is seeing.

This is SQLi-safe because we're dealing with an unsigned int parameter,
sprintf'd %d. Existing tests fully cover this path.

# Checklist for submitter

<!-- Note that API documentation changes are now addressed by the
product design team. -->

- [x] Changes file added for user-visible changes in `changes/`,
`orbit/changes/` or `ee/fleetd-chrome/changes`.
See [Changes
files](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/guides/committing-changes.md#changes-files)
for more information.
- [x] Input data is properly validated, `SELECT *` is avoided, SQL
injection is prevented (using placeholders for values in statements)
- [ ] Manual QA for all new/changed functionality
2025-06-23 21:09:55 -05:00
Juan Fernandez
47992b4fce
Handle null HostID on calendar webhook endpoint (#30130)
For 10744

When making a POST request to the calendar/webhook endpoint, do not error out if host record does not exists.
2025-06-23 13:10:10 -04:00
Juan Fernandez
e7519eef48
29762: Fixed bug with run script modal on FreeTier. (#30138)
For #29762 

When running on FreeTier do not apply teamId criteria on end-point used by the Run Script modal.
2025-06-23 13:03:22 -04:00
Juan Fernandez
81abc49786
28224: Added missing property to hosts/identifier/:id endpoint (#30097)
For #28224 

Added missing team_name property on /api/v1/fleet/hosts/identifier/:id endpoint.
2025-06-23 13:01:33 -04:00
jacobshandling
0c139c98e7
UI: Hide teams dropdown on software details pages in Primo mode (#30218)
## #30200 


![ezgif-73f99c5eaa3368](https://github.com/user-attachments/assets/77e10692-04c8-4021-b9dc-8bd4fcd90726)


- [x] Changes file added for user-visible changes in `changes/`
- [x] Manual QA for all new/changed functionality

---------

Co-authored-by: Jacob Shandling <jacob@fleetdm.com>
2025-06-23 09:55:36 -07:00
Sarah Gillespie
15b60c1f41
Delete iOS host refetch commands on MDM re-enrollment (#30158) 2025-06-23 10:14:00 -05:00
Dante Catalfamo
b80d79f6d8
Fixed broken macos users causing errors during query ingestion (#30128)
#29632
2025-06-23 09:37:35 -04:00
Gabriel Hernandez
34270c23bd
disable uploading EULA in UI when gitops is enabled (#30174)
Relates to #28143

remove ability to upload a EULA in the UI if gitops is enabled

- [x] Changes file added for user-visible changes in `changes/`,
`orbit/changes/` or `ee/fleetd-chrome/changes`.
See [Changes
files](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/guides/committing-changes.md#changes-files)
for more information.
- [s] Manual QA for all new/changed functionality
2025-06-23 14:27:33 +01:00
RachelElysia
3715545e67
Fleet UI: Revamp host > software page with inventory/library tabs (#29759) 2025-06-20 15:02:22 -04:00
Jahziel Villasana-Espinoza
1047a5eb29
stop erroring if a VPP app with darwin and ios versions is added to setup experience (#30187)
> Closes #29506

# Checklist for submitter

If some of the following don't apply, delete the relevant line.

<!-- Note that API documentation changes are now addressed by the
product design team. -->

- [x] Changes file added for user-visible changes in `changes/`,
`orbit/changes/` or `ee/fleetd-chrome/changes`.
See [Changes
files](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/guides/committing-changes.md#changes-files)
for more information.
- [x] Input data is properly validated, `SELECT *` is avoided, SQL
injection is prevented (using placeholders for values in statements)
- [x] Added/updated automated tests
- [x] Manual QA for all new/changed functionality
2025-06-20 13:17:25 -04:00
Gabriel Hernandez
63ace13b11
Fix issue where you cant delete a bootstrap package (#30146)
Fixes [#30059](https://github.com/fleetdm/fleet/issues/30059)

Fixes an issue where you couldn't delete a bootstrap package. The issue
was an unused json struct tag for DryRun on the
`deleteBootstrapPackageRequest` struct.

I also updated the UI to use the current endpoint to delete a bootstrap
package

- [x] Changes file added for user-visible changes in `changes/`,
`orbit/changes/` or `ee/fleetd-chrome/changes`.
- [x] Manual QA for all new/changed functionality
2025-06-20 17:05:16 +01:00
Gabriel Hernandez
a5c69a60a4
Fix bug for not being to reenable end user migration in UI (#30106)
Fixes #30063

This fixes an issue added in the
[PR](https://github.com/fleetdm/fleet/pull/29968) where the user was not
able to reenable the end user migration form.

I've also added improved a11y attributes to the slider component,
ensured we are functionally disabling the form controls during gitops
mode and not just visually, and updated/added tests for the
EndUserMigrationSection component.


- [x] Changes file added for user-visible changes in `changes/`,
`orbit/changes/` or `ee/fleetd-chrome/changes`.
- [x] Added/updated automated tests
- [x] Manual QA for all new/changed functionality
2025-06-20 17:04:30 +01:00
Konstantin Sykulev
d9b373e0c2
FMA uninstall (#29977)
Modified the FMA uninstall global script to better handle deleting files
as specified from pkgutil

[#29220](https://github.com/fleetdm/fleet/issues/29220)
[#29221](https://github.com/fleetdm/fleet/issues/29221)

- [x] Changes file added for user-visible changes in `changes/`,
`orbit/changes/` or `ee/fleetd-chrome/changes`.
See [Changes
files](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/guides/committing-changes.md#changes-files)
for more information.
- [x] Added/updated automated tests
- [x] Manual QA for all new/changed functionality
2025-06-19 16:14:06 -05:00
Scott Gress
becb7a3b5b
Add null check to fix manage automations issue (#30154)
For #30001

# Details

When Fleet is started with logging configured in a way such that the
logging plugin has no `config`, clicking "Manage Automations" on the
manage queries page results in a 500 page. An example config would be:

```
fdm up --server_address=localhost:8080 --dev --dev_license --logging_debug --osquery_result_log_plugin=stdout --osquery_status_log_plugin=stdout --activity_audit_log_plugin=stdout
```

This PR fixes the issue by adding null protection for cases where the
`config` object is empty for the logging plugin.

# Checklist for submitter

If some of the following don't apply, delete the relevant line.

<!-- Note that API documentation changes are now addressed by the
product design team. -->

- [X] Changes file added for user-visible changes in `changes/`,
`orbit/changes/` or `ee/fleetd-chrome/changes`.
See [Changes
files](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/guides/committing-changes.md#changes-files)
for more information.
- [X] Manual QA for all new/changed functionality
2025-06-19 14:51:49 -05:00
Dante Catalfamo
f25ed917d3
Fixed tooltip not showing the correct log destination (#30124)
#28613
2025-06-19 10:39:07 -04:00
Gabriel Hernandez
afffad11a0
fix typos and add premium feature message to idp integration page (#30079)
Fixes #29505

Quick fix to show the premium feature message for idp integrations card

- [x] Changes file added for user-visible changes in `changes/`,
`orbit/changes/` or `ee/fleetd-chrome/changes`.
- [x] Manual QA for all new/changed functionality
2025-06-19 12:34:53 +01:00
Gabriel Hernandez
8b25a1bae7
fix truncation of mdm server url value in about card (#30085)
Fixes #29696

fixes truncation of the mdm server url value on the about card.

- [x] Changes file added for user-visible changes in `changes/`,
`orbit/changes/` or `ee/fleetd-chrome/changes`.
- [x] Manual QA for all new/changed functionality
2025-06-19 12:34:06 +01:00
Victor Lyuboslavsky
3e88653dcc
Fixed error deleting calendar event for non-existent user. (#30009)
Fixes #27961

# Checklist for submitter

- [x] Changes file added for user-visible changes in `changes/`,
`orbit/changes/` or `ee/fleetd-chrome/changes`.
- [x] Added/updated automated tests
- [x] Manual QA for all new/changed functionality
2025-06-18 17:03:06 -05:00
Dante Catalfamo
78ba04ff10
Fix policy autofill using incorrect media-type for query (#30112)
#30066
2025-06-18 13:12:58 -04:00
Ian Littman
ea1e8b428f
Clean up OVAL-sourced vulnerabilities reported on Amazon Linux 2 hosts prior to v4.56 (#30078)
Fixed #21947.

# Checklist for submitter

If some of the following don't apply, delete the relevant line.

<!-- Note that API documentation changes are now addressed by the
product design team. -->

- [x] Changes file added for user-visible changes in `changes/`,
`orbit/changes/` or `ee/fleetd-chrome/changes`.
See [Changes
files](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/guides/committing-changes.md#changes-files)
for more information.
- [x] Input data is properly validated, `SELECT *` is avoided, SQL
injection is prevented (using placeholders for values in statements)
- [x] If database migrations are included, checked table schema to
confirm autoupdate
- For database migrations:
- [x] Checked schema for all modified table for columns that will
auto-update timestamps during migration.
- [x] Confirmed that updating the timestamps is acceptable, and will not
cause unwanted side effects.
- [x] Ensured the correct collation is explicitly set for character
columns (`COLLATE utf8mb4_unicode_ci`).
- [x] Added/updated automated tests
- [x] Manual QA for all new/changed functionality
2025-06-17 09:15:15 -05:00
RachelElysia
b29cb6bfd3
Fleet UI: Fix os settings tooltips from flashing during refetch (#30080) 2025-06-17 09:35:03 -04:00
RachelElysia
1d2b71857b
Host API: Return empty array instead of 404 for software filter not found (#30045) 2025-06-17 09:20:09 -04:00
Jordan Montgomery
b0e6a872df
Apple mdm user channel initial support (#29882)
Adds support for the Apple MDM user channel however we are waiting on
stories around verification among other things for this and we are not
shipping as part of 4.70 so this can be reviewed but should not be
merged yet

# Checklist for submitter

If some of the following don't apply, delete the relevant line.

<!-- Note that API documentation changes are now addressed by the
product design team. -->

- [x] Changes file added for user-visible changes in `changes/`,
`orbit/changes/` or `ee/fleetd-chrome/changes`.
See [Changes
files](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/guides/committing-changes.md#changes-files)
for more information.
- [x] Input data is properly validated, `SELECT *` is avoided, SQL
injection is prevented (using placeholders for values in statements)
- [x] If database migrations are included, checked table schema to
confirm autoupdate
- For database migrations:
- [x] Checked schema for all modified table for columns that will
auto-update timestamps during migration.
- [x] Confirmed that updating the timestamps is acceptable, and will not
cause unwanted side effects.
- [x] Ensured the correct collation is explicitly set for character
columns (`COLLATE utf8mb4_unicode_ci`).
- [x] Added/updated automated tests
- [x] Manual QA for all new/changed functionality

---------

Co-authored-by: Martin Angers <martin.n.angers@gmail.com>
2025-06-16 16:46:38 -04:00
Martin Angers
fbc8fc031a
Speedup worker-based device release on ADE enrollment setup (#29892) 2025-06-16 13:14:25 -04:00
Luke Heath
653291c6b4
Prepare Fleet v4.69.0 (#30024) 2025-06-16 10:43:20 -05:00
RachelElysia
999207bd33
Fleet UI: Improved error and loading state for self-service page (#30042) 2025-06-16 11:23:19 -04:00
Lucas Manuel Rodriguez
5646062c85
Update go to 1.24.4 and add some automation (#29954)
Fixes CVE-2025-22874 reported by
https://github.com/fleetdm/fleet/actions/runs/15601368321/job/43941793647.

(IMO not a critical CVE, so it doesn't need to be cherry-picked into
v4.69.0.)

Added automation to make this easier next time.
2025-06-13 13:08:14 -05:00
Victor Lyuboslavsky
9ba6e74940
Update 26519-android changelog (#29996) 2025-06-13 13:27:44 -04:00
Victor Lyuboslavsky
6a1c7902c8
Updating Android changelog. (#29995)
Fixes #26519
2025-06-13 12:27:30 -04:00
jacobshandling
69cd060b9a
UI: Consistent password field styling (#29984) 2025-06-13 11:37:26 -04:00
RachelElysia
b763b6860f
Uploading new installer to FMA turns FMA to custom package (#29959) 2025-06-13 11:36:10 -04:00
Jahziel Villasana-Espinoza
15bdf03512
use a check for dir existence that doesn't set exit code 1 if the dir doesn't exist (#29952)
> Closes #27577

# Checklist for submitter

If some of the following don't apply, delete the relevant line.

<!-- Note that API documentation changes are now addressed by the
product design team. -->

- [x] Changes file added for user-visible changes in `changes/`,
`orbit/changes/` or `ee/fleetd-chrome/changes`.
See [Changes
files](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/guides/committing-changes.md#changes-files)
for more information.
- [x] Manual QA for all new/changed functionality

---------

Co-authored-by: Ian Littman <iansltx@gmail.com>
2025-06-13 10:26:54 -04:00
Gabriel Hernandez
03a7b27633
update host details cert card (#29827)
Relates to  [#29324](https://github.com/fleetdm/fleet/issues/29324)

updates certificates card UI on the host details and my devices page.
changes some copy and adds a new Keychain column.


![image](https://github.com/user-attachments/assets/3310cd61-4447-499b-8d03-9a987fbcaed7)

- [x] Changes file added for user-visible changes in `changes/`,
`orbit/changes/` or `ee/fleetd-chrome/changes`.
See [Changes
files](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/guides/committing-changes.md#changes-files)
for more information.
- [x] Manual QA for all new/changed functionality
2025-06-13 13:00:41 +01:00
Victor Lyuboslavsky
1577d491b2
Hook up Android fleetdm.com/proxy (#29645)
For #26519 

This PR allows Fleet server to use Android with either fleetdm.com proxy
or locally. It also removes the Android feature flag from the backend.
The frontend changes and proxy API documentation will be in separate
PRs.

Updated contributor docs:
https://github.com/fleetdm/fleet/pull/29880/files

Integration tests are missing and tracked as a separate issue:
https://github.com/fleetdm/fleet/issues/27080

# Checklist for submitter

- [x] Changes file added for user-visible changes in `changes/`,
`orbit/changes/` or `ee/fleetd-chrome/changes`.
- [x] Added/updated automated tests
- [x] Manual QA for all new/changed functionality
2025-06-12 19:42:15 -05:00
jacobshandling
37856d28b8
UI: Disable MDM > End user migration section when GitOps mode enabled (#29968)
## For #28823

<img width="1071" alt="Screenshot 2025-06-12 at 11 29 29 AM"
src="https://github.com/user-attachments/assets/f8ea9022-9bbd-4405-943b-923910265be5"
/>


- [x] Changes file added for user-visible changes in `changes/`
- [x] Manual QA for all new/changed functionality

---------

Co-authored-by: Jacob Shandling <jacob@fleetdm.com>
2025-06-12 15:21:01 -07:00
Sarah Gillespie
b216219c44
Fix DB migration bug when adding MDM enroll tables (#29963) 2025-06-12 17:13:58 -05:00
Dante Catalfamo
ab12f475c2
Remove username requirement from some CIS policies (#29842)
#29127
2025-06-12 15:22:35 -04:00
RachelElysia
4277a9e93e
Fleet UI: Remove unsupported sorting arrows from host software table (#29966) 2025-06-12 14:30:38 -04:00
George Karr
7086c017e6
Adding optional parameter outfile to fleetctl package (#29579)
Fixes #29581 

# Checklist for submitter

If some of the following don't apply, delete the relevant line.

<!-- Note that API documentation changes are now addressed by the
product design team. -->

- [ ] Changes file added for user-visible changes in `changes/`,
`orbit/changes/` or `ee/fleetd-chrome/changes`.
See [Changes
files](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/guides/committing-changes.md#changes-files)
for more information.
- [ ] Input data is properly validated, `SELECT *` is avoided, SQL
injection is prevented (using placeholders for values in statements)
- [ ] Added support on fleet's osquery simulator `cmd/osquery-perf` for
new osquery data ingestion features.
- [ ] If paths of existing endpoints are modified without backwards
compatibility, checked the frontend/CLI for any necessary changes
- [ ] If database migrations are included, checked table schema to
confirm autoupdate
- For new Fleet configuration settings
- [ ] Verified that the setting can be managed via GitOps, or confirmed
that the setting is explicitly being excluded from GitOps. If managing
via Gitops:
- [ ] Verified that the setting is exported via `fleetctl
generate-gitops`
- [ ] Added the setting to [the GitOps
documentation](https://github.com/fleetdm/fleet/blob/main/docs/Configuration/yaml-files.md#L485)
- [ ] Verified that the setting is cleared on the server if it is not
supplied in a YAML file (or that it is documented as being optional)
- [ ] Verified that any relevant UI is disabled when GitOps mode is
enabled
- For database migrations:
- [ ] Checked schema for all modified table for columns that will
auto-update timestamps during migration.
- [ ] Confirmed that updating the timestamps is acceptable, and will not
cause unwanted side effects.
- [ ] Ensured the correct collation is explicitly set for character
columns (`COLLATE utf8mb4_unicode_ci`).
- [ ] Added/updated automated tests
- [ ] Manual QA for all new/changed functionality
- For Orbit and Fleet Desktop changes:
- [ ] Make sure fleetd is compatible with the latest released version of
Fleet (see [Must
rule](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/workflows/fleetd-development-and-release-strategy.md)).
- [ ] Orbit runs on macOS, Linux and Windows. Check if the orbit
feature/bugfix should only apply to one platform (`runtime.GOOS`).
- [ ] Manual QA must be performed in the three main OSs, macOS, Windows
and Linux.
- [ ] Auto-update manual QA, from released version of component to new
version (see [tools/tuf/test](../tools/tuf/test/README.md)).
- [ ] For unreleased bug fixes in a release candidate, confirmed that
the fix is not expected to adversely impact load test results or alerted
the release DRI if additional load testing is needed.
2025-06-12 10:25:40 -05:00
Sarah Gillespie
9fcd2e15c2
Add one-time challenge support to custom SCEP proxy (#29832) 2025-06-12 08:56:13 -05:00
jacobshandling
b4311f735d
UI: Make teams dropdowns searchable (#29928)
## For #28822 

- Enable searching the teams dropdown
- Ensure right-scrolling per usual text input fields when search text is
long
- Ensure neighboring elements are not moved when search text is long


![ezgif-5b014b0a03dc31](https://github.com/user-attachments/assets/30f98ea6-c7f8-4566-bfef-4e1a6eb0b55d)

- [x] Changes file added for user-visible changes in `changes/`
- [x] Manual QA for all new/changed functionality

---------

Co-authored-by: Jacob Shandling <jacob@fleetdm.com>
2025-06-11 15:11:12 -07:00
Juan Fernandez
d847ec8ed4
21979: Extended wipe end-point to allow for doWipe Win CMD (#29770)
For #21979

Extended POST /api/v1/fleet/hosts/:id/wipe end-point to allow users to
specify an optional payload for specifying what type of remote wipe to
perform on Win hosts.

---------

Co-authored-by: Rachael Shaw <r@rachael.wtf>
2025-06-11 13:56:07 -04:00
Lucas Manuel Rodriguez
1c5700a8c4
Microsoft Compliance Partner backend changes (#29540)
For #27042.

Ready for review, just missing integration tests that I will be writing
today.

- [X] Changes file added for user-visible changes in `changes/`,
`orbit/changes/` or `ee/fleetd-chrome/changes`.
See [Changes
files](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/guides/committing-changes.md#changes-files)
for more information.
- [X] Input data is properly validated, `SELECT *` is avoided, SQL
injection is prevented (using placeholders for values in statements)
- [ ] Added support on fleet's osquery simulator `cmd/osquery-perf` for
new osquery data ingestion features.
- [X] If database migrations are included, checked table schema to
confirm autoupdate
- For new Fleet configuration settings
- [X] Verified that the setting can be managed via GitOps, or confirmed
that the setting is explicitly being excluded from GitOps. If managing
via Gitops:
- [X] Verified that the setting is exported via `fleetctl
generate-gitops`
- [X] Added the setting to [the GitOps
documentation](https://github.com/fleetdm/fleet/blob/main/docs/Configuration/yaml-files.md#L485)
- [X] Verified that the setting is cleared on the server if it is not
supplied in a YAML file (or that it is documented as being optional)
- [x] Verified that any relevant UI is disabled when GitOps mode is
enabled
- For database migrations:
- [X] Checked schema for all modified table for columns that will
auto-update timestamps during migration.
- [X] Confirmed that updating the timestamps is acceptable, and will not
cause unwanted side effects.
- [X] Ensured the correct collation is explicitly set for character
columns (`COLLATE utf8mb4_unicode_ci`).
- [x] Added/updated automated tests
- [X] Manual QA for all new/changed functionality

---------

Co-authored-by: jacobshandling <61553566+jacobshandling@users.noreply.github.com>
Co-authored-by: Jacob Shandling <jacob@fleetdm.com>
2025-06-11 14:22:46 -03:00
Martin Angers
604464f60f
DCLK: Ingest login-keychain certificates for macOS (#29555) 2025-06-11 11:13:44 -04:00
RachelElysia
c574c4db25
Fleet UI: Consistent font size across input fields and dropdowns (#29865) 2025-06-10 15:04:18 -04:00
Ian Littman
3b340ee26f
Allow configuring SSO timeout (both standard and MDM SSO), replacing hard-coded 5-minute validity period (#29854)
For #29614.

# Checklist for submitter

If some of the following don't apply, delete the relevant line.

<!-- Note that API documentation changes are now addressed by the
product design team. -->

- [x] Changes file added for user-visible changes in `changes/`,
`orbit/changes/` or `ee/fleetd-chrome/changes`.
See [Changes
files](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/guides/committing-changes.md#changes-files)
for more information.
- [x] Input data is properly validated, `SELECT *` is avoided, SQL
injection is prevented (using placeholders for values in statements)
- For new Fleet configuration settings
- [x] Verified that the setting can be managed via GitOps, or confirmed
that the setting is explicitly being excluded from GitOps. - Excluded
from GitOps (env var)
- [x] Added/updated automated tests
- [x] Manual QA for all new/changed functionality
2025-06-10 10:45:00 -05:00
jacobshandling
e57452de6c
UI: Filter hosts by batch execution status (#29612)
## For #29444

- Update script batch summary modal status rows to link to the hosts
page filtered by the appropriate batch script run and status
- Add above filtering capabilities to the hosts page

<img width="1912" alt="Screenshot 2025-05-30 at 12 39 54 PM"
src="https://github.com/user-attachments/assets/4299ecaa-10bd-49f4-b0f8-cd0e71108e04"
/>

<img width="1912" alt="Screenshot 2025-05-30 at 12 40 22 PM"
src="https://github.com/user-attachments/assets/8252560e-59a2-42a9-bd0c-e5ca05c53390"
/>


- [x] Changes file added for user-visible changes in `changes/`
- [x] Manual QA for all new/changed functionality

---------

Co-authored-by: Jacob Shandling <jacob@fleetdm.com>
2025-06-09 10:53:17 -07:00
Dante Catalfamo
7644a27679
Select hosts for gitops labels using hardware_serial (#29639)
#28511
2025-06-09 13:37:00 -04:00
Dante Catalfamo
a18d22f05d
Don't allow fleetctl apply with builtin label type (#29601)
#28338
2025-06-09 13:05:11 -04:00
Martin Angers
33454fc6e9
Bugfix: wiped ADE-enrolled iOS device remains wiped on re-enroll (#29715) 2025-06-09 10:18:03 -04:00
Juan Fernandez
1c7d2a0c8a
Removes duplicates when listing software titles on 'All teams' (#29459)
For #26375. 

When listing software titles for 'All teams', do not join against
software installers nor vpps to avoid duplicates.

Since filters related to software installers/VPP apps are no longer used
when viewing titles for 'All teams', the filter dropdown is disabled if
'All teams' is selected.
2025-06-07 10:47:53 -04:00
Victor Lyuboslavsky
2d24008091
Fix Microsoft UTF16 endianness. (#29708)
Fixes #28488

Microsoft uses UTF16LE and not UTF16BE

# Checklist for submitter
- [x] Changes file added for user-visible changes in `changes/`,
`orbit/changes/` or `ee/fleetd-chrome/changes`.
- [x] Added/updated automated tests
- [x] Manual QA for all new/changed functionality

---------

Co-authored-by: Herman Slatman <hslatman@users.noreply.github.com>
2025-06-04 12:02:28 -06:00
Konstantin Sykulev
8109f2021b
Switched to DeleteObject for gcp interoperability (#29553)
[28420](https://github.com/fleetdm/fleet/issues/28420)

- [x] Changes file added for user-visible changes in `changes/`,
`orbit/changes/` or `ee/fleetd-chrome/changes`.
See [Changes
files](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/guides/committing-changes.md#changes-files)
for more information.
2025-06-02 20:07:15 -05:00
Ian Littman
502aa8bafb
When MDM SSO rate limit is supplied, split rate limit bucket (#29663)
Also adds some more rate limiter tests to make sure separate rate limit
buckets interact as expected.

Fixes #29614.

# Checklist for submitter

If some of the following don't apply, delete the relevant line.

<!-- Note that API documentation changes are now addressed by the
product design team. -->

- [x] Changes file added for user-visible changes in `changes/`,
`orbit/changes/` or `ee/fleetd-chrome/changes`.
See [Changes
files](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/guides/committing-changes.md#changes-files)
for more information.
- [x] Input data is properly validated, `SELECT *` is avoided, SQL
injection is prevented (using placeholders for values in statements)
- For new Fleet configuration settings
- [x] Verified that the setting can be managed via GitOps, or confirmed
that the setting is explicitly being excluded from GitOps. (excluded;
env var or YAML)
- [x] Added/updated automated tests
- [ ] Manual QA for all new/changed functionality

---------

Co-authored-by: George Karr <georgekarrv@users.noreply.github.com>
Co-authored-by: Noah Talerman <47070608+noahtalerman@users.noreply.github.com>
2025-06-02 16:18:58 -06:00
Jordan Montgomery
6812275565
Honor "include any" when querying profiles for verification (#29557)
Fixes #28589 

Previously "include any" was not being properly honored when we queried
profiles for verification and so we never would actually verify profiles
where the user had an include any rule with multiple labels and the host
included a subset of the labels. Updated the query that returns profiles
to verify for Windows and Apple to return those profiles with "include
any" labels and a nonzero number of the targeted labels applied

Also rearranged and refactored the associated tests slightly and added a
single test that does the various permutations of "include all" "include
any" and "exclude any"

# Checklist for submitter

If some of the following don't apply, delete the relevant line.

<!-- Note that API documentation changes are now addressed by the
product design team. -->

- [ ] Changes file added for user-visible changes in `changes/`,
`orbit/changes/` or `ee/fleetd-chrome/changes`.
See [Changes
files](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/guides/committing-changes.md#changes-files)
for more information.
- [ ] Input data is properly validated, `SELECT *` is avoided, SQL
injection is prevented (using placeholders for values in statements)
- [x] Added/updated automated tests
- [x] Manual QA for all new/changed functionality
2025-06-02 10:03:02 -04:00
Juan Fernandez
ec42e2d416
Fixes 29044: UI bug due to missing style for tooltip. (#29556)
For #29044 

Fixed styling issues with 'Observers can run this query' tooltip on the queries page.
2025-05-30 19:02:58 -04:00
Ian Littman
37c062e8a3
Allow overriding MDM SSO rate limit with an env var or config (#29640)
Env var: `FLEET_MDM_SSO_RATE_LIMIT_PER_MINUTE`. **Not** managed via
GitOps.

# Checklist for submitter

If some of the following don't apply, delete the relevant line.

<!-- Note that API documentation changes are now addressed by the
product design team. -->

- [x] Changes file added for user-visible changes in `changes/`,
`orbit/changes/` or `ee/fleetd-chrome/changes`.
See [Changes
files](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/guides/committing-changes.md#changes-files)
for more information.
- [x] Input data is properly validated, `SELECT *` is avoided, SQL
injection is prevented (using placeholders for values in statements)
- For new Fleet configuration settings
- [x] Verified that the setting can be managed via GitOps, or confirmed
that the setting is explicitly being excluded from GitOps.
- [ ] Added/updated automated tests
- [ ] Manual QA for all new/changed functionality
2025-05-30 17:34:47 -05:00
Luke Heath
3ef7caef9d
Apply starter library during new Fleet instance setup (#29564) 2025-05-30 16:27:33 -05:00
Juan Fernandez
d6b3caf1db
Fixes 28109: UI bug related to policy reported results (#29562)
For #28109 

When running a policy, base the number of results on the number of 'sucessful' hosts.
2025-05-30 16:34:52 -04:00
Jahziel Villasana-Espinoza
9d2b07f76f
add a test that checks collation on new migrations (#29309)
> closes #26403

# Checklist for submitter

If some of the following don't apply, delete the relevant line.

<!-- Note that API documentation changes are now addressed by the
product design team. -->

- [x] If database migrations are included, checked table schema to
confirm autoupdate
- For database migrations:
- [x] Ensured the correct collation is explicitly set for character
columns (`COLLATE utf8mb4_unicode_ci`).
- [x] Added/updated automated tests
- [x] Manual QA for all new/changed functionality
2025-05-29 17:00:30 -04:00
Dante Catalfamo
12851f5679
Check content-type header when parsing cross-origin JSON (#29497) 2025-05-29 15:26:55 -04:00
Dante Catalfamo
3d60a28bce
Prevent user invite race condition (#29559) 2025-05-29 15:26:02 -04:00
Ian Littman
7a54a2de22
Include non-primary CVSS scores from NVD when a primary score doesn'texist for a given CVSS version (#29199)
Fixes #28261.

~~Of note, this logic will prefer a non-primary CVSSv3.1 score over a
primary CVSSv3.0 score if 3.1 doesn't have primary but 3.0 does. I
haven't seen any evidence of this in our dataset (looked at 2024
output).~~

Updated with logic that will prefer a primary CVSSv3.0 score over a
secondary CVSSv3.1 score for a given vulnerability. In the test dataset
(2023 vuln snapshot, ~20k vulns) there were no cases where this
situation presented itself, so output was identical to the prior
implementation.

Validated by comparing a vulns run from GitHub Actions to a local run
with the new code, and confirmed that existing v3 scores weren't
replaced when they already existed (just got adds of v2 when only v3
existed, and v2/v3 adds when no scoring existed).

Confirmed that all three CVEs mentioned in #28261 show up in feed data.
Added spot-checks for secondary CVSS scores to the feed validator tool.

# Checklist for submitter

If some of the following don't apply, delete the relevant line.

<!-- Note that API documentation changes are now addressed by the
product design team. -->

- [x] Changes file added for user-visible changes in `changes/`,
`orbit/changes/` or `ee/fleetd-chrome/changes`.
See [Changes
files](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/Committing-Changes.md#changes-files)
for more information.
- [x] Input data is properly validated, `SELECT *` is avoided, SQL
injection is prevented (using placeholders for values in statements)
- [x] Manual QA for all new/changed functionality
2025-05-29 13:03:19 -05:00
Jahziel Villasana-Espinoza
c237ea53b9
add activity for automatic install policy creation (#29409)
> Closes #28259

# Checklist for submitter

If some of the following don't apply, delete the relevant line.

<!-- Note that API documentation changes are now addressed by the
product design team. -->

- [x] Changes file added for user-visible changes in `changes/`,
`orbit/changes/` or `ee/fleetd-chrome/changes`.
See [Changes
files](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/guides/committing-changes.md#changes-files)
for more information.
- [x] Input data is properly validated, `SELECT *` is avoided, SQL
injection is prevented (using placeholders for values in statements)
- [x] Added/updated automated tests
- [x] Manual QA for all new/changed functionality
2025-05-28 17:58:58 -04:00
jacobshandling
d51ea2279e
UI: Update query automations modal (#29517)
## For #28884 

<img width="803" alt="Screenshot 2025-05-27 at 6 45 14 PM"
src="https://github.com/user-attachments/assets/f4bd431e-3df8-464b-b871-8baeba5cf86c"
/>


- [x] Changes file added for user-visible changes in `changes/`
- [x] Manual QA for all new/changed functionality

---------

Co-authored-by: Jacob Shandling <jacob@fleetdm.com>
2025-05-28 13:06:33 -07:00
jacobshandling
4b5f5e9406
UI: Update disk encryption key font (#29514)
## For #28865 

**Before**:
<img width="656" alt="Screenshot 2025-05-27 at 4 08 48 PM"
src="https://github.com/user-attachments/assets/42a97b6a-2612-47f0-8a04-ef2864a4b896"
/>

**Now**:
<img width="656" alt="Screenshot 2025-05-27 at 4 13 07 PM"
src="https://github.com/user-attachments/assets/f65c399b-16b8-498b-90ba-454333543c19"
/>


- [x] Changes file added for user-visible changes in `changes/`
- [x] Manual QA for all new/changed functionality

---------

Co-authored-by: Jacob Shandling <jacob@fleetdm.com>
2025-05-28 09:44:04 -07:00
jacobshandling
b7d84bca33
UI: Query "frequency" -> "interval" (#29518)
## For #28821 

- Update UI-rendered references to `/(F|f)requency/` to refer to
`/(I|i)nterval/` instead


![ezgif-60c1b29b41ce29](https://github.com/user-attachments/assets/d2012116-bfe7-4a0c-8056-e4d3e61e623d)

- More info: Note that this PR only changes copy actually rendered in
the UI (and an associated test), and is low-risk, so can be merged and
QAed quickly. [This
branch](https://github.com/fleetdm/fleet/tree/28821-add-on-update-code)
contains updates to variables, constants, and class names, more
error-prone changes that, if review and QA capacity allow, can be PRed
for consistency between the code and the copy, but is not critical for
the desired UI updates.

- [x] Changes file added for user-visible changes in `changes/`
- [x] Added/updated automated tests
- [x] Manual QA for all new/changed functionality

---------

Co-authored-by: Jacob Shandling <jacob@fleetdm.com>
2025-05-28 09:40:13 -07:00
Martin Angers
b287dbaf9f
Bugfix: Activate next activity on delete script (#29361) 2025-05-27 14:18:34 -04:00
Scott Gress
b7d0297d03
Update OPA dependency to v1.4.2 (#29454)
# Checklist for submitter

- [X] Changes file added for user-visible changes in `changes/`,
`orbit/changes/` or `ee/fleetd-chrome/changes`.
See [Changes
files](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/guides/committing-changes.md#changes-files)
for more information.
- [X] Added/updated automated tests
- [X] Manual QA for all new/changed functionality

## Details

This PR updates the Open Policy Agent (github.com/open-policy-agent/opa)
to version 1.4.2, and does the necessary test updates to handle the
indirect upgrade of Viper (which no longer supports YAML 1.1).

Once this is done we can also [upgrade
NFPM](https://github.com/fleetdm/fleet). I chose not to do that in this
PR to keep it to one change at a time.
2025-05-27 11:48:38 -05:00
Dante Catalfamo
5789d3f3c9
Add macOS redis cluster support (#29433) 2025-05-27 11:38:59 -04:00
Sharon Katz
103239105f
Fix #27888 (#29040)
This is fixing a misinterpretation of the [CIS
document](https://drive.google.com/file/d/1Bq6GSn_wRMp2JKbYsRt51V5BXV1gizDp/view?usp=drive_link)
for Macos 15/

In the doc search for:  "show full Website". 
The Audit bash script is:
```
% /usr/bin/sudo /usr/sbin/system_profiler SPConfigurationProfileDataType |
/usr/bin/grep ShowFullURLInSmartSearchField | /usr/bin/tr -d ' '

Result on my Mac:
ShowFullURLInSmartSearchField = 1;
```
This should be interpreted as 'Any user who has this setting is ok'. Not
looking for an empty user.
We have 48 other occurrences that we will discuss outside the scope of
this issue.

QA:
Applying the profile for my main user worked.
Adding a test user
The configuration was applied to it without the need to redeploy the
profile.

--> Hence, we are good with the way CIS recommends auditing.

checking with a query finds both accounts with the proper settign:

![image](https://github.com/user-attachments/assets/258c4183-dc76-49aa-a022-63954f1733dc)



# Checklist for submitter

If some of the following don't apply, delete the relevant line.

<!-- Note that API documentation changes are now addressed by the
product design team. -->

- [x] Changes file added for user-visible changes in `changes/`,
`orbit/changes/` or `ee/fleetd-chrome/changes`.
See [Changes
files](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/Committing-Changes.md#changes-files)
for more information.
2025-05-23 10:19:23 -04:00
jacobshandling
e25c1c3728
UI: Add ability to run a script on all hosts that match a set of supported filters; Add UI to view batch run summaries (#29025)
_Only merge to `main` after [back
end](https://github.com/fleetdm/fleet/pull/29149) and [back end
extension](https://github.com/fleetdm/fleet/pull/29312)_

## For #28699, #29143, #29281

- Run scripts by filter
- View batch script run summary via activity feed
- Code clean up

### Run scripts by filter:
<img width="1280" alt="Screenshot 2025-05-09 at 5 21 51 PM"
src="https://github.com/user-attachments/assets/bcf2e275-f229-461b-8411-0e99c34af5bf"
/>
<img width="1280" alt="Screenshot 2025-05-09 at 5 22 47 PM"
src="https://github.com/user-attachments/assets/d4882ed3-cfa6-4952-acbe-89c60d65d482"
/>

### View script run summary:

![ezgif-4ebaf9c57d6e57](https://github.com/user-attachments/assets/4201ff85-04e3-473f-8a82-969f85e59558)

- [x] Changes file added for user-visible changes in `changes/`
- [x] A detailed QA plan exists on the associated ticket (if it isn't
there, work with the product group's QA engineer to add it)
- [x] Manual QA for all new/changed functionality

---------

Co-authored-by: Jacob Shandling <jacob@fleetdm.com>
2025-05-22 16:45:43 -07:00
Ian Littman
ca09fa509b
Add OVAL supported OS mappings for Ubuntu 24.10 and 25.04 (#29381)
For #29345.

Tested with Ubuntu 24.10. Can test again with 25.04 once
https://github.com/fleetdm/nvd/pull/42 is merged.

# Checklist for submitter

If some of the following don't apply, delete the relevant line.

<!-- Note that API documentation changes are now addressed by the
product design team. -->

- [x] Changes file added for user-visible changes in `changes/`,
`orbit/changes/` or `ee/fleetd-chrome/changes`.
See [Changes
files](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/guides/committing-changes.md#changes-files)
for more information.
- [x] Manual QA for all new/changed functionality
2025-05-22 18:05:51 -05:00
Scott Gress
bb09925d73
Add ability to bulk execute scripts based on filters (#29149)
for #28700 

# Checklist for submitter

- [X] Changes file added for user-visible changes in `changes/`,
`orbit/changes/` or `ee/fleetd-chrome/changes`.

## Details

This PR adds the ability to use filters to select a subset of hosts to
run a script on, using the existing batch execution system. Due to the
scale limitations of the framework, we limit this to 5,000 hosts (we may
lift this limit in the future as we iterate on this feature).

The implementation follows the same basic strategy as the "transfer
hosts to team by filter" endpoint. If filters are supplied, they are
used to get host records using `ListHosts` or `ListHostsInLabel`. If IDs
are supplied, `ListHostsLiteByIDs` is used. From there, we do the same
validation as in the previous iteration, and send the host IDs to the
batch execution function.

There are many avenues for optimization here, some of which I already
have in a branch, but this is a very low-touch solution to get us larger
batch sizes right now. To do this at true scale warrants some cross-team
architecture discussions.

## Testing

**Automated:**

New automated tests were added for the existing `BatchExecuteScript`
service method, and verified that they still pass with the code updates.

**Manual testing:**

* Tested running a script on a subset of hosts on a single page (no team
and real team)
* Tested running a script on a subset of hosts using a query filter (no
team and real team)
* Tested running a script on a subset of hosts using a label filter (no
team and real team)
2025-05-22 16:44:34 -05:00
Juan Fernandez
55fec5283e
Re-verify Linux disk encryption #26693 (#29034)
Fixes #26693 

Added functionality to verify that the escrowed LUKS disk encryption key is valid. To achieve this, two new fleetd tables were added: lsblk and  cryptsetup_luks_salt/table to compare the stored encryption key with the ones present on the host.
2025-05-22 16:15:26 -04:00
Scott Gress
c8312c83c3
Add batch script execution summary endpoint (#29312)
# Checklist for submitter

- [X] Changes file added for user-visible changes in `changes/`,
`orbit/changes/` or `ee/fleetd-chrome/changes`.
See [Changes
files](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/guides/committing-changes.md#changes-files)
for more information.
- [X] Input data is properly validated, `SELECT *` is avoided, SQL
injection is prevented (using placeholders for values in statements)
- [X] Added/updated automated tests
- [X] Manual QA for all new/changed functionality

## Details

This PR adds a new `GET /scripts/batch/summary/:batch_execution_id`
endpoint that returns a summary of the current state of a batch script
execution, including some basic info about the script being executed and
a breakdown of how hosts have responded. See
https://github.com/fleetdm/fleet/pull/29200 for API response.
2025-05-22 15:07:35 -05:00
Dante Catalfamo
0b6ee9392f
Windows 11 Enterprise CIS 4.0 (#29191)
#27396 

## Results

First Column:

-   `+` = Added
-   D = Duplicate
-   X = Updated/Removed
-   ? = Unclear/un-actionable

Tested Column:

-   Yes = Works as described
- NF = Could not find GP setting, but registry key exists and editing it
makes the policy pass
- NA = Not available. Could not find GP setting, registry setting
doesn't exist

| | Tested | Type | Comment |
|--- |------- |------
|-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
|
| + | NF | ADD | 5 (L2) Ensure 'WinHTTP Web Proxy Auto-Discovery Service
(WinHttpAutoProxySvc)' is set to 'Disabled' |
| + | Yes | ADD | 18.10.58 (L1) Ensure 'Turn on Basic feed
authentication over HTTP' is set to 'Disabled' |
| + | Yes | ADD | 2.3.11 (L1) Ensure 'Network security: LDAP client
encryption requirements' is set to 'Negotiate sealing' or higher |
| + | Yes | ADD | 18.6.4 (L1) Ensure 'Configure multicast DNS (mDNS)
protocol' is set to 'Disabled' |
| + | Yes | ADD | 18.6.4 (L2) Ensure 'Turn off default IPv6 DNS Servers'
is set to 'Enabled' |
| + | Yes | ADD | 18.6.7 (L1) Ensure 'Audit client does not support
encryption' is set to 'Enabled' |
| + | Yes | ADD | 18.6.7 (L1) Ensure 'Audit client does not support
signing' is set to 'Enabled' |
| + | Yes | ADD | 18.6.7 (L1) Ensure 'Audit insecure guest logon' is set
to 'Enabled' |
| + | Yes | ADD | 18.6.7 (L1) Ensure 'Enable authentication rate
limiter' is set to 'Enabled' |
| + | Yes | ADD | 18.6.7 (L1) Ensure 'Enable remote mailslots' is set to
'Disabled' |
| + | Yes | ADD | 18.6.7 (L1) Ensure 'Mandate the minimum version of
SMB' is set to 'Enabled: 3.1.1' |
| + | Yes | ADD | 18.6.7 (L1) Ensure 'Set authentication rate limiter
delay (milliseconds)' is set to 'Enabled: 2000' or more |
| + | Yes | ADD | 18.6.8 (L1) Ensure 'Audit insecure guest logon' is set
to 'Enabled' |
| + | Yes | ADD | 18.6.8 (L1) Ensure 'Audit server does not support
encryption' is set to 'Enabled' |
| + | Yes | ADD | 18.6.8 (L1) Ensure 'Audit server does not support
signing' is set to 'Enabled' |
| D | -- | ADD | 18.6.8 (L1) Ensure 'Enable remote mailslots' is set to
'Disabled' |
| D | -- | ADD | 18.6.8 (L1) Ensure 'Mandate the minimum version of SMB'
is set to 'Enabled: 3.1.1' |
| + | Yes | ADD | 18.7 (L2) Ensure 'Configure Windows protected print'
is set to 'Enabled' |
| + | Yes | ADD | 18.9 (L1) Ensure 'Configure the behavior of the sudo
command' is set to 'Enabled: Disabled' |
| + | Yes | ADD | 18.9.30.1 (L1) Ensure 'Block NetBIOS-based discovery
for domain controller location' is set to 'Enabled' |
| + | Yes | ADD | 18.9.39 (L1) Ensure 'Configure SAM change password RPC
methods policy' is set to 'Enabled: Block all change password RPC
methods' |
| + | Yes | ADD | 18.10.3 (L2) Ensure 'Turn off API Sampling' is set to
'Enabled' |
| + | Yes | ADD | 18.10.3 (L2) Ensure 'Turn off Application Footprint'
is set to 'Enabled' |
| + | Yes | ADD | 18.10.3 (L2) Ensure 'Turn off Install Tracing' is set
to 'Enabled' |
| + | Yes | ADD | 18.10.4 (L1) Ensure 'Not allow per-user unsigned
packages to install by default (requires explicitly allow per install)'
is set to 'Enabled' |
| + | Yes | ADD | 18.10.18 (L1) Ensure 'Enable App Installer Local
Archive Malware Scan Override' is set to 'Disabled' |
| + | Yes | ADD | 18.10.18 (L1) Ensure 'Enable App Installer Microsoft
Store Source Certificate Validation Bypass' is set to 'Disabled' |
| + | Yes | ADD | 18.10.18 (L2) Ensure 'Enable Windows Package Manager
command line interfaces' is set to 'Disabled' |
| + | Yes | ADD | 18.10.29 (L1) Ensure 'Do not apply the Mark of the Web
tag to files copied from insecure sources' is set to 'Disabled' |
| + | Yes | ADD | 18.10.43 (L1) Ensure 'Control whether exclusions are
visible to local users' is set to 'Enabled' |
| + | Yes | ADD | 18.10.43.4 (L1) Ensure 'Enable EDR in block mode' is
set to 'Enabled' |
| + | Yes | ADD | 18.10.43.8 (L2) Ensure 'Convert warn verdict to block'
is set to 'Enabled' |
| + | Yes | ADD | 18.10.43.10 (L1) Ensure 'Configure real-time
protection and Security Intelligence Updates during OOBE' is set to
'Enabled' |
| + | Yes | ADD | 18.10.43.11.1.1 (L2) Ensure 'Configure Brute-Force
Protection aggressiveness' is set to 'Enabled: Medium' or higher |
| + | Yes | ADD | 18.10.43.11.1.1 (L1) Ensure 'Configure Remote
Encryption Protection Mode' is set to 'Enabled: Audit' or higher |
| + | Yes | ADD | 18.10.43.11.1.2 (L2) Ensure 'Configure how
aggressively Remote Encryption Protection blocks threats' is set to
'Enabled: Medium' or higher |
| + | Yes | ADD | 18.10.43.13 (L1) Ensure 'Scan excluded files and
directories during quick scans' is set to 'Enabled: 1' |
| + | Yes | ADD | 18.10.43.13 (L1) Ensure 'Trigger a quick scan after X
days without any scans' is set to 'Enabled: 7' |
| + | Yes | ADD | 18.10.57.3.3 (L2) Ensure 'Restrict clipboard transfer
from server to client' is set to 'Enabled: Disable clipboard transfers
from server to client' |
| + | NA | ADD | 19.7.40 (L1) Ensure 'Turn off Windows Copilot' is set
to 'Enabled' |
| + | NF | ADD | 5 (L2) Ensure 'GameInput Service (GameInputSvc)' is set
to 'Disabled' |
| + | Yes | ADD | 18.6.8 (L1) Ensure 'Require Encryption' is set to
'Enabled' |
| + | Yes | ADD | 18.10.91 (L2) Ensure 'Allow mapping folders into
Windows Sandbox' is set to 'Disabled' |
| X | Yes | MOVE | 18.4.1 (L1) Ensure 'Configure RPC packet level
privacy setting for incoming connections' is set to 'Enabled' TO 18.7 |
| X | Yes | REMOVE | 18.10.42 Ensure 'Turn off Microsoft Defender
AntiVirus' is set to 'Disabled' |
| X | Yes | REMOVE | 18.10.15 (L1) Ensure 'Toggle user control over
Insider builds' is set to 'Disabled' |
| X | Yes | REMOVE | 18.10.66 (L1) Ensure 'Only display the private
store within the Microsoft Store' is set to 'Enabled' |
| X | Yes | REMOVE | 2.3.1 (L1) Ensure 'Accounts: Block Microsoft
accounts' is set to 'Users can't add or log on with Microsoft accounts'
|
| X | Yes | REMOVE | 18.9.7.1 (BL) Ensure 'Prevent installation of
devices that match any of these device IDs: Prevent installation of
devices that match any of these device IDs' is set to
'PCI\CC<sub>0C0A</sub>' |
| X | Yes | REMOVE | 18.9.7 (BL) Ensure 'Prevent installation of devices
that match any of these device IDs: Also apply to matching devices that
are already installed.' is set to 'True' (checked) |
| X | Yes | REMOVE | 18.9.7 (BL) Ensure 'Prevent installation of devices
that match any of these device IDs' is set to 'Enabled' |
| X | Yes | REMOVE | 5 (L2) Ensure 'Peer Name Resolution Protocol
(PNRPsvc)' is set to 'Disabled' |
| X | Yes | REMOVE | 5 (L2) Ensure 'Peer Networking Grouping (p2psvc)'
is set to 'Disabled' |
| X | Yes | REMOVE | 5 (L2) Ensure 'Peer Networking Identity Manager
(p2pimsvc)' is set to 'Disabled' |
| X | Yes | REMOVE | 5 (L2) Ensure 'PNRP Machine Name Publication
Service (PNRPAutoReg)' is set to 'Disabled' |
| X | Yes | REMOVE | 18.6.4 (L1) Ensure ‘Configure DNS over HTTPS (DoH)
name resolution' is set to 'Enabled: Allow DoH' or higher |
| X | Yes | RENAME | 2.2 (L1) Configure 'Create symbolic links' TO (L1)
Ensure 'Create symbolic links' is set to 'Administrators'23528 |
| X | Yes | RENAME | 2.2 (L2) Configure 'Log on as a service' TO (L2)
Ensure 'Log on as a service' is configured |
| + | Yes | RENAME | 18.10.82.1 (L1) Ensure 'Enable MPR notifications
for the system' TO 'Configure the transmission of the user's password in
the content of MPR notifications sent by winlogon.' |
| X | Yes | UPDATE | 18.10.17 (L1 -> L2) Ensure 'Enable App Installer'
is set to 'Disabled' |
| X | Yes | UPDATE | 18.4 (L1) Ensure 'Enable Certificate Padding' TO
Allow REG<sub>DWORD</sub> or REG<sub>SZ</sub> |
| X | NA | UPDATE | 18.9.26 Ensure 'Configures LSASS to run as a
protected process' is set to 'Enabled: Enabled with UEFI Lock' |
| ? | Unknown | UPDATE | Section 17 Auditpol commands to use Policy
GUIDs |
| ? | Unknown | UPDATE | 18.4 (L1) Ensure 'Enable Certificate Padding'
is set to 'Enabled' |
| ? | Unknown | UPDATE | Section changes from Windows 11 Release 23H2
v2.0 Administrative Templates |
| ? | Unknown | UPDATE | Section changes from Windows 11 Release 24H2
Administrative Templates |
| ? | Unknown | UPDATE | User Overview (Section 19) |
| ? | Unknown | UPDATE | Profile Names |
| ? | Unknown | UPDATE | General Overview and Intended Audience Section
|
| ? | Unknown | UPDATE | BitLocker Operating System Drive Section |
| ? | Unknown | UPDATE | 18.10.93.4 (L1) Ensure 'Enable optional
updates' is set to 'Disabled' |
2025-05-22 15:55:45 -04:00
Dante Catalfamo
a202e31929
Add SMTP settings save tooltip (#29112) 2025-05-22 14:47:38 -04:00
Jordan Montgomery
149cd9daca
Tweak MDM detection query to return the proper enrollment when there are multiple entries (#29360)
This change is deceptively simple but helps us choose the right one in
cases like #29042 where there are multiple enrollments in the registry.
In this case the customer seems to have been using something like
co-management(though even using their MDM we have not repro'd
internally) which leads to 2 registry keys in the registry with a UPN
node. I believe the way some MDM services handle unenroll can also leave
the registry keys in this state. Either way, because of this, and the
fact that we have a LIMIT 1 in the query, we were, in 50% of the cases
where we had multiple keys, returning the less useful of the nodes from
the query and because no Server URL was coming back we were treating it
as if the host was not MDM enrolled and thus, not unenrolling it, and
leading to enrollment failing.

With this change we'll return the proper registry key which should allow
us to, in the case of migration, properly unenroll the host and even in
the case where a customer isn't using Fleet MDM will allow us to display
the correct information from the registry.

# Checklist for submitter

If some of the following don't apply, delete the relevant line.

<!-- Note that API documentation changes are now addressed by the
product design team. -->

- [x] Changes file added for user-visible changes in `changes/`,
`orbit/changes/` or `ee/fleetd-chrome/changes`.
See [Changes
files](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/guides/committing-changes.md#changes-files)
for more information.
- [x] Input data is properly validated, `SELECT *` is avoided, SQL
injection is prevented (using placeholders for values in statements)
- [x] Manual QA for all new/changed functionality
2025-05-22 14:08:05 -04:00
Luke Heath
45742e946f
Adding changes for Fleet v4.68.0 (#28800) 2025-05-22 11:47:40 -05:00
RachelElysia
0ae3abd5d6
Fleet UI: Allow gitOps mode to add package to view YAML (#29274) 2025-05-22 09:47:57 -04:00
Scott Gress
2e89780c6d
add HostIDs to label API (#29185)
for #27701

# Checklist for submitter

- [X] Changes file added for user-visible changes in `changes/`,
`orbit/changes/` or `ee/fleetd-chrome/changes`.
See [Changes
files](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/Committing-Changes.md#changes-files)
for more information.
- [X] Manual QA for all new/changed functionality

## Details

This PR fixes an issue where adding or removing a single host on a
manual label in the UI had unexpected results when that host's serial
number was not unique. When adding the host, all other hosts with the
same serial # would be added. When removing the host, _no_ hosts would
be removed unless _all_ the hosts with the matching serial # were
removed. The fix here is to introduce a new API param `host_ids` which
allows sending explicit Fleet host IDs to the add/update label APIs.
These are guaranteed to be unique.

## Testing

* Added new automated tests for the `NewLabel` and `ModifyLabel`
services
* Manually tested adding and modifying labels using hosts with duplicate
serials (I manually updated serials in my local db to get duplicates)

## Notes

* The existing `hosts` param is preserved (and tested) since API-only
users may rely on it.
* A separate API docs PR will be opened.
2025-05-22 08:20:35 -05:00
Dante Catalfamo
405dd55371
Make read_host_disk_encryption_key a host activity (#28858)
#28521
2025-05-21 16:47:11 -04:00
jacobshandling
bf9e9566a8
UI: Fix permissions for accessing queries table Edit UX (#29319)
## For #28532 

#### As global observer:
![Screenshot 2025-05-20 at 10 03
59 PM](https://github.com/user-attachments/assets/8ad9d01d-d0cb-402c-b32b-1928a494054e)

#### As global admin:
![Screenshot 2025-05-20 at 10 04
01 PM](https://github.com/user-attachments/assets/6f8fdfd5-9255-4865-b91a-0d2fd4a22121)


- [x] Changes file added for user-visible changes in `changes/`
- [x] Manual QA for all new/changed functionality

---------

Co-authored-by: Jacob Shandling <jacob@fleetdm.com>
2025-05-21 10:40:57 -07:00
Gabriel Hernandez
725e7336b9
add host filtering by mdm config profile and the profile status (#29287)
For [#28761](https://github.com/fleetdm/fleet/issues/28761)

This adds the ability to filter the hosts by `profile_uuid` and
`profile_status` query params. This was added for the following
endpoints:

```
GET /hosts
GET /hosts/count
GET /hosts/reports
```

This also adds the UI needed to send the query params to the API
correctly when exporting a CSV of the hosts

- [x] Changes file added for user-visible changes in `changes/`,
`orbit/changes/` or `ee/fleetd-chrome/changes`.
- [x] Added/updated automated tests
- [x] Manual QA for all new/changed functionality
2025-05-21 18:29:13 +01:00
Dante Catalfamo
54efd74f77
Cancel upcoming scripts on edit (#28924)
#28701
2025-05-21 13:04:59 -04:00
Konstantin Sykulev
a42167462f
Added SHA256 hash from mac apps on install paths (#29280)
https://github.com/fleetdm/fleet/issues/25545

- [x] Changes file added for user-visible changes in `changes/`,
`orbit/changes/` or `ee/fleetd-chrome/changes`.
See [Changes
files](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/guides/committing-changes.md#changes-files)
for more information.
- [x] Input data is properly validated, `SELECT *` is avoided, SQL
injection is prevented (using placeholders for values in statements)
- [ ] Added support on fleet's osquery simulator `cmd/osquery-perf` for
new osquery data ingestion features.
- [x] Added/updated automated tests
- [x] Manual QA for all new/changed functionality
- For Orbit and Fleet Desktop changes:
- [ ] Make sure fleetd is compatible with the latest released version of
Fleet (see [Must
rule](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/workflows/fleetd-development-and-release-strategy.md)).
- [x] Orbit runs on macOS, Linux and Windows. Check if the orbit
feature/bugfix should only apply to one platform (`runtime.GOOS`).
- [x] Manual QA must be performed in the three main OSs, macOS, Windows
and Linux.
- [ ] Auto-update manual QA, from released version of component to new
version (see [tools/tuf/test](../tools/tuf/test/README.md)).
2025-05-20 23:38:59 -05:00
jacobshandling
19fe0ff5ce
UI: Improve TooltipTruncatedText and now underlying useCheckTruncatedElement (#29232)
## For #27667 

- Have `TooltipTruncatedText` component use `useCheckTruncatedElement`
to track its current state of truncation.
- Update `useCheckTruncatedElement` to re-evaluate truncation state
based on changes to the width of
the element itself as opposed to changes to viewport width. This
facilitates truncation when the
width of the element is updated due to user interaction / change in UI
state other than window resize, e.g. checking a policy in the policy
software automations modal (see issue description for details
reproduction instructions there).

**Truncation with tooltip successful for UI state changes:**

![ezgif-27969fb4a17d3e](https://github.com/user-attachments/assets/66156bd5-7948-4e73-9c11-4a08fde44189)

Truncation with tooltip successful for viewport resizing:

![ezgif-2515f715b05436](https://github.com/user-attachments/assets/8ef70579-1e89-4a4b-9fd0-93a4776d3151)

![ezgif-24a953c65500d9](https://github.com/user-attachments/assets/fc2f302b-6f7e-463e-97d2-9978b97c5601)

- [x] Changes file added for user-visible changes in `changes/⁄
- [x] Manual QA for all new/changed functionality

---------

Co-authored-by: Jacob Shandling <jacob@fleetdm.com>
2025-05-20 15:41:53 -07:00
Scott Gress
28ba274f1f
Fix SQL query editor cursor alignment issue (#28878)
for #27233 

# Checklist for submitter

- [X] Changes file added for user-visible changes in `changes/`,
`orbit/changes/` or `ee/fleetd-chrome/changes`.
See [Changes
files](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/Committing-Changes.md#changes-files)
for more information.

## Details

This PR fixes an issue where the cursor in the SQL editor would become
misaligned under some circumstances. I was never able to reproduce this
personally, but big thanks to @mason-buettner for both the reproduction
and testing this fix.

The issue seems to stem from the Ace editor having a hard time dealing
with CSS scaling. I'm not sure what circumstances actually cause this to
occur, but a combination of Google and ChatGPT lead me to
https://github.com/securingsincity/react-ace/issues/750 and
https://github.com/ajaxorg/ace/issues/4794 which I combined for this fix
which seems to work.
2025-05-20 16:56:52 -05:00
jacobshandling
b4a1042d3e
Re-calculate host failing policy and total issue counts whenever GET ing that host (#29109)
## For #27085 


![ezgif-4c995b0462ebed](https://github.com/user-attachments/assets/a1c1b2d1-c585-42c9-9db7-b45f4853e90b)


- [x] Changes file added for user-visible changes in `changes/`
- [x] Added/updated automated tests
- [x] Manual QA for all new/changed functionality

---------

Co-authored-by: Jacob Shandling <jacob@fleetdm.com>
2025-05-20 13:41:38 -07:00
Victor Lyuboslavsky
01b3a6e2d2
Remove webview when IdP not enabled. (#29283)
For #26996 and #28452

Demo video: https://www.youtube.com/shorts/WGS3JmKiZTs

The device/machine info is extracted from the PKCS7 signed body of the
POST request.

I did manual QA on iPhone since I don't have an ADE macOS device with
me.

# Checklist for submitter

- [x] Changes file added for user-visible changes in `changes/`,
`orbit/changes/` or `ee/fleetd-chrome/changes`.
- [x] Input data is properly validated, `SELECT *` is avoided, SQL
injection is prevented (using placeholders for values in statements)
- [x] Added/updated automated tests
- [x] Manual QA for all new/changed functionality
2025-05-20 22:50:48 +03:00
Jahziel Villasana-Espinoza
0e030eb458
handle case when fleet maintained apps list is null (#29296)
> For #29197 

# Checklist for submitter

If some of the following don't apply, delete the relevant line.

<!-- Note that API documentation changes are now addressed by the
product design team. -->

- [x] Changes file added for user-visible changes in `changes/`,
`orbit/changes/` or `ee/fleetd-chrome/changes`.
See [Changes
files](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/guides/committing-changes.md#changes-files)
for more information.
- [x] Manual QA for all new/changed functionality
2025-05-20 15:42:35 -04:00
Sarah Gillespie
b8acdfacdf
Fix MDM lifecycle bug when deleting multiple hosts (#29278) 2025-05-20 14:22:40 -05:00
Martin Angers
6051c28b55
BRP: cancel single profile on delete via UI (#29107) 2025-05-20 08:55:51 -04:00
Sarah Gillespie
aea4406b4f
Improve MDM device-to-user mapping for Apple devices (#29239) 2025-05-19 13:29:46 -05:00
Scott Gress
26e4395926
Allow GitOps to clear global settings more easily using overwrite option (#29215)
for #28118 

# Checklist for submitter

- [X] Manual QA for all new/changed functionality

## Details

This PR adds an `overwrite` option to the "modify app config" API which,
if set, causes the code to replace certain keys in the existing config
with keys from the incoming config, without attempting any merge. This
is then used by GitOps to allow it to easily clear settings that were
otherwise being merged together or ignored entirely due to the PATCH
semantics expected for the `fleetctl apply` use case.

The new setting is utilized in this first pass for the following
settings:

* `sso_settings`
* `smtp_settings`
* `features`
* `mdm.end_user_authentication`

It could be expanded to several more keys that we currently handle
piecemeal in the GitOps code by attempting to send empty values to the
server (with varying success).

Targeting `mdm.end_user_authentication` vs. all of `mdm` is based on
[this bug](https://github.com/fleetdm/fleet/issues/26175) being opened.
The concern with doing all of `mdm` would be that anyone who had e.g.
VPP set up in their app and hadn't set it up in GitOps would have it
wiped out. If we're comfortable with that risk I can update that here
and update the warning accordingly.

### More detail 

**The way this code works _without_ Overwrite mode on**

1. We unmarshall the incoming JSON from GitOps into a fresh AppConfig
struct `newAppConfig`. Anything keys not present in the incoming JSON
will result in default values being set in `newAppConfig`
2. We unmarshall the incoming JSON from GitOps into the current
`appConfig`. This uses an internal merge algorithm where keys not
present in the JSON will generally leave the matching keys in
`appConfig` untouched. We've been dealing with this by having GitOps
find missing keys and explicitly set them to non-nil empty states. When
arrays are encountered, they are _merged_, not replaced, which is
problematic for the `features.additional_queries` use case and probably
others.
3. We piecemeal replace certain data in `appConfig` with data from
`newAppConfig`, and save it to the db.

**The way this works _with_ Overwrite mode on**

Between steps 1 and 2 above, we _copy_ certain keys from `newAppConfig`
to `appConfig`. If the incoming JSON didn't have a key, the effect will
be that `appConfig` now has default values for that key. For nested
arrays like `features.additionalQueries`, the value in `appConfig` will
be precisely what the user put in GitOps.

## Testing

I tested adding/removing these settings with GitOps manually via
`fleetctl gitops`. On the main branch I could reproduce the issue where
omitting out these keys in my YAML did not lead to the settings being
reset on my instance. With the Features settings, the issue was more
granular, with inconsistent behavior when trying to remove individual
nested settings. On this branch, the settings are cleared as expected at
all levels of granularity.

I also added some new automated tests to verify the expected behavior
for these keys. All existing tests pass.

If accepted this PR would supercede
https://github.com/fleetdm/fleet/pull/29180 which approaches the issue
from the GitOps side for sso, smtp and mdm. Adapting that approach for
`features` would require custom logic to declare nested properties as
"cleared".
2025-05-19 11:18:28 -05:00
Ian Littman
aa733e66d5
Properly decode MSI product names from Windows-1252 (#29245)
For #27522.

See GDrive installer testdata for the Google Workspace Sync MSI used for
testing this.

# Checklist for submitter

If some of the following don't apply, delete the relevant line.

<!-- Note that API documentation changes are now addressed by the
product design team. -->

- [x] Changes file added for user-visible changes in `changes/`,
`orbit/changes/` or `ee/fleetd-chrome/changes`.
See [Changes
files](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/Committing-Changes.md#changes-files)
for more information.
- [x] Input data is properly validated, `SELECT *` is avoided, SQL
injection is prevented (using placeholders for values in statements)
- [x] Manual QA for all new/changed functionality
2025-05-19 10:39:57 -05:00
Ian Littman
980adc0c45
Improve .pkg metadata extraction for names and bundle IDs, let custom package metadata extraction tool check an entire directory at a time (#29249)
For #24083, #26597.

# Checklist for submitter

If some of the following don't apply, delete the relevant line.

<!-- Note that API documentation changes are now addressed by the
product design team. -->

- [x] Changes file added for user-visible changes in `changes/`,
`orbit/changes/` or `ee/fleetd-chrome/changes`.
See [Changes
files](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/Committing-Changes.md#changes-files)
for more information.
- [x] Input data is properly validated, `SELECT *` is avoided, SQL
injection is prevented (using placeholders for values in statements)
- [x] Added/updated automated tests
- [x] Manual QA for all new/changed functionality
2025-05-19 10:32:36 -05:00
Ian Littman
21006a1bd7
Batch host_software inserts in macOS names migration to improve performance for large host counts (#29238)
For https://github.com/fleetdm/confidential/issues/10596

# Checklist for submitter

If some of the following don't apply, delete the relevant line.

<!-- Note that API documentation changes are now addressed by the
product design team. -->

- [x] Changes file added for user-visible changes in `changes/`,
`orbit/changes/` or `ee/fleetd-chrome/changes`.
See [Changes
files](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/Committing-Changes.md#changes-files)
for more information.
- [x] Input data is properly validated, `SELECT *` is avoided, SQL
injection is prevented (using placeholders for values in statements)
- [x] If database migrations are included, checked table schema to
confirm autoupdate
- For database migrations:
- [x] Checked schema for all modified table for columns that will
auto-update timestamps during migration.
- [x] Confirmed that updating the timestamps is acceptable, and will not
cause unwanted side effects.
- [x] Ensured the correct collation is explicitly set for character
columns (`COLLATE utf8mb4_unicode_ci`).
- [x] Manual QA for all new/changed functionality
2025-05-17 12:42:01 -05:00
Jordan Montgomery
38811da1c0
Hold off on policy queries until after setup experience (#29159)
For #28205 

During setup experience customers often install all or most of the
software that would otherwise be installed based on the results of
policy queries. If we run policy queries during setup experience we end
up trying to install some software twice which, at best, leads to
confusing activities listed for the host. With these changes we will not
run policy queries on macOS hosts until after the host has exited setup
experience, at which point we should be able to avoid duplicate installs

# Checklist for submitter

If some of the following don't apply, delete the relevant line.

<!-- Note that API documentation changes are now addressed by the
product design team. -->

- [x] Changes file added for user-visible changes in `changes/`,
`orbit/changes/` or `ee/fleetd-chrome/changes`.
See [Changes
files](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/Committing-Changes.md#changes-files)
for more information.
- [x] Input data is properly validated, `SELECT *` is avoided, SQL
injection is prevented (using placeholders for values in statements)
- [x] Added/updated automated tests
- [x] Manual QA for all new/changed functionality
2025-05-16 14:56:27 -04:00
Gabriel Hernandez
9a32be0540
enable fleet secret variables in the macos setup script in gitops (#29164)
For #28215

Allows users to use fleet secret variables for macos setup script for
gitops.


- [x] Changes file added for user-visible changes in `changes/`,
`orbit/changes/` or `ee/fleetd-chrome/changes`.
- [ ] Added/updated automated tests
- [x] Manual QA for all new/changed functionality
2025-05-16 19:05:33 +01:00
Victor Lyuboslavsky
bfad93a1f0
Fixing issues with Apple DDM profile status (#29059)
For #27979 

This PR fixes Apple declarations issues:
- P2 issue with hashing the declaration token
- When declaration items are requested, mark any outstanding "remove"
operations as pending. This prevents "remove" operations from being
stuck in pending in some cases because they were actually already
processed.
- When updating verification status, don't update "remove" operations --
we don't update their status and we just delete them. This prevents the
issue where a "remove" operation got the updated status and the
"install" operation got stuck in verifying forever.
- when adding a declaration that has a matching remove outstanding, mark
the declaration verified. This prevents "install" operations from being
stuck in pending/verifying. Why? Because there is nothing for the host
to do if the same declaration was removed and then immediately added
back.
- migration to delete "remove" operations with non-nil and non-pending
status. These are the only legal statuses for remove operations.

# Checklist for submitter
- [x] Changes file added for user-visible changes in `changes/`,
`orbit/changes/` or `ee/fleetd-chrome/changes`.
- [x] If database migrations are included, checked table schema to
confirm autoupdate
- For database migrations:
- [x] Checked schema for all modified table for columns that will
auto-update timestamps during migration.
- [x] Confirmed that updating the timestamps is acceptable, and will not
cause unwanted side effects.
- [x] Ensured the correct collation is explicitly set for character
columns (`COLLATE utf8mb4_unicode_ci`).
- [x] Added/updated automated tests
- [x] A detailed QA plan exists on the associated ticket (if it isn't
there, work with the product group's QA engineer to add it)
- [x] Manual QA for all new/changed functionality
2025-05-15 13:05:25 -05:00
Victor Lyuboslavsky
890042d27a
Force enrollment profile sync when an Apple device was added to ABM. (#29147)
For #27854

I was able to reproduce the issue by simply unassigning device from an
MDM server, and then assigning back. Once assigned back, Fleet did not
resend the profile to ABM, and device was not able to enroll into MDM.

# Checklist for submitter

- [x] Changes file added for user-visible changes in `changes/`,
`orbit/changes/` or `ee/fleetd-chrome/changes`.
See [Changes
files](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/Committing-Changes.md#changes-files)
for more information.
- [x] Added/updated automated tests
- [x] Manual QA for all new/changed functionality
2025-05-15 12:29:38 -05:00
RachelElysia
4dc5f30dc1
Fleet UI: Surface copyable SHA256 hash on software details page (#29152) 2025-05-15 12:20:22 -04:00
Gabriel Hernandez
63b2e19630
allow turning off mdm for iphone and ipad hosts (#29087)
For [#23784](https://github.com/fleetdm/fleet/issues/23784)

This adds the "turn off mdm" option don't he host details page for
iPhone and iPad devices.

- [x] Changes file added for user-visible changes in `changes/`,
`orbit/changes/` or `ee/fleetd-chrome/changes`.
- [ ] Added/updated automated tests
- [ ] Manual QA for all new/changed functionality
2025-05-15 12:38:07 +01:00
Gabriel Hernandez
5815dc4e54
Feat UI host filter by custom profiles (#29038)
For #28759

This is the UI work for being able to filter hosts by a configuration
profile status. There are also added tests in this PR.


![image](https://github.com/user-attachments/assets/b2585093-b191-4dc5-a11e-55ad4156d713)


- [x] Changes file added for user-visible changes in `changes/`,
`orbit/changes/` or `ee/fleetd-chrome/changes`.
- [x] Added/updated automated tests
- [x] Manual QA for all new/changed functionality
2025-05-15 12:37:45 +01:00
Martin Angers
7f5fc14f59
Immediately ask for a host refetch when a host re-enrolls and reuses an existing host row (#29081) 2025-05-14 09:38:53 -04:00
Juan Fernandez
3f298ac218
Error when deleting non managed GitOps labels #28440 (#29067)
Fixes #28440 

When running GitOps, delete any non-managed labels as the last step to avoid any DB constraint issues.
2025-05-13 20:16:16 -04:00
jacobshandling
28ea0f0589
UI: User menu style fix (#29066)
## For #27609 

<img width="180" alt="Screenshot 2025-05-12 at 4 00 52 PM"
src="https://github.com/user-attachments/assets/1aabd897-ecae-45f0-9b53-c81677a47d55"
/>

- [x] Changes file added for user-visible changes in `changes/`
- [x] Manual QA for all new/changed functionality

---------

Co-authored-by: Jacob Shandling <jacob@fleetdm.com>
2025-05-13 11:49:48 -07:00
jacobshandling
9bd3a3df8d
UI: Hide script contents for saved script run activity details (#29064)
## For #27255 

- Hide script contents when a saved script was run
- Clean up code

<img width="1276" alt="Screenshot 2025-05-12 at 3 39 32 PM"
src="https://github.com/user-attachments/assets/e057820e-3db0-4ac0-be7c-38abf20cfadc"
/>


- [x] Changes file added for user-visible changes in `changes/`
- [x] Manual QA for all new/changed functionality

---------

Co-authored-by: Jacob Shandling <jacob@fleetdm.com>
2025-05-13 11:16:27 -07:00
Ian Littman
3edf684db1
Add backend for uninstalls in My device UI (#29035)
For #28846. Intentionally not limited to self-service/in-scope apps,
though we don't have any software listing changes in this PR to show
more titles in the self-service list.

QA plan is a bit light due to ticket being underspec'd. Can figure out
how we deal with that later.

# Checklist for submitter

If some of the following don't apply, delete the relevant line.

<!-- Note that API documentation changes are now addressed by the
product design team. -->

- [x] Changes file added for user-visible changes in `changes/`,
`orbit/changes/` or `ee/fleetd-chrome/changes`.
See [Changes
files](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/Committing-Changes.md#changes-files)
for more information.
- [x] Input data is properly validated, `SELECT *` is avoided, SQL
injection is prevented (using placeholders for values in statements)
- [x] Added/updated automated tests
- [ ] A detailed QA plan exists on the associated ticket (if it isn't
there, work with the product group's QA engineer to add it)
- [x] Manual QA for all new/changed functionality
2025-05-13 12:14:45 -05:00
Scott Gress
ecb1a1caca
Add retry when applying queries (#28951)
for #28642

> Note: this PR diff is easier to view [with whitespace
off](https://github.com/fleetdm/fleet/pull/28951/files?w=1).

## Details

This PR adds retry to the "Apply Queries" logic, in an attempt to
alleviate deadlock issues when applying queries via GitOps. The
`applyQueriesInTx` now uses `withRetryTxx` instead of starting a
transaction with `BeginTxx`. This requires some downstream updates to
`updateQueryLabels` and `updateQueryLabelsInTx`, see PR comments for
details.

This is a first (and hopefully only necessary) step to fixing the
deadlock issues. If needed, we have other steps we can take like
batching the query inserts and splitting the read/write in
saveHostPackStatsDB
(see
https://github.com/fleetdm/fleet/issues/28642#issuecomment-2845804689)

## Testing

I tested this manually using `fleetctl gitops` to apply queries with and
without labels. Existing automated tests for Apply Queries still pass.
2025-05-13 12:06:20 -05:00
RachelElysia
175f110f86
Fleet UI: Created consistent UI for the copy button of an input field (#29056) 2025-05-13 10:24:32 -04:00
Jordan Montgomery
db3e3ff70b
Fix MDM last checkin and enrollment names to match API spec (#29073)
For #17710 

I focused too much on making sure we were returning the requested data
and got the actual property names wrong.

See https://github.com/fleetdm/fleet/pull/28940/files for proper names

- [x] Changes file added for user-visible changes in `changes/`,
`orbit/changes/` or `ee/fleetd-chrome/changes`.
See [Changes
files](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/Committing-Changes.md#changes-files)
for more information.
- [x] Input data is properly validated, `SELECT *` is avoided, SQL
injection is prevented (using placeholders for values in statements)
- [x] Added/updated automated tests
- [x] Manual QA for all new/changed functionality
2025-05-13 08:17:11 -04:00
Katheryn Satterlee
9ea5ecde68
Add neon to Linux platform list (#28977)
Added `neon` to list of Linux platforms associated with hosts so that
Linux-specific detail queries and policies will be sent to hosts running
the XDE Neon operating system.

This does not guarantee full compatibility with Neon, but will improve
telemetry.

Resolves #28560 


# Checklist for submitter


If some of the following don't apply, delete the relevant line.

<!-- Note that API documentation changes are now addressed by the
product design team. -->

- [x] Changes file added for user-visible changes in `changes/`,
`orbit/changes/` or `ee/fleetd-chrome/changes`.
See [Changes
files](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/Committing-Changes.md#changes-files)
for more information.
- [x] Added/updated automated tests
- [ ] A detailed QA plan exists on the associated ticket (if it isn't
there, work with the product group's QA engineer to add it)
- [ ] Manual QA for all new/changed functionality
2025-05-12 17:37:21 -05:00
jacobshandling
262832bfff
UI: Warn before saving script contents (#29026)
## For #28699 auxiliary feature


![ezgif-28c6ba4048c004](https://github.com/user-attachments/assets/2631286a-b4bd-431a-8ea1-5b962af933dd)

- [x] Changes file added for user-visible changes in `changes/`
- [x] A detailed QA plan exists on the associated ticket (if it isn't
there, work with the product group's QA engineer to add it)
- [x] Manual QA for all new/changed functionality

---------

Co-authored-by: Jacob Shandling <jacob@fleetdm.com>
2025-05-12 13:51:38 -07:00
RachelElysia
7463fb18b4
Fleet Desktop: Update component level error states (#28816) 2025-05-12 09:25:09 -04:00
Victor Lyuboslavsky
7b1187de0f
SCIM support for authentik (#29002)
SCIM support for authentik appears to work in Dogfood and also works in
the local environment on main.

We need to QA for official support.
2025-05-09 15:06:03 -04:00
Jordan Montgomery
ca149a0cdb
Add host apple MDM timestamps to host detail responses (#28998)
For #17710 

Adds mdm_last_seen_at and mdm_last_enrolled_at to the host details
response for Apple platforms

Still testing with actual hardware to make sure the timestamps update
when expected

- [x] Changes file added for user-visible changes in `changes/`,
`orbit/changes/` or `ee/fleetd-chrome/changes`.
See [Changes
files](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/Committing-Changes.md#changes-files)
for more information.
- [x] Input data is properly validated, `SELECT *` is avoided, SQL
injection is prevented (using placeholders for values in statements)
- [x] Added/updated automated tests
- [x] A detailed QA plan exists on the associated ticket (if it isn't
there, work with the product group's QA engineer to add it)
2025-05-09 14:18:48 -04:00
Gabriel Hernandez
b9e321e545
Add UI for viewing config profile install status and enable resending profiles to failed hosts. (#28964)
For [#28757](https://github.com/fleetdm/fleet/issues/28757)

implements UI for viewing a config profiles install status info as well
as allows user to resend the profile to hosts that it failed on. this
includes

**New info icon on the profile list item**

<img width="618" alt="image"
src="https://github.com/user-attachments/assets/2eb515fe-caea-43da-8e1c-02672825cf84"
/>

**modal to show config profile install status**

<img width="656" alt="image"
src="https://github.com/user-attachments/assets/21b6c483-1d36-40d9-9e5c-a74e7a9fcd50"
/>

**modal to confirm resending profile to failed hosts** 

<img width="666" alt="image"
src="https://github.com/user-attachments/assets/c29d0d24-f6ba-4567-b954-f3908cdfed85"
/>



- [x] Changes file added for user-visible changes in `changes/`,
`orbit/changes/` or `ee/fleetd-chrome/changes`.
- [ ] Added/updated automated tests
- [x] Manual QA for all new/changed functionality
2025-05-09 16:46:09 +01:00
Ian Littman
c06fab3dae
Add spot check on 2024 and 2025 NVD feeds to ensure VulnCheck enrichment (#28952)
For #28857.

# Checklist for submitter

If some of the following don't apply, delete the relevant line.

<!-- Note that API documentation changes are now addressed by the
product design team. -->

- [x] Changes file added for user-visible changes in `changes/`,
`orbit/changes/` or `ee/fleetd-chrome/changes`.
See [Changes
files](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/Committing-Changes.md#changes-files)
for more information.
- [x] Input data is properly validated, `SELECT *` is avoided, SQL
injection is prevented (using placeholders for values in statements)
- [x] Manual QA for all new/changed functionality
2025-05-08 22:13:46 -05:00
Victor Lyuboslavsky
6f9030ee3c
SCIM Entra ID support (#28832)
For #28196

This PR adds full patching for SCIM Users and Groups, and adds the
ability to filter Groups by displayName.

The changes have been tested with [Entra ID SCIM
Validator](67dfd91c0c/docs/Contributing/SCIM-integration.md (entra-id-integration))
and Okta SCIM 2.0 SPEC Test (to make sure we didn't break Okta).

# Checklist for submitter
- [x] Changes file added for user-visible changes in `changes/`,
`orbit/changes/` or `ee/fleetd-chrome/changes`.
- [x] Added/updated automated tests
- [x] A detailed QA plan exists on the associated ticket (if it isn't
there, work with the product group's QA engineer to add it)
- [x] Manual QA for all new/changed functionality
2025-05-08 13:02:49 -05:00
RachelElysia
7a66e37ec4
Fleet UI: Add FMA gitops to FMA details and update activity feed (#27878) 2025-05-08 09:22:55 -04:00
Konstantin Sykulev
a3ae1a6f91
Support for fleet maintained apps in gitops (#28751)
https://github.com/fleetdm/fleet/issues/24469

- [x] Changes file added for user-visible changes in `changes/`,
`orbit/changes/` or `ee/fleetd-chrome/changes`.
See [Changes
files](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/Committing-Changes.md#changes-files)
for more information.
- [x] Input data is properly validated, `SELECT *` is avoided, SQL
injection is prevented (using placeholders for values in statements)
- [x] If paths of existing endpoints are modified without backwards
compatibility, checked the frontend/CLI for any necessary changes
- [x] Added/updated automated tests
- [x] A detailed QA plan exists on the associated ticket (if it isn't
there, work with the product group's QA engineer to add it)
- [x] Manual QA for all new/changed functionality
2025-05-07 18:16:08 -05:00
Martin Angers
48de857dca
BRP: add batch-resend profile to hosts endpoint based on status (#28871) 2025-05-07 16:48:18 -04:00
Luke Heath
c247a2b784
Prepare Fleet v4.67.3 (#28883) 2025-05-06 15:29:34 -05:00
Scott Gress
ee7e085c15
update docs about disk_info table (#28795)
for #26674 

# Checklist for submitter

- [X] Changes file added for user-visible changes in `changes/`,
`orbit/changes/` or `ee/fleetd-chrome/changes`.
See [Changes
files](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/Committing-Changes.md#changes-files)
for more information.

## Details

This PR adds text to the existing `disk_info` notes in the UI,
clarifying that in ChromeOS, the table will only return data about
removable storage media. After researching the issue and trying various
alternatives, my conclusion is that ChromeOS is purposely designed to
make it very difficult to obtain hardware information (including
internal disk space and usage) via extensions. In order to actual do
this reporting, we'd need to integrate the [Chrome Admin
API](https://developers.google.com/workspace/admin/directory/reference/rest/v1/chromeosdevices#ChromeOsDevice)
into Fleet, which requires more design and planning.
2025-05-06 15:28:07 -05:00
Scott Gress
d716265641
Add "generate-gitops" command (#28555)
For #27476

# Checklist for submitter

- [X] Changes file added for user-visible changes in `changes/`,
`orbit/changes/` or `ee/fleetd-chrome/changes`.
See [Changes
files](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/Committing-Changes.md#changes-files)
for more information.
- [X] Input data is properly validated, `SELECT *` is avoided, SQL
injection is prevented (using placeholders for values in statements)

# Details

This PR adds a new command `generate-gitops` to the `fleetctl` tool. The
purpose of this command is to output GitOps-ready files that can then be
used with `fleetctl-gitops`.

The general usage of the command is:

```
fleectl generate-gitops --dir /path/to/dir/to/add/files/to
```

By default, the outputted files will not contain sensitive data, but
will instead add comments where the data needs to be replaced by a user.
In cases where sensitive data is redacted, the tool outputs warnings to
the user indicating which keys need to be updated.

The tool uses existing APIs to gather data for use in generating
configuration files. In some cases new API client methods needed to be
added to support the tool:

* ListConfigurationProfiles
* GetProfileContents
* GetScriptContents
* GetSoftwareTitleByID

Additionally, the response for the /api/latest/fleet/software/batch
endpoint was updated slightly to return `HashSHA256` for the software
installers. This allows policies that automatically install software to
refer to that software by hash.

Other options that we may or may not choose to document at this time:

* `--insecure`: outputs sensitive data in plaintext instead of leaving
comments
* `--print`: prints the output to stdout instead of writing files
* `--key`: outputs the value at a keypath to stdout, e.g. `--key
agent_options.config`
* `--team`: only generates config for the specified team name
* `--force`: overwrites files in the given directory (defaults to false,
which errors if the dir is not empty)

# Technical notes

The command is implemented using a `GenerateGitopsCommand` type which
holds some state (like a list of software and scripts encountered) as
well as a Fleet client instance (which may be a mock instance for tests)
and the CLI context (containing things like flags and output writers).
The actual "action" of the CLI command calls the `Run()` method of the
`GenerateGitopsCommand` var, which delegates most of the work to other
methods like `generateOrgSettings()`, `generateControls()`, etc.

Wherever possible, the subroutines use reflection to translate Go struct
fields into JSON property names. This guarantees that the correct keys
are written to config files, and protects against the unlikely event of
keys changing.

When sensitive data is encountered, the subroutines call `AddComment()`
to get a new token to add to the config files. These tokens are replaced
with comments like `# TODO - Add your enrollment secrets here` in the
final output.

# Known issues / TODOs:

* The `macos_setup` configuration is not output by this tool yet. More
planning is required for this. In the meantime, if the tool detects that
`macos_setup` is configured on the server, it outputs a key with an
invalid value and prints a warning to the user that they'll need to
configure it themselves.
* `yara_rules` are not output yet. The tool adds a warning that if you
have Yara rules (which you can only upload via GitOps right now) that
you'll have to migrate them manually. Supporting this will require a new
API that we'll have to discuss the authz for, so punting on it for now.
* Fleet maintained apps are not supported by GitOps yet (coming in
https://github.com/fleetdm/fleet/issues/24469). In the meantime, this
tool will output a `fleet_maintained_apps` key and trigger a warning,
and GitOps will fail if that key is present.

---------

Co-authored-by: Lucas Manuel Rodriguez <lucas@fleetdm.com>
Co-authored-by: Noah Talerman <47070608+noahtalerman@users.noreply.github.com>
2025-05-06 15:25:44 -05:00
Lucas Manuel Rodriguez
bfe3b186d3
Fix detected CVEs and docker scout exit code to fail the Github Action (#28836)
For #28837.

Fixing this all of this because we got multiple reports from the
community and customers and these were also detected by Amazon
Inspector.

- Fixes CVE-2025-22871 by upgrading Go from 1.24.1 to 1.24.2.
- `docker scout` now fails the daily scheduled action if there are
CRITICAL,HIGH CVEs (we missed setting `exit-code: true`).
- Report CVE-2025-46569 as not affected by it because of our use of
OPA's go package.
- Report CVE-2024-8260 as not affected by it because Fleet doesn't run
on Windows.
- The `security/status.md` shows a lot of changes because we are now
sorting CVEs so that newest come first.

---

- [X] Changes file added for user-visible changes in `changes/`,
`orbit/changes/` or `ee/fleetd-chrome/changes`.
See [Changes
files](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/Committing-Changes.md#changes-files)
for more information.
- [ ] Manual QA for all new/changed functionality
- For Orbit and Fleet Desktop changes:
- [ ] Make sure fleetd is compatible with the latest released version of
Fleet (see [Must
rule](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/fleetd-development-and-release-strategy.md)).
- [ ] Orbit runs on macOS, Linux and Windows. Check if the orbit
feature/bugfix should only apply to one platform (`runtime.GOOS`).
- [ ] Manual QA must be performed in the three main OSs, macOS, Windows
and Linux.
- [ ] Auto-update manual QA, from released version of component to new
version (see [tools/tuf/test](../tools/tuf/test/README.md)).
- [ ] For unreleased bug fixes in a release candidate, confirmed that
the fix is not expected to adversely impact load test results or alerted
the release DRI if additional load testing is needed.
2025-05-06 13:35:27 -03:00
Victor Lyuboslavsky
8ad9da71d6
Only allow distribution packages for bootstrap package (#28787)
For #27700 
When uploading bootstrap package for macOS setup experience, validate
that it is a Distribution package since that is required by Apple's
InstallEnterpriseApplication MDM command.


# Checklist for submitter

- [x] Changes file added for user-visible changes in `changes/`,
`orbit/changes/` or `ee/fleetd-chrome/changes`.
- [x] Added/updated automated tests
- [x] A detailed QA plan exists on the associated ticket (if it isn't
there, work with the product group's QA engineer to add it)
- [x] Manual QA for all new/changed functionality
2025-05-06 11:02:13 -05:00
Tim Lee
14967172a7
Downgrade sotware paths error (#28736) 2025-05-05 14:47:59 -06:00
Luke Heath
c2a6c9febe
Catch up 4.67.2 (#28780) 2025-05-02 15:48:29 -05:00
jacobshandling
722f4a03d8
UI: Premium feature message when viewing GitOps Mode toggle on Fleet Free (#28744)
## For #28743 

<img width="1350" alt="Screenshot 2025-05-01 at 3 19 24 PM"
src="https://github.com/user-attachments/assets/1fb56a1b-ce8c-4e8c-b8b6-be1d23f91380"
/>

- [x] Changes file added for user-visible changes in `changes/`
- [x] Manual QA for all new/changed functionality

---------

Co-authored-by: Jacob Shandling <jacob@fleetdm.com>
2025-05-02 09:34:37 -07:00
jacobshandling
19c2e9197d
UI: Enable Integrations > Advanced save button in GitOps Mode (#28748)
## For #28747 

<img width="639" alt="Screenshot 2025-05-01 at 4 28 22 PM"
src="https://github.com/user-attachments/assets/0808d9fd-8866-4eb1-a84e-bef1efdd6919"
/>

- [x] Changes file added for user-visible changes in `changes/
- [x] Manual QA for all new/changed functionality

---------

Co-authored-by: Jacob Shandling <jacob@fleetdm.com>
2025-05-02 09:32:34 -07:00
jacobshandling
dfa5573469
UI: Allow VPP token upload in GitOps mode (#28746)
## For #27941  


![ezgif-45eb8e193cea86](https://github.com/user-attachments/assets/4dee3f31-e087-4c3c-a101-3c228c5be38b)

- [x] Changes file added for user-visible changes in `changes/
- [x] Manual QA for all new/changed functionality

---------

Co-authored-by: Jacob Shandling <jacob@fleetdm.com>
2025-05-02 09:31:36 -07:00
jacobshandling
dc490c236d
UI: Clean up various states on the Settings page (#28752)
## For #28266 

<img width="1912" alt="Screenshot 2025-05-01 at 9 48 06 PM"
src="https://github.com/user-attachments/assets/f8b66d86-79c5-4166-b328-4befc3bd51f9"
/>
<img width="1912" alt="Screenshot 2025-05-01 at 9 48 44 PM"
src="https://github.com/user-attachments/assets/c7ddf782-4cfe-45a3-b291-86a61d127264"
/>
<img width="1912" alt="Screenshot 2025-05-01 at 9 49 43 PM"
src="https://github.com/user-attachments/assets/354ccdb6-f7f9-41c6-aceb-b08d2c8b76f0"
/>
<img width="1912" alt="Screenshot 2025-05-01 at 9 51 42 PM"
src="https://github.com/user-attachments/assets/d9405f9b-1146-47ea-a18c-8047cbfecffd"
/>

- [x] Changes file added for user-visible changes in `changes/`
- [x] Manual QA for all new/changed functionality

---------

Co-authored-by: Jacob Shandling <jacob@fleetdm.com>
2025-05-02 09:14:30 -07:00
jacobshandling
5c082647bc
UI: Support webhook logging configuration (#28737)
## For #28166 

- Support new webhook logging configuration
- Update and improve types

<img width="420" alt="Screenshot 2025-05-01 at 12 15 25 PM"
src="https://github.com/user-attachments/assets/0e624c6a-3d69-4c9d-a64b-2a27533e6d44"
/>

- [x] Changes file added for user-visible changes in `changes/`
- [x] Manual QA for all new/changed functionality

---------

Co-authored-by: Jacob Shandling <jacob@fleetdm.com>
2025-05-02 09:04:05 -07:00
Jahziel Villasana-Espinoza
db5444d6cd
software categories: backend (#28479)
> For #28138 

# Checklist for submitter

If some of the following don't apply, delete the relevant line.

<!-- Note that API documentation changes are now addressed by the
product design team. -->

- [x] Changes file added for user-visible changes in `changes/`,
`orbit/changes/` or `ee/fleetd-chrome/changes`.
See [Changes
files](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/Committing-Changes.md#changes-files)
for more information.
- [x] Input data is properly validated, `SELECT *` is avoided, SQL
injection is prevented (using placeholders for values in statements)
- [x] If database migrations are included, checked table schema to
confirm autoupdate
- For database migrations:
- [x] Ensured the correct collation is explicitly set for character
columns (`COLLATE utf8mb4_unicode_ci`).
- [x] Added/updated automated tests
- [x] A detailed QA plan exists on the associated ticket (if it isn't
there, work with the product group's QA engineer to add it)
- [x] Manual QA for all new/changed functionality

---------

Co-authored-by: Ian Littman <iansltx@gmail.com>
2025-05-02 11:41:26 -04:00
RachelElysia
12a14ea2a9
Fleet UI: Surface policy count triggering automatic installations (#28726) 2025-05-02 11:01:26 -04:00
RachelElysia
e5f56fc9fa
Fleet UI: VPP apps with self service shows correct install status (#28739) 2025-05-02 10:41:06 -04:00
RachelElysia
c68de7c953
Fleet UI: Upload and install tarball archives (#27839) 2025-05-02 10:17:09 -04:00
Dante Catalfamo
98e92aa9b4
Webhook logging destination (#28692)
#27445
2025-05-01 16:13:04 -04:00
jacobshandling
1f1ef3f8ef
Update Google Calendar event bodies and relevant previews in the Fleet UI (#28715)
## For #27458 

- Update Calendar events modal:
  - not-configured preview image
  - preview modal
- Update Google calendar event body

### In Google Calendar:
<img width="453" alt="Screenshot 2025-04-29 at 3 48 38 PM"
src="https://github.com/user-attachments/assets/6f7a7486-ab8d-448c-8e12-3ab9ac32b5ac"
/>

### In Fleet UI:
<img width="736" alt="Screenshot 2025-04-30 at 4 03 28 PM"
src="https://github.com/user-attachments/assets/5850f062-3ae9-4523-9c02-e2c52c3586c0"
/>


<img width="736" alt="Screenshot 2025-04-30 at 4 04 57 PM"
src="https://github.com/user-attachments/assets/6f6104a1-b3e7-4d40-8af0-5c264f93f2dc"
/>


- [x] Changes file added for user-visible changes in `changes/`, 
- [x] A detailed QA plan exists on the associated ticket (if it isn't
there, work with the product group's QA engineer to add it)
- [x] Manual QA for all new/changed functionality

---------

Co-authored-by: Jacob Shandling <jacob@fleetdm.com>
2025-05-01 13:12:53 -07:00
Dante Catalfamo
1815440a93
Add query IDs to query automation logs (#28570)
#27436

The `query_id` field is only added for responses where we have the query
in the database, to prevent unnecessary remarshaling during ingestion.
2025-05-01 15:21:30 -04:00
jacobshandling
9ab0eb2acd
UI: Update conditional access on a per-policy basis (#28658)
## For #28049 , #28610

- **Implement front end ability to enable or disable conditional access
on a per-policy basis**
- **Update policy status UI to include new "action required" state,
representing a failed policy on a host with conditional access enabled**
- Additional improvements

<img width="1624" alt="Screenshot 2025-04-29 at 1 32 33 PM"
src="https://github.com/user-attachments/assets/960b3348-b0e2-48b8-bcff-28f91f64fd01"
/>

<img width="1624" alt="Screenshot 2025-04-29 at 12 15 39 PM"
src="https://github.com/user-attachments/assets/b0e0cf1f-a693-4e0b-b18a-a44ee258975f"
/>

<img width="1624" alt="Screenshot 2025-04-29 at 12 15 49 PM"
src="https://github.com/user-attachments/assets/15f7bea1-7338-4997-93bf-8baeb308e3f0"
/>

<img width="1400" alt="updated policies table headers"
src="https://github.com/user-attachments/assets/164fd84a-a9ee-4dfe-8d73-b4e82e27edbc"
/>

- [x] Changes file added for user-visible changes in `changes/`
- [ ] Added/updated automated tests
- [x] A detailed QA plan exists on the associated ticket (if it isn't
there, work with the product group's QA engineer to add it)
- [x] Manual QA for all new/changed functionality

---------

Co-authored-by: Jacob Shandling <jacob@fleetdm.com>
2025-05-01 11:43:38 -07:00
Jordan Montgomery
87d05b3ed8
Display host certificate decimal serials in addition to hex for smaller values to match keychain (#28732)
For #27007 

# Checklist for submitter

If some of the following don't apply, delete the relevant line.

<!-- Note that API documentation changes are now addressed by the
product design team. -->

- [x] Changes file added for user-visible changes in `changes/`,
`orbit/changes/` or `ee/fleetd-chrome/changes`.
See [Changes
files](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/Committing-Changes.md#changes-files)
for more information.
- [x] Input data is properly validated, `SELECT *` is avoided, SQL
injection is prevented (using placeholders for values in statements)
- [x] A detailed QA plan exists on the associated ticket (if it isn't
there, work with the product group's QA engineer to add it)
- [x] Manual QA for all new/changed functionality
2025-05-01 14:29:11 -04:00
Victor Lyuboslavsky
d0d65b6dec
NDES cert renewal (#28712)
For #24880 

This includes a logic to gather the expiration date of managed NDES
certs and renewal of these certs. This PR includes some validation logic
(needed to not interfere with custom SCEP validation). The rest of
validation will be implemented as part of #24878

# Checklist for submitter
- [x] Changes file added for user-visible changes in `changes/`,
`orbit/changes/` or `ee/fleetd-chrome/changes`.
- [x] Added/updated automated tests
- [x] A detailed QA plan exists on the associated ticket (if it isn't
there, work with the product group's QA engineer to add it)
- [x] Manual QA for all new/changed functionality
2025-05-01 12:16:45 -05:00
jacobshandling
2beed5a2ec
UI: Fix live policy response percentage rounding (#28719)
## For #27052 

- Use `round` instead of `ceil` and `floor`

<img width="144" alt="Screenshot 2025-04-30 at 10 20 09 PM"
src="https://github.com/user-attachments/assets/48a64558-6aca-4cd0-be9e-a526f9e6219d"
/>


- [x] Changes file added for user-visible changes in `changes/`
- [x] Manual QA for all new/changed functionality

---------

Co-authored-by: Jacob Shandling <jacob@fleetdm.com>
2025-05-01 10:03:23 -07:00
Jordan Montgomery
e514fc4881
Custom SCEP renewal (#28616)
For https://github.com/fleetdm/fleet/issues/27984

# Checklist for submitter

If some of the following don't apply, delete the relevant line.

<!-- Note that API documentation changes are now addressed by the
product design team. -->

- [x] Changes file added for user-visible changes in `changes/`,
`orbit/changes/` or `ee/fleetd-chrome/changes`.
See [Changes
files](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/Committing-Changes.md#changes-files)
for more information.
- [x] Input data is properly validated, `SELECT *` is avoided, SQL
injection is prevented (using placeholders for values in statements)
- [x] If paths of existing endpoints are modified without backwards
compatibility, checked the frontend/CLI for any necessary changes
- [x] Added/updated automated tests
- [x] A detailed QA plan exists on the associated ticket (if it isn't
there, work with the product group's QA engineer to add it)
- [x] Manual QA for all new/changed functionality
2025-04-30 15:31:45 -04:00
Dante Catalfamo
1ab7bdc923
Bulk script execution backend (#28299)
#28158
2025-04-30 12:54:46 -04:00
Ian Littman
2febdbaee8
Fix broken installer PATCH (always failing with "missing install script" error) on EXEs (#28670)
For #28543

# Checklist for submitter

If some of the following don't apply, delete the relevant line.

<!-- Note that API documentation changes are now addressed by the
product design team. -->

- [x] Changes file added for user-visible changes in `changes/`,
`orbit/changes/` or `ee/fleetd-chrome/changes`.
See [Changes
files](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/Committing-Changes.md#changes-files)
for more information.
- [x] Input data is properly validated, `SELECT *` is avoided, SQL
injection is prevented (using placeholders for values in statements)
- [x] Added/updated automated tests
- [x] A detailed QA plan exists on the associated ticket (if it isn't
there, work with the product group's QA engineer to add it)
- [x] Manual QA for all new/changed functionality
2025-04-29 17:53:52 -05:00
Victor Lyuboslavsky
27b6174543
Fixed fleetctl gitops issue where creating a new team containing VPP apps caused an error. (#28624)
For #26114 

# Checklist for submitter
- [x] Changes file added for user-visible changes in `changes/`,
`orbit/changes/` or `ee/fleetd-chrome/changes`.
- [x] Added/updated automated tests
- [x] Manual QA for all new/changed functionality
2025-04-29 16:28:25 -05:00
Juan Fernandez
0e35aa85c0
Exclude certain sections from var interpolation when running gitops cmd (#28625)
Fixes #27477 

When running the gitops command do not perform variable interpolation inside the 'description' nor the 'resolution' sections.
2025-04-29 15:09:25 -04:00
Scott Gress
4b5f8de637
Add syntax highlighting support for shell and powershell scripts (#28417)
# Checklist for submitter

If some of the following don't apply, delete the relevant line.

<!-- Note that API documentation changes are now addressed by the
product design team. -->

- [X] Changes file added for user-visible changes in `changes/`,
`orbit/changes/` or `ee/fleetd-chrome/changes`.
See [Changes
files](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/Committing-Changes.md#changes-files)
for more information.

# Details

This PR adds syntax highlighting for shell scripts and Powershell
scripts. It switches highlighting mode based on the extension of the
file.

**Shell:**
<img width="775" alt="image"
src="https://github.com/user-attachments/assets/712ef7db-cf33-4bd7-b620-e4b55225ecf5"
/>

**Powershell:**
<img width="773" alt="image"
src="https://github.com/user-attachments/assets/8a9fedb8-d8e3-4285-9ae6-d6f17c760e52"
/>
2025-04-29 10:24:05 -05:00
Sarah Gillespie
9e535425cd
Handle wide logos in MDM setup experience and migration dialog on Apple devices (#28539) 2025-04-29 09:39:28 -05:00
Gabriel Hernandez
789b56000f
Add UI for enabling manual agent install of a bootstrap package (#28550)
For #[26070](https://github.com/fleetdm/fleet/issues/26070)

This adds the UI for enabling a manual agent install for a bootstrap
package. This includes:

**The new form option for enabling manual agent install of a bootstrap
package**


![image](https://github.com/user-attachments/assets/5d271136-e41b-4c03-bbd8-09450ded82dc)

**disabling adding install software and run script options when user has
enabled manual agent install**


![image](https://github.com/user-attachments/assets/24e3ce6e-8c8f-4987-91e6-8f3fa721d67b)


![image](https://github.com/user-attachments/assets/41be4090-b97f-4ffb-ad76-001232ccd434)


**improvements to the setup experience content styling. I've created a
`SetupExperienceContentContainer` component to centralise the styles for
the content of these sub sections.**

**updates to the preview sections copy and replacing the gifs with
videos**

- [x] Changes file added for user-visible changes in `changes/`,
`orbit/changes/` or `ee/fleetd-chrome/changes`.
- [ ] Added/updated automated tests
- [x] Manual QA for all new/changed functionality

---------

Co-authored-by: Sarah Gillespie <73313222+gillespi314@users.noreply.github.com>
2025-04-29 15:29:21 +01:00
Ian Littman
174322e89d
Add temporary index during migration to update host software installed paths more quickly (#28627)
Found while migration testing ahead of cloud environment migrations.
Speedup is on the order of 75x.

- [x] Changes file added for user-visible changes in `changes/`,
`orbit/changes/` or `ee/fleetd-chrome/changes`.
See [Changes
files](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/Committing-Changes.md#changes-files)
for more information.
- [x] Input data is properly validated, `SELECT *` is avoided, SQL
injection is prevented (using placeholders for values in statements)
- [x] If database migrations are included, checked table schema to
confirm autoupdate
- For database migrations:
- [x] Checked schema for all modified table for columns that will
auto-update timestamps during migration.
- [x] Confirmed that updating the timestamps is acceptable, and will not
cause unwanted side effects.
- [x] Ensured the correct collation is explicitly set for character
columns (`COLLATE utf8mb4_unicode_ci`).
- [x] Manual QA for all new/changed functionality
2025-04-28 20:38:40 -05:00
jacobshandling
85e826a094
UI: Add ability to run scripts on batches of hosts (#28563)
## For #28159 

- Implement UI capability to run scripts on batches of hosts at a time
  - Add new hosts table `Run script` primary action, triggers
- new `RunScriptBatch` modal, allows running scripts on the selected
batch of hosts
- new `RunScriptBatchPaginatedList`, handles logic specific to this
modal, and utilizes the now more flexible `PaginatedList` component
- Widen capabilities of `PaginatedList` component to elegantly handle
more diverse applications, including this one
- Widen capabilities of `ScriptDetailsModal` component to elegantly
handle more diverse applications, including this one
- Streamline updating `state`s on manage hosts page
- Clearer, more concise naming

- [x] Changes file added for user-visible changes in `changes/`
- [x] A detailed QA plan exists on the associated ticket (if it isn't
there, work with the product group's QA engineer to add it)
- [x] Manual QA for all new/changed functionality

---------

Co-authored-by: Jacob Shandling <jacob@fleetdm.com>
2025-04-28 16:32:41 -07:00
RachelElysia
3b42be5571
Fleet UI: Device user/Host details page layout changing including split out host header and summary card (#28598) 2025-04-28 13:00:13 -04:00
Gabriel Hernandez
9ec9995560
add truncation and tooltip to host details host with long name (#28547)
For [#27198](https://github.com/fleetdm/fleet/issues/27198)

Adds truncation and conditional tooltip to the host name on the host
details page.

- [x] Changes file added for user-visible changes in `changes/`,
`orbit/changes/` or `ee/fleetd-chrome/changes`.
- [x] Manual QA for all new/changed functionality
2025-04-28 17:09:42 +01:00
Ian Littman
37adfd4535
Fix software naming migration duplicate software collection query, add host software installed path remapping to migration to avoid orphaned paths (#28601)
For #28586.

Originally hotfixed into 4.67.2 in #28588. Merging back into `main`
here.
2025-04-28 09:52:57 -05:00
Ian Littman
c4e8197e61
Revert to first-in-wins on names in the software table (#28581)
For #28565. Merged into 4.67.0 via #28569. This lets us cleanly evaluate
where we stand and fix forward on top of what's already (about to be)
out in the wild.

Co-authored-by: Jahziel Villasana-Espinoza <jahziel@fleetdm.com>
2025-04-25 18:56:47 -05:00
Gabriel Hernandez
8a33a07cb1
Add keyboard accessibility controls to the activity items on host details and dashboard pages (#28433)
For [#26505](https://github.com/fleetdm/fleet/issues/26505)

This adds keyboard a11y controls to the activity items. We use a button
element for the clickable area around a button as this gives us all the
default keyboard control functionality out of the box.

https://www.loom.com/share/311d684c5df145d1b32b83c8c0285133

- [x] Changes file added for user-visible changes in `changes/`,
`orbit/changes/` or `ee/fleetd-chrome/changes`.
See [Changes
files](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/Committing-Changes.md#changes-files)
for more information.
- [x] Manual QA for all new/changed functionality
2025-04-25 10:21:56 +01:00
Luke Heath
7a20a24cbe
Adding changes for Fleet v4.67.0 (#28129) 2025-04-24 16:05:58 -05:00
Victor Lyuboslavsky
510a9bbc44
Added macos_setup.manual_agent_install to global/team config (#28419)
For #26071 and #26089

Added `macos_setup.manual_agent_install` boolean option. No validation
(pushed to another story due to complications caused by bug #28497)

Tests are failing due to vulnerability issues that are not related to
this feature. All tests were passing earlier.

# Checklist for submitter

- [x] Changes file added for user-visible changes in `changes/`,
`orbit/changes/` or `ee/fleetd-chrome/changes`.
- [x] Added/updated automated tests
- [x] A detailed QA plan exists on the associated ticket (if it isn't
there, work with the product group's QA engineer to add it)
- [x] Manual QA for all new/changed functionality
2025-04-24 15:18:01 -05:00
Ian Littman
49c49c7433
Implement self-service install status endpoints (#28424)
For #28411.

# Checklist for submitter

If some of the following don't apply, delete the relevant line.

<!-- Note that API documentation changes are now addressed by the
product design team. -->

- [x] Changes file added for user-visible changes in `changes/`,
`orbit/changes/` or `ee/fleetd-chrome/changes`.
See [Changes
files](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/Committing-Changes.md#changes-files)
for more information.
- [x] Input data is properly validated, `SELECT *` is avoided, SQL
injection is prevented (using placeholders for values in statements)
- [x] Added/updated automated tests
- [x] A detailed QA plan exists on the associated ticket (if it isn't
there, work with the product group's QA engineer to add it)
- [x] Manual QA for all new/changed functionality
2025-04-24 12:20:21 -05:00
Scott Gress
5c9afd3508
Add hash_sha256 field to "List Software Titles" API response (#28447)
# Checklist for submitter

If some of the following don't apply, delete the relevant line.

<!-- Note that API documentation changes are now addressed by the
product design team. -->

- [X] Changes file added for user-visible changes in `changes/`,
`orbit/changes/` or `ee/fleetd-chrome/changes`.
See [Changes
files](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/Committing-Changes.md#changes-files)
for more information.
- [X] Input data is properly validated, `SELECT *` is avoided, SQL
injection is prevented (using placeholders for values in statements)

# Details

To facilitate using the work of
[#23497](https://github.com/fleetdm/fleet/issues/23497) in the new
fleetctl generate-gitops command, we need to be able to retrieve the
hash values of the current software installers for a team. This PR adds
a new `hash_sha256` field to the response for the GET /software/titles
API in order to do that.

# Testing

Updated an existing automated test to check for the presence of the new
field when expected. Other tests still pass without it, as it's omitted
when the underlying `storage_id` db column is null 👍

I verified that the API response is as expected in Fleet:
<img width="361" alt="image"
src="https://github.com/user-attachments/assets/498b0a95-f35c-4ff5-8831-e4c5c68e5f94"
/>

# Docs

See https://github.com/fleetdm/fleet/pull/28453
2025-04-24 12:08:59 -05:00
Dante Catalfamo
4934aee8fb
Add To: header when constructing emails (#28507)
#28032
2025-04-24 09:00:35 -04:00
Jordan Montgomery
862739292e
Renewal of DigiCert certificates on macOS (#28449)
Adds renewal of Digicert certificates:
https://github.com/fleetdm/fleet/issues/26553 . Does not attempt to
renew custom SCEP or NDES. Also we aren't actually calling the DigiCert
renewal endpoint at this time because we don't believe we need to and we
can't necessarily do that as we weren't previously storing the serial
number however this change adds storage of the serial number.


# Checklist for submitter

If some of the following don't apply, delete the relevant line.

<!-- Note that API documentation changes are now addressed by the
product design team. -->

- [x] Changes file added for user-visible changes in `changes/`,
`orbit/changes/` or `ee/fleetd-chrome/changes`.
See [Changes
files](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/Committing-Changes.md#changes-files)
for more information.
- [x] Input data is properly validated, `SELECT *` is avoided, SQL
injection is prevented (using placeholders for values in statements)
- [x] If database migrations are included, checked table schema to
confirm autoupdate
- For database migrations:
- [x] Checked schema for all modified table for columns that will
auto-update timestamps during migration.
- [x] Confirmed that updating the timestamps is acceptable, and will not
cause unwanted side effects.
- [x] Ensured the correct collation is explicitly set for character
columns (`COLLATE utf8mb4_unicode_ci`).
- [x] Added/updated automated tests
- [x] A detailed QA plan exists on the associated ticket (if it isn't
there, work with the product group's QA engineer to add it)
2025-04-24 08:35:15 -04:00
Victor Lyuboslavsky
94aa81e42d
Removing Apple MDM profile validation checks for some com.apple.MCX keys (#28498)
For #28343 

Connects to #28343

Removing Apple MDM profile validation checks for com.apple.MCX keys
(dontAllowFDEDisable and dontAllowFDEEnable) due to customer feedback.

# Checklist for submitter

- [x] Changes file added for user-visible changes in `changes/`,
`orbit/changes/` or `ee/fleetd-chrome/changes`.
- [x] Added/updated automated tests
- [x] Manual QA for all new/changed functionality
2025-04-23 14:06:17 -05:00
Jordan Montgomery
97d261968b
Clear host_mdm table row when existing Windows hosts enroll as a different OS (#28463)
For https://github.com/fleetdm/fleet/issues/27501 . We wanted the fix to
be as simple and targeted as possible so I made it only happen when an
existing Windows host enrolls as a different OS.

# Checklist for submitter

If some of the following don't apply, delete the relevant line.

<!-- Note that API documentation changes are now addressed by the
product design team. -->

- [x] Changes file added for user-visible changes in `changes/`,
`orbit/changes/` or `ee/fleetd-chrome/changes`.
See [Changes
files](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/Committing-Changes.md#changes-files)
for more information.
- [x] Input data is properly validated, `SELECT *` is avoided, SQL
injection is prevented (using placeholders for values in statements)
- [x] Added/updated automated tests
- [x] A detailed QA plan exists on the associated ticket (if it isn't
there, work with the product group's QA engineer to add it)
- [x] Manual QA for all new/changed functionality
2025-04-23 08:53:24 -04:00
Gabriel Hernandez
de0b046453
remove no team gitops setting when no-team.yml is not supplied (#28082)
For #26148

remove gitops settings when deleting no-team.yml from the gitops repo.


- [x] Changes file added for user-visible changes in `changes/`,
`orbit/changes/` or `ee/fleetd-chrome/changes`.
- [x] Added/updated automated tests
- [x] Manual QA for all new/changed functionality
2025-04-22 16:40:17 +01:00
Martin Angers
bb9a3790a2
IdP vars: Populate IdP fleet variables in macOS configuration profiles (#28291) 2025-04-22 09:09:00 -04:00
Jahziel Villasana-Espinoza
abd01f2428
enable specifying installers by SHA256 in gitops (#28349)
> For #23497

# Checklist for submitter

If some of the following don't apply, delete the relevant line.

<!-- Note that API documentation changes are now addressed by the
product design team. -->

- [x] Changes file added for user-visible changes in `changes/`,
`orbit/changes/` or `ee/fleetd-chrome/changes`.
See [Changes
files](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/Committing-Changes.md#changes-files)
for more information.
- [x] Input data is properly validated, `SELECT *` is avoided, SQL
injection is prevented (using placeholders for values in statements)
- [x] Added/updated automated tests
- [x] A detailed QA plan exists on the associated ticket (if it isn't
there, work with the product group's QA engineer to add it)
- [x] Manual QA for all new/changed functionality
2025-04-18 16:41:41 -04:00
Sarah Gillespie
fc3381a8a9
Fix CleanupExpiredHosts to prevent deletion of DEP-assigned hosts (#28313) 2025-04-18 12:49:03 -05:00
Victor Lyuboslavsky
162f974a67
Log invalid SOAP message and return 400 (#28340)
For #28240

# Checklist for submitter

- [x] Changes file added for user-visible changes in `changes/`,
`orbit/changes/` or `ee/fleetd-chrome/changes`.
- [x] Manual QA for all new/changed functionality
2025-04-18 11:13:30 -05:00
Jordan Montgomery
de7ce439ec
Update WLAN XML profile verification so they aren't resent (#28296)
Fixes https://github.com/fleetdm/fleet/issues/24394 by adding new
verification logic to detect and verify these profiles. We only verify a
subset of the properties because there are certain settings such as the
Authentication which Windows seems to upgrade in circumstances where it
can(e.g. WPA2 specified but interface + router supports WPA3 results in
WPA3 on the client and there are likely other similar scenarios). After
discussion with design team we've decided the limited verification is
better than what we had before and a good solution for now.

I know this is extremely heavy on comments but the behavior is strange
and non obvious.

Also see latest comment on the issue for some testing discussion:
https://github.com/fleetdm/fleet/issues/24394#issuecomment-2810261844

# Checklist for submitter

If some of the following don't apply, delete the relevant line.

<!-- Note that API documentation changes are now addressed by the
product design team. -->

- [x] Changes file added for user-visible changes in `changes/`,
`orbit/changes/` or `ee/fleetd-chrome/changes`.
See [Changes
files](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/Committing-Changes.md#changes-files)
for more information.
- [x] Added/updated automated tests
- [x] A detailed QA plan exists on the associated ticket (if it isn't
there, work with the product group's QA engineer to add it)
- [x] Manual QA for all new/changed functionality
2025-04-18 08:45:18 -04:00
Scott Gress
47ac964768
Don't validate software/profile labels in dry run mode (#28201)
For #28154

This PR fixes a bug where GitOps dry runs would fail when software
installers or profiles referenced labels that were created in the same
run. The issue is that GitOps utilizes the real APIs for batch
software/profile creation for validation, sending a `dryRun` flag to
prevent those APIs from actually writing data. In dry run mode, no
labels are actually created, so validation checks for "don't use labels
that don't exist" will always fail when new labels are referenced.
Recent updates to GitOps have given it the ability to validate the
labels itself, removing the need to use the API for this check.

I added a new test for this in the mdm profiles tests. The test suite
for software installers is a little more challenging to update for this
case, and since it's not a happy path test I'm not prioritizing it, but
will try to add one time permitting.
2025-04-17 08:39:24 -05:00
RachelElysia
3cf9202e39
Fleet UI: Added hover cursors to checkbox and radio components (#28113) 2025-04-16 13:29:08 -04:00
Dante Catalfamo
f59713b7ce
Removed indicator for background LUKS validation (#28218)
#25700
2025-04-16 12:25:41 -04:00
Scott Gress
183d0d8150
Update SQL parser to handle more modern syntax (#28211)
For #26366

# Checklist for submitter

- [X] Changes file added for user-visible changes in `changes/`,
`orbit/changes/` or `ee/fleetd-chrome/changes`.
See [Changes
files](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/Committing-Changes.md#changes-files)
for more information.

# Details

This PR fixes an issue where the SQL parser in the UI doesn't recognize
window functions like `OVER()` and marks the SQL as having syntax
errors. The fix here is to update to a more modern parsing library. This
involved updating some AST-parsing code we have for determining which
tables are used in a query, for the purposes of feeding autocomplete and
determining query compatibility.

# Testing

I tested this with the query mentioned in #26366 in Chrome, Firefox and
Safari on MacOS. I also added new unit tests for our SQL helper
functions.

# Notes

During testing I discovered that we were bundling two versions of the
ACE editor into our frontend package. By upgrading one version by a
couple of patches to make the two dependencies equal, we chop out ~300k
from our bundle.
2025-04-16 10:10:52 -05:00
Scott Gress
dc3edfb3c7
Fx query page clearing selection after load (#28228)
# Checklist for submitter

- [X] Changes file added for user-visible changes in `changes/`,
`orbit/changes/` or `ee/fleetd-chrome/changes`.
See [Changes
files](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/Committing-Changes.md#changes-files)
for more information.

# Details

This PR fixes an issue where any selection made in the table on the
Manage Queries page would be cleared a few seconds after the page
loaded. The issue was due to a re-render happening after the `staleTime`
period elapsed, coupled with an array that was being re-created on every
render.
2025-04-16 10:10:21 -05:00
Gabriel Hernandez
97d0611b92
Fix host upcoming activites showing wrong created at date in tooltip (#28242)
For #27775

fixes an issue where the host upcoming activities were showing the
incorrect created at dates in the tooltip.

<!-- Note that API documentation changes are now addressed by the
product design team. -->

- [x] Changes file added for user-visible changes in `changes/`,
`orbit/changes/` or `ee/fleetd-chrome/changes`.
- [x] Manual QA for all new/changed functionality
2025-04-16 10:17:48 +01:00
jacobshandling
f58519914b
UI: Conditional access - Microsoft Entra (#27982)
_Note - currently feature flagged. Build frontend with
`ALLOW_CONDITIONAL_ACCESS=true NODE_ENV=development yarn run webpack
--progress --watch` to enable this feature. Also, all of this
functionality depends on the new `config.license.managed_cloud` being
true, so you'll need to mock that data somehow. [This
branch](https://github.com/fleetdm/fleet/tree/27043-fake-data) has the
appropriate fake data for testing_

## For #27043, #27864

### Build front end for Fleet's integration with Microsoft Entra,
allowing conditional preventtion of single sign-on for hosts failing any
policies on a team

#### Trigger the integration

![trigger](https://github.com/user-attachments/assets/4578568a-f64a-4390-83d9-fbec751d4b14)

#### Triggered, but configuration still not verified
<img width="1348" alt="√ not-verified-return-to-prefilled-form"
src="https://github.com/user-attachments/assets/44d0c21f-2554-40a8-9158-d1107cff2d09"
/>

#### Verified, short and long tenant ids:

![ezgif-75f82492180d28](https://github.com/user-attachments/assets/015f3605-81e8-463a-be74-07bab99d9724)

#### Verified –> Deleted
![√ verified - delete -
deleted](https://github.com/user-attachments/assets/44b8ba70-49c9-43e7-be54-8474756a5b50)

#### Enable for policies of a team
![√
enable-for-team](https://github.com/user-attachments/assets/9454b0da-059d-4991-a3ff-14e74257a3a7)

#### Activities
<img width="886" alt="√ activities"
src="https://github.com/user-attachments/assets/d21e6185-c2f2-40b2-9c69-9b92fab58766"
/>

#### Unavailable for self-hosted Fleet instances:

![no-access-self-hosted](https://github.com/user-attachments/assets/56213522-b721-472f-9174-c8dac0df61f3)

#### Premium only
![√
premium-only](https://github.com/user-attachments/assets/97373960-6b38-458b-be37-4c3868469182)


- [x] Changes file added for user-visible changes in `changes/`
- [x] Added/updated automated tests
- [x] A detailed QA plan exists on the associated ticket (if it isn't
there, work with the product group's QA engineer to add it)
- [ ] Manual QA for all new/changed functionality

---------

Co-authored-by: Jacob Shandling <jacob@fleetdm.com>
2025-04-15 13:55:07 -07:00
Sarah Gillespie
1758641677
Update API message for Windows MDM not configured error (#28247) 2025-04-15 13:52:17 -05:00
Sharon Katz
85f0638f4f
Add statistic to measure ABM pending hosts (#28226)
Co-authored-by: Lucas Manuel Rodriguez <lucas@fleetdm.com>
2025-04-15 11:30:07 -04:00
Lucas Manuel Rodriguez
0f06ecb8f4
Update changelog for fleetd 1.41.0 release (#28206) 2025-04-15 11:45:45 -03:00
Jahziel Villasana-Espinoza
fa8c087abf
fix: change how macOS software names are calculated to avoid erroneous duplicates (#28037)
> For #24087 

# Checklist for submitter

If some of the following don't apply, delete the relevant line.

<!-- Note that API documentation changes are now addressed by the
product design team. -->

- [x] Changes file added for user-visible changes in `changes/`,
`orbit/changes/` or `ee/fleetd-chrome/changes`.
See [Changes
files](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/Committing-Changes.md#changes-files)
for more information.
- [x] Input data is properly validated, `SELECT *` is avoided, SQL
injection is prevented (using placeholders for values in statements)
- [x] Added support on fleet's osquery simulator `cmd/osquery-perf` for
new osquery data ingestion features.
- [x] If database migrations are included, checked table schema to
confirm autoupdate
- For database migrations:
- [x] Checked schema for all modified table for columns that will
auto-update timestamps during migration.
- [x] Ensured the correct collation is explicitly set for character
columns (`COLLATE utf8mb4_unicode_ci`).
- [x] Added/updated automated tests
- [x] A detailed QA plan exists on the associated ticket (if it isn't
there, work with the product group's QA engineer to add it)
- [x] Manual QA for all new/changed functionality
2025-04-11 19:19:07 -04:00
Dante Catalfamo
94f6127edc
Orbit for Windows ARM64 (#27882)
#27275 and #27274

- [x] Changes file added for user-visible changes in `changes/`,
`orbit/changes/` or `ee/fleetd-chrome/changes`.
See [Changes
files](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/Committing-Changes.md#changes-files)
for more information.
- [x] Added/updated automated tests
- [x] Manual QA for all new/changed functionality
- For Orbit and Fleet Desktop changes:
- [x] Make sure fleetd is compatible with the latest released version of
Fleet (see [Must
rule](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/fleetd-development-and-release-strategy.md)).
- [x] Orbit runs on macOS, Linux and Windows. Check if the orbit
feature/bugfix should only apply to one platform (`runtime.GOOS`).
- [x] Auto-update manual QA, from released version of component to new
version (see [tools/tuf/test](../tools/tuf/test/README.md)).

---------

Co-authored-by: Lucas Rodriguez <lucas@fleetdm.com>
2025-04-11 10:18:28 -04:00
Konstantin Sykulev
82c0491b51
Refactoring ListHostSoftware (#27490)
# Checklist for submitter

https://github.com/fleetdm/fleet/issues/27003

If some of the following don't apply, delete the relevant line.

<!-- Note that API documentation changes are now addressed by the
product design team. -->

- [x] Changes file added for user-visible changes in `changes/`,
`orbit/changes/` or `ee/fleetd-chrome/changes`.
See [Changes
files](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/Committing-Changes.md#changes-files)
for more information.
- [x] Input data is properly validated, `SELECT *` is avoided, SQL
injection is prevented (using placeholders for values in statements)
- [x] Added/updated automated tests
- [ ] A detailed QA plan exists on the associated ticket (if it isn't
there, work with the product group's QA engineer to add it)
- [x] Manual QA for all new/changed functionality

---------

Co-authored-by: Ian Littman <iansltx@gmail.com>
2025-04-10 17:29:15 -05:00
Jordan Montgomery
7426919237
Add timeout for tray app startup (#28097)
Fixes https://github.com/fleetdm/fleet/issues/27419 by adding a timeout
so the tray app gets restarted if initialization hangs up. One reason we
know of that it can hang up seems to be a strange bug where Windows
Explorer, early in the initialization process, returns an "unspecified
error" when attempting to initialize the tray app but there could be
other reasons. In these cases if the tray never gets the onReady
callback, killing it seems to be a good way to get it to restart, retry
initialization and hopefully succeed(in my testing this works great).

# Checklist for submitter

If some of the following don't apply, delete the relevant line.

<!-- Note that API documentation changes are now addressed by the
product design team. -->

- [x] Changes file added for user-visible changes in `changes/`,
`orbit/changes/` or `ee/fleetd-chrome/changes`.
See [Changes
files](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/Committing-Changes.md#changes-files)
for more information.
- For Orbit and Fleet Desktop changes:
- [x] Make sure fleetd is compatible with the latest released version of
Fleet (see [Must
rule](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/fleetd-development-and-release-strategy.md)).
- [x] Orbit runs on macOS, Linux and Windows. Check if the orbit
feature/bugfix should only apply to one platform (`runtime.GOOS`).
- [ ] Manual QA must be performed in the three main OSs, macOS, Windows
and Linux.
- [ ] Auto-update manual QA, from released version of component to new
version (see [tools/tuf/test](../tools/tuf/test/README.md)).


For testing this under the customer-reported Autopilot scenario,
assuming you already have the basic Autopilot flow working with the QA
fleet server, you'll want to use a locally generated MSI installer
package from a local TUF repo and you'll want to point
FLEET_DEV_DOWNLOAD_FLEETDM_URL at that installer package. I did the
following to do that using the local QA fleet server since it is setup
for autopilot:

1. Setup one ngrok URL for TUF pointed at localhost:8081
2. Setup another ngrok URL for installers pointed at localhost:8085
3. (note this will spin up the TUF fileserver)
```
#!/bin/bash
set -e
SYSTEMS="windows" \
MSI_FLEET_URL=https://qa.fleetdm.com \
MSI_TUF_URL=https://[ngrok pointed at localhost:8081] \
GENERATE_MSI=1 \
ENROLL_SECRET=[enroll secret] \
FLEET_DESKTOP=1 \
TUF_PORT=8081 \
DEBUG=1 \
./tools/tuf/test/main.sh
```

Then to serve the installers

```
mkdir -p tmp/fleetd-base-dir/stable
cp fleet-osquery.msi tmp/fleetd-base-dir/stable/fleetd-base.msi
sha256sum tmp/fleetd-base-dir/stable/fleetd-base.msi
```

then create a meta.json containing the following under
tmp/fleetd-base-dir/stable:
```
{
  "fleetd_base_msi_url": "[your localhost:8085 ngrok URL]/stable/fleetd-base.msi",
  "fleetd_base_msi_sha256": "[the sha 256 sum]"
}
```

Then
go run ./tools/file-server 8085 ./tmp/fleetd-base-dir

Then update FLEET_DEV_DOWNLOAD_FLEETDM_URL on the QA server to point to
the ngrok URL pointing to localhost:8085
2025-04-10 17:19:53 -04:00
jacobshandling
bc6dc21ac9
Add host id to fleet enrolled activity (#28068)
## For #26695 

<img width="1795" alt="Screenshot 2025-04-09 at 7 25 25 PM"
src="https://github.com/user-attachments/assets/edeb5c51-9643-4fe0-8171-0400f513373f"
/>


- [x] Changes file added for user-visible changes in `changes/`
- [x] Added/updated automated tests
- [x] A detailed QA plan exists on the associated ticket (if it isn't
there, work with the product group's QA engineer to add it)
- [x] Manual QA for all new/changed functionality

---------

Co-authored-by: Jacob Shandling <jacob@fleetdm.com>
2025-04-10 13:50:14 -07:00
RachelElysia
00c3611712
Fleet UI: Table improvements (tooltips, tab-ability) (#27986) 2025-04-10 15:42:10 -04:00
RachelElysia
a8d9839bba
Fleet UI: Move view all host link onto host count (#28042) 2025-04-10 09:14:28 -04:00
Victor Lyuboslavsky
3d0025c570
SCIM + host integration (#27880)
For #27284

This PR:
- Adds SCIM as a fallback for username during macOS end user
authentication during setup experience
- Adds SCIM/endUsers details to host details

# Checklist for submitter
- [x] Changes file added for user-visible changes in `changes/`,
`orbit/changes/` or `ee/fleetd-chrome/changes`.
See [Changes
files](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/Committing-Changes.md#changes-files)
for more information.
- [x] Added/updated automated tests
- [x] A detailed QA plan exists on the associated ticket (if it isn't
there, work with the product group's QA engineer to add it)
- [x] Manual QA for all new/changed functionality
2025-04-08 09:35:06 -05:00
Lucas Manuel Rodriguez
94ec77f6f0
Update apmhttp to fix upload of software packages in Dogfood (#27929)
For #27235.

This is updating the dependency after fixing the bug in
https://github.com/elastic/apm-agent-go/pull/1707.

The issue with the upload of medium/big sized packages can be reproduced
by running `fleet serve` with `FLEET_LOGGING_TRACING_ENABLED=1
FLEET_LOGGING_TRACING_TYPE=elasticapm`. We have reproduced this issue in
Dogfood only because it's the only production environment where APM
tracing is enabled. We also have APM enabled in our internal
load-testing to collect data during troubleshooting.

- [X] Changes file added for user-visible changes in `changes/`,
`orbit/changes/` or `ee/fleetd-chrome/changes`.
See [Changes
files](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/Committing-Changes.md#changes-files)
for more information.
- [x] A detailed QA plan exists on the associated ticket (if it isn't
there, work with the product group's QA engineer to add it)
- [X] Manual QA for all new/changed functionality
2025-04-08 10:28:31 -03:00
RachelElysia
df61e6b7f5
Fleet UI: Fix platform resetting on pagination of OS table (#27896) 2025-04-07 09:45:45 -04:00
Gabriel Hernandez
fc63a2c237
add cancel upcoming host activities in the UI (#27879)
For #27410

add UI for canceling upcoming host activities and displaying canceled
activities in global and past activity feeds. This includes:

**ability to cancel upcoming activity**


![image](https://github.com/user-attachments/assets/1fdafb05-dc0c-4025-8389-e9a0b9da2673)

**Confirmation modal to cancel activity**


![image](https://github.com/user-attachments/assets/e765c60b-2b5e-43ca-a31b-2a7af0d64247)

**new global activities when upcoming activities are canceled**


![image](https://github.com/user-attachments/assets/04f368cb-f66c-4802-b3fb-79fd5f7b06bb)

**new past activities when upcoming activities are canceled**


![image](https://github.com/user-attachments/assets/b2d0a50e-58e8-4677-84bd-9c645651b9ab)


<!-- Note that API documentation changes are now addressed by the
product design team. -->

- [x] Changes file added for user-visible changes in `changes/`,
`orbit/changes/` or `ee/fleetd-chrome/changes`.
- [x] Added/updated automated tests
- [x] Manual QA for all new/changed functionality
2025-04-07 12:11:24 +01:00
Luke Heath
9b73f629b2
Adding changes for Fleet v4.66.0 (#27407) 2025-04-04 14:02:20 -05:00
Luke Heath
fe6c5df3ac
Remove change files from 4.64.0 (#27886) 2025-04-04 13:17:45 -05:00
Luke Heath
2d19865ab0
Remove change files from v4.63.0 (#27885) 2025-04-04 12:31:15 -05:00
Scott Gress
fca1e1ab42
Add GitOps for policy labels (#27781)
For #27301 

# Checklist for submitter

<!-- Note that API documentation changes are now addressed by the
product design team. -->

- [X] Changes file added for user-visible changes in `changes/`,
`orbit/changes/` or `ee/fleetd-chrome/changes`.
See [Changes
files](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/Committing-Changes.md#changes-files)
for more information.
- [X] Input data is properly validated, `SELECT *` is avoided, SQL
injection is prevented (using placeholders for values in statements)
- [X] Added/updated automated tests
- [X] A detailed QA plan exists on the associated ticket (if it isn't
there, work with the product group's QA engineer to add it)
- [X] Manual QA for all new/changed functionality

# Details

This PR adds the ability to set/unset labels on policies via GitOps. It
builds on https://github.com/fleetdm/fleet/pull/27575 (back end for
policy labels) and updates the `PolicySpec` type and `ApplyPolicySpecs`
methods to update the `policy_labels` table where needed.

## Testing

1. Create a few labels in the UI
1. Create a global policy "foo" in the UI without labels
2. Create a global policy "bar" in the UI with labels
2. Create a global policy "baz" in the UI with labels
4. Use `fleetctl gitops` with a global .yml file, and under `policies:`
add "foo", "bar", "baz" and "boop".
  * Add labels to "foo" with `labels_include_any:`
  * Don't add `labels_include_any:` to "bar"
* Add labels to "baz" with `labels_include_any:`, but different labels
than what you added in the UI
  * Add labels to "boop" with `labels_include_any:`

The expected outcome when viewing the queries in the UI (on the "edit
query" screen)
* Foo, Baz and Boop should have the labels specified in gitops
* Bar should have no labels

Repeat testing with _excluded_ labels.

---------

Co-authored-by: dantecatalfamo <dante.catalfamo@gmail.com>
Co-authored-by: Dante Catalfamo <43040593+dantecatalfamo@users.noreply.github.com>
2025-04-04 09:46:51 -05:00
Gabriel Hernandez
d7629b08ea
Feat UI idp host details (#27730)
For #27283

This includes the work to add the new users card on host details and
show the new idp information as well as google profiles and other
emails.

This includes:

**new user card on the host details and my device page**


![image](https://github.com/user-attachments/assets/f02badbf-85a2-4198-a30c-ace0e08ac843)


**rework of the grid layout on the host page**

**removal of unneeded device mapping code on host details and my device
page**



I've changed how we are using the grid layout in CSS to better support
dynamic rendering content


<!-- Note that API documentation changes are now addressed by the
product design team. -->

- [x] Changes file added for user-visible changes in `changes/`,
`orbit/changes/` or `ee/fleetd-chrome/changes`.
- [ ] Added/updated automated tests
- [ ] Manual QA for all new/changed functionality
2025-04-04 15:46:22 +01:00
Scott Gress
d6eaa0913a
Add ability to target labels on policies (#27599)
For #27276 

# Details

This PR adds the ability to select labels when saving or editing a query
in the UI, so that the query will only target hosts with those labels.
It follows the API design from
https://github.com/fleetdm/fleet/pull/27196, utilizing the
labels_include_any and labels_exclude_any fields. The expectation is
that when creating or updating a query, labels_include_any and
labels_exclude_any are arrays of label names, and when fetching a single
query, they are arrays of objects with a name and an id key.

Other updates in this PR:

* Removed colons from various headings on the Save Policy Modal and Edit
Policy form
* Updated the "Delete label" text
* Removed "Policy runs on all hosts with these platforms." subheading
underneath the platform selector
* TargetLabelSelector component now has `suppressTitle` flag to turn off
the "Target" title.
2025-04-02 16:31:03 -05:00
Dante Catalfamo
37932e0f97
Custom targets for policies - backend (#27575)
#27277
2025-04-02 12:36:03 -04:00
Martin Angers
69fcda9686
Cancel upcoming activities: DB schema and backend (#27710) 2025-04-01 14:08:56 -04:00
Ian Littman
0293d99800
Remove default EXE install/uninstall scripts, require entering install/uninstall scripts on EXE upload (#27268)
For #27267.

Below is what's shown immediately after selecting an EXE:

<img width="1254" alt="image"
src="https://github.com/user-attachments/assets/a28d8565-de88-448a-bdbc-92aefc34ad55"
/>


TODO:

* Tests
* GitOps requirements changes
* Disabling add button/adding errors when required scripts aren't
specified

# Checklist for submitter

If some of the following don't apply, delete the relevant line.

- [x] Changes file added for user-visible changes in `changes/`,
`orbit/changes/` or `ee/fleetd-chrome/changes`.
See [Changes
files](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/Committing-Changes.md#changes-files)
for more information.
- [x] Input data is properly validated, `SELECT *` is avoided, SQL
injection is prevented (using placeholders for values in statements)
- [x] Added/updated automated tests
- [x] A detailed QA plan exists on the associated ticket (if it isn't
there, work with the product group's QA engineer to add it)
- [x] Manual QA for all new/changed functionality

---------

Co-authored-by: Luke Heath <luke@fleetdm.com>
Co-authored-by: Noah Talerman <47070608+noahtalerman@users.noreply.github.com>
Co-authored-by: RachelElysia <rachel@fleetdm.com>
2025-03-31 13:52:06 -05:00
Scott Gress
59f96651b6
Update to Go 1.24.1 (#27506)
For #26713 

# Details

This PR updates Fleet and its related tools and binaries to use Go
version 1.24.1.

Scanning through the changelog, I didn't see anything relevant to Fleet
that requires action. The only possible breaking change I spotted was:

> As [announced](https://tip.golang.org/doc/go1.23#linux) in the Go 1.23
release notes, Go 1.24 requires Linux kernel version 3.2 or later.

Linux kernel 3.2 was released in January of 2012, so I think we can
commit to dropping support for earlier kernel versions.

The new [tools directive](https://tip.golang.org/doc/go1.24#tools) is
interesting as it means we can move away from using `tools.go` files,
but it's not a required update.

# Checklist for submitter

If some of the following don't apply, delete the relevant line.

<!-- Note that API documentation changes are now addressed by the
product design team. -->

- [X] Changes file added for user-visible changes in `changes/`,
`orbit/changes/` or `ee/fleetd-chrome/changes`.
- [x] Manual QA for all new/changed functionality
- For Orbit and Fleet Desktop changes:
- [X] Make sure fleetd is compatible with the latest released version of
Fleet
   - [x] Orbit runs on macOS  , Linux   and Windows. 
- [x] Manual QA must be performed in the three main OSs, macOS ,
Windows and Linux .
2025-03-31 11:14:09 -05:00
Martin Angers
f3d7ed86a8
Bugfix: support removing labels associated with profiles (custom settings) in gitops (#27546) 2025-03-31 11:42:43 -04:00
Sarah Gillespie
8d17956f7b
Skip bootstrap package and other setup items when renewing Apple MDM enrollment profiles (#27560) 2025-03-28 16:33:22 -05:00
Dante Catalfamo
97e3943dfa
A third and mysterious attempt at gitops ui mode (#27585)
#27294
2025-03-28 11:18:22 -04:00
Gabriel Hernandez
626ff8a467
add new idp section on integrations page and show the users idp connection with fleet (#27566)
For #27282

add new idp section on the integration page. This page will show the
different statuses for the users idp connection with fleet.

**not connected**


![image](https://github.com/user-attachments/assets/13fb46c6-64ca-43fa-a259-e7cf3fdb82b1)

**successful connection**


![image](https://github.com/user-attachments/assets/de80eea5-8d76-4b50-8024-5f702e85f88a)

**failed connection**


![image](https://github.com/user-attachments/assets/bbfcfcf8-51aa-4c08-b57f-cb0c2842313a)

<!-- Note that API documentation changes are now addressed by the
product design team. -->

- [x] Changes file added for user-visible changes in `changes/`,
`orbit/changes/` or `ee/fleetd-chrome/changes`.
See [Changes
files](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/Committing-Changes.md#changes-files)
for more information.
- [ ] Added/updated automated tests
- [x] Manual QA for all new/changed functionality
2025-03-28 11:23:07 +00:00
Ian Littman
e5ebc3e20b
Drop request timeout on FMA add endpoint (#27602)
If the Fleet server is on a connection that can't pull ~150 Mbps down,
it'll time out before being able to add Microsoft Word for macOS, due to
the 100-second default timeout. This skips that behavior.

# Checklist for submitter

If some of the following don't apply, delete the relevant line.

<!-- Note that API documentation changes are now addressed by the
product design team. -->

- [x] Changes file added for user-visible changes in `changes/`,
`orbit/changes/` or `ee/fleetd-chrome/changes`.
See [Changes
files](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/Committing-Changes.md#changes-files)
for more information.
2025-03-27 17:01:47 -05:00
jacobshandling
748b5bcd51
Full-stack: Make "Server url" validation conditions consistent across Fleet, update Web Address form validation and submission logic per Fleet best practices (frontend/docs/patterns.md) (#27455)
## For #27454 

Consider Fleet web URL to be valid if it:

- (Front end and back end): uses “https://” or “http://” scheme
 and
- (Front end) accepts only valid or "localhost" hosts (e.g., "a.b.cc" or
"localhost", but not "a.b")
- (Back end) accepts any host (e.g., "localhost", "a.b.cc", or even
"a.b")


### Setup flow UI URL validation:

![setup](https://github.com/user-attachments/assets/34a428d2-5731-46f2-b708-c88b790e3667)

### Org settings UI URL validation:

![org-settings](https://github.com/user-attachments/assets/147916c8-9c5b-4ae7-9e14-625c65b42d0a)

### Server URL validation:
<img width="1464" alt="invalid-url-server"
src="https://github.com/user-attachments/assets/83a112e1-6318-4b09-864d-fe66a223835d"
/>

### Invalid Fleet server URL in DB error:

![invalid-url-in-db](https://github.com/user-attachments/assets/aae591fb-6cc3-49bd-8556-22129be4c2c4)


- [x] Changes file added for user-visible changes in `changes/`,
- [x] Added/updated automated tests
- [ ] A detailed QA plan exists on the associated ticket (if it isn't
there, work with the product group's QA engineer to add it)
- [x] Manual QA for all new/changed functionality

---------

Co-authored-by: Jacob Shandling <jacob@fleetdm.com>
2025-03-27 13:56:38 -07:00
Dante Catalfamo
36e6ba3569
Add vmodule flag to list of hidden osquery flags (#25789)
#25487
2025-03-27 11:05:00 -04:00
Jahziel Villasana-Espinoza
5f628a1c59
remove the standard timeout for software installer downloads (#27550)
> For #27548

# Checklist for submitter

If some of the following don't apply, delete the relevant line.

<!-- Note that API documentation changes are now addressed by the
product design team. -->

- [x] Changes file added for user-visible changes in `changes/`,
`orbit/changes/` or `ee/fleetd-chrome/changes`.
See [Changes
files](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/Committing-Changes.md#changes-files)
for more information.
- [x] A detailed QA plan exists on the associated ticket (if it isn't
there, work with the product group's QA engineer to add it)
- [x] Manual QA for all new/changed functionality
2025-03-26 17:19:22 -04:00
Dante Catalfamo
587b2fc7b7
Check for invalid default serial number when fetching host details (#27470)
For #25993
2025-03-26 16:23:50 -04:00
Martin Angers
78c0d67e78
Bugfix: re-create deleted iOS/iPadOS host entries in Fleet if it checks in again via MDM (#27231) 2025-03-26 09:33:38 -04:00
Victor Lyuboslavsky
09c2e2ff72
Added Apple Root Cert for gdmf request. (#27483)
I manually verified this fix by running the new
`github.com/fleetdm/fleet/v4/server/mdm/apple/gdmf/integrationtest` test
with and without the fix on a cloud Ubuntu server.

Without fix:
```
=== RUN   TestGetAssetMetadata
    gdmf_test.go:14:
        	Error Trace:	/root/fleet/server/mdm/apple/gdmf/integrationtest/gdmf_test.go:14
        	Error:      	Received unexpected error:
        	            	retrieving asset metadata: Get "https://gdmf.apple.com/v2/pmv": tls: failed to verify certificate: x509: certificate signed by unknown authority
        	Test:       	TestGetAssetMetadata
--- FAIL: TestGetAssetMetadata (3.53s)
FAIL
FAIL	github.com/fleetdm/fleet/v4/server/mdm/apple/gdmf/integrationtest	3.542s
FAIL
```

With fix:
```
=== RUN   TestGetAssetMetadata
--- PASS: TestGetAssetMetadata (0.39s)
PASS
ok  	github.com/fleetdm/fleet/v4/server/mdm/apple/gdmf/integrationtest	0.397s
```

# Checklist for submitter

- [x] Changes file added for user-visible changes in `changes/`,
`orbit/changes/` or `ee/fleetd-chrome/changes`.
- [x] Added/updated automated tests
- [x] Manual QA for all new/changed functionality
2025-03-24 19:26:36 -05:00
Dante Catalfamo
593df5d2d9
Fix deadlock: reduce number rows deleted at per iter, add retry (#27027)
#27002
2025-03-21 13:48:39 -04:00
Konstantin Sykulev
beb7dfee99
Updated ListHostSoftware vulnerability filtering (#27020)
Include vulnerability filtering conditions on vpp apps and latest host
software installs/uninstalls

https://github.com/fleetdm/fleet/issues/26824

- [x] Changes file added for user-visible changes in `changes/`,
`orbit/changes/` or `ee/fleetd-chrome/changes`.
See [Changes
files](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/Committing-Changes.md#changes-files)
for more information.
- [x] Input data is properly validated, `SELECT *` is avoided, SQL
injection is prevented (using placeholders for values in statements)
- [x] Added/updated automated tests
- [x] A detailed QA plan exists on the associated ticket (if it isn't
there, work with the product group's QA engineer to add it)
- [x] Manual QA for all new/changed functionality

---------

Co-authored-by: RachelElysia <rachel@fleetdm.com>
Co-authored-by: Jahziel Villasana-Espinoza <jahzielv@gmail.com>
2025-03-21 11:02:55 -05:00
Victor Lyuboslavsky
e7e9f54071
Updated FileVault and BitLocker error messages (#27365)
For #24862

# Checklist for submitter

If some of the following don't apply, delete the relevant line.

<!-- Note that API documentation changes are now addressed by the
product design team. -->

- [x] Changes file added for user-visible changes in `changes/`,
`orbit/changes/` or `ee/fleetd-chrome/changes`.
- [x] Added/updated automated tests
- [x] A detailed QA plan exists on the associated ticket (if it isn't
there, work with the product group's QA engineer to add it)
- [x] Manual QA for all new/changed functionality
2025-03-21 09:56:50 -05:00
Benjamin Edwards
c6178c64cd
add configuration setting for forcing h2c (#26799) 2025-03-21 09:38:21 -04:00
RachelElysia
ea37ad6df3
Fleet UI: Surface Windows FMA (#27068) 2025-03-21 09:33:06 -04:00
Dante Catalfamo
e9f1d52f6a
Fix multi-row-select cell firing onClickRow twice (#27010)
#26564
2025-03-20 16:36:59 -04:00
Scott Gress
7b4d9aa487
Add labels to queries using gitops (#27259)
For #24473 

This PR allows users to add / update / remove labels from queries via
Gitops.

## Testing

1. Create a few labels in the UI
1. Create a global query "foo" in the UI without labels
2. Create a global query "bar" in the UI with labels
2. Create a global query "baz" in the UI with labels
4. Use `fleetctl gitops` with a global .yml file, and under `queries:`
and "foo", "bar", "baz" and "boop".
  * Add labels to "foo" with `labels_include_any:`
  * Don't add `labels_include_any:` to "bar"
* Add labels to "baz" with `labels_include_any:`, but different labels
than what you added in the UI
  * Add labels to "boop" with `labels_include_any:`

The expected outcome when viewing the queries in the UI (on the "edit
query" screen)
* Foo, Baz and Boop should have the labels specified in gitops
* Bar should have no labels
2025-03-20 15:32:52 -05:00
Victor Lyuboslavsky
93bdb437ac
Resend Windows profiles on change (#27308)
For #25030 

This PR includes the bug fix and tests.

It also includes the `secrets_updated_at` columns needed for story
#27351. These columns are currently unused and always NULL.

# Checklist for submitter
- [x] Changes file added for user-visible changes in `changes/`,
`orbit/changes/` or `ee/fleetd-chrome/changes`.
See [Changes
files](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/Committing-Changes.md#changes-files)
for more information.
- [x] If database migrations are included, checked table schema to
confirm autoupdate
- For database migrations:
- [x] Checked schema for all modified table for columns that will
auto-update timestamps during migration.
- [x] Confirmed that updating the timestamps is acceptable, and will not
cause unwanted side effects.
- [x] Ensured the correct collation is explicitly set for character
columns (`COLLATE utf8mb4_unicode_ci`).
- [x] Added/updated automated tests
- [x] A detailed QA plan exists on the associated ticket (if it isn't
there, work with the product group's QA engineer to add it)
- [x] Manual QA for all new/changed functionality
2025-03-20 14:43:04 -05:00
RachelElysia
7f8073624a
FE: Refactor pagination to be a single component (#27224) 2025-03-20 12:40:43 -04:00
Ian Littman
8ef3ff2ae5
Fix non-Windows false positive for CVE-2024-6286 (#27325)
For #27193.

# Checklist for submitter

If some of the following don't apply, delete the relevant line.

<!-- Note that API documentation changes are now addressed by the
product design team. -->

- [x] Changes file added for user-visible changes in `changes/`,
`orbit/changes/` or `ee/fleetd-chrome/changes`.
See [Changes
files](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/Committing-Changes.md#changes-files)
for more information.
- [x] Added/updated automated tests
- [x] A detailed QA plan exists on the associated ticket (if it isn't
there, work with the product group's QA engineer to add it)
- [ ] Manual QA for all new/changed functionality
2025-03-20 09:21:42 -05:00
Lucas Manuel Rodriguez
e6cb16453e
Added more logging for troubleshooting of software package installation (#27291)
For #27234.

- Improved logging in orbit to help us during troubleshooting.
- Added some documentation on how to grep for errors related to software
package installation in orbit.
- Added `took` to server request error logs (it was only present when
the request succeeds).

---

- [X] Changes file added for user-visible changes in `changes/`,
`orbit/changes/` or `ee/fleetd-chrome/changes`.
See [Changes
files](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/Committing-Changes.md#changes-files)
for more information.
- [x] A detailed QA plan exists on the associated ticket (if it isn't
there, work with the product group's QA engineer to add it)
- [X] Manual QA for all new/changed functionality
- For Orbit and Fleet Desktop changes:
- [x] Make sure fleetd is compatible with the latest released version of
Fleet (see [Must
rule](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/fleetd-development-and-release-strategy.md)).
- [x] Orbit runs on macOS, Linux and Windows. Check if the orbit
feature/bugfix should only apply to one platform (`runtime.GOOS`).
- [x] Manual QA must be performed in the three main OSs, macOS, Windows
and Linux.
- [x] Auto-update manual QA, from released version of component to new
version (see [tools/tuf/test](../tools/tuf/test/README.md)).
2025-03-20 11:09:57 -03:00
RachelElysia
3d3c901d3c
Fleet UI: Disable unsupported auto install of .exe during add flow (#27315) 2025-03-20 09:16:37 -04:00
Jahziel Villasana-Espinoza
31273203fd
report an installer download error as an installation failure to Fleet (#27264)
> For #24710

# Checklist for submitter

If some of the following don't apply, delete the relevant line.

<!-- Note that API documentation changes are now addressed by the
product design team. -->

- [x] Changes file added for user-visible changes in `changes/`,
`orbit/changes/` or `ee/fleetd-chrome/changes`.
See [Changes
files](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/Committing-Changes.md#changes-files)
for more information.
- [x] Added/updated automated tests
- [x] A detailed QA plan exists on the associated ticket (if it isn't
there, work with the product group's QA engineer to add it)
- [x] Manual QA for all new/changed functionality
- For Orbit and Fleet Desktop changes:
- [x] Make sure fleetd is compatible with the latest released version of
Fleet (see [Must
rule](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/fleetd-development-and-release-strategy.md)).
- [x] Orbit runs on macOS, Linux and Windows. Check if the orbit
feature/bugfix should only apply to one platform (`runtime.GOOS`).
- [x] Manual QA must be performed in the three main OSs, macOS, Windows
and Linux.
- [x] Auto-update manual QA, from released version of component to new
version (see [tools/tuf/test](../tools/tuf/test/README.md)).
2025-03-19 21:00:44 -04:00
jacobshandling
c2df8703df
UI: Truncate MDM server url and serial number (#27175)
## For #26295 

<img width="965" alt="Screenshot 2025-03-14 at 4 10 31 PM"
src="https://github.com/user-attachments/assets/908772ef-a666-46ab-82f4-6dbceca17f70"
/>
<img width="965" alt="Screenshot 2025-03-14 at 4 10 26 PM"
src="https://github.com/user-attachments/assets/897c1174-7965-4c3b-8055-6bc2718c2110"
/>



- [x] Changes file added for user-visible changes in `changes/`
- [ ] A detailed QA plan exists on the associated ticket (if it isn't
there, work with the product group's QA engineer to add it)
- [x] Manual QA for all new/changed functionality

---------

Co-authored-by: Jacob Shandling <jacob@fleetdm.com>
2025-03-19 09:55:03 -07:00
jacobshandling
915cf416d6
Full-stack: Granular host count data for live queries/policies (#27258)
## For #24950 

- Track more granular host count data when running a live query/policy,
and return it in two new fields of each `"status"`-typed websocket
message
- On completion of live query/policy, display that granular data in a
tooltip in the UI
- Streamline and clarify frontend live query logic
- Update types and field names to better reflect the data they contain
and the sources from which that data is derived
- Add comments to clearly define what various fields of data represent
- Update heading copy rendered while live queries and policies are
running

###
[Demo](https://www.loom.com/share/ad1d64cf527f4fbc981df58ad581242f?sid=a0dc1269-a049-43c3-afdb-65c0bb946ece)

 

![ezgif-6ecb9c3895acd4](https://github.com/user-attachments/assets/02c3ad40-c874-4978-af28-bdaec098906a)



- [x] Changes file added for user-visible changes in `changes/`
- [x] A detailed QA plan exists on the associated ticket (if it isn't
there, work with the product group's QA engineer to add it)
- [x] Manual QA for all new/changed functionality

---------

Co-authored-by: Jacob Shandling <jacob@fleetdm.com>
2025-03-19 09:53:55 -07:00
jacobshandling
11307525d1
UI: Validate both org logo URLs, accept data URIs (#27160)
## For #26271 


![ezgif-582a8acaa8686e](https://github.com/user-attachments/assets/4284bbf7-8708-46f3-b020-f4039f8bd1b0)

- [x] Changes file added for user-visible changes in `changes/`
- [x] Manual QA for all new/changed functionality

---------

Co-authored-by: Jacob Shandling <jacob@fleetdm.com>
2025-03-18 12:57:07 -07:00
jacobshandling
7953fe2e2c
UI: Simplify New policy flow (#27173)
## For #26052 

- Remove add policy modal from flow
- Update "Schema" links
- Add "Examples" link


![add-policy](https://github.com/user-attachments/assets/69d60573-f6a6-45e8-92ff-4faa29f224a9)




- [x] Changes file added for user-visible changes in `changes/
- [x] A detailed QA plan exists on the associated ticket (if it isn't
there, work with the product group's QA engineer to add it)
- [x] Manual QA for all new/changed functionality

---------

Co-authored-by: Jacob Shandling <jacob@fleetdm.com>
2025-03-18 12:56:05 -07:00
Sarah Gillespie
e9e0f7b7e3
Update activity log UI for certificate authority features (#27227) 2025-03-18 14:41:03 -05:00
Dante Catalfamo
02ee1f8372
Add printing for query labels in cli (#26957)
#26650
2025-03-18 14:05:54 -04:00
Dante Catalfamo
c5bffe7c0d
Allow team gitops to run without global config (#26969)
#26171
2025-03-18 12:24:35 -04:00
Luke Heath
d7f6ddb6d0
Adding changes for Fleet v4.65.0 (#26698) (#27166) 2025-03-18 11:18:10 -05:00
Martin Angers
738db5a215
Bugfix: ignore Linux hosts in disk encryption stats and filters if disk encryption is disabled (#27187) 2025-03-18 08:36:38 -04:00
jacobshandling
cc64856ee7
fleetctl: Handle "password reset required" errors (#27132) 2025-03-17 09:44:59 -07:00
Victor Lyuboslavsky
131a52695b
Custom SCEP integration (#27121)
For #26623 

This PR enables deploying an Apple configuration profile with Fleet
proxying a custom SCEP server.

# Checklist for submitter

- [x] Changes file added for user-visible changes in `changes/`,
`orbit/changes/` or `ee/fleetd-chrome/changes`.
- [x] If database migrations are included, checked table schema to
confirm autoupdate
- For database migrations:
- [x] Checked schema for all modified table for columns that will
auto-update timestamps during migration.
- [x] Confirmed that updating the timestamps is acceptable, and will not
cause unwanted side effects.
- [x] Ensured the correct collation is explicitly set for character
columns (`COLLATE utf8mb4_unicode_ci`).
- [x] Added/updated automated tests
- [x] A detailed QA plan exists on the associated ticket (if it isn't
there, work with the product group's QA engineer to add it)
- [x] Manual QA for all new/changed functionality
2025-03-17 10:59:07 -05:00
RachelElysia
0c77e61cfa
Rest API: Add platform to endpoints with software packages and vpp apps (#27124) 2025-03-17 09:59:03 -04:00
Jahziel Villasana-Espinoza
d0f70c5980
fix: report a failure in setup experience if a VPP app installation fails due to lack of licenses (#27163)
> For #26345

# Checklist for submitter

If some of the following don't apply, delete the relevant line.

<!-- Note that API documentation changes are now addressed by the
product design team. -->

- [x] Changes file added for user-visible changes in `changes/`,
`orbit/changes/` or `ee/fleetd-chrome/changes`.
See [Changes
files](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/Committing-Changes.md#changes-files)
for more information.
- [x] Added/updated automated tests
- [x] A detailed QA plan exists on the associated ticket (if it isn't
there, work with the product group's QA engineer to add it)
- [x] Manual QA for all new/changed functionality
2025-03-17 09:43:51 -04:00
Dan Tsekhanskiy
f63afc8253
Ignore comments at the top of XML files (#27176)
Allows comments to be at the top of Fleet XML CSP files (addresses
https://github.com/fleetdm/fleet/issues/26443)

We should validate that this fixes the errors with GitOps pushes, but I
don't know how to do that without pushing this change through to QA.

# Checklist for submitter

If some of the following don't apply, delete the relevant line.

<!-- Note that API documentation changes are now addressed by the
product design team. -->

- [x] Changes file added for user-visible changes in `changes/`,
`orbit/changes/` or `ee/fleetd-chrome/changes`.
See [Changes
files](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/Committing-Changes.md#changes-files)
for more information.
- [x] Added/updated automated tests
- [x] Manual QA for all new/changed functionality
2025-03-15 10:40:50 -05:00
Konstantin Sykulev
997adcebe0
Batched getPoliciesBySoftwareTitleIDs (#27062)
Mysql has a max of 65535 placeholders in a sql statement. When > 33k
title ids are passed to `getPoliciesBySoftwareTitleIDs` this causes a
`Prepared statement contains too many placeholders` error. Fixed this by
splitting up the query into multiple queries and aggregating the results
in memory.

https://github.com/fleetdm/fleet/issues/26753

- [x] Changes file added for user-visible changes in `changes/`,
`orbit/changes/` or `ee/fleetd-chrome/changes`.
See [Changes
files](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/Committing-Changes.md#changes-files)
for more information.
- [x] Input data is properly validated, `SELECT *` is avoided, SQL
injection is prevented (using placeholders for values in statements)
- [x] Added/updated automated tests
- [x] A detailed QA plan exists on the associated ticket (if it isn't
there, work with the product group's QA engineer to add it)
- [x] Manual QA for all new/changed functionality
2025-03-12 14:48:52 -05:00
Martin Angers
29b06a61f1
Bugfix: Ignore non-Fleet-MDM-enrolled Windows hosts in disk encryption stats and filters (#27066) 2025-03-12 15:31:23 -04:00
Scott Gress
096a747739
Ability to add labels to queries (front end) (#26867)
For #26649 

# Checklist for submitter

- [X] Changes file added for user-visible changes in `changes/`,
`orbit/changes/` or `ee/fleetd-chrome/changes`.
See [Changes
files](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/Committing-Changes.md#changes-files)
for more information.

## Details

This PR adds the ability to select labels when saving or editing a query
in the UI, so that the query will only target hosts with those labels.
It follows the API design from
https://github.com/fleetdm/fleet/pull/26589, utilizing the
`labels_include_any` field. The expectation is that when creating or
updating a query, `labels_include_any` is an array of label names, and
when fetching a single query, `labels_include_any` is an array of
objects with a `name` and an `id` key.

As part of this work the `TargetLabelSelector` component is updated to
allow it to show a message in place of the dropdown when there are no
custom options (e.g. "include any", "include all", "exclude any") to
choose from.
2025-03-12 11:54:29 -07:00
Ian Littman
cc352970c0
Dedupe MSRC downloads/deletes when enrolled hosts include multiple builds of the same version of Windows (#27060)
For #25090.

# Checklist for submitter

If some of the following don't apply, delete the relevant line.

<!-- Note that API documentation changes are now addressed by the
product design team. -->

- [x] Changes file added for user-visible changes in `changes/`,
`orbit/changes/` or `ee/fleetd-chrome/changes`.
See [Changes
files](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/Committing-Changes.md#changes-files)
for more information.
- [x] Input data is properly validated, `SELECT *` is avoided, SQL
injection is prevented (using placeholders for values in statements)
- [x] Added/updated automated tests
- [x] A detailed QA plan exists on the associated ticket (if it isn't
there, work with the product group's QA engineer to add it)
- [x] Manual QA for all new/changed functionality
2025-03-12 13:22:56 -05:00
Jahziel Villasana-Espinoza
5451cd13d4
pad macOS versions with an extra 0 during CPE generations so that we can match vulncheck versions (#27069)
> For #26561

# Checklist for submitter

If some of the following don't apply, delete the relevant line.

<!-- Note that API documentation changes are now addressed by the
product design team. -->

- [x] Changes file added for user-visible changes in `changes/`,
`orbit/changes/` or `ee/fleetd-chrome/changes`.
See [Changes
files](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/Committing-Changes.md#changes-files)
for more information.
- [x] Added/updated automated tests
- [x] A detailed QA plan exists on the associated ticket (if it isn't
there, work with the product group's QA engineer to add it)
- [x] Manual QA for all new/changed functionality
2025-03-12 13:01:37 -04:00
RachelElysia
dafb0c89f7
Host Software Table: Add vulnerability filters to API and UI (#26995) 2025-03-12 11:26:12 -04:00
jacobshandling
25a3835067
UI - Update label chooser empty state (#27019)
## For #23830 

No labels state –> label present state in 4 places:


![ezgif-38e21421995afd](https://github.com/user-attachments/assets/d71c6a41-ab13-45b1-b6a1-ec1de14fad96)

- [x] Changes file added for user-visible changes in `changes/`
- [x] Manual QA for all new/changed functionality

---------

Co-authored-by: Jacob Shandling <jacob@fleetdm.com>
2025-03-11 09:37:23 -07:00
Dante Catalfamo
7be7d17489
Identify if the release is older than npm, publish with tag (#26787)
#26520
2025-03-11 09:46:01 -04:00
Dante Catalfamo
d5e9153cea
Add LabelsIncludeAny to queries endpoint (#26823)
#16413 

---------

Co-authored-by: Scott Gress <scottmgress@gmail.com>
2025-03-11 09:45:01 -04:00
Dante Catalfamo
fd9664ce4d
Respect user input whitespace when previewing calendar event (#26920)
# 26689
2025-03-11 09:44:02 -04:00
Ian Littman
32143284f6
Force a user to click through to redeem MFA if they aren't on a browser that started the MFA process (#26980)
For #26976.

<img width="384" alt="image"
src="https://github.com/user-attachments/assets/8d057ec2-c3b0-45d1-bb8c-9745b426e27d"
/>

An example of such a browser would be an email link scanner, so this
*should* fix cases where link-scanning was redeeming the MFA link before
the intended user could get to it. Real users can still click through if
they wind up on this page, e.g. if they logged in with a different
browser than the one used to open the MFA link.

Users redeeming MFA with the same browser that initiated the login skp
the button and redeem/land on the dashboard automatically.

# Checklist for submitter

If some of the following don't apply, delete the relevant line.

<!-- Note that API documentation changes are now addressed by the
product design team. -->

- [x] Changes file added for user-visible changes in `changes/`,
`orbit/changes/` or `ee/fleetd-chrome/changes`.
See [Changes
files](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/Committing-Changes.md#changes-files)
for more information.
- [x] Input data is properly validated, `SELECT *` is avoided, SQL
injection is prevented (using placeholders for values in statements)
- [x] A detailed QA plan exists on the associated ticket (if it isn't
there, work with the product group's QA engineer to add it)
- [x] Manual QA for all new/changed functionality

---------

Co-authored-by: Rachael Shaw <r@rachael.wtf>
2025-03-10 13:56:25 -05:00
Victor Lyuboslavsky
b42dbf2ff7
DigiCert backend (#26914)
For #26609 

This PR includes
- ability to get a DigiCert certificate to a macOS device
- integration test for the above
- some validation

This PR does not include the following. They will be included in
subsequent PRs:
- support for User Principal Name in certificate
- support for $FLEET_VAR_HOST_HARDWARE_SERIAL
- saving certificate expiration date
- not resending DigiCert profile after failure

# Checklist for submitter
- [x] Changes file added for user-visible changes in `changes/`,
`orbit/changes/` or `ee/fleetd-chrome/changes`.
See [Changes
files](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/Committing-Changes.md#changes-files)
for more information.
- [x] Added/updated automated tests
- [x] A detailed QA plan exists on the associated ticket (if it isn't
there, work with the product group's QA engineer to add it)
- [x] Manual QA for all new/changed functionality
2025-03-10 13:02:49 -05:00
RachelElysia
aad8d858cc
Fleet UI: Never truncate host count on Dashboard > Software table (#26777) 2025-03-10 14:02:13 -04:00
Dante Catalfamo
b49d131a05
Parse top-level json array when request arrives, before service func (#26665)
#24390
2025-03-10 13:27:17 -04:00
Jahziel Villasana-Espinoza
7c7d9cb30a
add batching logic when we pull windows profiles to install or remove (#26964)
> For #26918

# Checklist for submitter

If some of the following don't apply, delete the relevant line.

<!-- Note that API documentation changes are now addressed by the
product design team. -->

- [x] Changes file added for user-visible changes in `changes/`,
`orbit/changes/` or `ee/fleetd-chrome/changes`.
See [Changes
files](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/Committing-Changes.md#changes-files)
for more information.
- [x] Added/updated automated tests
- [x] A detailed QA plan exists on the associated ticket (if it isn't
there, work with the product group's QA engineer to add it)
- [x] Manual QA for all new/changed functionality

---------

Co-authored-by: Ian Littman <iansltx@gmail.com>
2025-03-10 09:12:24 -05:00
Ian Littman
b2efa09e2b
Add new archive URL as data source for Mac Office release notes (#26978)
For #26977.

# Checklist for submitter

If some of the following don't apply, delete the relevant line.

<!-- Note that API documentation changes are now addressed by the
product design team. -->

- [x] Changes file added for user-visible changes in `changes/`,
`orbit/changes/` or `ee/fleetd-chrome/changes`.
See [Changes
files](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/Committing-Changes.md#changes-files)
for more information.
- [x] Input data is properly validated, `SELECT *` is avoided, SQL
injection is prevented (using placeholders for values in statements)
- [x] Added/updated automated tests
- [x] A detailed QA plan exists on the associated ticket (if it isn't
there, work with the product group's QA engineer to add it)
- [x] Manual QA for all new/changed functionality
2025-03-10 08:46:18 -05:00
Ian Littman
014f10fb46
Add experimental software title name update endpoint for titles with a bundle ID (#26938)
For #26933.

# Checklist for submitter

If some of the following don't apply, delete the relevant line.

<!-- Note that API documentation changes are now addressed by the
product design team. -->

- [x] Changes file added for user-visible changes in `changes/`,
`orbit/changes/` or `ee/fleetd-chrome/changes`.
See [Changes
files](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/Committing-Changes.md#changes-files)
for more information.
- [x] Input data is properly validated, `SELECT *` is avoided, SQL
injection is prevented (using placeholders for values in statements)
- [x] Added/updated automated tests
- [x] A detailed QA plan exists on the associated ticket (if it isn't
there, work with the product group's QA engineer to add it)
- [x] Manual QA for all new/changed functionality

---------

Co-authored-by: Rachael Shaw <r@rachael.wtf>
2025-03-07 11:36:17 -06:00
George Karr
36aba531f4
Revert "Disallow user-scoped profiles for Windows MDM" (#26940)
Reverts fleetdm/fleet#26153
2025-03-07 08:33:40 -06:00
Lucas Manuel Rodriguez
5d43907765
Move changes file to orbit/changes (#26890)
For #25616.
2025-03-06 15:36:12 -03:00
Dante Catalfamo
98fb2f2d8b
Remove min-height from Upcoming/PastActivityFeed (#26783) 2025-03-06 13:31:55 -05:00
RachelElysia
88d4f8b4c6
Fleet UI: Surface policy automation scripts error messages (#26764) 2025-03-05 16:11:04 -05:00
Lucas Manuel Rodriguez
fc96cc4e91
Merge commit from fork 2025-03-05 07:31:17 -06:00
Jahziel Villasana-Espinoza
4834a70e47
fix: move logic for mutating software versions so that Fleet shows the expected versions (#26789)
> For #24784

# Checklist for submitter

If some of the following don't apply, delete the relevant line.

<!-- Note that API documentation changes are now addressed by the
product design team. -->

- [x] Changes file added for user-visible changes in `changes/`,
`orbit/changes/` or `ee/fleetd-chrome/changes`.
See [Changes
files](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/Committing-Changes.md#changes-files)
for more information.
- [x] Added/updated automated tests
- [x] A detailed QA plan exists on the associated ticket (if it isn't
there, work with the product group's QA engineer to add it)
- [x] Manual QA for all new/changed functionality
2025-03-04 16:22:03 -05:00
jacobshandling
ee9d9092e8
fleetctl: update package command output (#26500)
For #26489

---------

Co-authored-by: Jacob Shandling <jacob@fleetdm.com>
2025-03-04 13:21:07 -05:00
RachelElysia
452650c03a
My device page: Fix 'show details' to open software details modal (#26771) 2025-03-03 16:21:51 -05:00
Ian Littman
e3b12ab0f1
Add missing changes file for PowerShell CVE fix (#26666) 2025-02-28 09:33:02 -06:00
RachelElysia
a3e92d0f93
Fleet UI: Fix policy software automation fail to report as failing (#26044) 2025-02-28 08:45:33 -05:00
Jahziel Villasana-Espinoza
f64bd5cf28
fix: parse out update section of CPE, fix CVE-2024-12254 Windows false positive (#26634)
For #25882
For #26615 

# Checklist for submitter

If some of the following don't apply, delete the relevant line.

<!-- Note that API documentation changes are now addressed by the
product design team. -->

- [x] Changes file added for user-visible changes in `changes/`,
`orbit/changes/` or `ee/fleetd-chrome/changes`.
See [Changes
files](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/Committing-Changes.md#changes-files)
for more information.
- [x] Added/updated automated tests
- [x] A detailed QA plan exists on the associated ticket (if it isn't
there, work with the product group's QA engineer to add it)
- [x] Manual QA for all new/changed functionality
2025-02-28 08:12:19 -05:00
Ian Littman
201762b3e7
Add table default encodings/charsets to all migrations missing them, retrofit existing DB schema (#26670)
For #25353.

This both fixes new installs going forward (in which case the final
migration is a no-op) and cleans up existing installs that have the
wrong collations (in the new migration).

# Checklist for submitter

If some of the following don't apply, delete the relevant line.

<!-- Note that API documentation changes are now addressed by the
product design team. -->

- [x] Changes file added for user-visible changes in `changes/`,
`orbit/changes/` or `ee/fleetd-chrome/changes`.
See [Changes
files](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/Committing-Changes.md#changes-files)
for more information.
- [x] Input data is properly validated, `SELECT *` is avoided, SQL
injection is prevented (using placeholders for values in statements)
- [x] If database migrations are included, checked table schema to
confirm autoupdate
- For database migrations:
- [x] Checked schema for all modified table for columns that will
auto-update timestamps during migration.
- [x] Confirmed that updating the timestamps is acceptable, and will not
cause unwanted side effects.
- [x] Ensured the correct collation is explicitly set for character
columns (`COLLATE utf8mb4_unicode_ci`).
- [x] Manual QA for all new/changed functionality
2025-02-27 17:25:20 -06:00
Gabriel Hernandez
0da4826480
Feat UI byod landing page (#26592)
For #26211 and #26210

Add Android to byod enrollment landing page. this includes:

**new android section in add hosts modal:**


![image](https://github.com/user-attachments/assets/f951df0c-4654-4434-8c95-8b57634d4921)

**messaging when visiting from non android, ios, ipad device:**


![image](https://github.com/user-attachments/assets/169903a9-8d5e-4e3b-9b78-378a0e791b22)

**enroll into android mdm UI:**


![image](https://github.com/user-attachments/assets/79c9c116-e003-4a80-b0e9-8fbe8775a82c)

**various error states (secret is invalid, android or mac os mdm not
enabled):**


![image](https://github.com/user-attachments/assets/bc0035ac-b2ed-47e5-8e25-8716fc642e70)


![image](https://github.com/user-attachments/assets/87b8ca87-3352-47fe-8dbf-1bc2a49553b1)


![image](https://github.com/user-attachments/assets/5a378f5f-84d3-4738-aab3-0f68760d317d)

- [x] Changes file added for user-visible changes in `changes/`,
`orbit/changes/` or `ee/fleetd-chrome/changes`.
- [x] Manual QA for all new/changed functionality
2025-02-27 19:35:42 +00:00
George Karr
b47e4a51ce
Drop support for macOS 13 (#26525)
Drop support for macOS 13 and no longer need to validate nudge updates
2025-02-27 13:34:59 -06:00
Scott Gress
973fe46c5e
Add pagination to manage automations (#26414)
For #23243 

# Checklist for submitter

<!-- Note that API documentation changes are now addressed by the
product design team. -->

- [x] Changes file added for user-visible changes in `changes/`,
`orbit/changes/` or `ee/fleetd-chrome/changes`.
See [Changes
files](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/Committing-Changes.md#changes-files)
for more information.
- [x] Added/updated automated tests
- [ ] A detailed QA plan exists on the associated ticket (if it isn't
there, work with the product group's QA engineer to add it)
- [x] Manual QA for all new/changed functionality

## Details

This PR updates the policy Manage Automations modals to support
pagination. Previously, these modals received a list of policies from
the main Manage Policies page, which is itself paginated, so that a user
could only add automations to whatever policies were currently listed on
the Manage Automations page. This PR does some refactoring via the
creation of a new PaginatedList component which:

* accepts a `fetchPage` property it can call to get a page of data, 
* renders the data in a list with checkboxes and optional custom markup
(e.g. dropdowns)
* keeps track of changed ("dirty") items in the list, even across page
changes
* allows parent components to access the list of dirty items via a React
`ref`

For this specific use case, there's also a new `PoliciesPaginatedList`
which implements the `fetchPage` for getting a page of policies, and
adds Save and Cancel buttons. Each of the updated modals uses
`PoliciesPaginatedList` to replace its current code for rendering
policies in a list, and delegates much of the logic around change
tracking to the new components.
2025-02-27 12:43:38 -06:00
Sarah Gillespie
f43fb9538a
Merge branch 'main' into feat-23235-host-certificates 2025-02-27 11:41:34 -06:00
RachelElysia
769154b821
Fleet UI: Fix several team ids that were dropping in certain flows (#26590) 2025-02-27 10:53:34 -05:00
Gabriel Hernandez
1a655bf89a
UI activites for android mdm (#26647) 2025-02-27 14:07:34 +00:00
RachelElysia
7b7fa2fcd1
Fleet UI: Component fixes (styling bugs and code cleanup) (#26149) 2025-02-26 13:47:28 -05:00
gillespi314
c5386b1290 Merge branch 'main' into feat-23235-host-certificates 2025-02-26 12:43:19 -06:00
Dante Catalfamo
347ab3955a
Always allow passwords for users (#26334)
For #25834
2025-02-25 16:27:58 -05:00
Martin Angers
0adf67e538 Fix conflicts 2025-02-25 14:39:35 -05:00
Jahziel Villasana-Espinoza
7ec49e1c63
fix: improve sanitation of python version strings to match CPEs (#26538)
> for #25991

![Screenshot 2025-02-21 at 3 33
00 PM](https://github.com/user-attachments/assets/a0ba59d5-40cc-48a9-9ba1-0e0beecafd44)


# Checklist for submitter

If some of the following don't apply, delete the relevant line.

<!-- Note that API documentation changes are now addressed by the
product design team. -->

- [x] Changes file added for user-visible changes in `changes/`,
`orbit/changes/` or `ee/fleetd-chrome/changes`.
See [Changes
files](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/Committing-Changes.md#changes-files)
for more information.
- [x] Added/updated automated tests
- [x] A detailed QA plan exists on the associated ticket (if it isn't
there, work with the product group's QA engineer to add it)
- [x] Manual QA for all new/changed functionality
2025-02-25 13:59:35 -05:00
Scott Gress
e013ce742a
Show "Manage Automations" dropdown when no policies are present (#26298)
For #23243 

# Checklist for submitter

<!-- Note that API documentation changes are now addressed by the
product design team. -->

- [X] Changes file added for user-visible changes in `changes/`,
`orbit/changes/` or `ee/fleetd-chrome/changes`.
See [Changes
files](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/Committing-Changes.md#changes-files)
for more information.

## Details

This PR changes the behavior of the Manage Automations dropdown on the
Manage Policies page. Any user that has permission to manage policies
will now always see the dropdown. If there are no policies added for the
selected team (or no policies at all, in the case of "All teams" or
users on the free tier), the dropdown is disabled with a tooltip.

## Screenshots

**Free tier:**
<img width="753" alt="image"
src="https://github.com/user-attachments/assets/37a3b97a-74b3-4495-ace4-bfece30b3822"
/>

---

**Premium tier, All Teams:**
<img width="736" alt="image"
src="https://github.com/user-attachments/assets/bedd9a5f-e2aa-49da-8943-61bc69af9744"
/>

---

**Premium tier, team selected:**
<img width="744" alt="image"
src="https://github.com/user-attachments/assets/e1c2397b-1d19-46f2-b78d-e7a923f91c8f"
/>
2025-02-25 11:10:33 -06:00
Jahziel Villasana-Espinoza
dfc58d9600
fix: add index to os cve column (#26576)
> for #26178

# Checklist for submitter

If some of the following don't apply, delete the relevant line.

<!-- Note that API documentation changes are now addressed by the
product design team. -->

- [x] Changes file added for user-visible changes in `changes/`,
`orbit/changes/` or `ee/fleetd-chrome/changes`.
See [Changes
files](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/Committing-Changes.md#changes-files)
for more information.
- [x] If database migrations are included, checked table schema to
confirm autoupdate
- [x] Manual QA for all new/changed functionality

---------

Co-authored-by: Ian Littman <iansltx@gmail.com>
2025-02-24 21:59:56 -05:00
Jahziel Villasana-Espinoza
e6c5cf002a
fix: don't re-use title ID from a windows app for a vpp app (#26546)
> for #25651

# Checklist for submitter

If some of the following don't apply, delete the relevant line.

<!-- Note that API documentation changes are now addressed by the
product design team. -->

- [x] Changes file added for user-visible changes in `changes/`,
`orbit/changes/` or `ee/fleetd-chrome/changes`.
See [Changes
files](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/Committing-Changes.md#changes-files)
for more information.
- [x] Added/updated automated tests
- [x] A detailed QA plan exists on the associated ticket (if it isn't
there, work with the product group's QA engineer to add it)
- [x] Manual QA for all new/changed functionality
2025-02-24 17:51:12 -05:00
Ian Littman
f5ca50a340
Always record uploaded pkg files as "apps" source if they have a bundle ID to avoid conflicts with the same package appearing in inventory later (#26374)
For #26373.

# Checklist for submitter

If some of the following don't apply, delete the relevant line.

<!-- Note that API documentation changes are now addressed by the
product design team. -->

- [x] Changes file added for user-visible changes in `changes/`,
`orbit/changes/` or `ee/fleetd-chrome/changes`.
See [Changes
files](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/Committing-Changes.md#changes-files)
for more information.
- [x] A detailed QA plan exists on the associated ticket (if it isn't
there, work with the product group's QA engineer to add it)
- [x] Manual QA for all new/changed functionality

Autoated tests cover the code in the changes.
2025-02-24 16:38:57 -06:00
Ian Littman
91c90b681f
Change default vuln feed concurrency from 5 to 1 (#26565)
We're seeing database load issues at the default concurrency level, so
need to pick a significantly more conservative default, which we've
rolled out to a number of environments already as an override.

QA'd by adding the following at the top of `newVulnerabilitiesSchedule`
in `cron.go`:

```go
	fmt.Printf("%+v\n", config)
```

# Checklist for submitter

If some of the following don't apply, delete the relevant line.

<!-- Note that API documentation changes are now addressed by the
product design team. -->

- [x] Changes file added for user-visible changes in `changes/`,
`orbit/changes/` or `ee/fleetd-chrome/changes`.
See [Changes
files](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/Committing-Changes.md#changes-files)
for more information.
- [x] A detailed QA plan exists on the associated ticket (if it isn't
there, work with the product group's QA engineer to add it)
- [x] Manual QA for all new/changed functionality
2025-02-24 15:15:04 -06:00
RachelElysia
e98a93e8bc
Fleet UI: Auto-install VPP apps (#26455) 2025-02-24 16:01:55 -05:00
Martin Angers
8477856886 FIx conflicts 2025-02-24 14:28:34 -05:00
Martin Angers
a141830f76
CHV: implement paginated list certificates endpoints (#26554) 2025-02-24 12:52:39 -05:00
Scott Gress
0c95c50a41
Make desktop server display manager restart (#26526)
For #25616 

# Checklist for submitter

- [X] Changes file added for user-visible changes in `changes/`,
`orbit/changes/` or `ee/fleetd-chrome/changes`.
See [Changes
files](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/Committing-Changes.md#changes-files)
for more information.
- For Orbit and Fleet Desktop changes:
- [X] Manual QA must be performed in the three main OSs, macOS, Windows
and Linux.
- Tested on macOS, Windows, Ubuntu, Fedora (w/ and without system tray)
and Debian (w/ and without system tray)

## Details

This PR addresses the issue that on Ubuntu, if a user restarts their
display manager (e.g. with `sudo systemctl restart gdm3`), the Fleet
Desktop tray icon disappears and doesn't come back. The solution in this
PR is to add a function that runs in a loop and checks whether the tray
icon still exists, and if not, kills the Fleet Desktop process. The
parent Orbit process already has code to restart the desktop if it dies.
We also update the Orbit checker to run every 15 seconds, to limit the
delay in the icon coming back after a restart.

Also included in this PR is a rename from `desktop_unix.go` to
`desktop_linux.go`, which will be used automatically for linux builds,
and a new `desktop_darwin.go` for macos builds, and the removal of
redundant build directives for all.
2025-02-24 10:14:45 -06:00
jacobshandling
b990b3c6d9
UI - GitOps Mode, 3/3 (#26537)
## For #26229 

- Remove feature flag
- Undo updates to 4 Policies automation modals to facilitate refactor
being implemented in parallel
- Remaining specs:

**Manage teams:**

![manage-teams](https://github.com/user-attachments/assets/af8d8d10-2add-4d8d-8961-61d0de44b067)

Empty:
<img width="1464" alt="Screenshot 2025-02-21 at 4 27 30 PM"
src="https://github.com/user-attachments/assets/17cf4fc2-cc4e-4f63-8276-3db79b44e9e1"
/>

**Team users:**

![team-users](https://github.com/user-attachments/assets/1bf106c1-bdf7-442c-a957-6c9eea6af14d)
Empty:
<img width="1464" alt="Screenshot 2025-02-21 at 4 29 01 PM"
src="https://github.com/user-attachments/assets/46dd0e44-2af3-4ca7-a0be-628e358a61d7"
/>

**Team agent options:**

![team-agent-options](https://github.com/user-attachments/assets/7d4ee8b6-03c7-48d2-8337-b2c33e50abe9)

**Team settings:**

![team-settings](https://github.com/user-attachments/assets/a67b45fc-a5ce-4267-b8fd-2f1e300d1fd8)


- [x] Changes file added for user-visible changes in `changes/`
- [x] Added/updated automated tests
- [ ] A detailed QA plan exists on the associated ticket (if it isn't
there, work with the product group's QA engineer to add it)
- [x] Manual QA for all new/changed functionality

---------

Co-authored-by: Jacob Shandling <jacob@fleetdm.com>
2025-02-21 16:56:20 -08:00
Ian Littman
ce36352fcd
Allow automatic creation of software install policy for VPP and FMA apps in API (#26440)
For #26190. FMA is included here because the previous implementation was
client-side. QA'd manually. Follow-up PR soon with automated test coverage.

# Checklist for submitter

If some of the following don't apply, delete the relevant line.

<!-- Note that API documentation changes are now addressed by the
product design team. -->

- [x] Changes file added for user-visible changes in `changes/`,
`orbit/changes/` or `ee/fleetd-chrome/changes`.
See [Changes
files](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/Committing-Changes.md#changes-files)
for more information.
- [x] Input data is properly validated, `SELECT *` is avoided, SQL
injection is prevented (using placeholders for values in statements)
- [ ] Added/updated automated tests
- [x] A detailed QA plan exists on the associated ticket (if it isn't
there, work with the product group's QA engineer to add it)
- [x] Manual QA for all new/changed functionality
2025-02-21 18:08:48 -06:00
Sarah Gillespie
ea35a2d77d
Cleanup host_certificates table on host deletion (#26524) 2025-02-21 15:57:09 -06:00
Ian Littman
f6f540b74e
Add created_at/updated_at timestamps to VPP apps teams table, return as added_at (#26442)
For #23744.

Splitting into another PR: query to pull more accurate timestamps from
activity feed

# Checklist for submitter

If some of the following don't apply, delete the relevant line.

<!-- Note that API documentation changes are now addressed by the
product design team. -->

- [x] Changes file added for user-visible changes in `changes/`,
`orbit/changes/` or `ee/fleetd-chrome/changes`.
See [Changes
files](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/Committing-Changes.md#changes-files)
for more information.
- [x] Input data is properly validated, `SELECT *` is avoided, SQL
injection is prevented (using placeholders for values in statements)
- [x] If database migrations are included, checked table schema to
confirm autoupdate
- For database migrations:
- [x] Checked schema for all modified table for columns that will
auto-update timestamps during migration.
- [x] Confirmed that updating the timestamps is acceptable, and will not
cause unwanted side effects.
- [x] Ensured the correct collation is explicitly set for character
columns (`COLLATE utf8mb4_unicode_ci`).
- [x] Added/updated automated tests
- [x] A detailed QA plan exists on the associated ticket (if it isn't
there, work with the product group's QA engineer to add it)
- [x] Manual QA for all new/changed functionality
2025-02-21 15:07:52 -06:00
Gabriel Hernandez
a748e923c8
add UI for turning android mdm on/off (#26517)
For #26207

Adds UI for turning the android mdm on and off. This is currently hidden
behind a feature flag. To enable use FLEET_DEV_ANDROID_ENABLED=1 when
running your fleet server.

This includes:

**android mdm on and off card:**


![image](https://github.com/user-attachments/assets/4205f364-7c90-47c5-bb67-37a571e6a713)


![image](https://github.com/user-attachments/assets/67839f8f-fc51-43bc-b1ce-86b793b60ed2)

**Android mdm page off state**


![image](https://github.com/user-attachments/assets/fe12d0ac-9395-42a2-ab10-ea027bc560ba)

**Andoid mdm page on state**


![image](https://github.com/user-attachments/assets/d1ca80b1-6794-47ce-ab16-d0603295d581)

**Turn off android mdm modal**


![image](https://github.com/user-attachments/assets/18e69319-5b29-4d70-a9e0-7ff3c489e2aa)

> NOTE: will need to come back and revisit this for the SSE handling
when android mdm is successfully turned on.

- [x] Changes file added for user-visible changes in `changes/`,
`orbit/changes/` or `ee/fleetd-chrome/changes`.
See [Changes
files](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/Committing-Changes.md#changes-files)
for more information.
- [ ] Added/updated automated tests
- [x] Manual QA for all new/changed functionality
2025-02-21 17:23:38 +00:00
Gabriel Hernandez
76e16f0ec2
UI for certificate details on host details and my device pages (#26380)
For #25464

Implements the UI for viewing certification details on the host details
and my device pages.

This includes:

**Certs card and table on host details and my device page**


![image](https://github.com/user-attachments/assets/e685e55f-d982-43a7-91ff-e6d033b758f5)

**Cert details modal**


![image](https://github.com/user-attachments/assets/4a1d7421-85b8-4b3e-a010-ea752e7c6bdf)

- includes some work around normalising the details section card header
styles on these pages.
- includes extending DataSet component to add a `horizontal` orientation
when rendering the data


> NOTE: We still need to integrate with the API endpoints when they are
ready.

- [x] Changes file added for user-visible changes in `changes/`,
`orbit/changes/` or `ee/fleetd-chrome/changes`.
- [ ] Added/updated automated tests
- [x] Manual QA for all new/changed functionality
2025-02-21 11:52:41 +00:00
Scott Gress
8bab38b75a
Update "used by" display and tooltip styling (#26262)
For #25283 

# Checklist for submitter

- [X] Changes file added for user-visible changes in `changes/`,
`orbit/changes/` or `ee/fleetd-chrome/changes`.
See [Changes
files](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/Committing-Changes.md#changes-files)
for more information.

## Details

This PR updates the styling on the "Used by" line of the host details
page in the following ways:

* Updated color of the "more..." text
* Truncated long email address with ellipses
* Tooltip displays _all_ email addresses (in case the first one was
truncated)

## Screenshots

With extra long email:
<img width="353" alt="image"
src="https://github.com/user-attachments/assets/1e6dc535-c40d-44b6-a3ad-86920ac06772"
/>

---

Tooltips:
<img width="386" alt="image"
src="https://github.com/user-attachments/assets/8138e666-18f9-4e3b-a26a-99dc5b0492e7"
/>
<img width="455" alt="image"
src="https://github.com/user-attachments/assets/ef3ac552-b4ee-42ca-a522-aefacb4c9227"
/>

---

With regular email:
<img width="273" alt="image"
src="https://github.com/user-attachments/assets/88fae2c8-a2c8-4dd7-8a67-a8d9e33b7f08"
/>

---

With one email:
<img width="220" alt="image"
src="https://github.com/user-attachments/assets/198cf108-a8b7-4856-aa46-46e4a7676ef5"
/>

---

With one long email:
<img width="314" alt="image"
src="https://github.com/user-attachments/assets/0d781689-3140-41e2-be8c-a0c9b2542b35"
/>
2025-02-20 12:08:25 -06:00
Dante Catalfamo
739ca1e8c2
Remove restriction on setting both metadata and metadata_url (#26279)
For #26075
2025-02-19 10:11:52 -05:00
Martin Angers
6049b3919f
Unified Queue: add DB migration for existing pending activities (#26413) 2025-02-19 08:29:14 -05:00
Gabriel Hernandez
a669f3938b
fix issue with resetting abm token teams (#26259)
For #24040

Add gitops option for the request to modify the app config.

There was an issue with the abm token teams getting reset to default
anytime the `PATCH /fleet/config` endpoint was called. @jahzielv and I
discussed various options on how to solve this and agreed that the
approach taken in this PR was the quickest but not the best. Ideally,
we'd like the gitops client to send back the data to the endpoint that
its going to update. This will allow the `PATCH /fleet/config` endpoint
to work like a standard `PATCH` request and only update the options
provided instead of updating the app config differently depending on the
client calling the endpoint.

- [x] Changes file added for user-visible changes in `changes/`,
`orbit/changes/` or `ee/fleetd-chrome/changes`.
See [Changes
files](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/Committing-Changes.md#changes-files)
for more information.
- [x] Added/updated automated tests
- [x] Manual QA for all new/changed functionality
2025-02-18 20:08:06 +00:00
Scott Gress
403deb1e3e
Don't truncate text in SQL editor (#26292)
For #25921 

# Checklist for submitter

- [X] Changes file added for user-visible changes in `changes/`,
`orbit/changes/` or `ee/fleetd-chrome/changes`.
See [Changes
files](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/Committing-Changes.md#changes-files)
for more information.

## Details

This PR fixes an issue where the SQL editor would truncate large
queries, because it was setting a mandatory height on the content
element rather than letting the element use its own computed height.

## Screenshots

**Before:**

![25921-before](https://github.com/user-attachments/assets/19e6e4ea-6ec4-4451-80c7-c5fa061353d7)

**After:**

![25921-after](https://github.com/user-attachments/assets/26c80f89-4bd7-4f43-9d28-531fff945aba)
2025-02-18 11:10:16 -06:00
Scott Gress
f200bb38c0
Revert "Add "ExcludeFleetMaintainedApps" option to software titles query (#26383)
This feature was requested by a customer that has since decided not to
continue using the MSP dashboard. We had identified some edge cases with
the feature that we wanted to add patches for, so rather than leave it
in the current state (which isn't being used) we decided to back the
code out entirely.

This is a revert of commit
8419b8e87a.
2025-02-18 10:46:47 -06:00
Jahziel Villasana-Espinoza
07486aef30
fix: update App Store app versions on an hourly basis (#26326)
> For #24222

# Checklist for submitter

If some of the following don't apply, delete the relevant line.

<!-- Note that API documentation changes are now addressed by the
product design team. -->

- [x] Changes file added for user-visible changes in `changes/`,
`orbit/changes/` or `ee/fleetd-chrome/changes`.
See [Changes
files](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/Committing-Changes.md#changes-files)
for more information.
- [x] Input data is properly validated, `SELECT *` is avoided, SQL
injection is prevented (using placeholders for values in statements)
- [x] Added/updated automated tests
- [x] A detailed QA plan exists on the associated ticket (if it isn't
there, work with the product group's QA engineer to add it)
- [x] Manual QA for all new/changed functionality
2025-02-17 14:56:24 -05:00
Gabriel Hernandez
63bec832aa
Feat UI host transfer delete warnings (#26287)
For #25656

changed the copy for the delete and transfer host modal to be more clear
about the disk encryption key behaviour

**delete host modal**


![image](https://github.com/user-attachments/assets/e2f74f3b-fdd1-4cae-970e-44035c7630af)

**Transfer host modal**


![image](https://github.com/user-attachments/assets/8271eaae-9d80-4385-9704-860d7dc02588)


If some of the following don't apply, delete the relevant line.

<!-- Note that API documentation changes are now addressed by the
product design team. -->

- [x] Changes file added for user-visible changes in `changes/`,
`orbit/changes/` or `ee/fleetd-chrome/changes`.
- [x ] Added/updated automated tests
- [x] Manual QA for all new/changed functionality
2025-02-17 13:25:22 +00:00
Jahziel Villasana-Espinoza
5e48e3d4f3
fix: add an index to mitigate vuln processing resource spikes (#26331)
> For #26178

# Checklist for submitter

## Data from testing

We tested the changes out by directly creating the index in our dogfood
env. We saw a decrease in resource usage, captured in these screenshots:

DB load (taller spike towards the left is without the index, subsequent
spikes are after the index was added)

![image
(1)](https://github.com/user-attachments/assets/141f8066-89e9-4a8e-ba7c-9fd3a09afea4)

DB load over a longer period (overnight 2025-02-12 -> 2025-02-13)

![Screenshot 2025-02-13 at 9 05
05 AM](https://github.com/user-attachments/assets/bb0c6744-537d-4aec-960b-d100c4285d00)

CPU utilization

![Screenshot 2025-02-13 at 10 25
17 AM](https://github.com/user-attachments/assets/eeea9ae5-5a10-4d50-91bc-3a806b359b39)

Memory usage

![Screenshot 2025-02-13 at 10 26
52 AM](https://github.com/user-attachments/assets/bb77cdd8-41ef-4d90-a707-70b6d2976a59)


---


If some of the following don't apply, delete the relevant line.

<!-- Note that API documentation changes are now addressed by the
product design team. -->

- [x] Changes file added for user-visible changes in `changes/`,
`orbit/changes/` or `ee/fleetd-chrome/changes`.
See [Changes
files](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/Committing-Changes.md#changes-files)
for more information.
- [x] Input data is properly validated, `SELECT *` is avoided, SQL
injection is prevented (using placeholders for values in statements)
- [x] If database migrations are included, checked table schema to
confirm autoupdate
- [x] A detailed QA plan exists on the associated ticket (if it isn't
there, work with the product group's QA engineer to add it)
- [x] Manual QA for all new/changed functionality
2025-02-14 12:53:41 -05:00
Dante Catalfamo
b2a8b5c70e
Add fix for software installers breaking with old fleet version (#26297)
#26283
2025-02-12 12:49:17 -05:00
Jahziel Villasana-Espinoza
c7881be451
fix: add check to max concurrency value (#26240)
> For #26177

# Checklist for submitter

If some of the following don't apply, delete the relevant line.

<!-- Note that API documentation changes are now addressed by the
product design team. -->

- [x] Changes file added for user-visible changes in `changes/`,
`orbit/changes/` or `ee/fleetd-chrome/changes`.
See [Changes
files](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/Committing-Changes.md#changes-files)
for more information.
- [x] Added/updated automated tests
- [x] Manual QA for all new/changed functionality
2025-02-12 12:24:35 -05:00
Ian Littman
30e5043919
Switch to a simpler, more reliable query for checking if the initial admin user has been added (#26012)
For #26011, follow-up work for #26003.

# Checklist for submitter

If some of the following don't apply, delete the relevant line.

<!-- Note that API documentation changes are now addressed by the
product design team. -->

- [x] Changes file added for user-visible changes in `changes/`,
`orbit/changes/` or `ee/fleetd-chrome/changes`.
See [Changes
files](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/Committing-Changes.md#changes-files)
for more information.
- [x] Input data is properly validated, `SELECT *` is avoided, SQL
injection is prevented (using placeholders for values in statements)
- [x] Added/updated automated tests
- [x] A detailed QA plan exists on the associated ticket (if it isn't
there, work with the product group's QA engineer to add it)
- [x] Manual QA for all new/changed functionality
2025-02-12 07:52:31 -06:00
Martin Angers
606df3f349
Upcoming Activities feature branch (#25450) 2025-02-11 14:53:11 -05:00
Sarah Gillespie
2dce287704
Update device user UI with improved instructions to turn on MDM (#26193) 2025-02-11 12:22:18 -06:00
Konstantin Sykulev
2b0be3771d
Removing usage of semver in resolved in version resolution (#26062)
The host software version and VersionEndExcluding did not always get
parsed by semver properly. Switching to using `SmartVerCmp` from the
nvdtools code. This is much more relaxed when parsing versions.

https://github.com/fleetdm/fleet/issues/24810

- [x] Changes file added for user-visible changes in `changes/`,
`orbit/changes/` or `ee/fleetd-chrome/changes`.
See [Changes
files](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/Committing-Changes.md#changes-files)
for more information.
- [x] Added/updated automated tests
- [ ] A detailed QA plan exists on the associated ticket (if it isn't
there, work with the product group's QA engineer to add it)
- [x] Manual QA for all new/changed functionality
2025-02-11 12:21:42 -06:00
Sarah Gillespie
daabdb6531
Disallow user-scoped profiles for Windows MDM (#26153) 2025-02-10 14:17:04 -06:00
Victor Lyuboslavsky
2eb5119efb
Clear bootstrap package and enrollment profile with GitOps (#26095)
For #25648 

Fixed issue where `fleetctl gitops` was NOT deleting macOS setup
experience bootstrap package and enrollment profile. GitOps should clear
all settings that are not explicitly set in YAML config files.

# Checklist for submitter

- [x] Changes file added for user-visible changes in `changes/`,
`orbit/changes/` or `ee/fleetd-chrome/changes`.
See [Changes
files](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/Committing-Changes.md#changes-files)
for more information.
- [x] Added/updated automated tests
- [x] A detailed QA plan exists on the associated ticket (if it isn't
there, work with the product group's QA engineer to add it)
- [x] Manual QA for all new/changed functionality
2025-02-07 14:35:51 -06:00
Dante Catalfamo
1a9f4012b3
Update wine to version 10, replace wine64 with wine (#25997)
#25872
2025-02-07 11:05:07 -05:00
Victor Lyuboslavsky
55423f67e2
Fixed parsing of relative paths for MDM profiles in gitops no-team.yml (#26046)
For #25770 

We already unmarshal macOS/Windows settings (added by Martin), so we
replace the path with an absolute file path and keep them unmarshalled
so they don't have to be re-unmarshalled later. Note: the custom
UnmarshalJSON method on these structs checks for (and handles) legacy
format (before labels were added).

Also some refactorings:
- extracted `extractControlsForNoTeam`
- reorganized `TestGitOpsBasicGlobalAndNoTeam` with subtests -- I did
not actually change functionality of this test

# Checklist for submitter

- [x] Changes file added for user-visible changes in `changes/`,
`orbit/changes/` or `ee/fleetd-chrome/changes`.
See [Changes
files](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/Committing-Changes.md#changes-files)
for more information.
- [x] Added/updated automated tests
- [x] A detailed QA plan exists on the associated ticket (if it isn't
there, work with the product group's QA engineer to add it)
- [x] Manual QA for all new/changed functionality
2025-02-06 16:39:15 -06:00
Scott Gress
3e3d19c6d4
Update policies and queries empty states (#26124)
For #23312 

# Overview

Update to previous work on Policies page to match expedited design.

## Details

* Remove the "all teams" verbiage in free edition
* Move the CTA (Add policy / Add query) buttons to the top right (where
they are in the non-empty state)
* Make Query page match Policies page with new verbiage and button
placement
* Remove "0 queries" label in Queries page header when there are no
queries, to be consistent with Policies.

## Screenshots

Policies page on All Teams w/ no results:
<img width="1055" alt="image"
src="https://github.com/user-attachments/assets/2e25bff4-db58-448c-b573-cc55425f1e46"
/>

"Add" button moved to top right.

---

Policies page on single team w/ no results:
<img width="1073" alt="image"
src="https://github.com/user-attachments/assets/1a9d69cf-c228-44f2-825a-ceab69e62075"
/>

"Add" button moved to top right.

---

Policies page on free tier w/ no results:
<img width="1055" alt="image"
src="https://github.com/user-attachments/assets/d557f139-3890-42b8-9fc9-1f943d5a3f26"
/>

"Add" button moved to top right, language now reads "You don't have any
policies".

---

Queries page on on All Teams w/ no results:
<img width="1057" alt="image"
src="https://github.com/user-attachments/assets/fc707460-37b1-465b-8e9b-32d14cfd2287"
/>

"Add" button moved to top right, no query count, language says "You
don't have any queries that apply to all teams"

---

Queries page on on single team w/ no results:
<img width="1051" alt="image"
src="https://github.com/user-attachments/assets/9c30502c-5ecb-4473-80c5-142419c7e676"
/>

"Add" button moved to top right, no query count, language says "You
don't have any queries that apply to this team"

---

Queries page on free tier w/ no results:
<img width="1050" alt="image"
src="https://github.com/user-attachments/assets/def51c25-53ac-4ee1-ab4c-48607aaae34d"
/>

"Add" button moved to top right, no query count
2025-02-06 11:25:43 -08:00
Dante Catalfamo
f8de2d9e50
Follow redis redirects by default (#26043)
#22791

This will prevent the occasional redirect from breaking live queries.
Customers can still disable the redirects by setting
`redis.cluster_follow_redirections` to `false`.
2025-02-06 13:32:31 -05:00
RachelElysia
44102f7299
Fleet UI: Fix small teamId routing bug (#26105) 2025-02-06 09:37:05 -05:00
Ian Littman
136e5f8a6e
Add CPE translation mapping for IntelliJ CE for Windows (#25971)
Won't solve the false positive issues due to version number mismatches,
but will fix the false negative where CE wasn't matching at all, and
this is a full fix for IJ CE installed via JetBrains Toolbox.

For #25662.

# Checklist for submitter

If some of the following don't apply, delete the relevant line.

<!-- Note that API documentation changes are now addressed by the
product design team. -->

- [x] Changes file added for user-visible changes in `changes/`,
`orbit/changes/` or `ee/fleetd-chrome/changes`.
See [Changes
files](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/Committing-Changes.md#changes-files)
for more information.
- [x] Added/updated automated tests
- [x] A detailed QA plan exists on the associated ticket (if it isn't
there, work with the product group's QA engineer to add it)
- [x] Manual QA for all new/changed functionality
2025-02-05 17:07:34 -06:00
jacobshandling
4b1472d4a6
UI -Only show new policy target checkboxes in modal (#26059)
## For #26049 


![ezgif-222a20b7ee822](https://github.com/user-attachments/assets/148e46a2-91bd-4636-b710-daa09c66a77c)

- [x] Changes file added for user-visible changes in `changes/`
- [x] Manual QA for all new/changed functionality

---------

Co-authored-by: Jacob Shandling <jacob@fleetdm.com>
2025-02-05 09:56:08 -08:00
Luke Heath
5e83ba6cc8
Adding changes for Fleet v4.63.0 (#25433) 2025-02-04 13:55:00 -06:00
RachelElysia
df8e753e71
Fleet UI: Consistent table row clickability (#26022) 2025-02-04 14:05:22 -05:00
Ian Littman
805a0e9179
Allow use of bash as a script interpreter (#25449)
For #24470.

---------

Co-authored-by: dantecatalfamo <dante.catalfamo@gmail.com>
Co-authored-by: Dante Catalfamo <43040593+dantecatalfamo@users.noreply.github.com>
2025-02-04 12:42:40 -05:00
jacobshandling
53afcecaff
UI – Add on-hover shadow and on row click functionality to script list items (#25995) 2025-02-04 09:27:52 -08:00
Victor Lyuboslavsky
a0497ecd77
Added debug logging to declaration configurations status. (#26020)
For #25812 

I am adding some debug logging for DDM configuration profile status to
assist in future potential debug. This change should have no noticeable
functional changes.

# Checklist for submitter

- [x] Changes file added for user-visible changes in `changes/`,
`orbit/changes/` or `ee/fleetd-chrome/changes`.
See [Changes
files](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/Committing-Changes.md#changes-files)
for more information.
- [x] Manual QA for all new/changed functionality
2025-02-04 11:15:29 -06:00
Gabriel Hernandez
686b56f892
update UI tooltip for deadline input on the os settings target form (#25980)
For #25159

This updates the os settings Target form deadline input tooltip to make
it more correct for how the
deadline works for hosts. Macos, ios, and iPad all return the same
tooltip text now.

- [x] Changes file added for user-visible changes in `changes/`,
`orbit/changes/` or `ee/fleetd-chrome/changes`.
- [x] Manual QA for all new/changed functionality
2025-02-04 15:14:41 +00:00
jacobshandling
ee47556053
UI - Fix team admin ability to edit MFA (#26002)
## For #25956 

- include the `mfa_enabled` field when rendering the edit user modal
- Include `mfa_enabled` as a changeable field in the form submission
logic


![ezgif-119080b112463](https://github.com/user-attachments/assets/83baafff-d7ec-4732-a5c0-c1878965d8ce)

- [x] Changes file added for user-visible changes in `changes/`
- [x] A detailed QA plan exists on the associated ticket (if it isn't
there, work with the product group's QA engineer to add it)
- [x] Manual QA for all new/changed functionality

---------

Co-authored-by: Jacob Shandling <jacob@fleetdm.com>
2025-02-03 17:03:22 -08:00
Dante Catalfamo
de58010510
Edit script modal (#25926)
For #24601

- [x] Changes file added for user-visible changes in `changes/`,
`orbit/changes/` or `ee/fleetd-chrome/changes`.
See [Changes
files](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/Committing-Changes.md#changes-files)
for more information.
- [x] A detailed QA plan exists on the associated ticket (if it isn't
there, work with the product group's QA engineer to add it)
	- Click pencil
	- Edit script
	- Save
	- Check script was saved
	- Check activities
- [x] Manual QA for all new/changed functionality
2025-02-03 14:27:44 -08:00
RachelElysia
28d458b948
Fleet UI: Add target labels for VPP apps (#25815) 2025-02-03 17:10:22 -05:00
jacobshandling
dcc94cd534
UI - Fix policies team pagination (#25744)
## For #24886 

### [Demo
video](https://drive.google.com/file/d/1yjhxohFTPP0RvHIyZvMn9m0l3oepus8L/view?usp=sharing)

- [x] Changes file added for user-visible changes in `changes/`
- [x] Manual QA for all new/changed functionality

---------

Co-authored-by: Jacob Shandling <jacob@fleetdm.com>
2025-02-03 13:02:28 -08:00
jacobshandling
a4c6c2375a
change file (#25962)
## Change file for #25305 which was a community contribution

Co-authored-by: Jacob Shandling <jacob@fleetdm.com>
2025-02-03 11:25:10 -08:00
Konstantin Sykulev
1b02fbb617
Added software_titles unique index idx_unique_sw_titles (#25794)
For #25235

This allows software with different names but the same bundle identifier
to be grouped under the same title. It also allows for software with the
same name but different bundle identifiers to be under two separate
titles.

- [x] Changes file added for user-visible changes in `changes/`,
`orbit/changes/` or `ee/fleetd-chrome/changes`.
See [Changes
files](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/Committing-Changes.md#changes-files)
for more information.
- [x] If database migrations are included, checked table schema to
confirm autoupdate
- For database migrations:
- [x] Checked schema for all modified table for columns that will
auto-update timestamps during migration.
- [x] Confirmed that updating the timestamps is acceptable, and will not
cause unwanted side effects.
- [x] Ensured the correct collation is explicitly set for character
columns (`COLLATE utf8mb4_unicode_ci`).
- [x] Added/updated automated tests
- [x] A detailed QA plan exists on the associated ticket (if it isn't
there, work with the product group's QA engineer to add it)
- [x] Manual QA for all new/changed functionality
2025-02-03 13:23:21 -06:00
Sarah Gillespie
57ae189f86
Fix issue related to verification of Windows disk encryption (#25875) 2025-02-03 09:31:00 -06:00
Ian Littman
9145709c0e
Switch "Disk encryption" casing for Windows/Linux profiles (#25801)
For #25191

# Checklist for submitter

If some of the following don't apply, delete the relevant line.

- [x] Changes file added for user-visible changes in `changes/`,
`orbit/changes/` or `ee/fleetd-chrome/changes`.
See [Changes
files](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/Committing-Changes.md#changes-files)
for more information.
- [x] Manual QA for all new/changed functionality

I can QA this later but @RachelElysia lmk if you can beat me to it.
Requires a Linux host and a Windows host enrolled, which I'll have soon
but don't have right this second.
2025-02-01 20:14:03 -06:00
Lucas Manuel Rodriguez
1b03714dff
Added support for event format on query reports (#25876)
For #23465.

- [X] Changes file added for user-visible changes in `changes/`,
`orbit/changes/` or `ee/fleetd-chrome/changes`.
See [Changes
files](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/Committing-Changes.md#changes-files)
for more information.
- [X] Added/updated automated tests
- [x] A detailed QA plan exists on the associated ticket (if it isn't
there, work with the product group's QA engineer to add it)
- [X] Manual QA for all new/changed functionality
2025-01-31 16:26:24 -03:00
jacobshandling
fa7a6c810f
UI - Replace "Include Fleet desktop" with host type radio selection buttons when adding Windows or Linux hosts. (#25914)
## For #25306 


![ezgif-548801a08fef2](https://github.com/user-attachments/assets/e91c7c18-50e8-4a69-aad8-6c97ebc59bce)


- [x] Changes file added for user-visible changes in `changes/`
- [x] Manual QA for all new/changed functionality

---------

Co-authored-by: Jacob Shandling <jacob@fleetdm.com>
2025-01-31 10:37:15 -08:00
Scott Gress
764bc1dd68
Update tooltip for query compatibility (#25892)
For #25553 

# Checklist for submitter

<!-- Note that API documentation changes are now addressed by the
product design team. -->

- [X] Changes file added for user-visible changes in `changes/`,
`orbit/changes/` or `ee/fleetd-chrome/changes`.
See [Changes
files](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/Committing-Changes.md#changes-files)
for more information.

Quick update to the "compatibility" tooltip to clarify that it applies
only to tables, and user should check the columns they use to ensure
full compatibility.

<img width="327" alt="image"
src="https://github.com/user-attachments/assets/50c69a40-26c3-4b1a-8792-72925e1f41bc"
/>
2025-01-31 09:56:12 -06:00
Scott Gress
1cd37ef966
Update NewLabel method to use more efficient update mechanism (#25777)
For #25555 

# Checklist for submitter

- [X] Changes file added for user-visible changes in `changes/`,
`orbit/changes/` or `ee/fleetd-chrome/changes`.
See [Changes
files](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/Committing-Changes.md#changes-files)
for more information.
- [X] Input data is properly validated, `SELECT *` is avoided, SQL
injection is prevented (using placeholders for values in statements)

This PR updates the `NewLabel` service to use the
`UpdateLabelMembershipByHostIDs` method previously added by
@jacobshandling rather than using `ApplyLabels`. The latter method has
performance issues when adding large numbers of hosts at once to a
manual label (see #25555) because it does an expensive lookup of host
names before transforming those into Fleet host IDs. The new code skips
the middleman and transforms host identifiers directly to Fleet host
IDs, and does so using a batching strategy to ensure the queries don't
get too large.

This PR does update `UpdateLabelMembershipByHostIDs` slightly to return
an updated Label object and host IDs array, as this is the expected
return value for `NewLabel`. I update the method's tests accordingly. I
don't think any new tests for `NewLabel` are needed as it should have
the same functionality and return values.

## Manual Testing

On the main branch, I launched my local MySQL with the thread stack size
set to the minimal allowed, and used the API to try and create a new
label with 5,000 hosts attached, and received a 422 response from the
server. Server logs showed:
```
level=error ts=2025-01-28T15:08:20.465401Z component=http user=scott@fleetdm.com method=POST 
uri=/api/latest/fleet/labels took=16.610292ms err="get hostnames by identifiers: Error 1436 (HY000): Thread stack 
overrun:  111136 bytes used of a 131072 byte stack, and 20000 bytes needed.  Use 'mysqld --thread_stack=#' to specify 
a bigger stack."
```

On this branch, I kept the same MySQL settings and tried my API request
again and it was successful:
<img width="776" alt="image"
src="https://github.com/user-attachments/assets/c4f0f52b-4d09-457b-8096-4dd3a747b1f4"
/>

## QA

The script I used to create a new manual label with lots of hosts is at:
https://gist.github.com/sgress454/84f12064c437da456c456e25c26d9069

To run it, first grab a bearer token from any API request by opening the
network tab, clicking a Fleet API request, and in the headers tab
scrolling down to Authorization:
<img width="892" alt="image"
src="https://github.com/user-attachments/assets/5680f3bf-8db8-469a-9f03-000b86622c04"
/>
(only take the part _after_ "Bearer")

Then download the script from that gist and in its folder run:
```
NODE_TLS_REJECT_UNAUTHORIZED=0 node ./add_hosts_to_label.js <the bearer token> "<a label name>"
```
e.g.
```
NODE_TLS_REJECT_UNAUTHORIZED=0 node ./add_hosts_to_label.js U3HpbdtadmJXGKYSB0U/PbwfOpHbBt7FpkWmGKKYolOO1moLNZA6XxP+QO5LVukvAotZ7d+JbNUEEhYHZtxoqg== "some test label"
```
This will invoke the API on https://localhost:8080 and try to add 5000
hosts a new label "some test label".

If you need to change the # of hosts or the url of the server, there are
additional arguments:
```
NODE_TLS_REJECT_UNAUTHORIZED=0 node ./add_hosts_to_label.js <the bearer token> "<a label name>" <number of hosts> <url>
```
e.g.
```
NODE_TLS_REJECT_UNAUTHORIZED=0 node ./add_hosts_to_label.js U3HpbdtadmJXGKYSB0U/PbwfOpHbBt7FpkWmGKKYolOO1moLNZA6XxP+QO5LVukvAotZ7d+JbNUEEhYHZtxoqg== "some test label" 10000 https://foo.bar
```
2025-01-31 09:19:36 -06:00
Gabriel Hernandez
49fe510ab0
fix for window profiles error message being cut off on OS settings modal (#25922)
relates to #24901

Fixes an issue where the error messages were being cut off for windows
profiles in the OS settings modal. Also added some tests for this
component.


![image](https://github.com/user-attachments/assets/16382a83-d92e-4c44-96ea-18416663700e)

- [x] Changes file added for user-visible changes in `changes/`,
`orbit/changes/` or `ee/fleetd-chrome/changes`.
- [x] Added/updated automated tests
- [x] Manual QA for all new/changed functionality
2025-01-31 14:40:24 +00:00
Gabriel Hernandez
eb9b1d615c
improve verified and verifying tooltips in profile status UI (#25886)
Fpr #24824

Updates the verified and verifying tooltips to be a bit more clear on
the Profile Status Aggregate component/

<!-- Note that API documentation changes are now addressed by the
product design team. -->

- [x] Changes file added for user-visible changes in `changes/`,
`orbit/changes/` or `ee/fleetd-chrome/changes`.
- [x] Manual QA for all new/changed functionality
2025-01-31 12:24:31 +00:00
Luke Heath
8d5154c015
Build fleetctl linux arm64 binary (#25905) 2025-01-30 15:39:53 -06:00
Dante Catalfamo
3c8033fa8e
Edible Scripts Backend (#25739)
#24602
2025-01-30 13:01:51 -05:00
jacobshandling
8d9ca0eabf
Require a password when changing a user from SSO to password-based authentication (#25843)
## For #24754

- Backend:
- Return an error when a PATCH attempts to update a user's
authentication from SSO to password but doesn't include a password
  - Add checks to integration test.
- Frontend:
- Form error when attempting to switch a user who is currently
SSO-authed to password without a password
- Refactor upstream inherited errors to allow for disabling the form
submission button when errors are present
  - Other improvements to user form validation

**[UI
Demo](https://drive.google.com/file/d/1-BIzCpqu0zjYHf7zxiZL_7kVoE2sLwtx/view?usp=sharing)**
**[API
Demo](https://drive.google.com/file/d/19lQ7Pvfmq3MwEjHw0_r9IoxVuNaSNwGb/view?usp=sharing)**

<img width="994" alt="Screenshot 2025-01-28 at 3 38 11 PM"
src="https://github.com/user-attachments/assets/304f8def-2656-43f7-97e5-8be1fc679814"
/>

<img width="660" alt="Screenshot 2025-01-28 at 3 39 41 PM"
src="https://github.com/user-attachments/assets/77283520-b313-4743-96df-06c55e573496"
/>


- [x] Changes file added for user-visible changes in `changes/`
- [x] Added/updated automated tests
- [ ] A detailed QA plan exists on the associated ticket (if it isn't
there, work with the product group's QA engineer to add it)
- [x] Manual QA for all new/changed functionality

---------

Co-authored-by: Jacob Shandling <jacob@fleetdm.com>
2025-01-30 09:32:11 -08:00
Scott Gress
8419b8e87a
Add "ExcludeFleetMaintainedApps" option to software titles query (#25649)
for #25427 

# Checklist for submitter

<!-- Note that API documentation changes are now addressed by the
product design team. -->

- [X] Changes file added for user-visible changes in `changes/`,
`orbit/changes/` or `ee/fleetd-chrome/changes`.
See [Changes
files](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/Committing-Changes.md#changes-files)
for more information.
- [X] Input data is properly validated, `SELECT *` is avoided, SQL
injection is prevented (using placeholders for values in statements)

This PR adds a new `ExcludeFleetMaintainedApps` option to the
ListSoftwareTitles datastore method, and the equivalent
`exclude_fleet_maintained_apps` to the `GET
/api/v1/fleet/software/titles` API.

The new functionality works by doing a left join from the
`software_titles` table to the `fleet_library_apps` table by bundle
identifier, and excluding any rows that are present in the
`fleet_library_apps` table.

New tests verify that the filtering works as expected and doesn't
interfere with other functions of the method.
2025-01-30 11:22:12 -06:00
RachelElysia
c6a7868ce5
Fleet UI: New Dashboard host count cards (+ their responsiveness to 320px) (#25694) 2025-01-29 15:15:49 -05:00
Sharon Katz
b07d8bee6b
increase stats freq to 1H (#16865) 2025-01-29 15:08:44 -05:00
Scott Gress
e247a3b871
Update policies page empty state (#25726)
for #23312 

# Checklist for submitter

- [X] Changes file added for user-visible changes in `changes/`,
`orbit/changes/` or `ee/fleetd-chrome/changes`.
See [Changes
files](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/Committing-Changes.md#changes-files)
for more information.

This PR updates the verbiage on the Policies page when no policies are
present for the selected team (or All Teams). It also does a little bit
of code cleanup. Existing test was updated and a new test added. I've
also added VSCode test runners to easily run Jest tests from the IDE.

The [original request](https://github.com/fleetdm/fleet/issues/23073)
mentioned removing the button from the page if All Teams is selected,
but I don't think we should do that -- you can add All Teams policies
with it.

## Screenshots

Empty state for "All teams" (admin):
<img width="658" alt="image"
src="https://github.com/user-attachments/assets/3db674ef-b83e-4a4f-9ba9-adaf0ff17d3d"
/>

Empty state for a team (admin):
<img width="699" alt="image"
src="https://github.com/user-attachments/assets/49b966ff-f335-43c6-b1ed-b6f11b167c68"
/>

Empty state for "All teams" (non-admin):
<img width="663" alt="image"
src="https://github.com/user-attachments/assets/b9685b40-3b42-43f0-a0ff-09602b9d532a"
/>

Empty state for a team (non-admin):
<img width="643" alt="image"
src="https://github.com/user-attachments/assets/034566d2-7c1b-42c8-8655-99447193d099"
/>
2025-01-29 11:12:28 -06:00
Gabriel Hernandez
1c5f13589f
fix 500 page when filtering by vulnerabilities on host software (#25816)
For #25735

This is a fix for the 500 page appearing when filtering for vulnerable
software on the host details page.

Also adds some missing docs for vulnerable query param filter on `GET
hosts/:id/software` endpoint

- [x] Changes file added for user-visible changes in `changes/`,
`orbit/changes/` or `ee/fleetd-chrome/changes`.
See [Changes
files](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/Committing-Changes.md#changes-files)
for more information.
- [x] Manual QA for all new/changed functionality
2025-01-29 12:09:28 +00:00
jacobshandling
1d582260ca
UI - Maintain user's updates to the team agent options form when they navigate away and back again (#25803)
## For #24035 

- disable associated `useQuery`'s `refetchOnWindowFocus`


![ezgif-7c05abdfe4c30](https://github.com/user-attachments/assets/434e8b9e-a795-4173-8875-794736620753)

- [x] Changes file added for user-visible changes in `changes/`
- [x] Manual QA for all new/changed functionality

---------

Co-authored-by: Jacob Shandling <jacob@fleetdm.com>
2025-01-28 15:20:46 -08:00
Lucas Manuel Rodriguez
a4db139e82
Remove fleetctl binary from fleetdm/fleet image and remove unused Dockerfile (#25749)
For #25748.

Manually tested by:
1. Building a `fleet` executable for Linux on a Ubuntu VM (with
`-extldflags "-static"`) for Alpine.
2. Placing the executable in `tools/fleet-docker`.
3. Building a local docker image using `docker build -t
fleetdm/fleet:v42.42.42 --platform=linux/amd64 .`.
4. Running the docker image (using `docker run`) and use Fleet on the
browser.
```
docker run -v $(pwd)/../osquery:/run -p 8412:8412 -e FLEET_MYSQL_ADDRESS=host.docker.internal:3306 -e FLEET_MYSQL_DATABASE=fleet -e FLEET_MYSQL_USERNAME=fleet -e FLEET_MYSQL_PASSWORD=insecure -e FLEET_REDIS_ADDRESS=host.docker.internal:6379 -e FLEET_SERVER_ADDRESS=0.0.0.0:8412 -e FLEET_SERVER_CERT=/run/fleet.crt -e FLEET_SERVER_KEY=/run/fleet.key -e FLEET_LOGGING_JSON='true' -e FLEET_VULNERABILITIES_CURRENT_INSTANCE_CHECKS="yes" -e FLEET_VULNERABILITIES_DATABASES_PATH=/vulndb -e FLEET_LOGGING_DEBUG='true' -it fleetdm/fleet:v42.42.42
```

- [X] Changes file added for user-visible changes in `changes/`,
`orbit/changes/` or `ee/fleetd-chrome/changes`.
See [Changes
files](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/Committing-Changes.md#changes-files)
for more information.
- [x] Manual QA for all new/changed functionality
2025-01-28 19:58:20 -03:00
jacobshandling
a5eceb8605
UI - Improve handling of long team names by teams dropdown (#25802)
## For #23924 

- Disallow text wrapping on the "manage hosts" button
- Allow dynamic width of teams dropdown values
- Hide and ellipsize team name overflow from dropdown container



![ezgif-748697f5cc45e](https://github.com/user-attachments/assets/751c0032-b8d5-4402-94dd-aae804e0e9ba)


![ezgif-7d1797450417e](https://github.com/user-attachments/assets/c40ce7a5-3c9a-485b-95e3-c9af20c79a23)

- [x] Changes file added for user-visible changes in `changes/`
- [x] Manual QA for all new/changed functionality

---------

Co-authored-by: Jacob Shandling <jacob@fleetdm.com>
2025-01-28 10:27:02 -08:00
Dante Catalfamo
05fe5b78ea
Utilize custom SMTP domain if set (#25669)
#25241

---------

Co-authored-by: Tommy McCormick <mccormickt9@gmail.com>
2025-01-28 11:10:52 -05:00
RachelElysia
9b70a2c819
Fleet UI: Surface download URL for Fleet-maintained app when adding (#25762) 2025-01-27 16:23:08 -05:00
RachelElysia
98f0728cee
Fleet UI: Update FMA API errors in UI (#25646) 2025-01-27 15:32:12 -05:00
Victor Lyuboslavsky
89e314e86e
Illegal argument errors will no longer be logged at the ERROR level (#25761)
For #25759 

# Checklist for submitter

- [x] Changes file added for user-visible changes in `changes/`,
`orbit/changes/` or `ee/fleetd-chrome/changes`.
See [Changes
files](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/Committing-Changes.md#changes-files)
for more information.
- [x] A detailed QA plan exists on the associated ticket (if it isn't
there, work with the product group's QA engineer to add it)
- [x] Manual QA for all new/changed functionality
2025-01-27 14:03:38 -06:00
Ian Littman
8ee29dc895
Include current host status and pending action in lock, unlock, and wipe API calls (#25754)
For #23241.

# Checklist for submitter

If some of the following don't apply, delete the relevant line.

<!-- Note that API documentation changes are now addressed by the
product design team. -->

- [x] Changes file added for user-visible changes in `changes/`,
`orbit/changes/` or `ee/fleetd-chrome/changes`.
See [Changes
files](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/Committing-Changes.md#changes-files)
for more information.
- [x] Added/updated automated tests
- [x] A detailed QA plan exists on the associated ticket (if it isn't
there, work with the product group's QA engineer to add it)
- [x] Manual QA for all new/changed functionality
- [x] Docs re-PR'd
2025-01-27 12:06:09 -06:00
RachelElysia
42d7227611
Fleet UI: Fix Manage automation dropdown styling (#25753) 2025-01-27 09:14:16 -05:00
Jordan Wright
d074ba2b48
Fix incorrect source in device mapping REST API docs (#25641)
### Summary

This PR closes #25640 by fixing the incorrect `source` value in the
device mapping REST API docs.

The real value is `mdm_idp_accounts` which can be found
[here](15ac793238/server/fleet/hosts.go (L894)).

### Test Plan

- [x] Changes file added for user-visible changes in `changes/`,
`orbit/changes/` or `ee/fleetd-chrome/changes`.
See [Changes
files](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/Committing-Changes.md#changes-files)
for more information.

I couldn't find any other references to `identity_provider`, so I think
these two were all of them.
2025-01-24 16:32:03 -06:00
jacobshandling
55fd95d760
UI – Updates to confirm invite flow (#25583)
## For #24486 

- Check invite validity before rendering form, error if invalid
- Use data returned from validity check to pre-populate form
- Remove dependence of flow on URL params other than token
- Remove other URL params from link generated in invite confirmation
email
- Refactor form from JS to TS
- Refactor form from class to functional components
- Cleanup unused logic
- Improve error handling

**Invalid invite**

![invalid](https://github.com/user-attachments/assets/c42c47ca-6a0d-4112-89ea-68b77e748d12)


**Valid invite**

![valid-login-flow](https://github.com/user-attachments/assets/f2b97306-a1bd-47be-9725-968a3c4ad8a8)



- [x] Changes file added for user-visible changes in `changes/`
- [x] Updated tests
- [ ] A detailed QA plan exists on the associated ticket (if it isn't
there, work with the product group's QA engineer to add it)
- [x] Manual QA for all new/changed functionality

---------

Co-authored-by: Jacob Shandling <jacob@fleetdm.com>
2025-01-24 10:55:39 -08:00
Scott Gress
382a2f132e
Hide manage automations from maintainers (#25727)
for #25346

# Checklist for submitter

If some of the following don't apply, delete the relevant line.

<!-- Note that API documentation changes are now addressed by the
product design team. -->

- [X] Changes file added for user-visible changes in `changes/`,
`orbit/changes/` or `ee/fleetd-chrome/changes`.
See [Changes
files](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/Committing-Changes.md#changes-files)
for more information.

This PR removes the "manage automations" link in the activity feed for
anyone who isn't an admin. Previously this link appeared for maintainers
as well, but they [don't have
permission](https://github.com/fleetdm/fleet/blob/sgress454/23312-update-all-teams-policies-empty-state/articles/role-based-access.md#user-permissions)
to manage automations.
2025-01-24 11:17:14 -06:00
RachelElysia
3060f452c2
Fleet UI: Fix user management page overflow (#25733) 2025-01-24 10:06:49 -05:00
jacobshandling
f93b869f26
Update label membership by host IDs directly (#25687)
## For #25261 

<img width="826" alt="Screenshot 2025-01-23 at 11 07 19 AM"
src="https://github.com/user-attachments/assets/3a2f5d75-c0bf-445a-80dc-976914ff434e"
/>

### [Demo
video](https://drive.google.com/file/d/1ZFcrizkZ6zNODnTXjRC1f-Oeght5zOP4/view?usp=sharing)
- [x] Changes file added for user-visible changes in `changes/`, 
- [x] Added/updated automated tests
- [ ] A detailed QA plan exists on the associated ticket (if it isn't
there, work with the product group's QA engineer to add it)
- [x] Manual QA for all new/changed functionality

---------

Co-authored-by: Jacob Shandling <jacob@fleetdm.com>
2025-01-23 12:38:57 -08:00
Lucas Manuel Rodriguez
148d914f01
Optimize software_titles query to use indexes (#25722)
For #25160.

Measured improvement by splitting the MySQL query into two queries to
use the indexes more efficiently:
- ~8s vs ~100ms for ~30k entries in software_titles for ~1.7k incoming
software without bundle_identifier (linux software).
- ~1.64s vs ~2ms for 25k entries in software_titles and ~500 incoming
new software with bundle_identifier + ~200 new software without
bundle_identifier (macOS software).

---

- [X] Changes file added for user-visible changes in `changes/`,
`orbit/changes/` or `ee/fleetd-chrome/changes`.
See [Changes
files](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/Committing-Changes.md#changes-files)
for more information.
- [X] Input data is properly validated, `SELECT *` is avoided, SQL
injection is prevented (using placeholders for values in statements)
- [X] Added support on fleet's osquery simulator `cmd/osquery-perf` for
new osquery data ingestion features.
- [X] Added/updated automated tests
- [x] A detailed QA plan exists on the associated ticket (if it isn't
there, work with the product group's QA engineer to add it)
- [X] Manual QA for all new/changed functionality
2025-01-23 15:48:21 -03:00
Konstantin Sykulev
84e3c2fb76
Added url property on get fleet maintained app endpoint (#25660)
for https://github.com/fleetdm/fleet/issues/25251

- [x] Changes file added for user-visible changes in `changes/`,
`orbit/changes/` or `ee/fleetd-chrome/changes`.
See [Changes
files](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/Committing-Changes.md#changes-files)
for more information.
- [x] Added/updated automated tests
2025-01-23 10:23:05 -06:00
Konstantin Sykulev
d8930250f8
Added util func around semver to allow for custom preprocessing. Upgraded semver lib (#25437)
For https://github.com/fleetdm/fleet/issues/22919

- [x] Changes file added for user-visible changes in `changes/`,
`orbit/changes/` or `ee/fleetd-chrome/changes`.
See [Changes
files](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/Committing-Changes.md#changes-files)
for more information.
- [x] Added/updated automated tests
- [ ] A detailed QA plan exists on the associated ticket (if it isn't
there, work with the product group's QA engineer to add it)
- [ ] Manual QA for all new/changed functionality
2025-01-23 10:21:15 -06:00
Gabriel Hernandez
a3b06fa0f6
normalise spacing for lists and help text across various modals (#25663)
For #24992

Normalises the padding around lists, list headers, and help text across
various modals.

**manage automation modal:**


![image](https://github.com/user-attachments/assets/bd5fa4cc-7ef0-4030-92fe-3d4914c2fa8c)

**calander events modal:**


![image](https://github.com/user-attachments/assets/9f284a5a-ec8a-46fb-acf8-b205eb31fc60)

**install software policy modal:**


![image](https://github.com/user-attachments/assets/eaf961a3-87c4-4e45-b3f8-5b2d64eb346d)

**Run script policy modal**


![image](https://github.com/user-attachments/assets/6b2d75de-5a6c-4c0f-b82b-5f8006fc9ab0)


- [x] Changes file added for user-visible changes in `changes/`,
`orbit/changes/` or `ee/fleetd-chrome/changes`.
- [x] Manual QA for all new/changed functionality
2025-01-23 15:47:38 +00:00
jacobshandling
126426b213
UI - Update metadata error states on Sso settings form (#25614)
## For #25318 

<img width="1464" alt="Screenshot 2025-01-20 at 12 29 32 PM"
src="https://github.com/user-attachments/assets/80512d78-03e6-40fe-a098-109b0c731fe7"
/>

- [x] Changes file added for user-visible changes in `changes/`
- [x] Manual QA for all new/changed functionality

---------

Co-authored-by: Jacob Shandling <jacob@fleetdm.com>
2025-01-22 15:01:52 -08:00
Victor Lyuboslavsky
62b7412243
Disk encryption keys are now archived when created/updated (#25638)
For #25609 

Manual QA in progress. Putting this "In Review" since it is a P1.

Video explaining the PR: https://youtu.be/bUwIdjBLqiM

# Checklist for submitter

- [x] Changes file added for user-visible changes in `changes/`,
`orbit/changes/` or `ee/fleetd-chrome/changes`.
- [x] If database migrations are included, checked table schema to
confirm autoupdate
- For database migrations:
- [x] Checked schema for all modified table for columns that will
auto-update timestamps during migration.
- [x] Confirmed that updating the timestamps is acceptable, and will not
cause unwanted side effects.
- [x] Ensured the correct collation is explicitly set for character
columns (`COLLATE utf8mb4_unicode_ci`).
- [x] Added/updated automated tests
- [x] A detailed QA plan exists on the associated ticket (if it isn't
there, work with the product group's QA engineer to add it)
- [x] Manual QA for all new/changed functionality
2025-01-22 14:54:40 -06:00
Dante Catalfamo
347c65b5c6
Add options to populate users and labels on list hosts endpoint (#25621)
#22464

---------

Co-authored-by: Lucas Manuel Rodriguez <lucas@fleetdm.com>
2025-01-22 11:17:26 -05:00
Dante Catalfamo
3e06ca21d9
Delete duplicate linux lock/wipe scripts (#25611)
#22544

The Linux wipe/lock scripts have lived as duplicated in two locations
for a long time. This removes the copy that isn't used.

The remaining scripts in the `ee/server/service/embedded_scripts` folder
are pulled in here.

12d8017ff9/ee/server/service/hosts.go (L499-L508)

It looks like the `wipe` script in `scripts/mdm/linux` was even slightly
out of date compared with the one in the `ee/` folder.
2025-01-22 10:46:59 -05:00
RachelElysia
c4a556618f
Fleet UI: Updates to dropdown selected states (#25635) 2025-01-22 10:22:59 -05:00
Jahziel Villasana-Espinoza
bb8054bbcd
fix: correctly get VPP token ID when doing a renewal (#25657)
> For #25567

# Checklist for submitter

If some of the following don't apply, delete the relevant line.

<!-- Note that API documentation changes are now addressed by the
product design team. -->

- [x] Changes file added for user-visible changes in `changes/`,
`orbit/changes/` or `ee/fleetd-chrome/changes`.
See [Changes
files](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/Committing-Changes.md#changes-files)
for more information.
- [x] Added/updated automated tests
- [x] A detailed QA plan exists on the associated ticket (if it isn't
there, work with the product group's QA engineer to add it)
- [x] Manual QA for all new/changed functionality

---------

Co-authored-by: Ian Littman <iansltx@gmail.com>
2025-01-22 09:55:49 -05:00
Dante Catalfamo
ee54c67187
Add link to learn more about installing fleetd (#25610)
#25307
2025-01-22 09:19:10 -05:00
Ian Littman
26de929d97
Compress CSS and JS with gzip before serving to reduce load time/page weight (#25658)
For #24732.

# Checklist for submitter

If some of the following don't apply, delete the relevant line.

<!-- Note that API documentation changes are now addressed by the
product design team. -->

- [x] Changes file added for user-visible changes in `changes/`,
`orbit/changes/` or `ee/fleetd-chrome/changes`.
See [Changes
files](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/Committing-Changes.md#changes-files)
for more information.
- [x] A detailed QA plan exists on the associated ticket (if it isn't
there, work with the product group's QA engineer to add it)
- [x] Manual QA for all new/changed functionality
2025-01-21 20:15:08 -06:00
Ian Littman
4792d0bf7b
Map product/vendor for homebrew "pass" package, skip "jira" python package as it has no CVEs (#25626)
For #25597. Needs to be QA'd pre-merge /cc @jmwatts 

# Checklist for submitter

If some of the following don't apply, delete the relevant line.

<!-- Note that API documentation changes are now addressed by the
product design team. -->

- [x] Changes file added for user-visible changes in `changes/`,
`orbit/changes/` or `ee/fleetd-chrome/changes`.
See [Changes
files](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/Committing-Changes.md#changes-files)
for more information.
- [x] Added/updated automated tests
- [x] A detailed QA plan exists on the associated ticket (if it isn't
there, work with the product group's QA engineer to add it)
- [x] Manual QA for all new/changed functionality
2025-01-21 15:34:44 -06:00
Dante Catalfamo
1ad76c5253
Fix upcoming activities for ABM-deleted hosts (#25530)
#22353
2025-01-21 15:26:00 -05:00
Gabriel Hernandez
027bf09eac
update message for failed windows disk encryption and dont show resend button (#25630)
For #21691

This fixes an issue for windows disk encryption profiles. We now disable
to resend button and add some messaging to the user that this will retry
automatically.


![image](https://github.com/user-attachments/assets/58eb57cb-1e28-4820-ba91-fdd7513a7b00)

- [x] Changes file added for user-visible changes in `changes/`,
`orbit/changes/` or `ee/fleetd-chrome/changes`.
- [x] Manual QA for all new/changed functionality
2025-01-21 17:07:44 +00:00
Victor Lyuboslavsky
086099631e
Fix issue where Windows MDM profiles are not sent to offline hosts (#25619)
For #25615 

The actual fix is these two lines, where we only delete the command from
the queue for the specific host we're processing:
```
const dequeueCommandsStmt = `DELETE FROM windows_mdm_command_queue WHERE enrollment_id = ? AND command_uuid IN (?)`
stmt, params, err = sqlx.In(dequeueCommandsStmt, enrolledDevice.ID, matchingUUIDs)
```

Everything else is tests, cleanup, refactoring for readability.

# Checklist for submitter

- [x] Changes file added for user-visible changes in `changes/`,
`orbit/changes/` or `ee/fleetd-chrome/changes`.
See [Changes
files](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/Committing-Changes.md#changes-files)
for more information.
- [x] Added/updated automated tests
- [x] A detailed QA plan exists on the associated ticket (if it isn't
there, work with the product group's QA engineer to add it)
- [x] Manual QA for all new/changed functionality
2025-01-21 09:59:32 -06:00
Ian Littman
65f9ef4967
Bump Node version to 20.18.1 (#25591)
For #25590.

# Checklist for submitter

If some of the following don't apply, delete the relevant line.

<!-- Note that API documentation changes are now addressed by the
product design team. -->

- [x] Changes file added for user-visible changes in `changes/`,
`orbit/changes/` or `ee/fleetd-chrome/changes`.
See [Changes
files](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/Committing-Changes.md#changes-files)
for more information.
- [x] Manual QA for all new/changed functionality
2025-01-20 15:50:28 -06:00
Ian Littman
66045dbb26
Allow software installers with unknown versions through rather than failing the upload (#25426)
For #25201.

<img width="435" alt="image"
src="https://github.com/user-attachments/assets/c499902b-d461-4621-b2fc-7cb845ce71c4"
/>

# Checklist for submitter

If some of the following don't apply, delete the relevant line.

<!-- Note that API documentation changes are now addressed by the
product design team. -->

- [x] Changes file added for user-visible changes in `changes/`,
`orbit/changes/` or `ee/fleetd-chrome/changes`.
See [Changes
files](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/Committing-Changes.md#changes-files)
for more information.
- [x] Input data is properly validated, `SELECT *` is avoided, SQL
injection is prevented (using placeholders for values in statements)
- [x] Added/updated automated tests
- [x] A detailed QA plan exists on the associated ticket (if it isn't
there, work with the product group's QA engineer to add it)
- [x] Manual QA for all new/changed functionality
2025-01-20 11:49:52 -06:00
Victor Lyuboslavsky
a7b5aee6c2
Allow Windows SessionID=0 (#25582)
For #25581 

# Checklist for submitter

- [x] Changes file added for user-visible changes in `changes/`,
`orbit/changes/` or `ee/fleetd-chrome/changes`.
- [x] Added/updated automated tests
- [x] Manual QA for all new/changed functionality
2025-01-20 09:12:33 -06:00
Gabriel Hernandez
cdefa0c9e9
Chore rework UI activities (#25539)
For #23912

new UI for activities on the global, past, and upcoming feeds. These are
the same changes in [this
PR](https://github.com/fleetdm/fleet/pull/25329), except we are
reverting the changes around fleet initiated activities as that is not
in the current activities API.

We are doing this so that the new activities can go out in a release
while the backend is still being built and will be ready later.

> NOTE: this does contain the code for cancel activity functionality but
it hidden from the user.

- [x] Changes file added for user-visible changes in `changes/`,
`orbit/changes/` or `ee/fleetd-chrome/changes`.
- [x] Added/updated automated tests
- [x] Manual QA for all new/changed functionality
2025-01-20 10:39:46 +00:00
Luke Heath
7a04f879f8
Remove 4.62.2 change files (#25573) 2025-01-17 15:16:21 -06:00
Victor Lyuboslavsky
e6e7c3fa06
Fixes issue verifying Windows CSP profiles that contain ADMX policies. (#25528)
For #24790 

Support verifying Windows CSPs with ADMX policies.

https://learn.microsoft.com/en-us/windows/client-management/understanding-admx-backed-policies

# Checklist for submitter

- [x] Changes file added for user-visible changes in `changes/`,
`orbit/changes/` or `ee/fleetd-chrome/changes`.
- [x] Added/updated automated tests
- [x] Manual QA for all new/changed functionality
2025-01-17 14:56:25 -06:00
Ian Littman
9a5d74cfc6
Exempt bootstrap package uploads from server-side request timeout (#25536)
For #25533

- [x] Changes file added for user-visible changes in `changes/`,
`orbit/changes/` or `ee/fleetd-chrome/changes`.
See [Changes
files](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/Committing-Changes.md#changes-files)
for more information.
- [x] A detailed QA plan exists on the associated ticket (if it isn't
there, work with the product group's QA engineer to add it)
- [x] Manual QA for all new/changed functionality
2025-01-17 10:39:59 -06:00
Gabriel Hernandez
22baa5af94
bump action/cache to version 4.2.0 (#25508)
For #25507

A bump to the latest version to the github `cache` action to 4.2.0. our
current version (v2) was deprecated. more info for the deprecation can
be found here https://github.com/actions/cache/discussions/1510

- [x] Changes file added for user-visible changes in `changes/`,
`orbit/changes/` or `ee/fleetd-chrome/changes`.
2025-01-17 15:01:27 +00:00
Jahziel Villasana-Espinoza
8407aefc73
fix: add translation for iterm2 (#25477)
> For #25130 

# Checklist for submitter

If some of the following don't apply, delete the relevant line.

<!-- Note that API documentation changes are now addressed by the
product design team. -->

- [x] Changes file added for user-visible changes in `changes/`,
`orbit/changes/` or `ee/fleetd-chrome/changes`.
See [Changes
files](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/Committing-Changes.md#changes-files)
for more information.
- [x] Added/updated automated tests
- [x] A detailed QA plan exists on the associated ticket (if it isn't
there, work with the product group's QA engineer to add it)
- [x] Manual QA for all new/changed functionality
2025-01-16 20:17:10 -05:00
jacobshandling
a4d501e67c
UI - Coordinate multiple error inputs to successfully display server errors as UserForm field errors (#25476)
## For #24948 


![ezgif-3-a357750dbe](https://github.com/user-attachments/assets/e3fdc103-df93-4286-af63-df87330c3f1d)

- [x] Changes file added for user-visible changes in `changes/`
- [x] A detailed QA plan exists on the associated ticket (if it isn't
there, work with the product group's QA engineer to add it)
- [x] Manual QA for all new/changed functionality

---------

Co-authored-by: Jacob Shandling <jacob@fleetdm.com>
2025-01-16 13:23:00 -08:00
Dante Catalfamo
3a2a689796
Don't expire iOS devices prematurely (#25436)
#25406 

The `last_seen_times` table is only updates when osquery hits one of its
authenticated endpoints, meaning it isn't updated when devices without
osquery, like iphones, are enrolled. I've left a
[comment](https://github.com/fleetdm/fleet/issues/25406#issuecomment-2590637318)
on the original issue explaining how this happens. Originally, if there
was no `last_seen_time`, the fallback value would be the `created_at`
value on the `hosts` table, so ios devices would always get deleted once
they were added X number of days ago.

In its place, I've added the `detail_updated_at` column on the `hosts`
table as the fallback value, and only use `created_at` if that is also
empty. `detail_updated_at` is updated every time a full detail refetch
completes. In the case of ios/ipados, [this is done using
MDM](cd5c0e8aed/server/service/apple_mdm.go (L3101)).
`detail_updated_at` is updated less frequently than `last_seen_times`,
only once every hour or so instead of every 30 seconds, but since
expiration policies are set on the scale of days instead of hours, this
should be fine.

The way I've QA'd this is by adding an iOS device to my fleet instance,
waited 24 hours, and set the expiration policy to 24 hours.
2025-01-16 10:13:22 -05:00
Dante Catalfamo
39466cb644
Use webhooks settings from gitops even when empty (#25347)
#24958

---------

Co-authored-by: Scott Gress <scottmgress@gmail.com>
2025-01-15 11:31:48 -05:00
jacobshandling
36cba79e19
UI - Ungate user form SSO field for non-admins, handle subtle UX bug (#25351)
_Merge only _after_ https://github.com/fleetdm/fleet/pull/25322_
## For #25319 

- Team admin can access SSO and 2FA options in user form when they are
enabled (see api response to right):

<img width="1799" alt="Screenshot 2025-01-10 at 1 36 10 PM"
src="https://github.com/user-attachments/assets/66bd5eea-dc1d-4e5b-85fc-b377520f337a"
/>

- [x] Changes file added for user-visible changes in `changes/`,
- [ ] A detailed QA plan exists on the associated ticket (if it isn't
there, work with the product group's QA engineer to add it)
- [x] Manual QA for all new/changed functionality

---------

Co-authored-by: Jacob Shandling <jacob@fleetdm.com>
2025-01-14 09:54:02 -08:00
Jahziel Villasana-Espinoza
e76c3638ff
fix: do not remove VPP apps from team if not strictly necessary (#25411)
> For #25194

# Checklist for submitter

If some of the following don't apply, delete the relevant line.

<!-- Note that API documentation changes are now addressed by the
product design team. -->

- [x] Changes file added for user-visible changes in `changes/`,
`orbit/changes/` or `ee/fleetd-chrome/changes`.
See [Changes
files](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/Committing-Changes.md#changes-files)
for more information.
- [x] Input data is properly validated, `SELECT *` is avoided, SQL
injection is prevented (using placeholders for values in statements)
- [x] Added/updated automated tests
- [x] A detailed QA plan exists on the associated ticket (if it isn't
there, work with the product group's QA engineer to add it)
- [x] Manual QA for all new/changed functionality
2025-01-14 12:31:04 -05:00
Victor Lyuboslavsky
3665a7c494
Fixed issue with incorrect batch DDM update activity. (#25372)
For batch upload of Apple DDM profiles with `fleetctl gitops`, fixed
issue where activity feed was showing a change when profiles didn't
actually change.
For #25244

The root cause of the bug was using `NULLIF` instead of the correct
`IFNULL` MySQL command. (Seriously, who named these?).

Also, refactored
[batchSetMDMAppleDeclarations](https://github.com/fleetdm/fleet/blob/victor/25244-batchsetMDMprofile/server/datastore/mysql/apple_mdm.go#L4224)
method to speed up future changes/fixes.

# Checklist for submitter
- [x] Changes file added for user-visible changes in `changes/`,
`orbit/changes/` or `ee/fleetd-chrome/changes`.
See [Changes
files](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/Committing-Changes.md#changes-files)
for more information.
- [x] Added/updated automated tests -- Actually, fixed test that was
already failing
- [x] Manual QA for all new/changed functionality
2025-01-14 11:24:36 -06:00
Sarah Gillespie
d6eeaaa2f9
Hide dropdown filter in software card on "My device" page (#25371) 2025-01-14 10:45:00 -06:00
RachelElysia
43628439d8
Fleet UI: VPP auto install software on failed policies, filter software compatible to policy's target platform, etc (#25202) 2025-01-13 16:45:16 -08:00
jacobshandling
7b1fa550ac
UI – Exclude self-service URL path from DUP when not a valid option for the host (#25383)
## For #24421

- Filter out self-service path in this case
- Remove a number of redundant states by having local variables depend
on useQuery's internal state


![ezgif-7-e252c26029](https://github.com/user-attachments/assets/ad1b2012-3604-4250-a227-d2f66a84bc86)

- [x] Changes file added for user-visible changes in `changes/`
- [x] Manual QA for all new/changed functionality

---------

Co-authored-by: Jacob Shandling <jacob@fleetdm.com>
2025-01-13 14:48:39 -08:00
jacobshandling
8c4275a467
UI - Update validation pattern on SSO settings form (#25387)
## For #25264 


https://github.com/user-attachments/assets/031f3636-3c0e-4439-969d-716cb08b2449

- [x] Changes file added for user-visible changes in `changes/`
- [x] Manual QA for all new/changed functionality

---------

Co-authored-by: Jacob Shandling <jacob@fleetdm.com>
2025-01-13 14:47:02 -08:00
Tim Lee
80f503ab6a
Optimize vulnerability host counts (#24914) 2025-01-13 15:44:02 -07:00
Luke Heath
4cca22384d
Adding changes for Fleet v4.62.0 (#25092)
Ready for review.
2025-01-13 16:23:26 -06:00
Ian Littman
f1949ac2bf
Add VPP policy automation support to backend (#25154)
For #23529, #23530.

# Checklist for submitter

If some of the following don't apply, delete the relevant line.

<!-- Note that API documentation changes are now addressed by the
product design team. -->

- [x] Changes file added for user-visible changes in `changes/`,
`orbit/changes/` or `ee/fleetd-chrome/changes`.
See [Changes
files](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/Committing-Changes.md#changes-files)
for more information.
- [x] Input data is properly validated, `SELECT *` is avoided, SQL
injection is prevented (using placeholders for values in statements)
- [x] If database migrations are included, checked table schema to
confirm autoupdate
- For database migrations:
- [x] Checked schema for all modified table for columns that will
auto-update timestamps during migration.
- [x] Confirmed that updating the timestamps is acceptable, and will not
cause unwanted side effects.
- [x] Ensured the correct collation is explicitly set for character
columns (`COLLATE utf8mb4_unicode_ci`).
- [x] Added/updated automated tests
- [x] A detailed QA plan exists on the associated ticket (if it isn't
there, work with the product group's QA engineer to add it)
- [x] Manual QA for all new/changed functionality
2025-01-13 15:53:24 -06:00
jacobshandling
4346b63ac5
UI – Render default empty cell when host has no UUID (#25362)
## For #23811 
<img width="868" alt="Screenshot 2025-01-10 at 3 29 28 PM"
src="https://github.com/user-attachments/assets/2f95a2d6-7050-4f64-be73-51b6f4a5d422"
/>

- [x] Changes file added for user-visible changes in `changes/`
- [x] Manual QA for all new/changed functionality

---------

Co-authored-by: Jacob Shandling <jacob@fleetdm.com>
2025-01-10 16:07:21 -08:00
Victor Lyuboslavsky
7aa3fee45b
Fix issue when identical MDM commands are sent twice to the same device when replica DB is being used. (#25355)
For #24816
Fix issue when identical MDM commands are sent twice to the same device
when replica DB is being used.

Root cause was that ctxdb.RequirePrimary wasn't used correctly, and
proper test was missing.

# Checklist for submitter

- [x] Changes file added for user-visible changes in `changes/`,
`orbit/changes/` or `ee/fleetd-chrome/changes`.
- [x] Added/updated automated tests
- [x] Manual QA for all new/changed functionality
2025-01-10 16:50:22 -06:00
Jahziel Villasana-Espinoza
cf3a3cfbd2
fix: use a new strategy for finding the app name in case the title is wrong (#25297)
> For #24873

# Checklist for submitter

If some of the following don't apply, delete the relevant line.

<!-- Note that API documentation changes are now addressed by the
product design team. -->

- [x] Changes file added for user-visible changes in `changes/`,
`orbit/changes/` or `ee/fleetd-chrome/changes`.
See [Changes
files](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/Committing-Changes.md#changes-files)
for more information.
- [x] Added/updated automated tests
- [x] A detailed QA plan exists on the associated ticket (if it isn't
there, work with the product group's QA engineer to add it)
- [x] Manual QA for all new/changed functionality

---------

Co-authored-by: Ian Littman <iansltx@gmail.com>
2025-01-10 16:42:06 -05:00
jacobshandling
98b839c616
Replace email logo with one that looks good in both light and dark mode (#25192)
## For #24618

**Change email:**
<img width="1012" alt="Screenshot 2025-01-06 at 3 50 27 PM"
src="https://github.com/user-attachments/assets/1a6ec908-0720-4794-a628-46137d1070b8"
/>

**Invite user:**
<img width="1012" alt="Screenshot 2025-01-06 at 4 15 05 PM"
src="https://github.com/user-attachments/assets/b8edf904-f704-45c4-97bf-2d1e6e7daf0b"
/>

**Enable MFA:**
<img width="1012" alt="Screenshot 2025-01-06 at 4 21 46 PM"
src="https://github.com/user-attachments/assets/a7507fa4-637c-4934-8c60-ec0e8c4fa60d"
/>

**Reset password:**
<img width="1012" alt="Screenshot 2025-01-06 at 4 25 54 PM"
src="https://github.com/user-attachments/assets/74bf4ca1-1960-4923-b8a3-b42ea7ff78ba"
/>


**Setup smtp:**
<img width="1012" alt="Screenshot 2025-01-06 at 4 28 29 PM"
src="https://github.com/user-attachments/assets/53993a5c-697c-4dc5-8005-ad286bf7a55e"
/>



- [x] Changes file added for user-visible changes in `changes/`
- [x] Manual QA for all new/changed functionality

---------

Co-authored-by: Jacob Shandling <jacob@fleetdm.com>
2025-01-10 10:42:44 -08:00
Dante Catalfamo
b4a2115b2c
Display correct key path to user for agent options (#25199)
#24038
2025-01-10 13:13:28 -05:00
Jahziel Villasana-Espinoza
863a37a3e5
fix: update install script for FMAs to improve re-install process (#25238)
> For #24148

# Checklist for submitter

If some of the following don't apply, delete the relevant line.

<!-- Note that API documentation changes are now addressed by the
product design team. -->

- [x] Changes file added for user-visible changes in `changes/`,
`orbit/changes/` or `ee/fleetd-chrome/changes`.
See [Changes
files](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/Committing-Changes.md#changes-files)
for more information.
- [x] Input data is properly validated, `SELECT *` is avoided, SQL
injection is prevented (using placeholders for values in statements)
- [x] If database migrations are included, checked table schema to
confirm autoupdate
- For database migrations:
- [x] Checked schema for all modified table for columns that will
auto-update timestamps during migration.
- [x] Confirmed that updating the timestamps is acceptable, and will not
cause unwanted side effects.
- [x] Ensured the correct collation is explicitly set for character
columns (`COLLATE utf8mb4_unicode_ci`).
- [x] Added/updated automated tests
- [x] A detailed QA plan exists on the associated ticket (if it isn't
there, work with the product group's QA engineer to add it)
- [x] Manual QA for all new/changed functionality
2025-01-09 14:22:21 -05:00
jacobshandling
689e78a598
UI - use new db user settings to persist user's host table column preferences (#25185)
## For #25032

<img width="1792" alt="Screenshot 2025-01-07 at 6 50 39 PM"
src="https://github.com/user-attachments/assets/17a63b3d-a983-433a-a3c4-6c66dbb08fce"
/>

- Add new `include_ui_settings` query param to `GET` `/me` calls
- Use new `settings` in response to set settings into UI context
- On hosts page, use that context, if present, to set which columns are
hidden. Fallback to a default set of hidden columns.
- When updating visible columns, persist preference via `PATCH` to
`/users/:id` with a new `settings` payload

- [x] Changes file added for user-visible changes in `changes/`
- [x] Manual QA for all new/changed functionality

---------

Co-authored-by: Jacob Shandling <jacob@fleetdm.com>
2025-01-09 10:53:43 -08:00
RachelElysia
12ca927d43
Fleet UI: Fix overflow of software title in 2 more modals (#25294) 2025-01-09 13:42:58 -05:00
jacobshandling
d1335986dd
UI – Include team-level queries in Select query modal, only call for queries when needed (#25286)
## For #25114

- When host is on a team, include both the team's and global queries in
list presented to the user
- Optimize by only calling queries API when needed

<img width="1464" alt="Screenshot 2025-01-08 at 6 47 06 PM"
src="https://github.com/user-attachments/assets/9ed6fb1b-7cc3-4e34-a38d-4c7baecedf4c"
/>

- [x] Changes file added for user-visible changes in `changes/`
- [x] Manual QA for all new/changed functionality

---------

Co-authored-by: Jacob Shandling <jacob@fleetdm.com>
2025-01-09 10:08:46 -08:00
Sarah Gillespie
69459efd1d
Remove arrow icon from MDM solution table (#25211) 2025-01-08 17:41:26 -06:00
Victor Lyuboslavsky
992144bd59
Downgraded expected/common "BootstrapPackage not found" server error to a debug message. (#25266)
For #25265
Downgraded expected/common "BootstrapPackage not found" server error to
a debug message. Occurs when UI/API checks if bootstrap package exists.

# Checklist for submitter
- [x] Changes file added for user-visible changes in `changes/`,
`orbit/changes/` or `ee/fleetd-chrome/changes`.
- [x] Manual QA for all new/changed functionality
2025-01-08 17:14:10 -06:00
RachelElysia
800aa7ecbd
Fleet UI: Fix software name from overflowing (#25262) 2025-01-08 16:35:48 -05:00
Sarah Gillespie
459a393f21
Hide updated time when loading OS versions table data (#25200) 2025-01-07 12:29:13 -06:00
RachelElysia
d079b63e2e
Fleet UI: Add timestamps to host count on software detail pages (#25143) 2025-01-07 09:22:41 -05:00
jacobshandling
b17767ef65
Never include sender address in update email success message (#25178)
## For #24366


![ezgif-1-7fab23822d](https://github.com/user-attachments/assets/486286af-db0d-4ce9-9667-fe8471b36f76)

- [x] Changes file added for user-visible changes in `changes/`
- [x] Manual QA for all new/changed functionality

---------

Co-authored-by: Jacob Shandling <jacob@fleetdm.com>
2025-01-06 15:16:54 -08:00
Victor Lyuboslavsky
7e1a808a8c
Fixing issue where deleted profiles were being sent to devices. (#25095)
#24804 

# Checklist for submitter

- [x] Changes file added for user-visible changes in `changes/`,
`orbit/changes/` or `ee/fleetd-chrome/changes`.
See [Changes
files](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/Committing-Changes.md#changes-files)
for more information.
- [x] Added/updated tests
- [x] If database migrations are included, checked table schema to
confirm autoupdate
- [x] Manual QA for all new/changed functionality
2025-01-06 13:16:34 -06:00
jacobshandling
aef4bb579e
UI – Clarify expected behavior of policy host counts, dashboard controls software count, and controls os updates versions count (#25150)
## For #23512 

<img width="1392" alt="Screenshot 2025-01-03 at 4 13 33 PM"
src="https://github.com/user-attachments/assets/0244a2db-eb97-4cf6-b50f-fd7567e14e40"
/>

<img width="860" alt="Screenshot 2025-01-03 at 3 59 56 PM"
src="https://github.com/user-attachments/assets/cc2e6adb-ac09-4f02-8e1b-4df060e90de8"
/>

<img width="1392" alt="Screenshot 2025-01-03 at 4 14 40 PM"
src="https://github.com/user-attachments/assets/316c359e-4081-4858-b890-f8d6c8052934"
/>

- [x] Changes file added for user-visible changes in `changes/`
- [x] Manual QA for all new/changed functionality

---------

Co-authored-by: Jacob Shandling <jacob@fleetdm.com>
2025-01-06 10:55:28 -08:00
Dante Catalfamo
d48c9baafa
Add instructions for command line installation on pkg gen (#25166)
#25004
2025-01-06 13:04:12 -05:00
Victor Lyuboslavsky
e0d0e80315
Cloudfront URL config changes (#25145)
For #24868 (subtask)

# Checklist for submitter

- [x] Changes file added for user-visible changes in `changes/`,
`orbit/changes/` or `ee/fleetd-chrome/changes`.
See [Changes
files](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/Committing-Changes.md#changes-files)
for more information.
- [x] Input data is properly validated, `SELECT *` is avoided, SQL
injection is prevented (using placeholders for values in statements)
- [x] Added/updated automated tests
- [x] Manual QA for all new/changed functionality
2025-01-06 11:33:24 -06:00
Ian Littman
efe3315a1b
Fix detection of uninstall scripts when recording script results after a host has had MDM actions taken (#25157)
For #25144.

# Checklist for submitter

If some of the following don't apply, delete the relevant line.

<!-- Note that API documentation changes are now addressed by the
product design team. -->

- [x] Changes file added for user-visible changes in `changes/`,
`orbit/changes/` or `ee/fleetd-chrome/changes`.
See [Changes
files](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/Committing-Changes.md#changes-files)
for more information.
- [x] Input data is properly validated, `SELECT *` is avoided, SQL
injection is prevented (using placeholders for values in statements)
- [x] Added/updated automated tests
- [x] A detailed QA plan exists on the associated ticket (if it isn't
there, work with the product group's QA engineer to add it)
- [x] Manual QA for all new/changed functionality
2025-01-06 07:57:17 -06:00
jacobshandling
338a00a693
UI: only setEditingExistingQuery in the edit query form if the query has been modified (#25115)
## #24653 

- This bug was more generally that live query runs from the Edit query
form did not include the `query_id` in the `run` API call.


![ezgif-6-8ef29273dc](https://github.com/user-attachments/assets/d6792037-5d91-4f6f-84d9-640133df0522)


- [x] Changes file added for user-visible changes in `changes/`
- [x] Manual QA for all new/changed functionality

---------

Co-authored-by: Jacob Shandling <jacob@fleetdm.com>
2025-01-03 10:46:03 -08:00
RachelElysia
5eace25c69
Fleet UI: Fix software actions dropdown styling bug (#25102) 2025-01-03 09:32:31 -05:00
RachelElysia
645d4d8c25
Fleet UI: Clarify VPP app teams (#25111) 2025-01-03 09:31:25 -05:00
RachelElysia
ece080fbe3
Fleet UI: Fix app id link not row id (#25113) 2025-01-03 09:30:59 -05:00
RachelElysia
486357326e
Fleet UI: Update bad links in setup experience (#25110) 2025-01-03 09:29:38 -05:00
Ian Littman
9eb115cf7c
Ignore CVE-2024-10327 since it's iOS-only (#25083)
For #25075

# Checklist for submitter

- [x] Changes file added for user-visible changes in `changes/`,
`orbit/changes/` or `ee/fleetd-chrome/changes`.
See [Changes
files](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/Committing-Changes.md#changes-files)
for more information.
- [x] Added/updated tests
- [x] Manual QA for all new/changed functionality
2025-01-02 13:07:02 -06:00
jacobshandling
495fddc4e6
UI - Improve validation of SMTP settings form (#25051)
## #25009 

- Update validation to match pattern defined in
`frontend/docs/patterns.md`
- Validate email even when not enabling the feature, since we allow
setting it
- Remove "CONFIGURED" and "NOT CONFIGURED" copy

<img width="838" alt="Screenshot 2024-12-30 at 11 27 08 AM"
src="https://github.com/user-attachments/assets/42132ea2-3364-412a-bb35-2c35f9f6caea"
/>

<img width="838" alt="Screenshot 2024-12-30 at 11 27 16 AM"
src="https://github.com/user-attachments/assets/f9f3c1c0-a166-4ea0-aaa6-b356e7cf9c69"
/>

<img width="838" alt="Screenshot 2024-12-30 at 11 27 24 AM"
src="https://github.com/user-attachments/assets/8685d01d-b2ae-4bc5-addc-80b326f18863"
/>

<img width="706" alt="Screenshot 2024-12-30 at 11 44 10 AM"
src="https://github.com/user-attachments/assets/af8f0f5f-588f-4226-b7e7-8cf753f4822b"
/>



- [x] Changes file added for user-visible changes in `changes/`
- [x] Manual QA for all new/changed functionality

---------

Co-authored-by: Jacob Shandling <jacob@fleetdm.com>
2025-01-02 10:30:41 -08:00
Ian Littman
bbc35cb76b
Include pre-releases when building osquery version list constant (#25089)
Also updates said constant via this script to include 5.15.0. Idea for
this is that including pre-releases as they're published ensures that by
the time the corresponding Fleet release ships we have a current list,
without having to cherry-pick these updates.

# Checklist for submitter

If some of the following don't apply, delete the relevant line.

<!-- Note that API documentation changes are now addressed by the
product design team. -->

- [x] Changes file added for user-visible changes in `changes/`,
`orbit/changes/` or `ee/fleetd-chrome/changes`.
See [Changes
files](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/Committing-Changes.md#changes-files)
for more information.
- [x] Manual QA for all new/changed functionality
2025-01-02 11:38:15 -06:00
Ian Littman
5beeb248f7
Handle long interned strings in MSI parsing (#25079)
For #24720. Used
https://github.com/ChaelChu/msi-props-reader/blob/master/src/msiPropsReader.ts
as inspiration. Not sure why the shift is 17 bits rather than 16 here
but confirmed that 17 works and 16 doesn't.

Tested against both existing GDrive MSIs for regression testing, plus
the one mentioned in the ticket.

# Checklist for submitter

If some of the following don't apply, delete the relevant line.

<!-- Note that API documentation changes are now addressed by the
product design team. -->

- [x] Changes file added for user-visible changes in `changes/`,
`orbit/changes/` or `ee/fleetd-chrome/changes`.
See [Changes
files](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/Committing-Changes.md#changes-files)
for more information.
- [x] Manual QA for all new/changed functionality
2025-01-02 10:41:08 -06:00
Victor Lyuboslavsky
eef175756a
Removed invalid UUID error from Apple MDM UDID. (#25074)
#24961 

# Checklist for submitter

- [x] Changes file added for user-visible changes in `changes/`,
`orbit/changes/` or `ee/fleetd-chrome/changes`.
See [Changes
files](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/Committing-Changes.md#changes-files)
for more information.
- [x] Manual QA for all new/changed functionality
2025-01-01 18:44:09 -06:00
Ian Littman
5a30b477c6
Fall back to FileVersion when an EXE installer has FileVersion but not ProductVersion (#25070)
For #23541

# Checklist for submitter

If some of the following don't apply, delete the relevant line.

<!-- Note that API documentation changes are now addressed by the
product design team. -->

- [x] Changes file added for user-visible changes in `changes/`,
`orbit/changes/` or `ee/fleetd-chrome/changes`.
See [Changes
files](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/Committing-Changes.md#changes-files)
for more information.
- [x] Manual QA for all new/changed functionality
2024-12-31 14:28:15 -06:00
Victor Lyuboslavsky
bd51e858ac
Update Apple config/DDM profiles if secret variables changed (#24995)
#24900 

This PR includes and depends on PR #25012, which should be
reviewed/merged before this one.

Windows profiles are not included in this PR due to issue #25030

This PR adds the following functionality: Apple config/DDM profile is
resent to the device when the profile contains secret variables, and the
values of those variables have changed. For example.
- Upload secret variables
- Upload profile
- Device gets profile
- Upload the same profile
- Nothing happens
- Upload a different secret variable value
- Upload the same profile
- Device gets updated profile

# Checklist for submitter

- [x] Changes file added for user-visible changes in `changes/`,
`orbit/changes/` or `ee/fleetd-chrome/changes`.
See [Changes
files](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/Committing-Changes.md#changes-files)
for more information.
- [x] Added/updated tests
- [x] If database migrations are included, checked table schema to
confirm autoupdate
- For database migrations:
- [x] Checked schema for all modified table for columns that will
auto-update timestamps during migration.
- [x] Manual QA for all new/changed functionality
2024-12-30 17:58:39 -06:00
jacobshandling
c2bd802fa4
UI - Refactor to TooltipWrapper and add offset to the tooltips on hover of the profile aggregate status indicators (#25039)
## #25038 

Refactor to TooltipWrapper and add offset to the tooltips on hover of
the profile aggregate status indicators.

<img width="1345" alt="Screenshot 2024-12-29 at 9 00 38 PM"
src="https://github.com/user-attachments/assets/3bf5cf3c-e9fc-47dc-aa07-9cef42edcae0"
/>

- [x] Changes file added for user-visible changes in `changes/`, 
- [x] Manual QA for all new/changed functionality

---------

Co-authored-by: Jacob Shandling <jacob@fleetdm.com>
2024-12-30 08:17:12 -08:00
Ian Littman
1725eff39c
Allow software uninstalls, script-based lock/unlock/wipe, while scripts are globally disabled (#24815)
For #22875.

# Checklist for submitter

If some of the following don't apply, delete the relevant line.

<!-- Note that API documentation changes are now addressed by the
product design team. -->

- [x] Changes file added for user-visible changes in `changes/`,
`orbit/changes/` or `ee/fleetd-chrome/changes`.
See [Changes
files](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/Committing-Changes.md#changes-files)
for more information.
- [x] Input data is properly validated, `SELECT *` is avoided, SQL
injection is prevented (using placeholders for values in statements)
- [x] Added/updated tests
- [x] If database migrations are included, checked table schema to
confirm autoupdate
- For database migrations:
- [x] Checked schema for all modified table for columns that will
auto-update timestamps during migration.
- [x] Confirmed that updating the timestamps is acceptable, and will not
cause unwanted side effects.
- [x] Ensured the correct collation is explicitly set for character
columns (`COLLATE utf8mb4_unicode_ci`).
- [x] Manual QA for all new/changed functionality
2024-12-30 08:32:48 -06:00
Lucas Manuel Rodriguez
963cc7e22c
Automatic install custom packages (#25021)
#24385

Some docs change here: https://github.com/fleetdm/fleet/pull/25026.

- [X] Changes file added for user-visible changes in `changes/`,
`orbit/changes/` or `ee/fleetd-chrome/changes`.
See [Changes
files](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/Committing-Changes.md#changes-files)
for more information.
- [X] Added/updated tests
- [X] Manual QA for all new/changed functionality
2024-12-27 15:10:28 -03:00
jacobshandling
32c42c301f
UI - Show software details My device page (#25022)
## #23315 

- On device user page > Software, make rows clickable and on click, open
the Software details modal to display information about the installation
on the host.
- Update Software details modal copy and allow long file paths to wrap


https://github.com/user-attachments/assets/1e714c5e-1614-46c0-bb56-d6dc8ad4f8ae

<img width="1350" alt="Screenshot 2024-12-26 at 10 27 44 AM"
src="https://github.com/user-attachments/assets/5cefc45a-b0ef-41d9-84e6-21ac17aaeffe"
/>
<img width="1350" alt="Screenshot 2024-12-26 at 10 27 19 AM"
src="https://github.com/user-attachments/assets/e0866961-31a4-4bd3-82e8-18f72cf4dc30"
/>
<img width="1350" alt="Screenshot 2024-12-26 at 10 27 37 AM"
src="https://github.com/user-attachments/assets/2bf6c880-664d-4315-8a40-8de61a5e4748"
/>


- [x] Changes file added for user-visible changes in `changes/`, 
- [x] Manual QA for all new/changed functionality

---------

Co-authored-by: Jacob Shandling <jacob@fleetdm.com>
2024-12-26 14:51:28 -08:00
Tim Lee
f6f35be694
Remove homebrew app casks (#24593) 2024-12-24 13:25:53 -07:00
RachelElysia
d8129bf139
Fleet UI: Allow select target search for labels and teams (#24798) 2024-12-23 16:20:51 -05:00
George Karr
38fcc30b5c
Feature: Scope Fleet-maintained apps and custom packages via labels (#24976)
Issue #22813

# Checklist for submitter

If some of the following don't apply, delete the relevant line.

<!-- Note that API documentation changes are now addressed by the
product design team. -->

- [x] Changes file added for user-visible changes in `changes/`,
`orbit/changes/` or `ee/fleetd-chrome/changes`.
See [Changes
files](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/Committing-Changes.md#changes-files)
for more information.
- [x] Input data is properly validated, `SELECT *` is avoided, SQL
injection is prevented (using placeholders for values in statements)
- [x] Added/updated tests
- [x] If database migrations are included, checked table schema to
confirm autoupdate
- For database migrations:
- [x] Checked schema for all modified table for columns that will
auto-update timestamps during migration.
- [x] Confirmed that updating the timestamps is acceptable, and will not
cause unwanted side effects.
- [x] Ensured the correct collation is explicitly set for character
columns (`COLLATE utf8mb4_unicode_ci`).
- [x] Manual QA for all new/changed functionality
2024-12-23 11:38:39 -06:00
Ian Littman
329c283aa9
Don't show macOS hosts as disk encryption verifying when they're also in the action-required group (#24844)
This happens when the disk encryption profile has been sent successfully
and verified by MDM, but we haven't been sent the (encrypted) key via
Orbit yet because the end user needs to log out or restart their machine
to finish key rotation.

For #24244.

# Checklist for submitter

If some of the following don't apply, delete the relevant line.

<!-- Note that API documentation changes are now addressed by the
product design team. -->

- [x] Changes file added for user-visible changes in `changes/`,
`orbit/changes/` or `ee/fleetd-chrome/changes`.
See [Changes
files](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/Committing-Changes.md#changes-files)
for more information.
- [x] Input data is properly validated, `SELECT *` is avoided, SQL
injection is prevented (using placeholders for values in statements)
- [x] Added/updated tests
- [x] Manual QA for all new/changed functionality
2024-12-23 08:10:45 -06:00
gillespi314
c79875c963 Add changes file 2024-12-20 17:12:56 -06:00
gillespi314
c78002747f Merge branch 'main' into feat-labels-scoped-software 2024-12-20 17:06:48 -06:00
Dante Catalfamo
1ac4be3cc7
Update windows policy constants (#24971)
#24315

Closes #23970
2024-12-20 17:17:54 -05:00
Dante Catalfamo
effd3563c8
Add secrets software script support (#24912)
#24899
2024-12-20 17:17:18 -05:00
Ian Littman
1f3971701f
Bump max length for installer URLs supplied in GitOps to 4000 characters (#24942)
For #24917. Should be worth the extra byte per row for the varchar
field.

# Checklist for submitter

- [x] Changes file added for user-visible changes in `changes/`,
`orbit/changes/` or `ee/fleetd-chrome/changes`.
See [Changes
files](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/Committing-Changes.md#changes-files)
for more information.
- [x] Added/updated tests
- [x] If database migrations are included, checked table schema to
confirm autoupdate
- For database migrations:
- [x] Checked schema for all modified table for columns that will
auto-update timestamps during migration.
- [x] Confirmed that updating the timestamps is acceptable, and will not
cause unwanted side effects.
- [x] Ensured the correct collation is explicitly set for character
columns (`COLLATE utf8mb4_unicode_ci`).
- [x] Manual QA for all new/changed functionality
2024-12-20 11:58:21 -06:00
Sarah Gillespie
7aa0433f70
Fix UI pagination bug on manage controls page (#24928) 2024-12-20 10:00:12 -06:00
Tim Lee
320ccaf01e
minio vulnerability (#24931) 2024-12-19 15:17:40 -07:00
Scott Gress
6bd9cc8a44
Monitor and alert on errors in cron jobs (#24347)
for #19930 

# Checklist for submitter

- [X] Changes file added for user-visible changes in `changes/`,
`orbit/changes/` or `ee/fleetd-chrome/changes`.
- [X] Input data is properly validated, `SELECT *` is avoided, SQL
injection is prevented (using placeholders for values in statements)
- [X] Added/updated tests
- [X] If database migrations are included, checked table schema to
confirm autoupdate
- [X] Manual QA for all new/changed functionality

# Details

This PR adds a new feature to the existing monitoring add-on. The add-on
will now send an SNS alert whenever a scheduled job like
"vulnerabilities" or "apple_mdm_apns_pusher" exits early due to errors.
The alert contains the job type and the set of errors (there can be
multiple, since jobs can have multiple sub-jobs). By default the SNS
topic for this new alert is the same as the one for the existing cron
system alerts, but it can be configured to use a separate topic (e.g.
dogfood instance will post to a separate slack channel).

The actual changes are:

**On the server side:**

- Add errors field to cron_stats table (json DEFAULT NULL)
- Added errors var to `Schedule` struct to collect errors from jobs
- In `RunAllJobs`, collect err from job into new errors var
- Update `Schedule.updateStats`and `CronStats.UpdateCronStats`to accept
errors argument
- If provided, update errors field of cron_stats table

**On the monitor side:**

- Add new SQL query to look for all completed schedules since last run
with non-null errors
- send SNS with job ID, name, errors

# Testing

New automated testing was added for the functional code that gathers and
stores errors from cron runs in the database. To test the actual Lambda,
I added a row in my `cron_stats` table with errors, then compiled and
ran the Lambda executable locally, pointing it to my local mysql and
localstack instances:

```
2024/12/03 14:43:54 main.go:258: Lambda execution environment not found.  Falling back to local execution.
2024/12/03 14:43:54 main.go:133: Connected to database!
2024/12/03 14:43:54 main.go:161: Row vulnerabilities last updated at 2024-11-27 03:30:03 +0000 UTC
2024/12/03 14:43:54 main.go:163: *** 1h hasn't updated in more than vulnerabilities, alerting! (status completed)
2024/12/03 14:43:54 main.go:70: Sending SNS Message
2024/12/03 14:43:54 main.go:74: Sending 'Environment: dev
Message: Fleet cron 'vulnerabilities' hasn't updated in more than 1h. Last status was 'completed' at 2024-11-27 03:30:03 +0000 UTC.' to 'arn:aws:sns:us-east-1:000000000000:topic1'
2024/12/03 14:43:54 main.go:82: {
  MessageId: "260864ff-4cc9-4951-acea-cef883b2de5f"
}
2024/12/03 14:43:54 main.go:198: *** mdm_apple_profile_manager job had errors, alerting! (errors {"something": "wrong"})
2024/12/03 14:43:54 main.go:70: Sending SNS Message
2024/12/03 14:43:54 main.go:74: Sending 'Environment: dev
Message: Fleet cron 'mdm_apple_profile_manager' (last updated 2024-12-03 20:34:14 +0000 UTC) raised errors during its run:
{"something": "wrong"}.' to 'arn:aws:sns:us-east-1:000000000000:topic1'
2024/12/03 14:43:54 main.go:82: {
  MessageId: "5cd085ef-89f6-42c1-8470-d80a22b295f8"
2024-12-19 15:55:29 -06:00
Ian Littman
4f547902a6
Ignore iOS-only Firefox vulnerability (CVE-2024-10004) since we don't support iOS vulns (#24892)
For #23579

# Checklist for submitter

- [x] Changes file added for user-visible changes in `changes/`,
`orbit/changes/` or `ee/fleetd-chrome/changes`.
See [Changes
files](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/Committing-Changes.md#changes-files)
for more information.
- [x] Added/updated tests
- [x] Manual QA for all new/changed functionality

QA'd locally successfully. It just took a bit longer for the vuln showed
up.
2024-12-19 14:05:58 -06:00
Gabriel Hernandez
89862b012b Merge branch 'main' into feat-labels-scoped-software 2024-12-19 10:52:22 -06:00
Luke Heath
ace2fa3f9f
Adding changes for Fleet v4.61.0 (#24407) (#24904) 2024-12-19 10:09:22 -06:00
Gabriel Hernandez
9057bf62a3 Merge branch 'main' into feat-labels-scoped-software 2024-12-18 15:36:20 -06:00
Victor Lyuboslavsky
9d9fc9b5cd
Replace script/profile secrets. (#24841)
#24548

This PR covers Apple legacy commands, Windows commands, and scripts.
Apple DDM commands and Software install/uninstall scripts will be
covered in separate PRs.

# Checklist for submitter
- [x] Changes file added for user-visible changes in `changes/`,
`orbit/changes/` or `ee/fleetd-chrome/changes`.
See [Changes
files](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/Committing-Changes.md#changes-files)
for more information.
- [x] Added/updated tests
- [x] Manual QA for all new/changed functionality
2024-12-18 15:27:35 -06:00
jacobshandling
4767382a1f
UI - Display the correct percentage of hosts online, 0, when there are no hosts online. (#24858)
## #23800 

<img width="535" alt="Screenshot 2024-12-17 at 6 13 37 PM"
src="https://github.com/user-attachments/assets/5600a288-9b97-4b69-a561-43244c936de5"
/>

- [x] Changes file added for user-visible changes in `changes/`
- [x] Manual QA for all new/changed functionality

---------

Co-authored-by: Jacob Shandling <jacob@fleetdm.com>
2024-12-18 12:53:06 -08:00
Tim Lee
09235486b4
Process all vulncheck data (#24318) 2024-12-18 10:53:46 -07:00
Robert Fairburn
acdc526d1b
Initial support for helm cloudsql proxy in migrations (#24412)
# Checklist for submitter

If some of the following don't apply, delete the relevant line.

<!-- Note that API documentation changes are now addressed by the
product design team. -->

- [x] Changes file added for user-visible changes in `changes/`,
`orbit/changes/` or `ee/fleetd-chrome/changes`.
See [Changes
files](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/Committing-Changes.md#changes-files)
for more information.
2024-12-18 11:44:32 -06:00
RachelElysia
8888127998
Fleetctl: Update dependencies, improve error handling, ensure compatibility (#24845) 2024-12-18 11:22:01 -05:00
Jahziel Villasana-Espinoza
fe8324b48d
feat: skip automatic install policy if installer is not scoped to host (#24843)
> Related issue: #24533

- We're still running the policy, but in the handler for the results we
check if the software is in label scope. If not, we set the policy to be
"undetermined" and we do not add an installation request
- Added checks for label scoping to the "install software" and "self
service install" endpoints

# Checklist for submitter

If some of the following don't apply, delete the relevant line.

<!-- Note that API documentation changes are now addressed by the
product design team. -->

- [x] Changes file added for user-visible changes in `changes/`,
`orbit/changes/` or `ee/fleetd-chrome/changes`.
See [Changes
files](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/Committing-Changes.md#changes-files)
for more information.
- [x] Input data is properly validated, `SELECT *` is avoided, SQL
injection is prevented (using placeholders for values in statements)
- [x] Added/updated tests
- [x] Manual QA for all new/changed functionality
2024-12-18 10:58:28 -05:00
Martin Angers
14fc86d5e7
SSVL: update activities to add labels include/exclude (backend changes) (#24839) 2024-12-18 08:16:36 -05:00
Dante Catalfamo
c9bdae8fb3
Embedded secrets validation (#24624)
#24549

Co-authored-by: Victor Lyuboslavsky <victor.lyuboslavsky@gmail.com>
2024-12-17 17:14:12 -05:00
RachelElysia
474d5c4260
Fleet UI: Clean up table text wrapping (#24827) 2024-12-17 15:22:33 -05:00
Martin Angers
79ac8fa4a1
SSVL: implement gitops support for labels include/exclude on software packages (#24663) 2024-12-17 14:28:17 -05:00
Konstantin Sykulev
57e82c1357
Added optional team_id parameter to query report endpoint (#24811)
If the `team_id` parameter is included the query report will filter the
hosts by the team id specified. The `team_id` parameter is included by
default from the front end queries pages.

https://github.com/fleetdm/fleet/issues/24006

# Checklist for submitter

If some of the following don't apply, delete the relevant line.

<!-- Note that API documentation changes are now addressed by the
product design team. -->

- [X] Changes file added for user-visible changes in `changes/`,
`orbit/changes/` or `ee/fleetd-chrome/changes`.
See [Changes
files](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/Committing-Changes.md#changes-files)
for more information.
- [X] Added/updated tests
- [X] Manual QA for all new/changed functionality

---------

Co-authored-by: Ian Littman <iansltx@gmail.com>
2024-12-17 13:26:35 -06:00
jacobshandling
af12ba144a
Include disk encryption stats only if setting is enabled for Linux host (#24457)
## Addresses #24456

- host detail response (for Host details page and My device page)
excludes `mdm.os_settings` field if disk encryption isn't enabled for
the host
- confirmed it is still included when setting is enabled
- confirmed expected banner is still shown when setting enabled

<img width="2555" alt="Screenshot 2024-12-05 at 10 10 48 PM"
src="https://github.com/user-attachments/assets/e3852b7f-51ae-4e87-bceb-476ccdba2459">


- [x] Changes file added for user-visible changes in `changes/`, 
- [x] Added/updated tests
- [x] Manual QA for all new/changed functionality

---------

Co-authored-by: Jacob Shandling <jacob@fleetdm.com>
2024-12-17 09:43:35 -08:00
jacobshandling
885e1d5a25
UI - Determine query result column sort type from actual data present (#24734)
## Addresses #23011 

- In the same scan through results that the UI currently determines
unique column names, determine which of thsoe columns can be sorted as
alphanumeric.

<img width="1464" alt="Screenshot 2024-12-12 at 3 15 24 PM"
src="https://github.com/user-attachments/assets/49c7c7a5-632a-475f-9e16-891119274708"
/>

<img width="1464" alt="Screenshot 2024-12-12 at 3 14 25 PM"
src="https://github.com/user-attachments/assets/2ede4f28-4c00-43af-b144-3828c42b7fbc"
/>


- [x] Changes file added for user-visible changes in `changes/`,
- [x] Manual QA for all new/changed functionality

---------

Co-authored-by: Jacob Shandling <jacob@fleetdm.com>
2024-12-17 09:41:30 -08:00
Gabriel Hernandez
eb41e7ce8e Merge branch 'main' into feat-labels-scoped-software 2024-12-17 10:58:04 -06:00
Gabriel Hernandez
0876a9d695
Add UI for scoping software to fleet apps and custom packages via labels (#24793)
relates to #24538, #24542, #24540, #24537

implements the UI for scoping software to fleet maintained apps and
custom packages. This includes:

**adding custom target label selection to fleet maintained app form**

<img width="824" alt="image"
src="https://github.com/user-attachments/assets/b0e18841-e5c5-406a-b83f-ce2b5a8f8472"
/>

**adding custom target label selection to custom package form**

<img width="821" alt="image"
src="https://github.com/user-attachments/assets/06279121-69bd-4663-aebd-930cd7c02190"
/>

***adding custom target label selection on edit software modals**

<img width="796" alt="image"
src="https://github.com/user-attachments/assets/c15a8236-1b02-4d17-9245-e24967190eaf"
/>

also includes various small copy changes.

- [x] Changes file added for user-visible changes in `changes/`,
`orbit/changes/` or `ee/fleetd-chrome/changes`.
- [ ] Added/updated tests
- [x] Manual QA for all new/changed functionality
2024-12-17 10:41:57 -06:00
Gabriel Hernandez
e78bf6e8b1
Add helpful tooltip to install software setup experience (#24799)
relates to #24795

Add a helpful tooltip to the install software section for the setup
experience page

<img width="445" alt="image"
src="https://github.com/user-attachments/assets/49b0d9d5-0126-4165-abfb-b5cf9a2f8321"
/>

- [x] Changes file added for user-visible changes in `changes/`,
`orbit/changes/` or `ee/fleetd-chrome/changes`.
- [x] Manual QA for all new/changed functionality
2024-12-17 10:31:00 -06:00
Jacob Burley
78cab5b8a8
Add Mastodon link to server email templates (#23309)
- Adds a link to FleetDM's Mastodon account to emails sent by the
FleetDM server
- Adds a Mastodon PNG image to the repo
2024-12-16 17:03:33 -06:00
Jahziel Villasana-Espinoza
7e3a7ba6ee
feat: filter host software by label scoping (#24801)
> Related issue: #24534

# Checklist for submitter

If some of the following don't apply, delete the relevant line.

<!-- Note that API documentation changes are now addressed by the
product design team. -->

- [x] Changes file added for user-visible changes in `changes/`,
`orbit/changes/` or `ee/fleetd-chrome/changes`.
See [Changes
files](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/Committing-Changes.md#changes-files)
for more information.
- [x] Input data is properly validated, `SELECT *` is avoided, SQL
injection is prevented (using placeholders for values in statements)
- [x] Added/updated tests
- [x] Manual QA for all new/changed functionality
2024-12-16 17:02:06 -05:00
Ian Littman
57e979f0a4
Swap JetBrains EAP versions for maxed last major release for vuln check purposes (#24783)
For #22723.

# Checklist for submitter

If some of the following don't apply, delete the relevant line.

<!-- Note that API documentation changes are now addressed by the
product design team. -->

- [x] Changes file added for user-visible changes in `changes/`,
`orbit/changes/` or `ee/fleetd-chrome/changes`.
See [Changes
files](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/Committing-Changes.md#changes-files)
for more information.
- [x] Added/updated tests
- [x] Manual QA for all new/changed functionality
2024-12-16 14:01:38 -06:00
Gabriel Hernandez
12bf9880ad Merge branch 'main' into feat-labels-scoped-software 2024-12-16 12:35:18 -06:00
Konstantin Sykulev
7e1478589b
Delete pending installs/scripts on policy delete (#24463)
When a policy is deleted clean up any pending software installs or
scripts generated from the policy

https://github.com/fleetdm/fleet/issues/23886

If some of the following don't apply, delete the relevant line.

<!-- Note that API documentation changes are now addressed by the
product design team. -->

- [x] Changes file added for user-visible changes in `changes/`,
`orbit/changes/` or `ee/fleetd-chrome/changes`.
See [Changes
files](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/Committing-Changes.md#changes-files)
for more information.
- [x] Input data is properly validated, `SELECT *` is avoided, SQL
injection is prevented (using placeholders for values in statements)
- [x] Added/updated tests
- [x] Manual QA for all new/changed functionality
2024-12-16 11:47:34 -06:00
Ian Littman
a86caed431
Replace CRLF with LF on script upload (#24760)
For #24166

# Checklist for submitter

If some of the following don't apply, delete the relevant line.

<!-- Note that API documentation changes are now addressed by the
product design team. -->

- [x] Changes file added for user-visible changes in `changes/`,
`orbit/changes/` or `ee/fleetd-chrome/changes`.
See [Changes
files](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/Committing-Changes.md#changes-files)
for more information.
- [x] Added/updated tests
- [x] Manual QA for all new/changed functionality
2024-12-16 11:25:12 -06:00
Victor Lyuboslavsky
1e5da18963
Fixed potential deadlocks when deploying Apple configuration profiles. (#24777)
#24771

Fixing deadlocks found in loadtest:
https://docs.google.com/document/d/1-Q6qFTd7CDm-lh7MVRgpNlNNJijk6JZ4KO49R1fp80U/edit?tab=t.0
- added retries to statements prone to deadlocks

# Checklist for submitter

- [x] Changes file added for user-visible changes in `changes/`,
`orbit/changes/` or `ee/fleetd-chrome/changes`.
- [x] Manual QA for all new/changed functionality
2024-12-16 11:16:42 -06:00
Gabriel Hernandez
8ecf75ae2b Merge branch 'main' into feat-labels-scoped-software 2024-12-16 10:40:19 -06:00
Victor Lyuboslavsky
48e3654d75
Adding secret support to profiles via gitops. (#24675)
#24547

# Checklist for submitter

- [x] Changes file added for user-visible changes in `changes/`,
`orbit/changes/` or `ee/fleetd-chrome/changes`.
See [Changes
files](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/Committing-Changes.md#changes-files)
for more information.
- [x] Added/updated tests
- [x] Manual QA for all new/changed functionality
2024-12-13 15:41:23 -06:00
jacobshandling
7e5000cf52
UI - Redirect on invalid URL parameter to /software/add/fleet-maintained/:id (#24637)
## #24636

Redirect when NaN "foobar" provided as software id in url:

https://github.com/user-attachments/assets/e1b0ce3d-f494-447c-a452-285f0e6758af

- [x] Changes file added for user-visible changes in `changes/`,
- [x] Manual QA for all new/changed functionality

---------

Co-authored-by: Jacob Shandling <jacob@fleetdm.com>
2024-12-13 10:40:58 -08:00
Ian Littman
42186b1ad9
Fix nil pointer dereference on CVEs when OS versions list hasn't been populated yet (#24735)
For #22523.

# Checklist for submitter

- [x] Changes file added for user-visible changes in `changes/`,
`orbit/changes/` or `ee/fleetd-chrome/changes`.
See [Changes
files](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/Committing-Changes.md#changes-files)
for more information.
- [x] Added/updated tests
- [x] Manual QA for all new/changed functionality
2024-12-12 17:23:27 -06:00
Victor Lyuboslavsky
3d671f110d
Removed server error if no private IP was found by detail_query_network_interface (#24726)
#24725

# Checklist for submitter
- [x] Changes file added for user-visible changes in `changes/`,
`orbit/changes/` or `ee/fleetd-chrome/changes`.
- [x] Added/updated tests
- [x] Manual QA for all new/changed functionality
2024-12-12 15:45:26 -06:00
Konstantin Sykulev
669e944f50
Team policy endpoint now accepts null to unset a script or software installer (#24658)
https://github.com/fleetdm/fleet/issues/23490

# Checklist for submitter

- [x] Changes file added for user-visible changes in `changes/`,
`orbit/changes/` or `ee/fleetd-chrome/changes`.
See [Changes
files](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/Committing-Changes.md#changes-files)
for more information.
- [x] Added/updated tests
- [x] Manual QA for all new/changed functionality

---------

Co-authored-by: Ian Littman <iansltx@gmail.com>
2024-12-12 13:33:19 -06:00
RachelElysia
95ae7c3c5f
Fleet UI: Fix policy truncation and add tooltip (#24659) 2024-12-12 09:11:26 -05:00
Ian Littman
4dd152c011
Allow pulling the base list of Fleet Maintained Apps without requiring a team ID (#24595)
For #24509

# Checklist for submitter

If some of the following don't apply, delete the relevant line.

<!-- Note that API documentation changes are now addressed by the
product design team. -->

- [x] Changes file added for user-visible changes in `changes/`,
`orbit/changes/` or `ee/fleetd-chrome/changes`.
See [Changes
files](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/Committing-Changes.md#changes-files)
for more information.
- [x] Input data is properly validated, `SELECT *` is avoided, SQL
injection is prevented (using placeholders for values in statements)
- [x] Added/updated tests
- [x] Manual QA for all new/changed functionality
2024-12-11 21:12:38 -06:00
Martin Angers
23a6146966
SSVL: prevent deletion of a label if used to scope software installers (#24644) 2024-12-11 14:21:10 -05:00
jacobshandling
2118616f64
21855 – Paginate and filter Queries on the server, update platform filtering from compatible to targeted platforms (#24446)
## Addresses #21855 and all of its subtasks

**Frontend:**
- Update list queries API call to include pagination and filter-related
query params, including new `platform` param for filtering queries by
platforms they've been set to target
- Convert all filtering, sorting, and pagination functionality of the
Manage queries page from client-side to server-side
- Remove unneeded variable declarations / logic
- Various typing and naming improvements

**Server:**
- Add new `platform` `ListQueryOption`
- Update service and datastore level list queries logic to handle
filtering queries by targeted platform
- Update service and datastore level list queries logic to include
`meta` and `count` fields in addition to filtered/paginated queries


- [x] Changes file added for user-visible changes in `changes/`, `
- [x] Added/updated tests
  - [x] update DB, integration
  - [x] add integration (pagination)
  - [x] add integration (platform filter)
  - [x] add DB (pagination)
  - [x] add DB (platform filter)
- [x] Manual QA for all new/changed functionality

---------

Co-authored-by: Jacob Shandling <jacob@fleetdm.com>
2024-12-11 10:50:28 -08:00
RachelElysia
7ecd6d9377
Fleet UI: Fix bug hiding manage automations dropdown from maintainers (#23808) 2024-12-11 10:19:33 -05:00
Jahziel Villasana-Espinoza
5814e3985a
feat: add software title ID to add software activity (#24577)
> Related issue: #24120

## Changes
- Added the `software_title_id` field to the activity details for
`added_software` activities, which get generated when adding a customer
installer or a FMA
- Added a return value (`titleID`) to
`ds.MatchOrCreateSoftwareInstaller`
- Removed `ds.GetSoftwareTitleIDByMaintainedAppID`. Since we're
returning the new value above, this method was no longer needed.

## Testing steps
1. Add a custom installer
2. Add a FMA
3. Check the activity details in the response to `GET /activities`.
Verify that the `software_title_id` field exists and is correct.
4. Add a FMA with automatic install. Make sure the policy is correctly
created, has the correct software title ID associated with it, and that
it installs the app.

# Checklist for submitter

If some of the following don't apply, delete the relevant line.

<!-- Note that API documentation changes are now addressed by the
product design team. -->

- [x] Changes file added for user-visible changes in `changes/`,
`orbit/changes/` or `ee/fleetd-chrome/changes`.
See [Changes
files](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/Committing-Changes.md#changes-files)
for more information.
- [x] Added/updated tests
- [x] Manual QA for all new/changed functionality
2024-12-11 09:54:15 -05:00
Ian Littman
cf6e15f6a4
Validate license key if supplied before running fleetctl preview (#24627)
For #22884

# Checklist for submitter

- [x] Changes file added for user-visible changes in `changes/`,
`orbit/changes/` or `ee/fleetd-chrome/changes`.
See [Changes
files](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/Committing-Changes.md#changes-files)
for more information.
- [x] Added/updated tests
- [x] Manual QA for all new/changed functionality
2024-12-11 07:57:10 -06:00
Ian Littman
746e800fcf
Error out while parsing when script entries in a GitOps YAML file are missing paths (#24639)
For #22244. Previously empty script entries would get parsed and then
cause a panic later in the process.

# Checklist for submitter

If some of the following don't apply, delete the relevant line.

<!-- Note that API documentation changes are now addressed by the
product design team. -->

- [x] Changes file added for user-visible changes in `changes/`,
`orbit/changes/` or `ee/fleetd-chrome/changes`.
See [Changes
files](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/Committing-Changes.md#changes-files)
for more information.
- [x] Input data is properly validated, `SELECT *` is avoided, SQL
injection is prevented (using placeholders for values in statements)
- [x] Added/updated tests
- [x] Manual QA for all new/changed functionality
2024-12-11 07:54:25 -06:00
Victor Lyuboslavsky
4e1e4a3204
Added migration and secret variables API. (#24594)
#24545 

# Checklist for submitter

If some of the following don't apply, delete the relevant line.

<!-- Note that API documentation changes are now addressed by the
product design team. -->

- [x] Changes file added for user-visible changes in `changes/`,
`orbit/changes/` or `ee/fleetd-chrome/changes`.
See [Changes
files](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/Committing-Changes.md#changes-files)
for more information.
- [x] Input data is properly validated, `SELECT *` is avoided, SQL
injection is prevented (using placeholders for values in statements)
- [x] Added/updated tests
- [x] If database migrations are included, checked table schema to
confirm autoupdate
- For database migrations:
- [x] Ensured the correct collation is explicitly set for character
columns (`COLLATE utf8mb4_unicode_ci`).
- [x] Manual QA for all new/changed functionality
2024-12-10 15:32:51 -06:00
Ian Littman
3258b45cbf
Update email template font to Inter (#24617)
# Checklist for submitter

If some of the following don't apply, delete the relevant line.

<!-- Note that API documentation changes are now addressed by the
product design team. -->

- [x] Changes file added for user-visible changes in `changes/`,
`orbit/changes/` or `ee/fleetd-chrome/changes`.
See [Changes
files](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/Committing-Changes.md#changes-files)
for more information.
2024-12-10 15:17:50 -06:00
RachelElysia
6c54f145ca
Fleet UI: Do not remove team selection when creating a label (#24590) 2024-12-10 14:04:04 -05:00
RachelElysia
f9b0f10936
Fleet UI: Export to CSV does not trim leading zeros (#24529) 2024-12-10 14:03:20 -05:00
Konstantin Sykulev
cae70d2921
Optimized software versions endpoint (#24496)
The software versions endpoint cve details can be truncated using the
`without_vulnerability_details` flag.

https://github.com/fleetdm/fleet/issues/23679

# Checklist for submitter

If some of the following don't apply, delete the relevant line.

<!-- Note that API documentation changes are now addressed by the
product design team. -->

- [x] Changes file added for user-visible changes in `changes/`,
`orbit/changes/` or `ee/fleetd-chrome/changes`.
See [Changes
files](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/Committing-Changes.md#changes-files)
for more information.
- [x] Added/updated tests
- [x] Manual QA for all new/changed functionality

---------

Co-authored-by: Ian Littman <iansltx@gmail.com>
2024-12-09 16:23:57 -06:00
Victor Lyuboslavsky
25d9a2b043
Allow APNS key to be in unencrypted PKCS8 format (#24570)
#23760 

Manual QA done:
1. Get the current APNS key using tools/mdm/assets tool.
2. Convert it to a PKCS8 key like: `openssl pkcs8 -topk8 -inform PEM
-outform PEM -in mdm_assets/apns_key.key -out mdm_assets/apns_pkcs8.key
-nocrypt`
3. Delete all `apns` and `scep` rows from `mdm_config_assets` DB table.
4. Point to the PKCS8 key like:

```
export FLEET_MDM_APPLE_APNS_KEY=/Users/victor/work/fleet/mdm_assets/apns_pkcs8.key

export FLEET_MDM_APPLE_APNS_CERT=/Users/victor/work/fleet/mdm_assets/apns_cert.crt
export FLEET_MDM_APPLE_SCEP_CERT=/Users/victor/work/fleet/mdm_assets/ca_cert.crt
export FLEET_MDM_APPLE_SCEP_KEY=/Users/victor/work/fleet/mdm_assets/ca_key.key
export FLEET_MDM_APPLE_SCEP_CHALLENGE=$(cat /Users/victor/work/fleet/mdm_assets/scep_challenge)
```

This step may be tricky. Might be simpler to spin up a fresh Fleet
server with the SCEP/APNS values.

5. Start fleet server. Make sure APNS works by pushing/deleting a
profile.
6. Renew APNS cert and make sure the new cert still works.

# Checklist for submitter

If some of the following don't apply, delete the relevant line.

<!-- Note that API documentation changes are now addressed by the
product design team. -->

- [x] Changes file added for user-visible changes in `changes/`,
`orbit/changes/` or `ee/fleetd-chrome/changes`.
- [x] Added/updated tests
- [x] Manual QA for all new/changed functionality
2024-12-09 16:23:22 -06:00
Ian Littman
4b21ed571b
Fix duplicate queries when pulling query stats for a host (#24514)
For #23488.

We see duplicates for queries that show up in both WHEREs since UNION
ALL doesn't deduplicate. Since we're grabbing all of the same columns,
GROUP BY'ing all columns on the final result gets us a deduplicated set
without having to do any cleanup server-side.

# Checklist for submitter

If some of the following don't apply, delete the relevant line.

<!-- Note that API documentation changes are now addressed by the
product design team. -->

- [x] Changes file added for user-visible changes in `changes/`,
`orbit/changes/` or `ee/fleetd-chrome/changes`.
See [Changes
files](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/Committing-Changes.md#changes-files)
for more information.
- [x] Added/updated tests
- [x] Manual QA for all new/changed functionality
2024-12-09 15:50:28 -06:00
jacobshandling
874a1bf495
UI – Restore user's current scroll after updating the host software filter (#24455)
## #23095 


https://github.com/user-attachments/assets/90640987-e06f-432c-9fd2-765753ac1d73

- [x] Changes file added for user-visible changes in `changes/`
- [x] Manual QA for all new/changed functionality

---------

Co-authored-by: Jacob Shandling <jacob@fleetdm.com>
2024-12-09 12:21:36 -08:00
Sarah Gillespie
5ee939c2c0
Fix UI bug with host software install/uninstall actions (#24510) 2024-12-09 13:31:43 -06:00
faelau
ce84d4800c
Add service annotations to Helm Chart (#24459) 2024-12-09 13:19:22 -06:00
Konstantin Sykulev
ed2e6dffdf
Better documentation in fleetctl query command for label flag (#24556)
# Checklist for submitter

https://github.com/fleetdm/fleet/issues/23880

- [X] Changes file added for user-visible changes in `changes/`,
`orbit/changes/` or `ee/fleetd-chrome/changes`.
See [Changes
files](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/Committing-Changes.md#changes-files)
for more information.
2024-12-09 12:47:52 -06:00
Ian Littman
07852b4c60
Bump Go version from 1.23.1 to 1.23.4, Alpine on Docker images from 3.20 to 3.21 (#24518)
Kept the Debian-based image at Bullseye.

For #24517.

# Checklist for submitter

- [x] Changes file added for user-visible changes in `changes/`,
`orbit/changes/` or `ee/fleetd-chrome/changes`.
See [Changes
files](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/Committing-Changes.md#changes-files)
for more information.
- [x] Manual QA for all new/changed functionality: Validated builds
(Docker and make) all work after this change, except for BitLocker
(requires Windows).
2024-12-09 11:06:07 -06:00
Ian Littman
c474843d0f
Add "do not reply to this automated message" copy to remaining emails, fix X logo location, swap Twitter for X on other automated email templates (#24506)
For consistency with new MFA email in #22078.

# Checklist for submitter

If some of the following don't apply, delete the relevant line.

<!-- Note that API documentation changes are now addressed by the
product design team. -->

- [x] Changes file added for user-visible changes in `changes/`,
`orbit/changes/` or `ee/fleetd-chrome/changes`.
See [Changes
files](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/Committing-Changes.md#changes-files)
for more information.
- [x] Manual QA for all new/changed functionality
2024-12-09 09:19:23 -06:00
Ian Littman
4af18cd136
Allow team admins/maintainers to view Fleet maintained apps (#24516)
For #23305.

# Checklist for submitter

If some of the following don't apply, delete the relevant line.

<!-- Note that API documentation changes are now addressed by the
product design team. -->

- [x] Changes file added for user-visible changes in `changes/`,
`orbit/changes/` or `ee/fleetd-chrome/changes`.
See [Changes
files](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/Committing-Changes.md#changes-files)
for more information.
- [x] Input data is properly validated, `SELECT *` is avoided, SQL
injection is prevented (using placeholders for values in statements)
- [x] Added/updated tests
- [x] Manual QA for all new/changed functionality
2024-12-09 08:29:08 -06:00
Jahziel Villasana-Espinoza
a5c667a882
fix: check the activity type before trying to add fleet (#24434)
> Related issue: #24337

# Checklist for submitter

If some of the following don't apply, delete the relevant line.

<!-- Note that API documentation changes are now addressed by the
product design team. -->

- [x] Changes file added for user-visible changes in `changes/`,
`orbit/changes/` or `ee/fleetd-chrome/changes`.
See [Changes
files](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/Committing-Changes.md#changes-files)
for more information.
- [x] Added/updated tests
- [x] Manual QA for all new/changed functionality
2024-12-06 17:59:55 -05:00
Jahziel Villasana-Espinoza
216743baf1
fix: do pagination in fleet free with correct query params (#24494)
> Related issue: #23404

# Checklist for submitter

If some of the following don't apply, delete the relevant line.

<!-- Note that API documentation changes are now addressed by the
product design team. -->

- [x] Changes file added for user-visible changes in `changes/`,
`orbit/changes/` or `ee/fleetd-chrome/changes`.
See [Changes
files](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/Committing-Changes.md#changes-files)
for more information.
- [x] Manual QA for all new/changed functionality
2024-12-06 17:13:09 -05:00
Dante Catalfamo
6d00803503
Stop legacy query packs from spamming errors (#24491)
#24386
2024-12-06 16:34:21 -05:00
jacobshandling
6514631dcd
UI - Only include custom sourced emails that are present (#24411)
## Addresses #24321 

Note that the "Used by" section includes the Google chrome user and the
custom user that has an associated email, but ignores the custom user
with no email:

<img width="1349" alt="Screenshot 2024-12-04 at 9 37 10 PM"
src="https://github.com/user-attachments/assets/b03b519b-c904-4327-bf76-494a3c80a27b">

- [x] Changes file added for user-visible changes in `changes/`, 
- [x] Manual QA for all new/changed functionality

---------

Co-authored-by: Jacob Shandling <jacob@fleetdm.com>
2024-12-05 15:38:35 -08:00
jacobshandling
36ef5b8d6a
UI: Add nice formatting and UX to log destinations in two places (#24396)
## Addresses #24363

<img width="1464" alt="Screenshot 2024-12-04 at 2 22 03 PM"
src="https://github.com/user-attachments/assets/0e935bc4-f9f1-41b9-b36c-3c7722ad5b95">
<img width="1464" alt="Screenshot 2024-12-04 at 2 21 11 PM"
src="https://github.com/user-attachments/assets/1b8e87d2-068c-4ef2-b46c-8cf57a1ab2c7">


- [x] Changes file added for user-visible changes in `changes/`, 
- [x] Manual QA for all new/changed functionality

---------

Co-authored-by: Jacob Shandling <jacob@fleetdm.com>
2024-12-05 15:19:56 -08:00
Victor Lyuboslavsky
968f329725
Added cleanup job to delete stuck pending Apple profiles (#24437)
#23816

This fix may not completely fix the customer's issue. However, I'd like
to see if there are improvements from this fix combined with the
previous query optimization fix.

# Checklist for submitter

- [x] Changes file added for user-visible changes in `changes/`,
`orbit/changes/` or `ee/fleetd-chrome/changes`.
See [Changes
files](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/Committing-Changes.md#changes-files)
for more information.
- [x] Added/updated tests
- [x] If database migrations are included, checked table schema to
confirm autoupdate
- For database migrations:
- [x] Checked schema for all modified table for columns that will
auto-update timestamps during migration.
- [x] Confirmed that updating the timestamps is acceptable, and will not
cause unwanted side effects.
- [x] Ensured the correct collation is explicitly set for character
columns (`COLLATE utf8mb4_unicode_ci`).
- [x] Manual QA for all new/changed functionality
2024-12-05 15:40:59 -06:00
RachelElysia
603c223f8b
Fleet UI: 2FA (#24442) 2024-12-05 15:54:43 -05:00
Josh Brower
4f2daf2368
CIS Update: Q4 2024 (#24224)
All edited YAML files were ran through a YAML syntax check before before
committed.

**macOS-13**

- UPDATED: "3.5 - Ensure Access to Audit Records Is Controlled"
Description and Resolution. Query did not change.

- ADDED: "5.10 - Ensure XProtect Is Running and Updated" Checking for
updated is actually handled via a different query.

**macOS-14**

- UPDATED: "3.5 - Ensure Access to Audit Records Is Controlled"
Description and Resolution. Query did not change.

- ADDED: "5.10 - Ensure XProtect Is Running and Updated" Checking for
updated is actually handled via a different query.

 
**macOS-15**

Initial version duplicated from macOS-14 queries, then the following
changes were applied:

- REMOVED:  "3.6 - Ensure Firewall Logging Is Enabled and Configured"

The following controls were not added, further research on how to check
them with osquery is required:
- 2.6.3.1 - 2.6.3.5 and 2.7.2: I am not sure how we can accomplish this.
- "5.11 - Ensure Logging Is Enabled For Sudo" I believe this one can be
accomplished through the file_lines table

---------

Co-authored-by: Sharon Katz <121527325+sharon-fdm@users.noreply.github.com>
Co-authored-by: Sharon Katz <sharon@fleetdm.com>
2024-12-05 13:35:40 -05:00
Victor Lyuboslavsky
afebfde63c
Improvements for select next Apple MDM command query. (#24128)
#23832 

[Loadtest
report](https://docs.google.com/document/d/1HafECokrZ3jnzRskxMtJwp4k1E2uBTbO9vfKEUtyykI/edit?tab=t.0)

# Checklist for submitter
- [x] Changes file added for user-visible changes in `changes/`,
`orbit/changes/` or `ee/fleetd-chrome/changes`.
See [Changes
files](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/Committing-Changes.md#changes-files)
for more information.
- [x] Input data is properly validated, `SELECT *` is avoided, SQL
injection is prevented (using placeholders for values in statements)
- [x] Added/updated tests
- [x] Manual QA for all new/changed functionality
2024-12-05 12:02:48 -06:00
Marko Lisica
6039708e59
Add VPP app: fix confusing empty states (#24243)
# Checklist for submitter

If some of the following don't apply, delete the relevant line.

<!-- Note that API documentation changes are now addressed by the
product design team. -->

- [x] Changes file added for user-visible changes in `changes/`,
`orbit/changes/` or `ee/fleetd-chrome/changes`.
See [Changes
files](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/Committing-Changes.md#changes-files)
for more information.
- [x] Manual QA for all new/changed functionality

---------

Co-authored-by: Sarah Gillespie <73313222+gillespi314@users.noreply.github.com>
2024-12-04 19:38:30 +01:00
Marko Lisica
317717776a
Add missing loading states in delete modal (#24245)
# Checklist for submitter

If some of the following don't apply, delete the relevant line.

<!-- Note that API documentation changes are now addressed by the
product design team. -->

- [x] Changes file added for user-visible changes in `changes/`,
`orbit/changes/` or `ee/fleetd-chrome/changes`.
See [Changes
files](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/Committing-Changes.md#changes-files)
for more information.
- [x] Manual QA for all new/changed functionality
2024-12-04 19:35:09 +01:00
Dante Catalfamo
ca54b2264e
Fix zip and dmg automation showing null platform (#24346)
#23020
2024-12-04 11:00:28 -05:00
Jahziel Villasana-Espinoza
9df4b066ff chore: merge main 2024-12-03 13:16:00 -05:00
Jahziel Villasana-Espinoza
b482223d02
fix: replace Zoom FMA with Zoom for IT (#24311)
> Related issue: #23686

# Checklist for submitter

If some of the following don't apply, delete the relevant line.

<!-- Note that API documentation changes are now addressed by the
product design team. -->

- [x] Changes file added for user-visible changes in `changes/`,
`orbit/changes/` or `ee/fleetd-chrome/changes`.
See [Changes
files](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/Committing-Changes.md#changes-files)
for more information.
- [x] Input data is properly validated, `SELECT *` is avoided, SQL
injection is prevented (using placeholders for values in statements)
- [x] Added/updated tests
- [x] If database migrations are included, checked table schema to
confirm autoupdate
- For database migrations:
- [x] Checked schema for all modified table for columns that will
auto-update timestamps during migration.
- [x] Confirmed that updating the timestamps is acceptable, and will not
cause unwanted side effects.
- [x] Ensured the correct collation is explicitly set for character
columns (`COLLATE utf8mb4_unicode_ci`).
- [x] Manual QA for all new/changed functionality

---

## QA steps

1. Start up Fleet. Check the DB `cron_stats` table and the
`fleet_library_apps` table to make sure that the FMA cron job was
scheduled and ran successfully
2. Apply the migrations and re-start Fleet
3. Check that 
a. The previously run FMA job(s) in the `cron_stats` table have been
deleted
b. There should now be just 1 scheduled job in the `cron_stats` table,
which should have been created ~30s after you re-started Fleet after the
migration
c. The FMA for Zoom should be replaced by "Zoom for IT" in the list of
FMAs.
4. Add the new Zoom FMA to a setup experience for some team. Run the
setup experience and validate Zoom was installed, but that no windows
pop up during setup experience.
5. Uninstall the FMA, validate that uninstall is successful
2024-12-03 13:08:54 -05:00
Martin Angers
15a8214145
Merge branch 'main' into feat-automatic-migrate-windows-hosts 2024-12-03 11:28:04 -05:00
Victor Lyuboslavsky
2a6a9b990f
Fixed gitops issue with gitops role. (#24297)
#24288

PR for API docs: https://github.com/fleetdm/fleet/pull/24303

# Checklist for submitter
- [x] Changes file added for user-visible changes in `changes/`,
`orbit/changes/` or `ee/fleetd-chrome/changes`.
See [Changes
files](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/Committing-Changes.md#changes-files)
for more information.
- [x] Added/updated tests
- [x] Manual QA for all new/changed functionality
2024-12-03 10:12:07 -06:00
Martin Angers
7d3b11a10c
Merge branch 'main' into feat-automatic-migrate-windows-hosts 2024-12-03 11:07:25 -05:00
Luke Heath
b312bb99e5
Adding changes for Fleet v4.60.0 (#23817) (#24294) 2024-12-03 10:03:37 -06:00
Martin Angers
2dda7a1eb0
Replace deprecated pkcs7 package with a maintained fork (#24313) 2024-12-03 11:01:22 -05:00
Dante Catalfamo
d00ab6a986
Stop hiding Windows MDM WSTEP config flags (#24289) 2024-12-03 10:04:49 -05:00
Martin Angers
df6e1cf473
Merge branch 'main' into feat-automatic-migrate-windows-hosts 2024-12-03 08:41:57 -05:00
jacobshandling
ed8c3a3b98
UI - Only show 'follow instructions on My device' banner for encrypted and non-escrowed Linux hosts (#24277)
## #24248

For hosts with encrypted disks that Fleet does not have a key escrowed
for:

**Banner shown for Linux:**
<img width="1464" alt="Screenshot 2024-12-02 at 10 52 08 AM"
src="https://github.com/user-attachments/assets/91dd3b64-b9da-430b-9eb0-0ae30af751d8">

**but not for Windows:**
<img width="1464" alt="Screenshot 2024-12-02 at 10 49 54 AM"
src="https://github.com/user-attachments/assets/0345db0d-74f5-4608-af7b-58efae14dfea">



- [x] Changes file added for user-visible changes in `changes/`
- [x] Manual QA

---------

Co-authored-by: Jacob Shandling <jacob@fleetdm.com>
2024-12-02 16:28:28 -08:00
Jahziel Villasana-Espinoza
2cdead2dce
fix: use the correct copy for a macos host (#24292)
> Related issue: #23621

# Checklist for submitter

If some of the following don't apply, delete the relevant line.

<!-- Note that API documentation changes are now addressed by the
product design team. -->

- [x] Changes file added for user-visible changes in `changes/`,
`orbit/changes/` or `ee/fleetd-chrome/changes`.
See [Changes
files](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/Committing-Changes.md#changes-files)
for more information.
- [x] Manual QA for all new/changed functionality
2024-12-02 17:30:18 -05:00
Martin Angers
5aef78ee26
Merge branch 'main' into feat-automatic-migrate-windows-hosts 2024-12-02 16:51:57 -05:00
RachelElysia
54455e9958
Fleet UI: Ability to clear webhook address and still disable policy automation (#24163) 2024-12-02 16:18:42 -05:00
Martin Angers
f399a90901
Merge branch 'main' into feat-automatic-migrate-windows-hosts 2024-12-02 09:34:49 -05:00
RachelElysia
a5d06f70a9
Fleet API: Update resending configuration profiles API URL (#24211) 2024-11-27 15:39:55 -05:00
Martin Angers
eea90e5632
Proposal fix/plan for 24024 (#24207) 2024-11-27 12:11:08 -05:00
Gabriel Hernandez
80edd0dbfe
Feat UI creat policies fleet apps title details (#23972)
relates to #23137, #23136

implements to the rest of the UI for automatically creating fleet
policies when adding a fleet maintained app. Also includes the API
changes needed for this which include changing the `GET
/software/titles` and `GET /software/titles/:id` endpoints to include
the `automatic_install_policies` data.

UI added includes:

**Adding tag for automatic install software titles**


![image](https://github.com/user-attachments/assets/a7f17350-58f2-44bc-8ea0-477c633b394a)

**Adding modal to show the policies associated with that software
title**


![image](https://github.com/user-attachments/assets/eb08f3e0-0dcd-44d7-915c-b08b7434f615)

- [x] Changes file added for user-visible changes in `changes/`,
`orbit/changes/` or `ee/fleetd-chrome/changes`.
- [x] Added/updated tests
- [x] Manual QA for all new/changed functionality

---------

Co-authored-by: Jahziel Villasana-Espinoza <jahziel@fleetdm.com>
2024-11-26 17:21:00 -05:00
RachelElysia
e7605d2d2f
Fleet UI: Fix app store icons with awkward borders (#24126) 2024-11-26 16:30:22 -05:00
jacobshandling
86eb8fd058
UI - Update help text for Policy automations (scripts & software) (#24138)
## Addresses #22527 

Figma:
<img width="1822" alt="Screenshot 2024-11-25 at 5 30 48 PM"
src="https://github.com/user-attachments/assets/caef56ce-f8aa-4f54-ab90-91d2d53f8c50">


UI:
<img width="1464" alt="Screenshot 2024-11-25 at 12 17 23 PM"
src="https://github.com/user-attachments/assets/b4bf6cc9-b0c8-422e-8dbf-ab82be9b5ca9">
<img width="1464" alt="Screenshot 2024-11-25 at 12 03 53 PM"
src="https://github.com/user-attachments/assets/4770872e-cc8d-4d82-b3e1-5a4afe98a115">



- [x] Changes file added for user-visible changes in `changes/`
- [x] Manual QA for all new/changed functionality

---------

Co-authored-by: Jacob Shandling <jacob@fleetdm.com>
2024-11-26 12:30:30 -08:00
jacobshandling
c5d61c7490
UI - Improve side nav empty state UI under /settings (#24145)
## #23027 

<img width="1392" alt="Screenshot 2024-11-25 at 1 09 50 PM"
src="https://github.com/user-attachments/assets/74fdd240-f3bc-4365-8ff2-7a3fedf718c1">

- [x] Changes file added for user-visible changes in `changes/`, 
- [x] Manual QA for all new/changed functionality

---------

Co-authored-by: Jacob Shandling <jacob@fleetdm.com>
2024-11-26 12:29:50 -08:00
Martin Angers
c4404d9d68
Windows MDM Migration: API, CLI and activities (#24141) 2024-11-26 11:52:56 -05:00
Jahziel Villasana-Espinoza
d4b0edf8c9
fix: small typo (#24149)
> No issue, just something I noticed

# Checklist for submitter

If some of the following don't apply, delete the relevant line.

<!-- Note that API documentation changes are now addressed by the
product design team. -->

- [x] Changes file added for user-visible changes in `changes/`,
`orbit/changes/` or `ee/fleetd-chrome/changes`.
See [Changes
files](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/Committing-Changes.md#changes-files)
for more information.
- [x] Manual QA for all new/changed functionality
2024-11-25 18:00:07 -05:00
Martin Angers
e5d2812654 Merge branch 'main' into feat-automatic-migrate-windows-hosts 2024-11-25 16:43:31 -05:00
Konstantin Sykulev
1446d28029
github cli false negative vulnerability (#24100)
Added a cpe translation for the `gh` command. The software is identified
as `gh`, however, the cpe (`cpe:2.3🅰️github:cli:2.62.0:*:*:*:*:*:*:*`)
name is labeled as `cli`, thus the mismatch.

https://github.com/fleetdm/fleet/issues/24009

# Checklist for submitter

If some of the following don't apply, delete the relevant line.

<!-- Note that API documentation changes are now addressed by the
product design team. -->

- [x] Changes file added for user-visible changes in `changes/`,
`orbit/changes/` or `ee/fleetd-chrome/changes`.
See [Changes
files](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/Committing-Changes.md#changes-files)
for more information.
- [x] Added/updated tests
- [x] Manual QA for all new/changed functionality
2024-11-25 12:32:10 -06:00
Victor Lyuboslavsky
5abcf2ef3a
Drop duplicate MySQL indexes. (#24107)
#24109 
Duplicate indexes identified after running pt-duplicate-key-checker
https://docs.percona.com/percona-toolkit/pt-duplicate-key-checker.html

# Checklist for submitter

- [x] Changes file added for user-visible changes in `changes/`,
`orbit/changes/` or `ee/fleetd-chrome/changes`.
See [Changes
files](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/Committing-Changes.md#changes-files)
for more information.
- For database migrations:
- [x] Checked schema for all modified table for columns that will
auto-update timestamps during migration.
- [x] Confirmed that updating the timestamps is acceptable, and will not
cause unwanted side effects.
- [x] Ensured the correct collation is explicitly set for character
columns (`COLLATE utf8mb4_unicode_ci`).
2024-11-25 10:03:19 -06:00
Martin Angers
f0e1dccc8a
Bugfix: use an HTTP client that supports proxies for APNS push notifications (#23988) 2024-11-25 09:45:38 -05:00
RachelElysia
65244eb556
Fleet UI: Fix learn more about JIT provisioning link (#24092) 2024-11-25 08:57:51 -05:00
RachelElysia
b45aa4761d
Fleet UI: Add more description to delete host modal (#24089) 2024-11-25 08:57:27 -05:00
RachelElysia
1f206a87b5
Fleet UI: Fix VMs bold letter bug (#23903) 2024-11-25 08:56:38 -05:00
Jahziel Villasana-Espinoza
ee73249f32
fix: return a better error when attempting to turn off MDM for a Windows host (#24044)
> Related issue: #23158

# Checklist for submitter

If some of the following don't apply, delete the relevant line.

<!-- Note that API documentation changes are now addressed by the
product design team. -->

- [x] Changes file added for user-visible changes in `changes/`,
`orbit/changes/` or `ee/fleetd-chrome/changes`.
See [Changes
files](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/Committing-Changes.md#changes-files)
for more information.
- [x] Added/updated tests
- [x] Manual QA for all new/changed functionality
2024-11-22 19:54:06 -05:00
Jahziel Villasana-Espinoza
5dab4f51b5
feat: do not run setup experience on hosts in a team with no software or script configured (#24073)
> Related issue: #24024 

# Checklist for submitter

Demo video: https://www.youtube.com/watch?v=F7p2PyJce7E

If some of the following don't apply, delete the relevant line.

<!-- Note that API documentation changes are now addressed by the
product design team. -->

- [x] Changes file added for user-visible changes in `changes/`,
`orbit/changes/` or `ee/fleetd-chrome/changes`.
See [Changes
files](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/Committing-Changes.md#changes-files)
for more information.
- [x] Input data is properly validated, `SELECT *` is avoided, SQL
injection is prevented (using placeholders for values in statements)
- [x] Added/updated tests
- [x] Manual QA for all new/changed functionality
2024-11-22 13:52:28 -05:00
Gabriel Hernandez
afc4cc5d23
add UI for new windows mdm page and automatic migration (#24068)
relates to #22896

Implements the UI for the windows automatic migration.

**new windows mdm page layout with automatic migration checkbox**


![image](https://github.com/user-attachments/assets/2909d6d2-e802-4dec-9c78-0b8f6a4466c0)

- [x] Changes file added for user-visible changes in `changes/`,
`orbit/changes/` or `ee/fleetd-chrome/changes`.
See [Changes
files](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/Committing-Changes.md#changes-files)
for more information.
- [ ] Added/updated tests
- [x] Manual QA for all new/changed functionality
2024-11-22 16:52:03 +00:00
Sharon Katz
d80161a5b9
Added statistics for number of saved queries. (#24043)
Added statistics for number of saved queries.
2024-11-22 11:24:29 -05:00
Sarah Gillespie
9de98d80b7
Apply minimum OS version enforcement to MDM SSO endpoint (#23856) 2024-11-22 09:56:36 -06:00
Konstantin Sykulev
46f10b85cd
Improved label(s) validation when running queries (#23834)
Previously when passing labels to the query run endpoints that do not
exist, the labels would simply be ignored. Now the endpoint will return
an error indicating which labels are invalid. This change also affects
the `fleetctl query` command `--labels` flag.

https://github.com/fleetdm/fleet/issues/23015

# Checklist for submitter

If some of the following don't apply, delete the relevant line.

<!-- Note that API documentation changes are now addressed by the
product design team. -->

- [x] Changes file added for user-visible changes in `changes/`,
`orbit/changes/` or `ee/fleetd-chrome/changes`.
See [Changes
files](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/Committing-Changes.md#changes-files)
for more information.
- [x] Added/updated tests
- [x] Manual QA for all new/changed functionality

---------

Co-authored-by: Ian Littman <iansltx@gmail.com>
2024-11-21 16:13:30 -06:00
Jahziel Villasana-Espinoza
0683749d0b
fix: use correct link (#23998)
> Related issue: #23942
# Checklist for submitter

If some of the following don't apply, delete the relevant line.

<!-- Note that API documentation changes are now addressed by the
product design team. -->

- [x] Changes file added for user-visible changes in `changes/`,
`orbit/changes/` or `ee/fleetd-chrome/changes`.
See [Changes
files](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/Committing-Changes.md#changes-files)
for more information.
- [x] Manual QA for all new/changed functionality
2024-11-20 18:25:19 -05:00
Andrea Scarpino
12a92f3407
doc: firefox_preferences works on linux and windows (#23967)
Solves #23955

# Checklist for submitter

- [x] Changes file added for user-visible changes in `changes/`,
`orbit/changes/` or `ee/fleetd-chrome/changes`.
See [Changes
files](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/Committing-Changes.md#changes-files)
for more information.
- [ ] Input data is properly validated, `SELECT *` is avoided, SQL
injection is prevented (using placeholders for values in statements)
- [ ] Added support on fleet's osquery simulator `cmd/osquery-perf` for
new osquery data ingestion features.
- [ ] Added/updated tests
- [ ] If paths of existing endpoints are modified without backwards
compatibility, checked the frontend/CLI for any necessary changes
- [ ] If database migrations are included, checked table schema to
confirm autoupdate
- For database migrations:
- [ ] Checked schema for all modified table for columns that will
auto-update timestamps during migration.
- [ ] Confirmed that updating the timestamps is acceptable, and will not
cause unwanted side effects.
- [ ] Ensured the correct collation is explicitly set for character
columns (`COLLATE utf8mb4_unicode_ci`).
- [ ] Manual QA for all new/changed functionality
- For Orbit and Fleet Desktop changes:
- [ ] Orbit runs on macOS, Linux and Windows. Check if the orbit
feature/bugfix should only apply to one platform (`runtime.GOOS`).
- [ ] Manual QA must be performed in the three main OSs, macOS, Windows
and Linux.
- [ ] Auto-update manual QA, from released version of component to new
version (see [tools/tuf/test](../tools/tuf/test/README.md)).
2024-11-20 16:46:07 -06:00
jacobshandling
096d67dd5a
Linux disk encryption: frontend changes, backend missing private key errors, remove disk encryption endpoints dependence on MDM being enabled (#23714)
## Addresses #22702,  #23713, #23756, #23746, #23747, and #23876
_-Note that much of this code as is will render as expected only once
integrated with the backend or if manipulated manually for testing
purposes_

**Frontend**:
- Update banners on my device page, tests
- Build new logic for calling endpoint to trigger linux key escrow on
clicking `Create key`
- Add `CreateLinuxKeyModal` to inform user of next steps after clicking
`Create key`
- Update banners on host details page, tests
- Update the Controls > OS settings section with new logic related to
linux disk encryption
- Expect and include counts of Linux hosts in aggregate disk encryption
stats UI
- Add "Linux" column to the disk encryption table
- Show disk encryption related UI for supported Linux platforms
- TODO: confirm platform string matching functionality in manual e2e
testing
- Expand capabilities of `SectionHeader` component, apply to new UI
- Flash "missing private key" error, with clickable link, when trying to
update disk encryption enabled while no server private key is present.
- TODO: QA this once other endpoints on Controls > Disk encryption are
enabled even when MDM not turned on
- Update Disk encryption key modal copy


-Other TODO:
  - Confirm when integrated with API:
    - Aggregate disk encryption counts
    - Disk encryption table Linux column
    - Show disk encryption key action on host details page when expected
    - Opens Disk encryption key modal, displays key as expected
  
**Backend**:
- For "No team" and teams, error when trying to update disk encryption
enabled while no server private key is present.
- Remove requirement of mdm being enabled for use of various endpoints
related to Linux disk encryption
- Update tests


_________
**Host details and my device page banners**

![banners](https://github.com/user-attachments/assets/b76fbfbd-0969-40eb-b8b1-9fd0d4fd0f4f)

**Create key modal**
<img width="1799" alt="create-key-modal"
src="https://github.com/user-attachments/assets/81a55ccb-b6b9-4eb6-b2ff-a463c60724c0">

**Enabling disk encryption**

![turning-on-enforcement](https://github.com/user-attachments/assets/005010b9-2238-46f8-9579-f07823898a78)

**Disk encryption: Fleet free**
<img width="1912" alt="free"
src="https://github.com/user-attachments/assets/9f9cace3-8955-47c2-87d9-24ff9387ac1a">

**Custom settings: turn on MDM**
<img width="1912" alt="turn on mdm"
src="https://github.com/user-attachments/assets/4d3ad47b-4035-4d93-86f0-dc2691b38bb4">

**Device status indicators**

![host-status-indicators](https://github.com/user-attachments/assets/5fc72c1e-816b-45b3-a650-5c1fcc48f09e)

**Encryption key action and modal**

![de-key-action-and-modal](https://github.com/user-attachments/assets/632f7b2c-c07e-4e30-87ef-e6437ae42a78)



- [x] Changes file added for user-visible changes in `changes/`
- [x] Added/updated tests
- [x] Manual QA for all new/changed functionality
  - [ ] Full e2e testing to do when integrated with backend

---------

Co-authored-by: Jacob Shandling <jacob@fleetdm.com>
Co-authored-by: Ian Littman <iansltx@gmail.com>
2024-11-20 11:58:47 -08:00
Martin Angers
0242c870ab
Bugfix: improve performance of updating nano_enrollments.last_seen_at under load (#23957) 2024-11-20 14:08:27 -05:00
Victor Lyuboslavsky
e4df954b0f
Update nanomdm dependency with latest bug fixes and improvements. (#23906)
#23905 

- Update with upstream nanomdm changes up to
825f2979a2
- Removed PostgeSQL folder from our nanomdm
- Added nanomdm MySQL test job to our CI

# Checklist for submitter

- [x] Changes file added for user-visible changes in `changes/`,
`orbit/changes/` or `ee/fleetd-chrome/changes`.
See [Changes
files](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/Committing-Changes.md#changes-files)
for more information.
- [x] Added/updated tests
- [x] Manual QA for all new/changed functionality
2024-11-20 11:47:11 -06:00
Jahziel Villasana-Espinoza
8a8b8403b2
fix: show script name in activity for setup experience script (#23944)
> Related issue: #23787 

This adds the script name to both the upcoming and past activities.

Demo video: https://www.youtube.com/watch?v=kLSsUZhyMC4

# Checklist for submitter

If some of the following don't apply, delete the relevant line.

<!-- Note that API documentation changes are now addressed by the
product design team. -->

- [x] Changes file added for user-visible changes in `changes/`,
`orbit/changes/` or `ee/fleetd-chrome/changes`.
See [Changes
files](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/Committing-Changes.md#changes-files)
for more information.
- [x] Input data is properly validated, `SELECT *` is avoided, SQL
injection is prevented (using placeholders for values in statements)
- [x] Added/updated tests
- [x] Manual QA for all new/changed functionality
2024-11-19 17:38:09 -05:00
Gabriel Hernandez
cb3e1d5b69
Fix abm table overflow issue (#23722)
relates to #21986

fix a UI overflow issue on the abm table

- [x] Changes file added for user-visible changes in `changes/`,
`orbit/changes/` or `ee/fleetd-chrome/changes`.
- [x] Manual QA for all new/changed functionality
2024-11-19 11:46:41 +00:00
Luke Heath
22ff5013e8
Adding changes for Fleet v4.59.1 (#23862) (#23929) 2024-11-18 16:30:23 -06:00
Victor Lyuboslavsky
687ce3a71a
Fixed parsing Opera PE self-extracting archive. (#23751)
#23540 

Tested installers from Google drive:
https://drive.google.com/drive/folders/1MZVwgZu5Af7JnSnKCFknRPGDXM29mOa6

# Checklist for submitter

- [x] Changes file added for user-visible changes in `changes/`,
`orbit/changes/` or `ee/fleetd-chrome/changes`.
See [Changes
files](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/Committing-Changes.md#changes-files)
for more information.
- [x] Added/updated tests
- [x] Manual QA for all new/changed functionality

---------

Co-authored-by: Sarah Gillespie <73313222+gillespi314@users.noreply.github.com>
2024-11-18 16:09:29 -06:00
Victor Lyuboslavsky
698e9e80fe
Added activity item for fleetd enrollment with host serial and display name. (#23790)
#22810 

# Demo
[![22810
demo](http://img.youtube.com/vi/le71QQ92suc/0.jpg)](http://www.youtube.com/watch?v=le71QQ92suc)

# Checklist for submitter

- [x] Changes file added for user-visible changes in `changes/`,
`orbit/changes/` or `ee/fleetd-chrome/changes`.
See [Changes
files](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/Committing-Changes.md#changes-files)
for more information.
- [x] Added support on fleet's osquery simulator `cmd/osquery-perf` for
new osquery data ingestion features.
- [x] Added/updated tests
- [x] Manual QA for all new/changed functionality
- For Orbit and Fleet Desktop changes:
- [x] Orbit runs on macOS, Linux and Windows. Check if the orbit
feature/bugfix should only apply to one platform (`runtime.GOOS`).
- [x] Manual QA must be performed in the three main OSs, macOS, Windows
and Linux.
- [x] Auto-update manual QA, from released version of component to new
version (see [tools/tuf/test](../tools/tuf/test/README.md)).
2024-11-18 15:51:36 -06:00
Victor Lyuboslavsky
06d233aad1
Adding missing instrumentation for APM. (#23882)
#19696 

# Checklist for submitter

- [x] Changes file added for user-visible changes in `changes/`,
`orbit/changes/` or `ee/fleetd-chrome/changes`.
- [x] Manual QA for all new/changed functionality
2024-11-18 09:58:24 -06:00
Lucas Manuel Rodriguez
c080a3b0e1
Check opt.NativeTooling before creating build directory (#23894)
#23893

Changes on top of the PR from the @ilpianista:
https://github.com/fleetdm/fleet/pull/23796
2024-11-18 11:32:55 -03:00
Dante Catalfamo
36e22af0ca
Download ABM Certificate with correct extension (#23861)
#23021
2024-11-15 16:02:35 -05:00
Lucas Manuel Rodriguez
4b4fc976a2
Add team_identifier to macOS software (#23766)
Changes to add `team_identifier` signing information to macOS
applications on the `/api/latest/fleet/hosts/:id/software` API endpoint.

Docs: https://github.com/fleetdm/fleet/pull/23743

- [X] Changes file added for user-visible changes in `changes/`,
`orbit/changes/` or `ee/fleetd-chrome/changes`.
See [Changes
files](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/Committing-Changes.md#changes-files)
for more information.
- [X] Input data is properly validated, `SELECT *` is avoided, SQL
injection is prevented (using placeholders for values in statements)
- [X] Added/updated tests
- [X] If paths of existing endpoints are modified without backwards
compatibility, checked the frontend/CLI for any necessary changes
- [X] If database migrations are included, checked table schema to
confirm autoupdate
- For database migrations:
- [X] Checked schema for all modified table for columns that will
auto-update timestamps during migration.
- [X] Confirmed that updating the timestamps is acceptable, and will not
cause unwanted side effects.
- [ X Ensured the correct collation is explicitly set for character
columns (`COLLATE utf8mb4_unicode_ci`).
- [X] Manual QA for all new/changed functionality
- For Orbit and Fleet Desktop changes:
- [X] Orbit runs on macOS, Linux and Windows. Check if the orbit
feature/bugfix should only apply to one platform (`runtime.GOOS`).
- [X] Manual QA must be performed in the three main OSs, macOS, Windows
and Linux.
- [X] Auto-update manual QA, from released version of component to new
version (see [tools/tuf/test](../tools/tuf/test/README.md)).

---------

Co-authored-by: Tim Lee <timlee@fleetdm.com>
Co-authored-by: Ian Littman <iansltx@gmail.com>
2024-11-15 14:17:04 -03:00
Dante Catalfamo
167e2e3e28
Scope pending host profile rebuilds (#23772)
#21338
2024-11-15 11:55:30 -05:00
Jahziel Villasana-Espinoza
e27e916f74
fix: re-enroll devices that are removed from ABM and then added back (#23757)
> Related issue: #23200

# Checklist for submitter

If some of the following don't apply, delete the relevant line.

<!-- Note that API documentation changes are now addressed by the
product design team. -->

- [x] Changes file added for user-visible changes in `changes/`,
`orbit/changes/` or `ee/fleetd-chrome/changes`.
See [Changes
files](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/Committing-Changes.md#changes-files)
for more information.
- [x] Input data is properly validated, `SELECT *` is avoided, SQL
injection is prevented (using placeholders for values in statements)
- [x] Added/updated tests
- [x] Manual QA for all new/changed functionality
2024-11-14 18:31:12 -05:00
RachelElysia
2bd4bf881a
Fleet UI: Teams dropdown refactor (upgrade to react-select-5, accessible via keyboard) (#23288) 2024-11-14 12:31:31 -05:00
Sarah Gillespie
b8c9816e53
Custom OS settings: "include any label" option for custom target (#23802) 2024-11-14 11:10:49 -06:00
Ian Littman
4f726a724c
Allow Fleet Premium users to opt out of populating vulnerability details when populating software in the hosts list endpoint (#23710)
#23078

This endpoint is drastically more efficient, and returns a much smaller
response payload, when vulnerability details aren't returned, and
vulnerability details can be looked up more efficiently in the
/vulnerabilities/CVE-XXXX-YYYY endpoint as that endpoint returns the
description once overall rather than once per host.

# Checklist for submitter

If some of the following don't apply, delete the relevant line.

<!-- Note that API documentation changes are now addressed by the
product design team. -->

- [x] Changes file added for user-visible changes in `changes/`,
`orbit/changes/` or `ee/fleetd-chrome/changes`.
See [Changes
files](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/Committing-Changes.md#changes-files)
for more information.
- [x] Input data is properly validated, `SELECT *` is avoided, SQL
injection is prevented (using placeholders for values in statements)
- [x] Added/updated tests
- [x] Manual QA for all new/changed functionality
2024-11-14 11:09:51 -06:00
gillespi314
28e4cf6cf7 Merge branch 'main' into feat-include-any-label 2024-11-14 08:33:03 -06:00
Konstantin Sykulev
48b992e268
Modify status code for software batch endpoint (#23711)
When using the `fleet/software/batch` endpoint, due to its async nature,
it should return a 202 (Accepted) rather than a 200 (Ok).

https://github.com/fleetdm/fleet/issues/23492

# Checklist for submitter

If some of the following don't apply, delete the relevant line.

<!-- Note that API documentation changes are now addressed by the
product design team. -->

- [x] Changes file added for user-visible changes in `changes/`,
`orbit/changes/` or `ee/fleetd-chrome/changes`.
See [Changes
files](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/Committing-Changes.md#changes-files)
for more information.
- [x] Added/updated tests
- [x] Manual QA for all new/changed functionality
2024-11-13 17:22:51 -06:00
RachelElysia
b25034da47
Fleet UI: Prompted to re-enter password on SCEP/NDES credential updates (#23732) 2024-11-13 16:01:11 -05:00
RachelElysia
f8e09ad4f3
Fleet UI: Disabled forms cannot be accessed via keyboard (#23727) 2024-11-13 15:38:28 -05:00
Luke Heath
ae92a7036f
Adding changes for Fleet v4.59.0 (#23292) (#23731) 2024-11-13 13:39:53 -06:00
Jahziel Villasana-Espinoza
e3618e8335
fix: return error in gitops if using deprecated field and there are more than 1 abm tokens (#23768)
> Related issue: #22359

# Checklist for submitter

If some of the following don't apply, delete the relevant line.

<!-- Note that API documentation changes are now addressed by the
product design team. -->

- [x] Changes file added for user-visible changes in `changes/`,
`orbit/changes/` or `ee/fleetd-chrome/changes`.
See [Changes
files](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/Committing-Changes.md#changes-files)
for more information.
- [x] Added/updated tests
- [x] Manual QA for all new/changed functionality
2024-11-13 14:07:59 -05:00
Zach Wasserman
8c21dff636
Add capability to serve YARA rules via authenticated Fleet endpoints (#23343)
Implements the Fleet side of #14899

- Add new endpoints to update and retrieve yara rules
- Add support in fleetctl for applying the rules

# Checklist for submitter

If some of the following don't apply, delete the relevant line.

- [x] Changes file added for user-visible changes in `changes/`, `orbit/changes/` or `ee/fleetd-chrome/changes`.
  See [Changes files](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/Committing-Changes.md#changes-files) for more information.
- [x] Input data is properly validated, `SELECT *` is avoided, SQL injection is prevented (using placeholders for values in statements)
- [ ] Added support on fleet's osquery simulator `cmd/osquery-perf` for new osquery data ingestion features.
- [x] Added/updated tests
- [ ] If paths of existing endpoints are modified without backwards compatibility, checked the frontend/CLI for any necessary changes
- [x] If database migrations are included, checked table schema to confirm autoupdate
- For database migrations:
  - [x] Checked schema for all modified table for columns that will auto-update timestamps during migration.
  - [ ] Confirmed that updating the timestamps is acceptable, and will not cause unwanted side effects.
  - [x] Ensured the correct collation is explicitly set for character columns (`COLLATE utf8mb4_unicode_ci`).
- [x] Manual QA for all new/changed functionality
2024-11-13 09:01:08 -08:00
RachelElysia
1fed4759d8
Fleet UI: Add enable automations slider to query forms (#23562) 2024-11-13 09:32:59 -05:00
Martin Angers
e5febe960d
Bugfix: create/update manual label returns outdated info when configured with a mysql replica (#23725) 2024-11-13 08:57:22 -05:00
Martin Angers
c3ebce9293
Improve memory usage of software installers parsing (#23596) 2024-11-12 09:28:08 -05:00
Victor Lyuboslavsky
cab2426bf4
Added better handling of timeout and insufficient permissions errors in NDES SCEP proxy. (#23654)
#23525

# Demo
<div>
<a href="https://www.loom.com/share/e252ac2038b34941a9043867f79228f3">
<p>[Demo] Handling timeout and insufficient permission errors in NDES
#23525 - Watch Video</p>
    </a>
<a href="https://www.loom.com/share/e252ac2038b34941a9043867f79228f3">
<img style="max-width:300px;"
src="https://cdn.loom.com/sessions/thumbnails/e252ac2038b34941a9043867f79228f3-2ff60eb9e0f54dd5-full-play.gif">
    </a>
  </div>

# Checklist for submitter

If some of the following don't apply, delete the relevant line.

<!-- Note that API documentation changes are now addressed by the
product design team. -->

- [x] Changes file added for user-visible changes in `changes/`,
`orbit/changes/` or `ee/fleetd-chrome/changes`.
See [Changes
files](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/Committing-Changes.md#changes-files)
for more information.
- [x] Added/updated tests
- [x] Manual QA for all new/changed functionality
2024-11-11 14:57:28 -06:00
Jahziel Villasana-Espinoza
59abd8b1d0
fix: update logic for filtering VPP apps based on host MDM status (#23656)
> Related issue: #23247 

# Checklist for submitter

If some of the following don't apply, delete the relevant line.

<!-- Note that API documentation changes are now addressed by the
product design team. -->

- [x] Changes file added for user-visible changes in `changes/`,
`orbit/changes/` or `ee/fleetd-chrome/changes`.
See [Changes
files](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/Committing-Changes.md#changes-files)
for more information.
- [x] Input data is properly validated, `SELECT *` is avoided, SQL
injection is prevented (using placeholders for values in statements)
- [x] Added/updated tests
- [x] Manual QA for all new/changed functionality
2024-11-11 14:35:05 -05:00
Dante Catalfamo
3604a9abf8
Add reboot to linux unlock script (#23382)
#22437

There is a bug in Ubuntu 24.04's distribution of GDM that prevents it
from starting correctly and displaying a prompt to the user if
`/etc/nologin` is present. This issue is not present on the current
release of Fedora, meaning it is Ubuntu specific.

The way we lock users out is by manually creating the `nologin` file and
then masking the `systemd-user-sessions` systemd unit, which creates the
file on shutdown and deletes it on startup. This will cause a PAM policy
to fail and prevents anyone from logging in. When we unlock the system
we delete the `nologin` file, unmask the `systemd-user-sessions` unit,
and manually run the binary that it should start.

This process removes the cause of the GDM bug, but we need to reboot the
machine to get GDM working again.

While I have not yet been able to determine the exact cause of the bug,
this fix will prevent the user from being stuck with a black screen once
the machine is unlocked.

This fix will not remedy GDM showing a black screen upon being locked,
it only ensures that the user isn't stuck having to manually reboot the
machine once it's unlocked.

We should check back on this soon to see if the bug gets been fixed
upstream.
2024-11-11 14:22:22 -05:00
Dante Catalfamo
915213a0a3
Fix uninstall for Warp and Box (#23652)
#22773
2024-11-11 14:20:31 -05:00
Dante Catalfamo
ddbf6f1f29
Add support for zstd deb packages (#23657)
#22891
2024-11-11 14:13:01 -05:00
jacobshandling
e1b28eadc2
Set minimum height for the Add hosts > ChromeOS > Policy for extension field to avoid scrollbar (#23642)
## #23016 

![Screenshot 2024-11-07 at 10 50
48 PM](https://github.com/user-attachments/assets/68b1ea91-416b-4cf8-b4fa-ede1f72cef66)


- [x] Changes file added for user-visible changes in `changes/`, `
- [x] Manual QA for all new/changed functionality

---------

Co-authored-by: Jacob Shandling <jacob@fleetdm.com>
2024-11-11 10:15:47 -08:00
jacobshandling
8fe73d7efe
UI: Dismiss error flash on DUP when changing URL (#23671)
## #23669 


![ezgif-4-55897686f6](https://github.com/user-attachments/assets/20232177-d919-4a67-bfe9-d4c20c375dd3)


- [x] Changes file added for user-visible changes in `changes/`
- [x] Manual QA for all new/changed functionality

---------

Co-authored-by: Jacob Shandling <jacob@fleetdm.com>
2024-11-11 10:14:49 -08:00
Ian Littman
d746b9179a
Record activity when activity automations are enabled/edited/disabled (#23477)
#21709, re-roll/expansion of work done by @ilpianista in #21368

# Checklist for submitter

If some of the following don't apply, delete the relevant line.

<!-- Note that API documentation changes are now addressed by the
product design team. -->

- [x] Changes file added for user-visible changes in `changes/`,
`orbit/changes/` or `ee/fleetd-chrome/changes`.
See [Changes
files](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/Committing-Changes.md#changes-files)
for more information.
- [x] Added/updated tests
- [x] Manual QA for all new/changed functionality

---------

Co-authored-by: Andrea Scarpino <andrea@scarpino.dev>
2024-11-08 09:07:56 -06:00
Ian Littman
cfead6a35f
Fix path resolution for installer queries and scripts to always be relative to where the query file or script is referenced (#23502)
#22187

Similar fix to #22555: resolve paths at spec parsing time rather than
when trying to grab files

# Checklist for submitter

If some of the following don't apply, delete the relevant line.

<!-- Note that API documentation changes are now addressed by the
product design team. -->

- [x] Changes file added for user-visible changes in `changes/`,
`orbit/changes/` or `ee/fleetd-chrome/changes`.
See [Changes
files](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/Committing-Changes.md#changes-files)
for more information.
- [x] Added/updated tests
- [x] Manual QA for all new/changed functionality
2024-11-07 11:22:08 -06:00
Ian Littman
c797fb73c2
Delete pending script executions when the underlying script is edited or deleted (#23520)
#21888 

# Checklist for submitter

- [x] Changes file added for user-visible changes in `changes/`,
`orbit/changes/` or `ee/fleetd-chrome/changes`.
See [Changes
files](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/Committing-Changes.md#changes-files)
for more information.
- [x] Added/updated tests
- [x] Manual QA for all new/changed functionality
2024-11-06 18:15:52 -06:00
Victor Lyuboslavsky
06a4c86b3b
Allow uploading PKG without Distribution.xml (#23590)
#23213
Use PackageInfo.xml if Distribution.xml does not exist in uploaded macOS
PKG.

This means we now support script-only packages:
<div>
<a href="https://www.loom.com/share/fb2f9fe93cb64f3aa1221f974ca0eb3a">
<p>[Demo] Install script-only macOS package on Fleet (#23213) - Watch
Video</p>
    </a>
<a href="https://www.loom.com/share/fb2f9fe93cb64f3aa1221f974ca0eb3a">
<img style="max-width:300px;"
src="https://cdn.loom.com/sessions/thumbnails/fb2f9fe93cb64f3aa1221f974ca0eb3a-4b035241497a6c22-full-play.gif">
    </a>
  </div>

# Checklist for submitter
- [x] Changes file added for user-visible changes in `changes/`,
`orbit/changes/` or `ee/fleetd-chrome/changes`.
See [Changes
files](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/Committing-Changes.md#changes-files)
for more information.
- [x] Added/updated tests
- [x] Manual QA for all new/changed functionality
2024-11-06 14:38:13 -06:00
RachelElysia
576dcff1a7
Fleet UI: Add script content modal to UI in various places (#23461) 2024-11-06 12:48:11 -05:00
Jahziel Villasana-Espinoza
aed3c3f775 chore: merge in main 2024-11-06 10:13:47 -05:00
Jahziel Villasana-Espinoza
0095b3be89
feat: update profile reconciliation logic to handle include-any label relationships (#23535)
> Related issue: #22581

# Checklist for submitter

If some of the following don't apply, delete the relevant line.

<!-- Note that API documentation changes are now addressed by the
product design team. -->

- [x] Changes file added for user-visible changes in `changes/`,
`orbit/changes/` or `ee/fleetd-chrome/changes`.
See [Changes
files](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/Committing-Changes.md#changes-files)
for more information.
- [x] Input data is properly validated, `SELECT *` is avoided, SQL
injection is prevented (using placeholders for values in statements)
- [x] Added/updated tests
- [x] Manual QA for all new/changed functionality

---------

Co-authored-by: gillespi314 <73313222+gillespi314@users.noreply.github.com>
2024-11-06 09:13:37 -05:00
Dante Catalfamo
aa3fd29c13
Profile Labels Include Any CLI (#23434)
#22576


Co-authored-by: Sarah Gillespie <73313222+gillespi314@users.noreply.github.com>
2024-11-05 15:13:44 -05:00
Martin Angers
2f54879f2a
Bugfix: config profile deployment based on label exclusion (#23533) 2024-11-05 11:58:31 -05:00
Gabriel Hernandez
73d287eaeb
update msw (mock service worker) package to 2.5.1 (#23480)
relates to #23128

updates mock service worker package as it was using a version of
`path-to-regexp` that had a high security vulnerability. This updated
version of msw uses a newer version of the package that does not have
this vulnerability

I had to add the `jest-fixed-dom` package to update msw as well as
update our version of typescript to 4.7
2024-11-05 10:13:30 -06:00
Ian Littman
257fc8590d
Expose counts_updated_at on software title by-ID endpoint, show in UI (#23478)
#22269

# Checklist for submitter

If some of the following don't apply, delete the relevant line.

<!-- Note that API documentation changes are now addressed by the
product design team. -->

- [x] Changes file added for user-visible changes in `changes/`,
`orbit/changes/` or `ee/fleetd-chrome/changes`.
See [Changes
files](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/Committing-Changes.md#changes-files)
for more information.
- [x] Added/updated tests
- [x] Manual QA for all new/changed functionality
2024-11-05 09:54:02 -06:00
Gabriel Hernandez
53dc33d7d6
add message to ui for cloud customers for windows auto enrollment (#23481)
relates to #21633

This adds an info banner for cloud customers to help them with their
Windows autoenrollment setup.


![image](https://github.com/user-attachments/assets/57b5e966-2b37-40eb-b85c-632ea107e624)

- [x] Changes file added for user-visible changes in `changes/`,
`orbit/changes/` or `ee/fleetd-chrome/changes`.
- [x] Manual QA for all new/changed functionality
2024-11-05 15:25:10 +00:00
Victor Lyuboslavsky
bab0e159a9
Adding telemetry for specific Fleet Desktop errors (#23349)
Adding telemetry for catching issue #19172

# Docs changes

In another PR: https://github.com/fleetdm/fleet/pull/23423/files

# Demo
<div>
<a href="https://www.loom.com/share/233625875eec46508c26ae315cd52d19">
<p>[Demo] Add telemetry for vital fleetd errors - Issue #23413 - Watch
Video</p>
    </a>
<a href="https://www.loom.com/share/233625875eec46508c26ae315cd52d19">
<img style="max-width:300px;"
src="https://cdn.loom.com/sessions/thumbnails/233625875eec46508c26ae315cd52d19-45ca0ec1b7b5e9e7-full-play.gif">
    </a>
  </div>

# Checklist for submitter

- [x] Changes file added for user-visible changes in `changes/`,
`orbit/changes/` or `ee/fleetd-chrome/changes`.
See [Changes
files](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/Committing-Changes.md#changes-files)
for more information.
- [x] Added/updated tests
- [x] Manual QA for all new/changed functionality
- For Orbit and Fleet Desktop changes:
- [x] Orbit runs on macOS, Linux and Windows. Check if the orbit
feature/bugfix should only apply to one platform (`runtime.GOOS`).
- [x] Manual QA must be performed in the three main OSs, macOS, Windows
and Linux.
- [x] Auto-update manual QA, from released version of component to new
version (see [tools/tuf/test](../tools/tuf/test/README.md)).
2024-10-31 14:24:42 -05:00
Gabriel Hernandez
ccbdf46119
add UI to add the include any option for custom profile custom label target (#23390)
relates to #22575

Add the UI for allowing custom profiles to be uploaded to hosts that
have any of specified labels. I also spent some time cleaning up the
custom settings card and its components. I was able to remove a lot of
unused styles.


![image](https://github.com/user-attachments/assets/167a575c-4520-496b-8f73-ed390e079e44)


<!-- Note that API documentation changes are now addressed by the
product design team. -->

- [x] Changes file added for user-visible changes in `changes/`,
`orbit/changes/` or `ee/fleetd-chrome/changes`.
- [ ] Added/updated tests
- [x] Manual QA for all new/changed functionality
2024-10-31 15:10:49 +00:00
Jahziel Villasana-Espinoza
5331019735
feat: migration for new col (#23391)
> Related issue: #22578

# Checklist for submitter

If some of the following don't apply, delete the relevant line.

<!-- Note that API documentation changes are now addressed by the
product design team. -->

- [x] Changes file added for user-visible changes in `changes/`,
`orbit/changes/` or `ee/fleetd-chrome/changes`.
See [Changes
files](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/Committing-Changes.md#changes-files)
for more information.
- [x] Input data is properly validated, `SELECT *` is avoided, SQL
injection is prevented (using placeholders for values in statements)
- [x] Added/updated tests
- [x] If database migrations are included, checked table schema to
confirm autoupdate
- For database migrations:
- [x] Checked schema for all modified table for columns that will
auto-update timestamps during migration.
- [x] Confirmed that updating the timestamps is acceptable, and will not
cause unwanted side effects.
- [x] Ensured the correct collation is explicitly set for character
columns (`COLLATE utf8mb4_unicode_ci`).
- [x] Manual QA for all new/changed functionality
2024-10-30 21:58:34 -04:00
Martin Angers
4aa96a8c9b
Bugfix: unblock ADE enrollments for hosts on an old fleetd version (#23389) 2024-10-30 15:28:32 -04:00
jacobshandling
78f520b467
Have the UI inform the user why they could not update their password (#23398)
## #23341 

<img width="1305" alt="Screenshot 2024-10-30 at 10 13 27 AM"
src="https://github.com/user-attachments/assets/c085f77c-4620-4f62-9f2c-0fe7fd9dec8b">

- [x] Changes file added for user-visible changes in `changes/`
- [x] Manual QA for all new/changed functionality
- [ ] Cherry-pick and PR into RC

---------

Co-authored-by: Jacob Shandling <jacob@fleetdm.com>
2024-10-30 11:14:50 -07:00
Sarah Gillespie
f380492f60
Allow gitops users to run MDM commands (#23308) 2024-10-30 11:00:06 -05:00
Ian Littman
3d9134052f
Retime Nudge to 20:00 UTC (#23373)
- @noahtalerman: 12p (noon) PST for Nudge and 12p local time for DDM

See #23320 and #21998

# Checklist for submitter

If some of the following don't apply, delete the relevant line.

<!-- Note that API documentation changes are now addressed by the
product design team. -->

- [x] Changes file added for user-visible changes in `changes/`,
`orbit/changes/` or `ee/fleetd-chrome/changes`.
See [Changes
files](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/Committing-Changes.md#changes-files)
for more information.
- [x] Added/updated tests
- [ ] Manual QA for all new/changed functionality

@xpkoala @PezHub Do y'all have a macOS 13 VM handy to test this? Test
plan would be:

1. Set OS update deadline for tomorrow
2. Enroll a macOS 13 host
3. Tonight at 9:15pm Pacific there shouldn't be a nudge (there would be
with the old behavior)
4. Tomorrow at 9:15am Pacific there shouldn't be a nudge (there would be
with the old behavior)
5. Tomorrow at 12:15pm Pacific there _should_ be a nudge (well, 15
minutes earlier-ish)

/cc @noahtalerman
2024-10-30 09:08:43 -05:00
Martin Angers
9e91549d05
Bugfix: fix automaticrelease of iOS/iPadOS device during ADE enrollment (#23360) 2024-10-29 17:05:26 -04:00
Sarah Gillespie
48d140145f
Update tooltips for bootstrap package install status and VPP app install status (#23178) 2024-10-29 13:36:49 -05:00
Ian Littman
12b29143c5
Merge duplicate package entries for deb-installed Python packages for Debian (#23325)
#22219

Note caveats in added tests; we may need to add more matching logic here
based on the Debian Bookworm repro I did.

# Checklist for submitter

- [x] Changes file added for user-visible changes in `changes/`,
`orbit/changes/` or `ee/fleetd-chrome/changes`.
See [Changes
files](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/Committing-Changes.md#changes-files)
for more information.
- [x] Added/updated tests
- [x] Manual QA for all new/changed functionality
2024-10-29 11:16:09 -05:00
Dante Catalfamo
6e9955d7c7
Add clause to exclude VPP apps from host software list (#23207) 2024-10-28 15:48:54 -04:00
Martin Angers
d5c9a165e5
Bugfix and SE: support VPP apps and (install during setup of VPP apps) in gitops for no-team (#23160) 2024-10-28 10:35:57 -04:00
Jahziel Villasana-Espinoza
0bf331786e chore: dump sql schema 2024-10-25 18:01:19 -04:00
jacobshandling
a97e6efb79
Enable full-row clickability on the disk encryption table (#23220)
## #23219 

https://www.loom.com/share/d59be837e3f842288c2d259745ad49dc


- [x] Changes file added for user-visible changes in `changes/`
- [x] Manual QA for all new/changed functionality

---------

Co-authored-by: Jacob Shandling <jacob@fleetdm.com>
2024-10-25 09:16:04 -07:00
jacobshandling
f3755986c1
Explicitly set "Add profile" message line heights (#23216)
## #23215 

- Explicitly set "Add profile" message line heights so they are
consistent cross-browser

<img width="1624" alt="Screenshot 2024-10-24 at 3 34 45 PM"
src="https://github.com/user-attachments/assets/ac793e32-729f-423a-b672-ed60412eb92d">
<img width="1624" alt="Screenshot 2024-10-24 at 3 34 53 PM"
src="https://github.com/user-attachments/assets/5d8c8947-34ad-49c0-87d6-ea10b0ebd980">


- [x] Changes file added for user-visible changes in `changes/`,
- [x] Manual QA for all new/changed functionality

---------

Co-authored-by: Jacob Shandling <jacob@fleetdm.com>
2024-10-25 09:15:43 -07:00
Victor Lyuboslavsky
6bc0b5dcd9
Updated OpenTelemetry dependencies to latest. (#23186)
#23183 
Updated OpenTelemetry libraries as part of research into error logging
for orbit.

# Checklist for submitter
- [x] Changes file added for user-visible changes in `changes/`,
`orbit/changes/` or `ee/fleetd-chrome/changes`.
- [x] Manual QA for all new/changed functionality
2024-10-25 09:43:32 -05:00
Lucas Manuel Rodriguez
f16c941d89
Fix PATCH /api/latest/fleet/config to not clear VPP token/team associations when not set (#23175)
#23174

PS: Make sure to render the diff without whitespace changes.
![Screenshot 2024-10-24 at 10 58
47 AM](https://github.com/user-attachments/assets/fb36c995-206c-4a15-8bf2-6b375c5cc565)


- [X] Changes file added for user-visible changes in `changes/`,
`orbit/changes/` or `ee/fleetd-chrome/changes`.
See [Changes
files](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/Committing-Changes.md#changes-files)
for more information.
- [x] Added/updated tests
- [x] Manual QA for all new/changed functionality
2024-10-25 10:01:18 -03:00
Victor Lyuboslavsky
0a612a06b4
Remove pending MDM device from Fleet (#23067)
#22331

# Demo of fix
<div>
<a href="https://www.loom.com/share/6bc958c626d04f2b84c0eedba59db78b">
<p>[Demo] Remove pending device from Fleet when removed from ABM #22331
- Watch Video</p>
    </a>
<a href="https://www.loom.com/share/6bc958c626d04f2b84c0eedba59db78b">
<img style="max-width:300px;"
src="https://cdn.loom.com/sessions/thumbnails/6bc958c626d04f2b84c0eedba59db78b-8109a9f07d46ad52-full-play.gif">
    </a>
  </div>

# Checklist for submitter

- [x] Changes file added for user-visible changes in `changes/`,
`orbit/changes/` or `ee/fleetd-chrome/changes`.
See [Changes
files](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/Committing-Changes.md#changes-files)
for more information.
- [x] Added/updated tests
- [x] If database migrations are included, checked table schema to
confirm autoupdate
- For database migrations:
- [x] Ensured the correct collation is explicitly set for character
columns (`COLLATE utf8mb4_unicode_ci`).
- [x] Manual QA for all new/changed functionality

---------

Co-authored-by: Sarah Gillespie <73313222+gillespi314@users.noreply.github.com>
2024-10-24 16:42:30 -05:00
Ian Littman
4e38e8e5c5
s/urf-8/utf-8 on manual config profile download (#23169)
# Checklist for submitter

If some of the following don't apply, delete the relevant line.

<!-- Note that API documentation changes are now addressed by the
product design team. -->

- [x] Changes file added for user-visible changes in `changes/`,
`orbit/changes/` or `ee/fleetd-chrome/changes`.
See [Changes
files](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/Committing-Changes.md#changes-files)
for more information.
- [x] Manual QA for all new/changed functionality
2024-10-24 09:54:24 -07:00
Martin Angers
d1c3b5b28e
SE: CLI setup experience changes (#22956) 2024-10-23 14:51:02 -04:00
Gabriel Hernandez
8838630b2f Merge branch 'main' into feat-setup-experience 2024-10-23 12:20:41 +01:00
Ian Littman
98f2d15c59
Provide better error messages on 404s for install or uninstall results (#23106)
#22965

# Checklist for submitter

If some of the following don't apply, delete the relevant line.

<!-- Note that API documentation changes are now addressed by the
product design team. -->

- [x] Changes file added for user-visible changes in `changes/`,
`orbit/changes/` or `ee/fleetd-chrome/changes`.
See [Changes
files](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/Committing-Changes.md#changes-files)
for more information.
- [x] Manual QA for all new/changed functionality
2024-10-22 17:51:11 -05:00
jacobshandling
d3ccb51755
UI - Improve UX of Flash messages (#22836)
## #22661 


![ezgif-6-71e48912ae](https://github.com/user-attachments/assets/01144620-0eba-48f0-9254-cc4795fde9fd)

- Update `FlashMessage` behavior to, by default, hide itself when the
user performs any URL-changing navigation
- Add `persistOnPageChange` option to `renderFlash` API and associated
notification context and reducer logic, allowing override of this
behavior on a per-call basis
- Ensure proper order of evaluation of URL changes and render flash
action dispatches on the event loop
- Clean up legacy unused "undo"-related arguments and logic
- Allow the user to click in the same horizontal dimension as a flash
message
- Other misc. cleanup and refactoring

[Demo - messages hidden on page (any URL)
change](https://www.loom.com/share/1e884b6ba11c4b59bc74f51df3690131?sid=9b53e78b-6535-4541-b676-377760366cf4)

- [x] Changes file added for user-visible changes in `changes/`,
- [x] Manual QA for all new/changed functionality

---------

Co-authored-by: Jacob Shandling <jacob@fleetdm.com>
2024-10-22 10:52:20 -07:00
Ian Littman
3e8f68f80d
Pass through original status of an install when the removed flag is set when GETing the install result (#23072)
#23070 // https://www.loom.com/share/6ac7260712c94d4890f67fe8d5a26ea1

Also removes the unused, undocumented Detail field on software install
results

# Checklist for submitter

If some of the following don't apply, delete the relevant line.

<!-- Note that API documentation changes are now addressed by the
product design team. -->

- [x] Changes file added for user-visible changes in `changes/`,
`orbit/changes/` or `ee/fleetd-chrome/changes`.
See [Changes
files](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/Committing-Changes.md#changes-files)
for more information.
- [x] Added/updated tests
- [x] If paths of existing endpoints are modified without backwards
compatibility, checked the frontend/CLI for any necessary changes
- [x] If database migrations are included, checked table schema to
confirm autoupdate
- For database migrations:
- [x] Checked schema for all modified table for columns that will
auto-update timestamps during migration.
- [x] Confirmed that updating the timestamps is acceptable, and will not
cause unwanted side effects.
- [x] Ensured the correct collation is explicitly set for character
columns (`COLLATE utf8mb4_unicode_ci`).
- [x] Manual QA for all new/changed functionality
2024-10-22 12:47:46 -05:00
jacobshandling
ad9c919219
Frontend – Custom MDM URL UI, Update data validation pattern (#22727)
## #22700 


![ezgif-6-801855a36d](https://github.com/user-attachments/assets/72ddd339-acfa-4afe-a322-c1e6a2a38dd2)

- [x] Changes file added for user-visible changes in `changes/`, 
- [ ] Manual QA for all new/changed functionality - TODO when backend is
ready

---------

Co-authored-by: Jacob Shandling <jacob@fleetdm.com>
2024-10-22 10:10:50 -07:00
Ian Littman
91eef00d05
Fall back to pending-outline when we see an unexpected or blank host software install status (#23069)
#23068

# Checklist for submitter

If some of the following don't apply, delete the relevant line.

<!-- Note that API documentation changes are now addressed by the
product design team. -->

- [x] Changes file added for user-visible changes in `changes/`,
`orbit/changes/` or `ee/fleetd-chrome/changes`.
See [Changes
files](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/Committing-Changes.md#changes-files)
for more information.
- [x] Manual QA for all new/changed functionality
2024-10-21 18:20:34 -05:00
Ian Littman
bbac39f22a
Ensure software installs aren't deleted, and have enough info to display, even if associated installer or title are deleted (#22996)
#21654 #22087

Also persists title/installer filename/version to the install record in
case those are edited, though we'll continue showing the current title
name when pulling the install record at this point, and don't expose
installed version anywhere for now.

# Checklist for submitter

- [x] Changes file added for user-visible changes in `changes/`,
`orbit/changes/` or `ee/fleetd-chrome/changes`.
See [Changes
files](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/Committing-Changes.md#changes-files)
for more information.
- [x] Input data is properly validated, `SELECT *` is avoided, SQL
injection is prevented (using placeholders for values in statements)
- [x] Added/updated tests
- [x] If database migrations are included, checked table schema to
confirm autoupdate
- For database migrations:
- [x] Checked schema for all modified table for columns that will
auto-update timestamps during migration.
- [x] Confirmed that updating the timestamps is acceptable, and will not
cause unwanted side effects. (**force-set updated_at to avoid**)
- [x] Ensured the correct collation is explicitly set for character
columns (`COLLATE utf8mb4_unicode_ci`).
- [x] Manual QA for all new/changed functionality
2024-10-21 17:46:50 -05:00
Victor Lyuboslavsky
f3c18a14fe
Allow Render connectionString as redis.address (#23058)
#23057 

Render provides
[connectionString](https://docs.render.com/blueprint-spec#connectionstring)
for their Redis service, which Fleet cannot take because it includes
`redis://` prefix.

Once this change is released, we can [update our
render.yaml](https://github.com/fleetdm/fleet/pull/23056/files#diff-a64cf250b418ab8feee6c682a3d8cbd3b72cf24d4a241adeaf35c98b84045f93)

# Checklist for submitter
- [x] Changes file added for user-visible changes in `changes/`,
`orbit/changes/` or `ee/fleetd-chrome/changes`.
See [Changes
files](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/Committing-Changes.md#changes-files)
for more information.
- [x] Manual QA for all new/changed functionality
2024-10-21 13:49:01 -05:00
Victor Lyuboslavsky
476dd3cc86
Ignore --delete-other-teams for non-premium gitops (#23052)
#23050
# Checklist for submitter

If some of the following don't apply, delete the relevant line.

<!-- Note that API documentation changes are now addressed by the
product design team. -->

- [x] Changes file added for user-visible changes in `changes/`,
`orbit/changes/` or `ee/fleetd-chrome/changes`.
See [Changes
files](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/Committing-Changes.md#changes-files)
for more information.
- [x] Manual QA for all new/changed functionality
2024-10-21 11:20:41 -05:00
Gabriel Hernandez
d5689dd0fe Merge branch 'main' into feat-setup-experience 2024-10-21 12:36:50 +01:00
Jahziel Villasana-Espinoza
050e771635
fix: remove declarations that haven't been sent yet (#22993)
> Related issue: #22976

# Checklist for submitter

If some of the following don't apply, delete the relevant line.

<!-- Note that API documentation changes are now addressed by the
product design team. -->

- [x] Changes file added for user-visible changes in `changes/`,
`orbit/changes/` or `ee/fleetd-chrome/changes`.
See [Changes
files](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/Committing-Changes.md#changes-files)
for more information.
- [x] Input data is properly validated, `SELECT *` is avoided, SQL
injection is prevented (using placeholders for values in statements)
- [x] Added/updated tests
- [x] Manual QA for all new/changed functionality
2024-10-18 15:16:58 -04:00
Sarah Gillespie
65e374c85c
Fix bug in ABM token renewal flow (#22988) 2024-10-18 13:16:04 -05:00
Gabriel Hernandez
e91b9a296c
Fix Edge svg icon (#23012)
relates to #22954

this changes the svg icon for edge so that it removed the jank and cut
off portions


- [x] Changes file added for user-visible changes in `changes/`,
`orbit/changes/` or `ee/fleetd-chrome/changes`.
- [x] Manual QA for all new/changed functionality
2024-10-18 18:19:45 +01:00
Dante Catalfamo
6646c6d429
Setup experience state machine (#22845) 2024-10-18 12:01:53 -04:00
Gabriel Hernandez
f66b41ef37
fix for downloading manual enrolment profile when device token is expired (#23004)
relates to #22322

Makes a fix in the UI so that we show an error message when the device
token is expired and the user tried to download the mdm enrollment
profile.

**Showing error when device token is expired and tried to download mdm
enrollment profile**
https://www.loom.com/share/6306dcf851c24d5f8916ecb2498288cb


- [x] Changes file added for user-visible changes in `changes/`,
`orbit/changes/` or `ee/fleetd-chrome/changes`.
- [x] Manual QA for all new/changed functionality
2024-10-18 14:43:05 +01:00
Gabriel Hernandez
497a0f036e
fix for the enrollment page to not send back a 404 page (#22981)
makes a fix to the enroll byod handler. The hander use to be set once
when the server started but this lead to a user receiving a 404 page
after the fleet instance setup was complete but was not restarted.

now the `/enroll` handler will check for the setup requirement itself.
There is some error handling when the setup is required. if the fleet
instance has been setup, they will get the enroll byod page.

- [x] Changes file added for user-visible changes in `changes/`,
`orbit/changes/` or `ee/fleetd-chrome/changes`.
See [Changes
files](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/Committing-Changes.md#changes-files)
for more information.
2024-10-18 11:10:17 +01:00
Luke Heath
fdaf7be3ad
Prepare Fleet v4.58.0 (#22961) 2024-10-17 17:53:46 -05:00
Ian Littman
d0040e7622
Add platform filtering to Software > OS table (#21797)
#20385

See notes on that issue for API limitations (which is why Windows and
macOS are the only platforms listed).

Will move out of draft after adding the changes file and tests.

# Checklist for submitter

- [x] Changes file added for user-visible changes in `changes/`,
`orbit/changes/` or `ee/fleetd-chrome/changes`.
See [Changes
files](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/Committing-Changes.md#changes-files)
for more information.
- [x] Added/updated tests
- [x] Manual QA for all new/changed functionality
2024-10-16 10:02:06 -05:00
Gabriel Hernandez
e8c0deb4aa
Fix loading/error states for profile status aggregate summary UI (#22894)
relates to #21345

fix the loading state for the profile status aggregate component.

**loading state:**


![image](https://github.com/user-attachments/assets/e1b2d912-7872-4a1d-8dcc-76f132f07fd5)

**error state:**


![image](https://github.com/user-attachments/assets/a6e9ad00-6552-4c27-b6d1-ead19487c6cb)

<!-- Note that API documentation changes are now addressed by the
product design team. -->

- [x] Changes file added for user-visible changes in `changes/`,
`orbit/changes/` or `ee/fleetd-chrome/changes`
2024-10-16 13:50:34 +01:00
Martin Angers
9d7f51ec5b
SE: prevent deletion of software package/VPP app used in setup experience (#22937) 2024-10-16 08:26:23 -04:00
Tim Lee
a3eee28619
Use WaitDelay in non_windows script timeout (#22912) 2024-10-15 15:48:56 -06:00
Tim Lee
8a467fd462
Host issues query optimization (#22946) 2024-10-15 15:48:31 -06:00
Gabriel Hernandez
777c3bc342
add UI error message my device page for host having mdm turned off (#22906)
relates to #22041

Add a error message to the UI on the My device page when performing and
action requiring mdm but the host has mdm turned off.


- [x] Changes file added for user-visible changes in `changes/`,
`orbit/changes/` or `ee/fleetd-chrome/changes`.
2024-10-15 17:27:24 +01:00
RachelElysia
a2e7010ee2
Fleet UI: Add SCEP integration to MDM settings (#22275) 2024-10-15 09:23:59 -04:00
Gabriel Hernandez
5228a5fc64 Merge branch 'main' into feat-setup-experience 2024-10-14 13:02:20 +01:00
Ian Littman
dcf7185567
Populate created_at and updated_at for newly created (non-invited) users (#22870)
#22387 

# Checklist for submitter

If some of the following don't apply, delete the relevant line.

<!-- Note that API documentation changes are now addressed by the
product design team. -->

- [x] Changes file added for user-visible changes in `changes/`,
`orbit/changes/` or `ee/fleetd-chrome/changes`.
See [Changes
files](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/Committing-Changes.md#changes-files)
for more information.
- [x] Added/updated tests
- [x] Manual QA for all new/changed functionality
2024-10-11 18:13:04 -05:00
Luke Heath
8979e8ff1b
Prepare Fleet v4.57.3 (#22869) (#22871) 2024-10-11 14:42:16 -05:00
Gabriel Hernandez
fc697a2bef Merge branch 'main' into feat-setup-experience 2024-10-11 13:37:33 +01:00
Ian Littman
b31e8420ac
Strip RSR suffixes prior to handing off OS version from Nudge check to Semver comparison (#22830)
#22829

Fixes 500s in config endpoint when a machine with an RSR version
installed is in a team with enforced macOS updates

# Checklist for submitter

If some of the following don't apply, delete the relevant line.

<!-- Note that API documentation changes are now addressed by the
product design team. -->

- [x] Changes file added for user-visible changes in `changes/`,
`orbit/changes/` or `ee/fleetd-chrome/changes`.
See [Changes
files](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/Committing-Changes.md#changes-files)
for more information.
- [x] Input data is properly validated, `SELECT *` is avoided, SQL
injection is prevented (using placeholders for values in statements)
- [x] Added/updated tests
- [ ] Manual QA for all new/changed functionality
2024-10-10 12:15:53 -05:00
Dante Catalfamo
6af7c23a5b
Start/Enqueue setup experience (#22664)
#22379
2024-10-10 11:46:23 -04:00
Gabriel Hernandez
d03468314e
add UI for uploading setup experience script (#22691)
relates to #22374

> NOTE: we still need integration with the API which will be done in
another PR.

>NOTE: Please review https://github.com/fleetdm/fleet/pull/22651 first,
as this PR is based off of that branch.

This adds the UI for uploading a setup experience script. this includes:

**setup experience script uploader:**


![image](https://github.com/user-attachments/assets/bec00594-9519-48a9-bce5-d90d282ad5fb)

**script card:**


![image](https://github.com/user-attachments/assets/35549f1c-c280-4293-8e4e-e36e2a3df16c)

**delete script modal:**


![image](https://github.com/user-attachments/assets/90be6bd3-6807-4adb-8709-2ec5893f7fad)

**script run preview:**


![image](https://github.com/user-attachments/assets/cb874986-e0eb-4e6e-bab3-b8325394894c)



<!-- Note that API documentation changes are now addressed by the
product design team. -->

- [x] Changes file added for user-visible changes in `changes/`,
`orbit/changes/` or `ee/fleetd-chrome/changes`.
- [ ] Added/updated tests
- [x] Manual QA for all new/changed functionality
2024-10-10 13:19:32 +01:00
Gabriel Hernandez
33e7fc3bd2 Merge branch 'main' into feat-setup-experience 2024-10-10 12:30:49 +01:00
Martin Angers
6224a5f81f
Fix: document mdm_enrolled activity limitations for Microsoft enrollments (#22793) 2024-10-09 19:03:09 -05:00
Ian Littman
92bb7ec666
Add policy ID and name to activity for automated software installs, list Fleet as author rather than installer uploader (#22747)
#22424, #22705

TODO: integration test updates

# Checklist for submitter

If some of the following don't apply, delete the relevant line.

<!-- Note that API documentation changes are now addressed by the
product design team. -->

- [x] Changes file added for user-visible changes in `changes/`,
`orbit/changes/` or `ee/fleetd-chrome/changes`.
See [Changes
files](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/Committing-Changes.md#changes-files)
for more information.
- [x] Input data is properly validated, `SELECT *` is avoided, SQL
injection is prevented (using placeholders for values in statements)
- [x] Added/updated tests
- [x] If database migrations are included, checked table schema to
confirm autoupdate
- For database migrations:
- [x] Checked schema for all modified table for columns that will
auto-update timestamps during migration.
- [x] Confirmed that updating the timestamps is acceptable, and will not
cause unwanted side effects.
- [x] Ensured the correct collation is explicitly set for character
columns (`COLLATE utf8mb4_unicode_ci`).
- [x] Manual QA for all new/changed functionality
2024-10-09 18:15:56 -05:00
Ian Littman
550de39a7c
Switch path resolution for scripts to happen when spec is parsed (#22782)
#22555

This resolves issues where no-team script paths are resolved relative to
the base rather than the file they're in.

There was a similar issue for software packages, which I also fixed.

This also fixes script-poolicy associations when scripts and policy
files automating those scripts need different relative paths.

Test file moves ensure that these fixes are tested.

# Checklist for submitter

If some of the following don't apply, delete the relevant line.

<!-- Note that API documentation changes are now addressed by the
product design team. -->

- [x] Changes file added for user-visible changes in `changes/`,
`orbit/changes/` or `ee/fleetd-chrome/changes`.
See [Changes
files](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/Committing-Changes.md#changes-files)
for more information.
- [x] Added/updated tests
- [x] Manual QA for all new/changed functionality
2024-10-09 17:57:08 -05:00
Martin Angers
6707a8b3fc
SE: update /status endpoint to add bootstrap package, profiles, control automatic release (#22783) 2024-10-09 15:38:13 -04:00
Victor Lyuboslavsky
567803955e
NDES SCEP proxy backend (#22542)
#21955

<div>
<a href="https://www.loom.com/share/ba40b440502845d2861fd3ec7611bade">
<p>[Demo] Deploy SCEP certificates from Network Device Enrollment
Service (NDES) #21955 - Watch Video</p>
    </a>
<a href="https://www.loom.com/share/ba40b440502845d2861fd3ec7611bade">
<img style="max-width:300px;"
src="https://cdn.loom.com/sessions/thumbnails/ba40b440502845d2861fd3ec7611bade-84f2d88c9f5106c2-full-play.gif">
    </a>
  </div>

Note: A few remaining subtasks will be done in a follow-up PR. See
#22123 for a detailed list.

# Checklist for submitter

If some of the following don't apply, delete the relevant line.

<!-- Note that API documentation changes are now addressed by the
product design team. -->

- [x] Changes file added for user-visible changes in `changes/`,
`orbit/changes/` or `ee/fleetd-chrome/changes`.
See [Changes
files](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/Committing-Changes.md#changes-files)
for more information.
- [x] Input data is properly validated, `SELECT *` is avoided, SQL
injection is prevented (using placeholders for values in statements)
- [x] Added/updated tests
- [x] Manual QA for all new/changed functionality
2024-10-09 13:47:27 -05:00
Gabriel Hernandez
3729b4b98d
Install software setup experience UI (#22651)
relates to #22373

This implements the UI for the install software setup experience in the
UI. This includes:

**updating the nav sidebar**


![image](https://github.com/user-attachments/assets/91928a23-13cc-430b-b207-ba226df32b86)

**creating a new install software card**


![image](https://github.com/user-attachments/assets/8b4a9495-4119-4360-9f31-53ac41b83316)

**select software modal for selecting which software to install**


![image](https://github.com/user-attachments/assets/a3b4b786-ab8e-42b2-8feb-4b2a83e69af9)**


- [x] Changes file added for user-visible changes in `changes/`,
`orbit/changes/` or `ee/fleetd-chrome/changes`.
- [x] Manual QA for all new/changed functionality
2024-10-09 16:09:38 +01:00
Gabriel Hernandez
4e2791a0dc Merge branch 'main' into feat-setup-experience 2024-10-09 15:36:48 +01:00
Lucas Manuel Rodriguez
9eea9ffa7f
Clear policy failing counts on hosts that are not running policies (#22665)
#21470

- [X] Changes file added for user-visible changes in `changes/`,
`orbit/changes/` or `ee/fleetd-chrome/changes`.
See [Changes
files](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/Committing-Changes.md#changes-files)
for more information.
- [X] Added/updated tests
- [X] Manual QA for all new/changed functionality
2024-10-09 08:14:21 -03:00
Ian Littman
5339794f97
Include the policy ID and name in the "script ran" activity of a script run queued by a policy failure (#22690)
#22692 

# Checklist for submitter

If some of the following don't apply, delete the relevant line.

<!-- Note that API documentation changes are now addressed by the
product design team. -->

- [x] Changes file added for user-visible changes in `changes/`,
`orbit/changes/` or `ee/fleetd-chrome/changes`.
See [Changes
files](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/Committing-Changes.md#changes-files)
for more information.
- [x] Input data is properly validated, `SELECT *` is avoided, SQL
injection is prevented (using placeholders for values in statements)
- [x] Added/updated tests
- [x] If database migrations are included, checked table schema to
confirm autoupdate
- For database migrations:
- [x] Checked schema for all modified table for columns that will
auto-update timestamps during migration.
- [x] Confirmed that updating the timestamps is acceptable, and will not
cause unwanted side effects.
- [x] Ensured the correct collation is explicitly set for character
columns (`COLLATE utf8mb4_unicode_ci`).
- [x] Manual QA for all new/changed functionality
2024-10-08 15:45:31 -05:00
Dante Catalfamo
ab1b66e5c6
Setup experience software API (#22507) 2024-10-08 16:41:57 -04:00
Jahziel Villasana-Espinoza
0a4107c889
feat: orbit SE status endpoint (#22678)
> Related issue: #22637

# Checklist for submitter

If some of the following don't apply, delete the relevant line.

<!-- Note that API documentation changes are now addressed by the
product design team. -->

- [x] Changes file added for user-visible changes in `changes/`,
`orbit/changes/` or `ee/fleetd-chrome/changes`.
See [Changes
files](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/Committing-Changes.md#changes-files)
for more information.
- [x] Input data is properly validated, `SELECT *` is avoided, SQL
injection is prevented (using placeholders for values in statements)
- [x] Added/updated tests
- [x] Manual QA for all new/changed functionality
2024-10-07 17:16:32 -04:00
Gabriel Hernandez
d3508f6781 Merge branch 'main' into feat-setup-experience 2024-10-07 12:08:05 +01:00
jacobshandling
ea4e12208b
Pad copy button for BYOD link (#22645)
## #22485 

<img width="1464" alt="Screenshot 2024-10-03 at 4 54 04 PM"
src="https://github.com/user-attachments/assets/1c64a78f-7642-4dd2-b7a5-14de6ab32018">


- [x] Changes file added for user-visible changes in `changes/`,
- [x] Manual QA for all new/changed functionality

---------

Co-authored-by: Jacob Shandling <jacob@fleetdm.com>
2024-10-04 10:32:40 -07:00
jacobshandling
21175ea706
Render unsupported screen size on My device page (#22643)
## #22490 

- Componentize relevant UI
- Apply to both core layout and My device page
<img width="876" alt="Screenshot 2024-10-03 at 4 28 18 PM"
src="https://github.com/user-attachments/assets/931ccd78-e525-43d9-8a5d-169e2bf6624b">

- [x] Changes file added for user-visible changes in `changes/`,
- [x] Manual QA for all new/changed functionality

---------

Co-authored-by: Jacob Shandling <jacob@fleetdm.com>
2024-10-04 10:25:08 -07:00
RachelElysia
d056f04dd7
Fleet UI: Label display names fix (#22641) 2024-10-04 10:17:25 -07:00
jacobshandling
b3928c2b23
When trying to delete an installer associated with a policy automation, return 409 instead of 500 (#22646)
## #22565 

- Update returned error type
- Confirm test of DS method still passes

<img width="1464" alt="Screenshot 2024-10-03 at 6 12 11 PM"
src="https://github.com/user-attachments/assets/c1513714-2016-4fa4-a9cb-0bf1fff35f0f">


- [x] Changes file added for user-visible changes in `changes/`,
- [x] Manual QA for all new/changed functionality

---------

Co-authored-by: Jacob Shandling <jacob@fleetdm.com>
2024-10-04 09:11:36 -07:00
jacobshandling
c525472705
Fix policy description container width in Add policy modal (#22642)
## #22619 
<img width="1464" alt="Screenshot 2024-10-03 at 3 54 24 PM"
src="https://github.com/user-attachments/assets/0ee1ac44-3c64-4307-bb6b-d07c55e9e27a">

- [x] Changes file added for user-visible changes in `changes/`, 
- [x] Manual QA for all new/changed functionality

---------

Co-authored-by: Jacob Shandling <jacob@fleetdm.com>
2024-10-04 09:02:26 -07:00
Roberto Dip
a9bd2fb7c1 Merge remote-tracking branch 'origin/main' into feat-fleet-app-library 2024-10-04 08:46:12 -03:00
jacobshandling
ce9bb71832
UI – Add policy automation modal for running scripts (#22436)
## #22118 

- Add policy automation option to Run script
- Build corresponding modal and handlers
- Update types and service entities
- Misc. cleanup and optimizations
- update policies page dropdown text for 'No team' to read "Detect
device health issues for hosts that are not on a team." (#22444, not
included in GIF)
- Make empty states here and for install software automations modal[
link to their respective resolution
URLs](https://github.com/fleetdm/fleet/pull/22436#discussion_r1779077205)


![ezgif-6-5b9641a684](https://github.com/user-attachments/assets/2422b499-e675-4148-be0c-f0ad7126de8e)


- [x] Changes file added for user-visible changes in `changes/`, 
- [x] Manual QA for all new/changed functionality

---------

Co-authored-by: Jacob Shandling <jacob@fleetdm.com>
Co-authored-by: Ian Littman <iansltx@gmail.com>
2024-10-03 18:06:20 -07:00
jacobshandling
841a425bb0
UI – Display whitespace of existing, trim names on create/update of team and query names (#22524)
## #22212

- Trim whitespace from names on field blur, form submit, and in API
calls when:
   - Creating a team
   - Updating a team
   - Creating a query
   - Updating a query
- Refactor `AutoResizeInputField` to remove its internal state-based
management of its value, leaving its `value` prop as the single source
of truth for the field's value at all times.

[Loom
demo](https://www.loom.com/share/882f4a803b1540db985c987adbd9f441?sid=67caf100-4711-41a3-971f-bc8f67beeae7)

- [x] Changes file added for user-visible changes in `changes/`, 
- [x] Manual QA for all new/changed functionality

---------

Co-authored-by: Jacob Shandling <jacob@fleetdm.com>
2024-10-03 15:59:10 -07:00
Roberto Dip
9bf5027194 Merge remote-tracking branch 'origin/main' into feat-fleet-app-library 2024-10-03 14:56:18 -03:00
RachelElysia
3d43aeb563
Fleet UI: Add tooltips to battery condition (#22550) 2024-10-03 08:05:36 -07:00
Tim Lee
46ade66c0f
Align battery health reporting (#22569) 2024-10-02 15:43:19 -06:00
Lucas Manuel Rodriguez
862cd142a3
Add filter to default unintaller for pkgs to only remove .app folders (#22585)
#22571

- [X] Changes file added for user-visible changes in `changes/`,
`orbit/changes/` or `ee/fleetd-chrome/changes`.
See [Changes
files](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/Committing-Changes.md#changes-files)
for more information.
- [X] Added/updated tests
- [X] Manual QA for all new/changed functionality
2024-10-02 17:50:27 -03:00
Sarah Gillespie
3727474043
Update add software UI to move software package modal into new tabbed layout (#22553)
Co-authored-by: Gabriel Hernandez <ghernandez345@gmail.com>
2024-10-02 10:43:20 -05:00
Gabriel Hernandez
05e271a449 Merge branch 'main' into feat-setup-experience 2024-10-02 10:07:59 +01:00
Gabriel Hernandez
d8fda9f085 Merge branch 'main' into feat-fleet-app-library 2024-10-02 10:01:25 +01:00
Lucas Manuel Rodriguez
f8f24e0a80
Add support to upload RPM packages (#22502)
#22473

- [X] Changes file added for user-visible changes in `changes/`,
`orbit/changes/` or `ee/fleetd-chrome/changes`.
See [Changes
files](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/Committing-Changes.md#changes-files)
for more information.
- [X] Added/updated tests
- [X] Manual QA for all new/changed functionality
- For Orbit and Fleet Desktop changes:
- [x] Manual QA must be performed in the three main OSs, macOS, Windows
and Linux.

---------

Co-authored-by: RachelElysia <71795832+RachelElysia@users.noreply.github.com>
Co-authored-by: Ian Littman <iansltx@gmail.com>
2024-10-01 13:02:13 -03:00
Jahziel Villasana-Espinoza
80f0fd8889
fix: reset token team assignments to defaults (#22326)
> Related issue: #22198

# Checklist for submitter

If some of the following don't apply, delete the relevant line.

<!-- Note that API documentation changes are now addressed by the
product design team. -->

- [x] Changes file added for user-visible changes in `changes/`,
`orbit/changes/` or `ee/fleetd-chrome/changes`.
See [Changes
files](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/Committing-Changes.md#changes-files)
for more information.
- [x] Added/updated tests
- [x] Manual QA for all new/changed functionality
2024-10-01 10:26:16 -04:00
Gabriel Hernandez
c255525863 Merge branch 'main' into feat-setup-experience 2024-10-01 13:34:24 +01:00
Tim Lee
937627f4ea
Windows Battery Status (#22455) 2024-09-30 16:58:00 -06:00
Tim Lee
658431e17f
Query optimization on Hosts query stats (#22417) 2024-09-30 15:39:17 -06:00
RachelElysia
9fa8244bc9
Fleet UI: Switching vuln search types does not cause page re-render (#22418) 2024-09-30 12:02:57 -07:00
Tim Lee
ff005d050b
Cleanup live queries (#22438) 2024-09-30 10:58:46 -06:00
Tim Lee
98c0bd8d12
Add Fedora built in label (#22465) 2024-09-30 10:02:54 -06:00
Dante Catalfamo
1cac6ffbc4
Setup Experience Migration (#22405)
#22375
2024-09-30 11:08:50 -04:00