Commit graph

2739 commits

Author SHA1 Message Date
Noah Talerman
c807b4173f
API reference: Add missing link (#31230)
Context:
https://github.com/fleetdm/fleet/pull/31200#discussion_r2226730130
2025-07-29 17:25:25 -05:00
Ian Littman
beba3278d9
Fix docs to refer to "hash_sha256" as field name on software packages (#31175)
This matches the implementation (and a version of the spec that I
thought got merged).
2025-07-29 17:24:41 -05:00
Noah Talerman
fb7bcc1335
Reference docs: what happens when you change the Fleet web address (#30999)
- @noahtalerman: I think changing the Fleet web address means you'll
have to re-enroll all your hosts.
- We have a [feature
request](https://github.com/fleetdm/fleet/issues/29878) to add this copy
to the UI but I think we want to get this in the docs ASAP

---------

Co-authored-by: Victor Lyuboslavsky <2685025+getvictor@users.noreply.github.com>
Co-authored-by: Rachael Shaw <r@rachael.wtf>
2025-07-29 14:10:04 -05:00
Ian Littman
9be1eb727d
Document existing install_during_setup parameter on batch software contributor endpoints (#31162)
This was implemented in Fleet v4.59.0 but docs weren't updated to
reflect changes.
2025-07-29 11:35:23 -05:00
Jordan Montgomery
85993cbcb7
BMAA API Contributor docs WIP (#31151)
relates to #31058 


API doc updates BMAA feature

# Checklist for submitter

If some of the following don't apply, delete the relevant line.

<!-- Note that API documentation changes are now addressed by the
product design team. -->

- [ ] Changes file added for user-visible changes in `changes/`,
`orbit/changes/` or `ee/fleetd-chrome/changes`.
See [Changes
files](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/guides/committing-changes.md#changes-files)
for more information.
- [ ] Input data is properly validated, `SELECT *` is avoided, SQL
injection is prevented (using placeholders for values in statements)
- [ ] Added support on fleet's osquery simulator `cmd/osquery-perf` for
new osquery data ingestion features.
- [ ] If paths of existing endpoints are modified without backwards
compatibility, checked the frontend/CLI for any necessary changes
- [ ] If database migrations are included, checked table schema to
confirm autoupdate
- For new Fleet configuration settings
- [ ] Verified that the setting can be managed via GitOps, or confirmed
that the setting is explicitly being excluded from GitOps. If managing
via Gitops:
- [ ] Verified that the setting is exported via `fleetctl
generate-gitops`
- [ ] Added the setting to [the GitOps
documentation](https://github.com/fleetdm/fleet/blob/main/docs/Configuration/yaml-files.md#L485)
- [ ] Verified that the setting is cleared on the server if it is not
supplied in a YAML file (or that it is documented as being optional)
- [ ] Verified that any relevant UI is disabled when GitOps mode is
enabled
- For database migrations:
- [ ] Checked schema for all modified table for columns that will
auto-update timestamps during migration.
- [ ] Confirmed that updating the timestamps is acceptable, and will not
cause unwanted side effects.
- [ ] Ensured the correct collation is explicitly set for character
columns (`COLLATE utf8mb4_unicode_ci`).
- [ ] Added/updated automated tests
- [ ] Where appropriate, automated tests simulate multiple hosts and
test for host isolation (updates to one hosts's records do not affect
another.)
- [ ] Manual QA for all new/changed functionality
- For Orbit and Fleet Desktop changes:
- [ ] Make sure fleetd is compatible with the latest released version of
Fleet (see [Must
rule](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/workflows/fleetd-development-and-release-strategy.md)).
- [ ] Orbit runs on macOS, Linux and Windows. Check if the orbit
feature/bugfix should only apply to one platform (`runtime.GOOS`).
- [ ] Manual QA must be performed in the three main OSs, macOS, Windows
and Linux.
- [ ] Auto-update manual QA, from released version of component to new
version (see [tools/tuf/test](../tools/tuf/test/README.md)).
- [ ] For unreleased bug fixes in a release candidate, confirmed that
the fix is not expected to adversely impact load test results or alerted
the release DRI if additional load testing is needed.

---------

Co-authored-by: Gabriel Hernandez <ghernandez345@gmail.com>
2025-07-29 12:00:56 +01:00
Victor Lyuboslavsky
f22cd02bf6
Lightweight push notification simulator (SSE-based) (#31310)
Design doc for #30816
2025-07-29 07:29:56 +02:00
Marko Lisica
16f036a40b
Mark ndes_scep_proxy as experimental (#31044)
Mark ndes_scep_proxy as experimental.

@rachaelshaw We already discussed this. We forgot to mark this YAML
configuration as experimental, but the API is marked as experimental. We
want to deprecate these and transition to new endpoints, as discussed
during the MDM design review, to enable better scaling of this feature.
2025-07-28 15:15:12 -05:00
Ian Littman
9bb618ead5
ADR-0003: Switching to long-lived forks to manage actively maintained third-party dependencies (#31079) 2025-07-25 13:44:27 -06:00
Ian Littman
9dd1c895d6
Group/reword PR template to more easily determine applicable changes, link to examples of host isolation testing via patterns doc (#31155) 2025-07-24 17:41:21 -05:00
Noah Talerman
1edb988e75
Contributor configuration reference: Microsoft compliance partner (#31154)
Document this key so we don't forget what it looks like what it's used
for.

---------

Co-authored-by: Lucas Manuel Rodriguez <lucas@fleetdm.com>
2025-07-24 16:36:25 -06:00
Sarah Gillespie
b0f47725fd
Add activity details for BYOD MDM enrollments (#31191) 2025-07-24 10:28:50 -05:00
Rachael Shaw
0d8c099cf9
Docs v4.71.0 (#31200)
Documentation changes for 4.71.0

---------

Co-authored-by: Noah Talerman <47070608+noahtalerman@users.noreply.github.com>
Co-authored-by: Jordan Montgomery <elijah.jordan.montgomery@gmail.com>
Co-authored-by: Marko Lisica <83164494+marko-lisica@users.noreply.github.com>
Co-authored-by: Lucas Manuel Rodriguez <lucas@fleetdm.com>
Co-authored-by: Ian Littman <iansltx@gmail.com>
2025-07-23 16:02:13 -06:00
Noah Talerman
b78826ac18
Update release notes template (#31014) 2025-07-23 12:05:10 -06:00
Eric
d7eb87842e
Update Hosting Fleet documentation (#31011)
Closes: https://github.com/fleetdm/confidential/issues/11093

Changes:
- Moved the content from the AWS section of the "Hosting Fleet"
documentation page to the "Deploy Fleet on AWS with Terraform" guide
- Moved the content from the Render section of the "Hosting Fleet"
documentation page to the "Deploy Fleet on Render" guide
- Updated the Hosting Fleet page to include card links to the reference
architecture docs, the try-fleet page, and deployment guides for Render,
GCP, Kubernetes, and AWS.

---------

Co-authored-by: Rachael Shaw <r@rachael.wtf>
2025-07-21 13:57:48 -05:00
Lucas Manuel Rodriguez
d256bfdc71
Add arm64 support for fleetd extensions and fixes on test scripts (#31084)
This was required to test https://github.com/fleetdm/fleet/pull/30864 on
Apple Silicon.

I've created https://github.com/fleetdm/fleet/issues/31092 for tracking
purposes.

Fixes:
- Build univeral binary extension on macOS to test on VMs without
Rosetta.
- Add support for linux and Windows arm64. Which is also needed to test
Linux and Windows on UTM on Apple Silicon.
- Add Linux arm64 & Windows arm64 to the test scripts.

---

- [X] Changes file added for user-visible changes in `changes/`,
`orbit/changes/` or `ee/fleetd-chrome/changes`.
See [Changes
files](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/guides/committing-changes.md#changes-files)
for more information.
- [X] Added/updated automated tests
- [X] Manual QA for all new/changed functionality
- For Orbit and Fleet Desktop changes:
- [X] Make sure fleetd is compatible with the latest released version of
Fleet (see [Must
rule](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/workflows/fleetd-development-and-release-strategy.md)).
- [x] Orbit runs on macOS, Linux and Windows. Check if the orbit
feature/bugfix should only apply to one platform (`runtime.GOOS`).
- [x] Manual QA must be performed in the three main OSs, macOS, Windows
and Linux.
- [x] Auto-update manual QA, from released version of component to new
version (see [tools/tuf/test](../tools/tuf/test/README.md)).
2025-07-21 15:47:59 -03:00
Ian Littman
589ceac5ca
Remove references to (nonexistent as of right now) Fleet-maintained policies (#31033) 2025-07-21 13:18:35 -05:00
Mike McNeil
5b6385b119
FAQ.md: use normal-sounding words (#31035)
# Checklist for submitter

If some of the following don't apply, delete the relevant line.

<!-- Note that API documentation changes are now addressed by the
product design team. -->

- [ ] Changes file added for user-visible changes in `changes/`,
`orbit/changes/` or `ee/fleetd-chrome/changes`.
See [Changes
files](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/guides/committing-changes.md#changes-files)
for more information.
- [ ] Input data is properly validated, `SELECT *` is avoided, SQL
injection is prevented (using placeholders for values in statements)
- [ ] Added support on fleet's osquery simulator `cmd/osquery-perf` for
new osquery data ingestion features.
- [ ] If paths of existing endpoints are modified without backwards
compatibility, checked the frontend/CLI for any necessary changes
- [ ] If database migrations are included, checked table schema to
confirm autoupdate
- For new Fleet configuration settings
- [ ] Verified that the setting can be managed via GitOps, or confirmed
that the setting is explicitly being excluded from GitOps. If managing
via Gitops:
- [ ] Verified that the setting is exported via `fleetctl
generate-gitops`
- [ ] Added the setting to [the GitOps
documentation](https://github.com/fleetdm/fleet/blob/main/docs/Configuration/yaml-files.md#L485)
- [ ] Verified that the setting is cleared on the server if it is not
supplied in a YAML file (or that it is documented as being optional)
- [ ] Verified that any relevant UI is disabled when GitOps mode is
enabled
- For database migrations:
- [ ] Checked schema for all modified table for columns that will
auto-update timestamps during migration.
- [ ] Confirmed that updating the timestamps is acceptable, and will not
cause unwanted side effects.
- [ ] Ensured the correct collation is explicitly set for character
columns (`COLLATE utf8mb4_unicode_ci`).
- [ ] Added/updated automated tests
- [ ] Where appropriate, automated tests simulate multiple hosts and
test for host isolation (updates to one hosts's records do not affect
another.)
- [ ] Manual QA for all new/changed functionality
- For Orbit and Fleet Desktop changes:
- [ ] Make sure fleetd is compatible with the latest released version of
Fleet (see [Must
rule](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/workflows/fleetd-development-and-release-strategy.md)).
- [ ] Orbit runs on macOS, Linux and Windows. Check if the orbit
feature/bugfix should only apply to one platform (`runtime.GOOS`).
- [ ] Manual QA must be performed in the three main OSs, macOS, Windows
and Linux.
- [ ] Auto-update manual QA, from released version of component to new
version (see [tools/tuf/test](../tools/tuf/test/README.md)).
- [ ] For unreleased bug fixes in a release candidate, confirmed that
the fix is not expected to adversely impact load test results or alerted
the release DRI if additional load testing is needed.
2025-07-21 12:45:42 -05:00
Ian Littman
2de7ecf42e
Document already-in-existence software.packages.slug field in batch software update contributor endpoint (#31034)
Co-authored-by: Rachael Shaw <r@rachael.wtf>
2025-07-21 12:45:02 -05:00
Victor Lyuboslavsky
3003ce5eb2
Fix markdown header in fleet-server-configuration.md (#31039) 2025-07-21 12:42:37 -05:00
Victor Lyuboslavsky
4d08af4649
Updating TPM contributor docs. (#31043)
Fixes #30477
2025-07-19 07:07:59 +02:00
Victor Lyuboslavsky
a31db7fc83
ADR-0002: Not using GitHub Discussions (#30927)
See doc.


<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->

## Summary by CodeRabbit

* **Documentation**
* Added a new decision record outlining the reasons for not using GitHub
Discussions for technical conversations and summarizing considered
alternatives.

<!-- end of auto-generated comment: release notes by coderabbit.ai -->

---------

Co-authored-by: Luke Heath <luke@fleetdm.com>
2025-07-16 19:55:36 +02:00
Victor Lyuboslavsky
2653ae2108
Added "Assert vs require" section to patterns-backend.md (#30928) 2025-07-16 19:21:54 +02:00
jacobshandling
555ae5441e
Update Go to 1.24.5 (#30770)
## #30730 
- Update Go version
- Update the docs for this process
- Confirmed `fleet`, `fleetctl`, and related docker images build
successfully
- Note that failing tests are unrelated: see [Slack
thread](https://fleetdm.slack.com/archives/C019WG4GH0A/p1752175318523689)

---------

Co-authored-by: Jacob Shandling <jacob@fleetdm.com>
2025-07-15 10:59:17 -07:00
Katheryn Satterlee
98fd078bd5
Remove references to 'fleetctl upload-software' (#30793) 2025-07-11 14:05:18 -06:00
Victor Lyuboslavsky
a51420f201
Added/updated host identity contributor docs. (#30651)
Fixes #30458 



<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit

* **Documentation**
* Updated terminology and clarified details for TPM-backed HTTP signing,
including alternate names, TPM ECC curve selection, and file naming
conventions.
* Added documentation for a new API endpoint to retrieve host identity
certificates via SCEP, specifying supported algorithms and usage
requirements.
* Improved configuration guidance, troubleshooting steps, and expanded
the list of planned future enhancements.
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
2025-07-11 09:32:52 +02:00
jacobshandling
2686e75adf
Minor update to the "Upgrade Go" docs (#30762) 2025-07-10 16:21:03 -06:00
Lucas Manuel Rodriguez
2affb29381
Fix STS assume role in aws-sdk-go v2 (#30699)
Fix unreleased bug #30693.

<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->

## Summary by CodeRabbit

* **Documentation**
* Updated testing documentation to include a missing command for
creating the Firehose delivery stream for "status" logs.
* **Refactor**
* Centralized AWS STS Assume Role credential configuration across
multiple AWS integrations (S3, Firehose, Kinesis, Lambda, SES) to use a
shared helper, improving maintainability and consistency.
* Removed deprecated inline credential configuration logic in favor of
the new centralized approach.

<!-- end of auto-generated comment: release notes by coderabbit.ai -->
2025-07-10 13:00:27 -03:00
Zach Wasserman
11097befb4
Add last used information for Windows software (programs) (#30577)
For #28819
2025-07-08 12:58:25 -07:00
Lucas Manuel Rodriguez
c69d56ed64
Replace home-made SAML implementation with https://github.com/crewjam/saml (#28486)
For https://github.com/fleetdm/confidential/issues/9931.


[Here](ec3e8edbdc/docs/Contributing/Testing-and-local-development.md (L339))'s
how to test SAML locally with SimpleSAML.

- [X] Changes file added for user-visible changes in `changes/`,
`orbit/changes/` or `ee/fleetd-chrome/changes`.
See [Changes
files](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/Committing-Changes.md#changes-files)
for more information.
- [x] Added/updated automated tests
- [x] A detailed QA plan exists on the associated ticket (if it isn't
there, work with the product group's QA engineer to add it)
- [x] Manual QA for all new/changed functionality

<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit

* **New Features**
* Improved SSO and SAML integration with enhanced session management
using secure cookies.
  * Added support for IdP-initiated login flows.
* Introduced new tests covering SSO login flows, metadata handling, and
error scenarios.

* **Bug Fixes**
* Enhanced validation and error handling for invalid or tampered SAML
responses.
  * Fixed session cookie handling during SSO and Apple MDM SSO flows.

* **Refactor**
* Replaced custom SAML implementation with the crewjam/saml library for
improved reliability.
  * Simplified SAML metadata parsing and session store management.
  * Streamlined SSO authorization request and response processing.
  * Removed deprecated fields and redundant code related to SSO.

* **Documentation**
* Updated testing and local development docs with clearer instructions
for SSO and IdP-initiated login.

* **Chores**
  * Upgraded dependencies including crewjam/saml and related packages.
* Cleaned up tests and configuration by removing deprecated fields and
unused imports.
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
2025-07-07 15:13:46 -03:00
Jordan Montgomery
dbd6a23053
Disk Encryption contributor doc updates (#30538)
Integrates a number of troubleshooting and architecture notes from my
experience debugging and investigating disk encryption related issues
over the past few months.. Adds diagrams for each platform showing how
the major components work together. Might be a bit wordy but wanted it
to be useful for engineers since it is so different on each platform

<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit

* **Documentation**
* Expanded and restructured disk encryption documentation with detailed
platform-specific workflows and troubleshooting guidance for macOS,
Windows, and Linux.
* Added and updated sequence diagrams for FileVault, BitLocker, and LUKS
encryption processes.
* Enhanced sections on key storage, recovery, and related resources with
additional guidance and links.
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
2025-07-07 11:07:33 -04:00
Martin Angers
62da9b4149
Contributor doc: add DDM documentation (#30427) 2025-07-02 10:04:38 -04:00
Rachael Shaw
54c3361bc1
Docs v4.70.0 (#30432)
Documentation changes for the 4.70.0 release.

---------

Co-authored-by: Ian Littman <iansltx@gmail.com>
Co-authored-by: Noah Talerman <47070608+noahtalerman@users.noreply.github.com>
Co-authored-by: Victor Lyuboslavsky <victor.lyuboslavsky@gmail.com>
Co-authored-by: Martin Angers <martin.n.angers@gmail.com>
Co-authored-by: Scott Gress <scottmgress@gmail.com>
2025-06-30 16:33:32 -05:00
Lucas Manuel Rodriguez
404f0d3ac0
Migrate from aws-sdk-go v1 to v2 (#30308)
#29482

[Migrate to the AWS SDK for Go
v2](https://docs.aws.amazon.com/sdk-for-go/v2/developer-guide/migrate-gosdk.html)
documents how to migrate codebases.

QA on features that use AWS SDK Go:
- Bootstrap package:
  - upload:  
  - download: 
  - cleanup: 
- Software (upload, download, installation, etc.) 
  - Cloudfront: Luckly, this feature was already using aws-sdk-go-v2.
- Carves 
- Logging:
	- Firehose 
	- Kinesis 
- Lambda  (tested result logs to a lambda function on our AWS Dogfood
account)
- Email:
	- Amazon SES TODO ⚠️ (this is what Dogfood uses and a few customers)
- We cannot easily test locally, we can use dogfood or load testing
(AWS) environments.

---

- [X] Changes file added for user-visible changes in `changes/`,
`orbit/changes/` or `ee/fleetd-chrome/changes`.
See [Changes
files](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/guides/committing-changes.md#changes-files)
for more information.
- [ ] Manual QA for all new/changed functionality
2025-06-30 17:45:39 -03:00
Ian Littman
1b20c5bae6
Document current auto-update behavior for Fleet-maintained apps set via GitOps (#30345) 2025-06-27 13:08:43 -05:00
Sam Pfluger
e3a93f7366
Add Nate's article to FAQ (#30371) 2025-06-27 12:29:56 -05:00
Noah Talerman
e5154da9a6
GitOps reference: Move copy to more relevant section (#30263)
Move details about App Store (VPP) apps to "app_store_apps" section.
2025-06-27 12:29:16 -05:00
Victor Lyuboslavsky
67977ad182
Added TPM-backed HTTP signing contributor docs. (#30337) 2025-06-26 14:53:58 -06:00
Ian Littman
57939c94ef
Document vuln feed cleanup option introduced in #28207 (#30328) 2025-06-26 14:25:56 -05:00
RachelElysia
05037f9ea0
Fleet Docs: Update /hosts/:id/software API docs to reflect available params (#30123)
## Description
- Copied verbatim from REST API docs for `GET /software` params
2025-06-25 17:44:50 -05:00
Juan Fernandez
b31d5f9bba
Misc feedback for new Windows doWipe cmd (#30252)
For #21979 

A couple of small items that came up during the first round of QA
2025-06-25 18:38:40 -04:00
Martin Angers
4994571c22
DCLK: add mechanism to verify user-scoped profiles (#30110) 2025-06-25 09:51:43 -04:00
Lucas Manuel Rodriguez
39dc7a3772
Add app_sso_platform table to orbit and use table in Entra ID query ingestion (#30140)
#28621

- [X] Changes file added for user-visible changes in `changes/`,
`orbit/changes/` or `ee/fleetd-chrome/changes`.
See [Changes
files](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/guides/committing-changes.md#changes-files)
for more information.
- [X] Added/updated automated tests
- [X] Manual QA for all new/changed functionality
- For Orbit and Fleet Desktop changes:
- [X] Make sure fleetd is compatible with the latest released version of
Fleet (see [Must
rule](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/workflows/fleetd-development-and-release-strategy.md)).
- [X] Orbit runs on macOS, Linux and Windows. Check if the orbit
feature/bugfix should only apply to one platform (`runtime.GOOS`).
- [X] Manual QA must be performed in the three main OSs, macOS, Windows
and Linux.
- [X] Auto-update manual QA, from released version of component to new
version (see [tools/tuf/test](../tools/tuf/test/README.md)).
2025-06-20 17:01:38 -03:00
Victor Lyuboslavsky
84363c28d6
ADR-0001: Pilot splitting service layer into separate Go packages 📦 (#29850) 2025-06-17 11:28:22 -05:00
Lucas Manuel Rodriguez
5251b99ca0
Fix auto generated documentation CI checks in main (#30065)
Last week we had to revert some doc changes because codeowners were OOO.
2025-06-17 11:26:50 -03:00
Rachael Shaw
8641657686
Revert #27457 API changes (default avatar for API-only user) (#30051)
https://github.com/fleetdm/fleet/issues/27457 did not make it into a
sprint and docs were not removed.
2025-06-16 12:18:01 -05:00
Sarah Gillespie
4ab8208231
Update documentation for custom SCEP proxy (#29971) 2025-06-16 12:00:27 -05:00
Rachael Shaw
ac16428f3c
4.69.0 doc changes (#28937) 2025-06-14 14:26:45 -05:00
Rachael Shaw
0f3c9fd068
Docs: Add spacing in labels note (#30014) 2025-06-13 17:45:26 -05:00
Marko Lisica
af2bdf024a
Labels section included twice in YAML files docs (#29859)
Related to:

- #29789

---------

Co-authored-by: Rachael Shaw <r@rachael.wtf>
2025-06-13 17:04:42 -05:00
Victor Lyuboslavsky
5a8f338a68
Documented Android fleetdm.com proxy endpoints. (#29901)
Fixes #26519
2025-06-13 16:56:15 -05:00
Janis Watts
ea7bad3863
Clarify behavior when hash is provided in GitOps but no package matching that hash exists in Fleet (#29866)
Updated documentation to be more clear on behavior if hash is provided
for software package in YAML.
2025-06-13 16:53:43 -05:00
Victor Lyuboslavsky
8d4bf5bbd2
Updating Android contributor docs. (#29880)
Fixes #26519
2025-06-13 15:59:48 -05:00
Ian Littman
6f772a4405
Clean up "here" link anchors for docs, ee, and frontend dirs (#29742)
More work to fix #29720.

---------

Co-authored-by: Noah Talerman <47070608+noahtalerman@users.noreply.github.com>
2025-06-13 15:05:52 -05:00
Martin Angers
4dfe95304b
Regenerate host vitals doc for osquery query change (#29915)
For #29323 , contributor docs changes only (follow-up to
https://github.com/fleetdm/fleet/pull/29555).
2025-06-13 14:49:59 -05:00
Lucas Manuel Rodriguez
5646062c85
Update go to 1.24.4 and add some automation (#29954)
Fixes CVE-2025-22874 reported by
https://github.com/fleetdm/fleet/actions/runs/15601368321/job/43941793647.

(IMO not a critical CVE, so it doesn't need to be cherry-picked into
v4.69.0.)

Added automation to make this easier next time.
2025-06-13 13:08:14 -05:00
Brock Walters
daca0e7b17
Update Hosts endpoint list in rest-api.md (#29972)
Added #resend-hosts-configuration-profile link in Host endpoint list.

Why are these in this order? What is the order scheme? Thanks.
2025-06-12 17:49:32 -04:00
Sarah Gillespie
9fcd2e15c2
Add one-time challenge support to custom SCEP proxy (#29832) 2025-06-12 08:56:13 -05:00
Ian Littman
7bfd675698
Add contributor docs for self-service uninstall results endpoint (#29835)
For #28846. Code merged in #29712.
2025-06-11 16:27:56 -05:00
Juan Fernandez
d847ec8ed4
21979: Extended wipe end-point to allow for doWipe Win CMD (#29770)
For #21979

Extended POST /api/v1/fleet/hosts/:id/wipe end-point to allow users to
specify an optional payload for specifying what type of remote wipe to
perform on Win hosts.

---------

Co-authored-by: Rachael Shaw <r@rachael.wtf>
2025-06-11 13:56:07 -04:00
Lucas Manuel Rodriguez
1c5700a8c4
Microsoft Compliance Partner backend changes (#29540)
For #27042.

Ready for review, just missing integration tests that I will be writing
today.

- [X] Changes file added for user-visible changes in `changes/`,
`orbit/changes/` or `ee/fleetd-chrome/changes`.
See [Changes
files](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/guides/committing-changes.md#changes-files)
for more information.
- [X] Input data is properly validated, `SELECT *` is avoided, SQL
injection is prevented (using placeholders for values in statements)
- [ ] Added support on fleet's osquery simulator `cmd/osquery-perf` for
new osquery data ingestion features.
- [X] If database migrations are included, checked table schema to
confirm autoupdate
- For new Fleet configuration settings
- [X] Verified that the setting can be managed via GitOps, or confirmed
that the setting is explicitly being excluded from GitOps. If managing
via Gitops:
- [X] Verified that the setting is exported via `fleetctl
generate-gitops`
- [X] Added the setting to [the GitOps
documentation](https://github.com/fleetdm/fleet/blob/main/docs/Configuration/yaml-files.md#L485)
- [X] Verified that the setting is cleared on the server if it is not
supplied in a YAML file (or that it is documented as being optional)
- [x] Verified that any relevant UI is disabled when GitOps mode is
enabled
- For database migrations:
- [X] Checked schema for all modified table for columns that will
auto-update timestamps during migration.
- [X] Confirmed that updating the timestamps is acceptable, and will not
cause unwanted side effects.
- [X] Ensured the correct collation is explicitly set for character
columns (`COLLATE utf8mb4_unicode_ci`).
- [x] Added/updated automated tests
- [X] Manual QA for all new/changed functionality

---------

Co-authored-by: jacobshandling <61553566+jacobshandling@users.noreply.github.com>
Co-authored-by: Jacob Shandling <jacob@fleetdm.com>
2025-06-11 14:22:46 -03:00
jacobshandling
c9ed0026d9
Refine query result webhook docs (#29884)
## Follow up for #29834

---------

Co-authored-by: Jacob Shandling <jacob@fleetdm.com>
Co-authored-by: Rachael Shaw <r@rachael.wtf>
2025-06-10 13:35:50 -07:00
Ian Littman
ecb1a51362
Add missing docs for updated_script activity (#29803)
Work was done in a previous release but (probably due to a merge
conflict resolution) the activity list update was missed, so docs were
missing this.
2025-06-06 16:38:58 -06:00
Noah Talerman
a3da8598aa
Add starter scripts for Fleet Free (#29740)
They'll show up in "No team" for Fleet Premium
2025-06-06 16:51:00 -05:00
Eric
feced94b77
Docs: Update number of hosts required for managed cloud in FAQ (#29768)
(Follow up PR to #29760) 

Changes:
- Updated the number of hosts required for managed cloud in the FAQ
2025-06-06 16:50:20 -05:00
Noah Talerman
8f86e4a73b
Building Fleet: Link to specific Node version (#29735) 2025-06-03 15:12:33 -06:00
Ian Littman
6eb6884c4f
Propagate self-service flag on uninstalls through to activity (#29691)
Fixes part of unreleased for #28846.

# Checklist for submitter

If some of the following don't apply, delete the relevant line.

<!-- Note that API documentation changes are now addressed by the
product design team. -->

- [x] Input data is properly validated, `SELECT *` is avoided, SQL
injection is prevented (using placeholders for values in statements)
- [x] Added/updated automated tests
- [ ] Manual QA for all new/changed functionality
2025-06-03 09:09:43 -06:00
Ian Littman
502aa8bafb
When MDM SSO rate limit is supplied, split rate limit bucket (#29663)
Also adds some more rate limiter tests to make sure separate rate limit
buckets interact as expected.

Fixes #29614.

# Checklist for submitter

If some of the following don't apply, delete the relevant line.

<!-- Note that API documentation changes are now addressed by the
product design team. -->

- [x] Changes file added for user-visible changes in `changes/`,
`orbit/changes/` or `ee/fleetd-chrome/changes`.
See [Changes
files](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/guides/committing-changes.md#changes-files)
for more information.
- [x] Input data is properly validated, `SELECT *` is avoided, SQL
injection is prevented (using placeholders for values in statements)
- For new Fleet configuration settings
- [x] Verified that the setting can be managed via GitOps, or confirmed
that the setting is explicitly being excluded from GitOps. (excluded;
env var or YAML)
- [x] Added/updated automated tests
- [ ] Manual QA for all new/changed functionality

---------

Co-authored-by: George Karr <georgekarrv@users.noreply.github.com>
Co-authored-by: Noah Talerman <47070608+noahtalerman@users.noreply.github.com>
2025-06-02 16:18:58 -06:00
Jorge Falcon
27c37643bc
Fixing broken links for references to fleetctl-apply.md (#29661) 2025-06-01 21:48:12 -06:00
Luke Heath
3ef7caef9d
Apply starter library during new Fleet instance setup (#29564) 2025-05-30 16:27:33 -05:00
Rachael Shaw
213a5b082f
API docs: Miscellaneous minor formatting fixes (#29627)
+ For `order_direction`, use consistent `"asc"` and `"desc"` instead of
'asc', `asc`, etc.
+ Add a missing comma in an example
+ Add missing quotes for a string value in an example
2025-05-30 12:16:43 -05:00
Noah Talerman
afdfe94dd6
API docs: add missing parameters (#29446)
- Get host's software

---------

Co-authored-by: Rachael Shaw <r@rachael.wtf>
2025-05-30 11:05:01 -05:00
Noah Talerman
c96a40bb47
YAML reference: Auto resend macOS profiles (#29524)
- Fleet automatically resends macOS configuration profiles if
`$FLEET_VAR_` variables change
2025-05-30 10:58:04 -05:00
Noah Talerman
ea59a96b4e
YAML reference (#29465)
- Clarify which configuration profiles variables are available in Fleet
Premium
2025-05-27 17:57:56 -05:00
Noah Talerman
7cf2e2de47
[API design] Add a new timestamp for MDM check-in (#29467)
Original PR [here](https://github.com/fleetdm/fleet/pull/28940) was made
to 4.69.0 reference docs branch but the [user
story](https://github.com/fleetdm/fleet/issues/17710) was shipped in
4.68.
2025-05-27 17:33:48 -05:00
Dale Ribeiro
1eb957e165
Added example for macos_setup.enable_release_device_manually (#29479)
# Checklist for submitter

If some of the following don't apply, delete the relevant line.

<!-- Note that API documentation changes are now addressed by the
product design team. -->

- [ ] Changes file added for user-visible changes in `changes/`,
`orbit/changes/` or `ee/fleetd-chrome/changes`.
See [Changes
files](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/guides/committing-changes.md#changes-files)
for more information.
- [ ] Input data is properly validated, `SELECT *` is avoided, SQL
injection is prevented (using placeholders for values in statements)
- [ ] Added support on fleet's osquery simulator `cmd/osquery-perf` for
new osquery data ingestion features.
- [ ] If paths of existing endpoints are modified without backwards
compatibility, checked the frontend/CLI for any necessary changes
- [ ] If database migrations are included, checked table schema to
confirm autoupdate
- For new Fleet configuration settings
- [ ] Verified that the setting can be managed via GitOps, or confirmed
that the setting is explicitly being excluded from GitOps. If managing
via Gitops:
- [ ] Verified that the setting is exported via `fleetctl
generate-gitops`
- [ ] Added the setting to [the GitOps
documentation](https://github.com/fleetdm/fleet/blob/main/docs/Configuration/yaml-files.md#L485)
- [ ] Verified that the setting is cleared on the server if it is not
supplied in a YAML file (or that it is documented as being optional)
- [ ] Verified that any relevant UI is disabled when GitOps mode is
enabled
- For database migrations:
- [ ] Checked schema for all modified table for columns that will
auto-update timestamps during migration.
- [ ] Confirmed that updating the timestamps is acceptable, and will not
cause unwanted side effects.
- [ ] Ensured the correct collation is explicitly set for character
columns (`COLLATE utf8mb4_unicode_ci`).
- [ ] Added/updated automated tests
- [ ] Manual QA for all new/changed functionality
- For Orbit and Fleet Desktop changes:
- [ ] Make sure fleetd is compatible with the latest released version of
Fleet (see [Must
rule](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/workflows/fleetd-development-and-release-strategy.md)).
- [ ] Orbit runs on macOS, Linux and Windows. Check if the orbit
feature/bugfix should only apply to one platform (`runtime.GOOS`).
- [ ] Manual QA must be performed in the three main OSs, macOS, Windows
and Linux.
- [ ] Auto-update manual QA, from released version of component to new
version (see [tools/tuf/test](../tools/tuf/test/README.md)).
- [ ] For unreleased bug fixes in a release candidate, confirmed that
the fix is not expected to adversely impact load test results or alerted
the release DRI if additional load testing is needed.
2025-05-27 17:32:59 -05:00
Noah Talerman
8cd85ac5e4
Add research doc: account-driven user enrollment (#29469)
From the following research story:
- #27391
2025-05-27 15:19:56 -05:00
Dante Catalfamo
5789d3f3c9
Add macOS redis cluster support (#29433) 2025-05-27 11:38:59 -04:00
Eric
a69dfa5ee4
Update host vital queries in queries.yml (#29432)
Changes:
- Updated the host vital queries in queries.yml to have the changes from
https://github.com/fleetdm/fleet/pull/29360 and
https://github.com/fleetdm/fleet/pull/29280
2025-05-27 10:32:36 -05:00
Rachael Shaw
cbeb311b97
4.68.0 doc changes (#29393)
Documentation updates for v4.68.0

---------

Co-authored-by: Noah Talerman <47070608+noahtalerman@users.noreply.github.com>
Co-authored-by: Marko Lisica <83164494+marko-lisica@users.noreply.github.com>
Co-authored-by: Scott Gress <scottmgress@gmail.com>
Co-authored-by: Ian Littman <iansltx@gmail.com>
Co-authored-by: Jahziel Villasana-Espinoza <jahziel@fleetdm.com>
Co-authored-by: Eugene <eugene@fleetdm.com>
Co-authored-by: dantecatalfamo <dante.catalfamo@gmail.com>
Co-authored-by: Konstantin Sykulev <konst@sykulev.com>
Co-authored-by: Luke Heath <luke@fleetdm.com>
2025-05-22 16:20:56 -05:00
Jordan Montgomery
149cd9daca
Tweak MDM detection query to return the proper enrollment when there are multiple entries (#29360)
This change is deceptively simple but helps us choose the right one in
cases like #29042 where there are multiple enrollments in the registry.
In this case the customer seems to have been using something like
co-management(though even using their MDM we have not repro'd
internally) which leads to 2 registry keys in the registry with a UPN
node. I believe the way some MDM services handle unenroll can also leave
the registry keys in this state. Either way, because of this, and the
fact that we have a LIMIT 1 in the query, we were, in 50% of the cases
where we had multiple keys, returning the less useful of the nodes from
the query and because no Server URL was coming back we were treating it
as if the host was not MDM enrolled and thus, not unenrolling it, and
leading to enrollment failing.

With this change we'll return the proper registry key which should allow
us to, in the case of migration, properly unenroll the host and even in
the case where a customer isn't using Fleet MDM will allow us to display
the correct information from the registry.

# Checklist for submitter

If some of the following don't apply, delete the relevant line.

<!-- Note that API documentation changes are now addressed by the
product design team. -->

- [x] Changes file added for user-visible changes in `changes/`,
`orbit/changes/` or `ee/fleetd-chrome/changes`.
See [Changes
files](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/guides/committing-changes.md#changes-files)
for more information.
- [x] Input data is properly validated, `SELECT *` is avoided, SQL
injection is prevented (using placeholders for values in statements)
- [x] Manual QA for all new/changed functionality
2025-05-22 14:08:05 -04:00
Janis Watts
8b64e498de
Update Kinesis testing steps (#29370) 2025-05-22 12:07:06 -05:00
Rachael Shaw
97bb6a124b
API docs: Clarify software install statuses (#29203)
Clarify options for software install status filters on "List hosts"
endpoint.

---------

Co-authored-by: Ian Littman <iansltx@gmail.com>
2025-05-21 10:21:54 -05:00
Konstantin Sykulev
a42167462f
Added SHA256 hash from mac apps on install paths (#29280)
https://github.com/fleetdm/fleet/issues/25545

- [x] Changes file added for user-visible changes in `changes/`,
`orbit/changes/` or `ee/fleetd-chrome/changes`.
See [Changes
files](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/guides/committing-changes.md#changes-files)
for more information.
- [x] Input data is properly validated, `SELECT *` is avoided, SQL
injection is prevented (using placeholders for values in statements)
- [ ] Added support on fleet's osquery simulator `cmd/osquery-perf` for
new osquery data ingestion features.
- [x] Added/updated automated tests
- [x] Manual QA for all new/changed functionality
- For Orbit and Fleet Desktop changes:
- [ ] Make sure fleetd is compatible with the latest released version of
Fleet (see [Must
rule](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/workflows/fleetd-development-and-release-strategy.md)).
- [x] Orbit runs on macOS, Linux and Windows. Check if the orbit
feature/bugfix should only apply to one platform (`runtime.GOOS`).
- [x] Manual QA must be performed in the three main OSs, macOS, Windows
and Linux.
- [ ] Auto-update manual QA, from released version of component to new
version (see [tools/tuf/test](../tools/tuf/test/README.md)).
2025-05-20 23:38:59 -05:00
Dale Ribeiro
168d41a773
Update rest-api with additional_queries correction.md (#29184)
The additional_queries property in the modify configuration endpoint is
not a boolean. It should be an object that contains a key/value pair
with the name of the query and the query itself. I updated the
description and example to reflect this and match what we have in our
GitOps docs: https://fleetdm.com/docs/configuration/yaml-files#features

# Checklist for submitter

If some of the following don't apply, delete the relevant line.

<!-- Note that API documentation changes are now addressed by the
product design team. -->

- [ ] Changes file added for user-visible changes in `changes/`,
`orbit/changes/` or `ee/fleetd-chrome/changes`.
See [Changes
files](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/Committing-Changes.md#changes-files)
for more information.
- [ ] Input data is properly validated, `SELECT *` is avoided, SQL
injection is prevented (using placeholders for values in statements)
- [ ] Added support on fleet's osquery simulator `cmd/osquery-perf` for
new osquery data ingestion features.
- [ ] If paths of existing endpoints are modified without backwards
compatibility, checked the frontend/CLI for any necessary changes
- [ ] If database migrations are included, checked table schema to
confirm autoupdate
- For database migrations:
- [ ] Checked schema for all modified table for columns that will
auto-update timestamps during migration.
- [ ] Confirmed that updating the timestamps is acceptable, and will not
cause unwanted side effects.
- [ ] Ensured the correct collation is explicitly set for character
columns (`COLLATE utf8mb4_unicode_ci`).
- [ ] Added/updated automated tests
- [ ] Manual QA for all new/changed functionality
- For Orbit and Fleet Desktop changes:
- [ ] Make sure fleetd is compatible with the latest released version of
Fleet (see [Must
rule](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/fleetd-development-and-release-strategy.md)).
- [ ] Orbit runs on macOS, Linux and Windows. Check if the orbit
feature/bugfix should only apply to one platform (`runtime.GOOS`).
- [ ] Manual QA must be performed in the three main OSs, macOS, Windows
and Linux.
- [ ] Auto-update manual QA, from released version of component to new
version (see [tools/tuf/test](../tools/tuf/test/README.md)).
- [ ] For unreleased bug fixes in a release candidate, confirmed that
the fix is not expected to adversely impact load test results or alerted
the release DRI if additional load testing is needed.
2025-05-20 13:13:25 -05:00
Luke Heath
030c61ca17
Update contrib docs headers to sentence case (#29276) 2025-05-20 11:26:35 -05:00
Victor Lyuboslavsky
396a3f2edc
Fixed/updated SCIM contributor guide. (#29257) 2025-05-19 11:29:36 -05:00
Luke Heath
7380919dc3
Organize contributor docs and establish ADR process and template (#29101) 2025-05-17 15:03:52 -05:00
Gabe Lopez
9132627c89
Update Testing-and-local-development.md (#28892) 2025-05-16 10:15:21 -05:00
Eric
27b8dbd585
Docs: Update macOS software host vital query (#29139)
Changes:
- Updated the macOS software host vital query
2025-05-15 18:26:35 -05:00
Harrison Ravazzolo
2d5219b447
clarifying section of webhooks (#29168)
Adding a clarification note to the documentation for gitops

---------

Co-authored-by: Rachael Shaw <r@rachael.wtf>
2025-05-15 16:49:46 -05:00
Jordan Moore
503a6b5e76
Documentation updates to Gitops sso_settings section (#29110)
Documentation updates to flip-flop the descriptions for
`enable_jit_provisioning` and `enable_sso_idp_login`
2025-05-15 15:09:02 -05:00
Victor Lyuboslavsky
7c8710996e
Research doc for Apple user channel. (#29016) 2025-05-14 11:20:02 -05:00
Ian Littman
3edf684db1
Add backend for uninstalls in My device UI (#29035)
For #28846. Intentionally not limited to self-service/in-scope apps,
though we don't have any software listing changes in this PR to show
more titles in the self-service list.

QA plan is a bit light due to ticket being underspec'd. Can figure out
how we deal with that later.

# Checklist for submitter

If some of the following don't apply, delete the relevant line.

<!-- Note that API documentation changes are now addressed by the
product design team. -->

- [x] Changes file added for user-visible changes in `changes/`,
`orbit/changes/` or `ee/fleetd-chrome/changes`.
See [Changes
files](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/Committing-Changes.md#changes-files)
for more information.
- [x] Input data is properly validated, `SELECT *` is avoided, SQL
injection is prevented (using placeholders for values in statements)
- [x] Added/updated automated tests
- [ ] A detailed QA plan exists on the associated ticket (if it isn't
there, work with the product group's QA engineer to add it)
- [x] Manual QA for all new/changed functionality
2025-05-13 12:14:45 -05:00
Katheryn Satterlee
9ea5ecde68
Add neon to Linux platform list (#28977)
Added `neon` to list of Linux platforms associated with hosts so that
Linux-specific detail queries and policies will be sent to hosts running
the XDE Neon operating system.

This does not guarantee full compatibility with Neon, but will improve
telemetry.

Resolves #28560 


# Checklist for submitter


If some of the following don't apply, delete the relevant line.

<!-- Note that API documentation changes are now addressed by the
product design team. -->

- [x] Changes file added for user-visible changes in `changes/`,
`orbit/changes/` or `ee/fleetd-chrome/changes`.
See [Changes
files](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/Committing-Changes.md#changes-files)
for more information.
- [x] Added/updated automated tests
- [ ] A detailed QA plan exists on the associated ticket (if it isn't
there, work with the product group's QA engineer to add it)
- [ ] Manual QA for all new/changed functionality
2025-05-12 17:37:21 -05:00
Eric
1f0c723589
Docs: Fix urls of two images on SSO page (#28990)
Closes: #28972

Changes:
- Fixed two broken image URLs on the SSO documentation page.
2025-05-08 17:30:28 -05:00
Victor Lyuboslavsky
6f9030ee3c
SCIM Entra ID support (#28832)
For #28196

This PR adds full patching for SCIM Users and Groups, and adds the
ability to filter Groups by displayName.

The changes have been tested with [Entra ID SCIM
Validator](67dfd91c0c/docs/Contributing/SCIM-integration.md (entra-id-integration))
and Okta SCIM 2.0 SPEC Test (to make sure we didn't break Okta).

# Checklist for submitter
- [x] Changes file added for user-visible changes in `changes/`,
`orbit/changes/` or `ee/fleetd-chrome/changes`.
- [x] Added/updated automated tests
- [x] A detailed QA plan exists on the associated ticket (if it isn't
there, work with the product group's QA engineer to add it)
- [x] Manual QA for all new/changed functionality
2025-05-08 13:02:49 -05:00
Martin Angers
48de857dca
BRP: add batch-resend profile to hosts endpoint based on status (#28871) 2025-05-07 16:48:18 -04:00
Mike Thomas
e92feb17b7
Update single-sign-on-sso.md (#28193)
I've updated this section to include information about SCIM as per this
[website request](https://github.com/fleetdm/fleet/issues/27971) from a
Fleet contributor.

Please confirm that I have understood correctly and that this is
accurate.

---------

Co-authored-by: Noah Talerman <47070608+noahtalerman@users.noreply.github.com>
Co-authored-by: Rachael Shaw <r@rachael.wtf>
2025-05-07 15:47:12 -05:00
Mike Thomas
a91042ae02
Update queries.yml (#28897)
uppercase 'S' was breaking the query.
2025-05-07 14:48:08 -05:00
Noah Talerman
7262c6ed0a
GitOps reference (#28877)
- Learned during NYC GitOps training that it's more intuitive to
explicitly set `macos_updates.deadline` to a string
- I think let's pick one of single quotes or double quotes and be
consistent: let's go with double quotes
2025-05-06 16:44:53 -05:00
jacobshandling
55bacd830c
Add link to mocks README (#28382) 2025-05-06 15:58:21 -05:00
Victor Lyuboslavsky
3d3d43864a
Bumping MySQL 8.4.3->8.4.5 and 9.1.0->9.3.0 in tests. (#28767)
I forced a test run on 9.3.0 (which only runs nightly be default).
2025-05-02 13:40:11 -05:00
Marko Lisica
64152febc9
[Docs update] Call out that mdm.macos_setup in config and team endpoint is set only by GitOps (#28695)
Called out that `mdm.macos_setup` in GET config and GET team is only set
by YAML files.

Related to: 

- #28497
2025-05-01 13:59:09 -04:00
Victor Lyuboslavsky
f831318c85
Documenting POC investigation for account-driven user enrollment (#28661)
For #27391
2025-04-30 13:08:25 -05:00
Noah Talerman
e4bbe185a8
Update reference docs/guides: reset automations (#28677)
Update guides to clarify current behavior and best practice.

More context here:
https://github.com/fleetdm/fleet/issues/28611#issuecomment-2841952742
2025-04-30 13:00:00 -05:00
Dale Ribeiro
d51c8324fb
Added update custom device mapping (#28654)
# Checklist for submitter

If some of the following don't apply, delete the relevant line.

<!-- Note that API documentation changes are now addressed by the
product design team. -->

- [ ] Changes file added for user-visible changes in `changes/`,
`orbit/changes/` or `ee/fleetd-chrome/changes`.
See [Changes
files](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/Committing-Changes.md#changes-files)
for more information.
- [ ] Input data is properly validated, `SELECT *` is avoided, SQL
injection is prevented (using placeholders for values in statements)
- [ ] Added support on fleet's osquery simulator `cmd/osquery-perf` for
new osquery data ingestion features.
- [ ] If paths of existing endpoints are modified without backwards
compatibility, checked the frontend/CLI for any necessary changes
- [ ] If database migrations are included, checked table schema to
confirm autoupdate
- For database migrations:
- [ ] Checked schema for all modified table for columns that will
auto-update timestamps during migration.
- [ ] Confirmed that updating the timestamps is acceptable, and will not
cause unwanted side effects.
- [ ] Ensured the correct collation is explicitly set for character
columns (`COLLATE utf8mb4_unicode_ci`).
- [ ] Added/updated automated tests
- [ ] A detailed QA plan exists on the associated ticket (if it isn't
there, work with the product group's QA engineer to add it)
- [ ] Manual QA for all new/changed functionality
- For Orbit and Fleet Desktop changes:
- [ ] Make sure fleetd is compatible with the latest released version of
Fleet (see [Must
rule](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/fleetd-development-and-release-strategy.md)).
- [ ] Orbit runs on macOS, Linux and Windows. Check if the orbit
feature/bugfix should only apply to one platform (`runtime.GOOS`).
- [ ] Manual QA must be performed in the three main OSs, macOS, Windows
and Linux.
- [ ] Auto-update manual QA, from released version of component to new
version (see [tools/tuf/test](../tools/tuf/test/README.md)).
- [ ] For unreleased bug fixes in a release candidate, confirmed that
the fix is not expected to adversely impact load test results or alerted
the release DRI if additional load testing is needed.

---------

Co-authored-by: Rachael Shaw <r@rachael.wtf>
2025-04-30 12:59:08 -05:00
Rachael Shaw
ba89eca450
Docs: Update note about human-device mapping endpoints (#28665)
We added the "Edit" endpoint back to the docs.
2025-04-29 16:28:43 -05:00
Dale Ribeiro
d3cab6fa7c
Updated human-device mapping deprecation info (#28653)
# Checklist for submitter

If some of the following don't apply, delete the relevant line.

<!-- Note that API documentation changes are now addressed by the
product design team. -->

- [ ] Changes file added for user-visible changes in `changes/`,
`orbit/changes/` or `ee/fleetd-chrome/changes`.
See [Changes
files](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/Committing-Changes.md#changes-files)
for more information.
- [ ] Input data is properly validated, `SELECT *` is avoided, SQL
injection is prevented (using placeholders for values in statements)
- [ ] Added support on fleet's osquery simulator `cmd/osquery-perf` for
new osquery data ingestion features.
- [ ] If paths of existing endpoints are modified without backwards
compatibility, checked the frontend/CLI for any necessary changes
- [ ] If database migrations are included, checked table schema to
confirm autoupdate
- For database migrations:
- [ ] Checked schema for all modified table for columns that will
auto-update timestamps during migration.
- [ ] Confirmed that updating the timestamps is acceptable, and will not
cause unwanted side effects.
- [ ] Ensured the correct collation is explicitly set for character
columns (`COLLATE utf8mb4_unicode_ci`).
- [ ] Added/updated automated tests
- [ ] A detailed QA plan exists on the associated ticket (if it isn't
there, work with the product group's QA engineer to add it)
- [ ] Manual QA for all new/changed functionality
- For Orbit and Fleet Desktop changes:
- [ ] Make sure fleetd is compatible with the latest released version of
Fleet (see [Must
rule](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/fleetd-development-and-release-strategy.md)).
- [ ] Orbit runs on macOS, Linux and Windows. Check if the orbit
feature/bugfix should only apply to one platform (`runtime.GOOS`).
- [ ] Manual QA must be performed in the three main OSs, macOS, Windows
and Linux.
- [ ] Auto-update manual QA, from released version of component to new
version (see [tools/tuf/test](../tools/tuf/test/README.md)).
- [ ] For unreleased bug fixes in a release candidate, confirmed that
the fix is not expected to adversely impact load test results or alerted
the release DRI if additional load testing is needed.
2025-04-29 14:27:23 -05:00
Victor Lyuboslavsky
eac6ccb4e4
Contributor docs for bootstrap pkg (#28609) 2025-04-28 15:36:38 -05:00
Jordan Montgomery
a7967a398c
Update DigiCert integration contributor doc for renewal (#28517)
Updates contributor doc based on recently merged DigiCert renewal
changes

I'm not sure if leaving the "admin" on that last mermaid doc was the
right thing to do but I wanted to make it clear this all happens
automatically without admin intervention once setup
2025-04-28 11:30:56 -04:00
Ian Littman
94b3761bfb
Sync docs (#28582) 2025-04-28 10:08:30 -05:00
Rachael Shaw
7ae8b9a3da
Documentation changes for v4.67.0 (#28528)
Docs for the 4.67.0 release.

---------

Co-authored-by: Noah Talerman <47070608+noahtalerman@users.noreply.github.com>
Co-authored-by: Marko Lisica <83164494+marko-lisica@users.noreply.github.com>
Co-authored-by: Eugene <eugene@fleetdm.com>
Co-authored-by: Ian Littman <iansltx@gmail.com>
Co-authored-by: Drew Baker <89049099+Drew-P-drawers@users.noreply.github.com>
Co-authored-by: Scott Gress <scottmgress@gmail.com>
Co-authored-by: Lucas Manuel Rodriguez <lucas@fleetdm.com>
Co-authored-by: Martin Angers <martin.n.angers@gmail.com>
2025-04-24 16:10:41 -05:00
Ian Littman
49c49c7433
Implement self-service install status endpoints (#28424)
For #28411.

# Checklist for submitter

If some of the following don't apply, delete the relevant line.

<!-- Note that API documentation changes are now addressed by the
product design team. -->

- [x] Changes file added for user-visible changes in `changes/`,
`orbit/changes/` or `ee/fleetd-chrome/changes`.
See [Changes
files](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/Committing-Changes.md#changes-files)
for more information.
- [x] Input data is properly validated, `SELECT *` is avoided, SQL
injection is prevented (using placeholders for values in statements)
- [x] Added/updated automated tests
- [x] A detailed QA plan exists on the associated ticket (if it isn't
there, work with the product group's QA engineer to add it)
- [x] Manual QA for all new/changed functionality
2025-04-24 12:20:21 -05:00
Rachael Shaw
0c95e92b5a
Revert changes to batch-run script docs
Merged into wrong branch; for 4.68
2025-04-22 18:08:32 -05:00
Rachael Shaw
13b9b885c1
Bulk script doc spruce up (#28471)
Move around some parameters and mark `script_id` required

---------

Co-authored-by: Noah Talerman <47070608+noahtalerman@users.noreply.github.com>
Co-authored-by: Marko Lisica <83164494+marko-lisica@users.noreply.github.com>
Co-authored-by: Scott Gress <scottmgress@gmail.com>
Co-authored-by: Ian Littman <iansltx@gmail.com>
Co-authored-by: Jahziel Villasana-Espinoza <jahziel@fleetdm.com>
2025-04-22 18:02:54 -05:00
Rachael Shaw
b1ea8dd757
Rename "Get host's scripts" -> "List host's scripts" (#28470)
Keeps the naming consistent.
2025-04-22 17:42:21 -05:00
Rachael Shaw
39ca7a1856
REST API docs: Move "Get host's scripts" under "Scripts" heading (#28469) 2025-04-22 17:38:55 -05:00
Noah Talerman
c4bf51e9a1
API docs: Bulk => batch (#28460)
Batch run script API coming soon...

---------

Co-authored-by: Rachael Shaw <r@rachael.wtf>
2025-04-22 17:32:30 -05:00
Rachael Shaw
9404dafbea
Docs: Update bulk transfer/delete hosts formatting (filters in a separate table) (#28457)
Move `filters` parameter into its own table to make it easier to
understand what the available filters are.
2025-04-22 15:49:56 -05:00
Raiven
42a847d076
docs: Update Adding-new-endpoints.md (#28377)
# Checklist for submitter

If some of the following don't apply, delete the relevant line.

<!-- Note that API documentation changes are now addressed by the
product design team. -->

- [ ] Changes file added for user-visible changes in `changes/`,
`orbit/changes/` or `ee/fleetd-chrome/changes`.
See [Changes
files](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/Committing-Changes.md#changes-files)
for more information.
- [ ] Input data is properly validated, `SELECT *` is avoided, SQL
injection is prevented (using placeholders for values in statements)
- [ ] Added support on fleet's osquery simulator `cmd/osquery-perf` for
new osquery data ingestion features.
- [ ] If paths of existing endpoints are modified without backwards
compatibility, checked the frontend/CLI for any necessary changes
- [ ] If database migrations are included, checked table schema to
confirm autoupdate
- For database migrations:
- [ ] Checked schema for all modified table for columns that will
auto-update timestamps during migration.
- [ ] Confirmed that updating the timestamps is acceptable, and will not
cause unwanted side effects.
- [ ] Ensured the correct collation is explicitly set for character
columns (`COLLATE utf8mb4_unicode_ci`).
- [ ] Added/updated automated tests
- [ ] A detailed QA plan exists on the associated ticket (if it isn't
there, work with the product group's QA engineer to add it)
- [ ] Manual QA for all new/changed functionality
- For Orbit and Fleet Desktop changes:
- [ ] Make sure fleetd is compatible with the latest released version of
Fleet (see [Must
rule](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/fleetd-development-and-release-strategy.md)).
- [ ] Orbit runs on macOS, Linux and Windows. Check if the orbit
feature/bugfix should only apply to one platform (`runtime.GOOS`).
- [ ] Manual QA must be performed in the three main OSs, macOS, Windows
and Linux.
- [ ] Auto-update manual QA, from released version of component to new
version (see [tools/tuf/test](../tools/tuf/test/README.md)).
- [ ] For unreleased bug fixes in a release candidate, confirmed that
the fix is not expected to adversely impact load test results or alerted
the release DRI if additional load testing is needed.
2025-04-21 10:11:02 -05:00
Noah Talerman
1393d7bcd9
Puppet module: remove guide and update docs (#28335)
We don't think anyone is using it so we want to remove it in Fleet 5
(next major version).

- More context here: https://github.com/fleetdm/fleet/issues/28334
2025-04-18 16:47:11 -04:00
Mike Thomas
3d9958df66
add-button-ids-to-deploy-docs (#28319)
I'm testing out user behavior in HotJar. Need to add some IDs to buttons
to properly track and test.
2025-04-18 11:19:56 -05:00
Victor Lyuboslavsky
ce9467070e
Move backend patterns.md to docs/Contributing (#28243)
As discussed in a recent Backend sync, moving patterns.md to
docs/Contributing
2025-04-16 13:36:14 -05:00
Noah Talerman
f4ffaf0d07
GitOps reference: add links for configuration profile variables (#28260)
Link to GitLab and Apple docs
2025-04-15 14:39:01 -05:00
Marko Lisica
57d73fcd6c
End user authentication wasn't documented as subsection of MDM under PATCH /config endpoint (#28244)
`end_user_authentication` isn't documented as all other endpoints under
`mdm` in `PATCH /config` endpoint.

I also removed `issuer_uri` as this isn't implemented to this endpoint.

---------

Co-authored-by: Rachael Shaw <r@rachael.wtf>
2025-04-15 20:00:05 +02:00
Jahziel Villasana-Espinoza
fa8c087abf
fix: change how macOS software names are calculated to avoid erroneous duplicates (#28037)
> For #24087 

# Checklist for submitter

If some of the following don't apply, delete the relevant line.

<!-- Note that API documentation changes are now addressed by the
product design team. -->

- [x] Changes file added for user-visible changes in `changes/`,
`orbit/changes/` or `ee/fleetd-chrome/changes`.
See [Changes
files](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/Committing-Changes.md#changes-files)
for more information.
- [x] Input data is properly validated, `SELECT *` is avoided, SQL
injection is prevented (using placeholders for values in statements)
- [x] Added support on fleet's osquery simulator `cmd/osquery-perf` for
new osquery data ingestion features.
- [x] If database migrations are included, checked table schema to
confirm autoupdate
- For database migrations:
- [x] Checked schema for all modified table for columns that will
auto-update timestamps during migration.
- [x] Ensured the correct collation is explicitly set for character
columns (`COLLATE utf8mb4_unicode_ci`).
- [x] Added/updated automated tests
- [x] A detailed QA plan exists on the associated ticket (if it isn't
there, work with the product group's QA engineer to add it)
- [x] Manual QA for all new/changed functionality
2025-04-11 19:19:07 -04:00
Katheryn Satterlee
801d97f496
Update Upgrading-Fleet.md (#28112)
Add clear language around the requirement for Fleet to be offline during
the upgrade process.
2025-04-11 17:32:08 -05:00
Adam Anklewicz
c8d9dd81dc
Update yaml-files.md (#28028)
Received an error from GitHub Actions stating it was expecting a string
and got a number. Added quotes and it worked. Changing the documentation
to match.
2025-04-11 17:31:12 -05:00
Noah Talerman
dce7bbe48b
API reference: add missing yara_rules to PATCH /config (#27976)
Based on community feedback here:
https://github.com/fleetdm/fleet/issues/27569#issuecomment-2775322232
2025-04-11 17:10:56 -05:00
Jordan Montgomery
0ffdc14596
Update Autopilot testing info (#28125)
Updates the relevant Contributing doc based on what Gabe and I learned
while testing Autopilot
2025-04-11 14:31:02 -04:00
Rachael Shaw
06f8ed8f3b
Update labels API docs (#28119)
Improvements/fixes for manual label documentation.

Follow-up from this old draft PR:
https://github.com/fleetdm/fleet/pull/23589

---------

Co-authored-by: gillespi314 <73313222+gillespi314@users.noreply.github.com>
2025-04-11 09:17:13 -05:00
jacobshandling
bc6dc21ac9
Add host id to fleet enrolled activity (#28068)
## For #26695 

<img width="1795" alt="Screenshot 2025-04-09 at 7 25 25 PM"
src="https://github.com/user-attachments/assets/edeb5c51-9643-4fe0-8171-0400f513373f"
/>


- [x] Changes file added for user-visible changes in `changes/`
- [x] Added/updated automated tests
- [x] A detailed QA plan exists on the associated ticket (if it isn't
there, work with the product group's QA engineer to add it)
- [x] Manual QA for all new/changed functionality

---------

Co-authored-by: Jacob Shandling <jacob@fleetdm.com>
2025-04-10 13:50:14 -07:00
Eric
747af2247b
Update query for "Software codesign" vital (#28092)
Changes:
- Updated the query for the "Software codesign" host vital. (The vital
was incorrectly using the same query as the "Software (macOS)" host
vital)
2025-04-10 15:02:05 -05:00
Martin Angers
00149cb5a9
Cancel upcoming activities: create past canceled activities (#27956) 2025-04-09 16:08:51 -04:00
Rachael Shaw
4cff3790be
Mark DigiCert and custom SCEP CA experimental (#27988)
@marko-lisica's previous PR: https://github.com/fleetdm/fleet/pull/27724
(needed to change base branch to `main` because `docs-v4.66.0` was
merged).
2025-04-09 16:08:40 -04:00
Victor Lyuboslavsky
087d7209fe
Updated SSO user contributing docs. (#27981)
For #27284
2025-04-08 10:53:58 -05:00
Victor Lyuboslavsky
3d0025c570
SCIM + host integration (#27880)
For #27284

This PR:
- Adds SCIM as a fallback for username during macOS end user
authentication during setup experience
- Adds SCIM/endUsers details to host details

# Checklist for submitter
- [x] Changes file added for user-visible changes in `changes/`,
`orbit/changes/` or `ee/fleetd-chrome/changes`.
See [Changes
files](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/Committing-Changes.md#changes-files)
for more information.
- [x] Added/updated automated tests
- [x] A detailed QA plan exists on the associated ticket (if it isn't
there, work with the product group's QA engineer to add it)
- [x] Manual QA for all new/changed functionality
2025-04-08 09:35:06 -05:00
Allen Houchins
c57fc2d03e
Fixed policy check for macOS - Disable guest account (#27531)
I created and tested the fix before seeing the [comment in this
issue](https://github.com/fleetdm/fleet/issues/24417).

Feel free to merge the fix or close this out but I made this pull
request since we had another customer report this issue today.
2025-04-08 08:52:05 -05:00
Rachael Shaw
76cab7fdba
Add missing commas in example response (#27964) 2025-04-07 20:04:32 -05:00
Victor Lyuboslavsky
0f65252517
Fixed wrong API verb. (#27954)
For #27284
2025-04-07 18:47:11 -05:00
Mike McNeil
8452eff7f0
Apple Intelligence enabled? (#27866)
Add Allen's Apple Intelligence check to the policy library so that any
user can import/copy+paste and use it directly without writing SQL.


https://www.linkedin.com/posts/allenhouchins_fleet-it-infosec-activity-7257454593012322304-yvek

---------

Co-authored-by: Allen Houchins <allenhouchins@mac.com>
Co-authored-by: Eric <eashaw@sailsjs.com>
2025-04-07 18:40:37 -05:00
Dale Ribeiro
33eb54d013
Update single-sign-on-sso.md (#27784)
# Checklist for submitter

If some of the following don't apply, delete the relevant line.

<!-- Note that API documentation changes are now addressed by the
product design team. -->

- [ ] Changes file added for user-visible changes in `changes/`,
`orbit/changes/` or `ee/fleetd-chrome/changes`.
See [Changes
files](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/Committing-Changes.md#changes-files)
for more information.
- [ ] Input data is properly validated, `SELECT *` is avoided, SQL
injection is prevented (using placeholders for values in statements)
- [ ] Added support on fleet's osquery simulator `cmd/osquery-perf` for
new osquery data ingestion features.
- [ ] If paths of existing endpoints are modified without backwards
compatibility, checked the frontend/CLI for any necessary changes
- [ ] If database migrations are included, checked table schema to
confirm autoupdate
- For database migrations:
- [ ] Checked schema for all modified table for columns that will
auto-update timestamps during migration.
- [ ] Confirmed that updating the timestamps is acceptable, and will not
cause unwanted side effects.
- [ ] Ensured the correct collation is explicitly set for character
columns (`COLLATE utf8mb4_unicode_ci`).
- [ ] Added/updated automated tests
- [ ] A detailed QA plan exists on the associated ticket (if it isn't
there, work with the product group's QA engineer to add it)
- [ ] Manual QA for all new/changed functionality
- For Orbit and Fleet Desktop changes:
- [ ] Make sure fleetd is compatible with the latest released version of
Fleet (see [Must
rule](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/fleetd-development-and-release-strategy.md)).
- [ ] Orbit runs on macOS, Linux and Windows. Check if the orbit
feature/bugfix should only apply to one platform (`runtime.GOOS`).
- [ ] Manual QA must be performed in the three main OSs, macOS, Windows
and Linux.
- [ ] Auto-update manual QA, from released version of component to new
version (see [tools/tuf/test](../tools/tuf/test/README.md)).
- [ ] For unreleased bug fixes in a release candidate, confirmed that
the fix is not expected to adversely impact load test results or alerted
the release DRI if additional load testing is needed.

---------

Co-authored-by: Brock Walters <153771548+nonpunctual@users.noreply.github.com>
2025-04-04 18:04:18 -05:00
Allen Houchins
97c9b651e1
Update fleet-server-configuration.md (#27868)
Fixed typo
2025-04-04 17:44:19 -05:00
Lucas Manuel Rodriguez
5c7599764d
Run make generate-doc (#27911)
This will fix CI on `main`.
2025-04-04 16:27:09 -05:00
Ian Littman
65ba89e60c
Update FMA docs to include Windows + current instructions/impl details (#27828)
For #26716.

Also moves the article to an OS-independent URL, updates links from
elsewhere, and adds a bit more internal-link juice for install
automation.

---------

Co-authored-by: Rachael Shaw <r@rachael.wtf>
2025-04-04 14:55:27 -05:00
Rachael Shaw
c592c2b24e
Docs v4.66.0 (#27844)
Documentation changes for the 4.66.0 release.

---------

Co-authored-by: Marko Lisica <83164494+marko-lisica@users.noreply.github.com>
Co-authored-by: Marko Lisica <markol.lisica@gmail.com>
Co-authored-by: Noah Talerman <47070608+noahtalerman@users.noreply.github.com>
Co-authored-by: Victor Lyuboslavsky <victor@fleetdm.com>
Co-authored-by: George Karr <georgekarrv@users.noreply.github.com>
Co-authored-by: RachelElysia <71795832+RachelElysia@users.noreply.github.com>
Co-authored-by: Ian Littman <iansltx@gmail.com>
Co-authored-by: Eugene <eugene@fleetdm.com>
Co-authored-by: Victor Lyuboslavsky <victor.lyuboslavsky@gmail.com>
Co-authored-by: Scott Gress <scottmgress@gmail.com>
Co-authored-by: Dante Catalfamo <43040593+dantecatalfamo@users.noreply.github.com>
2025-04-04 14:28:09 -05:00
Victor Lyuboslavsky
61a7b70b5d
SCIM integration tests (#27750)
For #27287

This PR adds integration tests for SCIM API endpoints as well as some
bug fixes found by these tests.

# Checklist for submitter

- [x] Added/updated automated tests
- [x] Manual QA for all new/changed functionality
2025-04-04 11:00:46 -05:00
Luke Heath
28232b5c11
Update API-Versioning.md (#27855) 2025-04-04 10:34:27 -05:00
George Karr
28a82b19c9
Create certs.md (#27013) 2025-04-03 14:19:00 -05:00
Eric
dd06b2a414
Docs: Remove "Time and date are configured to be updated automatically (macOS)" policy (#27788)
Closes: #27460

Changes:
- Removed the "Time and date are configured to be updated automatically
(macOS)" policy from the standard query library yaml. The policy checks
a value that can only be set on iOS devices
(https://developer.apple.com/documentation/devicemanagement/restrictions#:~:text=forceAutomaticDateAndTime).
2025-04-02 16:30:49 -05:00
Scott Gress
fc3cd3b33f
Add docs for upgrading Go (#27693)
For #27605 

Adds a guide to the contributor docs about how to upgrade the Go version
used to build Fleet.
2025-04-02 15:30:32 -05:00
Victor Lyuboslavsky
15c84b67f7
Added contributing docs for end user authentication. (#27690)
For #23236
2025-04-02 13:03:52 -05:00
Victor Lyuboslavsky
2801eab201
Tweaks to high level Fleet diagram. (#27749) 2025-04-02 11:34:51 -05:00
Victor Lyuboslavsky
2198fd8d65
Add SCIM Users (#27551)
For #27287

Video explaining the PR: https://www.youtube.com/watch?v=ZHgFUAvrPEI

This PR adds SCIM Users support for Okta. The goal is to first add
Users/Groups support so that the remaining backend SCIM work can be done
in parallel.

This PR does not include the following, which will be added in later PRs
- Changes file
- Groups support for Okta
- Full support for Entra ID
- Integration tests

# Checklist for submitter

- [x] If database migrations are included, checked table schema to
confirm autoupdate
- For database migrations:
- [x] Checked schema for all modified table for columns that will
auto-update timestamps during migration.
- [x] Confirmed that updating the timestamps is acceptable, and will not
cause unwanted side effects.
- [x] Ensured the correct collation is explicitly set for character
columns (`COLLATE utf8mb4_unicode_ci`).
- [x] Added/updated automated tests
- [x] A detailed QA plan exists on the associated ticket (if it isn't
there, work with the product group's QA engineer to add it)
- [x] Manual QA for all new/changed functionality
2025-04-01 11:02:24 -05:00
Victor Lyuboslavsky
ea8b81993e
Updating DigiCert/SCEP contributor docs. (#27625) 2025-03-31 13:50:05 -05:00
Scott Gress
59f96651b6
Update to Go 1.24.1 (#27506)
For #26713 

# Details

This PR updates Fleet and its related tools and binaries to use Go
version 1.24.1.

Scanning through the changelog, I didn't see anything relevant to Fleet
that requires action. The only possible breaking change I spotted was:

> As [announced](https://tip.golang.org/doc/go1.23#linux) in the Go 1.23
release notes, Go 1.24 requires Linux kernel version 3.2 or later.

Linux kernel 3.2 was released in January of 2012, so I think we can
commit to dropping support for earlier kernel versions.

The new [tools directive](https://tip.golang.org/doc/go1.24#tools) is
interesting as it means we can move away from using `tools.go` files,
but it's not a required update.

# Checklist for submitter

If some of the following don't apply, delete the relevant line.

<!-- Note that API documentation changes are now addressed by the
product design team. -->

- [X] Changes file added for user-visible changes in `changes/`,
`orbit/changes/` or `ee/fleetd-chrome/changes`.
- [x] Manual QA for all new/changed functionality
- For Orbit and Fleet Desktop changes:
- [X] Make sure fleetd is compatible with the latest released version of
Fleet
   - [x] Orbit runs on macOS  , Linux   and Windows. 
- [x] Manual QA must be performed in the three main OSs, macOS ,
Windows and Linux .
2025-03-31 11:14:09 -05:00
Eric
ac390757f9
Docs: update title meta tag & h1 on yaml-files page (#27519)
Closes: #26503

Changes:
- Updated the heading and `<meta>` title of the yaml-files.md
documentation page to be "GitOps" (Note: the URL will not change)
2025-03-27 10:45:30 -05:00
Eric
f351cb2820
Docs: Break tutorials and guides page into two sections (#27521)
Closes: #27261

Changes:
- Updated the tutorials-and-guides docs page to have two lists of
guides: "Get set up" and "Further learning"
2025-03-26 16:46:13 -05:00
RachelElysia
c7e243d618
Fleet docs: Fix spelling and grammar (#27528)
## Description
- Documentation spelling and grammar fixes
2025-03-26 16:45:23 -05:00
Victor Lyuboslavsky
23a55cc1aa
Update MDM-Android.md -- improve class diagram display (#27538) 2025-03-26 13:09:49 -05:00
Eric
11d7f51b7f
Docs: Update vitals in queries.yml (#27373)
Closes: https://github.com/fleetdm/confidential/issues/10005

Changes:
- Updated the vitals in docs/queries.yml to have the latest changes from
docs/contributing/understanding-host-vitals.md (updated the software
vitals for Windows and macOS, added the host certificate vital, added
two python packages vitals)
2025-03-24 11:41:05 -05:00
Benjamin Edwards
c6178c64cd
add configuration setting for forcing h2c (#26799) 2025-03-21 09:38:21 -04:00
Lucas Manuel Rodriguez
e6cb16453e
Added more logging for troubleshooting of software package installation (#27291)
For #27234.

- Improved logging in orbit to help us during troubleshooting.
- Added some documentation on how to grep for errors related to software
package installation in orbit.
- Added `took` to server request error logs (it was only present when
the request succeeds).

---

- [X] Changes file added for user-visible changes in `changes/`,
`orbit/changes/` or `ee/fleetd-chrome/changes`.
See [Changes
files](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/Committing-Changes.md#changes-files)
for more information.
- [x] A detailed QA plan exists on the associated ticket (if it isn't
there, work with the product group's QA engineer to add it)
- [X] Manual QA for all new/changed functionality
- For Orbit and Fleet Desktop changes:
- [x] Make sure fleetd is compatible with the latest released version of
Fleet (see [Must
rule](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/fleetd-development-and-release-strategy.md)).
- [x] Orbit runs on macOS, Linux and Windows. Check if the orbit
feature/bugfix should only apply to one platform (`runtime.GOOS`).
- [x] Manual QA must be performed in the three main OSs, macOS, Windows
and Linux.
- [x] Auto-update manual QA, from released version of component to new
version (see [tools/tuf/test](../tools/tuf/test/README.md)).
2025-03-20 11:09:57 -03:00
Mike McNeil
21dfccc655
Update fleet-server-configuration.md (#27313) 2025-03-19 15:09:34 -05:00
Mike McNeil
aa73c0dfd2
Update deploy-fleet.md (#27311) 2025-03-19 15:09:05 -05:00
Marko Lisica
84892741dd
Merge Android docs changes (#27221)
Related to: 

- #23231
2025-03-19 10:03:02 -05:00
Victor Lyuboslavsky
6b7d232522
Additional CA validation (#27169)
For #26623

- Updated `github.com/groob/plist` to `github.com/micromdm/plist` -- it
was renamed
- Added validation that restricts DigiCert Fleet variables to
`com.apple.security.pkcs12` payloads plus additional restrictions
- Added validation that restricts Custom SCEP Fleet variables to
`com.apple.security.scep` payloads plus additional restrictions
- Enabled multiple CAs (Fleet variables) to be present in an Apple MDM
profile. But each CA can only be used once. For example, we can have
DigiCert CA and Custom SCEP CA in one Apple profile.

# Checklist for submitter
- [x] If database migrations are included, checked table schema to
confirm autoupdate
- For database migrations:
- [x] Checked schema for all modified table for columns that will
auto-update timestamps during migration.
- [x] Confirmed that updating the timestamps is acceptable, and will not
cause unwanted side effects.
- [x] Ensured the correct collation is explicitly set for character
columns (`COLLATE utf8mb4_unicode_ci`).
- [x] Added/updated automated tests
- [x] A detailed QA plan exists on the associated ticket (if it isn't
there, work with the product group's QA engineer to add it)
- [x] Manual QA for all new/changed functionality
2025-03-19 08:27:55 -05:00
Noah Talerman
ac9072ab95
API reference (#27197)
Do we need the “by ID”? I wonder if we could pull that out (less words
and it’s consistent with other endpoints)
2025-03-17 13:44:48 -05:00
Jorge Falcon
9affceb6d1
Typo fix in agent-configuration.md (#27148)
Fixing typo on L3. 
- "fleed" -> "fleetd"
2025-03-17 12:33:17 -05:00
Victor Lyuboslavsky
131a52695b
Custom SCEP integration (#27121)
For #26623 

This PR enables deploying an Apple configuration profile with Fleet
proxying a custom SCEP server.

# Checklist for submitter

- [x] Changes file added for user-visible changes in `changes/`,
`orbit/changes/` or `ee/fleetd-chrome/changes`.
- [x] If database migrations are included, checked table schema to
confirm autoupdate
- For database migrations:
- [x] Checked schema for all modified table for columns that will
auto-update timestamps during migration.
- [x] Confirmed that updating the timestamps is acceptable, and will not
cause unwanted side effects.
- [x] Ensured the correct collation is explicitly set for character
columns (`COLLATE utf8mb4_unicode_ci`).
- [x] Added/updated automated tests
- [x] A detailed QA plan exists on the associated ticket (if it isn't
there, work with the product group's QA engineer to add it)
- [x] Manual QA for all new/changed functionality
2025-03-17 10:59:07 -05:00
Jahziel Villasana-Espinoza
d0f70c5980
fix: report a failure in setup experience if a VPP app installation fails due to lack of licenses (#27163)
> For #26345

# Checklist for submitter

If some of the following don't apply, delete the relevant line.

<!-- Note that API documentation changes are now addressed by the
product design team. -->

- [x] Changes file added for user-visible changes in `changes/`,
`orbit/changes/` or `ee/fleetd-chrome/changes`.
See [Changes
files](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/Committing-Changes.md#changes-files)
for more information.
- [x] Added/updated automated tests
- [x] A detailed QA plan exists on the associated ticket (if it isn't
there, work with the product group's QA engineer to add it)
- [x] Manual QA for all new/changed functionality
2025-03-17 09:43:51 -04:00
Rachael Shaw
3679471a99
API docs: Combine policies and team policies (#27167)
Document all policies API endpoints under "Policies" instead of having 2
separate sections:

![Screenshot 2025-03-14 at 4 51
44 PM](https://github.com/user-attachments/assets/96546c23-dea9-41cd-8ef9-ad692a6667fb)


Also renamed "Remove policy" to "Delete policy" to make language more
consistent w/ other endpoints.
2025-03-14 16:54:03 -05:00
Lucas Manuel Rodriguez
46c9f9a37b
Fix auto generated docs on main (#27165)
Ran `make generate-doc`.
2025-03-14 17:41:57 -03:00
Rachael Shaw
990322321d
Documentation changes for v4.65.0 (#27108)
Documentation changes for the 4.65.0 release

---------

Co-authored-by: Marko Lisica <83164494+marko-lisica@users.noreply.github.com>
Co-authored-by: Noah Talerman <47070608+noahtalerman@users.noreply.github.com>
Co-authored-by: Sarah Gillespie <73313222+gillespi314@users.noreply.github.com>
Co-authored-by: Ian Littman <iansltx@gmail.com>
Co-authored-by: Eric <eashaw@sailsjs.com>
Co-authored-by: Janis Watts <184028114+jmwatts@users.noreply.github.com>
Co-authored-by: Victor Lyuboslavsky <victor@fleetdm.com>
2025-03-14 14:54:48 -05:00
Rachael Shaw
3333139496
Small indentation fix in API docs (#27158) 2025-03-14 14:31:10 -05:00
Ian Littman
1537eb710f
Revise discovery queries for Python software inventory to be compatible with earlier versions of osquery (#27130) 2025-03-13 17:32:06 -06:00
Noah Talerman
76071505ff
YAML reference docs: custom targets (labels) is Premium only (#27109) 2025-03-13 16:51:54 -05:00
Teffen Ellis
f61c8e8800
Add instructions for single sign-on via authentik. (#27079)
Hi Fleet team!

I'm an engineer at authentik and I've been working on a guide to help
our users integrate Fleet with authentik as an identity provider. While
our own documentation is still in progress, I wanted to contribute this
guide to the Fleet documentation to help our users get started with SSO.

This PR expands Fleet's Single Sign-on guide to include a section for
[authentik](https://goauthentik.io) as an identity provider.

Please let me know if I can provide any additional information or make
any changes to this PR.

Thank you for considering this contribution!
2025-03-12 13:55:12 -05:00
Martin Angers
e7d6a36c2c
Add contributor doc explaining the upcoming activities queue (#27071) 2025-03-12 11:55:56 -04:00
Mike McNeil
97696ccdca
Update deploy-fleet.md (#26935)
Remove settings that aren't minimally required to make it simpler to
follow along


@rfairburn @edwardsb @lukeheath Y'all, please stop me if this is a bad
idea.
2025-03-11 15:35:51 -05:00
Marko Lisica
17904525ab
Remove GET /api/v1/fleet/vpp (deprecated and not working) (#27023)
I found that `GET /api/v1/fleet/vpp` isn't working, but is still
documented. I believe we moved to new endpoint to manage VPP tokens:
`GET /api/v1/fleet/vpp_tokens`
2025-03-11 15:34:44 -05:00
Victor Lyuboslavsky
0f3a76dd27
Add DigiCert integration dev docs. (#27039)
For #25822
2025-03-11 15:33:44 -05:00
Mike Thomas
5c8c0422fe
Add license key details to deploy docs (#26985)
Closes https://github.com/fleetdm/confidential/issues/9461

- Add license key details to deploy docs.

Co-authored-by: Brock Walters <153771548+nonpunctual@users.noreply.github.com>
2025-03-11 07:06:52 +09:00
Noah Talerman
e4ef8cc6db
YAML reference docs (#27000)
- Fix quotes
- `macos_settings` is for all Apple platforms Fleet supports: #26096
2025-03-10 13:43:23 -05:00
Noah Talerman
273601d695
Agent configuration reference docs (#26999)
- Remove rotate enroll secret instructions because they're wrong: #25755
- Update contributor docs to simplify: #24309

---------

Co-authored-by: Rachael Shaw <r@rachael.wtf>
2025-03-10 13:36:44 -05:00
Victor Lyuboslavsky
683c93f99f
Android architecture docs (#26975)
For #23231

---------

Co-authored-by: Martin Angers <martin.n.angers@gmail.com>
2025-03-10 13:01:57 -05:00
jacobshandling
1268036c1f
23971 Proposed API and schema changes (#25013)
## For #25034

### API changes:
[this PR diff](https://github.com/fleetdm/fleet/pull/25013/files)
("available_teams" change is adding missing documentation for current
API behavior)

### schema changes:
- new col in `users` table, `settings`, type `json`. Defaults to `{}`.
New setting, `hidden_host_columns`, added or updated on first relevant
API call per user.

### semantics

- **null** `"hidden_host_columns"` field means "not yet set, use
defaults": `{"settings":{"hidden_host_columns": null}}`
- **included and empty** `"hidden_host_columns"` field means "no columns
hidden, show all columns in the UI":
`{"settings":{"hidden_host_columns": []}}`

### Updates 1/7/25 per discussion with @rachaelshaw @lucasmrod
@sgress454:
- Optional query param `include_ui_settings=true` included with `GET`s
to `/me` or `/users/:id` will trigger considering the API call to be a
contributor API call, giving more flexibility for future changes. Note
that this is the first time we have one endpoint that can be
conditionally considered a contributor endpoint depending on how it is
called.

---------

Co-authored-by: Jacob Shandling <jacob@fleetdm.com>
2025-03-10 10:17:57 -07:00
George Karr
4b3e2a0f69
Create design-qa-considerations.md (#26774)
Co-authored-by: Marko Lisica <83164494+marko-lisica@users.noreply.github.com>
Co-authored-by: Noah Talerman <47070608+noahtalerman@users.noreply.github.com>
Co-authored-by: Sam Pfluger <108141731+Sampfluger88@users.noreply.github.com>
2025-03-07 15:32:41 -06:00
Ian Littman
014f10fb46
Add experimental software title name update endpoint for titles with a bundle ID (#26938)
For #26933.

# Checklist for submitter

If some of the following don't apply, delete the relevant line.

<!-- Note that API documentation changes are now addressed by the
product design team. -->

- [x] Changes file added for user-visible changes in `changes/`,
`orbit/changes/` or `ee/fleetd-chrome/changes`.
See [Changes
files](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/Committing-Changes.md#changes-files)
for more information.
- [x] Input data is properly validated, `SELECT *` is avoided, SQL
injection is prevented (using placeholders for values in statements)
- [x] Added/updated automated tests
- [x] A detailed QA plan exists on the associated ticket (if it isn't
there, work with the product group's QA engineer to add it)
- [x] Manual QA for all new/changed functionality

---------

Co-authored-by: Rachael Shaw <r@rachael.wtf>
2025-03-07 11:36:17 -06:00
Eugene
31191689e8
Update yaml-files.md (#26781)
Cleaning up and standardizing use of quotations in YAML.

1. Updated to use single quotes
2. Updated to use double quotes to enclose single quote references.
3. Removed extraneous quotes around strings.
2025-03-06 17:34:44 -06:00
Rachael Shaw
f229230ada
API docs: Indentation fix in get config example (#26916) 2025-03-06 14:00:33 -06:00
Rachael Shaw
4c5aa74434
Update license in GET /config example (#26915)
Include premium license fields
2025-03-06 13:53:33 -06:00
Gabe Lopez
f51bb7c7ea
Add files via upload to replace old screenshot for SSO config (#26841)
Replacing an old screenshot for SSO-Setup that removes the `issuer URI`
field that is no longer needed nor available in Fleet

---------

Co-authored-by: Eric <eashaw@sailsjs.com>
2025-03-06 13:28:57 -06:00
Drew Baker
72b7c59545
Update tutorials-and-guides.md (#26900)
Adjusting the order to test the performance change of
https://fleetdm.com/guides/mdm-migration if it is moved to the top of
/guides

Context:

https://app.zenhub.com/workspaces/help-marketing-64e6c8e2d35c7f001a457b7f/issues/gh/fleetdm/confidential/9855
2025-03-06 10:57:11 -06:00
Rachael Shaw
b769d946bc
Update formatting for "Modify team" API docs (#26840)
Match the format of [Modify
configuration](https://fleetdm.com/docs/rest-api/rest-api#modify-configuration)
2025-03-05 12:35:25 -06:00
Allen Houchins
3540b631c0
Update yaml-files.md (#26836)
Discovered `calendar_event_enabled` does not work but going through the
API documentation shows `calendar_events_enabled` does work. I verified
this in dogfood.

https://fleetdm.slack.com/archives/C019WG4GH0A/p1741118773584829
2025-03-04 15:56:45 -06:00
Victor Lyuboslavsky
488efd144e
Added DigiCert/SCEP activity structs. (#26786)
For #26603

Splitting this change from the rest of the DigiCert/SCEP config work
since it requires documentation signoff.
2025-03-04 11:02:44 -06:00
Rachael Shaw
ddd2834dc8
Sentence case fix in SMTP options form (#26730)
"Username and Password" -> "Username and password"
2025-02-28 15:29:39 -06:00
Mike McNeil
78b2a6f12f
Update Reference-Architectures.md (#26702) 2025-02-28 14:35:05 -06:00
Swapnil Surendra Jangam
36a3434e47
Update queries.yml (#26682)
Softwares query for macOS corrected in Vitals. Was showing query for
linux.

# Checklist for submitter

If some of the following don't apply, delete the relevant line.

<!-- Note that API documentation changes are now addressed by the
product design team. -->
- [ ] Input data is properly validated, `SELECT *` is avoided, SQL
injection is prevented (using placeholders for values in statements)
- [ ] Manual QA for all new/changed functionality

---------

Co-authored-by: Rachael Shaw <r@rachael.wtf>
2025-02-27 18:16:46 -06:00
Lucas Manuel Rodriguez
df5461cb4c
Remove unused code (from Fleet's sandbox implementation) (#26645)
Removing unused code and APIs (these APIs and code were used by "Fleet
Sandbox" which doesn't exist anymore).
2025-02-27 17:37:56 -03:00
Victor Lyuboslavsky
67b72764c5
Added Android activity and better handling of deleted users. (#26640)
For #26218

- Added `users_deleted` table to track user actions if the user was
actually deleted.
- Added enable/disable Android MDM activities

Note: I could not auto-generate fleet.Service mock because it has issues
with methods that don't return anything. I ended up using testify mock
instead.

# Checklist for submitter

- [x] If database migrations are included, checked table schema to
confirm autoupdate
- For database migrations:
- [x] Checked schema for all modified table for columns that will
auto-update timestamps during migration.
- [x] Confirmed that updating the timestamps is acceptable, and will not
cause unwanted side effects.
- [x] Ensured the correct collation is explicitly set for character
columns (`COLLATE utf8mb4_unicode_ci`).
- [x] Added/updated automated tests
- [x] Manual QA for all new/changed functionality
2025-02-27 14:19:15 -06:00
George Karr
b47e4a51ce
Drop support for macOS 13 (#26525)
Drop support for macOS 13 and no longer need to validate nudge updates
2025-02-27 13:34:59 -06:00
Sarah Gillespie
f43fb9538a
Merge branch 'main' into feat-23235-host-certificates 2025-02-27 11:41:34 -06:00
Jordan Moore
7df866754e
Correct a URL in the documentation so it doesn't 404 (#26651)
The URL was pointing to a file in the fleet-terraform repo that didn't
exist causing it to 404.
2025-02-27 09:27:15 -06:00
Konstantin Sykulev
124fc44a3e
Updated python_packages osquery query (#26434)
A new feature in osquery `5.16` was created to allow for scanning of
user directories for python packages. If the new version of osquery is
detected use the new query, otherwise use the old query.

https://github.com/fleetdm/fleet/issues/26423

- [x] Changes file added for user-visible changes in `changes/`,
`orbit/changes/` or `ee/fleetd-chrome/changes`.
See [Changes
files](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/Committing-Changes.md#changes-files)
for more information.
- [x] Added/updated automated tests
- [x] A detailed QA plan exists on the associated ticket (if it isn't
there, work with the product group's QA engineer to add it)
- [x] Manual QA for all new/changed functionality
2025-02-26 14:15:41 -06:00
Martin Angers
0adf67e538 Fix conflicts 2025-02-25 14:39:35 -05:00
Noah Talerman
a14fd0d263
Terraform cleanup (#26379)
- Remove `dogfood/aws/` folder
- Update links in docs and guides
2025-02-24 17:35:50 -05:00
Eugene
9ef382389e
Update yaml-files.md intro section for legibility and to call out missing or mispelled settings. (#26459)
Updated top text area for legibility and to call out what happens to
missing or mispelled settings.

These changes were prompted by
https://github.com/fleetdm/fleet/issues/26450

---------

Co-authored-by: Noah Talerman <47070608+noahtalerman@users.noreply.github.com>
2025-02-24 15:44:43 -06:00
Noah Talerman
f9a8910919
Agent configuration: small clarification (#26498)
`script_execution_timeout` is in seconds
2025-02-24 15:31:51 -06:00
Noah Talerman
b3dd8e58a3
YAML reference docs: fix indenting (#26566)
Fix example
[here](https://fleetdm.com/docs/configuration/yaml-files#example5):

![Screenshot 2025-02-24 at 3 18
38 PM](https://github.com/user-attachments/assets/64524043-190a-4194-af3a-b2ad2fb47358)
2025-02-24 15:23:02 -06:00
Martin Angers
8477856886 FIx conflicts 2025-02-24 14:28:34 -05:00
Lucas Manuel Rodriguez
eede554a79
Update Wayland docs (#26446)
For #25998
2025-02-21 09:24:03 -05:00
Eric
7dd2f8557c
Website: add bash commands for macOS vitals, queries, and policies (#26327)
Changes:
- Updated the query-detail, vital-detail, and policy-detail pages to
have a tab for bash commands.
- Updated queries, vitals, and policies to have a bash command that
returns the same results as the SQL query.
2025-02-20 18:16:16 -06:00
jacobshandling
c22f575150
Add gitops app config fields, API access, activities, tests (#26282)
## For #26230 

- Add `gitops` settings to app config
- GET and PATCH endpoint functionality to retrieve and modify these
settings
- generate activities for enabling and disabling GitOps mode
- Premium only
- Update tests

<img width="1355" alt="Screenshot 2025-02-17 at 9 22 13 AM"
src="https://github.com/user-attachments/assets/e03d7fd6-8795-4df2-9c8f-ffbcabd2d212"
/>

<img width="1575" alt="Screenshot 2025-02-17 at 9 24 33 AM"
src="https://github.com/user-attachments/assets/5bf963d4-6fb7-4586-8f6f-9e605c25bf06"
/>

## Checklist for submitter

- [x] Added/updated automated tests
- [ ] A detailed QA plan exists on the associated ticket (if it isn't
there, work with the product group's QA engineer to add it)
- [x] Manual QA for all new/changed functionality

---------

Co-authored-by: Jacob Shandling <jacob@fleetdm.com>
2025-02-20 08:40:46 -08:00
Sarah Gillespie
351f40230a
Add osquery ingestion for host certificates feature (#26426) 2025-02-19 14:44:01 -06:00
Noah Talerman
b682ee1b07
Docs v4.64.0 (#26393)
Reference doc changes for Fleet 4.64.0

---------

Co-authored-by: Rachael Shaw <r@rachael.wtf>
Co-authored-by: Ian Littman <iansltx@gmail.com>
Co-authored-by: Eric <eashaw@sailsjs.com>
2025-02-18 16:31:55 -06:00
Mike Thomas
b23d331227
Update standard-query-library.yml (#26346)
closes:
https://github.com/fleetdm/fleet/issues/24415#issuecomment-2657863048

- Updated policy to the suggestion from @jmwatts in the linked bug
report.
- Added caveat note.

@ddribeiro, please can you confirm that the suggested policy edit is
good to go?

Co-authored-by: Eric <eashaw@sailsjs.com>
2025-02-18 07:33:41 +09:00
Dale Ribeiro
56b3a4bbef
Added DisableFDEAutoLogin key to support new policy (#26353)
# Checklist for submitter

If some of the following don't apply, delete the relevant line.

<!-- Note that API documentation changes are now addressed by the
product design team. -->

- [ ] Changes file added for user-visible changes in `changes/`,
`orbit/changes/` or `ee/fleetd-chrome/changes`.
See [Changes
files](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/Committing-Changes.md#changes-files)
for more information.
- [ ] Input data is properly validated, `SELECT *` is avoided, SQL
injection is prevented (using placeholders for values in statements)
- [ ] Added support on fleet's osquery simulator `cmd/osquery-perf` for
new osquery data ingestion features.
- [ ] If paths of existing endpoints are modified without backwards
compatibility, checked the frontend/CLI for any necessary changes
- [ ] If database migrations are included, checked table schema to
confirm autoupdate
- For database migrations:
- [ ] Checked schema for all modified table for columns that will
auto-update timestamps during migration.
- [ ] Confirmed that updating the timestamps is acceptable, and will not
cause unwanted side effects.
- [ ] Ensured the correct collation is explicitly set for character
columns (`COLLATE utf8mb4_unicode_ci`).
- [ ] Added/updated automated tests
- [ ] A detailed QA plan exists on the associated ticket (if it isn't
there, work with the product group's QA engineer to add it)
- [ ] Manual QA for all new/changed functionality
- For Orbit and Fleet Desktop changes:
- [ ] Orbit runs on macOS, Linux and Windows. Check if the orbit
feature/bugfix should only apply to one platform (`runtime.GOOS`).
- [ ] Manual QA must be performed in the three main OSs, macOS, Windows
and Linux.
- [ ] Auto-update manual QA, from released version of component to new
version (see [tools/tuf/test](../tools/tuf/test/README.md)).
2025-02-17 08:36:55 +09:00
Rachael Shaw
26a18d1f90
Update agent-configuration.md (#26371)
Fix unnecessary backticks and capitalization.
2025-02-15 11:29:59 -06:00
Joel Hermanns
ba8b94c1c0
docs: fix example response of Create Teams endpoint (#25974)
Previously the docs suggested that an array of teams is returned when
creating a new team. This is not the case.

This commit fixes the api docs and clarifies the example response.
2025-02-13 10:03:12 -06:00
Nathaniel Strauss
1a7f421582
Update YAML docs to support idp_image_url (#26104)
Supported with `fleetctl gitops` but not included in the YAML docs at
https://fleetdm.com/docs/configuration/yaml-files#sso-settings.

---------

Co-authored-by: Rachael Shaw <r@rachael.wtf>
2025-02-13 06:31:43 -06:00
Dale Ribeiro
cc3de47681
Add software to required keys example (#26261)
# Checklist for submitter

If some of the following don't apply, delete the relevant line.

<!-- Note that API documentation changes are now addressed by the
product design team. -->

- [ ] Changes file added for user-visible changes in `changes/`,
`orbit/changes/` or `ee/fleetd-chrome/changes`.
See [Changes
files](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/Committing-Changes.md#changes-files)
for more information.
- [ ] Input data is properly validated, `SELECT *` is avoided, SQL
injection is prevented (using placeholders for values in statements)
- [ ] Added support on fleet's osquery simulator `cmd/osquery-perf` for
new osquery data ingestion features.
- [ ] If paths of existing endpoints are modified without backwards
compatibility, checked the frontend/CLI for any necessary changes
- [ ] If database migrations are included, checked table schema to
confirm autoupdate
- For database migrations:
- [ ] Checked schema for all modified table for columns that will
auto-update timestamps during migration.
- [ ] Confirmed that updating the timestamps is acceptable, and will not
cause unwanted side effects.
- [ ] Ensured the correct collation is explicitly set for character
columns (`COLLATE utf8mb4_unicode_ci`).
- [ ] Added/updated automated tests
- [ ] A detailed QA plan exists on the associated ticket (if it isn't
there, work with the product group's QA engineer to add it)
- [ ] Manual QA for all new/changed functionality
- For Orbit and Fleet Desktop changes:
- [ ] Orbit runs on macOS, Linux and Windows. Check if the orbit
feature/bugfix should only apply to one platform (`runtime.GOOS`).
- [ ] Manual QA must be performed in the three main OSs, macOS, Windows
and Linux.
- [ ] Auto-update manual QA, from released version of component to new
version (see [tools/tuf/test](../tools/tuf/test/README.md)).
2025-02-11 11:52:44 -06:00
Noah Talerman
6e5b5085d6
YAML files: add missing example (#26101) 2025-02-11 10:59:13 -06:00
Robert Fairburn
94e6b972ce
Change documentation to point to new terraform repo (#26200) 2025-02-10 17:42:28 -06:00
Jordan Moore
d651a7ea49
Minor Documentation Updates (#26236)
I came across these changes while getting my gitops flow setup.

1. Changed `logo_url` to `org_logo_url`
2. Fixed indenting on `server_settings` so it's nested under
`org_settings`
2025-02-10 17:30:42 -06:00
Victor Lyuboslavsky
77daed1909
[YAML files] Fixed link and reorganized end_user_authentication for clarity. (#26173)
Link to current doc:
https://fleetdm.com/docs/configuration/yaml-files#end-user-authentication

Co-authored-by: Rachael Shaw <r@rachael.wtf>
2025-02-07 17:43:11 -06:00
Noah Talerman
b38af05404
Serve software with CloudFront is Fleet Premium (#26131) 2025-02-07 17:41:04 -06:00
Katheryn Satterlee
5d5c7bdeed
Add example for mdm.end_user_authentication (#26120)
# Checklist for submitter

If some of the following don't apply, delete the relevant line.

<!-- Note that API documentation changes are now addressed by the
product design team. -->

Docs only change.
2025-02-07 17:35:12 -06:00
Victor Lyuboslavsky
a51ecf18ec
Clarify how Fleet GitOps is supposed to work (#26184) 2025-02-07 15:02:20 -06:00
Dante Catalfamo
f8de2d9e50
Follow redis redirects by default (#26043)
#22791

This will prevent the occasional redirect from breaking live queries.
Customers can still disable the redirects by setting
`redis.cluster_follow_redirections` to `false`.
2025-02-06 13:32:31 -05:00
Noah Talerman
9fabf367e4
YAML reference: remove duplicate section (#26100) 2025-02-05 13:54:50 -06:00
Gabriel Hernandez
2b9e19fcef
generate new docs for activities (#26066)
generates new docs for activities
2025-02-05 16:35:30 +00:00
Rachael Shaw
33b481fdc8
Docs v4.63.0 (#26019)
Documentation changes for 4.63.0

---------

Co-authored-by: Marko Lisica <83164494+marko-lisica@users.noreply.github.com>
Co-authored-by: Eugene <eugene@fleetdm.com>
Co-authored-by: Ian Littman <iansltx@gmail.com>
Co-authored-by: Scott Gress <scottmgress@gmail.com>
Co-authored-by: Victor Lyuboslavsky <victor.lyuboslavsky@gmail.com>
Co-authored-by: Noah Talerman <47070608+noahtalerman@users.noreply.github.com>
2025-02-04 12:38:54 -06:00
Noah Talerman
f6b06a9578
Audit logs: missing status (#25906)
- Add missing `status` for `installed_app_store_app`
- @noahtalerman: @iansltx and I tested the `installed_app_store_app`
activity and saw that the docs are missing `status`
- Clarify that `_software` activities are for Fleet-maintained apps and
custom packages
2025-02-03 16:16:58 -05:00
Tim Lee
d38d180357
Add labels and editing for VPP apps (#25979)
For #24609

---------

Co-authored-by: Jahziel Villasana-Espinoza <jahziel@fleetdm.com>
Co-authored-by: Jahziel Villasana-Espinoza <jahzielv@gmail.com>
2025-02-03 11:16:21 -06:00
Eric
6cfecdeea3
Website: Add Powershell commands to queries.yml and standard query library. (#25972)
Changes:
- Added powershell commands to windows queries in queries.yml and
windows policies in the standard query library.
- Updated code blocks on the vital details, policy details, and query
details pages to have a tab switcher to switch to view PowerShell
commands.

---------

Co-authored-by: Mike McNeil <mikermcneil@users.noreply.github.com>
2025-02-02 21:31:00 -06:00
Marko Lisica
d30b8fd96a
Update path example for install_software.package_path (#25895)
Related to #25867 

Paths are relative. Fixed in
[4.58.0](https://github.com/fleetdm/fleet/blob/main/CHANGELOG.md?plain=1#L308).

---------

Co-authored-by: Noah Talerman <47070608+noahtalerman@users.noreply.github.com>
2025-01-31 10:55:26 -06:00
Rebecca Cowart
00c2f366e9
Update agent-configuration.md (#25855)
grammar fix
2025-01-30 13:30:18 -06:00
Lucas Manuel Rodriguez
e8b1fdb845
Add dogfood as dependency to test autopilot (#25852) 2025-01-30 16:25:46 -03:00
Noah Talerman
8b23ed5262
Kubernetes: remove outdated files and update guide (#25835)
We have two ways to deploy Fleet to Kubernetes. The non-Helm way is so
old it might not work to deploy Fleet

Changes:
- Remove files for deploying Fleet to Kubernetes the non-Helm way
- Update guide to remove mention of non-Helm (kubectl) way
- Remove note in handbook about files with `_` prefix because
`docs/Deploy/_Kubernetes` was the only one.

---------

Co-authored-by: Sam Pfluger <108141731+Sampfluger88@users.noreply.github.com>
2025-01-30 08:49:58 -06:00
Gabriel Hernandez
1c5f13589f
fix 500 page when filtering by vulnerabilities on host software (#25816)
For #25735

This is a fix for the 500 page appearing when filtering for vulnerable
software on the host details page.

Also adds some missing docs for vulnerable query param filter on `GET
hosts/:id/software` endpoint

- [x] Changes file added for user-visible changes in `changes/`,
`orbit/changes/` or `ee/fleetd-chrome/changes`.
See [Changes
files](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/Committing-Changes.md#changes-files)
for more information.
- [x] Manual QA for all new/changed functionality
2025-01-29 12:09:28 +00:00
Lucas Manuel Rodriguez
fca0ea5bc1
Manual workflow to test fleetd-base.msi (#25808)
Manual workflow to test `fleetd-base.msi` using e.g. `edge` channels.

Similar to the existing:
https://github.com/fleetdm/fleet/blob/main/.github/workflows/build-fleetd-base-pkg.yml
2025-01-28 15:55:32 -03:00
Eric
6dfd114cce
Docs: Update heading links on "Hosting Fleet" page. (#25820)
Closes: #25797

Changes:
- Updated the HTML links on the "Hosting Fleet" documentation page so
they will be linkable by the "On this page" sidebar on the Fleet
website.
2025-01-28 11:59:38 -06:00
Noah Talerman
57b6ab1b4f
Host vitals page: clarify that Fleet checks the default disk on Linux (#25778)
Update the description on this page:
https://fleetdm.com/vitals/disk-encryption-linux#linux

More context in Slack here.
2025-01-27 14:21:43 -06:00
Katheryn Satterlee
49231f19be
Update agent-configuration.md (#25740)
- Updated the query suggested to view all osquery flags
- Added a note that running this query through osqueryi will not reflect
the settings in use by osqueryd.

# Checklist for submitter

If some of the following don't apply, delete the relevant line.

Documentation only change

---------

Co-authored-by: Rachael Shaw <r@rachael.wtf>
2025-01-27 13:35:46 -06:00
Jordan Wright
d074ba2b48
Fix incorrect source in device mapping REST API docs (#25641)
### Summary

This PR closes #25640 by fixing the incorrect `source` value in the
device mapping REST API docs.

The real value is `mdm_idp_accounts` which can be found
[here](15ac793238/server/fleet/hosts.go (L894)).

### Test Plan

- [x] Changes file added for user-visible changes in `changes/`,
`orbit/changes/` or `ee/fleetd-chrome/changes`.
See [Changes
files](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/Committing-Changes.md#changes-files)
for more information.

I couldn't find any other references to `identity_provider`, so I think
these two were all of them.
2025-01-24 16:32:03 -06:00
Eric
5c0894ce0a
Website: Create queries.yml, add vitals and query pages, move policies. (#25701)
Related to: https://github.com/fleetdm/confidential/issues/9096

Changes:
- Created docs/queries.yml. A YAML file that contains the queries from
the standard query library (`kind: query`) and the host vitals queries
(`kind: built-in`).
- Added the `vitals/*` page, a page that displays details about host
vital queries used to gather information about.
- Updated the /queries page to show queries from the new
`docs/queries.yml` file, and moved policies to a new page (/policies)
- Updated the view action for the query-detail page to look for/redirect
to a policy page with a matching slug before returning a 404 response if
a matching query is not found. This behavior will make it so all of the
old URLs for policy pages will redirect users to the new URL.
- Updated the website's "Docs" navigation menu to have links to the new
vitals and policies pages.
2025-01-22 21:10:17 -06:00
Harrison Ravazzolo
19947a0c08
Add support for post_install_script (#25683)
This is supported in gitops but not referenced in docu.
2025-01-22 18:02:42 -06:00
Konstantin Sykulev
a1a43415d4
Removed filename from fleet maintained apps response (#25685)
This field was never implemented

<img width="876" alt="Screenshot 2025-01-21 at 8 33 56 PM"
src="https://github.com/user-attachments/assets/8b110375-e2e2-4805-b42b-676a3030e9d8"
/>
2025-01-22 18:00:54 -06:00
Harrison Ravazzolo
a23c305e04
Typo in gitops yaml file (#25681)
Update `name` to proper syntax `org_name`
2025-01-22 18:00:28 -06:00
Rebecca Cowart
fecc8bbc07
Update rest-api.md (#25670)
Fixed typo - misspelling of "endpoint"
2025-01-22 15:36:13 -06:00
Scott Gress
4ac1be34d9
Update docs for host_batch_size (#25632)
for #24967 

This PR updates the documentation for the `host_batch_size` for both the
failing policies webhook and the vulnerabilities webhook. The new
documentation matches the actual behavior when `host_batch_size` is set
to 0.
2025-01-22 13:15:31 -06:00
Mike Thomas
a7acff4eda
Updated anatomy and teams guide (#25629)
Closes https://github.com/fleetdm/fleet/issues/24615

Updated anatomy to:
- Include a more accurate definition of teams
- Updated out-of-date links. Specifically FleetUI that linked to the
queries guide. I updated to link directly to the FleetUI YouTube video.
- Consolidated osquery, Orbit, and Fleetd Chrome extension definitions
under "Fleetd."
- Updated Host vitals and Software definitions

Updated teams guide.
- Fixed some typos and re-phrased a couple of paragraphs for easier
readability
- I provided the missing instructions for adding hosts to teams
(probably should have PR'd this separately, but got carried away)

---------

Co-authored-by: Rachael Shaw <r@rachael.wtf>
2025-01-22 12:39:44 -06:00
Ian Littman
65f9ef4967
Bump Node version to 20.18.1 (#25591)
For #25590.

# Checklist for submitter

If some of the following don't apply, delete the relevant line.

<!-- Note that API documentation changes are now addressed by the
product design team. -->

- [x] Changes file added for user-visible changes in `changes/`,
`orbit/changes/` or `ee/fleetd-chrome/changes`.
See [Changes
files](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/Committing-Changes.md#changes-files)
for more information.
- [x] Manual QA for all new/changed functionality
2025-01-20 15:50:28 -06:00
Ian Littman
a3d83f47b9
Update endpoint docs for VPP app batch set (#25585)
Changes implemented in the VPP automation GitOps PR (for #23531); docs
split to another PR for easier review.
2025-01-20 11:23:29 -06:00
Rebecca Cowart
289e66a568
Update rest-api.md (#25527)
Added context to the `additional_info_filters` parameter.
2025-01-16 16:12:11 -06:00
Rebecca Cowart
2f20f13246
Update yaml-files.md (#25526)
Added ai_features_disabled to the list of server_settings. Fixed two
spelling issues. Made the grammar surrounding each "(default:...)" text
consistent within that section.
2025-01-16 16:04:53 -06:00
jacobshandling
725ccf6ebc
Docs: fix type (#25523)
This parameter should be a string

Co-authored-by: Jacob Shandling <jacob@fleetdm.com>
2025-01-16 15:52:37 -06:00
Marko Lisica
8b073d577c
Update docs and guide about variables (#25445)
Related to:
- https://github.com/fleetdm/fleet/issues/23238#issuecomment-2591300093
2025-01-16 13:34:28 -05:00
Noah Talerman
498ddca753
API reference: clarify 10k character limit for arbitrary scripts (#25470) 2025-01-15 15:14:29 -06:00
Dante Catalfamo
39466cb644
Use webhooks settings from gitops even when empty (#25347)
#24958

---------

Co-authored-by: Scott Gress <scottmgress@gmail.com>
2025-01-15 11:31:48 -05:00
Ian Littman
f1949ac2bf
Add VPP policy automation support to backend (#25154)
For #23529, #23530.

# Checklist for submitter

If some of the following don't apply, delete the relevant line.

<!-- Note that API documentation changes are now addressed by the
product design team. -->

- [x] Changes file added for user-visible changes in `changes/`,
`orbit/changes/` or `ee/fleetd-chrome/changes`.
See [Changes
files](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/Committing-Changes.md#changes-files)
for more information.
- [x] Input data is properly validated, `SELECT *` is avoided, SQL
injection is prevented (using placeholders for values in statements)
- [x] If database migrations are included, checked table schema to
confirm autoupdate
- For database migrations:
- [x] Checked schema for all modified table for columns that will
auto-update timestamps during migration.
- [x] Confirmed that updating the timestamps is acceptable, and will not
cause unwanted side effects.
- [x] Ensured the correct collation is explicitly set for character
columns (`COLLATE utf8mb4_unicode_ci`).
- [x] Added/updated automated tests
- [x] A detailed QA plan exists on the associated ticket (if it isn't
there, work with the product group's QA engineer to add it)
- [x] Manual QA for all new/changed functionality
2025-01-13 15:53:24 -06:00
Rachael Shaw
d27d6796f7
Small formatting fix in API for contributors (#25336)
Fixed some curly brackets that should have been square brackets
2025-01-10 11:51:35 -06:00
Lucas Manuel Rodriguez
7e419f97cb
Fix missing docs and yaml (#25333) 2025-01-10 11:42:55 -06:00
Rachael Shaw
378b404421
Documentation changes for v4.62.0 (#25315)
Co-authored-by: Marko Lisica <83164494+marko-lisica@users.noreply.github.com>
Co-authored-by: Konstantin Sykulev <konst@sykulev.com>
Co-authored-by: George Karr <georgekarrv@users.noreply.github.com>
Co-authored-by: Victor Lyuboslavsky <victor.lyuboslavsky@gmail.com>
Co-authored-by: Ian Littman <iansltx@gmail.com>
Co-authored-by: Noah Talerman <47070608+noahtalerman@users.noreply.github.com>
Co-authored-by: Lucas Manuel Rodriguez <lucas@fleetdm.com>
Co-authored-by: Eric <eashaw@sailsjs.com>
2025-01-09 18:04:34 -06:00
Rachael Shaw
4f68dca1a3
Docs: Update get host example response (#25313)
Couple changes in advance of API design for #23235 (since certificates
will be available for macOS/iOS/iPadOS):
+ Update "Get host" example response to be a macOS host
+ Update "Get host by device token" example response to be a macOS host
& move weightier items to the bottom for readability
2025-01-09 16:46:24 -06:00
Eric
4980052f0b
Website: Update policy details page, add controls to policies in standard query library. (#25309)
Related to: #23285


Changes:
- Updated the policy details page to have a controls section that
displays the `configuration_profile` and `script` values of policies
- Added configuration profiles and scripts from
https://github.com/ddribeiro/fleet-remediation-controls to macOS
policies in the standard query library.
2025-01-09 16:28:22 -06:00
Rachael Shaw
d1a564e387
Docs: Update get host example (#25310)
+ Update "Get host" example response to be a macOS host (in advance of
API design for #23235, since certificates will be available for
macOS/iOS/iPadOS)
+ Update formatting of "Get host by identifier" to move weightier items
to the bottom
2025-01-09 15:52:34 -06:00
Noah Talerman
9cb59c2abd
Reference docs: "Agent configuration" page cleanup (#25290)
This PR brings the "Agent configuration" format/organization closer to
the format we use for all other reference docs (YAML files, REST API,
and Fleet server configuration)

Changes:
- Update page headers so that the right-side navigation includes all the
top-level keys. Similar to the YAML files docs.
- Brings examples to the top of each section after a short description
(if necessary)
- Cut content
- Update "Learn more" links to more recent guides
2025-01-09 13:10:56 -06:00
Katheryn Satterlee
11f8e074e9
Restore stewardship commitment in FAQ (#25285)
The entry outlining Fleet's commitment to open source stewardship was
accidentally removed from the FAQ. Restoring it to its rightful place.

# Checklist for submitter

Docs only change.
2025-01-09 12:43:55 -06:00
Harrison Ravazzolo
ec2a866029
Update proxy doc in reference architecture (#25230)
Small change from a slack convo -
https://fleetdm.slack.com/archives/C019WG4GH0A/p1736282697358929

Co-authored-by: Harrison John <harrisonjohn@mac.lan>
2025-01-08 16:13:46 -06:00
Rebecca Cowart
c0d63e9468
Update FAQ.md - Removals (#25223)
Removed questions scheduled to be removed
2025-01-08 11:56:27 -06:00
Katheryn Satterlee
6421a65326
Update Aurora RDS Versions (#25214)
Updated AWS Aurora versions to reflect MySQL requirements

# Checklist for submitter

Docs only change
2025-01-08 11:52:17 -06:00
Rachael Shaw
a80466a93c
Docs: More readability improvements to "Get host" response (#25228)
Moved weightier items to the bottom of the response and smaller items up
top.
2025-01-07 17:17:51 -06:00
Rachael Shaw
edbba87d08
API docs: Make "Get host" example response more readable (#25227)
Moved software array further down in the response.
2025-01-07 17:11:50 -06:00
Scott Gress
f2239e6a48
Merge docs changes around script exection and YARA (#25204)
This PR cherry-picks a couple of docs changes I added to the docs-4.63.0
branch. These changes were approved and merged in
https://github.com/fleetdm/fleet/pull/25181 and
https://github.com/fleetdm/fleet/pull/25189, before I belatedly asked
whether that was the correct process.
2025-01-07 11:17:21 -06:00
Gabriel Hernandez
b193f2dc1c
add software_title_id to added_app_store_app activity (#25119)
relates to #24120

adds the `software_title_id` to the `added_app_store_activity`

- [x] Added/updated automated tests
- [x] Manual QA for all new/changed functionality
2025-01-03 16:03:13 +00:00
Victor Lyuboslavsky
0b9f36ad03
Enable MySQL 9.1 Go tests (#25055)
Enable MySQL 9 tests in the nightly Go test run.

The tests passed in my run:
https://github.com/fleetdm/fleet/actions/runs/12552738253/job/34999129651
2025-01-02 15:36:10 -06:00
Victor Lyuboslavsky
4c463b6c2f
Use Render Redis service (#23056)
Use Render's Redis service in `render.yaml`

Successfully deployed on Render:
<img width="1009" alt="image"
src="https://github.com/user-attachments/assets/fdb79286-3336-4747-97c0-b75c7578c0e8"
/>
2025-01-02 10:07:54 -06:00
Harrison Ravazzolo
71c8467a28
Fix typos in server config documentation (#25036)
Co-authored-by: Harrison John <harrisonjohn@Harrisons-MacBook-Pro.local>
2024-12-30 13:00:43 +01:00
Noah Talerman
3881d0b9d6
macOS setup experience guide: end user authentication (#24990)
- Put "already configured SSO" message at the top b/c this scenario will
apply to most users
- Add missing permissions for IdP for end user auth and end user
migration
- Clean up language in docs
- Add redirects for the UI in case content moves later

---------

Co-authored-by: Marko Lisica <83164494+marko-lisica@users.noreply.github.com>
2024-12-27 16:33:00 +01:00
Noah Talerman
ec43ee288b
SSO guide: best practice for email 2FA (#25005)
Fleet shipped email 2FA. User story is here (#22078)

- Add best practice to guides:
  - Email 2FA for "break-glass" user
  - SSO for all other users
- Update pricing page to link to feature request instead of the user
story.

---------

Co-authored-by: Marko Lisica <83164494+marko-lisica@users.noreply.github.com>
2024-12-25 11:55:24 +01:00
Tim Lee
f6f35be694
Remove homebrew app casks (#24593) 2024-12-24 13:25:53 -07:00
Ian Littman
7053731354
Move invite API endpoint docs from Fleet configuration heading to user heading, add missing mfa_enabled fields on invite endpoints (#24986)
For #24985. Also rewords rather verbose "these are authenticated
endpoints" descriptions for both subheadings.
2024-12-24 13:49:43 -05:00
Jahziel Villasana-Espinoza
3123324fe0
fix: add missing field (#24977)
> Related issue: #24970

# Checklist for submitter

If some of the following don't apply, delete the relevant line.

<!-- Note that API documentation changes are now addressed by the
product design team. -->

- [x] Added/updated tests
- [x] Manual QA for all new/changed functionality
2024-12-24 12:30:46 -05:00
jacobshandling
1a1ec72483
Docs: Add platform query param to GET queries API docs (#24999)
Addresses #23061

Co-authored-by: Jacob Shandling <jacob@fleetdm.com>
2024-12-23 14:40:24 -08:00
Noah Talerman
e6b1f73846
API reference docs: Profiles & scripts in GET /config, PATCH /config,GET /teams/:id , and PATCH /teams/:id (#24972)
Discovered this gap in API reference docs here:
https://github.com/fleetdm/fleet/issues/24789#issuecomment-2555549128
2024-12-23 15:56:41 -05:00
gillespi314
c78002747f Merge branch 'main' into feat-labels-scoped-software 2024-12-20 17:06:48 -06:00
Janis Watts
6979fc128c
Updated MailHog/Mailpit instructions for current UI and consistency (#24954)
Updated instructions to reflect the current UI options and changed
formatting in "MailHog SMTP server without authentication" to match the
more organized "Mailpit SMTP server with plain authentication" section.
2024-12-20 14:29:41 -06:00
Noah Talerman
5f9fcfc9f4
YAML files reference docs: windows_migration_enabled (#24891)
- Add missing reference docs for the following user story:
  - #22075
2024-12-19 14:37:49 -05:00
Katheryn Satterlee
d5ce6fa5d1
Clarify automation reset (#24884)
Updated /automations/reset description to reflect that this endpoint
does not immediately trigger automations, but resets the status of hosts
so that they are seen as newly failing on the next automation run.
2024-12-19 11:46:55 -06:00
Gabriel Hernandez
9057bf62a3 Merge branch 'main' into feat-labels-scoped-software 2024-12-18 15:36:20 -06:00
Martin Angers
14fc86d5e7
SSVL: update activities to add labels include/exclude (backend changes) (#24839) 2024-12-18 08:16:36 -05:00
Rachael Shaw
c4a2bb4d6b
4.61 documentation changes (#24833)
Co-authored-by: Ian Littman <iansltx@gmail.com>
Co-authored-by: Zach Wasserman <zach@fleetdm.com>
Co-authored-by: Lucas Manuel Rodriguez <lucas@fleetdm.com>
Co-authored-by: Konstantin Sykulev <konst@sykulev.com>
Co-authored-by: Marko Lisica <83164494+marko-lisica@users.noreply.github.com>
Co-authored-by: Noah Talerman <47070608+noahtalerman@users.noreply.github.com>
2024-12-17 15:39:24 -06:00
Noah Talerman
8759f4b23f
Currently, Fleet Desktop for Kubuntu requires Google Chrome (#24812)
More context:
https://github.com/fleetdm/fleet/issues/23697#issuecomment-2546913113

---------

Co-authored-by: Rachael Shaw <r@rachael.wtf>
2024-12-16 17:50:56 -06:00
Noah Talerman
6b6eb19bb0
Fleet server configuration docs: capitalize "S3" (#24794) 2024-12-16 10:42:20 -06:00
Andrea Scarpino
e3c87a2c79
List paths used by Fleet desktop (#23891)
We don't expose fleet publicly and we had to open these paths to make
Fleet Desktop work.
2024-12-13 17:47:50 -06:00
Konstantin Sykulev
abeb16c087
Updated deprecated endpoint references with new endpoint (#24723)
[#23880](https://github.com/fleetdm/fleet/issues/23880)

---------

Co-authored-by: Rachael Shaw <r@rachael.wtf>
2024-12-12 13:55:49 -06:00
Eugene
039ea91f9b
Capitalization fix & added :id information (#24643)
Fixed capitalization of "Default response" and id information for
modiifying a package
2024-12-12 12:50:49 -06:00
Eugene
f1ea2360d2
Edit the "List activities" description. (#24562)
Edited for length and clarity
2024-12-11 17:33:56 -05:00
Jahziel Villasana-Espinoza
5814e3985a
feat: add software title ID to add software activity (#24577)
> Related issue: #24120

## Changes
- Added the `software_title_id` field to the activity details for
`added_software` activities, which get generated when adding a customer
installer or a FMA
- Added a return value (`titleID`) to
`ds.MatchOrCreateSoftwareInstaller`
- Removed `ds.GetSoftwareTitleIDByMaintainedAppID`. Since we're
returning the new value above, this method was no longer needed.

## Testing steps
1. Add a custom installer
2. Add a FMA
3. Check the activity details in the response to `GET /activities`.
Verify that the `software_title_id` field exists and is correct.
4. Add a FMA with automatic install. Make sure the policy is correctly
created, has the correct software title ID associated with it, and that
it installs the app.

# Checklist for submitter

If some of the following don't apply, delete the relevant line.

<!-- Note that API documentation changes are now addressed by the
product design team. -->

- [x] Changes file added for user-visible changes in `changes/`,
`orbit/changes/` or `ee/fleetd-chrome/changes`.
See [Changes
files](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/Committing-Changes.md#changes-files)
for more information.
- [x] Added/updated tests
- [x] Manual QA for all new/changed functionality
2024-12-11 09:54:15 -05:00
Noah Talerman
68f2d99b25
API reference docs: disk encryption is cross-platform (#24588)
API reference doc changes for the following story:
- #22074

---------

Co-authored-by: Rachael Shaw <r@rachael.wtf>
2024-12-10 16:52:29 -06:00
Noah Talerman
6e4ddaeab9
YAML files reference docs: labels and users coming soon, ticket creation, ABM and VPP (#24480) 2024-12-10 17:50:04 -05:00
Katheryn Satterlee
7b87a32606
Add detail_query_overrides to contributor docs (#24589) 2024-12-10 15:46:59 -05:00
Janis Watts
a2e85abc62
Changed Metadata URL in SSO configuration to 127.0.0.1 due to product validation update (#24599)
Fleet now has a validation check in the Metadata URL field. Updated
instructions from

Metadata URL: http://localhost:9080/simplesaml/saml2/idp/metadata.php

TO

Metadata URL: http://127.0.0.1:9080/simplesaml/saml2/idp/metadata.php
2024-12-10 14:53:09 -05:00
Noah Talerman
8fe05fcf93
API reference: run script w/ team_id and script_name (#24484) 2024-12-10 13:39:24 -06:00
Martin Angers
538abdccf8
Add contributor docs to document the teams/no team conventions (#24569)
Not associated with a ticket, was an action item from our retrospective
meeting.
2024-12-10 10:19:28 -05:00
Katheryn Satterlee
c06a6b0509
Update deploy-fleet.md (#24503)
Add link to reference architecture for users who want to self-host.

Docs-only change.
2024-12-09 10:32:57 -05:00
Jahziel Villasana-Espinoza
614446e9b3
feat: document orbit-auth endpoints (#24368)
> Related issue: #22811

# Checklist for submitter

If some of the following don't apply, delete the relevant line.

<!-- Note that API documentation changes are now addressed by the
product design team. -->

- [x] Manual QA for all new/changed functionality
2024-12-05 11:22:13 -06:00
Noah Talerman
c8ac4067a8
Missing YAML files (GitOps) reference docs (#24362)
- Add `uninstall_script` for `packages`
- This feature was shipped as part of the following user story: #20320
  - Looks like we forgot to merge in the reference docs
2024-12-05 11:20:16 -06:00
Victor Lyuboslavsky
e04ab28128
Docs for /fleet/abm_tokens/count API endpoint (#24303)
For #24288
2024-12-04 19:19:16 -06:00
Ian Littman
4e27aebb5b
Indicate that we show date only (not date and time) for build_date in version endpoint response (#24388)
For #24293.
2024-12-04 18:24:44 -05:00
Allen Houchins
8b8f5f0649
Update yaml-files.md (#24371)
- Disk encryption for Linux
2024-12-04 18:08:53 -05:00
William Theaker
a7ec57e881
Fix gitops secret example (#24217)
The current string doesn't work.
2024-12-04 16:03:25 -06:00
Konstantin Sykulev
e3c9bf67cc
Fixed broken link in Deploy/README.md (#24134)
A `monitoring-fleet.md` file does not seem to exist. Pointed the link to
the `Reference-Architectures.md` Monitoring Fleet section.
2024-12-04 15:49:22 -06:00
Marko Lisica
ad83e71e39
[API design] Custom OS settings: "include any label" option for custom target (#23647) 2024-12-03 18:17:42 -05:00
Marko Lisica
42d51a5b05
[YAML changes] Custom OS settings: "include any label" option for custom target (#23648) 2024-12-03 18:15:38 -05:00
Martin Angers
aa8e20f21e
Merge branch 'main' into feat-automatic-migrate-windows-hosts 2024-12-02 16:12:30 -05:00
Brock Walters
f09d6fd797
Update rest-api.md (#24021)
Added note to get Setup Experience section warning against setting
custom URL values in custom profile. This was tested by CSA &
customer-starchik.

---------

Co-authored-by: Rachael Shaw <r@rachael.wtf>
2024-12-02 10:53:10 -06:00
Martin Angers
f399a90901
Merge branch 'main' into feat-automatic-migrate-windows-hosts 2024-12-02 09:34:49 -05:00
Rachael Shaw
6fd3ebf4cf
Docs v4.60.0 (#24197) 2024-11-27 15:21:16 -06:00
Martin Angers
c4404d9d68
Windows MDM Migration: API, CLI and activities (#24141) 2024-11-26 11:52:56 -05:00
Ian Littman
195bb861e0
Update contributor API docs to cover LUKS trigger/escrow endpoints (#23583, #23584) (#23943)
Other cleanup:

* Remove orphaned FileVault rotation ToC link
* Revise transparency endpoint to reference new "About Fleet"
terminology
* Remove enforce_bitlocker_encryption Fleet Desktop notification (that
notification is on Orbit config, which we don't document in contributor
docs, not on the Fleet Desktop endpoint)

---------

Co-authored-by: Tim Lee <timlee@fleetdm.com>
2024-11-22 20:51:57 -06:00
Eric
a95a83cf2b
Docs: change name of "Deploy Fleet" page (#23985)
Closes: #23759

Changes:
- Added a title meta tag to the "Deploy Fleet" documentation page to
change the name to "Hosting Fleet"

> Note: This only changes the title of the page in the UI on
fleetdm.com, the URL will still be `/docs/deploy/deploy-fleet`
2024-11-22 13:39:37 -06:00
Luke Heath
6c88513963
Update Reference-Architectures.md (#23990) 2024-11-22 13:39:27 -06:00
Mike McNeil
8080737870
Website: Update FAQ.md (#23718)
- 1000 => 300
- "cost-efficient" might make it seem like it's cost prohibitive for
everyone (but the real problem is just that we can't quite yet afford to
run thousands of small instances of Fleet for folks with 10-100 hosts,
because it means increasing infrastructure engineering headcount)
2024-11-19 22:42:20 -06:00
Noah Talerman
1e1b32ea40
Update pricing FAQ: pending hosts don't count (#23947) 2024-11-19 14:11:01 -05:00
Rachael Shaw
249189fc0c
Remove docs for #22464 (#23936)
Missed this one when updating v4.59 docs branch: #22464 is still on the
drafting board.
2024-11-18 18:08:55 -06:00
Rachael Shaw
2e779db0a8
Docs: v4.59.1 API changes (#23928)
Bring in @lucasmrod's changes from
https://github.com/fleetdm/fleet/pull/23743
2024-11-18 16:26:05 -06:00
Victor Lyuboslavsky
698e9e80fe
Added activity item for fleetd enrollment with host serial and display name. (#23790)
#22810 

# Demo
[![22810
demo](http://img.youtube.com/vi/le71QQ92suc/0.jpg)](http://www.youtube.com/watch?v=le71QQ92suc)

# Checklist for submitter

- [x] Changes file added for user-visible changes in `changes/`,
`orbit/changes/` or `ee/fleetd-chrome/changes`.
See [Changes
files](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/Committing-Changes.md#changes-files)
for more information.
- [x] Added support on fleet's osquery simulator `cmd/osquery-perf` for
new osquery data ingestion features.
- [x] Added/updated tests
- [x] Manual QA for all new/changed functionality
- For Orbit and Fleet Desktop changes:
- [x] Orbit runs on macOS, Linux and Windows. Check if the orbit
feature/bugfix should only apply to one platform (`runtime.GOOS`).
- [x] Manual QA must be performed in the three main OSs, macOS, Windows
and Linux.
- [x] Auto-update manual QA, from released version of component to new
version (see [tools/tuf/test](../tools/tuf/test/README.md)).
2024-11-18 15:51:36 -06:00
RachelElysia
4f3bf6439e
Docs: Update software status docs using old 'failed' value (#23848) 2024-11-18 09:04:32 -05:00
Lucas Manuel Rodriguez
4b4fc976a2
Add team_identifier to macOS software (#23766)
Changes to add `team_identifier` signing information to macOS
applications on the `/api/latest/fleet/hosts/:id/software` API endpoint.

Docs: https://github.com/fleetdm/fleet/pull/23743

- [X] Changes file added for user-visible changes in `changes/`,
`orbit/changes/` or `ee/fleetd-chrome/changes`.
See [Changes
files](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/Committing-Changes.md#changes-files)
for more information.
- [X] Input data is properly validated, `SELECT *` is avoided, SQL
injection is prevented (using placeholders for values in statements)
- [X] Added/updated tests
- [X] If paths of existing endpoints are modified without backwards
compatibility, checked the frontend/CLI for any necessary changes
- [X] If database migrations are included, checked table schema to
confirm autoupdate
- For database migrations:
- [X] Checked schema for all modified table for columns that will
auto-update timestamps during migration.
- [X] Confirmed that updating the timestamps is acceptable, and will not
cause unwanted side effects.
- [ X Ensured the correct collation is explicitly set for character
columns (`COLLATE utf8mb4_unicode_ci`).
- [X] Manual QA for all new/changed functionality
- For Orbit and Fleet Desktop changes:
- [X] Orbit runs on macOS, Linux and Windows. Check if the orbit
feature/bugfix should only apply to one platform (`runtime.GOOS`).
- [X] Manual QA must be performed in the three main OSs, macOS, Windows
and Linux.
- [X] Auto-update manual QA, from released version of component to new
version (see [tools/tuf/test](../tools/tuf/test/README.md)).

---------

Co-authored-by: Tim Lee <timlee@fleetdm.com>
Co-authored-by: Ian Littman <iansltx@gmail.com>
2024-11-15 14:17:04 -03:00
Victor Lyuboslavsky
a541961a26
fleetd telemetry doc updates (#23423)
docs for #23413
2024-11-14 13:43:16 -06:00
Konstantin Sykulev
48b992e268
Modify status code for software batch endpoint (#23711)
When using the `fleet/software/batch` endpoint, due to its async nature,
it should return a 202 (Accepted) rather than a 200 (Ok).

https://github.com/fleetdm/fleet/issues/23492

# Checklist for submitter

If some of the following don't apply, delete the relevant line.

<!-- Note that API documentation changes are now addressed by the
product design team. -->

- [x] Changes file added for user-visible changes in `changes/`,
`orbit/changes/` or `ee/fleetd-chrome/changes`.
See [Changes
files](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/Committing-Changes.md#changes-files)
for more information.
- [x] Added/updated tests
- [x] Manual QA for all new/changed functionality
2024-11-13 17:22:51 -06:00
Noah Talerman
12b66f9186
Update tutorials-and-guides.md (#23724)
- Certificates in fleetd is an advanced article about configuring fleetd
w/ custom certificates. I think "Custom OS settings" (configuration
profiles) is a better controls article
- Simplify titles of software links
2024-11-13 12:37:26 -06:00
Noah Talerman
d130ebe1e8
Add Debian to supported operating systems (#23773)
- Debian is a popular Linux flavor for servers
- Several Fleet customers have Debian hosts enrolled (see usage stats
[here](https://docs.google.com/spreadsheets/d/1Mh7Vf4kJL8b5TWlHxcX7mYwaakZMg_ZGNLY3kl1VI-c/edit?gid=538901298#gid=538901298))
- @iansltx has tested Fleet w/ Debian 11 and 12

---------

Co-authored-by: Ian Littman <iansltx@gmail.com>
2024-11-13 12:33:49 -06:00
Katheryn Satterlee
3c85098821
Update Upgrading-Fleet.md (#23774)
Add TF upgrade instructions

# Checklist for submitter

If some of the following don't apply, delete the relevant line.

<!-- Note that API documentation changes are now addressed by the
product design team. -->

- [ ] Changes file added for user-visible changes in `changes/`,
`orbit/changes/` or `ee/fleetd-chrome/changes`.
See [Changes
files](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/Committing-Changes.md#changes-files)
for more information.
- [ ] Input data is properly validated, `SELECT *` is avoided, SQL
injection is prevented (using placeholders for values in statements)
- [ ] Added support on fleet's osquery simulator `cmd/osquery-perf` for
new osquery data ingestion features.
- [ ] Added/updated tests
- [ ] If paths of existing endpoints are modified without backwards
compatibility, checked the frontend/CLI for any necessary changes
- [ ] If database migrations are included, checked table schema to
confirm autoupdate
- For database migrations:
- [ ] Checked schema for all modified table for columns that will
auto-update timestamps during migration.
- [ ] Confirmed that updating the timestamps is acceptable, and will not
cause unwanted side effects.
- [ ] Ensured the correct collation is explicitly set for character
columns (`COLLATE utf8mb4_unicode_ci`).
- [ ] Manual QA for all new/changed functionality
- For Orbit and Fleet Desktop changes:
- [ ] Orbit runs on macOS, Linux and Windows. Check if the orbit
feature/bugfix should only apply to one platform (`runtime.GOOS`).
- [ ] Manual QA must be performed in the three main OSs, macOS, Windows
and Linux.
- [ ] Auto-update manual QA, from released version of component to new
version (see [tools/tuf/test](../tools/tuf/test/README.md)).

---------

Co-authored-by: Rachael Shaw <r@rachael.wtf>
2024-11-13 12:33:24 -06:00
Rachael Shaw
f5598e003c
Docs v4.59.0 (#23693) 2024-11-12 11:05:45 -06:00
Victor Lyuboslavsky
c4c1b65492
NDES REST API and config doc changes (#22968) 2024-11-12 11:05:33 -06:00
Mike McNeil
af2a3e6a6d
Website: Follow-up to "fluffing" PR (#23715) 2024-11-11 22:53:28 -06:00
Rachael Shaw
df6da8101f
API docs: fix queries response formatting (#23698)
Fix indentation
2024-11-11 15:27:31 -06:00
Rachael Shaw
9585ca7d9a
Docs: Fix formatting issues in API responses (#23692)
+ Fixed some indentation
+ Added some missing commas and colons
+ Removed some duplicate keynames
2024-11-11 14:08:14 -06:00
Ian Littman
d746b9179a
Record activity when activity automations are enabled/edited/disabled (#23477)
#21709, re-roll/expansion of work done by @ilpianista in #21368

# Checklist for submitter

If some of the following don't apply, delete the relevant line.

<!-- Note that API documentation changes are now addressed by the
product design team. -->

- [x] Changes file added for user-visible changes in `changes/`,
`orbit/changes/` or `ee/fleetd-chrome/changes`.
See [Changes
files](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/Committing-Changes.md#changes-files)
for more information.
- [x] Added/updated tests
- [x] Manual QA for all new/changed functionality

---------

Co-authored-by: Andrea Scarpino <andrea@scarpino.dev>
2024-11-08 09:07:56 -06:00
Jahziel Villasana-Espinoza
ff90aade76
feat: add some docs for creating a signed fleetd-base installer for QA purposes (#23614)
Updated the docs based on our experience QA-ing
https://github.com/fleetdm/fleet/issues/19372

There will be a follow-up PR with some details for generating the base
installer during development.
2024-11-07 12:29:47 -05:00
Mike McNeil
48e1d7bde1
Update single-sign-on-sso.md (#22500)
This is a really bad PR. I am sorry. I previewed it and I know it looks
horrible. Please consider it only little stickerboard of ideas.

I do, however, stand by these ideas (though not my execution of them):
- changing the first sentence to clarify whether or not this is SSO for
the Fleet console GUI/CLI experience, or if we're talking about end user
admin for employees using Fleet Desktop / getting "zero touched"
(signing into their ABM'd or autopiloted devices)
- finding some way to name Okta, and ideally the other examples I
provided, for SEO, to give people examples from a set, to get
recognizable names of the integratiion above the fold, to give people a
dash of personality by including authentik
- consolidating JIT and the other SAML implementation details into a
sentence
- unhoisting it downards (though not in the weird way I did it) -

> References:
> - ["Why read
documentation?"](https://fleetdm.com/handbook/company/why-this-way#why-read-documentation)

---------

Co-authored-by: Noah Talerman <47070608+noahtalerman@users.noreply.github.com>
2024-11-07 08:02:28 +09:00
Sarah Gillespie
3ea68ae1e7
Update guide to puppet module (#23369) 2024-11-06 16:57:59 -06:00
Noah Talerman
dabdb81be1
Update reference doc page: Fleet server configuration (#23551)
- Update section headers so that config options show up in the right
side bar. Today, there's only one header that shows up in the sidebar:
![Screenshot 2024-11-05 at 3 29
29 PM](https://github.com/user-attachments/assets/a208f6fa-d48d-482d-b689-36ba36fb8764)
- Remove "Example YAML" sections b/c they're redundant. More to maintain
2024-11-06 16:38:35 -06:00
Harrison Ravazzolo
b1cabd20ee
Update deploy-fleet Guide (#23561)
Adding a clarifying point to the AWS deploy docs.

---------

Co-authored-by: Rachael Shaw <r@rachael.wtf>
2024-11-06 12:01:04 -06:00
Rachael Shaw
e892a826ee
Simplify "How can I uninstall fleetd?" answer (#23547)
Link to uninstall fleetd guide to avoid duplicate content
2024-11-05 17:48:04 -06:00
Eric
f623eed47b
Website: Update /queries page (#23472)
Changes:
- Standard query library:
- Added three policies to the Standard query library (tagged as premium)
- Changed the `kind` of the "Identify Apple development secrets (macOS)"
query to `policy` because it is an informational query (It returns rows
of results rather than 1 or 0) and removed its `resolution` value
- Updated the build-static-content script to remove platform names from
the end of query names (e.g., (macOS)). This is done to keep the URLs
for queries the same while hiding them in the UI
- Updated the layout of the queries page to match the latest wireframes
and updated the page to only show policies
 - Updated the styles and layout of the queries-details page.

---------

Co-authored-by: Rachael Shaw <r@rachael.wtf>
2024-11-04 10:58:08 -06:00
Ian Littman
f59ffc235d
Add iOS/iPadOS updates to example GitOps YAML, reference OS update GitOps YAML from OS update enforcement guide (#23320)
#21998

While looking through this I noticed a few other issues:

1. We seem to be inconsistent about what time we pick for OS update
deadlines. For profiles [it's noon local
time](2e5bf75b6d/ee/server/service/mdm.go (L1096)),
while for Nudge [it appears to be 4am...server time or
UTC](2e5bf75b6d/server/fleet/nudge.go (L53-L57))?
#9013 also mentions "noon UTC-8/Pacific Standard Time", which is neither
of the above (and means that, if implemented as spec'd, the deadline
would shift by an hour during DST), while docs prior to this PR
mentioned 4am UTC-8. Maybe we don't care enough to fix the Nudge
behavior since macOS 14 (which no longer requires Nudge) came out over a
year ago, but we should at least agree on desired behavior for DDM and
document that (which is what I've done for iOS/iPad OS since they don't
use Nudge).
2. The [REST API
docs](2e5bf75b6d/docs/REST%20API/rest-api.md (L1720-L1757))
don't seem to match the description of macOS behavior in the article;
the former indicates that OS updates pop up with increasing frequency
post-deadline, rather than having an impassible dialog. This may be
because behavior changed from Nudge to DDM, but iOS/iPadOS got
copy-pasted from the macOS REST docs and they never used Nudge. My guess
is that we should describe DDM behavior here.

Tagging in @mna as he looks to have implemented DDM OS updates so should
have some context here, and @noahtalerman to confirm desired behavior,
particularly on the deadline side.

---------

Co-authored-by: Rachael Shaw <r@rachael.wtf>
2024-11-01 14:13:58 -05:00
Ian Littman
06ad3ecb6b
Clarify OS update enforcement details in REST API docs (#23464)
This applies some consistency fixes as well (e.g. noting that Mac/Win
enforcement requires MDM). Also removed mention of MDM on iOS/iPadOS
enforcement as if an iOS/iPadOS host is enrolled, it's enrolled via MDM.

See #21998
2024-11-01 14:12:01 -05:00
Mike Thomas
a60d2afd9f
docs-tutorials-and-guides-update (#23377)
Closes https://github.com/fleetdm/fleet/issues/22951

- Updated the guides listed on
https://fleetdm.com/docs/get-started/tutorials-and-guides to only
include the most essential onboarding guides. Guides are listed in the
following order:
    - Deploying Fleet
    - Organizational units
    - Controls
    - Installing software
    - Admin
- Added archive notices to the three "How to install osquery..."
articles
- Added "Further reading" links to the bottom of the Queries guide and
Policies guide to point to related advanced topics
- Renamed "Managing labels in Fleet" to "Labels" for parallelism with
our other guides (left the URL as is, no redirect necessary)
- Renamed "What are Fleet policies" to "Policies" for parallelism with
our other guides (left the URL as is, no redirect necessary)
2024-10-30 11:34:44 -05:00
Noah Talerman
f6966d322c
Reference doc and guide updates: Policy automations: run script (#17129) (#23300)
- Update guides to reflect use case: automatically run scripts and
install software
- @noahtalerman: I removed top image from "Automatically run scripts"
b/c I think it looked rushed/unexpected
  - Update "execute" language to "run" and add "manual" language
- Clarify when a policy's host counts are reset
- Clarify support for policy automations: team v. default (global) v. no
team
- Update `software.packages` example to best practice: separate file
  - Inline is supported for backwards compatibility
- Remove `policies` and `controls` call outs about "No team." This info
is covered in the starter filed in fleetdm/gitops. For an example, see
`teams/no-teams.yml` here:
https://github.com/fleetdm/fleet-gitops/blob/main/teams/no-team.yml
2024-10-28 14:15:54 -05:00
Rachael Shaw
24db6c1cde
Update headings in YAML docs for easier navigation (#23217) 2024-10-25 16:45:54 -05:00
Marko Lisica
c381c301a0
Make file extensions lowercase (#23228)
File extensions should be written in lowercase with . in front of the
extension (e.g. .exe, .pkg, etc).
2024-10-25 14:35:32 -05:00
William Theaker
86713f1b71
Improve gitops dry run logging for query deletion (#23202) 2024-10-25 13:35:53 -05:00
Lucas Manuel Rodriguez
3f89b48ca5
Add iPadOS to minimum versions in FAQ docs (#23197)
Follow up to https://github.com/fleetdm/fleet/pull/23104.
2024-10-24 15:02:11 -05:00
Ian Littman
4e38e8e5c5
s/urf-8/utf-8 on manual config profile download (#23169)
# Checklist for submitter

If some of the following don't apply, delete the relevant line.

<!-- Note that API documentation changes are now addressed by the
product design team. -->

- [x] Changes file added for user-visible changes in `changes/`,
`orbit/changes/` or `ee/fleetd-chrome/changes`.
See [Changes
files](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/Committing-Changes.md#changes-files)
for more information.
- [x] Manual QA for all new/changed functionality
2024-10-24 09:54:24 -07:00
Harrison Ravazzolo
3eb3d85ac8
Add a line to docu 'turn off mdm' is only available on macOS' (#23155)
Add line indicating 'turn off mdm' is only available on macOS

---------

Co-authored-by: Rachael Shaw <r@rachael.wtf>
2024-10-23 17:53:37 -05:00
Rachael Shaw
8fa5aafa9d
Update configuration docs (#22990)
Move `license.enforce_host_limit` to contributor docs
2024-10-23 10:50:08 -05:00
Neil Blazevic
58ce48dea8
Update Render deploy pricing (#23113) 2024-10-23 10:07:20 -05:00
Jahziel Villasana-Espinoza
d25e6cd067
fix: add ios minimum version to os list (#23104)
> No issue, just a fix from a customer convo today

# Checklist for submitter

If some of the following don't apply, delete the relevant line.

<!-- Note that API documentation changes are now addressed by the
product design team. -->
2024-10-22 17:22:34 -05:00
Marko Lisica
3c3e6d6d1a
Add callout that software-related features are experimental (#23089) 2024-10-22 15:43:56 -05:00
Rachael Shaw
4cc3e3bb63
Docs v4.58.0 (#22769) 2024-10-17 17:51:52 -05:00
Victor Lyuboslavsky
b27af3d4a2
Updating golangci-lint version (docs) (#22986) 2024-10-17 14:12:00 -05:00
Brock Walters
69b284f98e
Update deploy-fleet.md (#22959)
Cleaned up instructions.

# Checklist for submitter

If some of the following don't apply, delete the relevant line.

<!-- Note that API documentation changes are now addressed by the
product design team. -->

- [ ] Changes file added for user-visible changes in `changes/`,
`orbit/changes/` or `ee/fleetd-chrome/changes`.
See [Changes
files](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/Committing-Changes.md#changes-files)
for more information.
- [ ] Input data is properly validated, `SELECT *` is avoided, SQL
injection is prevented (using placeholders for values in statements)
- [ ] Added support on fleet's osquery simulator `cmd/osquery-perf` for
new osquery data ingestion features.
- [ ] Added/updated tests
- [ ] If paths of existing endpoints are modified without backwards
compatibility, checked the frontend/CLI for any necessary changes
- [ ] If database migrations are included, checked table schema to
confirm autoupdate
- For database migrations:
- [ ] Checked schema for all modified table for columns that will
auto-update timestamps during migration.
- [ ] Confirmed that updating the timestamps is acceptable, and will not
cause unwanted side effects.
- [ ] Ensured the correct collation is explicitly set for character
columns (`COLLATE utf8mb4_unicode_ci`).
- [ ] Manual QA for all new/changed functionality
- For Orbit and Fleet Desktop changes:
- [ ] Orbit runs on macOS, Linux and Windows. Check if the orbit
feature/bugfix should only apply to one platform (`runtime.GOOS`).
- [ ] Manual QA must be performed in the three main OSs, macOS, Windows
and Linux.
- [ ] Auto-update manual QA, from released version of component to new
version (see [tools/tuf/test](../tools/tuf/test/README.md)).

---------

Co-authored-by: Rachael Shaw <r@rachael.wtf>
2024-10-16 11:36:52 -05:00
Noah Talerman
43060bfdc8
Reference docs: default timeout for scripts and software (#22908)
- We made script timeouts configurable in this user story: #16645
- We added a default timeout for software in this bug: #22558
2024-10-16 09:19:02 -04:00
Ian Littman
841d8dcd86
Add warning on populate_software query for hosts list endpoint (#22945)
#22291

---------

Co-authored-by: Rachael Shaw <r@rachael.wtf>
2024-10-15 16:49:21 -05:00
Victor Lyuboslavsky
f2fedb0187
Update Building-Fleet.md (#22858)
Updated MySQL instruction for macOS M1
2024-10-15 12:56:20 -05:00
Noah Talerman
32c901e4a3
YAML files reference (#22913)
- Add examples that make it clear that these are label names (not IDs)

---------

Co-authored-by: Allen Houchins <32207388+allenhouchins@users.noreply.github.com>
2024-10-15 11:51:26 -05:00
Victor Lyuboslavsky
808d6a0007
Added activity feed items for NDES SCEP proxy config. (#22902)
For #21955 (the story has a video demo of core functionality)

Follow up for PR #22542

# Checklist for submitter

- [x] Added/updated tests
- [x] Manual QA for all new/changed functionality
2024-10-14 15:55:52 -05:00
Katheryn Satterlee
5e692c7d8d
Correct placement of disable_tables (#22879)
Remove any reference to CLI only flag`disable_tables` in
`agent_options.config.options` and added a reference to
`agent_options.command_line_flags`

# Checklist for submitter

If some of the following don't apply, delete the relevant line.

<!-- Note that API documentation changes are now addressed by the
product design team. -->

-Documentation only change, thanks to @rebeccaui for calling it out!
2024-10-14 11:24:45 -05:00
Roberto Dip
a49adc8214
mdm docs index (#22716)
effort to compile all the resources we have scattered about MDM and
document a few fleet-specific behaviors.

---------

Co-authored-by: Victor Lyuboslavsky <victor.lyuboslavsky@gmail.com>
Co-authored-by: mostlikelee <tim@mostlikelee.com>
2024-10-11 16:42:45 -03:00
JoGSal
40bd21a202
Documentation: Add clarity to deployment options (#20914)
Annotations file feedback row 15.3: Clarity is needed in order to track
what steps are required to successfully complete a deployment.

# Checklist for submitter

If some of the following don't apply, delete the relevant line.

<!-- Note that API documentation changes are now addressed by the
product design team. -->

---------

Co-authored-by: Joey Salazar <jgsal@yahoo.com>
Co-authored-by: Rachael Shaw <r@rachael.wtf>
2024-10-11 11:50:27 -05:00
Luke Heath
c471577dd5
Preserve manual release instructions (#22867) 2024-10-11 11:34:38 -05:00
Martin Angers
6224a5f81f
Fix: document mdm_enrolled activity limitations for Microsoft enrollments (#22793) 2024-10-09 19:03:09 -05:00
Ian Littman
92bb7ec666
Add policy ID and name to activity for automated software installs, list Fleet as author rather than installer uploader (#22747)
#22424, #22705

TODO: integration test updates

# Checklist for submitter

If some of the following don't apply, delete the relevant line.

<!-- Note that API documentation changes are now addressed by the
product design team. -->

- [x] Changes file added for user-visible changes in `changes/`,
`orbit/changes/` or `ee/fleetd-chrome/changes`.
See [Changes
files](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/Committing-Changes.md#changes-files)
for more information.
- [x] Input data is properly validated, `SELECT *` is avoided, SQL
injection is prevented (using placeholders for values in statements)
- [x] Added/updated tests
- [x] If database migrations are included, checked table schema to
confirm autoupdate
- For database migrations:
- [x] Checked schema for all modified table for columns that will
auto-update timestamps during migration.
- [x] Confirmed that updating the timestamps is acceptable, and will not
cause unwanted side effects.
- [x] Ensured the correct collation is explicitly set for character
columns (`COLLATE utf8mb4_unicode_ci`).
- [x] Manual QA for all new/changed functionality
2024-10-09 18:15:56 -05:00
Ian Littman
5339794f97
Include the policy ID and name in the "script ran" activity of a script run queued by a policy failure (#22690)
#22692 

# Checklist for submitter

If some of the following don't apply, delete the relevant line.

<!-- Note that API documentation changes are now addressed by the
product design team. -->

- [x] Changes file added for user-visible changes in `changes/`,
`orbit/changes/` or `ee/fleetd-chrome/changes`.
See [Changes
files](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/Committing-Changes.md#changes-files)
for more information.
- [x] Input data is properly validated, `SELECT *` is avoided, SQL
injection is prevented (using placeholders for values in statements)
- [x] Added/updated tests
- [x] If database migrations are included, checked table schema to
confirm autoupdate
- For database migrations:
- [x] Checked schema for all modified table for columns that will
auto-update timestamps during migration.
- [x] Confirmed that updating the timestamps is acceptable, and will not
cause unwanted side effects.
- [x] Ensured the correct collation is explicitly set for character
columns (`COLLATE utf8mb4_unicode_ci`).
- [x] Manual QA for all new/changed functionality
2024-10-08 15:45:31 -05:00
Allen Houchins
278b81d7f5
Fixed minor typo in yaml-files.md (#22698)
# Checklist for submitter

If some of the following don't apply, delete the relevant line.

<!-- Note that API documentation changes are now addressed by the
product design team. -->

- [ ] Changes file added for user-visible changes in `changes/`,
`orbit/changes/` or `ee/fleetd-chrome/changes`.
See [Changes
files](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/Committing-Changes.md#changes-files)
for more information.
- [ ] Input data is properly validated, `SELECT *` is avoided, SQL
injection is prevented (using placeholders for values in statements)
- [ ] Added support on fleet's osquery simulator `cmd/osquery-perf` for
new osquery data ingestion features.
- [ ] Added/updated tests
- [ ] If paths of existing endpoints are modified without backwards
compatibility, checked the frontend/CLI for any necessary changes
- [ ] If database migrations are included, checked table schema to
confirm autoupdate
- For database migrations:
- [ ] Checked schema for all modified table for columns that will
auto-update timestamps during migration.
- [ ] Confirmed that updating the timestamps is acceptable, and will not
cause unwanted side effects.
- [ ] Ensured the correct collation is explicitly set for character
columns (`COLLATE utf8mb4_unicode_ci`).
- [ ] Manual QA for all new/changed functionality
- For Orbit and Fleet Desktop changes:
- [ ] Orbit runs on macOS, Linux and Windows. Check if the orbit
feature/bugfix should only apply to one platform (`runtime.GOOS`).
- [ ] Manual QA must be performed in the three main OSs, macOS, Windows
and Linux.
- [ ] Auto-update manual QA, from released version of component to new
version (see [tools/tuf/test](../tools/tuf/test/README.md)).
2024-10-07 12:48:34 -05:00
Katheryn Satterlee
3e44610200
Remove dead links (#22635)
Removed dead links for os versions in 'hosts' endpoint list

# Checklist for submitter

Docs only change
2024-10-04 14:28:37 -05:00
Tim Lee
46ade66c0f
Align battery health reporting (#22569) 2024-10-02 15:43:19 -06:00
Mike McNeil
4de7eb9f1c
Linux disk encryption :: Update standard-query-library.yml (#22498)
Credit: @jbilling
2024-10-02 16:20:35 -05:00
Marko Lisica
c545495f60
API design: Self-service: Install Apple App Store apps on macOS (#22102)
API design for:
- #19620
2024-10-01 17:09:33 -04:00
Noah Talerman
beec753a3f
API docs: OTA enrollment profile (#22457)
- Bring OTA enrollment profile endpoint into REST API docs
2024-10-01 17:07:30 -04:00
Mike McNeil
514ca727ec
Update why-fleet.md (#22499) 2024-10-01 15:38:00 -05:00
Tim Lee
937627f4ea
Windows Battery Status (#22455) 2024-09-30 16:58:00 -06:00
Mike Thomas
9b04349192
Update why-fleet.md (#22290)
Updated and optimized for readability and consistency with Fleet's
messaging.

Closes https://github.com/fleetdm/fleet/issues/22150
2024-09-27 16:18:43 -05:00
Allen Houchins
c211572242
Refreshed and updated content (#21982)
Updated the "How to uninstall osquery" document to no longer reference
older osquery references and file paths that no longer exist.

---------

Co-authored-by: JD <spokanemac@users.noreply.github.com>
Co-authored-by: Eric <eashaw@sailsjs.com>
2024-09-27 16:16:38 -05:00
Victor Lyuboslavsky
710465c1a3
Fixing Building Fleet docs (#22293)
- use correct node version
- update to use "docker compose", which is now integrated with Docker
2024-09-27 11:41:26 -05:00
Noah Talerman
0e22e4676e
Add missing anchor link (#22427)
Co-authored-by: Rachael Shaw <r@rachael.wtf>
2024-09-26 13:48:25 -05:00
Marko Lisica
8c705533ea
Document packages_only flag for list software titles endpoint (#22390) 2024-09-25 16:17:38 -05:00
Jahziel Villasana-Espinoza
38ba6cce47
fix: update docs with accurate response body (#22360) 2024-09-25 09:44:08 -05:00
Dante Catalfamo
d83ed46373
Add batch app store apps documentation (#21912) 2024-09-23 18:09:31 -05:00
Lucas Manuel Rodriguez
21b3c468c1
Add doc API changes for the now async software batch (#22259)
API changes for #22069.

---------

Co-authored-by: Marko Lisica <83164494+marko-lisica@users.noreply.github.com>
Co-authored-by: Ian Littman <iansltx@gmail.com>
Co-authored-by: Noah Talerman <noahtal@umich.edu>
2024-09-23 17:40:53 -05:00
Lucas Manuel Rodriguez
dfc7289a6d
Add missing docs for batch apply VPP apps (#22265)
#22069
2024-09-23 17:24:08 -04:00
Noah Talerman
adf19c4527
Reference docs for v4.57.0 (#22319)
Co-authored-by: Rachael Shaw <r@rachael.wtf>
Co-authored-by: mostlikelee <tim@mostlikelee.com>
Co-authored-by: Tim Lee <timlee@fleetdm.com>
Co-authored-by: Marko Lisica <markol.lisica@gmail.com>
Co-authored-by: Ian Littman <iansltx@gmail.com>
Co-authored-by: Luke Heath <luke@fleetdm.com>
2024-09-23 15:56:59 -05:00
Rebecca Cowart
a17ab39ab6
Update button name in deploy-fleet.md (#22271)
Render changed their "Apply" button to read "Deploy Blueprint"
2024-09-20 14:57:13 -05:00
Noah Talerman
1677783064
GitOps & API design: Add multiple Apple Business Manager and Volume Purchasing Program connections (#21043)
GitOps and API changes for the following story:
- #9956

DONE: 
- ~~Contributor API endpoints to support best practice GitOps (`fleetctl
gitops`) and backwards compatibility GitOps (`fleetctl apply`)~~
  - https://github.com/fleetdm/fleet/pull/21043#issuecomment-2338218929

---------

Co-authored-by: Martin Angers <martin.n.angers@gmail.com>
Co-authored-by: Dante Catalfamo <43040593+dantecatalfamo@users.noreply.github.com>
Co-authored-by: Marko Lisica <83164494+marko-lisica@users.noreply.github.com>
Co-authored-by: George Karr <georgekarrv@users.noreply.github.com>
Co-authored-by: Gabriel Hernandez <ghernandez345@gmail.com>
Co-authored-by: Rachael Shaw <r@rachael.wtf>
2024-09-20 12:21:52 -05:00