Commit graph

222 commits

Author SHA1 Message Date
Magnus Jensen
da43bf8371
Request body limits (#39080)
<!-- Add the related story/sub-task/bug number, like Resolves #123, or
remove if NA -->
**Related issue:** Resolves
https://github.com/fleetdm/confidential/issues/13934

# Checklist for submitter

If some of the following don't apply, delete the relevant line.

- [ ] Changes file added for user-visible changes in `changes/`,
`orbit/changes/` or `ee/fleetd-chrome/changes`.
See [Changes
files](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/guides/committing-changes.md#changes-files)
for more information.

## Testing

- [x] Added/updated automated tests
- [ ] QA'd all new/changed functionality manually
2026-02-05 10:29:53 -05:00
Jahziel Villasana-Espinoza
dbfbdcc322
only refetch location data if iDevice is locked (#39241)
<!-- Add the related story/sub-task/bug number, like Resolves #123, or
remove if NA -->
**Related issue:** Resolves #39215 

# Checklist for submitter

If some of the following don't apply, delete the relevant line.

- [x] Changes file added for user-visible changes in `changes/`,
`orbit/changes/` or `ee/fleetd-chrome/changes`.
See [Changes
files](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/guides/committing-changes.md#changes-files)
for more information.

## Testing

- [x] Added/updated automated tests
- [x] Where appropriate, [automated tests simulate multiple hosts and
test for host
isolation](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/reference/patterns-backend.md#unit-testing)
(updates to one hosts's records do not affect another)
- [x] QA'd all new/changed functionality manually
2026-02-04 09:23:44 -05:00
Carlo
f84d800399
Add error message for decryption failures (#38919)
Fixes #37130
2026-02-03 17:08:44 -05:00
Dante Catalfamo
40f6546de7
Add conditional access already bypassed check (#39037)
**Related issue:** Resolves #37281
2026-02-02 10:35:55 -05:00
Jahziel Villasana-Espinoza
5518674c00
fix order of lat/long (#38818)
<!-- Add the related story/sub-task/bug number, like Resolves #123, or
remove if NA -->
**Related issue:** Resolves #38777 

# Checklist for submitter

If some of the following don't apply, delete the relevant line.

## Testing

- [x] Added/updated automated tests
- [x] Where appropriate, [automated tests simulate multiple hosts and
test for host
isolation](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/reference/patterns-backend.md#unit-testing)
(updates to one hosts's records do not affect another)
- [x] QA'd all new/changed functionality manually

For unreleased bug fixes in a release candidate, one of:

- [x] Confirmed that the fix is not expected to adversely impact load
test results
2026-01-27 13:37:47 -05:00
RachelElysia
5a550c1630
Fleet UI: Allow users from other teams to see software title name (#32277)
## Issue
Closes #30340 

## Description
- Switching teams was dropping software name in the list host API if the
team did not have that software title
- Allow teams without a software title access to software title name
- Also fixes FE to use `display_name` over `name` in host table filter
UI

# Checklist for submitter

## Testing

- [x] Added/updated automated tests
- [x] QA'd all new/changed functionality manually

---------

Co-authored-by: Jahziel Villasana-Espinoza <jahziel@fleetdm.com>
2026-01-26 18:11:59 -05:00
Jahziel Villasana-Espinoza
9f29fd1ce9
33509 feature branch (#38038)
<!-- Add the related story/sub-task/bug number, like Resolves #123, or
remove if NA -->
**Related issue:** Resolves #33509

All changes were approved in PRs to this feature branch.

---------

Co-authored-by: RachelElysia <71795832+RachelElysia@users.noreply.github.com>
Co-authored-by: Ian Littman <iansltx@gmail.com>
Co-authored-by: jacobshandling <61553566+jacobshandling@users.noreply.github.com>
Co-authored-by: George Karr <georgekarrv@users.noreply.github.com>
2026-01-08 16:37:46 -05:00
Jordan Montgomery
4fefd97160
Change parameter name from populate_device_status to include_device_status per doc PR review (#37996)
<!-- Add the related story/sub-task/bug number, like Resolves #123, or
remove if NA -->
**Related issue:** Resolves #36094 

Followup work for #36094 after doc PR review

# Checklist for submitter

If some of the following don't apply, delete the relevant line.

- [x] Input data is properly validated, `SELECT *` is avoided, SQL
injection is prevented (using placeholders for values in statements)
- [x] If paths of existing endpoints are modified without backwards
compatibility, checked the frontend/CLI for any necessary changes

## Testing

- [x] Added/updated automated tests

- [x] QA'd all new/changed functionality manually
2026-01-07 16:57:57 -05:00
Martin Angers
b00efa944d
iBYOD Apps: only ingest and report Fleet-managed apps for manual-enrolled iOS/iPadOS (#37856) 2026-01-06 10:50:47 -05:00
Josh Roskos
5bf82e2935
Add device_status and action_pending to /hosts API (#36009)
<!-- Add the related story/sub-task/bug number, like Resolves #123, or
remove if NA -->
**Related issue:** Resolves #36315 


## Testing

- [X] Added/updated automated tests
- [X] Where appropriate, [automated tests simulate multiple hosts and
test for host
isolation](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/reference/patterns-backend.md#unit-testing)
(updates to one hosts's records do not affect another)
- [ ] QA'd all new/changed functionality manually
- @kc9wwh: No issues with building or enrolling devices. Got it behind
SSL cert and MDM working, but I would need a supervised device to test
further.

---------

Co-authored-by: Claude <noreply@anthropic.com>
Co-authored-by: Jordan Montgomery <elijah.jordan.montgomery@gmail.com>
Co-authored-by: Magnus Jensen <magnus@fleetdm.com>
2026-01-05 14:00:42 -05:00
Ian Littman
ec4c1088d9
Add additional test coverage for team labels (#37793)
There will be one more follow-up for set-aside behavior.
2026-01-05 09:01:12 -06:00
Victor Lyuboslavsky
c88cc953fb
Refactor endpoint_utils for modularization (#36484)
Resolves #37192

Separating generic endpoint_utils middleware logic from domain-specific
business logic. New bounded contexts would share the generic logic and
implement their own domain-specific logic. The two approaches used in
this PR are:
- Use common `platform` types
- Use interfaces

In the next PR we will move `endpointer_utils`, `authzcheck` and
`ratelimit` into `platform` directory.

# Checklist for submitter

- [x] Added changes file

## Testing

- [x] Added/updated tests
- [x] QA'd all new/changed functionality manually



<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->

## Summary by CodeRabbit

* **Refactor**
* Restructured internal error handling and context management to support
bounded context architecture.
* Improved error context collection and telemetry observability through
a provider-based mechanism.
* Decoupled licensing and authentication concerns into interfaces for
better modularity.

* **Chores**
* Updated internal package dependencies to align with new architectural
boundaries.

<sub>✏️ Tip: You can customize this high-level summary in your review
settings.</sub>

<!-- end of auto-generated comment: release notes by coderabbit.ai -->
2025-12-31 09:12:00 -06:00
Ian Littman
8e4e89f4e9
API + auth + UI changes for team labels (#37208)
Covers #36760, #36758.

# Checklist for submitter

If some of the following don't apply, delete the relevant line.

- [x] Changes file added for user-visible changes in `changes/`,
`orbit/changes/` or `ee/fleetd-chrome/changes`.
See [Changes
files](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/guides/committing-changes.md#changes-files)
for more information.

- [x] Input data is properly validated, `SELECT *` is avoided, SQL
injection is prevented (using placeholders for values in statements)

## Testing

- [x] Added/updated automated tests
- [x] Where appropriate, [automated tests simulate multiple hosts and
test for host
isolation](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/reference/patterns-backend.md#unit-testing)
(updates to one hosts's records do not affect another)

- [ ] QA'd all new/changed functionality manually
2025-12-29 21:28:45 -06:00
Jahziel Villasana-Espinoza
63fc8a3da5
cherry-pick: fix some issues with teams and self-service android apps #37062 (#37362)
<!-- Add the related story/sub-task/bug number, like Resolves #123, or
remove if NA -->
**Related issue:** Resolves #36807 

cherry-pick for https://github.com/fleetdm/fleet/pull/37062
2025-12-17 11:44:25 -05:00
Scott Gress
e8999e8ddb
Stream "list hosts" endpoint (#37258)
<!-- Add the related story/sub-task/bug number, like Resolves #123, or
remove if NA -->
**Related issue:** Resolves #35007

# Details

This PR implements a new `StreamHosts` service method and utilizes this
method in `listHostsEndpoint`. The purpose of this method is to allow
the "list hosts" endpoint to stream a JSON response down one host at a
time (more or less), so that the entire JSON payload doesn't have to sit
in memory all at once. The response can be very large when software and
users are populated using the optional `populate_software` and
`populate_users` querystring options.

**Notes:**

* The `ListHosts` database method currently returns the entire result
set at once. The assumption with this iteration is that it was
populating the extra data in each host that was pushing the response to
untenable sizes. If we're still seeing OOM issues after this PR, we can
refactor to also use an iterator to stream rows from the database.
* The `listHostsEndpoint` method calls `StreamHosts` to get a host
iterator, but also creates its own iterator to supply to the response,
because we (sometimes) need to populate `Labels` on each host response
object. The `StreamHosts` method only returns `Host`s not
`HostResponse`s, hence the need for the wrapper.
* A new response type `StreamHostsResponse` was created because other
methods utilize the existing `ListHostsResponse`. We could keep just
`ListHostsResponse` and toggle how it responds based on whether an
iterator is provided, but keeping the types separate is simpler to
reason about and test.

# Checklist for submitter

If some of the following don't apply, delete the relevant line.

- [X] Changes file added for user-visible changes in `changes/`,
`orbit/changes/` or `ee/fleetd-chrome/changes`.
See [Changes
files](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/guides/committing-changes.md#changes-files)
for more information.

## Testing

- [ ] Added/updated automated tests
- [X] Where appropriate, [automated tests simulate multiple hosts and
test for host
isolation](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/reference/patterns-backend.md#unit-testing)
(updates to one hosts's records do not affect another)

- [X] QA'd all new/changed functionality manually



<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit

* **New Features**
* Hosts listing API now streams results incrementally for faster initial
responses and better performance on large inventories or complex
queries.
* Host details (optional labels, software and MDM info) are
progressively enriched and delivered as available, allowing partial
results while remaining data loads.
* Streaming provides clearer partial-error reporting so partial results
can be returned even when some enrichments fail.

<sub>✏️ Tip: You can customize this high-level summary in your review
settings.</sub>
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
2025-12-16 12:40:41 -06:00
Juan Fernandez
dd2a646c96
Fixed bug with the Android Cert Template OS Status modal (#37068)
**Related issue:** Resolves #37018 

Make sure the proper tooltip is displayed on the OS Settings modal when rendering Host Certificate Template entries.
2025-12-11 21:13:19 -04:00
Carlo
4cd91333c5
Add new self-service auth method for iOS/iPadOS (#36659)
Implements #36542. Adds URL/UDID-based authentication for the My Device page on iOS/iPadOS.
2025-12-05 10:16:46 -05:00
Victor Lyuboslavsky
ccd66921e7
Updating golangci-lint to 2.7.1 (#36678)
<!-- Add the related story/sub-task/bug number, like Resolves #123, or
remove if NA -->
**Related issue:** Resolves #32999

And fixing newly flagged lint issues.
2025-12-04 10:45:50 -06:00
Juan Fernandez
ec71fb814e
Added missing detail column to host_certificate_templates (#36397)
**Related issue:** Resolves #36292 

- Allow clients to specify details about the certificate template status
change.
- Allow clients to see the details of the certificate template status
change.

---------

Co-authored-by: Lucas Manuel Rodriguez <lucas@fleetdm.com>
2025-12-01 14:46:14 -04:00
Juan Fernandez
287710b1c5
Update queries APIs that drive the OS settings UI (#36018)
**Related issue:** Resolves #35532

Update queries APIs that drive the OS settings UI
2025-11-26 13:25:49 -04:00
Ian Littman
fbb37de0eb
Use lighter Team call when it's obviously safe to do so, comment potential areas for further improvement (#35587)
**Related issue:** Resolves #35357

# Checklist for submitter

If some of the following don't apply, delete the relevant line.

- [x] Changes file added for user-visible changes in `changes/`,
`orbit/changes/` or `ee/fleetd-chrome/changes`.
See [Changes
files](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/guides/committing-changes.md#changes-files)
for more information.

- [x] Input data is properly validated, `SELECT *` is avoided, SQL
injection is prevented (using placeholders for values in statements)
## Testing

- [x] Added/updated automated tests

- [ ] QA'd all new/changed functionality manually
2025-11-17 17:25:45 -06:00
jacobshandling
926cdc6da0
Manually update & delete host IdP mappings (#35325)
**Related issue:** Resolves #34222 


[Demo](https://drive.google.com/file/d/1MyLlyUW8Qoad_3_FLwiMhMBbb8wJNwGk/view?usp=drive_link)

<img width="1504" height="986" alt="Screenshot 2025-11-10 at 4 45 48 PM"
src="https://github.com/user-attachments/assets/9ee80fd3-c9e7-4712-b150-11ac08c70db6"
/>

# Checklist for submitter
If some of the following don't apply, delete the relevant line.

- [x] Changes file added for user-visible changes in `changes/`, 
## Testing
- [x] Added/updated automated tests
- [x] QA'd all new/changed functionality manually
2025-11-13 09:05:40 -08:00
Ian Littman
545bc6c692
Rename team DB methods to encourage lighter-weight usage (#35572)
For #35357.

# Checklist for submitter

If some of the following don't apply, delete the relevant line.

No changes file as this is a zero-functionality-change refactor.
Performance improvements are in their own PR, which includes a changes
file.

- [x] Input data is properly validated, `SELECT *` is avoided, SQL
injection is prevented (using placeholders for values in statements)

## Testing

- [x] Added/updated automated tests

- [ ] QA'd all new/changed functionality manually
2025-11-12 08:09:49 -06:00
Carlo
715d963f82
My device page (self-service) for iOS/iPadOS (#35238)
Implements #32247. This is the complete feature branch, consolidating:

- https://github.com/fleetdm/fleet/pull/35018
- https://github.com/fleetdm/fleet/pull/34758
- https://github.com/fleetdm/fleet/pull/35009
- https://github.com/fleetdm/fleet/pull/35181
- https://github.com/fleetdm/fleet/pull/35342

---------

Co-authored-by: Jonathan Katz <44128041+jkatz01@users.noreply.github.com>
Co-authored-by: RachelElysia <71795832+RachelElysia@users.noreply.github.com>
Co-authored-by: Martin Angers <martin.n.angers@gmail.com>
Co-authored-by: jkatz01 <yehonatankatz@gmail.com>
2025-11-07 17:30:51 -05:00
Victor Lyuboslavsky
ba5f02f9ca
os_versions endpoint performance improvements (#34897)
<!-- Add the related story/sub-task/bug number, like Resolves #123, or
remove if NA -->
**Related issue:** Resolves #34500 and Resolves #33758

Video demo: https://www.youtube.com/watch?v=4HZlKG0G1B0

- Added a new aggregation table
`operating_system_version_vulnerabilities` for faster queries. The table
is currently used only for Linux vulnerabilities, but could be used for
other OS vulnerabilities.
- Added `max_vulnerabilities` parameter per [API
doc](https://github.com/fleetdm/fleet/pull/33533)
- Also added `max_vulnerabilities` parameter to `os_versions/{id}`
endpoint, but not making it public since that endpoint is still slow and
needs other API changes. bug #34974
- Removed `"kernels": []` from `os_versions` endpoint result

# Checklist for submitter

If some of the following don't apply, delete the relevant line.

- [x] Changes file added for user-visible changes in `changes/`,
`orbit/changes/` or `ee/fleetd-chrome/changes`.

- [x] Input data is properly validated, `SELECT *` is avoided, SQL
injection is prevented (using placeholders for values in statements)

## Testing

- [x] Added/updated automated tests
- [x] Where appropriate, [automated tests simulate multiple hosts and
test for host
isolation](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/reference/patterns-backend.md#unit-testing)
(updates to one hosts's records do not affect another)

- [x] QA'd all new/changed functionality manually

## Database migrations

- [x] Checked schema for all modified table for columns that will
auto-update timestamps during migration.
- [x] Confirmed that updating the timestamps is acceptable, and will not
cause unwanted side effects.
- [x] Ensured the correct collation is explicitly set for character
columns (`COLLATE utf8mb4_unicode_ci`).

<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->

## Summary by CodeRabbit

* **New Features**
* Added ability to limit the number of vulnerabilities displayed for
operating system versions via an optional parameter.
* Introduced vulnerability count tracking for operating system versions,
now visible in API responses and UI displays.
* Enhanced operating system vulnerability visualization with improved
count-based rendering.

* **Tests**
* Added comprehensive test coverage for vulnerability limiting behavior
across multiple operating system versions and architectures.

<!-- end of auto-generated comment: release notes by coderabbit.ai -->
2025-11-03 13:07:44 -06:00
Zach Wasserman
0cdde239b9
Add activity feed entries for host deletion and expiration (#34720)
**Related issue:** Resolves #33513 

# Checklist for submitter

- [x] Changes file added for user-visible changes in `changes/`,
`orbit/changes/` or `ee/fleetd-chrome/changes`.
See [Changes
files](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/guides/committing-changes.md#changes-files)
for more information.

## Testing

- [x] Added/updated automated tests
- [x] QA'd all new/changed functionality manually
2025-10-31 09:37:31 -07:00
Magnus Jensen
ba15654498
DCSW: Support all IDP variables in Windows config profiles (#34707)
<!-- Add the related story/sub-task/bug number, like Resolves #123, or
remove if NA -->
**Related issue:** Resolves
https://fleetdm.slack.com/archives/C03C41L5YEL/p1761232938314509, but
also https://github.com/fleetdm/fleet/issues/34363, as it would have
been stupid to only add IDP_USERNAME (to allow for an email) when they
are so close together and no extra effort to support the rest.

Also does another fix to ensure fleet variables are correctly ordered by
longest name to shortest, to ensure variables that are used in longer
format (USERNAME, USERNAME_LOCAL_PART) that the LOCAL_PART one gets
processed first.

# Checklist for submitter

If some of the following don't apply, delete the relevant line.


## Testing

- [x] Added/updated automated tests
- [x] QA'd all new/changed functionality manually
2025-10-24 10:10:58 -03:00
Tim Lee
d4004a4f8e
IDP user update API (#34332) 2025-10-21 12:02:25 -06:00
Martin Angers
8a9b27b2b9
Bugfix: create past activities when an "activated" VPP app install is cancelled by turning MDM off (#33693) 2025-10-06 09:15:40 -04:00
Tim Lee
651a4f3bc4
Optimize os versions response (#33691) 2025-10-01 12:11:27 -06:00
Lucas Manuel Rodriguez
d467968c03
Add govet's nilness and golangci-lint nilnesserr (#33359)
These seemed easy to fix. And worth keeping the lint enabled moving
forward.
2025-09-23 17:55:50 -03:00
Martin Angers
72571a9f8e
Feature branch for Android config profiles (#32976) 2025-09-22 11:29:57 -04:00
Victor Lyuboslavsky
d6695bf299
Fixed MySQL DB performance regressions (#33184)
Resolves #33147 

# Checklist for submitter

If some of the following don't apply, delete the relevant line.

- [x] Changes file added for user-visible changes in `changes/`,
`orbit/changes/` or `ee/fleetd-chrome/changes`.
See [Changes
files](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/guides/committing-changes.md#changes-files)
for more information.

## Testing

- [x] Added/updated automated tests
- [x] Where appropriate, [automated tests simulate multiple hosts and
test for host
isolation](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/reference/patterns-backend.md#unit-testing)
(updates to one hosts's records do not affect another)

- [x] QA'd all new/changed functionality manually

## Database migrations

- [x] Checked table schema to confirm autoupdate


<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->

## Summary by CodeRabbit

- Bug Fixes
- Resolved MySQL performance regressions from 4.73.0/4.73.1 affecting OS
versions and software titles views, improving load times and reducing
timeouts.

- Refactor
- Optimized OS vulnerabilities fetching by batching multiple OS versions
in a single request.
- Added a supporting database index to speed kernel-related
vulnerability queries.

- Tests
- Added comprehensive tests for multi-OS vulnerability retrieval, CVSS
enrichment, team-scoped data, and service endpoint behavior.

<!-- end of auto-generated comment: release notes by coderabbit.ai -->
2025-09-19 15:35:05 -05:00
Magnus Jensen
20c30406a8
Show certificates actual total count in table (#32972)
fixes: #32103 

# Checklist for submitter

If some of the following don't apply, delete the relevant line.

- [x] Changes file added for user-visible changes in `changes/`,
`orbit/changes/` or `ee/fleetd-chrome/changes`.
See [Changes
files](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/guides/committing-changes.md#changes-files)
for more information.


## Testing

- [x] Added/updated automated tests

- [x] QA'd all new/changed functionality manually

<img width="1682" height="688" alt="image"
src="https://github.com/user-attachments/assets/d4f59612-782e-4747-9090-b2895edc76ba"
/>
2025-09-17 14:05:32 +03:00
Victor Lyuboslavsky
4129b52fc6
Prevent deadlocks by adding FOR UPDATE locks (#32173)
Fixes #31173 

Reproduced and fixed in loadtest environment. Uncovered another source
of deadlocks, filed as a separate:
https://github.com/fleetdm/fleet/issues/32201
- Also, still seeing some deadlocks (a lot fewer) in DB, and they are
hidden from the API results by retries. They may still be happening
because locks happen row by row and not all at once. A potential fix
would be to lock the whole policy_membership table.

Additional frontend fix, which is needed to prevent potential timeouts:
https://github.com/fleetdm/fleet/pull/32212

Backend + frontend fix should be a sufficient fix for this issue
(ignoring the issue with the long software transaction).

Also, this PR contains some refactoring to split out the 1-host use
case.

# Checklist for submitter

If some of the following don't apply, delete the relevant line.

- [x] Changes file added for user-visible changes in `changes/`,
`orbit/changes/` or `ee/fleetd-chrome/changes`.

## Testing

- [x] QA'd all new/changed functionality manually


<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->

## Summary by CodeRabbit

* Bug Fixes
* Resolved rare deadlocks during concurrent policy updates and bulk
automations.
* Correctly clears stale MDM data and actions on host re-enrollment and
platform changes.
* Performance Improvements
* Optimized policy issue recalculation with per-host updates to reduce
contention.
* Improved concurrency handling for bulk policy updates to avoid lock
contention.
* Reliability
* More robust host enrollment: updates seen time, display name, and
label membership consistently.
* Ensures accurate policy-issue counts after membership changes and
re-enrollment.

<!-- end of auto-generated comment: release notes by coderabbit.ai -->
2025-08-22 12:36:03 -05:00
Juan Fernandez
51a5b6166a
Refactor failing policies total on Host endpoint (#31906)
For #29795

Refactored the way we compute the number of failing policies to avoid
discrepancies due to either read replica delays or due to async nature
of the failing policy computation stored in host issues.
2025-08-19 13:39:32 -04:00
Jonathan Katz
3388740f0e
4498 empty software (#31940)
Fixes: #4498 

# Checklist for submitter

If some of the following don't apply, delete the relevant line.

- [x] Changes file added for user-visible changes in `changes/`,
`orbit/changes/` or `ee/fleetd-chrome/changes`.
See [Changes
files](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/guides/committing-changes.md#changes-files)
for more information.

## Testing

- [x] Added/updated automated tests
- Added unit test 
- Changed existing unit tests to accept empty array instead of null

- [x] QA'd all new/changed functionality manually
- Tested that Fleet UI > host details, returns `software: []` instead of
nothing.
- Tested that with exclude_software=false, software returns the full
array for host.

---------

Co-authored-by: Anthony Maxwell <133805840+Illbjorn@users.noreply.github.com>
2025-08-19 10:38:53 -04:00
Jahziel Villasana-Espinoza
56284ef87b
make sure vulns are shown in list OS page, and fix the names (#31930)
# Checklist for submitter

If some of the following don't apply, delete the relevant line.


## Testing

- [x] Added/updated automated tests
- [x] QA'd all new/changed functionality manually

For unreleased bug fixes in a release candidate, one of:
- [x] Confirmed that the fix is not expected to adversely impact load
test results
2025-08-14 16:47:58 -04:00
Jahziel Villasana-Espinoza
153f73c8ca
30738 linux vulns (#31893)
- **linux vulns API changes (#31490)**
- **31214 linux vulns optimization (#31722)**

# Checklist for submitter

If some of the following don't apply, delete the relevant line.

- [x] Input data is properly validated, `SELECT *` is avoided, SQL
injection is prevented (using placeholders for values in statements)

## Testing

- [x] Added/updated automated tests
- [x] Where appropriate, [automated tests simulate multiple hosts and
test for host
isolation](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/reference/patterns-backend.md#unit-testing)
(updates to one hosts's records do not affect another)
- [x] QA'd all new/changed functionality manually

## Database migrations

- [x] Checked table schema to confirm autoupdate
- [x] Checked schema for all modified table for columns that will
auto-update timestamps during migration.
- [x] Confirmed that updating the timestamps is acceptable, and will not
cause unwanted side effects.
- [x] Ensured the correct collation is explicitly set for character
columns (`COLLATE utf8mb4_unicode_ci`).
2025-08-14 10:13:37 -04:00
Scott Gress
7a8f18cc8f
Implement BitLocker "action required" status (#31451)
for #31182 

# Details

This PR implements the "Action Required" state for Windows host disk
encryption. This includes updates to reporting for:

* disk encryption summary (`GET /fleet/disk_encryption`)
* config profiles summary (`GET /configuration_profiles/summary`)
* config profile status ( `GET
/configuration_profiles/{profile_uuid}/status`)

For disk encryption summary, the statuses are now determined according
to [the rules in the
Figma](https://www.figma.com/design/XbhlPuEJxQtOgTZW9EOJZp/-28133-Enforce-BitLocker-PIN?node-id=5484-928&t=JB13g8zQ2QDVEmPB-0).
TL;DR if the criteria for "verified" or "verifying" are set, but a
required PIN is not set, we report a host as "action required".

For profiles, I followed what seems to be the existing pattern and set
the profile status to "pending" if the disk encryption status is "action
required". This is what we do for hosts with the "enforcing" or
"removing enforcement" statuses.

A lot of the changes in these files are due to the creation of the
`fleet.DiskEncryptionConfig` struct to hold info about disk encryption
config, and passing variables of that type to various functions instead
of passing a `bool` to indicate whether encryption is enabled. Other
than that, the functional changes are constrained to a few files.

> Note: to get the "require bitlocker pin" UI, compile the front end
with:
```
SHOW_BITLOCKER_PIN_OPTION=true NODE_ENV=development yarn run webpack --progress --watch
```

# Checklist for submitter

If some of the following don't apply, delete the relevant line.

- [ ] Changes file added for user-visible changes in `changes/`,
`orbit/changes/` or `ee/fleetd-chrome/changes`.
See [Changes
files](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/guides/committing-changes.md#changes-files)
for more information.
Changelog will be added when feature is complete.

- [X] Input data is properly validated, `SELECT *` is avoided, SQL
injection is prevented (using placeholders for values in statements)

## Testing

- [X] Added/updated automated tests
- [X] Where appropriate, [automated tests simulate multiple hosts and
test for host
isolation](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/reference/patterns-backend.md#unit-testing)
(updates to one hosts's records do not affect another)

- [ ] QA'd all new/changed functionality manually
Could use some help testing this end-to-end. I was able to test the
banners showing up correctly, but testing the Disk Encryption table
requires some Windows-MDM-fu (I just get all zeroes).

## Database migrations

- [X] Checked table schema to confirm autoupdate
- [X] Checked schema for all modified table for columns that will
auto-update timestamps during migration.
- [X] Confirmed that updating the timestamps is acceptable, and will not
cause unwanted side effects.
- [X] Ensured the correct collation is explicitly set for character
columns (`COLLATE utf8mb4_unicode_ci`).
2025-08-05 11:23:27 -05:00
Juan Fernandez
fdfef5adf1
30311: Fix race condition in test (#30903)
For #30311 

Refactored `AddHostsToTeam` so that batch size can be specified via a
parameter and not a global variable.
2025-07-17 10:20:49 -04:00
Sarah Gillespie
17da791012
Add encryption_key_archived to host details API response (#30850) 2025-07-15 13:21:39 -05:00
Konstantin Sykulev
6d5ac49c74
remove default'd available_for_install (#30516)
This was added to support the "All Software" when listing software on
the host.

Fixes #30188

- [x] If paths of existing endpoints are modified without backwards
compatibility, checked the frontend/CLI for any necessary changes
- [x] Added/updated automated tests
- [x] Manual QA for all new/changed functionality
- [x] For unreleased bug fixes in a release candidate, confirmed that
the fix is not expected to adversely impact load test results or alerted
the release DRI if additional load testing is needed.


<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit

* **New Features**
* Added an option to explicitly exclude software available for install
from host software listings.

* **Bug Fixes**
* Improved accuracy of software inventory results when filtering by
availability for install.

* **Tests**
* Added a test to verify exclusion of available-for-install software
when the relevant option is set.
<!-- end of auto-generated comment: release notes by coderabbit.ai -->

---------

Co-authored-by: Ian Littman <iansltx@gmail.com>
2025-07-03 10:49:31 -05:00
Sarah Gillespie
848d3aec28
Update GET /hosts/:id/encryption_key to return archived key when current key is unavailable (#30396) 2025-07-02 14:57:25 -05:00
Lucas Manuel Rodriguez
608f768dd7
Add support for IdP department to SCIM and add FLEET_VAR_HOST_END_USER_IDP_DEPARTMENT fleet variable (#30375)
#29609

Verified the changes with [Entra ID's
validator](https://scimvalidator.microsoft.com/) and adding the
department attribute to the tester:
<img width="1312" alt="Screenshot 2025-06-27 at 8 54 32 AM"
src="https://github.com/user-attachments/assets/45a5deb8-7c65-49df-b3e8-eb05bea11f6b"
/>
<img width="1312" alt="Screenshot 2025-06-27 at 8 54 21 AM"
src="https://github.com/user-attachments/assets/91b554b5-b0b9-4bb6-a0cf-4e3b40e6ce21"
/>

- Tested with Okta
- TODO: Test with Entra ID and Google Workspace.
- I decided to not fail profile deployment if a user has no department
because it's not a required attribute, instead the
`FLEET_VAR_HOST_END_USER_IDP_DEPARTMENT` will be replaced with the empty
string.

---

- [X] Changes file added for user-visible changes in `changes/`,
`orbit/changes/` or `ee/fleetd-chrome/changes`.
See [Changes
files](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/guides/committing-changes.md#changes-files)
for more information.
- [X] Input data is properly validated, `SELECT *` is avoided, SQL
injection is prevented (using placeholders for values in statements)
- [X] If database migrations are included, checked table schema to
confirm autoupdate

(https://github.com/fleetdm/fleet/blob/main/docs/Configuration/yaml-files.md#L485)
- For database migrations:
- [X] Checked schema for all modified table for columns that will
auto-update timestamps during migration.
- [X] Confirmed that updating the timestamps is acceptable, and will not
cause unwanted side effects.
- [X] Ensured the correct collation is explicitly set for character
columns (`COLLATE utf8mb4_unicode_ci`).
- [X] Added/updated automated tests
- [X] Manual QA for all new/changed functionality
2025-06-29 15:23:03 -03:00
Jahziel Villasana-Espinoza
0c4af0b985
Verify VPP: core implementation (#30295)
# Checklist for submitter

If some of the following don't apply, delete the relevant line.

<!-- Note that API documentation changes are now addressed by the
product design team. -->

- [x] Changes file added for user-visible changes in `changes/`,
`orbit/changes/` or `ee/fleetd-chrome/changes`.
See [Changes
files](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/guides/committing-changes.md#changes-files)
for more information.
- [x] Input data is properly validated, `SELECT *` is avoided, SQL
injection is prevented (using placeholders for values in statements)
- For database migrations:
- [x] Ensured the correct collation is explicitly set for character
columns (`COLLATE utf8mb4_unicode_ci`).
- [x] Added/updated automated tests
- [x] Manual QA for all new/changed functionality
2025-06-26 17:55:43 -04:00
RachelElysia
1d2b71857b
Host API: Return empty array instead of 404 for software filter not found (#30045) 2025-06-17 09:20:09 -04:00
jacobshandling
b4a1042d3e
Re-calculate host failing policy and total issue counts whenever GET ing that host (#29109)
## For #27085 


![ezgif-4c995b0462ebed](https://github.com/user-attachments/assets/a1c1b2d1-c585-42c9-9db7-b45f4853e90b)


- [x] Changes file added for user-visible changes in `changes/`
- [x] Added/updated automated tests
- [x] Manual QA for all new/changed functionality

---------

Co-authored-by: Jacob Shandling <jacob@fleetdm.com>
2025-05-20 13:41:38 -07:00
Sarah Gillespie
b8acdfacdf
Fix MDM lifecycle bug when deleting multiple hosts (#29278) 2025-05-20 14:22:40 -05:00
Jordan Montgomery
db3e3ff70b
Fix MDM last checkin and enrollment names to match API spec (#29073)
For #17710 

I focused too much on making sure we were returning the requested data
and got the actual property names wrong.

See https://github.com/fleetdm/fleet/pull/28940/files for proper names

- [x] Changes file added for user-visible changes in `changes/`,
`orbit/changes/` or `ee/fleetd-chrome/changes`.
See [Changes
files](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/Committing-Changes.md#changes-files)
for more information.
- [x] Input data is properly validated, `SELECT *` is avoided, SQL
injection is prevented (using placeholders for values in statements)
- [x] Added/updated automated tests
- [x] Manual QA for all new/changed functionality
2025-05-13 08:17:11 -04:00