For #26977.
# Checklist for submitter
If some of the following don't apply, delete the relevant line.
<!-- Note that API documentation changes are now addressed by the
product design team. -->
- [x] Changes file added for user-visible changes in `changes/`,
`orbit/changes/` or `ee/fleetd-chrome/changes`.
See [Changes
files](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/Committing-Changes.md#changes-files)
for more information.
- [x] Input data is properly validated, `SELECT *` is avoided, SQL
injection is prevented (using placeholders for values in statements)
- [x] Added/updated automated tests
- [x] A detailed QA plan exists on the associated ticket (if it isn't
there, work with the product group's QA engineer to add it)
- [x] Manual QA for all new/changed functionality
For #26603
This PR completes the #26603 sub-task for configuring DigiCert. It adds:
- validation call to DigiCert to verify the profile ID
- tests/checks for activity feed
The changes file will be added in the next DigiCert subtask.
# Checklist for submitter
- [x] Added/updated automated tests
- [x] Manual QA for all new/changed functionality
For #26933.
# Checklist for submitter
If some of the following don't apply, delete the relevant line.
<!-- Note that API documentation changes are now addressed by the
product design team. -->
- [x] Changes file added for user-visible changes in `changes/`,
`orbit/changes/` or `ee/fleetd-chrome/changes`.
See [Changes
files](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/Committing-Changes.md#changes-files)
for more information.
- [x] Input data is properly validated, `SELECT *` is avoided, SQL
injection is prevented (using placeholders for values in statements)
- [x] Added/updated automated tests
- [x] A detailed QA plan exists on the associated ticket (if it isn't
there, work with the product group's QA engineer to add it)
- [x] Manual QA for all new/changed functionality
---------
Co-authored-by: Rachael Shaw <r@rachael.wtf>
Now that we are getting the new APNs certificate and enrollment profile
distributed, devices need to reboot to have FileVault enabled and their
keys escrowed the Fleet. These policies should hopefully encourage
everyone affected to restart their device.
---------
Co-authored-by: Brock Walters <153771548+nonpunctual@users.noreply.github.com>
Related to: https://github.com/fleetdm/confidential/issues/9884
Changes:
- Updated the prompt in the `get-llm-generated-sql` action to include a
note about using wildcard characters when generating queries that use
the LIKE operator.
- Improved error handling in the `get-llm-generated-sql` action
> For #24784
# Checklist for submitter
If some of the following don't apply, delete the relevant line.
<!-- Note that API documentation changes are now addressed by the
product design team. -->
- [x] Added/updated automated tests
- [x] Manual QA for all new/changed functionality
Cleaning up and standardizing use of quotations in YAML.
1. Updated to use single quotes
2. Updated to use double quotes to enclose single quote references.
3. Removed extraneous quotes around strings.
For #26743
This PR fixes an issue where using `fleetctl gitops` unsets the "gitops
mode" settings in the UI. The code which prepares the config spec to
send to the "modify config" endpoint deliberately copies over the
current app settings for gitops mode to facilitate this. I updated an
existing test to verify the new behavior.
Replacing an old screenshot for SSO-Setup that removes the `issuer URI`
field that is no longer needed nor available in Fleet
---------
Co-authored-by: Eric <eashaw@sailsjs.com>
For #26603
This PR includes:
- DB migration for DigiCert
- new datastore methods and tests
- saving/deleting/updating of encrypted DigiCert API tokens
- Integration test for DigiCert configs
This PR does not include the following:
- Making an HTTP call to DigiCert API for validation (in later PR)
- Changes file (in later PR)
# Checklist for submitter
- [x] If database migrations are included, checked table schema to
confirm autoupdate
- For database migrations:
- [x] Checked schema for all modified table for columns that will
auto-update timestamps during migration.
- [x] Confirmed that updating the timestamps is acceptable, and will not
cause unwanted side effects.
- [x] Ensured the correct collation is explicitly set for character
columns (`COLLATE utf8mb4_unicode_ci`).
- [x] Added/updated automated tests
- [x] Manual QA for all new/changed functionality
From what I can tell, continue-on-error has been false for the
integration suites since the suites were renamed to `integration-*`, so
this fixes that issue in addition to continuing to run test suites when
the vulns suite fails (which may be due to vulns feed updates).
This also makes the vulns test more resilient to new CVEs being reported
on Python 3.12.0, which is rather likely to collect new CVEs.
# Checklist for submitter
- [x] Added/updated automated tests
Closes: https://github.com/fleetdm/confidential/issues/9801
Changes:
- Updated the handbook's sidebar CTA to scroll with the page
- Updated the swag CTA in the docs to scroll with the page.
- Updated the CTA at the bottom of osquery table schema pages
For #26870.
On my local, this gets us a differential vulns feed update (for this
part of it) in under 90 seconds, vs. taking on the order of...40
minutes, I think? RAM usage is a few GB, but we have headroom on GitHub
Actions and the performance increase is worth it.
# Checklist for submitter
If some of the following don't apply, delete the relevant line.
<!-- Note that API documentation changes are now addressed by the
product design team. -->
- [ ] Changes file added for user-visible changes in `changes/`,
`orbit/changes/` or `ee/fleetd-chrome/changes`.
See [Changes
files](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/Committing-Changes.md#changes-files)
for more information.
- [ ] Added/updated automated tests
- [ ] A detailed QA plan exists on the associated ticket (if it isn't
there, work with the product group's QA engineer to add it)
- [ ] Manual QA for all new/changed functionality
For #26603
This PR includes:
- DigiCert configs
- Some config code for custom SCEP, but not fully functional
- Validation tests for DigiCert Configs
- DigiCert activities (manually tested)
This PR does not include the following:
- Encryption of DigiCert API tokens -- this requires DB migration (in
next PR)
- Making an HTTP call to DigiCert API for validation (in later PR)
- Integration tests (in later PR)
- Changes file (in later PR)
# Checklist for submitter
- [x] Added/updated automated tests
- [x] Manual QA for all new/changed functionality
For #26856. Confirmed that this attribute only affects the warning
message so it's safe to remove here.
# Checklist for submitter
If some of the following don't apply, delete the relevant line.
<!-- Note that API documentation changes are now addressed by the
product design team. -->
- [x] A detailed QA plan exists on the associated ticket (if it isn't
there, work with the product group's QA engineer to add it)
- [x] Manual QA for all new/changed functionality
