Fresh PR to avoid product design PRs messing with the PR open time KPI
(original here: https://github.com/fleetdm/fleet/pull/17369)
---------
Co-authored-by: Marko Lisica <83164494+marko-lisica@users.noreply.github.com>
Fresh PR to avoid product design PRs messing with the PR open time KPI
(previously https://github.com/fleetdm/fleet/pull/17711)
---------
Co-authored-by: Marko Lisica <83164494+marko-lisica@users.noreply.github.com>
Co-authored-by: George Karr <georgekarrv@users.noreply.github.com>
Fresh PR to avoid product design PRs messing with the PR open time KPI
(previously https://github.com/fleetdm/fleet/pull/17841)
Co-authored-by: Marko Lisica <83164494+marko-lisica@users.noreply.github.com>
Fresh PR to avoid product design PRs messing with the PR open time KPI
(previously https://github.com/fleetdm/fleet/pull/17670)
---------
Co-authored-by: Marko Lisica <83164494+marko-lisica@users.noreply.github.com>
Fresh PR to avoid product design PRs messing with the PR open time KPI
(original: https://github.com/fleetdm/fleet/pull/16982)
---------
Co-authored-by: Noah Talerman <47070608+noahtalerman@users.noreply.github.com>
File carves were moved to their own section in contributor docs
https://github.com/fleetdm/fleet/pull/16877
Fixed link on API page
---------
Co-authored-by: Rachael Shaw <r@rachael.wtf>
#16767
To create a manual label:
```sh
cat labels.yml
---
apiVersion: v1
kind: label
spec:
name: Manually Managed Example
label_membership_type: manual
hosts:
- lucass-macbook-pro.local
```
To add/delete a manual label to/from a host:
```
curl -k -v -X POST -H "Authorization: Bearer $TEST_TOKEN" https://localhost:8080/api/latest/fleet/hosts/1/labels -d '{"labels": ["Manually Managed Example"]}'
curl -k -v -X DELETE -H "Authorization: Bearer $TEST_TOKEN" https://localhost:8080/api/latest/fleet/hosts/1/labels -d '{"labels": ["Manually Managed Example"]}'
```
API draft changes: https://github.com/fleetdm/fleet/pull/16979/files
Figma with error strings:
https://www.figma.com/file/JiWoAiuHlkt76s3o3Uyz6h/%2316767-API-endpoint-for-updating-a-host's-manual-labels?type=design&node-id=2-130&mode=design&t=pxRPhrn6E1bOCrEd-0
- [X] Changes file added for user-visible changes in `changes/`,
`orbit/changes/` or `ee/fleetd-chrome/changes`.
See [Changes
files](https://fleetdm.com/docs/contributing/committing-changes#changes-files)
for more information.
- [X] Input data is properly validated, `SELECT *` is avoided, SQL
injection is prevented (using placeholders for values in statements)
~- [ ] Added support on fleet's osquery simulator `cmd/osquery-perf` for
new osquery data ingestion features.~
- [X] Added/updated tests
- ~[ ] If database migrations are included, checked table schema to
confirm autoupdate~
- ~For database migrations:~
- ~[ ] Checked schema for all modified table for columns that will
auto-update timestamps during migration.~
- ~[ ] Confirmed that updating the timestamps is acceptable, and will
not cause unwanted side effects.~
- ~[ ] Ensured the correct collation is explicitly set for character
columns (`COLLATE utf8mb4_unicode_ci`).~
- [x] Manual QA for all new/changed functionality
- ~For Orbit and Fleet Desktop changes:~
- ~[ ] Manual QA must be performed in the three main OSs, macOS, Windows
and Linux.~
- ~[ ] Auto-update manual QA, from released version of component to new
version (see [tools/tuf/test](../tools/tuf/test/README.md)).~
Docs improvements uncovered during
[dogfooding](https://github.com/fleetdm/confidential/issues/2506):
- Update end user auth docs to link to SSO docs. So the user knows what
do to get the necessary info from their IdP (create an Okta/GW app)
- Cut content from SSO docs and move Okta and Google Workspace to top
level headers
- "IDP" => "IdP"
- Use **bold** styling to indicate UI elements in docs (instead of
_italics_)
---------
Co-authored-by: Rachael Shaw <r@rachael.wtf>
Adds `webhook_settings.host_status_webhook` options to team config for
#14916.
Also updated conceptual docs that reference this config (and cut down
some content to make room).
The Wine developer does have an Apple Develeoper certificate but the
"Wine Stable" app bundle is not code-signed or notarized post-install &
disables Gatekeeper for the install. This adds a warning to the script
user about the app not being signed. post-install
---------
Co-authored-by: Victor Lyuboslavsky <victor.lyuboslavsky@gmail.com>
#17827
Updated 1Password policy to only search one level deep for performance
reasons.
---------
Co-authored-by: Noah Talerman <47070608+noahtalerman@users.noreply.github.com>
For better readability: add periods as separation between the Fleet
Premium message and parameter descriptions.
✅ _Available in Fleet Premium_. Description text.
❌ _Available in Fleet Premium_ Description text.
- Updated `GET /api/v1/fleet/scripts`: documented `team_id` parameter
that was missing
- Replaced "Upload" with "Add" since that's the language we want to use
across the product and docs.
- Removed articles from headings
---------
Co-authored-by: Noah Talerman <47070608+noahtalerman@users.noreply.github.com>
Co-authored-by: Rachael Shaw <r@rachael.wtf>
This instructions were inaccurate following these steps only `Fleet
Osquery` was installed not `orbit`
---------
Co-authored-by: Rachael Shaw <r@rachael.wtf>
Closes: #17582
Changes:
- Updated the `build-static-content` script to not generate HTML pages
for files in subfolders that are prefixed with an underscore
- Renamed the `docs/Deploy/kubernetes` folder »
`docs/Deploy/_kubernetes`
- Documented this new behavior on the communications page of the
handbook.
- Updated commands on the Deploy Fleet on Kubernetes page.
---------
Co-authored-by: Mike McNeil <mikermcneil@users.noreply.github.com>
Typo: "removing" /past from host's activities API
# Checklist for submitter
If some of the following don't apply, delete the relevant line.
<!-- Note that API documentation changes are now addressed by the
product design team. -->
- [ ] Changes file added for user-visible changes in `changes/` or
`orbit/changes/`.
See [Changes
files](https://fleetdm.com/docs/contributing/committing-changes#changes-files)
for more information.
- [ ] Documented any permissions changes (docs/Using
Fleet/manage-access.md)
- [ ] Input data is properly validated, `SELECT *` is avoided, SQL
injection is prevented (using placeholders for values in statements)
- [ ] Added support on fleet's osquery simulator `cmd/osquery-perf` for
new osquery data ingestion features.
- [ ] Added/updated tests
- [ ] If database migrations are included, checked table schema to
confirm autoupdate
- For database migrations:
- [ ] Checked schema for all modified table for columns that will
auto-update timestamps during migration.
- [ ] Confirmed that updating the timestamps is acceptable, and will not
cause unwanted side effects.
- [ ] Manual QA for all new/changed functionality
- For Orbit and Fleet Desktop changes:
- [ ] Manual QA must be performed in the three main OSs, macOS, Windows
and Linux.
- [ ] Auto-update manual QA, from released version of component to new
version (see [tools/tuf/test](../tools/tuf/test/README.md)).
---------
Co-authored-by: Rachael Shaw <r@rachael.wtf>
#15565
Replace the use of the isFederated registry key with a keys that check
for AAD (Azure Active Directory, now Entra ID)
Federated enrollment (`isFederated`) seems to be when windows uses a
Discovery MDM endpoint to get its policy and management endpoint
configuration. This is always the case when a client is enrolled with
fleet, so installations always show up as automatic.
It's being replaced by a different key, `AADResourceID`, which appears
to identify the resource that controls the automated deployment. In my
tests it only appears to be populated when the computer is enrolled
through automated deployments. This key appears on both Windows 10 and
11.
There is a similar key, `AADTenantID`, which appears to identify the
client (tenant) to the Azure cloud. I haven't seen this ID in our
systems, so it is likely exclusively used in Azure. Both this key and
`AADResourceID` seem to always be set at the same time, so we only
check for the `AADResourceID`.
I've also added documentation on the registry keys I've analyzed for future reference.
This PR addresses an issue in the documentation for installing the MySQL
chart using Helm. Previously, the documentation provided a Helm install
command that incorrectly referenced mysqlUser and mysqlDatabase.
However, these keys don't exist in the chart's values.yaml file anymore.
Removed reference to **Scripts** tab and added instructions for
accessing the **Run Script** modal from the host detail page.
# Checklist for submitter
Docs-only change
---------
Co-authored-by: Brock Walters <153771548+nonpunctual@users.noreply.github.com>
Co-authored-by: Rachael Shaw <r@rachael.wtf>
