For #26219
Frontend wasn't displaying the right Android page due to missing
details.
# Checklist for submitter
- [x] Manual QA for all new/changed functionality
Deploying Windows MDM with a customer and ran into some snags and
documentation diff. Updating here but also plan to write and article
about this in greater detail.
---------
Co-authored-by: Ian Littman <iansltx@gmail.com>
For #26218
### Observations
The custom lint rules don't catch many issues. For example: this checks
for an illegal use of reader/writer in a function
(`containsIllegal(m["fn"]))`), but if the reader/writer code is
refactored into a different function, then this check will not fail.
Also, the rules lack tests, making them hard to maintain and potentially
irrelevant after code is refactored.
For #26218
- Added signup_token authentication for Android enterprise callback and
fixed API path to match API doc
# Checklist for submitter
- [x] Added/updated automated tests
- [x] Manual QA for all new/changed functionality
For #26218
This is a dev helper feature (since it will be implemented in
fleetdm.com). It fixes the issue of stale PubSub topics. Having stale
PubSub topics around may cause extra traffic/errors on dev server.
- [x] Manual QA for all new/changed functionality
It may take up to 2 hours to get Apple encryption keys.
- 1 hour for detailed query
- 1 hour for cleanups_then_aggregation.verify_disk_encryption_keys job
Changes:
- Updated the prompt helper to accept a new input: `systemPrompt`, if
provided and a supported baseModel is selected, the system prompt will
be included in the Open AI API request along with the prompt.
- Updated the models used by the query generator to improve the speed of
query generation.
For #25479
# Checklist for submitter
- [X] Changes file added for user-visible changes in `changes/`,
`orbit/changes/` or `ee/fleetd-chrome/changes`.
See [Changes
files](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/Committing-Changes.md#changes-files)
for more information.
- [X] Manual QA for all new/changed functionality
## Details
This PR fixes the `privacy_preferences` table results generator for the
Chrome Extension. The root cause was that we were attempting to return
boolean values directly to sqlite, which doesn't have a native boolean
type. The fix is to coerce booleans to "1" or "0" as we do for other
tables in the extension.
The _proximate_ cause of the issue was that the warnings generated at
the db level (in this case about not being able to handle the `null`
values that sqlite was coercing booleans to) are not being handled
correctly. I'll tackle this in a separate PR as it's a little more
complicated to debug and fix.
## Testing
On a Chromebook, was able to run a live `select * from
privacy_preferences` query with results:
<img width="1706" alt="image"
src="https://github.com/user-attachments/assets/7dcc4410-70fd-4381-842d-fd06d43b94ae"
/>
<img width="1708" alt="image"
src="https://github.com/user-attachments/assets/db783e7b-3351-424c-82e3-b7e80c1d999d"
/>
Added automated test that fails on main and passes on this branch.
For #25882
For #26615
# Checklist for submitter
If some of the following don't apply, delete the relevant line.
<!-- Note that API documentation changes are now addressed by the
product design team. -->
- [x] Changes file added for user-visible changes in `changes/`,
`orbit/changes/` or `ee/fleetd-chrome/changes`.
See [Changes
files](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/Committing-Changes.md#changes-files)
for more information.
- [x] Added/updated automated tests
- [x] A detailed QA plan exists on the associated ticket (if it isn't
there, work with the product group's QA engineer to add it)
- [x] Manual QA for all new/changed functionality
Softwares query for macOS corrected in Vitals. Was showing query for
linux.
# Checklist for submitter
If some of the following don't apply, delete the relevant line.
<!-- Note that API documentation changes are now addressed by the
product design team. -->
- [ ] Input data is properly validated, `SELECT *` is avoided, SQL
injection is prevented (using placeholders for values in statements)
- [ ] Manual QA for all new/changed functionality
---------
Co-authored-by: Rachael Shaw <r@rachael.wtf>
Lowercase Succession in security.md page
# Checklist for submitter
If some of the following don't apply, delete the relevant line.
<!-- Note that API documentation changes are now addressed by the
product design team. -->
- [ ] Changes file added for user-visible changes in `changes/`,
`orbit/changes/` or `ee/fleetd-chrome/changes`.
See [Changes
files](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/Committing-Changes.md#changes-files)
for more information.
- [ ] Input data is properly validated, `SELECT *` is avoided, SQL
injection is prevented (using placeholders for values in statements)
- [ ] Added support on fleet's osquery simulator `cmd/osquery-perf` for
new osquery data ingestion features.
- [ ] If paths of existing endpoints are modified without backwards
compatibility, checked the frontend/CLI for any necessary changes
- [ ] If database migrations are included, checked table schema to
confirm autoupdate
- For database migrations:
- [ ] Checked schema for all modified table for columns that will
auto-update timestamps during migration.
- [ ] Confirmed that updating the timestamps is acceptable, and will not
cause unwanted side effects.
- [ ] Ensured the correct collation is explicitly set for character
columns (`COLLATE utf8mb4_unicode_ci`).
- [ ] Added/updated automated tests
- [ ] A detailed QA plan exists on the associated ticket (if it isn't
there, work with the product group's QA engineer to add it)
- [ ] Manual QA for all new/changed functionality
- For Orbit and Fleet Desktop changes:
- [ ] Make sure fleetd is compatible with the latest released version of
Fleet (see [Must
rule](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/fleetd-development-and-release-strategy.md)).
- [ ] Orbit runs on macOS, Linux and Windows. Check if the orbit
feature/bugfix should only apply to one platform (`runtime.GOOS`).
- [ ] Manual QA must be performed in the three main OSs, macOS, Windows
and Linux.
- [ ] Auto-update manual QA, from released version of component to new
version (see [tools/tuf/test](../tools/tuf/test/README.md)).
For #25353.
This both fixes new installs going forward (in which case the final
migration is a no-op) and cleans up existing installs that have the
wrong collations (in the new migration).
# Checklist for submitter
If some of the following don't apply, delete the relevant line.
<!-- Note that API documentation changes are now addressed by the
product design team. -->
- [x] Changes file added for user-visible changes in `changes/`,
`orbit/changes/` or `ee/fleetd-chrome/changes`.
See [Changes
files](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/Committing-Changes.md#changes-files)
for more information.
- [x] Input data is properly validated, `SELECT *` is avoided, SQL
injection is prevented (using placeholders for values in statements)
- [x] If database migrations are included, checked table schema to
confirm autoupdate
- For database migrations:
- [x] Checked schema for all modified table for columns that will
auto-update timestamps during migration.
- [x] Confirmed that updating the timestamps is acceptable, and will not
cause unwanted side effects.
- [x] Ensured the correct collation is explicitly set for character
columns (`COLLATE utf8mb4_unicode_ci`).
- [x] Manual QA for all new/changed functionality
> For #26675
# Checklist for submitter
If some of the following don't apply, delete the relevant line.
<!-- Note that API documentation changes are now addressed by the
product design team. -->
- [x] Input data is properly validated, `SELECT *` is avoided, SQL
injection is prevented (using placeholders for values in statements)
- [x] Added/updated automated tests
- [x] Manual QA for all new/changed functionality
For #26219
Need to get in this security change for the RC
- Added auth (token stored in `mdm_config_assets`) for PubSub endpoint
- unknown notification types, including `test` are not authenticated
- Status reports for deleted devices are not authenticated -- no DB
changes are done for these since they only happen when we disable MDM
right now
# Checklist for submitter
- [x] Manual QA for all new/changed functionality
For #26218
- Added `users_deleted` table to track user actions if the user was
actually deleted.
- Added enable/disable Android MDM activities
Note: I could not auto-generate fleet.Service mock because it has issues
with methods that don't return anything. I ended up using testify mock
instead.
# Checklist for submitter
- [x] If database migrations are included, checked table schema to
confirm autoupdate
- For database migrations:
- [x] Checked schema for all modified table for columns that will
auto-update timestamps during migration.
- [x] Confirmed that updating the timestamps is acceptable, and will not
cause unwanted side effects.
- [x] Ensured the correct collation is explicitly set for character
columns (`COLLATE utf8mb4_unicode_ci`).
- [x] Added/updated automated tests
- [x] Manual QA for all new/changed functionality
For #26207
add server side event setup for the UI when turning on android MDM.
- [ ] Manual QA must be performed in the three main OSs, macOS, Windows
and Linux.
For #23243
# Checklist for submitter
<!-- Note that API documentation changes are now addressed by the
product design team. -->
- [x] Changes file added for user-visible changes in `changes/`,
`orbit/changes/` or `ee/fleetd-chrome/changes`.
See [Changes
files](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/Committing-Changes.md#changes-files)
for more information.
- [x] Added/updated automated tests
- [ ] A detailed QA plan exists on the associated ticket (if it isn't
there, work with the product group's QA engineer to add it)
- [x] Manual QA for all new/changed functionality
## Details
This PR updates the policy Manage Automations modals to support
pagination. Previously, these modals received a list of policies from
the main Manage Policies page, which is itself paginated, so that a user
could only add automations to whatever policies were currently listed on
the Manage Automations page. This PR does some refactoring via the
creation of a new PaginatedList component which:
* accepts a `fetchPage` property it can call to get a page of data,
* renders the data in a list with checkboxes and optional custom markup
(e.g. dropdowns)
* keeps track of changed ("dirty") items in the list, even across page
changes
* allows parent components to access the list of dirty items via a React
`ref`
For this specific use case, there's also a new `PoliciesPaginatedList`
which implements the `fetchPage` for getting a page of policies, and
adds Save and Cancel buttons. Each of the updated modals uses
`PoliciesPaginatedList` to replace its current code for rendering
policies in a list, and delegates much of the logic around change
tracking to the new components.
