Elgato_dark/fleet
1
0
Fork 0
mirror of https://github.com/fleetdm/fleet synced 2026-05-23 08:58:41 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 111
10227 commits 3336 branches 577 tags 2.4 GiB
Commit graph

10227 commits

This branch
This branch
All branches
Author SHA1 Message Date
Noah Talerman
c5738fbdeb
Update supported host operating system (#16070) 
- macOS is always lowercased
 2024-01-11 17:11:46 -05:00
Eric
b133e51a59
Regenerate osquery_fleet_schema.json (#16072) 
Changes:
- Ran the `generate-merged-schema` script to regenerate
`osquery_fleet_schema.json`
 2024-01-11 15:34:08 -06:00
dependabot[bot]
20ad27a4ca
Bump golang.org/x/net from 0.0.0-20211205041911-012df41ee64c to 0.17.0 in /infrastructure/kubequery (#16040) 2024-01-11 15:29:03 -06:00
Rachael Shaw
7f7eafb54f
Fix platform documentation for windows_updates table (#16071) 
Compatible with Windows (not macOS)
 2024-01-11 15:26:59 -06:00
dependabot[bot]
f118b7f9cb
Bump github.com/prometheus/client_golang from 1.11.0 to 1.11.1 in /infrastructure/kubequery (#16039) 2024-01-11 15:20:31 -06:00
dependabot[bot]
92294a038f
Bump golang.org/x/text from 0.3.7 to 0.3.8 in /infrastructure/kubequery (#16038) 2024-01-11 15:19:52 -06:00
dependabot[bot]
44cb2504a4
Bump gopkg.in/yaml.v3 from 3.0.0-20210107192922-496545a6307b to 3.0.0 in /infrastructure/kubequery (#16037) 2024-01-11 15:19:05 -06:00
Grant Bilstad
cd7da443a3
paragraph doubled in enroll docs (#16069) 
Edit to remove double-copy of paragraph in docs
 2024-01-11 14:09:42 -07:00
RachelElysia
1e0db64d36
Fleet UI: Make SVG ids unique to fix missing empty members image (#16053) 2024-01-11 15:57:57 -05:00
Roberto Dip
ca06f0aed6
prevent baseClient from trying to decode 204 responses (#16060) 
noticed while working on #15916, we do a request that, when successful,
returns a 204 response (with no content)

currently the client will fail to parse the contents of the response and
return an error "response: unexpected end of JSON input, body" even if
the request was succesful.
 2024-01-11 17:55:35 -03:00
Rachael Shaw
0f3458b2a0
#14500 documentation: Option to disable scripts in organization settings (#15431) 
Changes to the organization settings configuration example for
https://github.com/fleetdm/fleet/issues/14500
 2024-01-11 14:37:25 -05:00
Rachael Shaw
bc075b1eea
#15058 API design: Add gigs total disk space to host endpoints (#15442) 
Rest API changes for https://github.com/fleetdm/fleet/issues/15058
 2024-01-11 14:35:56 -05:00
Jacob Shandling
9ee03b5c5f
Test fix - increase test regex matching (#16055) 
Fix a broken datetime-based test

- [x] Manual QA for all new/changed functionality

Co-authored-by: Jacob Shandling <jacob@fleetdm.com>
 2024-01-11 11:33:14 -08:00
Rachael Shaw
7c84588689
#14800 API design: POST request for "Run live query" endpoint (#15508) 
"Run live query" API updates based on @jrzmurray's PR
https://github.com/fleetdm/fleet/pull/13002, to resolve issue
https://github.com/fleetdm/fleet/issues/14800.
 2024-01-11 14:28:48 -05:00
Josh Brower
738c722502
Feature/CIS-Controls-Sonoma (#15980) 
This PR adds support for CIS Controls for macOS 14 - Sonoma.

The CIS Control changes from macOS 13 to 14 was minimal:

- Removed 5.9
- Added 2.18.1
- tested by running the test profile (ee/cis/macos-14/test/profiles/on-device-dictiation-enabled.mobileconfig)

---------

Co-authored-by: Sharon Katz <121527325+sharon-fdm@users.noreply.github.com>
 2024-01-11 12:51:01 -05:00
Jahziel Villasana-Espinoza
bff2d76b19
fix: false positives on ms teams on macos (#16048) 
> 📜 Related issue: #15538

# Checklist for submitter

If some of the following don't apply, delete the relevant line.

<!-- Note that API documentation changes are now addressed by the
product design team. -->

- [x] Changes file added for user-visible changes in `changes/` or
`orbit/changes/`.
See [Changes
files](https://fleetdm.com/docs/contributing/committing-changes#changes-files)
for more information.
- [x] Added/updated tests
- [x] Manual QA for all new/changed functionality
 2024-01-11 11:56:27 -05:00
Tim Lee
26c070eb00
fix vulnerabilities resolved in value (#15905) 2024-01-11 09:22:35 -07:00
Katheryn Satterlee
e761ba529d
Update MySQL requirements (#15940) 
Added a note about using alternative database servers with Fleet.

Resolves #15766
 2024-01-11 10:00:38 -06:00
Robbie
52a8a9650c
Add Tunnelmole as an open source tunnelling option in addition to ngrok (#15426) 
Add docs for [Tunnelmole](https://github.com/robbie-cahill/tunnelmole-client) as a tunnelling option when testing ChromeOS enrollment locally.
 2024-01-11 10:14:04 -05:00
Jahziel Villasana-Espinoza
e3ae0b34cc
chore: update go.mod to pull latest scep changes (#16044) 
> 📜 Related issue: #15635

# Checklist for submitter

If some of the following don't apply, delete the relevant line.

<!-- Note that API documentation changes are now addressed by the
product design team. -->

- [x] Changes file added for user-visible changes in `changes/` or
`orbit/changes/`.
See [Changes
files](https://fleetdm.com/docs/contributing/committing-changes#changes-files)
for more information.
- [x] Added/updated tests
- [x] Manual QA for all new/changed functionality

Tests were added in the scep repo:
https://github.com/fleetdm/scep/pull/1
 2024-01-11 10:13:58 -05:00
Lucas Manuel Rodriguez
e466b569d4
Remove very old and outdated MDM docs (#16043) 
Running some cleanup of very old docs around initial MDM implementation.
 2024-01-11 11:53:51 -03:00
Lucas Manuel Rodriguez
3b2e97db89
Move kubequery dependency to monorepo (#16027) 
#15561

We didn't find a way to preserve history of the original fork (see
[here](https://github.com/fleetdm/fleet/issues/15561#issuecomment-1883473504),
thus we are moving it with one commit.

The second commit updates a reference.
 2024-01-11 08:30:26 -03:00
Noah Talerman
78ad2ed558
Update Fleet 4.43 release article (#16034) 
- [Script library for
Linux](https://github.com/fleetdm/fleet/issues/15283) didn't ship.
Target release is 4.44
 2024-01-11 03:11:59 -08:00
JD
e6b91d828a
Update release article template (#15986) 
Updates release article template for grammar, adds tag for Demand, and
link to working document folder for release articles.
 2024-01-10 20:59:47 -06:00
Luke Heath
7b08409877
Update bug-report.md (#16017) 
This new `:incoming` label is used by engineers to filter down to _new_
bugs on their sprint board during each standup. They will remove the
label, indicating they have triaged the issue.

QA removes `:reproduce`, EM removes `:incoming`.
 2024-01-10 20:58:13 -06:00
Noah Talerman
952c0c28a9
Update "story" issue template (#15985) 
- Move "Scalability testing" to Engineering section. Engineering team
will have a better idea if the story needs load testing

---------

Co-authored-by: Luke Heath <luke@fleetdm.com>
 2024-01-10 20:56:48 -06:00
Luke Heath
57aa09521c
Update postmortem documentation (#16033) 
We will begin conducting postmortems for critical bugs in addition to
outages.

1. How was the bug introduced?
2. What is the gap in our testing process that we didn't find the bug
before it was released?
3. How are we going to change our testing (both manual and automated) so
that we will catch a similar bug in the future?

Why? We want to start evaluating the three questions above for every
critical bug so that we can learn and improve our processes.
 2024-01-10 20:15:42 -06:00
dependabot[bot]
7134ea0f7d
Bump follow-redirects from 1.15.3 to 1.15.4 (#16007) 2024-01-10 17:23:13 -06:00
Noah Talerman
7a0e2089c4
API design: Get email w/o relying on end user (#15445) 
- API changes for Get email w/o relying on end user: #15057
 2024-01-10 17:29:51 -05:00
Sarah Gillespie
2bbef8c56e
Bugfix: Only return host timeout error message when script exit code is nil (#15967) 2024-01-10 15:54:41 -06:00
Roberto Dip
3f302a79b4
fix log with next retry time once max retries are exceeded (#16026) 2024-01-10 17:53:30 -03:00
Roberto Dip
95b1c0df62
add automation to check timestamp.json and send slack notification (#16012) 
proposal/idea to check once a day if `timestamps.json` is expired and
send a slack notification if it expires on the same day or it already
expired.
 2024-01-10 17:06:52 -03:00
Noah Talerman
ae36ae6b94
Update CIS policy (#16022) 
- For this bug: #15962
 2024-01-10 14:54:49 -05:00
Martin Angers
3e305e26d6
Fix pending script execution max age when notifying fleetd (#16001) 2024-01-10 14:53:12 -05:00
Noah Talerman
5f38355169
Merge fleetd doc page to enroll hosts page (#15907) 
- Move relevant content from "Fleetd" doc page to "Enroll hosts" page
- Remove "Fleetd" docs page
 2024-01-10 14:35:18 -05:00
RachelElysia
82c41f41d9
Fleet UI: Globally style settings max-width to 754px (#16002) 2024-01-10 13:20:32 -05:00
Lucas Manuel Rodriguez
6001d02e3b
Update fleetd CHANGELOG for the 1.20.0 release (#16000) 2024-01-10 13:55:19 -03:00
JD
d10f9e9d5a
Article Fleet 4.43.0 release (#16011) 
Article: Fleet 4.43.0 release
https://github.com/fleetdm/fleet/issues/15743
 2024-01-10 11:53:28 -05:00
RachelElysia
3d12a23780
Fleet UI: Update Observer+ CTA for live query button (#15982) 2024-01-10 11:36:35 -05:00
dependabot[bot]
01afa82eea
Bump github.com/cloudflare/circl from 1.3.3 to 1.3.7 (#15950) 
Bumps [github.com/cloudflare/circl](https://github.com/cloudflare/circl)
from 1.3.3 to 1.3.7.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/cloudflare/circl/releases">github.com/cloudflare/circl's
releases</a>.</em></p>
<blockquote>
<h2>CIRCL v1.3.7</h2>
<h3>What's Changed</h3>
<ul>
<li>build(deps): bump golang.org/x/crypto from
0.3.1-0.20221117191849-2c476679df9a to 0.17.0 by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a
href="https://redirect.github.com/cloudflare/circl/pull/467">cloudflare/circl#467</a></li>
<li>kyber: remove division by q in ciphertext compression by <a
href="https://github.com/bwesterb"><code>@​bwesterb</code></a> in <a
href="https://redirect.github.com/cloudflare/circl/pull/468">cloudflare/circl#468</a></li>
<li>Releasing CIRCL v1.3.7 by <a
href="https://github.com/armfazh"><code>@​armfazh</code></a> in <a
href="https://redirect.github.com/cloudflare/circl/pull/469">cloudflare/circl#469</a></li>
</ul>
<h3>New Contributors</h3>
<ul>
<li><a
href="https://github.com/dependabot"><code>@​dependabot</code></a> made
their first contribution in <a
href="https://redirect.github.com/cloudflare/circl/pull/467">cloudflare/circl#467</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/cloudflare/circl/compare/v1.3.6...v1.3.7">https://github.com/cloudflare/circl/compare/v1.3.6...v1.3.7</a></p>
<h2>CIRCL v1.3.6</h2>
<h3>What's Changed</h3>
<ul>
<li>internal: add TurboShake{128,256} by <a
href="https://github.com/bwesterb"><code>@​bwesterb</code></a> in <a
href="https://redirect.github.com/cloudflare/circl/pull/430">cloudflare/circl#430</a></li>
<li>Kangaroo12 draft -10 by <a
href="https://github.com/bwesterb"><code>@​bwesterb</code></a> in <a
href="https://redirect.github.com/cloudflare/circl/pull/431">cloudflare/circl#431</a></li>
<li>Add K12 as XOF by <a
href="https://github.com/bwesterb"><code>@​bwesterb</code></a> in <a
href="https://redirect.github.com/cloudflare/circl/pull/437">cloudflare/circl#437</a></li>
<li>xof/k12: Fix a typo in the package documentation by <a
href="https://github.com/cjpatton"><code>@​cjpatton</code></a> in <a
href="https://redirect.github.com/cloudflare/circl/pull/438">cloudflare/circl#438</a></li>
<li>Set CIRCL version for generated assembler code. by <a
href="https://github.com/armfazh"><code>@​armfazh</code></a> in <a
href="https://redirect.github.com/cloudflare/circl/pull/440">cloudflare/circl#440</a></li>
<li>Add tkn20 benchmarks by <a
href="https://github.com/tanyav2"><code>@​tanyav2</code></a> in <a
href="https://redirect.github.com/cloudflare/circl/pull/442">cloudflare/circl#442</a></li>
<li>Add partially blind RSA implementation by <a
href="https://github.com/chris-wood"><code>@​chris-wood</code></a> in <a
href="https://redirect.github.com/cloudflare/circl/pull/445">cloudflare/circl#445</a></li>
<li>Update doc.go by <a
href="https://github.com/nadimkobeissi"><code>@​nadimkobeissi</code></a>
in <a
href="https://redirect.github.com/cloudflare/circl/pull/447">cloudflare/circl#447</a></li>
<li>tss/rsa: key generation for threshold RSA (safe primes) by <a
href="https://github.com/armfazh"><code>@​armfazh</code></a> in <a
href="https://redirect.github.com/cloudflare/circl/pull/450">cloudflare/circl#450</a></li>
<li>Bumping Go version for CI jobs. by <a
href="https://github.com/armfazh"><code>@​armfazh</code></a> in <a
href="https://redirect.github.com/cloudflare/circl/pull/457">cloudflare/circl#457</a></li>
<li>Spelling by <a
href="https://github.com/jsoref"><code>@​jsoref</code></a> in <a
href="https://redirect.github.com/cloudflare/circl/pull/456">cloudflare/circl#456</a></li>
<li>blindrsa: updating blindrsa to be compliant with RFC9474 by <a
href="https://github.com/armfazh"><code>@​armfazh</code></a> in <a
href="https://redirect.github.com/cloudflare/circl/pull/464">cloudflare/circl#464</a></li>
<li>Releasing CIRCL v1.3.6 by <a
href="https://github.com/armfazh"><code>@​armfazh</code></a> in <a
href="https://redirect.github.com/cloudflare/circl/pull/465">cloudflare/circl#465</a></li>
</ul>
<h3>New Contributors</h3>
<ul>
<li><a
href="https://github.com/nadimkobeissi"><code>@​nadimkobeissi</code></a>
made their first contribution in <a
href="https://redirect.github.com/cloudflare/circl/pull/447">cloudflare/circl#447</a></li>
<li><a href="https://github.com/jsoref"><code>@​jsoref</code></a> made
their first contribution in <a
href="https://redirect.github.com/cloudflare/circl/pull/456">cloudflare/circl#456</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/cloudflare/circl/compare/v1.3.3...v1.3.6">https://github.com/cloudflare/circl/compare/v1.3.3...v1.3.6</a></p>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="c48866b306"><code>c48866b</code></a>
Releasing CIRCL v1.3.7</li>
<li><a
href="75ef91e8a2"><code>75ef91e</code></a>
kyber: remove division by q in ciphertext compression</li>
<li><a
href="899732a432"><code>899732a</code></a>
build(deps): bump golang.org/x/crypto</li>
<li><a
href="99f0f715ca"><code>99f0f71</code></a>
Releasing CIRCL v1.3.6</li>
<li><a
href="e728d0d84e"><code>e728d0d</code></a>
Apply thibmeu code review suggestions</li>
<li><a
href="ceb2d90c49"><code>ceb2d90</code></a>
Updating blindrsa to be compliant with RFC9474.</li>
<li><a
href="44133f7032"><code>44133f7</code></a>
spelling: tripped</li>
<li><a
href="c2076d67b2"><code>c2076d6</code></a>
spelling: transposes</li>
<li><a
href="dad216659e"><code>dad2166</code></a>
spelling: title</li>
<li><a
href="171c41832e"><code>171c418</code></a>
spelling: threshold</li>
<li>Additional commits viewable in <a
href="https://github.com/cloudflare/circl/compare/v1.3.3...v1.3.7">compare
view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=github.com/cloudflare/circl&package-manager=go_modules&previous-version=1.3.3&new-version=1.3.7)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)
You can disable automated security fix PRs for this repo from the
[Security Alerts page](https://github.com/fleetdm/fleet/network/alerts).

</details>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2024-01-10 11:46:55 -03:00
Luke Heath
a04b7211f8
Update bug intake process (#15956) 2024-01-10 08:46:37 -06:00
Lucas Manuel Rodriguez
eeb9931f40
Move external dependency mockimpl to monorepo (#15863) 
#15560

Probably best to review commit by commit.
First commit adds the mockimpl files, second commit amends README.md and
third commit fixes golangci-lint issues.

- [X] Manual QA for all new/changed functionality

Tested by adding a dummy method to service.go and running `make
generate-mock`.

---------

Co-authored-by: Victor Lyuboslavsky <victor.lyuboslavsky@gmail.com>
 2024-01-10 11:46:24 -03:00
Lucas Manuel Rodriguez
4627a92447
Move external dependency osquery-in-a-box to monorepo (#15871) 
#15563 

- [X] Manual QA for all new/changed functionality

Tested by running the following:

If the changes haven't been merged to `main`:
```sh
fleetctl preview --preview-config 15563-move-external-dep-osquery-in-a-box-to-monorepo
fleetctl preview stop
fleetctl preview reset
```
If the changes were already merged to `main`:
```sh
fleetctl preview 
fleetctl preview stop
fleetctl preview reset
```
 2024-01-10 11:45:52 -03:00
Roberto Dip
edaa7acac3
lock in macOS version for Fleet Desktop workers (#16009) 
Implementing a safety measure to prevent issues like #15910 in
production.

Setting the macOS version explicitly avoids unexpected changes in the
builder runtime, ensuring the Fleet Desktop executable remains
compatible.

As of this commit, 'macos-latest' refers to 'macos-12'. We're aligning
the worker to this version, although building on macOS 13.x (presently
in GitHub workers' beta) should also be viable.
 2024-01-10 11:33:48 -03:00
Victor Lyuboslavsky
672513c5ce
Added warning/info messages when downgrading/upgrading fleetd or osquery. (#15944) 
Added warning/info messages when downgrading/upgrading fleetd or
osquery. No other functional changes.
#15890 

Tested with fleetd and osquery on windows, linux, and macOS.

# Checklist for submitter

If some of the following don't apply, delete the relevant line.

<!-- Note that API documentation changes are now addressed by the
product design team. -->

- [x] Changes file added for user-visible changes in `changes/` or
`orbit/changes/`.
See [Changes
files](https://fleetdm.com/docs/contributing/committing-changes#changes-files)
for more information.
- [x] Added/updated tests
- [x] Manual QA for all new/changed functionality
  - For Orbit and Fleet Desktop changes:
- [x] Manual QA must be performed in the three main OSs, macOS, Windows
and Linux.
- [x] Auto-update manual QA, from released version of component to new
version (see [tools/tuf/test](../tools/tuf/test/README.md)).
 2024-01-10 08:27:10 -06:00
Victor Lyuboslavsky
abc56d988a
Improve UX for globally enabling/disabling SSO (#15887) 
#15236 

# Checklist for submitter

If some of the following don't apply, delete the relevant line.

<!-- Note that API documentation changes are now addressed by the
product design team. -->

- [x] Changes file added for user-visible changes in `changes/` or
`orbit/changes/`.
See [Changes
files](https://fleetdm.com/docs/contributing/committing-changes#changes-files)
for more information.
- [x] Manual QA for all new/changed functionality
 2024-01-10 08:26:55 -06:00
Marko Lisica
89ff5541d3
API design: Lookup hosts based on IdP email (#15305) 
API changes for the following story:

- #13034
 2024-01-10 09:23:56 -05:00
Noah Talerman
59cd1bf491
Update Vulnerability Processing docs (#15939) 
- Remove sentence and break out a new line to make top section more
scannable.
 2024-01-10 09:18:36 -05:00
Luke Heath
502a811ce9
Prepare v4.43.0 (#15972) 2024-01-09 16:45:22 -06:00
Sarah Gillespie
4be9ca3f73
Fix database migration to preserve updated at timestamp for MDM profiles (#15993) 2024-01-09 14:10:20 -06:00