> For #24873
# Checklist for submitter
If some of the following don't apply, delete the relevant line.
<!-- Note that API documentation changes are now addressed by the
product design team. -->
- [x] Changes file added for user-visible changes in `changes/`,
`orbit/changes/` or `ee/fleetd-chrome/changes`.
See [Changes
files](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/Committing-Changes.md#changes-files)
for more information.
- [x] Added/updated automated tests
- [x] A detailed QA plan exists on the associated ticket (if it isn't
there, work with the product group's QA engineer to add it)
- [x] Manual QA for all new/changed functionality
---------
Co-authored-by: Ian Littman <iansltx@gmail.com>
Haven't done full research yet on why this is, but my guess is that if
an install fails we don't know at what stage it failed, so running an
uninstall script would potentially just break things further. Putting
the trigger on post-install means that it's opt-in (we don't populate
post-install scripts by default) and we're uninstalling from a
relatively known state (the installer didn't error).
I'll get an issue filed tomorrow to make sure that this remains the
desired behavior, or if not then when we change this (e.g. when
implementing patching flows), but might as well fix docs in the interim
to be clear about what we're doing.
Co-authored-by: Drew Baker <89049099+Drew-P-drawers@users.noreply.github.com>
> No issue, just something I noticed while reading docs
# Checklist for submitter
If some of the following don't apply, delete the relevant line.
<!-- Note that API documentation changes are now addressed by the
product design team. -->
- [x] Manual QA for all new/changed functionality
# Changes
- orbit >= 1.38.0, when configured to connect to
https://tuf.fleetctl.com (existing fleetd deployments) will now connect
to https://updates.fleetdm.com and start using the metadata in path
`/opt/orbit/updates-metadata.json`.
- orbit >= 1.38.0, when configured to connect to some custom TUF (not
Fleet's TUFs) will copy `/opt/orbit/tuf-metadata.json` to
`/opt/orbit/updates-metadata.json` (if it doesn't exist) and start using
the latter.
- fleetctl `4.63.0` will now generate artifacts using
https://updates.fleetdm.com by default (or a custom TUF if
`--update-url` is set) and generate two (same file) metadata files
`/opt/orbit/updates-metadata.json` and the legacy one to support
downgrades `/opt/orbit/tuf-metadata.json`.
- fleetctl `4.62.0` when configured to use custom TUF (not Fleet's TUF)
will generate just the legacy metadata file
`/opt/orbit/tuf-metadata.json`.
## User stories
See "User stories" in
https://github.com/fleetdm/confidential/issues/8488.
- [x] Update `update.defaultRootMetadata` and `update.DefaultURL` when
the new repository is ready.
- [X] Changes file added for user-visible changes in `changes/`,
`orbit/changes/` or `ee/fleetd-chrome/changes`.
See [Changes
files](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/Committing-Changes.md#changes-files)
for more information.
- [X] Added/updated tests
- [X] Manual QA for all new/changed functionality
- For Orbit and Fleet Desktop changes:
- [X] Orbit runs on macOS, Linux and Windows. Check if the orbit
feature/bugfix should only apply to one platform (`runtime.GOOS`).
- [X] Manual QA must be performed in the three main OSs, macOS, Windows
and Linux.
- [X] Auto-update manual QA, from released version of component to new
version (see [tools/tuf/test](../tools/tuf/test/README.md)).
Co-authored-by: Marko Lisica <83164494+marko-lisica@users.noreply.github.com>
Co-authored-by: Konstantin Sykulev <konst@sykulev.com>
Co-authored-by: George Karr <georgekarrv@users.noreply.github.com>
Co-authored-by: Victor Lyuboslavsky <victor.lyuboslavsky@gmail.com>
Co-authored-by: Ian Littman <iansltx@gmail.com>
Co-authored-by: Noah Talerman <47070608+noahtalerman@users.noreply.github.com>
Co-authored-by: Lucas Manuel Rodriguez <lucas@fleetdm.com>
Co-authored-by: Eric <eashaw@sailsjs.com>
Changes:
- Updated the flags on the regex used to detect Vue templates in
MArkdown content. The regex was incorrectly matching double curly
bracket-wrapped variables in markdown code blocks when it should not.
Couple changes in advance of API design for #23235 (since certificates
will be available for macOS/iOS/iPadOS):
+ Update "Get host" example response to be a macOS host
+ Update "Get host by device token" example response to be a macOS host
& move weightier items to the bottom for readability
Related to: #23285
Changes:
- Updated the policy details page to have a controls section that
displays the `configuration_profile` and `script` values of policies
- Added configuration profiles and scripts from
https://github.com/ddribeiro/fleet-remediation-controls to macOS
policies in the standard query library.
+ Update "Get host" example response to be a macOS host (in advance of
API design for #23235, since certificates will be available for
macOS/iOS/iPadOS)
+ Update formatting of "Get host by identifier" to move weightier items
to the bottom
- Make Noah DRI of product-design page
- Remove duplicative ` // GitHub issue templates` call-out
FYI: @lukeheath and @noahtalerman, a lot of the time you two have better
context on the changes than I do and I want to remove myself as any kind
of perceived blocker.
> For #24148
# Checklist for submitter
If some of the following don't apply, delete the relevant line.
<!-- Note that API documentation changes are now addressed by the
product design team. -->
- [x] Changes file added for user-visible changes in `changes/`,
`orbit/changes/` or `ee/fleetd-chrome/changes`.
See [Changes
files](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/Committing-Changes.md#changes-files)
for more information.
- [x] Input data is properly validated, `SELECT *` is avoided, SQL
injection is prevented (using placeholders for values in statements)
- [x] If database migrations are included, checked table schema to
confirm autoupdate
- For database migrations:
- [x] Checked schema for all modified table for columns that will
auto-update timestamps during migration.
- [x] Confirmed that updating the timestamps is acceptable, and will not
cause unwanted side effects.
- [x] Ensured the correct collation is explicitly set for character
columns (`COLLATE utf8mb4_unicode_ci`).
- [x] Added/updated automated tests
- [x] A detailed QA plan exists on the associated ticket (if it isn't
there, work with the product group's QA engineer to add it)
- [x] Manual QA for all new/changed functionality
This PR brings the "Agent configuration" format/organization closer to
the format we use for all other reference docs (YAML files, REST API,
and Fleet server configuration)
Changes:
- Update page headers so that the right-side navigation includes all the
top-level keys. Similar to the YAML files docs.
- Brings examples to the top of each section after a short description
(if necessary)
- Cut content
- Update "Learn more" links to more recent guides
For #24869
This subtask contains code to sign the CloudFront software installer and
bootstrap package URL using AWS SDK URL signer.
It works with the current bootstrap package delivery. For software
installers, fleetd will need to be modified to take advantage of this
URL in a future subtask (which will also include updated API contributor
docs).
My article on signed URLs, for context:
https://victoronsoftware.com/posts/cloudfront-signed-urls/
# Checklist for submitter
- [x] Added/updated automated tests
- [x] Manual QA for all new/changed functionality
## For #25032
<img width="1792" alt="Screenshot 2025-01-07 at 6 50 39 PM"
src="https://github.com/user-attachments/assets/17a63b3d-a983-433a-a3c4-6c66dbb08fce"
/>
- Add new `include_ui_settings` query param to `GET` `/me` calls
- Use new `settings` in response to set settings into UI context
- On hosts page, use that context, if present, to set which columns are
hidden. Fallback to a default set of hidden columns.
- When updating visible columns, persist preference via `PATCH` to
`/users/:id` with a new `settings` payload
- [x] Changes file added for user-visible changes in `changes/`
- [x] Manual QA for all new/changed functionality
---------
Co-authored-by: Jacob Shandling <jacob@fleetdm.com>
The entry outlining Fleet's commitment to open source stewardship was
accidentally removed from the FAQ. Restoring it to its rightful place.
# Checklist for submitter
Docs only change.
## For #25114
- When host is on a team, include both the team's and global queries in
list presented to the user
- Optimize by only calling queries API when needed
<img width="1464" alt="Screenshot 2025-01-08 at 6 47 06 PM"
src="https://github.com/user-attachments/assets/9ed6fb1b-7cc3-4e34-a38d-4c7baecedf4c"
/>
- [x] Changes file added for user-visible changes in `changes/`
- [x] Manual QA for all new/changed functionality
---------
Co-authored-by: Jacob Shandling <jacob@fleetdm.com>
## For #25033
- For database migrations:
- [x] Checked schema for all modified table for columns that will
auto-update timestamps during migration.
- [x] Confirmed that updating the timestamps is acceptable, and will not
cause unwanted side effects.
- [x] Added/updated automated tests
- [ ] A detailed QA plan exists on the associated ticket (if it isn't
there, work with the product group's QA engineer to add it)
- [x] Manual QA for all new/changed functionality
---------
Co-authored-by: Jacob Shandling <jacob@fleetdm.com>
# Overview
This PR adds support for remote YARA queries to osquery-perf, so that
remote YARA queries can be load-tested.
# Details
The existing `runLiveQuery()` is updated to branch off into different
query running functions based on the content of the query. If the query
contains `from yara` and `sigurl`, then the new `runLiveYaraQuery()`
function is run which makes a request to the Fleet "get yara rules" API
before returning an appropriate response. Otherwise, the new
`RunLiveMockQuery()` function is run which includes the previous logic
for sending a mock response.
# Testing
I don't see any automated testing for osquery-perf, but I manually
tested in the following way:
1. Started osquery-perf with `go run agent.go`
2. Ran a live query on the new host using
```
SELECT * FROM yara where sigurl="https://localhost:8080/api/osquery/yara/rule1.yar"
```
and verified that the result was as-expected:
<img width="1642" alt="image"
src="https://github.com/user-attachments/assets/a2c9cacf-e28d-409c-8e83-1c82809b89c0"
/>
I also used a log in Fleet to verify that the "get yara rules" API was
really being called.
3. Ran another live query on the host using:
```
SELECT * FROM system_info"
```
and verified that the result was as expected:
<img width="1665" alt="image"
src="https://github.com/user-attachments/assets/a8d35389-f193-4902-badf-200d760fdf46"
/>
I also tested that sending a `sigurl` with the wrong host returns a
`live yara query failed because sigurl host did not match server
address` error
# Checklist for submitter
<!-- Note that API documentation changes are now addressed by the
product design team. -->
- [X] Added support on fleet's osquery simulator `cmd/osquery-perf` for
new osquery data ingestion features.
For #25265
Downgraded expected/common "BootstrapPackage not found" server error to
a debug message. Occurs when UI/API checks if bootstrap package exists.
# Checklist for submitter
- [x] Changes file added for user-visible changes in `changes/`,
`orbit/changes/` or `ee/fleetd-chrome/changes`.
- [x] Manual QA for all new/changed functionality
