#6085
- [X] Changes file added for user-visible changes in `changes/`,
`orbit/changes/` or `ee/fleetd-chrome/changes`.
See [Changes
files](https://fleetdm.com/docs/contributing/committing-changes#changes-files)
for more information.
- [X] Added/updated tests
- [x] Manual QA for all new/changed functionality
Additional doc changes for
https://github.com/fleetdm/fleet/issues/16961.
+ Add example CLI response that shows the token being printed after
creating an API-only user
+ Add instructions to use the log in API to get the token again
+ Remove separate section about getting API-only user's API token
Follow up from https://github.com/fleetdm/fleet/pull/20109: there were a
few descriptions that just said "body" because of some table rows with
an extra column I missed when merging in recent updates.
Since the "Modify config" parameters are mostly a bunch of different
objects, it's a bit unwieldy to document in one table. Trying out a new
format to see if it feels like the right way to document nested objects
in API parameters.
API changes for the "Get unlock PIN immediately after locking macOS
host" story (https://github.com/fleetdm/fleet/issues/19545)
---------
Co-authored-by: Victor Lyuboslavsky <victor.lyuboslavsky@gmail.com>
for #19176
# Checklist for submitter
If some of the following don't apply, delete the relevant line.
<!-- Note that API documentation changes are now addressed by the
product design team. -->
- [x] Changes file added for user-visible changes in `changes/`,
`orbit/changes/` or `ee/fleetd-chrome/changes`.
See [Changes
files](https://fleetdm.com/docs/contributing/committing-changes#changes-files)
for more information.
- [x] Added/updated tests
- [x] Manual QA for all new/changed functionality
API changes for:
- #10383
---------
Co-authored-by: Marko Lisica <83164494+marko-lisica@users.noreply.github.com>
Co-authored-by: George Karr <georgekarrv@users.noreply.github.com>
Docs for the "Webhooks for global activity feed" story (#14722)
- Add item to permissions table
- Clean up and simplify Audit logs top section. It's a reference page
- Link to Audit logs reference from Automations page
For #19936
# Checklist for submitter
If some of the following don't apply, delete the relevant line.
<!-- Note that API documentation changes are now addressed by the
product design team. -->
- [x] Changes file added for user-visible changes in `changes/`,
`orbit/changes/` or `ee/fleetd-chrome/changes`.
See [Changes
files](https://fleetdm.com/docs/contributing/committing-changes#changes-files)
for more information.
- [ ] Manual QA for all new/changed functionality
Noticed several places where the structure of
`mdm.macos_settings.custom_settings` and
`mdm.windows_settings.custom_settings` didn't match the example response
for "Get configuration" (which I think is the most up-to-date).
(Will follow up and update the parameter descriptions for
`mdm.macos_settings.custom_settings`/`mdm.windows_settings.custom_settings`
to clarify they're objects with `path` and `labels` once
https://github.com/fleetdm/fleet/pull/19424 is merged.)
---------
Co-authored-by: Noah Talerman <47070608+noahtalerman@users.noreply.github.com>
With #17321 we added support for `zsh` interpreter and we want to
document this.
@spokanemac had a hard time understanding that we don't support `.zsh`
extension while dogfooding the feature. I added note to explain that
user must create `.sh` file with `/bin/zsh` interpreter specified.
- Add redirect for error message on Fleet server startup if private key
is missing: #19455
- Move the APNs and ABM environment variables to contributor docs. They
will no longer be used
Feedback from prospect-redwine was that this page required more depth on
policies. We have documentation around policies, this PR is to add
linking and to glue the topics together.
---------
Co-authored-by: Noah Talerman <noahtal@umich.edu>
Co-authored-by: Noah Talerman <47070608+noahtalerman@users.noreply.github.com>
Co-authored-by: JD <spokanemac@users.noreply.github.com>
`server_settings.enable_analytics` was only documented in the "Get
configuration" endpoint and nowhere else. Added to "Modify
configuration" params and example response.
# Changes
I'm running orbit based osqueryd on a laptop with [Tuxedo
OS](https://www.tuxedocomputers.com/en/TUXEDO-OS_1.tuxedo#).
This OS identifies its platform via osquery as `tuxedo` and is therefore
not recognized by the Fleet server:
```json
{
"err": "unrecognized platform",
"hostID": 76,
"level": "error",
"platform": "tuxedo",
"ts": "2024-05-15T13:17:34.513509387Z"
}
```
This causes policy and scheduled queries to not being run on my system.
With this PR Im adding `tuxedo` to all occurrences found when searching
for `kali`.
Additionally pre-commit checks were failing for me locally as it could
not find the hook-id `RuboCop`. This could be solved by using `rubocop`
instead.
Afterwards all pre-commit checks succeeded locally.
# Checklist for submitter
- [x] Added/updated tests
Signed-off-by: Andreas Ulm <andreas.ulm@prisma-capacity.eu>
- Add S3 to AWS reference architecture docs
- Add note that GCP support for add/install software (deploy security
agents) and file carves is coming soon
- Add note that Render support for add/install software (deploy security
agents) is coming soon
- Update links to best practice Terraform example
Added a note to warn UI users against using dot notation for column
names in their queries.
Closes https://github.com/fleetdm/confidential/issues/6506
(@dherder, please check my interpretation of the issue.)
---------
Co-authored-by: Dave Herder <27025660+dherder@users.noreply.github.com>
Co-authored-by: Rachael Shaw <r@rachael.wtf>
for https://github.com/fleetdm/fleet/issues/14921
# Checklist for submitter
If some of the following don't apply, delete the relevant line.
<!-- Note that API documentation changes are now addressed by the
product design team. -->
- [x] Changes file added for user-visible changes in `changes/`,
`orbit/changes/` or `ee/fleetd-chrome/changes`.
See [Changes
files](https://fleetdm.com/docs/contributing/committing-changes#changes-files)
for more information.
- [x] Input data is properly validated, `SELECT *` is avoided, SQL
injection is prevented (using placeholders for values in statements)
- [x] Added/updated tests
- [x] If database migrations are included, checked table schema to
confirm autoupdate
- For database migrations:
- [x] Checked schema for all modified table for columns that will
auto-update timestamps during migration.
- [x] Confirmed that updating the timestamps is acceptable, and will not
cause unwanted side effects.
- [x] Ensured the correct collation is explicitly set for character
columns (`COLLATE utf8mb4_unicode_ci`).
- [x] Manual QA for all new/changed functionality
- For Orbit and Fleet Desktop changes:
- [x] Manual QA must be performed in the three main OSs, macOS, Windows
and Linux.
- [x] Auto-update manual QA, from released version of component to new
version (see [tools/tuf/test](../tools/tuf/test/README.md)).
#18925 (Should also fix #17660.)
Tests:
- Ubuntu 22.04.2
- Wayland
- Works with chrome ✅
- Doesn't work with Firefox. ❌
- Xorg
- Works with Chrome. ✅
- Works with Firefox. ✅
- Ubuntu 24.04
- Wayland
- Doesn't work with Chrome. ❌
- Doesn't work with Firefox. ❌
- Xorg (when using Xorg it defaults to `DISPLAY=:1`, and with the
changes in this PR it works):
- Works with Chrome. ✅
- Works with Firefox. ✅
---
How to change between Wayland and Xorg:
- Set `WaylandEnable=false` in `/etc/gdm3/custom.conf` and reboot.
---
How to determine what's running:
```sh
$ loginctl
SESSION UID USER SEAT TTY
2 1000 luk seat0 tty2
c2 1000 luk
$ loginctl show-session 2 -p Type
# will output
Type=wayland
or
Type=x11
```
---
- [X] Changes file added for user-visible changes in `changes/`,
`orbit/changes/` or `ee/fleetd-chrome/changes`.
See [Changes
files](https://fleetdm.com/docs/contributing/committing-changes#changes-files)
for more information.
- [X] Added/updated tests
- [X] Manual QA for all new/changed functionality
- For Orbit and Fleet Desktop changes:
- [X] Manual QA must be performed in the three main OSs, macOS, Windows
and Linux.
- [x] Auto-update manual QA, from released version of component to new
version (see [tools/tuf/test](../tools/tuf/test/README.md)).
I fixed a couple of typos, corrected a couple of header tags, and
tightened up a couple of margins.
# Checklist for submitter
- [x] Manual QA for all new/changed functionality
---------
Co-authored-by: Eric <eashaw@sailsjs.com>
This PR is a follow-up to https://github.com/fleetdm/fleet/issues/16660
to:
- Move all (non-recommended) deployment guides from the docs into
`/articles` under the `guides` category
- AWS ECS
- CentOS
- Cloud.gov
- AWS with Terraform
- Hetzner Cloud
- Render
- Kubernetes
- Set up redirects for migrated articles
- Add article thumbnail and cover images
# Checklist for submitter
- [x] Manual QA for all new/changed functionality
---------
Co-authored-by: Rachael Shaw <r@rachael.wtf>
Co-authored-by: Eric <eashaw@sailsjs.com>
- Update docs to reflect that, in order to use Autopilot, you must have
one Intune license per host (from #fleetdm/confidential#6283)
- Make "MDM setup" doc page cross platform
- Cut content
https://github.com/fleetdm/fleet/issues/16660
Changes:
- Added a new page (deploy-fleet.md) to the deploying docs
- Moved the content from the following pages to the
deploy/reference-architectures page:
- Systemd
- Proxies
- Public IPs
- Monitoring Fleet
- Introduction
- Reordered the pages in the Deploy docs folder
- Added a redirect: `/docs/deploy/introduction »
/docs/deploy/deploy-fleet`
---------
Co-authored-by: Mike Thomas <78363703+mike-j-thomas@users.noreply.github.com>
> Related issue: #18330
# Checklist for submitter
If some of the following don't apply, delete the relevant line.
<!-- Note that API documentation changes are now addressed by the
product design team. -->
- [x] Changes file added for user-visible changes in `changes/`,
`orbit/changes/` or `ee/fleetd-chrome/changes`.
See [Changes
files](https://fleetdm.com/docs/contributing/committing-changes#changes-files)
for more information.
- [x] Input data is properly validated, `SELECT *` is avoided, SQL
injection is prevented (using placeholders for values in statements)
- [x] Added/updated tests
- [x] Manual QA for all new/changed functionality
## Notes
- ~I added an `includeTitle bool` parameter to
`ds.GetSoftwareInstallerMetadata`. This allows for the title of the
software (from the `software_titles` page) to be fetched in
`svc.DeleteSoftwareInstaller` without an additional call to the DB.~ We
wound up deciding to just fetch the title every time.
---------
Co-authored-by: Martin Angers <martin.n.angers@gmail.com>
Fresh PR to avoid product design PRs messing with the PR open time KPI
(original here: https://github.com/fleetdm/fleet/pull/17369)
---------
Co-authored-by: Marko Lisica <83164494+marko-lisica@users.noreply.github.com>
Fresh PR to avoid product design PRs messing with the PR open time KPI
(previously https://github.com/fleetdm/fleet/pull/17711)
---------
Co-authored-by: Marko Lisica <83164494+marko-lisica@users.noreply.github.com>
Co-authored-by: George Karr <georgekarrv@users.noreply.github.com>
Fresh PR to avoid product design PRs messing with the PR open time KPI
(previously https://github.com/fleetdm/fleet/pull/17841)
Co-authored-by: Marko Lisica <83164494+marko-lisica@users.noreply.github.com>
Fresh PR to avoid product design PRs messing with the PR open time KPI
(previously https://github.com/fleetdm/fleet/pull/17670)
---------
Co-authored-by: Marko Lisica <83164494+marko-lisica@users.noreply.github.com>
Fresh PR to avoid product design PRs messing with the PR open time KPI
(original: https://github.com/fleetdm/fleet/pull/16982)
---------
Co-authored-by: Noah Talerman <47070608+noahtalerman@users.noreply.github.com>
File carves were moved to their own section in contributor docs
https://github.com/fleetdm/fleet/pull/16877
Fixed link on API page
---------
Co-authored-by: Rachael Shaw <r@rachael.wtf>
#16767
To create a manual label:
```sh
cat labels.yml
---
apiVersion: v1
kind: label
spec:
name: Manually Managed Example
label_membership_type: manual
hosts:
- lucass-macbook-pro.local
```
To add/delete a manual label to/from a host:
```
curl -k -v -X POST -H "Authorization: Bearer $TEST_TOKEN" https://localhost:8080/api/latest/fleet/hosts/1/labels -d '{"labels": ["Manually Managed Example"]}'
curl -k -v -X DELETE -H "Authorization: Bearer $TEST_TOKEN" https://localhost:8080/api/latest/fleet/hosts/1/labels -d '{"labels": ["Manually Managed Example"]}'
```
API draft changes: https://github.com/fleetdm/fleet/pull/16979/files
Figma with error strings:
https://www.figma.com/file/JiWoAiuHlkt76s3o3Uyz6h/%2316767-API-endpoint-for-updating-a-host's-manual-labels?type=design&node-id=2-130&mode=design&t=pxRPhrn6E1bOCrEd-0
- [X] Changes file added for user-visible changes in `changes/`,
`orbit/changes/` or `ee/fleetd-chrome/changes`.
See [Changes
files](https://fleetdm.com/docs/contributing/committing-changes#changes-files)
for more information.
- [X] Input data is properly validated, `SELECT *` is avoided, SQL
injection is prevented (using placeholders for values in statements)
~- [ ] Added support on fleet's osquery simulator `cmd/osquery-perf` for
new osquery data ingestion features.~
- [X] Added/updated tests
- ~[ ] If database migrations are included, checked table schema to
confirm autoupdate~
- ~For database migrations:~
- ~[ ] Checked schema for all modified table for columns that will
auto-update timestamps during migration.~
- ~[ ] Confirmed that updating the timestamps is acceptable, and will
not cause unwanted side effects.~
- ~[ ] Ensured the correct collation is explicitly set for character
columns (`COLLATE utf8mb4_unicode_ci`).~
- [x] Manual QA for all new/changed functionality
- ~For Orbit and Fleet Desktop changes:~
- ~[ ] Manual QA must be performed in the three main OSs, macOS, Windows
and Linux.~
- ~[ ] Auto-update manual QA, from released version of component to new
version (see [tools/tuf/test](../tools/tuf/test/README.md)).~
Docs improvements uncovered during
[dogfooding](https://github.com/fleetdm/confidential/issues/2506):
- Update end user auth docs to link to SSO docs. So the user knows what
do to get the necessary info from their IdP (create an Okta/GW app)
- Cut content from SSO docs and move Okta and Google Workspace to top
level headers
- "IDP" => "IdP"
- Use **bold** styling to indicate UI elements in docs (instead of
_italics_)
---------
Co-authored-by: Rachael Shaw <r@rachael.wtf>
Adds `webhook_settings.host_status_webhook` options to team config for
#14916.
Also updated conceptual docs that reference this config (and cut down
some content to make room).
The Wine developer does have an Apple Develeoper certificate but the
"Wine Stable" app bundle is not code-signed or notarized post-install &
disables Gatekeeper for the install. This adds a warning to the script
user about the app not being signed. post-install
---------
Co-authored-by: Victor Lyuboslavsky <victor.lyuboslavsky@gmail.com>
#17827
Updated 1Password policy to only search one level deep for performance
reasons.
---------
Co-authored-by: Noah Talerman <47070608+noahtalerman@users.noreply.github.com>
For better readability: add periods as separation between the Fleet
Premium message and parameter descriptions.
✅ _Available in Fleet Premium_. Description text.
❌ _Available in Fleet Premium_ Description text.
- Updated `GET /api/v1/fleet/scripts`: documented `team_id` parameter
that was missing
- Replaced "Upload" with "Add" since that's the language we want to use
across the product and docs.
- Removed articles from headings
---------
Co-authored-by: Noah Talerman <47070608+noahtalerman@users.noreply.github.com>
Co-authored-by: Rachael Shaw <r@rachael.wtf>
This instructions were inaccurate following these steps only `Fleet
Osquery` was installed not `orbit`
---------
Co-authored-by: Rachael Shaw <r@rachael.wtf>
Closes: #17582
Changes:
- Updated the `build-static-content` script to not generate HTML pages
for files in subfolders that are prefixed with an underscore
- Renamed the `docs/Deploy/kubernetes` folder »
`docs/Deploy/_kubernetes`
- Documented this new behavior on the communications page of the
handbook.
- Updated commands on the Deploy Fleet on Kubernetes page.
---------
Co-authored-by: Mike McNeil <mikermcneil@users.noreply.github.com>
Typo: "removing" /past from host's activities API
# Checklist for submitter
If some of the following don't apply, delete the relevant line.
<!-- Note that API documentation changes are now addressed by the
product design team. -->
- [ ] Changes file added for user-visible changes in `changes/` or
`orbit/changes/`.
See [Changes
files](https://fleetdm.com/docs/contributing/committing-changes#changes-files)
for more information.
- [ ] Documented any permissions changes (docs/Using
Fleet/manage-access.md)
- [ ] Input data is properly validated, `SELECT *` is avoided, SQL
injection is prevented (using placeholders for values in statements)
- [ ] Added support on fleet's osquery simulator `cmd/osquery-perf` for
new osquery data ingestion features.
- [ ] Added/updated tests
- [ ] If database migrations are included, checked table schema to
confirm autoupdate
- For database migrations:
- [ ] Checked schema for all modified table for columns that will
auto-update timestamps during migration.
- [ ] Confirmed that updating the timestamps is acceptable, and will not
cause unwanted side effects.
- [ ] Manual QA for all new/changed functionality
- For Orbit and Fleet Desktop changes:
- [ ] Manual QA must be performed in the three main OSs, macOS, Windows
and Linux.
- [ ] Auto-update manual QA, from released version of component to new
version (see [tools/tuf/test](../tools/tuf/test/README.md)).
---------
Co-authored-by: Rachael Shaw <r@rachael.wtf>
#15565
Replace the use of the isFederated registry key with a keys that check
for AAD (Azure Active Directory, now Entra ID)
Federated enrollment (`isFederated`) seems to be when windows uses a
Discovery MDM endpoint to get its policy and management endpoint
configuration. This is always the case when a client is enrolled with
fleet, so installations always show up as automatic.
It's being replaced by a different key, `AADResourceID`, which appears
to identify the resource that controls the automated deployment. In my
tests it only appears to be populated when the computer is enrolled
through automated deployments. This key appears on both Windows 10 and
11.
There is a similar key, `AADTenantID`, which appears to identify the
client (tenant) to the Azure cloud. I haven't seen this ID in our
systems, so it is likely exclusively used in Azure. Both this key and
`AADResourceID` seem to always be set at the same time, so we only
check for the `AADResourceID`.
I've also added documentation on the registry keys I've analyzed for future reference.
This PR addresses an issue in the documentation for installing the MySQL
chart using Helm. Previously, the documentation provided a Helm install
command that incorrectly referenced mysqlUser and mysqlDatabase.
However, these keys don't exist in the chart's values.yaml file anymore.
Removed reference to **Scripts** tab and added instructions for
accessing the **Run Script** modal from the host detail page.
# Checklist for submitter
Docs-only change
---------
Co-authored-by: Brock Walters <153771548+nonpunctual@users.noreply.github.com>
Co-authored-by: Rachael Shaw <r@rachael.wtf>
