Not meaning to be pedantic just trying to make the flow a bit more
natural. :)
# Checklist for submitter
If some of the following don't apply, delete the relevant line.
<!-- Note that API documentation changes are now addressed by the
product design team. -->
- [ ] Changes file added for user-visible changes in `changes/` or
`orbit/changes/`.
See [Changes
files](https://fleetdm.com/docs/contributing/committing-changes#changes-files)
for more information.
- [ ] Documented any permissions changes (docs/Using
Fleet/manage-access.md)
- [ ] Input data is properly validated, `SELECT *` is avoided, SQL
injection is prevented (using placeholders for values in statements)
- [ ] Added support on fleet's osquery simulator `cmd/osquery-perf` for
new osquery data ingestion features.
- [ ] Added/updated tests
- [ ] Manual QA for all new/changed functionality
- For Orbit and Fleet Desktop changes:
- [ ] Manual QA must be performed in the three main OSs, macOS, Windows
and Linux.
- [ ] Auto-update manual QA, from released version of component to new
version (see [tools/tuf/test](../tools/tuf/test/README.md)).
#14879
- [X] Changes file added for user-visible changes in `changes/` or
`orbit/changes/`.
See [Changes
files](https://fleetdm.com/docs/contributing/committing-changes#changes-files)
for more information.
- [x] Added/updated tests
- [x] Manual QA for all new/changed functionality
- For Orbit and Fleet Desktop changes:
- [x] Manual QA must be performed in the three main OSs, macOS, Windows
and Linux.
- [x] Auto-update manual QA, from released version of component to new
version (see [tools/tuf/test](../tools/tuf/test/README.md)).
📺 Loom:
https://www.loom.com/share/9e17848963574af3aa10d426b450bcd0?sid=f8078293-c7e1-4864-a8a3-4cec996971f5#15476#15540#15542
After upgrading fleetd, customer-blanco saw a spike in traffic and a
spike in DB connections. These fixes attempt to reduce the traffic and
DB load when fleetd is upgraded.
On the server, added fleet/device/{token}/ping endpoint to be used by
agents to check their token.
On the agent:
- Removed call to fleet/orbit/device_token unless token needs to be
updated.
- Changed call to fleet/device/{token}/desktop with a less resource
intensive call to fleet/device/{token}/ping
- Removed call to fleet/orbit/ping
# Checklist for submitter
If some of the following don't apply, delete the relevant line.
<!-- Note that API documentation changes are now addressed by the
product design team. -->
- [x] Changes file added for user-visible changes in `changes/` or
`orbit/changes/`.
See [Changes
files](https://fleetdm.com/docs/contributing/committing-changes#changes-files)
for more information.
- [x] Manual QA for all new/changed functionality
- For Orbit and Fleet Desktop changes:
- [x] Manual QA must be performed in the three main OSs, macOS, Windows
and Linux.
- [x] Auto-update manual QA, from released version of component to new
version (see [tools/tuf/test](../tools/tuf/test/README.md)).
- Associated w/ this story: #15600
- Update docs now that disk encryption enforcement is cross platform
(Windows story here: #12577)
- Remove section about resetting a password w/ disk encryption key to
reduce doc content. Remove this link from the UI
Makes parameter formatting in documented REST API paths consistent.
Previously, we were using a mix of `/foo/:parameter/bar` and
`/foo/{parameter}/bar`. This updates all URLs to use `:` instead of
`{…}`.
Also, opportunistically fixed some other inconsistent formatting I
noticed in a couple places.
# Checklist for submitter
If some of the following don't apply, delete the relevant line.
<!-- Note that API documentation changes are now addressed by the
product design team. -->
- [ ] Changes file added for user-visible changes in `changes/` or
`orbit/changes/`.
See [Changes
files](https://fleetdm.com/docs/contributing/committing-changes#changes-files)
for more information.
- [ ] Documented any permissions changes (docs/Using
Fleet/manage-access.md)
- [ ] Input data is properly validated, `SELECT *` is avoided, SQL
injection is prevented (using placeholders for values in statements)
- [ ] Added support on fleet's osquery simulator `cmd/osquery-perf` for
new osquery data ingestion features.
- [ ] Added/updated tests
- [ ] Manual QA for all new/changed functionality
- For Orbit and Fleet Desktop changes:
- [ ] Manual QA must be performed in the three main OSs, macOS, Windows
and Linux.
- [ ] Auto-update manual QA, from released version of component to new
version (see [tools/tuf/test](../tools/tuf/test/README.md)).
- Simplify usage instructions to make it more like a reference
- Move "Run script asynchronously" to contributor docs so that user
facing API docs have one best practice API endpoint for scripts. Call
synchronous endpoint "Run script"
- Remove section about plain osquery and launcher. Using fleetd is best
practice and we want all new Fleet users to follow this best practice.
If they can't we want to learn why.
- Replace "Fleetd configuration options" section with a tip. Easier to
maintain as we add/update flags.
Closes: #15255
Changes:
- Added the usage statistics added in
https://github.com/fleetdm/fleet/pull/14216 to the inputs of the
`receive-usage-analytics` webhook.
- Updated the `receive-usage-analytics` webhook to send the new usage
statistics to Datadog.
- Added attributes for the new usage statistics to the
`HistoricalUsageSnapshot` model.
- Removed the `columnName` from the `hostsStatusWebHookEnabled`
attribute of the `HistoricalUsageSnapshot` model, the name of this
column will be changed in the database when the new columns are added to
the databse table.
- Updated the usage statistics documentation to have the new statistics.
This PR requires database migrations. When this is approved and ready to
merge, we will need to:
- [ ] Merge this PR
- [ ] Put fleetdm.com into maintenance mode while the "Deploy Fleet
website" GH action runs.
- [ ] Add the new columns to the database table
- [ ] Change the name of the `hostStatusWebhookEnabled` column to
`hostsStatusWebHookEnabled`
- [ ] Set the default values for the new columns on the existing
records.
- [ ] When the website has finished redeploying, take it out of
maintenance mode.
Removed Orbit from top header list and the Components diagram. There is
a lot of additional Orbit content throughout this doc that needs to be
purged over time, especially when fleetctl commands are changed as the
Orbit object is eliminated.
# Checklist for submitter
If some of the following don't apply, delete the relevant line.
- [ ] Changes file added for user-visible changes in `changes/` or
`orbit/changes/`.
See [Changes
files](https://fleetdm.com/docs/contributing/committing-changes#changes-files)
for more information.
- [ ] Documented any API changes (docs/REST API/rest-api.md or
docs/Contributing/API-for-contributors.md)
- [ ] Documented any permissions changes (docs/Using
Fleet/manage-access.md)
- [ ] Input data is properly validated, `SELECT *` is avoided, SQL
injection is prevented (using placeholders for values in statements)
- [ ] Added support on fleet's osquery simulator `cmd/osquery-perf` for
new osquery data ingestion features.
- [ ] Added/updated tests
- [ ] Manual QA for all new/changed functionality
- For Orbit and Fleet Desktop changes:
- [ ] Manual QA must be performed in the three main OSs, macOS, Windows
and Linux.
- [ ] Auto-update manual QA, from released version of component to new
version (see [tools/tuf/test](../tools/tuf/test/README.md)).
- Add Isabell to team table
- reorder contact-us in leadership page
- Standardize "Contact us" on all departmental pages
- Convert all responsibilities to imperative mood verb phrase
- Untangle and deduplicate Engineering <> Product groups <> Product
---------
Co-authored-by: Rachael Shaw <r@rachael.wtf>
#14888
@getvictor This is ready for review, but keeping as draft as there are
probably many tests that need amending.
I used the new version of the `./tools/nvd/nvdvuln/nvdvuln.go` to
compare the current vulnerabilities found in our dogfood environment
with the vulnerabilities found by the code in this PR and both results
match:
```
go run -race -tags fts5 ./tools/nvd/nvdvuln/nvdvuln.go --debug --db_dir ./local --software_from_url <dogfood URL> --software_from_api_token <API_TOKEN> --sync 2>&1 | tee out.txt
[...]
CVEs found and expected matched!
```
- [X] Changes file added for user-visible changes in `changes/` or
`orbit/changes/`.
See [Changes
files](https://fleetdm.com/docs/contributing/committing-changes#changes-files)
for more information.
- [ ] Added/updated tests
- [X] Manual QA for all new/changed functionality
---------
Co-authored-by: Victor Lyuboslavsky <victor@fleetdm.com>
Co-authored-by: Victor Lyuboslavsky <victor.lyuboslavsky@gmail.com>
Closes: #11812
Changes:
- Renamed the `hostStatusWebhookEnabled` attribute of the
`HistoricalUsageSnapshot` model to `hostsStatusWebHookEnabled` and
updated the definition to use the existing database column name.
- Updated the inputs of the `receive-usage-analytics` webhook to accept
a `hostsStatusWebHookEnabled` input.
- Updated the usage statistics documentation to have the [correct
variable
name](36e12d02e3/server/fleet/statistics.go (L21)).
Summary:
- Enroll hosts page refinement
- Since page was too long and had a lot of content I did following:
- Moved most important sections to the top
- Did some changes to make things more consistent, when possible having
UI and CLI sections with steps (ordered list)
- Moved `Add hosts with plain osquery` to contributor docs, since I
learned this approach is used just by couple of Fleet customers, and we
don't advise this as best practice anymore
- Added overview (table of contents) on the top to make easier to
navigate through the page
- Moved some technical (advanced) topics into separate section on the
bottom of the page
---------
Co-authored-by: Noah Talerman <noahtal@umich.edu>
Co-authored-by: Noah Talerman <47070608+noahtalerman@users.noreply.github.com>
Co-authored-by: Rachael Shaw <r@rachael.wtf>
# Checklist for submitter
If some of the following don't apply, delete the relevant line.
- [x] Changes file added for user-visible changes in `changes/` or
`orbit/changes/`.
See [Changes
files](https://fleetdm.com/docs/contributing/committing-changes#changes-files)
for more information.
- [x] Documented any API changes (docs/REST API/rest-api.md or
docs/Contributing/API-for-contributors.md)
- [x] Input data is properly validated, `SELECT *` is avoided, SQL
injection is prevented (using placeholders for values in statements)
- [x] Added/updated tests
- [x] Manual QA for all new/changed functionality
---------
Co-authored-by: Rachael Shaw <r@rachael.wtf>
for #14361 this adds the bits related to saving a slice of strings with
paths to configuration profiles.
---------
Co-authored-by: Martin Angers <martin.n.angers@gmail.com>
Co-authored-by: Marko Lisica <83164494+marko-lisica@users.noreply.github.com>
Added a guide for which API endpoints to expose and fixed an associated
broken link. See https://github.com/fleetdm/fleet/issues/15115 for
context.
# Checklist for submitter
If some of the following don't apply, delete the relevant line.
- [x] Manual QA for all new/changed functionality
Changes:
- Added a pageOrderInSection meta tag to the high level architecture
page in the contributing docs. The missing meta tag is currently
preventing the Fleet website from deploying and causing the website
tests to fail.
Closes: #14812
Changes:
- Added a "critical" tag to critical policies in the standard query
library.
- Updated the macOS version used in the "Operating system up to date
(macOS)" policy.
- Updated the name of a policy to be in sentence case ("MDM Enrolled
(macOS)" » "MDM enrolled (macOS)")
- Updated the build-static-content script to add a `critical` attribute
to queries that have the "critical" tag.
- Updated the /queries page to add a "critical" badge to queries that
have the critical attribute.
It's a bit unclear from the permissions docs _how_ observers are able to
view all queries & their reports, leading to bug reports like
[this](https://github.com/fleetdm/fleet/issues/15009).
I think the intended behavior is that observers can view all queries and
their reports **via the API** but not in the UI or fleetctl. Updated
notes to clarify. (Let me know if my interpretation is incorrect!)
Changes:
- added backticks to a parameter description ("`"differential", or
"differential_ignore_removals"`" » "`"differential"`, or
`"differential_ignore_removals"`")...
If some of the following don't apply, delete the relevant line.
...
---------
Co-authored-by: Sampfluger88 <108141731+Sampfluger88@users.noreply.github.com>
Co-authored-by: Rachael Shaw <r@rachael.wtf>
I've updated the ATC example that uses TCC.db to be cross-compatible
with as many MacOS versions as possible. This is still useful as-is.
I've also added a chunk for folks to copy/paste directly into their team
settings in the UI for those not using GitOps.
Hopefully others find this helpful!
...
---------
Co-authored-by: Mike McNeil <mikermcneil@users.noreply.github.com>
@ksatter I haven't included an example of the audit logs because we
already have it elsewhere in the docs, so have just linked.
Reference: #13646 & #13648
---------
Co-authored-by: Noah Talerman <47070608+noahtalerman@users.noreply.github.com>
Changes:
- Added "Why Fleet" section to incorporate Fleet's point of view.
- Updated the "What's it for" section
- Lit up some useful links
- Updated some out-of-date links
.
API changes for the Windows MDM command story: #13069
Changes:
- Add cross platform endpoints used for macOS and Windows MDM commands
- Deprecate `/apple` endpoints.
---------
Co-authored-by: Noah Talerman <47070608+noahtalerman@users.noreply.github.com>
Closes https://github.com/fleetdm/fleet/issues/14814
Changes:
- moved the FAQs from the pricing page to the FAQs in the docs. The
theory is that these questions are a long way down the page and likely
being missed.
- Added five more questions and answers to the FAQ from questions that
come up during customer calls.
- Commented out existing questions. Some are out of date, and some have
been dumped into the FAQ for lack of a better place to put them. We will
continue to add to this list with stronger content from talking with
users and customers.
- added a link to the FAQ on the pricing page.
Moved "List queries" to the top, to match the order of other sections of
the API. (We usually start with the endpoint to get a list of things,
_then_ the endpoint to get one thing by ID.)
#13998
Cleaned up REST API input validation for hosts, carves, users endpoints.
rest-api.md changes explained:
https://www.loom.com/share/9cd82653bacb4528bdaac117ec85a976
For the following endpoints:
/api/v1/fleet/hosts
/api/v1/fleet/hosts/count
/api/v1/fleet/hosts/report
- converted validation errors from 500 to 400 HTTP status code
- added validation that policy_id must be present when policy_response
is specified
- added validation that policy_response must be `passing` or `failing`
- added validation that `os_name` must be specified with `os_version`
For the following endpoint:
/api/v1/fleet/users
- converted team_id validation error from 500 to 400 HTTP status code
For the following endpoint:
/api/v1/fleet/carves
- added rest-api.md documentation for `page`, `per_page`, `order_key`,
`order_direction`, and `expired`
- converted `expired` validation error from 500 to 400 HTTP status code
# Checklist for submitter
If some of the following don't apply, delete the relevant line.
- [x] Changes file added for user-visible changes in `changes/` or
`orbit/changes/`.
See [Changes
files](https://fleetdm.com/docs/contributing/committing-changes#changes-files)
for more information.
- [x] Documented any API changes (docs/Using-Fleet/REST-API.md or
docs/Contributing/API-for-contributors.md)
- [x] Added/updated tests
- [x] Manual QA for all new/changed functionality
---------
Co-authored-by: Rachael Shaw <r@rachael.wtf>
# Checklist for submitter
If some of the following don't apply, delete the relevant line.
- [x] Changes file added for user-visible changes in `changes/` or
`orbit/changes/`.
See [Changes
files](https://fleetdm.com/docs/contributing/committing-changes#changes-files)
for more information.
- [x] Added/updated tests
- [x] Manual QA for all new/changed functionality
#13615
- [X] Changes file added for user-visible changes in `changes/` or
`orbit/changes/`.
See [Changes
files](https://fleetdm.com/docs/contributing/committing-changes#changes-files)
for more information.
- ~[ ] Documented any API changes (docs/Using-Fleet/REST-API.md or
docs/Contributing/API-for-contributors.md)~
- ~[ ] Documented any permissions changes (docs/Using
Fleet/manage-access.md)~
- ~[ ] Input data is properly validated, `SELECT *` is avoided, SQL
injection is prevented (using placeholders for values in statements)~
- ~[ ] Added support on fleet's osquery simulator `cmd/osquery-perf` for
new osquery data ingestion features.~
- [X] Added/updated tests
- [X] Manual QA for all new/changed functionality
- ~For Orbit and Fleet Desktop changes:~
- ~[ ] Manual QA must be performed in the three main OSs, macOS, Windows
and Linux.~
- ~[ ] Auto-update manual QA, from released version of component to new
version (see [tools/tuf/test](../tools/tuf/test/README.md)).~
# Checklist for submitter
If some of the following don't apply, delete the relevant line.
- [ ] Changes file added for user-visible changes in `changes/` or
`orbit/changes/`.
See [Changes
files](https://fleetdm.com/docs/contributing/committing-changes#changes-files)
for more information.
- [ ] Documented any API changes (docs/Using-Fleet/REST-API.md or
docs/Contributing/API-for-contributors.md)
- [ ] Documented any permissions changes (docs/Using
Fleet/manage-access.md)
- [ ] Input data is properly validated, `SELECT *` is avoided, SQL
injection is prevented (using placeholders for values in statements)
- [ ] Added support on fleet's osquery simulator `cmd/osquery-perf` for
new osquery data ingestion features.
- [ ] Added/updated tests
- [ ] Manual QA for all new/changed functionality
- For Orbit and Fleet Desktop changes:
- [ ] Manual QA must be performed in the three main OSs, macOS, Windows
and Linux.
- [ ] Auto-update manual QA, from released version of component to new
version (see [tools/tuf/test](../tools/tuf/test/README.md)).
Addresses: https://github.com/fleetdm/confidential/issues/3914
- Consolidate changes from #13943, #14184, and #14249 into article
- Remove "Window setup" doc page.
TODO: @spokanemac to add an image for the article and appropriate meta
tags so that the article shows up on fleetdm.com/guides
---------
Co-authored-by: spokanemac <jack@jdstrong.com>
Co-authored-by: JD <spokanemac@users.noreply.github.com>
Co-authored-by: Eric <eashaw@sailsjs.com>
Move content into a blockquote (since h3s on this page are reserved for
API endpoints), and point users toward how to get errors for a
particular query via the REST API.
Closes: https://github.com/fleetdm/confidential/issues/4015
Changes:
- Changed the url for `/fleetctl-preview` to
`/try-fleet/fleetctl-preview`
- Updated the controller for the `/fleetctl-preview` page to redirect
non-logged-in users to `/try-fleet/login`
- Removed the route for `/try-fleet/sandbox-expired`, and added a
redirect going to `/try-fleet/fleetctl-preview`.
- Updated the controller for `/try-fleet/sandbox` to redirect the users
without a non-expired Sandbox instance to `/try-fleet/fleetctl-preview`.
- Updated `signup.js` to not provision Fleet sandbox instances for
users.
- Updated the `User` model to support a third `signupReason`: "Try
Fleet"
- Updated `/try-fleet/register` to submit "Try Fleet" as a
`signupReason` when users sign up.
- Renamed the files for the `/fleetctl-preview` page (`get-started` »
`fleetctl-preview`)
- Updated/removed Fleet Sandbox related handbook sections.
- Replaced the "Fleet vs Fleet Sandbox" section in the deploying
documentation with a note about `fleetctl preview`.
- Updated links to Fleet Sandbox in articles.
---------
Co-authored-by: Mike Thomas <78363703+mike-j-thomas@users.noreply.github.com>
I was in this file and got sucked into fixing up a bunch of typos and
grammar issues. (I just had to clear all the Grammarly red marks 😵💫)
- Added missing punctuation
- Removed unnecessary punctuation
- Fixed some typos
- Hypenated some compound adjectives
- Removed some unnecessary hyphens
.
Draft PR to show API changes for #7766#13469
---------
Co-authored-by: Lucas Rodriguez <lucas@fleetdm.com>
Co-authored-by: Mike McNeil <mikermcneil@users.noreply.github.com>
Fixing typos - replacing capital case with lower case.
Removed all the checklist because it doesn't apply to changes in the
documentation....
...
...
Co-authored-by: Mike McNeil <mikermcneil@users.noreply.github.com>
Co-authored-by: Sampfluger88 <108141731+Sampfluger88@users.noreply.github.com>
I added a link to the license dispenser in the "Can you host Fleet for
me?" section.
# Checklist for submitter
- [x] Manual QA for all new/changed functionality
Fixed markdown syntax for links in a couple places where it was
formatted incorrectly (`(…)[…]` instead of `[…](…)`)
(Fixed one earlier and just searched the docs folder for `)[` to find
these; hopefully this PR nabs the rest.)
- Update configuration docs to clarify this and what the workaround is
if changing the cert/key is necessary (due to compromise)
- Remove words from macOS setup docs
# Checklist for submitter
If some of the following don't apply, delete the relevant line.
- [ ] Changes file added for user-visible changes in `changes/` or
`orbit/changes/`.
See [Changes
files](https://fleetdm.com/docs/contributing/committing-changes#changes-files)
for more information.
- [ ] Documented any API changes (docs/Using-Fleet/REST-API.md or
docs/Contributing/API-for-contributors.md)
- [ ] Documented any permissions changes (docs/Using
Fleet/manage-access.md)
- [ ] Input data is properly validated, `SELECT *` is avoided, SQL
injection is prevented (using placeholders for values in statements)
- [ ] Added support on fleet's osquery simulator `cmd/osquery-perf` for
new osquery data ingestion features.
- [ ] Added/updated tests
- [ ] Manual QA for all new/changed functionality
- For Orbit and Fleet Desktop changes:
- [ ] Manual QA must be performed in the three main OSs, macOS, Windows
and Linux.
- [ ] Auto-update manual QA, from released version of component to new
version (see [tools/tuf/test](../tools/tuf/test/README.md)).
# Checklist for submitter
If some of the following don't apply, delete the relevant line.
- [ ] Changes file added for user-visible changes in `changes/` or
`orbit/changes/`.
See [Changes
files](https://fleetdm.com/docs/contributing/committing-changes#changes-files)
for more information.
- [ ] Documented any API changes (docs/Using-Fleet/REST-API.md or
docs/Contributing/API-for-contributors.md)
- [ ] Documented any permissions changes (docs/Using
Fleet/manage-access.md)
- [ ] Input data is properly validated, `SELECT *` is avoided, SQL
injection is prevented (using placeholders for values in statements)
- [ ] Added support on fleet's osquery simulator `cmd/osquery-perf` for
new osquery data ingestion features.
- [ ] Added/updated tests
- [ ] Manual QA for all new/changed functionality
- For Orbit and Fleet Desktop changes:
- [ ] Manual QA must be performed in the three main OSs, macOS, Windows
and Linux.
- [ ] Auto-update manual QA, from released version of component to new
version (see [tools/tuf/test](../tools/tuf/test/README.md)).
This change is to reduce surface area of the conceptual docs. We already
point users toward how to identify the policies that need a Group Policy
template:
> These items are tagged with the label
`CIS_group_policy_template_required` in the YAML file, and details about
the required Group Policy templates can be found in each item's
`resolution`.
Keeping a duplicate list here is just more surface area to maintain, aka
more content that's likely to get out-of date. (And since it's in a code
block anyway, it's not any easier to read here than by just referencing
the YAML file directly, so the user experience won't suffer from us
removing it.)
- Add new "Windows setup" page to "Device Management" section of docs
- Rename "MDM setup" page to "macOS setup." Update links and add redirect
- Rename existing "macOS setup" page to "macOS setup experience." Update links. Did not add redirect because of conflict with "macOS setup" page
- Remove "MDM" from all MDM doc page titles
Link for Fleet's example ADE profile incorrectly points to a profile
called `setup_assistant.json`. The correct profile is
`automatic_enrollment.json`. Link is corrected in the PR.
Added additional information about what differentiates the Contributor
API routes from the public API routes.
# Checklist for submitter
Docs-only change
Closes: #12836
Changes:
- Updated the `build-static-content` script to not add HTML comments to
Markdown codeblocks, and to not replace HTML comments in generated HTML
pages
- Updated the custom codeblock renderer in the `to-html` helper to add
syntax highlighting classes to Markdown codeblocks.
- Updated the indentation of content in lists on the MDM macOS setup
docs page.
---------
Co-authored-by: Rachael Shaw <r@rachael.wtf>
Co-authored-by: Mike McNeil <mikermcneil@users.noreply.github.com>
Purpose of this change:
- Right now we don't have a guide for deploying on Azure. We want to
prompt people to ask for it by linking them to the Slack. That is a way
that we can kick off the process of writing a formal document.
Closes: #13691
Changes:
- Added keywords for syntax highlighting to code blocks in documentation
Markdown files.
---------
Co-authored-by: Mike Thomas <78363703+mike-j-thomas@users.noreply.github.com>
Migrated remaining docs pages as part of the July 31st docs re-org
project. (See https://github.com/fleetdm/fleet/issues/13684)
Changes:
- Removed "Commands" section from fleet-server-configuration.md
- Moved systemd, using a proxy, SSO, and public IP content to the
"Deploy" docs and added stubs in the original file to preserve
bookmarked links.
- Changed the headings of the original stubs in the point above to be
wrapped in an HTML H2 tag to hide them from the "On this page
navigation."
- Updated left side-bar styling to match wireframes.
# Checklist for submitter
- [x] Manual QA for all new/changed functionality
---------
Co-authored-by: Rachael Shaw <r@rachael.wtf>
Added documentation for experimental Orbit feature to silence errors
related to enrollment for #13071
# Checklist for submitter
Docs-only change
---------
Co-authored-by: Luke Heath <luke@fleetdm.com>
Co-authored-by: Noah Talerman <47070608+noahtalerman@users.noreply.github.com>
Co-authored-by: Rachael Shaw <r@rachael.wtf>
For #13715, this:
- Upgrades the Go version to `1.21.1`, infrastructure changes are
addressed separately at https://github.com/fleetdm/fleet/pull/13878
- Upgrades the linter version, as the current version doesn't work well
after the Go upgrade
- Fixes new linting errors (we now get errors for memory aliasing in
loops! 🎉 )
After this is merged people will need to:
1. Update their Go version. I use `gvm` and I did it like:
```
$ gvm install go1.21.1
$ gvm use go1.21.1 --default
```
2. Update the local version of `golangci-lint`:
```
$ go install github.com/golangci/golangci-lint/cmd/golangci-lint@v1.54.2
```
3. (optional) depending on your setup, you might need to re-install some
packages, for example:
```
# goimports to automatically import libraries
$ go install golang.org/x/tools/cmd/goimports@latest
# gopls for the language server
$ go install golang.org/x/tools/gopls@latest
# etc...
```
Migrated the "Deploy Fleet on Render" guide to the docs.
- Moved content from `/articles/deploying-fleet-on-render.md` to
`/docs/deploy-on-render.md`
- Removed `/articles/deploy-fleet-on-render.md`
- moved images from the guide to `/docs/images` and renamed
- deleted redundant article cover image
- set up redirect in `routes.js` `/deploy/deploying-fleet-on-render` =>
`/docs/deploy/deploy-on-render`
# Checklist for submitter
- [x] Manual QA for all new/changed functionality
---------
Co-authored-by: Eric <eashaw@sailsjs.com>
Co-authored-by: Rachael Shaw <r@rachael.wtf>
This is the last of three PRs to migrate the deployment guides into the
docs.
Changes:
- Moved content from `/articles/deploying-fleet-on-hetzner-cloud.md` to
`/docs/deploy-on-hetzner-cloud.md`.
- Removed `/articles/deploy-fleet-on-hetzner-cloud.md`.
- Moved images from the guide to `/docs/images` and renamed.
- Deleted redundant images and article cover image.
- Set up a redirect `/deploy/deploying-fleet-on-hetzner-cloud` =>
`/docs/deploy/deploy-on-hetzner-cloud`.
- Set up a redirect `/deploy` => `/docs/deploy` to redirect "Deployment
guides" in the main nav to the docs.
- Updated display names (in the docs nav) for existing deployment guides
in the docs to match the naming convention (E.g., "Deploy Fleet on
CentOS" => "CentOS")
- Removed the deployment guides article category from the blog.
# Checklist for submitter
- [ ] Manual QA for all new/changed functionality
---------
Co-authored-by: Eric <eashaw@sailsjs.com>
Co-authored-by: Rachael Shaw <r@rachael.wtf>
Migrated the "Deploy Fleet on AWS with Terraform" guide to the docs.
- Moved content from
`/articles/deploying-fleet-on-aws-with-terraform.md` to
`/docs/deploy-on-aws.md`.
- Removed `/articles/deploy-fleet-on-aws-with-terraform.md`.
- Moved images from the guide to `/docs/images` and renamed.
- Deleted redundant image and article cover image.
- Set up a redirect in `routes.js`
`/deploy/deploying-fleet-on-aws-with-terraform` =>
`/docs/deploy/deploy-on-aws`.
# Checklist for submitter
- [ ] Manual QA for all new/changed functionality
---------
Co-authored-by: Eric <eashaw@sailsjs.com>
Co-authored-by: Rachael Shaw <r@rachael.wtf>
# Checklist for submitter
If some of the following don't apply, delete the relevant line.
- [ ] Changes file added for user-visible changes in `changes/` or
`orbit/changes/`.
See [Changes
files](https://fleetdm.com/docs/contributing/committing-changes#changes-files)
for more information.
- [ ] Documented any API changes (docs/Using-Fleet/REST-API.md or
docs/Contributing/API-for-contributors.md)
- [ ] Documented any permissions changes (docs/Using
Fleet/manage-access.md)
- [ ] Input data is properly validated, `SELECT *` is avoided, SQL
injection is prevented (using placeholders for values in statements)
- [ ] Added support on fleet's osquery simulator `cmd/osquery-perf` for
new osquery data ingestion features.
- [ ] Added/updated tests
- [ ] Manual QA for all new/changed functionality
- For Orbit and Fleet Desktop changes:
- [ ] Manual QA must be performed in the three main OSs, macOS, Windows
and Linux.
- [ ] Auto-update manual QA, from released version of component to new
version (see [tools/tuf/test](../tools/tuf/test/README.md)).
Added note to clairify the default policy time intervals for the Fleet
product, and help end-users configure a more personalized experience
with Fleet.
@Sampfluger88 @mikermcneil
Updated table rows related to MDM commands permission. Right now there
are just calling out macOS hosts and we're implementing MDM commands for
Windows. Additionally, there was a duplicate row in the table which I
removed.
# Checklist for submitter
If some of the following don't apply, delete the relevant line.
- [ ] Changes file added for user-visible changes in `changes/` or
`orbit/changes/`.
See [Changes
files](https://fleetdm.com/docs/contributing/committing-changes#changes-files)
for more information.
- [ ] Documented any API changes (docs/Using-Fleet/REST-API.md or
docs/Contributing/API-for-contributors.md)
- [ ] Documented any permissions changes
- [ ] Input data is properly validated, `SELECT *` is avoided, SQL
injection is prevented (using placeholders for values in statements)
- [ ] Added support on fleet's osquery simulator `cmd/osquery-perf` for
new osquery data ingestion features.
- [ ] Added/updated tests
- [ ] Manual QA for all new/changed functionality
- For Orbit and Fleet Desktop changes:
- [ ] Manual QA must be performed in the three main OSs, macOS, Windows
and Linux.
- [ ] Auto-update manual QA, from released version of component to new
version (see [tools/tuf/test](../tools/tuf/test/README.md)).
Related to #12627
Changes:
- Removed the `docs/deploy/server-installation` page and moved the
content into three deployment guides.
- Updated links to the server installation page
- Renamed the Cloud.gov page ("Cloud.gov" » "Deploy Fleet on Cloud.gov")
- Add instructions for setting up end user migration workflow
- Break out a separate section to default migration workflow for
automatically enrolled (DEP hosts)
- Break out separate end user instructions for manually enrolled hosts,
automatically enrolled hosts - default migration workflow, and
automatically enrolled hosts - end user migration workflow.
Closes: #12611
Changes:
- Added three new documentation sections `/docs/get-started/`,
`/docs/configuration` and `/docs/rest api/`
- Updated folder names: `/docs/Using-Fleet/` » `/docs/Using Fleet` and
`/docs/deploying` » `/docs/deploy/`
- Moved `/docs/using-fleet/process-events.md` to `/articles` and updated
the meta tags to change it into a guide.
- Added support for a new meta tag: `navSection`. This meta tag is used
to organize pages in the sidebar navigation on fleetdm.com/docs
- Moved `docs/using-fleet/application-security.md` and
`docs/using-fleet/security-audits.md` to the security handbook.
- Moved `docs/deploying/load-testing.md` and
`docs/deploying/debugging.md` to the engineering handbook.
- Moved the following files/folders:
- `docs/using-fleet/configuration-files/` »
`docs/configuration/configuration-files/`
- `docs/deploying/configuration.md` »
`docs/configuration/fleet-server-configuration.md`
- `docs/using-fleet/rest-api.md` » `docs/rest-api/rest-api.md`
- `docs/using-fleet/monitoring-fleet.md` » `docs/deploy/rest-api.md`
- Updated filenames:
- `docs/using-fleet/permissions.md` »
`docs/using-fleet/manage-access.md`
- `docs/using-fleet/adding-hosts.md` »
`docs/using-fleet/enroll-hosts.md`
- `docs/using-fleet/teams.md` » `docs/using-fleet/segment-hosts.md`
- `docs/using-fleet/fleet-ctl-agent-updates.md` »
`docs/using-fleet/update-agents.md`
- `docs/using-fleet/chromeos.md` »
`docs/using-fleet/enroll-chromebooks.md`
- Updated the generated markdown in `server/fleet/gen_activity_doc.go`
and `server/service/osquery_utils/gen_queries_doc.go`
- Updated the navigation sidebar and mobile dropdown links on docs pages
to group pages by their `navSection` meta tag.
- Updated fleetdm.com/docs not to show pages in the `docs/contributing/`
folder in the sidebar navigation
- Added redirects for docs pages that have moved.
.
---------
Co-authored-by: Mike Thomas <mthomas@fleetdm.com>
Co-authored-by: Rachael Shaw <r@rachael.wtf>
Changes:
- Replaced Orbit with Fleetd throughout Fleet's documentation
- Changed the name of three pages: `orbit.md` » `fleetd.md`,
`orbit-development-and-release-strategy.md` »
`fleetd-development-and-release-strategy.md`, and
`Run-Locally-Built-Orbit.md` » `Run-Locally-Built-Fleetd.md`
- Updated links to pages with changed names.
- Added redirects for pages with changed names
---------
Co-authored-by: Mike Thomas <78363703+mike-j-thomas@users.noreply.github.com>
Co-authored-by: Rachael Shaw <r@rachael.wtf>
Install instructions for vagrant.
# Checklist for submitter
If some of the following don't apply, delete the relevant line.
- [ ] Changes file added for user-visible changes in `changes/` or
`orbit/changes/`.
See [Changes
files](https://fleetdm.com/docs/contributing/committing-changes#changes-files)
for more information.
- [ ] Documented any API changes (docs/Using-Fleet/REST-API.md or
docs/Contributing/API-for-contributors.md)
- [ ] Documented any permissions changes
- [ ] Input data is properly validated, `SELECT *` is avoided, SQL
injection is prevented (using placeholders for values in statements)
- [ ] Added support on fleet's osquery simulator `cmd/osquery-perf` for
new osquery data ingestion features.
- [ ] Added/updated tests
- [ ] Manual QA for all new/changed functionality
- For Orbit and Fleet Desktop changes:
- [ ] Manual QA must be performed in the three main OSs, macOS, Windows
and Linux.
- [ ] Auto-update manual QA, from released version of component to new
version (see [tools/tuf/test](../tools/tuf/test/README.md)).
---------
Co-authored-by: Rachael Shaw <r@rachael.wtf>
Co-authored-by: Eric <eashaw@sailsjs.com>
closes: #12422
Changes:
- Updated the positioning in the Fleet documentation readme
- Updated the example `<call-to-action>` component in the article
formatting guide.
Added statement around support for RSRs under the "known issues" section
of macos updates.
---------
Co-authored-by: Noah Talerman <47070608+noahtalerman@users.noreply.github.com>
Unless I'm mistaking this for something I'm not aware of, this message
about MDM features not being available is out of date and needs to be
removed.
I also updated the sentence on line 293 for readability while I was in
the file.
---------
Co-authored-by: Rachael Shaw <r@rachael.wtf>
Co-authored-by: Noah Talerman <47070608+noahtalerman@users.noreply.github.com>
The changes in this diff really need to be applied throughout the reset
of the doc, I only went down from lines 1-24.
Other things noticed (for now in this PR or to file as separate issues
to add to a sprint, up to @rachaelshaw):
- link to /orbit should be renamed, with redirect added in routes.js for
backwards compat.
- Fleet uses consistent capitalization everywhere, including article
titles.
- documentation and handbook markdown filenames should be kebab-cased
(lowercase with no spaces)
> Context: Here's how I ended up noticing this:
https://osquery.slack.com/archives/C01DXJL16D8/p1686708452290589?thread_ts=1686645495.586929&cid=C01DXJL16D8
---------
Co-authored-by: Sharon Katz <121527325+sharon-fdm@users.noreply.github.com>
Co-authored-by: Sampfluger88 <108141731+Sampfluger88@users.noreply.github.com>
This PR requires the Windows MDM configuration changes - This will be
updated next week
- [x] Changes file added for user-visible changes in `changes/` or
`orbit/changes/`.
See [Changes
files](https://fleetdm.com/docs/contributing/committing-changes#changes-files)
for more information.
- [x] Documented any API changes (docs/Using-Fleet/REST-API.md or
docs/Contributing/API-for-contributors.md)
- [x] Documented any permissions changes
- [X] Added/updated tests
- [X] Manual QA for all new/changed functionality
- For Orbit and Fleet Desktop changes:
Fixes a couple spots where "<organization>" wasn't displaying
because it was treated as a custom HTML element (and also fixes a
front-end error from Vue)
#11266
PS: I first attempted a serialization trick by introducing a new
`appConfigResponse` and implementing `json.Marshal` to exclude these
fields but it was too hacky and hard to maintain moving forward, so I'm
bitting the bullet now. Happy to hear other ideas.
- [X] Changes file added for user-visible changes in `changes/` or
`orbit/changes/`.
See [Changes
files](https://fleetdm.com/docs/contributing/committing-changes#changes-files)
for more information.
- ~[ ] Documented any API changes (docs/Using-Fleet/REST-API.md or
docs/Contributing/API-for-contributors.md)~
- ~[ ] Documented any permissions changes~
- ~[ ] Input data is properly validated, `SELECT *` is avoided, SQL
injection is prevented (using placeholders for values in statements)~
- ~[ ] Added support on fleet's osquery simulator `cmd/osquery-perf` for
new osquery data ingestion features.~
- [X] Added/updated tests
- [X] Manual QA for all new/changed functionality
- ~For Orbit and Fleet Desktop changes:~
- ~[ ] Manual QA must be performed in the three main OSs, macOS, Windows
and Linux.~
- ~[ ] Auto-update manual QA, from released version of component to new
version (see [tools/tuf/test](../tools/tuf/test/README.md)).~
- Add section for viewing recent MDM commands using fleetctl get mdm-commands
- Add example output for fleetctl get mdm-commands and fleetctl get mdm-command-results
Changes:
- Updated the build-static-content script to throw an error if a
Markdown file contains a vue template (e.g., `{{ foo }}`)
- Updated an example in the "Using Fleet" FAQ to use single curly
brackets (`{{host}} ` » `{host}`)
Context: https://github.com/fleetdm/fleet/pull/12088
This guide are the lessons learned during the troubleshooting for
#10957.
It attempts to reduce pain for future oncall issues with live queries.
PS: AFAICS, this should close
https://github.com/fleetdm/fleet/issues/6141.
#10784
The removal of the now deprecated `sso_settings.enable_jit_role_sync`
config will be tackled in: #10688.
- [X] Changes file added for user-visible changes in `changes/` or
`orbit/changes/`.
See [Changes
files](https://fleetdm.com/docs/contributing/committing-changes#changes-files)
for more information.
- ~[ ] Documented any API changes (docs/Using-Fleet/REST-API.md or
docs/Contributing/API-for-contributors.md)~
- ~[ ] Documented any permissions changes~
- ~[ ] Input data is properly validated, `SELECT *` is avoided, SQL
injection is prevented (using placeholders for values in statements)~
- ~[ ] Added support on fleet's osquery simulator `cmd/osquery-perf` for
new osquery data ingestion features.~
- [X] Added/updated tests
- [X] Manual QA for all new/changed functionality
- ~For Orbit and Fleet Desktop changes:~
- ~[ ] Manual QA must be performed in the three main OSs, macOS, Windows
and Linux.~
- ~[ ] Auto-update manual QA, from released version of component to new
version (see [tools/tuf/test](../tools/tuf/test/README.md)).~
#10878
- [X] Changes file added for user-visible changes in `changes/` or
`orbit/changes/`.
See [Changes
files](https://fleetdm.com/docs/contributing/committing-changes#changes-files)
for more information.
- ~[ ] Documented any API changes (docs/Using-Fleet/REST-API.md or
docs/Contributing/API-for-contributors.md)~
- ~[ ] Documented any permissions changes~
- ~[ ] Input data is properly validated, `SELECT *` is avoided, SQL
injection is prevented (using placeholders for values in statements)~
- ~[ ] Added support on fleet's osquery simulator `cmd/osquery-perf` for
new osquery data ingestion features.~
- [X] Added/updated tests
- [X] Manual QA for all new/changed functionality
- ~For Orbit and Fleet Desktop changes:~
- ~[ ] Manual QA must be performed in the three main OSs, macOS, Windows
and Linux.~
- ~[ ] Auto-update manual QA, from released version of component to new
version (see [tools/tuf/test](../tools/tuf/test/README.md)).~
Closes#11640
Changes:
- Removed the whitespace in between the permission role names and the
asterisk that was causing the table header to have a linebreak in the
permission roles table.
This was found while working on #10957.
When running a live query, a lot of unused host data is stored in Redis
and sent on every live query result message via websockets. The frontend
and fleetctl just need `id`, `hostname` and `display_name`. (This
becomes worse every time we add new fields to the `Host` struct.)
Sample of one websocket message result when running `SELECT * from
osquery_info;`:
size in `main`: 2234 bytes
```
a["{\"type\":\"result\",\"data\":{\"distributed_query_execution_id\":57,\"host\":
{\"created_at\":\"2023-05-22T12:14:11Z\",\"updated_at\":\"2023-05-23T12:31:51Z\",
\"software_updated_at\":\"0001-01-01T00:00:00Z\",\"id\":106,\"detail_updated_at\":\"2023-05-23T11:50:04Z\",
\"label_updated_at\":\"2023-05-23T11:50:04Z\",\"policy_updated_at\":\"1970-01-02T00:00:00Z\",
\"last_enrolled_at\":\"2023-05-22T12:14:12Z\",
\"seen_time\":\"2023-05-23T09:52:23.876311-03:00\",\"refetch_requested\":false,
\"hostname\":\"lucass-macbook-pro.local\",\"uuid\":\"BD4DFA10-E334-41D9-8136-D2163A8FE588\",\"platform\":\"darwin\",\"osquery_version\":\"5.8.2\",\"os_version\":\"macOS 13.3.1\",\"build\":\"22E261\",\"platform_like\":\"darwin\",\"code_name\":\"\",
\"uptime\":91125000000000,\"memory\":34359738368,\"cpu_type\":\"x86_64h\",\"cpu_subtype\":\"Intel x86-64h Haswell\",\"cpu_brand\":\"Intel(R) Core(TM) i7-1068NG7 CPU @ 2.30GHz\",\"cpu_physical_cores\":4,\"cpu_logical_cores\":8,\"hardware_vendor\":\"Apple Inc.\",\"hardware_model\":\"MacBookPro16,2\",\"hardware_version\":\"1.0\",
\"hardware_serial\":\"0DPQR4HMD1FZ\",
\"computer_name\":\"Lucas’s MacBook Pro\",\"public_ip\":\"\",
\"primary_ip\":\"192.168.0.230\",\"primary_mac\":\"68:2f:67:8e:b6:1f\",
\"distributed_interval\":1,\"config_tls_refresh\":60,\"logger_tls_period\":10,\"team_id\":null,
\"pack_stats\":null,\"team_name\":null,
\"gigs_disk_space_available\":386.23,\"percent_disk_space_available\":40,
\"issues\":{\"total_issues_count\":0,\"failing_policies_count\":0},
\"mdm\":{\"enrollment_status\":null,\"server_url\":null,\"name\":\"\",\"encryption_key_available\":false},
\"status\":\"online\",\"display_text\":\"lucass-macbook-pro.local\",\"display_name\":\"Lucas’s MacBook Pro\"},
\"rows\":[{\"build_distro\":\"10.14\",\"build_platform\":\"darwin\",
\"config_hash\":\"b7ee9363a7c686e76e99ffb122e9c5241a791e69\",\"config_valid\":\"1\",
\"extensions\":\"active\",\"host_display_name\":\"Lucas’s MacBook Pro\",
\"host_hostname\":\"lucass-macbook-pro.local\",\"instance_id\":\"cde5de81-344b-4c76-b1c5-dae964fdd4f2\",\"pid\":\"8370\",\"platform_mask\":\"21\",\"start_time\":\"1684757652\",
\"uuid\":\"BD4DFA10-E334-41D9-8136-D2163A8FE588\",
\"version\":\"5.8.2\",\"watcher\":\"8364\"}],\"error\":null}}"]
```
vs. size of the message result on this branch: 675 bytes
```
a["{\"type\":\"result\",\"data\":{\"distributed_query_execution_id\":59,
\"host\":{\"id\":106,\"hostname\":\"lucass-macbook-pro.local\",
\"display_name\":\"Lucas’s MacBook Pro\"},
\"rows\":[{\"build_distro\":\"10.14\",\"build_platform\":\"darwin\",
\"config_hash\":\"f80dee827635db39077a458243379b3ad63311fd\",
\"config_valid\":\"1\",\"extensions\":\"active\",\"host_display_name\":\"Lucas’s MacBook Pro\",
\"host_hostname\":\"lucass-macbook-pro.local\",
\"instance_id\":\"cde5de81-344b-4c76-b1c5-dae964fdd4f2\",\"pid\":\"8370\",\"platform_mask\":\"21\",
\"start_time\":\"1684757652\",\"uuid\":\"BD4DFA10-E334-41D9-8136-D2163A8FE588\",\"version\":\"5.8.2\",
\"watcher\":\"8364\"}]}}"]
```
Manual tests included running with an old fleetctl running with a new
fleet server, and vice-versa, a new fleetctl running against an old
fleet server.
- [X] Changes file added for user-visible changes in `changes/` or
`orbit/changes/`.
See [Changes
files](https://fleetdm.com/docs/contributing/committing-changes#changes-files)
for more information.
- [X] Documented any API changes (docs/Using-Fleet/REST-API.md or
docs/Contributing/API-for-contributors.md)
- ~[ ] Documented any permissions changes~
- ~[ ] Input data is properly validated, `SELECT *` is avoided, SQL
injection is prevented (using placeholders for values in statements)~
- ~[ ] Added support on fleet's osquery simulator `cmd/osquery-perf` for
new osquery data ingestion features.~
- [X] Added/updated tests
- [X] Manual QA for all new/changed functionality
- ~For Orbit and Fleet Desktop changes:~
- ~[ ] Manual QA must be performed in the three main OSs, macOS, Windows
and Linux.~
- ~[ ] Auto-update manual QA, from released version of component to new
version (see [tools/tuf/test](../tools/tuf/test/README.md)).~
Closes#11436
Changes:
- Updated the example used for adding users to a team in the Rest API
docs.
---------
Co-authored-by: Luke Heath <luke@fleetdm.com>
Changes address the feedback below:
> Disk encryption docs should say that you shouldn’t use custom settings
to enforce disk encryption (prevent user from trying to do filevault via
imazing)
I decided not to call this out in the docs because this is handled by
the product. The UI (and CLI) show this error if the user tries to use
custom settings to enforce disk encryption:
> Custom settings docs says randomly that it only works for macOS.
Should be obvious. No need to state?
I removed sentence about Fleet only supporting macOS
For #11279.
# Checklist for submitter
If some of the following don't apply, delete the relevant line.
- [x] Documented any API changes (docs/Using-Fleet/REST-API.md or
docs/Contributing/API-for-contributors.md)
Current REST API documentation for activities is outdated. Since we have
automatically generated documentation for activity types on the Audit
activities page, with all the necessary details I think it's a good idea
to link REST API docs to this one.
REST API docs will have a description of what will be returned with
example and specific information about each activity type can be found
on the Audit activities page, which is always up-to-date.
# Checklist for submitter
If some of the following don't apply, delete the relevant line.
- [ ] Changes file added for user-visible changes in `changes/` or
`orbit/changes/`.
See [Changes
files](https://fleetdm.com/docs/contributing/committing-changes#changes-files)
for more information.
- [ ] Documented any API changes (docs/Using-Fleet/REST-API.md or
docs/Contributing/API-for-contributors.md)
- [ ] Documented any permissions changes
- [ ] Input data is properly validated, `SELECT *` is avoided, SQL
injection is prevented (using placeholders for values in statements)
- [ ] Added support on fleet's osquery simulator `cmd/osquery-perf` for
new osquery data ingestion features.
- [ ] Added/updated tests
- [ ] Manual QA for all new/changed functionality
- For Orbit and Fleet Desktop changes:
- [ ] Manual QA must be performed in the three main OSs, macOS, Windows
and Linux.
- [ ] Auto-update manual QA, from released version of component to new
version (see [tools/tuf/test](../tools/tuf/test/README.md)).
Changes:
- Added the required `pageOrderInSection` meta tag to
`adding-new-ui-components.md`
I just guessed what the `pageOrderInSection` value should be. This PR is
just to fix the website deploy script caused by this page not having the
required meta tag.
FYI: @jacobshandling
## `generate`: a script to automatically generate UI component
boilerplate
<img width="2103" alt="Screenshot 2023-05-11 at 10 50 11 AM"
src="https://github.com/fleetdm/fleet/assets/61553566/d5570868-51b4-4602-90a0-2f7722b9d9ef">
* Putting in this PR now since @fleetdm/frontend folks seemed keen to
use this immediately
* TODO:
- create Makefile command for using this functionality from the project
root
- improve documentation
---------
Co-authored-by: Jacob Shandling <jacob@fleetdm.com>
This PR is in response to https://github.com/fleetdm/fleet/issues/10420,
to improve the readability of the docs. In particular,
[docs/using-fleet/mdm-setup](https://fleetdm.com/docs/using-fleet/mdm-setup).
**CSS changes**
- Adjusted margins and paddings on `<ol>` and `<ul>` elements. As well
as h-tags and code blocks.
- Added styling to docs `<h3>` tags to help differentiate sub-sections.
This helps to make the docs pages easier to scan.
- Reduced the boldness of `<b>` and `<strong>` tags. The recently
updated font, Inter, renders bold a little too heavily. (This is a
site-wide change.)
- Changed the default font color to `@core-fleet-black-75` and made sure
that h-tags are set to `@core-fleet-black`. The softer contrast helps
reduce fatigue while reading large blocks of text (while still
conforming to recommended contrast levels). This site-wide change brings
the text styling in sync with Figma.
**Content changes**
- Reformatted content on
[docs/using-fleet/mdm-setup](https://fleetdm.com/docs/using-fleet/mdm-setup)
to fix Markdown issues that were causing sections to render incorrectly,
and were also breaking the "On this page" side nav.
- Made grammar and content fixes to improve readability and flow.
# Checklist for submitter
If some of the following don't apply, delete the relevant line.
- [x] Manual QA for all new/changed functionality
---------
Co-authored-by: Eric <eashaw@sailsjs.com>
- Add "MDM disk encryption" page and rename "MDM custom macOS settings"
page
- Clarify how to enforce on a team v. "No team"
- Add step to confirm
- Update Fleet UI to use new pages
- Add redirect on fleetdm.com
#7970
- [X] Changes file added for user-visible changes in `changes/` or
`orbit/changes/`.
See [Changes
files](https://fleetdm.com/docs/contributing/committing-changes#changes-files)
for more information.
- ~[ ] Documented any API changes (docs/Using-Fleet/REST-API.md or
docs/Contributing/API-for-contributors.md)~
- ~[ ] Documented any permissions changes~
- ~[ ] Input data is properly validated, `SELECT *` is avoided, SQL
injection is prevented (using placeholders for values in statements)~
- ~[ ] Added support on fleet's osquery simulator `cmd/osquery-perf` for
new osquery data ingestion features.~
- [X] Added/updated tests
- [x] Manual QA for all new/changed functionality
- For Orbit and Fleet Desktop changes:
- [x] Manual QA must be performed in the three main OSs, macOS, Windows
and Linux.
- [x] Auto-update manual QA, from released version of component to new
version (see [tools/tuf/test](../tools/tuf/test/README.md)).
#11089
- [X] Changes file added for user-visible changes in `changes/` or
`orbit/changes/`.
See [Changes
files](https://fleetdm.com/docs/contributing/committing-changes#changes-files)
for more information.
- ~[ ] Documented any API changes (docs/Using-Fleet/REST-API.md or
docs/Contributing/API-for-contributors.md)~
- [X] Documented any permissions changes
- ~[ ] Input data is properly validated, `SELECT *` is avoided, SQL
injection is prevented (using placeholders for values in statements)~
- ~[ ] Added support on fleet's osquery simulator `cmd/osquery-perf` for
new osquery data ingestion features.~
- [x] Added/updated tests
- [X] Manual QA for all new/changed functionality
- ~For Orbit and Fleet Desktop changes:~
- ~[ ] Manual QA must be performed in the three main OSs, macOS, Windows
and Linux.~
- ~[ ] Auto-update manual QA, from released version of component to new
version (see [tools/tuf/test](../tools/tuf/test/README.md)).~
Changes made based on feedback during MDM beta session.
- Correction: the URL doesn't have to be publicly accessible
- Clarify how to install the bootstrap package on a team v. "No
team"
- Add confirmation step
Related to #10741, this adds a new key to app config named
`end_user_authentication`, which can be configured using the same keys
as the existing SSO feature.
Per the spec, if the feature is configured, it's implicitly enabled, at
least until we get to #10999.
Note that this only enables the SSO config, a second part of the ticket
with endpoints for the EULA will be tackled separately.
- Add sentence to explain that Fleet installs fleetd automatically on
hosts
- Add sentence to explain that setup features require ABM
- On MDM macOS settings page, add sentence that explains that Fleet
automatically deploys a "Fleetd configuration" profile.
In #10338 we introduced logic to gate DEP profiles behind Okta auth
using the ROP flow.
We're not going to use that, and instead we're going to gate profiles
behind SSO, which can be used from multiple providers and supports SSO
(the initial motivation behind the ROP flow was to create a local user
account.)
This removes some of the old code, which was never used in
production/documented for the public to use.
At the moment I'm leaving the `mdm_idp_accounts` table and related
methods untouched, as it's unclear yet if we're going to need a similar
auxiliar table, and I would rather deal with the migrations all at once.
#8593
Adding new MDM functionality to GitOps.
- ~[ ] Changes file added for user-visible changes in `changes/` or
`orbit/changes/`.
See [Changes
files](https://fleetdm.com/docs/contributing/committing-changes#changes-files)
for more information.~
- ~[ ] Documented any API changes (docs/Using-Fleet/REST-API.md or
docs/Contributing/API-for-contributors.md)~
- [X] Documented any permissions changes
- ~[ ] Input data is properly validated, `SELECT *` is avoided, SQL
injection is prevented (using placeholders for values in statements)~
- ~[ ] Added support on fleet's osquery simulator `cmd/osquery-perf` for
new osquery data ingestion features.~
- [x] Added/updated tests
- [X] Manual QA for all new/changed functionality
- ~For Orbit and Fleet Desktop changes:~
- ~[ ] Manual QA must be performed in the three main OSs, macOS, Windows
and Linux.~
- ~[ ] Auto-update manual QA, from released version of component to new
version (see [tools/tuf/test](../tools/tuf/test/README.md)).~
I noticed an opportunity to improve the formatting of the downgrading to
Fleet Free instructions while I was linking to the section from another
task.
- Highlighted renewal/contact instructions as a note
- Emphasised each of the main steps
- Removed redundant language
- Removed redundant line breaks in the markdown
- Increased spacing between steps
#8593
This PR adds a new role `gitops` to Fleet.
MDM capabilities for the role coming on a separate PR. We need this
merged ASAP so that we can unblock the UI work for this.
- [X] Changes file added for user-visible changes in `changes/` or
`orbit/changes/`.
See [Changes
files](https://fleetdm.com/docs/contributing/committing-changes#changes-files)
for more information.
- [x] Documented any API changes (docs/Using-Fleet/REST-API.md or
docs/Contributing/API-for-contributors.md)
- [X] Documented any permissions changes
- ~[ ] Input data is properly validated, `SELECT *` is avoided, SQL
injection is prevented (using placeholders for values in statements)~
- ~[ ] Added support on fleet's osquery simulator `cmd/osquery-perf` for
new osquery data ingestion features.~
- [X] Added/updated tests
- [x] Manual QA for all new/changed functionality
- ~For Orbit and Fleet Desktop changes:~
- ~[ ] Manual QA must be performed in the three main OSs, macOS, Windows
and Linux.~
- ~[ ] Auto-update manual QA, from released version of component to new
version (see [tools/tuf/test](../tools/tuf/test/README.md)).~
- Remove notes about MDM being "in development and not ready for
production"
- API endpoints that users might automate are moved to the [REST API doc
page](https://fleetdm.com/docs/using-fleet/rest-api)
#8593
This PR adds a new role `observer_plus` to Fleet. (The `GitOps` role
will be added on a separate PR.)
- [X] Changes file added for user-visible changes in `changes/` or
`orbit/changes/`.
See [Changes
files](https://fleetdm.com/docs/contributing/committing-changes#changes-files)
for more information.
- [X] Documented any API changes (docs/Using-Fleet/REST-API.md or
docs/Contributing/API-for-contributors.md)
- [X] Documented any permissions changes
- ~[ ] Input data is properly validated, `SELECT *` is avoided, SQL
injection is prevented (using placeholders for values in statements)~
- ~[ ] Added support on fleet's osquery simulator `cmd/osquery-perf` for
new osquery data ingestion features.~
- [X] Added/updated tests
- [X] Manual QA for all new/changed functionality
- ~For Orbit and Fleet Desktop changes:~
- ~[ ] Manual QA must be performed in the three main OSs, macOS, Windows
and Linux.~
- ~[ ] Auto-update manual QA, from released version of component to new
version (see [tools/tuf/test](../tools/tuf/test/README.md)).~
in #10134 we added a silent mechanism to try to read configuration
values from macOS configuration profiles if --fleet-url and
--enroll-secret weren't present.
while using this logic to test #9459 I have found that there's a race
condition where sometimes `fleetd` is installed before the configuration
profile with the values delivered by Fleet, causing orbit to get stuck
forever.
I added logic to loop every 30 seconds and try to fetch the values again
if none are found, but I didn't felt comfortable adding this logic
without also adding an extra flag to explicitly enable this behavior.
relates to #9436
Implementation of the API supporting filtering host by disk encryption
status. This adds this through a `macos_settings_disk_encryption` query
param that can be passed to these endpoints:
`GET /hosts`
`GET /hosts/count`
`GET /lables/:id/hosts`
- [x] Changes file added for user-visible changes in `changes/` or
`orbit/changes/`.
See [Changes
files](https://fleetdm.com/docs/contributing/committing-changes#changes-files)
for more information.
- [x] Documented any API changes (docs/Using-Fleet/REST-API.md or
docs/Contributing/API-for-contributors.md)
- [x] Input data is properly validated, `SELECT *` is avoided, SQL
injection is prevented (using placeholders for values in statements)
- [x] Added/updated tests
- [x] Manual QA for all new/changed functionality
As part of my on-call I'm looking through issues that require
documentation. I saw one about GeoIP in #8570 and wrote an overview of
how to set it up and why you would want to use GeoIP.
This only applies to Premium users, we want to show the vulnerabilities' published date anywhere vulnerabilities are shown including API endpoints and third party integrations.
#9609
This PR also fixes#10777.
The issue is: We were using `svc.AppConfig` instead of
`svc.ds.AppConfig` to retrieve the SMTP credentials.
`svc.AppConfig` obfuscates credentials, whereas `svc.ds.AppConfig` does
not.
To help prevent this from happening again I've renamed `svc.AppConfig`
to `svc.AppConfigObfuscated`.
I've also added a new test SMTP server
(https://github.com/axllent/mailpit) that supports Basic Authentication
and tests that make use of it to catch these kind of bugs (the tests are
executed when running `go test` with `MAIL_TEST=1`).
- [X] Changes file added for user-visible changes in `changes/` or
`orbit/changes/`.
See [Changes
files](https://fleetdm.com/docs/contributing/committing-changes#changes-files)
for more information.
- ~[ ] Documented any API changes (docs/Using-Fleet/REST-API.md or
docs/Contributing/API-for-contributors.md)~
- ~[ ] Documented any permissions changes~
- ~[ ] Input data is properly validated, `SELECT *` is avoided, SQL
injection is prevented (using placeholders for values in statements)~
- ~[ ] Added support on fleet's osquery simulator `cmd/osquery-perf` for
new osquery data ingestion features.~
- [X] Added/updated tests
- [X] Manual QA for all new/changed functionality
- ~For Orbit and Fleet Desktop changes:~
- ~[ ] Manual QA must be performed in the three main OSs, macOS, Windows
and Linux.~
- ~[ ] Auto-update manual QA, from released version of component to new
version (see [tools/tuf/test](../tools/tuf/test/README.md)).~
relates to #9434
implements the `GET /fleet/mdm/apple/filevault/summary` aggregate
endpoint.
- [x] Changes file added for user-visible changes in `changes/` or
`orbit/changes/`.
See [Changes
files](https://fleetdm.com/docs/contributing/committing-changes#changes-files)
for more information.
- [x] Documented any API changes (docs/Using-Fleet/REST-API.md or
docs/Contributing/API-for-contributors.md)
- [x] Input data is properly validated, `SELECT *` is avoided, SQL
injection is prevented (using placeholders for values in statements)
- [x] Added/updated tests
---------
Co-authored-by: Martin Angers <martin.n.angers@gmail.com>
# Checklist for submitter
If some of the following don't apply, delete the relevant line.
- [X] Changes file added for user-visible changes in `changes/` or
`orbit/changes/`.
See [Changes
files](https://fleetdm.com/docs/contributing/committing-changes#changes-files)
for more information.
- [X] Documented any API changes (docs/Using-Fleet/REST-API.md or
docs/Contributing/API-for-contributors.md)
closes https://github.com/fleetdm/fleet/issues/10778
---------
Co-authored-by: Martin Angers <martin.n.angers@gmail.com>
## Addresses #10257
Removed the 'Issuer URI' field and its associated code. Manually
confirmed that enabling single sign-on still works as expected.
<img width="525" alt="Screenshot 2023-03-24 at 4 32 56 PM"
src="https://user-images.githubusercontent.com/61553566/227661519-c2684a68-8b66-48f9-a6ab-a24f02f07080.png">
# Checklist for submitter
If some of the following don't apply, delete the relevant line.
- [x] Changes file added for user-visible changes
- [x] Manual QA for all new/changed functionality
---------
Co-authored-by: Jacob Shandling <jacob@fleetdm.com>
- Remove MDM configuration options that accept non-bytes (filepaths) for
certs/keys
- Why? The configuration docs are a reference for production Fleet
deployments. We observed that these options aren't normally used in
production. We observed, during beta, that presenting users with bytes
v. non-bytes options was confusing.
- Point Fleet contributors that want to turn on MDM locally to
contributing docs. These docs include instructions for using config
options that accept non-bytes.
Changing this to an H2 header so it will appear in the menu. Right now,
very difficult to find the MDM config section on the page (have to
search for it).
#8957
To test this feature, build+run Fleet and then visit:
`https://localhost:8080/metrics`.
- [X] Changes file added for user-visible changes in `changes/` or
`orbit/changes/`.
See [Changes
files](https://fleetdm.com/docs/contributing/committing-changes#changes-files)
for more information.
- ~[ ] Documented any API changes (docs/Using-Fleet/REST-API.md or
docs/Contributing/API-for-contributors.md)~
- ~[ ] Documented any permissions changes~
- ~[ ] Input data is properly validated, `SELECT *` is avoided, SQL
injection is prevented (using placeholders for values in statements)~
- ~[ ] Added support on fleet's osquery simulator `cmd/osquery-perf` for
new osquery data ingestion features.~
- [ ] Added/updated tests
- [X] Manual QA for all new/changed functionality
- For Orbit and Fleet Desktop changes:
- ~[ ] Manual QA must be performed in the three main OSs, macOS, Windows
and Linux.~
- ~[ ] Auto-update manual QA, from released version of component to new
version (see [tools/tuf/test](../tools/tuf/test/README.md)).~
Closes: #10458
Changes:
- Updated the generated id's for headings in Markdown content to remove
extra dashes in words that have multiple letter casings (e.g., `#my-sql`
» `#mysql`, `#git-hub-security` » `#github-security`)
- Updated links to Markdown headings that have changed.
. ..
---------
Co-authored-by: Mike McNeil <mikermcneil@users.noreply.github.com>
- Broke up the single MDM doc into multiple ones organized by category
- Changed any links to point to the new docs
---------
Co-authored-by: Noah Talerman <noahtal@umich.edu>
Co-authored-by: Noah Talerman <47070608+noahtalerman@users.noreply.github.com>
- Click “here” link to the team YAML docs was broken
- `minimum_version` and `deadline` value should be quoted in the
documentation. Fleet expects strings
- Updated "Team settings" section name to "Teams"
#8411
We decided to only update roles for existing accounts if enabled by a
new setting (disabled by default) `sso_settings.enable_jit_role_sync`.
- ~[ ] Changes file added for user-visible changes in `changes/` or
`orbit/changes/`.
See [Changes
files](https://fleetdm.com/docs/contributing/committing-changes#changes-files)
for more information.~
- ~[ ] Documented any API changes (docs/Using-Fleet/REST-API.md or
docs/Contributing/API-for-contributors.md)~
- ~[ ] Documented any permissions changes~
- ~[ ] Input data is properly validated, `SELECT *` is avoided, SQL
injection is prevented (using placeholders for values in statements)~
- ~[ ] Added support on fleet's osquery simulator `cmd/osquery-perf` for
new osquery data ingestion features.~
- [X] Added/updated tests
- [X] Manual QA for all new/changed functionality
- ~For Orbit and Fleet Desktop changes:~
- ~[ ] Manual QA must be performed in the three main OSs, macOS, Windows
and Linux.~
- ~[ ] Auto-update manual QA, from released version of component to new
version (see [tools/tuf/test](../tools/tuf/test/README.md)).~
#8129
Apart from fixing the issue in #8129, this change also introduces UUIDs
to Fleet errors. To be able to match a returned error from the API to a
error in the Fleet logs. See
https://fleetdm.slack.com/archives/C019WG4GH0A/p1677780622769939 for
more context.
Samples with the changes in this PR:
```
curl -k -H "Authorization: Bearer $TEST_TOKEN" -H 'Content-Type:application/json' "https://localhost:8080/api/v1/fleet/sso" -d ''
{
"message": "Bad request",
"errors": [
{
"name": "base",
"reason": "Expected JSON Body"
}
],
"uuid": "a01f6e10-354c-4ff0-b96e-1f64adb500b0"
}
```
```
curl -k -H "Authorization: Bearer $TEST_TOKEN" -H 'Content-Type:application/json' "https://localhost:8080/api/v1/fleet/sso" -d 'asd'
{
"message": "Bad request",
"errors": [
{
"name": "base",
"reason": "json decoder error"
}
],
"uuid": "5f716a64-7550-464b-a1dd-e6a505a9f89d"
}
```
```
curl -k -X GET -H "Authorization: Bearer badtoken" "https://localhost:8080/api/latest/fleet/teams"
{
"message": "Authentication required",
"errors": [
{
"name": "base",
"reason": "Authentication required"
}
],
"uuid": "efe45bc0-f956-4bf9-ba4f-aa9020a9aaaf"
}
```
```
curl -k -X PATCH -H "Authorization: Bearer $TEST_TOKEN" "https://localhost:8080/api/latest/fleet/users/14" -d '{"name": "Manuel2", "password": "what", "new_password": "p4ssw0rd.12345"}'
{
"message": "Authorization header required",
"errors": [
{
"name": "base",
"reason": "Authorization header required"
}
],
"uuid": "57f78cd0-4559-464f-9df7-36c9ef7c89b3"
}
```
```
curl -k -X PATCH -H "Authorization: Bearer $TEST_TOKEN" "https://localhost:8080/api/latest/fleet/users/14" -d '{"name": "Manuel2", "password": "what", "new_password": "p4ssw0rd.12345"}'
{
"message": "Permission Denied",
"uuid": "7f0220ad-6de7-4faf-8b6c-8d7ff9d2ca06"
}
```
- [X] Changes file added for user-visible changes in `changes/` or
`orbit/changes/`.
See [Changes
files](https://fleetdm.com/docs/contributing/committing-changes#changes-files)
for more information.
- [X] Documented any API changes (docs/Using-Fleet/REST-API.md or
docs/Contributing/API-for-contributors.md)
- ~[ ] Documented any permissions changes~
- ~[ ] Input data is properly validated, `SELECT *` is avoided, SQL
injection is prevented (using placeholders for values in statements)~
- ~[ ] Added support on fleet's osquery simulator `cmd/osquery-perf` for
new osquery data ingestion features.~
- [X] Added/updated tests
- [X] Manual QA for all new/changed functionality
- For Orbit and Fleet Desktop changes:
- [X] Manual QA must be performed in the three main OSs, macOS, Windows
and Linux.
- ~[ ] Auto-update manual QA, from released version of component to new
version (see [tools/tuf/test](../tools/tuf/test/README.md)).~
- Update configuration docs to include config options required for beta
users: feature flags and SCEP challenge
- Update contributor docs to point to user facing docs for generating
APNs and ABM cert and keys.
Related to #10121 this reverts #10107, and modifies the UI to use
`mdm.enabled_and_configured` instead of the `GET /mdm/apple` endpoint so
we don't face permissions issues and Maintainers are able to see the
Controls page.
More details and rationale in
https://github.com/fleetdm/fleet/issues/10121#issuecomment-1450335235
Tested with Admins, Maintainers and Observers
* Change order of returned json fields
* Change field "failed" to "failing"
- [x] Manual QA
- [x] Updated docs
---------
Co-authored-by: Jacob Shandling <jacob@fleetdm.com>
#8411
PS: I've opened #10209 to solve the issue with Golang Code Coverage CI
checks.
- [X] Changes file added for user-visible changes in `changes/` or
`orbit/changes/`.
See [Changes
files](https://fleetdm.com/docs/contributing/committing-changes#changes-files)
for more information.
- [x] Documented any API changes (docs/Using-Fleet/REST-API.md or
docs/Contributing/API-for-contributors.md)
- ~[] Documented any permissions changes~
- ~[ ] Input data is properly validated, `SELECT *` is avoided, SQL
injection is prevented (using placeholders for values in statements)~
- ~[ ] Added support on fleet's osquery simulator `cmd/osquery-perf` for
new osquery data ingestion features.~
- [X] Added/updated tests
- [x] Manual QA for all new/changed functionality
- ~For Orbit and Fleet Desktop changes:~
- ~[ ] Manual QA must be performed in the three main OSs, macOS, Windows
and Linux.~
- ~[ ] Auto-update manual QA, from released version of component to new
version (see [tools/tuf/test](../tools/tuf/test/README.md)).~
- Explain that Fleet automatically downloads the macOS update for the
end user
- Explain how to troubleshoot the scenario when the Mac says it's up to
date when it isn't
Addresses:
- #9908
Changes:
- Add instructions for enforcing custom settings to macOS hosts using
profiles
- Add instructions for using iMazing Profile Creator to create profiles
- Add instructions for adding profiles to Fleet (UI and CLI)
- Add instructions for migrating settings that were enforced using the
old MDM solution to Fleet
- Update link in Fleet UI (**Custom settings** page) to point to docs
---------
Co-authored-by: Mo Zhu <mozhu888@gmail.com>
We have code that builds conditionally depending on the platform (mostly
Orbit code) so we should run `golangci-lint` checks on all OSs.
This adds it to run on macOS, for Windows see:
https://github.com/fleetdm/fleet/issues/9943
# Checklist for submitter
If some of the following don't apply, delete the relevant line.
- [ ] Changes file added for user-visible changes in `changes/` or
`orbit/changes/`.
See [Changes
files](https://fleetdm.com/docs/contributing/committing-changes#changes-files)
for more information.
- [ ] Documented any API changes (docs/Using-Fleet/REST-API.md or
docs/Contributing/API-for-contributors.md)
- [ ] Documented any permissions changes
- [ ] Input data is properly validated, `SELECT *` is avoided, SQL
injection is prevented (using placeholders for values in statements)
- [ ] Added support on fleet's osquery simulator `cmd/osquery-perf` for
new osquery data ingestion features.
- [ ] Added/updated tests
- [ ] Manual QA for all new/changed functionality
- For Orbit and Fleet Desktop changes:
- [ ] Manual QA must be performed in the three main OSs, macOS, Windows
and Linux.
- [ ] Auto-update manual QA, from released version of component to new
version (see [tools/tuf/test](../tools/tuf/test/README.md)).
#9857
The "Public IP address" field is sometimes set to a "Private IP" on the
following types of Fleet deployments:
- Local deployments.
- Deployments where Fleet is on a private network.
- Deployments where an agent connects to Fleet not via the public
internet.
This PR will prevent a private IP to be set on the `host.public_ip`
field.
And this PR also adds documentation on how Fleet deduces the public IPs
of the devices so that a user can make the changes to fix this.
- [X] Changes file added for user-visible changes in `changes/` or
`orbit/changes/`.
See [Changes
files](https://fleetdm.com/docs/contributing/committing-changes#changes-files)
for more information.
- ~[ ] Documented any API changes (docs/Using-Fleet/REST-API.md or
docs/Contributing/API-for-contributors.md)~
- ~[ ] Documented any permissions changes~
- ~[ ] Input data is properly validated, `SELECT *` is avoided, SQL
injection is prevented (using placeholders for values in statements)~
- ~[ ] Added support on fleet's osquery simulator `cmd/osquery-perf` for
new osquery data ingestion features.~
- ~[ ] Added/updated tests~
- [X] Manual QA for all new/changed functionality
- ~For Orbit and Fleet Desktop changes:~
- ~[ ] Manual QA must be performed in the three main OSs, macOS, Windows
and Linux.~
- ~[ ] Auto-update manual QA, from released version of component to new
version (see [tools/tuf/test](../tools/tuf/test/README.md)).~
Issue #9586
# Checklist for submitter
If some of the following don't apply, delete the relevant line.
- [x] Changes file added for user-visible changes in `changes/` or
`orbit/changes/`.
See [Changes
files](https://fleetdm.com/docs/contributing/committing-changes#changes-files)
for more information.
- [x] Documented any API changes (docs/Using-Fleet/REST-API.md or
docs/Contributing/API-for-contributors.md)
- [ ] Documented any permissions changes
- [x] Input data is properly validated, `SELECT *` is avoided, SQL
injection is prevented (using placeholders for values in statements)
- [x] Added/updated tests
- [x] Manual QA for all new/changed functionality
#8924
This is reproduced in dogfood for `dogfood-centos-box` and
`dogfood-ubuntu-box` where their "Private IP" is also their "Public IP".
Given that these hosts have their "Primary IP" configured to be their
"Public IP" alongside their "Private IP", the `network_interface_unix`
and `network_interface_windows` queries are now changed to ingest only
private IPs for the "Private IP" field.
- [X] Changes file added for user-visible changes in `changes/` or
`orbit/changes/`.
See [Changes
files](https://fleetdm.com/docs/contributing/committing-changes#changes-files)
for more information.
- ~[ ] Documented any API changes (docs/Using-Fleet/REST-API.md or
docs/Contributing/API-for-contributors.md)~
- ~[ ] Documented any permissions changes~
- ~[ ] Input data is properly validated, `SELECT *` is avoided, SQL
injection is prevented (using placeholders for values in statements)~
- ~[ ] Added support on fleet's osquery simulator `cmd/osquery-perf` for
new osquery data ingestion features.~
- ~[ ] Added/updated tests~
- [X] Manual QA for all new/changed functionality
- ~For Orbit and Fleet Desktop changes:~
- ~[ ] Manual QA must be performed in the three main OSs, macOS, Windows
and Linux.~
- ~[ ] Auto-update manual QA, from released version of component to new
version (see [tools/tuf/test](../tools/tuf/test/README.md)).~
Added some examples for referring to when generating APNs certs
# Checklist for submitter
If some of the following don't apply, delete the relevant line.
- [ ] Changes file added for user-visible changes in `changes/` or
`orbit/changes/`.
See [Changes
files](https://fleetdm.com/docs/contributing/committing-changes#changes-files)
for more information.
- [ ] Documented any API changes (docs/Using-Fleet/REST-API.md or
docs/Contributing/API-for-contributors.md)
- [ ] Documented any permissions changes
- [ ] Input data is properly validated, `SELECT *` is avoided, SQL
injection is prevented (using placeholders for values in statements)
- [ ] Added support on fleet's osquery simulator `cmd/osquery-perf` for
new osquery data ingestion features.
- [ ] Added/updated tests
- [ ] Manual QA for all new/changed functionality
- For Orbit and Fleet Desktop changes:
- [ ] Manual QA must be performed in the three main OSs, macOS, Windows
and Linux.
- [ ] Auto-update manual QA, from released version of component to new
version (see [tools/tuf/test](../tools/tuf/test/README.md)).
These docs address 5 out of 7 requirements in the "Docs for MDM
migration" issue here: #9009
Docs also add an "Instructions for end users" section to address docs
for "Manual enrollment" issue:
https://github.com/fleetdm/fleet/issues/7957#issuecomment-1416262879
- Add instructions for IT admins on how to switch MDM solutions for
hosts manually enrolled to the old MDM solution
- Add instructions for IT admins on how to switch MDM solutions for
hosts automatically enrolled (DEP) to the old MDM solution
- Add information for IT admins about how Fleet treats Activation Lock
Bypass codes
- Add instructions for end users on how to switch MDM solutions for
hosts manually and automatically enrolled to the old MDM solution (same
instructions)
Update the default file carver block size to be compatible with MySQL 8
& S3.
Update surrounding docs.
Various other updates to references of MySQL versions (all terraform
deploys are now defaulted MySQL 8 in AWS)
# Checklist for submitter
If some of the following don't apply, delete the relevant line.
- [X] Changes file added for user-visible changes in `changes/` or
`orbit/changes/`.
Related to #9571, this adds a new value to both responses which is
calculated when the Fleet server is started, and only set to `true` if
the server is properly configured for MDM.
This helps the UI to determine wether or not we should show certain UI
elements that we only want to show to servers with MDM enabled.
See requirements in #8682.
Two assumptions on the implementation (@zayhanlon please take a look):
- Hosts explicitly selected to run always run the live query (no matter
the values on the selectors).
- When selecting `All hosts`, selecting any other platform or label is
kind of a no-op. We should look into graying out all the selectors if
the user selects `All hosts`.
- [X] Changes file added for user-visible changes in `changes/` or
`orbit/changes/`.
See [Changes
files](https://fleetdm.com/docs/contributing/committing-changes#changes-files)
for more information.
- [X] Documented any API changes (docs/Using-Fleet/REST-API.md or
docs/Contributing/API-for-contributors.md)
- ~[ ] Documented any permissions changes~
- [X] Input data is properly validated, `SELECT *` is avoided, SQL
injection is prevented (using placeholders for values in statements)
- ~[ ] Added support on fleet's osquery simulator `cmd/osquery-perf` for
new osquery data ingestion features.~
- [X] Added/updated tests
- [X] Manual QA for all new/changed functionality
- ~For Orbit and Fleet Desktop changes:~
- ~[ ] Manual QA must be performed in the three main OSs, macOS, Windows
and Linux.~
- ~[ ] Auto-update manual QA, from released version of component to new
version (see [tools/tuf/test](../tools/tuf/test/README.md)).~
Related to #9386 - this should fix one of the three reported problems.
* Add the ability to add exclusion rules to cpe_translations.
* Added exclusion rule for Docs chrome extension.
