Changes:
- Created a new database model: `MicrosoftComplianceTenant`. A model
that stores information about complaince tenants
- Added `/policies/is-cloud-customer`: a policy that blocks requests to
microsoft proxy endpoints if a `MS API KEY` header is missing or does
not match a new config variable
(`sails.custom.config.cloudCustomerCompliancePartnerSharedSecret`)
- Added `microsoft-proxy/create-compliance-partner-tenant`: an action
that creates a database record for a new compliance tenant and generates
an API key that is used to authenticate future requests to microsoft
proxy endpoints for an entra tenant.
- Added `microsoft-proxy/get-compliance-partner-settings`: an action
that returns information about Fleet's complaince partner entra
application and the entra tenant's admin consent status (whether or not
a tenant's entra admin has granted permissions to Fleet's compliance
partner application)
- Added `microsoft-proxy/get-tenants-admin-consent-status`: an action
that updates the admin consent status of a compliance tenant record.
- Added `microsoft-proxy/setup-compliance-partner-tenant`: an action
that provisions a compliance tenant, creates a complaince policy for
macOS devices assigns the created policy to the built-in "All users"
user group on the tenants entra instance.
- Added `microsoft-proxy/update-one-devices-compliance-status`: an
action that receives information about a device on a compliance tenant's
Fleet instance, sends that information to their Entra instance, and
returns the messsage ID returned by the asynchronus Entra API.
- Added `microsoft-proxy/get-one-compliance-status-result`: an action
that returns the result of a compliance status update from the Entra
API.
- Added `sails.helpers.microsoft-proxy.get-access-token-and-api-urls` A
helper that gets an access token for a tenant's entra instance and the
URLs of the API endpoints the microsoft proxy actions use for a tenant.
- Added `scripts/send-entra-heartbeat-requests` A script that will run
daily to keep all microsoft compliance integrations provisioned.
-
---------
Co-authored-by: Lucas Rodriguez <lucas@fleetdm.com>
Changes:
- Updated the has-query-generator-access policy to allow the policy to
be bypassed when a `sails.config.custom.enablePublicQueryGenerator`
value is set
- Updated the query generator to match the latest wireframes
- Updated `get-llm-generated-sql` to pass a system prompt to the schema
filtration prompt.
Changes:
- Updated the User model to have a new attribute: `canUseQueryGenerator`
a boolean attribute that will grant users access to the query generator
page on the website.
- Added a new policy: `has-query-generate-access`
- Moved the query generator page from the admin section of the website.
Note: before this change can be merged, the website's database will need
to be migrated to add the new column to the User table
* rename dir
* no need to install website or docs from npm
At some point, would also be nice to be able to exclude assets/ as well, and to only install a pre-built version of Fleet's frontend code
* Bring in fleetdm.com website
From https://github.com/fleetdm/fleetdm.com as of https://github.com/fleetdm/fleetdm.com/releases/tag/v0.0.21
* add procfile for heroku
Using https://github.com/timanovsky/subdir-heroku-buildpack
* avoid getting anybody's hopes up
* Create deploy-fleet-website.yml (#82)
* Create deploy-fleet-website.yml
* Update deploy-fleet-website.yml
* Update deploy-fleet-website.yml
* Update deploy-fleet-website.yml
* update pjs with SPDX-like license expressions. also fix repo URL
and remove package lock
* Update deploy-fleet-website.yml
* Update deploy-fleet-website.yml
* remove dummy uri
* Dissect deploy script
* Update deploy-fleet-website.yml
* workaround for eslintrc nesting issue
* lint fixes
* forgot the .js
* add per-commit git config
* Update deploy-fleet-website.yml
* might as well remove that
* cleanup
* connect w/ heroku app and have it actually push
* fix bug I introduced in 578a1a01ff
* Update deploy-fleet-website.yml
* Update deploy-fleet-website.yml
* Update deploy-fleet-website.yml
* Update deploy-fleet-website.yml
* the beauty, the glory, of javascript
* GH actions don't like "\n"
* Update deploy-fleet-website.yml
* restore \n chars from 0d45e568f6
hoping I was wrong in 0d45e568f6 but see also https://github.community/t/what-is-the-correct-character-escaping-for-workflow-command-values-e-g-echo-xxxx/118465/5
* Update deploy-fleet-website.yml
* Update deploy-fleet-website.yml
* Update deploy-fleet-website.yml
* Update deploy-fleet-website.yml
* Update deploy-fleet-website.yml
* Update deploy-fleet-website.yml
* Update deploy-fleet-website.yml
* Update deploy-fleet-website.yml
* Update deploy-fleet-website.yml
* Update deploy-fleet-website.yml
* Update deploy-fleet-website.yml
* Update deploy-fleet-website.yml
* rename script to prevent duplicate building
* Configure the real website
* clean up
* a test of the deploy workflow
* add handbook to npmignore
* I guess you could call this fixing a typo
* point workflow at master branch
* now clearly bogus: this completely unused version string
