Resolves#37686.
Rolling back the detail query change in
527c2230e9.
The test in the original commit was not related to the change so I kept
it as it was added to make sure order of processing of query results.
I tested the ingested device ID matches the one in Entra and that Yes/No
compliant functionality works as expected.
- [X] Changes file added for user-visible changes in `changes/`,
`orbit/changes/` or `ee/fleetd-chrome/changes`.
See [Changes
files](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/guides/committing-changes.md#changes-files)
for more information.
## Testing
- [x] QA'd all new/changed functionality manually
**Related issue:** #35554
Ability to add multiple `platform` values is added to "List setup
experience software" (`GET api/v1/fleet/setup_experience/software`) in
PR #37468. This change is similar to how `platform` can be set in the
"List software" endpoint (`GET /api/v1/fleet/software/titles`).
---------
Co-authored-by: Marko Lisica <83164494+marko-lisica@users.noreply.github.com>
This pull request adds support for two new software categories,
"Security" and "Utilities", across the application. The changes ensure
these categories are available in the database, frontend type
definitions, UI elements, documentation, and are fully tested in both
migration and integration test suites.
**Database and Migration Updates:**
* Added "Security" and "Utilities" entries to the `software_categories`
table and updated initial data in `schema.sql`.
* Introduced a new migration
(`20251210000000_AddSecurityAndUtilitiesCategories.go`) to insert/remove
these categories, with an accompanying test to verify migration
behavior.
[[1]](diffhunk://#diff-57da59e73fff8f2ffccd167299027899614281c591b79715b7000bed0e9d8516R1-R31)
[[2]](diffhunk://#diff-5e6db34b45e83ec5cf2b9cb41e4bfd4ee934f456dd9c0ae4313a448d39319c72R1-R28)
**Frontend and Documentation Updates:**
* Updated the `SoftwareCategory` type and category lists to include
"Security" and "Utilities", ensuring they appear in the UI and are
selectable.
[[1]](diffhunk://#diff-4297079e443d574eb530c70ef48de3cab80e56f783c7b395d58c31c29be6bb0eL77-R79)
[[2]](diffhunk://#diff-405dcd4f0bd6881e4b20a75212467d13c143ddc486b5c9d29ed9035033c32361R25-R26)
* Added documentation for the new categories in `yaml-files.md`.
**Testing Enhancements:**
* Added and updated tests to verify the new categories are displayed and
handled correctly in both frontend and backend integration tests.
[[1]](diffhunk://#diff-d151ee297fdaf54f8ea7027bc46de12247c43406b464265f24ade5a49cb19e49R210-R211)
[[2]](diffhunk://#diff-bbd0c5a6bc2f9a24e633031d4c6a3f5b0be7cbfe78ef1b56cdf9a7a2c32e21e2R19358-R19365)
[[3]](diffhunk://#diff-2bd8ca2ddaad7aac0c438a2afd76a26872378249f757c9c81a31005d0e57cf1fR18447-R18460)
This version shows the notification every five minutes, has a custom
title, runs in the user context, and has a more detailed message since
we no longer have the 255 character limit.
---------
Co-authored-by: Noah Talerman <47070608+noahtalerman@users.noreply.github.com>
**Related issue:** Resolves#36701
# Checklist for submitter
If some of the following don't apply, delete the relevant line.
- [x] Input data is properly validated, `SELECT *` is avoided, SQL
injection is prevented (using placeholders for values in statements)
## Testing
- [x] Added/updated automated tests
- [x] Where appropriate, [automated tests simulate multiple hosts and
test for host
isolation](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/reference/patterns-backend.md#unit-testing)
(updates to one hosts's records do not affect another)
- [x] QA'd all new/changed functionality manually
<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit
* **New Features**
* Added activity tracking for Android certificate template edits and
deletions via GitOps.
* **Chores**
* Updated certificate template batch operations to track which teams
were affected by changes.
<sub>✏️ Tip: You can customize this high-level summary in your review
settings.</sub>
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
<!-- Add the related story/sub-task/bug number, like Resolves#123, or
remove if NA -->
**Related issue:** Resolves#37088
# Details
This just adds the new activities for use in the API handler and the
front-end. I neglected to include this in the spec so I'm putting up a
quick PR to keep from adding to the back-end ticket scope.
# Checklist for submitter
No checklist items apply here; it just needs to implement what's laid
out in https://github.com/fleetdm/fleet/pull/35777/files.
---------
Co-authored-by: Juan Fernandez <juan@fleetdm.com>
Resolves#36909.
# Checklist for submitter
If some of the following don't apply, delete the relevant line.
- [x] Changes file added for user-visible changes in `changes/`,
`orbit/changes/` or `ee/fleetd-chrome/changes`.
See [Changes
files](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/guides/committing-changes.md#changes-files)
for more information.
## Testing
- [x] Added/updated automated tests
- [x] QA'd all new/changed functionality manually
- Add comprehensive Docker Compose deployment guide article
- Add docker-compose.yml with Fleet, MySQL, and Redis services
- Add env.example template with configuration options
- Include TLS setup options for both reverse proxy and direct TLS
- Add troubleshooting and production considerations
Resolves#33774
<!-- Add the related story/sub-task/bug number, like Resolves#123, or
remove if NA -->
**Related issue:** Resolves#32999
And fixing newly flagged lint issues.
This PR will remain in draft as a preview of upcoming documentation
changes for 4.77.0
---------
Co-authored-by: Marko Lisica <83164494+marko-lisica@users.noreply.github.com>
Co-authored-by: Noah Talerman <47070608+noahtalerman@users.noreply.github.com>
Co-authored-by: Victor Lyuboslavsky <2685025+getvictor@users.noreply.github.com>
Co-authored-by: Ian Littman <iansltx@gmail.com>
Co-authored-by: Noah Talerman <noahtal@umich.edu>
Co-authored-by: Lucas Manuel Rodriguez <lucas@fleetdm.com>
Co-authored-by: Magnus Jensen <magnus@fleetdm.com>
Co-authored-by: Jordan Montgomery <elijah.jordan.montgomery@gmail.com>
Co-authored-by: Janis Watts <184028114+jmwatts@users.noreply.github.com>
Co-authored-by: Allen Houchins <32207388+allenhouchins@users.noreply.github.com>
Co-authored-by: Gabriel Hernandez <ghernandez345@gmail.com>
Co-authored-by: Mike Thomas <78363703+mike-j-thomas@users.noreply.github.com>
Co-authored-by: Scott Gress <scottmgress@gmail.com>
Co-authored-by: Carlo <1778532+cdcme@users.noreply.github.com>
These are two (Latin) words, they should not be hyphenated. Found
because I was trying to use command + f to search for "ad hoc," since
that's the proper spelling.
<!-- Add the related story/sub-task/bug number, like Resolves#123, or
remove if NA -->
**Related issue:** Resolves#35654Resolves#36194
# Checklist for submitter
If some of the following don't apply, delete the relevant line.
## Testing
- [x] Added/updated automated tests
- [x] Where appropriate, [automated tests simulate multiple hosts and
test for host
isolation](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/reference/patterns-backend.md#unit-testing)
(updates to one hosts's records do not affect another)
- [x] QA'd all new/changed functionality manually
For unreleased bug fixes in a release candidate, one of:
- [x] Confirmed that the fix is not expected to adversely impact load
test results
Fixes the outdated MDM link, and adds the missing top-level links.
_The notation for integrations `#integrations-1`, is to take the second
occurence of integrations, as we have another integrations title in the
update webhook configuration._
I can see this doesn't affect the website (or shouldn't) since it uses
it's own way to generate the TOC, but will help for manually browsing
the markdown.
<!-- Add the related story/sub-task/bug number, like Resolves#123, or
remove if NA -->
**Related issue:** Resolves#35309 docs changes
For more context see
https://fleetdm.slack.com/archives/C019WG4GH0A/p1763137466439419
---------
Co-authored-by: Noah Talerman <47070608+noahtalerman@users.noreply.github.com>
Adds the Ubuntu Advantage policy to the policy library that checks to see
if the file exists, and that it is attached, and expiry date has not
passed.
This can be used in combination with a script automation running `pro
attach <tokenID>`, with a tokenID configured in Fleet Variables. E.g:
`pro attach $FLEET_SECRET_UBUNTUPRO` for remediation.
---------
Co-authored-by: Noah Talerman <47070608+noahtalerman@users.noreply.github.com>
API changes for #35309
Also updates bug notes to call out fixed version.
Related PR #35651
---------
Co-authored-by: Noah Talerman <47070608+noahtalerman@users.noreply.github.com>
> This PR to be left in draft until bug is brought into a sprint, at
which point we'll close and re-open to the correct release branch.
Changes for the following bug:
+ https://github.com/fleetdm/fleet/issues/33758
---------
Co-authored-by: Noah Talerman <47070608+noahtalerman@users.noreply.github.com>
Proposing that we update this language to match what actually happens if
you add a VPP app using an adamID (all platforms with that adamID are
added, along with any settings like self service categories, setup
experience, labels, etc.)
Added information about supported database setups and resource
provisioning for multiple Fleet instances.
Related to:
- #35400
We got a community member trying to install Fleet in a way we don't
test, but it's not explicitly documented that we don't support that way.
Corrected REST API Documentation table of contents so that the `Update
human-device mapping` heading linked to the right location in the
document and the heading in the table of contents matches the actual
heading.
Fixing broken links in the article to point to absolute paths.
---------
Co-authored-by: Brock Walters <153771548+nonpunctual@users.noreply.github.com>
Redis 5 has been EOL for a few years, and didn't get updates for the
latest high-severity CVEs. We're already using 6 in most places
(fleetctl preview, recommended reference architectures, managed cloud
environments) so it's safe to set 6 as the new minimum.
Co-authored-by: Noah Talerman <47070608+noahtalerman@users.noreply.github.com>
<!-- Add the related story/sub-task/bug number, like Resolves#123, or
remove if NA -->
**Related issue:** Resolves#33907
# Checklist for submitter
If some of the following don't apply, delete the relevant line.
- [x] Changes file added for user-visible changes in `changes/`
- [x] Input data is properly validated, `SELECT *` is avoided, SQL
injection is prevented (using placeholders for values in statements)
## Testing
- [x] Added/updated automated tests
- [x] QA'd all new/changed functionality manually
## Database migrations
- [x] Checked schema for all modified table for columns that will
auto-update timestamps during migration.
~- [ ] Confirmed that updating the timestamps is acceptable, and will
not cause unwanted side effects.~ N/A
- [x] Ensured the correct collation is explicitly set for character
columns (`COLLATE utf8mb4_unicode_ci`).
<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit
## Release Notes
* **New Features**
* Windows software inventory now includes upgrade code data for better
software identification and tracking.
* **Chores**
* Database schema updated to support upgrade code storage for software
titles and inventory records.
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
Fixes#32072.
Biggest changes are in the foreign vitals IdP (SCIM) guide:
* Moved Android from "coming soon" to live (true as of 4.75)
* Moved Okta-specific troubleshooting under the Okta section
* Moved "Other IdPs" into its own top level section instead of partway
through the Google section (looks like the result of a bad merge)
* Added a link to the labels guide where relevant
* Various minor clarity/grammar fixes based on running through the
process end-to-end with Okta
Additionally:
* Clarity fixes on labels docs
* Noted in contributing docs the existence of the Okta Integrator Free
plan for E2E testing SSO/SCIM flows
<!-- Add the related story/sub-task/bug number, like Resolves#123, or
remove if NA -->
**Related issue:** Resolves#33778
# Checklist for submitter
If some of the following don't apply, delete the relevant line.
- [x] Input data is properly validated, `SELECT *` is avoided, SQL
injection is prevented (using placeholders for values in statements)
## Testing
- [x] Added/updated automated tests
- [x] QA'd all new/changed functionality manually
Correcting description of action when no team is applied to fleet
premium when modifying OS settings.
https://fleetdm.slack.com/archives/C019WG4GH0A/p1761829754255319
<!-- Add the related story/sub-task/bug number, like Resolves#123, or
remove if NA -->
**Related issue:** Resolves #
# Checklist for submitter
If some of the following don't apply, delete the relevant line.
- [ ] Changes file added for user-visible changes in `changes/`,
`orbit/changes/` or `ee/fleetd-chrome/changes`.
See [Changes
files](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/guides/committing-changes.md#changes-files)
for more information.
- [ ] Input data is properly validated, `SELECT *` is avoided, SQL
injection is prevented (using placeholders for values in statements)
- [ ] If paths of existing endpoints are modified without backwards
compatibility, checked the frontend/CLI for any necessary changes
## Testing
- [ ] Added/updated automated tests
- [ ] Where appropriate, [automated tests simulate multiple hosts and
test for host
isolation](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/reference/patterns-backend.md#unit-testing)
(updates to one hosts's records do not affect another)
- [ ] QA'd all new/changed functionality manually
For unreleased bug fixes in a release candidate, one of:
- [ ] Confirmed that the fix is not expected to adversely impact load
test results
- [ ] Alerted the release DRI if additional load testing is needed
## Database migrations
- [ ] Checked schema for all modified table for columns that will
auto-update timestamps during migration.
- [ ] Confirmed that updating the timestamps is acceptable, and will not
cause unwanted side effects.
- [ ] Ensured the correct collation is explicitly set for character
columns (`COLLATE utf8mb4_unicode_ci`).
## New Fleet configuration settings
- [ ] Setting(s) is/are explicitly excluded from GitOps
If you didn't check the box above, follow this checklist for
GitOps-enabled settings:
- [ ] Verified that the setting is exported via `fleetctl
generate-gitops`
- [ ] Verified the setting is documented in a separate PR to [the GitOps
documentation](https://github.com/fleetdm/fleet/blob/main/docs/Configuration/yaml-files.md#L485)
- [ ] Verified that the setting is cleared on the server if it is not
supplied in a YAML file (or that it is documented as being optional)
- [ ] Verified that any relevant UI is disabled when GitOps mode is
enabled
## fleetd/orbit/Fleet Desktop
- [ ] Verified compatibility with the latest released version of Fleet
(see [Must
rule](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/workflows/fleetd-development-and-release-strategy.md))
- [ ] If the change applies to only one platform, confirmed that
`runtime.GOOS` is used as needed to isolate changes
- [ ] Verified that fleetd runs on macOS, Linux and Windows
- [ ] Verified auto-update works from the released version of component
to the new version (see [tools/tuf/test](../tools/tuf/test/README.md))
