mirror of
https://github.com/fleetdm/fleet
synced 2026-05-24 09:28:54 +00:00
78c0b0c651
<!-- Add the related story/sub-task/bug number, like Resolves #123, or remove if NA --> **Related issue:** Resolves #43885 Adds a migration and code to capture the value of the fleet managed admin account if one exists. Changes file added for entire feature # Checklist for submitter If some of the following don't apply, delete the relevant line. - [x] Changes file added for user-visible changes in `changes/`, `orbit/changes/` or `ee/fleetd-chrome/changes`. See [Changes files](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/guides/committing-changes.md#changes-files) for more information. - [x] Input data is properly validated, `SELECT *` is avoided, SQL injection is prevented (using placeholders for values in statements), JS inline code is prevented especially for url redirects, and untrusted data interpolated into shell scripts/commands is validated against shell metacharacters. - [x] Timeouts are implemented and retries are limited to avoid infinite loops ## Testing - [x] Added/updated automated tests - [x] Where appropriate, [automated tests simulate multiple hosts and test for host isolation](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/reference/patterns-backend.md#unit-testing) (updates to one hosts's records do not affect another) - [x] QA'd all new/changed functionality manually ## Database migrations - [x] Checked schema for all modified table for columns that will auto-update timestamps during migration. - [x] Confirmed that updating the timestamps is acceptable, and will not cause unwanted side effects. - [x] Ensured the correct collation is explicitly set for character columns (`COLLATE utf8mb4_unicode_ci`). <!-- This is an auto-generated comment: release notes by coderabbit.ai --> ## Summary by CodeRabbit * **New Features** * Automatic password rotation for managed local admin accounts on macOS, triggered after viewing activity. * Provisioning now captures and persists the managed admin account identifier (UUID) to support rotation and prevents that account from being stored as a regular user. * Hosts will request a best-effort recheck when the managed admin identifier is not yet available. * **Chores** * Database schema updated to store rotation scheduling and pending credential state. * **Tests** * Added tests covering UUID capture, conditional updates, migration, and ingest behavior. <!-- end of auto-generated comment: release notes by coderabbit.ai --> --------- Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com> |
||
|---|---|---|
| .. | ||
| mdm | ||
| orchestration | ||
| security-compliance | ||
| software | ||
| README.md | ||
Fleet product groups
Fleet is organized into three main product groups:
MDM
The MDM product group focuses on Mobile Device Management, including:
- Apple MDM (macOS, iOS)
- Windows MDM
- Android MDM
- End user authentication
- Disk encryption
- Automated device enrollment
Orchestration
The Orchestration product group focuses on device orchestration using osquery, including:
- Live reports
- Scheduled reports
- Query packs
- Host vitals
- Fleets and access control
- File carving
- Policies
- Scripts
Software
The Software product group focuses on software management, including:
- Software inventory
- Vulnerability management
- Software installation
- Software updates
- Software policies
- Fleet-maintained apps
Cross-Product Documentation
Some documentation applies to multiple product groups:
- Architecture - High-level architecture documentation
- Guides - How-to guides for common tasks
- Workflows - Development workflows
- Reference - API reference, configuration, etc.