mirror of
https://github.com/fleetdm/fleet
synced 2026-05-24 09:28:54 +00:00
78c0b0c651
<!-- Add the related story/sub-task/bug number, like Resolves #123, or remove if NA --> **Related issue:** Resolves #43885 Adds a migration and code to capture the value of the fleet managed admin account if one exists. Changes file added for entire feature # Checklist for submitter If some of the following don't apply, delete the relevant line. - [x] Changes file added for user-visible changes in `changes/`, `orbit/changes/` or `ee/fleetd-chrome/changes`. See [Changes files](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/guides/committing-changes.md#changes-files) for more information. - [x] Input data is properly validated, `SELECT *` is avoided, SQL injection is prevented (using placeholders for values in statements), JS inline code is prevented especially for url redirects, and untrusted data interpolated into shell scripts/commands is validated against shell metacharacters. - [x] Timeouts are implemented and retries are limited to avoid infinite loops ## Testing - [x] Added/updated automated tests - [x] Where appropriate, [automated tests simulate multiple hosts and test for host isolation](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/reference/patterns-backend.md#unit-testing) (updates to one hosts's records do not affect another) - [x] QA'd all new/changed functionality manually ## Database migrations - [x] Checked schema for all modified table for columns that will auto-update timestamps during migration. - [x] Confirmed that updating the timestamps is acceptable, and will not cause unwanted side effects. - [x] Ensured the correct collation is explicitly set for character columns (`COLLATE utf8mb4_unicode_ci`). <!-- This is an auto-generated comment: release notes by coderabbit.ai --> ## Summary by CodeRabbit * **New Features** * Automatic password rotation for managed local admin accounts on macOS, triggered after viewing activity. * Provisioning now captures and persists the managed admin account identifier (UUID) to support rotation and prevents that account from being stored as a regular user. * Hosts will request a best-effort recheck when the managed admin identifier is not yet available. * **Chores** * Database schema updated to store rotation scheduling and pending credential state. * **Tests** * Added tests covering UUID capture, conditional updates, migration, and ingest behavior. <!-- end of auto-generated comment: release notes by coderabbit.ai --> --------- Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com> |
||
|---|---|---|
| .. | ||
| custom-oid-extensions.md | ||
| file-carving.md | ||
| fleets.md | ||
| README.md | ||
| tpm-backed-http-signing.md | ||
| understanding-host-vitals.md | ||
Orchestration
This directory contains documentation specific to Fleet's Orchestration product group.
Overview
Fleet's Orchestration functionality allows organizations to manage and query devices at scale using osquery, providing visibility into device status, configuration, and security posture.