mirror of
https://github.com/fleetdm/fleet
synced 2026-05-24 09:28:54 +00:00
78c0b0c651
<!-- Add the related story/sub-task/bug number, like Resolves #123, or remove if NA --> **Related issue:** Resolves #43885 Adds a migration and code to capture the value of the fleet managed admin account if one exists. Changes file added for entire feature # Checklist for submitter If some of the following don't apply, delete the relevant line. - [x] Changes file added for user-visible changes in `changes/`, `orbit/changes/` or `ee/fleetd-chrome/changes`. See [Changes files](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/guides/committing-changes.md#changes-files) for more information. - [x] Input data is properly validated, `SELECT *` is avoided, SQL injection is prevented (using placeholders for values in statements), JS inline code is prevented especially for url redirects, and untrusted data interpolated into shell scripts/commands is validated against shell metacharacters. - [x] Timeouts are implemented and retries are limited to avoid infinite loops ## Testing - [x] Added/updated automated tests - [x] Where appropriate, [automated tests simulate multiple hosts and test for host isolation](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/reference/patterns-backend.md#unit-testing) (updates to one hosts's records do not affect another) - [x] QA'd all new/changed functionality manually ## Database migrations - [x] Checked schema for all modified table for columns that will auto-update timestamps during migration. - [x] Confirmed that updating the timestamps is acceptable, and will not cause unwanted side effects. - [x] Ensured the correct collation is explicitly set for character columns (`COLLATE utf8mb4_unicode_ci`). <!-- This is an auto-generated comment: release notes by coderabbit.ai --> ## Summary by CodeRabbit * **New Features** * Automatic password rotation for managed local admin accounts on macOS, triggered after viewing activity. * Provisioning now captures and persists the managed admin account identifier (UUID) to support rotation and prevents that account from being stored as a regular user. * Hosts will request a best-effort recheck when the managed admin identifier is not yet available. * **Chores** * Database schema updated to store rotation scheduling and pending credential state. * **Tests** * Added tests covering UUID capture, conditional updates, migration, and ingest behavior. <!-- end of auto-generated comment: release notes by coderabbit.ai --> --------- Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com> |
||
|---|---|---|
| .. | ||
| apple_mdm.go | ||
| apple_mdm_test.go | ||
| automation_failer.go | ||
| automation_failer_test.go | ||
| batch_activities.go | ||
| batch_activities_test.go | ||
| db_migrations.go | ||
| db_migrations_test.go | ||
| jira.go | ||
| jira_test.go | ||
| macos_setup_assistant.go | ||
| macos_setup_assistant_test.go | ||
| software_worker.go | ||
| software_worker_test.go | ||
| vpp_verification.go | ||
| worker.go | ||
| worker_test.go | ||
| zendesk.go | ||
| zendesk_test.go | ||