Elgato_dark/fleet
1
0
Fork 0
mirror of https://github.com/fleetdm/fleet synced 2026-05-06 14:58:33 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 134
fleet/changes
History
Victor Lyuboslavsky 9d24f20c98
Added support of $FLEET_VAR_HOST_UUID in Windows MDM configuration profiles (#31695) 
Fixes #30879 

Demo video: https://www.youtube.com/watch?v=jVyh5x8EMnc

I added a `FleetVarName` type, which should improve
safety/maintainability, but that resulted in a lot of files touched.

I also added the following. However, these are not strictly needed for
this feature (only useful for debug right now). But we are following the
pattern created by MDM team.

  1. Add the migration to insert HOST_UUID into fleet_variables
2. Update the Windows profile save logic to populate
mdm_configuration_profile_variables


# Checklist for submitter

- [x] Changes file added for user-visible changes in `changes/`,
`orbit/changes/` or `ee/fleetd-chrome/changes`.

## Testing

- [x] Added/updated automated tests
- [x] Where appropriate, [automated tests simulate multiple hosts and
test for host isolation]
- [x] QA'd all new/changed functionality manually



<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit

## Summary by CodeRabbit

* **New Features**
* Added support for the `$FLEET_VAR_HOST_UUID` variable in Windows MDM
configuration profiles, enabling per-host customization during profile
deployment.
* Enhanced profile delivery by substituting Fleet variables with actual
host data in Windows profiles.
* Introduced a database migration to register the new Fleet variable for
host UUID.

* **Bug Fixes**
* Improved validation and error handling to reject unsupported Fleet
variables in Windows MDM profiles with detailed messages.
* Ensured robust handling of errors during profile command insertion
without aborting the entire reconciliation process.

* **Tests**
* Added extensive tests covering validation, substitution, error
handling, and reconciliation workflows for Windows MDM profiles using
Fleet variables.
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
2025-08-10 12:24:38 +02:00
..
.keep Issue 1009 calculate diff software (#1305) 2021-07-08 13:57:43 -03:00
21754-fleetctl-api-body-support [fleetctl] api command: support request body, including file uploads (#30806) 2025-07-29 08:15:23 -05:00
21973-better-unmarshal-type-errors Better gitops unmarshal type errors (#30647) 2025-07-24 13:49:17 -04:00
25587-pkg-name-extraction Use install path on packageInfo XML if it's a .app before falling back to bundle ID for PKG name extraction (#30669) 2025-07-09 08:21:10 -05:00
26404-stale-false-positive Switch vulns cron false positive clear to clear vulns based on when the vulns run started, rather than based on periodicity (#31364) 2025-07-29 10:14:14 -05:00
26618-software-vuln-detected-dates fix issue with CVE showing wrong date (#30768) 2025-07-10 22:38:22 -04:00
27061-dedupe-cve Revise OS vuln query to avoid duplicate entries (#30812) 2025-07-15 14:03:25 -05:00
27447-auto-install-queries-for-custom-msi-2 Use upgrade code if available to improve accuracy of auto-install policy (#30977) 2025-07-17 12:18:06 -04:00
27580-vuln-counts Fix insufficient deduplication on vulnerabilities count query (#31021) 2025-07-17 17:40:21 -05:00
27758-msi-unnstall Extract UpgradeCode from MSI custom packages, use for better uninstall script generation (#30969) 2025-07-17 10:33:23 -05:00
27919-fma-versions Populate version for macOS Chrome FMA on import, use Chrome Enterprise PKG instead of DMG, add tooltip on "latest" version when adding FMA (#30926) 2025-07-24 16:14:01 -05:00
27983-update-software Fleet UI: Add update details modal (#31250) 2025-07-25 09:28:25 -04:00
28342-linux-escrow-error-report 28342: Do not report error if host already escrowed (#30652) 2025-07-09 12:47:17 -04:00
28818-tpm-backed-http-signatures Fleet server verifies HTTP signature (#30825) 2025-07-16 20:08:27 +02:00
28996-parse-cert-dn-with-slashes Fix host certificate parsing with embedded slash (#30827) 2025-07-15 21:24:15 +02:00
29250-force-filevault-on-login-for-manual-enrollments Enforce FileVault at login when manually enrolled (#31170) 2025-08-01 15:15:11 +02:00
29286-sort-package-ids Sort package ids to ensure consistent uninstall script generation (#30968) 2025-07-16 20:44:30 -05:00
29315-manual-label-scoping Manual labels no longer factor in created_at time for exclusions (#30745) 2025-07-11 12:18:34 -05:00
29451-fix-doubled-banners Prevent double banner on host details page (#31001) 2025-07-23 14:38:11 -05:00
29554-gitops-mode-invalid-url Validate gitops url in frontend and backend (#31243) 2025-08-08 17:08:07 -07:00
29769-windows-profiles-with-cdata-escape-fails-to-verify fix windows configuration profile failing to verify if using CDATA escape (#31564) 2025-08-04 17:04:59 +02:00
29824-declarations-status-not-respected-with-remove-operations Fix declaration status conditions not following profile status conditions (#30911) 2025-07-16 18:03:16 +02:00
29824-delete-installs-that-has-not-reached-hosts Fix stale pending remove apple declarations if host was offline for add and remove declaration (#30981) 2025-07-22 11:22:04 +02:00
29833-do-not-log-error-for-missing-eula Do not log error if missing EULA (#31598) 2025-08-05 16:39:49 +02:00
29848-tooltip-missing-webhook-url Add missing webhook tooltip URL (#30603) 2025-07-09 14:37:54 -04:00
29849-filter-linux-installers Filter out DEB/RPM installers in ListHostSoftware when they're incompatible with the target host's distro (#30852) 2025-07-15 15:41:42 -05:00
29994-use-comshim For 29994: Use comshim for proper COM initialization (#30920) 2025-07-16 14:40:28 -04:00
30109-fix-sql-like-clause Allow ESCAPE in LIKE clauses to be valid SQL (#31222) 2025-07-25 10:13:55 -05:00
30157-enable_software_inventory-default-true Set enable_software_inventory to default true in gitops (#30744) 2025-07-10 16:38:56 -04:00
30197-automatic-install-policies Automatic install policies in ListHostSoftware (#31469) 2025-08-01 10:22:14 -05:00
30240-show-appropriate-status-actions Fleet UI: Add update details modal (#31250) 2025-07-25 09:28:25 -04:00
30248-custom-cvss-scores Fleet UI: Add custom CVSS scores input fields (#31456) 2025-08-05 16:29:55 -04:00
30311-fix-race-cond-test 30311: Fix race condition in test (#30903) 2025-07-17 10:20:49 -04:00
30357-all-teams-dd-bug Fleet UI: VPP Token All teams option bug fix (#31587) 2025-08-07 09:00:51 -04:00
30359-mdm-eula-url-extra-slash Remove additional / from MDM EULA urls (#30985) 2025-07-18 13:30:32 +01:00
30384-new-global-activity-when-key-escrowed Added new global activity when disk encryption key is escrowed (#31634) 2025-08-08 12:14:48 -04:00
30390-cert-country Fixed issue ingesting certs with long country codes. (#31443) 2025-07-31 23:06:36 +02:00
30409-list-mdm-commands-sql Potential datastore optimizations for concurrent use of list mdm command API to poll results by host identifier (#30804) 2025-07-17 15:25:31 -05:00
30435-hash-for-policy-in-software-path Fix handling of software policy automations when a hash is specified inside a software file (#30814) 2025-07-15 13:24:24 -05:00
30455-errorstore-panic Fixed potential panic in error handler when Redis is down. (#31643) 2025-08-06 17:14:31 +02:00
30461-fleetd-generate-tpm-key Rename flags and types for TPM work (#31176) 2025-07-23 14:30:44 -03:00
30481-gitops-manual-label-no-hosts Allow manual label with empty host list in gitops (#30756) 2025-07-18 11:07:19 -04:00
30565-cron-errors Skip software installers for which we can't, or don't need to, parse package IDs/create uninstall scripts (#31347) 2025-07-28 13:58:19 -05:00
30636-apple-account-driven-user-enrollment Managed Apple account user enrollment - integrate PoC changes (#30755) 2025-07-15 15:02:11 -04:00
30746-remove-unintended-broken-sort Fleet UI: Remove unintended broken sort on type column (#31264) 2025-07-28 09:08:34 -04:00
30749-primo-mode-expansion Allow users of Fleet in Primo mode to access Software automations and Failing policy ticket & webhook automations (#30865) 2025-07-17 15:53:31 -07:00
30797-argparse Add changes file for #30797 (#30798) 2025-07-11 14:41:00 -05:00
30853-fail-unknown-declaration-type-ddm-errors Fail DDM profiles if response is UnknownDeclarationType (#31606) 2025-08-06 14:38:25 +02:00
30853-gitops-secrets-validation Removed fleet secret validation during gitops dry runs (#31402) 2025-07-30 13:12:39 -05:00
30857-pending-script-unlock-cancellation-not-respected Fix pending unlock not going away after canceling unlock script (#31644) 2025-08-06 14:38:50 +02:00
30860-software-modal-updates UI: Make consistent and update the Install and Uninstall detail modals for VPP and non-VPP apps across the Fleet UI (#31420) 2025-08-01 12:45:09 -07:00
30879-host-uuid-for-windows-profiles Added support of $FLEET_VAR_HOST_UUID in Windows MDM configuration profiles (#31695) 2025-08-10 12:24:38 +02:00
30918-calendar-webhook-authz Speculative fix for calendar/webhook authz issue (#31642) 2025-08-07 17:30:56 +02:00
31077-msi-uninstall Add waits + norestart to MSI uninstall scripts (#31078) 2025-07-23 09:27:59 -05:00
31106-macos-cis-updates Updating CIS policies for macOS 15, 14, and 13 (#31553) 2025-08-07 08:24:01 +02:00
31123-dcv-viewer-fix Add software sanitation on ingest back, use it to fix DCV Viewer versions (#31251) 2025-07-25 08:45:39 -05:00
31143-hosts-gets-configured-before-profiles-are-sent Wait for expected profiles to be sent before releasing device (#31381) 2025-07-31 17:50:57 +02:00
31180-add-ability-to-determine-pin-compliance Added ability to determine if TPM PIN is set (#31622) 2025-08-07 13:55:44 -04:00
31193-turn-on-ability-to-set-tpm-pin Ability to set TPM PIN protector policy on host. (#31484) 2025-08-01 13:32:19 -04:00
31286-package-upgrade-fix Move 31286 changes file. (#31327) 2025-07-30 07:24:43 +02:00
31372-host-identity-cert-renewal Host identity cert renewal (#31372) 2025-07-30 16:46:36 +02:00
31385-dep-sync-url-incorrect Mark dep assignments as failed on certain server errors (#31523) 2025-08-06 13:15:43 -04:00
31444-strict-sql-mode Updated SQL modes in tests to match production. (#31445) 2025-08-03 08:18:13 +02:00
31459-null-last-install Retain vpp apps last install information after inventoried by osquery (#31520) 2025-08-01 13:39:51 -05:00
31571-fix-panic-all-teams-software Fix server panic with all teams software titles (#31746) 2025-08-08 17:49:32 -03:00
31591-mdm-batch-timeouts Increase timeouts for mdm profiles batch (#31588) 2025-08-05 15:17:39 -04:00
31592-improve-offline-indicator Fixes to the offline indicator (#31685) 2025-08-07 16:24:13 -03:00
31623-add-new-batch-script-endpoints Add "batch script execution status" and "list batch script executions" endpoints (#31689) 2025-08-08 13:24:48 -05:00
31690-windows-discovery-errors Added additional logging information for Windows MDM discovery endpoint. (#31691) 2025-08-07 17:05:15 +02:00
add-fmas Add FMA icons and icon tool (#30933) 2025-07-18 13:58:45 -06:00
fleetd-extensions-support-arm64 Add arm64 support for fleetd extensions and fixes on test scripts (#31084) 2025-07-21 15:47:59 -03:00
issue-25367-os-updates-page-permissions dont show os updates page for users who are not global admin or the team admin (#31410) 2025-07-31 12:04:06 +01:00
issue-29410-turn-on-mdm-styles change button styles for turn on mdm info banner (#31374) 2025-08-01 15:36:03 +01:00
issue-30782-updates-to-UI-for-personally-enrolled-devices Updates across UI to support personal devices enrolled in MDM (#30830) 2025-07-21 12:07:03 +01:00
issue-31057-service-discovery-endpoint Add service discovery API endpoint (#31089) 2025-07-23 12:11:32 +01:00
update-go-1.24.5 Update Go to 1.24.5 (#30770) 2025-07-15 10:59:17 -07:00