fleet/pkg/spec/testdata/team_config.yml
Ian Littman 4f0a2e2af9
Add VPP install automation in GitOps (#25400)
For #23531.

# Checklist for submitter

If some of the following don't apply, delete the relevant line.

<!-- Note that API documentation changes are now addressed by the
product design team. -->

- [x] Input data is properly validated, `SELECT *` is avoided, SQL
injection is prevented (using placeholders for values in statements)
- [x] Added/updated automated tests
- [x] A detailed QA plan exists on the associated ticket (if it isn't
there, work with the product group's QA engineer to add it)
- [x] Manual QA for all new/changed functionality
2025-01-14 12:52:39 -06:00

47 lines
1.4 KiB
YAML

name: Team1
team_settings:
path: ./team-settings.yml
agent_options:
path: ./agent-options.yml
controls:
path: ./controls.yml
queries:
- path: ./top.queries.yml
- path: ./empty.yml
- name: osquery_info
query: SELECT * from osquery_info;
interval: 604800 # 1 week
platform: darwin,linux,windows,chrome
min_osquery_version: all
observer_can_run: false
automations_enabled: true
logging: snapshot
policies:
- path: ./policies/policies.yml
- path: ./policies/policies2.yml
- path: ./empty.yml
- name: 😊😊 Failing $POLICY
platform: linux
description: This policy should always fail.
resolution: There is no resolution for this policy.
query: SELECT 1 FROM osquery_info WHERE start_time < 0;
- path: ./team_install_software.policies.yml
- name: Slack on macOS is installed
platform: darwin
query: SELECT 1 FROM apps WHERE name = 'Slack.app';
install_software:
app_store_id: "123456"
- name: Script run policy
platform: linux
description: This should run a script on failure
query: SELECT * from osquery_info;
run_script:
path: ./lib/collect-fleetd-logs.sh
- path: ./policies/script-policy.yml
software:
app_store_apps:
- app_store_id: "123456"
packages:
- path: ./microsoft-teams.pkg.software.yml
- url: https://ftp.mozilla.org/pub/firefox/releases/129.0.2/mac/en-US/Firefox%20129.0.2.pkg
self_service: true