- Add policy.rego file defining authorization policies.
- Add Go integrations to evaluate Rego policies (via OPA).
- Add middleware to ensure requests without authorization check are rejected (guard against programmer error).
- Add authorization checks to most service endpoints.
- Move team-related service methods to `ee/server/service`.
- Instantiate different service on startup based on license key.
- Refactor service errors into separate package.
- Add support for running E2E tests in both Core and Basic tiers.
- Add `team_id` field to secrets.
- Remove secret `name` and `active` fields (migration deletes inactive secrets).
- Assign hosts to Team based on secret provided.
- Add API for retrieving secrets by Team.
* /sandbox/queries becomes /queries, etc
* Publish fleetdm.com/queries
Expose query library routes the rest of the way, move remediation data sanitization to the point of entry, and update query library to match (pairing w/ @gillespi314)
* Fix accidental commit of sailsrc (again)
* Implement detail page for standard query lib
* Add alt text for image
* Replace id with css class
* Implement query-libary page for fleetdm.com
* Remove console.log
* Implement client-side search for query library
* Add responsive breakppoints
* Fix input tag
* Implement detail page for standard query lib
* Add alt text for image
* Replace id with css class
* Implement query-libary page for fleetdm.com
* Remove console.log
* Style query manage page including side panel and table
* Conditional side panel rendering
Additional riders:
* Less brittle team e2e test
* Update all search icons across app
- In tests and documentation, replace `@fleetdm.com` with `@example.com`
- In documentation, replace `hello@fleetdm.com` with `fleetdm.com/contact`
- In documentation, replace `security@fleetdm.com` with `fleetdm.com/contact`
- In Dockerfiles, replace `engineering@fleetdm.com` with `hello@fleetdm.com`. These two files are the only remaining files with a `@fleetdm.com` email.
- Add link to "Fleet 3.11.0 released with software inventory" to location in docs where software inventory is described.
- Change "host details" to "host vitals"
- Accept Teams as a searchable target type for the target selection API.
- Accept Teams for targets in running live queries.
- Refactoring to support these changes.
- Update API documentation.
* Query Edit/Run page renders based on user role
* Original UI for global admin/ global maintainer
* New UI for global observer / team maintainer / team observer
* New create new query UI for team maintainer
* Styling matches Figma
* Tests modified accordingly
Styling Closes#859
Co-authored by: Sarah Gillespie @gillespi314
Tests co-authored by: @ghernandez345
* Add document
* Spell fix in README
* minor word trimming and added a comma or two. This looks great!
Co-authored-by: Mike McNeil <mikermcneil@users.noreply.github.com>
- Move host `additional` into a separate table.
- Join when that data is needed.
- API change: `/api/v1/fleet/hosts` now returns only the requested
`additional` columns, unless `*` is provided as the sole argument.
Background:
A customer reported that MySQL binlogs grew huge and replication lag
went way up when data was stored in the `additional` column. In this
deployment MySQL was running with ROW replication. This would cause the
entire `additional` data to be copied on each update of the host checkin
time. While switching to STATEMENT or MIXED replication would likely
mitigate the issue, this was not an option in their environment.
* update genreating of available host table headers based on tier
* stoping point for host permissions
* fixed up available headers for teams depending on permissions
* show select column on host table properly
* trivial
* Simplify build-static-content script and rip out the old markdown compilation for query library
* improve error msg
* trivial
* move helper
* bring in the skeleton
* Compile handbook as well, and bring more stuff inline
* instead of generating sitemap.xml file, could just serve it as a route
* Serve sitemap.xml on the fly
* add failsafe to prevent search engine accidents
* add remaining hand-coded pages to sitemap
* rearrange routes and get rid of commented-out ones
* Update build-static-content.js
* stub out the remaining pieces
* Add assertion (Which actually helped catch a real duplicate query: get-mac-os-disk-free-space-percentage)
* clean out inadvertently committed stuff in sailsrc
* route and serve data for correct query by slug + fix error message re duplicate query slugs + added assertion for duplicate doc page slugs
* yaml == dev dependency
* remove doc-templater dependency, as promised
* stub out handbook page
* clarify comments & remove unnecessary skipAssets
* Update build-static-content.js
* res.badConfig()
* add missing exit that I left out back in ec95df6a4b
* remove unused file
* update comments before commenting out and moving over to basic-documentation.less
* move example styling of generated HTML over to docs/handbook
* include both links
* Fix sitemap.xml URLs in local dev by fixing baseUrl config for local development (since Fleet itself is on 1337).
* followup to d55c777590
* Include query pages in sitemap.xml (+make urls generated for docs/handbook in build script slightly more real) -- but also don't serve sitemap
* sails.config.builtStaticContent.allPages » sails.config.buildStaticContent.markdownPages (also remove unnecessary trailing slash trimming)
* trivial
* check config when serving sitemap + smarter error message for contributors
* hook up GitHub link to edit the query
* remove html ids
* Update query-detail.ejs
* somre more setup re https://github.com/fleetdm/fleet/issues/368#issuecomment-848566533
