This pull request relies on the `mdm-gen-cert` command from
https://github.com/fleetdm/fleet/pull/8884.
Closes: https://github.com/fleetdm/fleet/issues/8223
Changes:
- Updated the deploy Fleet website workflow to:
- Add Go as a dependency
- Build the mdm-gen-cert binary in `/website/.tools/`
- add the `/.tools/` folder to the Heroku app
- Added `deliver-apple-csr.js` - an API that:
- can be called by making a `POST` request to
`/api/v1/deliver-apple-csr`
- accepts `csr` as an input
- runs the `mdm-gen-cert` command with the `csr` set as an environment
variable
- returns an `invalidEmailDomain` response if the user's email domain is
in the array of banned email domains.
- saves the users organization and email address to the website's
database
- Sends an email to the requesting user's email address with the signed
CSR attached as a text file named `apple-apns-request.txt`
- Posts a message to a channel in the Fleet Slack.
- Added a new model: `CertificateSigningRequests` that contains two
required attributes: `emailAddress` and `organization`
- Added a new email template `email-signed-csr-for-apns`
- Updated routes, policies, eslintrc, and rebuilt cloud-sdk
Before this can be merged, we will need to:
- [x] Add new config variables in Heroku
- [x] `sails.config.custom.mdmVendorCertPem`
- [x] `sails.config.custom.mdmVendorKeyPem`
- [x] `sails.config.custom.mdmVendorKeyPassphrase`
- [x] `sails.config.custom.slackWebhookUrlForMDMSignups`
- [x] Add the `CertificateSigningRequests` model to the website's
database
* prevent eslintrc conflicts
* Pricing + chat for website (#124)
* Update manage users styles. Implement table (list) view. (#104)
The goal of this PR is to change the layout of the manage users to a table (list view).
Move the user actions into the table view.
Move EditUserForm into a Modal
Update styles for InviteUserForm
Edit copy for the configuring SMTP warning.
* Update query page (edit, new, manage) and packs page (edit, new, manage) styles. (#106)
The goal of this PR is to update the style across the query and packs pages so they are consistent with the latest global styles (colors, buttons, and fonts).
* Update app settings page and osquery options page styles. (#107)
The goal of this PR is to implement the new global styling (colors, buttons, and fonts) to the "App settings" and "Osquery options" pages. These pages are only visible to users granted an admin role.
* Fix and clarify API auth documentation (#109)
- Fix header name.
- Add note about SSO auth.
* New styles for 404, 500, Login, User settings, and Confirm invite pages. (#108)
- Kolide404 and Kolide500 components renamed to Fleet404 and Fleet500
- Styling for Login and Confirm invite pages are consistent with the recent changes to the Setup page.
- Add "*" character to the 404 <Route />'s path property. Now the 404 page renders when there is no exact path match.
* Fix JSON in rest-endpoints.md (#110)
* Add host enrollment cooldown period (#112)
This addresses an issue some users experienced in which performance
problems were encountered when hosts were "competing" for enrollment
using the same osquery host identifier. The issue is addressed by adding
a cooldown period for host enrollment, preventing the same (as judged by
osquery host identifier) host from enrolling more than once per minute.
When users end up in the problematic scenario, they will see quite a bit
of error logs due to this issue. For now that's probably a good thing as
users need to be aware of the lack of visibility. We can explore rate
limiting the logging if that becomes an issue for someone.
Fixes#102
* Improve MySQL transaction error logging (#113)
Clarify what exactly happened when logging these errors.
* Migrate remaining URLs to fleetdm.com (#116)
* Clean up unused test/demo SQL data (#117)
* Add style fixes caught during QA. Add favicon. (#119)
Changes include style fixes that were caught during a QA pass.
* Make password reset styles consistent with new global styles. (#120)
The changes include adding sentence casing and updating the styles of the and components.
* CHANGELOG for 3.5.0 (#121)
* Update fleetctl version number. Fix spelling error in changelog. (#122)
* Fix alt tag
* Set up pricing cards
* Match footer to bottom of gradient
* Set up FAQ and stub out chat button click
* Add chat, plus some other tweaks.
* fiddling with Papercups to hopefully get it to recognize who's responding from the Fleet side
* This isn't really a solution but it's the best we've got til Papercups is hacked to allow programmatic opening (or til we switch to something else, or just bring in the traditional contact form)
* trivial
* Temporary workaround using an undocumented API in papercups
Co-authored-by: Rachael Shaw <rachaelshaw@users.noreply.github.com>
Co-authored-by: Mike McNeil <mikermcneil@users.noreply.github.com>
Co-authored-by: Rachael McNeil <r@rachael.wtf>
Co-authored-by: Rachael Shaw <rachaelshaw@users.noreply.github.com>
* rename dir
* no need to install website or docs from npm
At some point, would also be nice to be able to exclude assets/ as well, and to only install a pre-built version of Fleet's frontend code
* Bring in fleetdm.com website
From https://github.com/fleetdm/fleetdm.com as of https://github.com/fleetdm/fleetdm.com/releases/tag/v0.0.21
* add procfile for heroku
Using https://github.com/timanovsky/subdir-heroku-buildpack
* avoid getting anybody's hopes up
* Create deploy-fleet-website.yml (#82)
* Create deploy-fleet-website.yml
* Update deploy-fleet-website.yml
* Update deploy-fleet-website.yml
* Update deploy-fleet-website.yml
* update pjs with SPDX-like license expressions. also fix repo URL
and remove package lock
* Update deploy-fleet-website.yml
* Update deploy-fleet-website.yml
* remove dummy uri
* Dissect deploy script
* Update deploy-fleet-website.yml
* workaround for eslintrc nesting issue
* lint fixes
* forgot the .js
* add per-commit git config
* Update deploy-fleet-website.yml
* might as well remove that
* cleanup
* connect w/ heroku app and have it actually push
* fix bug I introduced in 578a1a01ffb8404aae869e05005e30a6ba2b2a95
* Update deploy-fleet-website.yml
* Update deploy-fleet-website.yml
* Update deploy-fleet-website.yml
* Update deploy-fleet-website.yml
* the beauty, the glory, of javascript
* GH actions don't like "\n"
* Update deploy-fleet-website.yml
* restore \n chars from 0d45e568f693efba7d7072085bc98d72a482d9ae
hoping I was wrong in 0d45e568f693efba7d7072085bc98d72a482d9ae but see also https://github.community/t/what-is-the-correct-character-escaping-for-workflow-command-values-e-g-echo-xxxx/118465/5
* Update deploy-fleet-website.yml
* Update deploy-fleet-website.yml
* Update deploy-fleet-website.yml
* Update deploy-fleet-website.yml
* Update deploy-fleet-website.yml
* Update deploy-fleet-website.yml
* Update deploy-fleet-website.yml
* Update deploy-fleet-website.yml
* Update deploy-fleet-website.yml
* Update deploy-fleet-website.yml
* Update deploy-fleet-website.yml
* Update deploy-fleet-website.yml
* rename script to prevent duplicate building
* Configure the real website
* clean up
* a test of the deploy workflow
* add handbook to npmignore
* I guess you could call this fixing a typo
* point workflow at master branch
* now clearly bogus: this completely unused version string
