- Added a calendar server that can be used for load testing at
/tools/calendar
- Fixed minor calendar bugs
# Checklist for submitter
- [ ] Changes file added for user-visible changes in `changes/` or
`orbit/changes/`.
See [Changes
files](https://fleetdm.com/docs/contributing/committing-changes#changes-files)
for more information.
- [x] Added/updated tests
- [x] Manual QA for all new/changed functionality
Sub-task for #17230
# Configuration changes
App configuration:
```yaml
integrations:
google_calendar:
- email: name@service-account.com
private_key: ***
domain: fleetdm.com
```
Team configuration:
```yaml
integrations:
google_calendar:
email: name@service-account.com
enable_calendar_events: true
policies:
- name: My policy
id: 12
webhook_url: https://example.com/policy-remediation
```
Note: Policy is looked up by name when configuration is set. The policy
id is set/updated by the server for internal use.
# Checklist for submitter
<!-- Note that API documentation changes are now addressed by the
product design team. -->
- [ ] Changes file added for user-visible changes in `changes/` or
`orbit/changes/`.
- [x] Added/updated tests
- [x] Manual QA for all new/changed functionality
This script was used to generate 4.45.1 and 4.46.0.
Workflow is tag issues with correct milestone, run `./patch_release.sh`
(with -m for release with more than bugfixes)
---------
Co-authored-by: George Karr <gkarr@xerithas-mac.local>
#16594
- [X] Changes file added for user-visible changes in `changes/` or
`orbit/changes/`.
See [Changes
files](https://fleetdm.com/docs/contributing/committing-changes#changes-files)
for more information.
- [X] Added/updated tests
- [X] Manual QA for all new/changed functionality
- For Orbit and Fleet Desktop changes:
- [X] Manual QA must be performed in the three main OSs, macOS, Windows
and Linux.
- [X] Auto-update manual QA, from released version of component to new
version (see [tools/tuf/test](../tools/tuf/test/README.md)).
Script will build a fleet-osquery package, launch a fresh macos VM and
install it. It will also download the correct MDM profile and prepare it
to be enabled
Just a small developer quality of life update
# Checklist for submitter
If some of the following don't apply, delete the relevant line.
<!-- Note that API documentation changes are now addressed by the
product design team. -->
- [x] Manual QA for all new/changed functionality
#17054
This was used as part of the release of fleetd 1.22.0 to the `edge`
channel.
I added more automation to ease releasing fleetd. (They were too many
manual clicks and error prone actions.)
two motivations:
- prevent mysterious crashes in arm64 machines without Rosetta (often
the case in fresh VMs)
- prevent unexpected errors in Windows arm64 VMs when using certain
system calls
# Checklist for submitter
If some of the following don't apply, delete the relevant line.
- [x] Manual QA for all new/changed functionality
#16480
# Checklist for submitter
- [x] Changes file added for user-visible changes in `changes/` or
`orbit/changes/`.
See [Changes
files](https://fleetdm.com/docs/contributing/committing-changes#changes-files)
for more information.
- [x] Added/updated tests
- [x] Manual QA for all new/changed functionality
#16423, #16326
On the [original PR](https://github.com/fleetdm/fleet/pull/16968) we
missed detecting 5XX errors. Fleet usually runs behind load balancers,
so when bringing Fleet down, orbit connects successfully but gets 5XX
errors, so we need to detect those too.
Should tackle #14026.
This will run a daily Github action and create a PR if there's a new
update in our TUF on `edge` or `stable`.
E.g. somebody releases 1.22.0 fleetd to `stable` on our TUF and the next
day this automation runs and will create a PR that updates the versions
in `orbit/TUF.md` (or they can run the workflow manually).
Am happy to amend the shape of `orbit/TUF.md` (or we can iterate later).
#16014
- [X] Changes file added for user-visible changes in `changes/` or
`orbit/changes/`.
- [x] Manual QA for all new/changed functionality
- For Orbit and Fleet Desktop changes:
- [x] Manual QA must be performed in the three main OSs, macOS, Windows
and Linux.
- [x] Auto-update manual QA, from released version of component to new
version (see [tools/tuf/test](../tools/tuf/test/README.md)).
SSL certificates have a maximum lifetime of 398 days right now (13
months).
It took me a while to figure out why these were not working via the
macOS keychain (specifically curl and Safari).
It appears the CA certificate can have a longer lifetime, but the SSL
certificates it issues must have a limited lifetime.
#15881
This PR adds a script to test DB migrations with Percona XtraDB 5.7.25.
PS: To run this test before we merge this PR to `main` you will need to
change step 2 (`Make sure to be on latest main`), instead of `main` use
this branch `15881-test-migrations-with-percona`.
for #14715
---------
Co-authored-by: Martin Angers <martin.n.angers@gmail.com>
Co-authored-by: Sarah Gillespie <73313222+gillespi314@users.noreply.github.com>
Co-authored-by: Jahziel Villasana-Espinoza <jahziel@fleetdm.com>
#16180
osquery flag validation has been updated for osquery 5.11
- new flags have been added to validation
- `table_exceptions` flag has been replaced with
`ignore_table_exceptions`
NOTE: It appears the last time this flow was run on Linux. I moved
several flags from the automatically generated section to the linux
section.
# Checklist for submitter
If some of the following don't apply, delete the relevant line.
<!-- Note that API documentation changes are now addressed by the
product design team. -->
- [x] Changes file added for user-visible changes in `changes/` or
`orbit/changes/`.
See [Changes
files](https://fleetdm.com/docs/contributing/committing-changes#changes-files)
for more information.
- [x] Added/updated tests
- [x] Manual QA for all new/changed functionality
for #16139 this fixes a copy/paste error that caused the MDM SSO flow to
validate audiences using the global config EntityID
since we also consider an audience valid if you set EntityID to be:
- the same in both (case for local dev)
- your Fleet URL or the full path to the SSO API endpoint (QA)
we didn't notice this until now.
