Closes: https://github.com/fleetdm/confidential/issues/2964
Changes:
- Updated the `receive-from-customer-fleet-instance` webhook to send a
request to a Workspace One OAuth URL to get the authorization token used
to send requests to a Workspace one instance.
Before this is merged, we will need to:
- [ ] remove the `sails.custom.config.customerWorkspaceOneTenantId` and
`customerWorkspaceOneAuthorizationToken` config variables.
- [ ] Add two new config variables:
`sails.config.custom.customerWorkspaceOneOauthSecret` and
`sails.config.custom.customerWorkspaceOneOauthId`
.
A few minor things going on:
1. Adjusted the Puppet module to send the profiles base64 encoded
2. Enabled FileVault by default on teams created using the `/match`
endpoint.
3. Remove profiles when a team is removed. We can't do a foreign key
because the global team.id is NULL. I also included a migration to
cleanup orphaned profiles.
## Addresses
[confidential/2940](https://github.com/fleetdm/confidential/issues/2940)
Patched a potential security issue in UI
# Checklist for submitter
If some of the following don't apply, delete the relevant line.
- [x] Changes file added for user-visible changes in `changes/`
- [x] Manual QA for all new/changed functionality
---------
Co-authored-by: Jacob Shandling <jacob@fleetdm.com>
Fixed typo in the heading for the osquery management land page.
# Checklist for submitter
If some of the following don't apply, delete the relevant line.
- [x] Manual QA
This relates to #11312
`18.9.17.6`: Fixing the issue with policy pointing to a different GPO
and Registry value
`18.9.47.4.2`: Adding COLLATE NOCASE to avoid case sensitive issue with
SpynetReporting value
Changes:
- Updated the old (now invalid) osquery slack invitation link to go to
fleetdm.com/slack (which redirects to a valid osquery slack invitation)
#11266
PS: I first attempted a serialization trick by introducing a new
`appConfigResponse` and implementing `json.Marshal` to exclude these
fields but it was too hacky and hard to maintain moving forward, so I'm
bitting the bullet now. Happy to hear other ideas.
- [X] Changes file added for user-visible changes in `changes/` or
`orbit/changes/`.
See [Changes
files](https://fleetdm.com/docs/contributing/committing-changes#changes-files)
for more information.
- ~[ ] Documented any API changes (docs/Using-Fleet/REST-API.md or
docs/Contributing/API-for-contributors.md)~
- ~[ ] Documented any permissions changes~
- ~[ ] Input data is properly validated, `SELECT *` is avoided, SQL
injection is prevented (using placeholders for values in statements)~
- ~[ ] Added support on fleet's osquery simulator `cmd/osquery-perf` for
new osquery data ingestion features.~
- [X] Added/updated tests
- [X] Manual QA for all new/changed functionality
- ~For Orbit and Fleet Desktop changes:~
- ~[ ] Manual QA must be performed in the three main OSs, macOS, Windows
and Linux.~
- ~[ ] Auto-update manual QA, from released version of component to new
version (see [tools/tuf/test](../tools/tuf/test/README.md)).~
## Addresses #11828
- [x] Add ChromeOS platform filter
- [x] Increase dropdown widths to 180px for screen >1100px of:
- [x] platform dropdown
- [x] Labels dropdown (for consistency)
- [x] Add new null empty cell value “Not supported” for Chromebooks
- [x] Apply to the following columns:
- [x] Disk space available
- [x] MDM status
- [x] MDM server URL
- [x] Last restarted
- [x] Fix a misaligned icon in the labels dropdown, other small fixes
<img width="1184" alt="Screenshot 2023-06-06 at 7 09 26 PM"
src="https://github.com/fleetdm/fleet/assets/61553566/ee6fb72c-f66e-44a4-a321-8eaefff3b70b">
# Checklist for submitter
If some of the following don't apply, delete the relevant line.
- [x] Changes file added for user-visible changes in `changes/`
- [x] Manual QA for all new/changed functionality
---------
Co-authored-by: Jacob Shandling <jacob@fleetdm.com>
for #11257, h/t to @mna for the idea of resetting `token_update_tally`.
this is to cover scenarios where a host might be re-enrolling (eg: the
device has been wiped) but we don't know about it.
since `TokenUpdate` might be called multiple times during the lifecycle
of an MDM enrollment, we add a check on the value of
`nano_enrollments.token_update_tally`. For the scenarios described
above, the tally is still `> 0` even thought the host is enrolling for
the first time.
to mitigate this, we reset its value to 0 when we receive an
`Authenticate` message (which only happens only per enrollment)
I set the value to `0` because it's incremented to `current_value+1` by
nanomdm before calling our handler.
## Addresses #11825
- [x] Add ChromeOS to Dashboard page: <img width="1365" alt="Screenshot
2023-06-02 at 4 01 12 AM"
src="https://github.com/fleetdm/fleet/assets/61553566/e846c4b6-5fcb-4847-af05-67b2237ada39">
- [x] Add to platforms dropdown, confirm order of platform options, add
route
- [x] Hosts summary card
- [x] Add responsiveness for <980px <img width="952" alt="Screenshot
2023-06-02 at 4 02 44 AM"
src="https://github.com/fleetdm/fleet/assets/61553566/93662957-c590-40e0-876d-6ce4adabad2b">
- [x] TODO: Confirm label number of chrome hosts label - ask Juan on
[this issue](https://github.com/fleetdm/fleet/issues/11829) - needed to
call an API to get this id
- [x] Missing hosts card (didn’t need any changes)
- [x] Low disk space hosts card (Not supported)
- [x] Operating systems card
**Note for reviewers:** There is an API call happening from the
HostsSummary component to get the id for the ChromeOS label needed for
the URL to the filtered manage hosts page. This feature working properly
depends on the response from that endpoint, which is WIP. UPDATE 6/5 -
the endpoint is now working and being called correctly, though the id
being returned is WIP (backend). No need to replace anything to test.
## Checklist for submitter
- [x] Changes file added for user-visible changes in `changes/`
- [x] Manual QA for all new/changed functionality
---------
Co-authored-by: Jacob Shandling <jacob@fleetdm.com>
## Addresses #11856
Improve performance of the rendering of live query results by:
- rendering the table on a set interval instead of with each new result
- preventing redundant rerenders of various sorts
Partial run, with memory leak:
<img width="2552" alt="partial run with memory leak, after smaller
optimizations, before debouncing queryResults"
src="https://github.com/fleetdm/fleet/assets/61553566/5288bffb-6940-43da-9083-59adb4a25916">
Full run after debounce, no memory leak (10x improvement of max JS heap
size):
<img width="2559" alt="full run after debounce, no memory leak"
src="https://github.com/fleetdm/fleet/assets/61553566/be056610-e7a5-4289-a433-1070cf016e83">
**NOTE** - there are further optimizations to try on this page, and the
debounce interval can potentially be shortened to improve UX. In
experimenting with that, it's not immediately clear what a good balance
of UX / performance is. Since the customer seems keen to solve this, I
think we should merge as-is and send them a demo build to confirm this
fixes their problem, then iterate once they've confirmed it does.
# Checklist for submitter
If some of the following don't apply, delete the relevant line.
- [x] Changes file added for user-visible changes in `changes/`
- [x] Manual QA for all new/changed functionality
---------
Co-authored-by: Lucas Rodriguez <lucas@fleetdm.com>
Co-authored-by: Jacob Shandling <jacob@fleetdm.com>
Co-authored-by: Sarah Gillespie <sarah@fleetdm.com>
