Add requestor to help keep track of who needs to be notified if a story
gets de-prioritized
.
---------
Co-authored-by: Mike McNeil <mikermcneil@users.noreply.github.com>
This should get version numbers for more apps on macOS. Notably,
1Password includes helper apps that were getting vulnerability false
positives because we were not picking up the versions.
Addresses #10702.
# Checklist for submitter
If some of the following don't apply, delete the relevant line.
- [x] Changes file added for user-visible changes in `changes/` or
`orbit/changes/`.
See [Changes
files](https://fleetdm.com/docs/contributing/committing-changes#changes-files)
for more information.
- [x] Manual QA for all new/changed functionality
Closes: #10985
Changes:
- Removed the `min-height` that was set on embedded videos in docs,
articles, the handbook, and the homepage.
- Fixed a docs navigation alignment issue
- Updated the `height` of the hero on
`/reports/state-of-device-management`
this PR adds a step in the AWS state function that introduces a new ECS
fargate task that is responsible for destroying the ingress for the
particular instance.
I have tested the Go code locally, but not yet fully deployed into ECS.
What is does is run:
`aws eks update-kubeconfig` which is described as:
```
This command constructs a configuration with prepopulated server and
certificate authority data values for a specified cluster. You can
specify an IAM role ARN with the --role-arn option to use for authenti-
cation when you issue kubectl commands. Otherwise, the IAM entity in
your default AWS CLI or SDK credential chain is used.
```
I then write the output of this command to the tmp directory, then load
the Go SDK for Kubernetes telling it to read this kubeconfig file to
bootstrap which cluster we'll operate on.
relates to https://github.com/fleetdm/fleet/issues/8569
Then its a simple Ingress destroy command.
---------
Co-authored-by: zwinnerman-fleetdm <zwinnerman@fleetdm.com>
Co-authored-by: Zachary Winnerman <98712682+zwinnerman-fleetdm@users.noreply.github.com>
# Checklist for submitter
If some of the following don't apply, delete the relevant line.
- [ ] Changes file added for user-visible changes in `changes/` or
`orbit/changes/`.
See [Changes
files](https://fleetdm.com/docs/contributing/committing-changes#changes-files)
for more information.
- [ ] Documented any API changes (docs/Using-Fleet/REST-API.md or
docs/Contributing/API-for-contributors.md)
- [ ] Documented any permissions changes
- [ ] Input data is properly validated, `SELECT *` is avoided, SQL
injection is prevented (using placeholders for values in statements)
- [ ] Added support on fleet's osquery simulator `cmd/osquery-perf` for
new osquery data ingestion features.
- [ ] Added/updated tests
- [ ] Manual QA for all new/changed functionality
- For Orbit and Fleet Desktop changes:
- [ ] Manual QA must be performed in the three main OSs, macOS, Windows
and Linux.
- [ ] Auto-update manual QA, from released version of component to new
version (see [tools/tuf/test](../tools/tuf/test/README.md)).
#8593
This PR adds a new role `observer_plus` to Fleet. (The `GitOps` role
will be added on a separate PR.)
- [X] Changes file added for user-visible changes in `changes/` or
`orbit/changes/`.
See [Changes
files](https://fleetdm.com/docs/contributing/committing-changes#changes-files)
for more information.
- [X] Documented any API changes (docs/Using-Fleet/REST-API.md or
docs/Contributing/API-for-contributors.md)
- [X] Documented any permissions changes
- ~[ ] Input data is properly validated, `SELECT *` is avoided, SQL
injection is prevented (using placeholders for values in statements)~
- ~[ ] Added support on fleet's osquery simulator `cmd/osquery-perf` for
new osquery data ingestion features.~
- [X] Added/updated tests
- [X] Manual QA for all new/changed functionality
- ~For Orbit and Fleet Desktop changes:~
- ~[ ] Manual QA must be performed in the three main OSs, macOS, Windows
and Linux.~
- ~[ ] Auto-update manual QA, from released version of component to new
version (see [tools/tuf/test](../tools/tuf/test/README.md)).~
in #10134 we added a silent mechanism to try to read configuration
values from macOS configuration profiles if --fleet-url and
--enroll-secret weren't present.
while using this logic to test #9459 I have found that there's a race
condition where sometimes `fleetd` is installed before the configuration
profile with the values delivered by Fleet, causing orbit to get stuck
forever.
I added logic to loop every 30 seconds and try to fetch the values again
if none are found, but I didn't felt comfortable adding this logic
without also adding an extra flag to explicitly enable this behavior.
This should include the short tags (such as `fleetdm/fleet:43e434b`)
when pushing to quay.io (`quay.io/fleetdm/fleet:43e434b`)
Additionally, the previous `docker buildx imagetools create` line was
only pushing a linux/amd64 image to quay. This means that for these
tags, one could not pull from quay on an arm64 Mac for example. This
update should correct that.
https://github.com/fleetdm/confidential/issues/1968
It's ready for review but I still need to load test this.
- [X] Changes file added for user-visible changes in `changes/` or
`orbit/changes/`.
See [Changes
files](https://fleetdm.com/docs/contributing/committing-changes#changes-files)
for more information.
- ~[ ] Documented any API changes (docs/Using-Fleet/REST-API.md or
docs/Contributing/API-for-contributors.md)~
- ~[ ] Documented any permissions changes~
- [X] Input data is properly validated, `SELECT *` is avoided, SQL
injection is prevented (using placeholders for values in statements)
- [X] Added support on fleet's osquery simulator `cmd/osquery-perf` for
new osquery data ingestion features.
- [X] Added/updated tests
- [X] Manual QA for all new/changed functionality
- ~For Orbit and Fleet Desktop changes:~
- ~[ ] Manual QA must be performed in the three main OSs, macOS, Windows
and Linux.~
- ~[ ] Auto-update manual QA, from released version of component to new
version (see [tools/tuf/test](../tools/tuf/test/README.md)).~
relates to #9436
Implementation of the API supporting filtering host by disk encryption
status. This adds this through a `macos_settings_disk_encryption` query
param that can be passed to these endpoints:
`GET /hosts`
`GET /hosts/count`
`GET /lables/:id/hosts`
- [x] Changes file added for user-visible changes in `changes/` or
`orbit/changes/`.
See [Changes
files](https://fleetdm.com/docs/contributing/committing-changes#changes-files)
for more information.
- [x] Documented any API changes (docs/Using-Fleet/REST-API.md or
docs/Contributing/API-for-contributors.md)
- [x] Input data is properly validated, `SELECT *` is avoided, SQL
injection is prevented (using placeholders for values in statements)
- [x] Added/updated tests
- [x] Manual QA for all new/changed functionality
Bumps golang from 1.20.1-alpine to 1.20.3-alpine.
[](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)
Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.
[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)
---
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)
</details>
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
18.2.1 - successfully Tested for negative and positive cases
18.2.2 - successfully Tested for negative and positive cases
18.2.3 - successfully Tested for negative and positive cases
18.2.4 - successfully Tested for negative and positive cases
18.2.5 - successfully Tested for negative and positive cases
18.2.6 - successfully Tested for negative and positive cases
