relates to #17416
update UI to support new DDM profile types. this includes:
- updating Custom settings page
- updating the os settings modal
- [x] Changes file added for user-visible changes in `changes/` or
`orbit/changes/`.
See [Changes
files](https://fleetdm.com/docs/contributing/committing-changes#changes-files)
for more information.
- [x] Manual QA for all new/changed functionality
Related to: #17727
Changes:
- Updated the `build-static-content` script to sort the columns of
tables alphabetically by the name of the column when the pages for
fleetdm.com/tables are generated.
Closes: #17582
Changes:
- Updated the `build-static-content` script to not generate HTML pages
for files in subfolders that are prefixed with an underscore
- Renamed the `docs/Deploy/kubernetes` folder »
`docs/Deploy/_kubernetes`
- Documented this new behavior on the communications page of the
handbook.
- Updated commands on the Deploy Fleet on Kubernetes page.
---------
Co-authored-by: Mike McNeil <mikermcneil@users.noreply.github.com>
Typo: "removing" /past from host's activities API
# Checklist for submitter
If some of the following don't apply, delete the relevant line.
<!-- Note that API documentation changes are now addressed by the
product design team. -->
- [ ] Changes file added for user-visible changes in `changes/` or
`orbit/changes/`.
See [Changes
files](https://fleetdm.com/docs/contributing/committing-changes#changes-files)
for more information.
- [ ] Documented any permissions changes (docs/Using
Fleet/manage-access.md)
- [ ] Input data is properly validated, `SELECT *` is avoided, SQL
injection is prevented (using placeholders for values in statements)
- [ ] Added support on fleet's osquery simulator `cmd/osquery-perf` for
new osquery data ingestion features.
- [ ] Added/updated tests
- [ ] If database migrations are included, checked table schema to
confirm autoupdate
- For database migrations:
- [ ] Checked schema for all modified table for columns that will
auto-update timestamps during migration.
- [ ] Confirmed that updating the timestamps is acceptable, and will not
cause unwanted side effects.
- [ ] Manual QA for all new/changed functionality
- For Orbit and Fleet Desktop changes:
- [ ] Manual QA must be performed in the three main OSs, macOS, Windows
and Linux.
- [ ] Auto-update manual QA, from released version of component to new
version (see [tools/tuf/test](../tools/tuf/test/README.md)).
---------
Co-authored-by: Rachael Shaw <r@rachael.wtf>
Closes: #17667
Changes:
- Updated `build-static-content` to skip pages in the docs/contributing
folder when Markdown pages are converted to HTML partials.
Related to: https://github.com/fleetdm/confidential/issues/5637
Changes:
- Added a way to start a vulnerability dashboard with Docker.
- Updated the folder readme to include instructions for starting the
vulnerability dashboard with docker
For reference: https://github.com/fleetdm/confidential/issues/5719
# Checklist for submitter
If some of the following don't apply, delete the relevant line.
<!-- Note that API documentation changes are now addressed by the
product design team. -->
- [ ] Changes file added for user-visible changes in `changes/` or
`orbit/changes/`.
See [Changes
files](https://fleetdm.com/docs/contributing/committing-changes#changes-files)
for more information.
- [ ] Input data is properly validated, `SELECT *` is avoided, SQL
injection is prevented (using placeholders for values in statements)
- [ ] Added support on fleet's osquery simulator `cmd/osquery-perf` for
new osquery data ingestion features.
- [ ] Added/updated tests
- [ ] If database migrations are included, checked table schema to
confirm autoupdate
- For database migrations:
- [ ] Checked schema for all modified table for columns that will
auto-update timestamps during migration.
- [ ] Confirmed that updating the timestamps is acceptable, and will not
cause unwanted side effects.
- [ ] Manual QA for all new/changed functionality
- For Orbit and Fleet Desktop changes:
- [ ] Manual QA must be performed in the three main OSs, macOS, Windows
and Linux.
- [ ] Auto-update manual QA, from released version of component to new
version (see [tools/tuf/test](../tools/tuf/test/README.md)).
---------
Co-authored-by: Sam Pfluger <108141731+Sampfluger88@users.noreply.github.com>
This script was used to generate 4.45.1 and 4.46.0.
Workflow is tag issues with correct milestone, run `./patch_release.sh`
(with -m for release with more than bugfixes)
---------
Co-authored-by: George Karr <gkarr@xerithas-mac.local>
#15565
Replace the use of the isFederated registry key with a keys that check
for AAD (Azure Active Directory, now Entra ID)
Federated enrollment (`isFederated`) seems to be when windows uses a
Discovery MDM endpoint to get its policy and management endpoint
configuration. This is always the case when a client is enrolled with
fleet, so installations always show up as automatic.
It's being replaced by a different key, `AADResourceID`, which appears
to identify the resource that controls the automated deployment. In my
tests it only appears to be populated when the computer is enrolled
through automated deployments. This key appears on both Windows 10 and
11.
There is a similar key, `AADTenantID`, which appears to identify the
client (tenant) to the Azure cloud. I haven't seen this ID in our
systems, so it is likely exclusively used in Azure. Both this key and
`AADResourceID` seem to always be set at the same time, so we only
check for the `AADResourceID`.
I've also added documentation on the registry keys I've analyzed for future reference.
This PR addresses an issue in the documentation for installing the MySQL
chart using Helm. Previously, the documentation provided a Helm install
command that incorrectly referenced mysqlUser and mysqlDatabase.
However, these keys don't exist in the chart's values.yaml file anymore.
Removed reference to **Scripts** tab and added instructions for
accessing the **Run Script** modal from the host detail page.
# Checklist for submitter
Docs-only change
---------
Co-authored-by: Brock Walters <153771548+nonpunctual@users.noreply.github.com>
Co-authored-by: Rachael Shaw <r@rachael.wtf>
Bumps [grunt](https://github.com/gruntjs/grunt) from 1.0.4 to 1.5.3.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/gruntjs/grunt/releases">grunt's
releases</a>.</em></p>
<blockquote>
<h2>v1.5.3</h2>
<ul>
<li>Merge pull request <a
href="https://redirect.github.com/gruntjs/grunt/issues/1745">#1745</a>
from gruntjs/fix-copy-op 572d79b</li>
<li>Patch up race condition in symlink copying. 58016ff</li>
<li>Merge pull request <a
href="https://redirect.github.com/gruntjs/grunt/issues/1746">#1746</a>
from JamieSlome/patch-1 0749e1d</li>
<li>Create SECURITY.md 69b7c50</li>
</ul>
<p><a
href="https://github.com/gruntjs/grunt/compare/v1.5.2...v1.5.3">https://github.com/gruntjs/grunt/compare/v1.5.2...v1.5.3</a></p>
<h2>v1.5.2</h2>
<ul>
<li>Update Changelog 7f15fd5</li>
<li>Merge pull request <a
href="https://redirect.github.com/gruntjs/grunt/issues/1743">#1743</a>
from gruntjs/cleanup-link b0ec6e1</li>
<li>Clean up link handling 433f91b</li>
</ul>
<p><a
href="https://github.com/gruntjs/grunt/compare/v1.5.1...v1.5.2">https://github.com/gruntjs/grunt/compare/v1.5.1...v1.5.2</a></p>
<h2>v1.5.1</h2>
<ul>
<li>Merge pull request <a
href="https://redirect.github.com/gruntjs/grunt/issues/1742">#1742</a>
from gruntjs/update-symlink-test ad22608</li>
<li>Fix symlink test 0652305</li>
</ul>
<p><a
href="https://github.com/gruntjs/grunt/compare/v1.5.0...v1.5.1">https://github.com/gruntjs/grunt/compare/v1.5.0...v1.5.1</a></p>
<h2>v1.5.0</h2>
<ul>
<li>Updated changelog b2b2c2b</li>
<li>Merge pull request <a
href="https://redirect.github.com/gruntjs/grunt/issues/1740">#1740</a>
from gruntjs/update-deps-22-10 3eda6ae</li>
<li>Update testing matrix 47d32de</li>
<li>More updates 2e9161c</li>
<li>Remove console log 04b960e</li>
<li>Update dependencies, tests... aad3d45</li>
<li>Merge pull request <a
href="https://redirect.github.com/gruntjs/grunt/issues/1736">#1736</a>
from justlep/main fdc7056</li>
<li>support .cjs extension e35fe54</li>
</ul>
<p><a
href="https://github.com/gruntjs/grunt/compare/v1.4.1...v1.5.0">https://github.com/gruntjs/grunt/compare/v1.4.1...v1.5.0</a></p>
<h2>v1.4.1</h2>
<ul>
<li>Update Changelog e7625e5</li>
<li>Merge pull request <a
href="https://redirect.github.com/gruntjs/grunt/issues/1731">#1731</a>
from gruntjs/update-options 5d67e34</li>
<li>Fix ci install d13bf88</li>
<li>Switch to Actions 08896ae</li>
<li>Update grunt-known-options eee0673</li>
<li>Add note about a breaking change 1b6e288</li>
</ul>
<p><a
href="https://github.com/gruntjs/grunt/compare/v1.4.0...v1.4.1">https://github.com/gruntjs/grunt/compare/v1.4.0...v1.4.1</a></p>
<h2>v1.4.0</h2>
<ul>
<li>Merge pull request <a
href="https://redirect.github.com/gruntjs/grunt/issues/1728">#1728</a>
from gruntjs/update-deps-changelog 63b2e89</li>
<li>Update changelog and util dep 106ed17</li>
<li>Merge pull request <a
href="https://redirect.github.com/gruntjs/grunt/issues/1727">#1727</a>
from gruntjs/update-deps-apr 49de70b</li>
<li>Update CLI and nodeunit 47cf8b6</li>
<li>Merge pull request <a
href="https://redirect.github.com/gruntjs/grunt/issues/1722">#1722</a>
from gruntjs/update-through e86db1c</li>
<li>Update deps 4952368</li>
</ul>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/gruntjs/grunt/blob/main/CHANGELOG">grunt's
changelog</a>.</em></p>
<blockquote>
<p>v1.5.3
date: 2022-04-23
changes:
- Patch up race condition in symlink copying.
v1.5.2
date: 2022-04-12
changes:
- Unlink symlinks when copy destination is a symlink.
v1.5.1
date: 2022-04-11
changes:
- Fixed symlink destination handling.
v1.5.0
date: 2022-04-10
changes:
- Updated dependencies.
- Add symlink handling for copying files.
v1.4.1
date: 2021-05-24
changes:
- Fix --preload option to be a known option
- Switch to GitHub Actions
v1.4.0
date: 2021-04-21
changes:
- Security fixes in production and dev dependencies
- Liftup/Liftoff upgrade breaking change. Update your scripts to use
--preload instead of --require. Ref: <a
href="e7a969d670</a>.
v1.3.0
date: 2020-08-18
changes:
- Switch to use <code>safeLoad</code> for loading YML files via
<code>file.readYAML</code>.
- Upgrade legacy-log to ~3.0.0.
- Upgrade legacy-util to ~2.0.0.
v1.2.1
date: 2020-07-07
changes:
- Remove path-is-absolute dependency.
(PR: <a
href="https://redirect.github.com/gruntjs/grunt/pull/1715">gruntjs/grunt#1715</a>)
v1.2.0
date: 2020-07-03
changes:
- Allow usage of grunt plugins that are located in any location that
is visible to Node.js and NPM, instead of node_modules directly
inside package that have a dev dependency to these plugins.
(PR: <a
href="https://redirect.github.com/gruntjs/grunt/pull/1677">gruntjs/grunt#1677</a>)
- Removed coffeescript from dependencies. To ease transition, if
coffeescript is still around, Grunt will attempt to load it.
If it is not, and the user loads a CoffeeScript file,
Grunt will print a useful error indicating that the
coffeescript package should be installed as a dev dependency.</p>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="82d79b8037"><code>82d79b8</code></a>
1.5.3</li>
<li><a
href="572d79b087"><code>572d79b</code></a>
Merge pull request <a
href="https://redirect.github.com/gruntjs/grunt/issues/1745">#1745</a>
from gruntjs/fix-copy-op</li>
<li><a
href="58016ffac5"><code>58016ff</code></a>
Patch up race condition in symlink copying.</li>
<li><a
href="0749e1da0d"><code>0749e1d</code></a>
Merge pull request <a
href="https://redirect.github.com/gruntjs/grunt/issues/1746">#1746</a>
from JamieSlome/patch-1</li>
<li><a
href="69b7c506cb"><code>69b7c50</code></a>
Create SECURITY.md</li>
<li><a
href="ac667b24ca"><code>ac667b2</code></a>
1.5.2</li>
<li><a
href="7f15fd5ad9"><code>7f15fd5</code></a>
Update Changelog</li>
<li><a
href="b0ec6e1242"><code>b0ec6e1</code></a>
Merge pull request <a
href="https://redirect.github.com/gruntjs/grunt/issues/1743">#1743</a>
from gruntjs/cleanup-link</li>
<li><a
href="433f91b78d"><code>433f91b</code></a>
Clean up link handling</li>
<li><a
href="d5969eccf2"><code>d5969ec</code></a>
1.5.1</li>
<li>Additional commits viewable in <a
href="https://github.com/gruntjs/grunt/compare/v1.0.4...v1.5.3">compare
view</a></li>
</ul>
</details>
<br />
[](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)
Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.
[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)
---
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)
You can disable automated security fix PRs for this repo from the
[Security Alerts page](https://github.com/fleetdm/fleet/network/alerts).
</details>
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Bumps
[@okta/oidc-middleware](https://github.com/okta/okta-oidc-middleware)
from 4.0.1 to 5.0.0.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/okta/okta-oidc-middleware/releases"><code>@okta/oidc-middleware</code>'s
releases</a>.</em></p>
<blockquote>
<h2>5.0.0</h2>
<h3>Breaking Changes</h3>
<ul>
<li><a
href="https://redirect.github.com/okta/okta-oidc-middleware/pull/54">#54</a>
Requires Node >= 12.19.0. Update production dependencies:
<ul>
<li><code>openid-client@5.1.9</code> (was 3.12.2)</li>
</ul>
</li>
</ul>
<h1>4.5.1</h1>
<h3>Bug Fixes</h3>
<ul>
<li><a
href="https://redirect.github.com/okta/okta-oidc-middleware/pull/43">#43</a>
fix: correctly preprends <code>appBaseUrl</code> to redirect url when
<code>appBaseUrl</code> contains a base path</li>
</ul>
<h2>4.5.0</h2>
<h3>Features</h3>
<ul>
<li><a
href="https://redirect.github.com/okta/okta-oidc-middleware/pull/40">#40</a>
Allows passing <code>loginHint</code> to
<code>ensureAuthenticated</code></li>
</ul>
<h3>Bug Fixes</h3>
<ul>
<li><a
href="https://redirect.github.com/okta/okta-oidc-middleware/pull/42">#42</a>
Fixes <code>appBaseUrl</code> option not prepending to login redirect
url</li>
</ul>
<h2>4.4.0</h2>
<h3>Bug Fixes</h3>
<ul>
<li><a
href="https://redirect.github.com/okta/okta-oidc-middleware/pull/34">#34</a>
Fixes Org AS login issue</li>
<li><a
href="https://redirect.github.com/okta/okta-oidc-middleware/pull/3">#3</a>
Call <code>res.redirect()</code> after custom
<code>routes.loginCallback.handler</code></li>
<li><a
href="https://redirect.github.com/okta/okta-oidc-middleware/pull/37">#37</a>
fix: <code>.logout</code> no longer throws error without valid
credentials</li>
</ul>
</blockquote>
</details>
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/okta/okta-oidc-middleware/blob/master/CHANGELOG.md"><code>@okta/oidc-middleware</code>'s
changelog</a>.</em></p>
<blockquote>
<h1>5.0.0</h1>
<h3>Breaking Changes</h3>
<ul>
<li><a href="">#</a> Requires Node >= 12.19.0. Update production
dependencies:
<ul>
<li><code>openid-client@5.1.9</code> (was 3.12.2)</li>
</ul>
</li>
</ul>
<h1>4.6</h1>
<p>-<a
href="https://redirect.github.com/okta/okta-oidc-middleware/pull/53">#53</a>
Fix: prevents open redirects</p>
<h1>4.5.1</h1>
<h3>Bug Fixes</h3>
<ul>
<li><a
href="https://redirect.github.com/okta/okta-oidc-middleware/pull/43">#43</a>
fix: correctly preprends <code>appBaseUrl</code> to redirect url when
<code>appBaseUrl</code> contains a base path</li>
</ul>
<h1>4.5.0</h1>
<h3>Features</h3>
<ul>
<li><a
href="https://redirect.github.com/okta/okta-oidc-middleware/pull/40">#40</a>
Allows passing <code>loginHint</code> to
<code>ensureAuthenticated</code></li>
</ul>
<h3>Bug Fixes</h3>
<ul>
<li><a
href="https://redirect.github.com/okta/okta-oidc-middleware/pull/42">#42</a>
Fixes <code>appBaseUrl</code> option not prepending to login redirect
url</li>
</ul>
<h1>4.4.0</h1>
<h3>Bug Fixes</h3>
<ul>
<li><a
href="https://redirect.github.com/okta/okta-oidc-middleware/pull/34">#34</a>
Fixes Org AS login issue</li>
<li><a
href="https://redirect.github.com/okta/okta-oidc-middleware/pull/3">#3</a>
Call <code>res.redirect()</code> after custom
<code>routes.loginCallback.handler</code></li>
<li><a
href="https://redirect.github.com/okta/okta-oidc-middleware/pull/37">#37</a>
fix: <code>.logout</code> no longer throws error without valid
credentials</li>
</ul>
<h1>4.3.0</h1>
<h3>Other</h3>
<ul>
<li>Release after migrating from monorepo</li>
<li></li>
</ul>
<h1>4.2.0</h1>
<h3>Bug Fixes</h3>
<ul>
<li><a
href="https://redirect.github.com/okta/okta-oidc-js/pull/1020">#1020</a>
Fixes issue with UUID returning null</li>
</ul>
<h1>4.1.0</h1>
<h3>Features</h3>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="50c093bcbc"><code>50c093b</code></a>
chore(deps): upgrade vulnerable dependencies (<a
href="https://redirect.github.com/okta/okta-oidc-middleware/issues/54">#54</a>)</li>
<li><a
href="5d10b3ccdd"><code>5d10b3c</code></a>
Prevent open redirects (<a
href="https://redirect.github.com/okta/okta-oidc-middleware/issues/53">#53</a>)</li>
<li><a
href="fe24bfc12e"><code>fe24bfc</code></a>
chore: Update dependencies</li>
<li><a
href="ebafab4916"><code>ebafab4</code></a>
chore: dev dependency upgrades</li>
<li><a
href="113e1a3678"><code>113e1a3</code></a>
chore: updates github issue template</li>
<li><a
href="a9b6ad22cd"><code>a9b6ad2</code></a>
Merge remote-tracking branch 'origin/4.5' into sw-backport-4.5.1</li>
<li><a
href="8b0691cae6"><code>8b0691c</code></a>
fix: if appBaseUrl includes a base path</li>
<li><a
href="94852df9a8"><code>94852df</code></a>
Releng: Revving up to version(s) 4.6.0 for artifact(s) None</li>
<li><a
href="4e1414e6c6"><code>4e1414e</code></a>
fixes: 'appBaseUrl' option not prepended to login redirect url</li>
<li><a
href="9c5e3b0fdc"><code>9c5e3b0</code></a>
feat: allow passing <code>loginHint</code> option to
<code>ensureAuthenticated</code></li>
<li>Additional commits viewable in <a
href="https://github.com/okta/okta-oidc-middleware/compare/@okta/oidc-middleware@4.0.1...okta-oidc-middleware-5.0.0">compare
view</a></li>
</ul>
</details>
<br />
[](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)
Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.
[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)
---
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)
You can disable automated security fix PRs for this repo from the
[Security Alerts page](https://github.com/fleetdm/fleet/network/alerts).
</details>
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Changes:
- Updated the deploy-vulnerability-dashboard workflow to use the correct
variables for the Heroku steps.
- Added GitHub maintainers to `website/config/custom.js` for the GitHub
workflows related to the vulnerability dashboard.
Improvements and fixes I found while integrating this
- Renamed db columns to match the profile tables for consistency
- Added columns to `host_mdm_apple_declarations`
- Removed `team_declaration_checksum_view`
- Remove the ad-hoc `MDMAppleRecordDeclarativeCheckIn`, I confused
myself by developing this using tests, the device actually sends an
`Acknowledged` response, which is recorded by nano
- Fixed bugs in the `declaration/../..` endpoints
- The prefix for the endpoint is `declaration` without `s`
- The response needs to include a `ServerToken`, otherwise the
declaration fails
