API changes for the Windows configuration profiles story:
- #13281
It's **ready for review**, but marked as a draft because of KPI (PR open
time)
- DONE: Remove activity types changes before merging (those will be
automatically generated)
#### `profile_id` and `profile_uuid` changes specified in following
ticket:
- #15274
---------
Co-authored-by: Noah Talerman <47070608+noahtalerman@users.noreply.github.com>
Co-authored-by: Rachael Shaw <r@rachael.wtf>
- Pull info about duration-based settings to the top to make it clear.
For this bug: #15926
- Add info about self-managed v. managed-cloud customers
- Cut content
Closes: https://github.com/fleetdm/confidential/issues/4665
Changes:
- Added a new documentation page that provides instructions for
downgrading from Fleet premium. The content for this section was pulled
from a [commented-out FAQ
question](1d2f5ae42a/docs/Get%20started/FAQ.md (L363-L394)).
---------
Co-authored-by: Mike Thomas <78363703+mike-j-thomas@users.noreply.github.com>
Co-authored-by: Rachael Shaw <r@rachael.wtf>
> Relevant issue: #15625
# Checklist for submitter
If some of the following don't apply, delete the relevant line.
<!-- Note that API documentation changes are now addressed by the
product design team. -->
- [x] Changes file added for user-visible changes in `changes/` or
`orbit/changes/`.
See [Changes
files](https://fleetdm.com/docs/contributing/committing-changes#changes-files)
for more information.
- [x] Added/updated tests
- [x] Manual QA for all new/changed functionality
> Relevant issue: #14500
# Checklist for submitter
If some of the following don't apply, delete the relevant line.
<!-- Note that API documentation changes are now addressed by the
product design team. -->
previous: ...one ticket is created per CVE regardless of the number of
hosts on which such CVE is detected.
Hope that meaning is the same? If so, what is there is a little clunky.
Not meaning to be pedantic just trying to make the flow a bit more
natural. :)
# Checklist for submitter
If some of the following don't apply, delete the relevant line.
<!-- Note that API documentation changes are now addressed by the
product design team. -->
- [ ] Changes file added for user-visible changes in `changes/` or
`orbit/changes/`.
See [Changes
files](https://fleetdm.com/docs/contributing/committing-changes#changes-files)
for more information.
- [ ] Documented any permissions changes (docs/Using
Fleet/manage-access.md)
- [ ] Input data is properly validated, `SELECT *` is avoided, SQL
injection is prevented (using placeholders for values in statements)
- [ ] Added support on fleet's osquery simulator `cmd/osquery-perf` for
new osquery data ingestion features.
- [ ] Added/updated tests
- [ ] Manual QA for all new/changed functionality
- For Orbit and Fleet Desktop changes:
- [ ] Manual QA must be performed in the three main OSs, macOS, Windows
and Linux.
- [ ] Auto-update manual QA, from released version of component to new
version (see [tools/tuf/test](../tools/tuf/test/README.md)).
#14879
- [X] Changes file added for user-visible changes in `changes/` or
`orbit/changes/`.
See [Changes
files](https://fleetdm.com/docs/contributing/committing-changes#changes-files)
for more information.
- [x] Added/updated tests
- [x] Manual QA for all new/changed functionality
- For Orbit and Fleet Desktop changes:
- [x] Manual QA must be performed in the three main OSs, macOS, Windows
and Linux.
- [x] Auto-update manual QA, from released version of component to new
version (see [tools/tuf/test](../tools/tuf/test/README.md)).
📺 Loom:
https://www.loom.com/share/9e17848963574af3aa10d426b450bcd0?sid=f8078293-c7e1-4864-a8a3-4cec996971f5#15476#15540#15542
After upgrading fleetd, customer-blanco saw a spike in traffic and a
spike in DB connections. These fixes attempt to reduce the traffic and
DB load when fleetd is upgraded.
On the server, added fleet/device/{token}/ping endpoint to be used by
agents to check their token.
On the agent:
- Removed call to fleet/orbit/device_token unless token needs to be
updated.
- Changed call to fleet/device/{token}/desktop with a less resource
intensive call to fleet/device/{token}/ping
- Removed call to fleet/orbit/ping
# Checklist for submitter
If some of the following don't apply, delete the relevant line.
<!-- Note that API documentation changes are now addressed by the
product design team. -->
- [x] Changes file added for user-visible changes in `changes/` or
`orbit/changes/`.
See [Changes
files](https://fleetdm.com/docs/contributing/committing-changes#changes-files)
for more information.
- [x] Manual QA for all new/changed functionality
- For Orbit and Fleet Desktop changes:
- [x] Manual QA must be performed in the three main OSs, macOS, Windows
and Linux.
- [x] Auto-update manual QA, from released version of component to new
version (see [tools/tuf/test](../tools/tuf/test/README.md)).
- Associated w/ this story: #15600
- Update docs now that disk encryption enforcement is cross platform
(Windows story here: #12577)
- Remove section about resetting a password w/ disk encryption key to
reduce doc content. Remove this link from the UI
Makes parameter formatting in documented REST API paths consistent.
Previously, we were using a mix of `/foo/:parameter/bar` and
`/foo/{parameter}/bar`. This updates all URLs to use `:` instead of
`{…}`.
Also, opportunistically fixed some other inconsistent formatting I
noticed in a couple places.
# Checklist for submitter
If some of the following don't apply, delete the relevant line.
<!-- Note that API documentation changes are now addressed by the
product design team. -->
- [ ] Changes file added for user-visible changes in `changes/` or
`orbit/changes/`.
See [Changes
files](https://fleetdm.com/docs/contributing/committing-changes#changes-files)
for more information.
- [ ] Documented any permissions changes (docs/Using
Fleet/manage-access.md)
- [ ] Input data is properly validated, `SELECT *` is avoided, SQL
injection is prevented (using placeholders for values in statements)
- [ ] Added support on fleet's osquery simulator `cmd/osquery-perf` for
new osquery data ingestion features.
- [ ] Added/updated tests
- [ ] Manual QA for all new/changed functionality
- For Orbit and Fleet Desktop changes:
- [ ] Manual QA must be performed in the three main OSs, macOS, Windows
and Linux.
- [ ] Auto-update manual QA, from released version of component to new
version (see [tools/tuf/test](../tools/tuf/test/README.md)).
- Simplify usage instructions to make it more like a reference
- Move "Run script asynchronously" to contributor docs so that user
facing API docs have one best practice API endpoint for scripts. Call
synchronous endpoint "Run script"
- Remove section about plain osquery and launcher. Using fleetd is best
practice and we want all new Fleet users to follow this best practice.
If they can't we want to learn why.
- Replace "Fleetd configuration options" section with a tip. Easier to
maintain as we add/update flags.
Closes: #15255
Changes:
- Added the usage statistics added in
https://github.com/fleetdm/fleet/pull/14216 to the inputs of the
`receive-usage-analytics` webhook.
- Updated the `receive-usage-analytics` webhook to send the new usage
statistics to Datadog.
- Added attributes for the new usage statistics to the
`HistoricalUsageSnapshot` model.
- Removed the `columnName` from the `hostsStatusWebHookEnabled`
attribute of the `HistoricalUsageSnapshot` model, the name of this
column will be changed in the database when the new columns are added to
the databse table.
- Updated the usage statistics documentation to have the new statistics.
This PR requires database migrations. When this is approved and ready to
merge, we will need to:
- [ ] Merge this PR
- [ ] Put fleetdm.com into maintenance mode while the "Deploy Fleet
website" GH action runs.
- [ ] Add the new columns to the database table
- [ ] Change the name of the `hostStatusWebhookEnabled` column to
`hostsStatusWebHookEnabled`
- [ ] Set the default values for the new columns on the existing
records.
- [ ] When the website has finished redeploying, take it out of
maintenance mode.
Removed Orbit from top header list and the Components diagram. There is
a lot of additional Orbit content throughout this doc that needs to be
purged over time, especially when fleetctl commands are changed as the
Orbit object is eliminated.
# Checklist for submitter
If some of the following don't apply, delete the relevant line.
- [ ] Changes file added for user-visible changes in `changes/` or
`orbit/changes/`.
See [Changes
files](https://fleetdm.com/docs/contributing/committing-changes#changes-files)
for more information.
- [ ] Documented any API changes (docs/REST API/rest-api.md or
docs/Contributing/API-for-contributors.md)
- [ ] Documented any permissions changes (docs/Using
Fleet/manage-access.md)
- [ ] Input data is properly validated, `SELECT *` is avoided, SQL
injection is prevented (using placeholders for values in statements)
- [ ] Added support on fleet's osquery simulator `cmd/osquery-perf` for
new osquery data ingestion features.
- [ ] Added/updated tests
- [ ] Manual QA for all new/changed functionality
- For Orbit and Fleet Desktop changes:
- [ ] Manual QA must be performed in the three main OSs, macOS, Windows
and Linux.
- [ ] Auto-update manual QA, from released version of component to new
version (see [tools/tuf/test](../tools/tuf/test/README.md)).
- Add Isabell to team table
- reorder contact-us in leadership page
- Standardize "Contact us" on all departmental pages
- Convert all responsibilities to imperative mood verb phrase
- Untangle and deduplicate Engineering <> Product groups <> Product
---------
Co-authored-by: Rachael Shaw <r@rachael.wtf>
#14888
@getvictor This is ready for review, but keeping as draft as there are
probably many tests that need amending.
I used the new version of the `./tools/nvd/nvdvuln/nvdvuln.go` to
compare the current vulnerabilities found in our dogfood environment
with the vulnerabilities found by the code in this PR and both results
match:
```
go run -race -tags fts5 ./tools/nvd/nvdvuln/nvdvuln.go --debug --db_dir ./local --software_from_url <dogfood URL> --software_from_api_token <API_TOKEN> --sync 2>&1 | tee out.txt
[...]
CVEs found and expected matched!
```
- [X] Changes file added for user-visible changes in `changes/` or
`orbit/changes/`.
See [Changes
files](https://fleetdm.com/docs/contributing/committing-changes#changes-files)
for more information.
- [ ] Added/updated tests
- [X] Manual QA for all new/changed functionality
---------
Co-authored-by: Victor Lyuboslavsky <victor@fleetdm.com>
Co-authored-by: Victor Lyuboslavsky <victor.lyuboslavsky@gmail.com>
Closes: #11812
Changes:
- Renamed the `hostStatusWebhookEnabled` attribute of the
`HistoricalUsageSnapshot` model to `hostsStatusWebHookEnabled` and
updated the definition to use the existing database column name.
- Updated the inputs of the `receive-usage-analytics` webhook to accept
a `hostsStatusWebHookEnabled` input.
- Updated the usage statistics documentation to have the [correct
variable
name](36e12d02e3/server/fleet/statistics.go (L21)).
Summary:
- Enroll hosts page refinement
- Since page was too long and had a lot of content I did following:
- Moved most important sections to the top
- Did some changes to make things more consistent, when possible having
UI and CLI sections with steps (ordered list)
- Moved `Add hosts with plain osquery` to contributor docs, since I
learned this approach is used just by couple of Fleet customers, and we
don't advise this as best practice anymore
- Added overview (table of contents) on the top to make easier to
navigate through the page
- Moved some technical (advanced) topics into separate section on the
bottom of the page
---------
Co-authored-by: Noah Talerman <noahtal@umich.edu>
Co-authored-by: Noah Talerman <47070608+noahtalerman@users.noreply.github.com>
Co-authored-by: Rachael Shaw <r@rachael.wtf>
# Checklist for submitter
If some of the following don't apply, delete the relevant line.
- [x] Changes file added for user-visible changes in `changes/` or
`orbit/changes/`.
See [Changes
files](https://fleetdm.com/docs/contributing/committing-changes#changes-files)
for more information.
- [x] Documented any API changes (docs/REST API/rest-api.md or
docs/Contributing/API-for-contributors.md)
- [x] Input data is properly validated, `SELECT *` is avoided, SQL
injection is prevented (using placeholders for values in statements)
- [x] Added/updated tests
- [x] Manual QA for all new/changed functionality
---------
Co-authored-by: Rachael Shaw <r@rachael.wtf>
for #14361 this adds the bits related to saving a slice of strings with
paths to configuration profiles.
---------
Co-authored-by: Martin Angers <martin.n.angers@gmail.com>
Co-authored-by: Marko Lisica <83164494+marko-lisica@users.noreply.github.com>
Added a guide for which API endpoints to expose and fixed an associated
broken link. See https://github.com/fleetdm/fleet/issues/15115 for
context.
# Checklist for submitter
If some of the following don't apply, delete the relevant line.
- [x] Manual QA for all new/changed functionality
Changes:
- Added a pageOrderInSection meta tag to the high level architecture
page in the contributing docs. The missing meta tag is currently
preventing the Fleet website from deploying and causing the website
tests to fail.
Closes: #14812
Changes:
- Added a "critical" tag to critical policies in the standard query
library.
- Updated the macOS version used in the "Operating system up to date
(macOS)" policy.
- Updated the name of a policy to be in sentence case ("MDM Enrolled
(macOS)" » "MDM enrolled (macOS)")
- Updated the build-static-content script to add a `critical` attribute
to queries that have the "critical" tag.
- Updated the /queries page to add a "critical" badge to queries that
have the critical attribute.
It's a bit unclear from the permissions docs _how_ observers are able to
view all queries & their reports, leading to bug reports like
[this](https://github.com/fleetdm/fleet/issues/15009).
I think the intended behavior is that observers can view all queries and
their reports **via the API** but not in the UI or fleetctl. Updated
notes to clarify. (Let me know if my interpretation is incorrect!)
Changes:
- added backticks to a parameter description ("`"differential", or
"differential_ignore_removals"`" » "`"differential"`, or
`"differential_ignore_removals"`")...
If some of the following don't apply, delete the relevant line.
...
---------
Co-authored-by: Sampfluger88 <108141731+Sampfluger88@users.noreply.github.com>
Co-authored-by: Rachael Shaw <r@rachael.wtf>
I've updated the ATC example that uses TCC.db to be cross-compatible
with as many MacOS versions as possible. This is still useful as-is.
I've also added a chunk for folks to copy/paste directly into their team
settings in the UI for those not using GitOps.
Hopefully others find this helpful!
...
---------
Co-authored-by: Mike McNeil <mikermcneil@users.noreply.github.com>
@ksatter I haven't included an example of the audit logs because we
already have it elsewhere in the docs, so have just linked.
Reference: #13646 & #13648
---------
Co-authored-by: Noah Talerman <47070608+noahtalerman@users.noreply.github.com>
Changes:
- Added "Why Fleet" section to incorporate Fleet's point of view.
- Updated the "What's it for" section
- Lit up some useful links
- Updated some out-of-date links
.
API changes for the Windows MDM command story: #13069
Changes:
- Add cross platform endpoints used for macOS and Windows MDM commands
- Deprecate `/apple` endpoints.
---------
Co-authored-by: Noah Talerman <47070608+noahtalerman@users.noreply.github.com>
Closes https://github.com/fleetdm/fleet/issues/14814
Changes:
- moved the FAQs from the pricing page to the FAQs in the docs. The
theory is that these questions are a long way down the page and likely
being missed.
- Added five more questions and answers to the FAQ from questions that
come up during customer calls.
- Commented out existing questions. Some are out of date, and some have
been dumped into the FAQ for lack of a better place to put them. We will
continue to add to this list with stronger content from talking with
users and customers.
- added a link to the FAQ on the pricing page.
Moved "List queries" to the top, to match the order of other sections of
the API. (We usually start with the endpoint to get a list of things,
_then_ the endpoint to get one thing by ID.)
#13998
Cleaned up REST API input validation for hosts, carves, users endpoints.
rest-api.md changes explained:
https://www.loom.com/share/9cd82653bacb4528bdaac117ec85a976
For the following endpoints:
/api/v1/fleet/hosts
/api/v1/fleet/hosts/count
/api/v1/fleet/hosts/report
- converted validation errors from 500 to 400 HTTP status code
- added validation that policy_id must be present when policy_response
is specified
- added validation that policy_response must be `passing` or `failing`
- added validation that `os_name` must be specified with `os_version`
For the following endpoint:
/api/v1/fleet/users
- converted team_id validation error from 500 to 400 HTTP status code
For the following endpoint:
/api/v1/fleet/carves
- added rest-api.md documentation for `page`, `per_page`, `order_key`,
`order_direction`, and `expired`
- converted `expired` validation error from 500 to 400 HTTP status code
# Checklist for submitter
If some of the following don't apply, delete the relevant line.
- [x] Changes file added for user-visible changes in `changes/` or
`orbit/changes/`.
See [Changes
files](https://fleetdm.com/docs/contributing/committing-changes#changes-files)
for more information.
- [x] Documented any API changes (docs/Using-Fleet/REST-API.md or
docs/Contributing/API-for-contributors.md)
- [x] Added/updated tests
- [x] Manual QA for all new/changed functionality
---------
Co-authored-by: Rachael Shaw <r@rachael.wtf>
# Checklist for submitter
If some of the following don't apply, delete the relevant line.
- [x] Changes file added for user-visible changes in `changes/` or
`orbit/changes/`.
See [Changes
files](https://fleetdm.com/docs/contributing/committing-changes#changes-files)
for more information.
- [x] Added/updated tests
- [x] Manual QA for all new/changed functionality
#13615
- [X] Changes file added for user-visible changes in `changes/` or
`orbit/changes/`.
See [Changes
files](https://fleetdm.com/docs/contributing/committing-changes#changes-files)
for more information.
- ~[ ] Documented any API changes (docs/Using-Fleet/REST-API.md or
docs/Contributing/API-for-contributors.md)~
- ~[ ] Documented any permissions changes (docs/Using
Fleet/manage-access.md)~
- ~[ ] Input data is properly validated, `SELECT *` is avoided, SQL
injection is prevented (using placeholders for values in statements)~
- ~[ ] Added support on fleet's osquery simulator `cmd/osquery-perf` for
new osquery data ingestion features.~
- [X] Added/updated tests
- [X] Manual QA for all new/changed functionality
- ~For Orbit and Fleet Desktop changes:~
- ~[ ] Manual QA must be performed in the three main OSs, macOS, Windows
and Linux.~
- ~[ ] Auto-update manual QA, from released version of component to new
version (see [tools/tuf/test](../tools/tuf/test/README.md)).~
# Checklist for submitter
If some of the following don't apply, delete the relevant line.
- [ ] Changes file added for user-visible changes in `changes/` or
`orbit/changes/`.
See [Changes
files](https://fleetdm.com/docs/contributing/committing-changes#changes-files)
for more information.
- [ ] Documented any API changes (docs/Using-Fleet/REST-API.md or
docs/Contributing/API-for-contributors.md)
- [ ] Documented any permissions changes (docs/Using
Fleet/manage-access.md)
- [ ] Input data is properly validated, `SELECT *` is avoided, SQL
injection is prevented (using placeholders for values in statements)
- [ ] Added support on fleet's osquery simulator `cmd/osquery-perf` for
new osquery data ingestion features.
- [ ] Added/updated tests
- [ ] Manual QA for all new/changed functionality
- For Orbit and Fleet Desktop changes:
- [ ] Manual QA must be performed in the three main OSs, macOS, Windows
and Linux.
- [ ] Auto-update manual QA, from released version of component to new
version (see [tools/tuf/test](../tools/tuf/test/README.md)).
Addresses: https://github.com/fleetdm/confidential/issues/3914
- Consolidate changes from #13943, #14184, and #14249 into article
- Remove "Window setup" doc page.
TODO: @spokanemac to add an image for the article and appropriate meta
tags so that the article shows up on fleetdm.com/guides
---------
Co-authored-by: spokanemac <jack@jdstrong.com>
Co-authored-by: JD <spokanemac@users.noreply.github.com>
Co-authored-by: Eric <eashaw@sailsjs.com>
Move content into a blockquote (since h3s on this page are reserved for
API endpoints), and point users toward how to get errors for a
particular query via the REST API.
Closes: https://github.com/fleetdm/confidential/issues/4015
Changes:
- Changed the url for `/fleetctl-preview` to
`/try-fleet/fleetctl-preview`
- Updated the controller for the `/fleetctl-preview` page to redirect
non-logged-in users to `/try-fleet/login`
- Removed the route for `/try-fleet/sandbox-expired`, and added a
redirect going to `/try-fleet/fleetctl-preview`.
- Updated the controller for `/try-fleet/sandbox` to redirect the users
without a non-expired Sandbox instance to `/try-fleet/fleetctl-preview`.
- Updated `signup.js` to not provision Fleet sandbox instances for
users.
- Updated the `User` model to support a third `signupReason`: "Try
Fleet"
- Updated `/try-fleet/register` to submit "Try Fleet" as a
`signupReason` when users sign up.
- Renamed the files for the `/fleetctl-preview` page (`get-started` »
`fleetctl-preview`)
- Updated/removed Fleet Sandbox related handbook sections.
- Replaced the "Fleet vs Fleet Sandbox" section in the deploying
documentation with a note about `fleetctl preview`.
- Updated links to Fleet Sandbox in articles.
---------
Co-authored-by: Mike Thomas <78363703+mike-j-thomas@users.noreply.github.com>
I was in this file and got sucked into fixing up a bunch of typos and
grammar issues. (I just had to clear all the Grammarly red marks 😵💫)
- Added missing punctuation
- Removed unnecessary punctuation
- Fixed some typos
- Hypenated some compound adjectives
- Removed some unnecessary hyphens
.
Draft PR to show API changes for #7766#13469
---------
Co-authored-by: Lucas Rodriguez <lucas@fleetdm.com>
Co-authored-by: Mike McNeil <mikermcneil@users.noreply.github.com>
Fixing typos - replacing capital case with lower case.
Removed all the checklist because it doesn't apply to changes in the
documentation....
...
...
Co-authored-by: Mike McNeil <mikermcneil@users.noreply.github.com>
Co-authored-by: Sampfluger88 <108141731+Sampfluger88@users.noreply.github.com>
I added a link to the license dispenser in the "Can you host Fleet for
me?" section.
# Checklist for submitter
- [x] Manual QA for all new/changed functionality
Fixed markdown syntax for links in a couple places where it was
formatted incorrectly (`(…)[…]` instead of `[…](…)`)
(Fixed one earlier and just searched the docs folder for `)[` to find
these; hopefully this PR nabs the rest.)
- Update configuration docs to clarify this and what the workaround is
if changing the cert/key is necessary (due to compromise)
- Remove words from macOS setup docs
# Checklist for submitter
If some of the following don't apply, delete the relevant line.
- [ ] Changes file added for user-visible changes in `changes/` or
`orbit/changes/`.
See [Changes
files](https://fleetdm.com/docs/contributing/committing-changes#changes-files)
for more information.
- [ ] Documented any API changes (docs/Using-Fleet/REST-API.md or
docs/Contributing/API-for-contributors.md)
- [ ] Documented any permissions changes (docs/Using
Fleet/manage-access.md)
- [ ] Input data is properly validated, `SELECT *` is avoided, SQL
injection is prevented (using placeholders for values in statements)
- [ ] Added support on fleet's osquery simulator `cmd/osquery-perf` for
new osquery data ingestion features.
- [ ] Added/updated tests
- [ ] Manual QA for all new/changed functionality
- For Orbit and Fleet Desktop changes:
- [ ] Manual QA must be performed in the three main OSs, macOS, Windows
and Linux.
- [ ] Auto-update manual QA, from released version of component to new
version (see [tools/tuf/test](../tools/tuf/test/README.md)).
# Checklist for submitter
If some of the following don't apply, delete the relevant line.
- [ ] Changes file added for user-visible changes in `changes/` or
`orbit/changes/`.
See [Changes
files](https://fleetdm.com/docs/contributing/committing-changes#changes-files)
for more information.
- [ ] Documented any API changes (docs/Using-Fleet/REST-API.md or
docs/Contributing/API-for-contributors.md)
- [ ] Documented any permissions changes (docs/Using
Fleet/manage-access.md)
- [ ] Input data is properly validated, `SELECT *` is avoided, SQL
injection is prevented (using placeholders for values in statements)
- [ ] Added support on fleet's osquery simulator `cmd/osquery-perf` for
new osquery data ingestion features.
- [ ] Added/updated tests
- [ ] Manual QA for all new/changed functionality
- For Orbit and Fleet Desktop changes:
- [ ] Manual QA must be performed in the three main OSs, macOS, Windows
and Linux.
- [ ] Auto-update manual QA, from released version of component to new
version (see [tools/tuf/test](../tools/tuf/test/README.md)).
