This adds a new API client named DeviceClient to server/service, meant to consume device endpoints and be used from Fleet Desktop.
Some of the logic to make requests and parse responses was very repetitive, so I introduced a private baseClient type and moved some of the logic of the existent Client there.
Related to #5685 and #5697
* fix old root dir in orbit
* add changes
* Add automation for orbit shell (with TUF)
* Fix workflow syntax
* Add logging to latest fleetctl preview action
* Add changes to fix workflow
* Use macOS host for TUF server and package generation
* Remove copy/paste if clause
* Fix orbit logs on macOS, Ubuntu
* Simplify TUF and generation of packages
* Set enroll secret instead of getting it
* Increase timeouts
* Add step id
* Fixes to the upload/download of artifacts
* Rearrange steps to not lose the downloads
* Fix copy/paste
* Add fleetctl login step
* Add missing config set
* Fix quotes on Windows
* Increase timeout
* Fix job termination
* Disable FLEET_DESKTOP for now
* Checkout repository on macOS
* Fix logs path
* Enable fleet desktop
* Use cancel, nitpick
Co-authored-by: Michal Nicpon <michal@fleetdm.com>
* state of device management page, chart component
* add images
* website: add charts.min.js, update layout, page script, and images
* layout updates, component validation
* add alt text, lint fixes
* update image name
* update bar-chart styles and layout
* add empty href and link styles
* Style overrides for mobile & tablet
• Added style overrides for mobile and tablet.
* Updated text
Updated text for the following sections:
• Introduction
• Key findings
• Part 1
* Updated text
Updated text in the following sections:
• Part 2
• Part 3
• Part 4
• Part 5
• Part 6
* Additional icon and text change
• Added icon for GitOps
• Repositioned text: The future of device management
* Text change
Removed "Takeaways" header from Part 6.
* style changes
• fixed some inconsistent headers (h3 to h2).
• fixed margin bottom on new GitOps note.
• Removed unneeded subsection div after removing "Takeaways" heading in my previous commit.
* update chart styles, add update charts function, sticky navigation
* lint fix
* lint fix
* Scroll navigation with header
* text changes
Updated chart titles to match the survey.
* style tweaks
Style tweaks to the charts.
* add pdf
Co-authored-by: Mike Thomas <mthomas@fleetdm.com>
* Update security-policies.md
1. Background checks do not actually need to be done before the first day but rather before access to the Fleet automatic update environment is granted.
2. Added note about board meetings.
3. Added a note about Fleeties spreadsheet being required
* Update security-policies.md
Added risk mitigation timeline
* Update security-policies.md
quarterly reviews of risk register
* Update security-policies.md
Added whistleblower link
This adds a new device authenticated endpoint, `/api/_version_/fleet/device/{token}/policies` to retrieve the device policies.
An example request / response looks like:
```bash
curl https://localhost:8080/api/latest/fleet/device/1804e808-171f-4dda-9bec-f695b2f2371a/policies
```
```json
{
"policies": [
{
"id": 3,
"name": "Antivirus healthy (Linux)",
"query": "SELECT score FROM (SELECT case when COUNT(*) = 2 then 1 ELSE 0 END AS score FROM processes WHERE (name = 'clamd') OR (name = 'freshclam')) WHERE score == 1;",
"description": "Checks that both ClamAV's daemon and its updater service (freshclam) are running.",
"author_id": 1,
"author_name": "Admin",
"author_email": "admin@example.com",
"team_id": null,
"resolution": "Ensure ClamAV and Freshclam are installed and running.",
"platform": "darwin,windows,linux",
"created_at": "2022-05-23T20:53:36Z",
"updated_at": "2022-05-23T20:53:36Z",
"response": "fail"
}
]
}
```
Related to [#5685](https://github.com/fleetdm/fleet/issues/5685), in another changeset I will be adding "client" endpoints so we can consume this endpoint from Fleet Desktop
* Add WithStdout option for osquery's Runner
fetch the osquery output to do something in other flow
* Create osquery-runner-withstdout
* Update osquery.go
* Add support for orbit_info to osquery-perf
* Add orbit_info support to osquery-perf
* Use 0.5 as default for orbit_info
* Fix CodeQL security warning on osquery-perf
1. Background checks do not actually need to be done before the first day but rather before access to the Fleet automatic update environment is granted.
2. Added note about board meetings.
3. Added a note about Fleeties spreadsheet being required
Related to #5776, this ensures that when a host is re-enrolled on a different team we cleanup existing policy memberships in the same way we do when a host is assigned a team through the API.
