Martin Angers
f602ea3446
Provide Munki issues for MacOS hosts ( #7280 )
2022-08-29 14:40:16 -04:00
Juan Fernandez
3048a07fd1
Feature 7076: Ingest installed windows updates ( #7138 )
...
* Ingest installed Windows updates and store them in the windows_updates table.
* Added config option for enabling/disabling Windows update ingestion and Windows OS vuln. detection.
2022-08-26 14:55:03 -04:00
Roberto Dip
9a1d2066bb
deprecate host_settings in favor of features ( #7358 )
...
Related to #7312 , this makes use of the changes introduced in #7353 to rename host_settings to features while keeping backwards compatibility.
2022-08-25 13:41:50 -03:00
Roberto Dip
c943e0665a
add a mechanism to deprecate AppConfig settings w/ backwards-compat ( #7353 )
...
Related to https://github.com/fleetdm/fleet/issues/7312 , the motivation behind these changes is to introduce a way to deprecate configurations in `AppConfig`, while still preserving backwards compatibility.
From the Epic:
> NOTE: `host_settings` is now replaced by `features`. We should still support `host_settings` as an alias to `features` for backwards compatibility, but in our communications, we should use and recommend features as the canonical way forward.
2022-08-24 18:40:09 -03:00
Martin Angers
dfd7d3f244
Add activity types for applied team spec and edited agent options ( #7355 )
2022-08-24 08:32:45 -04:00
Roberto Dip
fe9cdb7017
fix flaky TestIntegrationsSandbox/TestInstallerHeadCheck ( #7345 )
...
this adjusts the TestInstallerHeadCheck check to use `DoRaw` instead of `Do`, which sends a body with null when nil is passed for the params parameter.
2022-08-23 09:58:10 -03:00
gillespi314
7fb109e6b3
Handle errors for duplicate os records ( #7294 )
2022-08-22 14:34:00 -05:00
Juan Fernandez
4013cbbdfc
Feature 6975: Populate vendor column in software inventory ( #7297 )
...
- Populate 'software.vendor' when ingesting software from Windows hosts.
- Increate width of 'software.vendor'.
2022-08-18 18:02:56 -04:00
Roberto Dip
8acf14ab43
adjust installers endpoint to avoid AJAX downloads ( #7226 )
...
Related to #7206 , this delegates the handling of the download to the browser
2022-08-16 12:54:41 -03:00
Roberto Dip
05ddeade90
add back-end implementation for SSO JIT provisioning ( #7182 )
...
Related to #7053 , this uses the SSO config added in #7140 to enable JIT provisioning for premium instances.
2022-08-15 14:42:33 -03:00
Martin Angers
b891e0d7f7
Add mdm solution payload to GET /hosts response when filtering by mdm_id ( #7198 )
2022-08-15 12:57:25 -04:00
gillespi314
90f57f4849
Enhance API endpoints with host operating systems info ( #7154 )
2022-08-12 14:23:25 -05:00
Juan Fernandez
8dccc42027
Bug 5983: Performance issues when listing software ( #6879 )
...
Improve performance when listing software by using the software_host_counts aggregate table.
2022-08-10 17:43:22 -04:00
Martin Angers
c8cdddf0ea
Update /macadmins endpoints to include MDM name and aggregate count ( #7137 )
2022-08-10 15:15:01 -04:00
Roberto Dip
fc8c15c0d1
add application config setting to enable JIT provisioning ( #7140 )
...
As part of #7053 , this adds a config setting to enable JIT provisioning.
2022-08-10 15:15:35 -03:00
gillespi314
e2194be61c
Add schedule
package and refactor cron jobs for cleanups, aggregations, and usage statistics ( #6618 )
2022-08-10 11:00:56 -05:00
Martin Angers
9755eb2e27
Support async saving of scheduled query statistics ( #7012 )
2022-08-10 10:01:05 -04:00
gillespi314
3a88afaf98
Add new database tables and queries for host operating systems ( #6920 )
2022-08-09 13:34:41 -05:00
Lucas Manuel Rodriguez
6dcff28be0
Move specs parsing functionality to a new pkg/spec package ( #7050 )
2022-08-05 19:07:32 -03:00
Roberto Dip
2b8743e240
send enroll secret in query for installers ( #7064 )
...
This changes how the enroll secret is sent to the server, as they might contain /, which was causing problems with our router.
2022-08-04 18:39:38 -03:00
Juan Fernandez
966bfbf85e
Feature 6487: Deprecate cpe_id from software_cve table ( #6562 )
...
Part 2/3 of the removal of the cpe_id column from the software_cve table in favor of using the newly added software_id coumn.
2022-08-04 09:24:44 -04:00
Martin Angers
c1d38598e2
Prevent removing team enroll secrets when applying team specs without new secrets ( #6890 )
2022-08-02 09:51:03 -04:00
Gabriel Hernandez
f61a17bd9b
add google analytics to sandbox instances ( #6941 )
...
* add google analytics to sandbox instances
* Add serverType variable to frontend handler
* update version of html-webpack-plugin
Co-authored-by: Lucas Rodriguez <lucas@fleetdm.com>
2022-08-01 11:27:12 +01:00
Roberto Dip
90b723e45a
consolidate sandbox env flags ( #6917 )
...
Related to #6894 , this entirely replaces FLEET_DEMO with the server config added in #6597
As part of this, I also implemented a small refactor to the integration test suite to allow setting a custom config when the server is initialized.
2022-07-27 16:47:39 -03:00
RachelElysia
52673b6ed2
Sentence case error ( #6845 )
2022-07-25 13:14:05 -04:00
gillespi314
0312454f4c
Modify host battery health returned by GET /hosts/:id
( #6782 )
2022-07-20 21:16:03 -05:00
Michal Nicpon
d4be5ad2a1
add upgrade tests ( #6596 )
...
* add upgrade tests
* fix lint issues
go.mod
* remove req.cnf
* revert unrelated changes
* make version configurable in test
* fix golangci-lint ruleguard issue
Related to https://github.com/go-critic/go-critic/issues/1152
Need to have github.com/quasilyte/go-ruleguard/dsl
* fix lint issues
* fix
* clean up docker-compose.yml
* fix http request
* add readme
* fix lint issues
* address feedback
* fix
* add platform
* address feedback
* run go fmt
2022-07-19 15:11:51 -06:00
Lucas Manuel Rodriguez
de1717291d
Set authz checked when rate limiting device endpoints ( #6702 )
...
* Set authz checked when rate limiting device endpoints
* Unexport var and attempt to fix flaky test
2022-07-18 14:22:49 -03:00
Eng Zer Jun
1ab171faf3
test: use T.Setenv
to set env vars in tests ( #6714 )
...
This commit replaces `os.Setenv` with `t.Setenv` in tests. The
environment variable is automatically restored to its original value
when the test and all its subtests complete.
Reference: https://pkg.go.dev/testing#T.Setenv
Signed-off-by: Eng Zer Jun <engzerjun@gmail.com>
2022-07-18 14:22:28 -03:00
Roberto Dip
69f8f2a73b
add API endpoints to retrieve pre-built installers ( #6672 )
...
Rel: #6365 , this adds a new endpoint to check and download pre-built installers.
2022-07-18 13:44:30 -03:00
Roberto Dip
6faee84f57
allow to configure a default global enroll secret ( #6609 )
...
Related to #6365 this adds a new config to set a global enroll token that will be used by the server.
2022-07-12 19:12:10 -03:00
Tomas Touceda
7f8099db57
Add sandbox fleet serve config ( #6619 )
...
* Add sandbox fleet serve config
* Update docs
* Maybe fix lint issues
* Add lint dep
2022-07-12 18:21:15 -03:00
Tomas Touceda
af0cf9b703
Add rate limits for device authed endpoints ( #6529 )
...
* Add rate limits for device authed endpoints
* Fix lint
* Add missing test
* Fix test
* Increase the quota for desktop endpoints
* Add comment about quota
2022-07-11 10:49:05 -03:00
Roberto Dip
1ed8efacfa
increase the length of host_batteries.health ( #6560 )
...
Rel to #6559 , this increases the size of host_batteries.health for cases like "Check Battery" that exceed 10 chars
2022-07-08 21:06:50 +00:00
Zach Wasserman
03734a37aa
Add server support for Fleet Sandbox demo login ( #6387 )
...
* Add server support for Fleet Sandbox demo login
This adds an endpoint `/api/latest/fleet/demologin` that provides a
redirect for the fleetdm.com portion of Fleet Sandbox to automatically
log in a user. The username and password must be provided as form
values. The endpoint is only enabled if `FLEET_DEMO=1` is set in the
server environment.
This was tested locally with the following HTML served by `python3 -m
http.server`, and the Fleet server running with `FLEET_DEMO=1
./build/fleet serve --dev`:
```
<!DOCTYPE html>
<body>
<form
method="post"
action="https://localhost:8080/api/latest/fleet/demologin "
id="demologin"
>
<input type="hidden" name="email" value="admin@example.com" />
<input type="hidden" name="password" value="admin123123#" />
<input type="submit"/>
</form>
<script type="text/javascript">
document.forms["demologin"].submit();
</script>
</body>
</html>
```
For Fleet sandbox purposes, the `action` should be set to the correct
hostname for the sandbox instance, while the `email` and `password`
should be set to the same credentials that were provided when creating
the instance.
* lucas comments
* Add integration tests
* Fix status codes and add comments
Co-authored-by: Martin Angers <martin.n.angers@gmail.com>
2022-07-01 16:52:55 -03:00
Zach Wasserman
db22f68c88
Separate health checks for MySQL and Redis ( #6468 )
...
This required a bit of refactoring of some mocking due to how the code
generation does not handle having the same function in different types.
2022-07-01 08:08:03 -03:00
Martin Angers
b9930930f5
Document the device-authenticated endpoints in API for Contributors ( #6406 )
2022-06-29 08:12:20 -04:00
Martin Angers
539be8ee09
Add battery info in host details response ( #6394 )
2022-06-28 14:11:49 -04:00
Juan Fernandez
9d01ba33c6
Feature 6096: Scan RHEL/CentOS hosts using OVAL definitions ( #6241 )
...
Extended the OVAL parser/analyzer so that we can scan RHEL based systems.
2022-06-23 16:44:45 -04:00
gillespi314
15de4f3e65
Update Fleet host detail query so os_version
for Ubuntu hosts reflects accurate patch number in point release ( #6360 )
2022-06-23 15:24:18 -05:00
Lucas Manuel Rodriguez
fc7650c4f8
Fix mock tests set test name ( #6345 )
...
* Set mock test on live query mocked tests
* Use MySQL 5.7 as default in docker-compose.yml
2022-06-23 11:34:52 -03:00
Roberto Dip
2948e112f6
ensure software_host_counts
is cleaned when software is deleted ( #6270 )
...
Related to #5982 , this ensures we clean up software_host_counts rows referencing software that is not longer present in the software table.
2022-06-22 17:35:53 -03:00
Lucas Manuel Rodriguez
9b210fc6bd
Add support for CA root certificate to Fleet Desktop (fleetctl package
's --fleet-certificate
flag) ( #6312 )
...
* Orbit to pass the value of `--fleet-certificate` to Fleet Desktop
* Add changes for testing
2022-06-21 16:25:36 -03:00
Roberto Dip
4a867d53dc
use a single context for background jobs and HTTP handlers ( #6313 )
2022-06-21 15:09:00 -03:00
Martin Angers
7bfe93f5d7
Include an error code as query string in /sso/callback response in case of failure ( #6286 )
2022-06-21 09:04:50 -04:00
Aaron
75f093e802
Use nanoseconds for campaign IDs ( #6216 )
...
Fixes #4806 by adding resolution to the generated IDs.
2022-06-14 15:46:09 +00:00
gillespi314
ed4ae18602
Handle transparency url for downgraded license ( #6207 )
2022-06-13 16:03:51 -05:00
Martin Angers
81f0e0ccfa
Track active hosts count and enforce limit ( #6099 )
2022-06-13 16:29:32 -04:00
Roberto Dip
19c5e3545b
add a dedicated endpoint that redirects to fleet_desktop.transparency_url ( #6204 )
...
As part of https://github.com/fleetdm/fleet/issues/5947 , and in order to have a simplified workflow in Fleet Desktop, we defined https://github.com/fleetdm/fleet/issues/6200 to add a new endpoint that redirects to the transparency url as defined in the config (for premium users only)
```
~/projects/fleet $ curl -v -s https://localhost:8080/api/latest/fleet/device/bf34ab98-23b0-48bc-8e82-8c0143cba11c/transparency
* Connection state changed (MAX_CONCURRENT_STREAMS == 250)!
< HTTP/2 307
< content-type: application/json; charset=utf-8
< location: https://fleetdm.com/transparency
< content-length: 0
< date: Mon, 13 Jun 2022 18:09:29 GMT
<
* Connection #0 to host localhost left intact
```
2022-06-13 16:07:08 -03:00
Martin Angers
7f9bb6431e
Update team integrations to reference global integrations (part of failing policies automation support) ( #6156 )
2022-06-13 10:04:47 -04:00