Merge branch 'main' into docs-v4.59.0

fleetdm · Oct 2, 2024 · 29b8e9b · 29b8e9b
2 parents 3690a0f + 8cfa35c
commit 29b8e9b
Show file tree

Hide file tree

Showing 95 changed files with 1,576 additions and 281 deletions.
diff --git a/.github/workflows/build-binaries.yaml b/.github/workflows/build-binaries.yaml
@@ -37,11 +37,10 @@ jobs:
         with:
           go-version-file: 'go.mod'
 
-      # Set the Node.js version
-      - name: Set up Node.js ${{ vars.NODE_VERSION }}
+      - name: Set up Node.js
         uses: actions/setup-node@5e21ff4d9bc1a8cf6de233a3057d20ec6b3fb69d # v3.8.1
         with:
-          node-version: ${{ vars.NODE_VERSION }}
+          node-version-file: package.json
 
       - name: JS Dependency Cache
         id: js-cache
@@ -51,7 +50,7 @@ jobs:
             **/node_modules
           # Use a separate cache for this from other JS jobs since we run the
           # webpack steps and will have more to cache.
-          key: ${{ runner.os }}-node_modules-${{ hashFiles('**/yarn.lock') }}-node_version-${{ vars.NODE_VERSION }}
+          key: ${{ runner.os }}-node_modules-${{ hashFiles('**/yarn.lock') }}
           restore-keys: |
             ${{ runner.os }}-node_modules-
 

diff --git a/.github/workflows/fleet-and-orbit.yml b/.github/workflows/fleet-and-orbit.yml
@@ -79,11 +79,10 @@ jobs:
         with:
           go-version-file: 'go.mod'
 
-      # Set the Node.js version
-      - name: Set up Node.js ${{ vars.NODE_VERSION }}
+      - name: Set up Node.js
         uses: actions/setup-node@5e21ff4d9bc1a8cf6de233a3057d20ec6b3fb69d # v3.8.1
         with:
-          node-version: ${{ vars.NODE_VERSION }}
+          node-version-file: package.json
 
       - name: Start tunnel
         env:

diff --git a/.github/workflows/goreleaser-fleet.yaml b/.github/workflows/goreleaser-fleet.yaml
@@ -46,11 +46,10 @@ jobs:
         with:
           go-version-file: 'go.mod'
 
-      # Set the Node.js version
-      - name: Set up Node.js ${{ vars.NODE_VERSION }}
+      - name: Set up Node.js
         uses: actions/setup-node@5e21ff4d9bc1a8cf6de233a3057d20ec6b3fb69d # v3.8.1
         with:
-          node-version: ${{ vars.NODE_VERSION }}
+          node-version-file: package.json
 
       - name: Install JS Dependencies
         run: make deps-js

diff --git a/.github/workflows/goreleaser-snapshot-fleet.yaml b/.github/workflows/goreleaser-snapshot-fleet.yaml
@@ -60,10 +60,10 @@ jobs:
           go-version-file: 'go.mod'
 
       # Set the Node.js version
-      - name: Set up Node.js ${{ vars.NODE_VERSION }}
+      - name: Set up Node.js
         uses: actions/setup-node@5e21ff4d9bc1a8cf6de233a3057d20ec6b3fb69d # v3.8.1
         with:
-          node-version: ${{ vars.NODE_VERSION }}
+          node-version-file: package.json
 
       - name: Install Dependencies
         run: make deps

diff --git a/.github/workflows/test-js.yml b/.github/workflows/test-js.yml
@@ -42,14 +42,14 @@ jobs:
         with:
           egress-policy: audit
 
-      - name: Set up Node.js ${{ vars.NODE_VERSION }}
-        uses: actions/setup-node@5e21ff4d9bc1a8cf6de233a3057d20ec6b3fb69d # v3.8.1
-        with:
-          node-version: ${{ vars.NODE_VERSION }}
-
       - name: Checkout Code
         uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3.5.3
 
+      - name: Set up Node.js
+        uses: actions/setup-node@5e21ff4d9bc1a8cf6de233a3057d20ec6b3fb69d # v3.8.1
+        with:
+          node-version-file: package.json
+
       - name: JS Dependency Cache
         id: js-cache
         uses: actions/cache@69d9d449aced6a2ede0bc19182fadc3a0a42d2b0 # v2
@@ -87,14 +87,14 @@ jobs:
         with:
           egress-policy: audit
 
-      - name: Set up Node.js ${{ vars.NODE_VERSION }}
-        uses: actions/setup-node@5e21ff4d9bc1a8cf6de233a3057d20ec6b3fb69d # v3.8.1
-        with:
-          node-version: ${{ vars.NODE_VERSION }}
-
       - name: Checkout Code
         uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3.5.3
 
+      - name: Set up Node.js
+        uses: actions/setup-node@5e21ff4d9bc1a8cf6de233a3057d20ec6b3fb69d # v3.8.1
+        with:
+          node-version-file: package.json
+
       - name: JS Dependency Cache
         id: js-cache
         uses: actions/cache@69d9d449aced6a2ede0bc19182fadc3a0a42d2b0 # v2

diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -1,3 +1,12 @@
+## Fleet 4.57.1 (Oct 01, 2024)
+
+### Bug fixes
+
+* Improved performance of SQL queries used to determine MDM profile status for Apple hosts.
+* Ensured request timeouts for software installer edits were just as high as for initial software installer uploads.
+* Fixed an issue with the migration that added support for multiple VPP tokens, which would happen if a token was removed prior to upgrading Fleet.
+* Fixed a "no rows" error when adding a software installer that matched an existing title's name and source but not its bundle ID.
+
 ## Fleet 4.57.0 (Sep 23, 2024)
 
 **Endpoint Operations**

diff --git a/articles/config-less-fleetd-agent-deployment.md b/articles/config-less-fleetd-agent-deployment.md
@@ -4,7 +4,7 @@
 
 Deploying Fleet's agent across a diverse range of devices often involves the crucial step of enrolling each device. Traditionally, this involves [packaging](https://fleetdm.com/docs/using-fleet/fleetd#packaging)  `fleetd` with configuration including the enroll secret and server URL. While effective, an alternative offers more flexibility in your deployment process. This guide introduces a different approach for deploying Fleet's agent without embedding configuration settings directly into `fleetd`. Ideal for IT administrators who prefer to generate a single package and maintain greater control over the distribution of enrollment secrets and server URLs, this method simplifies the enrollment process across macOS and Windows hosts.
 
-Emphasizing adaptability and convenience, this approach allows for a more efficient way to manage device enrollments. Let’s dive into how to deploy Fleet's agent using this alternative method, ensuring a more open and flexible deployment process.
+This approach emphasizes adaptability and convenience and allows for a more efficient way to manage device enrollments. Let’s explore how to deploy Fleet's agent using this alternative method, ensuring a more open and flexible deployment process.
 
 
 ## For macOS:
@@ -44,6 +44,18 @@ fleetctl package --type=pkg --use-system-configuration --fleet-desktop
         <key>PayloadVersion</key>
         <integer>1</integer>
       </dict>
+      <dict>
+        <key>EndUserEmail</key>
+        <string>END_USER_EMAIL_HERE</string>
+        <key>PayloadIdentifier</key>
+        <string>com.fleetdm.fleet.mdm.apple.mdm</string>
+        <key>PayloadType</key>
+	  <string>com.apple.mdm</string>
+	  <key>PayloadUUID</key>
+	  <string>29713130-1602-4D27-90C9-B822A295E44E</string>
+        <key>PayloadVersion</key>
+        <integer>1</integer>
+      </dict>
     </array>
     <key>PayloadDisplayName</key>
     <string>Fleetd configuration</string>
@@ -56,11 +68,38 @@ fleetctl package --type=pkg --use-system-configuration --fleet-desktop
     <key>PayloadVersion</key>
     <integer>1</integer>
     <key>PayloadDescription</key>
-    <string>Default configuration for the fleetd agent.</string>
+    <string>Configuration for the fleetd agent.</string>
   </dict>
 </plist>
 ```
 
+You can optionally specify the `END_USER_EMAIL` that will be added to the host's [human-device mapping](https://fleetdm.com/docs/rest-api/rest-api#get-human-device-mapping):
+
+```xml
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
+<plist version="1.0">
+  <dict>
+    <key>PayloadContent</key>
+    <array>
+      ...
+      <dict>
+        <key>EndUserEmail</key>
+        <string>END_USER_EMAIL</string>
+        <key>PayloadIdentifier</key>
+        <string>com.fleetdm.fleet.mdm.apple.mdm</string>
+        <key>PayloadType</key>
+	  <string>com.apple.mdm</string>
+	  <key>PayloadUUID</key>
+	  <string>29713130-1602-4D27-90C9-B822A295E44E</string>
+        <key>PayloadVersion</key>
+        <integer>1</integer>
+      </dict>
+    </array>
+    ...
+  </dict>
+</plist>
+```
 
 ## For Windows:
 

diff --git a/changes/19619-win-battery b/changes/19619-win-battery
@@ -0,0 +1 @@
+- Windows host details now include battery status
diff --git a/changes/20537-add-rpm-support b/changes/20537-add-rpm-support
@@ -0,0 +1 @@
+* Added support for uploading RPM packages.
diff --git a/changes/22094-query-optimization b/changes/22094-query-optimization
@@ -0,0 +1 @@
+- Increased performance for Host details and Fleet Desktop, particularly in environments using high volumes of live queries
diff --git a/changes/22198-defaults b/changes/22198-defaults
@@ -0,0 +1,2 @@
+- Fixes a bug where removing a VPP or ABM token from a GitOps YAML file would leave the team
+  assignments unchanged.
diff --git a/charts/fleet/Chart.yaml b/charts/fleet/Chart.yaml
@@ -8,7 +8,7 @@ version: v6.2.0
 home: https://github.com/fleetdm/fleet
 sources:
   - https://github.com/fleetdm/fleet.git
-appVersion: v4.57.0
+appVersion: v4.57.1
 dependencies:
   - name: mysql
     condition: mysql.enabled

diff --git a/charts/fleet/values.yaml b/charts/fleet/values.yaml
@@ -3,7 +3,7 @@
 hostName: fleet.localhost
 replicas: 3 # The number of Fleet instances to deploy
 imageRepository: fleetdm/fleet
-imageTag: v4.57.0 # Version of Fleet to deploy
+imageTag: v4.57.1 # Version of Fleet to deploy
 podAnnotations: {} # Additional annotations to add to the Fleet pod
 serviceAccountAnnotations: {} # Additional annotations to add to the Fleet service account
 resources:

diff --git a/cmd/fleetctl/apply_test.go b/cmd/fleetctl/apply_test.go
@@ -657,6 +657,18 @@ func TestApplyAppConfig(t *testing.T) {
 		return []*fleet.TeamSummary{{Name: "team1", ID: 1}}, nil
 	}
 
+	ds.SaveABMTokenFunc = func(ctx context.Context, tok *fleet.ABMToken) error {
+		return nil
+	}
+
+	ds.ListVPPTokensFunc = func(ctx context.Context) ([]*fleet.VPPTokenDB, error) {
+		return []*fleet.VPPTokenDB{}, nil
+	}
+
+	ds.ListABMTokensFunc = func(ctx context.Context) ([]*fleet.ABMToken, error) {
+		return []*fleet.ABMToken{{OrganizationName: t.Name()}}, nil
+	}
+
 	name := writeTmpYml(t, `---
 apiVersion: v1
 kind: config
@@ -782,6 +794,18 @@ func TestApplyAppConfigDryRunIssue(t *testing.T) {
 		return nil
 	}
 
+	ds.SaveABMTokenFunc = func(ctx context.Context, tok *fleet.ABMToken) error {
+		return nil
+	}
+
+	ds.ListVPPTokensFunc = func(ctx context.Context) ([]*fleet.VPPTokenDB, error) {
+		return []*fleet.VPPTokenDB{}, nil
+	}
+
+	ds.ListABMTokensFunc = func(ctx context.Context) ([]*fleet.ABMToken, error) {
+		return []*fleet.ABMToken{}, nil
+	}
+
 	// first, set the default app config's agent options as set after fleetctl setup
 	name := writeTmpYml(t, `---
 apiVersion: v1
@@ -914,6 +938,18 @@ func TestApplyAppConfigDeprecatedFields(t *testing.T) {
 		return nil
 	}
 
+	ds.SaveABMTokenFunc = func(ctx context.Context, tok *fleet.ABMToken) error {
+		return nil
+	}
+
+	ds.ListVPPTokensFunc = func(ctx context.Context) ([]*fleet.VPPTokenDB, error) {
+		return []*fleet.VPPTokenDB{}, nil
+	}
+
+	ds.ListABMTokensFunc = func(ctx context.Context) ([]*fleet.ABMToken, error) {
+		return []*fleet.ABMToken{}, nil
+	}
+
 	name := writeTmpYml(t, `---
 apiVersion: v1
 kind: config
@@ -1316,6 +1352,14 @@ func TestApplyAsGitOps(t *testing.T) {
 		return []*fleet.ABMToken{{ID: 1}}, nil
 	}
 
+	ds.SaveABMTokenFunc = func(ctx context.Context, tok *fleet.ABMToken) error {
+		return nil
+	}
+
+	ds.ListVPPTokensFunc = func(ctx context.Context) ([]*fleet.VPPTokenDB, error) {
+		return []*fleet.VPPTokenDB{}, nil
+	}
+
 	// Apply global config.
 	name := writeTmpYml(t, `---
 apiVersion: v1
@@ -1873,6 +1917,18 @@ func TestCanApplyIntervalsInNanoseconds(t *testing.T) {
 		return nil
 	}
 
+	ds.SaveABMTokenFunc = func(ctx context.Context, tok *fleet.ABMToken) error {
+		return nil
+	}
+
+	ds.ListVPPTokensFunc = func(ctx context.Context) ([]*fleet.VPPTokenDB, error) {
+		return []*fleet.VPPTokenDB{}, nil
+	}
+
+	ds.ListABMTokensFunc = func(ctx context.Context) ([]*fleet.ABMToken, error) {
+		return []*fleet.ABMToken{}, nil
+	}
+
 	name := writeTmpYml(t, `---
 apiVersion: v1
 kind: config
@@ -1908,6 +1964,18 @@ func TestCanApplyIntervalsUsingDurations(t *testing.T) {
 		return nil
 	}
 
+	ds.SaveABMTokenFunc = func(ctx context.Context, tok *fleet.ABMToken) error {
+		return nil
+	}
+
+	ds.ListVPPTokensFunc = func(ctx context.Context) ([]*fleet.VPPTokenDB, error) {
+		return []*fleet.VPPTokenDB{}, nil
+	}
+
+	ds.ListABMTokensFunc = func(ctx context.Context) ([]*fleet.ABMToken, error) {
+		return []*fleet.ABMToken{}, nil
+	}
+
 	name := writeTmpYml(t, `---
 apiVersion: v1
 kind: config
@@ -2091,6 +2159,18 @@ func TestApplyMacosSetup(t *testing.T) {
 			return []*fleet.ABMToken{{ID: 1}}, nil
 		}
 
+		ds.SaveABMTokenFunc = func(ctx context.Context, tok *fleet.ABMToken) error {
+			return nil
+		}
+
+		ds.ListVPPTokensFunc = func(ctx context.Context) ([]*fleet.VPPTokenDB, error) {
+			return []*fleet.VPPTokenDB{}, nil
+		}
+
+		ds.ListABMTokensFunc = func(ctx context.Context) ([]*fleet.ABMToken, error) {
+			return []*fleet.ABMToken{}, nil
+		}
+
 		return ds
 	}
 
@@ -2764,6 +2844,17 @@ func TestApplySpecs(t *testing.T) {
 		ds.DeleteMDMWindowsConfigProfileByTeamAndNameFunc = func(ctx context.Context, teamID *uint, profileName string) error {
 			return nil
 		}
+
+		// VPP/AMB
+		ds.SaveABMTokenFunc = func(ctx context.Context, tok *fleet.ABMToken) error {
+			return nil
+		}
+		ds.ListVPPTokensFunc = func(ctx context.Context) ([]*fleet.VPPTokenDB, error) {
+			return []*fleet.VPPTokenDB{}, nil
+		}
+		ds.ListABMTokensFunc = func(ctx context.Context) ([]*fleet.ABMToken, error) {
+			return []*fleet.ABMToken{}, nil
+		}
 	}
 
 	cases := []struct {