From 5d775fd65d4763475d6cdf8286a065f674d3f249 Mon Sep 17 00:00:00 2001 From: Jacob Shandling Date: Tue, 11 Feb 2025 16:10:40 -0800 Subject: [PATCH 01/13] type --- server/fleet/app.go | 10 ++++++++++ 1 file changed, 10 insertions(+) diff --git a/server/fleet/app.go b/server/fleet/app.go index 65d0d882d524..63c8fc58ec68 100644 --- a/server/fleet/app.go +++ b/server/fleet/app.go @@ -213,6 +213,11 @@ type MDM struct { ///////////////////////////////////////////////////////////////// } +type ChangeManagement struct { + GitopsModeEnabled bool `json:"gitops_mode_enabled"` + RepositoryURL string `json:"repository_url"` +} + func (c *AppConfig) MDMUrl() string { if c.MDM.AppleServerURL == "" { return c.ServerSettings.ServerURL @@ -552,6 +557,8 @@ type AppConfig struct { MDM MDM `json:"mdm"` + ChangeManagement ChangeManagement `json:"change_management"` + // Scripts is a slice of script file paths. // // NOTE: These are only present here for informational purposes. @@ -600,6 +607,7 @@ func (c *AppConfig) Copy() *AppConfig { return nil } + // AppConfig fields with `json:"omitempty"` struct tag won't be automatically copied during this assignment, so set them explicitly clone := *c // OrgInfo: nothing needs cloning @@ -725,6 +733,8 @@ func (c *AppConfig) Copy() *AppConfig { clone.MDM.MacOSSetup.Software = optjson.SetSlice(sw) } + // ChangeManagement: nothing needs cloning + if c.YaraRules != nil { rules := make([]YaraRule, len(c.YaraRules)) copy(rules, c.YaraRules) From 733c7a83d226dfa267e9a6e4cd257ccac2d6d7d8 Mon Sep 17 00:00:00 2001 From: Jacob Shandling Date: Tue, 11 Feb 2025 16:10:48 -0800 Subject: [PATCH 02/13] get --- server/service/appconfig.go | 9 +++++---- 1 file changed, 5 insertions(+), 4 deletions(-) diff --git a/server/service/appconfig.go b/server/service/appconfig.go index 267f4fb14cdf..566f459bd24e 100644 --- a/server/service/appconfig.go +++ b/server/service/appconfig.go @@ -187,10 +187,11 @@ func getAppConfigEndpoint(ctx context.Context, request interface{}, svc fleet.Se FleetDesktop: fleetDesktop, - WebhookSettings: appConfig.WebhookSettings, - Integrations: appConfig.Integrations, - MDM: appConfig.MDM, - Scripts: appConfig.Scripts, + WebhookSettings: appConfig.WebhookSettings, + Integrations: appConfig.Integrations, + MDM: appConfig.MDM, + Scripts: appConfig.Scripts, + ChangeManagement: appConfig.ChangeManagement, }, appConfigResponseFields: appConfigResponseFields{ UpdateInterval: updateIntervalConfig, From 58dc54aa1c66e68326e7229692aa619a070da5c7 Mon Sep 17 00:00:00 2001 From: Jacob Shandling Date: Tue, 11 Feb 2025 16:37:53 -0800 Subject: [PATCH 03/13] patch --- server/service/appconfig.go | 11 +++++++++++ 1 file changed, 11 insertions(+) diff --git a/server/service/appconfig.go b/server/service/appconfig.go index 566f459bd24e..39cb39acfd67 100644 --- a/server/service/appconfig.go +++ b/server/service/appconfig.go @@ -623,6 +623,17 @@ func (svc *Service) ModifyAppConfig(ctx context.Context, p []byte, applyOpts fle appConfig.Integrations.GoogleCalendar = oldAppConfig.Integrations.GoogleCalendar } + gmo, rurl := newAppConfig.ChangeManagement.GitopsModeEnabled, newAppConfig.ChangeManagement.RepositoryURL + if gmo { + if rurl == "" { + return nil, fleet.NewInvalidArgumentError("Change management: ", "Repository URL is required when GitOps mode is enabled") + } + if err := validateServerURL(rurl); err != nil { + return nil, fleet.NewInvalidArgumentError("Change management: ", err.Error()) + } + } + appConfig.ChangeManagement = newAppConfig.ChangeManagement + if !license.IsPremium() { // reset transparency url to empty for downgraded licenses appConfig.FleetDesktop.TransparencyURL = "" From 949032534d84092bf05e58dee1909c7d00d2deb7 Mon Sep 17 00:00:00 2001 From: Jacob Shandling Date: Tue, 11 Feb 2025 16:45:58 -0800 Subject: [PATCH 04/13] `make dump-test-schema` --- server/datastore/mysql/schema.sql | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/server/datastore/mysql/schema.sql b/server/datastore/mysql/schema.sql index 5013fa61399b..2cba727111d4 100644 --- a/server/datastore/mysql/schema.sql +++ b/server/datastore/mysql/schema.sql @@ -75,7 +75,7 @@ CREATE TABLE `app_config_json` ( PRIMARY KEY (`id`) ) /*!50100 TABLESPACE `innodb_system` */ ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 COLLATE=utf8mb4_unicode_ci; /*!40101 SET character_set_client = @saved_cs_client */; -INSERT INTO `app_config_json` VALUES (1,'{\"mdm\": {\"ios_updates\": {\"deadline\": null, \"minimum_version\": null}, \"macos_setup\": {\"script\": null, \"software\": null, \"bootstrap_package\": null, \"macos_setup_assistant\": null, \"enable_end_user_authentication\": false, \"enable_release_device_manually\": false}, \"macos_updates\": {\"deadline\": null, \"minimum_version\": null}, \"ipados_updates\": {\"deadline\": null, \"minimum_version\": null}, \"macos_settings\": {\"custom_settings\": null}, \"macos_migration\": {\"mode\": \"\", \"enable\": false, \"webhook_url\": \"\"}, \"windows_updates\": {\"deadline_days\": null, \"grace_period_days\": null}, \"apple_server_url\": \"\", \"windows_settings\": {\"custom_settings\": null}, \"apple_bm_terms_expired\": false, \"apple_business_manager\": null, \"enable_disk_encryption\": false, \"enabled_and_configured\": false, \"end_user_authentication\": {\"idp_name\": \"\", \"metadata\": \"\", \"entity_id\": \"\", \"issuer_uri\": \"\", \"metadata_url\": \"\"}, \"volume_purchasing_program\": null, \"windows_migration_enabled\": false, \"windows_enabled_and_configured\": false, \"apple_bm_enabled_and_configured\": false}, \"scripts\": null, \"features\": {\"enable_host_users\": true, \"enable_software_inventory\": false}, \"org_info\": {\"org_name\": \"\", \"contact_url\": \"\", \"org_logo_url\": \"\", \"org_logo_url_light_background\": \"\"}, \"integrations\": {\"jira\": null, \"zendesk\": null, \"google_calendar\": null, \"ndes_scep_proxy\": null}, \"sso_settings\": {\"idp_name\": \"\", \"metadata\": \"\", \"entity_id\": \"\", \"enable_sso\": false, \"issuer_uri\": \"\", \"metadata_url\": \"\", \"idp_image_url\": \"\", \"enable_jit_role_sync\": false, \"enable_sso_idp_login\": false, \"enable_jit_provisioning\": false}, \"agent_options\": {\"config\": {\"options\": {\"logger_plugin\": \"tls\", \"pack_delimiter\": \"/\", \"logger_tls_period\": 10, \"distributed_plugin\": \"tls\", \"disable_distributed\": false, \"logger_tls_endpoint\": \"/api/osquery/log\", \"distributed_interval\": 10, \"distributed_tls_max_attempts\": 3}, \"decorators\": {\"load\": [\"SELECT uuid AS host_uuid FROM system_info;\", \"SELECT hostname AS hostname FROM system_info;\"]}}, \"overrides\": {}}, \"fleet_desktop\": {\"transparency_url\": \"\"}, \"smtp_settings\": {\"port\": 587, \"domain\": \"\", \"server\": \"\", \"password\": \"\", \"user_name\": \"\", \"configured\": false, \"enable_smtp\": false, \"enable_ssl_tls\": true, \"sender_address\": \"\", \"enable_start_tls\": true, \"verify_ssl_certs\": true, \"authentication_type\": \"0\", \"authentication_method\": \"0\"}, \"server_settings\": {\"server_url\": \"\", \"enable_analytics\": false, \"query_report_cap\": 0, \"scripts_disabled\": false, \"deferred_save_host\": false, \"live_query_disabled\": false, \"ai_features_disabled\": false, \"query_reports_disabled\": false}, \"webhook_settings\": {\"interval\": \"0s\", \"activities_webhook\": {\"destination_url\": \"\", \"enable_activities_webhook\": false}, \"host_status_webhook\": {\"days_count\": 0, \"destination_url\": \"\", \"host_percentage\": 0, \"enable_host_status_webhook\": false}, \"vulnerabilities_webhook\": {\"destination_url\": \"\", \"host_batch_size\": 0, \"enable_vulnerabilities_webhook\": false}, \"failing_policies_webhook\": {\"policy_ids\": null, \"destination_url\": \"\", \"host_batch_size\": 0, \"enable_failing_policies_webhook\": false}}, \"host_expiry_settings\": {\"host_expiry_window\": 0, \"host_expiry_enabled\": false}, \"vulnerability_settings\": {\"databases_path\": \"\"}, \"activity_expiry_settings\": {\"activity_expiry_window\": 0, \"activity_expiry_enabled\": false}}','2020-01-01 01:01:01','2020-01-01 01:01:01'); +INSERT INTO `app_config_json` VALUES (1,'{\"mdm\": {\"ios_updates\": {\"deadline\": null, \"minimum_version\": null}, \"macos_setup\": {\"script\": null, \"software\": null, \"bootstrap_package\": null, \"macos_setup_assistant\": null, \"enable_end_user_authentication\": false, \"enable_release_device_manually\": false}, \"macos_updates\": {\"deadline\": null, \"minimum_version\": null}, \"ipados_updates\": {\"deadline\": null, \"minimum_version\": null}, \"macos_settings\": {\"custom_settings\": null}, \"macos_migration\": {\"mode\": \"\", \"enable\": false, \"webhook_url\": \"\"}, \"windows_updates\": {\"deadline_days\": null, \"grace_period_days\": null}, \"apple_server_url\": \"\", \"windows_settings\": {\"custom_settings\": null}, \"apple_bm_terms_expired\": false, \"apple_business_manager\": null, \"enable_disk_encryption\": false, \"enabled_and_configured\": false, \"end_user_authentication\": {\"idp_name\": \"\", \"metadata\": \"\", \"entity_id\": \"\", \"issuer_uri\": \"\", \"metadata_url\": \"\"}, \"volume_purchasing_program\": null, \"windows_migration_enabled\": false, \"windows_enabled_and_configured\": false, \"apple_bm_enabled_and_configured\": false}, \"scripts\": null, \"features\": {\"enable_host_users\": true, \"enable_software_inventory\": false}, \"org_info\": {\"org_name\": \"\", \"contact_url\": \"\", \"org_logo_url\": \"\", \"org_logo_url_light_background\": \"\"}, \"integrations\": {\"jira\": null, \"zendesk\": null, \"google_calendar\": null, \"ndes_scep_proxy\": null}, \"sso_settings\": {\"idp_name\": \"\", \"metadata\": \"\", \"entity_id\": \"\", \"enable_sso\": false, \"issuer_uri\": \"\", \"metadata_url\": \"\", \"idp_image_url\": \"\", \"enable_jit_role_sync\": false, \"enable_sso_idp_login\": false, \"enable_jit_provisioning\": false}, \"agent_options\": {\"config\": {\"options\": {\"logger_plugin\": \"tls\", \"pack_delimiter\": \"/\", \"logger_tls_period\": 10, \"distributed_plugin\": \"tls\", \"disable_distributed\": false, \"logger_tls_endpoint\": \"/api/osquery/log\", \"distributed_interval\": 10, \"distributed_tls_max_attempts\": 3}, \"decorators\": {\"load\": [\"SELECT uuid AS host_uuid FROM system_info;\", \"SELECT hostname AS hostname FROM system_info;\"]}}, \"overrides\": {}}, \"fleet_desktop\": {\"transparency_url\": \"\"}, \"smtp_settings\": {\"port\": 587, \"domain\": \"\", \"server\": \"\", \"password\": \"\", \"user_name\": \"\", \"configured\": false, \"enable_smtp\": false, \"enable_ssl_tls\": true, \"sender_address\": \"\", \"enable_start_tls\": true, \"verify_ssl_certs\": true, \"authentication_type\": \"0\", \"authentication_method\": \"0\"}, \"server_settings\": {\"server_url\": \"\", \"enable_analytics\": false, \"query_report_cap\": 0, \"scripts_disabled\": false, \"deferred_save_host\": false, \"live_query_disabled\": false, \"ai_features_disabled\": false, \"query_reports_disabled\": false}, \"webhook_settings\": {\"interval\": \"0s\", \"activities_webhook\": {\"destination_url\": \"\", \"enable_activities_webhook\": false}, \"host_status_webhook\": {\"days_count\": 0, \"destination_url\": \"\", \"host_percentage\": 0, \"enable_host_status_webhook\": false}, \"vulnerabilities_webhook\": {\"destination_url\": \"\", \"host_batch_size\": 0, \"enable_vulnerabilities_webhook\": false}, \"failing_policies_webhook\": {\"policy_ids\": null, \"destination_url\": \"\", \"host_batch_size\": 0, \"enable_failing_policies_webhook\": false}}, \"change_management\": {\"repository_url\": \"\", \"gitops_mode_enabled\": false}, \"host_expiry_settings\": {\"host_expiry_window\": 0, \"host_expiry_enabled\": false}, \"vulnerability_settings\": {\"databases_path\": \"\"}, \"activity_expiry_settings\": {\"activity_expiry_window\": 0, \"activity_expiry_enabled\": false}}','2020-01-01 01:01:01','2020-01-01 01:01:01'); /*!40101 SET @saved_cs_client = @@character_set_client */; /*!50503 SET character_set_client = utf8mb4 */; CREATE TABLE `calendar_events` ( From f251b11883355d508c4060917db3bcd23533daa0 Mon Sep 17 00:00:00 2001 From: Jacob Shandling Date: Thu, 13 Feb 2025 09:19:56 -0800 Subject: [PATCH 05/13] remove inaccurate comment --- server/fleet/app.go | 1 - 1 file changed, 1 deletion(-) diff --git a/server/fleet/app.go b/server/fleet/app.go index 63c8fc58ec68..5c8db1e6aa35 100644 --- a/server/fleet/app.go +++ b/server/fleet/app.go @@ -607,7 +607,6 @@ func (c *AppConfig) Copy() *AppConfig { return nil } - // AppConfig fields with `json:"omitempty"` struct tag won't be automatically copied during this assignment, so set them explicitly clone := *c // OrgInfo: nothing needs cloning From 614cb4593ef514d9eb6baa668bdffd95471ae36e Mon Sep 17 00:00:00 2001 From: Jacob Shandling Date: Thu, 13 Feb 2025 15:11:01 -0800 Subject: [PATCH 06/13] refactor per new api design --- server/datastore/mysql/schema.sql | 2 +- server/fleet/app.go | 6 +++--- server/service/appconfig.go | 20 ++++++++++---------- 3 files changed, 14 insertions(+), 14 deletions(-) diff --git a/server/datastore/mysql/schema.sql b/server/datastore/mysql/schema.sql index 2cba727111d4..b0bd67db4b31 100644 --- a/server/datastore/mysql/schema.sql +++ b/server/datastore/mysql/schema.sql @@ -75,7 +75,7 @@ CREATE TABLE `app_config_json` ( PRIMARY KEY (`id`) ) /*!50100 TABLESPACE `innodb_system` */ ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 COLLATE=utf8mb4_unicode_ci; /*!40101 SET character_set_client = @saved_cs_client */; -INSERT INTO `app_config_json` VALUES (1,'{\"mdm\": {\"ios_updates\": {\"deadline\": null, \"minimum_version\": null}, \"macos_setup\": {\"script\": null, \"software\": null, \"bootstrap_package\": null, \"macos_setup_assistant\": null, \"enable_end_user_authentication\": false, \"enable_release_device_manually\": false}, \"macos_updates\": {\"deadline\": null, \"minimum_version\": null}, \"ipados_updates\": {\"deadline\": null, \"minimum_version\": null}, \"macos_settings\": {\"custom_settings\": null}, \"macos_migration\": {\"mode\": \"\", \"enable\": false, \"webhook_url\": \"\"}, \"windows_updates\": {\"deadline_days\": null, \"grace_period_days\": null}, \"apple_server_url\": \"\", \"windows_settings\": {\"custom_settings\": null}, \"apple_bm_terms_expired\": false, \"apple_business_manager\": null, \"enable_disk_encryption\": false, \"enabled_and_configured\": false, \"end_user_authentication\": {\"idp_name\": \"\", \"metadata\": \"\", \"entity_id\": \"\", \"issuer_uri\": \"\", \"metadata_url\": \"\"}, \"volume_purchasing_program\": null, \"windows_migration_enabled\": false, \"windows_enabled_and_configured\": false, \"apple_bm_enabled_and_configured\": false}, \"scripts\": null, \"features\": {\"enable_host_users\": true, \"enable_software_inventory\": false}, \"org_info\": {\"org_name\": \"\", \"contact_url\": \"\", \"org_logo_url\": \"\", \"org_logo_url_light_background\": \"\"}, \"integrations\": {\"jira\": null, \"zendesk\": null, \"google_calendar\": null, \"ndes_scep_proxy\": null}, \"sso_settings\": {\"idp_name\": \"\", \"metadata\": \"\", \"entity_id\": \"\", \"enable_sso\": false, \"issuer_uri\": \"\", \"metadata_url\": \"\", \"idp_image_url\": \"\", \"enable_jit_role_sync\": false, \"enable_sso_idp_login\": false, \"enable_jit_provisioning\": false}, \"agent_options\": {\"config\": {\"options\": {\"logger_plugin\": \"tls\", \"pack_delimiter\": \"/\", \"logger_tls_period\": 10, \"distributed_plugin\": \"tls\", \"disable_distributed\": false, \"logger_tls_endpoint\": \"/api/osquery/log\", \"distributed_interval\": 10, \"distributed_tls_max_attempts\": 3}, \"decorators\": {\"load\": [\"SELECT uuid AS host_uuid FROM system_info;\", \"SELECT hostname AS hostname FROM system_info;\"]}}, \"overrides\": {}}, \"fleet_desktop\": {\"transparency_url\": \"\"}, \"smtp_settings\": {\"port\": 587, \"domain\": \"\", \"server\": \"\", \"password\": \"\", \"user_name\": \"\", \"configured\": false, \"enable_smtp\": false, \"enable_ssl_tls\": true, \"sender_address\": \"\", \"enable_start_tls\": true, \"verify_ssl_certs\": true, \"authentication_type\": \"0\", \"authentication_method\": \"0\"}, \"server_settings\": {\"server_url\": \"\", \"enable_analytics\": false, \"query_report_cap\": 0, \"scripts_disabled\": false, \"deferred_save_host\": false, \"live_query_disabled\": false, \"ai_features_disabled\": false, \"query_reports_disabled\": false}, \"webhook_settings\": {\"interval\": \"0s\", \"activities_webhook\": {\"destination_url\": \"\", \"enable_activities_webhook\": false}, \"host_status_webhook\": {\"days_count\": 0, \"destination_url\": \"\", \"host_percentage\": 0, \"enable_host_status_webhook\": false}, \"vulnerabilities_webhook\": {\"destination_url\": \"\", \"host_batch_size\": 0, \"enable_vulnerabilities_webhook\": false}, \"failing_policies_webhook\": {\"policy_ids\": null, \"destination_url\": \"\", \"host_batch_size\": 0, \"enable_failing_policies_webhook\": false}}, \"change_management\": {\"repository_url\": \"\", \"gitops_mode_enabled\": false}, \"host_expiry_settings\": {\"host_expiry_window\": 0, \"host_expiry_enabled\": false}, \"vulnerability_settings\": {\"databases_path\": \"\"}, \"activity_expiry_settings\": {\"activity_expiry_window\": 0, \"activity_expiry_enabled\": false}}','2020-01-01 01:01:01','2020-01-01 01:01:01'); +INSERT INTO `app_config_json` VALUES (1,'{\"mdm\": {\"ios_updates\": {\"deadline\": null, \"minimum_version\": null}, \"macos_setup\": {\"script\": null, \"software\": null, \"bootstrap_package\": null, \"macos_setup_assistant\": null, \"enable_end_user_authentication\": false, \"enable_release_device_manually\": false}, \"macos_updates\": {\"deadline\": null, \"minimum_version\": null}, \"ipados_updates\": {\"deadline\": null, \"minimum_version\": null}, \"macos_settings\": {\"custom_settings\": null}, \"macos_migration\": {\"mode\": \"\", \"enable\": false, \"webhook_url\": \"\"}, \"windows_updates\": {\"deadline_days\": null, \"grace_period_days\": null}, \"apple_server_url\": \"\", \"windows_settings\": {\"custom_settings\": null}, \"apple_bm_terms_expired\": false, \"apple_business_manager\": null, \"enable_disk_encryption\": false, \"enabled_and_configured\": false, \"end_user_authentication\": {\"idp_name\": \"\", \"metadata\": \"\", \"entity_id\": \"\", \"issuer_uri\": \"\", \"metadata_url\": \"\"}, \"volume_purchasing_program\": null, \"windows_migration_enabled\": false, \"windows_enabled_and_configured\": false, \"apple_bm_enabled_and_configured\": false}, \"gitops\": {\"repository_url\": \"\", \"gitops_mode_enabled\": false}, \"scripts\": null, \"features\": {\"enable_host_users\": true, \"enable_software_inventory\": false}, \"org_info\": {\"org_name\": \"\", \"contact_url\": \"\", \"org_logo_url\": \"\", \"org_logo_url_light_background\": \"\"}, \"integrations\": {\"jira\": null, \"zendesk\": null, \"google_calendar\": null, \"ndes_scep_proxy\": null}, \"sso_settings\": {\"idp_name\": \"\", \"metadata\": \"\", \"entity_id\": \"\", \"enable_sso\": false, \"issuer_uri\": \"\", \"metadata_url\": \"\", \"idp_image_url\": \"\", \"enable_jit_role_sync\": false, \"enable_sso_idp_login\": false, \"enable_jit_provisioning\": false}, \"agent_options\": {\"config\": {\"options\": {\"logger_plugin\": \"tls\", \"pack_delimiter\": \"/\", \"logger_tls_period\": 10, \"distributed_plugin\": \"tls\", \"disable_distributed\": false, \"logger_tls_endpoint\": \"/api/osquery/log\", \"distributed_interval\": 10, \"distributed_tls_max_attempts\": 3}, \"decorators\": {\"load\": [\"SELECT uuid AS host_uuid FROM system_info;\", \"SELECT hostname AS hostname FROM system_info;\"]}}, \"overrides\": {}}, \"fleet_desktop\": {\"transparency_url\": \"\"}, \"smtp_settings\": {\"port\": 587, \"domain\": \"\", \"server\": \"\", \"password\": \"\", \"user_name\": \"\", \"configured\": false, \"enable_smtp\": false, \"enable_ssl_tls\": true, \"sender_address\": \"\", \"enable_start_tls\": true, \"verify_ssl_certs\": true, \"authentication_type\": \"0\", \"authentication_method\": \"0\"}, \"server_settings\": {\"server_url\": \"\", \"enable_analytics\": false, \"query_report_cap\": 0, \"scripts_disabled\": false, \"deferred_save_host\": false, \"live_query_disabled\": false, \"ai_features_disabled\": false, \"query_reports_disabled\": false}, \"webhook_settings\": {\"interval\": \"0s\", \"activities_webhook\": {\"destination_url\": \"\", \"enable_activities_webhook\": false}, \"host_status_webhook\": {\"days_count\": 0, \"destination_url\": \"\", \"host_percentage\": 0, \"enable_host_status_webhook\": false}, \"vulnerabilities_webhook\": {\"destination_url\": \"\", \"host_batch_size\": 0, \"enable_vulnerabilities_webhook\": false}, \"failing_policies_webhook\": {\"policy_ids\": null, \"destination_url\": \"\", \"host_batch_size\": 0, \"enable_failing_policies_webhook\": false}}, \"host_expiry_settings\": {\"host_expiry_window\": 0, \"host_expiry_enabled\": false}, \"vulnerability_settings\": {\"databases_path\": \"\"}, \"activity_expiry_settings\": {\"activity_expiry_window\": 0, \"activity_expiry_enabled\": false}}','2020-01-01 01:01:01','2020-01-01 01:01:01'); /*!40101 SET @saved_cs_client = @@character_set_client */; /*!50503 SET character_set_client = utf8mb4 */; CREATE TABLE `calendar_events` ( diff --git a/server/fleet/app.go b/server/fleet/app.go index 5c8db1e6aa35..9f7f4f5dd3c7 100644 --- a/server/fleet/app.go +++ b/server/fleet/app.go @@ -213,7 +213,7 @@ type MDM struct { ///////////////////////////////////////////////////////////////// } -type ChangeManagement struct { +type UIGitOpsModeConfig struct { GitopsModeEnabled bool `json:"gitops_mode_enabled"` RepositoryURL string `json:"repository_url"` } @@ -557,7 +557,7 @@ type AppConfig struct { MDM MDM `json:"mdm"` - ChangeManagement ChangeManagement `json:"change_management"` + UIGitOpsMode UIGitOpsModeConfig `json:"gitops"` // Scripts is a slice of script file paths. // @@ -732,7 +732,7 @@ func (c *AppConfig) Copy() *AppConfig { clone.MDM.MacOSSetup.Software = optjson.SetSlice(sw) } - // ChangeManagement: nothing needs cloning + // UIGitOpsMode: nothing needs cloning if c.YaraRules != nil { rules := make([]YaraRule, len(c.YaraRules)) diff --git a/server/service/appconfig.go b/server/service/appconfig.go index 39cb39acfd67..829918a94332 100644 --- a/server/service/appconfig.go +++ b/server/service/appconfig.go @@ -187,11 +187,11 @@ func getAppConfigEndpoint(ctx context.Context, request interface{}, svc fleet.Se FleetDesktop: fleetDesktop, - WebhookSettings: appConfig.WebhookSettings, - Integrations: appConfig.Integrations, - MDM: appConfig.MDM, - Scripts: appConfig.Scripts, - ChangeManagement: appConfig.ChangeManagement, + WebhookSettings: appConfig.WebhookSettings, + Integrations: appConfig.Integrations, + MDM: appConfig.MDM, + Scripts: appConfig.Scripts, + UIGitOpsMode: appConfig.UIGitOpsMode, }, appConfigResponseFields: appConfigResponseFields{ UpdateInterval: updateIntervalConfig, @@ -623,16 +623,16 @@ func (svc *Service) ModifyAppConfig(ctx context.Context, p []byte, applyOpts fle appConfig.Integrations.GoogleCalendar = oldAppConfig.Integrations.GoogleCalendar } - gmo, rurl := newAppConfig.ChangeManagement.GitopsModeEnabled, newAppConfig.ChangeManagement.RepositoryURL - if gmo { + gme, rurl := newAppConfig.UIGitOpsMode.GitopsModeEnabled, newAppConfig.UIGitOpsMode.RepositoryURL + if gme { if rurl == "" { - return nil, fleet.NewInvalidArgumentError("Change management: ", "Repository URL is required when GitOps mode is enabled") + return nil, fleet.NewInvalidArgumentError("UI GitOps Mode: ", "Repository URL is required when GitOps mode is enabled") } if err := validateServerURL(rurl); err != nil { - return nil, fleet.NewInvalidArgumentError("Change management: ", err.Error()) + return nil, fleet.NewInvalidArgumentError("UI GitOps Mode: ", err.Error()) } } - appConfig.ChangeManagement = newAppConfig.ChangeManagement + appConfig.UIGitOpsMode = newAppConfig.UIGitOpsMode if !license.IsPremium() { // reset transparency url to empty for downgraded licenses From 055e73eb9e095eb428d3fa92ce51cc1035d7961f Mon Sep 17 00:00:00 2001 From: Jacob Shandling Date: Fri, 14 Feb 2025 15:56:16 -0800 Subject: [PATCH 07/13] activities --- server/fleet/activities.go | 23 +++++++++++++++++++++++ server/service/appconfig.go | 14 ++++++++++++++ 2 files changed, 37 insertions(+) diff --git a/server/fleet/activities.go b/server/fleet/activities.go index b150765d490b..d620336d0616 100644 --- a/server/fleet/activities.go +++ b/server/fleet/activities.go @@ -107,6 +107,9 @@ var ActivityDetailsList = []ActivityDetails{ ActivityTypeEnabledMacosDiskEncryption{}, ActivityTypeDisabledMacosDiskEncryption{}, + ActivityTypeEnabledGitOpsMode{}, + ActivityTypeDisabledGitOpsMode{}, + ActivityTypeAddedBootstrapPackage{}, ActivityTypeDeletedBootstrapPackage{}, @@ -1152,6 +1155,26 @@ func (a ActivityTypeDisabledMacosDiskEncryption) Documentation() (activity, deta }` } +type ActivityTypeEnabledGitOpsMode struct{} + +func (a ActivityTypeEnabledGitOpsMode) ActivityName() string { + return "enabled_gitops_mode" +} + +func (a ActivityTypeEnabledGitOpsMode) Documentation() (activity, details, detailsExample string) { + return `Generated when a user enables GitOps mode.`, `This activity does not contain any detail fields.`, `` +} + +type ActivityTypeDisabledGitOpsMode struct{} + +func (a ActivityTypeDisabledGitOpsMode) ActivityName() string { + return "disabled_gitops_mode" +} + +func (a ActivityTypeDisabledGitOpsMode) Documentation() (activity, details, detailsExample string) { + return `Generated when a user disables GitOps mode.`, `This activity does not contain any detail fields.`, `` +} + type ActivityTypeAddedBootstrapPackage struct { BootstrapPackageName string `json:"bootstrap_package_name"` TeamID *uint `json:"team_id"` diff --git a/server/service/appconfig.go b/server/service/appconfig.go index 829918a94332..7caf27e8d83c 100644 --- a/server/service/appconfig.go +++ b/server/service/appconfig.go @@ -634,6 +634,20 @@ func (svc *Service) ModifyAppConfig(ctx context.Context, p []byte, applyOpts fle } appConfig.UIGitOpsMode = newAppConfig.UIGitOpsMode + if oldAppConfig.UIGitOpsMode.GitopsModeEnabled != appConfig.UIGitOpsMode.GitopsModeEnabled { + // generate the activity + var act fleet.ActivityDetails + if gme { + act = fleet.ActivityTypeEnabledGitOpsMode{} + } else { + act = fleet.ActivityTypeDisabledGitOpsMode{} + } + if err := svc.NewActivity(ctx, authz.UserFromContext(ctx), act); err != nil { + return nil, ctxerr.Wrapf(ctx, err, "create activity %s", act.ActivityName()) + } + + } + if !license.IsPremium() { // reset transparency url to empty for downgraded licenses appConfig.FleetDesktop.TransparencyURL = "" From f743d61ffc40e202ae434b9bda5a6b0de0edab42 Mon Sep 17 00:00:00 2001 From: Jacob Shandling Date: Fri, 14 Feb 2025 17:55:34 -0800 Subject: [PATCH 08/13] `make update-go-cloner` --- tools/cloner-check/generated_files/appconfig.txt | 3 +++ 1 file changed, 3 insertions(+) diff --git a/tools/cloner-check/generated_files/appconfig.txt b/tools/cloner-check/generated_files/appconfig.txt index 6c48aadd230a..8c26903661d5 100644 --- a/tools/cloner-check/generated_files/appconfig.txt +++ b/tools/cloner-check/generated_files/appconfig.txt @@ -174,6 +174,9 @@ github.com/fleetdm/fleet/v4/pkg/optjson/Slice[github.com/fleetdm/fleet/v4/server github.com/fleetdm/fleet/v4/pkg/optjson/Slice[github.com/fleetdm/fleet/v4/server/fleet.MDMAppleVolumePurchasingProgramInfo] Value []fleet.MDMAppleVolumePurchasingProgramInfo github.com/fleetdm/fleet/v4/server/fleet/MDMAppleVolumePurchasingProgramInfo Location string github.com/fleetdm/fleet/v4/server/fleet/MDMAppleVolumePurchasingProgramInfo Teams []string +github.com/fleetdm/fleet/v4/server/fleet/AppConfig UIGitOpsMode fleet.UIGitOpsModeConfig +github.com/fleetdm/fleet/v4/server/fleet/UIGitOpsModeConfig GitopsModeEnabled bool +github.com/fleetdm/fleet/v4/server/fleet/UIGitOpsModeConfig RepositoryURL string github.com/fleetdm/fleet/v4/server/fleet/AppConfig Scripts optjson.Slice[string] github.com/fleetdm/fleet/v4/pkg/optjson/Slice[string] Set bool github.com/fleetdm/fleet/v4/pkg/optjson/Slice[string] Valid bool From f31bc2ca60a69dcd7a08b6fdd5796dc5ccca62c2 Mon Sep 17 00:00:00 2001 From: Jacob Shandling Date: Fri, 14 Feb 2025 17:56:28 -0800 Subject: [PATCH 09/13] remove url validation, gate for premium --- server/service/appconfig.go | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/server/service/appconfig.go b/server/service/appconfig.go index 7caf27e8d83c..49651f64116f 100644 --- a/server/service/appconfig.go +++ b/server/service/appconfig.go @@ -625,12 +625,12 @@ func (svc *Service) ModifyAppConfig(ctx context.Context, p []byte, applyOpts fle gme, rurl := newAppConfig.UIGitOpsMode.GitopsModeEnabled, newAppConfig.UIGitOpsMode.RepositoryURL if gme { + if !license.IsPremium() { + return nil, fleet.NewInvalidArgumentError("UI GitOpsMode: ", ErrMissingLicense.Error()) + } if rurl == "" { return nil, fleet.NewInvalidArgumentError("UI GitOps Mode: ", "Repository URL is required when GitOps mode is enabled") } - if err := validateServerURL(rurl); err != nil { - return nil, fleet.NewInvalidArgumentError("UI GitOps Mode: ", err.Error()) - } } appConfig.UIGitOpsMode = newAppConfig.UIGitOpsMode From 70bfb67369d19f6fb4006547d8d4e1bc8d7a47df Mon Sep 17 00:00:00 2001 From: Jacob Shandling Date: Fri, 14 Feb 2025 17:56:48 -0800 Subject: [PATCH 10/13] add integration tests --- server/service/integration_core_test.go | 9 +++++++++ server/service/integration_enterprise_test.go | 19 +++++++++++++++++++ 2 files changed, 28 insertions(+) diff --git a/server/service/integration_core_test.go b/server/service/integration_core_test.go index ff3b4c4bbf11..9cea3fd4f8cb 100644 --- a/server/service/integration_core_test.go +++ b/server/service/integration_core_test.go @@ -6845,6 +6845,8 @@ func (s *integrationTestSuite) TestAppConfig() { assert.False(t, acResp.ActivityExpirySettings.ActivityExpiryEnabled) assert.Zero(t, acResp.ActivityExpirySettings.ActivityExpiryWindow) assert.False(t, acResp.ServerSettings.AIFeaturesDisabled) + assert.False(t, acResp.UIGitOpsMode.GitopsModeEnabled) + assert.Zero(t, acResp.UIGitOpsMode.RepositoryURL) // set the apple BM terms expired flag, and the enabled and configured flags, // we'll check again at the end of this test to make sure they weren't @@ -7146,6 +7148,13 @@ func (s *integrationTestSuite) TestAppConfig() { defAppCfg.OrgInfo.OrgName = acResp.OrgInfo.OrgName defAppCfg.ServerSettings.ServerURL = acResp.ServerSettings.ServerURL s.DoRaw("PATCH", "/api/latest/fleet/config", jsonMustMarshal(t, defAppCfg), http.StatusOK) + + // turn on GitOps mode, premium only + res = s.Do("PATCH", "/api/latest/fleet/config", json.RawMessage(`{ + "gitops": { "gitops_mode_enabled": true, "repository_url": "" } + }`), http.StatusUnprocessableEntity) + errMsg = extractServerErrorText(res.Body) + assert.Contains(t, errMsg, "missing or invalid license") } // TODO(lucas): Add tests here. diff --git a/server/service/integration_enterprise_test.go b/server/service/integration_enterprise_test.go index a6aeb57d4e4b..f9e7f042e0c4 100644 --- a/server/service/integration_enterprise_test.go +++ b/server/service/integration_enterprise_test.go @@ -2534,6 +2534,25 @@ func (s *integrationEnterpriseTestSuite) TestWindowsUpdatesTeamConfig() { }, http.StatusUnprocessableEntity, &tmResp) } +func (s *integrationEnterpriseTestSuite) TestGitOpsModeConfig() { + t := s.T() + + res := s.Do("PATCH", "/api/latest/fleet/config", json.RawMessage(`{ + "gitops": { "gitops_mode_enabled": true, "repository_url": "" } + }`), http.StatusUnprocessableEntity) + errMsg := extractServerErrorText(res.Body) + assert.Contains(t, errMsg, "Repository URL is required when GitOps mode is enabled") + + s.Do("PATCH", "/api/latest/fleet/config", json.RawMessage(`{ + "gitops": { "gitops_mode_enabled": true, "repository_url": "a.b.cc" } + }`), http.StatusOK) + + // turn off, persists repo url + s.Do("PATCH", "/api/latest/fleet/config", json.RawMessage(`{ + "gitops": { "gitops_mode_enabled": false, "repository_url": "a.b.cc" } + }`), http.StatusOK) +} + func (s *integrationEnterpriseTestSuite) assertAppleOSUpdatesDeclaration(teamID *uint, profileName string, expected *fleet.AppleOSUpdateSettings) { t := s.T() if teamID == nil { From 49b33f0c54b3163d8edb4e6033da49b6da7af6a4 Mon Sep 17 00:00:00 2001 From: Jacob Shandling Date: Fri, 14 Feb 2025 17:56:59 -0800 Subject: [PATCH 11/13] update fleetctl test data --- .../expectedGetConfigAppConfigJson.json | 302 +++++++------ ...dGetConfigAppConfigTeamMaintainerJson.json | 6 +- ...edGetConfigAppConfigTeamMaintainerYaml.yml | 3 + .../expectedGetConfigAppConfigYaml.yml | 3 + ...ectedGetConfigIncludeServerConfigJson.json | 426 +++++++++--------- ...pectedGetConfigIncludeServerConfigYaml.yml | 3 + .../macosSetupExpectedAppConfigEmpty.yml | 3 + .../macosSetupExpectedAppConfigSet.yml | 3 + 8 files changed, 388 insertions(+), 361 deletions(-) diff --git a/cmd/fleetctl/testdata/expectedGetConfigAppConfigJson.json b/cmd/fleetctl/testdata/expectedGetConfigAppConfigJson.json index 1cbede5abf54..f5f33e268210 100644 --- a/cmd/fleetctl/testdata/expectedGetConfigAppConfigJson.json +++ b/cmd/fleetctl/testdata/expectedGetConfigAppConfigJson.json @@ -1,151 +1,155 @@ { - "kind": "config", - "apiVersion": "v1", - "spec": { - "org_info": { - "org_name": "", - "org_logo_url": "", - "org_logo_url_light_background": "", - "contact_url": "https://fleetdm.com/company/contact" - }, - "server_settings": { - "server_url": "", - "live_query_disabled": false, - "query_report_cap": 0, - "query_reports_disabled": false, - "enable_analytics": false, - "deferred_save_host": false, - "scripts_disabled": false, - "ai_features_disabled": false - }, - "smtp_settings": { - "enable_smtp": false, - "configured": false, - "sender_address": "", - "server": "", - "port": 0, - "authentication_type": "", - "user_name": "", - "password": "", - "enable_ssl_tls": false, - "authentication_method": "", - "domain": "", - "verify_ssl_certs": false, - "enable_start_tls": false - }, - "host_expiry_settings": { - "host_expiry_enabled": false, - "host_expiry_window": 0 - }, - "activity_expiry_settings": { - "activity_expiry_enabled": false, - "activity_expiry_window": 0 - }, - "features": { - "enable_host_users": true, - "enable_software_inventory": false - }, - "sso_settings": { - "entity_id": "", - "issuer_uri": "", - "idp_image_url": "", - "metadata": "", - "metadata_url": "", - "idp_name": "", - "enable_jit_provisioning": false, - "enable_jit_role_sync": false, - "enable_sso": false, - "enable_sso_idp_login": false - }, - "fleet_desktop": { - "transparency_url": "https://fleetdm.com/transparency" - }, - "vulnerability_settings": { - "databases_path": "/some/path" - }, - "webhook_settings": { - "activities_webhook": { - "enable_activities_webhook": false, - "destination_url": "" - }, - "host_status_webhook": { - "enable_host_status_webhook": false, - "destination_url": "", - "host_percentage": 0, - "days_count": 0 - }, - "failing_policies_webhook": { - "enable_failing_policies_webhook": false, - "destination_url": "", - "policy_ids": null, - "host_batch_size": 0 - }, - "vulnerabilities_webhook": { - "enable_vulnerabilities_webhook": false, - "destination_url": "", - "host_batch_size": 0 - }, - "interval": "0s" - }, - "integrations": { - "jira": null, - "zendesk": null, - "google_calendar": null, - "ndes_scep_proxy": null - }, - "mdm": { - "apple_bm_terms_expired": false, - "apple_server_url": "", - "apple_bm_enabled_and_configured": false, - "enabled_and_configured": false, - "apple_business_manager": null, - "volume_purchasing_program": null, - "windows_enabled_and_configured": false, - "enable_disk_encryption": false, - "macos_updates": { - "minimum_version": null, - "deadline": null - }, - "ios_updates": { - "minimum_version": null, - "deadline": null - }, - "ipados_updates": { - "minimum_version": null, - "deadline": null - }, - "windows_updates": { - "deadline_days": 7, - "grace_period_days": 3 - }, - "windows_migration_enabled": false, - "macos_migration": { - "enable": false, - "mode": "", - "webhook_url": "" - }, - "macos_settings": { - "custom_settings": null - }, - "macos_setup": { - "bootstrap_package": null, - "enable_end_user_authentication": false, - "macos_setup_assistant": null, - "enable_release_device_manually": false, - "script": null, - "software": null - }, - "windows_settings": { - "custom_settings": null - }, - "end_user_authentication": { - "entity_id": "", - "issuer_uri": "", - "metadata": "", - "metadata_url": "", - "idp_name": "" - } - }, - "scripts": null - } + "kind": "config", + "apiVersion": "v1", + "spec": { + "org_info": { + "org_name": "", + "org_logo_url": "", + "org_logo_url_light_background": "", + "contact_url": "https://fleetdm.com/company/contact" + }, + "server_settings": { + "server_url": "", + "live_query_disabled": false, + "query_report_cap": 0, + "query_reports_disabled": false, + "enable_analytics": false, + "deferred_save_host": false, + "scripts_disabled": false, + "ai_features_disabled": false + }, + "smtp_settings": { + "enable_smtp": false, + "configured": false, + "sender_address": "", + "server": "", + "port": 0, + "authentication_type": "", + "user_name": "", + "password": "", + "enable_ssl_tls": false, + "authentication_method": "", + "domain": "", + "verify_ssl_certs": false, + "enable_start_tls": false + }, + "host_expiry_settings": { + "host_expiry_enabled": false, + "host_expiry_window": 0 + }, + "activity_expiry_settings": { + "activity_expiry_enabled": false, + "activity_expiry_window": 0 + }, + "features": { + "enable_host_users": true, + "enable_software_inventory": false + }, + "sso_settings": { + "entity_id": "", + "issuer_uri": "", + "idp_image_url": "", + "metadata": "", + "metadata_url": "", + "idp_name": "", + "enable_jit_provisioning": false, + "enable_jit_role_sync": false, + "enable_sso": false, + "enable_sso_idp_login": false + }, + "fleet_desktop": { + "transparency_url": "https://fleetdm.com/transparency" + }, + "vulnerability_settings": { + "databases_path": "/some/path" + }, + "webhook_settings": { + "activities_webhook": { + "enable_activities_webhook": false, + "destination_url": "" + }, + "host_status_webhook": { + "enable_host_status_webhook": false, + "destination_url": "", + "host_percentage": 0, + "days_count": 0 + }, + "failing_policies_webhook": { + "enable_failing_policies_webhook": false, + "destination_url": "", + "policy_ids": null, + "host_batch_size": 0 + }, + "vulnerabilities_webhook": { + "enable_vulnerabilities_webhook": false, + "destination_url": "", + "host_batch_size": 0 + }, + "interval": "0s" + }, + "integrations": { + "jira": null, + "zendesk": null, + "google_calendar": null, + "ndes_scep_proxy": null + }, + "mdm": { + "apple_bm_terms_expired": false, + "apple_server_url": "", + "apple_bm_enabled_and_configured": false, + "enabled_and_configured": false, + "apple_business_manager": null, + "volume_purchasing_program": null, + "windows_enabled_and_configured": false, + "enable_disk_encryption": false, + "macos_updates": { + "minimum_version": null, + "deadline": null + }, + "ios_updates": { + "minimum_version": null, + "deadline": null + }, + "ipados_updates": { + "minimum_version": null, + "deadline": null + }, + "windows_updates": { + "deadline_days": 7, + "grace_period_days": 3 + }, + "windows_migration_enabled": false, + "macos_migration": { + "enable": false, + "mode": "", + "webhook_url": "" + }, + "macos_settings": { + "custom_settings": null + }, + "macos_setup": { + "bootstrap_package": null, + "enable_end_user_authentication": false, + "macos_setup_assistant": null, + "enable_release_device_manually": false, + "script": null, + "software": null + }, + "windows_settings": { + "custom_settings": null + }, + "end_user_authentication": { + "entity_id": "", + "issuer_uri": "", + "metadata": "", + "metadata_url": "", + "idp_name": "" + } + }, + "scripts": null, + "gitops": { + "gitops_mode_enabled": false, + "repository_url": "" + } + } } diff --git a/cmd/fleetctl/testdata/expectedGetConfigAppConfigTeamMaintainerJson.json b/cmd/fleetctl/testdata/expectedGetConfigAppConfigTeamMaintainerJson.json index 77fcb980aa1b..84da0d44aa2b 100644 --- a/cmd/fleetctl/testdata/expectedGetConfigAppConfigTeamMaintainerJson.json +++ b/cmd/fleetctl/testdata/expectedGetConfigAppConfigTeamMaintainerJson.json @@ -119,6 +119,10 @@ "idp_name": "" } }, - "scripts": null + "scripts": null, + "gitops": { + "gitops_mode_enabled": false, + "repository_url": "" + } } } diff --git a/cmd/fleetctl/testdata/expectedGetConfigAppConfigTeamMaintainerYaml.yml b/cmd/fleetctl/testdata/expectedGetConfigAppConfigTeamMaintainerYaml.yml index ad20026e99f2..cb4052f6d6a7 100644 --- a/cmd/fleetctl/testdata/expectedGetConfigAppConfigTeamMaintainerYaml.yml +++ b/cmd/fleetctl/testdata/expectedGetConfigAppConfigTeamMaintainerYaml.yml @@ -97,3 +97,6 @@ spec: destination_url: "" enable_vulnerabilities_webhook: false host_batch_size: 0 + gitops: + gitops_mode_enabled: false + repository_url: "" diff --git a/cmd/fleetctl/testdata/expectedGetConfigAppConfigYaml.yml b/cmd/fleetctl/testdata/expectedGetConfigAppConfigYaml.yml index 042be511914c..3c230a5cb30a 100644 --- a/cmd/fleetctl/testdata/expectedGetConfigAppConfigYaml.yml +++ b/cmd/fleetctl/testdata/expectedGetConfigAppConfigYaml.yml @@ -122,3 +122,6 @@ spec: destination_url: "" enable_vulnerabilities_webhook: false host_batch_size: 0 + gitops: + gitops_mode_enabled: false + repository_url: "" diff --git a/cmd/fleetctl/testdata/expectedGetConfigIncludeServerConfigJson.json b/cmd/fleetctl/testdata/expectedGetConfigIncludeServerConfigJson.json index f8c421065b52..9e612a88f1cb 100644 --- a/cmd/fleetctl/testdata/expectedGetConfigIncludeServerConfigJson.json +++ b/cmd/fleetctl/testdata/expectedGetConfigIncludeServerConfigJson.json @@ -1,213 +1,217 @@ { - "kind": "config", - "apiVersion": "v1", - "spec": { - "org_info": { - "org_name": "", - "org_logo_url": "", - "org_logo_url_light_background": "", - "contact_url": "https://fleetdm.com/company/contact" - }, - "server_settings": { - "server_url": "", - "live_query_disabled": false, - "query_report_cap": 0, - "query_reports_disabled": false, - "enable_analytics": false, - "deferred_save_host": false, - "scripts_disabled": false, - "ai_features_disabled": false - }, - "smtp_settings": { - "enable_smtp": false, - "configured": false, - "sender_address": "", - "server": "", - "port": 0, - "authentication_type": "", - "user_name": "", - "password": "", - "enable_ssl_tls": false, - "authentication_method": "", - "domain": "", - "verify_ssl_certs": false, - "enable_start_tls": false - }, - "host_expiry_settings": { - "host_expiry_enabled": false, - "host_expiry_window": 0 - }, - "activity_expiry_settings": { - "activity_expiry_enabled": false, - "activity_expiry_window": 0 - }, - "features": { - "enable_host_users": true, - "enable_software_inventory": false - }, - "mdm": { - "apple_business_manager": null, - "apple_server_url": "", - "volume_purchasing_program": null, - "apple_bm_terms_expired": false, - "apple_bm_enabled_and_configured": false, - "enabled_and_configured": false, - "windows_enabled_and_configured": false, - "enable_disk_encryption": false, - "macos_updates": { - "minimum_version": null, - "deadline": null - }, - "ios_updates": { - "minimum_version": null, - "deadline": null - }, - "ipados_updates": { - "minimum_version": null, - "deadline": null - }, - "windows_updates": { - "deadline_days": 7, - "grace_period_days": 3 - }, - "windows_migration_enabled": false, - "macos_migration": { - "enable": false, - "mode": "", - "webhook_url": "" - }, - "macos_settings": { - "custom_settings": null - }, - "macos_setup": { - "bootstrap_package": null, - "enable_end_user_authentication": false, - "macos_setup_assistant": null, - "enable_release_device_manually": false, - "script": null, - "software": null - }, - "windows_settings": { - "custom_settings": null - }, - "end_user_authentication": { - "entity_id": "", - "issuer_uri": "", - "metadata": "", - "metadata_url": "", - "idp_name": "" - } - }, - "scripts": null, - "sso_settings": { - "enable_jit_provisioning": false, - "enable_jit_role_sync": false, - "entity_id": "", - "issuer_uri": "", - "idp_image_url": "", - "metadata": "", - "metadata_url": "", - "idp_name": "", - "enable_sso": false, - "enable_sso_idp_login": false - }, - "fleet_desktop": { - "transparency_url": "https://fleetdm.com/transparency" - }, - "vulnerability_settings": { - "databases_path": "/some/path" - }, - "webhook_settings": { - "activities_webhook": { - "enable_activities_webhook": false, - "destination_url": "" - }, - "host_status_webhook": { - "enable_host_status_webhook": false, - "destination_url": "", - "host_percentage": 0, - "days_count": 0 - }, - "failing_policies_webhook": { - "enable_failing_policies_webhook": false, - "destination_url": "", - "policy_ids": null, - "host_batch_size": 0 - }, - "vulnerabilities_webhook": { - "enable_vulnerabilities_webhook": false, - "destination_url": "", - "host_batch_size": 0 - }, - "interval": "0s" - }, - "integrations": { - "jira": null, - "zendesk": null, - "google_calendar": null, - "ndes_scep_proxy": null - }, - "update_interval": { - "osquery_detail": "1h0m0s", - "osquery_policy": "1h0m0s" - }, - "vulnerabilities": { - "databases_path": "", - "periodicity": "0s", - "cpe_database_url": "", - "cpe_translations_url": "", - "cve_feed_prefix_url": "", - "current_instance_checks": "", - "disable_data_sync": false, - "recent_vulnerability_max_age": "0s", - "disable_win_os_vulnerabilities": false - }, - "license": { - "tier": "free", - "expiration": "0001-01-01T00:00:00Z" - }, - "logging": { - "debug": true, - "json": false, - "result": { - "plugin": "filesystem", - "config": { - "enable_log_compression": false, - "enable_log_rotation": false, - "result_log_file": "/dev/null", - "status_log_file": "/dev/null", - "audit_log_file": "/dev/null", - "max_size": 500, - "max_age": 0, - "max_backups": 0 - } - }, - "status": { - "plugin": "filesystem", - "config": { - "enable_log_compression": false, - "enable_log_rotation": false, - "result_log_file": "/dev/null", - "status_log_file": "/dev/null", - "audit_log_file": "/dev/null", - "max_size": 500, - "max_age": 0, - "max_backups": 0 - } - }, - "audit": { - "plugin": "filesystem", - "config": { - "enable_log_compression": false, - "enable_log_rotation": false, - "result_log_file": "/dev/null", - "status_log_file": "/dev/null", - "audit_log_file": "/dev/null", - "max_size": 500, - "max_age": 0, - "max_backups": 0 - } - } - } - } + "kind": "config", + "apiVersion": "v1", + "spec": { + "org_info": { + "org_name": "", + "org_logo_url": "", + "org_logo_url_light_background": "", + "contact_url": "https://fleetdm.com/company/contact" + }, + "server_settings": { + "server_url": "", + "live_query_disabled": false, + "query_report_cap": 0, + "query_reports_disabled": false, + "enable_analytics": false, + "deferred_save_host": false, + "scripts_disabled": false, + "ai_features_disabled": false + }, + "smtp_settings": { + "enable_smtp": false, + "configured": false, + "sender_address": "", + "server": "", + "port": 0, + "authentication_type": "", + "user_name": "", + "password": "", + "enable_ssl_tls": false, + "authentication_method": "", + "domain": "", + "verify_ssl_certs": false, + "enable_start_tls": false + }, + "host_expiry_settings": { + "host_expiry_enabled": false, + "host_expiry_window": 0 + }, + "activity_expiry_settings": { + "activity_expiry_enabled": false, + "activity_expiry_window": 0 + }, + "features": { + "enable_host_users": true, + "enable_software_inventory": false + }, + "mdm": { + "apple_business_manager": null, + "apple_server_url": "", + "volume_purchasing_program": null, + "apple_bm_terms_expired": false, + "apple_bm_enabled_and_configured": false, + "enabled_and_configured": false, + "windows_enabled_and_configured": false, + "enable_disk_encryption": false, + "macos_updates": { + "minimum_version": null, + "deadline": null + }, + "ios_updates": { + "minimum_version": null, + "deadline": null + }, + "ipados_updates": { + "minimum_version": null, + "deadline": null + }, + "windows_updates": { + "deadline_days": 7, + "grace_period_days": 3 + }, + "windows_migration_enabled": false, + "macos_migration": { + "enable": false, + "mode": "", + "webhook_url": "" + }, + "macos_settings": { + "custom_settings": null + }, + "macos_setup": { + "bootstrap_package": null, + "enable_end_user_authentication": false, + "macos_setup_assistant": null, + "enable_release_device_manually": false, + "script": null, + "software": null + }, + "windows_settings": { + "custom_settings": null + }, + "end_user_authentication": { + "entity_id": "", + "issuer_uri": "", + "metadata": "", + "metadata_url": "", + "idp_name": "" + } + }, + "scripts": null, + "sso_settings": { + "enable_jit_provisioning": false, + "enable_jit_role_sync": false, + "entity_id": "", + "issuer_uri": "", + "idp_image_url": "", + "metadata": "", + "metadata_url": "", + "idp_name": "", + "enable_sso": false, + "enable_sso_idp_login": false + }, + "fleet_desktop": { + "transparency_url": "https://fleetdm.com/transparency" + }, + "vulnerability_settings": { + "databases_path": "/some/path" + }, + "webhook_settings": { + "activities_webhook": { + "enable_activities_webhook": false, + "destination_url": "" + }, + "host_status_webhook": { + "enable_host_status_webhook": false, + "destination_url": "", + "host_percentage": 0, + "days_count": 0 + }, + "failing_policies_webhook": { + "enable_failing_policies_webhook": false, + "destination_url": "", + "policy_ids": null, + "host_batch_size": 0 + }, + "vulnerabilities_webhook": { + "enable_vulnerabilities_webhook": false, + "destination_url": "", + "host_batch_size": 0 + }, + "interval": "0s" + }, + "integrations": { + "jira": null, + "zendesk": null, + "google_calendar": null, + "ndes_scep_proxy": null + }, + "update_interval": { + "osquery_detail": "1h0m0s", + "osquery_policy": "1h0m0s" + }, + "vulnerabilities": { + "databases_path": "", + "periodicity": "0s", + "cpe_database_url": "", + "cpe_translations_url": "", + "cve_feed_prefix_url": "", + "current_instance_checks": "", + "disable_data_sync": false, + "recent_vulnerability_max_age": "0s", + "disable_win_os_vulnerabilities": false + }, + "license": { + "tier": "free", + "expiration": "0001-01-01T00:00:00Z" + }, + "logging": { + "debug": true, + "json": false, + "result": { + "plugin": "filesystem", + "config": { + "enable_log_compression": false, + "enable_log_rotation": false, + "result_log_file": "/dev/null", + "status_log_file": "/dev/null", + "audit_log_file": "/dev/null", + "max_size": 500, + "max_age": 0, + "max_backups": 0 + } + }, + "status": { + "plugin": "filesystem", + "config": { + "enable_log_compression": false, + "enable_log_rotation": false, + "result_log_file": "/dev/null", + "status_log_file": "/dev/null", + "audit_log_file": "/dev/null", + "max_size": 500, + "max_age": 0, + "max_backups": 0 + } + }, + "audit": { + "plugin": "filesystem", + "config": { + "enable_log_compression": false, + "enable_log_rotation": false, + "result_log_file": "/dev/null", + "status_log_file": "/dev/null", + "audit_log_file": "/dev/null", + "max_size": 500, + "max_age": 0, + "max_backups": 0 + } + } + }, + "gitops": { + "gitops_mode_enabled": false, + "repository_url": "" + } + } } diff --git a/cmd/fleetctl/testdata/expectedGetConfigIncludeServerConfigYaml.yml b/cmd/fleetctl/testdata/expectedGetConfigIncludeServerConfigYaml.yml index 5f6e877f163b..98cd9cc52b8e 100644 --- a/cmd/fleetctl/testdata/expectedGetConfigIncludeServerConfigYaml.yml +++ b/cmd/fleetctl/testdata/expectedGetConfigIncludeServerConfigYaml.yml @@ -174,3 +174,6 @@ spec: destination_url: "" enable_vulnerabilities_webhook: false host_batch_size: 0 + gitops: + gitops_mode_enabled: false + repository_url: "" diff --git a/cmd/fleetctl/testdata/macosSetupExpectedAppConfigEmpty.yml b/cmd/fleetctl/testdata/macosSetupExpectedAppConfigEmpty.yml index 50250bc34eaa..2a15d6e55159 100644 --- a/cmd/fleetctl/testdata/macosSetupExpectedAppConfigEmpty.yml +++ b/cmd/fleetctl/testdata/macosSetupExpectedAppConfigEmpty.yml @@ -122,3 +122,6 @@ spec: destination_url: "" enable_vulnerabilities_webhook: false host_batch_size: 0 + gitops: + gitops_mode_enabled: false + repository_url: "" diff --git a/cmd/fleetctl/testdata/macosSetupExpectedAppConfigSet.yml b/cmd/fleetctl/testdata/macosSetupExpectedAppConfigSet.yml index b74e3c2d8f5e..52633a6ee9c6 100644 --- a/cmd/fleetctl/testdata/macosSetupExpectedAppConfigSet.yml +++ b/cmd/fleetctl/testdata/macosSetupExpectedAppConfigSet.yml @@ -122,3 +122,6 @@ spec: destination_url: "" enable_vulnerabilities_webhook: false host_batch_size: 0 + gitops: + gitops_mode_enabled: false + repository_url: "" From 45ec2205c468610e8f5ef6b0c211e259d89e135a Mon Sep 17 00:00:00 2001 From: Jacob Shandling Date: Fri, 14 Feb 2025 18:09:42 -0800 Subject: [PATCH 12/13] `make generate-doc` --- docs/Contributing/Audit-logs.md | 12 ++++++++++++ 1 file changed, 12 insertions(+) diff --git a/docs/Contributing/Audit-logs.md b/docs/Contributing/Audit-logs.md index e91981dbe863..d12eb9731b5c 100644 --- a/docs/Contributing/Audit-logs.md +++ b/docs/Contributing/Audit-logs.md @@ -810,6 +810,18 @@ This activity contains the following fields: } ``` +## enabled_gitops_mode + +Generated when a user enables GitOps mode. + +This activity does not contain any detail fields. + +## disabled_gitops_mode + +Generated when a user disables GitOps mode. + +This activity does not contain any detail fields. + ## added_bootstrap_package Generated when a user adds a new bootstrap package to a team (or no team). From 45ac22fd72109de1e1cf2a67bad37ccb13e26faf Mon Sep 17 00:00:00 2001 From: Jacob Shandling Date: Tue, 18 Feb 2025 10:06:21 -0800 Subject: [PATCH 13/13] make update-go-cloner --- tools/cloner-check/generated_files/appconfig.txt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tools/cloner-check/generated_files/appconfig.txt b/tools/cloner-check/generated_files/appconfig.txt index 3895960246ad..2ab3173f2140 100644 --- a/tools/cloner-check/generated_files/appconfig.txt +++ b/tools/cloner-check/generated_files/appconfig.txt @@ -174,10 +174,10 @@ github.com/fleetdm/fleet/v4/pkg/optjson/Slice[github.com/fleetdm/fleet/v4/server github.com/fleetdm/fleet/v4/pkg/optjson/Slice[github.com/fleetdm/fleet/v4/server/fleet.MDMAppleVolumePurchasingProgramInfo] Value []fleet.MDMAppleVolumePurchasingProgramInfo github.com/fleetdm/fleet/v4/server/fleet/MDMAppleVolumePurchasingProgramInfo Location string github.com/fleetdm/fleet/v4/server/fleet/MDMAppleVolumePurchasingProgramInfo Teams []string +github.com/fleetdm/fleet/v4/server/fleet/MDM AndroidEnabledAndConfigured bool github.com/fleetdm/fleet/v4/server/fleet/AppConfig UIGitOpsMode fleet.UIGitOpsModeConfig github.com/fleetdm/fleet/v4/server/fleet/UIGitOpsModeConfig GitopsModeEnabled bool github.com/fleetdm/fleet/v4/server/fleet/UIGitOpsModeConfig RepositoryURL string -github.com/fleetdm/fleet/v4/server/fleet/MDM AndroidEnabledAndConfigured bool github.com/fleetdm/fleet/v4/server/fleet/AppConfig Scripts optjson.Slice[string] github.com/fleetdm/fleet/v4/pkg/optjson/Slice[string] Set bool github.com/fleetdm/fleet/v4/pkg/optjson/Slice[string] Valid bool