diff --git a/CHANGELOG.md b/CHANGELOG.md index 0ad5bc1acb4b..0717507c0ab5 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,3 +1,54 @@ +## Fleet 4.49.0 (Apr 24, 2024) + +### Endpoint operations + +- Added integration with Google Calendar for policy compliance events. +- Added new API endpoints to add/remove manual labels to/from a host. +- Updated the `POST /api/v1/fleet/labels` and `PATCH /api/v1/fleet/labels/{id}` endpoints to support creation and update of manual labels. +- Implemented changes in `fleetctl gitops` for batch processing queries and policies. +- Enabled setting host status webhook at the team level via REST API and fleetctl apply/gitops. + +### Device management (MDM) + +- Added API functionality for creating DDM declarations, both individually and as a batch. +- Added creation or update of macOS DDM profile to enforce OS Updates settings whenever the settings are changed. +- Updated `fleetctl run-script` to include new `--team` and `--script-name` flags. +- Displayed disk encryption status in macOS as "verifying" while verifying the escrowed key. +- Added the `enable_release_device_manually` configuration setting for teams and no team, which controls the automatic release of a macOS DEP-enrolled device. +- Updated the `POST /api/v1/fleet/hosts/:id/wipe` Fleet Premium API endpoint to support remote wiping a host. +- Added the `enable_release_device_manually` configuration, which affects macOS automatic enrollment profile settings. + +### Vulnerability management + +- Ignored Valve Corporation's Steam client's vulnerabilities on Windows and macOS due to retrieval challenges of the true version. +- Updated the GET fleet/os_versions and GET fleet/os_versions/[id] to restrict team users from accessing os versions on hosts from other teams. + +### Bug fixes and improvements + +- Upgraded Golang version to 1.21.7. +- Added a minimum supported node version in the `package.json`. +- Made block_id mismatch errors more informative as 400s instead of 500s. +- Added Windows MDM support to the `osquery-perf` host-simulation command. +- Updated calendar events automations to not show error validation on enabling the feature. +- Migrated MDM-related endpoints to new paths while maintaining support for old endpoints indefinitely. +- Added a missing database index to the MDM Windows enrollments table to improve performance at scale. +- Added cross-platform check for duplicate MDM profiles names in batch set MDM profiles API. +- Fixed a bug where Microsoft Edge was not reporting vulnerabilities. +- Fixed an issue with the `20240327115617_CreateTableNanoDDMRequests` database migration. +- Fixed the error message to indicate if a conflict on uploading an Apple profile was caused by the profile's name or its identifier. +- Fixed license checks to allow migration and restoring DEP devices during trial. +- Fixed a 500 error in MySQL 8 and when DB user has insufficient privileges for `fleetctl debug db-locks` and `fleetctl debug db-innodb-status`. +- Fixed a bug where values not derived from "actual" fleetd-chrome tables were not being displayed correctly. +- Fixed a bug where values were not being rendered in host-specific query reports. +- Fixed an issue with automatic release of the device after setup when a DDM profile is pending. +- Fixed UI issues: alignment bugs, padding around empty states, tooltip rendering, and incorrect rendering of the global Host status expiry settings page. +- Fixed a bug where `null` or excluded `smtp_settings` caused a UI 500 error. +- Fixed an issue where a bad request response from a 3rd party MDM solution would result in a 500 error in Fleet during MDM migration. +- Fixed a bug where updating policy name could result in multiple policies with the same name in a team. +- Fixed potential server panic when events are created with calendar integration, but then global calendar integration is disabled. +- Fixed fleetctl gitops dry-run validation issues when enabling calendar integration for the first time. +- Fixed a bug where all Windows MDM enrollments were detected as automatic. + ## Fleet 4.48.3 (Apr 16, 2024) ### Bug fixes diff --git a/changes/12290-run-query-on-host b/changes/12290-run-query-on-host deleted file mode 100644 index a2459e28e0c3..000000000000 --- a/changes/12290-run-query-on-host +++ /dev/null @@ -1 +0,0 @@ -- UI revamp: Run query on an online host diff --git a/changes/12292-policies-filter-by-platform b/changes/12292-policies-filter-by-platform deleted file mode 100644 index dbc31fab3374..000000000000 --- a/changes/12292-policies-filter-by-platform +++ /dev/null @@ -1 +0,0 @@ -* Add filters by platform to select a new policy modal \ No newline at end of file diff --git a/changes/15565-windows-automatic-enrollment b/changes/15565-windows-automatic-enrollment deleted file mode 100644 index a89e7094687e..000000000000 --- a/changes/15565-windows-automatic-enrollment +++ /dev/null @@ -1 +0,0 @@ -- Fix a bug where all Windows MDM enrollments were detected as automatic diff --git a/changes/16120-add-windows-mdm-support-to-osquery-perf b/changes/16120-add-windows-mdm-support-to-osquery-perf deleted file mode 100644 index a8ebd32ce7ce..000000000000 --- a/changes/16120-add-windows-mdm-support-to-osquery-perf +++ /dev/null @@ -1,2 +0,0 @@ -* Added Windows MDM support to the `osquery-perf` host-simulation command. -* Added a missing database index to the MDM Windows enrollments table that will improve performance at scale. diff --git a/changes/16205-health-failing-counts b/changes/16205-health-failing-counts deleted file mode 100644 index df792a3fa600..000000000000 --- a/changes/16205-health-failing-counts +++ /dev/null @@ -1 +0,0 @@ -- The Host Health API now includes failing policy counts \ No newline at end of file diff --git a/changes/16260-recategorize-mdm-api-endpoints b/changes/16260-recategorize-mdm-api-endpoints deleted file mode 100644 index cdc03d0933db..000000000000 --- a/changes/16260-recategorize-mdm-api-endpoints +++ /dev/null @@ -1 +0,0 @@ -* Migrate MDM-related endpoints to new paths, deprecating (but still supporting indefinitely) the old endpoints. diff --git a/changes/16345-disabled-checkbox-tooltip b/changes/16345-disabled-checkbox-tooltip deleted file mode 100644 index 5e83ded1e1fb..000000000000 --- a/changes/16345-disabled-checkbox-tooltip +++ /dev/null @@ -1 +0,0 @@ -- UI fix: users can see a tooltip on a disabled checkbox diff --git a/changes/16500-policy-pass-fail-percentage b/changes/16500-policy-pass-fail-percentage deleted file mode 100644 index bc93d8227f36..000000000000 --- a/changes/16500-policy-pass-fail-percentage +++ /dev/null @@ -1 +0,0 @@ -* When a live policy run finishes, display the percentages of passing and failing hosts to the user. diff --git a/changes/16562-sql-deadlock b/changes/16562-sql-deadlock deleted file mode 100644 index c4c725e435ef..000000000000 --- a/changes/16562-sql-deadlock +++ /dev/null @@ -1 +0,0 @@ -Reduced the number of 'Deadlock found' errors seen by the server when multiple hosts share the same UUID diff --git a/changes/16562-sql-deadlock copy b/changes/16562-sql-deadlock copy deleted file mode 100644 index c4c725e435ef..000000000000 --- a/changes/16562-sql-deadlock copy +++ /dev/null @@ -1 +0,0 @@ -Reduced the number of 'Deadlock found' errors seen by the server when multiple hosts share the same UUID diff --git a/changes/16661-current-instance-checks b/changes/16661-current-instance-checks deleted file mode 100644 index 9d03a9ca3a92..000000000000 --- a/changes/16661-current-instance-checks +++ /dev/null @@ -1 +0,0 @@ -vulnerabilities.current_instance_checks=no is now an alias for vulnerabilities.disable_schedule=true diff --git a/changes/16767-updating-host-labels b/changes/16767-updating-host-labels deleted file mode 100644 index 32c1e635cc35..000000000000 --- a/changes/16767-updating-host-labels +++ /dev/null @@ -1 +0,0 @@ -* Added endpoints to add/remove manual labels to/from a host. `POST /api/v1/fleet/hosts/:id/labels` and `DELETE /api/v1/fleet/hosts/:id/labels`. diff --git a/changes/16817-ms-edge-vuln b/changes/16817-ms-edge-vuln deleted file mode 100644 index 56b766436875..000000000000 --- a/changes/16817-ms-edge-vuln +++ /dev/null @@ -1 +0,0 @@ -- Fixed issue where microsoft edge was not reporting vulnerabilities \ No newline at end of file diff --git a/changes/16951-improve-carve-request-timeout-error-code b/changes/16951-improve-carve-request-timeout-error-code deleted file mode 100644 index c23c1bb466b4..000000000000 --- a/changes/16951-improve-carve-request-timeout-error-code +++ /dev/null @@ -1 +0,0 @@ -* Made block_id mismatch errors more informative as 400s instead of 500s. diff --git a/changes/17003-ingest-vscode_extensions b/changes/17003-ingest-vscode_extensions deleted file mode 100644 index a8ffcdf7ef2b..000000000000 --- a/changes/17003-ingest-vscode_extensions +++ /dev/null @@ -1 +0,0 @@ -* Visual Studio extensions added to Fleet's software inventory. diff --git a/changes/17018-reset-query-report b/changes/17018-reset-query-report deleted file mode 100644 index 444fac3f8bf2..000000000000 --- a/changes/17018-reset-query-report +++ /dev/null @@ -1 +0,0 @@ -- Query report is reset when there is a change to the selected platform or selected minimum osquery version diff --git a/changes/17061-homebrew-python b/changes/17061-homebrew-python deleted file mode 100644 index bf76e59e02af..000000000000 --- a/changes/17061-homebrew-python +++ /dev/null @@ -1 +0,0 @@ -Fixing false negative vulnerabilities on macOS Homebrew python packages. diff --git a/changes/17065-null-smtp_settings b/changes/17065-null-smtp_settings deleted file mode 100644 index b37de2555340..000000000000 --- a/changes/17065-null-smtp_settings +++ /dev/null @@ -1 +0,0 @@ -- Fix a bug where `null` or excluded `smtp_settings` caused a UI 500. diff --git a/changes/17208-hover-states b/changes/17208-hover-states deleted file mode 100644 index 5ae0c7f17a04..000000000000 --- a/changes/17208-hover-states +++ /dev/null @@ -1 +0,0 @@ -Fleet UI: Add hover states to clickable elements diff --git a/changes/17230-fleet-in-your-calendar b/changes/17230-fleet-in-your-calendar deleted file mode 100644 index 299239a0740a..000000000000 --- a/changes/17230-fleet-in-your-calendar +++ /dev/null @@ -1,5 +0,0 @@ -Added integration with Google Calendar. -- Fleet admins can enable Google Calendar integration by using a Google service account with domain-wide delegation. -- Calendar integration is enabled at the team level for specific team policies. -- If the policy is failing, a calendar event will be put on the host user's calendar for the 3rd Tuesday of the month. -- During the event, Fleet will fire a webhook. IT admins should use this webhook to trigger a script or MDM command that will remediate the issue. diff --git a/changes/17264-batch-process-gitops b/changes/17264-batch-process-gitops deleted file mode 100644 index cfa7ce9776dd..000000000000 --- a/changes/17264-batch-process-gitops +++ /dev/null @@ -1 +0,0 @@ -- `fleetctl gitops` now batch processes queries and policies \ No newline at end of file diff --git a/changes/17265-filter-alignment b/changes/17265-filter-alignment deleted file mode 100644 index a27c77581044..000000000000 --- a/changes/17265-filter-alignment +++ /dev/null @@ -1 +0,0 @@ -* Fix a small alignment bug diff --git a/changes/17288-fix-sort-of-sql-results b/changes/17288-fix-sort-of-sql-results deleted file mode 100644 index ededd089b480..000000000000 --- a/changes/17288-fix-sort-of-sql-results +++ /dev/null @@ -1 +0,0 @@ -* UI fix of sql result sort for both string and numerical columns on live query results, live policy results, and query report \ No newline at end of file diff --git a/changes/17308-script-content-cleanup b/changes/17308-script-content-cleanup deleted file mode 100644 index c51a6933e3d4..000000000000 --- a/changes/17308-script-content-cleanup +++ /dev/null @@ -1,3 +0,0 @@ -- Adds a migration that removes the `script_contents` columns that aren't needed anymore due to the - introduction of the `script_contents` table -- Adds a cleanup cron job that will remove unused script contents periodically \ No newline at end of file diff --git a/changes/17313-add-env-from-secret-capability-to-helm b/changes/17313-add-env-from-secret-capability-to-helm deleted file mode 100644 index 9f052ff03a16..000000000000 --- a/changes/17313-add-env-from-secret-capability-to-helm +++ /dev/null @@ -1 +0,0 @@ -- add env from secret/cm capability to helm charts \ No newline at end of file diff --git a/changes/17347-team-user-os-version-restrict b/changes/17347-team-user-os-version-restrict deleted file mode 100644 index 49d0bb6a6e14..000000000000 --- a/changes/17347-team-user-os-version-restrict +++ /dev/null @@ -1 +0,0 @@ -For GET fleet/os_versions and GET fleet/os_versions/[id], team users no longer have access to os versions on hosts from other teams. diff --git a/changes/17361-host-details-updates b/changes/17361-host-details-updates deleted file mode 100644 index 7f3235f2afb6..000000000000 --- a/changes/17361-host-details-updates +++ /dev/null @@ -1 +0,0 @@ -- UI: Surface fleet desktop and orbit version to the host details page diff --git a/changes/17362-orbit-and-desktop-version b/changes/17362-orbit-and-desktop-version deleted file mode 100644 index c681b7644eaa..000000000000 --- a/changes/17362-orbit-and-desktop-version +++ /dev/null @@ -1 +0,0 @@ -In GET fleet/hosts/:id response, added orbit_version, fleet_desktop_version, and scripts_enabled fields. diff --git a/changes/17401-add-enable-release-device-manually b/changes/17401-add-enable-release-device-manually deleted file mode 100644 index 4fcda2283cff..000000000000 --- a/changes/17401-add-enable-release-device-manually +++ /dev/null @@ -1,2 +0,0 @@ -* Added the `enable_release_device_manually` configuration setting for a team and no team. **Note** that the macOS automatic enrollment profile cannot set the `await_device_configured` option anymore, this setting is controlled by Fleet via the new `enable_release_device_manually` option. -* Automatically release a macOS DEP-enrolled device after enrollment commands and profiles have been delivered, unless `enable_release_device_manually` is set to `true`. diff --git a/changes/17404-mdm-custom-settings b/changes/17404-mdm-custom-settings deleted file mode 100644 index 78b0506bd040..000000000000 --- a/changes/17404-mdm-custom-settings +++ /dev/null @@ -1 +0,0 @@ -- Adds API functionality for creating DDM declarations, both individually and as a batch. \ No newline at end of file diff --git a/changes/17418-macos-14-nudge b/changes/17418-macos-14-nudge deleted file mode 100644 index cdf29816b9b1..000000000000 --- a/changes/17418-macos-14-nudge +++ /dev/null @@ -1 +0,0 @@ -* macOS 14 and higher no longer display nudge notifications diff --git a/changes/17420-update-ddm-profile-os-updates b/changes/17420-update-ddm-profile-os-updates deleted file mode 100644 index 54188ff7a2d6..000000000000 --- a/changes/17420-update-ddm-profile-os-updates +++ /dev/null @@ -1 +0,0 @@ -* Added creation or update of macOS DDM profile to enforce OS Updates settings whenever the settings are changed. diff --git a/changes/17534-improve-error-states-org-settings b/changes/17534-improve-error-states-org-settings deleted file mode 100644 index 6fdff36d01c4..000000000000 --- a/changes/17534-improve-error-states-org-settings +++ /dev/null @@ -1,2 +0,0 @@ -- Fix error state rendering on the global Host status expiry settings page, fix error state - alignment for tooltip-wrapper field labels across organization settings. diff --git a/changes/17557-ui-mdm-off-tooltip b/changes/17557-ui-mdm-off-tooltip deleted file mode 100644 index c71a1dc8cb1e..000000000000 --- a/changes/17557-ui-mdm-off-tooltip +++ /dev/null @@ -1 +0,0 @@ -- Removed outdated tooltips from UI. \ No newline at end of file diff --git a/changes/17559-batch-set-duplicate-mdm b/changes/17559-batch-set-duplicate-mdm deleted file mode 100644 index f037326ffff7..000000000000 --- a/changes/17559-batch-set-duplicate-mdm +++ /dev/null @@ -1 +0,0 @@ -- Added cross-platform check for duplicate MDM profiles names in batch set MDM profiles API. diff --git a/changes/17562-windows-server-2019-os-details b/changes/17562-windows-server-2019-os-details deleted file mode 100644 index e3aa773a0300..000000000000 --- a/changes/17562-windows-server-2019-os-details +++ /dev/null @@ -1 +0,0 @@ -- Fixed a bug where OS version information would not get detected on Windows Server 2019 diff --git a/changes/17563-windows-add b/changes/17563-windows-add deleted file mode 100644 index 369ed3084014..000000000000 --- a/changes/17563-windows-add +++ /dev/null @@ -1 +0,0 @@ -- Fixes an issue with Windows MDM profile processing where `` commands were being skipped. \ No newline at end of file diff --git a/changes/17621-bulk-delete-hosts-all-teams b/changes/17621-bulk-delete-hosts-all-teams deleted file mode 100644 index ed210b16550f..000000000000 --- a/changes/17621-bulk-delete-hosts-all-teams +++ /dev/null @@ -1 +0,0 @@ -- Fix UI's ability to bulk delete hosts when "All teams" is selected diff --git a/changes/17624-modal-flash-message-error b/changes/17624-modal-flash-message-error deleted file mode 100644 index 52167d895b33..000000000000 --- a/changes/17624-modal-flash-message-error +++ /dev/null @@ -1 +0,0 @@ -* Fix flash message from closing when a modal closes \ No newline at end of file diff --git a/changes/17662-render-standard-query-platforms-correctly b/changes/17662-render-standard-query-platforms-correctly deleted file mode 100644 index c625264580fa..000000000000 --- a/changes/17662-render-standard-query-platforms-correctly +++ /dev/null @@ -1 +0,0 @@ -- Fixes UI bug to render the query platform correctly for queries imported from the standard query library diff --git a/changes/17692-enrollment-state-3.md b/changes/17692-enrollment-state-3.md deleted file mode 100644 index 5703a31fd20e..000000000000 --- a/changes/17692-enrollment-state-3.md +++ /dev/null @@ -1 +0,0 @@ -- Fix a bug where valid MDM enrollments would show up as unmanaged (EnrollmentState 3) diff --git a/changes/17733-innodb-lock-waits b/changes/17733-innodb-lock-waits deleted file mode 100644 index fc81532772fb..000000000000 --- a/changes/17733-innodb-lock-waits +++ /dev/null @@ -1 +0,0 @@ -In fleetctl debug db-locks (GET debug/db/locks) and fleetctl debug db-innodb-status (GET debug/db/innodb-status), fixed 500 error in MySQL 8 and when DB user has insufficient privileges. diff --git a/changes/17787-hidden-columns b/changes/17787-hidden-columns deleted file mode 100644 index 79509a758f0a..000000000000 --- a/changes/17787-hidden-columns +++ /dev/null @@ -1 +0,0 @@ -- UI and website show hidden columns in schema with a note that they won't be returned by running select \* from table diff --git a/changes/17897-api-resend-mdm-profile b/changes/17897-api-resend-mdm-profile deleted file mode 100644 index 8bbdf7dd1aa6..000000000000 --- a/changes/17897-api-resend-mdm-profile +++ /dev/null @@ -1 +0,0 @@ -- Added API to support resending MDM profiles. diff --git a/changes/17899-add-manual-labels-api b/changes/17899-add-manual-labels-api deleted file mode 100644 index 75f2b4ba1496..000000000000 --- a/changes/17899-add-manual-labels-api +++ /dev/null @@ -1 +0,0 @@ -* Updated the `POST /api/v1/fleet/labels` and `PATCH /api/v1/fleet/labels/{id}` endpoints to support creation and update of manual labels. diff --git a/changes/17927-fix-styling-for-live-query-disabled-warning b/changes/17927-fix-styling-for-live-query-disabled-warning deleted file mode 100644 index 42323137fb79..000000000000 --- a/changes/17927-fix-styling-for-live-query-disabled-warning +++ /dev/null @@ -1 +0,0 @@ -- UI fix: styling of live query disabled warning diff --git a/changes/17946-fleetd-chrome-numbers b/changes/17946-fleetd-chrome-numbers deleted file mode 100644 index c26bffdd51a7..000000000000 --- a/changes/17946-fleetd-chrome-numbers +++ /dev/null @@ -1,2 +0,0 @@ -- Fix a bug where values not derived from "actual" fleetd-chrome tables were not being displayed - correctly (e.g., `SELECT 1` gets its value from the query itself, not a table) diff --git a/changes/18060-host-activity-styling-bugs b/changes/18060-host-activity-styling-bugs deleted file mode 100644 index fb157bbbaf84..000000000000 --- a/changes/18060-host-activity-styling-bugs +++ /dev/null @@ -1 +0,0 @@ -- Styling bug fixes of host details page activities (Remove trailing dash line from last activity, Re-instate padding below last activity) diff --git a/changes/18065-calendar-config-panic b/changes/18065-calendar-config-panic deleted file mode 100644 index 4a4a82176b11..000000000000 --- a/changes/18065-calendar-config-panic +++ /dev/null @@ -1 +0,0 @@ -Fixing potential server panic when events are created with calendar integration, but then global calendar integration is disabled. diff --git a/changes/18081-upload-apple-profile-error-message b/changes/18081-upload-apple-profile-error-message deleted file mode 100644 index 4b6ad0f0da31..000000000000 --- a/changes/18081-upload-apple-profile-error-message +++ /dev/null @@ -1 +0,0 @@ -* Fixed the error message so that it indicates if a conflict error on uploading an Apple profile was caused by the profile's name or its identifier. diff --git a/changes/18083-no-values-in-host-details-query-reports b/changes/18083-no-values-in-host-details-query-reports deleted file mode 100644 index 1c1a19a3673a..000000000000 --- a/changes/18083-no-values-in-host-details-query-reports +++ /dev/null @@ -1 +0,0 @@ -- Fix a bug where values were not being rendered in host-specific query reports. diff --git a/changes/18084-hdp-empty-state-padding b/changes/18084-hdp-empty-state-padding deleted file mode 100644 index 59c7ceb95cab..000000000000 --- a/changes/18084-hdp-empty-state-padding +++ /dev/null @@ -1 +0,0 @@ -- UI fix: padding around empty states of host details page diff --git a/changes/18126-steam-vulns b/changes/18126-steam-vulns deleted file mode 100644 index c80ab6630cfe..000000000000 --- a/changes/18126-steam-vulns +++ /dev/null @@ -1,3 +0,0 @@ -Ignoring Valve Corporation's Steam client's vulnerabilities on Windows and macOS - - On Windows and macOS, the true version of the Steam client (like 2021-04-10) cannot be retrieved by standard methods used on other software. We would need to create custom logic to retrieve the version of the Steam client. - - Steam client automatically updates itself, so security risk is somewhat mitigated. diff --git a/changes/18142-fix-migration-issue-related-to-collation b/changes/18142-fix-migration-issue-related-to-collation deleted file mode 100644 index cf48ada6d864..000000000000 --- a/changes/18142-fix-migration-issue-related-to-collation +++ /dev/null @@ -1 +0,0 @@ -* Fixed an issue with the `20240327115617_CreateTableNanoDDMRequests` database migration where it could fail if the database did not default to the `utf8mb4_unicode_ci` collation. diff --git a/changes/18160-fix-release-device-with-pending-ddm-profiles b/changes/18160-fix-release-device-with-pending-ddm-profiles deleted file mode 100644 index d780f184f383..000000000000 --- a/changes/18160-fix-release-device-with-pending-ddm-profiles +++ /dev/null @@ -1 +0,0 @@ -* Fixed an issue with automatic release of the device after setup when a DDM profile is pending. diff --git a/changes/18256-calendar-feature-url-validation b/changes/18256-calendar-feature-url-validation deleted file mode 100644 index 3866e324c5f2..000000000000 --- a/changes/18256-calendar-feature-url-validation +++ /dev/null @@ -1 +0,0 @@ -- Update calendar events automations to not show error validation on enabling the feature diff --git a/changes/18276-fix-schema-button-location b/changes/18276-fix-schema-button-location deleted file mode 100644 index 8d76c7bc722e..000000000000 --- a/changes/18276-fix-schema-button-location +++ /dev/null @@ -1 +0,0 @@ -* UI Fix to Show schema button location \ No newline at end of file diff --git a/changes/18299-gitops-calendar-validation b/changes/18299-gitops-calendar-validation deleted file mode 100644 index 7de5bae83b0f..000000000000 --- a/changes/18299-gitops-calendar-validation +++ /dev/null @@ -1 +0,0 @@ -Fixed fleetctl gitops dry-run validation issues when enabling calendar integration for the first time. diff --git a/changes/18350-calendar-event-for-invalid-sql b/changes/18350-calendar-event-for-invalid-sql deleted file mode 100644 index def1833cf80a..000000000000 --- a/changes/18350-calendar-event-for-invalid-sql +++ /dev/null @@ -1 +0,0 @@ -For calendar integration, calendar event no longer created when policy has an invalid SQL query. diff --git a/changes/issue-17409-add-ddm-activities-to-ui b/changes/issue-17409-add-ddm-activities-to-ui deleted file mode 100644 index 0c0c267a3221..000000000000 --- a/changes/issue-17409-add-ddm-activities-to-ui +++ /dev/null @@ -1 +0,0 @@ -- add ddm activities to the fleet UI diff --git a/changes/issue-17416-update-ui-to-support-ddm b/changes/issue-17416-update-ui-to-support-ddm deleted file mode 100644 index 3bbe4eaaa930..000000000000 --- a/changes/issue-17416-update-ui-to-support-ddm +++ /dev/null @@ -1 +0,0 @@ -- update UI to support macos DDM profiles. diff --git a/changes/issue-17417-ui-os-updates-ddm b/changes/issue-17417-ui-os-updates-ddm deleted file mode 100644 index 06386f9dc6e9..000000000000 --- a/changes/issue-17417-ui-os-updates-ddm +++ /dev/null @@ -1 +0,0 @@ -- change UI on OS Updates page to show new nudge for macos DDM diff --git a/changes/issue-17476-get-bitlocker-status b/changes/issue-17476-get-bitlocker-status deleted file mode 100644 index fbd4fb78cfed..000000000000 --- a/changes/issue-17476-get-bitlocker-status +++ /dev/null @@ -1,2 +0,0 @@ -- Fixed issue where getting host details failed when attempting to read the host's bitlocker status - from the datastore. diff --git a/changes/issue-17896-ui-resend-profile b/changes/issue-17896-ui-resend-profile deleted file mode 100644 index 3911edd2bfe0..000000000000 --- a/changes/issue-17896-ui-resend-profile +++ /dev/null @@ -1 +0,0 @@ -- add UI for resending a profile for a host on the host details page in the OS Settings modal diff --git a/changes/issue-17898-new-manual-lables b/changes/issue-17898-new-manual-lables deleted file mode 100644 index 99c2eaef873a..000000000000 --- a/changes/issue-17898-new-manual-lables +++ /dev/null @@ -1 +0,0 @@ -- implement manual labels in fleet UI diff --git a/changes/issue-18082-os-settings-stylings b/changes/issue-18082-os-settings-stylings deleted file mode 100644 index 1e3d8dca2cdf..000000000000 --- a/changes/issue-18082-os-settings-stylings +++ /dev/null @@ -1,2 +0,0 @@ -- update styling of os settings modal table to have all cells have the same width and have content -truncated when needed. diff --git a/changes/issue-18483-fix-download-enroll-profile b/changes/issue-18483-fix-download-enroll-profile deleted file mode 100644 index 9a5ce3f68500..000000000000 --- a/changes/issue-18483-fix-download-enroll-profile +++ /dev/null @@ -1 +0,0 @@ -- fix issue with downloading manual enrollment profile on the my device page diff --git a/changes/license-comparison b/changes/license-comparison deleted file mode 100644 index e17ede70fce1..000000000000 --- a/changes/license-comparison +++ /dev/null @@ -1 +0,0 @@ -* Fixed license checks to allow migration and restoring DEP devices during trial diff --git a/changes/min-node-version b/changes/min-node-version deleted file mode 100644 index 61a499cc028b..000000000000 --- a/changes/min-node-version +++ /dev/null @@ -1 +0,0 @@ -- add a minimum supported node version in the package.json diff --git a/charts/fleet/Chart.yaml b/charts/fleet/Chart.yaml index d8c4e0ed212e..6ccfba23e695 100644 --- a/charts/fleet/Chart.yaml +++ b/charts/fleet/Chart.yaml @@ -8,7 +8,7 @@ version: v6.0.2 home: https://github.com/fleetdm/fleet sources: - https://github.com/fleetdm/fleet.git -appVersion: v4.48.3 +appVersion: v4.49.0 dependencies: - name: mysql condition: mysql.enabled diff --git a/charts/fleet/values.yaml b/charts/fleet/values.yaml index c48a3b5df9ee..ee3ec700689c 100644 --- a/charts/fleet/values.yaml +++ b/charts/fleet/values.yaml @@ -2,7 +2,7 @@ # All settings related to how Fleet is deployed in Kubernetes hostName: fleet.localhost replicas: 3 # The number of Fleet instances to deploy -imageTag: v4.48.3 # Version of Fleet to deploy +imageTag: v4.49.0 # Version of Fleet to deploy podAnnotations: {} # Additional annotations to add to the Fleet pod serviceAccountAnnotations: {} # Additional annotations to add to the Fleet service account resources: diff --git a/infrastructure/dogfood/terraform/aws/variables.tf b/infrastructure/dogfood/terraform/aws/variables.tf index 592383ad2dcc..833f16bf3ab6 100644 --- a/infrastructure/dogfood/terraform/aws/variables.tf +++ b/infrastructure/dogfood/terraform/aws/variables.tf @@ -56,7 +56,7 @@ variable "database_name" { variable "fleet_image" { description = "the name of the container image to run" - default = "fleetdm/fleet:v4.48.3" + default = "fleetdm/fleet:v4.49.0" } variable "software_inventory" { diff --git a/infrastructure/dogfood/terraform/gcp/variables.tf b/infrastructure/dogfood/terraform/gcp/variables.tf index a1b08bab806a..2e600c65a7a9 100644 --- a/infrastructure/dogfood/terraform/gcp/variables.tf +++ b/infrastructure/dogfood/terraform/gcp/variables.tf @@ -68,5 +68,5 @@ variable "redis_mem" { } variable "image" { - default = "fleet:v4.48.3" + default = "fleet:v4.49.0" } diff --git a/terraform/README.md b/terraform/README.md index f50b23c952fa..5c5a8cc10332 100644 --- a/terraform/README.md +++ b/terraform/README.md @@ -75,7 +75,7 @@ No resources. | [alb\_config](#input\_alb\_config) | n/a | 
object({
    name                 = optional(string, "fleet")
    security_groups      = optional(list(string), [])
    access_logs          = optional(map(string), {})
    allowed_cidrs        = optional(list(string), ["0.0.0.0/0"])
    allowed_ipv6_cidrs   = optional(list(string), ["::/0"])
    egress_cidrs         = optional(list(string), ["0.0.0.0/0"])
    egress_ipv6_cidrs    = optional(list(string), ["::/0"])
    extra_target_groups  = optional(any, [])
    https_listener_rules = optional(any, [])
    tls_policy           = optional(string, "ELBSecurityPolicy-TLS-1-2-2017-01")
    idle_timeout         = optional(number, 60)
  })
| `{}` | no | | [certificate\_arn](#input\_certificate\_arn) | n/a | `string` | n/a | yes | | [ecs\_cluster](#input\_ecs\_cluster) | The config for the terraform-aws-modules/ecs/aws module | 
object({
    autoscaling_capacity_providers = optional(any, {})
    cluster_configuration = optional(any, {
      execute_command_configuration = {
        logging = "OVERRIDE"
        log_configuration = {
          cloud_watch_log_group_name = "/aws/ecs/aws-ec2"
        }
      }
    })
    cluster_name = optional(string, "fleet")
    cluster_settings = optional(map(string), {
      "name" : "containerInsights",
      "value" : "enabled",
    })
    create                                = optional(bool, true)
    default_capacity_provider_use_fargate = optional(bool, true)
    fargate_capacity_providers = optional(any, {
      FARGATE = {
        default_capacity_provider_strategy = {
          weight = 100
        }
      }
      FARGATE_SPOT = {
        default_capacity_provider_strategy = {
          weight = 0
        }
      }
    })
    tags = optional(map(string))
  })
| 
{
  "autoscaling_capacity_providers": {},
  "cluster_configuration": {
    "execute_command_configuration": {
      "log_configuration": {
        "cloud_watch_log_group_name": "/aws/ecs/aws-ec2"
      },
      "logging": "OVERRIDE"
    }
  },
  "cluster_name": "fleet",
  "cluster_settings": {
    "name": "containerInsights",
    "value": "enabled"
  },
  "create": true,
  "default_capacity_provider_use_fargate": true,
  "fargate_capacity_providers": {
    "FARGATE": {
      "default_capacity_provider_strategy": {
        "weight": 100
      }
    },
    "FARGATE_SPOT": {
      "default_capacity_provider_strategy": {
        "weight": 0
      }
    }
  },
  "tags": {}
}
| no | -| [fleet\_config](#input\_fleet\_config) | The configuration object for Fleet itself. Fields that default to null will have their respective resources created if not specified. | 
object({
    mem                          = optional(number, 4096)
    cpu                          = optional(number, 512)
    image                        = optional(string, "fleetdm/fleet:v4.48.3")
    family                       = optional(string, "fleet")
    sidecars                     = optional(list(any), [])
    depends_on                   = optional(list(any), [])
    mount_points                 = optional(list(any), [])
    volumes                      = optional(list(any), [])
    extra_environment_variables  = optional(map(string), {})
    extra_iam_policies           = optional(list(string), [])
    extra_execution_iam_policies = optional(list(string), [])
    extra_secrets                = optional(map(string), {})
    security_groups              = optional(list(string), null)
    security_group_name          = optional(string, "fleet")
    iam_role_arn                 = optional(string, null)
    repository_credentials       = optional(string, "")
    service = optional(object({
      name = optional(string, "fleet")
      }), {
      name = "fleet"
    })
    database = optional(object({
      password_secret_arn = string
      user                = string
      database            = string
      address             = string
      rr_address          = optional(string, null)
      }), {
      password_secret_arn = null
      user                = null
      database            = null
      address             = null
      rr_address          = null
    })
    redis = optional(object({
      address = string
      use_tls = optional(bool, true)
      }), {
      address = null
      use_tls = true
    })
    awslogs = optional(object({
      name      = optional(string, null)
      region    = optional(string, null)
      create    = optional(bool, true)
      prefix    = optional(string, "fleet")
      retention = optional(number, 5)
      }), {
      name      = null
      region    = null
      prefix    = "fleet"
      retention = 5
    })
    loadbalancer = optional(object({
      arn = string
      }), {
      arn = null
    })
    extra_load_balancers = optional(list(any), [])
    networking = optional(object({
      subnets         = list(string)
      security_groups = optional(list(string), null)
      }), {
      subnets         = null
      security_groups = null
    })
    autoscaling = optional(object({
      max_capacity                 = optional(number, 5)
      min_capacity                 = optional(number, 1)
      memory_tracking_target_value = optional(number, 80)
      cpu_tracking_target_value    = optional(number, 80)
      }), {
      max_capacity                 = 5
      min_capacity                 = 1
      memory_tracking_target_value = 80
      cpu_tracking_target_value    = 80
    })
    iam = optional(object({
      role = optional(object({
        name        = optional(string, "fleet-role")
        policy_name = optional(string, "fleet-iam-policy")
        }), {
        name        = "fleet-role"
        policy_name = "fleet-iam-policy"
      })
      execution = optional(object({
        name        = optional(string, "fleet-execution-role")
        policy_name = optional(string, "fleet-execution-role")
        }), {
        name        = "fleet-execution-role"
        policy_name = "fleet-iam-policy-execution"
      })
      }), {
      name = "fleetdm-execution-role"
    })
  })
| 
{
  "autoscaling": {
    "cpu_tracking_target_value": 80,
    "max_capacity": 5,
    "memory_tracking_target_value": 80,
    "min_capacity": 1
  },
  "awslogs": {
    "create": true,
    "name": null,
    "prefix": "fleet",
    "region": null,
    "retention": 5
  },
  "cpu": 256,
  "database": {
    "address": null,
    "database": null,
    "password_secret_arn": null,
    "rr_address": null,
    "user": null
  },
  "depends_on": [],
  "extra_environment_variables": {},
  "extra_execution_iam_policies": [],
  "extra_iam_policies": [],
  "extra_load_balancers": [],
  "extra_secrets": {},
  "family": "fleet",
  "iam": {
    "execution": {
      "name": "fleet-execution-role",
      "policy_name": "fleet-iam-policy-execution"
    },
    "role": {
      "name": "fleet-role",
      "policy_name": "fleet-iam-policy"
    }
  },
  "iam_role_arn": null,
  "image": "fleetdm/fleet:v4.31.1",
  "loadbalancer": {
    "arn": null
  },
  "mem": 512,
  "mount_points": [],
  "networking": {
    "security_groups": null,
    "subnets": null
  },
  "redis": {
    "address": null,
    "use_tls": true
  },
  "repository_credentials": "",
  "security_group_name": "fleet",
  "security_groups": null,
  "service": {
    "name": "fleet"
  },
  "sidecars": [],
  "volumes": []
}
| no | +| [fleet\_config](#input\_fleet\_config) | The configuration object for Fleet itself. Fields that default to null will have their respective resources created if not specified. | 
object({
    mem                          = optional(number, 4096)
    cpu                          = optional(number, 512)
    image                        = optional(string, "fleetdm/fleet:v4.49.0")
    family                       = optional(string, "fleet")
    sidecars                     = optional(list(any), [])
    depends_on                   = optional(list(any), [])
    mount_points                 = optional(list(any), [])
    volumes                      = optional(list(any), [])
    extra_environment_variables  = optional(map(string), {})
    extra_iam_policies           = optional(list(string), [])
    extra_execution_iam_policies = optional(list(string), [])
    extra_secrets                = optional(map(string), {})
    security_groups              = optional(list(string), null)
    security_group_name          = optional(string, "fleet")
    iam_role_arn                 = optional(string, null)
    repository_credentials       = optional(string, "")
    service = optional(object({
      name = optional(string, "fleet")
      }), {
      name = "fleet"
    })
    database = optional(object({
      password_secret_arn = string
      user                = string
      database            = string
      address             = string
      rr_address          = optional(string, null)
      }), {
      password_secret_arn = null
      user                = null
      database            = null
      address             = null
      rr_address          = null
    })
    redis = optional(object({
      address = string
      use_tls = optional(bool, true)
      }), {
      address = null
      use_tls = true
    })
    awslogs = optional(object({
      name      = optional(string, null)
      region    = optional(string, null)
      create    = optional(bool, true)
      prefix    = optional(string, "fleet")
      retention = optional(number, 5)
      }), {
      name      = null
      region    = null
      prefix    = "fleet"
      retention = 5
    })
    loadbalancer = optional(object({
      arn = string
      }), {
      arn = null
    })
    extra_load_balancers = optional(list(any), [])
    networking = optional(object({
      subnets         = list(string)
      security_groups = optional(list(string), null)
      }), {
      subnets         = null
      security_groups = null
    })
    autoscaling = optional(object({
      max_capacity                 = optional(number, 5)
      min_capacity                 = optional(number, 1)
      memory_tracking_target_value = optional(number, 80)
      cpu_tracking_target_value    = optional(number, 80)
      }), {
      max_capacity                 = 5
      min_capacity                 = 1
      memory_tracking_target_value = 80
      cpu_tracking_target_value    = 80
    })
    iam = optional(object({
      role = optional(object({
        name        = optional(string, "fleet-role")
        policy_name = optional(string, "fleet-iam-policy")
        }), {
        name        = "fleet-role"
        policy_name = "fleet-iam-policy"
      })
      execution = optional(object({
        name        = optional(string, "fleet-execution-role")
        policy_name = optional(string, "fleet-execution-role")
        }), {
        name        = "fleet-execution-role"
        policy_name = "fleet-iam-policy-execution"
      })
      }), {
      name = "fleetdm-execution-role"
    })
  })
| 
{
  "autoscaling": {
    "cpu_tracking_target_value": 80,
    "max_capacity": 5,
    "memory_tracking_target_value": 80,
    "min_capacity": 1
  },
  "awslogs": {
    "create": true,
    "name": null,
    "prefix": "fleet",
    "region": null,
    "retention": 5
  },
  "cpu": 256,
  "database": {
    "address": null,
    "database": null,
    "password_secret_arn": null,
    "rr_address": null,
    "user": null
  },
  "depends_on": [],
  "extra_environment_variables": {},
  "extra_execution_iam_policies": [],
  "extra_iam_policies": [],
  "extra_load_balancers": [],
  "extra_secrets": {},
  "family": "fleet",
  "iam": {
    "execution": {
      "name": "fleet-execution-role",
      "policy_name": "fleet-iam-policy-execution"
    },
    "role": {
      "name": "fleet-role",
      "policy_name": "fleet-iam-policy"
    }
  },
  "iam_role_arn": null,
  "image": "fleetdm/fleet:v4.31.1",
  "loadbalancer": {
    "arn": null
  },
  "mem": 512,
  "mount_points": [],
  "networking": {
    "security_groups": null,
    "subnets": null
  },
  "redis": {
    "address": null,
    "use_tls": true
  },
  "repository_credentials": "",
  "security_group_name": "fleet",
  "security_groups": null,
  "service": {
    "name": "fleet"
  },
  "sidecars": [],
  "volumes": []
}
| no | | [migration\_config](#input\_migration\_config) | The configuration object for Fleet's migration task. | 
object({
    mem = number
    cpu = number
  })
| 
{
  "cpu": 1024,
  "mem": 2048
}
| no | | [rds\_config](#input\_rds\_config) | The config for the terraform-aws-modules/rds-aurora/aws module | 
object({
    name                            = optional(string, "fleet")
    engine_version                  = optional(string, "8.0.mysql_aurora.3.04.2")
    instance_class                  = optional(string, "db.t4g.large")
    subnets                         = optional(list(string), [])
    allowed_security_groups         = optional(list(string), [])
    allowed_cidr_blocks             = optional(list(string), [])
    apply_immediately               = optional(bool, true)
    monitoring_interval             = optional(number, 10)
    db_parameter_group_name         = optional(string)
    db_parameters                   = optional(map(string), {})
    db_cluster_parameter_group_name = optional(string)
    db_cluster_parameters           = optional(map(string), {})
    enabled_cloudwatch_logs_exports = optional(list(string), [])
    master_username                 = optional(string, "fleet")
    snapshot_identifier             = optional(string)
    cluster_tags                    = optional(map(string), {})
  })
| 
{
  "allowed_cidr_blocks": [],
  "allowed_security_groups": [],
  "apply_immediately": true,
  "cluster_tags": {},
  "db_cluster_parameter_group_name": null,
  "db_cluster_parameters": {},
  "db_parameter_group_name": null,
  "db_parameters": {},
  "enabled_cloudwatch_logs_exports": [],
  "engine_version": "8.0.mysql_aurora.3.04.2",
  "instance_class": "db.t4g.large",
  "master_username": "fleet",
  "monitoring_interval": 10,
  "name": "fleet",
  "snapshot_identifier": null,
  "subnets": []
}
| no | | [redis\_config](#input\_redis\_config) | n/a | 
object({
    name                          = optional(string, "fleet")
    replication_group_id          = optional(string)
    elasticache_subnet_group_name = optional(string)
    allowed_security_group_ids    = optional(list(string), [])
    subnets                       = optional(list(string))
    availability_zones            = optional(list(string))
    cluster_size                  = optional(number, 3)
    instance_type                 = optional(string, "cache.m5.large")
    apply_immediately             = optional(bool, true)
    automatic_failover_enabled    = optional(bool, false)
    engine_version                = optional(string, "6.x")
    family                        = optional(string, "redis6.x")
    at_rest_encryption_enabled    = optional(bool, true)
    transit_encryption_enabled    = optional(bool, true)
    parameter = optional(list(object({
      name  = string
      value = string
    })), [])
    log_delivery_configuration = optional(list(map(any)), [])
    tags                       = optional(map(string), {})
  })
| 
{
  "allowed_security_group_ids": [],
  "apply_immediately": true,
  "at_rest_encryption_enabled": true,
  "automatic_failover_enabled": false,
  "availability_zones": null,
  "cluster_size": 3,
  "elasticache_subnet_group_name": null,
  "engine_version": "6.x",
  "family": "redis6.x",
  "instance_type": "cache.m5.large",
  "log_delivery_configuration": [],
  "name": "fleet",
  "parameter": [],
  "replication_group_id": null,
  "subnets": null,
  "tags": {},
  "transit_encryption_enabled": true
}
| no | diff --git a/terraform/byo-vpc/README.md b/terraform/byo-vpc/README.md index 651d206147dc..bd18a989e2a5 100644 --- a/terraform/byo-vpc/README.md +++ b/terraform/byo-vpc/README.md @@ -34,7 +34,7 @@ No requirements. | [alb\_config](#input\_alb\_config) | n/a | 
object({
    name                 = optional(string, "fleet")
    subnets              = list(string)
    security_groups      = optional(list(string), [])
    access_logs          = optional(map(string), {})
    certificate_arn      = string
    allowed_cidrs        = optional(list(string), ["0.0.0.0/0"])
    allowed_ipv6_cidrs   = optional(list(string), ["::/0"])
    egress_cidrs         = optional(list(string), ["0.0.0.0/0"])
    egress_ipv6_cidrs    = optional(list(string), ["::/0"])
    extra_target_groups  = optional(any, [])
    https_listener_rules = optional(any, [])
    tls_policy           = optional(string, "ELBSecurityPolicy-TLS-1-2-2017-01")
    idle_timeout         = optional(number, 60)
  })
| n/a | yes | | [ecs\_cluster](#input\_ecs\_cluster) | The config for the terraform-aws-modules/ecs/aws module | 
object({
    autoscaling_capacity_providers = optional(any, {})
    cluster_configuration = optional(any, {
      execute_command_configuration = {
        logging = "OVERRIDE"
        log_configuration = {
          cloud_watch_log_group_name = "/aws/ecs/aws-ec2"
        }
      }
    })
    cluster_name = optional(string, "fleet")
    cluster_settings = optional(map(string), {
      "name" : "containerInsights",
      "value" : "enabled",
    })
    create                                = optional(bool, true)
    default_capacity_provider_use_fargate = optional(bool, true)
    fargate_capacity_providers = optional(any, {
      FARGATE = {
        default_capacity_provider_strategy = {
          weight = 100
        }
      }
      FARGATE_SPOT = {
        default_capacity_provider_strategy = {
          weight = 0
        }
      }
    })
    tags = optional(map(string))
  })
| 
{
  "autoscaling_capacity_providers": {},
  "cluster_configuration": {
    "execute_command_configuration": {
      "log_configuration": {
        "cloud_watch_log_group_name": "/aws/ecs/aws-ec2"
      },
      "logging": "OVERRIDE"
    }
  },
  "cluster_name": "fleet",
  "cluster_settings": {
    "name": "containerInsights",
    "value": "enabled"
  },
  "create": true,
  "default_capacity_provider_use_fargate": true,
  "fargate_capacity_providers": {
    "FARGATE": {
      "default_capacity_provider_strategy": {
        "weight": 100
      }
    },
    "FARGATE_SPOT": {
      "default_capacity_provider_strategy": {
        "weight": 0
      }
    }
  },
  "tags": {}
}
| no | <<<<<<< HEAD -| [fleet\_config](#input\_fleet\_config) | The configuration object for Fleet itself. Fields that default to null will have their respective resources created if not specified. | 
object({
    mem                          = optional(number, 4096)
    cpu                          = optional(number, 512)
    image                        = optional(string, "fleetdm/fleet:v4.48.3")
    family                       = optional(string, "fleet")
    sidecars                     = optional(list(any), [])
    depends_on                   = optional(list(any), [])
    mount_points                 = optional(list(any), [])
    volumes                      = optional(list(any), [])
    extra_environment_variables  = optional(map(string), {})
    extra_iam_policies           = optional(list(string), [])
    extra_execution_iam_policies = optional(list(string), [])
    extra_secrets                = optional(map(string), {})
    security_groups              = optional(list(string), null)
    security_group_name          = optional(string, "fleet")
    iam_role_arn                 = optional(string, null)
    service = optional(object({
      name = optional(string, "fleet")
      }), {
      name = "fleet"
    })
    database = optional(object({
      password_secret_arn = string
      user                = string
      database            = string
      address             = string
      rr_address          = optional(string, null)
      }), {
      password_secret_arn = null
      user                = null
      database            = null
      address             = null
      rr_address          = null
    })
    redis = optional(object({
      address = string
      use_tls = optional(bool, true)
      }), {
      address = null
      use_tls = true
    })
    awslogs = optional(object({
      name      = optional(string, null)
      region    = optional(string, null)
      create    = optional(bool, true)
      prefix    = optional(string, "fleet")
      retention = optional(number, 5)
      }), {
      name      = null
      region    = null
      prefix    = "fleet"
      retention = 5
    })
    loadbalancer = optional(object({
      arn = string
      }), {
      arn = null
    })
    extra_load_balancers = optional(list(any), [])
    networking = optional(object({
      subnets         = list(string)
      security_groups = optional(list(string), null)
      }), {
      subnets         = null
      security_groups = null
    })
    autoscaling = optional(object({
      max_capacity                 = optional(number, 5)
      min_capacity                 = optional(number, 1)
      memory_tracking_target_value = optional(number, 80)
      cpu_tracking_target_value    = optional(number, 80)
      }), {
      max_capacity                 = 5
      min_capacity                 = 1
      memory_tracking_target_value = 80
      cpu_tracking_target_value    = 80
    })
    iam = optional(object({
      role = optional(object({
        name        = optional(string, "fleet-role")
        policy_name = optional(string, "fleet-iam-policy")
        }), {
        name        = "fleet-role"
        policy_name = "fleet-iam-policy"
      })
      execution = optional(object({
        name        = optional(string, "fleet-execution-role")
        policy_name = optional(string, "fleet-execution-role")
        }), {
        name        = "fleet-execution-role"
        policy_name = "fleet-iam-policy-execution"
      })
      }), {
      name = "fleetdm-execution-role"
    })
  })
| 
{
  "autoscaling": {
    "cpu_tracking_target_value": 80,
    "max_capacity": 5,
    "memory_tracking_target_value": 80,
    "min_capacity": 1
  },
  "awslogs": {
    "create": true,
    "name": null,
    "prefix": "fleet",
    "region": null,
    "retention": 5
  },
  "cpu": 256,
  "database": {
    "address": null,
    "database": null,
    "password_secret_arn": null,
    "rr_address": null,
    "user": null
  },
  "depends_on": [],
  "extra_environment_variables": {},
  "extra_execution_iam_policies": [],
  "extra_iam_policies": [],
  "extra_load_balancers": [],
  "extra_secrets": {},
  "family": "fleet",
  "iam": {
    "execution": {
      "name": "fleet-execution-role",
      "policy_name": "fleet-iam-policy-execution"
    },
    "role": {
      "name": "fleet-role",
      "policy_name": "fleet-iam-policy"
    }
  },
  "iam_role_arn": null,
  "image": "fleetdm/fleet:v4.31.1",
  "loadbalancer": {
    "arn": null
  },
  "mem": 512,
  "mount_points": [],
  "networking": {
    "security_groups": null,
    "subnets": null
  },
  "redis": {
    "address": null,
    "use_tls": true
  },
  "security_group_name": "fleet",
  "security_groups": null,
  "service": {
    "name": "fleet"
  },
  "sidecars": [],
  "volumes": []
}
| no | +| [fleet\_config](#input\_fleet\_config) | The configuration object for Fleet itself. Fields that default to null will have their respective resources created if not specified. | 
object({
    mem                          = optional(number, 4096)
    cpu                          = optional(number, 512)
    image                        = optional(string, "fleetdm/fleet:v4.49.0")
    family                       = optional(string, "fleet")
    sidecars                     = optional(list(any), [])
    depends_on                   = optional(list(any), [])
    mount_points                 = optional(list(any), [])
    volumes                      = optional(list(any), [])
    extra_environment_variables  = optional(map(string), {})
    extra_iam_policies           = optional(list(string), [])
    extra_execution_iam_policies = optional(list(string), [])
    extra_secrets                = optional(map(string), {})
    security_groups              = optional(list(string), null)
    security_group_name          = optional(string, "fleet")
    iam_role_arn                 = optional(string, null)
    service = optional(object({
      name = optional(string, "fleet")
      }), {
      name = "fleet"
    })
    database = optional(object({
      password_secret_arn = string
      user                = string
      database            = string
      address             = string
      rr_address          = optional(string, null)
      }), {
      password_secret_arn = null
      user                = null
      database            = null
      address             = null
      rr_address          = null
    })
    redis = optional(object({
      address = string
      use_tls = optional(bool, true)
      }), {
      address = null
      use_tls = true
    })
    awslogs = optional(object({
      name      = optional(string, null)
      region    = optional(string, null)
      create    = optional(bool, true)
      prefix    = optional(string, "fleet")
      retention = optional(number, 5)
      }), {
      name      = null
      region    = null
      prefix    = "fleet"
      retention = 5
    })
    loadbalancer = optional(object({
      arn = string
      }), {
      arn = null
    })
    extra_load_balancers = optional(list(any), [])
    networking = optional(object({
      subnets         = list(string)
      security_groups = optional(list(string), null)
      }), {
      subnets         = null
      security_groups = null
    })
    autoscaling = optional(object({
      max_capacity                 = optional(number, 5)
      min_capacity                 = optional(number, 1)
      memory_tracking_target_value = optional(number, 80)
      cpu_tracking_target_value    = optional(number, 80)
      }), {
      max_capacity                 = 5
      min_capacity                 = 1
      memory_tracking_target_value = 80
      cpu_tracking_target_value    = 80
    })
    iam = optional(object({
      role = optional(object({
        name        = optional(string, "fleet-role")
        policy_name = optional(string, "fleet-iam-policy")
        }), {
        name        = "fleet-role"
        policy_name = "fleet-iam-policy"
      })
      execution = optional(object({
        name        = optional(string, "fleet-execution-role")
        policy_name = optional(string, "fleet-execution-role")
        }), {
        name        = "fleet-execution-role"
        policy_name = "fleet-iam-policy-execution"
      })
      }), {
      name = "fleetdm-execution-role"
    })
  })
| 
{
  "autoscaling": {
    "cpu_tracking_target_value": 80,
    "max_capacity": 5,
    "memory_tracking_target_value": 80,
    "min_capacity": 1
  },
  "awslogs": {
    "create": true,
    "name": null,
    "prefix": "fleet",
    "region": null,
    "retention": 5
  },
  "cpu": 256,
  "database": {
    "address": null,
    "database": null,
    "password_secret_arn": null,
    "rr_address": null,
    "user": null
  },
  "depends_on": [],
  "extra_environment_variables": {},
  "extra_execution_iam_policies": [],
  "extra_iam_policies": [],
  "extra_load_balancers": [],
  "extra_secrets": {},
  "family": "fleet",
  "iam": {
    "execution": {
      "name": "fleet-execution-role",
      "policy_name": "fleet-iam-policy-execution"
    },
    "role": {
      "name": "fleet-role",
      "policy_name": "fleet-iam-policy"
    }
  },
  "iam_role_arn": null,
  "image": "fleetdm/fleet:v4.31.1",
  "loadbalancer": {
    "arn": null
  },
  "mem": 512,
  "mount_points": [],
  "networking": {
    "security_groups": null,
    "subnets": null
  },
  "redis": {
    "address": null,
    "use_tls": true
  },
  "security_group_name": "fleet",
  "security_groups": null,
  "service": {
    "name": "fleet"
  },
  "sidecars": [],
  "volumes": []
}
| no | ======= | [fleet\_config](#input\_fleet\_config) | The configuration object for Fleet itself. Fields that default to null will have their respective resources created if not specified. | 
object({
    mem                          = optional(number, 4096)
    cpu                          = optional(number, 512)
    image                        = optional(string, "fleetdm/fleet:v4.48.0")
    family                       = optional(string, "fleet")
    sidecars                     = optional(list(any), [])
    depends_on                   = optional(list(any), [])
    mount_points                 = optional(list(any), [])
    volumes                      = optional(list(any), [])
    extra_environment_variables  = optional(map(string), {})
    extra_iam_policies           = optional(list(string), [])
    extra_execution_iam_policies = optional(list(string), [])
    extra_secrets                = optional(map(string), {})
    security_groups              = optional(list(string), null)
    security_group_name          = optional(string, "fleet")
    iam_role_arn                 = optional(string, null)
    repository_credentials       = optional(string, "")
    service = optional(object({
      name = optional(string, "fleet")
      }), {
      name = "fleet"
    })
    database = optional(object({
      password_secret_arn = string
      user                = string
      database            = string
      address             = string
      rr_address          = optional(string, null)
      }), {
      password_secret_arn = null
      user                = null
      database            = null
      address             = null
      rr_address          = null
    })
    redis = optional(object({
      address = string
      use_tls = optional(bool, true)
      }), {
      address = null
      use_tls = true
    })
    awslogs = optional(object({
      name      = optional(string, null)
      region    = optional(string, null)
      create    = optional(bool, true)
      prefix    = optional(string, "fleet")
      retention = optional(number, 5)
      }), {
      name      = null
      region    = null
      prefix    = "fleet"
      retention = 5
    })
    loadbalancer = optional(object({
      arn = string
      }), {
      arn = null
    })
    extra_load_balancers = optional(list(any), [])
    networking = optional(object({
      subnets         = list(string)
      security_groups = optional(list(string), null)
      }), {
      subnets         = null
      security_groups = null
    })
    autoscaling = optional(object({
      max_capacity                 = optional(number, 5)
      min_capacity                 = optional(number, 1)
      memory_tracking_target_value = optional(number, 80)
      cpu_tracking_target_value    = optional(number, 80)
      }), {
      max_capacity                 = 5
      min_capacity                 = 1
      memory_tracking_target_value = 80
      cpu_tracking_target_value    = 80
    })
    iam = optional(object({
      role = optional(object({
        name        = optional(string, "fleet-role")
        policy_name = optional(string, "fleet-iam-policy")
        }), {
        name        = "fleet-role"
        policy_name = "fleet-iam-policy"
      })
      execution = optional(object({
        name        = optional(string, "fleet-execution-role")
        policy_name = optional(string, "fleet-execution-role")
        }), {
        name        = "fleet-execution-role"
        policy_name = "fleet-iam-policy-execution"
      })
      }), {
      name = "fleetdm-execution-role"
    })
  })
| 
{
  "autoscaling": {
    "cpu_tracking_target_value": 80,
    "max_capacity": 5,
    "memory_tracking_target_value": 80,
    "min_capacity": 1
  },
  "awslogs": {
    "create": true,
    "name": null,
    "prefix": "fleet",
    "region": null,
    "retention": 5
  },
  "cpu": 256,
  "database": {
    "address": null,
    "database": null,
    "password_secret_arn": null,
    "rr_address": null,
    "user": null
  },
  "depends_on": [],
  "extra_environment_variables": {},
  "extra_execution_iam_policies": [],
  "extra_iam_policies": [],
  "extra_load_balancers": [],
  "extra_secrets": {},
  "family": "fleet",
  "iam": {
    "execution": {
      "name": "fleet-execution-role",
      "policy_name": "fleet-iam-policy-execution"
    },
    "role": {
      "name": "fleet-role",
      "policy_name": "fleet-iam-policy"
    }
  },
  "iam_role_arn": null,
  "image": "fleetdm/fleet:v4.31.1",
  "loadbalancer": {
    "arn": null
  },
  "mem": 512,
  "mount_points": [],
  "networking": {
    "security_groups": null,
    "subnets": null
  },
  "redis": {
    "address": null,
    "use_tls": true
  },
  "repository_credentials": "",
  "security_group_name": "fleet",
  "security_groups": null,
  "service": {
    "name": "fleet"
  },
  "sidecars": [],
  "volumes": []
}
| no | >>>>>>> 025004bcf (support private registry in the ecs task definition) diff --git a/terraform/byo-vpc/byo-db/byo-ecs/variables.tf b/terraform/byo-vpc/byo-db/byo-ecs/variables.tf index 907f153cb292..e1b4e0e9c1e2 100644 --- a/terraform/byo-vpc/byo-db/byo-ecs/variables.tf +++ b/terraform/byo-vpc/byo-db/byo-ecs/variables.tf @@ -13,7 +13,7 @@ variable "fleet_config" { type = object({ mem = optional(number, 4096) cpu = optional(number, 512) - image = optional(string, "fleetdm/fleet:v4.48.3") + image = optional(string, "fleetdm/fleet:v4.49.0") family = optional(string, "fleet") sidecars = optional(list(any), []) depends_on = optional(list(any), []) diff --git a/terraform/byo-vpc/byo-db/variables.tf b/terraform/byo-vpc/byo-db/variables.tf index ca169eebfa54..b3f21d59b13a 100644 --- a/terraform/byo-vpc/byo-db/variables.tf +++ b/terraform/byo-vpc/byo-db/variables.tf @@ -74,7 +74,7 @@ variable "fleet_config" { type = object({ mem = optional(number, 4096) cpu = optional(number, 512) - image = optional(string, "fleetdm/fleet:v4.48.3") + image = optional(string, "fleetdm/fleet:v4.49.0") family = optional(string, "fleet") sidecars = optional(list(any), []) depends_on = optional(list(any), []) diff --git a/terraform/byo-vpc/example/main.tf b/terraform/byo-vpc/example/main.tf index 897ec9ef89bc..f4b0598e6e41 100644 --- a/terraform/byo-vpc/example/main.tf +++ b/terraform/byo-vpc/example/main.tf @@ -17,7 +17,7 @@ provider "aws" { } locals { - fleet_image = "fleetdm/fleet:v4.48.3" + fleet_image = "fleetdm/fleet:v4.49.0" domain_name = "example.com" } diff --git a/terraform/byo-vpc/variables.tf b/terraform/byo-vpc/variables.tf index 66ed4ef16836..1d573585516d 100644 --- a/terraform/byo-vpc/variables.tf +++ b/terraform/byo-vpc/variables.tf @@ -167,7 +167,7 @@ variable "fleet_config" { type = object({ mem = optional(number, 4096) cpu = optional(number, 512) - image = optional(string, "fleetdm/fleet:v4.48.3") + image = optional(string, "fleetdm/fleet:v4.49.0") family = optional(string, "fleet") sidecars = optional(list(any), []) depends_on = optional(list(any), []) diff --git a/terraform/example/main.tf b/terraform/example/main.tf index 9b1b314ff51a..f272c8958d7e 100644 --- a/terraform/example/main.tf +++ b/terraform/example/main.tf @@ -59,8 +59,8 @@ module "fleet" { fleet_config = { # To avoid pull-rate limiting from dockerhub, consider using our quay.io mirror - # for the Fleet image. e.g. "quay.io/fleetdm/fleet:v4.48.3" - image = "fleetdm/fleet:v4.48.3" # override default to deploy the image you desire + # for the Fleet image. e.g. "quay.io/fleetdm/fleet:v4.49.0" + image = "fleetdm/fleet:v4.49.0" # override default to deploy the image you desire # See https://fleetdm.com/docs/deploy/reference-architectures#aws for appropriate scaling # memory and cpu. autoscaling = { diff --git a/terraform/variables.tf b/terraform/variables.tf index d72f733ea17d..ee42f916a378 100644 --- a/terraform/variables.tf +++ b/terraform/variables.tf @@ -215,7 +215,7 @@ variable "fleet_config" { type = object({ mem = optional(number, 4096) cpu = optional(number, 512) - image = optional(string, "fleetdm/fleet:v4.48.3") + image = optional(string, "fleetdm/fleet:v4.49.0") family = optional(string, "fleet") sidecars = optional(list(any), []) depends_on = optional(list(any), []) diff --git a/tools/fleetctl-npm/package.json b/tools/fleetctl-npm/package.json index cc84162fe067..27b188c7c5a5 100644 --- a/tools/fleetctl-npm/package.json +++ b/tools/fleetctl-npm/package.json @@ -1,6 +1,6 @@ { "name": "fleetctl", - "version": "v4.48.3", + "version": "v4.49.0", "description": "Installer for the fleetctl CLI tool", "bin": { "fleetctl": "./run.js"