Add tool tip public IP explaining edge cases where this may not report what the user expects #9857
Assignees
Labels
bug
Something isn't working as documented
#g-endpoint-ops
Endpoint ops product group
:release
Ready to write code. Scheduled in a release. See "Making changes" in handbook.
Milestone
Comments
zayhanlon
added
bug
2 tasks
lucasmrod
added a commit
that referenced
this issue
Feb 17, 2023
#9857 The "Public IP address" field is sometimes set to a "Private IP" on the following types of Fleet deployments: - Local deployments. - Deployments where Fleet is on a private network. - Deployments where an agent connects to Fleet not via the public internet. This PR will prevent a private IP to be set on the `host.public_ip` field. And this PR also adds documentation on how Fleet deduces the public IPs of the devices so that a user can make the changes to fix this. - [X] Changes file added for user-visible changes in `changes/` or `orbit/changes/`. See [Changes files](https://fleetdm.com/docs/contributing/committing-changes#changes-files) for more information. - ~[ ] Documented any API changes (docs/Using-Fleet/REST-API.md or docs/Contributing/API-for-contributors.md)~ - ~[ ] Documented any permissions changes~ - ~[ ] Input data is properly validated, `SELECT *` is avoided, SQL injection is prevented (using placeholders for values in statements)~ - ~[ ] Added support on fleet's osquery simulator `cmd/osquery-perf` for new osquery data ingestion features.~ - ~[ ] Added/updated tests~ - [X] Manual QA for all new/changed functionality - ~For Orbit and Fleet Desktop changes:~ - ~[ ] Manual QA must be performed in the three main OSs, macOS, Windows and Linux.~ - ~[ ] Auto-update manual QA, from released version of component to new version (see [tools/tuf/test](../tools/tuf/test/README.md)).~
2 tasks
|
@RachelElysia I am seeing the desired behavior on the my device and /hosts/# pages, but the tooltip does not appear when hovering over the '---' on the /hosts/manage page. The behavior is consistent across chrome, firefox, and safari (beta) missing.host.ip.tooltip.mov |
juan-fdz-hawa
pushed a commit
that referenced
this issue
Feb 21, 2023
#9857 The "Public IP address" field is sometimes set to a "Private IP" on the following types of Fleet deployments: - Local deployments. - Deployments where Fleet is on a private network. - Deployments where an agent connects to Fleet not via the public internet. This PR will prevent a private IP to be set on the `host.public_ip` field. And this PR also adds documentation on how Fleet deduces the public IPs of the devices so that a user can make the changes to fix this. - [X] Changes file added for user-visible changes in `changes/` or `orbit/changes/`. See [Changes files](https://fleetdm.com/docs/contributing/committing-changes#changes-files) for more information. - ~[ ] Documented any API changes (docs/Using-Fleet/REST-API.md or docs/Contributing/API-for-contributors.md)~ - ~[ ] Documented any permissions changes~ - ~[ ] Input data is properly validated, `SELECT *` is avoided, SQL injection is prevented (using placeholders for values in statements)~ - ~[ ] Added support on fleet's osquery simulator `cmd/osquery-perf` for new osquery data ingestion features.~ - ~[ ] Added/updated tests~ - [X] Manual QA for all new/changed functionality - ~For Orbit and Fleet Desktop changes:~ - ~[ ] Manual QA must be performed in the three main OSs, macOS, Windows and Linux.~ - ~[ ] Auto-update manual QA, from released version of component to new version (see [tools/tuf/test](../tools/tuf/test/README.md)).~
@xpkoala Typo fix merged, can you qa again? Sorry! |
|
Totes! Thank you. |
|
Tooltip so clear, |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Fleet version: (head to the "My account" page in the Fleet UI or run
fleetctl --version)Operating system: (e.g. macOS 11.2.3)
Web browser: (e.g. Chrome 88.0.4324)
π§βπ» Expected behavior
Private / public IP address fields for the clients should show an RFC1918 address for private and a public IPv4 or IPv6 address for the public IP.
π₯ Actual behavior
Private / public IP address fields for the clients show misleading information. Single stack (IPv4 only) Mac clients show the same address for their public and private address, and dual stack (IPv4 + IPv6) RHEL9 clients show the public IPv4 address as their private address and the IPv6 address as their public address.
More info
"Public IP"
Fleet uses the following three headers to deduce the host's Public IP:
fleet/server/service/http_publicip.go
Lines 10 to 12 in 35e513a
var trueClientIP = http.CanonicalHeaderKey("True-Client-IP")
var xForwardedFor = http.CanonicalHeaderKey("X-Forwarded-For")
var xRealIP = http.CanonicalHeaderKey("X-Real-IP")
This might be a problem if Fleet is not publicly accessible or if those headers are not set by a proxy (when there's a proxy in between agents and Fleet, that is: agents -> proxy -> Fleet), is that your case?
The text was updated successfully, but these errors were encountered: