Merge branch 'main' into feat-automatic-migrate-windows-hosts

CHANGELOG.md

@@ -1,3 +1,52 @@
+## Fleet 4.60.0 (Nov 27, 2024)
+
+### Endpoint operations
+- Added support for labels_include_any to gitops.
+- Added major improvements to keyboard accessibility throughout app (e.g. checkboxes, dropdowns, table navigation).
+- Added activity item for `fleetd` enrollment with host serial and display name.
+- Added capability for Fleet to serve YARA rules to agents over HTTPS authenticated via node key (requires osquery 5.14+).
+- Added a query to allow users to turn on/off automations while being transparent of the current log destination.
+- Updated UI to allow users to view scripts (from both the scripts page and host details page) without downloading them.
+- Updated activity feed to generate an activity when activity automations are enabled, edited, or disabled.
+- Cancelled pending script executions when a script is edited or deleted.
+
+### Device management (MDM)
+- Added better handling of timeout and insufficient permissions errors in NDES SCEP proxy.
+- Added info banner for cloud customers to help with their windows autoenrollment setup.
+- Added DB support for "include any" label profile deployment.
+- Added support for "include any" label/profile relationships to the profile reconciliation machinery.
+- Added `team_identifier` signature information to Apple macOS applications to the `/api/latest/fleet/hosts/:id/software` API endpoint.
+- Added indicator of how fresh a software title's host and version counts are on the title's details page.
+- Added UI for allowing users to install custom profiles on hosts that include any of the defined labels.
+- Added UI features supporting disk encryption for Ubuntu and Fedora Linux.
+- Added support for deb packages compressed with zstd.
+
+### Vulnerability management
+- Allowed skipping computationally heavy population of vulnerability details when populating host software on hosts list endpoint (`GET /api/latest/fleet/hosts`) when using Fleet Premium (`populate_software=without_vulnerability_descriptions`).
+
+### Bug fixes and improvements
+- Improved memory usage of the Fleet server when uploading a large software installer file. Note that the installer will now use (temporary) disk space and sufficient storage space is required.
+- Improved performance of adding and removing profiles to large teams by an order of magnitude.
+- Disabled accessibility via keyboard for forms that are disabled via a slider.
+- Updated software batch endpoint status code from 200 (OK) to 202 (Accepted).
+- Updated a package used for testing (msw) to improve security.
+- Updated to reboot linux machine on unlock to work around GDM bug on Ubuntu 24.04.
+- Updated GitOps to return an error if the deprecated `apple_bm_default_team` key is used and there are more than 1 ABM tokens in Fleet.
+- Dismissed error flash on the my device page when navigating to another URL.
+- Modified the Fleet setup experience feature to not run if there is no software or script configured for the setup experience.
+- Set a more accurate minimum height for the Add hosts > ChromeOS > Policy for extension field, avoiding a scrollbar.
+- Added UI prompt for user to reenter the password if SCEP/NDES url or username has changed.
+- Updated ABM public key to download as as PEM format instead of CRT.
+- Fixed issue with uploading macOS software packages that do not have a top level `Distribution.xml`, but do have a top level `PackageInfo.xml`. For example, Okta Verify.app.
+- Fixed some cases where Fleet Maintained Apps generated incorrect uninstall scripts.
+- Fixed a bug where a device that was removed from ABM and then added back wouldn't properly re-enroll in Fleet MDM.
+- Fixed name/version parsing issue with PE (EXE) installer self-extracting archives such as Opera.
+- Fixed a bug where the create and update label endpoints could return outdated information in a deployment using a mysql replica.
+- Fixed the MDM configuration profiles deployment when based on excluded labels.
+- Fixed gitops path resolution for installer queries and scripts to always be relative to where the query file or script is referenced. This change breaks existing YAML files that had to account for previous inconsistent behavior (e.g. installers in a subdirectory referencing scripts elsewhere).
+- Fixed issue where minimum OS version enforcement was not being applied during Apple ADE if MDM IdP integration was enabled.
+- Fixed a bug where users would be allowed to attempt an install of an App Store app on a host that was not MDM enrolled.
+
 ## Fleet 4.59.1 (Nov 18, 2024)
 
 ### Bug fixes

changes/21908-replace-mozilla-pkcs7

@@ -0,0 +1 @@
+* Replaced the internal use of the deprecated `go.mozilla.org/pkcs7` package with the maintained fork `github.com/smallstep/pkcs7`.

changes/23462-show-windows-mdm-wstep-options

@@ -0,0 +1 @@
+- Display Windows MDM WSTEP flags in `fleet --help`.

charts/fleet/Chart.yaml

@@ -4,11 +4,11 @@ name: fleet
 keywords:
   - fleet
   - osquery
-version: v6.2.2
+version: v6.2.3
 home: https://github.com/fleetdm/fleet
 sources:
   - https://github.com/fleetdm/fleet.git
-appVersion: v4.59.1
+appVersion: v4.60.0
 dependencies:
   - name: mysql
     condition: mysql.enabled

charts/fleet/values.yaml

@@ -3,7 +3,7 @@
 hostName: fleet.localhost
 replicas: 3 # The number of Fleet instances to deploy
 imageRepository: fleetdm/fleet
-imageTag: v4.59.1 # Version of Fleet to deploy
+imageTag: v4.60.0 # Version of Fleet to deploy
 podAnnotations: {} # Additional annotations to add to the Fleet pod
 serviceAccountAnnotations: {} # Additional annotations to add to the Fleet service account
 resources:

frontend/components/Modal/Modal.tsx

@@ -37,7 +37,6 @@ export interface IModalProps {
    * */
   disableClosingModal?: boolean;
   className?: string;
-  actionsFooter?: JSX.Element;
 }
 
 const Modal = ({
@@ -51,7 +50,6 @@ const Modal = ({
   isContentDisabled = false,
   disableClosingModal = false,
   className,
-  actionsFooter,
 }: IModalProps): JSX.Element => {
   useEffect(() => {
     const closeWithEscapeKey = (e: KeyboardEvent) => {
@@ -127,9 +125,6 @@ const Modal = ({
           )}
           <div className={contentClasses}>{children}</div>
         </div>
-        {actionsFooter && (
-          <div className={`${baseClass}__actions-footer`}>{actionsFooter}</div>
-        )}
       </div>
     </div>
   );

frontend/components/Modal/_styles.scss

@@ -25,17 +25,9 @@
   &__content-wrapper {
     margin-top: $pad-large;
     font-size: $x-small;
-    // New pattern of max height modals pushed to 4.61 with PR #24019
-    overflow: visible;
 
     .input-field {
       width: 100%;
-
-      &::placeholder {
-        font-size: $x-small;
-        font-style: italic;
-        line-height: 24px;
-      }
     }
 
     form .modal-cta-wrap,
@@ -142,6 +134,11 @@
   }
 }
 
+.modal-scrollable-content {
+  overflow-y: auto;
+  max-height: 705px;
+}
+
 .modal-cta-wrap {
   align-self: flex-end;
   display: flex;

frontend/components/ModalFooter/ModalFooter.stories.tsx

@@ -0,0 +1,63 @@
+/* eslint-disable no-alert */
+import React from "react";
+import { Meta, Story } from "@storybook/react";
+
+import Button from "components/buttons/Button";
+import Icon from "components/Icon";
+import ActionsDropdown from "components/ActionsDropdown";
+import ModalFooter from "./ModalFooter";
+
+export default {
+  title: "Components/ModalFooter",
+  component: ModalFooter,
+} as Meta;
+
+const Template: Story = (args) => (
+  <ModalFooter primaryButtons={<></>} {...args} />
+);
+
+export const Default = Template.bind({});
+Default.args = {
+  primaryButtons: (
+    <>
+      <ActionsDropdown
+        className="modal-footer__manage-automations-dropdown"
+        onChange={(value) => alert(`Selected action: ${value}`)}
+        placeholder="More actions"
+        isSearchable={false}
+        options={[
+          { value: "action1", label: "Action 1" },
+          { value: "action2", label: "Action 2" },
+        ]}
+        menuPlacement="top"
+      />
+      <Button onClick={() => alert("Done clicked")} variant="brand">
+        Done
+      </Button>
+    </>
+  ),
+  secondaryButtons: (
+    <>
+      <Button variant="icon" onClick={() => alert("Download clicked")}>
+        <Icon name="download" />
+      </Button>
+      <Button variant="icon" onClick={() => alert("Delete clicked")}>
+        <Icon name="trash" color="ui-fleet-black-75" />
+      </Button>
+    </>
+  ),
+  isTopScrolling: false,
+};
+
+export const WithTopScrolling = Template.bind({});
+WithTopScrolling.args = {
+  ...Default.args,
+  isTopScrolling: true,
+};
+
+export const WithoutSecondaryButtons = Template.bind({});
+WithoutSecondaryButtons.args = {
+  primaryButtons: Default.args.primaryButtons,
+  secondaryButtons: undefined,
+  isTopScrolling: false,
+};

frontend/components/ModalFooter/ModalFooter.tsx

@@ -0,0 +1,44 @@
+import React from "react";
+import classnames from "classnames";
+import { COLORS } from "styles/var/colors";
+
+const baseClass = "modal-footer";
+
+interface IModalFooterProps {
+  primaryButtons: JSX.Element;
+  secondaryButtons?: JSX.Element;
+  className?: string;
+  /** Renders a line above action buttons to indicate scrollability */
+  isTopScrolling?: boolean;
+}
+
+const ModalFooter = ({
+  primaryButtons,
+  secondaryButtons,
+  className,
+  isTopScrolling = false,
+}: IModalFooterProps): JSX.Element => {
+  const classes = classnames(className, `${baseClass}__content-wrapper`);
+
+  return (
+    <div
+      className={classes}
+      style={{
+        borderTop: isTopScrolling
+          ? `1px solid ${COLORS["ui-fleet-black-50"]}`
+          : "none",
+      }}
+    >
+      <div className={`${baseClass}__primary-buttons-wrapper`}>
+        {primaryButtons}
+      </div>
+      {secondaryButtons && (
+        <div className={`${baseClass}__secondary-buttons-wrapper`}>
+          {secondaryButtons}
+        </div>
+      )}
+    </div>
+  );
+};
+
+export default ModalFooter;

frontend/components/ModalFooter/_styles.scss

@@ -0,0 +1,27 @@
+.modal-footer {
+  &__content-wrapper {
+    align-self: flex-end;
+    display: flex;
+    flex-direction: row-reverse;
+    padding-top: $pad-medium;
+    justify-content: space-between;
+  }
+
+  // Styles both primary-actions and secondary-actions
+  &__primary-buttons-wrapper,
+  &__secondary-buttons_wrapper {
+    display: flex;
+    justify-content: space-between;
+    gap: $pad-medium;
+    align-items: center;
+  }
+
+  // Align primary actions right if no secondary actions
+  > :last-child {
+    margin-left: auto;
+  }
+
+  .button__text-icon {
+    padding: 11px;
+  }
+}

frontend/components/ModalFooter/index.ts

@@ -0,0 +1 @@
+export { default } from "./ModalFooter";

frontend/components/TeamsDropdown/TeamsDropdown.tsx

@@ -18,7 +18,7 @@ import {
 
 import Icon from "components/Icon";
 
-interface INumberDropdownOption extends Omit<IDropdownOption, "value"> {
+export interface INumberDropdownOption extends Omit<IDropdownOption, "value"> {
   value: number; // Redefine the value property to be just number
 }
 

frontend/components/forms/fields/Dropdown/DropdownOptionTooltipWrapper/_styles.scss

@@ -1,7 +1,8 @@
 // Used with old react-select dropdown and
-// New react-select-5 ActionsDropdown.tsx
+// New react-select-5: ActionsDropdown.tsx, DropdownWrapper.tsx
 .Select > .Select-menu-outer,
-.actions-dropdown {
+.actions-dropdown,
+.react-select__option {
   .is-disabled * {
     color: $ui-fleet-black-50;
   }