Skip to content

#23899 API design (IdP department/group labels) #29992

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
rachaelshaw wants to merge 26 commits into from
Closed

#23899 API design (IdP department/group labels) #29992

rachaelshaw wants to merge 26 commits into from

Conversation

@rachaelshaw
Copy link
Member

@rachaelshaw rachaelshaw commented Jun 13, 2025

WIP for #23899

rachaelshaw
rachaelshaw commented Jun 13, 2025
View reviewed changes
docs/Configuration/yaml-files.md
Comment on lines 51 to 56
- name: Engineering department
description: "Hosts with end users in engineering"
type: Host vitals
criteria:
vital: end_user_idp_department
value: Engineering
Copy link
Member Author

@rachaelshaw rachaelshaw Jun 13, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Dev note

TODO

FUTURE

This is how more complex criteria could look in the future:

  name: Engineering department or IT admins who are named Ricky
  description: Hosts with end users in engineering or who are IT admins named Ricky
  type: Host vitals
  criteria:
    or:  
      - and:
        - vital: end_user_idp_groups
        - value: IT admins
        - vital: end_user_first_name
        - value: Ricky
      - vital: end_user_idp_department
        value: Engineering

@rachaelshaw rachaelshaw mentioned this pull request Jun 13, 2025
Closed
15 tasks
rachaelshaw
rachaelshaw commented Jun 13, 2025
View reviewed changes
rachaelshaw
rachaelshaw commented Jun 13, 2025
View reviewed changes
rachaelshaw
rachaelshaw commented Jun 13, 2025
View reviewed changes
docs/Configuration/yaml-files.md
Comment on lines +51 to +56
- name: Engineering department
description: "Hosts with end users in engineering"
type: host_vitals
criteria:
vital: end_user_idp_department
value: Engineering
Copy link
Member Author

@rachaelshaw rachaelshaw Jun 13, 2025
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Dev note

TODO

FUTURE

This is how more complex criteria could look in the future:

  name: Engineering department or IT admins who are named Ricky
  description: Hosts with end users in engineering or who are IT admins named Ricky
  type: Host vitals
  criteria:
    or:  
      - and:
        - vital: end_user_idp_groups
          value: IT admins
        - vital: end_user_first_name
          value: Ricky
      - vital: end_user_idp_department
        value: Engineering

getvictor and others added 11 commits June 13, 2025 12:27
@getvictor
Updating Android changelog. (#29995)
6a1c790 
Fixes #26519
@getvictor
Update 26519-android changelog (#29996)
9ba6e74
@Sampfluger88
Fix broken link for IDP documentation (#29998)
06a9b1f
@mwinters0
Fix malformed engineering handbook links (#29816)
af1c2e8
@lucasmrod
Update go to 1.24.4 and add some automation (#29954)
5646062 
Fixes CVE-2025-22874 reported by
https://github.com/fleetdm/fleet/actions/runs/15601368321/job/43941793647.

(IMO not a critical CVE, so it doesn't need to be cherry-picked into
v4.69.0.)

Added automation to make this easier next time.
@getvictor
Fix osquery_perf so it doesn't miss DeclarativeManagement commands. (#…
e360e7e 
…29975)

Fixes #29973

Tests are failing due to infra issues with https://proxy.golang.org

# Checklist for submitter
- [x] Manual QA for all new/changed functionality
@getvictor
Move Victor to orchestration. (#29918)
bfb259f
@eashaw
Website: bump node version (#30002)
09a3e98 
Closes: #30000 

Changes:
- Updated the version of node used by the website to `^20.18`
@mna
Regenerate host vitals doc for osquery query change (#29915)
4dfe953 
For #29323 , contributor docs changes only (follow-up to
#29555).
@dependabot
Bump brace-expansion from 1.1.11 to 1.1.12 (#29953)
1139e07
@iansltx @noahtalerman
Clean up "here" link anchors for docs, ee, and frontend dirs (#29742)
6f772a4 
More work to fix #29720.

---------

Co-authored-by: Noah Talerman <47070608+noahtalerman@users.noreply.github.com>
eashaw and others added 10 commits June 13, 2025 15:15
@eashaw
Website: Update returned value from create-historical-event helper. (#…
de8bac0 
…30003)

Changes:
- Updated the return value of the create-historical-event helper.
@getvictor
Updating Android contributor docs. (#29880)
8d4bf5b 
Fixes #26519
@allenhouchins
Add Fleet's Keynote them to self-service (#30008)
acf8274 
- Added a package that installs Fleet's Keynote theme and related fonts
to self-service
@eashaw
Website: reduce website slug size (#30010)
9d08753 
related to: #30005

Changes:
- Compressed and resized large gifs in the "Preventing Mistakes with
GitOps" article
- Removed unused website assets
@jmwatts
Clarify behavior when hash is provided in GitOps but no package match…
ea7bad3 
…ing that hash exists in Fleet (#29866)

Updated documentation to be more clear on behavior if hash is provided
for software package in YAML.
@getvictor
Documented Android fleetdm.com proxy endpoints. (#29901)
5a8f338 
Fixes #26519
@sgress454
Add VEX statements for libxml2 CVEs (#30011)
ed8506d 
This PR adds VEX statement files for three vulverabilities:

```
┌─────────┬────────────────┬──────────┬──────────┬─────────────────────────┬───────────────┬──────────────────────────────────────────────────────────────┐
│ Library │ Vulnerability  │ Severity │  Status  │    Installed Version    │ Fixed Version │                            Title                             │
├─────────┼────────────────┼──────────┼──────────┼─────────────────────────┼───────────────┼──────────────────────────────────────────────────────────────┤
│ libxml2 │ CVE-2025-49794 │ CRITICAL │ affected │ 2.9.14+dfsg-1.3~deb12u1 │               │ libxml: Heap use after free (UAF) leads to Denial of service │
│         │                │          │          │                         │               │ (DoS)...                                                     │
│         │                │          │          │                         │               │ https://avd.aquasec.com/nvd/cve-2025-49794                   │
│         ├────────────────┤          │          │                         ├───────────────┼──────────────────────────────────────────────────────────────┤
│         │ CVE-2025-49795 │          │          │                         │               │ libxml: Null pointer dereference leads to Denial of service  │
│         │                │          │          │                         │               │ (DoS)                                                        │
│         │                │          │          │                         │               │ https://avd.aquasec.com/nvd/cve-2025-49795                   │
│         ├────────────────┤          │          │                         ├───────────────┼──────────────────────────────────────────────────────────────┤
│         │ CVE-2025-49796 │          │          │                         │               │ libxml: Type confusion leads to Denial of service (DoS)      │
│         │                │          │          │                         │               │ https://avd.aquasec.com/nvd/cve-2025-49796                   │
└─────────┴────────────────┴──────────┴──────────┴─────────────────────────┴───────────────┴──────────────────────────────────────────────────────────────┘
```

the vulnerabilities in libxml2 do not affect fleetctl, since the attack
vector is DoS and fleetctl is not a server tool. Additionally the
libxml2 package isn't used by fleetctl directly, but by the tools it
uses for code signing, which don't parse untrusted XML.
@marko-lisica @rachaelshaw
Labels section included twice in YAML files docs (#29859)
af2bdf0 
Related to:

- #29789

---------

Co-authored-by: Rachael Shaw <r@rachael.wtf>
@rachaelshaw
Docs: Add spacing in labels note (#30014)
0f3c9fd
@rachaelshaw
Merge branch 'main' into 23899-api-design
55b21fb
@codecov
Copy link

codecov bot commented Jun 13, 2025
edited
Loading

Codecov Report

Attention: Patch coverage is 38.46154% with 24 lines in your changes missing coverage. Please review.

Project coverage is 64.10%. Comparing base (f238292) to head (55b21fb).
Report is 28 commits behind head on docs-v4.71.0.

Files with missing lines Patch % Lines
cmd/osquery-perf/agent.go 0.00% 24 Missing ⚠️
Additional details and impacted files 
@@               Coverage Diff                @@
##           docs-v4.71.0   #29992      +/-   ##
================================================
+ Coverage         60.45%   64.10%   +3.65%     
================================================
  Files              1865     1865              
  Lines            182331   182345      +14     
  Branches           5255     5332      +77     
================================================
+ Hits             110232   116897    +6665     
+ Misses            63496    56246    -7250     
- Partials           8603     9202     +599
Flag Coverage Δ
backend 65.04% <38.46%> (+4.02%) ⬆️
frontend 53.89% <ø> (-0.04%) ⬇️

Flags with carried forward coverage won't be shown. Click here to find out more.

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:
  • ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
  • 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.

@rachaelshaw
Copy link
Member Author

rachaelshaw commented Jun 13, 2025

Merged in main, now the diff is unwieldy. Making a new PR 🤦‍♀️

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@fleet-release fleet-release fleet-release approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.