Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add team_identifier to macOS software #23766

Merged
merged 12 commits into from
Nov 15, 2024
Merged

Add team_identifier to macOS software #23766

merged 12 commits into from
Nov 15, 2024

Conversation

lucasmrod
Copy link
Member

@lucasmrod lucasmrod commented Nov 13, 2024
edited by lukeheath
Loading

Changes to add team_identifier signing information to macOS applications on the /api/latest/fleet/hosts/:id/software API endpoint.

Docs: #23743

for #23858

  • Changes file added for user-visible changes in changes/, orbit/changes/ or ee/fleetd-chrome/changes.
    See Changes files for more information.
  • Input data is properly validated, SELECT * is avoided, SQL injection is prevented (using placeholders for values in statements)
  • Added/updated tests
  • If paths of existing endpoints are modified without backwards compatibility, checked the frontend/CLI for any necessary changes
  • If database migrations are included, checked table schema to confirm autoupdate
  • For database migrations:
    • Checked schema for all modified table for columns that will auto-update timestamps during migration.
    • Confirmed that updating the timestamps is acceptable, and will not cause unwanted side effects.
    • [ X Ensured the correct collation is explicitly set for character columns (COLLATE utf8mb4_unicode_ci).
  • Manual QA for all new/changed functionality
  • For Orbit and Fleet Desktop changes:
    • Orbit runs on macOS, Linux and Windows. Check if the orbit feature/bugfix should only apply to one platform (runtime.GOOS).
    • Manual QA must be performed in the three main OSs, macOS, Windows and Linux.
    • Auto-update manual QA, from released version of component to new version (see tools/tuf/test).

rachaelshaw
rachaelshaw previously approved these changes Nov 13, 2024
View reviewed changes
eashaw
eashaw previously approved these changes Nov 13, 2024
View reviewed changes
@codecov Codecov
Copy link

codecov bot commented Nov 15, 2024
edited
Loading

Codecov Report

Attention: Patch coverage is 72.63158% with 26 lines in your changes missing coverage. Please review.

Project coverage is 63.17%. Comparing base (4f03956) to head (022892d).
Report is 5 commits behind head on main.

Files with missing lines Patch % Lines
server/service/osquery_utils/queries.go 30.76% 17 Missing and 1 partial ⚠️
...9_AddTeamIdentifierToHostSoftwareInstalledPaths.go 54.54% 4 Missing and 1 partial ⚠️
server/service/osquery.go 50.00% 1 Missing and 2 partials ⚠️
Additional details and impacted files 
@@            Coverage Diff             @@
##             main   #23766      +/-   ##
==========================================
+ Coverage   63.15%   63.17%   +0.01%     
==========================================
  Files        1559     1560       +1     
  Lines      148227   148295      +68     
  Branches     3722     3722              
==========================================
+ Hits        93618    93683      +65     
- Misses      47207    47211       +4     
+ Partials     7402     7401       -1
Flag Coverage Δ
backend 64.01% <72.63%> (+0.01%) ⬆️

Flags with carried forward coverage won't be shown. Click here to find out more.

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

@lucasmrod lucasmrod assigned iansltx and unassigned mostlikelee Nov 15, 2024
iansltx
iansltx reviewed Nov 15, 2024
View reviewed changes
Copy link
Member

@iansltx iansltx left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Some of this could be cleaner, but you've marked those items as TODO and given time constraints that's fair enough. Had a few questions/minor tweaks, but this makes sense to me.

docs/Contributing/Understanding-host-vitals.md Show resolved Hide resolved
orbit/pkg/table/codesign/codesign_darwin.go Outdated Show resolved Hide resolved
schema/osquery_fleet_schema.json Outdated Show resolved Hide resolved
schema/tables/codesign.yml Outdated Show resolved Hide resolved
server/datastore/mysql/software.go Show resolved Hide resolved
server/datastore/mysql/software.go Show resolved Hide resolved
server/datastore/mysql/software_test.go Outdated Show resolved Hide resolved
server/fleet/datastore.go Outdated Show resolved Hide resolved
server/service/integration_core_test.go Show resolved Hide resolved
server/service/integration_core_test.go Outdated Show resolved Hide resolved
iansltx
iansltx approved these changes Nov 15, 2024
View reviewed changes
Copy link
Member

@iansltx iansltx left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM;; thanks for addressing the feedback/questions!

@lucasmrod lucasmrod merged commit 4b4fc97 into main Nov 15, 2024
37 checks passed
@lucasmrod lucasmrod deleted the 8750-team_identifier branch November 15, 2024 17:17
@lucasmrod lucasmrod mentioned this pull request Nov 15, 2024
Merged
lucasmrod added a commit that referenced this pull request Nov 15, 2024
@lucasmrod
Adding support for codesign table on osquery-perf (#23855)
351fb36 
I missed to add support for load testing in:
#23766.
@lukeheath lukeheath modified the milestone: 4.59.1 Nov 15, 2024
lukeheath pushed a commit that referenced this pull request Nov 15, 2024
@lucasmrod @mostlikelee
@iansltx @lukeheath
Add team_identifier to macOS software (#23766)
f2fb3e1 
Changes to add `team_identifier` signing information to macOS
applications on the `/api/latest/fleet/hosts/:id/software` API endpoint.

Docs: #23743

- [X] Changes file added for user-visible changes in `changes/`,
`orbit/changes/` or `ee/fleetd-chrome/changes`.
See [Changes
files](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/Committing-Changes.md#changes-files)
for more information.
- [X] Input data is properly validated, `SELECT *` is avoided, SQL
injection is prevented (using placeholders for values in statements)
- [X] Added/updated tests
- [X] If paths of existing endpoints are modified without backwards
compatibility, checked the frontend/CLI for any necessary changes
- [X] If database migrations are included, checked table schema to
confirm autoupdate
- For database migrations:
- [X] Checked schema for all modified table for columns that will
auto-update timestamps during migration.
- [X] Confirmed that updating the timestamps is acceptable, and will not
cause unwanted side effects.
- [ X Ensured the correct collation is explicitly set for character
columns (`COLLATE utf8mb4_unicode_ci`).
- [X] Manual QA for all new/changed functionality
- For Orbit and Fleet Desktop changes:
- [X] Orbit runs on macOS, Linux and Windows. Check if the orbit
feature/bugfix should only apply to one platform (`runtime.GOOS`).
- [X] Manual QA must be performed in the three main OSs, macOS, Windows
and Linux.
- [X] Auto-update manual QA, from released version of component to new
version (see [tools/tuf/test](../tools/tuf/test/README.md)).

---------

Co-authored-by: Tim Lee <[email protected]>
Co-authored-by: Ian Littman <[email protected]>
lucasmrod added a commit that referenced this pull request Nov 15, 2024
@lucasmrod @mostlikelee @iansltx
Add team_identifier to macOS software (#23766)
07a16c5 
Changes to add `team_identifier` signing information to macOS
applications on the `/api/latest/fleet/hosts/:id/software` API endpoint.

Docs: #23743

- [X] Changes file added for user-visible changes in `changes/`,
`orbit/changes/` or `ee/fleetd-chrome/changes`.
See [Changes
files](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/Committing-Changes.md#changes-files)
for more information.
- [X] Input data is properly validated, `SELECT *` is avoided, SQL
injection is prevented (using placeholders for values in statements)
- [X] Added/updated tests
- [X] If paths of existing endpoints are modified without backwards
compatibility, checked the frontend/CLI for any necessary changes
- [X] If database migrations are included, checked table schema to
confirm autoupdate
- For database migrations:
- [X] Checked schema for all modified table for columns that will
auto-update timestamps during migration.
- [X] Confirmed that updating the timestamps is acceptable, and will not
cause unwanted side effects.
- [ X Ensured the correct collation is explicitly set for character
columns (`COLLATE utf8mb4_unicode_ci`).
- [X] Manual QA for all new/changed functionality
- For Orbit and Fleet Desktop changes:
- [X] Orbit runs on macOS, Linux and Windows. Check if the orbit
feature/bugfix should only apply to one platform (`runtime.GOOS`).
- [X] Manual QA must be performed in the three main OSs, macOS, Windows
and Linux.
- [X] Auto-update manual QA, from released version of component to new
version (see [tools/tuf/test](../tools/tuf/test/README.md)).

---------

Co-authored-by: Tim Lee <[email protected]>
Co-authored-by: Ian Littman <[email protected]>
lucasmrod added a commit that referenced this pull request Nov 15, 2024
@lucasmrod
Adding support for codesign table on osquery-perf (#23855)
9a2b6d5 
I missed to add support for load testing in:
#23766.
lukeheath pushed a commit that referenced this pull request Nov 15, 2024
@lucasmrod @lukeheath
Adding support for codesign table on osquery-perf (#23855)
f8206db 
I missed to add support for load testing in:
#23766.
lucasmrod added a commit that referenced this pull request Nov 15, 2024
@lucasmrod @mostlikelee @iansltx
Add team_identifier to macOS software (#23766)
19a45ab 
Changes to add `team_identifier` signing information to macOS
applications on the `/api/latest/fleet/hosts/:id/software` API endpoint.

Docs: #23743

- [X] Changes file added for user-visible changes in `changes/`,
`orbit/changes/` or `ee/fleetd-chrome/changes`.
See [Changes
files](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/Committing-Changes.md#changes-files)
for more information.
- [X] Input data is properly validated, `SELECT *` is avoided, SQL
injection is prevented (using placeholders for values in statements)
- [X] Added/updated tests
- [X] If paths of existing endpoints are modified without backwards
compatibility, checked the frontend/CLI for any necessary changes
- [X] If database migrations are included, checked table schema to
confirm autoupdate
- For database migrations:
- [X] Checked schema for all modified table for columns that will
auto-update timestamps during migration.
- [X] Confirmed that updating the timestamps is acceptable, and will not
cause unwanted side effects.
- [ X Ensured the correct collation is explicitly set for character
columns (`COLLATE utf8mb4_unicode_ci`).
- [X] Manual QA for all new/changed functionality
- For Orbit and Fleet Desktop changes:
- [X] Orbit runs on macOS, Linux and Windows. Check if the orbit
feature/bugfix should only apply to one platform (`runtime.GOOS`).
- [X] Manual QA must be performed in the three main OSs, macOS, Windows
and Linux.
- [X] Auto-update manual QA, from released version of component to new
version (see [tools/tuf/test](../tools/tuf/test/README.md)).

---------

Co-authored-by: Tim Lee <[email protected]>
Co-authored-by: Ian Littman <[email protected]>
@lucasmrod lucasmrod mentioned this pull request Nov 15, 2024
Merged
lucasmrod added a commit that referenced this pull request Nov 15, 2024
@lucasmrod
Adding support for codesign table on osquery-perf (#23855)
108edab 
I missed to add support for load testing in:
#23766.
iansltx added a commit that referenced this pull request Nov 15, 2024
@lucasmrod @mostlikelee @iansltx
Cherry pick PR #23766 into RC v4.60.0 (#23865)
468a5b8 
Cherry pick PR #23766 into RC v4.60.0

Co-authored-by: Tim Lee <[email protected]>
Co-authored-by: Ian Littman <[email protected]>
iansltx added a commit that referenced this pull request Nov 16, 2024
@lucasmrod @mostlikelee @iansltx
Add team_identifier to macOS software (#23766)
aab1f12 
Changes to add `team_identifier` signing information to macOS
applications on the `/api/latest/fleet/hosts/:id/software` API endpoint.

Docs: #23743

- [X] Changes file added for user-visible changes in `changes/`,
`orbit/changes/` or `ee/fleetd-chrome/changes`.
See [Changes
files](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/Committing-Changes.md#changes-files)
for more information.
- [X] Input data is properly validated, `SELECT *` is avoided, SQL
injection is prevented (using placeholders for values in statements)
- [X] Added/updated tests
- [X] If paths of existing endpoints are modified without backwards
compatibility, checked the frontend/CLI for any necessary changes
- [X] If database migrations are included, checked table schema to
confirm autoupdate
- For database migrations:
- [X] Checked schema for all modified table for columns that will
auto-update timestamps during migration.
- [X] Confirmed that updating the timestamps is acceptable, and will not
cause unwanted side effects.
- [ X Ensured the correct collation is explicitly set for character
columns (`COLLATE utf8mb4_unicode_ci`).
- [X] Manual QA for all new/changed functionality
- For Orbit and Fleet Desktop changes:
- [X] Orbit runs on macOS, Linux and Windows. Check if the orbit
feature/bugfix should only apply to one platform (`runtime.GOOS`).
- [X] Manual QA must be performed in the three main OSs, macOS, Windows
and Linux.
- [X] Auto-update manual QA, from released version of component to new
version (see [tools/tuf/test](../tools/tuf/test/README.md)).

---------

Co-authored-by: Tim Lee <[email protected]>
Co-authored-by: Ian Littman <[email protected]>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@mostlikelee mostlikelee mostlikelee left review comments

@eashaw eashaw eashaw approved these changes

@rachaelshaw rachaelshaw rachaelshaw approved these changes

@iansltx iansltx iansltx approved these changes

Assignees

@iansltx iansltx

Labels
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
6 participants
@lucasmrod @iansltx @rachaelshaw @eashaw @mostlikelee @lukeheath