Adding changes for Fleet v4.54.1

CHANGELOG.md

@@ -1,3 +1,13 @@
+## Fleet 4.54.1 (Jul 24, 2024)
+
+### Bug fixes
+* Fixed a startup bug by performing an early restart of orbit if an agent options setting has changed.
+* Implemented a small refactor of orbit subsystems.
+* Removed the `--version` flag from the `fleetctl package` command. The version of the package can now be controlled by the `--orbit-channel` flag.
+* Fixed a bug that set `last_enrolled_at` during orbit re-enrollment, which caused osquery enroll failures when `FLEET_OSQUERY_ENROLL_COOLDOWN` is set .
+* In `fleetctl package` command, removed the `--version` flag. The version of the package can be controlled by `--orbit-channel` flag.
+* Fixed a bug where Fleet google calendar events generated by Fleet <= 4.53.0 were not correctly processed by 4.54.0.
+* Re-enabled cached logins after windows Unlock.
 ## Fleet 4.54.0 (Jul 17, 2024)
 
 ### Endpoint Operations

charts/fleet/Chart.yaml

@@ -8,7 +8,7 @@ version: v6.2.0
 home: https://github.com/fleetdm/fleet
 sources:
  - https://github.com/fleetdm/fleet.git
-appVersion: v4.54.0
+appVersion: v4.54.1
 dependencies:
  - name: mysql
  condition: mysql.enabled

charts/fleet/values.yaml

@@ -3,7 +3,7 @@
 hostName: fleet.localhost
 replicas: 3 # The number of Fleet instances to deploy
 imageRepository: fleetdm/fleet
-imageTag: v4.54.0 # Version of Fleet to deploy
+imageTag: v4.54.1 # Version of Fleet to deploy
 podAnnotations: {} # Additional annotations to add to the Fleet pod
 serviceAccountAnnotations: {} # Additional annotations to add to the Fleet service account
 resources:

infrastructure/dogfood/terraform/aws/variables.tf

@@ -56,7 +56,7 @@ variable "database_name" {
 
 variable "fleet_image" {
  description = "the name of the container image to run"
- default = "fleetdm/fleet:v4.54.0"
+ default = "fleetdm/fleet:v4.54.1"
 }
 
 variable "software_inventory" {

infrastructure/dogfood/terraform/gcp/variables.tf

@@ -68,5 +68,5 @@ variable "redis_mem" {
 }
 
 variable "image" {
- default = "fleet:v4.54.0"
+ default = "fleet:v4.54.1"
 }

terraform/addons/vuln-processing/variables.tf

@@ -24,7 +24,7 @@ variable "fleet_config" {
  vuln_processing_cpu = optional(number, 2048)
  vuln_data_stream_mem = optional(number, 1024)
  vuln_data_stream_cpu = optional(number, 512)
- image = optional(string, "fleetdm/fleet:v4.54.0")
+ image = optional(string, "fleetdm/fleet:v4.54.1")
  family = optional(string, "fleet-vuln-processing")
  sidecars = optional(list(any), [])
  extra_environment_variables = optional(map(string), {})
@@ -82,7 +82,7 @@ variable "fleet_config" {
  vuln_processing_cpu = 2048
  vuln_data_stream_mem = 1024
  vuln_data_stream_cpu = 512
- image = "fleetdm/fleet:v4.54.0"
+ image = "fleetdm/fleet:v4.54.1"
  family = "fleet-vuln-processing"
  sidecars = []
  extra_environment_variables = {}

terraform/byo-vpc/byo-db/byo-ecs/README.md

@@ -52,7 +52,7 @@ No modules.
 | Name | Description | Type | Default | Required |
 |------|-------------|------|---------|:--------:|
 | <a name="input_ecs_cluster"></a> [ecs\_cluster](#input\_ecs\_cluster) | The name of the ECS cluster to use | `string` | n/a | yes |
-| <a name="input_fleet_config"></a> [fleet\_config](#input\_fleet\_config) | The configuration object for Fleet itself. Fields that default to null will have their respective resources created if not specified. | <pre>object({<br> task_mem = optional(number, null)<br> task_cpu = optional(number, null)<br> mem = optional(number, 4096)<br> cpu = optional(number, 512)<br> pid_mode = optional(string, null)<br> image = optional(string, "fleetdm/fleet:v4.54.0")<br> family = optional(string, "fleet")<br> sidecars = optional(list(any), [])<br> depends_on = optional(list(any), [])<br> mount_points = optional(list(any), [])<br> volumes = optional(list(any), [])<br> extra_environment_variables = optional(map(string), {})<br> extra_iam_policies = optional(list(string), [])<br> extra_execution_iam_policies = optional(list(string), [])<br> extra_secrets = optional(map(string), {})<br> security_groups = optional(list(string), null)<br> security_group_name = optional(string, "fleet")<br> iam_role_arn = optional(string, null)<br> repository_credentials = optional(string, "")<br> private_key_secret_name = optional(string, "fleet-server-private-key")<br> service = optional(object({<br> name = optional(string, "fleet")<br> }), {<br> name = "fleet"<br> })<br> database = object({<br> password_secret_arn = string<br> user = string<br> database = string<br> address = string<br> rr_address = optional(string, null)<br> })<br> redis = object({<br> address = string<br> use_tls = optional(bool, true)<br> })<br> awslogs = optional(object({<br> name = optional(string, null)<br> region = optional(string, null)<br> create = optional(bool, true)<br> prefix = optional(string, "fleet")<br> retention = optional(number, 5)<br> }), {<br> name = null<br> region = null<br> prefix = "fleet"<br> retention = 5<br> })<br> loadbalancer = object({<br> arn = string<br> })<br> extra_load_balancers = optional(list(any), [])<br> networking = object({<br> subnets = optional(list(string), null)<br> security_groups = optional(list(string), null)<br> ingress_sources = object({<br> cidr_blocks = optional(list(string), [])<br> ipv6_cidr_blocks = optional(list(string), [])<br> security_groups = optional(list(string), [])<br> prefix_list_ids = optional(list(string), [])<br> })<br> })<br> autoscaling = optional(object({<br> max_capacity = optional(number, 5)<br> min_capacity = optional(number, 1)<br> memory_tracking_target_value = optional(number, 80)<br> cpu_tracking_target_value = optional(number, 80)<br> }), {<br> max_capacity = 5<br> min_capacity = 1<br> memory_tracking_target_value = 80<br> cpu_tracking_target_value = 80<br> })<br> iam = optional(object({<br> role = optional(object({<br> name = optional(string, "fleet-role")<br> policy_name = optional(string, "fleet-iam-policy")<br> }), {<br> name = "fleet-role"<br> policy_name = "fleet-iam-policy"<br> })<br> execution = optional(object({<br> name = optional(string, "fleet-execution-role")<br> policy_name = optional(string, "fleet-execution-role")<br> }), {<br> name = "fleet-execution-role"<br> policy_name = "fleet-iam-policy-execution"<br> })<br> }), {<br> name = "fleetdm-execution-role"<br> })<br> software_installers = optional(object({<br> create_bucket = optional(bool, true)<br> bucket_name = optional(string, null)<br> bucket_prefix = optional(string, "fleet-software-installers-")<br> s3_object_prefix = optional(string, "")<br> }), {<br> create_bucket = true<br> bucket_name = null<br> bucket_prefix = "fleet-software-installers-"<br> s3_object_prefix = ""<br> })<br> })</pre> | <pre>{<br> "autoscaling": {<br> "cpu_tracking_target_value": 80,<br> "max_capacity": 5,<br> "memory_tracking_target_value": 80,<br> "min_capacity": 1<br> },<br> "awslogs": {<br> "create": true,<br> "name": null,<br> "prefix": "fleet",<br> "region": null,<br> "retention": 5<br> },<br> "cpu": 256,<br> "database": {<br> "address": null,<br> "database": null,<br> "password_secret_arn": null,<br> "rr_address": null,<br> "user": null<br> },<br> "depends_on": [],<br> "extra_environment_variables": {},<br> "extra_execution_iam_policies": [],<br> "extra_iam_policies": [],<br> "extra_load_balacners": [],<br> "extra_secrets": {},<br> "family": "fleet",<br> "iam": {<br> "execution": {<br> "name": "fleet-execution-role",<br> "policy_name": "fleet-iam-policy-execution"<br> },<br> "role": {<br> "name": "fleet-role",<br> "policy_name": "fleet-iam-policy"<br> }<br> },<br> "iam_role_arn": null,<br> "image": "fleetdm/fleet:v4.54.0",<br> "loadbalancer": {<br> "arn": null<br> },<br> "mem": 512,<br> "mount_points": [],<br> "networking": {<br> "ingress_sources": {<br> "cidr_blocks": [],<br> "ipv6_cidr_blocks": [],<br> "prefix_list_ids": [],<br> "security_groups": []<br> },<br> "security_groups": null,<br> "subnets": null<br> },<br> "pid_mode": null,<br> "private_key_secret_name": "fleet-server-private-key",<br> "redis": {<br> "address": null,<br> "use_tls": true<br> },<br> "repository_credentials": "",<br> "security_group_name": "fleet",<br> "security_groups": null,<br> "service": {<br> "name": "fleet"<br> },<br> "sidecars": [],<br> "software_installers": {<br> "bucket_name": null,<br> "bucket_prefix": "fleet-software-installers-",<br> "create_bucket": true,<br> "s3_object_prefix": ""<br> },<br> "task_cpu": null,<br> "task_mem": null,<br> "volumes": []<br>}</pre> | no |
+| <a name="input_fleet_config"></a> [fleet\_config](#input\_fleet\_config) | The configuration object for Fleet itself. Fields that default to null will have their respective resources created if not specified. | <pre>object({<br> task_mem = optional(number, null)<br> task_cpu = optional(number, null)<br> mem = optional(number, 4096)<br> cpu = optional(number, 512)<br> pid_mode = optional(string, null)<br> image = optional(string, "fleetdm/fleet:v4.54.1")<br> family = optional(string, "fleet")<br> sidecars = optional(list(any), [])<br> depends_on = optional(list(any), [])<br> mount_points = optional(list(any), [])<br> volumes = optional(list(any), [])<br> extra_environment_variables = optional(map(string), {})<br> extra_iam_policies = optional(list(string), [])<br> extra_execution_iam_policies = optional(list(string), [])<br> extra_secrets = optional(map(string), {})<br> security_groups = optional(list(string), null)<br> security_group_name = optional(string, "fleet")<br> iam_role_arn = optional(string, null)<br> repository_credentials = optional(string, "")<br> private_key_secret_name = optional(string, "fleet-server-private-key")<br> service = optional(object({<br> name = optional(string, "fleet")<br> }), {<br> name = "fleet"<br> })<br> database = object({<br> password_secret_arn = string<br> user = string<br> database = string<br> address = string<br> rr_address = optional(string, null)<br> })<br> redis = object({<br> address = string<br> use_tls = optional(bool, true)<br> })<br> awslogs = optional(object({<br> name = optional(string, null)<br> region = optional(string, null)<br> create = optional(bool, true)<br> prefix = optional(string, "fleet")<br> retention = optional(number, 5)<br> }), {<br> name = null<br> region = null<br> prefix = "fleet"<br> retention = 5<br> })<br> loadbalancer = object({<br> arn = string<br> })<br> extra_load_balancers = optional(list(any), [])<br> networking = object({<br> subnets = optional(list(string), null)<br> security_groups = optional(list(string), null)<br> ingress_sources = object({<br> cidr_blocks = optional(list(string), [])<br> ipv6_cidr_blocks = optional(list(string), [])<br> security_groups = optional(list(string), [])<br> prefix_list_ids = optional(list(string), [])<br> })<br> })<br> autoscaling = optional(object({<br> max_capacity = optional(number, 5)<br> min_capacity = optional(number, 1)<br> memory_tracking_target_value = optional(number, 80)<br> cpu_tracking_target_value = optional(number, 80)<br> }), {<br> max_capacity = 5<br> min_capacity = 1<br> memory_tracking_target_value = 80<br> cpu_tracking_target_value = 80<br> })<br> iam = optional(object({<br> role = optional(object({<br> name = optional(string, "fleet-role")<br> policy_name = optional(string, "fleet-iam-policy")<br> }), {<br> name = "fleet-role"<br> policy_name = "fleet-iam-policy"<br> })<br> execution = optional(object({<br> name = optional(string, "fleet-execution-role")<br> policy_name = optional(string, "fleet-execution-role")<br> }), {<br> name = "fleet-execution-role"<br> policy_name = "fleet-iam-policy-execution"<br> })<br> }), {<br> name = "fleetdm-execution-role"<br> })<br> software_installers = optional(object({<br> create_bucket = optional(bool, true)<br> bucket_name = optional(string, null)<br> bucket_prefix = optional(string, "fleet-software-installers-")<br> s3_object_prefix = optional(string, "")<br> }), {<br> create_bucket = true<br> bucket_name = null<br> bucket_prefix = "fleet-software-installers-"<br> s3_object_prefix = ""<br> })<br> })</pre> | <pre>{<br> "autoscaling": {<br> "cpu_tracking_target_value": 80,<br> "max_capacity": 5,<br> "memory_tracking_target_value": 80,<br> "min_capacity": 1<br> },<br> "awslogs": {<br> "create": true,<br> "name": null,<br> "prefix": "fleet",<br> "region": null,<br> "retention": 5<br> },<br> "cpu": 256,<br> "database": {<br> "address": null,<br> "database": null,<br> "password_secret_arn": null,<br> "rr_address": null,<br> "user": null<br> },<br> "depends_on": [],<br> "extra_environment_variables": {},<br> "extra_execution_iam_policies": [],<br> "extra_iam_policies": [],<br> "extra_load_balacners": [],<br> "extra_secrets": {},<br> "family": "fleet",<br> "iam": {<br> "execution": {<br> "name": "fleet-execution-role",<br> "policy_name": "fleet-iam-policy-execution"<br> },<br> "role": {<br> "name": "fleet-role",<br> "policy_name": "fleet-iam-policy"<br> }<br> },<br> "iam_role_arn": null,<br> "image": "fleetdm/fleet:v4.54.1",<br> "loadbalancer": {<br> "arn": null<br> },<br> "mem": 512,<br> "mount_points": [],<br> "networking": {<br> "ingress_sources": {<br> "cidr_blocks": [],<br> "ipv6_cidr_blocks": [],<br> "prefix_list_ids": [],<br> "security_groups": []<br> },<br> "security_groups": null,<br> "subnets": null<br> },<br> "pid_mode": null,<br> "private_key_secret_name": "fleet-server-private-key",<br> "redis": {<br> "address": null,<br> "use_tls": true<br> },<br> "repository_credentials": "",<br> "security_group_name": "fleet",<br> "security_groups": null,<br> "service": {<br> "name": "fleet"<br> },<br> "sidecars": [],<br> "software_installers": {<br> "bucket_name": null,<br> "bucket_prefix": "fleet-software-installers-",<br> "create_bucket": true,<br> "s3_object_prefix": ""<br> },<br> "task_cpu": null,<br> "task_mem": null,<br> "volumes": []<br>}</pre> | no |
 | <a name="input_migration_config"></a> [migration\_config](#input\_migration\_config) | The configuration object for Fleet's migration task. | <pre>object({<br> mem = number<br> cpu = number<br> })</pre> | <pre>{<br> "cpu": 1024,<br> "mem": 2048<br>}</pre> | no |
 | <a name="input_vpc_id"></a> [vpc\_id](#input\_vpc\_id) | n/a | `string` | `null` | no |
 

terraform/byo-vpc/byo-db/byo-ecs/variables.tf

@@ -16,7 +16,7 @@ variable "fleet_config" {
  mem = optional(number, 4096)
  cpu = optional(number, 512)
  pid_mode = optional(string, null)
- image = optional(string, "fleetdm/fleet:v4.54.0")
+ image = optional(string, "fleetdm/fleet:v4.54.1")
  family = optional(string, "fleet")
  sidecars = optional(list(any), [])
  depends_on = optional(list(any), [])
@@ -120,7 +120,7 @@ variable "fleet_config" {
  mem = 512
  cpu = 256
  pid_mode = null
- image = "fleetdm/fleet:v4.54.0"
+ image = "fleetdm/fleet:v4.54.1"
  family = "fleet"
  sidecars = []
  depends_on = []

terraform/byo-vpc/byo-db/variables.tf

@@ -77,7 +77,7 @@ variable "fleet_config" {
  mem = optional(number, 4096)
  cpu = optional(number, 512)
  pid_mode = optional(string, null)
- image = optional(string, "fleetdm/fleet:v4.54.0")
+ image = optional(string, "fleetdm/fleet:v4.54.1")
  family = optional(string, "fleet")
  sidecars = optional(list(any), [])
  depends_on = optional(list(any), [])
@@ -206,7 +206,7 @@ variable "fleet_config" {
  mem = 512
  cpu = 256
  pid_mode = null
- image = "fleetdm/fleet:v4.54.0"
+ image = "fleetdm/fleet:v4.54.1"
  family = "fleet"
  sidecars = []
  depends_on = []

terraform/byo-vpc/example/main.tf

@@ -17,7 +17,7 @@ provider "aws" {
 }
 
 locals {
- fleet_image = "fleetdm/fleet:v4.54.0"
+ fleet_image = "fleetdm/fleet:v4.54.1"
  domain_name = "example.com"
 }
 

terraform/byo-vpc/variables.tf

@@ -170,7 +170,7 @@ variable "fleet_config" {
  mem = optional(number, 4096)
  cpu = optional(number, 512)
  pid_mode = optional(string, null)
- image = optional(string, "fleetdm/fleet:v4.54.0")
+ image = optional(string, "fleetdm/fleet:v4.54.1")
  family = optional(string, "fleet")
  sidecars = optional(list(any), [])
  depends_on = optional(list(any), [])
@@ -299,7 +299,7 @@ variable "fleet_config" {
  mem = 512
  cpu = 256
  pid_mode = null
- image = "fleetdm/fleet:v4.54.0"
+ image = "fleetdm/fleet:v4.54.1"
  family = "fleet"
  sidecars = []
  depends_on = []

terraform/example/main.tf

@@ -63,8 +63,8 @@ module "fleet" {
 
  fleet_config = {
  # To avoid pull-rate limiting from dockerhub, consider using our quay.io mirror
- # for the Fleet image. e.g. "quay.io/fleetdm/fleet:v4.54.0"
- image = "fleetdm/fleet:v4.54.0" # override default to deploy the image you desire
+ # for the Fleet image. e.g. "quay.io/fleetdm/fleet:v4.54.1"
+ image = "fleetdm/fleet:v4.54.1" # override default to deploy the image you desire
  # See https://fleetdm.com/docs/deploy/reference-architectures#aws for appropriate scaling
  # memory and cpu.
  autoscaling = {