Update policies via GitOps (#18537)

fleetdm · Apr 25, 2024 · 3a538e9 · 3a538e9
1 parent b82d5f4
commit 3a538e9
Show file tree

Hide file tree

Showing 3 changed files with 22 additions and 9 deletions.
diff --git a/it-and-security/lib/macos-device-health.policies.yml b/it-and-security/lib/macos-device-health.policies.yml
@@ -64,12 +64,3 @@
   description: Looks for PDF files with file names typically used by 1Password for emergency recovery kits. To protect the performance of your devices, the search is one level deep and limited to the Desktop, Documents, Downloads, and Shared folders.
   resolution: Delete 1Password emergency kits from your computer, and empty the trash. 1Password emergency kits should only be printed and stored in a physically secure location.
   platform: darwin
-- name: macOS - Check if latest version
-  query: |
-    SELECT 1 FROM os_version 
-      WHERE (major > 14 OR (major = 14 AND minor > 4) OR (major = 14 AND minor = 4 AND patch >= 1)) --Sonoma
-  critical: false
-  description: This policy check if macOS version is most recent version available.
-  resolution: From the Apple menu, select System Settings. Navigate to General > Software Update.
-  platform: darwin
-  calendar_events_enabled: true
diff --git a/it-and-security/teams/workstations-canary.yml b/it-and-security/teams/workstations-canary.yml
@@ -109,6 +109,15 @@ policies:
   - path: ../lib/macos-device-health.policies.yml
   - path: ../lib/windows-device-health.policies.yml
   - path: ../lib/linux-device-health.policies.yml
+  - name: macOS - Check if latest version
+    query: |
+      SELECT 1 FROM os_version
+        WHERE (major > 14 OR (major = 14 AND minor > 4) OR (major = 14 AND minor = 4 AND patch >= 2)) --Sonoma
+    critical: false
+    description: This policy check if macOS version is most recent version available.
+    resolution: From the Apple menu, select System Settings. Navigate to General > Software Update.
+    platform: darwin
+    calendar_events_enabled: true
 queries:
   - path: ../lib/collect-failed-login-attempts.queries.yml
   - path: ../lib/collect-fleetd-information.yml

diff --git a/it-and-security/teams/workstations.yml b/it-and-security/teams/workstations.yml
@@ -8,6 +8,10 @@ team_settings:
     host_expiry_window: 0
   secrets:
     - secret: $DOGFOOD_WORKSTATIONS_ENROLL_SECRET
+  integrations:
+    google_calendar:
+      enable_calendar_events: true
+      webhook_url: $DOGFOOD_WORKSTATIONS_CANARY_CALENDAR_WEBHOOK_URL
 agent_options:
   path: ../lib/agent-options.yml
 controls:
@@ -57,6 +61,15 @@ policies:
   - path: ../lib/macos-device-health.policies.yml
   - path: ../lib/windows-device-health.policies.yml
   - path: ../lib/linux-device-health.policies.yml
+  - name: macOS - Check if latest version
+    query: |
+      SELECT 1 FROM os_version
+        WHERE (major > 14 OR (major = 14 AND minor > 4) OR (major = 14 AND minor = 4 AND patch >= 1)) --Sonoma
+    critical: false
+    description: This policy check if macOS version is most recent version available.
+    resolution: From the Apple menu, select System Settings. Navigate to General > Software Update.
+    platform: darwin
+    calendar_events_enabled: true
 queries:
   - path: ../lib/collect-failed-login-attempts.queries.yml
   - path: ../lib/collect-usb-devices.queries.yml