Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add parameter to exclude Fleet Maintained apps in List software API response. #25427

Open
1 task
eashaw opened this issue Jan 14, 2025 · 13 comments
Open
1 task

Add parameter to exclude Fleet Maintained apps in List software API response. #25427

eashaw opened this issue Jan 14, 2025 · 13 comments
Assignees
@sgress454
Labels
~api-or-yaml-design Used for pull requests (PRs) with proposed API and YAML changes ~backend Backend-related issue. bug Something isn't working as documented #g-orchestration Orchestration product group ~needs test plan :release Ready to write code. Scheduled in a release. See "Making changes" in handbook. ~released bug This bug was found in a stable release. ~sub-task A technical sub-task that is part of a story. (Not QA'd. Not estimated.)

Comments

@eashaw
Copy link
Contributor

eashaw commented Jan 14, 2025
edited
Loading

Related user story

#24918

API changes: #25438

context:
Fleet Maintained apps are currently included in the response from the List software API endpoint, which the MSP dashboard relies on to gather software on the Fleet instance to display a list on the /software page.
The MSP dashboard cannot be used to transfer Fleet maintained apps to other teams, because it uses the add package API endpoint to transfer software to new teams (which does not support all of the filetypes that the installers for Fleet maintained apps can be in).

Note: As far as I know, the customer that uses the MSP dashboard does not use Fleet maintained apps, and this issue only affects the MSP dashboard that is currently connected to dogfood.

Task:

  • Add support for a new parameter (exclude_fleet_maintained_apps) to the list software endpoint to allow users to exclude Fleet maintained apps from the list software response.

Condition of satisfaction

Fleet maintained apps do not appear in the list software response when the exclude_fleet_maintained_apps parameter is set to true.
@eashaw eashaw added #g-orchestration Orchestration product group :release Ready to write code. Scheduled in a release. See "Making changes" in handbook. ~backend Backend-related issue. ~api-or-yaml-design Used for pull requests (PRs) with proposed API and YAML changes ~sub-task A technical sub-task that is part of a story. (Not QA'd. Not estimated.) and removed :release Ready to write code. Scheduled in a release. See "Making changes" in handbook. labels Jan 14, 2025
@eashaw eashaw mentioned this issue Jan 14, 2025
Merged
@sharon-fdm sharon-fdm added :release Ready to write code. Scheduled in a release. See "Making changes" in handbook. bug Something isn't working as documented labels Jan 15, 2025
@sharon-fdm
Copy link
Collaborator

This sub task is part of a bug and should be taken.

rachaelshaw pushed a commit that referenced this issue Jan 15, 2025
@eashaw
REST API Docs: Add exclude_fleet_maintained_apps parameter to list so…
18219d0 
…ftware endpoint (#25438)

API Changes for #25427
@sharon-fdm
Copy link
Collaborator

Hey team! Please add your planning poker estimate with Zenhub @dantecatalfamo @jacobshandling @lucasmrod @sgress454

@lukeheath lukeheath added the ~released bug This bug was found in a stable release. label Jan 17, 2025
@sgress454 sgress454 mentioned this issue Jan 21, 2025
Merged
2 tasks
@sgress454 sgress454 added this to the 4.64.0-tentative milestone Jan 21, 2025
@sgress454 sgress454 mentioned this issue Jan 23, 2025
Merged
sgress454 added a commit that referenced this issue Jan 30, 2025
@sgress454
Add "ExcludeFleetMaintainedApps" option to software titles query (#25649
8419b8e 
)

for #25427 

# Checklist for submitter

<!-- Note that API documentation changes are now addressed by the
product design team. -->

- [X] Changes file added for user-visible changes in `changes/`,
`orbit/changes/` or `ee/fleetd-chrome/changes`.
See [Changes
files](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/Committing-Changes.md#changes-files)
for more information.
- [X] Input data is properly validated, `SELECT *` is avoided, SQL
injection is prevented (using placeholders for values in statements)

This PR adds a new `ExcludeFleetMaintainedApps` option to the
ListSoftwareTitles datastore method, and the equivalent
`exclude_fleet_maintained_apps` to the `GET
/api/v1/fleet/software/titles` API.

The new functionality works by doing a left join from the
`software_titles` table to the `fleet_library_apps` table by bundle
identifier, and excluding any rows that are present in the
`fleet_library_apps` table.

New tests verify that the filtering works as expected and doesn't
interfere with other functions of the method.
sgress454 added a commit that referenced this issue Jan 30, 2025
@sgress454
Use new exclude_fleet_maintained_apps flag (#25674)
379156e 
for #25427 

This PR updates the calls to the "list software titles" API to include
the `exclude_fleet_maintained_apps=true` flag.

I tested this with #25649
successfully.
@jacobshandling jacobshandling self-assigned this Feb 4, 2025
@jacobshandling
Copy link
Contributor

Looks like 1Password is missing a bundle_identifier, causing it not to be excluded when calling this endpoint with the new exclude_fleet_maintained_apps param

@sgress454
Copy link
Contributor

I'm looking into whether this is a real-world problem or something only experienced with virtual hosts.

@sgress454
Copy link
Contributor

@jacobshandling I'm unable to reproduce this on an install with only real hosts (not virtual hosts). I checked the dogfood db and I do see a handful of empty bundle identifiers in there (29 out of ~2900 macos/ios apps), but none on installable software, so I don't think this is a real-world problem.

I did however uncover another issue, where if the customer uploads a package manually with the same bundle ID as a fleet maintained app, it'll still be suppressed in the list when exclude_fleet_maintained_apps is on. What I'm realizing is that we really only need this flag to work when available_for_install is true, and if that's the case, then we can instead filter out items that have a non-NULL fleet_library_id field in the software_installers table.

@eashaw would you agree that this param is only needed in conjunction with available_for_install=true?

@jacobshandling
Copy link
Contributor

so I don't think this is a real-world problem

Cool, thanks for confirming! When re-checking this when ready, I'll use a fresh DB with only real hosts.

@sgress454
Copy link
Contributor

@jacobshandling After poking at this some more I don't think it's as simple as I was making it out to be re: "just use it for installers". I'd go ahead and re-check this as is with real hosts. I think it's as good as it's going to get for the time being. It sounds like the fleet-maintained app system might be getting some love soon anyway.

@jacobshandling
Copy link
Contributor

cc @jahzielv, may be good to keep this in mind when doing FMA updates

@jacobshandling
Copy link
Contributor

@sgress454 it seems like Fleet may be having some issues disambiguating software installed on a host by an end user if that same software can also be "Fleet maintained." For example, if my VM has Mozilla VPN installed and I add the same installer used to install it there to Fleet's "available for install" software, the exclude param leads to its exclusion, even though it was installed by the user and not by Fleet.

I think a detailed test plan would be helpful for ascertaining exactly which software should or should not be excluded would be helpful here. Will also follow up with a couple more considerations in Slack.

@jacobshandling
Copy link
Contributor

Some details of what I'm seeing: https://drive.google.com/file/d/1AuKgS4DtBAzqcGeiL5q_yAQmT5DNq9om/view?usp=sharing

@sgress454
Copy link
Contributor

Sounds like the issue we were discussing earlier re: matching by bundle ID. I have a branch where it switches to using the fleet_library_id for installers, but the dashboard currently lists both installable and installed software. We need to get clarity on what we want to show on this screen with regard to fleet maintained apps.

@sharon-fdm sharon-fdm removed this from the 4.64.0 milestone Feb 13, 2025
@sharon-fdm
Copy link
Collaborator

sharon-fdm commented Feb 13, 2025
edited
Loading

MSP board will not be used. Thus, this is unnecessary.
@sgress454 , let's revert this work.

@jacobshandling jacobshandling removed their assignment Feb 13, 2025
@sgress454 sgress454 mentioned this issue Feb 20, 2025
Merged
@sgress454
Copy link
Contributor

For QA: this was all reverted, so I don't think anything needs testing.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@sgress454 sgress454

Labels
~api-or-yaml-design Used for pull requests (PRs) with proposed API and YAML changes ~backend Backend-related issue. bug Something isn't working as documented #g-orchestration Orchestration product group ~needs test plan :release Ready to write code. Scheduled in a release. See "Making changes" in handbook. ~released bug This bug was found in a stable release. ~sub-task A technical sub-task that is part of a story. (Not QA'd. Not estimated.)
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
5 participants
@sgress454 @lukeheath @eashaw @jacobshandling @sharon-fdm