GitOps remove teams #18640
GitOps remove teams #18640
Conversation
| windowsEnabledAndConfigured := appCfg.MDM.WindowsEnabledAndConfigured | ||
| if opts.DryRunAssumptions != nil && opts.DryRunAssumptions.WindowsEnabledAndConfigured.Valid { | ||
| windowsEnabledAndConfigured = opts.DryRunAssumptions.WindowsEnabledAndConfigured.Value | ||
| } |
There was a problem hiding this comment.
Sometimes, running dry run on team must assume that some setting(s) will be set by the global config. But they haven't actually been set yet, since we are doing a dry run.
I've created a new pattern to pass in such assumptions in the DryRunAssumptions struct.
| @@ -1437,7 +1437,7 @@ type batchSetMDMProfilesRequest struct { | |||
| TeamID *uint `json:"-" query:"team_id,optional"` | |||
| TeamName *string `json:"-" query:"team_name,optional"` | |||
| DryRun bool `json:"-" query:"dry_run,optional"` // if true, apply validation but do not save changes | |||
| AssumeEnabled bool `json:"-" query:"assume_enabled,optional"` // if true, assume MDM is enabled | |||
| AssumeEnabled *bool `json:"-" query:"assume_enabled,optional"` // if true, assume MDM is enabled | |||
There was a problem hiding this comment.
Updated the setting so now we can assume disabled if AssumeEnabled != nil
There was a problem hiding this comment.
I might be reading this wrong, but isn't false a sensible default if no value exists?
There was a problem hiding this comment.
The default value is appCfg.MDM.WindowsEnabledAndConfigured
With this change, if the global config disables Windows MDM, and a team tries to upload a profile, we will fail during dry run.
There was a problem hiding this comment.
if the global config disables Windows MDM would the config be false or nil? Maybe I'm confused what AssumeEnabled == nil means.
| Destination: &flFilename, | ||
| Usage: "The file with the GitOps configuration", | ||
| Destination: &flFilenames, | ||
| Usage: "The file(s) with the GitOps configuration. If multiple files are provided, the first file must be the global configuration and the rest must be team configurations.", |
There was a problem hiding this comment.
do we document anywhere the differences between a team config and global config? if not, it might be helpful add a short description. not sure it's always clear to users that global == nullTeam
There was a problem hiding this comment.
Currently, we do not have documentation. GitOps is still considered in beta.
The plan is to document the GitOps config by replacing the current spec-based configs at https://fleetdm.com/docs/configuration/configuration-files
Product is responsible for updating those docs.
| @@ -1437,7 +1437,7 @@ type batchSetMDMProfilesRequest struct { | |||
| TeamID *uint `json:"-" query:"team_id,optional"` | |||
| TeamName *string `json:"-" query:"team_name,optional"` | |||
| DryRun bool `json:"-" query:"dry_run,optional"` // if true, apply validation but do not save changes | |||
| AssumeEnabled bool `json:"-" query:"assume_enabled,optional"` // if true, assume MDM is enabled | |||
| AssumeEnabled *bool `json:"-" query:"assume_enabled,optional"` // if true, assume MDM is enabled | |||
There was a problem hiding this comment.
I might be reading this wrong, but isn't false a sensible default if no value exists?
| } | ||
| if appleBMDefaultTeam != "" && !appleBMDefaultTeamFound { |
There was a problem hiding this comment.
nit: is it possible to move the team business logic out of the cli function to keep it shorter?
There was a problem hiding this comment.
So move the AppleBM functions I created to spec package, or something more?
There was a problem hiding this comment.
Team deletes below as well. Seems like most of the current logic is under DoGitOps()
|
@mostlikelee, I responded to your comments. No additional commits at this point. |
| } | ||
| if appleBMDefaultTeam != "" && !appleBMDefaultTeamFound { |
There was a problem hiding this comment.
Team deletes below as well. Seems like most of the current logic is under DoGitOps()
#16677
Improvements to
fleetctl gitopscommand:fleetctl gitops -f file1 -f file2, where the first file must be the global configuration--delete-other-teamsorg_settings.mdm.apple_bm_default_teamvalue can be set to match the team that will be created by the provided team config.After these changes are released to prod, we can update https://github.com/fleetdm/fleet-gitops to use the new switches: #18692
Checklist for submitter
If some of the following don't apply, delete the relevant line.
changes/,orbit/changes/oree/fleetd-chrome/changes.See Changes files for more information.