Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Bootstrap package and enrollment profile not overwritten by GitOps #25648

Open
allenhouchins opened this issue Jan 21, 2025 · 2 comments
Open

Bootstrap package and enrollment profile not overwritten by GitOps #25648

allenhouchins opened this issue Jan 21, 2025 · 2 comments
Assignees
@getvictor
Labels
bug Something isn't working as documented ~dogfood Issue resulted from Fleet's product dogfooding. #g-mdm MDM product group :incoming New issue in triage process. :release Ready to write code. Scheduled in a release. See "Making changes" in handbook. ~released bug This bug was found in a stable release.
Milestone
4.65.0

Comments

@allenhouchins
Copy link
Member

allenhouchins commented Jan 21, 2025
edited by getvictor
Loading

Fleet version: 4.62.1

Web browser and operating system: Any

💥  Actual behavior

In dogfood, an admin uploaded a bootstrap package to the Workstations (canary) team through the UI 29 days ago. This team does not have any value set for bootstrap_package in its yaml.

  macos_setup:
    bootstrap_package: ""
    enable_end_user_authentication: false
    macos_setup_assistant: null

https://github.com/fleetdm/fleet/blob/47f25c51a960949d158f8944e4d3ff9f4941409d/it-and-security/teams/workstations-canary.yml#L94C3-L97C32

🧑‍💻  Steps to reproduce

  1. Upload bootstrap package through UI
  2. Set yaml to not include a bootstrap_package
  3. Observe package is still available and applying to devices in Fleet

🕯️ More info (optional)

Expected behavior is yaml/GitOps is declaratively setting these options and should replace changes in the UI when "Apply latest configuration" workflow is run.

QA Testplan

Note: there is a related issue #26148

  1. Use gitops to add bootstrap package and enrollment profile to macOS setup experience.
  2. Clear those settings in gitops -- they should clear in the UI as well.
  3. Test on a team and no team.
@allenhouchins allenhouchins added #g-mdm MDM product group :incoming New issue in triage process. :release Ready to write code. Scheduled in a release. See "Making changes" in handbook. bug Something isn't working as documented ~released bug This bug was found in a stable release. labels Jan 21, 2025
@georgekarrv georgekarrv added this to the 4.64.0-tentative milestone Jan 23, 2025
@getvictor getvictor added the ~dogfood Issue resulted from Fleet's product dogfooding. label Feb 4, 2025
@getvictor getvictor self-assigned this Feb 4, 2025
@getvictor getvictor modified the milestones: 4.64.0, 4.65.0-tentative Feb 5, 2025
@getvictor getvictor mentioned this issue Feb 5, 2025
Merged
4 tasks
@getvictor getvictor changed the title Bootstrap package not overwritten by GitOps Bootstrap package and enrollment profile not overwritten by GitOps Feb 6, 2025
@getvictor getvictor mentioned this issue Feb 6, 2025
Open
getvictor added a commit that referenced this issue Feb 7, 2025
@getvictor
Clear bootstrap package and enrollment profile with GitOps (#26095)
2eb5119 
For #25648 

Fixed issue where `fleetctl gitops` was NOT deleting macOS setup
experience bootstrap package and enrollment profile. GitOps should clear
all settings that are not explicitly set in YAML config files.

# Checklist for submitter

- [x] Changes file added for user-visible changes in `changes/`,
`orbit/changes/` or `ee/fleetd-chrome/changes`.
See [Changes
files](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/Committing-Changes.md#changes-files)
for more information.
- [x] Added/updated automated tests
- [x] A detailed QA plan exists on the associated ticket (if it isn't
there, work with the product group's QA engineer to add it)
- [x] Manual QA for all new/changed functionality
@PezHub
Copy link
Contributor

PezHub commented Feb 21, 2025

QA Test Results

Ran thru the following scenarios on a standard team:

Scenario A - ✅

  1. Uploaded bootstrap pkg and enrollment profile via UI
  2. Ran GitOps and set yaml to not include either
  3. Both were removed

Scenario B - ✅

  1. Uploaded bootstrap pkg and enrollment profile via UI
  2. Ran GitOps and set yaml to include different bootstrap and enrollment profile
  3. Both were replaced

Scenario C - ✅

  1. Deleted bootstrap pkg and enrollment profile via UI
  2. Ran GitOps and set yaml to include a bootstrap and enrollment profile
  3. Both were added

Scenario D - ✅

  1. Ran GitOps and set yaml to include a bootstrap and enrollment profile
  2. Ran GitOps and set yaml to null for bootstrap and enrollment profile
  3. Both were removed

@PezHub
Copy link
Contributor

PezHub commented Feb 21, 2025

QA Test Results for No Team

  • Bootstrap package is not set ❌

  • Enrollment profile is not set ❌

  • End User Auth is not set ❌

  • Disk encryption is not set ❌

  • Adding a Script in setup experience does work ✅

  • Custom apps are declarative ✅

  • VPP apps are not ❌

There may be more issues which I will investigate and create a separate ticket for to address GitOps functionality/support for No team

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@getvictor getvictor

Labels
bug Something isn't working as documented ~dogfood Issue resulted from Fleet's product dogfooding. #g-mdm MDM product group :incoming New issue in triage process. :release Ready to write code. Scheduled in a release. See "Making changes" in handbook. ~released bug This bug was found in a stable release.
Projects
None yet
Milestone
4.65.0
Development

No branches or pull requests
4 participants
@georgekarrv @getvictor @allenhouchins @PezHub