fleet icon indicating copy to clipboard operation
fleet copied to clipboard

Published 20 hours ago verified publisher icon fleetdm

Fleet UI: Bulk transfer/delete hosts can transfer/delete more hosts than shown

Open RachelElysia opened this issue 11 months ago • 6 comments

Fleet version: <!-- Copy this from the "My account" page in the Fleet UI, or run fleetctl --version -->

Web browser and operating system:

💥  Actual behavior

Related to: https://github.com/fleetdm/fleet/pull/17241

  • The host transfer by select all matching hosts uses hosts/transfer/filter endpoint which doesn't include all filtering options on the manage host page
  • The host delete by select all matching hosts uses hosts/delete endpoint which doesn't include all filtering options on the manage hosts page

🧑‍💻  Steps to reproduce

  1. Go to transfer/delete more than 50 hosts that has a specific filter (low disk space, failing a policy, etc)
  2. Notice it transfers/deletes hosts that don't use that filter either (not low disk space, passing that policy)

🕯️ More info (optional)

N/A

Spreadsheets of everything that needs to be added and tested So many filters = so much testing

  • Testing with integration test might be the best way to go about testing since 22 filters is a lot. >.<

RachelElysia avatar Feb 28 '24 21:02 RachelElysia

I started working on a solution, but there's a ton of filters... ~22 filters. They would need to be all added to the transfer and delete APIs and tested. So essentially ~44 things to test.

RachelElysia avatar Feb 28 '24 22:02 RachelElysia

@noahtalerman @rachaelshaw Should we consider this a critical bug? Especially since users can delete hosts that they didn't intend to?

RachelElysia avatar Mar 04 '24 16:03 RachelElysia

@RachelElysia I think we should mark this one as critical. This bug could cause data loss.

I assigned the P1 label as per the high priority bugs process here in the handbook: https://fleetdm.com/handbook/company/product-groups#high-priority-user-stories-and-bugs

cc @lukeheath and @sharon-fdm

noahtalerman avatar Mar 04 '24 20:03 noahtalerman

Thanks @noahtalerman We will handle it as such.

sharon-fdm avatar Mar 04 '24 20:03 sharon-fdm

@RachelElysia Thanks for raising the alarm.

@noahtalerman @sharon-fdm I agree this is a P1. I'm leaving the assignments as-is. Removing :incoming since we've triaged it.

lukeheath avatar Mar 04 '24 20:03 lukeheath

@sharon-fdm My bad, I'm putting :incoming back on because per our process, we don't officially triage P1 until the next standup.

lukeheath avatar Mar 04 '24 20:03 lukeheath

Update:

  • Frontend is done on #17263, need to remove backend parts and then get reviewed
  • Backend and backend unit/integration tests will be a separate PR from @mostlikelee and then get reviewed
  • Need @xpkoala to do some sanity manual test after merges

RachelElysia avatar Mar 05 '24 17:03 RachelElysia

Supporting all filters on these endpoints increases regression risk as detected by #17459. Instead we're using a low-risk approach by removing the bulk options on unsupported filters in the UI.

We will create (and link here) 2 new initiatives to:

  1. Support more/all filters for these bulk operations (if product desires)
  2. Add safety mechanisms to transfer and delete API endpoints to prevent unexpected bulk actions

mostlikelee avatar Mar 07 '24 19:03 mostlikelee

Perform bulk host operations based on any filter criteria - https://github.com/fleetdm/fleet/issues/17468 Prevent Unexpected Bulk Host Actions - https://github.com/fleetdm/fleet/issues/17469

mostlikelee avatar Mar 07 '24 19:03 mostlikelee

I couldn't think of a haiku this time. (See fleetdm.com logs for more information.)

fleet-release avatar Mar 12 '24 23:03 fleet-release