fleet icon indicating copy to clipboard operation
fleet copied to clipboard

Published 20 hours ago verified publisher icon fleetdm

Software self-service

Open willmayhone88 opened this issue 11 months ago • 9 comments

Goal

User story
As an IT admin on the Software page,
I want to add a package and make it available for my end users to install via Fleet Desktop
so that I can give end users (without root access) an easy way to install software vetted by my organization.

Context

  • Product designer: @marko-lisica

Changes

Product

  • [ ] UI changes: Figma link
  • [ ] CLI usage changes: Figma link
  • [ ] REST API changes: #18507
  • [ ] Permissions changes:
    • Maintainers and admins (team and global) can add self-service software. GitOps user can add self-service software via Fleet YAML. (Team roles can add software to teams they are assigned to.)
  • [ ] Outdated documentation changes: TODO
  • [ ] Changes to paid features or tiers: Available in Fleet Premium only.

Engineering

  • [ ] Database schema migrations: TODO
  • [ ] Load testing: TODO

ℹ️  Please read this issue carefully and understand it. Pay special attention to UI wireframes, especially "dev notes".

QA

Risk assessment

  • Requires load testing: TODO
  • Risk level: Low / High TODO
  • Risk description: TODO

Manual testing steps

  1. Step 1
  2. Step 2
  3. Step 3

Testing notes

Confirmation

  1. [ ] Engineer (@____): Added comment to user story confirming successful completion of QA.
  2. [ ] QA (@____): Added comment to user story confirming successful completion of QA.

willmayhone88 avatar Mar 13 '24 15:03 willmayhone88

@willmayhone88 thanks for tracking this!

We can weigh it at feature fest.

noahtalerman avatar Mar 14 '24 14:03 noahtalerman

Hey @willmayhone88, heads up, we discussed this request at feature fest.

We decided not to draft this one in the upcoming design sprint (4.49).

Removing from feature fest board.

noahtalerman avatar Mar 29 '24 21:03 noahtalerman

@dherder and @willmayhone88 what's an example of a "workflow"?

From what I've heard from IT admins, one example is the end user can run a script to troubleshoot a business critical tool (ex. Cisco Umbrella).

noahtalerman avatar Apr 12 '24 13:04 noahtalerman

@noahtalerman at a bare minimum, if we could get scripts to be ran by the user that would cover a quite a bit of workflows. We would just need the ability to maybe title the item for what the end user sees that is different from the script title, and a description as well. Workflows were also used to reinstall apps, if say an app wasn't work as expected.

willmayhone88 avatar Apr 12 '24 14:04 willmayhone88

if we could get scripts to be ran by the user that would cover a quite a bit of workflows

Got it. I updated the title of this issue to reflect this.

@willmayhone88 what's a specific example of a "workflow" one of these prospects is trying to offer to end users?

noahtalerman avatar Apr 12 '24 20:04 noahtalerman

Brock: One example of a "workflow" is refreshing the VPN proxy. Ask the end user to hit a button instead of walking them through a Terminal command.

noahtalerman avatar Apr 18 '24 17:04 noahtalerman

Hey @willmayhone88, heads up, now that this story is in the current design sprint, I updated the issue description to use the user story format.

I moved your original issue description here for safekeeping:

Problem

Users need the ability to install approved applications or run workflows that we allow when they have a need to do so. This is similar to other MDMs that have a portal of approved applications and workflows. By allowing an end user to perform these actions as needed, it removes the requirement of the Fleet admin or Fleet users from having to do this when available.

Potential solutions

  1. A potential solution could be a new application that links to a Fleet instance's available software.
  2. Another option would be to have these items available in the "My Device" that a host device has access to in the fleetd application.

Note that this user story only covers the "install approved applications" problem.

The "run workflows" problem will be addressed separately. When you get the chance, can you please file a separate issue for this problem?

noahtalerman avatar Apr 21 '24 19:04 noahtalerman

During estimation today, we uncovered these design TODOs:

  • [x] As an IT admin looking at the activity feed on the Host details page, what does the activity feed entry look like when an end user installs a self service app?
  • [x] What is the query param that powers the "Self-service" filter on the Software page?
  • [x] To allow for a separate "Self-service" tab on the My device page, add a boolean to filter a specific host's software in the API

@marko-lisica when you're back, can you please take these? Thanks!

noahtalerman avatar May 08 '24 22:05 noahtalerman

As an IT admin looking at the activity feed on the Host details page, what does the activity feed entry look like when an end user installs a self service app?

Global and host activity feed items are specified here. @noahtalerman Could you take a look at this?

What is the query param that powers the "Self-service" filter on the Software page?

Added query param to dev note here.

To allow for a separate "Self-service" tab on the My device page, add a boolean to filter a specific host's software in the API

This is already specified in dev note and in the API PR.

marko-lisica avatar May 09 '24 19:05 marko-lisica

Global and host activity feed items are specified here.

Looks good!

Tweaked the copy a bit.

Host: Screenshot 2024-05-10 at 3 30 23 PM

Global: Screenshot 2024-05-10 at 3 30 41 PM

noahtalerman avatar May 10 '24 19:05 noahtalerman

QA Tests:

Passed:

  • Software Page
    • Self Service Filter drop down menu
    • Download arrow icon with tooltip displays
  • Add package
    • Self Service checkbox functions, tooltip on hover
    • Green banner after successful
  • Software Title Details page
    • Self Service Tag (found issue, was fixed)
    • Actions: Download, Advanced, Delete all work
  • Host Details Software
    • Check install status - failed, pending, installed, download
    • Tooltips
    • Test actions on the right side (retry)
  • Fleet Desktop/My Device Page
    • New Self-service item in drop down menu task bar
    • Reach out to IT link opens in new browser tab
    • New Tab for SS
    • Confirm statuses are correct under each app icon
    • Tooltips - in progress, installed, failed
    • Retry action works
    • Loading state UI
    • Empty State
  • Activity Feeds
    • Host Activity Feed
    • Global Activity Feed
  • Other
    • File size limit validation
    • Test throttled connection
    • File type validation
    • File uploaded by User A can be deleted or installed by User B

Ran thru same tests for Windows Host

  • Permissions changes
    • Maintainers and admins (team and global) can add self-service software.
    • Team roles can add software to teams they are assigned to
    • Observers cannot

To Do:

  • GitOps user can add self-service software via Fleet YAML

PezHub avatar Jun 06 '24 00:06 PezHub

Windows and Ubuntu testing results here

PezHub avatar Jun 06 '24 16:06 PezHub

testing is complete, including yaml config updates. QA Approved!

PezHub avatar Jun 06 '24 18:06 PezHub

@noahtalerman Looks like this one fell off w/o going through confirm and celebrate

georgekarrv avatar Jul 03 '24 02:07 georgekarrv

Hey @dave and @willmayhone88, this story has shipped. API docs are still TODO.

marko-lisica avatar Jul 03 '24 15:07 marko-lisica

API docs are merged.

marko-lisica avatar Jul 09 '24 16:07 marko-lisica

Vetted software flows, Like a cloud city's soft light, Access without root grows.

fleet-release avatar Jul 09 '24 16:07 fleet-release