fleet
fleet copied to clipboard
fleetdm
Naming a team "No team" or "All teams" breaks the team
Fleet version: Observed in Fleet's dogfood environment (4.55)
💥 Actual behavior
https://www.loom.com/share/74a2395f7bcc4adcb2efdd2d850ba803?sid=41da5122-66c5-4a1f-947e-24447b2c9985
🧑💻 Steps to reproduce
- Add a team called "No team"
- Click on the new team
- Try to filter hosts by the new team
🕯️ More info (optional)
@noahtalerman: I don't think we considered this case when introducing the concept of "No teams" or "All teams"
🛠️ To fix
Add validation and an easy to understand error message when the user is creating (or updating) a team via UI, API, or GitOps w/ the name of "No team" or "All teams"
- Ignore capitalization: If "aLL teAmS" is specified, error when the user tries to create a team. Same for "nO TeaM"
If "aLL teAmS" or "nO TeaM" is specified in volume_purchasing_program key in GitOps YAML, error because this is a non existent team. The user must specify "All teams" or "No team" (correct capitalization).
Hey @getvictor I just ran into this.
Is there anything tricky / something I'm missing w/ the proposed solution?
Do other apps behave like this?
Do other apps behave like this?
@marko-lisica have you seen apps reserve names? What are some examples?
Hey @getvictor I just ran into this.
Is there anything tricky / something I'm missing w/ the proposed solution?
Do other apps behave like this?
From looking at the code, the backend supports these team names. I'm guessing it is the frontend that's breaking.
That said, we can add a validation to not allow these names (with this specific capitalization).
Do other apps behave like this?
@marko-lisica have you seen apps reserve names? What are some examples?
@noahtalerman Gmail is doing a similar thing. If you want to create label, you can't use word "Inbox", because they have system labels.
Off topic: Seems that we prevent users from creating label with names that already exist, but we don't prevent them from creating labels with names of system labels (Windows, macOS, Linux, etc.)
we don't prevent them from creating labels with names of system labels (Windows, macOS, Linux, etc.)
@marko-lisica hmm, seems like we should. What happens when you do this? Do certain features break?
we don't prevent them from creating labels with names of system labels (Windows, macOS, Linux, etc.)
@marko-lisica hmm, seems like we should. What happens when you do this? Do certain features break?
@noahtalerman I'm not sure what could break. The only thing that comes to my mind is that a label is assigned by name to a profile (in GitOps). In case where exist two labels with the same name (Fleet system label and custom label) which one will be attached to a profile?
Thanks @marko-lisica. When you get the chance, can you please track a separate bug for adding validation/errors for built-in labels?
Heads-up that we should also apply this validation when updating the team's name. I'll mention it in the "To fix" section.
QA Notes:
API and GitOps errors look good when trying to create no team or all teams
~/fleetdm/fleet main ❯ ./build/fleetctl gitops -f ~/fleetdm/gitops/teamTest.yaml 11s 10:56:49 AM
Error: applying teams: POST /api/latest/fleet/spec/teams received status 422 Validation Failed: "No team" is a reserved team name
~/fleetdm/fleet main ❯ ./build/fleetctl gitops -f ~/fleetdm/gitops/teamTest.yaml 10:56:52 AM
Error: applying teams: POST /api/latest/fleet/spec/teams received status 422 Validation Failed: "All teams" is a reserved team name
However in the UI we get a generic error. I think it would make sense for the Toast to show the same user friendly error. Do you agree @noahtalerman ?
QA Notes: 🐛 to fix the above error message https://github.com/fleetdm/fleet/issues/21971
QA Notes:
confirmed I cannot create new teams with either name and the bug fix improves the error message and
adds validation.
