fleet icon indicating copy to clipboard operation
fleet copied to clipboard

Published 20 hours ago verified publisher icon fleetdm

Move lock/wipe scripts and MDM commands to `ee/` folder

Open noahtalerman opened this issue 1 year ago • 6 comments

Goal

User story
As a Fleet Premium user,
I want the Windows and Linux lock/wipe scripts to live under Fleet ee/ folder
so that I can be confident what I see on fleetdm.com/pricing (free v. paid) is in line with Fleet's license.

Objective

Not tied to a quarterly objective. Why are we doing it? Because the product is inconsistent w/ the pricing page.

Context

  • Requestor(s): @alexmitchelliii
  • Product designer: @noahtalerman

Windows and Linux lock/wipe scripts current live here: https://github.com/fleetdm/fleet/tree/main/scripts/mdm

Lock/wipe is included in Fleet Premium. From fleetdm.com/pricing: Screenshot 2024-10-01 at 10 33 48 AM

Changes

Product

  • [ ] Changes to paid features or tiers: Move the lock/wipe scripts into the ee/ folder.
    • @noahtalerman: Just to make sure, before we move the scripts, does the Fleet product even use the lock/wipe scripts in this folder? Meaning when I click the Lock button on a Linux host in the UI, do we use the scripts here? If not, maybe there is another spot in the code that we want to move to ee/ The reason I ask is because it looks like we haven't made any changes to those scripts for 3 months but I thought we made some updates to Linux lock recently (I could be misremembering)
  • [ ] UI changes: No changes
  • [ ] CLI (fleetctl) usage changes: No changes
  • [ ] YAML changes: No changes
  • [ ] REST API changes: No changes
  • [ ] Fleet's agent (fleetd) changes: No changes
  • [ ] Activity changes: No changes
  • [ ] Permissions changes: No changes
  • [ ] Other reference documentation changes: No changes
  • [ ] Once shipped, requester has been notified

Engineering

  • [ ] Feature guide changes: TODO
  • [ ] Database schema migrations: TODO
  • [ ] Load testing: TODO

ℹ️  Please read this issue carefully and understand it. Pay special attention to UI wireframes, especially "dev notes".

QA

Risk assessment

  • Requires load testing: TODO
  • Risk level: Low / High TODO
  • Risk description: TODO

Manual testing steps

  1. Step 1
  2. Step 2
  3. Step 3

Testing notes

Confirmation

  1. [ ] Engineer (@____): Added comment to user story confirming successful completion of QA.
  2. [ ] QA (@____): Added comment to user story confirming successful completion of QA.

noahtalerman avatar Oct 01 '24 14:10 noahtalerman

Hey @georgekarrv I moved this story to ready for specs. It's a cleanup story.

Just to make sure, before we move the scripts, does the Fleet product even use the lock/wipe scripts in this folder? https://github.com/fleetdm/fleet/tree/main/scripts/mdm

Meaning when I click the Lock button on a Linux host in the UI, do we use the scripts here? If not, maybe there is another spot in the code that we want to move to ee/

The reason I ask is because it looks like we haven't made any changes to those scripts for 3 months but I thought we made some updates to Linux lock recently (I could be misremembering)

noahtalerman avatar Oct 01 '24 14:10 noahtalerman

@noahtalerman while the UI for windows lock and wipe are premium we have had the scripts be part of the free tier. Has that changed?

georgekarrv avatar Oct 02 '24 17:10 georgekarrv

@georgekarrv scripts are free but we want all parts of the lock/wipe features to be premium (UI, API, CLI, scripts, etc.). Similar to how policies are free but CIS Benchmarks (powered by policies) are premium.

Like the policies for CIS Benchmarks, we want the scripts for Window and Linux lock/wipe to live under ee/.

Now that I'm thinking about it, I think this means we also move the MDM command (XML) for macOS, iOS, and iPadOS to ee/. I updated the issue description to reflect this.

noahtalerman avatar Oct 10 '24 13:10 noahtalerman

Hey @georgekarrv looks like this one didn't get estimated this week. Anything I can do to help move it forward?

noahtalerman avatar Oct 18 '24 13:10 noahtalerman

Hey @georgekarrv just giving you another ping! Please check out my comment here and let me know if there's anything I can do to help move this one forward.

noahtalerman avatar Oct 21 '24 13:10 noahtalerman

Yup, none needed thanks we just missed estimating this one last week

georgekarrv avatar Oct 21 '24 13:10 georgekarrv

Hey team! Please add your planning poker estimate with Zenhub @dantecatalfamo @getvictor @ghernandez345 @gillespi314 @jahzielv @mna

georgekarrv avatar Oct 23 '24 16:10 georgekarrv

@georgekarrv Moving this back to "Ready to spec" as there are still "TODO" items listed under the Engineering header.

lukeheath avatar Jan 03 '25 15:01 lukeheath

@georgekarrv, I think this was on #g-orchestration board by mistake. Moved back to MDM. TMWYT

sharon-fdm avatar Jan 06 '25 15:01 sharon-fdm

It wasn't a mistake, this was discussed weeks ago as something epops could easily help out on and it was switched over at that time. With the shuffle there is no problem bringing it back to mdm to consider. Thanks!

georgekarrv avatar Jan 06 '25 22:01 georgekarrv

@noahtalerman https://github.com/fleetdm/fleet/blob/main/server/mdm/apple/commander.go#L103-L119

marko-lisica avatar Feb 19 '25 15:02 marko-lisica

Renamed the story (removed mention of "MDM commands") because this story captured the effort to remove the lock/wipe scripts.

  • Fleet Premium users can only trigger the lock/wipe MDM commands for macOS, iOS, and iPadOS.
  • Now, Fleet Premium users can only copy/paste the lock/wipe scripts for Windows and Linux hosts (they live under ee/)
  • Currently, there's no feature for copy/pasting custom MDM commands.

noahtalerman avatar Feb 21 '25 14:02 noahtalerman

@alexmitchelliii Windows and Linux lock/wipe scripts are now officially under ee/: https://github.com/fleetdm/fleet/tree/main/ee/server/service/embedded_scripts

Image

noahtalerman avatar Feb 21 '25 14:02 noahtalerman

Scripts find their home, In ee/ folder they bloom, Users find no gloom.

fleet-release avatar Feb 21 '25 14:02 fleet-release