fleet
fleet copied to clipboard
fleetdm
Add EULA via GitOps
Goal
| User story |
|---|
| As an IT admin using GitOps, |
| I want to be able to configure the end user license agreement (EULA) document via GitOps |
| so that I can require from my end users, who automatically enroll their hosts, to agree to it before enrollment. |
Key result
Small UX improvement
Original requests
#27607
Context
- Product Designer: @marko-lisica
Changes
Product
- [ ] UI changes: No changes.
- [ ] CLI (fleetctl) usage changes: No changes.
- [ ] YAML changes: #28280
- [ ] REST API changes: No changes.
- [ ] Fleet's agent (fleetd) changes: No changes.
- [ ] GitOps mode changes: Figma link
- [ ] Activity changes: No changes.
- [ ] Permissions changes: No changes.
- [ ] Changes to paid features or tiers: Fleet Premium only
- [ ] My device and fleetdm.com/better changes: No changes.
- [ ] First draft of test plan added
- [ ] Other reference documentation changes: No changes.
- [ ] Once shipped, requester has been notified
- [ ] Once shipped, dogfooding issue has been filed
Engineering
- [ ] Test plan is finalized
- [ ] Contributor API changes: N/A
- [ ] Feature guide changes: N/A
- [ ] Database schema migrations: N/A
- [ ] Load testing: N/A
ℹ️ Please read this issue carefully and understand it. Pay special attention to UI wireframes, especially "dev notes".
QA
Risk assessment
- Requires load testing: no
- Risk level: Low / High: Low
Test plan
Make sure to go through the list and consider all events that might be related to this story, so we catch edge cases earlier.
- [ ] Make sure that user can add EULA PDF document to GitOps repo (lib folder) and reference it in
org_settings.mdm.end_user_license_agreement. - [ ] Make sure that once added via GitOps it's displayed during automatic enrollment on macOS and Windows hosts.
- [ ] Make sure that once GitOps mode is enabled, that user can't upload EULA via UI (button disabled and GitOps tooltip displayed on hover).
- [ ] Test that EULA is deleted if
end_user_license_agreementis removed from theorg_settings.
Testing notes
Confirmation
- [ ] Engineer: Added comment to user story confirming successful completion of test plan.
- [ ] QA: Added comment to user story confirming successful completion of test plan.
@ghernandez345 should the user be able to delete uploaded EULA when GitOps mode is enabled? I can't upload, but deletion is still an option
In comparison, scripts have deletion disabled as well, only leaving download as an option
Other testing notes.
Confirmed that:
- EULA is generated with generate-gitops
- EULA can be added via gitops
- EULA can be removed via gitops
- EULA can not be added when GitOps mode is active
- Uploaded/Removed EULA is respected during the mac setup
Outstanding questions:
- Delete button on the file (mentioned in the above comment)
- Still trying to figure out why the file location that is generated by generate-gitops isn't working. Here's what I'm currently seeing:
The directory is logged on my end with generate-gitops: end_user_license_agreement: ./lib/eula/EULA.pdf
But I get Error: error uploading EULA: reading eula file: open ./lib/eula/EULA.pdf: no such file or directory when running gitops
But if I change the directory to ../fleet-gitops/lib/eula/EULA.pdf it succeeds, which doesn't make much sense because it is the same as ./lib...
@AndreyKizimenko I dont think they should be able to delete the file when gitops is enabled. I'll make that change.
I'll also look into that issue of the file path being incorrect. Will let you know what I find.
@ghernandez345 we found an older issue with relative path, and maybe the fix didn't address the default team and only addressed specific teams - https://github.com/fleetdm/fleet/issues/25770
@AndreyKizimenko I fixes the issue of being able to delete the EULA when gitops is enabled. Just need to merge into main before its ready for a retest.
For the second issue with the EULA path from generate-gitops I am not seeing the issue. I think you may be running into an issue with the path resolving relative to an incorrect directory depending on what directory you are in when you run fleetctl gitops. This is what I'm doing.
- upload a EULA via the UI called
test.pdf - from my fleet directory generate gitops into a
test-generatedirectory (this new directory will act as my gitops project). I use this command./build/fleetctl generate-gitops --dir test-generate - verify the path of the key. It generates as
end_user_license_agreement: ./lib/eula/test.pdf cdintotest-generatedirectory. This is the directory a user will use in their gitops repo- fill in enrollment secret in
default.ymland add emptycontrolskey - run gitops command `../build/fleetctl gitops -f default.yml
- verify that the EULA was uploaded in the UI.
Talked about the second issue with Gabe more and what I was experiencing was due to me not moving to the gitops directory and running Gitops from the fleet directory. Changing the current directory has resolved that second issue
@AndreyKizimenko @PezHub merged in the fix for disabling deleting eula in UI when gitops is enabled. ready for retesting
Confirmed the gitops mode delete button is disabled. The only check that is left is confirming that the EULA is displayed on Windows hosts. Will look at it later today together with @PezHub
moving this to ready and will confirm the EULA shows in Windows Auto pilot during smoke tests
GitOps molds EULA, Fleet's path like wind through leaves, Ease for IT's realm.
