-
Notifications
You must be signed in to change notification settings - Fork 378
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
See if scripts are enabled/disabled on Host details page #17148
Comments
Hey @Patagonia121 heads up, this story was prioritized during feature fest. Aiming to ship an improvement in the next 6 weeks. |
Hey @rachaelshaw! I think I may have brought us down the wrong direction.
I go into more detail in the Loom video here. |
Agent: We will need to have this information available. (Maybe in a table) Estimations: |
@rachaelshaw On macOS agents, scripts can be enabled with MDM config profile. But the server/UI won't see this until a detail query occurs (once every hour). So, the server could be blocking scripts for up to 1 hour. The end user could speed this up by manually refetching the host. I assume this is OK. Adding :product label to confirm. UPDATE: Another question. |
@RachelElysia |
@noahtalerman do you foresee this being a problem?
I believe it does require scripts— recently tested lock on Noah's Windows machine and it failed because scripts weren't enabled. |
@rachaelshaw and @getvictor I think this is ok. Victor, there's the same potential delay for macOS (no MDM), Windows, and Linux hosts right? If it's the same for all platforms, maybe we update the tooltip copy/error messages. Something like this: "To run scripts on this host, deploy the fleetd agent with --enable-scripts and refetch host vitals." Rachael, what do you think? |
@getvictor Windows wipe is an MDM command. Lock/unlock are scripts. @rachaelshaw I totally forgot that Windows wipe is an MDM command. I don't think we should disable Wipe if a Windows host doesn't have scripts enabled. What do you think? |
@noahtalerman makes sense, I'll update the Figma 👍 |
…st details. (#18123) #17361 #17148 In GET fleet/hosts/:id response, added the following fields: - orbit_version - `orbit_version == null` means this agent is not an orbit agent - fleet_desktop_version - `fleet_desktop_version == null` means this agent is not an orbit agent or it is an older version which is not collecting the desktop version - `fleet_desktop_version == ""` means this agent is an orbit agent but does not have fleet desktop - scripts_enabled - `scripts_enabled == null` means this agent is not an orbit agent or it is an older version which is not collecting scripts_enabled In orbit_info table, added the following fields: - desktop_version - scripts_enabled Updated docs for orbit_info PR: #18135 Updated API docs: #17814 MDM lock/unlock/wipe error messages are not part of this PR. They will be in a separate PR. # Checklist for submitter - [x] Changes file added for user-visible changes in `changes/` or `orbit/changes/`. See [Changes files](https://fleetdm.com/docs/contributing/committing-changes#changes-files) for more information. - [x] Added support on fleet's osquery simulator `cmd/osquery-perf` for new osquery data ingestion features. - [x] Added/updated tests - [x] If database migrations are included, checked table schema to confirm autoupdate - [x] Manual QA for all new/changed functionality - For Orbit and Fleet Desktop changes: - [x] Manual QA must be performed in the three main OSs, macOS, Windows and Linux. - [x] Auto-update manual QA, from released version of component to new version (see [tools/tuf/test](../tools/tuf/test/README.md)).
#17148 Added error messages to lock/unlock/wipe when scripts are disabled. # Checklist for submitter - [x] Added/updated tests - [x] Manual QA for all new/changed functionality
Doc changes for Heads up, the doc changes are live on fleetdm.com/tables however, the feature hasn't been shipped. |
@getvictor and @rachaelshaw re "Run scripts," "Lock," and "Wipe," buttons are available if the host has plain osquery installed. What happens when we run a script against a host w/ plain osquery, does the user see an error? I think up to @rachaelshaw on whether we decide to make changes and timing (now or file a story to bring through feature fest). |
@noahtalerman I'm testing this scenario right now. |
Ah, nice. I think that's an acceptable UX. FYI @rachaelshaw |
@Patagonia121 this was shipped in v4.49.0 |
Script status shown, |
Goal
Context
Changes
Product
Engineering
QA
Risk assessment
Manual testing steps
Testing notes
The previous orbit version with scripts enabled should function the same as before -- none of the changes in this story should apply to it.
Confirmation
The text was updated successfully, but these errors were encountered: