Skip to content

Don't send Windows profiles "atomic-ally" #31922

New issue
New issue
Closed
4 of 4 issues completed
Closed
Don't send Windows profiles "atomic-ally"#31922
4 of 4 issues completed
Assignees
melpike
Labels
#g-mdmMDM product group:productProduct Design department (shows up on 🦢 Drafting board)customer-numastoryA user story defining an entire feature~customer promiseA feature request, or user story for a request, that Fleet has contractually agreed to deliver
Milestone
4.81.0
@noahtalerman

Description

@noahtalerman
noahtalerman
opened on Aug 14, 2025

Goal

User story
As an IT admin,
I want to tell Fleet to send Windows profiles and have them partially apply if one of the payloads doesn't work
so that I can apply the settings that do work and only worry about fixing the ones that don't.

Roadmap item

None.

Original requests

Resources

None.

Changes

Product

  • Changes:
    • All new profiles that are uploaded to Fleet won't be wrapped with <Atomic>.
    • Old profiles that are uploaded prior to this change will remain unchanged until the user resends them. When resent, they will be resent without <Atomic> wrapper.
    • User must explicitly add <Atomic> element around elements in the profile in order to send it atomically.
    • Keep automatically adding <Atomic> for SCEP profiles (both device and user scoped).
  • UI changes: Figma link
  • CLI (fleetctl) usage changes: No changes.
  • YAML changes: No changes.
  • REST API changes: No changes.
  • Fleet's agent (fleetd) changes: No changes.
  • GitOps mode UI changes: No changes.
  • GitOps generation changes: No changes.
  • Activity changes: No changes.
  • Permissions changes: No changes.
  • Changes to paid features or tiers: Fleet Free and Premium.
  • My device and fleetdm.com/better changes: No changes.
  • Usage statistics: No changes.
  • Other reference documentation changes: No changes.
  • First draft of test plan added
  • Once shipped, requester has been notified
  • Once shipped, dogfooding issue has been filed Dogfood: Don't send Windows profiles "atomic-ally" #40713

Engineering

  • Test plan is finalized
  • Contributor API changes: No changes
  • Feature guide changes: No changes
  • This is a premium only feature: No

ℹ️  Please read this issue carefully and understand it. Pay special attention to UI wireframes, especially "dev notes".

QA

Risk assessment

  • Requires testing in a hosted environment: No
  • Requires load testing: No
  • Risk level: Low

Test plan

Make sure to go through the list and consider all events that might be related to this story, so we catch edge cases earlier.

  • Verify that when the user resends the existing profile added prior to this change, Fleet removes <Atomic> from it before sending to the host.
  • Verify that when the user adds a new profile, it's sent to the host and not wrapped with <Atomic>.
  • Verify that the user can manually make a profile atomic by wrapping all the items with the <Atomic> element.
  • Make sure that SCEP profiles still work after this change. Fleet should automatically include <Atomic> for SCEP profiles only (user and device scoped).
  • Verify that the Fleet marks profile failed if at least one of the items failed in the non-atomic profile.
  • Verify that Fleet displays status code for each LocURI in non-atomic profile on Host > OS settings modal (for failed and successful LocURIs).
  • Verify that the Fleet marks profile failed if at least one of the items failed in the atomic profile.
  • Verify that Fleet displays status code for each LocURI in non-atomic profile on Host > OS settings modal when one of them fails (for failed and reverted LocURIs).
  • Make sure that Fleet returns an error if the user uploads a profile with <Atomic> element that doesn't wrap all LocURIs.
  • Make sure that Fleet returns an error if the user uploads a profile that has <Get>, <Delete>, or any other element besides <Replace> or <Add> as a top-level element.
  • Make sure that Fleet returns an error if the user uploads a profile that has <Get>, <Delete>, or any other element besides <Replace> or <Add> within the <Atomic> element.
  • Upload a at least one atomic and two non-atomic profiles including one that will fail(non-existent CSP for instance) in a short period of time(less than one minute). Verify they are all sent as part of a single SyncML message(ngrok or similar can help). Make sure that the non-atomic profile failure does not cause the other non-atomic, or the atomic, profile to fail

Testing notes

Confirmation

  1. Engineer: Added comment to user story confirming successful completion of test plan.
  2. QA: Added comment to user story confirming successful completion of test plan.

Metadata

Metadata

Assignees

Labels

#g-mdmMDM product group:productProduct Design department (shows up on 🦢 Drafting board)customer-numastoryA user story defining an entire feature~customer promiseA feature request, or user story for a request, that Fleet has contractually agreed to deliver

Type

No type

Projects

🦢 Drafting

Status

Done
🗺️ Release planning

Status

Done

Milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions