add an endpoint to get an aggregate summary of bootstrap packages #11156
Conversation
| CREATE TABLE host_mdm_apple_bootstrap_packages ( | ||
| host_uuid varchar(127) NOT NULL, | ||
| command_uuid varchar(127) NOT NULL, | ||
|
|
||
| PRIMARY KEY (host_uuid, command_uuid), | ||
| FOREIGN KEY (command_uuid) REFERENCES nano_commands (command_uuid) ON DELETE CASCADE | ||
| )`) |
There was a problem hiding this comment.
@mna @gillespi314 I'm not sure if this table is the right approach, do we want a more general "fleet commands" table? this table would still need a column with a flag/enum we can use to distinguish which commands are related to bootstrap packages.
up to you!
There was a problem hiding this comment.
Hmm yeah good question, this is the only command that we need this for at the moment, right? The disk encryption profile is also treated a bit as a special case, but it does not need something like this AFAIR? Given that this is the first need for this, it could make sense to use it like you proposed, and rename it to something more general if and when we need something similar for other "special commands"?
docs/Using-Fleet/REST-API.md
Outdated
| "name": "bootstrap-package.pkg", | ||
| "team_id": 0, | ||
| "sha256": "6bebb4433322fd52837de9e4787de534b4089ac645b0692dfb74d000438da4a3", | ||
| "token": "AA598E2A-7952-46E3-B89D-526D45F7E233" |
There was a problem hiding this comment.
Just curious what's token in this response? Is that extracted from the package?
There was a problem hiding this comment.
Maybe it would be worth adding an explanation of token and sha256 (the hash of the package, I presume).
|
|
||
| Download a bootstrap package. | ||
|
|
||
| `GET /api/v1/fleet/mdm/apple/bootstrap` |
There was a problem hiding this comment.
Given the path structure (GET /mdm/apple/bootstrap/{team_id}/metadata returns the metadata for the bootstrap package of that team, DELETE /mdm/apple/bootstrap/{team_id} deletes the package for that team) I would expect GET /mdm/apple/bootstrap/{team_id} to download the package for a given team? There may be a technical limitation that prevents us from doing this/requiring to use a token approach instead?
There was a problem hiding this comment.
deletes the package for that team) I would expect GET /mdm/apple/bootstrap/{team_id} to download the package for a given team? There may be a technical limitation that prevents us from doing this/requiring to use a token approach instead?
yes! the bootstrap package needs to be accessed without user authentication, so it's gated behind the token.
having said that, I think we could have used both? the team_id is redundant but looks more consistent: GET /mdm/apple/bootstrap/{team_id}?token={token}
we have already released that endpoint, but we're doing other breaking changes, so maybe we can add this to the list. I'll make a note to discuss with Luke when he's back.
|
|
||
| The summary can optionally be filtered by team id. | ||
|
|
||
| `GET /api/v1/fleet/mdm/apple/bootstrap/summary` |
There was a problem hiding this comment.
Similar to the previous comment, could that be GET /mdm/apple/bootstrap/{team_id}/summary for consistency?
There was a problem hiding this comment.
It makes sense, I think it was specified that way to be consistent with all the other /resource_here/summary endpoints which take a team_id as a query parameter. I'll also add this to the list to double check with Luke when he's back.
There was a problem hiding this comment.
FWIW, I think the trend on the frontend at least has been toward using team id as a query param rather than a route param for entities that are team-related (but not teams themselves).
| CREATE TABLE host_mdm_apple_bootstrap_packages ( | ||
| host_uuid varchar(127) NOT NULL, | ||
| command_uuid varchar(127) NOT NULL, | ||
|
|
||
| PRIMARY KEY (host_uuid, command_uuid), | ||
| FOREIGN KEY (command_uuid) REFERENCES nano_commands (command_uuid) ON DELETE CASCADE | ||
| )`) |
There was a problem hiding this comment.
Hmm yeah good question, this is the only command that we need this for at the moment, right? The disk encryption profile is also treated a bit as a special case, but it does not need something like this AFAIR? Given that this is the first need for this, it could make sense to use it like you proposed, and rename it to something more general if and when we need something similar for other "special commands"?
Co-authored-by: Martin Angers <martin.n.angers@gmail.com>
Codecov ReportPatch coverage:
Additional details and impacted files@@ Coverage Diff @@
## main #11156 +/- ##
==========================================
- Coverage 60.92% 60.35% -0.57%
==========================================
Files 525 529 +4
Lines 54573 55360 +787
==========================================
+ Hits 33246 33411 +165
- Misses 18369 18962 +593
- Partials 2958 2987 +29
... and 26 files with indirect coverage changes Help us with your feedback. Take ten seconds to tell us how you rate us. Have a feature suggestion? Share it here. ☔ View full report in Codecov by Sentry. |
| @@ -141,3 +143,15 @@ func secureRandInt(min, max int64) (int, error) { | |||
| } | |||
| return random, nil | |||
| } | |||
|
|
|||
| func FmtErrorChain(chain []mdm.ErrorChain) string { | |||
There was a problem hiding this comment.
this seems to be the exact same function as *MDMAppleCheckinAndCommandService.fmtErrorChain, can we completely replace the struct function in favor of this?
|
LGTM! |
Related to #10934
Checklist for submitter
If some of the following don't apply, delete the relevant line.
SELECT *is avoided, SQL injection is prevented (using placeholders for values in statements)