Add "batch script host results" API#32174
Merged
Conversation
Codecov Report❌ Patch coverage is
Additional details and impacted files@@ Coverage Diff @@
## main #32174 +/- ##
==========================================
- Coverage 64.03% 64.02% -0.01%
==========================================
Files 1987 1987
Lines 194532 194701 +169
Branches 6436 6436
==========================================
+ Hits 124562 124667 +105
- Misses 60255 60306 +51
- Partials 9715 9728 +13
Flags with carried forward coverage won't be shown. Click here to find out more. ☔ View full report in Codecov by Sentry. 🚀 New features to boost your workflow:
|
lucasmrod
reviewed
Aug 22, 2025
Member
lucasmrod
left a comment
lucasmrod
left a comment
There was a problem hiding this comment.
Left some comments/questions.
sgress454
commented
Aug 22, 2025
Comment on lines
-1209
to
+1271
| batchScriptExecutionIDFilter := "TRUE" | ||
| batchScriptExecutionFilter := "TRUE" |
Contributor
Author
There was a problem hiding this comment.
Renamed since this filter can include more than just a batch execution ID.
Comment on lines
-1211
to
+1273
| batchScriptExecutionJoin = `LEFT JOIN batch_activity_host_results bsehr ON h.id = bsehr.host_id` | ||
| batchScriptExecutionIDFilter = `bsehr.batch_execution_id = ?` | ||
| whereParams = append(whereParams, *opt.BatchScriptExecutionIDFilter) | ||
| if opt.BatchScriptExecutionStatusFilter.IsValid() { | ||
| batchScriptExecutionJoin += ` LEFT JOIN host_script_results hsr ON bsehr.host_execution_id = hsr.execution_id` | ||
| switch opt.BatchScriptExecutionStatusFilter { | ||
| case fleet.BatchScriptExecutionRan: | ||
| batchScriptExecutionIDFilter += ` AND hsr.exit_code = 0` | ||
| case fleet.BatchScriptExecutionPending: | ||
| // Pending can mean "waiting for execution" or "waiting for results". | ||
| batchScriptExecutionJoin += ` LEFT JOIN upcoming_activities ua ON ua.execution_id = bsehr.host_execution_id` | ||
| batchScriptExecutionIDFilter += ` AND ((ua.execution_id IS NOT NULL) OR (hsr.host_id is NOT NULL AND hsr.exit_code IS NULL AND hsr.canceled = 0 AND bsehr.error IS NULL))` | ||
| case fleet.BatchScriptExecutionErrored: | ||
| // TODO - remove exit code condition when we split up "errored" and "failed" | ||
| batchScriptExecutionIDFilter += ` AND hsr.exit_code > 0` | ||
| case fleet.BatchScriptExecutionIncompatible: | ||
| batchScriptExecutionIDFilter += ` AND bsehr.error IS NOT NULL` | ||
| case fleet.BatchScriptExecutionCanceled: | ||
| batchScriptExecutionIDFilter += ` AND hsr.exit_code IS NULL AND hsr.canceled = 1` | ||
| } | ||
| } | ||
| batchScriptExecutionJoin, batchScriptExecutionFilter, whereParams = ds.getBatchExecutionFilters(whereParams, opt) |
Contributor
Author
There was a problem hiding this comment.
Moved code to generate batch script filters into a shared function so that it can be used by both ListHosts() and the new ListBatchScriptHosts()
4 tasks
lucasmrod
previously approved these changes
Aug 26, 2025
sgress454
commented
Aug 26, 2025
Contributor
Author
sgress454
left a comment
sgress454
left a comment
There was a problem hiding this comment.
@lucasmrod couple of updates after @jacobshandling tested against the front end, please and thank you.
| // if no result was received yet. | ||
| ScriptOutput string `json:"script_output_preview,omitempty" db:"output"` | ||
| // Executed at is the time the script was executed on the host (if at all). | ||
| ScriptExecutedAt *time.Time `json:"script_executed_at,omitempty" db:"updated_at"` |
Contributor
Author
There was a problem hiding this comment.
This is not referenced anywhere in code (so no new nil checks needed), but handling it as a string like I was made it not come out as an ISO timestamp which caused confusion on the frontend.
| ELSE NULL | ||
| END as updated_at, | ||
| COALESCE(LEFT(hsr.output, 100), '') as output, | ||
| COALESCE(hsr.execution_id, '') as execution_id |
Contributor
Author
There was a problem hiding this comment.
This was just wrong previously, i had it returning the batch execution ID rather than the host execution ID, due to misreading the API doc. I updated the tests to check this as well.
Contributor
Author
|
@lucasmrod stand by, found another issue during testing. |
sgress454
commented
Aug 27, 2025
Comment on lines
+1388
to
+1394
| // Pending can mean "waiting for execution" or "waiting for results". | ||
| // hsr.exit_code IS NULL <- this means the script has not reported back | ||
| // (hsr.canceled IS NULL OR hsr.canceled = 0) <- this can mean the script is running, or that it hasn't been activated yet, | ||
| // but either way we haven't canceled it. | ||
| // bsehr.error IS NULL <- this means the batch script framework didn't mark this host as incompatible | ||
| // with this script run. | ||
| batchScriptExecutionFilter += ` AND (hsr.exit_code IS NULL AND (hsr.canceled IS NULL OR hsr.canceled = 0) AND bsehr.error IS NULL)` |
Contributor
Author
There was a problem hiding this comment.
This was also wrong in previous iterations, because "pending" can mean:
- scheduled for the future (so that there's no activity record for it at all), or
- part of a started batch, but not the next activity for the host, or
- actively ready to be run (or currently running) on the host
and for any of those scenarios, it can also be canceled, in which case we want to return it as "canceled" and not "pending".
sgress454
commented
Aug 27, 2025
| BatchScriptExecutions []fleet.BatchActivity `json:"batch_executions"` | ||
| Count uint `json:"count"` | ||
| Err error `json:"error,omitempty"` | ||
| Meta fleet.PaginationMetadata `json:"meta"` |
Contributor
Author
There was a problem hiding this comment.
fixed this to align with API spec
sgress454
commented
Aug 27, 2025
Comment on lines
1149
to
1176
| Count: uint(count), //nolint:gosec // dismiss G115 | ||
| PaginationMetadata: fleet.PaginationMetadata{ | ||
| Meta: fleet.PaginationMetadata{ | ||
| HasNextResults: hasNextResults, | ||
| HasPreviousResults: hasPreviousResults, | ||
| }, |
Contributor
Author
There was a problem hiding this comment.
fixed this to match API spec
sgress454
added a commit
that referenced
this pull request
Aug 27, 2025
for #32231 # Details This PR adjusts the queries for listing batch scripts slightly to count _every_ row in `batch_activities` matching the filters, regardless of whether any `batch_activity_host_results` rows exist for it. This handles the edge case of a batch script where all the hosts have been deleted. # Checklist for submitter If some of the following don't apply, delete the relevant line. - [X] Input data is properly validated, `SELECT *` is avoided, SQL injection is prevented (using placeholders for values in statements) ## Testing - [ ] Added/updated automated tests I didn't add tests for this because these tests have already changed quite a bit in #32174. I can add tests in there when this merges. - [X] QA'd all new/changed functionality manually * Select a host in Manage Hosts, click Run Script, select a script and do Run Now * Delete that host * Go to the batch scripts list (Controls -> Scripts -> Batch Progress) * Verify that the batch script is still listed. We don't have clear expectations for what numbers should be displayed for the progress of a batch like this, but this PR at least ensures the batch doesn't disappear. For unreleased bug fixes in a release candidate, one of: - [X] Confirmed that the fix is not expected to adversely impact load test results
sgress454
added a commit
that referenced
this pull request
Aug 27, 2025
for #32231 # Details This PR adjusts the queries for listing batch scripts slightly to count _every_ row in `batch_activities` matching the filters, regardless of whether any `batch_activity_host_results` rows exist for it. This handles the edge case of a batch script where all the hosts have been deleted. # Checklist for submitter If some of the following don't apply, delete the relevant line. - [X] Input data is properly validated, `SELECT *` is avoided, SQL injection is prevented (using placeholders for values in statements) ## Testing - [ ] Added/updated automated tests I didn't add tests for this because these tests have already changed quite a bit in #32174. I can add tests in there when this merges. - [X] QA'd all new/changed functionality manually * Select a host in Manage Hosts, click Run Script, select a script and do Run Now * Delete that host * Go to the batch scripts list (Controls -> Scripts -> Batch Progress) * Verify that the batch script is still listed. We don't have clear expectations for what numbers should be displayed for the progress of a batch like this, but this PR at least ensures the batch doesn't disappear. For unreleased bug fixes in a release candidate, one of: - [X] Confirmed that the fix is not expected to adversely impact load test results
25 tasks
lucasmrod
reviewed
Aug 27, 2025
lucasmrod
reviewed
Aug 27, 2025
Co-authored-by: Lucas Manuel Rodriguez <lucas@fleetdm.com>
Co-authored-by: Lucas Manuel Rodriguez <lucas@fleetdm.com>
lucasmrod
approved these changes
Aug 27, 2025
sgress454
added a commit
that referenced
this pull request
Aug 27, 2025
> # Cherry pick from main to rc 4.73.0 for #32231 # Details This PR adjusts the queries for listing batch scripts slightly to count _every_ row in `batch_activities` matching the filters, regardless of whether any `batch_activity_host_results` rows exist for it. This handles the edge case of a batch script where all the hosts have been deleted. # Checklist for submitter If some of the following don't apply, delete the relevant line. - [X] Input data is properly validated, `SELECT *` is avoided, SQL injection is prevented (using placeholders for values in statements) ## Testing - [ ] Added/updated automated tests I didn't add tests for this because these tests have already changed quite a bit in #32174. I can add tests in there when this merges. - [X] QA'd all new/changed functionality manually * Select a host in Manage Hosts, click Run Script, select a script and do Run Now * Delete that host * Go to the batch scripts list (Controls -> Scripts -> Batch Progress) * Verify that the batch script is still listed. We don't have clear expectations for what numbers should be displayed for the progress of a batch like this, but this PR at least ensures the batch doesn't disappear. For unreleased bug fixes in a release candidate, one of: - [X] Confirmed that the fix is not expected to adversely impact load test results # Checklist for submitter If some of the following don't apply, delete the relevant line. - [ ] Changes file added for user-visible changes in `changes/`, `orbit/changes/` or `ee/fleetd-chrome/changes`. See [Changes files](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/guides/committing-changes.md#changes-files) for more information. - [ ] Input data is properly validated, `SELECT *` is avoided, SQL injection is prevented (using placeholders for values in statements) - [ ] If paths of existing endpoints are modified without backwards compatibility, checked the frontend/CLI for any necessary changes ## Testing - [ ] Added/updated automated tests - [ ] Where appropriate, [automated tests simulate multiple hosts and test for host isolation](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/reference/patterns-backend.md#unit-testing) (updates to one hosts's records do not affect another) - [ ] QA'd all new/changed functionality manually For unreleased bug fixes in a release candidate, one of: - [ ] Confirmed that the fix is not expected to adversely impact load test results - [ ] Alerted the release DRI if additional load testing is needed ## Database migrations - [ ] Checked table schema to confirm autoupdate - [ ] Checked schema for all modified table for columns that will auto-update timestamps during migration. - [ ] Confirmed that updating the timestamps is acceptable, and will not cause unwanted side effects. - [ ] Ensured the correct collation is explicitly set for character columns (`COLLATE utf8mb4_unicode_ci`). ## New Fleet configuration settings - [ ] Setting(s) is/are explicitly excluded from GitOps If you didn't check the box above, follow this checklist for GitOps-enabled settings: - [ ] Verified that the setting is exported via `fleetctl generate-gitops` - [ ] Verified the setting is documented in a separate PR to [the GitOps documentation](https://github.com/fleetdm/fleet/blob/main/docs/Configuration/yaml-files.md#L485) - [ ] Verified that the setting is cleared on the server if it is not supplied in a YAML file (or that it is documented as being optional) - [ ] Verified that any relevant UI is disabled when GitOps mode is enabled ## fleetd/orbit/Fleet Desktop - [ ] Verified compatibility with the latest released version of Fleet (see [Must rule](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/workflows/fleetd-development-and-release-strategy.md)) - [ ] If the change applies to only one platform, confirmed that `runtime.GOOS` is used as needed to isolate changes - [ ] Verified that fleetd runs on macOS, Linux and Windows - [ ] Verified auto-update works from the released version of component to the new version (see [tools/tuf/test](../tools/tuf/test/README.md))
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
for #31536
Details
This PR adds a new API as specced in the API PR for scheduled scripts.
Checklist for submitter
If some of the following don't apply, delete the relevant line.
changes/,orbit/changes/oree/fleetd-chrome/changes.See Changes files for more information.
SELECT *is avoided, SQL injection is prevented (using placeholders for values in statements)Testing
Added/updated automated tests
Where appropriate, automated tests simulate multiple hosts and test for host isolation (updates to one hosts's records do not affect another)
QA'd all new/changed functionality manually
ran a batch script on 100 hosts and ran the API in Postman for each status, then canceled the batch and ran the API to check the canceled status.