Update backend and GitOps to handle AppleOSUpdateSettings.UpdateNewHosts

[juan-fdz-hawa]

Related issue: Resolves #36188

Checklist for submitter

If some of the following don't apply, delete the relevant line.

• Changes file added for user-visible changes in changes/, orbit/changes/ or ee/fleetd-chrome/changes.
  See Changes files for more information.

Testing

• Added/updated automated tests

New Fleet configuration settings

If you didn't check the box above, follow this checklist for GitOps-enabled settings:

• Verified that the setting is exported via fleetctl generate-gitops
• Verified the setting is documented in a separate PR to the GitOps documentation

[codecov]

Codecov Report

❌ Patch coverage is 91.02564% with 7 lines in your changes missing coverage. Please review.
✅ Project coverage is 65.95%. Comparing base (a38f582) to head (cf082e7).
⚠️ Report is 57 commits behind head on main.

Files with missing lines	Patch %	Lines
server/service/client.go	62.50%	3 Missing ⚠️
ee/server/service/teams.go	88.88%	1 Missing and 1 partial ⚠️
server/service/appconfig.go	77.77%	1 Missing and 1 partial ⚠️

Additional details and impacted files

@@            Coverage Diff             @@
##             main   #37295      +/-   ##
==========================================
+ Coverage   65.93%   65.95%   +0.02%     
==========================================
  Files        2330     2333       +3     
  Lines      185238   185788     +550     
  Branches     7807     7807              
==========================================
+ Hits       122140   122542     +402     
- Misses      51940    52034      +94     
- Partials    11158    11212      +54     

Flag	Coverage Δ
backend	67.76% <91.02%> (+0.01%)	⬆️

Flags with carried forward coverage won't be shown. Click here to find out more.

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
• 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.

[sgress454]

Main logic looks great! Question about the GetMDMAppleOSUpdatesSettingsByHostSerial() update but it's not critical, and one test nit, but otherwise gtg.

[sgress454]

A lower-touch alternative to updating the GetMDMAppleOSUpdatesSettingsByHostSerial method to return the platform might be to check the m.Product or m.SoftwareUpdateDeviceID and derive the platform from that. Looks like @gillespi314 implemented this at least one place that I can see but I'd want a second opinion about how reliable it is. Any thoughts Sarah?

[juan-fdz-hawa]

That works for me.

I guess a counter point for doing that is that if Apple comes up with a new device name next year (the iBlock or iRock, w/e) we might need to update the code base to account for that.

[sgress454]

Yeah and if we were gonna go in that direction, best to put it in a separate method. But since GetMDMAppleOSUpdatesSettingsByHostSerial is only used in this one spot anyway, I don't have a lot of energy around refactoring, +1 on keeping it as-is.

[sgress454]

I think we want to check .Valid instead of .Value here and in the other ios/ipad tests, to validate that it's not getting set to an actual false value.

It seems like it should really have Set: false, but I tried it and it always comes back as Set: true, Valid: false, Value: false, even when I tried adding omitempty to the definition. 🤷

[juan-fdz-hawa]

Sounds good - I think that's because we hard code Set: true when un-marshalling the type (don't know why).

[lucasmrod]

Shouldn't it always force? (No matter what you have configured on Minimum+Deadline)

[juan-fdz-hawa]

No - if Minimum Version and Update New Hosts are both set, then we need to check the OS version.