Skip to content

40314 patch policy autoupdate#41168

Merged
jkatz01 merged 17 commits intofeat/31914-patch-policyfrom
40314-patch-policy-autoupdate
Mar 9, 2026
Merged

40314 patch policy autoupdate#41168
jkatz01 merged 17 commits intofeat/31914-patch-policyfrom
40314-patch-policy-autoupdate

Conversation

@jkatz01
Copy link
Copy Markdown
Member

@jkatz01 jkatz01 commented Mar 6, 2026

Related issue: Resolves #40314

  • New error when attempting to delete an installer that has a patch policy associated
  • New error when attempting to update the file for an installer associated with an FMA
  • Gitops runs will generate the patch policy every time so it matches the current installer version
    • Existing code checks if the query was changed and resets membership, which should be enough.
  • Added patch_policy object to software title, but we might change that based on discussion

Testing

For unreleased bug fixes in a release candidate, one of:

  • Confirmed that the fix is not expected to adversely impact load test results
  • Alerted the release DRI if additional load testing is needed

@jkatz01 jkatz01 marked this pull request as ready for review March 6, 2026 20:49
@jkatz01 jkatz01 requested a review from a team as a code owner March 6, 2026 20:49
@codecov
Copy link
Copy Markdown

codecov bot commented Mar 6, 2026
edited
Loading

Codecov Report

❌ Patch coverage is 75.86207% with 21 lines in your changes missing coverage. Please review.
⚠️ Please upload report for BASE (feat/31914-patch-policy@2fcf307). Learn more about missing BASE report.

Files with missing lines Patch % Lines
server/service/testing_utils.go 56.52% 7 Missing and 3 partials ⚠️
server/datastore/mysql/policies.go 82.92% 4 Missing and 3 partials ⚠️
server/datastore/mysql/software_installers.go 85.71% 1 Missing and 1 partial ⚠️
server/service/software_titles.go 50.00% 1 Missing and 1 partial ⚠️
Additional details and impacted files 
@@                    Coverage Diff                     @@
##             feat/31914-patch-policy   #41168   +/-   ##
==========================================================
  Coverage                           ?   66.35%           
==========================================================
  Files                              ?     2470           
  Lines                              ?   198095           
  Branches                           ?     8755           
==========================================================
  Hits                               ?   131449           
  Misses                             ?    54743           
  Partials                           ?    11903
Flag Coverage Δ
backend 68.11% <75.86%> (?)

Flags with carried forward coverage won't be shown. Click here to find out more.

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:
  • ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
  • 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.

jahzielv
jahzielv reviewed Mar 9, 2026
View reviewed changes
Comment thread server/datastore/mysql/software_installers.go
var touchUploaded string
var clearFleetMaintainedAppID string // FMA becomes custom package when uploading a new installer file
if payload.InstallerFile != nil {
// installer cannot be changed when associated with an FMA
Copy link
Copy Markdown
Contributor

@jahzielv jahzielv Mar 9, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I like this change, it makes things cleaner 🙏

jahzielv
jahzielv reviewed Mar 9, 2026
View reviewed changes
Comment thread server/datastore/mysql/software_installers.go Outdated

err := ds.withTx(ctx, func(tx sqlx.ExtContext) error {
// check if there is a patch policy that uses this title
policyStmt := `SELECT 1 FROM policies p JOIN software_installers si ON si.title_id = p.patch_software_title_id AND si.global_or_team_id = p.team_id WHERE si.id = ?`
Copy link
Copy Markdown
Contributor

@jahzielv jahzielv Mar 9, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Nit: I think we typically do SELECT EXISTS (SELECT 1 FROM ...

jahzielv
jahzielv reviewed Mar 9, 2026
View reviewed changes
Comment thread server/service/testing_utils.go
jahzielv
jahzielv reviewed Mar 9, 2026
View reviewed changes
Comment thread server/service/integration_enterprise_test.go Outdated
@jkatz01 jkatz01 merged commit 9dcadff into feat/31914-patch-policy Mar 9, 2026
48 checks passed
@jkatz01 jkatz01 deleted the 40314-patch-policy-autoupdate branch March 9, 2026 17:35
cdcme pushed a commit that referenced this pull request Mar 11, 2026
@jkatz01 @cdcme
40314 patch policy autoupdate (#41168)
2d4b953 
<!-- Add the related story/sub-task/bug number, like Resolves #123, or
remove if NA -->
**Related issue:** Resolves #40314 
- New error when attempting to delete an installer that has a patch
policy associated
- New error when attempting to update the file for an installer
associated with an FMA
- Gitops runs will generate the patch policy every time so it matches
the current installer version
- Existing code checks if the query was changed and resets membership,
which should be enough.
- Added patch_policy object to software title, but we might change that
based on discussion

## Testing

- [x] Added/updated automated tests
- [ ] Where appropriate, [automated tests simulate multiple hosts and
test for host
isolation](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/reference/patterns-backend.md#unit-testing)
(updates to one hosts's records do not affect another)

- [x] QA'd all new/changed functionality manually

For unreleased bug fixes in a release candidate, one of:

- [ ] Confirmed that the fix is not expected to adversely impact load
test results
- [ ] Alerted the release DRI if additional load testing is needed
@cdcme cdcme linked an issue Mar 11, 2026 that may be closed by this pull request
BE: auto-update on version change, FMA deletion cascade #40314
Closed
@cdcme cdcme mentioned this pull request Mar 11, 2026
Merged
4 tasks
cdcme added a commit that referenced this pull request Mar 13, 2026
@cdcme @jkatz01
@RachelElysia @jahzielv
Feat/31914 patch policy (#41518)
2abacc5 
Implements patch policies #31914 

- #40816
- #41248
- #41276
- #40948
- #40837
- #40956
- #41168
- #41171
- #40691
- #41524
- #41674

---------

Co-authored-by: Jonathan Katz <44128041+jkatz01@users.noreply.github.com>
Co-authored-by: jkatz01 <yehonatankatz@gmail.com>
Co-authored-by: RachelElysia <71795832+RachelElysia@users.noreply.github.com>
Co-authored-by: Jahziel Villasana-Espinoza <jahziel@fleetdm.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

1 more reviewer

@jahzielv jahzielv jahzielv approved these changes

Reviewers whose approvals may not affect merge requirements

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

BE: auto-update on version change, FMA deletion cascade

2 participants

@jkatz01 @jahzielv