API endpoint for updating a host's labels #16767
Comments
dherder
added
:product
@dherder this is the best practice. More context in Slack here (internal): https://fleetdm.slack.com/archives/C02A8BRABB5/p1707832511131959?thread_ts=1707790448.922139&cid=C02A8BRABB5 Happy to chat about this during a call. Removing this from feature fest for now. Please let me know if the best practice YAML file won't work. I could be wrong. |
noahtalerman
removed
:product
dherder
added
customer-rosner
~feature fest
|
For purposes of rate limiting calls from Okta, it would be desirable to PATCH from an event detected in Okta to Tines (or some other automation tool), then to Fleet. @noahtalerman fyi |
noahtalerman
changed the title
noahtalerman
added
customer-sarahwu
:product
|
Original issue description from @dherder: Documentation for applying manual labels: https://github.com/fleetdm/fleet/blob/main/docs/Contributing/API-for-contributors.md#apply-labels There is no way to PATCH or DELETE to an existing label, which means a CPE will have to enumerate all hosts when sync'ing IdP groups to labels. In the workflow described in #15633, updating will be mandatory. ProblemNeed to support PATCH and DELETE to https://github.com/fleetdm/fleet/blob/main/docs/Contributing/API-for-contributors.md#apply-labels |
|
@noahtalerman and @marko-lisica do you think we would also be able to modify the labels with fields like |
Hey @dherder, thanks for raising this. I think this is very good feedback. I discussed this with @noahtalerman, and we think this should be a separate story. Here's the feature request: #17031 |
noahtalerman
changed the title
|
Hey @marko-lisica, it looks like the current Create label only supports dynamic (query based) labels. Is that right? Is there no way to create a manual label via an endpoint in the user facing docs? (I know we have an endpoint for fleetctl in the contributor docs) |
As far as I know, it's only possible to create manual label through |
|
Hey @marko-lisica your "New employee hired" flow makes sense to me! I think we can move this issue to "Settled." You're right that Fleet doesn't have a webhook for this yet: This is tracked in a feature request here: #14722 Sending webhooks at enrollment time is core to Fleet (play nice w/ other tools). We'll weigh it at the upcoming feature fest. |
|
@marko-lisica when you get the chance, can you please add the link to the Figma page w/ your workflows? This way, other contributors can check them out to understand the full flow. A good spot for that could be the "Context" section of the issue. |
|
Hey team! Please add your planning poker estimate with Zenhub @dantecatalfamo @ghernandez345 @gillespi314 @jahzielv @mna @roperzh |
sharon-fdm
added
#g-endpoint-ops
sharon-fdm
added
:release
|
Hey @dherder, heads up, this feature won't make it into the upcoming 4.48 release. Plan is to ship this in the 4.49 release. cc |
|
FYI @Patagonia121 ^ |
Also, FYI @spokanemac for the release article. |
|
#18268 This is the ticket we have for MDM this sprint, did we duplicate work needlessly? |
|
On the surface they sounds the same. I could be wrong though |
#16767 To create a manual label: ```sh cat labels.yml --- apiVersion: v1 kind: label spec: name: Manually Managed Example label_membership_type: manual hosts: - lucass-macbook-pro.local ``` To add/delete a manual label to/from a host: ``` curl -k -v -X POST -H "Authorization: Bearer $TEST_TOKEN" https://localhost:8080/api/latest/fleet/hosts/1/labels -d '{"labels": ["Manually Managed Example"]}' curl -k -v -X DELETE -H "Authorization: Bearer $TEST_TOKEN" https://localhost:8080/api/latest/fleet/hosts/1/labels -d '{"labels": ["Manually Managed Example"]}' ``` API draft changes: https://github.com/fleetdm/fleet/pull/16979/files Figma with error strings: https://www.figma.com/file/JiWoAiuHlkt76s3o3Uyz6h/%2316767-API-endpoint-for-updating-a-host's-manual-labels?type=design&node-id=2-130&mode=design&t=pxRPhrn6E1bOCrEd-0 - [X] Changes file added for user-visible changes in `changes/`, `orbit/changes/` or `ee/fleetd-chrome/changes`. See [Changes files](https://fleetdm.com/docs/contributing/committing-changes#changes-files) for more information. - [X] Input data is properly validated, `SELECT *` is avoided, SQL injection is prevented (using placeholders for values in statements) ~- [ ] Added support on fleet's osquery simulator `cmd/osquery-perf` for new osquery data ingestion features.~ - [X] Added/updated tests - ~[ ] If database migrations are included, checked table schema to confirm autoupdate~ - ~For database migrations:~ - ~[ ] Checked schema for all modified table for columns that will auto-update timestamps during migration.~ - ~[ ] Confirmed that updating the timestamps is acceptable, and will not cause unwanted side effects.~ - ~[ ] Ensured the correct collation is explicitly set for character columns (`COLLATE utf8mb4_unicode_ci`).~ - [x] Manual QA for all new/changed functionality - ~For Orbit and Fleet Desktop changes:~ - ~[ ] Manual QA must be performed in the three main OSs, macOS, Windows and Linux.~ - ~[ ] Auto-update manual QA, from released version of component to new version (see [tools/tuf/test](../tools/tuf/test/README.md)).~
|
@xpkoala I've added QA notes to the description. |
nonpunctual
added
~csa
lukeheath
added
:product
|
@dherder @Patagonia121 this was shipped in v4.49.0 |
|
PR to the docs is here: #16979 |
API design for: - #16767 --------- Co-authored-by: Rachael Shaw <r@rachael.wtf>
|
API endpoint blooms, |
Goal
Context
Here's a flow chart that describes how would user use new endpoints to add label based on IdP groups.
Changes
Product
Engineering
QA
Manual labels do not have a "SQL query", they are set to hosts manually using the new API.
In 4.49.0 we added the UI to create manual labels (previously only possible via
fleetctl apply): #17031.Following are the APIs (to QA) to add/delete a manual label/s to/from a host:
Expected behavior and error codes are in the Figma link.
Risk assessment
Manual testing steps
Testing notes
Confirmation
The text was updated successfully, but these errors were encountered: