Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Add software to "No Team" #19550

Closed
6 of 10 tasks
nonpunctual opened this issue Jun 5, 2024 · 26 comments
Closed
6 of 10 tasks

Add software to "No Team" #19550

nonpunctual opened this issue Jun 5, 2024 · 26 comments
Assignees
Labels
~apple-mdm-maturity Contributes to maturity in macOS, iOS, or iPadOS MDM product category. ~assisting g-mdm This is an MDM bug and the Endpoint ops team is assisting ~csa Issue was created by or deemed important by the Customer Solutions Architect. customer-preston #g-endpoint-ops Endpoint ops product group P2 Prioritize as urgent :product Product Design department (shows up on 🦢 Drafting board) story A user story defining an entire feature
Milestone

Comments

@nonpunctual
Copy link
Contributor

nonpunctual commented Jun 5, 2024

Goal

User story
As a Fleet user,
I want to want to add team to "No team"
so that I can manage software if I'm not using team segmentation.

Context

Changes

Product

  • UI changes: Figma link
  • API changes: API design PR is here.
  • CLI usage changes: https://www.figma.com/design/qj8cjvpQC1g9LfBq5mzSdH/%2319550-Ability-to-add-software-to-"No-Team"?node-id=1321-1069&t=OP6LC2ARSRY51y2p-11
  • GitOps changes: Add support for software top-level key in default.yml. PR to reference docs is here. Software specified in default.yml will be applied to "No team."
    • software is a required field. Show an easy to understand error message if software isn't specified in the default.yml or team YAML files. If the user is a Fleet Free user, don't error because they can't use software. More generally, all top level keys in the default.yml and team YAML files are required.
  • Permissions changes:
    • Maintainers and admins (global) can view, add, download, and delete software installers for "No team". GitOps users can manage software for "No team" via Fleet YAML.
    • Observers (global) can view software in "No team".
  • Changes to paid features or tiers: Fleet Premium only.

Engineering

  • Database schema migrations: TODO
  • Load testing: TODO

ℹ️  Please read this issue carefully and understand it. Pay special attention to UI wireframes, especially "dev notes".

QA

Risk assessment

  • Requires load testing: TODO
  • Risk level: Low / High TODO
  • Risk description: TODO

Manual testing steps

  1. Step 1
  2. Step 2
  3. Step 3

Testing notes

Confirmation

  1. Engineer (@____): Added comment to user story confirming successful completion of QA.
  2. QA (@____): Added comment to user story confirming successful completion of QA.
@nonpunctual nonpunctual added :product Product Design department (shows up on 🦢 Drafting board) ~feature fest Will be reviewed at next Feature Fest customer-preston ~csa Issue was created by or deemed important by the Customer Solutions Architect. labels Jun 5, 2024
@noahtalerman noahtalerman removed the :product Product Design department (shows up on 🦢 Drafting board) label Jun 6, 2024
@zayhanlon
Copy link
Contributor

@noahtalerman Would you consider this workflow blocking? Customer-preston cannot use app management without this ability (as we discussed on the roadmap call)

@noahtalerman
Copy link
Member

Hey @nonpunctual and @zayhanlon let's chat about this during this week's product office hours. I added an agenda item (internal): https://docs.google.com/document/d/1Znyp2a9qcM9JdYHrzLudvcPwEdhnCg7RiKi22s8yGWw/edit

@valentinpezon-primo
Copy link

Hi @noahtalerman @noahtalerman

Currently, in Fleet, the "no-team" feature is very usefull and present everywhere, with this feature we are able to manage :

  • scripts
  • os updates
  • os settings (disk encryption & custom settings)
  • setup experience
  • queries
  • policies

Almost all of the Fleet's features are available in the "no team" tab, we build our entire system around it since it's available, and it works very well.

The fact that the Software feature does not have this "no team" element is blocking us to use it, since we do not use teams at all.

On a side note :
We will use labels to group hosts, labels created using your API, not based on query, since we want to be the source of truth for labeling

@noahtalerman
Copy link
Member

Hey @valentinpezon-primo thanks for the feedback! The plan is to bring this story into the current design sprint and get started on drafting/wireframing.

cc @nonpunctual

@noahtalerman noahtalerman added :product Product Design department (shows up on 🦢 Drafting board) #g-mdm MDM product group story A user story defining an entire feature and removed ~feature fest Will be reviewed at next Feature Fest labels Jun 21, 2024
@noahtalerman noahtalerman changed the title Ability To Upload Applications For Install to "No Team" In Fleet UI Ability to add software to "No Team" Jun 26, 2024
@georgekarrv georgekarrv added Epic DO NOT USE. Auto-created by ZenHub, cannot be disabled. and removed Epic DO NOT USE. Auto-created by ZenHub, cannot be disabled. labels Jul 3, 2024
@ddribeiro
Copy link
Member

@noahtalerman @nonpunctual Would adding software to "All teams" be distinct from this request?

I understand "No Team" would be useful for customers that aren't using teams, but what about customers who use Teams that want to upload software once and have it apply to all organization wide to all their Teams?

@nonpunctual
Copy link
Contributor Author

nonpunctual commented Jul 12, 2024

@noahtalerman @marko-lisica it is distinct for the reason you mention. customer-preston does not use Teams, so, assignment to "All Teams" would not help them.

I think there is a tacit assumption that assignment to "No Team" means it would be automagically assigned to "every Host".

  • I believe easy assignment to "All Teams" is a necessary option.
  • I believe easy 1:many assignment to any arbitrary number of Teams is a necessary option (e.g., a list of Teams for a package that you could select for assignment so that it was not necessary to upload the same package to multiple Teams.)

I am not entirely sure about this "No Team" feature from an Engineering persepctive, i.e., is it hard? Impossible?

Is there a way to satisfy it that's easier by allowing App assignement via Label & that somehow a Label could be created that would be equivalent to the set of Hosts that matches "every Host"? If so, I think that would be equivalent to this FR.

related: #20805

@valentinpezon-primo
Copy link

Jumping in @ddribeiro @nonpunctual

What we want is to have the "Software" tab working the same way as the "Controls" tab.
The Controls tab has a "No team" feature :
Screenshot 2024-07-12 at 21 23 08

We would like to be able to use software like we use script basically

Also, for the "Queries" and "Policies" tab, you have the "All teams" wording instead of "No team", but the behavior are the same since I can use queries and policies stored on "All team" on devices that do not have teams, so it looks like "All Teams" also works when device's team is null

Hope that helps !

@georgekarrv georgekarrv added ~apple-mdm-maturity Contributes to maturity in macOS, iOS, or iPadOS MDM product category. P2 Prioritize as urgent labels Jul 12, 2024
@georgekarrv
Copy link
Member

@sharon-fdm This will need to come over to Endpoint ops for capacity let me know if you have any questions

@sharon-fdm sharon-fdm removed the #g-mdm MDM product group label Jul 12, 2024
@sharon-fdm sharon-fdm added the :release Ready to write code. Scheduled in a release. See "Making changes" in handbook. label Jul 15, 2024
@noahtalerman
Copy link
Member

noahtalerman commented Jul 15, 2024

we need some Figma additions for OS and Vuln tabs.

Hey @mostlikelee and @RachelElysia Figma is now updated w/ a dev note that clarifies that we want to add "No team" filtering to all tabs on the software page:
Screenshot 2024-07-15 at 5 10 36 PM

I also realized we were missing wireframes for adding "No team" to the details pages. That's now in Figma:

Screenshot 2024-07-15 at 5 27 48 PM

Also, I opened a PR w/ proposed API design here: #20489

My plan is to update that^ PR to specify changes to the GitOps interface (still TODO).

cc @sharon-fdm

@noahtalerman
Copy link
Member

UPDATE:

Hey @mostlikelee, @RachelElysia, and @sharon-fdm, the GitOps changes are specified in this PR to the GitOps reference docs: #20502

We want to add support for software top-level key in default.yml. Software specified in default.yml will be applied to "No team."

I updated the issue description with this.

@sharon-fdm
Copy link
Collaborator

Thanks @noahtalerman.
@mostlikelee, I put a link to it in sub-task #20464.

@noahtalerman noahtalerman changed the title Ability to add software to "No Team" Add software to "No Team" Jul 16, 2024
@noahtalerman
Copy link
Member

@sharon-fdm, @mostlikelee, and @RachelElysia.

Also heads up that this is a Fleet Premium only feature. I updated the issue description to call this out.

@mostlikelee
Copy link
Contributor

@RachelElysia i'm realizing we'll need to expand scope to include "team 0" support for all the pages downstream from the software tab (all the detail pages):

/software/titles/{id}
/software/versions/{id}
/software/os/{id}
/software/vulnerabilities/{id}

@RachelElysia
Copy link
Member

@mostlikelee @sharon-fdm Good thing I got some wiggle points this sprint. This might add another 2-3 points of FE work.

noahtalerman added a commit that referenced this issue Jul 19, 2024

Verified

This commit was created on GitHub.com and signed with GitHub’s verified signature.
- Update GitOps reference to cover the following user stories:
  - #14921 (4.50)
  - #18867 (4.55)
  - #19447 (4.56)
  - #19550 (4.56)
@RachelElysia
Copy link
Member

RachelElysia commented Jul 22, 2024

@noahtalerman

I added this empty state to the details pages for no teams since it made more sense to say "No hosts unassigned to a team have this OS installed." more than the current options "No hosts have this OS installed."/"No hosts on this team have this OS installed.", we can confirm/modify the copy text as needed in tomorrow's design review.

Screenshot 2024-07-22 at 2 19 33 PM

@noahtalerman
Copy link
Member

noahtalerman commented Jul 22, 2024

Thanks @RachelElysia! Great catch.

we can confirm/modify the copy text as needed in tomorrow's design review

Let's do this 👍 I added an item to the agenda (internal): https://docs.google.com/document/d/1AduqZ9yuMQ8uvC5Z6GJFJtE0pbdqdX9zHIau_VCOqGI/edit

For other folks looking at this comment, all UI changes go through design review. Any contributor at Fleet can bring items to design review.

@sharon-fdm sharon-fdm added this to the 4.56.0-tentative milestone Jul 23, 2024
@lukeheath lukeheath modified the milestones: 4.56.0-tentative, 4.55.0-tentative Jul 23, 2024
@RachelElysia
Copy link
Member

RachelElysia commented Jul 24, 2024

Update: Design decision during 7/24/24 design review to not include team reference in empty state

e.g. "No hosts have this OS installed." will be the generic empty state for any team, no team, and free version where there is no team.

@noahtalerman
Copy link
Member

Update: Design decision during 7/24/24 design review to not include team reference in empty state

e.g. "No hosts have this OS installed." will be the generic empty state for any team, no team, and free version where there is no team.

Here's what this will look like:
Screenshot 2024-07-25 at 12 17 20 PM

Furthermore, in this pass we decided to just make this change on OS, Software version, Software title, Vulnerabilities detail pages.

@RachelElysia, when you get the chance, can you please help track an issue for other places so we can come back and don’t forget? I think the issue can be really generic, quick/dirty and link to this comment.

Thanks :)

@noahtalerman
Copy link
Member

software is a required field. Show an easy to understand error message if software isn't specified in the default.yml or team YAML files. If the user is a Fleet Free user, don't error because they can't use software. More generally, all top level keys in the default.yml and team YAML files are required.

Hey @mostlikelee, I added the expected behavior (above) we discussed during standup today to the issue description.

cc @getvictor

@lukeheath lukeheath added :product Product Design department (shows up on 🦢 Drafting board) and removed :release Ready to write code. Scheduled in a release. See "Making changes" in handbook. labels Aug 9, 2024
@noahtalerman
Copy link
Member

Hey @zayhanlon and @pintomi1989 heads up that this customer request was shipped in 4.55 🎉

@fleet-release
Copy link
Contributor

"No Team" expands,
In cloud city, software lands,
Ease for user's hands.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
~apple-mdm-maturity Contributes to maturity in macOS, iOS, or iPadOS MDM product category. ~assisting g-mdm This is an MDM bug and the Endpoint ops team is assisting ~csa Issue was created by or deemed important by the Customer Solutions Architect. customer-preston #g-endpoint-ops Endpoint ops product group P2 Prioritize as urgent :product Product Design department (shows up on 🦢 Drafting board) story A user story defining an entire feature
Development

No branches or pull requests