Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Add policies for "No team" #21972

Merged
merged 13 commits into from
Sep 12, 2024
Merged

Add policies for "No team" #21972

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
13 commits
Select commit Hold shift + click to select a range
c25b8b4
Add support for "No team" policies
lucasmrod Sep 5, 2024
d312b58
Add gitops support
lucasmrod Sep 9, 2024
b4d1210
Add support to No team
lucasmrod Sep 10, 2024
0256a66
Fix no team policies deletion
lucasmrod Sep 10, 2024
ee568e3
Fixes and tests for no-team.yml
lucasmrod Sep 10, 2024
c083ddb
Test fixes
lucasmrod Sep 10, 2024
ee64f86
Fix test
lucasmrod Sep 10, 2024
f6b4ba0
Fix lint
lucasmrod Sep 10, 2024
79caa80
Do not run test in parallel
lucasmrod Sep 11, 2024
7e8fecd
Merge branch 'main' into 21467-policies-for-no-team
lucasmrod Sep 11, 2024
fdc209e
Address code review comments
lucasmrod Sep 12, 2024
25065f1
Fix lint
lucasmrod Sep 12, 2024
bac19cf
Merge branch 'main' into 21467-policies-for-no-team
lucasmrod Sep 12, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
1 change: 1 addition & 0 deletions changes/21467-policies-for-no-team
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1 @@
* Added support for policies in "No team" that run on hosts that belong to "No team".
37 changes: 33 additions & 4 deletions cmd/fleetctl/gitops.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -77,6 +77,23 @@ func gitopsCommand() *cli.Command {
if appConfig.License == nil {
return errors.New("no license struct found in app config")
}
logf := func(format string, a ...interface{}) {
_, _ = fmt.Fprintf(c.App.Writer, format, a...)
}

// We need to extract the controls from no-team.yml to be able to apply them when applying the global app config.
var noTeamControls spec.Controls
for _, flFilename := range flFilenames.Value() {
if filepath.Base(flFilename) == "no-team.yml" {
baseDir := filepath.Dir(flFilename)
config, err := spec.GitOpsFromFile(flFilename, baseDir, appConfig, logf)
if err != nil {
return err
}
noTeamControls = config.Controls
break
}
}

var originalABMConfig []any
var originalVPPConfig []any
Expand All @@ -92,7 +109,7 @@ func gitopsCommand() *cli.Command {
secrets := make(map[string]struct{})
for _, flFilename := range flFilenames.Value() {
baseDir := filepath.Dir(flFilename)
config, err := spec.GitOpsFromFile(flFilename, baseDir, appConfig)
config, err := spec.GitOpsFromFile(flFilename, baseDir, appConfig, logf)
if err != nil {
return err
}
Expand All @@ -109,6 +126,21 @@ func gitopsCommand() *cli.Command {
firstFileMustBeGlobal = ptr.Bool(false)
}

if isGlobalConfig {
if noTeamControls.Set() && config.Controls.Set() {
return errors.New("'controls' cannot be set on both global config and on no-team.yml")
}
if !noTeamControls.Defined && !config.Controls.Defined {
if appConfig.License.IsPremium() {
return errors.New("'controls' must be set on global config or no-team.yml")
}
return errors.New("'controls' must be set on global config")
}
if !config.Controls.Set() {
config.Controls = noTeamControls
}
}

// Special handling for tokens is required because they link to teams (by
// name.) Because teams can be created/deleted during the same gitops run, we
// grab some information to help us determine allowed/restricted actions and
Expand Down Expand Up @@ -160,9 +192,6 @@ func gitopsCommand() *cli.Command {
}
}
}
logf := func(format string, a ...interface{}) {
_, _ = fmt.Fprintf(c.App.Writer, format, a...)
}
if flDryRun {
incomingSecrets := fleetClient.GetGitOpsSecrets(config)
for _, secret := range incomingSecrets {
Expand Down
Loading
Loading