Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Maintainers should be able to apply install/script automations from the UI #23448

Open
iansltx opened this issue Nov 1, 2024 · 9 comments
Open

Maintainers should be able to apply install/script automations from the UI #23448

iansltx opened this issue Nov 1, 2024 · 9 comments
Assignees
@RachelElysia
Labels
bug Something isn't working as documented ~frontend Frontend-related issue. #g-endpoint-ops Endpoint ops product group :incoming New issue in triage process. :release Ready to write code. Scheduled in a release. See "Making changes" in handbook. ~released bug This bug was found in a stable release. :reproduce Involves documenting reproduction steps in the issue

Comments

@iansltx
Copy link
Member

iansltx commented Nov 1, 2024

Fleet version: 4.57.0+ (installs), 4.58.0+ (scripts)

💥  Actual behavior

Per @RachelElysia's comment, maintainers can't set policy automations for software installs or script runs in the UI, though they can in the API. Per today's design review outcome, the API permission is the reasonable one here, so we should match that in the UI.

🧑‍💻  Steps to reproduce

  1. Add a policy to a team
  2. While logged in as a Maintainer, observe that policy automations on the team are unavailable

🛠️ To fix

Show the policy automation drop-down in team-specific view, containing script and install automation options, for Maintainers, subject to the gating we do by license type.
@iansltx iansltx added #g-endpoint-ops Endpoint ops product group :incoming New issue in triage process. :release Ready to write code. Scheduled in a release. See "Making changes" in handbook. :reproduce Involves documenting reproduction steps in the issue bug Something isn't working as documented ~frontend Frontend-related issue. ~released bug This bug was found in a stable release. labels Nov 1, 2024
@iansltx iansltx mentioned this issue Nov 1, 2024
Closed
54 tasks
@iansltx iansltx changed the title Maintainers should be able to apply install/script automations Maintainers should be able to apply install/script automations from the UI Nov 1, 2024
@RachelElysia
Copy link
Member

Please add your planning poker estimate with Zenhub @jacobshandling

@RachelElysia
Copy link
Member

Add quick test if time allows

@RachelElysia
Copy link
Member

RachelElysia commented Nov 13, 2024
edited
Loading

I just tested this manually, maintainers have access to the API for install software and run script but not for calendar events and other workflows (errors: [{name: "base", reason: "forbidden"}].

I'm thinking for maintainers, we should show to the dropdown but disable calendar events and other workflows with a tooltip OR we should remove calendar events and other workflows from the dropdown.

wdyt? @rachaelshaw / @noahtalerman

Visual of admin dropdown and what works for maintainers and what doesnt:
Screenshot 2024-11-13 at 4 31 26 PM

@RachelElysia RachelElysia self-assigned this Nov 13, 2024
@RachelElysia
Copy link
Member

Adding this to my plate since I think we should get this into 4.60 major release as we are preventing major flows for maintainers in the UI that are available in the API.

@rachaelshaw
Copy link
Member

Here's the permissions we have documented, looks like this doesn't quite match up with what @RachelElysia found (says maintainers can manage calendar events):
Screenshot 2024-11-14 at 11 25 24 AM

@RachelElysia RachelElysia mentioned this issue Nov 14, 2024
Draft
3 tasks
@iansltx
Copy link
Member Author

iansltx commented Nov 14, 2024

@rachaelshaw Calendar events permissions mismatch is covered in #23483. The issue there is that the current modal covers both things that a maintainer is allowed to do (toggling per policy) and things that require an admin (setting the web hook and turning on/off calendar integrations entirely).

@RachelElysia
Copy link
Member

Check other workflows APIs if maintainer has access to either of them

@RachelElysia
Copy link
Member

@rachaelshaw decide if we should try to fix in 4.60

@RachelElysia RachelElysia mentioned this issue Nov 14, 2024
Open
@RachelElysia
Copy link
Member

related to #23483

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@RachelElysia RachelElysia

Labels
bug Something isn't working as documented ~frontend Frontend-related issue. #g-endpoint-ops Endpoint ops product group :incoming New issue in triage process. :release Ready to write code. Scheduled in a release. See "Making changes" in handbook. ~released bug This bug was found in a stable release. :reproduce Involves documenting reproduction steps in the issue
Milestone
No milestone
Development

No branches or pull requests
3 participants
@iansltx @rachaelshaw @RachelElysia