fleet icon indicating copy to clipboard operation
fleet copied to clipboard
verified publisher icon fleetdm

Add GitOps for policy labels

Open sgress454 opened this issue 10 months ago • 2 comments

For #27301

Checklist for submitter

  • [X] Changes file added for user-visible changes in changes/, orbit/changes/ or ee/fleetd-chrome/changes. See Changes files for more information.
  • [X] Input data is properly validated, SELECT * is avoided, SQL injection is prevented (using placeholders for values in statements)
  • [X] Added/updated automated tests
  • [X] A detailed QA plan exists on the associated ticket (if it isn't there, work with the product group's QA engineer to add it)
  • [X] Manual QA for all new/changed functionality

Details

This PR adds the ability to set/unset labels on policies via GitOps. It builds on https://github.com/fleetdm/fleet/pull/27575 (back end for policy labels) and updates the PolicySpec type and ApplyPolicySpecs methods to update the policy_labels table where needed.

Testing

  1. Create a few labels in the UI
  2. Create a global policy "foo" in the UI without labels
  3. Create a global policy "bar" in the UI with labels
  4. Create a global policy "baz" in the UI with labels
  5. Use fleetctl gitops with a global .yml file, and under policies: add "foo", "bar", "baz" and "boop".
  • Add labels to "foo" with labels_include_any:
  • Don't add labels_include_any: to "bar"
  • Add labels to "baz" with labels_include_any:, but different labels than what you added in the UI
  • Add labels to "boop" with labels_include_any:

The expected outcome when viewing the queries in the UI (on the "edit query" screen)

  • Foo, Baz and Boop should have the labels specified in gitops
  • Bar should have no labels

Repeat testing with excluded labels.

sgress454 avatar Apr 02 '25 15:04 sgress454

Codecov Report

Attention: Patch coverage is 81.10236% with 24 lines in your changes missing coverage. Please review.

Project coverage is 63.27%. Comparing base (b7c547b) to head (d1cbf13). Report is 23 commits behind head on main.

Files with missing lines Patch % Lines
server/datastore/mysql/policies.go 80.95% 9 Missing and 3 partials :warning:
cmd/fleetctl/gitops.go 82.35% 6 Missing and 3 partials :warning:
server/service/global_policies.go 76.92% 2 Missing and 1 partial :warning:
Additional details and impacted files 
@@            Coverage Diff             @@
##             main   #27781      +/-   ##
==========================================
- Coverage   63.41%   63.27%   -0.15%     
==========================================
  Files        1765     1765              
  Lines      168342   169009     +667     
  Branches     4845     4866      +21     
==========================================
+ Hits       106758   106941     +183     
- Misses      53258    53719     +461     
- Partials     8326     8349      +23
Flag Coverage Δ
backend 64.33% <81.10%> (-0.09%) :arrow_down:

Flags with carried forward coverage won't be shown. Click here to find out more.

:umbrella: View full report in Codecov by Sentry.
:loudspeaker: Have feedback on the report? Share it here.

:rocket: New features to boost your workflow:
  • :snowflake: Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
  • :package: JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.

codecov[bot] avatar Apr 02 '25 20:04 codecov[bot]

The submitter checklist seems to be missing 😮

dantecatalfamo avatar Apr 03 '25 20:04 dantecatalfamo