search

fleetdm / fleet

Open-source platform for IT, security, and infrastructure teams. (Linux, macOS, Chrome, Windows, cloud, data center)
https://fleetdm.com
Other
3.02k stars 419 forks source link

Update profile delivery mechanism for Windows hosts #14364

Closed georgekarrv closed 10 months ago

georgekarrv commented 1 year ago

Context

Current macOS logic works using algebra of sets to diff host_mdm_apple_profiles (current state) and mdm_apple_configuration_profiles (desired state) to calculate which profiles need to be installed/deleted on each host.

image

Delivery Changes

The diffing and assignment logic happens in two places, both need to be updated:

Cron job

There's a cron job that runs every 30 seconds and calls the ReconcileProfiles service method. This method needs to be updated to account for Windows hosts

https://github.com/fleetdm/fleet/blob/8950d46cbc9f746435fe1990a65733bd1b3253b5/server/service/apple_mdm.go#L2499

Notes:

Operations that trigger profile changes

Any operation that changes the team of a host, creates a host, etc. calls the BulkSetPendingMDMAppleHostProfiles function with different arguments depending on the context.

Update the function definition to account for windows profiles.

https://github.com/fleetdm/fleet/blob/8950d46cbc9f746435fe1990a65733bd1b3253b5/server/datastore/mysql/apple_mdm.go#L1252

Status changes

Status changes are specified in Figma

On each operation, we need to make sure we're updating the status column of the table that tracks the Windows profiles. Set it to:

georgekarrv commented 11 months ago

Hey team! Please add your planning poker estimate with Zenhub @gillespi314 @marcosd4h @mna @roperzh

georgekarrv commented 11 months ago

Idea: ReconcileProfiles create a new widows specific ReconcileProfiles function to keep them separate.

fleet-release commented 10 months ago

Windows profiles sync, Gleaming like a cloud city, Security enhanced.