Make MDM API endpoints crossplatform

[marko-lisica]

Goal

User story
As an API consumer,
I want to Fleet have a cross-platform API endpoints
so that I don't have to think about whether I'm managing my macOS or Windows workstations. I'm just managing my workstations.

Changes

Product

• [x] REST API changes: Draft PR
  • Keep backwards compatibility for bootstrap and EULA endpoints. We’re adding a second, cross-platform name for these endpoints and only documenting the cross-platform way
• [x] Outdated documentation changes: REST API docs (see draft PR above)

  Engineering

• [ ] Database schema migrations: TODO

ℹ️  Please read this issue carefully and understand it. Pay special attention to UI wireframes, especially "dev notes".

QA

Risk assessment

• Requires load testing: TODO
• Risk level: Low / High TODO
• Risk description: TODO

Manual testing steps

1. Step 1
2. Step 2
3. Step 3

Testing notes

Confirmation

1. [ ] Engineer (@____): Added comment to user story confirming succesful completion of QA.
2. [ ] QA (@____): Added comment to user story confirming succesful completion of QA.

[noahtalerman]

@rachaelshaw can you please take a look at the proposed API design for these download endpoints?

If there are design changes needed we can kick this to next design sprint.

[georgekarrv]

Hey team! Please add your planning poker estimate with Zenhub @ghernandez345 @gillespi314 @mna

[ghernandez345]

Moving back to drafting for more product design.

[noahtalerman]

Hey @gillespi314 when you get the chance, can you please add a summary of why this is blocked? (I think there was a Slack thread on this)

That way, we can decide the best path forward.

Thanks!

[gillespi314]

Summarized from internal slack thread: To validate the Apple MDM flows related to https://github.com/fleetdm/fleet/issues/15082 and we realized, that:

1. Changing the EULA endpoint to accept a team id requires changing the MDM SSO flow (UI and back-end) to pass the team_id to the Apple webview
2. Changing the bootstrap package endpoint (unless we add backwards compatibility) will break any queued up commands to install the bootstrap package
3. Due to how our web framework works, an endpoint can either be authenticated using a user auth token, or not authenticated at all. Changing the EULA and bootstrap package endpoints to be authenticated both ways requires special handling/refactor
4. Not sure if important: fleetctl apply won't be compatible with older fleet versions and vice-versa

Giving those points (except 4), and the fact that to validate the fix we need to test the whole MDM SSO flow end-to-end, we wanted to pump the brakes and sanity check.

[noahtalerman]

Summarized from internal slack thread: To validate the Apple MDM flows related to https://github.com/fleetdm/fleet/issues/15082 and we realized, that:

1. Changing the EULA endpoint to accept a team id requires changing the MDM SSO flow (UI and back-end) to pass the team_id to the Apple webview
2. Changing the bootstrap package endpoint (unless we add backwards compatibility) will break any queued up commands to install the bootstrap package
3. Due to how our web framework works, an endpoint can either be authenticated using a user auth token, or not authenticated at all. Changing the EULA and bootstrap package endpoints to be authenticated both ways requires special handling/refactor
4. Not sure if important: fleetctl apply won't be compatible with older fleet versions and vice-versa

Giving those points (except 4), and the fact that to validate the fix we need to test the whole MDM SSO flow end-to-end, we wanted to pump the brakes and sanity check.

@gillespi314 thanks!

When we designed, estimated this, we thought it would be a simple change w/ no side-effects.

Knowing what we know now, I think we would have dropped this.

Let's drop it / deprioritize it now. Removing from the release board.

@rachaelshaw I closed the API design PR: #15082

We can reopen if/when we revisit this improvement.

[noahtalerman]

cc @marko-lisica ^^

[noahtalerman]

Noah: Making Fleet cross platform is core so let's come back to this.

Small step is removing /apple and maintaining backwards compatibility. All other inconsistencies/changes are scrapped.

[marko-lisica]

UPDATE: Let's make the smallest change possible to achieve Fleet's crossplatform UX: I think this means we make this issue about removing /apple from API and maintaining backwards compatibility. All other inconsistencies/changes are cut for now (noahtalerman 2024-01-05)

[georgekarrv]

Hey team! Please add your planning poker estimate with Zenhub @roperzh @jahzielv

[sabrinabuckets]

Verified new endpoints for bootstrap pkg and eula function as expected, and that they are backwards with /apple.

[noahtalerman]

Decided not to merge in doc changes because we'll revert the API changes as part of this story: #16260

[fleet-release]

Cross-platform peace, Workstations unified, Fleet's reach increased, eased.