Configuration profiles: target hosts by excluding any label

noahtalerman commented 4 months ago

Goal

User story
As a Client Platform Engineer (CPE),
I want to scope macOS and Windows configuration profiles by excluding labels
so that I can install a configuration profile on all my hosts except those in the European Union (EU).

Context

Product designer: @marko-lisica

Changes

Product

[ ] UI changes: Figma wireframes are here.
[ ] CLI usage changes: Figma wireframes are here.
[ ] REST API changes: Draft PR is here.
[ ] Permissions changes: No permissions changes. See existing permissions for add, edit, and delete configuration profiles in the Manage access doc page.
[ ] Outdated documentation changes: REST API docs changes. See the Draft PR above.
[ ] Changes to paid features or tiers: Only available in Fleet Premium. Only Fleet Premium users can add custom targets to profiles: labels_include_all or labels_exclude_any

Engineering

[ ] Database schema migrations: TODO
[ ] Load testing: TODO

ℹ️ Please read this issue carefully and understand it. Pay special attention to UI wireframes, especially "dev notes".

QA

Risk assessment

Risk level: Low

Manual testing steps

Validate hosts are excluded after Config Profile deploys using existing labels
Validate hosts are excluded after Config Profile deploys using new labels
Ensure all hosts that are not excluded receive Config Profiles
Test for any regression with existing Label features. e.g. How will existing profiles behave?

Testing notes

Confirmation

[ ] Engineer (@____): Added comment to user story confirming successful completion of QA.
[ ] QA (@____): Added comment to user story confirming successful completion of QA.

noahtalerman commented 4 months ago

Hey @dherder heads up, we didn't have the space to take this one on in the current design sprint (4.48).

Leaving the feature fest label on it so we can weigh it at the next feature fest.

noahtalerman commented 3 months ago

Hey @dherder, heads up, we discussed this issue during feature fest.

We decided not to draft this in the current design sprint (4.49).

Removing it from the feature fest board.

noahtalerman commented 2 months ago

Hey @georgekarrv heads up, I pulled this story back into specified.

I think up to you if it should get re-estimated.

PezHub commented 1 week ago

UI and GitOps workflow is working as expected. QA Approved.

GitOps notes - Confirmed that yaml config file works as expected

./build/fleetctl gitops -f ~/fleetdm/gitops/default.yml                                            11:50:49 AM
[+] applying MDM profiles for team A
[+] applied 1 teams
[!] gitops succeeded

Confirmed that for a given profile, only one of labels_exclude_any orlabels_include_all can be specified. Below error message is displayed

./build/fleetctl gitops -f ~/fleetdm/gitops/default.yml                                                11:34:40 AM
Error: applying teams: POST /api/latest/fleet/spec/teams received status 422 Validation Failed: Couldn't edit macos_settings.custom_settings. For each profile, only one of "labels_exclude_any", "labels_include_all" or "labels" can be included.

fleetdm / fleet