Software self-service

[willmayhone88]

Goal

User story
As an IT admin on the Software page,
I want to add a package and make it available for my end users to install via Fleet Desktop
so that I can give end users (without root access) an easy way to install software vetted by my organization.

Context

• Product designer: @marko-lisica

Changes

Product

• [x] UI changes: Figma link
• [x] CLI usage changes: Figma link
• [x] REST API changes: #20223
• [ ] Permissions changes:
  • Maintainers and admins (team and global) can add self-service software. GitOps user can add self-service software via Fleet YAML. (Team roles can add software to teams they are assigned to.)
• [ ] Changes to paid features or tiers: Available in Fleet Premium only.

Engineering

• [ ] Database schema migrations: TODO
• [ ] Load testing: TODO

ℹ️  Please read this issue carefully and understand it. Pay special attention to UI wireframes, especially "dev notes".

QA

Risk assessment

• Requires load testing: TODO
• Risk level: Low / High TODO
• Risk description: TODO

Manual testing steps

1. Step 1
2. Step 2
3. Step 3

Testing notes

Confirmation

1. [ ] Engineer (@____): Added comment to user story confirming successful completion of QA.
2. [ ] QA (@____): Added comment to user story confirming successful completion of QA.

[noahtalerman]

@willmayhone88 thanks for tracking this!

We can weigh it at feature fest.

[noahtalerman]

Hey @willmayhone88, heads up, we discussed this request at feature fest.

We decided not to draft this one in the upcoming design sprint (4.49).

Removing from feature fest board.

[noahtalerman]

@dherder and @willmayhone88 what's an example of a "workflow"?

From what I've heard from IT admins, one example is the end user can run a script to troubleshoot a business critical tool (ex. Cisco Umbrella).

[willmayhone88]

@noahtalerman at a bare minimum, if we could get scripts to be ran by the user that would cover a quite a bit of workflows. We would just need the ability to maybe title the item for what the end user sees that is different from the script title, and a description as well. Workflows were also used to reinstall apps, if say an app wasn't work as expected.

[noahtalerman]

if we could get scripts to be ran by the user that would cover a quite a bit of workflows

Got it. I updated the title of this issue to reflect this.

@willmayhone88 what's a specific example of a "workflow" one of these prospects is trying to offer to end users?

[noahtalerman]

Brock: One example of a "workflow" is refreshing the VPN proxy. Ask the end user to hit a button instead of walking them through a Terminal command.

[noahtalerman]

Hey @willmayhone88, heads up, now that this story is in the current design sprint, I updated the issue description to use the user story format.

I moved your original issue description here for safekeeping:

Problem

Users need the ability to install approved applications or run workflows that we allow when they have a need to do so. This is similar to other MDMs that have a portal of approved applications and workflows. By allowing an end user to perform these actions as needed, it removes the requirement of the Fleet admin or Fleet users from having to do this when available.

Potential solutions

1. A potential solution could be a new application that links to a Fleet instance's available software.
2. Another option would be to have these items available in the "My Device" that a host device has access to in the fleetd application.

Note that this user story only covers the "install approved applications" problem.

The "run workflows" problem will be addressed separately. When you get the chance, can you please file a separate issue for this problem?

[noahtalerman]

During estimation today, we uncovered these design TODOs:

• [x] As an IT admin looking at the activity feed on the Host details page, what does the activity feed entry look like when an end user installs a self service app?
• [x] What is the query param that powers the "Self-service" filter on the Software page?
• [x] To allow for a separate "Self-service" tab on the My device page, add a boolean to filter a specific host's software in the API

@marko-lisica when you're back, can you please take these? Thanks!

[marko-lisica]

As an IT admin looking at the activity feed on the Host details page, what does the activity feed entry look like when an end user installs a self service app?

Global and host activity feed items are specified here. @noahtalerman Could you take a look at this?

What is the query param that powers the "Self-service" filter on the Software page?

Added query param to dev note here.

To allow for a separate "Self-service" tab on the My device page, add a boolean to filter a specific host's software in the API

This is already specified in dev note and in the API PR.

[noahtalerman]

Global and host activity feed items are specified here.

Looks good!

Tweaked the copy a bit.

Host:

Global:

[PezHub]

QA Tests:

Passed:

• Software Page
  • Self Service Filter drop down menu
  • Download arrow icon with tooltip displays
• Add package
  • Self Service checkbox functions, tooltip on hover
  • Green banner after successful
• Software Title Details page
  • Self Service Tag (found issue, was fixed)
  • Actions: Download, Advanced, Delete all work
• Host Details Software
  • Check install status - failed, pending, installed, download
  • Tooltips
  • Test actions on the right side (retry)
• Fleet Desktop/My Device Page
  • New Self-service item in drop down menu task bar
  • Reach out to IT link opens in new browser tab
  • New Tab for SS
  • Confirm statuses are correct under each app icon
  • Tooltips - in progress, installed, failed
  • Retry action works
  • Loading state UI
  • Empty State
• Activity Feeds
  • Host Activity Feed
  • Global Activity Feed
• Other
  • File size limit validation
  • Test throttled connection
  • File type validation
  • File uploaded by User A can be deleted or installed by User B

Ran thru same tests for Windows Host

• Permissions changes
  • Maintainers and admins (team and global) can add self-service software.
  • Team roles can add software to teams they are assigned to
  • Observers cannot

To Do:

• GitOps user can add self-service software via Fleet YAML

[PezHub]

Windows and Ubuntu testing results here

[PezHub]

testing is complete, including yaml config updates. QA Approved!

[georgekarrv]

@noahtalerman Looks like this one fell off w/o going through confirm and celebrate

[marko-lisica]

Hey @dave and @willmayhone88, this story has shipped. API docs are still TODO.

[marko-lisica]

API docs are merged.

[fleet-release]

Vetted software flows, Like a cloud city's soft light, Access without root grows.