Open pacamaster opened 3 months ago
Thanks @pacamaster! I think this is an improvement that we should bring through feature fest.
I removed the bug
label and added ~feature fest
.
Hey @pacamaster, heads up, we brought this into the upcoming design sprint (4.49).
Hey @pacamaster, because this issue is in the current design sprint, I updated this issue to use the user story template.
I moved your original issue description here for safekeeping:
Fleet version: <!-- Copy this from the "My account" page in the Fleet UI, or run
fleetctl --version
--> Fleet 4.47.3 Web browser and operating system: Current Stable Versions
💥 Actual behavior
When attempting to apply windows CIS get error.
Error: 1 error occurred: * failed to unmarshal policies file ../../ee/cis/win-11/cis-policy-queries.yml: error unmarshaling JSON: json: cannot unmarshal object into Go value of type []*spec.Policy
🧑💻 Steps to reproduce
- Wire up reference to policies to CIS, and commit changes. Added to
policies
of teamteams/workstations-canary.yml
with- path: ../../ee/cis/win-11/cis-policy-queries.yml
- Action kicks off during merge, errors out
🕯️ More info (optional)
Looks like the CIS contains some spec info that is not able to be read by the action and errors
🛠️ To fix
- [ ] Note/document on https://fleetdm.com/docs/using-fleet/cis-benchmarks about how the Windows CIS policies work with GPO
- [ ] Remove/update the spec from each policy
- [ ] Continue to dogfood policies
- [ ] Adjust policies to check SCP or something other than GPO
- [ ] Create remediation custom setting profiles
Hey @pacamaster heads up this didn't make the 3-week drafting => estimation timeline. Bringing it back to feature fest.
Goal
fleetctl apply
format.Context
Changes
Change the best practice version to be GitOps compatible but maintain the
fleetctl apply
format for backward compatibility.Product
Engineering
QA
Risk assessment
Manual testing steps
Testing notes
Confirmation