Make the Script object ID visible in Fleet UI

nonpunctual commented 6 months ago

@noahtalerman: User requested this because they want a quick and convenient way to see the scripts ID so that they can use this ID to run the script using Fleet's run script API endpoint.
- @noahtalerman: In the interim the user can hit the list scripts API endpoint to get a list of scripts including the scripts' IDs.
- @noahtalerman: Eventually the user could be able to view the script's ID in the URL for a future a Script details page

nonpunctual commented 6 months ago

Here is a script that matches a Script name in Fleet UI & prints its object / database ID (this seems hard... this is what I was directed to do by eng to accomplish this.) PS. this is using sqlite3 because it has native json parsing, no other reason.

#!/bin/bash

fleet_url='https://dogfood.fleetdm.com'
fleet_key='somekeyhere'
scpt_name='xz_rem.sh'

## DO NOT MODIFY BELOW ##

team_json="$(/usr/bin/curl -LSs -X GET -H 'Content-Type: application/json' -H "Authorization: Bearer $fleet_key" "$fleet_url/api/v1/fleet/teams")"
arr_lngth="$(/usr/bin/sqlite3 /dev/null "SELECT json_array_length('$team_json', '$.teams');")"

for ((i=0;i<"$arr_lngth";i++))
{
    teams_arr+=($(/usr/bin/sqlite3 /dev/null "SELECT json_extract('$team_json', '$.teams[$i].id');"))
}

for j in "${teams_arr[@]}"
do
    scpt_json="$(/usr/bin/curl -LSs -X GET -H 'Content-Type: application/json' -H "Authorization: Bearer $fleet_key" "$fleet_url/api/v1/fleet/scripts?team_id=$j")"
    arr_lngth="$(/usr/bin/sqlite3 /dev/null "SELECT json_array_length('$scpt_json', '$.scripts');")"

    for ((k=0;k<"$arr_lngth";k++))
    {
        if [ "$(/usr/bin/sqlite3 /dev/null "SELECT json_extract('$scpt_json', '$.scripts[$k].name');")" = "$scpt_name" ]
        then
            script_id="$(/usr/bin/sqlite3 /dev/null "SELECT json_extract('$scpt_json', '$.scripts[$k].id');")"
            printf "xz_rem.sh script ID = %s" "$script_id"
            exit
        fi
    }
done

noahtalerman commented 6 months ago

a script that matches a Script name in Fleet UI & prints its object / database ID

Hey @nonpunctual thanks for tracking this!

If I'm understanding correctly, you're trying to run a specific script using the Run script API endpoint in a Tines workflow.

You know the script's name but not the ID.

Is that right?

If so, another potential solution is for Fleet to add an API endpoint to run a script by name. This way you don't have to head to the UI to get the ID.

Another potential solution, with no changes to Fleet necessary, is to run a script using the script_contents parameter instead of script_id.

From the API docs here: Screenshot 2024-04-02 at 10 08 04 AM

noahtalerman commented 6 months ago

API endpoint to run a script by name

@marko-lisica does this already exist? (not documented)

IIRC we recently added the --script-name flag to fleetctl run-script.

nonpunctual commented 6 months ago

@marko-lisica @gillespi314 said scripts can now be run like so:

you can now run a script in fleetctl without the script_id by passing script_name plus team_id. If it does live in API it's not documented

I guess I missed the difference in the docs between "run scripts" & "run live scripts".

@noahtalerman I think making the API endpoint allow a script to be run by name or ID (without it being linked to team ID) would be the best solution. The script name is visible in the UI. :)

Also yes the script body could be used. There may be reasons you wouldn't want to paste the plain text of a script in an http request but I understand that capability exists. Thanks for the quick response.

nonpunctual commented 6 months ago

@rachaelshaw @gillespi314 do you think the API Docs for this are clear? Is it clear that there are 2 actions for running scripts that aren't listed contiguously? It's probably just me... If this is clear for you I am not going to make a PR to change. If the answer to my question was "Scroll down..." ok, that's on me. :)

https://fleetdm.com/docs/rest-api/rest-api#run-live-script https://fleetdm.com/docs/rest-api/rest-api#run-script

But I kind of think there isn't really a clear technical meaning for "run scripts" vs. "run live scripts" outside of Fleet. Like, what does "live" mean in this context?

nonpunctual commented 6 months ago

Docs are being updated to address this issue.

fleet-release commented 6 months ago

Script ID hidden, like A moon behind cloud cover. Revealed, tasks simplify.

nonpunctual commented 5 months ago

Today on a customer call attempting to integrate Okta Workflows to execute Fleet scripts again showed the need for this. Customer specifically mentioned "Why don't scripts show their ID?"

It's understood that you can use the name.

The problem is that lack of consistency in the UI, Docs & API usage makes it counterintutive to use. Patterns like "get the object ID" for X start to become intuitive for an API if they are consistently discoverable. When those patterns break & when there is little documentation for features like 3rd party integrations, to expect customers to be able to do this on their own, even with help from us on a call, is hard.

If 3rd party integrations like running a script are documented I unfortunately don't know where. If I need to make these docs, I can. This article: https://fleetdm.com/guides/using-fleet-and-tines-together

has good information but it's not a step-by-step guide to "Integrating Okta Workflows With Fleet To Execute A Script".

Linking https://github.com/fleetdm/fleet/issues/17129 here as executing scripts directly from Fleet would solve for this issue.

nonpunctual commented 5 months ago

related: Scripts preview in UI https://github.com/fleetdm/fleet/issues/18409 by adding this feature, it would make sense for the URL to have the script object index in the URL when a user clicked on a script to read it.

noahtalerman commented 5 months ago

Brock: In the "Run live script" API docs it's unclear. We're missing note about script_name requiring script_id.

Noah: Doesn't "Run script" also support these parameters?

@nonpunctual when you get the chance, can you please open a PR that makes this clearer?