Open nonpunctual opened 6 months ago
Here is a script that matches a Script name in Fleet UI & prints its object / database ID (this seems hard... this is what I was directed to do by eng to accomplish this.) PS. this is using sqlite3 because it has native json parsing, no other reason.
#!/bin/bash
fleet_url='https://dogfood.fleetdm.com'
fleet_key='somekeyhere'
scpt_name='xz_rem.sh'
## DO NOT MODIFY BELOW ##
team_json="$(/usr/bin/curl -LSs -X GET -H 'Content-Type: application/json' -H "Authorization: Bearer $fleet_key" "$fleet_url/api/v1/fleet/teams")"
arr_lngth="$(/usr/bin/sqlite3 /dev/null "SELECT json_array_length('$team_json', '$.teams');")"
for ((i=0;i<"$arr_lngth";i++))
{
teams_arr+=($(/usr/bin/sqlite3 /dev/null "SELECT json_extract('$team_json', '$.teams[$i].id');"))
}
for j in "${teams_arr[@]}"
do
scpt_json="$(/usr/bin/curl -LSs -X GET -H 'Content-Type: application/json' -H "Authorization: Bearer $fleet_key" "$fleet_url/api/v1/fleet/scripts?team_id=$j")"
arr_lngth="$(/usr/bin/sqlite3 /dev/null "SELECT json_array_length('$scpt_json', '$.scripts');")"
for ((k=0;k<"$arr_lngth";k++))
{
if [ "$(/usr/bin/sqlite3 /dev/null "SELECT json_extract('$scpt_json', '$.scripts[$k].name');")" = "$scpt_name" ]
then
script_id="$(/usr/bin/sqlite3 /dev/null "SELECT json_extract('$scpt_json', '$.scripts[$k].id');")"
printf "xz_rem.sh script ID = %s" "$script_id"
exit
fi
}
done
a script that matches a Script name in Fleet UI & prints its object / database ID
Hey @nonpunctual thanks for tracking this!
If I'm understanding correctly, you're trying to run a specific script using the Run script API endpoint in a Tines workflow.
You know the script's name but not the ID.
Is that right?
If so, another potential solution is for Fleet to add an API endpoint to run a script by name. This way you don't have to head to the UI to get the ID.
Another potential solution, with no changes to Fleet necessary, is to run a script using the script_contents
parameter instead of script_id
.
From the API docs here:
API endpoint to run a script by name
@marko-lisica does this already exist? (not documented)
IIRC we recently added the --script-name
flag to fleetctl run-script
.
@marko-lisica @gillespi314 said scripts can now be run like so:
you can now run a script in fleetctl without the script_id by passing script_name plus team_id. If it does live in API it's not documented
I guess I missed the difference in the docs between "run scripts" & "run live scripts".
@noahtalerman I think making the API endpoint allow a script to be run by name or ID (without it being linked to team ID) would be the best solution. The script name is visible in the UI. :)
Also yes the script body could be used. There may be reasons you wouldn't want to paste the plain text of a script in an http request but I understand that capability exists. Thanks for the quick response.
@rachaelshaw @gillespi314 do you think the API Docs for this are clear? Is it clear that there are 2 actions for running scripts that aren't listed contiguously? It's probably just me... If this is clear for you I am not going to make a PR to change. If the answer to my question was "Scroll down..." ok, that's on me. :)
https://fleetdm.com/docs/rest-api/rest-api#run-live-script https://fleetdm.com/docs/rest-api/rest-api#run-script
But I kind of think there isn't really a clear technical meaning for "run scripts" vs. "run live scripts" outside of Fleet. Like, what does "live" mean in this context?
Docs are being updated to address this issue.
Script ID hidden, like A moon behind cloud cover. Revealed, tasks simplify.
Today on a customer call attempting to integrate Okta Workflows to execute Fleet scripts again showed the need for this. Customer specifically mentioned "Why don't scripts show their ID?"
It's understood that you can use the name.
The problem is that lack of consistency in the UI, Docs & API usage makes it counterintutive to use. Patterns like "get the object ID" for X start to become intuitive for an API if they are consistently discoverable. When those patterns break & when there is little documentation for features like 3rd party integrations, to expect customers to be able to do this on their own, even with help from us on a call, is hard.
If 3rd party integrations like running a script are documented I unfortunately don't know where. If I need to make these docs, I can. This article: https://fleetdm.com/guides/using-fleet-and-tines-together
has good information but it's not a step-by-step guide to "Integrating Okta Workflows With Fleet To Execute A Script".
Linking https://github.com/fleetdm/fleet/issues/17129 here as executing scripts directly from Fleet would solve for this issue.
related: Scripts preview in UI https://github.com/fleetdm/fleet/issues/18409 by adding this feature, it would make sense for the URL to have the script object index in the URL when a user clicked on a script to read it.
Brock: In the "Run live script" API docs it's unclear. We're missing note about script_name
requiring script_id
.
Noah: Doesn't "Run script" also support these parameters?
@nonpunctual when you get the chance, can you please open a PR that makes this clearer?
Linking this PR as it has information on how to update the Scripts API docs https://github.com/fleetdm/fleet/pull/18419
Hey @nonpunctual it looks like the PR you linked to is closed, did we ever open up a new PR?
@noahtalerman Have not opened a new PR but I did have a clarifying conversation with Rachel about what to put in it & I will put it in soon. Thanks!
@nonpunctual can you please track a feature request for editing script contents in the UI?
@noahtalerman @marko-lisica I did add that in # 2 in my potential solutions in this issue above. Would it be ok to re-word this one to concentrate on the script editor feature & kind of assume that because that would happen on a separate page in the Fleet UI that the URL for the script would include the db object ID?
Actually I will close this one & refer to it in new FR.
Script ID in view, Like a cloud city gleaming, Ease in user's grasp.
@nonpunctual I re-opened this one and linked to it from the user story the @randy-fleet is working on: #22446
Randy, if this works/makes sense, I think we want to be consistent with how we build UI at Fleet and expose the ID in the URL and not in the UI itself.
Moved the original issue description here for safekeeping:
Brock: In the "Run live script" API docs it's unclear. We're missing note about script_name
requiring script_id
.
How might this have a positive effect on your organization? Users would like to access scripts via the API by their database object ID
What is the current situation? Why does the current situation hurt? The only way currently to see a Script database object ID is by opening developer tools in a browser (like, e.g., a JS console)
What are you doing right now to work around this issue? What's non-ideal about it? Using dev tools in browser is possible & can be documented but it is not intuitive. Other Fleet database objects (e.g., Hosts) show an ID in the URL bar.
Script object IDs are not visible in the Fleet UI.
@RachelElysia please help me estimate level of effort (LOE) to accomplish either of these solutions when you get a chance. Thanks!