search

fleetdm / fleet

Open-source platform for IT, security, and infrastructure teams. (Linux, macOS, Chrome, Windows, cloud, data center)
https://fleetdm.com
Other
3k stars 416 forks source link

Add activity for deleting hosts #18342

Open spokanemac opened 5 months ago

spokanemac commented 5 months ago

Goal

User story
As an IT admin offboarding a host in Fleet
I want to see an activity feed item when I delete a host
so that I can point to this activity when someone asks if I offboarded the host.

Context

What else should contributors keep in mind when working on this change?

  1. Hosts can be deleted individually on the Host details page or they can be deleted in bulk on the Hosts page. We want to track activity for both scenarios.

Changes

Product

ℹ️  Please read this issue carefully and understand it. Pay special attention to UI wireframes, especially "dev notes".

QA

Risk assessment

Manual testing steps

  1. Step 1
  2. Step 2
  3. Step 3

Testing notes

Confirmation

  1. [ ] Engineer (@____): Added comment to user story confirming successful completion of QA.
  2. [ ] QA (@____): Added comment to user story confirming successful completion of QA.
nonpunctual commented 5 months ago

To validate: I deleted an enrolled Windows VM today that erased over the weekend & saw nothing in Activity. There also does not seem to be any way to see this activity per the docs unless I have missed it. I looked on these pages:

https://fleetdm.com/docs/using-fleet/audit-logs https://fleetdm.com/docs/rest-api/rest-api#activities

I guess I expected to see a key like deleted_host on the audit logs page. @marko-lisica Is this design intentional? Thanks!

marko-lisica commented 5 months ago

I guess I expected to see a key like deleted_host on the audit logs page. @marko-lisica Is this design intentional? Thanks!

Hey, @nonpunctual, the activity feed was implemented before I started, but AFAIK this isn't intentionally designed.

nonpunctual commented 5 months ago

@spokanemac so I am completely in agreement then there should be something in the Activity feed & something in audit log when a Fleet admin user deletes a Host & enrolls a Host. I know the enroll events could get a little crazy but record deletion is definitely a critical audit function in almost every org in every system. Thanks.

noahtalerman commented 5 months ago

Agreed there should be an activity item here.

Audibility is core to Fleet.

Bringing this through feature fest.

noahtalerman commented 5 months ago

Hey @spokanemac, now that the story is in the current design sprint. I updated the issue description to use the user story format.

I moved your original issue description here for safekeeping:

Problem

When a host is deleted in Fleet, the Activity feed does not indicate that the deletion occurred.

Potential solutions

Include the host with an identifier and the user who deleted the host record. (bulk deletes need to be considered as well)

sharon-fdm commented 5 months ago

BE:3 FE:1