Add software to "No Team"

[nonpunctual]

Goal

User story
As a Fleet user,
I want to want to add team to "No team"
so that I can manage software if I'm not using team segmentation.

Context

• Requestor(s): @nonpunctual
• Product designer: @marko-lisica

Changes

Product

• [x] UI changes: Figma link
• [x] API changes: API design PR is here.
• [x] CLI usage changes: https://www.figma.com/design/qj8cjvpQC1g9LfBq5mzSdH/%2319550-Ability-to-add-software-to-"No-Team"?node-id=1321-1069&t=OP6LC2ARSRY51y2p-11
• [x] GitOps changes: Add support for software top-level key in default.yml. PR to reference docs is here. Software specified in default.yml will be applied to "No team."
  • software is a required field. Show an easy to understand error message if software isn't specified in the default.yml or team YAML files. If the user is a Fleet Free user, don't error because they can't use software. More generally, all top level keys in the default.yml and team YAML files are required.
• [x] Permissions changes:
  • Maintainers and admins (global) can view, add, download, and delete software installers for "No team". GitOps users can manage software for "No team" via Fleet YAML.
  • Observers (global) can view software in "No team".
• [x] Changes to paid features or tiers: Fleet Premium only.

Engineering

• [ ] Database schema migrations: TODO
• [ ] Load testing: TODO

ℹ️  Please read this issue carefully and understand it. Pay special attention to UI wireframes, especially "dev notes".

QA

Risk assessment

• Requires load testing: TODO
• Risk level: Low / High TODO
• Risk description: TODO

Manual testing steps

1. Step 1
2. Step 2
3. Step 3

Testing notes

Confirmation

1. [ ] Engineer (@____): Added comment to user story confirming successful completion of QA.
2. [ ] QA (@____): Added comment to user story confirming successful completion of QA.

[zayhanlon]

@noahtalerman Would you consider this workflow blocking? Customer-preston cannot use app management without this ability (as we discussed on the roadmap call)

[noahtalerman]

Hey @nonpunctual and @zayhanlon let's chat about this during this week's product office hours. I added an agenda item (internal): https://docs.google.com/document/d/1Znyp2a9qcM9JdYHrzLudvcPwEdhnCg7RiKi22s8yGWw/edit

[valentinpezon-primo]

Hi @noahtalerman @noahtalerman

Currently, in Fleet, the "no-team" feature is very usefull and present everywhere, with this feature we are able to manage :

• scripts
• os updates
• os settings (disk encryption & custom settings)
• setup experience
• queries
• policies

Almost all of the Fleet's features are available in the "no team" tab, we build our entire system around it since it's available, and it works very well.

The fact that the Software feature does not have this "no team" element is blocking us to use it, since we do not use teams at all.

On a side note : We will use labels to group hosts, labels created using your API, not based on query, since we want to be the source of truth for labeling

[noahtalerman]

Hey @valentinpezon-primo thanks for the feedback! The plan is to bring this story into the current design sprint and get started on drafting/wireframing.

cc @nonpunctual

[ddribeiro]

@noahtalerman @nonpunctual Would adding software to "All teams" be distinct from this request?

I understand "No Team" would be useful for customers that aren't using teams, but what about customers who use Teams that want to upload software once and have it apply to all organization wide to all their Teams?

[nonpunctual]

@noahtalerman @marko-lisica it is distinct for the reason you mention. customer-preston does not use Teams, so, assignment to "All Teams" would not help them.

I think there is a tacit assumption that assignment to "No Team" means it would be automagically assigned to "every Host".

• I believe easy assignment to "All Teams" is a necessary option.
• I believe easy 1:many assignment to any arbitrary number of Teams is a necessary option (e.g., a list of Teams for a package that you could select for assignment so that it was not necessary to upload the same package to multiple Teams.)

I am not entirely sure about this "No Team" feature from an Engineering persepctive, i.e., is it hard? Impossible?

Is there a way to satisfy it that's easier by allowing App assignement via Label & that somehow a Label could be created that would be equivalent to the set of Hosts that matches "every Host"? If so, I think that would be equivalent to this FR.

related: https://github.com/fleetdm/fleet/issues/20805

[valentinpezon-primo]

Jumping in @ddribeiro @nonpunctual

What we want is to have the "Software" tab working the same way as the "Controls" tab. The Controls tab has a "No team" feature :

We would like to be able to use software like we use script basically

Also, for the "Queries" and "Policies" tab, you have the "All teams" wording instead of "No team", but the behavior are the same since I can use queries and policies stored on "All team" on devices that do not have teams, so it looks like "All Teams" also works when device's team is null

Hope that helps !

[georgekarrv]

@sharon-fdm This will need to come over to Endpoint ops for capacity let me know if you have any questions

[sharon-fdm]

NP @georgekarrv. Moved to EPOps

[sharon-fdm]

@noahtalerman We will push this into the sprint but we need some Figma additions for OS and Vuln tabs.

[noahtalerman]

@getvictor pointed out that we need GitOps changes. TODO @noahtalerman

[noahtalerman]

what about customers who use Teams that want to upload software once and have it apply to all organization wide to all their Teams?

@ddribeiro just to follow up on the above, yes, this would be a separate feature request. This story specifically addresses filtering and uploading software to the special team in Fleet that we call "No team."

[noahtalerman]

cc @nonpunctual ^^

[noahtalerman]

we need some Figma additions for OS and Vuln tabs.

Hey @mostlikelee and @RachelElysia Figma is now updated w/ a dev note that clarifies that we want to add "No team" filtering to all tabs on the software page:

I also realized we were missing wireframes for adding "No team" to the details pages. That's now in Figma:

Also, I opened a PR w/ proposed API design here: https://github.com/fleetdm/fleet/pull/20489

My plan is to update that^ PR to specify changes to the GitOps interface (still TODO).

cc @sharon-fdm

[noahtalerman]

UPDATE:

Hey @mostlikelee, @RachelElysia, and @sharon-fdm, the GitOps changes are specified in this PR to the GitOps reference docs: https://github.com/fleetdm/fleet/pull/20502

We want to add support for software top-level key in default.yml. Software specified in default.yml will be applied to "No team."

I updated the issue description with this.

[sharon-fdm]

Thanks @noahtalerman. @mostlikelee, I put a link to it in sub-task #20464.

[noahtalerman]

@sharon-fdm, @mostlikelee, and @RachelElysia.

Also heads up that this is a Fleet Premium only feature. I updated the issue description to call this out.

[mostlikelee]

@RachelElysia i'm realizing we'll need to expand scope to include "team 0" support for all the pages downstream from the software tab (all the detail pages):

/software/titles/{id} /software/versions/{id} /software/os/{id} /software/vulnerabilities/{id}

[RachelElysia]

@mostlikelee @sharon-fdm Good thing I got some wiggle points this sprint. This might add another 2-3 points of FE work.

[RachelElysia]

@noahtalerman

I added this empty state to the details pages for no teams since it made more sense to say "No hosts unassigned to a team have this OS installed." more than the current options "No hosts have this OS installed."/"No hosts on this team have this OS installed.", we can confirm/modify the copy text as needed in tomorrow's design review.

[noahtalerman]

Thanks @RachelElysia! Great catch.

we can confirm/modify the copy text as needed in tomorrow's design review

Let's do this 👍 I added an item to the agenda (internal): https://docs.google.com/document/d/1AduqZ9yuMQ8uvC5Z6GJFJtE0pbdqdX9zHIau_VCOqGI/edit

For other folks looking at this comment, all UI changes go through design review. Any contributor at Fleet can bring items to design review.

[RachelElysia]

Update: Design decision during 7/24/24 design review to not include team reference in empty state

e.g. "No hosts have this OS installed." will be the generic empty state for any team, no team, and free version where there is no team.

[noahtalerman]

Update: Design decision during 7/24/24 design review to not include team reference in empty state

e.g. "No hosts have this OS installed." will be the generic empty state for any team, no team, and free version where there is no team.

Here's what this will look like:

Furthermore, in this pass we decided to just make this change on OS, Software version, Software title, Vulnerabilities detail pages.

@RachelElysia, when you get the chance, can you please help track an issue for other places so we can come back and don’t forget? I think the issue can be really generic, quick/dirty and link to this comment.

Thanks :)

[noahtalerman]

software is a required field. Show an easy to understand error message if software isn't specified in the default.yml or team YAML files. If the user is a Fleet Free user, don't error because they can't use software. More generally, all top level keys in the default.yml and team YAML files are required.

Hey @mostlikelee, I added the expected behavior (above) we discussed during standup today to the issue description.

cc @getvictor

[noahtalerman]

Hey @zayhanlon and @pintomi1989 heads up that this customer request was shipped in 4.55 🎉

[fleet-release]

"No Team" expands, In cloud city, software lands, Ease for user's hands.