VPP: CLI updates to support yaml

[georgekarrv]

Suggested spec for the batch-set of apps for a team:

POST /api/v1/fleet/software/app_store/batch

Parameters

• team_name: string, query parameter, batch endpoints use team names and not ids (because we don't have them in the yaml gitops/apply files).
• dry_run: bool, query parameter, stop after validations / before making DB changes if true, and return any error.
• app_store_ids: array of strings, json body. AFAIK we don't have any other fields associated with an app (i.e. no self_service boolean), so it's just the list of app IDs to batch-set.

Implementation is to replace all the apps for the given team by the set received.

@marko-lisica : heads-up, this was an API endpoint that was missing for that story, I think it would have to be added in the API for Contributors documentation (the batch endpoint for software installers is there: https://github.com/fleetdm/fleet/blob/main/docs/Contributing/API-for-contributors.md#batch-apply-software).

[georgekarrv]

Hey team! Please add your planning poker estimate with Zenhub @dantecatalfamo @ghernandez345 @gillespi314 @mna @roperzh

[dantecatalfamo]

@mna For apply, should an empty software clear both pacakges and appstoreapps, or should they have to have to explicitly clear software.packages and software.appstoreapps?

[mna]

@dantecatalfamo That would be a product decision (@marko-lisica ), but I think we usually clear when the immediate parent (the key that contains a slice) is present but empty, so that would mean this would clear both:

software:
  packages:
  app_store_apps:

but this would not alter any:

software:

[mna]

@dantecatalfamo just a heads-up, you may want to verify with Marko but if we plan on adding the self_service flag to VPP apps in the near-future, it might be better for the "batch" API endpoint to immediately receive an array of objects instead of an array of strings (and have the app_store_id being a field on each object, in preparation to have the self_service flag added in the future).

[dantecatalfamo]

@mna Can we make the bulk API its own ticket? I'd like to close this one with what I have working so far, since the goal of what the bulk API should look like keeps changing

[mna]

@dantecatalfamo Sure! Feel free to create a new ticket for it, linked to the VPP story.

[dantecatalfamo]

@mna Moved here, will await further product specification before starting #20278 🙂

[marko-lisica]

@dantecatalfamo just a heads-up, you may want to verify with Marko but if we plan on adding the self_service flag to VPP apps in the near-future, it might be better for the "batch" API endpoint to immediately receive an array of objects instead of an array of strings (and have the app_store_id being a field on each object, in preparation to have the self_service flag added in the future).

@dantecatalfamo @mna I agree. We have a story to add to enable self-service for VPP apps. I think we should make this API so it receives a list of objects instead of a list of strings.

[marko-lisica]

@mna For apply, should an empty software clear both pacakges and appstoreapps, or should they have to have to explicitly clear software.packages and software.appstoreapps?

@dantecatalfamo That would be a product decision (@marko-lisica ), but I think we usually clear when the immediate parent (the key that contains a slice) is present but empty, so that would mean this would clear both:

software:
  packages:
  app_store_apps:

but this would not alter any:

software:

@dantecatalfamo @mna What's the current behavior for software packages? Do we clear software if software is empty?

[mna]

@marko-lisica

What's the current behavior for software packages? Do we clear software if software is empty?

Yes, but that's because currently, software is the immediate parent of the software packages. In the new structure, software.packages will be the immediate parent for software installers, and software.app_store_apps for VPP apps.

[marko-lisica]

@marko-lisica

What's the current behavior for software packages? Do we clear software if software is empty?

Yes, but that's because currently, software is the immediate parent of the software packages. In the new structure, software.packages will be the immediate parent for software installers, and software.app_store_apps for VPP apps.

@mna That makes sense to me, so user needs to specify empty software.packages in order to remove all packages.

@noahtalerman Would it make sense to document this behavior in the docs? Is this something that's expected?

[noahtalerman]

Do we clear software if software is empty?

@marko-lisica, @dantecatalfamo, and @mna yes.

In Fleet's best practice GitOps, all top level keys (required) behave this way (remove if empty): https://fleetdm.com/docs/using-fleet/gitops#configuration-options

[mna]

@noahtalerman @marko-lisica @dantecatalfamo What you mention is correct but that's for fleetctl gitops, and it's normal since gitops expects the full content of every top-level key to always be provided (it is the whole config, not a partial one).

The convo is regarding how fleetctl apply should behave to empty those lists, because in fleetctl apply, only what is provided gets updated. As I mentioned earlier, I think typically we require the immediate parent of the list to be provided-but-empty to clear the list.

[noahtalerman]

regarding how fleetctl apply should behave

@mna Ah, gotcha. Sorry I missed that.

typically we require the immediate parent of the list to be provided-but-empty to clear the list.

This behavior makes sense to me. fleetctl apply is used for one-off imports (like a PATCH): https://github.com/fleetdm/fleet/blob/main/docs/Contributing/fleetctl-apply.md

cc @marko-lisica @dantecatalfamo

[fleet-release]

Batch-set of apps bloom, Like nature, Fleet adapts grace, In the cloud city's room.

[mna]

(sorry, a bad trackpad manipulation in zenhub dragged it to the closed column)

[fleet-release]

YAML batch-set flows, Team's apps update with ease, Cloud city code grows.