search

fleetdm / fleet

Open-source platform for IT, security, and infrastructure teams. (Linux, macOS, Chrome, Windows, cloud, data center)
https://fleetdm.com
Other
3k stars 416 forks source link

Attachments for scripts #22095

Open ddribeiro opened 3 weeks ago

ddribeiro commented 3 weeks ago

Gong snippet: https://us-65885.app.gong.io/call?id=3532396675968293631&highlights=%5B%7B%22type%22%3A%22SHARE%22%2C%22from%22%3A1662%2C%22to%22%3A2205%7D%5D

Problem

customer-cisneros has a workflow where they run a script to deliver certificates to their host. The script has a dependency on a .pem file existing in a specific directory on the computer when it is run.

Their current management solution, Landscape, has a feature that lets them specify files as "attachments" to the script. This allows them to include the .pem as an attachment with the script and reference it in the script.

Fleet currently does not offer the ability to deliver attachments alongside scripts, so this workflow needs to be modified to use with Fleet.

What have you tried?

The customer looked for a way to deliver dependencies as attachments to a script in the Fleet UI, but did not find the option available.

It might be possible to deliver dependencies as part of the Software installation feature, then call the script only after the software is "installed." Doing this increases complexity compared to their current solution.

Potential solutions

If Fleet had support to deliver attachments alongside scripts, the customer would be able to migrate their existing workflow to Fleet with no additional effort.

The key here is building out the script and all dependencies in a single interface for ease of use.

What is the expected workflow as a result of your proposal?

`customer-cisneros` would be able to upload their existing script they use to generate certificates on device to Fleet. In the Fleet UI, they would be able to upload a `.pem` file that the script has a dependency on. This would ensure the `.pem` is present on the host in a known location when the script runs and can generate certificates successfully. The customer would then execute the script from the Fleet UI and successfully generate certificates.
noahtalerman commented 2 weeks ago

Thanks for tracking this one w/ the Gong snippet @ddribeiro!

I pulled added user story above above the Gong snippet:

As an IT admin writing a script w/ a dependency (ex. cert), I want to add them as script attachments via the UI/API so that they're already on the computer when the script runs.

Today, w/o this feature, they'd have to host the certificate somewhere outside of Fleet and pull it down (via curl or something similar) in their script. Does that sound right?