iansltx
commented
17 hours ago Test plan:
Regression testing
- [ ] Scripts in default.yml work alone (no policies referencing them)
- [ ] Scripts in no-team.yml work alone
- [ ] Scripts in team yml files work alone
- [ ] Associating a script to a policy on a team other than No Team works
Happy path
- [ ] run_script on No Team applies a script declared in no-team.yml
- [ ] Same as above, with with the policy in its own yml file
Error handling
- [ ] Script mentioned in run_script for a team other than No Team, but not listed in controls for that team
- [ ] The above, but for No Team (should call out no-team.yml specifically)
- [ ] The above, but with the script listed in controls for default.yml (will be same error as above)
Fleet version: 4.58.0
💥 Actual behavior
Scripts are not detected as associated with the team, or not detected at all, when attempting configuration of script automation via GitOps for "No team."
🧑💻 Steps to reproduce
run_scriptonno-team.yml, along with the requisitecontrols > scriptentry.gitops.shMore Info
This is due to how scripts are processed for "No team" (merged from global and no-team files), so neither standard-team (which works) logic nor the workaround used for no-team installers/policy automation works here.
To Fix
To quickly fix this, we may need to limit eligible scripts for policy automations to those declared in
no-team.yml, rather than the YAML author's choice ofdefault.ymlorno-team.yml; TBD.