API design: Self-service: Install Apple App Store apps on macOS #19687
Conversation
|
Hey @noahtalerman, heads up, this is now up to date |
| @@ -9032,6 +9032,7 @@ Returns information about the specified software. By default, `versions` are sor | |||
| "app_store_id": 1091189122, | |||
| "latest_version": "2.04", | |||
| "icon_url": "https://is1-ssl.mzstatic.com/image/thumb/Purple211/v4/f1/65/1e/a4844ccd-486d-455f-bb31-67336fe46b14/AppIcon-1x_U007emarketing-0-7-0-85-220-0.png/512x512bb.jpg", | |||
| "self_service": true, | |||
There was a problem hiding this comment.
Dev note:
In GET /api/v1/fleet/software/titles/:id add self_service flag to app_store_app object when VPP app is added as self-service app.
There was a problem hiding this comment.
Is self-service a property of the app's association with a team, or the application itself?
Since we specify self_service on the team spec, I would assume the property belongs to the association. That would mean that a single title can be both self service and not self service based on the team
There was a problem hiding this comment.
@noahtalerman I see marko is OOO, can you take a look at this?
There was a problem hiding this comment.
Hey @dantecatalfamo, self-service is a property of the app not the team. An app can either be self service or not self service (not both).
Where do we specify self_service in the team spec?
There was a problem hiding this comment.
On the batch endpoint, we're associating an app with a team and passing the self_service argument https://github.com/fleetdm/fleet/pull/19687/files#diff-831a63ebb3cab9b4e6b82d803d9ffcdc3722b12d486dcd7b13e9576643bb50b0R3051
There was a problem hiding this comment.
There's nothing stopping a user from specifying self_service: true on one team and self_service: false on another in the gitops yaml
There was a problem hiding this comment.
And on #19882 the suggested migration adds it to the app team join table
There was a problem hiding this comment.
@noahtalerman My understanding is that self_servie is a property of the app as it is made available to the team, not the title itself
There was a problem hiding this comment.
There's nothing stopping a user from specifying self_service: true on one team and self_service: false on another in the gitops yaml
that self_servie is a property of the app as it is made available to the team, not the title itself
I think this is right.
@dantecatalfamo If I'm understanding correctly, this means that you could have Google Chrome in self-service for Team A but not in self-service for Team B.
This is what we want.
I think that's ok.
In the Fleet DB this will actually be two Google Chrome apps (one for Team A and one for Team B) associated with the same software title.
There was a problem hiding this comment.
@noahtalerman Ah! Okay that helps a lot, thank you! I misunderstood the association with titles
| @@ -3047,7 +3048,7 @@ _Available in Fleet Premium._ | |||
| | dry_run | bool | query | If `true`, will validate the provided software packages and return any validation errors, but will not apply the changes. | | |||
| | software | object | body | The team's software that will be available for install. | | |||
| | software.packages | list | body | An array of objects. Each object consists of:`url`- URL to the software package (PKG, MSI, EXE or DEB),`install_script` - command that Fleet runs to install software, `pre_install_query` - condition query that determines if the install will proceed, and `post_install_script` - script that runs after software install. | | |||
| | software.app_store_apps | list | body | An array objects. Each object consists of `app_store_id` - ID of the App Store app. | | |||
| | software.app_store_apps | list | body | An array of objects. Each object consists of `app_store_id` - ID of the App Store app and `self_service` boolean. | | |||
There was a problem hiding this comment.
Hey @marko-lisica just a heads up. app store apps use their own bulk API, not the same one as software installers.
They're different enough that it made sense to split them up. The VPP apps endpoint lives at https://github.com/fleetdm/fleet/blob/main/server/service/handler.go#L734
There was a problem hiding this comment.
Hey @dantecatalfamo makes sense!
When you get the chance, can you please add that new POST /software/app_store_apps/batch API endpoint to this PR and the following PR?
Please feel free to commit on top of the existing changes. Thanks!
| @@ -9163,6 +9164,7 @@ Add App Store (VPP) app purchased in Apple Business Manager. | |||
| | ---- | ---- | -- | ----------- | | |||
| | app_store_id | integer | body | **Required.** The ID of App Store app. | | |||
| | team_id | integer | body | **Required**. The team ID. Adds VPP software to the specified team. | | |||
There was a problem hiding this comment.
Hey @dantecatalfamo, as part of the "Install App Store apps on iOS/iPadOS" (#19447) story going out in 4.55, we're adding platform to this endpoint. https://github.com/fleetdm/fleet/pull/20892/files#diff-7246bc304b15c8865ed8eaa205e9c244d0a0314e4bae60cf553dc06147c38b64R9175
I think let's return an easy to understand error message if the user specifies ios or ipados and self-service. Something like "Currently, self-service isn't support for iOS and iPadOS hosts."
Hey @dantecatalfamo, heads up, I added what we decided during standup to the issue description. |
marko-lisica
had a problem deploying
to
Docker Hub
GitHub Actions
Error
marko-lisica
had a problem deploying
to
Docker Hub
GitHub Actions
Error
marko-lisica
temporarily deployed
to
Docker Hub
GitHub Actions
Inactive
API design for:
GitOps: For App Store apps that are supported on iOS and/or iPadOS, self-service is set to false.
For example, if app A is supported on macOS, iOS, and iPadOS, and the IT admins sets
self_servicetotrue, it will only be set totruefor macOS.DONE: Document the above GitOps scenario in GitOps reference docs.
New PR: #22102