Set GitOps custom display name for software (#35871)

Implements #33781. GitOps workflow support for custom software display names.

Author: cdcme

cmd/fleetctl/fleetctl/generate_gitops.go

@@ -1523,6 +1523,10 @@ func (cmd *GenerateGitopsCommand) generateSoftware(filePath string, teamID uint,
 				softwareSpec["categories"] = softwareTitle.SoftwarePackage.Categories
 			}
 
+			if softwareTitle.DisplayName != "" {
+				softwareSpec["display_name"] = softwareTitle.DisplayName
+			}
+
 			// each package is listed once in software, so we can pull icon directly here
 			if downloadIcons && softwareTitle.IconUrl != nil && strings.HasPrefix(*softwareTitle.IconUrl, "/api") {
 				fileName := fmt.Sprintf("lib/%s/icons/%s", teamFilename, filenamePrefix+"-icon.png")
@@ -1551,6 +1555,10 @@ func (cmd *GenerateGitopsCommand) generateSoftware(filePath string, teamID uint,
 				softwareSpec["categories"] = softwareTitle.AppStoreApp.Categories
 			}
 
+			if softwareTitle.DisplayName != "" {
+				softwareSpec["display_name"] = softwareTitle.DisplayName
+			}
+
 			if downloadIcons && softwareTitle.IconUrl != nil && strings.HasPrefix(*softwareTitle.IconUrl, "/api") {
 				fileName := fmt.Sprintf("lib/%s/icons/%s", teamFilename, filenamePrefix+"-icon.png")
 				path := fmt.Sprintf("../%s", fileName)

cmd/fleetctl/fleetctl/testdata/gitops/team_software_app_store_display_name_too_long.yml

@@ -0,0 +1,19 @@
+name: "${TEST_TEAM_NAME}"
+team_settings:
+  secrets:
+    - secret: "ABC"
+  features:
+    enable_host_users: true
+    enable_software_inventory: true
+  host_expiry_settings:
+    host_expiry_enabled: true
+    host_expiry_window: 30
+agent_options:
+controls:
+policies:
+queries:
+software:
+  app_store_apps:
+    - app_store_id: "12345"
+      display_name: "This display name is way too long and exceeds the maximum allowed length of 255 characters for the display_name field in the database. This validation is important because the database schema uses VARCHAR(255) and we need to ensure data integrity by catching this error early during YAML parsing before it gets to the database layer where it would cause a database constraint error which is harder to debug"
+      self_service: true

cmd/fleetctl/fleetctl/testdata/gitops/team_software_installer_display_name_too_long.yml

@@ -0,0 +1,22 @@
+name: "${TEST_TEAM_NAME}"
+team_settings:
+  secrets:
+    - secret: "ABC"
+  features:
+    enable_host_users: true
+    enable_software_inventory: true
+  host_expiry_settings:
+    host_expiry_enabled: true
+    host_expiry_window: 30
+agent_options:
+controls:
+policies:
+queries:
+software:
+  packages:
+    - url: ${SOFTWARE_INSTALLER_URL}/ruby.deb
+      display_name: "This display name is way too long and exceeds the maximum allowed length of 255 characters for the display_name field in the database. This validation is important because the database schema uses VARCHAR(255) and we need to ensure data integrity by catching this error early during YAML parsing before it gets to the database layer where it would cause a database constraint error which is harder to debug"
+      install_script:
+        path: lib/install_ruby.sh
+      uninstall_script:
+        path: lib/uninstall_ruby.sh

cmd/fleetctl/fleetctl/testdata/gitops/team_software_installer_with_display_name.yml

@@ -0,0 +1,29 @@
+name: "${TEST_TEAM_NAME}"
+team_settings:
+  secrets:
+    - secret: "ABC"
+  features:
+    enable_host_users: true
+    enable_software_inventory: true
+  host_expiry_settings:
+    host_expiry_enabled: true
+    host_expiry_window: 30
+agent_options:
+controls:
+policies:
+queries:
+software:
+  packages:
+    - url: ${SOFTWARE_INSTALLER_URL}/ruby.deb
+      display_name: "Ruby Development Environment"
+      install_script:
+        path: lib/install_ruby.sh
+      uninstall_script:
+        path: lib/uninstall_ruby.sh
+    - url: ${SOFTWARE_INSTALLER_URL}/other.deb
+      self_service: true
+      display_name: "Custom Package Name"
+  app_store_apps:
+    - app_store_id: "1"
+      display_name: "My Custom VPP App"
+      self_service: true

cmd/fleetctl/integrationtest/gitops/gitops_enterprise_integration_test.go

@@ -2201,3 +2201,123 @@ team_settings:
 	require.NoError(t, err)
 	require.Len(t, titles, 0)
 }
+
+// TestGitOpsSoftwareDisplayName tests that display names for software packages and VPP apps
+// are properly applied via GitOps.
+func (s *enterpriseIntegrationGitopsTestSuite) TestGitOpsSoftwareDisplayName() {
+	t := s.T()
+	ctx := context.Background()
+
+	user := s.createGitOpsUser(t)
+	fleetctlConfig := s.createFleetctlConfig(t, user)
+
+	const (
+		globalTemplate = `
+agent_options:
+controls:
+org_settings:
+  server_settings:
+    server_url: $FLEET_URL
+  org_info:
+    org_name: Fleet
+  secrets:
+policies:
+queries:
+`
+
+		noTeamTemplate = `name: No team
+controls:
+policies:
+software:
+  packages:
+    - url: ${SOFTWARE_INSTALLER_URL}/ruby.deb
+      display_name: Custom Ruby Name
+`
+
+		teamTemplate = `
+controls:
+software:
+  packages:
+    - url: ${SOFTWARE_INSTALLER_URL}/ruby.deb
+      display_name: Team Custom Ruby
+queries:
+policies:
+agent_options:
+name: %s
+team_settings:
+  secrets: [{"secret":"enroll_secret"}]
+`
+	)
+
+	globalFile, err := os.CreateTemp(t.TempDir(), "*.yml")
+	require.NoError(t, err)
+	_, err = globalFile.WriteString(globalTemplate)
+	require.NoError(t, err)
+	err = globalFile.Close()
+	require.NoError(t, err)
+
+	noTeamFile, err := os.CreateTemp(t.TempDir(), "*.yml")
+	require.NoError(t, err)
+	_, err = noTeamFile.WriteString(noTeamTemplate)
+	require.NoError(t, err)
+	err = noTeamFile.Close()
+	require.NoError(t, err)
+	noTeamFilePath := filepath.Join(filepath.Dir(noTeamFile.Name()), "no-team.yml")
+	err = os.Rename(noTeamFile.Name(), noTeamFilePath)
+	require.NoError(t, err)
+
+	teamName := uuid.NewString()
+	teamFile, err := os.CreateTemp(t.TempDir(), "*.yml")
+	require.NoError(t, err)
+	_, err = teamFile.WriteString(fmt.Sprintf(teamTemplate, teamName))
+	require.NoError(t, err)
+	err = teamFile.Close()
+	require.NoError(t, err)
+
+	// Set the required environment variables
+	t.Setenv("FLEET_URL", s.Server.URL)
+	testing_utils.StartSoftwareInstallerServer(t)
+
+	// Apply configs
+	_ = fleetctl.RunAppForTest(t,
+		[]string{"gitops", "--config", fleetctlConfig.Name(), "-f", globalFile.Name(), "-f", noTeamFilePath, "-f", teamFile.Name(), "--dry-run"})
+	_ = fleetctl.RunAppForTest(t,
+		[]string{"gitops", "--config", fleetctlConfig.Name(), "-f", globalFile.Name(), "-f", noTeamFilePath, "-f", teamFile.Name()})
+
+	// get the team ID
+	team, err := s.DS.TeamByName(ctx, teamName)
+	require.NoError(t, err)
+
+	// Verify display name for no team
+	noTeamTitles, _, _, err := s.DS.ListSoftwareTitles(ctx, fleet.SoftwareTitleListOptions{AvailableForInstall: true, TeamID: ptr.Uint(0)},
+		fleet.TeamFilter{User: test.UserAdmin})
+	require.NoError(t, err)
+	require.Len(t, noTeamTitles, 1)
+	require.NotNil(t, noTeamTitles[0].SoftwarePackage)
+	noTeamTitleID := noTeamTitles[0].ID
+
+	// Verify the display name is stored in the database for no team
+	var noTeamDisplayName string
+	mysql.ExecAdhocSQL(t, s.DS, func(q sqlx.ExtContext) error {
+		return sqlx.GetContext(ctx, q, &noTeamDisplayName,
+			"SELECT display_name FROM software_title_display_names WHERE team_id = ? AND software_title_id = ?",
+			0, noTeamTitleID)
+	})
+	require.Equal(t, "Custom Ruby Name", noTeamDisplayName)
+
+	// Verify display name for team
+	teamTitles, _, _, err := s.DS.ListSoftwareTitles(ctx, fleet.SoftwareTitleListOptions{TeamID: &team.ID}, fleet.TeamFilter{User: test.UserAdmin})
+	require.NoError(t, err)
+	require.Len(t, teamTitles, 1)
+	require.NotNil(t, teamTitles[0].SoftwarePackage)
+	teamTitleID := teamTitles[0].ID
+
+	// Verify the display name is stored in the database for team
+	var teamDisplayName string
+	mysql.ExecAdhocSQL(t, s.DS, func(q sqlx.ExtContext) error {
+		return sqlx.GetContext(ctx, q, &teamDisplayName,
+			"SELECT display_name FROM software_title_display_names WHERE team_id = ? AND software_title_id = ?",
+			team.ID, teamTitleID)
+	})
+	require.Equal(t, "Team Custom Ruby", teamDisplayName)
+}

cmd/fleetctl/integrationtest/gitops/software_test.go

@@ -57,6 +57,10 @@ func TestGitOpsTeamSoftwareInstallers(t *testing.T) {
 		{"testdata/gitops/team_software_installer_valid_exclude.yml", ""},
 		{"testdata/gitops/team_software_installer_invalid_unknown_label.yml",
 			"Please create the missing labels, or update your settings to not refer to these labels."},
+		// display_name tests
+		{"testdata/gitops/team_software_installer_with_display_name.yml", ""},
+		{"testdata/gitops/team_software_installer_display_name_too_long.yml", "display_name is too long (max 255 characters)"},
+		{"testdata/gitops/team_software_app_store_display_name_too_long.yml", "display_name is too long (max 255 characters)"},
 		// team tests for setup experience software/script
 		{"testdata/gitops/team_setup_software_valid.yml", ""},
 		{"testdata/gitops/team_setup_software_on_package.yml", ""},

ee/server/service/software_installers.go

@@ -2075,6 +2075,7 @@ func (svc *Service) softwareBatchUpload(
 				LabelsExcludeAny:   p.LabelsExcludeAny,
 				ValidatedLabels:    p.ValidatedLabels,
 				Categories:         p.Categories,
+				DisplayName:        p.DisplayName,
 			}
 
 			var extraInstallers []*fleet.UploadSoftwareInstallerPayload

ee/server/service/vpp.go

@@ -81,6 +81,7 @@ func (svc *Service) BatchAssociateVPPApps(ctx context.Context, teamName string,
 			LabelsExcludeAny:   payload.LabelsExcludeAny,
 			LabelsIncludeAny:   payload.LabelsIncludeAny,
 			Categories:         payload.Categories,
+			DisplayName:        payload.DisplayName,
 		}, {
 			AppStoreID:         payload.AppStoreID,
 			SelfService:        payload.SelfService,
@@ -89,6 +90,7 @@ func (svc *Service) BatchAssociateVPPApps(ctx context.Context, teamName string,
 			LabelsExcludeAny:   payload.LabelsExcludeAny,
 			LabelsIncludeAny:   payload.LabelsIncludeAny,
 			Categories:         payload.Categories,
+			DisplayName:        payload.DisplayName,
 		}, {
 			AppStoreID:         payload.AppStoreID,
 			SelfService:        payload.SelfService,
@@ -97,6 +99,7 @@ func (svc *Service) BatchAssociateVPPApps(ctx context.Context, teamName string,
 			LabelsExcludeAny:   payload.LabelsExcludeAny,
 			LabelsIncludeAny:   payload.LabelsIncludeAny,
 			Categories:         payload.Categories,
+			DisplayName:        payload.DisplayName,
 		}}...)
 	}
 
@@ -149,6 +152,7 @@ func (svc *Service) BatchAssociateVPPApps(ctx context.Context, teamName string,
 				InstallDuringSetup: payload.InstallDuringSetup,
 				ValidatedLabels:    validatedLabels,
 				CategoryIDs:        catIDs,
+				DisplayName:        &payload.DisplayName,
 			})
 		}
 

pkg/spec/gitops.go

@@ -1236,6 +1236,12 @@ func parseSoftware(top map[string]json.RawMessage, result *GitOps, baseDir strin
 			continue
 		}
 
+		// Validate display_name length (matches database VARCHAR(255))
+		if len(item.DisplayName) > 255 {
+			multiError = multierror.Append(multiError, fmt.Errorf("app_store_id %q display_name is too long (max 255 characters)", item.AppStoreID))
+			continue
+		}
+
 		item = item.ResolvePaths(baseDir)
 
 		result.Software.AppStoreApps = append(result.Software.AppStoreApps, &item)
@@ -1389,6 +1395,12 @@ func parseSoftware(top map[string]json.RawMessage, result *GitOps, baseDir strin
 				}
 			}
 
+			// Validate display_name length (matches database VARCHAR(255))
+			if len(softwarePackageSpec.DisplayName) > 255 {
+				multiError = multierror.Append(multiError, fmt.Errorf("software package %q display_name is too long (max 255 characters)", softwarePackageSpec.URL))
+				continue
+			}
+
 			result.Software.Packages = append(result.Software.Packages, softwarePackageSpec)
 		}
 	}

pkg/spec/gitops_test.go

@@ -1389,6 +1389,65 @@ func TestInvalidSoftwareInstallerHash(t *testing.T) {
 	assert.ErrorContains(t, err, "must be a valid lower-case hex-encoded (64-character) SHA-256 hash value")
 }
 
+func TestSoftwareDisplayNameValidation(t *testing.T) {
+	t.Parallel()
+	appConfig := &fleet.EnrichedAppConfig{}
+	appConfig.License = &fleet.LicenseInfo{
+		Tier: fleet.TierPremium,
+	}
+
+	// Create a string with 256 'a' characters (exceeds 255 limit)
+	longDisplayName := strings.Repeat("a", 256)
+
+	t.Run("package_display_name_too_long", func(t *testing.T) {
+		config := getTeamConfig([]string{"name", "software"})
+		// Use hash instead of URL to avoid script validation before display_name validation
+		config += `name: Test Team
+software:
+  packages:
+    - hash_sha256: "abcd1234abcd1234abcd1234abcd1234abcd1234abcd1234abcd1234abcd1234"
+      display_name: "` + longDisplayName + `"
+`
+		path, basePath := createTempFile(t, "", config)
+		_, err := GitOpsFromFile(path, basePath, appConfig, nopLogf)
+		assert.ErrorContains(t, err, "display_name is too long (max 255 characters)")
+	})
+
+	t.Run("app_store_display_name_too_long", func(t *testing.T) {
+		config := getTeamConfig([]string{"name", "software"})
+		config += `name: Test Team
+software:
+  app_store_apps:
+    - app_store_id: "12345"
+      display_name: "` + longDisplayName + `"
+`
+		path, basePath := createTempFile(t, "", config)
+		_, err := GitOpsFromFile(path, basePath, appConfig, nopLogf)
+		assert.ErrorContains(t, err, "display_name is too long (max 255 characters)")
+	})
+
+	t.Run("valid_display_name", func(t *testing.T) {
+		config := getTeamConfig([]string{"name", "software"})
+		// Use hash instead of URL to avoid network calls, and no scripts required
+		config += `name: Test Team
+software:
+  packages:
+    - hash_sha256: "abcd1234abcd1234abcd1234abcd1234abcd1234abcd1234abcd1234abcd1234"
+      display_name: "Custom Package Name"
+  app_store_apps:
+    - app_store_id: "12345"
+      display_name: "Custom VPP App Name"
+`
+		path, basePath := createTempFile(t, "", config)
+		result, err := GitOpsFromFile(path, basePath, appConfig, nopLogf)
+		require.NoError(t, err)
+		require.Len(t, result.Software.Packages, 1)
+		assert.Equal(t, "Custom Package Name", result.Software.Packages[0].DisplayName)
+		require.Len(t, result.Software.AppStoreApps, 1)
+		assert.Equal(t, "Custom VPP App Name", result.Software.AppStoreApps[0].DisplayName)
+	})
+}
+
 func TestWebhookPolicyIDsValidation(t *testing.T) {
 	t.Parallel()