Add RemoveApplication method #25078
Add RemoveApplication method #25078
Conversation
|
@jspenc72 Thanks for working on this! I just dropped the checklist down to what should be applicable here once this feature is fleshed out, as I don't think you'll need database migrations or BC bcreaking API changes to make this work. I believe the next step here is to update the uninstall logic to queue up this profile when interacting with an iOS/iPadOS target rather than failing, and then add tests covering the new behavior. Final piece would be to expose this functionality in the web UI. Get as far as you can; it's a question of when rather than if on picking up where you left off and finishing this feature, but my guess is that this would hit in 4.64.0 depending on what's left to build by the time product works through that UI tweaks need to happen here. You'll likely have to rebase/merge from main soonish as we have some failing tests on Adding myself as a watcher on this until it's prioritized, so I'll see any pushes/questions as they come up. |
jspenc72
force-pushed
the
jspenc72/25077-apple-mdm-remove-application
branch
from
66cac37 to
a82a062
Compare
…/github.com/jspenc72/fleet into jspenc72/25077-apple-mdm-remove-application
Codecov ReportAttention: Patch coverage is
Additional details and impacted files@@ Coverage Diff @@
## main #25078 +/- ##
==========================================
+ Coverage 54.30% 63.81% +9.50%
==========================================
Files 1615 1615
Lines 153594 153657 +63
Branches 4004 3952 -52
==========================================
+ Hits 83416 98049 +14633
+ Misses 63296 47803 -15493
- Partials 6882 7805 +923
Flags with carried forward coverage won't be shown. Click here to find out more. ☔ View full report in Codecov by Sentry. |
|
Hey FleetDM friends! this pr is working as intended but the action is not yet recorded in the database as it should be. A little guidance on how to record the uninstall request would be much appreciated. Rebased as per your suggestion. The latest commit successfully removed the application via apple mdm push notifications. I manually QA'd this on iOS and iPadOS devices. |
| if host.OrbitNodeKey == nil || *host.OrbitNodeKey == "" { | ||
| // fleetd is required to install software so if the host is enrolled via plain osquery we return an error | ||
| svc.authz.SkipAuthorization(ctx) | ||
| return fleet.NewUserMessageError(errors.New("host does not have fleetd installed"), http.StatusUnprocessableEntity) | ||
| // fleetd is required to install software so if the host is enrolled via plain osquery we | ||
| // return an error | ||
| // Handle iOS and iPadOS devices | ||
| if !strings.Contains(host.OSVersion, "iPadOS") && !strings.Contains(host.OSVersion, "iOS") { | ||
| svc.authz.SkipAuthorization(ctx) | ||
| return fleet.NewUserMessageError(errors.New("host does not have fleetd installed"), http.StatusUnprocessableEntity) | ||
| } else { | ||
| // For iOS and iPadOS devices, we don't need fleetd to install/uninstall software | ||
| // We can proceed with the uninstallation | ||
| fmt.Printf("iOS and iPadOS devices don't need fleetd to install/uninstall software, proceed to uninstall via Apple MDM") | ||
| } | ||
| } |
There was a problem hiding this comment.
You can use the same validation here as in the InstallSoftwareTitle method:
platform := host.FleetPlatform()
mobileAppleDevice := fleet.AppleDevicePlatform(platform) == fleet.IOSPlatform || fleet.AppleDevicePlatform(platform) == fleet.IPadOSPlatform
if !mobileAppleDevice && (host.OrbitNodeKey == nil || *host.OrbitNodeKey == "") {
// fleetd is required to install software so if the host is
// enrolled via plain osquery we return an error
svc.authz.SkipAuthorization(ctx)
return fleet.NewUserMessageError(errors.New("Host doesn't have fleetd installed"), http.StatusUnprocessableEntity)
}
| @@ -1091,6 +1100,24 @@ func (svc *Service) UninstallSoftwareTitle(ctx context.Context, hostID uint, sof | |||
| if err := svc.authz.Authorize(ctx, &fleet.HostSoftwareInstallerResultAuthz{HostTeamID: host.TeamID}, fleet.ActionWrite); err != nil { | |||
| return err | |||
| } | |||
| // Try Apple MDM uninstallation for iOS and iPadOS devices | |||
|
|
|||
| if strings.Contains(host.OSVersion, "iPadOS") || strings.Contains(host.OSVersion, "iOS") { | |||
There was a problem hiding this comment.
Should this work for macOS as well?
| argErr *fleet.InvalidArgumentError) *fleet.InvalidArgumentError { | ||
| argErr *fleet.InvalidArgumentError, | ||
| ) *fleet.InvalidArgumentError { |
There was a problem hiding this comment.
Any way you can remove these formatting changes? Your IDE should have a setting something like: only format modified lines.
| return ctxerr.Wrapf(ctx, err, "sending command to uninstall VPP %s application to host with serial %s", vppApp.BundleIdentifier, host.HardwareSerial) | ||
| } | ||
| return nil | ||
| } |
There was a problem hiding this comment.
When MDM command result comes back, we need to process it, similar to what we do for InstallApplication:
fleet/server/service/apple_mdm.go
Line 2976 in a222c38
Update the database
We need to add uninstall column to host_vpp_software_installs and use similar pattern as we do with script-based software installs:
Need to update the vppAppJoin method similar to softwareInstallerJoin:
Add host activity record
Should be able to use ActivityTypeUninstalledSoftware:
fleet/server/fleet/activities.go
Line 1634 in 3123324
Checklist for submitter
If some of the following don't apply, delete the relevant line.
changes/,orbit/changes/oree/fleetd-chrome/changes.See Changes files for more information.