API design: Scope configuration profiles to hosts by excluding any label #18844
Conversation
| }, | ||
| { | ||
| "path": "path/to/profile2.json", | ||
| "labels": ["Label 3", "Label 4"] | ||
| "labels_include_all": ["Label 3", "Label 4"] |
There was a problem hiding this comment.
Break the existing labels key in the response. Change it to labels_include_all
| @@ -4721,7 +4721,8 @@ Add a configuration profile to enforce custom settings on macOS and Windows host | |||
| | ------------------------- | -------- | ---- | ------------------------------------------------------------------------------------------------------------- | | |||
| | profile | file | form | **Required.** The .mobileconfig and JSON for macOS or XML for Windows file containing the profile. | | |||
| | team_id | string | form | _Available in Fleet Premium_. The team ID for the profile. If specified, the profile is applied to only hosts that are assigned to the specified team. If not specified, the profile is applied to only to hosts that are not assigned to any team. | | |||
| | labels | array | form | _Available in Fleet Premium_. An array of labels to filter hosts in a team (or no team) that should get a profile. | | |||
| | labels_include_all | array | form | _Available in Fleet Premium_. Profile will only be applied to hosts that have all of these labels. | | |||
There was a problem hiding this comment.
Add a second name for existing labels key: labels_include_all
Both keys have the same behavior: profile is only applied to hosts that have all labels.
There was a problem hiding this comment.
Note that we added a second name for POST /api/v1/fleet/mdm/profiles: POST /api/v1/fleet/configuration_profiles
These changes should apply if using either endpoint.
Open docs PR for the new name is here: #16728
| @@ -4872,7 +4873,7 @@ List all configuration profiles for macOS and Windows hosts enrolled to Fleet's | |||
| "created_at": "2023-04-31T00:00:00Z", | |||
| "updated_at": "2023-04-31T00:00:00Z", | |||
| "checksum": "aCLemVr)", | |||
| "labels": [ | |||
| "labels_include_all": [ | |||
There was a problem hiding this comment.
Break the existing labels key in the response. Change it to labels_include_all
There was a problem hiding this comment.
Note that we added a second name for GET /api/v1/fleet/mdm/profiles: GET /api/v1/fleet/configuration_profiles
These changes should apply if using either endpoint.
Open docs PR for the new name is here: #16728
| @@ -1281,9 +1281,9 @@ If the `name` is not already associated with an existing team, this API route cr | |||
| | mdm.macos_updates.minimum_version | string | body | The required minimum operating system version. | | |||
| | mdm.macos_updates.deadline | string | body | The required installation date for Nudge to enforce the operating system version. | | |||
| | mdm.macos_settings | object | body | The macOS-specific MDM settings. | | |||
| | mdm.macos_settings.custom_settings | list | body | The list of objects consists of a `path` to .mobileconfig or JSON file and `labels` list of label names. | | |||
| | mdm.macos_settings.custom_settings | list | body | The list of objects consists of a `path` to .mobileconfig or JSON file and `labels_include_all` or `labels_exclude_any` list of label names. | | |||
There was a problem hiding this comment.
Add a second name for existing labels key: labels_include_all
Both keys have the same behavior: profile is only applied to hosts that have all labels.
| | mdm.windows_settings | object | body | The Windows-specific MDM settings. | | ||
| | mdm.windows_settings.custom_settings | list | body | The list of objects consists of a `path` to XML files and `labels` list of label names. | | ||
| | mdm.windows_settings.custom_settings | list | body | The list of objects consists of a `path` to XML files and `labels_include_all` or `labels_exclude_any` list of label names. | |
There was a problem hiding this comment.
Add a second name for existing labels key: labels_include_all
Both keys have the same behavior: profile is only applied to hosts that have all labels.
| @@ -1345,18 +1345,18 @@ If the `name` is not already associated with an existing team, this API route cr | |||
| "macos_settings": { | |||
| "custom_settings": { | |||
| "path": "path/to/profile1.mobileconfig" | |||
| "labels": ["Label 1", "Label 2"] | |||
| "labels_include_all": ["Label 1", "Label 2"] | |||
There was a problem hiding this comment.
Break the existing labels key in the response. Change it to labels_include_all
| @@ -597,7 +597,7 @@ Once base64-decoded, they are PEM-encoded certificate and keys. | |||
| | team_id | number | query | _Available in Fleet Premium_ The team ID to apply the custom settings to. Only one of `team_name`/`team_id` can be provided. | | |||
| | team_name | string | query | _Available in Fleet Premium_ The name of the team to apply the custom settings to. Only one of `team_name`/`team_id` can be provided. | | |||
| | dry_run | bool | query | Validate the provided profiles and return any validation errors, but do not apply the changes. | | |||
| | profiles | json | body | An array of objects, consisting of a `profile` base64-encoded .mobileconfig or JSON for macOS and XML (Windows) file, `labels` array of strings (label names), and `name` display name (for Windows configuration profiles and macOS declaration profiles). | | |||
| | profiles | json | body | An array of objects, consisting of a `profile` base64-encoded .mobileconfig or JSON for macOS and XML (Windows) file, `labels_include_all` or `labels_exclude_any` array of strings (label names), and `name` display name (for Windows configuration profiles and macOS declaration profiles). | | |||
There was a problem hiding this comment.
Add a second name for existing labels key: labels_include_all
Both keys have the same behavior: profile is only applied to hosts that have all labels.
| @@ -4923,7 +4924,7 @@ If one or more assigned labels are deleted the profile is considered broken (`br | |||
| "created_at": "2023-03-31T00:00:00Z", | |||
| "updated_at": "2023-03-31T00:00:00Z", | |||
| "checksum": "dGVzdAo=", | |||
| "labels": [ | |||
| "labels_include_all": [ | |||
There was a problem hiding this comment.
Break the existing labels key in the response. Change it to labels_include_all
There was a problem hiding this comment.
Note that we added a second name for GET /api/v1/fleet/mdm/profiles/:profile_uuid: GET /api/v1/fleet/configuration_profiles/:profile_uuid
These changes should apply if using either endpoint.
Open docs PR for the new name is here: #16728
noahtalerman
changed the title
API changes for the following story: