Elgato_dark/fleet
1
0
Fork 0
mirror of https://github.com/fleetdm/fleet synced 2026-04-21 21:47:20 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 117
fleet/server/datastore
History
Scott Gress ddc0ee703d
Update policy membership when policy labels change (#39201) 
<!-- Add the related story/sub-task/bug number, like Resolves #123, or
remove if NA -->
**Related issue:** Resolves #37182 

# Details

The `policy_membership` table records pass/fail status for each (host,
policy) tuple where the policy targets that host and has run at least
once on the host. It's used to get the # of failing policies for a host,
for the Fleet Desktop icon menu as well as the Policies badge on the
host details page.

When a policy changes materially (e.g. the query changed) we wipe all of
the `policy_membership` records for it, and if the `platform` changes we
_selectively_ wiped records for hosts that no longer met the platform
requirements. This PR adds logic to selectively wipe records for hosts
that no longer meet _label_ requirements when those requirements change.
This fixes issues where a policy would change which labels it applied
to, but hosts that weren't members of the new label set would still show
failures for that policy when clicking the Fleet Desktop icon.

# Checklist for submitter

If some of the following don't apply, delete the relevant line.

- [X] Changes file added for user-visible changes in `changes/`,
`orbit/changes/` or `ee/fleetd-chrome/changes`.
See [Changes
files](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/guides/committing-changes.md#changes-files)
for more information.

- [X] Input data is properly validated, `SELECT *` is avoided, SQL
injection is prevented (using placeholders for values in statements)

## Testing

- [X] Added/updated automated tests
- [X] Where appropriate, [automated tests simulate multiple hosts and
test for host
isolation](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/reference/patterns-backend.md#unit-testing)
(updates to one hosts's records do not affect another)

- [X] QA'd all new/changed functionality manually
2026-02-11 08:56:01 -06:00
..
cached_mysql Okta IdP factor (#35143) 2025-11-07 16:19:25 -06:00
failing Cloudfront signing for in-house apps (#37650) 2026-01-05 16:30:31 -05:00
filesystem Cloudfront signing for in-house apps (#37650) 2026-01-05 16:30:31 -05:00
mysql Update policy membership when policy labels change (#39201) 2026-02-11 08:56:01 -06:00
mysqlredis Add activity feed entries for host deletion and expiration (#34720) 2025-10-31 09:37:31 -07:00
redis New rate limit algorithm for Fleet Desktop endpoints (#33344) 2025-09-26 15:03:50 -03:00
s3 Cloudfront signing for in-house apps (#37650) 2026-01-05 16:30:31 -05:00