Elgato_dark/fleet
1
0
Fork 0
mirror of https://github.com/fleetdm/fleet synced 2026-05-24 09:28:54 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 30
fleet/server/datastore/mysql
History
Scott Gress ddc0ee703d
Update policy membership when policy labels change (#39201) 
<!-- Add the related story/sub-task/bug number, like Resolves #123, or
remove if NA -->
**Related issue:** Resolves #37182 

# Details

The `policy_membership` table records pass/fail status for each (host,
policy) tuple where the policy targets that host and has run at least
once on the host. It's used to get the # of failing policies for a host,
for the Fleet Desktop icon menu as well as the Policies badge on the
host details page.

When a policy changes materially (e.g. the query changed) we wipe all of
the `policy_membership` records for it, and if the `platform` changes we
_selectively_ wiped records for hosts that no longer met the platform
requirements. This PR adds logic to selectively wipe records for hosts
that no longer meet _label_ requirements when those requirements change.
This fixes issues where a policy would change which labels it applied
to, but hosts that weren't members of the new label set would still show
failures for that policy when clicking the Fleet Desktop icon.

# Checklist for submitter

If some of the following don't apply, delete the relevant line.

- [X] Changes file added for user-visible changes in `changes/`,
`orbit/changes/` or `ee/fleetd-chrome/changes`.
See [Changes
files](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/guides/committing-changes.md#changes-files)
for more information.

- [X] Input data is properly validated, `SELECT *` is avoided, SQL
injection is prevented (using placeholders for values in statements)

## Testing

- [X] Added/updated automated tests
- [X] Where appropriate, [automated tests simulate multiple hosts and
test for host
isolation](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/reference/patterns-backend.md#unit-testing)
(updates to one hosts's records do not affect another)

- [X] QA'd all new/changed functionality manually
2026-02-11 08:56:01 -06:00
..
migrations Only reverify Android profiles if they failed due to non-compliance (#39645) 2026-02-10 16:50:22 -05:00
rdsauth Refactored RDS IAM authentication logic into a dedicated rdsauth package (#36847) 2025-12-10 16:21:35 -06:00
testdata Ingest, store, consider in unique_identifier, and serve upgrade_codes for Windows software (#34786) 2025-11-07 15:33:31 -08:00
activities.go Activity bounded context: Complete read operations (#38555) 2026-02-09 15:29:12 -06:00
activities_test.go Activity bounded context: Complete read operations (#38555) 2026-02-09 15:29:12 -06:00
aggregated_stats.go
aggregated_stats_test.go
android.go Only reverify Android profiles if they failed due to non-compliance (#39645) 2026-02-10 16:50:22 -05:00
android_device_test.go Moved common_mysql package to server/platform/mysql (#38017) 2026-01-08 13:17:19 -06:00
android_enterprise_test.go Moved common_mysql package to server/platform/mysql (#38017) 2026-01-08 13:17:19 -06:00
android_enterprises.go Moved common_mysql package to server/platform/mysql (#38017) 2026-01-08 13:17:19 -06:00
android_hosts.go Feature branch for Android config profiles (#32976) 2025-09-22 11:29:57 -04:00
android_mysql.go Moved common_mysql package to server/platform/mysql (#38017) 2026-01-08 13:17:19 -06:00
android_test.go Only reverify Android profiles if they failed due to non-compliance (#39645) 2026-02-10 16:50:22 -05:00
app_configs.go Fix: incorrect timestamps returned for Label and Team creation (#38846) 2026-01-27 18:02:48 -03:00
app_configs_test.go Use lighter Team call when it's obviously safe to do so, comment potential areas for further improvement (#35587) 2025-11-17 17:25:45 -06:00
apple_mdm.go Fix bootstrap assignment in preassign endpoint (#39619) 2026-02-10 16:55:00 -05:00
apple_mdm_ddm_test.go Updated SQL modes in tests to match production. (#31445) 2025-08-03 08:18:13 +02:00
apple_mdm_test.go 38543 disk encryption miscount (#39497) 2026-02-06 14:45:58 -05:00
ca_config_assets.go Add custom SCEP configs (#27045) 2025-03-14 12:16:51 -05:00
ca_config_assets_test.go Add custom SCEP configs (#27045) 2025-03-14 12:16:51 -05:00
calendar_events.go
calendar_events_test.go Handle null HostID on calendar webhook endpoint (#30130) 2025-06-23 13:10:10 -04:00
campaigns.go Add CleanupCompletedCampaignTargets to cleanup old campaign targets. (#32385) 2025-08-28 11:04:05 -05:00
campaigns_test.go Add CleanupCompletedCampaignTargets to cleanup old campaign targets. (#32385) 2025-08-28 11:04:05 -05:00
carves.go Authenticate carve block endpoint before parsing the "data" field (#39353) 2026-02-05 15:55:03 -03:00
carves_test.go
certificate_authorities.go Moved common_mysql package to server/platform/mysql (#38017) 2026-01-08 13:17:19 -06:00
certificate_authorities_test.go EST certificate proxy backend and configs (#34689) 2025-11-04 16:27:15 -05:00
certificate_templates.go Optimizing certificate template batch delete auth (#38650) 2026-01-24 17:47:17 -06:00
certificate_templates_test.go Optimizing certificate template batch delete auth (#38650) 2026-01-24 17:47:17 -06:00
challenges.go Fixed Android certificate enrollment failures caused by SCEP challenge expiration when devices were offline. (#38753) 2026-01-28 10:33:37 -06:00
conditional_access_bypass.go Add conditional access already bypassed check (#39037) 2026-02-02 10:35:55 -05:00
conditional_access_bypass_test.go Add conditional access already bypassed check (#39037) 2026-02-02 10:35:55 -05:00
conditional_access_microsoft.go Microsoft Compliance Partner backend changes (#29540) 2025-06-11 14:22:46 -03:00
conditional_access_microsoft_test.go Add app_sso_platform table to orbit and use table in Entra ID query ingestion (#30140) 2025-06-20 17:01:38 -03:00
conditional_access_scep.go Okta IdP factor (#35143) 2025-11-07 16:19:25 -06:00
conditional_access_scep_test.go Okta IdP factor (#35143) 2025-11-07 16:19:25 -06:00
config.go Moved common_mysql package to server/platform/mysql (#38017) 2026-01-08 13:17:19 -06:00
cron_stats.go
cron_stats_test.go
delete.go
delete_test.go
disk_encryption.go Refactoring suggested in #31634 (#31839) 2025-08-13 10:24:32 -04:00
disk_encryption_test.go Added new global activity when disk encryption key is escrowed (#31634) 2025-08-08 12:14:48 -04:00
email_changes.go
email_changes_test.go
errors.go Moved common_mysql package to server/platform/mysql (#38017) 2026-01-08 13:17:19 -06:00
errors_test.go Fix UI error message when adding duplicate software title to a team (#36394) 2025-12-09 08:48:10 -05:00
fulltext.go Update to Go 1.24.1 (#27506) 2025-03-31 11:14:09 -05:00
fulltext_test.go
host_certificate_templates.go Fixed Android certificate enrollment failures caused by SCEP challenge expiration when devices were offline. (#38753) 2026-01-28 10:33:37 -06:00
host_certificate_templates_test.go Fixed Android certificate enrollment failures caused by SCEP challenge expiration when devices were offline. (#38753) 2026-01-28 10:33:37 -06:00
host_certificates.go Ingest Windows host certificates via osquery (#36771) 2025-12-11 09:53:41 -06:00
host_certificates_test.go DCSW: Allow Windows profiles to hit SCEP Proxy (#35041) 2025-11-06 11:14:49 -03:00
host_identity_scep.go Moved common_mysql package to server/platform/mysql (#38017) 2026-01-08 13:17:19 -06:00
host_identity_scep_test.go Fleet server verifies HTTP signature (#30825) 2025-07-16 20:08:27 +02:00
hosts.go 38543 disk encryption miscount (#39497) 2026-02-06 14:45:58 -05:00
hosts_test.go 38543 disk encryption miscount (#39497) 2026-02-06 14:45:58 -05:00
in_house_apps.go Fail in-house app installs when host unenrolls (#38803) 2026-01-26 15:45:52 -05:00
in_house_apps_test.go Activity bounded context: Complete read operations (#38555) 2026-02-09 15:29:12 -06:00
invites.go
invites_test.go
jobs.go Cancel batch execution API (#31757) 2025-08-11 15:17:57 -04:00
jobs_test.go Allow worker to filter queue by job type (#31556) 2025-08-06 17:22:48 -05:00
labels.go Fix: incorrect timestamps returned for Label and Team creation (#38846) 2026-01-27 18:02:48 -03:00
labels_test.go Add Iru to list of well known MDMs (#38144) 2026-02-02 19:42:28 -06:00
linux_mdm.go
linux_mdm_test.go Added new global activity when disk encryption key is escrowed (#31634) 2025-08-08 12:14:48 -04:00
locks.go
locks_test.go
maintained_apps.go Support for fleet maintained apps in gitops (#28751) 2025-05-07 18:16:08 -05:00
maintained_apps_test.go Persist download URL when adding FMAs via non-GitOps API, fix software versions on GitOps YAML generation (#30331) 2025-06-26 14:29:23 -05:00
mdm.go add additional logging for SCEP proxy and SCEP profiles (#39501) 2026-02-09 14:46:30 -05:00
mdm_idp_accounts_test.go Add support for fully-managed android devices (#39388) 2026-02-06 10:46:25 -05:00
mdm_test.go Add support for fully-managed android devices (#39388) 2026-02-06 10:46:25 -05:00
microsoft_mdm.go Windows MDM app level impl (#38842) 2026-01-28 09:46:53 -05:00
microsoft_mdm_test.go handle non atomic windows profiles when sending and receiving (#38332) 2026-01-19 11:16:28 -05:00
migrations_test.go Moved common_mysql package to server/platform/mysql (#38017) 2026-01-08 13:17:19 -06:00
mysql.go Added OTEL log export support (#39279) 2026-02-06 18:57:28 -06:00
mysql_test.go Moved common_mysql package to server/platform/mysql (#38017) 2026-01-08 13:17:19 -06:00
nanomdm_storage.go Moved common_mysql package to server/platform/mysql (#38017) 2026-01-08 13:17:19 -06:00
nanomdm_storage_test.go Add lost mode behaviour for iOS/iPadOS (#33805) 2025-10-14 11:30:05 -03:00
operating_system_vulnerabilities.go Moved common_mysql package to server/platform/mysql (#38017) 2026-01-08 13:17:19 -06:00
operating_system_vulnerabilities_batch_test.go os_versions endpoint performance improvements (#34897) 2025-11-03 13:07:44 -06:00
operating_system_vulnerabilities_test.go os_versions endpoint performance improvements (#34897) 2025-11-03 13:07:44 -06:00
operating_systems.go Moved common_mysql package to server/platform/mysql (#38017) 2026-01-08 13:17:19 -06:00
operating_systems_test.go
packs.go
packs_test.go
password_reset.go
password_reset_test.go
policies.go Update policy membership when policy labels change (#39201) 2026-02-11 08:56:01 -06:00
policies_test.go Update policy membership when policy labels change (#39201) 2026-02-11 08:56:01 -06:00
queries.go Show Manage Automations disabled button with tooltip on Queries page (#39302) 2026-02-09 15:16:28 -03:00
queries_test.go Show Manage Automations disabled button with tooltip on Queries page (#39302) 2026-02-09 15:16:28 -03:00
query_results.go Improve performance when recording schedule query results (#38524) 2026-01-27 10:33:47 -06:00
query_results_test.go Improve performance when recording schedule query results (#38524) 2026-01-27 10:33:47 -06:00
scep.go Add SCEP endpoint for host identity. (#30589) 2025-07-11 11:44:07 -03:00
scep_test.go Updated SQL modes in tests to match production. (#31445) 2025-08-03 08:18:13 +02:00
scheduled_queries.go Update to Go 1.24.1 (#27506) 2025-03-31 11:14:09 -05:00
scheduled_queries_test.go
schema.sql Only reverify Android profiles if they failed due to non-compliance (#39645) 2026-02-10 16:50:22 -05:00
scim.go Moved common_mysql package to server/platform/mysql (#38017) 2026-01-08 13:17:19 -06:00
scim_test.go Resend Windows profiles on IDP variables change (#37032) 2025-12-10 15:08:01 -04:00
scripts.go Reset attempt numbers on policy/script/installer modifications (#38748) 2026-01-27 16:41:44 -06:00
scripts_test.go Reset attempt numbers on policy/script/installer modifications (#38748) 2026-01-27 16:41:44 -06:00
secret_variables.go XML escape $FLEET_SECRET in XML files (#37255) 2025-12-16 09:51:48 -04:00
secret_variables_test.go XML escape $FLEET_SECRET in XML files (#37255) 2025-12-16 09:51:48 -04:00
sessions.go
sessions_test.go
setup_experience.go Bugfix: use custom software title icon and display name in setup experience UI (#39223) 2026-02-03 14:56:16 -05:00
setup_experience_test.go Don't run setup experience on host that was previously enrolled (#38318) 2026-01-28 08:44:42 -06:00
software.go Add support for .sh scripts on macOS (#39479) 2026-02-09 15:24:37 -05:00
software_installers.go Add support for .sh scripts on macOS (#39479) 2026-02-09 15:24:37 -05:00
software_installers_test.go Add support for .sh scripts on macOS (#39479) 2026-02-09 15:24:37 -05:00
software_test.go Add support for .sh scripts on macOS (#39479) 2026-02-09 15:24:37 -05:00
software_title_display_names.go Bugfix: use custom software title icon and display name in setup experience UI (#39223) 2026-02-03 14:56:16 -05:00
software_title_icons.go Followup: fix edit IHA title icon activity (#35439) 2025-11-10 12:40:47 -05:00
software_title_icons_test.go Return icon in in-house app metadata (#35568) 2025-11-12 09:37:54 -05:00
software_titles.go Fleet UI: Allow users from other teams to see software title name (#32277) 2026-01-26 18:11:59 -05:00
software_titles_test.go IPA: validate conflicts with other installers, return proper error (#38005) 2026-01-13 10:30:03 -05:00
software_upgrade_code_test.go Fixed issue where different variations of the same software weren't linked to the same software title. (#38926) 2026-01-30 23:04:10 +01:00
statistics.go Obfuscate calendar key (#38687) 2026-01-26 16:59:13 -07:00
statistics_test.go Add statistic to measure ABM pending hosts (#28226) 2025-04-15 11:30:07 -04:00
targets.go
targets_test.go API + auth + UI changes for team labels (#37208) 2025-12-29 21:28:45 -06:00
teams.go Fix: incorrect timestamps returned for Label and Team creation (#38846) 2026-01-27 18:02:48 -03:00
teams_test.go API + auth + UI changes for team labels (#37208) 2025-12-29 21:28:45 -06:00
testing_utils.go Activity bounded context: Complete read operations (#38555) 2026-02-09 15:29:12 -06:00
unicode_test.go
users.go Added UserSummary type for UsersByIDs. (#38710) 2026-01-23 15:06:52 -06:00
users_test.go Prevent user invite race condition (#29559) 2025-05-29 15:26:02 -04:00
vpp.go Fail in-house app installs when host unenrolls (#38803) 2026-01-26 15:45:52 -05:00
vpp_test.go Add support for fully-managed android devices (#39388) 2026-02-06 10:46:25 -05:00
vulnerabilities.go Atomic vulnerability count calculations (#35317) 2025-11-12 13:09:34 -07:00
vulnerabilities_test.go Moved common_mysql package to server/platform/mysql (#38017) 2026-01-08 13:17:19 -06:00
windows_updates.go
windows_updates_test.go
wstep.go Add SCEP endpoint for host identity. (#30589) 2025-07-11 11:44:07 -03:00
wstep_test.go