Elgato_dark/fleet
1
0
Fork 0
mirror of https://github.com/fleetdm/fleet synced 2026-04-21 21:47:20 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 117
fleet/frontend/hooks/useSoftwareInstallerMeta.ts
Scott Gress e62bdf17b6
Remove UI gating in GitOps mode for excepted entities (#42486) 
<!-- Add the related story/sub-task/bug number, like Resolves #123, or
remove if NA -->
**Related issue:** Resolves #42184 

# Checklist for submitter

If some of the following don't apply, delete the relevant line.

- [ ] Changes file added for user-visible changes in `changes/`,
`orbit/changes/` or `ee/fleetd-chrome/changes`.
See [Changes
files](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/guides/committing-changes.md#changes-files)
for more information.

- [ ] Input data is properly validated, `SELECT *` is avoided, SQL
injection is prevented (using placeholders for values in statements), JS
inline code is prevented especially for url redirects, and untrusted
data interpolated into shell scripts/commands is validated against shell
metacharacters.
- [ ] If paths of existing endpoints are modified without backwards
compatibility, checked the frontend/CLI for any necessary changes

## Testing

- [ ] Added/updated automated tests
- [ ] Where appropriate, [automated tests simulate multiple hosts and
test for host
isolation](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/reference/patterns-backend.md#unit-testing)
(updates to one hosts's records do not affect another)

- [ ] QA'd all new/changed functionality manually

For unreleased bug fixes in a release candidate, one of:

- [ ] Confirmed that the fix is not expected to adversely impact load
test results
- [ ] Alerted the release DRI if additional load testing is needed

## Database migrations

- [ ] Checked schema for all modified table for columns that will
auto-update timestamps during migration.
- [ ] Confirmed that updating the timestamps is acceptable, and will not
cause unwanted side effects.
- [ ] Ensured the correct collation is explicitly set for character
columns (`COLLATE utf8mb4_unicode_ci`).

## New Fleet configuration settings

- [ ] Setting(s) is/are explicitly excluded from GitOps

If you didn't check the box above, follow this checklist for
GitOps-enabled settings:

- [ ] Verified that the setting is exported via `fleetctl
generate-gitops`
- [ ] Verified the setting is documented in a separate PR to [the GitOps
documentation](https://github.com/fleetdm/fleet/blob/main/docs/Configuration/yaml-files.md#L485)
- [ ] Verified that the setting is cleared on the server if it is not
supplied in a YAML file (or that it is documented as being optional)
- [ ] Verified that any relevant UI is disabled when GitOps mode is
enabled

## fleetd/orbit/Fleet Desktop

- [ ] Verified compatibility with the latest released version of Fleet
(see [Must
rule](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/workflows/fleetd-development-and-release-strategy.md))
- [ ] If the change applies to only one platform, confirmed that
`runtime.GOOS` is used as needed to isolate changes
- [ ] Verified that fleetd runs on macOS, Linux and Windows
- [ ] Verified auto-update works from the released version of component
to the new version (see [tools/tuf/test](../tools/tuf/test/README.md))


<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->

## Summary by CodeRabbit

## Release Notes

* **New Features**
* Added support for GitOps exceptions per entity type (labels, software,
secrets), allowing specific areas to bypass GitOps mode restrictions
when configured.

* **Bug Fixes**
* Improved GitOps mode behavior to properly respect per-entity-type
exception settings across software, labels, and secrets management.

* **Tests**
  * Extended test coverage for GitOps exception handling scenarios.

<!-- end of auto-generated comment: release notes by coderabbit.ai -->
2026-03-31 09:10:56 -05:00

158 lines
4.8 KiB
TypeScript
Raw Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

import { useContext, useMemo } from "react";
import { AppContext } from "context/app";
import useGitOpsMode from "hooks/useGitOpsMode";
import { isAndroid } from "interfaces/platform";
import {
ISoftwareTitleDetails,
ISoftwarePackage,
IAppStoreApp,
isSoftwarePackage,
isIpadOrIphoneSoftwareSource,
InstallerType,
} from "interfaces/software";
import {
getInstallerCardInfo,
InstallerCardInfo,
} from "pages/SoftwarePage/SoftwareTitleDetailsPage/helpers";
import { isAndroidWebApp } from "pages/SoftwarePage/helpers";
import { compareVersions } from "utilities/helpers";
export interface SoftwareInstallerMeta {
installerType: InstallerType;
/** Includes both Google Play Store apps and Google Play Store web apps */
isAndroidPlayStoreApp: boolean;
/** Only includes Google Play Store web apps */
isAndroidPlayStoreWebApp: boolean;
isFleetMaintainedApp: boolean;
isLatestFmaVersion: boolean;
isCustomPackage: boolean;
isIosOrIpadosApp: boolean;
sha256?: string;
androidPlayStoreId?: string;
patchPolicy?: ISoftwarePackage["patch_policy"]; // Only available on FMA packages
automaticInstallPolicies:
| ISoftwarePackage["automatic_install_policies"]
| IAppStoreApp["automatic_install_policies"];
gitOpsModeEnabled: boolean;
repoURL?: string;
canManageSoftware: boolean;
/** Raw ISoftwarePackage | IAppStoreApp data */
softwareInstaller: ISoftwarePackage | IAppStoreApp;
}
export interface UseSoftwareInstallerResult {
cardInfo: InstallerCardInfo;
meta: SoftwareInstallerMeta;
}
/** This is used to extract software installer data
* (FMA, VPP, Google Playstore Apps, custom packages)
* from ISoftwareTitleDetails to be used in the UI */
export const useSoftwareInstaller = (
softwareTitle: ISoftwareTitleDetails
): UseSoftwareInstallerResult | undefined => {
const appContext = useContext(AppContext);
const { gitOpsModeEnabled, repoURL } = useGitOpsMode("software");
return useMemo(() => {
if (!softwareTitle.software_package && !softwareTitle.app_store_app) {
return undefined;
}
const cardInfo = getInstallerCardInfo(softwareTitle);
const { softwareInstaller, source } = cardInfo;
const isIosOrIpadosApp = isIpadOrIphoneSoftwareSource(source);
const installerType: InstallerType = isSoftwarePackage(softwareInstaller)
? "package"
: "app-store";
const isAndroidPlayStoreApp =
"platform" in softwareInstaller && isAndroid(softwareInstaller.platform);
const isAndroidPlayStoreWebApp =
isAndroidPlayStoreApp && "app_store_id" in softwareInstaller
? isAndroidWebApp(softwareInstaller.app_store_id)
: false;
const isFleetMaintainedApp =
"fleet_maintained_app_id" in softwareInstaller &&
!!softwareInstaller.fleet_maintained_app_id;
const isLatestFmaVersion =
isFleetMaintainedApp &&
"fleet_maintained_versions" in softwareInstaller &&
!!softwareInstaller.fleet_maintained_versions &&
softwareInstaller.fleet_maintained_versions.every(
(fma) =>
// Verify that the installer version is not older than any known
// Fleetmaintained version by requiring compareVersions to return
// 0 (equal) or 1 (greater) for every entry.
compareVersions(softwareInstaller.version ?? "", fma.version ?? "") >=
0
);
const fmaVersions =
isFleetMaintainedApp && "fleet_maintained_versions" in softwareInstaller
? softwareInstaller.fleet_maintained_versions
: [];
const isCustomPackage =
installerType === "package" && !isFleetMaintainedApp;
const sha256 =
("hash_sha256" in softwareInstaller && softwareInstaller.hash_sha256) ||
undefined;
const androidPlayStoreId =
isAndroidPlayStoreApp && "app_store_id" in softwareInstaller
? softwareInstaller?.app_store_id
: undefined;
const {
automatic_install_policies: automaticInstallPolicies,
} = softwareInstaller;
const patchPolicy =
"patch_policy" in softwareInstaller
? softwareInstaller.patch_policy
: undefined;
const {
isGlobalAdmin,
isGlobalMaintainer,
isTeamAdmin,
isTeamMaintainer,
} = appContext;
const canManageSoftware = !!(
isGlobalAdmin ||
isGlobalMaintainer ||
isTeamAdmin ||
isTeamMaintainer
);
return {
cardInfo,
meta: {
installerType,
isAndroidPlayStoreApp,
isAndroidPlayStoreWebApp,
isFleetMaintainedApp,
isLatestFmaVersion,
fmaVersions,
isCustomPackage,
isIosOrIpadosApp,
sha256,
androidPlayStoreId,
patchPolicy,
automaticInstallPolicies,
gitOpsModeEnabled,
repoURL,
canManageSoftware,
softwareInstaller,
},
};
}, [softwareTitle, appContext, gitOpsModeEnabled, repoURL]);
};
Reference in a new issue View git blame Copy permalink