mirror of
https://github.com/fleetdm/fleet
synced 2026-04-21 21:47:20 +00:00
deec6aa904
<!-- Add the related story/sub-task/bug number, like Resolves #123, or remove if NA --> **Related issue:** Resolves #42008 # Details Step one in https://github.com/fleetdm/fleet/issues/40171. This PR adds a new `exceptions` subsection to the current GitOps config, with boolean keys for software, secrets and labels. For existing instances a migration is included to set labels and secrets to `true`. For new instances, only `secrets` will be `true`. # Checklist for submitter If some of the following don't apply, delete the relevant line. - [ ] Changes file added for user-visible changes in `changes/`, `orbit/changes/` or `ee/fleetd-chrome/changes`. See [Changes files](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/guides/committing-changes.md#changes-files) for more information. n/a, will put changelog in when more functionality is implemented. ## Testing - [X] Added/updated automated tests - [X] QA'd all new/changed functionality manually (https://github.com/fleetdm/fleet/blob/main/docs/Contributing/reference/patterns-backend.md#unit-testing) (updates to one hosts's records do not affect another) - [X] ran migration and verified that app config had `gitops.exceptions` with `software: false, secrets: true, labels: true` - [X] created a new instance and verified that that app config had `gitops.exceptions` with `software: false, secrets: true, labels: false` - [X] verified that the PATCH /config API works and can update exceptions independently of other config ## Database migrations - [X] Checked schema for all modified table for columns that will auto-update timestamps during migration. n/a - [X] Confirmed that updating the timestamps is acceptable, and will not cause unwanted side effects. n/a - [X] Ensured the correct collation is explicitly set for character columns (`COLLATE utf8mb4_unicode_ci`). n/a ## New Fleet configuration settings - [X] Setting(s) is/are explicitly excluded from GitOps these will not be set in GitOps, since they're _about_ how GitOps works. <!-- This is an auto-generated comment: release notes by coderabbit.ai --> ## Summary by CodeRabbit ## Release Notes * **New Features** * GitOps configuration now supports exception settings for granular resource control. Administrators can configure which specific resource types (labels, software, and secrets) are included in or excluded from GitOps mode operations. * **Improvements** * Improved GitOps configuration handling to preserve exception settings during partial updates and system migrations. <!-- end of auto-generated comment: release notes by coderabbit.ai -->
26 lines
648 B
Go
26 lines
648 B
Go
package tables
|
|
|
|
import (
|
|
"database/sql"
|
|
|
|
"github.com/fleetdm/fleet/v4/server/fleet"
|
|
)
|
|
|
|
func init() {
|
|
MigrationClient.AddMigration(Up_20260323144117, Down_20260323144117)
|
|
}
|
|
|
|
func Up_20260323144117(tx *sql.Tx) error {
|
|
return updateAppConfigJSON(tx, func(config *fleet.AppConfig) error {
|
|
// For existing instances, preserve current implicit behavior:
|
|
// labels and secrets were already no-ops when omitted from GitOps.
|
|
config.GitOpsConfig.Exceptions.Labels = true
|
|
config.GitOpsConfig.Exceptions.Secrets = true
|
|
config.GitOpsConfig.Exceptions.Software = false
|
|
return nil
|
|
})
|
|
}
|
|
|
|
func Down_20260323144117(tx *sql.Tx) error {
|
|
return nil
|
|
}
|