Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Surface DEP (ADE) enrollment profile validation errors #17558

Open
6 tasks
roperzh opened this issue Mar 12, 2024 · 4 comments
Open
6 tasks

Surface DEP (ADE) enrollment profile validation errors #17558

roperzh opened this issue Mar 12, 2024 · 4 comments
Assignees
@georgekarrv
Labels
customer-faltona ~dogfood Issue resulted from Fleet's product dogfooding. #g-mdm MDM product group :product Product Design department (shows up on 🦢 Drafting board) story A user story defining an entire feature

Comments

@roperzh
Copy link
Member

roperzh commented Mar 12, 2024
edited by marko-lisica

Goal

User story
As a IT admin,
I want to know at upload time if my ADE (DEP) enrollment profile is valid,
so that I can make sure that my hosts will enroll automatically.

Context

In #15461 we implemented a solution to surface errors when we make API calls to assign a JSON profile to a host.

This issue is about API/validation errors we might get when we upload the JSON profile to Apple's server, before it's even assigned to a host.

The current behavior if the validation fails is:

  1. Profile assignment fails for all the hosts in the team with the invalid profile
  2. New hosts assigned in ABM to that team don't appear in Fleet
  3. The error message can only be spotted in the Fleet server logs.

All possible errors are described here.

Changes

Product

Engineering

  • Database schema migrations: TODO
  • Load testing: TODO

ℹ️  Please read this issue carefully and understand it. Pay special attention to UI wireframes, especially "dev notes".

QA

Risk assessment

  • Requires load testing: TODO
  • Risk level: Low / High TODO
  • Risk description: TODO

Manual testing steps

  1. Step 1
  2. Step 2
  3. Step 3

Testing notes

Confirmation

  1. Engineer (@____): Added comment to user story confirming successful completion of QA.
  2. QA (@____): Added comment to user story confirming successful completion of QA.
@roperzh roperzh added :product Product Design department (shows up on 🦢 Drafting board) ~feature fest Will be reviewed at next Feature Fest customer-faltona labels Mar 12, 2024
@noahtalerman
Copy link
Member

@roperzh thanks for tracking this!

Generating easy to understand error messages is core to Fleet.

Do you think we should hit Apple API at ADE (DEP) profile at upload time? So we can reject an invalid profile and surface the error to the admin.

Something else?

@noahtalerman noahtalerman removed the :product Product Design department (shows up on 🦢 Drafting board) label Mar 12, 2024
@roperzh
Copy link
Member Author

roperzh commented Mar 12, 2024

@noahtalerman thanks for quickly looking into this!

Do you think we should hit Apple API at ADE (DEP) profile at upload time? So we can reject an invalid profile and surface the error to the admin.

Something else?

I was thinking the same, it's the only point in time where have the chance to surface errors cleanly, so it makes sense to me 👍

doing the validations ourselves without submitting to apple is error prone and I think will end up being even more work.

@noahtalerman noahtalerman assigned roperzh and marko-lisica and unassigned roperzh Mar 28, 2024
@noahtalerman noahtalerman added :product Product Design department (shows up on 🦢 Drafting board) story A user story defining an entire feature and removed ~feature fest Will be reviewed at next Feature Fest labels Mar 29, 2024
@noahtalerman
Copy link
Member

Hey @roperzh, heads up, we brought this into the upcoming design sprint (4.49).

@marko-lisica marko-lisica changed the title ADE JSON profile validation errors from Apple are not surfaced to the IT admin Surface DEP (ADE) enrollment profile validation errors Apr 16, 2024
@marko-lisica marko-lisica removed their assignment Apr 18, 2024
@marko-lisica marko-lisica added ~feature fest Will be reviewed at next Feature Fest and removed :product Product Design department (shows up on 🦢 Drafting board) labels Apr 18, 2024
@noahtalerman noahtalerman added ~dogfood Issue resulted from Fleet's product dogfooding. :product Product Design department (shows up on 🦢 Drafting board) and removed ~feature fest Will be reviewed at next Feature Fest labels Apr 18, 2024
@noahtalerman noahtalerman assigned marko-lisica and unassigned roperzh Apr 19, 2024
@noahtalerman noahtalerman added the #g-mdm MDM product group label Apr 19, 2024
@georgekarrv
Copy link
Member

Hey team! Please add your planning poker estimate with Zenhub @dantecatalfamo @ghernandez345 @gillespi314 @mna @roperzh

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@georgekarrv georgekarrv

Labels
customer-faltona ~dogfood Issue resulted from Fleet's product dogfooding. #g-mdm MDM product group :product Product Design department (shows up on 🦢 Drafting board) story A user story defining an entire feature
Milestone
No milestone
Development

No branches or pull requests
4 participants
@georgekarrv @roperzh @noahtalerman @marko-lisica