NB-11852: Set ReleaseChannel In JumpCloud Password Manager command

[gbitarjc]

Issues

• NB-11852 - Desktop App Dogfood

What does this solve?

Setting release channel for password manager application in user's data.
Supported Operating systems: Linux, Windows and MacOS.
Supported channels: public, beta and dogfood.

Is there anything particularly tricky?

Yes, the testing

How should this be tested?

For Windows

• Create the below .ps1 script on your machine

# Set $releaseChannel to beta OR dogfood OR public depending on your desired release channel
$releaseChannel = "dogfood"
#------- Do not modify below this line ------

$allowed_values = @("beta", "dogfood", "public")

if (-not ($allowed_values -ccontains $releaseChannel)) {
    Write-Host "Error: Variable `$releaseChannel must be either 'beta', 'dogfood', or 'public'."
    exit 1
}

# Get the current user's SID (Security Identifier)
$loggedUser = Get-WmiObject -Class Win32_ComputerSystem | Select-Object -ExpandProperty UserName
$loggedUser = $loggedUser -replace '.*\\'

# Construct the Registry path using the user's SID
$userSID = (New-Object System.Security.Principal.NTAccount($loggedUser)).Translate([System.Security.Principal.SecurityIdentifier]).Value
$registryPath = "HKLM:\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\$userSID"
$loggedOnUserProfileImagePath = Get-ItemPropertyValue -Path $registryPath -Name 'ProfileImagePath'
$filePath = "$loggedOnUserProfileImagePath\AppData\Roaming\JumpCloud Password Manager\data\daemon\releaseChannel.txt"

$directory = Split-Path $filePath
if (-not (Test-Path $directory)) {
    New-Item -ItemType Directory -Path $directory -Force
}

Set-Content -Path $filePath -Value $releaseChannel -NoNewline

• Run the script => releaseChannel.txt under $HOME\AppData\Roaming\JumpCloud Password Manager\data\daemon\releaseChannel.txt should read dogfood

For MacOs

• Create the below .sh script on your machine

#!/bin/bash

# Set releaseChannel to beta OR dogfood OR public depending on your desired release channel
releaseChannel="dogfood"
#------- Do not modify below this line ------
allowed_values=("beta" "dogfood" "public")

if [[ ! " ${allowed_values[@]} " =~ " $releaseChannel " ]]; then
    echo "Error: Variable \$releaseChannel must be either 'beta', 'dogfood', or 'public'."
    exit 1
fi

for user in $(dscl . list /Users | grep -vE 'root|daemon|nobody|^_'); do
    if [[ -d /Users/$user ]]; then
        basePath="/Users/$user/Library/Application Support/JumpCloud Password Manager"
        filePath="$basePath/data/daemon/releaseChannel.txt"
        mkdir -p "$(dirname "$filePath")"
        echo -n "$releaseChannel" >"$filePath"
        sudo chown -R $user "$basePath"
    fi
done

• Run the script => releaseChannel.txt under $HOME/Library/Application Support/JumpCloud Password Manager/data/daemon/releaseChannel.txt should read dogfood

For Linux

• Create the below .sh script on your machine

#!/bin/bash

# Set $releaseChannel to beta OR dogfood OR public depending on your desired release channel
releaseChannel="dogfood"
#------- Do not modify below this line ------
allowed_values=("beta" "dogfood" "public")

if [[ ! " ${allowed_values[@]} " =~ " $releaseChannel " ]]; then
    echo "Error: Variable \$releaseChannel must be either 'beta', 'dogfood', or 'public'."
    exit 1
fi

for user in $(awk -F'[/:]' '{if ($3 >= 1000 && $3 != 65534) print $1}' /etc/passwd); do
    if [[ -d /home/$user ]]; then
        basePath="/home/$user/.config/JumpCloud Password Manager"
        filePath="$basePath/data/daemon/releaseChannel.txt"
        mkdir -p "$(dirname "$filePath")"
        echo -n "$releaseChannel" >"$filePath"
        sudo chown -R $user:$user "$basePath"
    fi
done

• Run the script => releaseChannel.txt under $HOME/.config/JumpCloud Password Manager/data/daemon/releaseChannel.txt should read dogfood

Screenshots

N/A

[jworkmanjc]

@gbitarjc I'm not sure I'm following the point of this script in the public support repository.

Just testing the Windows and Mac scripts off the bat, neither seemed to work with production versions of the Password Manager installed.

Windows seemed to fail outright even though there was an exit 0 status:

MacOS gave me an exit 0 status code but there was no $HOME/Library/Application Support/JC Password Manager Staging/data/daemon/releaseChannel.txt file on my device

[gbitarjc]

@jworkmanjc the purpose of these scripts is for admins to set the release channel for the password manager triggered through these scripts from the admin portal

also addressed the issues that you faced while testing and updated the scripts to only support production and updated the how to test section of this PR accordingly

[jworkmanjc]

@gbitarjc

There will be an issue with this command as it's currently designed. You've opened this PR to create command gallery scripts.

The way most customers would use this would be to create the command in the JumpCloud console and deploy it to devices. Most customers are going to assume that they can run these commands and that it will do the intended action described.

At least for password manager there's an additional complexity. The PWM tool is installed per user. These scripts that set the release channel should explain this. If you run this script through a JumpCloud command it's not going to do anything because those commands run as root.

Is there some need from individual users to set the release channel? Personally I can't imagine an individual user (not customer, user of password manager) setting their release channel for any reason. The only thing I could see is that some JumpCloud administrator wanting to set the release channel for their end users. If that's the case, and the intention of this PR, these scripts need to be re-written to change the release channel for every user that's installed PWM on a device.

If this script is intended to be run by individual users, then it shouldn't be a command gallery script in my opinion. At the moment I think this is going to confuse our administrators.

Running this script on macOS returns exit code 0 but does not update the release channel for the any user on the system.

[gbitarjc]

@jworkmanjc

After taking into consideration that the PWM tool is installed per user. the scripts were adjusted to cater for every user.

There is no need from individual users to set the release channel, these scripts are for JumpCloud administrators that are wanting to set the release channel for their end users.

[jworkmanjc]

I haven't tested the Linux and MacOS commands yet. Windows I know is not working. I'll take additional time to validate the Linux and MacOS commands when the Windows command is re-worked to function as described in the Pull Request.

[jworkmanjc]

We can't expect admins to do the right thing, it would probably be a good idea to add a check to ensure that $RELEASE_CHANNEL is one of 'public','dogfood','beta'

[jworkmanjc]

We can't expect admins to do the right thing, it would probably be a good idea to add a check to ensure that $RELEASE_CHANNEL is one of 'public','dogfood','beta'

[jworkmanjc]

We can't expect admins to do the right thing, it would probably be a good idea to add a check to ensure that $RELEASE_CHANNEL is one of 'public','dogfood','beta'

[jworkmanjc]

LINE 15?

[jworkmanjc]

LINE 4? I think we should just say change the variable value. If you copy and paste this today, it's LINE 5

[jworkmanjc]

We are not noting the line here, and I think that's the correct way to tell customers what to do, since it's really easy to forget that we need to update that in the future.

[jworkmanjc]

I'd encourage you to go run a Windows PowerShell command from JumpCloud and print out the $ENV:APPDATA directory.

The windows command doesn't work as described in the PR.

Look at this command and I think you'll see why.

[jworkmanjc]

Validated windows, mac, linux.

My only concern is that there will be some customer who states that the linux/mac commands work differently than the Windows command which relies on the user being logged in to set the release channel. Overall I doubt it'll come up often if at all but I'm calling it out as a potential issue that would need to be resolved later.

Otherwise these can all be invoked through JumpCloud commands. Thank you @gbitarjc for the many iterations I've requested of you. It'll go a long ways towards preventing support calls and other customer issues.

[jworkmanjc]

Let's change this to public so that every script is set to the public channel by default?

Suggested change

	releaseChannel="dogfood"
	releaseChannel="public"

[gweinjc]

Tested on Windows, Linux and Mac. Appears to be working on my devices

[gbitarjc]

@jworkmanjc, thank you for your help with this PR i really appreciated the help.

[jworkmanjc]

Looks good thank you for all the changes :)