Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

API design: Self-service: Install Apple App Store apps on macOS #22102

Merged
merged 92 commits into from
Oct 1, 2024
Merged
Show file tree
Hide file tree
Changes from 89 commits
Commits
Show all changes
92 commits
Select commit Hold shift + click to select a range
a8e3242
Update rest-api.md
marko-lisica May 27, 2024
622b78a
Update API-for-contributors.md
marko-lisica May 27, 2024
7feee4b
Update API-for-contributors.md
marko-lisica May 27, 2024
2c81ef9
Update rest-api.md
marko-lisica May 27, 2024
dfb4b26
Update rest-api.md
marko-lisica May 27, 2024
3a276d5
Update rest-api.md
marko-lisica May 28, 2024
bc25b97
Update rest-api.md
marko-lisica May 31, 2024
452406d
Update rest-api.md
marko-lisica Jun 5, 2024
c4aeaf0
Update rest-api.md
marko-lisica Jun 5, 2024
6d3a352
Update rest-api.md
marko-lisica Jun 6, 2024
deaae54
Update API-for-contributors.md
marko-lisica Jun 6, 2024
81f260a
Update rest-api.md
marko-lisica Jun 7, 2024
575a96c
Update rest-api.md
marko-lisica Jun 7, 2024
6fa5cfb
Update rest-api.md
marko-lisica Jun 11, 2024
ea2400b
Update docs/REST API/rest-api.md
marko-lisica Jun 11, 2024
9355615
Update docs/REST API/rest-api.md
marko-lisica Jun 12, 2024
be9c5cc
Update docs/REST API/rest-api.md
marko-lisica Jun 12, 2024
b41d7a4
Update docs/REST API/rest-api.md
marko-lisica Jun 12, 2024
4e489b5
Update docs/REST API/rest-api.md
marko-lisica Jun 12, 2024
7f6b686
Update docs/REST API/rest-api.md
marko-lisica Jun 12, 2024
1daa447
Update docs/REST API/rest-api.md
marko-lisica Jun 12, 2024
d0b980a
Update rest-api.md
marko-lisica Jun 12, 2024
8ebdd6c
Merge branch 'main' into api-design-vpp-apps
marko-lisica Jun 12, 2024
21727ef
Update rest-api.md
marko-lisica Jun 12, 2024
4ca2507
Update rest-api.md
marko-lisica Jun 12, 2024
86f1279
Update rest-api.md
marko-lisica Jun 12, 2024
aa90a82
Update docs/REST API/rest-api.md
marko-lisica Jun 12, 2024
a83349d
Update docs/REST API/rest-api.md
marko-lisica Jun 12, 2024
79c71ca
Update API-for-contributors.md
marko-lisica Jun 12, 2024
615269c
Update API-for-contributors.md
marko-lisica Jun 12, 2024
505d937
Update docs/REST API/rest-api.md
marko-lisica Jun 19, 2024
af962c2
Update docs/REST API/rest-api.md
marko-lisica Jun 25, 2024
2357e05
Merge branch 'main' into api-design-vpp-apps
marko-lisica Jul 10, 2024
e42b67b
Merge branch 'main' into api-design-vpp-apps
marko-lisica Jul 10, 2024
0b6a308
Update docs/REST API/rest-api.md
marko-lisica Jul 10, 2024
2603c7d
Update docs/REST API/rest-api.md
marko-lisica Jul 10, 2024
80f9393
Update docs/REST API/rest-api.md
marko-lisica Jul 10, 2024
0935d76
Update docs/REST API/rest-api.md
marko-lisica Jul 10, 2024
38b16f6
Update docs/REST API/rest-api.md
marko-lisica Jul 10, 2024
749f2ff
Update rest-api.md
marko-lisica Jul 10, 2024
be4d18e
Update rest-api.md
marko-lisica Jul 10, 2024
e7fa7a7
Update docs/REST API/rest-api.md
marko-lisica Jul 10, 2024
4ff4003
Update API-for-contributors.md
marko-lisica Jul 10, 2024
1cb66f3
Update docs/REST API/rest-api.md
marko-lisica Jul 10, 2024
717d0f3
Update docs/REST API/rest-api.md
marko-lisica Jul 10, 2024
0d3ea25
Update docs/REST API/rest-api.md
marko-lisica Jul 11, 2024
f5c71a9
Update docs/REST API/rest-api.md
marko-lisica Jul 11, 2024
e677dff
Update docs/REST API/rest-api.md
marko-lisica Jul 11, 2024
50a9094
Merge branch 'main' into api-design-vpp-apps
marko-lisica Jul 15, 2024
3dd90e0
Merge branch 'api-design-vpp-apps' into vpp-self-service-api-design
marko-lisica Jul 15, 2024
5f02f0a
Update API-for-contributors.md
marko-lisica Jul 15, 2024
ded4054
Update docs/REST API/rest-api.md
marko-lisica Jul 15, 2024
bc4c776
Update docs/REST API/rest-api.md
marko-lisica Jul 15, 2024
74ec246
Update docs/REST API/rest-api.md
marko-lisica Jul 15, 2024
025da7e
Update docs/REST API/rest-api.md
marko-lisica Jul 15, 2024
d717596
Update rest-api.md
marko-lisica Jul 15, 2024
147e2ac
Merge branch 'api-design-vpp-apps' into vpp-self-service-api-design
marko-lisica Jul 15, 2024
19003af
Update rest-api.md
marko-lisica Jul 15, 2024
007a9d0
Update rest-api.md
marko-lisica Jul 16, 2024
f716498
Update rest-api.md
marko-lisica Jul 16, 2024
473f63f
Update API-for-contributors.md
marko-lisica Jul 16, 2024
4c7069f
Update docs/REST API/rest-api.md
marko-lisica Jul 16, 2024
489a38b
Update API-for-contributors.md
marko-lisica Jul 16, 2024
b6b9120
Update API-for-contributors.md
marko-lisica Jul 16, 2024
5359a76
Update docs/Contributing/API-for-contributors.md
marko-lisica Jul 16, 2024
5527efd
Update docs/Contributing/API-for-contributors.md
marko-lisica Jul 16, 2024
d8f7221
Update docs/Contributing/API-for-contributors.md
marko-lisica Jul 16, 2024
3df87b9
Update docs/Contributing/API-for-contributors.md
marko-lisica Jul 16, 2024
e4b46d1
Update docs/Contributing/API-for-contributors.md
marko-lisica Jul 16, 2024
c126163
Merge branch 'api-design-vpp-apps' into vpp-self-service-api-design
marko-lisica Jul 16, 2024
6cb3884
Update docs/Contributing/API-for-contributors.md
marko-lisica Jul 16, 2024
b01cc87
Update docs/Contributing/API-for-contributors.md
marko-lisica Jul 16, 2024
f10d9fb
Update docs/REST API/rest-api.md
marko-lisica Jul 17, 2024
1138d70
Merge branch 'api-design-vpp-apps' into vpp-self-service-api-design
marko-lisica Jul 17, 2024
7b3dd7d
Update rest-api.md
marko-lisica Jul 17, 2024
7472ece
Update rest-api.md
marko-lisica Jul 17, 2024
cca0f87
Update API-for-contributors.md
marko-lisica Jul 17, 2024
7a20c2f
Update rest-api.md
marko-lisica Jul 17, 2024
6f6cac3
Merge branch 'api-design-vpp-apps' into vpp-self-service-api-design
marko-lisica Jul 17, 2024
f26f6e9
Update API-for-contributors.md
marko-lisica Jul 17, 2024
5b723f1
Merge branch 'main' into vpp-self-service-api-design
marko-lisica Sep 16, 2024
a294dee
Update yaml-files.md
marko-lisica Sep 16, 2024
d901dcd
Update docs/REST API/rest-api.md
marko-lisica Sep 17, 2024
4490c0c
Update docs/Configuration/yaml-files.md
marko-lisica Sep 19, 2024
8e1e896
Merge branch 'main' into vpp-self-service-api-design
marko-lisica Sep 20, 2024
b11414c
Merge in upstream
noahtalerman Sep 24, 2024
d32470d
Move endpoints
noahtalerman Sep 24, 2024
deb9565
Update docs
noahtalerman Sep 24, 2024
d7be5d8
Update docs/Contributing/API-for-contributors.md
rachaelshaw Sep 27, 2024
cf5052f
Update docs/Contributing/API-for-contributors.md
rachaelshaw Sep 27, 2024
ea0bc2e
Update docs/Contributing/API-for-contributors.md
rachaelshaw Sep 27, 2024
b40a950
Merge branch 'main' into vpp-self-service-api-design
marko-lisica Sep 30, 2024
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
4 changes: 3 additions & 1 deletion docs/Configuration/yaml-files.md
Original file line number Diff line number Diff line change
Expand Up @@ -354,7 +354,9 @@ software:

- `app_store_id` is the ID of the Apple App Store app. You can find this at the end of the app's App Store URL. For example, "Bear - Markdown Notes" URL is "https://apps.apple.com/us/app/bear-markdown-notes/id1016366447" and the `app_store_id` is `1016366447`.

> Make sure to include only the ID itself, and not the `id` prefix shown in the URL. The ID must be wrapped in quotes as shown in the example so that it is processed as a string.
> Make sure to include only the ID itself, and not the `id` prefix shown in the URL. The ID must be wrapped in quotes as shown in the example so that it is processed as a string.

`self_service` only applies to macOS, and is ignored for other platforms. For example, if the app is supported on macOS, iOS, and iPadOS, and `self_service` is set to `true`, it will be self-service on macOS workstations but not iPhones or iPads.

##### Separate file

Expand Down
191 changes: 190 additions & 1 deletion docs/Contributing/API-for-contributors.md
Original file line number Diff line number Diff line change
Expand Up @@ -541,6 +541,10 @@ The MDM endpoints exist to support the related command-line interface sub-comman
- [Renew VPP token](#renew-vpp-token)
- [Delete VPP token](#delete-vpp-token)
- [Batch-apply MDM custom settings](#batch-apply-mdm-custom-settings)
- [Batch-apply packages](#batch-apply-packages)
- [Batch-apply App Store apps](#batch-apply-app-store-apps)
- [Get token to download package](#get-token-to-download-package)
- [Download package using a token](#download-package-using-a-token)
Comment on lines +544 to +547
Copy link
Member

@noahtalerman noahtalerman Sep 24, 2024

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@lucasmrod when we merged in reference docs for the 4.57 release, it looks like the batch-apply endpoints got moved to the REST API docs instead of the contributors docs (see here).

I moved them back. When you get the chance, can you please check to see if these changes look right?

Also, I moved the download endpoints here b/c I think they're only for the Fleet UI to use (#21341). The best practice download endpoint for the IT admin to use in automations is here: https://fleetdm.com/docs/rest-api/rest-api#download-package

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I'm super confused. It seems we deliberately moved them from API for contributors to REST API? (here).

Copy link
Member

@noahtalerman noahtalerman Sep 24, 2024

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Hmm, I see. I think up to @rachaelshaw.

Rachael re your comment here, are we changing our philosophy? That is, endpoints that fleetctl uses (not best practice for automation use cases) live in API for contributors.

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@noahtalerman nope, I was just confused; I saw Luke's review comment about the other /app_store_apps endpoints being the REST API and was like "oh yeah this looks like it fits with those" — I should have double-checked how this endpoint was being used first!

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Got it!

It seems we deliberately moved them from API for contributors to REST API?

@lucasmrod just following up here to say we goofed (which happens). We want the batch-apply endpoints to live in the API for contributors docs.

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@rachaelshaw I think we're ready for final review/merge.

- [Initiate SSO during DEP enrollment](#initiate-sso-during-dep-enrollment)
- [Complete SSO during DEP enrollment](#complete-sso-during-dep-enrollment)
- [Over the air enrollment](#over-the-air-enrollment)
Expand Down Expand Up @@ -1731,7 +1735,7 @@ If the `name` is not already associated with an existing team, this API route cr
| scripts | list | body | A list of script files to add to this team so they can be executed at a later time. |
| software | object | body | The team's software that will be available for install. |
| software.packages | list | body | An array of objects. Each object consists of:`url`- URL to the software package (PKG, MSI, EXE or DEB),`install_script` - command that Fleet runs to install software, `pre_install_query` - condition query that determines if the install will proceed, `post_install_script` - script that runs after software install, and `self_service` boolean. |
| software.app_store_apps | list | body | An array objects. Each object consists of `app_store_id` - ID of the App Store app formatted as a string (in quotes) rather than a number. |
| software.app_store_apps | list | body | An array of objects. Each object consists of `app_store_id` - ID of the App Store app and `self_service` boolean. |
marko-lisica marked this conversation as resolved.
Show resolved Hide resolved
| mdm.macos_settings.enable_disk_encryption | bool | body | Whether disk encryption should be enabled for hosts that belong to this team. |
| force | bool | query | Force apply the spec even if there are (ignorable) validation errors. Those are unknown keys and agent options-related validations. |
| dry_run | bool | query | Validate the provided JSON for unknown keys and invalid value types and return any validation errors, but do not apply the changes. |
Expand Down Expand Up @@ -1824,6 +1828,7 @@ If the `name` is not already associated with an existing team, this API route cr
"app_store_apps": [
{
"app_store_id": "12464567",
"self_service": true
}
]
}
Expand Down Expand Up @@ -3364,3 +3369,187 @@ Run a live script and get results back (5 minute timeout). Live scripts only run
"exit_code": 0
}
```
## Software

### Batch-apply software

_Available in Fleet Premium._

`POST /api/v1/fleet/software/batch`

This endpoint is asynchronous, meaning it will start a background process to download and apply the software and return a `request_uuid` in the JSON response that can be used to query the status of the batch-apply (using the `GET /api/v1/fleet/software/batch/{request_uuid}` endpoint defined below).
rachaelshaw marked this conversation as resolved.
Show resolved Hide resolved

#### Parameters

| Name | Type | In | Description |
| --------- | ------ | ----- | ----------------------------------------------------------------------------------------------------------------------------------------------------------------------|
| team_name | string | query | The name of the team to add the software package to. Ommitting these parameters will add software to 'No Team'. |
| dry_run | bool | query | If `true`, will validate the provided software packages and return any validation errors, but will not apply the changes. |
| software | object | body | The team's software that will be available for install. |
| software.packages | list | body | An array of objects. Each object consists of:`url`- URL to the software package (PKG, MSI, EXE or DEB),`install_script` - command that Fleet runs to install software, `pre_install_query` - condition query that determines if the install will proceed, `post_install_script` - script that runs after software install, and `uninstall_script` - command that Fleet runs to uninstall software. |

#### Example

`POST /api/v1/fleet/software/batch`

##### Default response

`Status: 200`
```json
{
"request_uuid": "ec23c7b6-c336-4109-b89d-6afd859659b4",
}
```

### Get status of software batch-apply request

_Available in Fleet Premium._

`GET /api/v1/fleet/software/batch/:request_uuid`

This endpoint allows querying the status of a batch-apply software request (`POST /api/v1/fleet/software/batch`).
Returns `"status"` field that can be one of `"processing"`, `"complete"` or `"failed"`.
If `"status"` is `"completed"` then the `"packages"` field contains the applied packages.
If `"status"` is `"processing"` then the operation is ongoing and the request should be retried.
If `"status"` is `"failed"` then the `"message"` field contains the error message.

#### Parameters

| Name | Type | In | Description |
| ------------ | ------ | ----- | ----------------------------------------------------------------------------------------------------------------------------------------------------------------------|
| request_uuid | string | query | The request_uuid returned by the `POST /api/v1/fleet/software/batch` endpoint. |
| team_name | string | query | The name of the team to add the software package to. Ommitting these parameters will add software to 'No Team'. |
| dry_run | bool | query | If `true`, will validate the provided software packages and return any validation errors, but will not apply the changes. |

##### Default responses

`Status: 200`
```json
{
"status": "processing",
"message": "",
"packages": null
}
```

`Status: 200`
```json
{
"status": "completed",
"message": "",
"packages": [
{
"team_id": 1,
"title_id": 2751,
"url": "https://ftp.mozilla.org/pub/firefox/releases/129.0.2/win64/en-US/Firefox%20Setup%20129.0.2.msi"
}
]
}
```

`Status: 200`
```json
{
"status": "failed",
"message": "validation failed: software.url Couldn't edit software. URL (\"https://foobar.does.not.exist.com\") returned \"Not Found\". Please make sure that URLs are reachable from your Fleet server.",
"packages": null
}
```

### Batch-apply App Store apps

_Available in Fleet Premium._

`POST /api/latest/fleet/software/app_store_apps/batch`

#### Parameters

| Name | Type | In | Description |
| --------- | ------ | ----- | ----------------------------------------------------------------------------------------------------------------------------------------------------------------------|
| team_name | string | query | The name of the team to add the software package to. Ommitting this parameter will add software to 'No Team'. |
rachaelshaw marked this conversation as resolved.
Show resolved Hide resolved
| dry_run | bool | query | If `true`, will validate the provided VPP apps and return any validation errors, but will not apply the changes. |
| app_store_apps | list | body | An array of objects. Each object contains `app_store_id` and `self_service`. |
| app_store_apps.app_store_id | string | body | ID of the App Store app. |
| app_store_apps.self_service | boolean | body | Whether the VPP app is "Self-service" or not. |

#### Example

`POST /api/latest/fleet/software/app_store_apps/batch`
```json
{
"team_name": "Foobar",
"app_store_apps": {
{
"app_store_id": "597799333",
"self_service": false,
},
{
"app_store_id": "497799835",
"self_service": true,
}
}
}
```

##### Default response

`Status: 204`

### Get token to download package

_Available in Fleet Premium._

`POST /api/v1/fleet/software/titles/:software_title_id/package/token?alt=media`

The returned token is a one-time use token that expires after 10 minutes.

#### Parameters

| Name | Type | In | Description |
|-------------------|---------|-------|------------------------------------------------------------------|
| software_title_id | integer | path | **Required**. The ID of the software title for software package. |
| team_id | integer | query | **Required**. The team ID containing the software package. |
| alt | integer | query | **Required**. Must be specified and set to "media". |

#### Example

`POST /api/v1/fleet/software/titles/123/package/token?alt=media&team_id=2`

##### Default response

`Status: 200`

```json
{
"token": "e905e33e-07fe-4f82-889c-4848ed7eecb7"
}
```

### Download package using a token

_Available in Fleet Premium._

`GET /api/v1/fleet/software/titles/:software_title_id/package/token/:token?alt=media`

#### Parameters

| Name | Type | In | Description |
|-------------------|---------|------|--------------------------------------------------------------------------|
| software_title_id | integer | path | **Required**. The ID of the software title to download software package. |
| token | string | path | **Required**. The token to download the software package. |

#### Example

`GET /api/v1/fleet/software/titles/123/package/token/e905e33e-07fe-4f82-889c-4848ed7eecb7`

##### Default response

`Status: 200`

```http
Status: 200
Content-Type: application/octet-stream
Content-Disposition: attachment
Content-Length: <length>
Body: <blob>
```
Loading
Loading