Skip to content

Add declaration (DDM) profiles for macOS #14550

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
10 tasks
noahtalerman opened this issue Oct 13, 2023 · 8 comments
Closed
10 tasks

Add declaration (DDM) profiles for macOS #14550

noahtalerman opened this issue Oct 13, 2023 · 8 comments
Assignees
@roperzh
Labels
customer-flavia customer-preston customer-reedtimmer customer-rialto customer-rosner #g-mdm MDM product group P2 Prioritize as urgent :product Product Design department (shows up on 🦢 Drafting board) story A user story defining an entire feature
Milestone
4.48.0

Comments

@noahtalerman
Copy link
Member

noahtalerman commented Oct 13, 2023
edited
Loading

Goal

User story
As an IT admin using the Controls > OS settings page, Fleet API, or GitOps,
I want to add a declaration (DDM) profile (configuration declaration)
so that I can use new management features that are available via DMM profiles (ex. PasscodeSettings).

Context

Changes

Product

  • UI changes: Figma link
  • CLI usage changes: Figma link
  • REST API changes: API design: Add declaration (DDM) profiles for macOS #17369
  • Permissions changes: Declarations are a new kind of configuration profile. Same permissions as "Create edit and delete configuration profiles for macOS and Windows hosts" in permissions table here.
  • Outdated documentation changes: Update "Custom OS settings" doc page to call out that Fleet supports declaration profiles (configuration type only. Other types like activations coming soon).
  • Changes to paid features or tiers: Declarations are a new kind of configuration profile. Configuration profiles are available in Fleet Free and Fleet Premium.

Engineering

  • Database schema migrations: TODO
  • Documentation changes complete

ℹ️  Please read this issue carefully and understand it. Pay special attention to UI wireframes, especially "dev notes".

Context

  • Requestor(s): _________________________

QA

Risk assessment

  • Requires load testing: TODO
  • Risk level: Low / High TODO
  • Risk description: TODO

Manual testing steps

  1. Step 1
  2. Step 2
  3. Step 3

Testing notes

Confirmation

  1. Engineer (@____): Added comment to user story confirming succesful completion of QA.
  2. QA (@____): Added comment to user story confirming succesful completion of QA.
@noahtalerman noahtalerman added story A user story defining an entire feature #g-mdm MDM product group :product Product Design department (shows up on 🦢 Drafting board) labels Oct 13, 2023
@marko-lisica marko-lisica changed the title Declarations for macOS 🎸 Declarations for macOS Oct 18, 2023
@noahtalerman noahtalerman changed the title 🎸 Declarations for macOS 🎸 Declaration profiles for macOS Oct 24, 2023
@noahtalerman noahtalerman added Epic DO NOT USE. Auto-created by ZenHub, cannot be disabled. and removed Epic DO NOT USE. Auto-created by ZenHub, cannot be disabled. labels Oct 24, 2023
@marko-lisica marko-lisica added the ~feature fest Will be reviewed at next Feature Fest label Nov 2, 2023
@noahtalerman noahtalerman removed :product Product Design department (shows up on 🦢 Drafting board) ~feature fest Will be reviewed at next Feature Fest labels Nov 2, 2023
@noahtalerman noahtalerman mentioned this issue Nov 3, 2023
Merged
Sampfluger88 added a commit that referenced this issue Nov 15, 2023
@noahtalerman @Sampfluger88
Fold Q4 features in features.yml (#14934)
e9a84db 
- Add Q4 features from product planning
- "[Best practice
GitOps](#13643)" and
"[Declaration (DDM)
profiles](#14550)" fall into Q1

---------

Co-authored-by: Sam Pfluger <[email protected]>
@noahtalerman noahtalerman changed the title 🎸 Declaration profiles for macOS Declaration (DDM) profiles for macOS Jan 5, 2024
@noahtalerman noahtalerman added ~feature fest Will be reviewed at next Feature Fest :product Product Design department (shows up on 🦢 Drafting board) and removed ~lightspeed ~feature fest Will be reviewed at next Feature Fest :product Product Design department (shows up on 🦢 Drafting board) labels Jan 25, 2024
@noahtalerman
Copy link
Member Author

@marko-lisica FYI we pushed this out of the current design sprint. Bringing it back to feature fest.

@mna mna mentioned this issue Mar 6, 2024
Closed
Sampfluger88 pushed a commit that referenced this issue Mar 7, 2024
@noahtalerman
Update features.yml w/ new timelines (#17323)
d0467de 
- Add "Fleet gets in your calendar" (#17230)
- "Declaration (DDM) profiles" (#14550) before "App deployment" (#14921)
  - Deploy apps => Deploy security agents
  - Pushes deploy security agents to Q2 (2024-04-22)

Note: Upcoming activity (unified queue) won't guarantee
first-in-first-out in Q1
...
@georgekarrv georgekarrv assigned roperzh and unassigned georgekarrv Mar 11, 2024
@georgekarrv georgekarrv added :release Ready to write code. Scheduled in a release. See "Making changes" in handbook. and removed :product Product Design department (shows up on 🦢 Drafting board) labels Mar 11, 2024
@marko-lisica
Copy link
Member

marko-lisica commented Mar 11, 2024
edited
Loading

Besides com.apple.configuration.softwareupdate.enforcement.specific configuration declaration, we want to prevent upload of following declarations:

  1. AccountCalDAV - com.apple.configuration.account.caldav
  2. AccountCardDAV - com.apple.configuration.account.carddav
  3. AccountExchange - com.apple.configuration.account.exchange
  4. AccountGoogle - com.apple.configuration.account.google
  5. AccountLDAP - com.apple.configuration.account. ldap
  6. AccountMail - com.apple.configuration.account.mail
  7. AccountSubscribedCalendar - com.apple.configuration.account. subscribed-calendar
  8. ManagementTest - com.apple.configuration.management.test
  9. ScreenSharingConnection - com.apple.configuration.screensharing.connection
  10. SecurityCertificate - com.apple.configuration.security.certificate
  11. SecurityIdentity - com.apple.configuration.security.identity
  12. SecurityPasskeyAttestation - com.apple.configuration.security.passkey.attestation
  13. ServicesConfigurationFiles - com.apple.configuration.services.configuration-files
  14. WatchEnrollment - com.apple.configuration.watch.enrollment

Reason: These configuration declarations accept asset declarations which Fleet won't support in first iteration. ManagementStatusSubscriptions don't require asset declaration, but we decided to not support status subscriptions, since best practice would be to use queries and policies to get data from hosts.

cc @georgekarrv @noahtalerman

@lukeheath lukeheath added this to the 4.48.0-tentative milestone Mar 11, 2024
@spokanemac spokanemac mentioned this issue Mar 11, 2024
Closed
1 task
@georgekarrv georgekarrv added the P2 Prioritize as urgent label Mar 14, 2024
@jahzielv
Copy link
Contributor

jahzielv commented Mar 15, 2024
edited
Loading

Some example configurations (from @roperzh ): https://github.com/macadmins/ddm_examples/blob/main/configurations/io.macadmins.config.swu.json

@marko-lisica
Copy link
Member

marko-lisica commented Mar 22, 2024
edited
Loading

Update: We decided to allow ManagementTest (om.apple.configuration.management.test ) declaration.

Reason: it would make it easier for us to test/QA the new DDM feature. Initially, we excluded it because it has the option to include asset declaration. Asset reference is not required, so it will work in first iteration.

cc @roperzh @noahtalerman

@roperzh roperzh mentioned this issue Mar 27, 2024
Merged
7 tasks
roperzh pushed a commit that referenced this issue Mar 27, 2024
feat: macOS DDM support (#17886)
087d758 
for #14550

PR for docs update: #17888
@georgekarrv georgekarrv added :demo and removed :demo labels Mar 28, 2024
@noahtalerman noahtalerman mentioned this issue Mar 29, 2024
Merged
@gillespi314 gillespi314 mentioned this issue Apr 1, 2024
Closed
roperzh pushed a commit that referenced this issue Apr 1, 2024
OS updates w/ DDM coming soon! (#17969)
3e34c0a 
- In Fleet 4.48, we'll ship declaration (DDM) profiles (#14550)
- OS updates w/ DDM (#17230) will ship in 4.49
- Update error message so users know OS updates w/ DDM are coming soon.
Figma is also updated
[here](https://www.figma.com/file/t3j8CGAHR1x1YGjuFLlMst/%2314550-Add-declaration-(DDM)-profiles-for-macOS?type=design&node-id=476%3A11294&mode=design&t=aMjkgv7PGEbePjmH-1).
- In the [Figma wireframes
here](https://www.figma.com/file/JDbJcLRGRs7c7gKDxAfios/%2317295-Use-new-Software-Update-(DDM)-for-macOS-Sonoma-(14)-and-higher?type=design&node-id=348%3A892&mode=design&t=kkpRKOYrvJxfFbM5-1)
for (#17295) add designs for new error message copy so we make the
change when we ship OS updates w/ DDM.
@georgekarrv
Copy link
Member

Been hammering this most of this morning. Looking great to me.

@lukeheath lukeheath added :product Product Design department (shows up on 🦢 Drafting board) and removed :release Ready to write code. Scheduled in a release. See "Making changes" in handbook. labels Apr 4, 2024
@rachaelshaw
Copy link
Member

@Patagonia121 @pintomi1989 this was shipped in v4.48

Docs PR is here: #18718

@rachaelshaw
Copy link
Member

Docs PR is merged

@fleet-release
Copy link
Contributor

Declarations bloom,
MacOS gains new insights,
Fleet dances in light.

This was referenced May 29, 2024
Merged
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@roperzh roperzh

Labels
customer-flavia customer-preston customer-reedtimmer customer-rialto customer-rosner #g-mdm MDM product group P2 Prioritize as urgent :product Product Design department (shows up on 🦢 Drafting board) story A user story defining an entire feature
Projects
None yet
Milestone
4.48.0
Development

No branches or pull requests