Policy-queued installs/scripts aren't removed when the associated policy is deleted #23886
Labels
bug
Something isn't working as documented
#g-endpoint-ops
Endpoint ops product group
:release
Ready to write code. Scheduled in a release. See "Making changes" in handbook.
~released bug
This bug was found in a stable release.
:reproduce
Involves documenting reproduction steps in the issue
Comments
iansltx
added
#g-endpoint-ops
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Fleet version: 4.59.0
💥 Actual behavior
See below:
🧑💻 Steps to reproduce
Theoretical, hence the reproduce tag.
🕯️ More info
This seems to be a bit of an edge case on timing, but we hit it in Dogfood for multiple hosts, causing installs to be reported with no associated policy or actor.
@noahtalerman @rachaelshaw I'm guessing the desired behavior is that if a policy is deleted any pending script/software automations for that policy should be removed, similar to how we dequeue scripts when they are edited/deleted, or dequeue installs when a software package is edited. Does that sound right?
Split from #22424 (/cc @allenhouchins @marko-lisica)
🛠️ To fix
Before deleting a policy, either via GitOps or via the API, delete any pending installs or script runs associated with the policy ID (which was added as a column on script runs/software installs in 4.58/4.59). The order of operations is important here because the foreign key will set to null once the underlying script or installer gets deleted.
The text was updated successfully, but these errors were encountered: