Add RemoveApplication method

[jspenc72]

Checklist for submitter

If some of the following don't apply, delete the relevant line.

• Changes file added for user-visible changes in changes/, orbit/changes/ or ee/fleetd-chrome/changes.
  See Changes files for more information.
• Added/updated tests
• Manual QA for all new/changed functionality

[iansltx]

@jspenc72 Thanks for working on this! I just dropped the checklist down to what should be applicable here once this feature is fleshed out, as I don't think you'll need database migrations or BC bcreaking API changes to make this work.

I believe the next step here is to update the uninstall logic to queue up this profile when interacting with an iOS/iPadOS target rather than failing, and then add tests covering the new behavior. Final piece would be to expose this functionality in the web UI.

Get as far as you can; it's a question of when rather than if on picking up where you left off and finishing this feature, but my guess is that this would hit in 4.64.0 depending on what's left to build by the time product works through that UI tweaks need to happen here.

You'll likely have to rebase/merge from main soonish as we have some failing tests on main that went red yesterday that I'll be working on fixing today.

Adding myself as a watcher on this until it's prioritized, so I'll see any pushes/questions as they come up.

[codecov]

Codecov Report

Attention: Patch coverage is 15.69767% with 145 lines in your changes missing coverage. Please review.

Project coverage is 63.75%. Comparing base (940f190) to head (5482ae1).

Files with missing lines	Patch %	Lines
server/datastore/mysql/vpp.go	0.00%	81 Missing ⚠️
server/mdm/apple/commander.go	35.48%	20 Missing ⚠️
server/service/apple_mdm.go	5.88%	16 Missing ⚠️
...ages/hosts/details/cards/Software/HostSoftware.tsx	0.00%	12 Missing ⚠️
ee/server/service/software_installers.go	42.10%	10 Missing and 1 partial ⚠️
...es/20250109150250_AddUninstallToHostVppInstalls.go	54.54%	4 Missing and 1 partial ⚠️

Additional details and impacted files

@@            Coverage Diff             @@
##             main   #25078      +/-   ##
==========================================
- Coverage   63.81%   63.75%   -0.07%     
==========================================
  Files        1616     1619       +3     
  Lines      153895   154362     +467     
  Branches     3978     4030      +52     
==========================================
+ Hits        98208    98406     +198     
- Misses      47870    48132     +262     
- Partials     7817     7824       +7     

Flag	Coverage Δ
backend	64.61% <16.35%> (-0.07%)	⬇️
frontend	53.17% <7.69%> (-0.05%)	⬇️

Flags with carried forward coverage won't be shown. Click here to find out more.

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

[jspenc72]

Hey FleetDM friends! this pr is working as intended but the action is not yet recorded in the database as it should be.

A little guidance on how to record the uninstall request would be much appreciated.

@iansltx

Rebased as per your suggestion. The latest commit successfully removed the application via apple mdm push notifications.

I manually QA'd this on iOS and iPadOS devices.

[getvictor]

Thank you for the contribution. I made a few comments.

As @iansltx mentioned, we can probably take this over and finish the work sometime in the next couple of months, as this is an important feature for Fleet.

[getvictor]

Should this work for macOS as well?

[jspenc72]

Good question. So i tried enrolling a macOS host using the current iOS/iPad MDM enrollment
instructions to test this. Although i was successful, It looks like there are some
assumptions in the current code that macOS explicitely uses fleetd for software installation and
removal so the MDM commands aren't called when you have a macOS host with MDM enabled. Maybe one of the engineers @fleet can confirm?

[getvictor]

VPP apps are installed with InstallApplication MDM command on macOS. Non-VPP apps are installed/uninstalled using fleetd and scripts. So, on macOS we need to know whether it is a VPP app so we can use RemoveApplication for it.

[getvictor]

When MDM command result comes back, we need to process it, similar to what we do for InstallApplication:

fleet/server/service/apple_mdm.go

Line 2976 in a222c38

case "InstallApplication":

Update the database

We need to add uninstall column to host_vpp_software_installs and use similar pattern as we do with script-based software installs:

fleet/server/datastore/mysql/software_installers.go

Line 784 in 963cc7e

func (ds *Datastore) InsertSoftwareUninstallRequest(ctx context.Context, executionID string, hostID uint, softwareInstallerID uint) error {

Need to update the vppAppJoin method similar to softwareInstallerJoin:

fleet/server/datastore/mysql/software_installers.go

Line 929 in 963cc7e

func (ds *Datastore) vppAppJoin(appID fleet.VPPAppID, status fleet.SoftwareInstallerStatus) (string, []interface{}, error) {

Add host activity record

Should be able to use ActivityTypeUninstalledSoftware:

fleet/server/fleet/activities.go

Line 1634 in 3123324

type ActivityTypeUninstalledSoftware struct {

[jspenc72]

1. ok I implemented code to process the RemoveApplication mdm cmd result when it comes back.
   https://github.com/fleetdm/fleet/pull/25078/files#diff-1cc547279489e5119326f2ac15610c2dd7519ef7dada5952552765cefabd41aaR2982

2. Created a new host activity type fleet.ActivityUnInstalledAppStoreApp which captures the same values as fleet.ActivityInstalledAppStoreApp
   https://github.com/fleetdm/fleet/pull/25078/files#diff-98831e34347dbbeb9c223562ad18f7b74d82347624017a691861fcd7f382ab51R1643

[jspenc72]

@getvictor Wanted to confirm whether we need the uninstall column?

It looks like host_vpp_software_installs already has the column removed which tracks whether or not the software has been uninstalled.

see this migration

server/datastore/mysql/migrations/tables/20240826160025_AddRemovedToInstalls.go

[getvictor]

@getvictor Wanted to confirm whether we need the uninstall column?

It looks like host_vpp_software_installs already has the column removed which tracks whether or not the software has been uninstalled.

see this migration

server/datastore/mysql/migrations/tables/20240826160025_AddRemovedToInstalls.go

Yes, I think we need the uninstall column to be consistent with the other table. The removed column is supposed to be used when the user removed the software themselves. I think we need the uninstall column so we can update the status in UI, kind of like it is updated when the install is happening.

[jspenc72]

uninstall column has been added.

[getvictor]

Looks good overall.

It would be nice to have macOS support, but not absolutely necessary. We can add it later.