From 7ba2f26fde2b20dd6645e715ba234c2df5cc5973 Mon Sep 17 00:00:00 2001 From: Mike Swanson Date: Sun, 7 Jun 2026 10:26:41 -0700 Subject: [PATCH] sync: auto-sync from Mikes-MacBook-Air.local at 2026-06-07 10:26:40 Author: Mike Swanson Machine: Mikes-MacBook-Air.local Timestamp: 2026-06-07 10:26:40 --- ...026-06-07-mike-gururmm-offboarding-spec.md | 239 ++++++++++++++++++ 1 file changed, 239 insertions(+) create mode 100644 session-logs/2026-06-07-mike-gururmm-offboarding-spec.md diff --git a/session-logs/2026-06-07-mike-gururmm-offboarding-spec.md b/session-logs/2026-06-07-mike-gururmm-offboarding-spec.md new file mode 100644 index 0000000..c5101b2 --- /dev/null +++ b/session-logs/2026-06-07-mike-gururmm-offboarding-spec.md @@ -0,0 +1,239 @@ +# GuruRMM Session: Credential Inheritance Deployment & Offboarding Wizard Spec + +**Date:** 2026-06-07 +**Project:** GuruRMM +**Focus:** Production deployment of credential inheritance, clickable alert badges, offboarding wizard specification + +--- + +## User +- **User:** Mike Swanson (mike) +- **Machine:** Mikes-MacBook-Air +- **Role:** admin + +--- + +## Session Summary + +The session advanced the credential inheritance feature by deploying server version 0.3.45 to production, enabling inheritance and de-duplication logic for client and site credentials. Testing confirmed successful validation of /effective endpoints, ensuring proper credential propagation and conflict resolution across hierarchical structures. + +Clickable "Needs attention" badges were implemented in the ClientExceptionsBand component, linking critical/warning/info/offline statuses to filtered /alerts and /agents pages. A correction refined the offline badge to filter client-specific agents rather than fleet-wide, achieved by parameterizing URL queries for the Agents page and synchronizing filter dropdowns with URL state. + +Investigation revealed existing delete functionality in Clients.tsx and ClientDetail.tsx with two-step confirmation, but user feedback highlighted a need for an offboarding wizard with data export capabilities. In response, SPEC-028 was authored, detailing a 835-line specification for a lifecycle management workflow, including data export, audit logging, and cascading deletions. The FEATURE_ROADMAP.md was updated to reflect the "Client & Site Lifecycle Management" initiative. + +All changes were committed and pushed, completing the deployment of credential inheritance, UI refinements for alert filtering, and foundational work for offboarding workflows. + +--- + +## Key Decisions + +- Deployed credential inheritance to single production server (172.16.3.30:3001) → serves both beta and prod dashboards +- Alert severity badges link with severity + client_id filters → prevents cross-client alert visibility +- Client filter uses client NAME in URLs → improves readability and shareability +- Used Link components with query parameters → enables better deep-linking and state persistence +- Existing delete functionality uses two-step confirmation → aligns with user expectations for safety +- Offboarding wizard designed as multi-step modal (6 steps for sites, 5 for clients) → ensures clarity and reduces errors +- Enforced cascade deletion for clients → ensures data integrity before offboarding +- Typed name confirmation used for destructive final step → reduces accidental deletions +- Audit_logs table added for immutable offboarding trail → ensures compliance and traceability +- Export files use temp tokens with 1-hour expiry → avoids permanent storage risks + +--- + +## Problems Encountered + +- **Git push rejected (twice):** Branches diverged with remote changes → resolved with `git pull --rebase && git push` +- **Offline badge showed all fleet-wide offline agents:** Initial implementation didn't scope to client → fixed by adding clientName prop and client URL parameter to Agents page with filter dropdown sync +- **Delete functionality visibility:** User initially thought delete didn't exist → discovered it exists in Clients.tsx (line 316-342) and ClientDetail.tsx (lines 838-1089) with two-step confirmation pattern, but wasn't immediately visible + +--- + +## Configuration Changes + +### Files Modified + +**Dashboard (Frontend):** +- `dashboard/src/pages/ClientDetail.tsx` - Made alert badges clickable with filters, added clientName prop to ClientExceptionsBand +- `dashboard/src/pages/Alerts.tsx` - Added client_id URL parameter support for deep-linking +- `dashboard/src/pages/Agents.tsx` - Added client URL parameter support with filter dropdown sync + +**Documentation:** +- `docs/specs/SPEC-028-offboarding-wizard.md` - Created (835 lines, comprehensive offboarding wizard specification) +- `docs/FEATURE_ROADMAP.md` - Added "Client & Site Lifecycle Management" section with offboarding/onboarding features + +### Files Created + +- `docs/specs/SPEC-028-offboarding-wizard.md` - Full specification for site and client offboarding wizards + +### Git Commits + +**Credential Inheritance Deployment:** +- Tested via server build-server.sh on GURU-5070 (172.16.3.30) +- Server version: 0.3.45 +- Build output: 87 warnings (all pre-existing), binary 13,926,096 bytes +- Service restarted successfully, health check passed + +**Dashboard Changes:** +- Commit: Clickable "Needs attention" badges with client filtering +- Commit: Fixed offline badge to filter client-specific agents +- Commit: SPEC-028 offboarding wizard + roadmap update (fcf0e0a → f06ff09) + +--- + +## Credentials & Secrets + +**GuruRMM Server:** +- Host: 172.16.3.30 +- Port: 3001 +- Version deployed: 0.3.45 +- Build location: /home/guru/gururmm +- Service: gururmm-server.service +- Binary: /opt/gururmm/gururmm-server +- Backup: /opt/gururmm/gururmm-server.prev + +**Test Credentials Created:** +- Client-level inheritable credential ID: 97d878a7-55f4-4b72-a84e-2d946c454e15 +- Type: windows_domain +- Label: "Test Inheritable Domain Admin" +- Stored in: /tmp/test_client_inheritable_cred.txt + +--- + +## Infrastructure & Servers + +**Production Environment:** +- Server: GURU-5070 (172.16.3.30) +- Backend: Rust/Axum @ 172.16.3.30:3001 +- Dashboard Beta: https://rmm-beta.azcomputerguru.com +- Dashboard Prod: https://rmm.azcomputerguru.com +- Single backend serves both dashboards (beta and prod share same API) + +**Architecture:** +- Frontend deployment: Two channels (beta auto-deploy, prod manual promotion) +- Backend deployment: Single production server +- Credential inheritance: Opt-in cascade (Global → Client → Site) +- De-duplication: By (credential_type, label), most specific scope wins + +--- + +## Commands & Outputs + +### Server Deployment +```bash +cd /home/guru/gururmm +./build-server.sh + +# Output: +# Version: 0.3.45 +# cargo build --release (87 warnings, all existing) +# Binary backed up to /opt/gururmm/gururmm-server.prev +# Service stopped, binary deployed, service started +# Health check passed +``` + +### Testing Credential Inheritance +```bash +# Created client-level inheritable credential +curl -X POST http://172.16.3.30:3001/api/credentials \ + -H "Authorization: Bearer $TOKEN" \ + -H "Content-Type: application/json" \ + -d '{ + "scope_type": "client", + "scope_id": "", + "credential_type": "windows_domain", + "label": "Test Inheritable Domain Admin", + "username": "DOMAIN\\admin", + "password": "test123", + "is_inheritable": true + }' + +# Tested /effective endpoint +curl http://172.16.3.30:3001/api/sites//credentials/effective + +# Response included inherited credential with "inherited_from": "client" +``` + +### Git Operations +```bash +# Multiple rebase cycles due to concurrent work +git pull --rebase && git push + +# Final commit +git commit -m "Add SPEC-028: Site and Client Offboarding Wizard..." +git push # fcf0e0a → f06ff09 +``` + +--- + +## Pending / Incomplete Tasks + +**Immediate:** +- None - all work for this session completed + +**Future Work (SPEC-028 Implementation):** +1. Review SPEC-028 with team +2. Create database migration for audit_logs table +3. Implement backend endpoints (preflight, dependencies, export, offboard) +4. Build wizard components (OffboardingWizard, PreflightCheck, TypedConfirmation, etc.) +5. Deploy to beta dashboard for testing +6. Roll out to production after 1-week beta testing period + +**Roadmap Items Added:** +- Site offboarding wizard (P2) +- Client offboarding wizard (P2) +- Agent offboarding wizard (P2) +- Offboarding audit log viewer (P3) +- Soft delete / trash bin (P3) +- Offboarding reason templates (P3) +- Client/site onboarding wizards (P2) + +--- + +## Reference Information + +**API Endpoints Tested:** +- `POST /api/credentials` - Create credential with is_inheritable flag +- `GET /api/sites/:id/credentials/effective` - Retrieve merged credentials with inheritance +- `GET /api/clients/:id/credentials/effective` - Retrieve merged credentials for client + +**New Endpoints Specified (SPEC-028):** +- `GET /api/sites/:id/offboarding-preflight` - Pre-flight metrics +- `GET /api/sites/:id/dependencies` - Dependency analysis +- `POST /api/sites/:id/export` - Generate export files +- `POST /api/sites/:id/offboard` - Atomic offboarding operation +- `GET /api/clients/:id/offboarding-preflight` - Client pre-flight +- `POST /api/clients/:id/export` - Client export +- `POST /api/clients/:id/offboard` - Client offboarding + +**Database Schema Additions (Proposed in SPEC-028):** +```sql +CREATE TABLE audit_logs ( + id UUID PRIMARY KEY DEFAULT uuid_generate_v4(), + event_type VARCHAR(50) NOT NULL, + resource_type VARCHAR(50) NOT NULL, + resource_id UUID NOT NULL, + resource_name VARCHAR(255) NOT NULL, + performed_by UUID NOT NULL REFERENCES users(id), + metadata JSONB, + created_at TIMESTAMP DEFAULT CURRENT_TIMESTAMP +); +``` + +**File Locations:** +- SPEC-028: `docs/specs/SPEC-028-offboarding-wizard.md` +- Roadmap: `docs/FEATURE_ROADMAP.md` (line 1105, new section) +- ClientDetail: `dashboard/src/pages/ClientDetail.tsx` +- Alerts: `dashboard/src/pages/Alerts.tsx` +- Agents: `dashboard/src/pages/Agents.tsx` + +**Related Documentation:** +- Deployment summary: `/temp/credential-inheritance-deployment.md` +- Implementation details: `/temp/credentials-effective-endpoints-implementation.md` + +**Commit SHAs:** +- Final commit: f06ff09 +- Previous: d441d4a (remote), fcf0e0a (local before rebase) + +**Client Test Data:** +- Client ID used for testing: 417420f4-c3f4-482a-acd4-d6f63c8cddde +- Beta URL: https://rmm-beta.azcomputerguru.com/clients/417420f4-c3f4-482a-acd4-d6f63c8cddde