Multiple packages API changes#48607
Conversation
Replace the version-unique key on software_installers with a regime-aware unique key. A new VIRTUAL dedup_token column resolves to storage_id for custom packages (dedupe by content hash, so Arm and Intel builds of one version coexist while identical bytes are rejected) and to version for FMA packages (version-uniqueness unchanged, so the auto-update cron can cache several versions backed by the same bytes). The migration keeps the first-added row per (global_or_team_id, title_id, dedup_token), re-points policies off the removed rows, and deletes the rest before adding UNIQUE KEY idx_software_installers_dedup.
…48396) Allow multiple custom packages per title in MatchOrCreateSoftwareInstaller. checkSoftwareConflictsByIdentifier keeps the cross-type VPP/in-house checks and the FMA-vs-custom single-regime guard, then rejects a custom package whose dedup_token (content hash) already backs the title and enforces a 10-package limit. The conflict copy now distinguishes VPP apps, Fleet-maintained apps, and software packages. The cross-type and FMA checks run before getOrGenerateSoftwareInstallerTitleID so a rejected upload never triggers its title-create/rename side effects.
…ion fixes (#48396) GetSoftwareInstallerMetadataByTeamAndTitleID now returns the first-added active package. Add GetSoftwarePackagesByTeamAndTitleID returning every active package on a title with per-package label scope, for the API and precedence sub-issues. Fix the regressions that multiple active rows cause: SoftwareTitleByID counts use COUNT(DISTINCT) so the installer/VPP/in-house cross-join no longer inflates them, both ListSoftwareTitles query paths join only the first-added active installer so a title appears once (hash and package-name filters use EXISTS over all packages), and the edit path no longer rejects a title with more than one package.
…nto feat/48397-packages-api
CI Feedback 🧐A test triggered by this PR failed. Here is an AI-generated analysis of the failure:
|
Codecov Report❌ Patch coverage is Additional details and impacted files@@ Coverage Diff @@
## feat/28108-multiple-custom-packages #48607 +/- ##
=======================================================================
+ Coverage 67.48% 68.03% +0.55%
=======================================================================
Files 3676 3678 +2
Lines 233629 234080 +451
Branches 12261 12261
=======================================================================
+ Hits 157672 159265 +1593
+ Misses 61806 60480 -1326
- Partials 14151 14335 +184
Flags with carried forward coverage won't be shown. Click here to find out more. ☔ View full report in Codecov by Harness. 🚀 New features to boost your workflow:
|
Related issue: Resolves #48397
Summary
Adds the REST API layer for multiple custom packages per software title (backend only):
GET /software/titlesandGET /software/titles/:idreturn a newpackages[]array;software_packageis retained as the first-added package for backwards compatibility.POST /software/packageadds a package to an existing title and returns the added package.PATCH /software/titles/:id/packagetargets a specificinstaller_idand rejects a replacement whose hash matches a sibling package (409).DELETE /software/titles/:id/available_for_install?installer_id=deletes one package; omittinginstaller_iddeletes them all.Builds on the data-model foundation (#48396). Install-time precedence and the host-software endpoint are out of scope (#48398).
Checklist for submitter
changes/.See Changes files for more information.
SELECT *is avoided, SQL injection is prevented (using placeholders for values in statements).Testing