https://github.com/osquery/osquery logo
Join Slack
Powered by
I have just purchesd Fleet Premium and created gro...
# fleet
t
I have just purchesd Fleet Premium and created groups for my windows-clients and my servers. I already configured some policies (back when I did not have the Teams feature). How can I move those policies to a specific team?
l
Hi Tilman! Fleet currently doesn't support changing a policy's team.
An option I can think of in case we are talking about too many policies to move manually (*): You could use 
fleetctl
to fetch the global policies, edit the yaml to set 
team_id
and then apply such config via 
fleetctl apply
. (*) move manually would mean copy/paste policy fields and delete the original global one.
t
Thank you Lucas, that sounds like the right path to go 🙂
btw. is there a way to tell the API to return YAML?
otherwise I would have to first retrieve the policies as JSON and then transform them into an importable YAML
You mean "use fleet API" to fetch the global policies, right? From what I know fleetctl does not support getting the policies yet. Anyway I tried suggestion, but unfortunatley the team_id seems to be ignored. My policies always end up as global
l
Ah yes, this would require you also edit their name, e.g. add a suffix or something. Once that's done and it's all good, you would remove the global ones. (This is sort of a "first copy then remove original" approach.)
t
I basically settled on an "import,move,rename" approach: • import using fleetctl -> policies end up as global (i.e. team_id is NULL) • move the policies by updating team_id directly in the DB • update the names directly in the DB prefixing them (e.g. "Windows: Run LSA as PPL" becomes "Virtual Windows: ..." ) Sitll a bit thedious bit it will work until the import starts repsecting the team_id or until you can bulk move them via the UI.
l
OK, sorry for all the trouble this has caused you. Hopefully we'll implement this soon in #4426
5 Views
Open in Slack
PreviousNext
Powered by