audit/unenroll orphaned reason will replace uninstalled (#3855)

Fix to unreleased api: allow the orphaned reason to replace uninstall . This will allow Endpoint to notify fleet-server if it is still running after the agent has called the api
elastic · Sep 4, 2024 · bdd60ea · bdd60ea
1 parent 222e4c2
commit bdd60ea
Show file tree

Hide file tree

Showing 4 changed files with 45 additions and 8 deletions.
diff --git a/internal/pkg/api/handleAudit.go b/internal/pkg/api/handleAudit.go
@@ -22,7 +22,7 @@ import (
 	"go.elastic.co/apm/v2"
 )
 
-var ErrAuditUnenrollReason = fmt.Errorf("agent document contains audit_unenroll_reason attribute")
+var ErrAuditUnenrollReason = fmt.Errorf("agent document contains audit_unenroll_reason: orphaned")
 
 type AuditT struct {
 	cfg   *config.Server
@@ -51,7 +51,7 @@ func (audit *AuditT) handleUnenroll(zlog zerolog.Logger, w http.ResponseWriter,
 }
 
 func (audit *AuditT) unenroll(zlog zerolog.Logger, w http.ResponseWriter, r *http.Request, agent *model.Agent) error {
-	if agent.AuditUnenrolledReason != "" {
+	if agent.AuditUnenrolledReason == string(Orphaned) {
 		return ErrAuditUnenrollReason
 	}
 

diff --git a/internal/pkg/api/handleAudit_test.go b/internal/pkg/api/handleAudit_test.go
@@ -104,14 +104,32 @@ func Test_Audit_markUnenroll(t *testing.T) {
 }
 
 func Test_Audit_unenroll(t *testing.T) {
-	t.Run("agent has audit_unenroll_reason", func(t *testing.T) {
+	t.Run("agent has audit_unenroll_reason: orphaned", func(t *testing.T) {
 		agent := &model.Agent{
-			AuditUnenrolledReason: string(Uninstall),
+			AuditUnenrolledReason: string(Orphaned),
 		}
 		audit := &AuditT{}
 		err := audit.unenroll(testlog.SetLogger(t), nil, nil, agent)
 		require.EqualError(t, err, ErrAuditUnenrollReason.Error())
 	})
+	t.Run("agent has audit_unenroll_reason: uninstalled", func(t *testing.T) {
+		agent := &model.Agent{
+			AuditUnenrolledReason: string(Uninstall),
+		}
+		bulker := ftesting.NewMockBulk()
+		bulker.On("Update", mock.Anything, dl.FleetAgents, agent.Id, mock.Anything, mock.Anything, mock.Anything).Return(nil)
+
+		audit := &AuditT{
+			bulk: bulker,
+			cfg:  &config.Server{},
+		}
+		req := &http.Request{
+			Body: io.NopCloser(strings.NewReader(`{"reason": "orphaned", "timestamp": "2024-01-01T12:00:00.000Z"}`)),
+		}
+		err := audit.unenroll(testlog.SetLogger(t), httptest.NewRecorder(), req, agent)
+		require.NoError(t, err)
+		bulker.AssertExpectations(t)
+	})
 
 	t.Run("ok", func(t *testing.T) {
 		agent := &model.Agent{

diff --git a/internal/pkg/server/fleet_integration_test.go b/internal/pkg/server/fleet_integration_test.go
@@ -1466,11 +1466,15 @@ func Test_SmokeTest_AuditUnenroll(t *testing.T) {
 	id, key := EnrollAgent(t, ctx, srv, enrollBody)
 
 	t.Logf("Use audit/unenroll endpoint for agent %s", id)
-	unenrollBody := `{
+	orphanBody := `{
+          "reason": "orphaned",
+	  "timestamp": "2024-01-01T12:00:00.000Z"
+	}`
+	uninstallBody := `{
           "reason": "uninstall",
 	  "timestamp": "2024-01-01T12:00:00.000Z"
 	}`
-	req, err := http.NewRequestWithContext(ctx, "POST", srv.baseURL()+"/api/fleet/agents/"+id+"/audit/unenroll", strings.NewReader(unenrollBody))
+	req, err := http.NewRequestWithContext(ctx, "POST", srv.baseURL()+"/api/fleet/agents/"+id+"/audit/unenroll", strings.NewReader(uninstallBody))
 	require.NoError(t, err)
 	req.Header.Set("Authorization", "ApiKey "+key)
 	req.Header.Set("User-Agent", "elastic agent "+serverVersion)
@@ -1480,8 +1484,19 @@ func Test_SmokeTest_AuditUnenroll(t *testing.T) {
 	require.Equal(t, http.StatusOK, res.StatusCode)
 	res.Body.Close()
 
-	t.Log("Use of audit/unenroll a second time should fail.")
-	req, err = http.NewRequestWithContext(ctx, "POST", srv.baseURL()+"/api/fleet/agents/"+id+"/audit/unenroll", strings.NewReader(unenrollBody))
+	t.Log("Orphaned can replace uninstall")
+	req, err = http.NewRequestWithContext(ctx, "POST", srv.baseURL()+"/api/fleet/agents/"+id+"/audit/unenroll", strings.NewReader(orphanBody))
+	require.NoError(t, err)
+	req.Header.Set("Authorization", "ApiKey "+key)
+	req.Header.Set("User-Agent", "elastic agent "+serverVersion)
+	req.Header.Set("Content-Type", "application/json")
+	res, err = cli.Do(req)
+	require.NoError(t, err)
+	require.Equal(t, http.StatusOK, res.StatusCode)
+	res.Body.Close()
+
+	t.Log("Use of audit/unenroll once orphaned should fail.")
+	req, err = http.NewRequestWithContext(ctx, "POST", srv.baseURL()+"/api/fleet/agents/"+id+"/audit/unenroll", strings.NewReader(orphanBody))
 	require.NoError(t, err)
 	req.Header.Set("Authorization", "ApiKey "+key)
 	req.Header.Set("User-Agent", "elastic agent "+serverVersion)

diff --git a/testing/e2e/api_version/client_api_current.go b/testing/e2e/api_version/client_api_current.go
@@ -391,6 +391,10 @@ func (tester *ClientAPITester) TestEnrollAuditUnenroll() {
 	status := tester.AuditUnenroll(ctx, agentKey, agentID, api.Uninstall, now)
 	tester.Require().Equal(http.StatusOK, status)
 
+	tester.T().Logf("use audit/unenroll endpoint to replace uninstalled with orphaned for agent: %s", agentID)
+	status = tester.AuditUnenroll(ctx, agentKey, agentID, api.Orphaned, now)
+	tester.Require().Equal(http.StatusOK, status)
+
 	tester.T().Logf("audit/unenroll endpoint for agent: %s should return conflict", agentID)
 	status = tester.AuditUnenroll(ctx, agentKey, agentID, api.Uninstall, now)
 	tester.Require().Equal(http.StatusConflict, status)