From 3e305e26d65d23110a8e61a5b017177256f20473 Mon Sep 17 00:00:00 2001
From: Martin Angers <martin.n.angers@gmail.com>
Date: Wed, 10 Jan 2024 14:53:12 -0500
Subject: [PATCH] Fix pending script execution max age when notifying fleetd
 (#16001)

---
 ee/server/service/scripts.go                   | 3 +++
 orbit/changes/15947-fix-pending-script-max-age | 1 +
 orbit/cmd/orbit/orbit.go                       | 1 +
 server/fleet/errors.go                         | 4 ++--
 server/service/orbit.go                        | 9 +++++----
 5 files changed, 12 insertions(+), 6 deletions(-)
 create mode 100644 orbit/changes/15947-fix-pending-script-max-age

diff --git a/ee/server/service/scripts.go b/ee/server/service/scripts.go
index d3d2adc75e..72386aaebf 100644
--- a/ee/server/service/scripts.go
+++ b/ee/server/service/scripts.go
@@ -101,6 +101,9 @@ func (svc *Service) RunHostScript(ctx context.Context, request *fleet.HostScript
 		return nil, fleet.NewInvalidArgumentError("host_id", fleet.RunScriptHostOfflineErrMsg)
 	}
 
+	// it is important that the "ignoreOlder" parameter in this call is the same
+	// everywhere (which is here and in the "get orbit config" endpoint to send
+	// the notification of scripts pending execution to the host).
 	pending, err := svc.ds.ListPendingHostScriptExecutions(ctx, request.HostID, scripts.MaxServerWaitTime)
 	if err != nil {
 		return nil, ctxerr.Wrap(ctx, err, "list host pending script executions")
diff --git a/orbit/changes/15947-fix-pending-script-max-age b/orbit/changes/15947-fix-pending-script-max-age
new file mode 100644
index 0000000000..44315a753e
--- /dev/null
+++ b/orbit/changes/15947-fix-pending-script-max-age
@@ -0,0 +1 @@
+* Fix the maximum age of a pending script when notifying fleetd of a script to run so that it matches the duration used elsewhere in Fleet.
diff --git a/orbit/cmd/orbit/orbit.go b/orbit/cmd/orbit/orbit.go
index afacb5b97a..21d62e2f89 100644
--- a/orbit/cmd/orbit/orbit.go
+++ b/orbit/cmd/orbit/orbit.go
@@ -1336,6 +1336,7 @@ func getHostInfo(osqueryPath string, osqueryDBPath string) (*osqueryHostInfo, er
 	log.Debug().Str("query", systemQuery).Msg("running single query")
 	out, err := exec.Command(osqueryPath, args...).Output()
 	if err != nil {
+		log.Debug().Str("output", string(out)).Msg("getHostInfo via osquery")
 		return nil, err
 	}
 	var info []osqueryHostInfo
diff --git a/server/fleet/errors.go b/server/fleet/errors.go
index d3e4e6d5fe..2dd8782b97 100644
--- a/server/fleet/errors.go
+++ b/server/fleet/errors.go
@@ -540,8 +540,8 @@ const (
 	RunScriptHostOfflineErrMsg             = "Script can’t run on offline host."
 	RunScriptHostNotFoundErrMsg            = "Host doesn’t exist. Make sure you provide a valid hostname, UUID, osquery host ID, or node key."
 	RunScriptForbiddenErrMsg               = "You don’t have the right permissions in Fleet to run the script."
-	RunScriptAlreadyRunningErrMsg          = "A script is already running on this host. Please wait about 1 minute to let it finish."
-	RunScriptHostTimeoutErrMsg             = "Fleet hasn’t heard from the host in over 1 minute. Fleet doesn’t know if the script ran because the host went offline."
+	RunScriptAlreadyRunningErrMsg          = "A script is already running on this host. Please wait about 5 minutes to let it finish."
+	RunScriptHostTimeoutErrMsg             = "Fleet hasn’t heard from the host in over 5 minutes. Fleet doesn’t know if the script ran because the host went offline."
 	RunScriptScriptsDisabledGloballyErrMsg = "Running scripts is disabled in organization settings."
 	RunScriptScriptTimeoutErrMsg           = "Timeout. Fleet stopped the script after 5 minutes to protect host performance."
 )
diff --git a/server/service/orbit.go b/server/service/orbit.go
index 9dff69620e..758ed2fae4 100644
--- a/server/service/orbit.go
+++ b/server/service/orbit.go
@@ -6,8 +6,8 @@ import (
 	"errors"
 	"fmt"
 	"net/http"
-	"time"
 
+	"github.com/fleetdm/fleet/v4/pkg/scripts"
 	"github.com/fleetdm/fleet/v4/server"
 	"github.com/fleetdm/fleet/v4/server/contexts/ctxerr"
 	hostctx "github.com/fleetdm/fleet/v4/server/contexts/host"
@@ -169,8 +169,6 @@ func getOrbitConfigEndpoint(ctx context.Context, request interface{}, svc fleet.
 }
 
 func (svc *Service) GetOrbitConfig(ctx context.Context) (fleet.OrbitConfig, error) {
-	const pendingScriptMaxAge = time.Minute
-
 	// this is not a user-authenticated endpoint
 	svc.authz.SkipAuthorization(ctx)
 
@@ -230,7 +228,10 @@ func (svc *Service) GetOrbitConfig(ctx context.Context) (fleet.OrbitConfig, erro
 
 	// load the pending script executions for that host
 	if !appConfig.ServerSettings.ScriptsDisabled {
-		pending, err := svc.ds.ListPendingHostScriptExecutions(ctx, host.ID, pendingScriptMaxAge)
+		// it is important that the "ignoreOlder" parameter in this call is the
+		// same everywhere (which is here and in RunScript to check if there is
+		// already a pending script).
+		pending, err := svc.ds.ListPendingHostScriptExecutions(ctx, host.ID, scripts.MaxServerWaitTime)
 		if err != nil {
 			return fleet.OrbitConfig{}, err
 		}