From 9172b696699e2489643a3204777c58fa260876de Mon Sep 17 00:00:00 2001 From: Roberto Dip Date: Fri, 13 Oct 2023 18:05:03 -0300 Subject: [PATCH] don't preemptively set disk encryption as on (#14533) for #14422 # Checklist for submitter If some of the following don't apply, delete the relevant line. - [x] Added/updated tests - [x] Manual QA for all new/changed functionality --- server/service/integration_mdm_test.go | 5 +++++ server/service/orbit.go | 6 +----- 2 files changed, 6 insertions(+), 5 deletions(-) diff --git a/server/service/integration_mdm_test.go b/server/service/integration_mdm_test.go index 6867e16067..8a2b2d5aaf 100644 --- a/server/service/integration_mdm_test.go +++ b/server/service/integration_mdm_test.go @@ -7209,6 +7209,11 @@ func (s *integrationMDMTestSuite) TestHostDiskEncryptionKey() { require.NotNil(t, hdek.Decryptable) require.True(t, *hdek.Decryptable) + // the disk encryption status of the host is not set with this request + var hostResp getHostResponse + s.DoJSON("GET", fmt.Sprintf("/api/latest/fleet/hosts/%d", host.ID), nil, http.StatusOK, &hostResp) + require.Nil(t, hostResp.Host.DiskEncryptionEnabled) + // the key is encrypted the same way as the macOS keys (except with the WSTEP // certificate), so it can be decrypted using the same decryption function. wstepCert, _, _, err := s.fleetCfg.MDM.MicrosoftWSTEP() diff --git a/server/service/orbit.go b/server/service/orbit.go index 40a0bac9f9..017b530a2f 100644 --- a/server/service/orbit.go +++ b/server/service/orbit.go @@ -589,10 +589,6 @@ func (svc *Service) SetOrUpdateDiskEncryptionKey(ctx context.Context, encryption if err := svc.ds.SetOrUpdateHostDiskEncryptionKey(ctx, host.ID, encryptedEncryptionKey, clientError, decryptable); err != nil { return ctxerr.Wrap(ctx, err, "set or update disk encryption key") } - if encryptedEncryptionKey != "" { - if err := svc.ds.SetOrUpdateHostDisksEncryption(ctx, host.ID, true); err != nil { - return ctxerr.Wrap(ctx, err, "set or update host disks encryption") - } - } + return nil }