<!-- Add the related story/sub-task/bug number, like Resolves#123, or
remove if NA -->
**Related issue:** Resolves#37580
This PR adds certificate removal support and status report retry logic
to the Android Fleet agent. It also includes overall code review
fixes/improvements.
I apologize for the large PR. I would prefer smaller PRs, but there was
no one to review during the break.
Key changes
1. Managed configuration interface change
- certificate_templates now expects status and operation fields per
certificate
2. Certificate removal flow
- New cleanupRemovedCertificates() handles certificates with
operation="remove"
- Removes keypair from device keystore and reports status to Fleet
server
- Handles orphaned certificates (tracked locally but no longer in MDM
config)
3. Status report retry logic
- New statuses: INSTALLED_UNREPORTED and REMOVED_UNREPORTED
- When install/removal succeeds but status report fails, state is
persisted for retry
- retryUnreportedStatuses() retries on next worker run (up to 10
attempts)
- After max retries, transitions to final status (gives up reporting but
cert action completed)
4. Dependency injection for testability
- Converted CertificateOrchestrator from Kotlin object to class with
constructor injection
- Created CertificateApiClient interface (implemented by ApiClient)
- Instance held in AgentApplication (Google's AppContainer pattern)
- Added FakeCertificateApiClient for tests with call tracking
5. Naming improvements
6. Worker retries
- Previously, worker would get permanently stuck after 5 retries. Now we
recover after 15 minutes. We can extend this later if needed for load
testing.
7. New UUID managed config field to trigger re-installs or re-removals
of certificates.
# Checklist for submitter
## Testing
- [x] Added/updated automated tests
- [x] QA'd all new/changed functionality manually
For unreleased bug fixes in a release candidate, one of:
- [x] Confirmed that the fix is not expected to adversely impact load
test results
<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit
* **New Features**
* Enhanced certificate management with an application-scoped
orchestrator, improved state tracking, automatic retries and backoff for
enrollments.
* UI/Debug: shows host certificate entries and status/operation details;
new localized strings for certificate template status and operation.
* Managed Configuration: accepts certificate status and operation
fields.
* **Bug Fixes**
* Enrollment now auto-runs only when needed; safer keystore handling and
more robust error paths.
* **Tests**
* Expanded and refactored tests and test utilities for certificate
workflows.
* **Chores**
* App version bumped to 1.0.1.
<sub>✏️ Tip: You can customize this high-level summary in your review
settings.</sub>
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
