mirror of
https://github.com/fleetdm/fleet
synced 2026-05-23 08:58:41 +00:00
b4bb714fa5
<!-- Add the related story/sub-task/bug number, like Resolves #123, or remove if NA --> **Related issue:** Resolves #37580 This PR adds certificate removal support and status report retry logic to the Android Fleet agent. It also includes overall code review fixes/improvements. I apologize for the large PR. I would prefer smaller PRs, but there was no one to review during the break. Key changes 1. Managed configuration interface change - certificate_templates now expects status and operation fields per certificate 2. Certificate removal flow - New cleanupRemovedCertificates() handles certificates with operation="remove" - Removes keypair from device keystore and reports status to Fleet server - Handles orphaned certificates (tracked locally but no longer in MDM config) 3. Status report retry logic - New statuses: INSTALLED_UNREPORTED and REMOVED_UNREPORTED - When install/removal succeeds but status report fails, state is persisted for retry - retryUnreportedStatuses() retries on next worker run (up to 10 attempts) - After max retries, transitions to final status (gives up reporting but cert action completed) 4. Dependency injection for testability - Converted CertificateOrchestrator from Kotlin object to class with constructor injection - Created CertificateApiClient interface (implemented by ApiClient) - Instance held in AgentApplication (Google's AppContainer pattern) - Added FakeCertificateApiClient for tests with call tracking 5. Naming improvements 6. Worker retries - Previously, worker would get permanently stuck after 5 retries. Now we recover after 15 minutes. We can extend this later if needed for load testing. 7. New UUID managed config field to trigger re-installs or re-removals of certificates. # Checklist for submitter ## Testing - [x] Added/updated automated tests - [x] QA'd all new/changed functionality manually For unreleased bug fixes in a release candidate, one of: - [x] Confirmed that the fix is not expected to adversely impact load test results <!-- This is an auto-generated comment: release notes by coderabbit.ai --> ## Summary by CodeRabbit * **New Features** * Enhanced certificate management with an application-scoped orchestrator, improved state tracking, automatic retries and backoff for enrollments. * UI/Debug: shows host certificate entries and status/operation details; new localized strings for certificate template status and operation. * Managed Configuration: accepts certificate status and operation fields. * **Bug Fixes** * Enrollment now auto-runs only when needed; safer keystore handling and more robust error paths. * **Tests** * Expanded and refactored tests and test utilities for certificate workflows. * **Chores** * App version bumped to 1.0.1. <sub>✏️ Tip: You can customize this high-level summary in your review settings.</sub> <!-- end of auto-generated comment: release notes by coderabbit.ai --> |
||
|---|---|---|
| .. | ||
| src | ||
| .gitignore | ||
| build.gradle.kts | ||
| detekt.yml | ||
| proguard-rules.pro | ||