mirror of
https://github.com/fleetdm/fleet
synced 2026-04-21 13:37:30 +00:00
b4bb714fa5
<!-- Add the related story/sub-task/bug number, like Resolves #123, or remove if NA --> **Related issue:** Resolves #37580 This PR adds certificate removal support and status report retry logic to the Android Fleet agent. It also includes overall code review fixes/improvements. I apologize for the large PR. I would prefer smaller PRs, but there was no one to review during the break. Key changes 1. Managed configuration interface change - certificate_templates now expects status and operation fields per certificate 2. Certificate removal flow - New cleanupRemovedCertificates() handles certificates with operation="remove" - Removes keypair from device keystore and reports status to Fleet server - Handles orphaned certificates (tracked locally but no longer in MDM config) 3. Status report retry logic - New statuses: INSTALLED_UNREPORTED and REMOVED_UNREPORTED - When install/removal succeeds but status report fails, state is persisted for retry - retryUnreportedStatuses() retries on next worker run (up to 10 attempts) - After max retries, transitions to final status (gives up reporting but cert action completed) 4. Dependency injection for testability - Converted CertificateOrchestrator from Kotlin object to class with constructor injection - Created CertificateApiClient interface (implemented by ApiClient) - Instance held in AgentApplication (Google's AppContainer pattern) - Added FakeCertificateApiClient for tests with call tracking 5. Naming improvements 6. Worker retries - Previously, worker would get permanently stuck after 5 retries. Now we recover after 15 minutes. We can extend this later if needed for load testing. 7. New UUID managed config field to trigger re-installs or re-removals of certificates. # Checklist for submitter ## Testing - [x] Added/updated automated tests - [x] QA'd all new/changed functionality manually For unreleased bug fixes in a release candidate, one of: - [x] Confirmed that the fix is not expected to adversely impact load test results <!-- This is an auto-generated comment: release notes by coderabbit.ai --> ## Summary by CodeRabbit * **New Features** * Enhanced certificate management with an application-scoped orchestrator, improved state tracking, automatic retries and backoff for enrollments. * UI/Debug: shows host certificate entries and status/operation details; new localized strings for certificate template status and operation. * Managed Configuration: accepts certificate status and operation fields. * **Bug Fixes** * Enrollment now auto-runs only when needed; safer keystore handling and more robust error paths. * **Tests** * Expanded and refactored tests and test utilities for certificate workflows. * **Chores** * App version bumped to 1.0.1. <sub>✏️ Tip: You can customize this high-level summary in your review settings.</sub> <!-- end of auto-generated comment: release notes by coderabbit.ai -->
31 lines
594 B
YAML
31 lines
594 B
YAML
coverage:
|
|
status:
|
|
project: false
|
|
patch: false
|
|
|
|
flag_management:
|
|
default_rules:
|
|
carryforward: true
|
|
statuses:
|
|
- type: project
|
|
informational: true
|
|
- type: patch
|
|
informational: true
|
|
individual_flags:
|
|
- name: backend
|
|
paths:
|
|
- cmd/
|
|
- pkg/
|
|
- server/
|
|
- ee/
|
|
- orbit/
|
|
- name: frontend
|
|
paths:
|
|
- frontend/
|
|
- name: android
|
|
paths:
|
|
- android/
|
|
|
|
ignore:
|
|
- "server/mock"
|
|
- "server/fleet/activities.go" # mostly contains code for documentation -- not interesting for tests
|