Add agent_policy_id and policy_revision_idx to checkin request #5501
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
michel-laterman
added
enhancement
🎉 Snyk checks have passed. No issues have been found so far.✅ security/snyk check is complete. No issues have been found. (View Details) ✅ license/snyk check is complete. No issues have been found. (View Details) |
michel-laterman
force-pushed
the
feat/checkin-policy-details
branch
from
3c342b8 to
f0dcf41
Compare
|
Integration or E2E tests can be added after elastic/elasticsearch#134517 has been merged and a snapshot with the changes is available. |
6 tasks
Allow the agents to add their currently running policy_id and revision_idx attributes to the checkin request bodies. These attributes, if included and different from the agent doc will be used when updating the agent doc in the pre-poll checkin. If the agent's policy id does not match the expected policy id from the server a reassign is detected and a new policy change action will be sent. If the checkin ID is greater than what was previously recorded or the policy id changes from what was previously recoreded, then the api keys will be managed.
michel-laterman
force-pushed
the
feat/checkin-policy-details
branch
from
f0dcf41 to
9aa2ba2
Compare
Handle the scenario when the agent checks in with a revision_idx value that is greater than the latest available policy in ES. Add E2E tests when using policy_id and revision_idx values in checkin.
michel-laterman
force-pushed
the
feat/checkin-policy-details
branch
from
9aa2ba2 to
557ffd0
Compare
michel-laterman
force-pushed
the
feat/checkin-policy-details
branch
from
b59e45c to
a5c7f64
Compare
ycombinator
reviewed
Sep 18, 2025
ycombinator
reviewed
Sep 18, 2025
ycombinator
previously approved these changes
Sep 22, 2025
blakerouse
requested changes
Sep 22, 2025
|
blakerouse
approved these changes
Sep 23, 2025
ycombinator
approved these changes
Sep 23, 2025
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
What is the problem this PR solves?
Agent policy details (id + revision) may go out of sync with what fleet-server records.
This occurs when a VM running and agent with policy
Xon revisionNis restored to an earlier time when it was runningX N-1, or even a different policy. It can also occur if the ES cluster is restored to an earlier snapshot where the agent will be running policy N+1.How does this PR solve the problem?
Allow the agents to add their currently running policy_id and
revision_idx attributes to the checkin request bodies. These attributes,
if included and different from the agent doc will be used when updating
the agent doc in the pre-poll checkin. If the agent's policy id does not
match the expected policy id from the server a reassign is detected and
a new policy change action will be sent. If the revision differs a policy
change action will also be sent. If an agent checks in with a different
policy/revision the api keys may be managed. Add a feature flag to disable
this behaviour and only use Acks + the fleet-agents doc as the source of
truth.
How to test this PR locally
Added testing in the e2e API test suite, run:
Design Checklist
Checklist
I have made corresponding changes to the documentation./changelog/fragmentsusing the changelog toolRelated issues