Skip to content

Add integration tests for upgrades that include endpoint security #4720

New issue
New issue
Open
Open
Add integration tests for upgrades that include endpoint security#4720
Labels
Team:Elastic-Agent-Control-PlaneLabel for the Agent Control Plane team
@cmacknz

Description

@cmacknz
cmacknz
opened on May 8, 2024

We need to add upgrade integration tests where endpoint security is installed. We need to test both the tamper protected and unprotected cases and the .tar.gz, RPM, and DEB package types.

As part of this addition, the logging around forwarding the upgrade action to endpoint needs to be increased to the info level.

elastic-agent/internal/pkg/agent/application/actions/handlers/handler_action_upgrade.go

Lines 58 to 74 in 49745a7

if h.tamperProtectionFn() {
// Find inputs that want to receive UPGRADE action
// Endpoint needs to receive a signed UPGRADE action in order to be able to uncontain itself
state := h.coord.State()
ucs := findMatchingUnitsByActionType(state, a.Type())
if len(ucs) > 0 {
h.log.Debugf("handlerUpgrade: proxy/dispatch action '%+v'", a)
err := notifyUnitsOfProxiedAction(ctx, h.log, action, ucs, h.coord.PerformAction)
h.log.Debugf("handlerUpgrade: after action dispatched '%+v', err: %v", a, err)
if err != nil {
return err
}
} else {
// Log and continue
h.log.Debugf("No components running for %v action type", a.Type())
}
}

There have been several recent cases where tamper protected agent upgrades have failed due to invalid uninstall tokens. The root cause is currently unknown, but missing logging and inadequate automated testing are definitely contributing to these problems.

Metadata

Metadata

Assignees

No one assigned

    Labels

    Team:Elastic-Agent-Control-PlaneLabel for the Agent Control Plane team

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions