Ensure that the connecting Elastic Agent is a supported version. #239
Conversation
💚 Build Succeeded
Expand to view the summary
Build stats
Test stats 🧪
Trends 🧪 |
| if err != nil { | ||
| return err | ||
| } | ||
|
|
There was a problem hiding this comment.
question: should we validate after the metric that counts checkin calls?
@scunningham what was the purpose of the counter? should it include all checkin calls or just authenticated and validated?
There was a problem hiding this comment.
Yeah I put it before the metric in both check-in and enroll. Can change in follow up if needed.
| @@ -79,6 +81,7 @@ type CheckinT struct { | |||
| } | |||
|
|
|||
| func NewCheckinT( | |||
| verCon version.Constraints, | |||
There was a problem hiding this comment.
are we always going to have the version constraint?
if not not then make it option function?
nit: the number of params in the constructor "is too darn high" :-)
There was a problem hiding this comment.
yes we should always have it
cmd/fleet/userAgent.go
Outdated
| if len(segments) > 2 { | ||
| segments = segments[:2] | ||
| } | ||
| segments = append(segments, int(^uint(0)>>1)) // max int |
There was a problem hiding this comment.
didn't know about it, will change to that
cmd/fleet/userAgent.go
Outdated
| return ErrInvalidUserAgent | ||
| } | ||
| userAgent = strings.ToLower(userAgent) | ||
| if !strings.HasPrefix(userAgent, "elastic agent ") { |
There was a problem hiding this comment.
const prefix = "elastic agent "
?
could be local to func
cause it is used in two places
* Ensure that the connecting Elastic Agent is a supported version. * Revert change to fleet-server.yml * Fix added space in fleet-server.yml. * Fixes from code review. * Update go.mod. (cherry picked from commit 91af65a)
… (#242) * Ensure that the connecting Elastic Agent is a supported version. * Revert change to fleet-server.yml * Fix added space in fleet-server.yml. * Fixes from code review. * Update go.mod. (cherry picked from commit 91af65a) Co-authored-by: Blake Rouse <[email protected]>
What does this PR do?
Adds checks to the enrollment and checkin API to ensure that the
User-Agentheader is correct for an Elastic Agent. This verifies that the version of the Elastic Agent is a support version.This does allow an Elastic Agent to be on a higher patched version than the Fleet Server, but not higher on the MAJOR.MINOR.
Why is it important?
Older Elastic Agents will not work correctly with new Fleet Server, so they need to not connect to the Fleet Server.
Checklist
[ ] I have made corresponding changes to the documentation[ ] I have made corresponding change to the default configuration files[ ] I have added an entry inCHANGELOG.next.asciidocorCHANGELOG-developer.next.asciidoc.Related issues