-
Notifications
You must be signed in to change notification settings - Fork 8.3k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[Ingest Manager] Allow to force unenroll from the UI #72386
Conversation
Pinging @elastic/ingest-management (Team:Ingest Management) |
@elasticmachine merge upstream |
This is excellent. I want to be sure I understand the changes, please. @ph ...Meaning can we use language not specific to Ingest Manager to make sure we're on the same page, please. I get confused still a little bit still about enrolling and api-key usage and how we use the terms. @dedemorton when we've confirmed, It may be nice to have it in 7.9 docs if we didn't have a line item for it in the main 7.9 docs tracker ticket |
@EricDavisX sure I am trying to explain what the "force unenroll" and the "unenroll" do. UnenrollWhen a user click on unenroll,
Force unenrollWhen a user click on force unenroll:
|
@nchaulet can you explain the need to distinguish between these two cases? Is it for Endpoint where we have to uninstall it? Would it eventually end up at same state the next time it checks in and discovers its API keys are invalid? I imagine this will be the case for offline agents as well? If users would want to do a force unenroll every time, then it simplifies the UX to combine those steps. |
Normally user will not have to do a force unenroll, it's to correct an error scenario where the agent is not able to confirm the enrollment. The difference is with the normal unenrollment, the agent can finish to send data, correctly uninstall everything. For the force unenroll it's more for agent that are not online anymore and an user that want to clean the API keys. In an ideal scenario user should never had to do a force unenroll. |
This is helpful, I think I see where I was confused too. I got worried that unenrolling one agent would invalidate all keys for a given user overall or configuration entirely (not just for that agent). Thank you. And so, to another point - I think the reason we wanted to see the Force Unenroll was because standard unenroll was not working in common cases that worked prior. I think that bug and this feature support are different... @michalpristas are you still tracking the bug in elastic/beats#20006 Either way, I'm looking forward to getting this pr in. Thanks Nicolas! |
Being able to finish sending the data makes sense, particularly once we have disk spooling. Is the purpose of the unenrolling state in Fleet clear out the queues? Can we also confirm that after an Agent is force unenrolled that Endpoint gets uninstalled next time the Agent checks in? Lastly, it'd be good to have design take a look at this. I'll reopen this issue to incorporate force unenroll into the confirmation modal design #72653 |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Small suggestions, otherwise code LGTM.
Thanks @mostlyjason for creating a design issue to improve the user messaging here.
...lugins/ingest_manager/public/applications/ingest_manager/components/context_menu_actions.tsx
Outdated
Show resolved
Hide resolved
...lugins/ingest_manager/public/applications/ingest_manager/components/context_menu_actions.tsx
Outdated
Show resolved
Hide resolved
…er/components/context_menu_actions.tsx Co-authored-by: Jen Huang <its.jenetic@gmail.com>
💚 Build SucceededBuild metricsasync chunks size
History
To update your PR or re-run it, just comment with: |
* master: (23 commits) Stabilize closing toast (elastic#72097) stabilize failing test (elastic#72086) Stabilize filter bar test (elastic#72032) Unskip vislib tests (elastic#71452) [ML] Fix layout of anomaly chart tooltip for long field values (elastic#72689) fix preAuth/preRouting mocks (elastic#72663) [Security Solution] Hide KQL bar (all pages) and alerts filters (Detections) when Resolver is full screen (elastic#72788) [Uptime] Rename Whitelist to Allowlist in parse_filter_map (elastic#71584) [Security Solution] Fixes exception modal not loading content (elastic#72770) [Security Solution][Exceptions] - Require non empty entries and non empty string values in exception list items (elastic#72748) [Detections] Add validation for Threshold value field (elastic#72611) [SIEM][Detection Engine][Lists] Adds version and immutability data structures (elastic#72730) [Security Solution][Detections] Validate file type of value lists (elastic#72746) [pre-req] New Component Layout proposal (elastic#72385) [ML] do not throw an error when agg is not supported by UI (elastic#72685) [Resolver] Origin process (elastic#72382) [Ingest Manager] Allow to force unenroll from the UI (elastic#72386) skip 6.8 branch when triggering baseline-capture builds (elastic#72706) [CI] In-progress PR comments (elastic#72211) Fix sorting of scripted string fields (elastic#72681) ...
the 'Force unenroll' is in BC3 and seems to work - will need more time to review the nuances of the changes and Jason's questions. anyone available? |
We send a stop command to the process with a timeout, processes are expected to push they events to Elasticsearch and stop.
Yes, unenrolling will uninstall endpoint.
|
Hi @EricDavisX , We have validated this ticket on 7.9 BC4 cloud environment with 7.9 agent integrated with security app as well on Windows 10 Host OS. We have created 11 test cases under Un-enrolled agent section in Testrail and 02 test cases are moved from fleet to "Un-enrolled agent" section. Moreover, we have executed 12 test cases under Allow to force an Unenroll from UI test run and 01 test case is pending due to query #1: Please find below our observations and queries. Observation:
Query:
Additionally, we have reported below 02 defects while exploring the "Un-enrolled agent" functionality. Please let us if anything else we need to verify for this ticket. |
I've asked @kamalpreetpahwa-qasource to log a separate bug for this last concern. we'll track it separately. thanks for the testing and test case work |
@EricDavisX : I have reported Defect #73272 for the same. Also, marked 01 test case as failed due to the reported issue #73272 under test pan Allow to force an Unenroll from UI Please let us know if anything else need to verify. |
Summary
Resolves elastic/beats#20006. Resolves elastic/beats#18825.
When an agent do not confirm the unenrollment, an user can invalidate all the ApiKeys for that user doing a force unenroll, that functionality was not exposed in the UI.
Done in this PR:
UI Change