Add /api/fleet/agents/:id/audit/unenroll endpoint

[michel-laterman]

What is the problem this PR solves?

Uninstalled agents appear as offline in the fleet UI.

How does this PR solve the problem?

Add /api/fleet/agents/:id/audit/unenroll API that an elastic-agent or Endpoint process may use to annotate the agent document so the agent may appear with a different status.

Changes from RFC

RFC here

Changes are:

• 409 responses will include a JSON body to be consistent with other errors
• Successfull requests will alter the following agent document attributes:
  • audit_unenrolled_time - time from request
  • audit_unenrolled_reason - reason from request
  • unenrolled_at - server current time UTC
  • updated_at - server current time UTC (new)
  • active - set to false (new) removed change, was causing the api key auth to fail breaking integration and e2e tests

How to test this PR locally

make test-e2e will run e2e tests as we need to change the elastic-agent or other test tools in order to use the endpoint

Design Checklist

• I have ensured my design is stateless and will work when multiple fleet-server instances are behind a load balancer.
• I have or intend to scale test my changes, ensuring it will work reliably with 100K+ agents connected.
• I have included fail safe mechanisms to limit the load on fleet-server: rate limiting, circuit breakers, caching, load shedding, etc.

Checklist

• I have commented my code, particularly in hard-to-understand areas
• I have made corresponding changes to the documentation
• I have made corresponding change to the default configuration files
• I have added tests that prove my fix is effective or that my feature works
• I have added an entry in ./changelog/fragments using the changelog tool

Related issues

• Relates [Feature Request] Have Elastic Agent send a final message to its fleet server when making changes elastic-agent#484

[michel-laterman]

I think I'll also need to make a change to the ES templates in order to add audit_unenrolled_time and audit_unenrolled_reason to the agent documents. (edit: pr here)

I'll also make a followup PR to change the behaviour of the checkin API to clear the attributes that are set by the audit/unenroll API to allow Endpoint to mark itself as "orphaned" temporarily.

[michel-laterman]

The default/env limits for the audit/unenroll endpoint are set to the same values as the ack endpoint (excluding body which is set to 1 kb)

[blakerouse]

+1

[blakerouse]

Well done!

Just a few comments, no blockers.

[blakerouse]

Seems this will return a 500 error back to the caller, is that the correct error in the case its a conflict? Should it instead be the same conflict error in the case the field is set? I don't know if we want the caller to error.

[michel-laterman]

It's detected much earlier on line 54 of handleAudit.go
https://github.com/elastic/fleet-server/pull/3818/files/#diff-bca31366226def7a73d6e6b142a9e17bbb4c2375a8f0fa16c5c81d4e6a374f13R54-R56

[blakerouse]

This has become a ton of parameters will most being nil. Switching to a struct as a parameter would be better and cleaner. (don't do it in this PR, but an overall improvement)

[michel-laterman]

Created #3823 to track

[blakerouse]

+1

[blakerouse]

struct would be much better, this is a lot...

[pchila]

Just a typo and a question about an error message (non-blocking as it can also be fixed in a follow-up PR), looks good otherwise...

+1 on refactoring long lists of parameters into structs though... in those places the code is not very readable 😅

[elastic-sonarqube]

Quality Gate passed

Issues
4 New issues
1 Fixed issue
0 Accepted issues

Measures
0 Security Hotspots
94.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube