Stricter validation for required checkin API attributes (elastic#3233)

michel-laterman · web-flow · commit 8ac12db19ddf · 2024-01-23T18:20:51.000Z
* Stricter validation for required checkin API attributes
* log warning on empty message
diff --git a/changelog/fragments/1705963635-Stricter-validation-for-required-checkin-API-attributes.yaml b/changelog/fragments/1705963635-Stricter-validation-for-required-checkin-API-attributes.yaml
@@ -0,0 +1,32 @@
+# Kind can be one of:
+# - breaking-change: a change to previously-documented behavior
+# - deprecation: functionality that is being removed in a later release
+# - bug-fix: fixes a problem in a previous version
+# - enhancement: extends functionality but does not break or fix existing behavior
+# - feature: new functionality
+# - known-issue: problems that we are aware of in a given version
+# - security: impacts on the security of a product or a user’s deployment.
+# - upgrade: important information for someone upgrading from a prior version
+# - other: does not fit into any of the other categories
+kind: bug-fix
+
+# Change summary; a 80ish characters long description of the change.
+summary: Stricter validation for required checkin API attributes
+
+# Long description; in case the summary is not enough to describe the change
+# this field accommodate a description without length limits.
+# NOTE: This field will be rendered only for breaking-change and known-issue kinds at the moment.
+#description:
+
+# Affected component; a word indicating the component this changeset affects.
+component:
+
+# PR URL; optional; the PR number that added the changeset.
+# If not present is automatically filled by the tooling finding the PR where this changelog fragment has been added.
+# NOTE: the tooling supports backports, so it's able to fill the original PR number instead of the backport PR number.
+# Please provide it if you are adding a fragment for a different PR.
+#pr: https://github.com/owner/repo/1234
+
+# Issue URL; optional; the GitHub issue related to this changeset (either closes or is part of).
+# If not present is automatically filled by the tooling with the issue linked to the PR number.
+issue: 2420
diff --git a/internal/pkg/api/handleCheckin.go b/internal/pkg/api/handleCheckin.go
@@ -181,6 +181,13 @@ func (ct *CheckinT) validateRequest(zlog zerolog.Logger, w http.ResponseWriter,
 	}
 	cntCheckin.bodyIn.Add(readCounter.Count())
 
+	if req.Status == CheckinRequestStatus("") {
+		return val, fmt.Errorf("checkin status missing")
+	}
+	if len(req.Message) == 0 {
+		zlog.Warn().Msg("checkin request method is empty.")
+	}
+
 	var pDur time.Duration
 	var err error
 	if req.PollTimeout != nil {
diff --git a/internal/pkg/server/fleet_integration_test.go b/internal/pkg/server/fleet_integration_test.go
@@ -61,7 +61,7 @@ const (
 	}`
 	checkinBody = `{
 	    "status": "online",
-	    "message": ""
+	    "message": "checkin ok"
 	}`
 )
 
@@ -1131,7 +1131,7 @@ func Test_SmokeTest_CheckinPollTimeout(t *testing.T) {
 	req, err = http.NewRequestWithContext(ctx, "POST", srv.baseURL()+"/api/fleet/agents/"+agentID+"/checkin", strings.NewReader(fmt.Sprintf(`{
 	    "ack_token": "%s",
 	    "status": "online",
-	    "message": "",
+	    "message": "checkin ok",
 	    "poll_timeout": "3m"
 	}`, *checkinResponse.AckToken)))
 	require.NoError(t, err)
@@ -1159,7 +1159,7 @@ func Test_SmokeTest_CheckinPollTimeout(t *testing.T) {
 	req, err = http.NewRequestWithContext(ctx, "POST", srv.baseURL()+"/api/fleet/agents/"+agentID+"/checkin", strings.NewReader(fmt.Sprintf(`{
 	    "ack_token": "%s",
 	    "status": "online",
-	    "message": "",
+	    "message": "checkin ok",
 	    "poll_timeout": "10m"
 	}`, *checkinResponse.AckToken)))
 	require.NoError(t, err)
@@ -1262,7 +1262,7 @@ func Test_SmokeTest_CheckinPollShutdown(t *testing.T) {
 	req, err = http.NewRequest("POST", srv.baseURL()+"/api/fleet/agents/"+agentID+"/checkin", strings.NewReader(fmt.Sprintf(`{
 	    "ack_token": "%s",
 	    "status": "online",
-	    "message": "",
+	    "message": "checkin ok",
 	    "poll_timeout": "3m"
 	}`, *checkinResponse.AckToken)))
 	require.NoError(t, err)
diff --git a/testing/e2e/api_version/client_api_2023_06_01.go b/testing/e2e/api_version/client_api_2023_06_01.go
@@ -124,6 +124,7 @@ func (tester *ClientAPITester20230601) Checkin(ctx context.Context, apiKey, agen
 		&api.AgentCheckinParams{UserAgent: "elastic agent " + version.DefaultVersion},
 		api.AgentCheckinJSONRequestBody{
 			Status:      api.CheckinRequestStatusOnline,
+			Message:     "test checkin",
 			AckToken:    ackToken,
 			PollTimeout: dur,
 		},
diff --git a/testing/e2e/api_version/client_api_current.go b/testing/e2e/api_version/client_api_current.go
@@ -110,6 +110,7 @@ func (tester *ClientAPITester) Checkin(ctx context.Context, apiKey, agentID stri
 		&api.AgentCheckinParams{UserAgent: "elastic agent " + version.DefaultVersion},
 		api.AgentCheckinJSONRequestBody{
 			Status:      api.CheckinRequestStatusOnline,
+			Message:     "test checkin",
 			AckToken:    ackToken,
 			PollTimeout: dur,
 		},
