search

fleetdm / fleet

Open-source platform for IT, security, and infrastructure teams. (Linux, macOS, Chrome, Windows, cloud, data center)
https://fleetdm.com
Other
3.01k stars 417 forks source link

TestIntegrationsMDM/TestLifecycleSCEPCertExpiration test is flaky #20936

Open roperzh opened 2 months ago

roperzh commented 2 months ago

Fleet version: main

💥  Actual behavior

TestIntegrationsMDM/TestLifecycleSCEPCertExpiration fails frequently

See https://github.com/fleetdm/fleet/actions/runs/10446895806/job/28946587576 as an example failure.

    integration_mdm_lifecycle_test.go:810: 
            Error Trace:    /home/runner/work/fleet/fleet/server/service/integration_mdm_lifecycle_test.go:810
            Error:          Expected nil, but got: &mdm.Command{CommandUUID: ...

It expects the automaticEnrolledDevice to not have received any new command after re-enrollment for SCEP renewal, but this device receives:

    <key>Command</key>
    <dict>
      <key>ManifestURL</key>
      <string>.../stable/fleetd-base-manifest.plist</string>
      <key>RequestType</key>
      <string>InstallEnterpriseApplication</string>
    </dict>
mna commented 3 weeks ago

Hey @roperzh , I'm looking for small-scoped bugs for today before leaving for vacation, so if you don't mind I'll take a shot at this ticket (will move back to Ready if I don't fix by EOD).

mna commented 3 weeks ago

I debugged it somewhat, but not familiar with the SCEP renewal flow so I'm not sure why it behaves the way it does. Look at my WIP PR for notes and pointers: https://github.com/fleetdm/fleet/pull/22023

Keeping in mind that I don't fully understand the flow, I think there's either a bug in the test (the setup of data is not correct, or something like that), or in the implementation of the renewal (but it looked ok due to not running the worker). Would greatly benefit from a look by someone more familiar to take it to the finish line! Moving back to Ready so others can take a look.