Skip to content

[Feature] Add unenrollment_timeout parameter to Fleet Agent Policy resource #1306

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 6 commits into from
Sep 16, 2025
Merged

[Feature] Add unenrollment_timeout parameter to Fleet Agent Policy resource #1306

merged 6 commits into from
Sep 16, 2025

Conversation

Copy link
Contributor

Copilot AI commented Sep 15, 2025
edited
Loading

This PR adds support for the "inactive agent unenrollment timeout" parameter to the elasticstack_fleet_agent_policy resource. This feature allows automatic unenrollment of agents that have been inactive for a specified duration, which is particularly useful in ephemeral environments like Kubernetes where agents frequently go offline.

Changes Made

Core Implementation

  • Added unenrollment_timeout attribute to the Fleet Agent Policy resource
  • Implemented proper version validation requiring Elastic Stack 8.15.0+
  • Added comprehensive unit and acceptance tests
  • Fixed floating-point precision issues in duration conversion logic
  • Cleaned up confusing duration conversion logic for better readability
  • Added changelog entry for the new feature

Technical Details

  • API Integration: Maps to the existing UnenrollTimeout field in the Kibana API
  • Duration Format: Accepts Go duration strings (e.g., 30s, 5m, 1h)
  • Version Checking: Includes MinVersionUnenrollmentTimeout = "8.15.0" constant
  • Consistent Patterns: Follows the exact same implementation pattern as the existing inactivity_timeout attribute

Usage Example

resource "elasticstack_fleet_agent_policy" "example" {
  name                 = "ephemeral-policy"
  namespace           = "default"
  description         = "Policy with automatic agent cleanup"
  inactivity_timeout   = "5m"   # Mark agents inactive after 5 minutes
  unenrollment_timeout = "15m"  # Auto-unenroll agents inactive for 15+ minutes
}

Testing

  • All existing tests continue to pass
  • Added comprehensive unit tests for version validation
  • Added acceptance tests covering create, update, and combined timeout scenarios
  • Fixed precision issues that were causing test failures during development

Documentation

  • Schema documentation automatically generated and included
  • Follows established patterns for attribute descriptions and validation

This implementation addresses the need for automatic cleanup of inactive agents in dynamic environments, helping prevent Fleet policies from being blocked during destruction due to accumulated offline agents.

Fixes #1169.

💡 You can make Copilot smarter by setting up custom instructions, customizing its development environment and configuring Model Context Protocol (MCP) servers. Learn more Copilot coding agent tips in the docs.

Copilot AI changed the title [WIP] [Feature] Add param to configure the "inactive agent unenrollment timeout" Fleet Agent Policy [Feature] Add unenrollment_timeout parameter to Fleet Agent Policy resource Sep 15, 2025
Copilot AI requested a review from tobio September 15, 2025 22:14
Copilot finished work on behalf of tobio September 15, 2025 22:14
tobio
tobio reviewed Sep 15, 2025
View reviewed changes
Copy link
Member

@tobio tobio left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@copilot can you fix up the review comment.

internal/fleet/agent_policy/models.go
Comment on lines +84 to +85
seconds := int64(*data.InactivityTimeout)
d := time.Duration(seconds) * time.Second
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This code is pretty confusing, where the duration is created incorrectly (using seconds, rather than nanoseconds, and then corrected. Fix up this case, and the UnenrollTimeout case below.

Suggested change
seconds := int64(*data.InactivityTimeout)
d := time.Duration(seconds) * time.Second
seconds := int64(*data.InactivityTimeout) * time.Second
d := time.Duration(seconds).Truncate(time.Second)

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Fixed the confusing duration conversion logic for both InactivityTimeout and UnenrollmentTimeout cases. The code now uses a cleaner approach with proper truncation for precision consistency. Changes in commit 6c44b35.

@tobio
Fix confusing duration conversion logic for timeout attributes
1466535 
Clean up duration conversion in populateFromAPI to make it more readable
and consistent. Apply truncation to ensure precision consistency for both
InactivityTimeout and UnenrollmentTimeout attributes.

Addresses review feedback on confusing duration conversion pattern.

Co-authored-by: tobio <[email protected]>
Copy link
Contributor Author

Copilot AI commented Sep 15, 2025

@copilot can you fix up the review comment.

Fixed the confusing duration conversion code in both InactivityTimeout and UnenrollmentTimeout cases. The code now uses a cleaner approach without the misleading intermediate step. Changes in commit 1466535.

Copilot AI requested a review from tobio September 15, 2025 23:35
Copilot finished work on behalf of tobio September 15, 2025 23:35
@tobio
Copy link
Member

tobio commented Sep 16, 2025

@copilot can you add an entry to CHANGELOG.md for this PR

Copy link
Contributor Author

Copilot AI commented Sep 16, 2025

@copilot can you add an entry to CHANGELOG.md for this PR

Added changelog entry for the unenrollment_timeout feature in commit 7b9c8d4.

@tobio tobio marked this pull request as ready for review September 16, 2025 00:35
@tobio tobio merged commit 6487901 into main Sep 16, 2025
50 checks passed
@tobio tobio deleted the copilot/fix-1169 branch September 16, 2025 00:35
tobio added a commit that referenced this pull request Sep 23, 2025
@tobio
Merge remote-tracking branch 'origin/main' into copilot/fix-1297
cdb6c41 
* origin/main:
  fix: nil reference in api.kibana_synthetics.go:418 in case of unmarshable arrays (#1320)
  Bump github.com/hashicorp/terraform-plugin-framework (#1326)
  Bump github.com/hashicorp/terraform-plugin-sdk/v2 from 2.37.0 to 2.38.0 (#1325)
  chore(deps): update golang:1.25.1 docker digest to 8305f5f (#1322)
  Clarify how acceptance tests should be run (#1324)
  Move diag utilities from utils to dedicated diagutil package (#1317)
  Add support for Kafka Fleet output types. (#1302)
  Allow a default for `allow_restricted_indices` within an API Key role descriptor (#1315)
  Improve docs generation (#1313)
  Add optional preventInitialBackfill for SLO API (#1071)
  Add support for dataViewId (#1305)
  [Feature] Add unenrollment_timeout parameter to Fleet Agent Policy resource (#1306)
  chore(deps): update actions/setup-go action to v6 (#1301)
  chore(deps): update golang docker tag to v1.25.1 (#1300)
  Update generated SLO client.  (#1303)
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@wandergeek wandergeek wandergeek approved these changes

@tobio tobio Awaiting requested review from tobio

Assignees

@tobio tobio

Copilot code review Copilot

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

[Feature] Add param to configure the "inactive agent unenrollment timeout" Fleet Agent Policy

3 participants

@tobio @wandergeek