Skip to content

[8.19](backport #7007) Fix missing authAgent in UploadChunk#7020

Merged
blakerouse merged 1 commit into
8.19from
mergify/bp/8.19/pr-7007
May 12, 2026
Merged

[8.19](backport #7007) Fix missing authAgent in UploadChunk#7020
blakerouse merged 1 commit into
8.19from
mergify/bp/8.19/pr-7007

Conversation

@mergify
Copy link
Copy Markdown
Contributor

@mergify mergify Bot commented May 12, 2026

What is the problem this PR solves?

In the UploadChunk the authAgent was not being called to validate that the uploading agent of the chunk has the permissions to write that chunk. It validated that there was a valid API key, it just didn't validate that the agent with the valid API key is the agent that should be uploading the chunk.

In ValidAPIKey a disabled API key was considered valid even once disabled.

How does this PR solve the problem?

It adds the authAgent check to the UploadChunk.

It sets ok = false when the API key is disabled in CacheT.ValidAPIKey.

Design Checklist

  • I have ensured my design is stateless and will work when multiple fleet-server instances are behind a load balancer.
  • I have or intend to scale test my changes, ensuring it will work reliably with 100K+ agents connected.
  • [ ] I have included fail safe mechanisms to limit the load on fleet-server: rate limiting, circuit breakers, caching, load shedding, etc.

Checklist

  • I have commented my code, particularly in hard-to-understand areas
  • [ ] I have made corresponding changes to the documentation
  • [ ] I have made corresponding change to the default configuration files
  • I have added tests that prove my fix is effective or that my feature works
  • I have added an entry in ./changelog/fragments using the changelog tool
This is an automatic backport of pull request #7007 done by [Mergify](https://mergify.com).

@blakerouse @mergify
Fix missing authAgent in UploadChunk (#7007)
5906114 
In the UploadChunk the authAgent was not being called to validate that the uploading agent of the chunk has the permissions to write that chunk. It validated that there was a valid API key, it just didn't validate that the agent with the valid API key is the agent that should be uploading the chunk.

(cherry picked from commit 4425e63)
@mergify mergify Bot requested a review from a team as a code owner May 12, 2026 17:24
@mergify mergify Bot added the backport label May 12, 2026
@mergify mergify Bot requested review from samuelvl and swiatekm May 12, 2026 17:24
@mergify mergify Bot mentioned this pull request May 12, 2026
Merged
5 tasks
@github-actions github-actions Bot added the Team:Elastic-Agent-Control-Plane Label for the Agent Control Plane team label May 12, 2026
@blakerouse blakerouse merged commit 102a8ee into 8.19 May 12, 2026
8 checks passed
@blakerouse blakerouse deleted the mergify/bp/8.19/pr-7007 branch May 12, 2026 20:49
@vishaangelova vishaangelova mentioned this pull request May 26, 2026
Merged
5 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@swiatekm swiatekm swiatekm approved these changes

@samuelvl samuelvl Awaiting requested review from samuelvl samuelvl is a code owner automatically assigned from elastic/elastic-agent-control-plane

Assignees

@blakerouse blakerouse

Labels

backport Team:Elastic-Agent-Control-Plane Label for the Agent Control Plane team

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@swiatekm @blakerouse