Skip to content

[Fleet] Allow to delete orphaned agentless policies#271952

Open
nchaulet wants to merge 5 commits into
mainfrom
feature-allow-delete-oprhan-agentless-policies
Open

[Fleet] Allow to delete orphaned agentless policies#271952
nchaulet wants to merge 5 commits into
mainfrom
feature-allow-delete-oprhan-agentless-policies

Conversation

@nchaulet
Copy link
Copy Markdown
Member

@nchaulet nchaulet commented May 29, 2026

Summary

Resolves #266426

When an agentless agent policy is manually deleted from Elasticsearch, its associated package policies become orphaned. Attempting to delete them through the agentless API fails with a 404 because the agent
policy no longer exists.

This PR handles that 404 gracefully by cleaning up orphaned resources (package policies and agentless deployment) instead of throwing.

Changes

  • deleteAgentlessPolicy now catches 404 from agentPolicyService.get() and falls back to orphan cleanup instead of throwing
  • deleteOrphanedAgentlessResources (new private method) deletes orphaned package policies via findAllForAgentPolicy + delete with force: true, then issues a best-effort DELETE to the Agentless API

Test plan

  • Unit tests: orphan cleanup on 404, rethrow on non-404 errors
  • API integration test: directly deletes the agent policy SO, then verifies the agentless delete API succeeds and cleans up the package policy

@nchaulet nchaulet self-assigned this May 29, 2026
@nchaulet nchaulet requested a review from a team as a code owner May 29, 2026 15:51
@nchaulet nchaulet added release_note:skip Skip the PR/issue when compiling release notes Team:Fleet Team label for Observability Data Collection Fleet team backport:version Backport to applied version labels v9.4.3 labels May 29, 2026
@infra-vault-gh-plugin-prod
Copy link
Copy Markdown

infra-vault-gh-plugin-prod Bot commented May 29, 2026

Pinging @elastic/fleet (Team:Fleet)

@MichelLosier MichelLosier self-requested a review May 29, 2026 18:51
@kibanamachine
Copy link
Copy Markdown
Contributor

kibanamachine commented May 29, 2026

💚 Build Succeeded

Metrics [docs]

✅ unchanged

History

cc @nchaulet

MichelLosier
MichelLosier approved these changes May 29, 2026
View reviewed changes
Copy link
Copy Markdown
Contributor

@MichelLosier MichelLosier left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Looks and works great! :shipit:

Comment thread x-pack/platform/plugins/shared/fleet/server/services/agentless/agentless_policies.ts
});
}

private async deleteOrphanedAgentlessResources(policyId: string, user?: any) {
Copy link
Copy Markdown
Contributor

@MichelLosier MichelLosier May 29, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

[nit] Think we can avoid the any type here

Suggested change
private async deleteOrphanedAgentlessResources(policyId: string, user?: any) {
private async deleteOrphanedAgentlessResources(policyId: string, user?: AuthenticatedUser, {

WIth that may not need to ?? undefined below, since the AuthenticatedUser type is expected.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@MichelLosier MichelLosier MichelLosier approved these changes

Assignees

@nchaulet nchaulet

Labels

backport:version Backport to applied version labels release_note:skip Skip the PR/issue when compiling release notes Team:Fleet Team label for Observability Data Collection Fleet team v9.4.3

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

[Fleet] Can't delete orphaned agentless package policy

3 participants

@nchaulet @kibanamachine @MichelLosier