elastic · ycombinator · Jun 28, 2024 · Jun 19, 2024 · Jun 19, 2024 · Jun 20, 2024
@@ -0,0 +1,34 @@
+# Kind can be one of:
+# - breaking-change: a change to previously-documented behavior
+# - deprecation: functionality that is being removed in a later release
+# - bug-fix: fixes a problem in a previous version
+# - enhancement: extends functionality but does not break or fix existing behavior
+# - feature: new functionality
+# - known-issue: problems that we are aware of in a given version
+# - security: impacts on the security of a product or a user’s deployment.
+# - upgrade: important information for someone upgrading from a prior version
+# - other: does not fit into any of the other categories
+kind: bug
+
+# Change summary; a 80ish characters long description of the change.
+summary: Check for tamper protection when uninstalling
+
+# Long description; in case the summary is not enough to describe the change
+# this field accommodate a description without length limits.
+# NOTE: This field will be rendered only for breaking-change and known-issue kinds at the moment.
+description: |
+  The uninstall function will now explictily check if tamper protection is enabled
+  and if a token has been passed before proceeding.
+
+# Affected component; a word indicating the component this changeset affects.
+component:
+
+# PR URL; optional; the PR number that added the changeset.
+# If not present is automatically filled by the tooling finding the PR where this changelog fragment has been added.
+# NOTE: the tooling supports backports, so it's able to fill the original PR number instead of the backport PR number.
+# Please provide it if you are adding a fragment for a different PR.
+#pr: https://github.com/owner/repo/1234
+
+# Issue URL; optional; the GitHub issue related to this changeset (either closes or is part of).
+# If not present is automatically filled by the tooling with the issue linked to the PR number.
+issue: https://github.com/elastic/elastic-agent/issues/4506
diff --git a/internal/pkg/agent/install/uninstall.go b/internal/pkg/agent/install/uninstall.go
@@ -46,6 +46,34 @@ func Uninstall(cfgFile, topPath, uninstallToken string, log *logp.Logger, pt *pr
 		return fmt.Errorf("uninstall must be run from outside the installed path '%s'", topPath)
 	}
 
+	ctx := context.Background()
+
+	// check if the agent was installed using --unprivileged by checking the file vault for the agent secret (needed on darwin to correctly load the vault)
+	unprivileged, err := checkForUnprivilegedVault(ctx)
+	if err != nil {
+		return fmt.Errorf("error checking for unprivileged vault: %w", err)
+	}
+
+	// Load config so we can check the tamper protection feature
+	cfg, err := operations.LoadFullAgentConfig(ctx, log, cfgFile, false, unprivileged)
+	if err != nil {
+		return fmt.Errorf("error loading agent config: %w", err)
+	}
+	cfg, err = applyDynamics(ctx, log, cfg)
+	if err != nil {
+		return fmt.Errorf("error applying dynamic inputs: %w", err)
+	}
+	if err := features.Apply(cfg); err != nil {
+		return fmt.Errorf("could not parse and apply feature flags config: %w", err)
+	}
+	// Fail if tamper protection is enabled but no uninstallToken is specified
+	if features.TamperProtection() && uninstallToken == "" {
+		return aerrors.New(
+			fmt.Errorf("missing uninstall token"),
+			"tamper protection detected, elastic-agent uninstall command must be ran with a valid --uninstall-token arg",
+		)
+	}
+
 	// ensure service is stopped
 	status, err := EnsureStoppedService(topPath, pt)
 	if err != nil {
@@ -58,14 +86,6 @@ func Uninstall(cfgFile, topPath, uninstallToken string, log *logp.Logger, pt *pr
 		return fmt.Errorf("failed trying to kill any running watcher: %w", err)
 	}
 
-	ctx := context.Background()
-
-	// check if the agent was installed using --unprivileged by checking the file vault for the agent secret (needed on darwin to correctly load the vault)
-	unprivileged, err := checkForUnprivilegedVault(ctx)
-	if err != nil {
-		return fmt.Errorf("error checking for unprivileged vault: %w", err)
-	}
-
 	// Uninstall components first
 	if err := uninstallComponents(ctx, cfgFile, uninstallToken, log, pt, unprivileged); err != nil {
 		// If service status was running it was stopped to uninstall the components.

diff --git a/pkg/features/features.go b/pkg/features/features.go
@@ -49,6 +49,10 @@ type cfg struct {
 				Enabled bool `json:"enabled" yaml:"enabled" config:"enabled"`
 			} `json:"tamper_protection,omitempty" yaml:"tamper_protection,omitempty" config:"tamper_protection,omitempty"`
 		} `json:"features" yaml:"features" config:"features"`
+		// Agent config has protection as a top level field.
+		Protection *struct {
+			Enabled bool `json:"enabled" yaml:"enabled" config:"enabled"`
+		} `json:"protection,omitempty" yaml:"protection,omitempty" config:"protection,omitempty"`
 	} `json:"agent" yaml:"agent" config:"agent"`
 }
 
@@ -179,9 +183,13 @@ func Parse(policy any) (*Flags, error) {
 	flags := new(Flags)
 	flags.setFQDN(parsedFlags.Agent.Features.FQDN.Enabled)
 
-	// Tamper protection flag is optional, fallback on default value if missing
+	// Optional value defined by agent.features.tamper_protection.enabled is preffered.
+	// If missing, optional  value provided by agent.protection.enabled is used
+	// Otherwise fallback on default value
 	if parsedFlags.Agent.Features.TamperProtection != nil {
 		flags.setTamperProtection(parsedFlags.Agent.Features.TamperProtection.Enabled)
+	} else if parsedFlags.Agent.Protection != nil {
+		flags.setTamperProtection(parsedFlags.Agent.Protection.Enabled)
 	} else {
 		flags.setTamperProtection(defaultTamperProtection)
 	}