Skip to content

Comments

agentless: less strict checking of response status codes#243

Merged
diogocp merged 12 commits intomasterfrom
diogocp/K9VULN-7897-fix-agentless-activation
Sep 1, 2025
Merged

agentless: less strict checking of response status codes#243
diogocp merged 12 commits intomasterfrom
diogocp/K9VULN-7897-fix-agentless-activation

Conversation

@diogocp
Copy link
Member

@diogocp diogocp commented Aug 26, 2025
edited
Loading

What does this PR do?

  • Remove most checks of specific values of status codes
    • any 2xx should be accepted; we don't care about the response body anyway
  • Allow delete to "fail" with 4xx
    • failing stack deletions is very annoying and should be avoided
  • Add unit tests and GitHub action to run them
  • Update to Python 3.13
  • Minor cleanup and refactoring

Motivation

The initial motivation was allowing the PATCH response to include the updated resource (with status 200 instead of 204).

However, instead of simply allowing an extra status code, I decided to remove most of the checks.

Checking specific values of status codes causes more harm than good. Throwing errors when we get a 200 instead of 204 has no benefit. Either way, the request succeeded. Throwing an error that users have no way to handle just causes unnecessary stack failures.

Even unsuccessful status codes are not necessarily a problem. If a delete request fails with 404, that just means that the resource has already been deleted, i.e. the system is already in the desired state. It makes no sense to fail the stack deletion because of this, creating a problem where there was none.

Testing Guidelines

Tested scenarios:

  • Stack created when scan options exist
  • Stack created when scan options do not exist
  • Stack deleted when scan options exist
  • Stack deleted when scan options do not exist

@diogocp diogocp requested review from a team as code owners August 26, 2025 16:50
diogocp added 8 commits August 27, 2025 00:39
@diogocp
Do not check successful status codes
23c985f 
Checking specific values of status codes causes more harm than good.
Throwing errors when we get a 200 instead of 204 has no benefit. Either
way, the request succeeded. Throwing an error that users have no way
to handle just causes unnecessary stack failures.

Even unsuccessful status codes are not necessarily a problem. If a
delete request fails with 404, that just means that the resource has
already been deleted, i.e. the system is already in the desired state.
It makes no sense to fail the stack deletion because of this, creating
a problem where there was none.
@diogocp
Add unit tests for Agentless API call function
9fd877e
@diogocp
Add GitHub action to run tests
e8f2b45
@diogocp
agentless: upgrade to Python 3.13
95755ac
@diogocp
Run tests only on Python file changes
53822ca
@diogocp
Run tests on pull requests
6eb2448
@diogocp
Fix f-strings
16e9f4f
@diogocp
Do not fail stack deletion on API call errors
46bde3d 
For most client errors, the best option is to continue with the stack
deletion, since users have no way to fix the request, and at least this
way they can clean up the scanner resources.

An exception might be 429 Too Many Requests, where one could just try
deleting the stack later, but it really doesn't make sense to block a
stack deletion for that reason.
@diogocp diogocp merged commit b7f595d into master Sep 1, 2025
4 checks passed
@diogocp diogocp deleted the diogocp/K9VULN-7897-fix-agentless-activation branch September 1, 2025 11:12
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@jinroh jinroh jinroh approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@diogocp @jinroh