From e9af46a8cbddba5e17d292d2776067c3523f2b51 Mon Sep 17 00:00:00 2001
From: reyesj2 <94730068+reyesj2@users.noreply.github.com>
Date: Tue, 30 Sep 2025 14:28:42 -0500
Subject: [PATCH] less strict exits for fleet configuration

---
 .../tools/sbin/so-elastic-fleet-common        |  2 +-
 ...ic-fleet-integration-policy-elastic-defend | 10 ++++++--
 .../so-elastic-fleet-integration-policy-load  | 25 ++++++++++++-------
 .../so-elastic-fleet-integration-upgrade      | 10 ++++++--
 4 files changed, 33 insertions(+), 14 deletions(-)

diff --git a/salt/elasticfleet/tools/sbin/so-elastic-fleet-common b/salt/elasticfleet/tools/sbin/so-elastic-fleet-common
index 4ca5030aa..1a597b1db 100644
--- a/salt/elasticfleet/tools/sbin/so-elastic-fleet-common
+++ b/salt/elasticfleet/tools/sbin/so-elastic-fleet-common
@@ -27,7 +27,7 @@ fleet_api() {
     local QUERYPATH=$1
     shift
 
-    curl -sK /opt/so/conf/elasticsearch/curl.config -L "localhost:5601/api/fleet/${QUERYPATH}" "$@" --retry 3 --fail 2>/dev/null
+    curl -sK /opt/so/conf/elasticsearch/curl.config -L "localhost:5601/api/fleet/${QUERYPATH}" "$@" --retry 3 --retry-delay 10 --fail 2>/dev/null
 }
 
 elastic_fleet_integration_check() {
diff --git a/salt/elasticfleet/tools/sbin/so-elastic-fleet-integration-policy-elastic-defend b/salt/elasticfleet/tools/sbin/so-elastic-fleet-integration-policy-elastic-defend
index 9769f2f79..d036f0d94 100755
--- a/salt/elasticfleet/tools/sbin/so-elastic-fleet-integration-policy-elastic-defend
+++ b/salt/elasticfleet/tools/sbin/so-elastic-fleet-integration-policy-elastic-defend
@@ -8,6 +8,7 @@
 
 . /usr/sbin/so-elastic-fleet-common
 
+ERROR=false
 # Manage Elastic Defend Integration for Initial Endpoints Policy
 for INTEGRATION in /opt/so/conf/elastic-fleet/integrations/elastic-defend/*.json
 do
@@ -17,13 +18,18 @@ do
       printf "\n\nIntegration $NAME exists - Upgrading integration policy\n"
       if ! elastic_fleet_integration_policy_upgrade "$INTEGRATION_ID"; then
         echo -e "\nFailed to upgrade integration policy for ${INTEGRATION##*/}"
-        exit 1
+        ERROR=true
+        continue
       fi
   else
     printf "\n\nIntegration does not exist - Creating integration\n"
     if ! elastic_fleet_integration_create "@$INTEGRATION"; then
         echo -e "\nFailed to create integration for ${INTEGRATION##*/}"
-        exit 1
+        ERROR=true
+        continue
     fi
   fi
 done
+if [[ "$ERROR" == "true" ]]; then
+    exit 1
+fi
\ No newline at end of file
diff --git a/salt/elasticfleet/tools/sbin/so-elastic-fleet-integration-policy-load b/salt/elasticfleet/tools/sbin/so-elastic-fleet-integration-policy-load
index 8427b47bc..ca260891f 100644
--- a/salt/elasticfleet/tools/sbin/so-elastic-fleet-integration-policy-load
+++ b/salt/elasticfleet/tools/sbin/so-elastic-fleet-integration-policy-load
@@ -17,7 +17,6 @@ if [ ! -f /opt/so/state/eaintegrations.txt ]; then
 
   # Third, configure Elastic Defend Integration seperately
   /usr/sbin/so-elastic-fleet-integration-policy-elastic-defend
-
   # Initial Endpoints
   for INTEGRATION in /opt/so/conf/elastic-fleet/integrations/endpoints-initial/*.json
   do
@@ -27,13 +26,15 @@ if [ ! -f /opt/so/state/eaintegrations.txt ]; then
       printf "\n\nIntegration $NAME exists - Updating integration\n"
       if ! elastic_fleet_integration_update "$INTEGRATION_ID" "@$INTEGRATION"; then
         echo -e "\nFailed to update integration for ${INTEGRATION##*/}"
-        exit 1
+        RETURN_CODE=1
+        continue
       fi
     else
       printf "\n\nIntegration does not exist - Creating integration\n"
       if ! elastic_fleet_integration_create "@$INTEGRATION"; then
         echo -e "\nFailed to create integration for ${INTEGRATION##*/}"
-        exit 1
+        RETURN_CODE=1
+        continue
       fi
     fi
   done
@@ -47,13 +48,15 @@ if [ ! -f /opt/so/state/eaintegrations.txt ]; then
       printf "\n\nIntegration $NAME exists - Updating integration\n"
       if ! elastic_fleet_integration_update "$INTEGRATION_ID" "@$INTEGRATION"; then
         echo -e "\nFailed to update integration for ${INTEGRATION##*/}"
-        exit 1
+        RETURN_CODE=1
+        continue
       fi
     else
       printf "\n\nIntegration does not exist - Creating integration\n"
       if ! elastic_fleet_integration_create "@$INTEGRATION"; then
         echo -e "\nFailed to create integration for ${INTEGRATION##*/}"
-        exit 1
+        RETURN_CODE=1
+        continue
       fi
     fi
   done
@@ -70,14 +73,16 @@ if [ ! -f /opt/so/state/eaintegrations.txt ]; then
       printf "\n\nIntegration $NAME exists - Updating integration\n"
       if ! elastic_fleet_integration_update "$INTEGRATION_ID" "@$INTEGRATION"; then
         echo -e "\nFailed to update integration for ${INTEGRATION##*/}"
-        exit 1
+        RETURN_CODE=1
+        continue
       fi
     else
       printf "\n\nIntegration does not exist - Creating integration\n"
       if [ "$NAME" != "elasticsearch-logs" ]; then
         if ! elastic_fleet_integration_create "@$INTEGRATION"; then
           echo -e "\nFailed to create integration for ${INTEGRATION##*/}"
-          exit 1
+          RETURN_CODE=1
+          continue
         fi
       fi
     fi
@@ -97,14 +102,16 @@ if [ ! -f /opt/so/state/eaintegrations.txt ]; then
         printf "\n\nIntegration $NAME exists - Updating integration\n"
         if ! elastic_fleet_integration_update "$INTEGRATION_ID" "@$INTEGRATION"; then
           echo -e "\nFailed to update integration for ${INTEGRATION##*/}"
-          exit 1
+          RETURN_CODE=1
+          continue
         fi
       else
         printf "\n\nIntegration does not exist - Creating integration\n"
         if [ "$NAME" != "elasticsearch-logs" ]; then
           if ! elastic_fleet_integration_create "@$INTEGRATION"; then
             echo -e "\nFailed to create integration for ${INTEGRATION##*/}"
-            exit 1
+            RETURN_CODE=1
+            continue
           fi
         fi
       fi
diff --git a/salt/elasticfleet/tools/sbin_jinja/so-elastic-fleet-integration-upgrade b/salt/elasticfleet/tools/sbin_jinja/so-elastic-fleet-integration-upgrade
index f1154af1e..1a1448c53 100644
--- a/salt/elasticfleet/tools/sbin_jinja/so-elastic-fleet-integration-upgrade
+++ b/salt/elasticfleet/tools/sbin_jinja/so-elastic-fleet-integration-upgrade
@@ -24,6 +24,7 @@ fi
 
 default_packages=({% for pkg in SUPPORTED_PACKAGES %}"{{ pkg }}"{% if not loop.last %} {% endif %}{% endfor %})
 
+ERROR=false
 for AGENT_POLICY in $agent_policies; do
     if ! integrations=$(elastic_fleet_integration_policy_names "$AGENT_POLICY"); then
         # this script upgrades default integration packages, exit 1 and let salt handle retrying
@@ -73,11 +74,13 @@ for AGENT_POLICY in $agent_policies; do
                         echo "No errors detected. Proceeding with upgrade..."
                         if ! elastic_fleet_integration_policy_upgrade "$INTEGRATION_ID"; then
                             echo "Error: Upgrade failed for $PACKAGE_NAME with integration ID '$INTEGRATION_ID'."
-                            exit 1
+                            ERROR=true
+                            continue
                         fi
                     else
                         echo "Errors detected during dry run for $PACKAGE_NAME policy upgrade..."
-                        exit 1
+                        ERROR=true
+                        continue
                     fi
                 fi
             {%- if not AUTO_UPGRADE_INTEGRATIONS %}
@@ -86,4 +89,7 @@ for AGENT_POLICY in $agent_policies; do
         fi
     done
 done
+if [[ "$ERROR" == "true" ]]; then
+    exit 1
+fi
 echo