[Fleet][Agent tamper protection] Enables agent tamper protection feature flag (#166794)

## Summary

- Enables agent tamper protection feature flag.

---------

Co-authored-by: Kibana Machine <42973632+kibanamachine@users.noreply.github.com>

x-pack/plugins/fleet/common/experimental_features.ts

@@ -20,7 +20,7 @@ export const allowedExperimentalValues = Object.freeze({
   showIntegrationsSubcategories: true,
   agentFqdnMode: true,
   showExperimentalShipperOptions: false,
-  agentTamperProtectionEnabled: false,
+  agentTamperProtectionEnabled: true,
   secretsStorage: true,
   kafkaOutput: true,
 });

x-pack/plugins/fleet/public/applications/fleet/sections/agent_policy/components/agent_policy_advanced_fields/index.test.tsx

@@ -13,10 +13,6 @@ import type { RenderResult } from '@testing-library/react';
 import { createFleetTestRendererMock } from '../../../../../../mock';
 import type { TestRenderer } from '../../../../../../mock';
 
-import { allowedExperimentalValues } from '../../../../../../../common/experimental_features';
-
-import { ExperimentalFeaturesService } from '../../../../../../services/experimental_features';
-
 import { createAgentPolicyMock, createPackagePolicyMock } from '../../../../../../../common/mocks';
 import type { AgentPolicy, NewAgentPolicy } from '../../../../../../../common/types';
 
@@ -51,13 +47,6 @@ describe('Agent policy advanced options content', () => {
     newAgentPolicy = false,
     packagePolicy = [createPackagePolicyMock()],
   } = {}) => {
-    // remove when feature flag is removed
-    ExperimentalFeaturesService.init({
-      ...allowedExperimentalValues,
-      // @ts-expect-error ts upgrade v4.7.4
-      agentTamperProtectionEnabled: true,
-    });
-
     if (newAgentPolicy) {
       mockAgentPolicy = generateNewAgentPolicyWithDefaults();
     } else {

x-pack/plugins/fleet/public/applications/fleet/sections/agent_policy/list_page/index.test.tsx

@@ -9,8 +9,6 @@ import React from 'react';
 import type { RenderResult } from '@testing-library/react';
 import { fireEvent, waitFor } from '@testing-library/react';
 
-import { allowedExperimentalValues } from '../../../../../../common/experimental_features';
-import { ExperimentalFeaturesService } from '../../../../../services';
 import { createFleetTestRendererMock } from '../../../../../mock';
 import type { GetAgentPoliciesResponse } from '../../../../../../common';
 
@@ -37,13 +35,6 @@ describe('AgentPolicyListPage', () => {
   const render = () => {
     const renderer = createFleetTestRendererMock();
 
-    // todo: this can be removed when agentTamperProtectionEnabled feature flag is enabled/deleted
-    ExperimentalFeaturesService.init({
-      ...allowedExperimentalValues,
-      // @ts-expect-error ts upgrade v4.7.4
-      agentTamperProtectionEnabled: true,
-    });
-
     return renderer.render(<AgentPolicyListPage />);
   };
 

x-pack/plugins/fleet/public/applications/fleet/sections/agents/agent_list_page/index.test.tsx

@@ -10,8 +10,6 @@ import React from 'react';
 import type { RenderResult } from '@testing-library/react';
 import { act, fireEvent, waitFor } from '@testing-library/react';
 
-import { allowedExperimentalValues } from '../../../../../../common/experimental_features';
-import { ExperimentalFeaturesService } from '../../../../../services';
 import type { GetAgentPoliciesResponse } from '../../../../../../common';
 import { createFleetTestRendererMock } from '../../../../../mock';
 import { sendGetAgents, sendGetAgentStatus } from '../../../hooks';
@@ -290,13 +288,6 @@ describe('agent_list_page', () => {
 
       const renderer = createFleetTestRendererMock();
 
-      // todo: this can be removed when agentTamperProtectionEnabled feature flag is enabled/deleted
-      ExperimentalFeaturesService.init({
-        ...allowedExperimentalValues,
-        // @ts-expect-error ts upgrade v4.7.4
-        agentTamperProtectionEnabled: true,
-      });
-
       renderResult = renderer.render(<AgentListPage />);
 
       await waitFor(() => {

x-pack/plugins/fleet/server/integration_tests/cloud_preconfiguration.test.ts

@@ -160,9 +160,6 @@ describe('Fleet preconfiguration reset', () => {
             input['apm-server'].rum.source_mapping.elasticsearch.api_key = '';
           }
         });
-        data.agent.protection.signing_key = '';
-        data.signed.data = '';
-        data.signed.signature = '';
 
         expect(data).toEqual(
           expect.objectContaining({
@@ -178,8 +175,8 @@ describe('Fleet preconfiguration reset', () => {
               },
               protection: {
                 enabled: false,
-                signing_key: '',
-                uninstall_token_hash: '',
+                signing_key: data.agent.protection.signing_key,
+                uninstall_token_hash: data.agent.protection.uninstall_token_hash,
               },
             },
             id: 'policy-elastic-agent-on-cloud',
@@ -337,10 +334,7 @@ describe('Fleet preconfiguration reset', () => {
             },
             revision: 5,
             secret_references: [],
-            signed: {
-              data: '',
-              signature: '',
-            },
+            signed: data.signed,
           })
         );
       });

x-pack/plugins/fleet/server/mocks/index.ts

@@ -71,7 +71,6 @@ export const createAppContextStartContractMock = (
     securitySetup: securityMock.createSetup(),
     securityStart: securityMock.createStart(),
     logger: loggingSystemMock.create().get(),
-    // @ts-expect-error ts upgrade v4.7.4
     experimentalFeatures: {
       agentTamperProtectionEnabled: true,
       diagnosticFileUploadEnabled: true,

x-pack/plugins/fleet/server/routes/uninstall_token/handlers.test.ts

@@ -184,7 +184,8 @@ describe('uninstall token handlers', () => {
     });
   });
 
-  describe('Agent Tamper Protection feature flag', () => {
+  // TODO: remove it when agentTamperProtectionEnabled FF is removed
+  describe.skip('Agent Tamper Protection feature flag', () => {
     let config: { enableExperimental: string[] };
     let fakeRouter: jest.Mocked<VersionedRouter<FleetRequestHandlerContext>>;
     let fleetAuthzRouter: FleetAuthzRouter;