From 4edab240ff01fe15e399c303398e50e6567d0f26 Mon Sep 17 00:00:00 2001
From: Marcos Oviedo <marcos@fleetdm.com>
Date: Mon, 16 Oct 2023 11:07:40 -0300
Subject: [PATCH] Fixing issue with Orbit not sending bitlocker error (#14547)

This is related to #14546

- [X] Changes file added for user-visible changes in `changes/` or
`orbit/changes/`.
See [Changes
files](https://fleetdm.com/docs/contributing/committing-changes#changes-files)
for more information.
- [X] Manual QA for all new/changed functionality

---------

Co-authored-by: Martin Angers <martin.n.angers@gmail.com>
---
 .../14546-orbit-not-reporting-bitlocker-errors     |  1 +
 orbit/pkg/update/notifications.go                  | 14 ++++++++++----
 2 files changed, 11 insertions(+), 4 deletions(-)
 create mode 100644 orbit/changes/14546-orbit-not-reporting-bitlocker-errors

diff --git a/orbit/changes/14546-orbit-not-reporting-bitlocker-errors b/orbit/changes/14546-orbit-not-reporting-bitlocker-errors
new file mode 100644
index 000000000000..9f045b3abbad
--- /dev/null
+++ b/orbit/changes/14546-orbit-not-reporting-bitlocker-errors
@@ -0,0 +1 @@
+* Orbit is now properly reporting Bitlocker encryption errors to Fleet server
diff --git a/orbit/pkg/update/notifications.go b/orbit/pkg/update/notifications.go
index e07c6648cc1b..3b524f64c807 100644
--- a/orbit/pkg/update/notifications.go
+++ b/orbit/pkg/update/notifications.go
@@ -487,9 +487,13 @@ func (w *windowsMDMBitlockerConfigFetcher) attemptBitlockerEncryption(notifs fle
 		// Otherwise, using the real one
 		fn = bitlocker.EncryptVolume
 	}
+
+	// Encryption operation is performed here, err will be captured if any
+	// Error will be returned if the encryption operation failed after sending it to Fleet Server
 	recoveryKey, err := fn(targetVolume)
 
 	// Getting Bitlocker encryption operation error message if any
+	// This is going to be sent to Fleet Server
 	bitlockerError := ""
 	if err != nil {
 		bitlockerError = err.Error()
@@ -501,14 +505,16 @@ func (w *windowsMDMBitlockerConfigFetcher) attemptBitlockerEncryption(notifs fle
 		ClientError:   bitlockerError,
 	}
 
-	if err != nil {
-		log.Error().Err(err).Msg("failed to encrypt the volume")
+	errServerUpdate := w.EncryptionResult.SetOrUpdateDiskEncryptionKey(payload)
+	if errServerUpdate != nil {
+		log.Error().Err(errServerUpdate).Msg("failed to send encryption result to Fleet Server")
 		return
 	}
 
-	err = w.EncryptionResult.SetOrUpdateDiskEncryptionKey(payload)
+	// This is the error status of the Bitlocker encryption operation
+	// it is returned here after sending the result to Fleet Server
 	if err != nil {
-		log.Error().Err(err).Msg("failed to send encryption result to Fleet Server")
+		log.Error().Err(err).Msg("failed to encrypt the volume")
 		return
 	}