From b13fb553acff77f009982e2b6bf6350314e81b7b Mon Sep 17 00:00:00 2001
From: Blake Covarrubias <blake@covarrubi.as>
Date: Thu, 6 Jan 2022 12:38:37 -0800
Subject: [PATCH] api: Return 404 when deregistering a non-existent check
 (#11950)

Update the `/agent/check/deregister/` API endpoint to return a 404
HTTP response code when an attempt is made to de-register a check ID
that does not exist on the agent.

This brings the behavior of /agent/check/deregister/ in line with the
behavior of /agent/service/deregister/ which was changed in #10632 to
similarly return a 404 when de-registering non-existent services.

Fixes #5821
---
 .changelog/11950.txt         |  3 +++
 agent/acl.go                 |  4 +++-
 agent/agent_endpoint_test.go | 33 +++++++++++++++++++++++++++------
 3 files changed, 33 insertions(+), 7 deletions(-)
 create mode 100644 .changelog/11950.txt

diff --git a/.changelog/11950.txt b/.changelog/11950.txt
new file mode 100644
index 000000000..6e9147674
--- /dev/null
+++ b/.changelog/11950.txt
@@ -0,0 +1,3 @@
+```release-note:improvement
+api: Return 404 when de-registering a non-existent check
+```
diff --git a/agent/acl.go b/agent/acl.go
index ae7efdde1..fa2259cfd 100644
--- a/agent/acl.go
+++ b/agent/acl.go
@@ -149,7 +149,9 @@ func (a *Agent) vetCheckUpdateWithAuthorizer(authz acl.Authorizer, checkID struc
 			}
 		}
 	} else {
-		return fmt.Errorf("Unknown check ID %q. Ensure that the check ID is passed, not the check name.", checkID.String())
+		return NotFoundError{Reason: fmt.Sprintf(
+			"Unknown check ID %q. Ensure that the check ID is passed, not the check name.",
+			checkID.String())}
 	}
 
 	return nil
diff --git a/agent/agent_endpoint_test.go b/agent/agent_endpoint_test.go
index 5d7bed8ba..6e5025dd2 100644
--- a/agent/agent_endpoint_test.go
+++ b/agent/agent_endpoint_test.go
@@ -2889,12 +2889,19 @@ func TestAgent_DeregisterCheck(t *testing.T) {
 		t.Fatalf("err: %v", err)
 	}
 
-	req, _ := http.NewRequest("PUT", "/v1/agent/check/deregister/test", nil)
-	resp := httptest.NewRecorder()
-	a.srv.h.ServeHTTP(resp, req)
-	if http.StatusOK != resp.Code {
-		t.Fatalf("expected 200 but got %v", resp.Code)
-	}
+	t.Run("remove registered check", func(t *testing.T) {
+		req, _ := http.NewRequest("PUT", "/v1/agent/check/deregister/test", nil)
+		resp := httptest.NewRecorder()
+		a.srv.h.ServeHTTP(resp, req)
+		require.Equal(t, http.StatusOK, resp.Code)
+	})
+
+	t.Run("remove non-existent check", func(t *testing.T) {
+		req, _ := http.NewRequest("PUT", "/v1/agent/check/deregister/test", nil)
+		resp := httptest.NewRecorder()
+		a.srv.h.ServeHTTP(resp, req)
+		require.Equal(t, http.StatusNotFound, resp.Code)
+	})
 
 	// Ensure we have a check mapping
 	requireCheckMissing(t, a, "test")
@@ -2928,6 +2935,20 @@ func TestAgent_DeregisterCheckACLDeny(t *testing.T) {
 		a.srv.h.ServeHTTP(resp, req)
 		require.Equal(t, http.StatusOK, resp.Code)
 	})
+
+	t.Run("non-existent check without token", func(t *testing.T) {
+		req, _ := http.NewRequest("PUT", "/v1/agent/check/deregister/_nope_", nil)
+		resp := httptest.NewRecorder()
+		a.srv.h.ServeHTTP(resp, req)
+		require.Equal(t, http.StatusNotFound, resp.Code)
+	})
+
+	t.Run("non-existent check with token", func(t *testing.T) {
+		req, _ := http.NewRequest("PUT", "/v1/agent/check/deregister/_nope_?token=root", nil)
+		resp := httptest.NewRecorder()
+		a.srv.h.ServeHTTP(resp, req)
+		require.Equal(t, http.StatusNotFound, resp.Code)
+	})
 }
 
 func TestAgent_PassCheck(t *testing.T) {