fix: correct typos in default rate limit YAML keys (#6835) (#6847)

* fix: correct typos in default rate limit YAML keys

The embedded default YAML files used `pgp_retieval_limit` (missing 'r')
instead of `pgp_retrieval_limit`, causing the values to never deserialize
into the Go struct. PGP retrieval limits silently fell back to hardcoded
defaults for all agent-count tiers.

Also fixes `policy_interval` -> `policy_limit` in lte10000_limits.yml
and renames `lte2500_limite.yml` -> `lte2500_limits.yml`.

Adds a regression test that verifies all embedded YAML files populate
every limit field, catching future key/struct-tag mismatches.



* test: use reflection to validate YAML keys match struct tags

Replace manually enumerated field assertions with a reflection-based
approach that reads raw YAML keys and verifies each has a matching
`config` struct tag on serverLimitDefaults. This catches typos
automatically without needing to update the test when fields are added.



* Cleanup test code

* Update internal/pkg/config/env_defaults_test.go



---------



(cherry picked from commit 47b6210)

Co-authored-by: Michel Laterman <82832767+michel-laterman@users.noreply.github.com>
Co-authored-by: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Co-authored-by: Shaunak Kashyap <ycombinator@gmail.com>

Author: 4 people

changelog/fragments/1776205410-Fix-typos-in-default-rate-limit-YAML-keys-that-prevented-PGP-retrieval-and-policy-limits-from-loading.yaml

@@ -0,0 +1,3 @@
+kind: bug-fix
+summary: Fix typos in default rate limit YAML keys that prevented PGP retrieval and policy limits from loading
+component: fleet-server

internal/pkg/config/defaults/lte10000_limits.yml

@@ -10,7 +10,7 @@ server_limits:
   action_limit:
     interval: 1ms
     burst: 10
-  policy_interval:
+  policy_limit:
     interval: 5ms
     burst: 1
   checkin_limit:
@@ -49,7 +49,7 @@ server_limits:
     interval: 100ms
     burst: 40
     max: 80
-  pgp_retieval_limit:
+  pgp_retrieval_limit:
     interval: 1ms
     burst: 2000
     max: 4000

internal/pkg/config/defaults/lte20000_limits.yml

@@ -49,7 +49,7 @@ server_limits:
     interval: 100ms
     burst: 40
     max: 80
-  pgp_retieval_limit:
+  pgp_retrieval_limit:
     interval: 0.5ms
     burst: 4000
     max: 8000

…l/pkg/config/defaults/lte2500_limite.yml …l/pkg/config/defaults/lte2500_limits.ymlinternal/pkg/config/defaults/lte2500_limite.yml renamed to internal/pkg/config/defaults/lte2500_limits.yml internal/pkg/config/defaults/lte2500_limite.yml renamed to internal/pkg/config/defaults/lte2500_limits.yml

@@ -49,7 +49,7 @@ server_limits:
     interval: 100ms
     burst: 10
     max: 20
-  pgp_retieval_limit:
+  pgp_retrieval_limit:
     interval: 5ms
     burst: 500
     max: 1000

internal/pkg/config/defaults/lte40000_limits.yml

@@ -48,7 +48,7 @@ server_limits:
     interval: 100ms
     burst: 40
     max: 80
-  pgp_retieval_limit:
+  pgp_retrieval_limit:
     interval: 0.5ms
     burst: 4000
     max: 8000

internal/pkg/config/defaults/lte5000_limits.yml

@@ -49,7 +49,7 @@ server_limits:
     interval: 100ms
     burst: 20
     max: 40
-  pgp_retieval_limit:
+  pgp_retrieval_limit:
     interval: 2ms
     burst: 1000
     max: 2000

internal/pkg/config/defaults/max_limits.yml

@@ -47,7 +47,7 @@ server_limits:
     interval: 100ms
     burst: 40
     max: 80
-  pgp_retieval_limit:
+  pgp_retrieval_limit:
     interval: 0.25ms
     burst: 8000
     max: 16000

internal/pkg/config/env_defaults_test.go

@@ -2,17 +2,21 @@
 // or more contributor license agreements. Licensed under the Elastic License;
 // you may not use this file except in compliance with the Elastic License.
 
-// Code generated by dev-tools/cmd/buildlimits/buildlimits.go - DO NOT EDIT.
-
 package config
 
 import (
+	"io"
+	"io/fs"
+	"reflect"
+	"strings"
 	"testing"
 
 	testlog "github.com/elastic/fleet-server/v7/internal/pkg/testing/log"
 
 	"github.com/rs/zerolog"
+	"github.com/stretchr/testify/assert"
 	"github.com/stretchr/testify/require"
+	goyaml "gopkg.in/yaml.v3"
 )
 
 func TestLoadLimits(t *testing.T) {
@@ -39,3 +43,46 @@ func TestLoadLimits(t *testing.T) {
 		})
 	}
 }
+
+// TestDefaultLimitsYAML keys verifies that all embedded .yml files have keys that match go struct tags.
+// A typo in a yml key, e.g. "pgp_retieval_limit" instead of "pgp_retrieval_limit" causes a test failure.
+func TestDefaultLimitsYAMLKeys(t *testing.T) {
+	rt := reflect.TypeOf(serverLimitDefaults{})
+	validTags := make([]string, 0, rt.NumField())
+	for field := range rt.Fields() {
+		if tag := field.Tag.Get("config"); tag != "" {
+			validTags = append(validTags, tag)
+		}
+	}
+
+	require.NotEmpty(t, defaults, "embedded defaults should be loaded")
+	err := fs.WalkDir(defaultsFS, ".", func(path string, d fs.DirEntry, walkErr error) error {
+		if walkErr != nil {
+			return walkErr
+		}
+		if d.IsDir() {
+			return nil
+		}
+
+		name := strings.TrimSuffix(strings.TrimPrefix(path, "defaults/"), "_limits.yml")
+		t.Run(name, func(t *testing.T) {
+			f, err := defaultsFS.Open(path)
+			require.NoError(t, err)
+			data, err := io.ReadAll(f)
+			require.NoError(t, err)
+
+			var raw map[string]any
+			require.NoError(t, goyaml.Unmarshal(data, &raw))
+
+			require.Containsf(t, raw, "server_limits", "%s does not contain server_limits attribute", path)
+			serverLimits, ok := raw["server_limits"].(map[string]any)
+			require.Truef(t, ok, "server_limits in %s is not type map[string]any detected type: %T", path, raw["server_limits"])
+
+			for key := range serverLimits {
+				assert.Contains(t, validTags, key, "YAML key %q in %s has no matching config struct tag on serverLimitDefaults", key, path)
+			}
+		})
+		return nil
+	})
+	require.NoError(t, err)
+}