Improve LUKS escrow trigger error messages (#24030)

- [x] Added/updated tests
~~- [ ] Manual QA for all new/changed functionality~~ Testing as part of
E2E QA

Author: iansltx

ee/server/service/devices.go

@@ -182,7 +182,7 @@ func (svc *Service) TriggerLinuxDiskEncryptionEscrow(ctx context.Context, host *
 
 func (svc *Service) validateReadyForLinuxEscrow(ctx context.Context, host *fleet.Host) error {
 	if !host.IsLUKSSupported() {
-		return &fleet.BadRequestError{Message: "Host platform does not support key escrow"}
+		return &fleet.BadRequestError{Message: "Fleet does not yet support creating LUKS disk encryption keys on this platform."}
 	}
 
 	ac, err := svc.ds.AppConfig(ctx)
@@ -192,20 +192,20 @@ func (svc *Service) validateReadyForLinuxEscrow(ctx context.Context, host *fleet
 
 	if host.TeamID == nil {
 		if !ac.MDM.EnableDiskEncryption.Value {
-			return &fleet.BadRequestError{Message: "Disk encryption is not enabled for hosts not assigned to a team"}
+			return &fleet.BadRequestError{Message: "Disk encryption is not enabled for hosts not assigned to a team."}
 		}
 	} else {
 		tc, err := svc.ds.TeamMDMConfig(ctx, *host.TeamID)
 		if err != nil {
 			return err
 		}
 		if !tc.EnableDiskEncryption {
-			return &fleet.BadRequestError{Message: "Disk encryption is not enabled for this host's team"}
+			return &fleet.BadRequestError{Message: "Disk encryption is not enabled for this host's team."}
 		}
 	}
 
 	if host.DiskEncryptionEnabled == nil || !*host.DiskEncryptionEnabled {
-		return &fleet.BadRequestError{Message: "Host's disk is not encrypted. Please enable disk encryption for this host."}
+		return &fleet.BadRequestError{Message: "Host's disk is not encrypted. Please encrypt your disk first."}
 	}
 
 	// We have to pull Orbit info because the auth context doesn't fill in host.OrbitVersion
@@ -215,7 +215,7 @@ func (svc *Service) validateReadyForLinuxEscrow(ctx context.Context, host *fleet
 	}
 
 	if orbitInfo == nil || !fleet.IsAtLeastVersion(orbitInfo.Version, fleet.MinOrbitLUKSVersion) {
-		return &fleet.BadRequestError{Message: "Host's Orbit version does not support this feature. Please upgrade Orbit to the latest version."}
+		return &fleet.BadRequestError{Message: "Your version of fleetd does not support creating disk encryption keys on Linux. Please upgrade fleetd, then click Refetch, then try again."}
 	}
 
 	return svc.ds.AssertHasNoEncryptionKeyStored(ctx, host.ID)

server/service/devices_test.go

@@ -514,7 +514,7 @@ func TestTriggerLinuxDiskEncryptionEscrow(t *testing.T) {
 
 		// invalid platform
 		err := svc.TriggerLinuxDiskEncryptionEscrow(ctx, host)
-		require.ErrorContains(t, err, "Host platform does not support key escrow")
+		require.ErrorContains(t, err, "Fleet does not yet support creating LUKS disk encryption keys on this platform.")
 		require.True(t, ds.IsHostPendingEscrowFuncInvoked)
 
 		// valid platform, no-team, encryption not enabled
@@ -524,7 +524,7 @@ func TestTriggerLinuxDiskEncryptionEscrow(t *testing.T) {
 			return appConfig, nil
 		}
 		err = svc.TriggerLinuxDiskEncryptionEscrow(ctx, host)
-		require.ErrorContains(t, err, "Disk encryption is not enabled for hosts not assigned to a team")
+		require.ErrorContains(t, err, "Disk encryption is not enabled for hosts not assigned to a team.")
 
 		// valid platform, team, encryption not enabled
 		host.TeamID = ptr.Uint(1)
@@ -534,15 +534,15 @@ func TestTriggerLinuxDiskEncryptionEscrow(t *testing.T) {
 			return teamConfig, nil
 		}
 		err = svc.TriggerLinuxDiskEncryptionEscrow(ctx, host)
-		require.ErrorContains(t, err, "Disk encryption is not enabled for this host's team")
+		require.ErrorContains(t, err, "Disk encryption is not enabled for this host's team.")
 
 		// valid platform, team, host disk is not encrypted or unknown encryption state
 		teamConfig = &fleet.TeamMDM{EnableDiskEncryption: true}
 		err = svc.TriggerLinuxDiskEncryptionEscrow(ctx, host)
-		require.ErrorContains(t, err, "Host's disk is not encrypted. Please enable disk encryption for this host.")
+		require.ErrorContains(t, err, "Host's disk is not encrypted. Please encrypt your disk first.")
 		host.DiskEncryptionEnabled = ptr.Bool(false)
 		err = svc.TriggerLinuxDiskEncryptionEscrow(ctx, host)
-		require.ErrorContains(t, err, "Host's disk is not encrypted. Please enable disk encryption for this host.")
+		require.ErrorContains(t, err, "Host's disk is not encrypted. Please encrypt your disk first.")
 
 		// No Fleet Desktop
 		host.DiskEncryptionEnabled = ptr.Bool(true)
@@ -551,7 +551,7 @@ func TestTriggerLinuxDiskEncryptionEscrow(t *testing.T) {
 			return orbitInfo, nil
 		}
 		err = svc.TriggerLinuxDiskEncryptionEscrow(ctx, host)
-		require.ErrorContains(t, err, "Host's Orbit version does not support this feature. Please upgrade Orbit to the latest version.")
+		require.ErrorContains(t, err, "Your version of fleetd does not support creating disk encryption keys on Linux. Please upgrade fleetd, then click Refetch, then try again.")
 
 		// Encryption key is already escrowed
 		orbitInfo.Version = fleet.MinOrbitLUKSVersion