fleet/server/datastore/mysql/app_configs.go

package mysql

import (
	"context"
	"database/sql"
	"encoding/json"

	"github.com/fleetdm/fleet/v4/server/fleet"
	"github.com/jmoiron/sqlx"
	"github.com/pkg/errors"
)

func (d *Datastore) NewAppConfig(ctx context.Context, info *fleet.AppConfig) (*fleet.AppConfig, error) {
	info.ApplyDefaultsForNewInstalls()

	if err := d.SaveAppConfig(ctx, info); err != nil {
		return nil, errors.Wrap(err, "new app config")
	}

	return info, nil
}

func (d *Datastore) AppConfig(ctx context.Context) (*fleet.AppConfig, error) {
	return appConfigDB(ctx, d.reader)
}

func appConfigDB(ctx context.Context, q sqlx.QueryerContext) (*fleet.AppConfig, error) {
	info := &fleet.AppConfig{}
	var bytes []byte
	err := sqlx.GetContext(ctx, q, &bytes, `SELECT json_value FROM app_config_json LIMIT 1`)
	if err != nil && err != sql.ErrNoRows {
		return nil, errors.Wrap(err, "selecting app config")
	}
	if err == sql.ErrNoRows {
		return &fleet.AppConfig{}, nil
	}

	info.ApplyDefaults()

	err = json.Unmarshal(bytes, info)
	if err != nil {
		return nil, errors.Wrap(err, "unmarshaling config")
	}
	return info, nil
}

func (d *Datastore) SaveAppConfig(ctx context.Context, info *fleet.AppConfig) error {
	configBytes, err := json.Marshal(info)
	if err != nil {
		return errors.Wrap(err, "marshaling config")
	}

	return d.withTx(ctx, func(tx sqlx.ExtContext) error {
		_, err := tx.ExecContext(ctx,
			`INSERT INTO app_config_json(json_value) VALUES(?) ON DUPLICATE KEY UPDATE json_value = VALUES(json_value)`,
			configBytes,
		)
		if err != nil {
			return err
		}

		if !info.SSOSettings.EnableSSO {
			_, err = tx.ExecContext(ctx, `UPDATE users SET sso_enabled=false`)
			if err != nil {
				return err
			}
		}

		return nil
	})
}

func (d *Datastore) VerifyEnrollSecret(ctx context.Context, secret string) (*fleet.EnrollSecret, error) {
	var s fleet.EnrollSecret
	err := sqlx.GetContext(ctx, d.reader, &s, "SELECT team_id FROM enroll_secrets WHERE secret = ?", secret)
	if err != nil {
		return nil, errors.New("no matching secret found")
	}

	return &s, nil
}

func (d *Datastore) ApplyEnrollSecrets(ctx context.Context, teamID *uint, secrets []*fleet.EnrollSecret) error {
	return d.withRetryTxx(ctx, func(tx sqlx.ExtContext) error {
		return applyEnrollSecretsDB(ctx, tx, teamID, secrets)
	})
}

func applyEnrollSecretsDB(ctx context.Context, exec sqlx.ExecerContext, teamID *uint, secrets []*fleet.EnrollSecret) error {
	if teamID != nil {
		sql := `DELETE FROM enroll_secrets WHERE team_id = ?`
		if _, err := exec.ExecContext(ctx, sql, teamID); err != nil {
			return errors.Wrap(err, "clear before insert")
		}
	} else {
		sql := `DELETE FROM enroll_secrets WHERE team_id IS NULL`
		if _, err := exec.ExecContext(ctx, sql); err != nil {
			return errors.Wrap(err, "clear before insert")
		}
	}

	for _, secret := range secrets {
		sql := `
				INSERT INTO enroll_secrets (secret, team_id)
				VALUES ( ?, ? )
			`
		if _, err := exec.ExecContext(ctx, sql, secret.Secret, teamID); err != nil {
			return errors.Wrap(err, "upsert secret")
		}
	}
	return nil
}

func (d *Datastore) GetEnrollSecrets(ctx context.Context, teamID *uint) ([]*fleet.EnrollSecret, error) {
	return getEnrollSecretsDB(ctx, d.reader, teamID)
}

func getEnrollSecretsDB(ctx context.Context, q sqlx.QueryerContext, teamID *uint) ([]*fleet.EnrollSecret, error) {
	var args []interface{}
	sql := "SELECT * FROM enroll_secrets WHERE "
	// MySQL requires comparing NULL with IS. NULL = NULL evaluates to FALSE.
	if teamID == nil {
		sql += "team_id IS NULL"
	} else {
		sql += "team_id = ?"
		args = append(args, teamID)
	}
	var secrets []*fleet.EnrollSecret
	if err := sqlx.SelectContext(ctx, q, &secrets, sql, args...); err != nil {
		return nil, errors.Wrap(err, "get secrets")
	}
	return secrets, nil
}
Datastore refactor (#439) Removed Gorm, replaced it with Sqlx * Added SQL bundling command to Makfile * Using go-kit logger * Added soft delete capability * Changed SearchLabel to accept a variadic param for optional omit list instead of array * Gorm removed * Refactor table structures to use CURRENT_TIMESTAMP mysql function * Moved Inmem datastore into it's own package * Updated README * Implemented code review suggestions from @zwass * Removed reference to Gorm from glide.yaml 2016-11-16 13:47:49 +00:00			`package mysql`

			`import (`
Add support for context in datastore/mysql layer (#1962) This is just to pass down the context to the datastore layer, it doesn't use it just yet - this will be in a follow-up PR. 2021-09-14 12:11:07 +00:00			`"context"`
Refactor app config (POC, for now) (#1685) 2021-08-20 15:27:41 +00:00			`"database/sql"`
			`"encoding/json"`
Add automatic host expiration capability (#2117) When configured, this feature will delete hosts that have not checked in after the specified number of days. Closes #1860. 2019-10-16 23:35:17 +00:00
Add v4 suffix in go.mod (#1224) 2021-06-26 04:46:51 +00:00			`"github.com/fleetdm/fleet/v4/server/fleet"`
Add support for multiple enroll secrets (#2238) - Support multiple enroll secrets - Record name of enroll secret used when host enrolls - Update fleetctl and UI to support these features 2020-05-29 16:12:39 +00:00			`"github.com/jmoiron/sqlx"`
Import Config - /config/import #366 (#764) 2017-01-13 18:35:25 +00:00			`"github.com/pkg/errors"`
Datastore refactor (#439) Removed Gorm, replaced it with Sqlx * Added SQL bundling command to Makfile * Using go-kit logger * Added soft delete capability * Changed SearchLabel to accept a variadic param for optional omit list instead of array * Gorm removed * Refactor table structures to use CURRENT_TIMESTAMP mysql function * Moved Inmem datastore into it's own package * Updated README * Implemented code review suggestions from @zwass * Removed reference to Gorm from glide.yaml 2016-11-16 13:47:49 +00:00			`)`

Add support for context in datastore/mysql layer (#1962) This is just to pass down the context to the datastore layer, it doesn't use it just yet - this will be in a follow-up PR. 2021-09-14 12:11:07 +00:00			`func (d Datastore) NewAppConfig(ctx context.Context, info fleet.AppConfig) (*fleet.AppConfig, error) {`
Refactor app config (POC, for now) (#1685) 2021-08-20 15:27:41 +00:00			`info.ApplyDefaultsForNewInstalls()`

Add support for context in datastore/mysql layer (#1962) This is just to pass down the context to the datastore layer, it doesn't use it just yet - this will be in a follow-up PR. 2021-09-14 12:11:07 +00:00			`if err := d.SaveAppConfig(ctx, info); err != nil {`
Import Config - /config/import #366 (#764) 2017-01-13 18:35:25 +00:00			`return nil, errors.Wrap(err, "new app config")`
Datastore refactor (#439) Removed Gorm, replaced it with Sqlx * Added SQL bundling command to Makfile * Using go-kit logger * Added soft delete capability * Changed SearchLabel to accept a variadic param for optional omit list instead of array * Gorm removed * Refactor table structures to use CURRENT_TIMESTAMP mysql function * Moved Inmem datastore into it's own package * Updated README * Implemented code review suggestions from @zwass * Removed reference to Gorm from glide.yaml 2016-11-16 13:47:49 +00:00			`}`
App Settings - /admin/settings #363 (#590) 2016-12-20 21:54:30 +00:00
			`return info, nil`
Datastore refactor (#439) Removed Gorm, replaced it with Sqlx * Added SQL bundling command to Makfile * Using go-kit logger * Added soft delete capability * Changed SearchLabel to accept a variadic param for optional omit list instead of array * Gorm removed * Refactor table structures to use CURRENT_TIMESTAMP mysql function * Moved Inmem datastore into it's own package * Updated README * Implemented code review suggestions from @zwass * Removed reference to Gorm from glide.yaml 2016-11-16 13:47:49 +00:00			`}`

Add support for context in datastore/mysql layer (#1962) This is just to pass down the context to the datastore layer, it doesn't use it just yet - this will be in a follow-up PR. 2021-09-14 12:11:07 +00:00			`func (d Datastore) AppConfig(ctx context.Context) (fleet.AppConfig, error) {`
Reimplement host expiration to not need mysql events (#2552) * Reimplement host expiration to not need mysql events * Update mocks 2021-10-19 20:47:37 +00:00			`return appConfigDB(ctx, d.reader)`
			`}`

			`func appConfigDB(ctx context.Context, q sqlx.QueryerContext) (*fleet.AppConfig, error) {`
Issue 1599 offline webhook (#1777) * wip * Add tests and finish implementation * Add proper default for periodicity, changes file, and documentation * Fix tests and add defaults also to new installs * EnableHostUsers should be true if undefined as well * In some cases, periodicity can be zero because of the migrations * Apply defaults when migrating appconfig * Fix lint * lint * Address review comments 2021-08-27 14:15:36 +00:00			`info := &fleet.AppConfig{}`
Refactor app config (POC, for now) (#1685) 2021-08-20 15:27:41 +00:00			`var bytes []byte`
Reimplement host expiration to not need mysql events (#2552) * Reimplement host expiration to not need mysql events * Update mocks 2021-10-19 20:47:37 +00:00			err := sqlx.GetContext(ctx, q, &bytes, `SELECT json_value FROM app_config_json LIMIT 1`)
Refactor app config (POC, for now) (#1685) 2021-08-20 15:27:41 +00:00			`if err != nil && err != sql.ErrNoRows {`
Import Config - /config/import #366 (#764) 2017-01-13 18:35:25 +00:00			`return nil, errors.Wrap(err, "selecting app config")`
Datastore refactor (#439) Removed Gorm, replaced it with Sqlx * Added SQL bundling command to Makfile * Using go-kit logger * Added soft delete capability * Changed SearchLabel to accept a variadic param for optional omit list instead of array * Gorm removed * Refactor table structures to use CURRENT_TIMESTAMP mysql function * Moved Inmem datastore into it's own package * Updated README * Implemented code review suggestions from @zwass * Removed reference to Gorm from glide.yaml 2016-11-16 13:47:49 +00:00			`}`
Refactor app config (POC, for now) (#1685) 2021-08-20 15:27:41 +00:00			`if err == sql.ErrNoRows {`
			`return &fleet.AppConfig{}, nil`
			`}`

Issue 1599 offline webhook (#1777) * wip * Add tests and finish implementation * Add proper default for periodicity, changes file, and documentation * Fix tests and add defaults also to new installs * EnableHostUsers should be true if undefined as well * In some cases, periodicity can be zero because of the migrations * Apply defaults when migrating appconfig * Fix lint * lint * Address review comments 2021-08-27 14:15:36 +00:00			`info.ApplyDefaults()`

			`err = json.Unmarshal(bytes, info)`
Refactor app config (POC, for now) (#1685) 2021-08-20 15:27:41 +00:00			`if err != nil {`
			`return nil, errors.Wrap(err, "unmarshaling config")`
			`}`
Issue 1599 offline webhook (#1777) * wip * Add tests and finish implementation * Add proper default for periodicity, changes file, and documentation * Fix tests and add defaults also to new installs * EnableHostUsers should be true if undefined as well * In some cases, periodicity can be zero because of the migrations * Apply defaults when migrating appconfig * Fix lint * lint * Address review comments 2021-08-27 14:15:36 +00:00			`return info, nil`
Datastore refactor (#439) Removed Gorm, replaced it with Sqlx * Added SQL bundling command to Makfile * Using go-kit logger * Added soft delete capability * Changed SearchLabel to accept a variadic param for optional omit list instead of array * Gorm removed * Refactor table structures to use CURRENT_TIMESTAMP mysql function * Moved Inmem datastore into it's own package * Updated README * Implemented code review suggestions from @zwass * Removed reference to Gorm from glide.yaml 2016-11-16 13:47:49 +00:00			`}`

Add support for context in datastore/mysql layer (#1962) This is just to pass down the context to the datastore layer, it doesn't use it just yet - this will be in a follow-up PR. 2021-09-14 12:11:07 +00:00			`func (d Datastore) SaveAppConfig(ctx context.Context, info fleet.AppConfig) error {`
Refactor app config (POC, for now) (#1685) 2021-08-20 15:27:41 +00:00			`configBytes, err := json.Marshal(info)`
			`if err != nil {`
			`return errors.Wrap(err, "marshaling config")`
			`}`

Use the context in the Datastore layer. (#2030) 2021-09-14 14:44:02 +00:00			`return d.withTx(ctx, func(tx sqlx.ExtContext) error {`
			`_, err := tx.ExecContext(ctx,`
Refactor app config (POC, for now) (#1685) 2021-08-20 15:27:41 +00:00			`INSERT INTO app_config_json(json_value) VALUES(?) ON DUPLICATE KEY UPDATE json_value = VALUES(json_value)`,
			`configBytes,`
Disable user sso_enable if org is disabling sso (#1331) * Disable user sso_enable if org is disabling sso * Cleanup test * Add withTx and use it in SaveConfig 2021-07-09 16:12:21 +00:00			`)`
			`if err != nil {`
			`return err`
			`}`

Refactor app config (POC, for now) (#1685) 2021-08-20 15:27:41 +00:00			`if !info.SSOSettings.EnableSSO {`
Use the context in the Datastore layer. (#2030) 2021-09-14 14:44:02 +00:00			_, err = tx.ExecContext(ctx, `UPDATE users SET sso_enabled=false`)
Disable user sso_enable if org is disabling sso (#1331) * Disable user sso_enable if org is disabling sso * Cleanup test * Add withTx and use it in SaveConfig 2021-07-09 16:12:21 +00:00			`if err != nil {`
			`return err`
			`}`
			`}`

			`return nil`
			`})`
Datastore refactor (#439) Removed Gorm, replaced it with Sqlx * Added SQL bundling command to Makfile * Using go-kit logger * Added soft delete capability * Changed SearchLabel to accept a variadic param for optional omit list instead of array * Gorm removed * Refactor table structures to use CURRENT_TIMESTAMP mysql function * Moved Inmem datastore into it's own package * Updated README * Implemented code review suggestions from @zwass * Removed reference to Gorm from glide.yaml 2016-11-16 13:47:49 +00:00			`}`
Add support for multiple enroll secrets (#2238) - Support multiple enroll secrets - Record name of enroll secret used when host enrolls - Update fleetctl and UI to support these features 2020-05-29 16:12:39 +00:00
Add support for context in datastore/mysql layer (#1962) This is just to pass down the context to the datastore layer, it doesn't use it just yet - this will be in a follow-up PR. 2021-09-14 12:11:07 +00:00			`func (d Datastore) VerifyEnrollSecret(ctx context.Context, secret string) (fleet.EnrollSecret, error) {`
Remove kolide types and packages from backend (#974) Generally renamed `kolide` -> `fleet` 2021-06-06 22:07:29 +00:00			`var s fleet.EnrollSecret`
Use the context in the Datastore layer. (#2030) 2021-09-14 14:44:02 +00:00			`err := sqlx.GetContext(ctx, d.reader, &s, "SELECT team_id FROM enroll_secrets WHERE secret = ?", secret)`
Add support for multiple enroll secrets (#2238) - Support multiple enroll secrets - Record name of enroll secret used when host enrolls - Update fleetctl and UI to support these features 2020-05-29 16:12:39 +00:00			`if err != nil {`
Refactor enroll secrets to support Teams (#903) - Add `team_id` field to secrets. - Remove secret `name` and `active` fields (migration deletes inactive secrets). - Assign hosts to Team based on secret provided. - Add API for retrieving secrets by Team. 2021-05-31 16:02:05 +00:00			`return nil, errors.New("no matching secret found")`
Add support for multiple enroll secrets (#2238) - Support multiple enroll secrets - Record name of enroll secret used when host enrolls - Update fleetctl and UI to support these features 2020-05-29 16:12:39 +00:00			`}`

Refactor enroll secrets to support Teams (#903) - Add `team_id` field to secrets. - Remove secret `name` and `active` fields (migration deletes inactive secrets). - Assign hosts to Team based on secret provided. - Add API for retrieving secrets by Team. 2021-05-31 16:02:05 +00:00			`return &s, nil`
Add support for multiple enroll secrets (#2238) - Support multiple enroll secrets - Record name of enroll secret used when host enrolls - Update fleetctl and UI to support these features 2020-05-29 16:12:39 +00:00			`}`

Add support for context in datastore/mysql layer (#1962) This is just to pass down the context to the datastore layer, it doesn't use it just yet - this will be in a follow-up PR. 2021-09-14 12:11:07 +00:00			`func (d Datastore) ApplyEnrollSecrets(ctx context.Context, teamID uint, secrets []*fleet.EnrollSecret) error {`
Use the context in the Datastore layer. (#2030) 2021-09-14 14:44:02 +00:00			`return d.withRetryTxx(ctx, func(tx sqlx.ExtContext) error {`
			`return applyEnrollSecretsDB(ctx, tx, teamID, secrets)`
Add missing db transactions, read from primary when after a write (#1957) 2021-09-08 18:43:22 +00:00			`})`
			`}`

Use the context in the Datastore layer. (#2030) 2021-09-14 14:44:02 +00:00			`func applyEnrollSecretsDB(ctx context.Context, exec sqlx.ExecerContext, teamID uint, secrets []fleet.EnrollSecret) error {`
Add missing db transactions, read from primary when after a write (#1957) 2021-09-08 18:43:22 +00:00			`if teamID != nil {`
			sql := `DELETE FROM enroll_secrets WHERE team_id = ?`
Use the context in the Datastore layer. (#2030) 2021-09-14 14:44:02 +00:00			`if _, err := exec.ExecContext(ctx, sql, teamID); err != nil {`
Add missing db transactions, read from primary when after a write (#1957) 2021-09-08 18:43:22 +00:00			`return errors.Wrap(err, "clear before insert")`
			`}`
			`} else {`
			sql := `DELETE FROM enroll_secrets WHERE team_id IS NULL`
Use the context in the Datastore layer. (#2030) 2021-09-14 14:44:02 +00:00			`if _, err := exec.ExecContext(ctx, sql); err != nil {`
Add missing db transactions, read from primary when after a write (#1957) 2021-09-08 18:43:22 +00:00			`return errors.Wrap(err, "clear before insert")`
Refactor enroll secrets to support Teams (#903) - Add `team_id` field to secrets. - Remove secret `name` and `active` fields (migration deletes inactive secrets). - Assign hosts to Team based on secret provided. - Add API for retrieving secrets by Team. 2021-05-31 16:02:05 +00:00			`}`
Add missing db transactions, read from primary when after a write (#1957) 2021-09-08 18:43:22 +00:00			`}`
Refactor enroll secrets to support Teams (#903) - Add `team_id` field to secrets. - Remove secret `name` and `active` fields (migration deletes inactive secrets). - Assign hosts to Team based on secret provided. - Add API for retrieving secrets by Team. 2021-05-31 16:02:05 +00:00
Add missing db transactions, read from primary when after a write (#1957) 2021-09-08 18:43:22 +00:00			`for _, secret := range secrets {`
			sql := `
Refactor enroll secrets to support Teams (#903) - Add `team_id` field to secrets. - Remove secret `name` and `active` fields (migration deletes inactive secrets). - Assign hosts to Team based on secret provided. - Add API for retrieving secrets by Team. 2021-05-31 16:02:05 +00:00			`INSERT INTO enroll_secrets (secret, team_id)`
			`VALUES ( ?, ? )`
Add support for multiple enroll secrets (#2238) - Support multiple enroll secrets - Record name of enroll secret used when host enrolls - Update fleetctl and UI to support these features 2020-05-29 16:12:39 +00:00			`
Use the context in the Datastore layer. (#2030) 2021-09-14 14:44:02 +00:00			`if _, err := exec.ExecContext(ctx, sql, secret.Secret, teamID); err != nil {`
Add missing db transactions, read from primary when after a write (#1957) 2021-09-08 18:43:22 +00:00			`return errors.Wrap(err, "upsert secret")`
Add support for multiple enroll secrets (#2238) - Support multiple enroll secrets - Record name of enroll secret used when host enrolls - Update fleetctl and UI to support these features 2020-05-29 16:12:39 +00:00			`}`
Add missing db transactions, read from primary when after a write (#1957) 2021-09-08 18:43:22 +00:00			`}`
			`return nil`
Add support for multiple enroll secrets (#2238) - Support multiple enroll secrets - Record name of enroll secret used when host enrolls - Update fleetctl and UI to support these features 2020-05-29 16:12:39 +00:00			`}`

Add support for context in datastore/mysql layer (#1962) This is just to pass down the context to the datastore layer, it doesn't use it just yet - this will be in a follow-up PR. 2021-09-14 12:11:07 +00:00			`func (d Datastore) GetEnrollSecrets(ctx context.Context, teamID uint) ([]*fleet.EnrollSecret, error) {`
Use the context in the Datastore layer. (#2030) 2021-09-14 14:44:02 +00:00			`return getEnrollSecretsDB(ctx, d.reader, teamID)`
Add missing db transactions, read from primary when after a write (#1957) 2021-09-08 18:43:22 +00:00			`}`

Use the context in the Datastore layer. (#2030) 2021-09-14 14:44:02 +00:00			`func getEnrollSecretsDB(ctx context.Context, q sqlx.QueryerContext, teamID uint) ([]fleet.EnrollSecret, error) {`
Refactor enroll secrets to support Teams (#903) - Add `team_id` field to secrets. - Remove secret `name` and `active` fields (migration deletes inactive secrets). - Assign hosts to Team based on secret provided. - Add API for retrieving secrets by Team. 2021-05-31 16:02:05 +00:00			`var args []interface{}`
			`sql := "SELECT * FROM enroll_secrets WHERE "`
			`// MySQL requires comparing NULL with IS. NULL = NULL evaluates to FALSE.`
			`if teamID == nil {`
			`sql += "team_id IS NULL"`
			`} else {`
			`sql += "team_id = ?"`
			`args = append(args, teamID)`
			`}`
Remove kolide types and packages from backend (#974) Generally renamed `kolide` -> `fleet` 2021-06-06 22:07:29 +00:00			`var secrets []*fleet.EnrollSecret`
Use the context in the Datastore layer. (#2030) 2021-09-14 14:44:02 +00:00			`if err := sqlx.SelectContext(ctx, q, &secrets, sql, args...); err != nil {`
Add support for multiple enroll secrets (#2238) - Support multiple enroll secrets - Record name of enroll secret used when host enrolls - Update fleetctl and UI to support these features 2020-05-29 16:12:39 +00:00			`return nil, errors.Wrap(err, "get secrets")`
			`}`
Refactor enroll secrets to support Teams (#903) - Add `team_id` field to secrets. - Remove secret `name` and `active` fields (migration deletes inactive secrets). - Assign hosts to Team based on secret provided. - Add API for retrieving secrets by Team. 2021-05-31 16:02:05 +00:00			`return secrets, nil`
Add support for multiple enroll secrets (#2238) - Support multiple enroll secrets - Record name of enroll secret used when host enrolls - Update fleetctl and UI to support these features 2020-05-29 16:12:39 +00:00			`}`