empayre/fleet
14
0
Fork 0
mirror of https://github.com/empayre/fleet.git synced 2024-11-07 09:18:59 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity
348841c90b
fleet/server/datastore/mysql/policies.go

285 lines
8.5 KiB
Go
Raw Normal View History

Add global policies (#1750) * Add global policies * Update documentation and add extra parameter to config * Fix failing tests * Store historic policy records * Address review comments And also remove other inmem references I saw by chance * Add documentation for get by id request * Add parameter doc * Move schema generation to a cmd instead of a test Otherwise it messes up running all tests sometimes depending on how parallel it does * Remove brain dump for another task * Make migration tests a separate beast * Make schema generation idempotent and move dbutils cmd to tools * Allow all filters and add counts to Policy * Add test for Policy
2021-08-24 20:24:52 +00:00
package mysql
import (
Add support for context in datastore/mysql layer (#1962) This is just to pass down the context to the datastore layer, it doesn't use it just yet - this will be in a follow-up PR.
2021-09-14 12:11:07 +00:00
"context"
Issue 2456 policies yaml (#2512) * wip * Add policy specs support * Add documentation * Make policy apply idempotent * Fold in code * Improve tests and simplify auth checks * Lint and fix test
2021-10-15 10:34:11 +00:00
"database/sql"
Add global policies (#1750) * Add global policies * Update documentation and add extra parameter to config * Fix failing tests * Store historic policy records * Address review comments And also remove other inmem references I saw by chance * Add documentation for get by id request * Add parameter doc * Move schema generation to a cmd instead of a test Otherwise it messes up running all tests sometimes depending on how parallel it does * Remove brain dump for another task * Make migration tests a separate beast * Make schema generation idempotent and move dbutils cmd to tools * Allow all filters and add counts to Policy * Add test for Policy
2021-08-24 20:24:52 +00:00
"fmt"
"sort"
"strings"
"time"
"github.com/fleetdm/fleet/v4/server/fleet"
"github.com/jmoiron/sqlx"
"github.com/pkg/errors"
)
Issue 2456 policies yaml (#2512) * wip * Add policy specs support * Add documentation * Make policy apply idempotent * Fold in code * Improve tests and simplify auth checks * Lint and fix test
2021-10-15 10:34:11 +00:00
func (ds *Datastore) NewGlobalPolicy(ctx context.Context, queryID uint, resolution string) (*fleet.Policy, error) {
res, err := ds.writer.ExecContext(ctx, `INSERT INTO policies (query_id, resolution) VALUES (?, ?)`, queryID, resolution)
Add global policies (#1750) * Add global policies * Update documentation and add extra parameter to config * Fix failing tests * Store historic policy records * Address review comments And also remove other inmem references I saw by chance * Add documentation for get by id request * Add parameter doc * Move schema generation to a cmd instead of a test Otherwise it messes up running all tests sometimes depending on how parallel it does * Remove brain dump for another task * Make migration tests a separate beast * Make schema generation idempotent and move dbutils cmd to tools * Allow all filters and add counts to Policy * Add test for Policy
2021-08-24 20:24:52 +00:00
if err != nil {
return nil, errors.Wrap(err, "inserting new policy")
}
lastIdInt64, err := res.LastInsertId()
if err != nil {
return nil, errors.Wrap(err, "getting last id after inserting policy")
}
Add team policies (#2103) * Add team policies * Add team policy documentation * Add changes file * Update titles * Fix lint * Rewrite TeamAuthorize for more clarify * Explicitly use two slices for clarity * Simplify switch
2021-09-20 14:00:57 +00:00
return policyDB(ctx, ds.writer, uint(lastIdInt64), nil)
Add global policies (#1750) * Add global policies * Update documentation and add extra parameter to config * Fix failing tests * Store historic policy records * Address review comments And also remove other inmem references I saw by chance * Add documentation for get by id request * Add parameter doc * Move schema generation to a cmd instead of a test Otherwise it messes up running all tests sometimes depending on how parallel it does * Remove brain dump for another task * Make migration tests a separate beast * Make schema generation idempotent and move dbutils cmd to tools * Allow all filters and add counts to Policy * Add test for Policy
2021-08-24 20:24:52 +00:00
}
Add support for context in datastore/mysql layer (#1962) This is just to pass down the context to the datastore layer, it doesn't use it just yet - this will be in a follow-up PR.
2021-09-14 12:11:07 +00:00
func (ds *Datastore) Policy(ctx context.Context, id uint) (*fleet.Policy, error) {
Add team policies (#2103) * Add team policies * Add team policy documentation * Add changes file * Update titles * Fix lint * Rewrite TeamAuthorize for more clarify * Explicitly use two slices for clarity * Simplify switch
2021-09-20 14:00:57 +00:00
return policyDB(ctx, ds.reader, id, nil)
Fix reading policy after creation for read replicas (#1983)
2021-09-09 20:23:35 +00:00
}
Add team policies (#2103) * Add team policies * Add team policy documentation * Add changes file * Update titles * Fix lint * Rewrite TeamAuthorize for more clarify * Explicitly use two slices for clarity * Simplify switch
2021-09-20 14:00:57 +00:00
func policyDB(ctx context.Context, q sqlx.QueryerContext, id uint, teamID *uint) (*fleet.Policy, error) {
teamWhere := "TRUE"
args := []interface{}{id}
if teamID != nil {
teamWhere = "team_id = ?"
args = append(args, *teamID)
}
Add global policies (#1750) * Add global policies * Update documentation and add extra parameter to config * Fix failing tests * Store historic policy records * Address review comments And also remove other inmem references I saw by chance * Add documentation for get by id request * Add parameter doc * Move schema generation to a cmd instead of a test Otherwise it messes up running all tests sometimes depending on how parallel it does * Remove brain dump for another task * Make migration tests a separate beast * Make schema generation idempotent and move dbutils cmd to tools * Allow all filters and add counts to Policy * Add test for Policy
2021-08-24 20:24:52 +00:00
var policy fleet.Policy
Use the context in the Datastore layer. (#2030)
2021-09-14 14:44:02 +00:00
err := sqlx.GetContext(ctx, q, &policy,
Add team policies (#2103) * Add team policies * Add team policy documentation * Add changes file * Update titles * Fix lint * Rewrite TeamAuthorize for more clarify * Explicitly use two slices for clarity * Simplify switch
2021-09-20 14:00:57 +00:00
fmt.Sprintf(`SELECT
Add support for MySQL read replicas (#1786) Adds configuration options to use a read-only MySQL replica, and uses it instead of the primary for reads.
2021-09-01 19:50:52 +00:00
p.*,
q.name as query_name,
(select count(*) from policy_membership where policy_id=p.id and passes=true) as passing_host_count,
Add global policies (#1750) * Add global policies * Update documentation and add extra parameter to config * Fix failing tests * Store historic policy records * Address review comments And also remove other inmem references I saw by chance * Add documentation for get by id request * Add parameter doc * Move schema generation to a cmd instead of a test Otherwise it messes up running all tests sometimes depending on how parallel it does * Remove brain dump for another task * Make migration tests a separate beast * Make schema generation idempotent and move dbutils cmd to tools * Allow all filters and add counts to Policy * Add test for Policy
2021-08-24 20:24:52 +00:00
(select count(*) from policy_membership where policy_id=p.id and passes=false) as failing_host_count
Add team policies (#2103) * Add team policies * Add team policy documentation * Add changes file * Update titles * Fix lint * Rewrite TeamAuthorize for more clarify * Explicitly use two slices for clarity * Simplify switch
2021-09-20 14:00:57 +00:00
FROM policies p JOIN queries q ON (p.query_id=q.id) WHERE p.id=? AND %s`, teamWhere),
args...)
Add global policies (#1750) * Add global policies * Update documentation and add extra parameter to config * Fix failing tests * Store historic policy records * Address review comments And also remove other inmem references I saw by chance * Add documentation for get by id request * Add parameter doc * Move schema generation to a cmd instead of a test Otherwise it messes up running all tests sometimes depending on how parallel it does * Remove brain dump for another task * Make migration tests a separate beast * Make schema generation idempotent and move dbutils cmd to tools * Allow all filters and add counts to Policy * Add test for Policy
2021-08-24 20:24:52 +00:00
if err != nil {
return nil, errors.Wrap(err, "getting policy")
}
return &policy, nil
}
Serialize hosts writes per instance (#2753) * Serialize hosts writes per instance * Write hosts asynchronously * Dont make the save in a goroutine * Revert "Dont make the save in a goroutine" This reverts commit 4a890c5271142755dec69a741582e7eca5c4c62c. * Make all savehosts async * Address review comments and make this approach configurable * Address review comments * Disable bulk seen time marking for a test * Move host seen times to a new table * Remove unused * Add seen_time to list hosts * Add some jitter to seen time flushing * Remove unused * Add timeout to deferred save host * Add tests for serialSaveHost * Update hosts in labels and policy executions in a serial way * Address review comments and remove fk constraints in host software * Make errCh buffered * Add changes file * Readd key
2021-11-08 14:42:37 +00:00
func (ds *Datastore) RecordPolicyQueryExecutions(ctx context.Context, host *fleet.Host, results map[uint]*bool, updated time.Time, deferredSaveHost bool) error {
Add global policies (#1750) * Add global policies * Update documentation and add extra parameter to config * Fix failing tests * Store historic policy records * Address review comments And also remove other inmem references I saw by chance * Add documentation for get by id request * Add parameter doc * Move schema generation to a cmd instead of a test Otherwise it messes up running all tests sometimes depending on how parallel it does * Remove brain dump for another task * Make migration tests a separate beast * Make schema generation idempotent and move dbutils cmd to tools * Allow all filters and add counts to Policy * Add test for Policy
2021-08-24 20:24:52 +00:00
// Sort the results to have generated SQL queries ordered to minimize
// deadlocks. See https://github.com/fleetdm/fleet/issues/1146.
orderedIDs := make([]uint, 0, len(results))
Remove unneeded interfaces (#1779) * Remove unneeded interfaces * Remove unused code
2021-08-24 21:49:56 +00:00
for policyID := range results {
Add global policies (#1750) * Add global policies * Update documentation and add extra parameter to config * Fix failing tests * Store historic policy records * Address review comments And also remove other inmem references I saw by chance * Add documentation for get by id request * Add parameter doc * Move schema generation to a cmd instead of a test Otherwise it messes up running all tests sometimes depending on how parallel it does * Remove brain dump for another task * Make migration tests a separate beast * Make schema generation idempotent and move dbutils cmd to tools * Allow all filters and add counts to Policy * Add test for Policy
2021-08-24 20:24:52 +00:00
orderedIDs = append(orderedIDs, policyID)
}
sort.Slice(orderedIDs, func(i, j int) bool { return orderedIDs[i] < orderedIDs[j] })
// Loop through results, collecting which labels we need to insert/update
vals := []interface{}{}
bindvars := []string{}
for _, policyID := range orderedIDs {
matches := results[policyID]
bindvars = append(bindvars, "(?,?,?,?)")
vals = append(vals, updated, policyID, host.ID, matches)
}
query := fmt.Sprintf(
`INSERT INTO policy_membership_history (updated_at, policy_id, host_id, passes)
VALUES %s`,
strings.Join(bindvars, ","),
)
Serialize hosts writes per instance (#2753) * Serialize hosts writes per instance * Write hosts asynchronously * Dont make the save in a goroutine * Revert "Dont make the save in a goroutine" This reverts commit 4a890c5271142755dec69a741582e7eca5c4c62c. * Make all savehosts async * Address review comments and make this approach configurable * Address review comments * Disable bulk seen time marking for a test * Move host seen times to a new table * Remove unused * Add seen_time to list hosts * Add some jitter to seen time flushing * Remove unused * Add timeout to deferred save host * Add tests for serialSaveHost * Update hosts in labels and policy executions in a serial way * Address review comments and remove fk constraints in host software * Make errCh buffered * Add changes file * Readd key
2021-11-08 14:42:37 +00:00
err := ds.withRetryTxx(ctx, func(tx sqlx.ExtContext) error {
Ignore empty host users or software inventory (#2317) * Ignore empty host users or software inventory * Only store additional if it's not nil * Update label/policy updated at when we record the executions and skip saving host * Update changes file
2021-10-01 21:27:57 +00:00
_, err := tx.ExecContext(ctx, query, vals...)
if err != nil {
return errors.Wrapf(err, "insert policy_membership (%v)", vals)
}
Add global policies (#1750) * Add global policies * Update documentation and add extra parameter to config * Fix failing tests * Store historic policy records * Address review comments And also remove other inmem references I saw by chance * Add documentation for get by id request * Add parameter doc * Move schema generation to a cmd instead of a test Otherwise it messes up running all tests sometimes depending on how parallel it does * Remove brain dump for another task * Make migration tests a separate beast * Make schema generation idempotent and move dbutils cmd to tools * Allow all filters and add counts to Policy * Add test for Policy
2021-08-24 20:24:52 +00:00
Serialize hosts writes per instance (#2753) * Serialize hosts writes per instance * Write hosts asynchronously * Dont make the save in a goroutine * Revert "Dont make the save in a goroutine" This reverts commit 4a890c5271142755dec69a741582e7eca5c4c62c. * Make all savehosts async * Address review comments and make this approach configurable * Address review comments * Disable bulk seen time marking for a test * Move host seen times to a new table * Remove unused * Add seen_time to list hosts * Add some jitter to seen time flushing * Remove unused * Add timeout to deferred save host * Add tests for serialSaveHost * Update hosts in labels and policy executions in a serial way * Address review comments and remove fk constraints in host software * Make errCh buffered * Add changes file * Readd key
2021-11-08 14:42:37 +00:00
// if we are deferring host updates, we return at this point and do the change outside of the tx
if deferredSaveHost {
return nil
}
_, err = tx.ExecContext(ctx, `UPDATE hosts SET policy_updated_at = ? WHERE id=?`, updated, host.ID)
Ignore empty host users or software inventory (#2317) * Ignore empty host users or software inventory * Only store additional if it's not nil * Update label/policy updated at when we record the executions and skip saving host * Update changes file
2021-10-01 21:27:57 +00:00
if err != nil {
return errors.Wrap(err, "updating hosts policy updated at")
}
return nil
})
Serialize hosts writes per instance (#2753) * Serialize hosts writes per instance * Write hosts asynchronously * Dont make the save in a goroutine * Revert "Dont make the save in a goroutine" This reverts commit 4a890c5271142755dec69a741582e7eca5c4c62c. * Make all savehosts async * Address review comments and make this approach configurable * Address review comments * Disable bulk seen time marking for a test * Move host seen times to a new table * Remove unused * Add seen_time to list hosts * Add some jitter to seen time flushing * Remove unused * Add timeout to deferred save host * Add tests for serialSaveHost * Update hosts in labels and policy executions in a serial way * Address review comments and remove fk constraints in host software * Make errCh buffered * Add changes file * Readd key
2021-11-08 14:42:37 +00:00
if err != nil {
return err
}
if deferredSaveHost {
errCh := make(chan error, 1)
defer close(errCh)
select {
case <-ctx.Done():
return ctx.Err()
case ds.writeCh <- itemToWrite{
ctx: ctx,
errCh: errCh,
item: hostXUpdatedAt{
hostID: host.ID,
updatedAt: updated,
what: "policy_updated_at",
},
}:
return <-errCh
}
}
return nil
Add global policies (#1750) * Add global policies * Update documentation and add extra parameter to config * Fix failing tests * Store historic policy records * Address review comments And also remove other inmem references I saw by chance * Add documentation for get by id request * Add parameter doc * Move schema generation to a cmd instead of a test Otherwise it messes up running all tests sometimes depending on how parallel it does * Remove brain dump for another task * Make migration tests a separate beast * Make schema generation idempotent and move dbutils cmd to tools * Allow all filters and add counts to Policy * Add test for Policy
2021-08-24 20:24:52 +00:00
}
Add support for context in datastore/mysql layer (#1962) This is just to pass down the context to the datastore layer, it doesn't use it just yet - this will be in a follow-up PR.
2021-09-14 12:11:07 +00:00
func (ds *Datastore) ListGlobalPolicies(ctx context.Context) ([]*fleet.Policy, error) {
Add team policies (#2103) * Add team policies * Add team policy documentation * Add changes file * Update titles * Fix lint * Rewrite TeamAuthorize for more clarify * Explicitly use two slices for clarity * Simplify switch
2021-09-20 14:00:57 +00:00
return listPoliciesDB(ctx, ds.reader, nil)
}
func listPoliciesDB(ctx context.Context, q sqlx.QueryerContext, teamID *uint) ([]*fleet.Policy, error) {
teamWhere := "p.team_id is NULL"
var args []interface{}
if teamID != nil {
teamWhere = "p.team_id = ?"
args = append(args, *teamID)
}
Add global policies (#1750) * Add global policies * Update documentation and add extra parameter to config * Fix failing tests * Store historic policy records * Address review comments And also remove other inmem references I saw by chance * Add documentation for get by id request * Add parameter doc * Move schema generation to a cmd instead of a test Otherwise it messes up running all tests sometimes depending on how parallel it does * Remove brain dump for another task * Make migration tests a separate beast * Make schema generation idempotent and move dbutils cmd to tools * Allow all filters and add counts to Policy * Add test for Policy
2021-08-24 20:24:52 +00:00
var policies []*fleet.Policy
Use the context in the Datastore layer. (#2030)
2021-09-14 14:44:02 +00:00
err := sqlx.SelectContext(
ctx,
Add team policies (#2103) * Add team policies * Add team policy documentation * Add changes file * Update titles * Fix lint * Rewrite TeamAuthorize for more clarify * Explicitly use two slices for clarity * Simplify switch
2021-09-20 14:00:57 +00:00
q,
Add global policies (#1750) * Add global policies * Update documentation and add extra parameter to config * Fix failing tests * Store historic policy records * Address review comments And also remove other inmem references I saw by chance * Add documentation for get by id request * Add parameter doc * Move schema generation to a cmd instead of a test Otherwise it messes up running all tests sometimes depending on how parallel it does * Remove brain dump for another task * Make migration tests a separate beast * Make schema generation idempotent and move dbutils cmd to tools * Allow all filters and add counts to Policy * Add test for Policy
2021-08-24 20:24:52 +00:00
&policies,
Add team policies (#2103) * Add team policies * Add team policy documentation * Add changes file * Update titles * Fix lint * Rewrite TeamAuthorize for more clarify * Explicitly use two slices for clarity * Simplify switch
2021-09-20 14:00:57 +00:00
fmt.Sprintf(`SELECT
Add support for MySQL read replicas (#1786) Adds configuration options to use a read-only MySQL replica, and uses it instead of the primary for reads.
2021-09-01 19:50:52 +00:00
p.*,
q.name as query_name,
(select count(*) from policy_membership where policy_id=p.id and passes=true) as passing_host_count,
(select count(*) from policy_membership where policy_id=p.id and passes=false) as failing_host_count
Add team policies (#2103) * Add team policies * Add team policy documentation * Add changes file * Update titles * Fix lint * Rewrite TeamAuthorize for more clarify * Explicitly use two slices for clarity * Simplify switch
2021-09-20 14:00:57 +00:00
FROM policies p JOIN queries q ON (p.query_id=q.id) WHERE %s`, teamWhere), args...,
Add global policies (#1750) * Add global policies * Update documentation and add extra parameter to config * Fix failing tests * Store historic policy records * Address review comments And also remove other inmem references I saw by chance * Add documentation for get by id request * Add parameter doc * Move schema generation to a cmd instead of a test Otherwise it messes up running all tests sometimes depending on how parallel it does * Remove brain dump for another task * Make migration tests a separate beast * Make schema generation idempotent and move dbutils cmd to tools * Allow all filters and add counts to Policy * Add test for Policy
2021-08-24 20:24:52 +00:00
)
if err != nil {
return nil, errors.Wrap(err, "listing policies")
}
return policies, nil
}
Add support for context in datastore/mysql layer (#1962) This is just to pass down the context to the datastore layer, it doesn't use it just yet - this will be in a follow-up PR.
2021-09-14 12:11:07 +00:00
func (ds *Datastore) DeleteGlobalPolicies(ctx context.Context, ids []uint) ([]uint, error) {
Add team policies (#2103) * Add team policies * Add team policy documentation * Add changes file * Update titles * Fix lint * Rewrite TeamAuthorize for more clarify * Explicitly use two slices for clarity * Simplify switch
2021-09-20 14:00:57 +00:00
return deletePolicyDB(ctx, ds.writer, ids, nil)
}
func deletePolicyDB(ctx context.Context, q sqlx.ExtContext, ids []uint, teamID *uint) ([]uint, error) {
stmt := `DELETE FROM policies WHERE id IN (?) AND %s`
Add global policies (#1750) * Add global policies * Update documentation and add extra parameter to config * Fix failing tests * Store historic policy records * Address review comments And also remove other inmem references I saw by chance * Add documentation for get by id request * Add parameter doc * Move schema generation to a cmd instead of a test Otherwise it messes up running all tests sometimes depending on how parallel it does * Remove brain dump for another task * Make migration tests a separate beast * Make schema generation idempotent and move dbutils cmd to tools * Allow all filters and add counts to Policy * Add test for Policy
2021-08-24 20:24:52 +00:00
stmt, args, err := sqlx.In(stmt, ids)
if err != nil {
return nil, errors.Wrap(err, "IN for DELETE FROM policies")
}
Add team policies (#2103) * Add team policies * Add team policy documentation * Add changes file * Update titles * Fix lint * Rewrite TeamAuthorize for more clarify * Explicitly use two slices for clarity * Simplify switch
2021-09-20 14:00:57 +00:00
stmt = q.Rebind(stmt)
teamWhere := "TRUE"
if teamID != nil {
teamWhere = "team_id = ?"
args = append(args, *teamID)
}
if _, err := q.ExecContext(ctx, fmt.Sprintf(stmt, teamWhere), args...); err != nil {
Add global policies (#1750) * Add global policies * Update documentation and add extra parameter to config * Fix failing tests * Store historic policy records * Address review comments And also remove other inmem references I saw by chance * Add documentation for get by id request * Add parameter doc * Move schema generation to a cmd instead of a test Otherwise it messes up running all tests sometimes depending on how parallel it does * Remove brain dump for another task * Make migration tests a separate beast * Make schema generation idempotent and move dbutils cmd to tools * Allow all filters and add counts to Policy * Add test for Policy
2021-08-24 20:24:52 +00:00
return nil, errors.Wrap(err, "delete policies")
}
return ids, nil
}
Add team policies (#2103) * Add team policies * Add team policy documentation * Add changes file * Update titles * Fix lint * Rewrite TeamAuthorize for more clarify * Explicitly use two slices for clarity * Simplify switch
2021-09-20 14:00:57 +00:00
func (ds *Datastore) PolicyQueriesForHost(ctx context.Context, host *fleet.Host) (map[string]string, error) {
var globalRows, teamRows []struct {
Export fields so the select will work with the struct (#1819)
2021-08-26 14:56:05 +00:00
Id string `db:"id"`
Query string `db:"query"`
Add global policies (#1750) * Add global policies * Update documentation and add extra parameter to config * Fix failing tests * Store historic policy records * Address review comments And also remove other inmem references I saw by chance * Add documentation for get by id request * Add parameter doc * Move schema generation to a cmd instead of a test Otherwise it messes up running all tests sometimes depending on how parallel it does * Remove brain dump for another task * Make migration tests a separate beast * Make schema generation idempotent and move dbutils cmd to tools * Allow all filters and add counts to Policy * Add test for Policy
2021-08-24 20:24:52 +00:00
}
Add team policies (#2103) * Add team policies * Add team policy documentation * Add changes file * Update titles * Fix lint * Rewrite TeamAuthorize for more clarify * Explicitly use two slices for clarity * Simplify switch
2021-09-20 14:00:57 +00:00
err := sqlx.SelectContext(
ctx,
ds.reader,
&globalRows,
`SELECT p.id, q.query FROM policies p JOIN queries q ON (p.query_id=q.id) WHERE team_id is NULL`,
)
Add global policies (#1750) * Add global policies * Update documentation and add extra parameter to config * Fix failing tests * Store historic policy records * Address review comments And also remove other inmem references I saw by chance * Add documentation for get by id request * Add parameter doc * Move schema generation to a cmd instead of a test Otherwise it messes up running all tests sometimes depending on how parallel it does * Remove brain dump for another task * Make migration tests a separate beast * Make schema generation idempotent and move dbutils cmd to tools * Allow all filters and add counts to Policy * Add test for Policy
2021-08-24 20:24:52 +00:00
if err != nil {
return nil, errors.Wrap(err, "selecting policies for host")
}
results := map[string]string{}
Add team policies (#2103) * Add team policies * Add team policy documentation * Add changes file * Update titles * Fix lint * Rewrite TeamAuthorize for more clarify * Explicitly use two slices for clarity * Simplify switch
2021-09-20 14:00:57 +00:00
if host.TeamID != nil {
err := sqlx.SelectContext(
ctx,
ds.reader,
&teamRows,
`SELECT p.id, q.query FROM policies p JOIN queries q ON (p.query_id=q.id) WHERE team_id = ?`,
*host.TeamID,
)
if err != nil {
return nil, errors.Wrap(err, "selecting policies for host in team")
}
}
for _, row := range globalRows {
results[row.Id] = row.Query
}
for _, row := range teamRows {
Export fields so the select will work with the struct (#1819)
2021-08-26 14:56:05 +00:00
results[row.Id] = row.Query
Add global policies (#1750) * Add global policies * Update documentation and add extra parameter to config * Fix failing tests * Store historic policy records * Address review comments And also remove other inmem references I saw by chance * Add documentation for get by id request * Add parameter doc * Move schema generation to a cmd instead of a test Otherwise it messes up running all tests sometimes depending on how parallel it does * Remove brain dump for another task * Make migration tests a separate beast * Make schema generation idempotent and move dbutils cmd to tools * Allow all filters and add counts to Policy * Add test for Policy
2021-08-24 20:24:52 +00:00
}
return results, nil
}
Add team policies (#2103) * Add team policies * Add team policy documentation * Add changes file * Update titles * Fix lint * Rewrite TeamAuthorize for more clarify * Explicitly use two slices for clarity * Simplify switch
2021-09-20 14:00:57 +00:00
Issue 2456 policies yaml (#2512) * wip * Add policy specs support * Add documentation * Make policy apply idempotent * Fold in code * Improve tests and simplify auth checks * Lint and fix test
2021-10-15 10:34:11 +00:00
func (ds *Datastore) NewTeamPolicy(ctx context.Context, teamID uint, queryID uint, resolution string) (*fleet.Policy, error) {
res, err := ds.writer.ExecContext(ctx, `INSERT INTO policies (query_id, team_id, resolution) VALUES (?, ?, ?)`, queryID, teamID, resolution)
Add team policies (#2103) * Add team policies * Add team policy documentation * Add changes file * Update titles * Fix lint * Rewrite TeamAuthorize for more clarify * Explicitly use two slices for clarity * Simplify switch
2021-09-20 14:00:57 +00:00
if err != nil {
return nil, errors.Wrap(err, "inserting new team policy")
}
lastIdInt64, err := res.LastInsertId()
if err != nil {
return nil, errors.Wrap(err, "getting last id after inserting policy")
}
return policyDB(ctx, ds.writer, uint(lastIdInt64), nil)
}
func (ds *Datastore) ListTeamPolicies(ctx context.Context, teamID uint) ([]*fleet.Policy, error) {
return listPoliciesDB(ctx, ds.reader, &teamID)
}
func (ds *Datastore) DeleteTeamPolicies(ctx context.Context, teamID uint, ids []uint) ([]uint, error) {
return deletePolicyDB(ctx, ds.writer, ids, &teamID)
}
func (ds *Datastore) TeamPolicy(ctx context.Context, teamID uint, policyID uint) (*fleet.Policy, error) {
return policyDB(ctx, ds.reader, policyID, &teamID)
}
Issue 2456 policies yaml (#2512) * wip * Add policy specs support * Add documentation * Make policy apply idempotent * Fold in code * Improve tests and simplify auth checks * Lint and fix test
2021-10-15 10:34:11 +00:00
func (ds *Datastore) ApplyPolicySpecs(ctx context.Context, specs []*fleet.PolicySpec) error {
return ds.withRetryTxx(ctx, func(tx sqlx.ExtContext) error {
for _, spec := range specs {
if spec.QueryName == "" {
return errors.New("query name must not be empty")
}
// We update by hand because team_id can be null and that means compound index wont work
teamCheck := `team_id is NULL`
args := []interface{}{spec.QueryName}
if spec.Team != "" {
teamCheck = `team_id=(SELECT id FROM teams WHERE name=?)`
args = append(args, spec.Team)
}
row := tx.QueryRowxContext(ctx,
fmt.Sprintf(`SELECT 1 FROM policies WHERE query_id=(SELECT id FROM queries WHERE name=?) AND %s`, teamCheck),
args...,
)
var exists int
err := row.Scan(&exists)
if err != nil && err != sql.ErrNoRows {
return errors.Wrap(err, "checking policy existence")
}
if exists > 0 {
_, err = tx.ExecContext(ctx,
fmt.Sprintf(`UPDATE policies SET resolution=? WHERE query_id=(SELECT id FROM queries WHERE name=?) AND %s`, teamCheck),
append([]interface{}{spec.Resolution}, args...)...,
)
if err != nil {
return errors.Wrap(err, "exec ApplyPolicySpecs update")
}
} else {
_, err = tx.ExecContext(ctx,
`INSERT INTO policies (query_id, team_id, resolution) VALUES ((SELECT id FROM queries WHERE name=?), (SELECT id FROM teams WHERE name=?),?)`,
spec.QueryName, spec.Team, spec.Resolution)
if err != nil {
return errors.Wrap(err, "exec ApplyPolicySpecs insert")
}
}
}
return nil
})
}
Reference in New Issue Copy Permalink