empayre/fleet
14
0
Fork 0
mirror of https://github.com/empayre/fleet.git synced 2024-11-06 17:05:18 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity
8957f00d86
fleet/server/config/config.go

940 lines
41 KiB
Go
Raw Normal View History

Organizing cobra commands (#100)
2016-09-03 17:25:16 +00:00
package config
import (
Add TLS support to Redis connections (#2568)
2021-10-20 14:09:18 +00:00
"crypto/tls"
"crypto/x509"
Use new error handling approach in other packages (#2954)
2021-11-22 14:13:26 +00:00
"errors"
Pattern for defining and loading application configuration (#149) This provides a new pattern for defining and loading configuration for the Kolide server. With this PR, configuration is stored in the `config.KolideConfig` struct, and loaded through `config.Manager`. Refer to the patterns in `config/config.go` and `cli/prepare.go` to see how configuration is defined and used. A follow-up PR will work on removing further references to `viper` throughout the codebase, instead preferring to access configuration through the strongly typed `KolideConfig`.
2016-09-12 17:26:56 +00:00
"fmt"
Add TLS support to Redis connections (#2568)
2021-10-20 14:09:18 +00:00
"io/ioutil"
Do not panic after error reading config file (#2033) Fixes #1445
2019-04-23 22:59:02 +00:00
"os"
Windows friendly changes after walking through getting started guide (#1441) * update .gitattributes to be explicit about line endings with regards to the test certs * update building-fleet guide to include python2 dependency on windows * update configuration to default to OS specific temporary directories
2021-07-22 00:49:44 +00:00
"path/filepath"
"runtime"
Organizing cobra commands (#100)
2016-09-03 17:25:16 +00:00
"strings"
Refactoring for config patterns (#159) This PR refactors most of the codebase to use the new config patterns implemented in #149. Now the core service keeps a copy of the KolideConfig struct, and service methods can reference the configuration in that struct when they need it. The most significant refactoring is in the sessions code, separating the business logic from the storage layer.
2016-09-14 16:11:06 +00:00
"time"
Organizing cobra commands (#100)
2016-09-03 17:25:16 +00:00
Pattern for defining and loading application configuration (#149) This provides a new pattern for defining and loading configuration for the Kolide server. With this PR, configuration is stored in the `config.KolideConfig` struct, and loaded through `config.Manager`. Refer to the patterns in `config/config.go` and `cli/prepare.go` to see how configuration is defined and used. A follow-up PR will work on removing further references to `viper` throughout the codebase, instead preferring to access configuration through the strongly typed `KolideConfig`.
2016-09-12 17:26:56 +00:00
"github.com/spf13/cast"
Organizing cobra commands (#100)
2016-09-03 17:25:16 +00:00
"github.com/spf13/cobra"
"github.com/spf13/viper"
)
Pattern for defining and loading application configuration (#149) This provides a new pattern for defining and loading configuration for the Kolide server. With this PR, configuration is stored in the `config.KolideConfig` struct, and loaded through `config.Manager`. Refer to the patterns in `config/config.go` and `cli/prepare.go` to see how configuration is defined and used. A follow-up PR will work on removing further references to `viper` throughout the codebase, instead preferring to access configuration through the strongly typed `KolideConfig`.
2016-09-12 17:26:56 +00:00
const (
Deprecate environment variable prefix (#301) - Support both `FLEET_` and `KOLIDE_` prefixes. - Add logging about deprecated `KOLIDE_` prefix. - Update documentation and sample configs.
2021-02-11 23:36:58 +00:00
envPrefix = "FLEET"
queries and packs services via go-kit (#102) * osquery services via go-kit * Visual Studio Code configurations * create query and pack endpoints * organizing files more scalably * modify query and pack endpoints * delete query and pack endpoints * get query and pack endpoints * get all queries and packs endpoints * add and remove queries from packs * test stubs * removing some indirection * query service tests * service pack tests * transport tests * adding config file flag back * organizing package kolide * get queries in pack endpoint * run tests on 1.7? * no 1.7 image :( * typo in circle.yml
2016-09-04 05:13:42 +00:00
)
Pattern for defining and loading application configuration (#149) This provides a new pattern for defining and loading configuration for the Kolide server. With this PR, configuration is stored in the `config.KolideConfig` struct, and loaded through `config.Manager`. Refer to the patterns in `config/config.go` and `cli/prepare.go` to see how configuration is defined and used. A follow-up PR will work on removing further references to `viper` throughout the codebase, instead preferring to access configuration through the strongly typed `KolideConfig`.
2016-09-12 17:26:56 +00:00
// MysqlConfig defines configs related to MySQL
type MysqlConfig struct {
Add stdout and kinesis logger plugins and sts assume role to Firehose (#2282) Co-authored-by: Brendan Shaklovitz <nyanshak@users.noreply.github.com>
2020-08-19 21:56:44 +00:00
Protocol string
Address string
Username string
Password string
Added support to read jwt and mysql password from a file (#141) The current implementation of FleetDM doesn't support Docker secrets for supplying the MySQL password and JWT key. This PR provides the ability for a file path to read in secrets. The goal of this PR is to avoid storing secrets in a static config or in an environment variable. Example config for Docker: ```yaml mysql: address: mysql:3306 database: fleet username: fleet password_path: /run/secrets/mysql-fleetdm-password redis: address: redis:6379 server: address: 0.0.0.0:8080 cert: /run/secrets/fleetdm-tls-cert key: /run/secrets/fleetdm-tls-key auth: jwt_key_path: /run/secrets/fleetdm-jwt-key filesystem: status_log_file: /var/log/osquery/status.log result_log_file: /var/log/osquery/result.log enable_log_rotation: true logging: json: true ```
2021-01-04 15:58:43 +00:00
PasswordPath string `yaml:"password_path"`
Add stdout and kinesis logger plugins and sts assume role to Firehose (#2282) Co-authored-by: Brendan Shaklovitz <nyanshak@users.noreply.github.com>
2020-08-19 21:56:44 +00:00
Database string
TLSCert string `yaml:"tls_cert"`
TLSKey string `yaml:"tls_key"`
TLSCA string `yaml:"tls_ca"`
TLSServerName string `yaml:"tls_server_name"`
Implementation of a Kafka REST Proxy logging plugin (#2534) This PR implements the status/result logger functions necessary interface with a Kafka REST Proxy service. Specifically, this is compatible with the [Confluent KAFKA Rest Proxy Service ](https://docs.confluent.io/1.0/kafka-rest/docs/intro.html).
2021-10-28 04:51:17 +00:00
TLSConfig string `yaml:"tls_config"` // tls=customValue in DSN
Add stdout and kinesis logger plugins and sts assume role to Firehose (#2282) Co-authored-by: Brendan Shaklovitz <nyanshak@users.noreply.github.com>
2020-08-19 21:56:44 +00:00
MaxOpenConns int `yaml:"max_open_conns"`
MaxIdleConns int `yaml:"max_idle_conns"`
Add support for conn_max_lifetime (#2270) This adds support to configure MySQL conn_max_lifetime.
2020-07-30 16:00:42 +00:00
ConnMaxLifetime int `yaml:"conn_max_lifetime"`
Pattern for defining and loading application configuration (#149) This provides a new pattern for defining and loading configuration for the Kolide server. With this PR, configuration is stored in the `config.KolideConfig` struct, and loaded through `config.Manager`. Refer to the patterns in `config/config.go` and `cli/prepare.go` to see how configuration is defined and used. A follow-up PR will work on removing further references to `viper` throughout the codebase, instead preferring to access configuration through the strongly typed `KolideConfig`.
2016-09-12 17:26:56 +00:00
}
Use redis for distributed query results when not in dev mode (#653) - Add appropriate configs for Redis - Use the Redis pubsub store by default, inmem in dev mode
2016-12-16 00:13:23 +00:00
// RedisConfig defines configs related to Redis
type RedisConfig struct {
Add configurable Redis connection retries and following of cluster redirections (#2045) Closes #1969
2021-09-15 12:50:32 +00:00
Address string
Password string
Database int
UseTLS bool `yaml:"use_tls"`
DuplicateResults bool `yaml:"duplicate_results"`
ConnectTimeout time.Duration `yaml:"connect_timeout"`
KeepAlive time.Duration `yaml:"keep_alive"`
ConnectRetryAttempts int `yaml:"connect_retry_attempts"`
ClusterFollowRedirections bool `yaml:"cluster_follow_redirections"`
Add configuration and support for Redis to read from replicas (#2509)
2021-10-18 13:32:17 +00:00
ClusterReadFromReplica bool `yaml:"cluster_read_from_replica"`
Add TLS support to Redis connections (#2568)
2021-10-20 14:09:18 +00:00
TLSCert string `yaml:"tls_cert"`
TLSKey string `yaml:"tls_key"`
TLSCA string `yaml:"tls_ca"`
TLSServerName string `yaml:"tls_server_name"`
TLSHandshakeTimeout time.Duration `yaml:"tls_handshake_timeout"`
// TODO(mna): should we allow insecure skip verify option?
MaxIdleConns int `yaml:"max_idle_conns"`
MaxOpenConns int `yaml:"max_open_conns"`
// this config is an int on MysqlConfig, but it should be a time.Duration.
ConnMaxLifetime time.Duration `yaml:"conn_max_lifetime"`
IdleTimeout time.Duration `yaml:"idle_timeout"`
Implement async processing of hosts for label queries (#2288)
2021-11-01 18:13:16 +00:00
ConnWaitTimeout time.Duration `yaml:"conn_wait_timeout"`
Use redis for distributed query results when not in dev mode (#653) - Add appropriate configs for Redis - Use the Redis pubsub store by default, inmem in dev mode
2016-12-16 00:13:23 +00:00
}
Add TLS profiles to command line (#1444) * Add TLS profiles to command line * Code review changes per @groob * fixed busted test
2017-03-28 04:21:48 +00:00
const (
TLSProfileKey = "server.tls_compatibility"
TLSProfileModern = "modern"
TLSProfileIntermediate = "intermediate"
)
Replace uses of the term "Kolide" with "Fleet" (#1999) Almost two years ago, we began referring to the project as Fleet, but there are many occurences of the term "Kolide" throughout the UI and documentation. This PR attempts to clear up those uses where it is easily achievable. The term "Kolide" is used throughout the code as well, but modifying this would be more likely to introduce bugs.
2019-01-24 17:39:32 +00:00
// ServerConfig defines configs related to the Fleet server
Pattern for defining and loading application configuration (#149) This provides a new pattern for defining and loading configuration for the Kolide server. With this PR, configuration is stored in the `config.KolideConfig` struct, and loaded through `config.Manager`. Refer to the patterns in `config/config.go` and `cli/prepare.go` to see how configuration is defined and used. A follow-up PR will work on removing further references to `viper` throughout the codebase, instead preferring to access configuration through the strongly typed `KolideConfig`.
2016-09-12 17:26:56 +00:00
type ServerConfig struct {
Add TLS profiles to command line (#1444) * Add TLS profiles to command line * Code review changes per @groob * fixed busted test
2017-03-28 04:21:48 +00:00
Address string
Cert string
Key string
TLS bool
Fix tls_compatibility key in yaml config (#955) Closes #271
2021-06-04 15:44:36 +00:00
TLSProfile string `yaml:"tls_compatibility"`
Add ability to prefix Fleet URLs (#2112) - Add the server_url_prefix flag for configuring this functionality - Add prefix handling to the server routes - Refactor JS to use appropriate paths from modules - Use JS template to get URL prefix into JS environment - Update webpack config to support prefixing Thanks to securityonion.net for sponsoring the development of this feature. Closes #1661
2019-10-16 23:40:45 +00:00
URLPrefix string `yaml:"url_prefix"`
Add flag to disable HTTP keepalives (#741) In some environments, disabling keepalives helps prevent buildup of TCP sockets.
2021-05-08 00:29:54 +00:00
Keepalive bool `yaml:"keepalive"`
Pattern for defining and loading application configuration (#149) This provides a new pattern for defining and loading configuration for the Kolide server. With this PR, configuration is stored in the `config.KolideConfig` struct, and loaded through `config.Manager`. Refer to the patterns in `config/config.go` and `cli/prepare.go` to see how configuration is defined and used. A follow-up PR will work on removing further references to `viper` throughout the codebase, instead preferring to access configuration through the strongly typed `KolideConfig`.
2016-09-12 17:26:56 +00:00
}
// AuthConfig defines configs related to user authorization
type AuthConfig struct {
Remove JWT in Fleet session management (#979) See #978 for motivations for this change. Closes #978.
2021-06-07 01:10:58 +00:00
BcryptCost int `yaml:"bcrypt_cost"`
SaltKeySize int `yaml:"salt_key_size"`
Pattern for defining and loading application configuration (#149) This provides a new pattern for defining and loading configuration for the Kolide server. With this PR, configuration is stored in the `config.KolideConfig` struct, and loaded through `config.Manager`. Refer to the patterns in `config/config.go` and `cli/prepare.go` to see how configuration is defined and used. A follow-up PR will work on removing further references to `viper` throughout the codebase, instead preferring to access configuration through the strongly typed `KolideConfig`.
2016-09-12 17:26:56 +00:00
}
// AppConfig defines configs related to HTTP
type AppConfig struct {
Ensure config values roundtrip properly through config_dump (#1266) - Set the appropriate yaml tags for dumping - Add test to verify roundtrip Fixes #1261
2017-02-22 15:22:19 +00:00
TokenKeySize int `yaml:"token_key_size"`
InviteTokenValidityPeriod time.Duration `yaml:"invite_token_validity_period"`
Pattern for defining and loading application configuration (#149) This provides a new pattern for defining and loading configuration for the Kolide server. With this PR, configuration is stored in the `config.KolideConfig` struct, and loaded through `config.Manager`. Refer to the patterns in `config/config.go` and `cli/prepare.go` to see how configuration is defined and used. A follow-up PR will work on removing further references to `viper` throughout the codebase, instead preferring to access configuration through the strongly typed `KolideConfig`.
2016-09-12 17:26:56 +00:00
}
// SessionConfig defines configs related to user sessions
type SessionConfig struct {
Ensure config values roundtrip properly through config_dump (#1266) - Set the appropriate yaml tags for dumping - Add test to verify roundtrip Fixes #1261
2017-02-22 15:22:19 +00:00
KeySize int `yaml:"key_size"`
Refactoring for config patterns (#159) This PR refactors most of the codebase to use the new config patterns implemented in #149. Now the core service keeps a copy of the KolideConfig struct, and service methods can reference the configuration in that struct when they need it. The most significant refactoring is in the sessions code, separating the business logic from the storage layer.
2016-09-14 16:11:06 +00:00
Duration time.Duration
Pattern for defining and loading application configuration (#149) This provides a new pattern for defining and loading configuration for the Kolide server. With this PR, configuration is stored in the `config.KolideConfig` struct, and loaded through `config.Manager`. Refer to the patterns in `config/config.go` and `cli/prepare.go` to see how configuration is defined and used. A follow-up PR will work on removing further references to `viper` throughout the codebase, instead preferring to access configuration through the strongly typed `KolideConfig`.
2016-09-12 17:26:56 +00:00
}
// OsqueryConfig defines configs related to osquery
type OsqueryConfig struct {
Implement async processing of hosts for label queries (#2288)
2021-11-01 18:13:16 +00:00
NodeKeySize int `yaml:"node_key_size"`
HostIdentifier string `yaml:"host_identifier"`
EnrollCooldown time.Duration `yaml:"enroll_cooldown"`
StatusLogPlugin string `yaml:"status_log_plugin"`
ResultLogPlugin string `yaml:"result_log_plugin"`
LabelUpdateInterval time.Duration `yaml:"label_update_interval"`
PolicyUpdateInterval time.Duration `yaml:"policy_update_interval"`
DetailUpdateInterval time.Duration `yaml:"detail_update_interval"`
StatusLogFile string `yaml:"status_log_file"`
ResultLogFile string `yaml:"result_log_file"`
EnableLogRotation bool `yaml:"enable_log_rotation"`
MaxJitterPercent int `yaml:"max_jitter_percent"`
EnableAsyncHostProcessing bool `yaml:"enable_async_host_processing"`
AsyncHostCollectInterval time.Duration `yaml:"async_host_collect_interval"`
AsyncHostCollectMaxJitterPercent int `yaml:"async_host_collect_max_jitter_percent"`
AsyncHostCollectLockTimeout time.Duration `yaml:"async_host_collect_lock_timeout"`
AsyncHostCollectLogStatsInterval time.Duration `yaml:"async_host_collect_log_stats_interval"`
AsyncHostInsertBatch int `yaml:"async_host_insert_batch"`
AsyncHostDeleteBatch int `yaml:"async_host_delete_batch"`
AsyncHostUpdateBatch int `yaml:"async_host_update_batch"`
AsyncHostRedisPopCount int `yaml:"async_host_redis_pop_count"`
AsyncHostRedisScanKeysCount int `yaml:"async_host_redis_scan_keys_count"`
Pattern for defining and loading application configuration (#149) This provides a new pattern for defining and loading configuration for the Kolide server. With this PR, configuration is stored in the `config.KolideConfig` struct, and loaded through `config.Manager`. Refer to the patterns in `config/config.go` and `cli/prepare.go` to see how configuration is defined and used. A follow-up PR will work on removing further references to `viper` throughout the codebase, instead preferring to access configuration through the strongly typed `KolideConfig`.
2016-09-12 17:26:56 +00:00
}
// LoggingConfig defines configs related to logging
type LoggingConfig struct {
Issue 2027 better error visibility (#2069)
2021-11-02 17:35:57 +00:00
Debug bool
JSON bool
DisableBanner bool `yaml:"disable_banner"`
ErrorRetentionPeriod time.Duration `yaml:"error_retention_period"`
Pattern for defining and loading application configuration (#149) This provides a new pattern for defining and loading configuration for the Kolide server. With this PR, configuration is stored in the `config.KolideConfig` struct, and loaded through `config.Manager`. Refer to the patterns in `config/config.go` and `cli/prepare.go` to see how configuration is defined and used. A follow-up PR will work on removing further references to `viper` throughout the codebase, instead preferring to access configuration through the strongly typed `KolideConfig`.
2016-09-12 17:26:56 +00:00
}
Add Firehose logging capabilities for result and status logs (#2022) - Refactor configuration for logging to use separate plugins - Move existing filesystem logging to filesystem plugin - Create new AWS firehose plugin - Update documentation around logging
2019-04-08 18:47:15 +00:00
// FirehoseConfig defines configs for the AWS Firehose logging plugin
type FirehoseConfig struct {
Add stdout and kinesis logger plugins and sts assume role to Firehose (#2282) Co-authored-by: Brendan Shaklovitz <nyanshak@users.noreply.github.com>
2020-08-19 21:56:44 +00:00
Region string
add logging settings to config api response (#1467) - add docker-compose file for locally testing aws dependencies - update firehose & kinesis configs to optionally supply endpoint url override - serialize `logging` field in appconfig api response
2021-07-30 15:45:49 +00:00
EndpointURL string `yaml:"endpoint_url"`
Add stdout and kinesis logger plugins and sts assume role to Firehose (#2282) Co-authored-by: Brendan Shaklovitz <nyanshak@users.noreply.github.com>
2020-08-19 21:56:44 +00:00
AccessKeyID string `yaml:"access_key_id"`
SecretAccessKey string `yaml:"secret_access_key"`
StsAssumeRoleArn string `yaml:"sts_assume_role_arn"`
StatusStream string `yaml:"status_stream"`
ResultStream string `yaml:"result_stream"`
}
// KinesisConfig defines configs for the AWS Kinesis logging plugin
type KinesisConfig struct {
Region string
add logging settings to config api response (#1467) - add docker-compose file for locally testing aws dependencies - update firehose & kinesis configs to optionally supply endpoint url override - serialize `logging` field in appconfig api response
2021-07-30 15:45:49 +00:00
EndpointURL string `yaml:"endpoint_url"`
Add stdout and kinesis logger plugins and sts assume role to Firehose (#2282) Co-authored-by: Brendan Shaklovitz <nyanshak@users.noreply.github.com>
2020-08-19 21:56:44 +00:00
AccessKeyID string `yaml:"access_key_id"`
SecretAccessKey string `yaml:"secret_access_key"`
StsAssumeRoleArn string `yaml:"sts_assume_role_arn"`
StatusStream string `yaml:"status_stream"`
ResultStream string `yaml:"result_stream"`
Add Firehose logging capabilities for result and status logs (#2022) - Refactor configuration for logging to use separate plugins - Move existing filesystem logging to filesystem plugin - Create new AWS firehose plugin - Update documentation around logging
2019-04-08 18:47:15 +00:00
}
Add AWS Lambda as logging plugin (#347) This plugin invokes the provided function with each log line as the payload. Closes #342
2021-02-24 18:02:26 +00:00
// LambdaConfig defines configs for the AWS Lambda logging plugin
type LambdaConfig struct {
Region string
AccessKeyID string `yaml:"access_key_id"`
SecretAccessKey string `yaml:"secret_access_key"`
StsAssumeRoleArn string `yaml:"sts_assume_role_arn"`
StatusFunction string `yaml:"status_function"`
ResultFunction string `yaml:"result_function"`
}
Add AWS S3 as file carving backend (#126) This adds the option to set up an S3 bucket as the storage backend for file carving (partially solving #111). It works by using the multipart upload capabilities of S3 to maintain compatibility with the "upload in blocks" protocol that osquery uses. It does this basically replacing the carve_blocks table while still maintaining the metadata in the original place (it would probably be possible to rely completely on S3 by using object tagging at the cost of listing performance). To make this pluggable, I created a new field in the service struct dedicated to the CarveStore which, if no configuration for S3 is set up will be just a reference to the standard datastore, otherwise it will point to the S3 one (effectively this separation will allow in the future to add more backends).
2020-12-16 17:16:55 +00:00
// S3Config defines config to enable file carving storage to an S3 bucket
type S3Config struct {
add support for minio backend file carving (#2448) * add support for minio backend file carving * add changes file Co-authored-by: Zach Wasserman <zach@fleetdm.com>
2021-10-12 19:32:06 +00:00
Bucket string `yaml:"bucket"`
Prefix string `yaml:"prefix"`
Region string `yaml:"region"`
EndpointURL string `yaml:"endpoint_url"`
Add AWS S3 as file carving backend (#126) This adds the option to set up an S3 bucket as the storage backend for file carving (partially solving #111). It works by using the multipart upload capabilities of S3 to maintain compatibility with the "upload in blocks" protocol that osquery uses. It does this basically replacing the carve_blocks table while still maintaining the metadata in the original place (it would probably be possible to rely completely on S3 by using object tagging at the cost of listing performance). To make this pluggable, I created a new field in the service struct dedicated to the CarveStore which, if no configuration for S3 is set up will be just a reference to the standard datastore, otherwise it will point to the S3 one (effectively this separation will allow in the future to add more backends).
2020-12-16 17:16:55 +00:00
AccessKeyID string `yaml:"access_key_id"`
SecretAccessKey string `yaml:"secret_access_key"`
StsAssumeRoleArn string `yaml:"sts_assume_role_arn"`
add support for minio backend file carving (#2448) * add support for minio backend file carving * add changes file Co-authored-by: Zach Wasserman <zach@fleetdm.com>
2021-10-12 19:32:06 +00:00
DisableSSL bool `yaml:"disable_ssl"`
ForceS3PathStyle bool `yaml:"force_s3_path_style"`
Add AWS S3 as file carving backend (#126) This adds the option to set up an S3 bucket as the storage backend for file carving (partially solving #111). It works by using the multipart upload capabilities of S3 to maintain compatibility with the "upload in blocks" protocol that osquery uses. It does this basically replacing the carve_blocks table while still maintaining the metadata in the original place (it would probably be possible to rely completely on S3 by using object tagging at the cost of listing performance). To make this pluggable, I created a new field in the service struct dedicated to the CarveStore which, if no configuration for S3 is set up will be just a reference to the standard datastore, otherwise it will point to the S3 one (effectively this separation will allow in the future to add more backends).
2020-12-16 17:16:55 +00:00
}
Add Google Cloud PubSub logging (#2049) Adds Google Cloud PubSub logging for status and results. This also changes the Write interface for logging modules to add a context.Context (only used by pubsub currently).
2019-07-16 22:41:50 +00:00
// PubSubConfig defines configs the for Google PubSub logging plugin
type PubSubConfig struct {
add logging settings to config api response (#1467) - add docker-compose file for locally testing aws dependencies - update firehose & kinesis configs to optionally supply endpoint url override - serialize `logging` field in appconfig api response
2021-07-30 15:45:49 +00:00
Project string `json:"project"`
StatusTopic string `json:"status_topic" yaml:"status_topic"`
ResultTopic string `json:"result_topic" yaml:"result_topic"`
AddAttributes bool `json:"add_attributes" yaml:"add_attributes"`
Add Google Cloud PubSub logging (#2049) Adds Google Cloud PubSub logging for status and results. This also changes the Write interface for logging modules to add a context.Context (only used by pubsub currently).
2019-07-16 22:41:50 +00:00
}
Add Firehose logging capabilities for result and status logs (#2022) - Refactor configuration for logging to use separate plugins - Move existing filesystem logging to filesystem plugin - Create new AWS firehose plugin - Update documentation around logging
2019-04-08 18:47:15 +00:00
// FilesystemConfig defines configs for the Filesystem logging plugin
type FilesystemConfig struct {
add logging settings to config api response (#1467) - add docker-compose file for locally testing aws dependencies - update firehose & kinesis configs to optionally supply endpoint url override - serialize `logging` field in appconfig api response
2021-07-30 15:45:49 +00:00
StatusLogFile string `json:"status_log_file" yaml:"status_log_file"`
ResultLogFile string `json:"result_log_file" yaml:"result_log_file"`
EnableLogRotation bool `json:"enable_log_rotation" yaml:"enable_log_rotation"`
EnableLogCompression bool `json:"enable_log_compression" yaml:"enable_log_compression"`
Add Firehose logging capabilities for result and status logs (#2022) - Refactor configuration for logging to use separate plugins - Move existing filesystem logging to filesystem plugin - Create new AWS firehose plugin - Update documentation around logging
2019-04-08 18:47:15 +00:00
}
Implementation of a Kafka REST Proxy logging plugin (#2534) This PR implements the status/result logger functions necessary interface with a Kafka REST Proxy service. Specifically, this is compatible with the [Confluent KAFKA Rest Proxy Service ](https://docs.confluent.io/1.0/kafka-rest/docs/intro.html).
2021-10-28 04:51:17 +00:00
// KafkaRESTConfig defines configs for the Kafka REST Proxy logging plugin.
type KafkaRESTConfig struct {
StatusTopic string `json:"status_topic" yaml:"status_topic"`
ResultTopic string `json:"result_topic" yaml:"result_topic"`
ProxyHost string `json:"proxyhost" yaml:"proxyhost"`
Timeout int `json:"timeout" yaml:"timeout"`
}
Stub out licensing API (#810) - Add config option for license key. - Define license details data structure. - Include license details in app config API responses. Currently any non-empty value for `--license_key` behaves as though the installation is licensed for `basic`. If the license key is empty, `core` is returned. Still to come is the appropriate parsing for the license key.
2021-05-20 00:29:38 +00:00
// LicenseConfig defines configs related to licensing Fleet.
type LicenseConfig struct {
Key string `yaml:"key"`
}
Make vulnerability processing more configurable (#1718) * Make vulnerability processing more configurable * Simplify leader selection
2021-08-18 20:25:14 +00:00
// VulnerabilitiesConfig defines configs related to vulnerability processing within Fleet.
type VulnerabilitiesConfig struct {
DatabasesPath string `json:"databases_path" yaml:"databases_path"`
Periodicity time.Duration `json:"periodicity" yaml:"periodicity"`
CPEDatabaseURL string `json:"cpe_database_url" yaml:"cpe_database_url"`
CVEFeedPrefixURL string `json:"cve_feed_prefix_url" yaml:"cve_feed_prefix_url"`
CurrentInstanceChecks string `json:"current_instance_checks" yaml:"current_instance_checks"`
Issue 1963 vulnerabilities no sync (#1976) * wip * Add tests for skip sync * Add changes file * Fix lint
2021-09-14 13:58:35 +00:00
DisableDataSync bool `json:"disable_data_sync" yaml:"disable_data_sync"`
Make vulnerability processing more configurable (#1718) * Make vulnerability processing more configurable * Simplify leader selection
2021-08-18 20:25:14 +00:00
}
Fleet serve to exit if migrations are missing (default) (#2803) * Add option to fleet to exit if migrations are missing * Reverse serve exit migrations logic * Fix typo
2021-11-22 17:47:24 +00:00
// UpgradesConfig defines configs related to fleet server upgrades.
type UpgradesConfig struct {
AllowMissingMigrations bool `json:"allow_missing_migrations" yaml:"allow_missing_migrations"`
}
Remove kolide types and packages from backend (#974) Generally renamed `kolide` -> `fleet`
2021-06-06 22:07:29 +00:00
// FleetConfig stores the application configuration. Each subcategory is
Pattern for defining and loading application configuration (#149) This provides a new pattern for defining and loading configuration for the Kolide server. With this PR, configuration is stored in the `config.KolideConfig` struct, and loaded through `config.Manager`. Refer to the patterns in `config/config.go` and `cli/prepare.go` to see how configuration is defined and used. A follow-up PR will work on removing further references to `viper` throughout the codebase, instead preferring to access configuration through the strongly typed `KolideConfig`.
2016-09-12 17:26:56 +00:00
// broken up into it's own struct, defined above. When editing any of these
// structs, Manager.addConfigs and Manager.LoadConfig should be
// updated to set and retrieve the configurations as appropriate.
Remove kolide types and packages from backend (#974) Generally renamed `kolide` -> `fleet`
2021-06-06 22:07:29 +00:00
type FleetConfig struct {
Add support for MySQL read replicas (#1786) Adds configuration options to use a read-only MySQL replica, and uses it instead of the primary for reads.
2021-09-01 19:50:52 +00:00
Mysql MysqlConfig
MysqlReadReplica MysqlConfig `yaml:"mysql_read_replica"`
Redis RedisConfig
Server ServerConfig
Auth AuthConfig
App AppConfig
Session SessionConfig
Osquery OsqueryConfig
Logging LoggingConfig
Firehose FirehoseConfig
Kinesis KinesisConfig
Lambda LambdaConfig
S3 S3Config
PubSub PubSubConfig
Filesystem FilesystemConfig
Implementation of a Kafka REST Proxy logging plugin (#2534) This PR implements the status/result logger functions necessary interface with a Kafka REST Proxy service. Specifically, this is compatible with the [Confluent KAFKA Rest Proxy Service ](https://docs.confluent.io/1.0/kafka-rest/docs/intro.html).
2021-10-28 04:51:17 +00:00
KafkaREST KafkaRESTConfig
Add support for MySQL read replicas (#1786) Adds configuration options to use a read-only MySQL replica, and uses it instead of the primary for reads.
2021-09-01 19:50:52 +00:00
License LicenseConfig
Vulnerabilities VulnerabilitiesConfig
Fleet serve to exit if migrations are missing (default) (#2803) * Add option to fleet to exit if migrations are missing * Reverse serve exit migrations logic * Fix typo
2021-11-22 17:47:24 +00:00
Upgrades UpgradesConfig
Pattern for defining and loading application configuration (#149) This provides a new pattern for defining and loading configuration for the Kolide server. With this PR, configuration is stored in the `config.KolideConfig` struct, and loaded through `config.Manager`. Refer to the patterns in `config/config.go` and `cli/prepare.go` to see how configuration is defined and used. A follow-up PR will work on removing further references to `viper` throughout the codebase, instead preferring to access configuration through the strongly typed `KolideConfig`.
2016-09-12 17:26:56 +00:00
}
Add TLS support to Redis connections (#2568)
2021-10-20 14:09:18 +00:00
type TLS struct {
TLSCert string
TLSKey string
TLSCA string
TLSServerName string
}
func (t *TLS) ToTLSConfig() (*tls.Config, error) {
Allow empty TLS CA for Redis TLS connections (#2668)
2021-10-25 18:47:53 +00:00
var rootCertPool *x509.CertPool
if t.TLSCA != "" {
rootCertPool = x509.NewCertPool()
pem, err := ioutil.ReadFile(t.TLSCA)
if err != nil {
Use new error handling approach in other packages (#2954)
2021-11-22 14:13:26 +00:00
return nil, fmt.Errorf("read server-ca pem: %w", err)
Allow empty TLS CA for Redis TLS connections (#2668)
2021-10-25 18:47:53 +00:00
}
if ok := rootCertPool.AppendCertsFromPEM(pem); !ok {
return nil, errors.New("failed to append PEM.")
}
Add TLS support to Redis connections (#2568)
2021-10-20 14:09:18 +00:00
}
cfg := &tls.Config{
RootCAs: rootCertPool,
}
if t.TLSCert != "" {
clientCert := make([]tls.Certificate, 0, 1)
certs, err := tls.LoadX509KeyPair(t.TLSCert, t.TLSKey)
if err != nil {
Use new error handling approach in other packages (#2954)
2021-11-22 14:13:26 +00:00
return nil, fmt.Errorf("load client cert and key: %w", err)
Add TLS support to Redis connections (#2568)
2021-10-20 14:09:18 +00:00
}
clientCert = append(clientCert, certs)
cfg.Certificates = clientCert
}
if t.TLSServerName != "" {
cfg.ServerName = t.TLSServerName
}
return cfg, nil
}
Pattern for defining and loading application configuration (#149) This provides a new pattern for defining and loading configuration for the Kolide server. With this PR, configuration is stored in the `config.KolideConfig` struct, and loaded through `config.Manager`. Refer to the patterns in `config/config.go` and `cli/prepare.go` to see how configuration is defined and used. A follow-up PR will work on removing further references to `viper` throughout the codebase, instead preferring to access configuration through the strongly typed `KolideConfig`.
2016-09-12 17:26:56 +00:00
// addConfigs adds the configuration keys and default values that will be
Remove kolide types and packages from backend (#974) Generally renamed `kolide` -> `fleet`
2021-06-06 22:07:29 +00:00
// filled into the FleetConfig struct
Pattern for defining and loading application configuration (#149) This provides a new pattern for defining and loading configuration for the Kolide server. With this PR, configuration is stored in the `config.KolideConfig` struct, and loaded through `config.Manager`. Refer to the patterns in `config/config.go` and `cli/prepare.go` to see how configuration is defined and used. A follow-up PR will work on removing further references to `viper` throughout the codebase, instead preferring to access configuration through the strongly typed `KolideConfig`.
2016-09-12 17:26:56 +00:00
func (man Manager) addConfigs() {
Add support for MySQL read replicas (#1786) Adds configuration options to use a read-only MySQL replica, and uses it instead of the primary for reads.
2021-09-01 19:50:52 +00:00
addMysqlConfig := func(prefix, defaultAddr, usageSuffix string) {
man.addConfigString(prefix+".protocol", "tcp",
"MySQL server communication protocol (tcp,unix,...)"+usageSuffix)
man.addConfigString(prefix+".address", defaultAddr,
"MySQL server address (host:port)"+usageSuffix)
man.addConfigString(prefix+".username", "fleet",
"MySQL server username"+usageSuffix)
man.addConfigString(prefix+".password", "",
"MySQL server password (prefer env variable for security)"+usageSuffix)
man.addConfigString(prefix+".password_path", "",
"Path to file containg MySQL server password"+usageSuffix)
man.addConfigString(prefix+".database", "fleet",
"MySQL database name"+usageSuffix)
man.addConfigString(prefix+".tls_cert", "",
"MySQL TLS client certificate path"+usageSuffix)
man.addConfigString(prefix+".tls_key", "",
"MySQL TLS client key path"+usageSuffix)
man.addConfigString(prefix+".tls_ca", "",
"MySQL TLS server CA"+usageSuffix)
man.addConfigString(prefix+".tls_server_name", "",
"MySQL TLS server name"+usageSuffix)
man.addConfigString(prefix+".tls_config", "",
"MySQL TLS config value"+usageSuffix+" Use skip-verify, true, false or custom key.")
man.addConfigInt(prefix+".max_open_conns", 50, "MySQL maximum open connection handles"+usageSuffix)
man.addConfigInt(prefix+".max_idle_conns", 50, "MySQL maximum idle connection handles"+usageSuffix)
man.addConfigInt(prefix+".conn_max_lifetime", 0, "MySQL maximum amount of time a connection may be reused"+usageSuffix)
}
Pattern for defining and loading application configuration (#149) This provides a new pattern for defining and loading configuration for the Kolide server. With this PR, configuration is stored in the `config.KolideConfig` struct, and loaded through `config.Manager`. Refer to the patterns in `config/config.go` and `cli/prepare.go` to see how configuration is defined and used. A follow-up PR will work on removing further references to `viper` throughout the codebase, instead preferring to access configuration through the strongly typed `KolideConfig`.
2016-09-12 17:26:56 +00:00
// MySQL
Add support for MySQL read replicas (#1786) Adds configuration options to use a read-only MySQL replica, and uses it instead of the primary for reads.
2021-09-01 19:50:52 +00:00
addMysqlConfig("mysql", "localhost:3306", ".")
addMysqlConfig("mysql_read_replica", "", " for the read replica.")
Pattern for defining and loading application configuration (#149) This provides a new pattern for defining and loading configuration for the Kolide server. With this PR, configuration is stored in the `config.KolideConfig` struct, and loaded through `config.Manager`. Refer to the patterns in `config/config.go` and `cli/prepare.go` to see how configuration is defined and used. A follow-up PR will work on removing further references to `viper` throughout the codebase, instead preferring to access configuration through the strongly typed `KolideConfig`.
2016-09-12 17:26:56 +00:00
Use redis for distributed query results when not in dev mode (#653) - Add appropriate configs for Redis - Use the Redis pubsub store by default, inmem in dev mode
2016-12-16 00:13:23 +00:00
// Redis
Add inline flag documentation in --help (#1135) - Cleanup unused app.web_address flag
2017-01-31 18:06:30 +00:00
man.addConfigString("redis.address", "localhost:6379",
"Redis server address (host:port)")
man.addConfigString("redis.password", "",
"Redis server password (prefer env variable for security)")
Add redis database number support (#2269) Fixes #2268
2020-07-30 15:57:25 +00:00
man.addConfigInt("redis.database", 0,
"Redis server database number")
Add redis use_tls cfg (#2311) Adding config parameter 'redis.use_tls' to enable tls communications with redis e.g. AWS ElastiCache Closes #2247
2020-10-01 23:25:48 +00:00
man.addConfigBool("redis.use_tls", false, "Redis server enable TLS")
Add ability to duplicate live query results in Redis (#762) This feature enables a new config option (redis.duplicate_results). When set to true, all Live Query results will be copied to an additional Redis pubsub channel named LQDuplicate This is useful in a scenario that would involve shipping the Live Query results outside of Fleet, near-realtime.
2021-05-13 23:01:31 +00:00
man.addConfigBool("redis.duplicate_results", false, "Duplicate Live Query results to another Redis channel")
Make redis conn timeout and keep alive configurable (#1968) * Make redis conn timeout and keep alive configurable * Document new configs * Correct config name
2021-09-08 20:55:12 +00:00
man.addConfigDuration("redis.connect_timeout", 5*time.Second, "Timeout at connection time")
man.addConfigDuration("redis.keep_alive", 10*time.Second, "Interval between keep alive probes")
Add configurable Redis connection retries and following of cluster redirections (#2045) Closes #1969
2021-09-15 12:50:32 +00:00
man.addConfigInt("redis.connect_retry_attempts", 0, "Number of attempts to retry a failed connection")
man.addConfigBool("redis.cluster_follow_redirections", false, "Automatically follow Redis Cluster redirections")
Add configuration and support for Redis to read from replicas (#2509)
2021-10-18 13:32:17 +00:00
man.addConfigBool("redis.cluster_read_from_replica", false, "Prefer reading from a replica when possible (for Redis Cluster)")
Add TLS support to Redis connections (#2568)
2021-10-20 14:09:18 +00:00
man.addConfigString("redis.tls_cert", "", "Redis TLS client certificate path")
man.addConfigString("redis.tls_key", "", "Redis TLS client key path")
man.addConfigString("redis.tls_ca", "", "Redis TLS server CA")
man.addConfigString("redis.tls_server_name", "", "Redis TLS server name")
man.addConfigDuration("redis.tls_handshake_timeout", 10*time.Second, "Redis TLS handshake timeout")
man.addConfigInt("redis.max_idle_conns", 3, "Redis maximum idle connections")
man.addConfigInt("redis.max_open_conns", 0, "Redis maximum open connections, 0 means no limit")
man.addConfigDuration("redis.conn_max_lifetime", 0, "Redis maximum amount of time a connection may be reused, 0 means no limit")
man.addConfigDuration("redis.idle_timeout", 240*time.Second, "Redis maximum amount of time a connection may stay idle, 0 means no limit")
Implement async processing of hosts for label queries (#2288)
2021-11-01 18:13:16 +00:00
man.addConfigDuration("redis.conn_wait_timeout", 0, "Redis maximum amount of time to wait for a connection if the maximum is reached (0 for no wait, ignored in non-cluster Redis)")
Use redis for distributed query results when not in dev mode (#653) - Add appropriate configs for Redis - Use the Redis pubsub store by default, inmem in dev mode
2016-12-16 00:13:23 +00:00
Pattern for defining and loading application configuration (#149) This provides a new pattern for defining and loading configuration for the Kolide server. With this PR, configuration is stored in the `config.KolideConfig` struct, and loaded through `config.Manager`. Refer to the patterns in `config/config.go` and `cli/prepare.go` to see how configuration is defined and used. A follow-up PR will work on removing further references to `viper` throughout the codebase, instead preferring to access configuration through the strongly typed `KolideConfig`.
2016-09-12 17:26:56 +00:00
// Server
Add inline flag documentation in --help (#1135) - Cleanup unused app.web_address flag
2017-01-31 18:06:30 +00:00
man.addConfigString("server.address", "0.0.0.0:8080",
Replace uses of the term "Kolide" with "Fleet" (#1999) Almost two years ago, we began referring to the project as Fleet, but there are many occurences of the term "Kolide" throughout the UI and documentation. This PR attempts to clear up those uses where it is easily achievable. The term "Kolide" is used throughout the code as well, but modifying this would be more likely to introduce bugs.
2019-01-24 17:39:32 +00:00
"Fleet server address (host:port)")
Remove kolide types and packages from backend (#974) Generally renamed `kolide` -> `fleet`
2021-06-06 22:07:29 +00:00
man.addConfigString("server.cert", "./tools/osquery/fleet.crt",
Replace uses of the term "Kolide" with "Fleet" (#1999) Almost two years ago, we began referring to the project as Fleet, but there are many occurences of the term "Kolide" throughout the UI and documentation. This PR attempts to clear up those uses where it is easily achievable. The term "Kolide" is used throughout the code as well, but modifying this would be more likely to introduce bugs.
2019-01-24 17:39:32 +00:00
"Fleet TLS certificate path")
Remove kolide types and packages from backend (#974) Generally renamed `kolide` -> `fleet`
2021-06-06 22:07:29 +00:00
man.addConfigString("server.key", "./tools/osquery/fleet.key",
Replace uses of the term "Kolide" with "Fleet" (#1999) Almost two years ago, we began referring to the project as Fleet, but there are many occurences of the term "Kolide" throughout the UI and documentation. This PR attempts to clear up those uses where it is easily achievable. The term "Kolide" is used throughout the code as well, but modifying this would be more likely to introduce bugs.
2019-01-24 17:39:32 +00:00
"Fleet TLS key path")
Add inline flag documentation in --help (#1135) - Cleanup unused app.web_address flag
2017-01-31 18:06:30 +00:00
man.addConfigBool("server.tls", true,
"Enable TLS (required for osqueryd communication)")
Change default TLS compatibility to `intermediate` (#270) In #212 these settings were updated and caused connectivity issues for users in common environment configurations. The new changes are aggressive (modern enforces TLS 1.3) and Mozilla indicates that intermediate is an appropriate default. This will ensure better compatibility for common deployments while still allowing the option to use the strictest settings. Document unintentional mismatched yaml key. Fixes #269
2021-02-03 19:48:48 +00:00
man.addConfigString(TLSProfileKey, TLSProfileIntermediate,
Remove Support for Deprecated TLSProfileOld (#2142) Co-authored-by: Zachary Wasserman <zach@dactiv.llc>
2020-09-10 16:31:01 +00:00
fmt.Sprintf("TLS security profile choose one of %s or %s",
TLSProfileModern, TLSProfileIntermediate))
Add ability to prefix Fleet URLs (#2112) - Add the server_url_prefix flag for configuring this functionality - Add prefix handling to the server routes - Refactor JS to use appropriate paths from modules - Use JS template to get URL prefix into JS environment - Update webpack config to support prefixing Thanks to securityonion.net for sponsoring the development of this feature. Closes #1661
2019-10-16 23:40:45 +00:00
man.addConfigString("server.url_prefix", "",
"URL prefix used on server and frontend endpoints")
Add flag to disable HTTP keepalives (#741) In some environments, disabling keepalives helps prevent buildup of TCP sockets.
2021-05-08 00:29:54 +00:00
man.addConfigBool("server.keepalive", true,
"Controls wether HTTP keep-alives are enabled.")
Pattern for defining and loading application configuration (#149) This provides a new pattern for defining and loading configuration for the Kolide server. With this PR, configuration is stored in the `config.KolideConfig` struct, and loaded through `config.Manager`. Refer to the patterns in `config/config.go` and `cli/prepare.go` to see how configuration is defined and used. A follow-up PR will work on removing further references to `viper` throughout the codebase, instead preferring to access configuration through the strongly typed `KolideConfig`.
2016-09-12 17:26:56 +00:00
// Auth
Add inline flag documentation in --help (#1135) - Cleanup unused app.web_address flag
2017-01-31 18:06:30 +00:00
man.addConfigInt("auth.bcrypt_cost", 12,
"Bcrypt iterations")
man.addConfigInt("auth.salt_key_size", 24,
"Size of salt for passwords")
Pattern for defining and loading application configuration (#149) This provides a new pattern for defining and loading configuration for the Kolide server. With this PR, configuration is stored in the `config.KolideConfig` struct, and loaded through `config.Manager`. Refer to the patterns in `config/config.go` and `cli/prepare.go` to see how configuration is defined and used. A follow-up PR will work on removing further references to `viper` throughout the codebase, instead preferring to access configuration through the strongly typed `KolideConfig`.
2016-09-12 17:26:56 +00:00
// App
Add inline flag documentation in --help (#1135) - Cleanup unused app.web_address flag
2017-01-31 18:06:30 +00:00
man.addConfigString("app.token_key", "CHANGEME",
"Secret key for generating invite and reset tokens")
man.addConfigDuration("app.invite_token_validity_period", 5*24*time.Hour,
"Duration invite tokens remain valid (i.e. 1h)")
man.addConfigInt("app.token_key_size", 24,
"Size of generated tokens")
Pattern for defining and loading application configuration (#149) This provides a new pattern for defining and loading configuration for the Kolide server. With this PR, configuration is stored in the `config.KolideConfig` struct, and loaded through `config.Manager`. Refer to the patterns in `config/config.go` and `cli/prepare.go` to see how configuration is defined and used. A follow-up PR will work on removing further references to `viper` throughout the codebase, instead preferring to access configuration through the strongly typed `KolideConfig`.
2016-09-12 17:26:56 +00:00
// Session
Add inline flag documentation in --help (#1135) - Cleanup unused app.web_address flag
2017-01-31 18:06:30 +00:00
man.addConfigInt("session.key_size", 64,
"Size of generated session keys")
Increase default login session length to 24 hours (#3340)
2021-12-14 04:42:30 +00:00
man.addConfigDuration("session.duration", 24*time.Hour,
"Duration session keys remain valid (i.e. 4h)")
Pattern for defining and loading application configuration (#149) This provides a new pattern for defining and loading configuration for the Kolide server. With this PR, configuration is stored in the `config.KolideConfig` struct, and loaded through `config.Manager`. Refer to the patterns in `config/config.go` and `cli/prepare.go` to see how configuration is defined and used. A follow-up PR will work on removing further references to `viper` throughout the codebase, instead preferring to access configuration through the strongly typed `KolideConfig`.
2016-09-12 17:26:56 +00:00
// Osquery
Add inline flag documentation in --help (#1135) - Cleanup unused app.web_address flag
2017-01-31 18:06:30 +00:00
man.addConfigInt("osquery.node_key_size", 24,
"Size of generated osqueryd node keys")
Make host identifier configurable within Fleet (#417) Osquery now exposes more information during host enrollment than Fleet previously handled. We can use this to provide more options to users in problematic enrollment scenarios. Users can configure --osquery_host_identifier in Fleet to set which identifier is used to determine uniqueness of hosts. The default (provided) replicates existing behavior in Fleet. For many users, setting this to instance will provide better enrollment stability. Closes #373
2021-03-09 02:35:17 +00:00
man.addConfigString("osquery.host_identifier", "provided",
"Identifier used to uniquely determine osquery clients")
Make enrollment cooldown configurable (#418) The enrollment cooldown period was sometimes causing problems when osquery (probably unintentionally, see https://github.com/osquery/osquery/issues/6993) tried to enroll more than once from the same osqueryd process. We now set this to default to off and make it configurable. With #417 this feature may be unnecessary for most deployments.
2021-03-09 05:26:09 +00:00
man.addConfigDuration("osquery.enroll_cooldown", 0,
"Cooldown period for duplicate host enrollment (default off)")
Add Firehose logging capabilities for result and status logs (#2022) - Refactor configuration for logging to use separate plugins - Move existing filesystem logging to filesystem plugin - Create new AWS firehose plugin - Update documentation around logging
2019-04-08 18:47:15 +00:00
man.addConfigString("osquery.status_log_plugin", "filesystem",
"Log plugin to use for status logs")
man.addConfigString("osquery.result_log_plugin", "filesystem",
"Log plugin to use for result logs")
Add inline flag documentation in --help (#1135) - Cleanup unused app.web_address flag
2017-01-31 18:06:30 +00:00
man.addConfigDuration("osquery.label_update_interval", 1*time.Hour,
"Interval to update host label membership (i.e. 1h)")
Add policy updated at (#2246) * wip * Add policy updated at interval and update the UI to use that * Update rest api * Fix tests
2021-09-27 19:27:38 +00:00
man.addConfigDuration("osquery.policy_update_interval", 1*time.Hour,
"Interval to update host policy membership (i.e. 1h)")
Add ability to modify host detail update interval (#2200) This may be desirable for some deployments to reduce server load.
2020-03-02 19:08:08 +00:00
man.addConfigDuration("osquery.detail_update_interval", 1*time.Hour,
"Interval to update host details (i.e. 1h)")
Add Firehose logging capabilities for result and status logs (#2022) - Refactor configuration for logging to use separate plugins - Move existing filesystem logging to filesystem plugin - Create new AWS firehose plugin - Update documentation around logging
2019-04-08 18:47:15 +00:00
man.addConfigString("osquery.status_log_file", "",
"(DEPRECATED: Use filesystem.status_log_file) Path for osqueryd status logs")
man.addConfigString("osquery.result_log_file", "",
"(DEPRECATED: Use filesystem.result_log_file) Path for osqueryd result logs")
Changed default osquery logging behavior Made log rotation for osquery results and status logs optional. This required writing the logwriter package which is a drop in replacement for lumberjack. We still use lumberjack if the log rotation flag --osquery_enable_log_rotation flag is set. Note that the performance of the default is quite a bit better than lumberjack. BenchmarkLogger-8 2000000 747 ns/op BenchmarkLumberjack-8 1000000 1965 ns/op PASS BenchmarkLogger-8 2000000 731 ns/op BenchmarkLumberjack-8 1000000 2040 ns/op PASS BenchmarkLogger-8 2000000 741 ns/op BenchmarkLumberjack-8 1000000 1970 ns/op PASS BenchmarkLogger-8 2000000 737 ns/op BenchmarkLumberjack-8 1000000 1930 ns/op PASS
2017-04-03 21:48:50 +00:00
man.addConfigBool("osquery.enable_log_rotation", false,
Add Firehose logging capabilities for result and status logs (#2022) - Refactor configuration for logging to use separate plugins - Move existing filesystem logging to filesystem plugin - Create new AWS firehose plugin - Update documentation around logging
2019-04-08 18:47:15 +00:00
"(DEPRECATED: Use filesystem.enable_log_rotation) Enable automatic rotation for osquery log files")
Add jitter to intervals (#2158) * Add max jitter percent config * Fix jitter calc * Remove comment * Reduce test jitter to make tests less flaky * Remove jitter entirely * Document new config * Fix doc link
2021-09-21 17:21:44 +00:00
man.addConfigInt("osquery.max_jitter_percent", 10,
"Maximum percentage of the interval to add as jitter")
Implement async processing of hosts for label queries (#2288)
2021-11-01 18:13:16 +00:00
man.addConfigBool("osquery.enable_async_host_processing", false,
"Enable asynchronous processing of host-reported query results")
man.addConfigDuration("osquery.async_host_collect_interval", 30*time.Second,
"Interval to collect asynchronous host-reported query results (i.e. 30s)")
man.addConfigInt("osquery.async_host_collect_max_jitter_percent", 10,
"Maximum percentage of the interval to collect asynchronous host results")
man.addConfigDuration("osquery.async_host_collect_lock_timeout", 1*time.Minute,
"Timeout of the exclusive lock held during async host collection")
man.addConfigDuration("osquery.async_host_collect_log_stats_interval", 1*time.Minute,
"Interval at which async host collection statistics are logged (0 disables logging of stats)")
man.addConfigInt("osquery.async_host_insert_batch", 2000,
"Batch size for async collection inserts in mysql")
man.addConfigInt("osquery.async_host_delete_batch", 2000,
"Batch size for async collection deletes in mysql")
man.addConfigInt("osquery.async_host_update_batch", 1000,
"Batch size for async collection updates in mysql")
man.addConfigInt("osquery.async_host_redis_pop_count", 1000,
"Batch size to pop items from redis in async collection")
man.addConfigInt("osquery.async_host_redis_scan_keys_count", 1000,
"Batch size to scan redis keys in async collection")
Pattern for defining and loading application configuration (#149) This provides a new pattern for defining and loading configuration for the Kolide server. With this PR, configuration is stored in the `config.KolideConfig` struct, and loaded through `config.Manager`. Refer to the patterns in `config/config.go` and `cli/prepare.go` to see how configuration is defined and used. A follow-up PR will work on removing further references to `viper` throughout the codebase, instead preferring to access configuration through the strongly typed `KolideConfig`.
2016-09-12 17:26:56 +00:00
// Logging
Add inline flag documentation in --help (#1135) - Cleanup unused app.web_address flag
2017-01-31 18:06:30 +00:00
man.addConfigBool("logging.debug", false,
"Enable debug logging")
man.addConfigBool("logging.json", false,
"Log in JSON format")
man.addConfigBool("logging.disable_banner", false,
"Disable startup banner")
Issue 2027 better error visibility (#2069)
2021-11-02 17:35:57 +00:00
man.addConfigDuration("logging.error_retention_period", 24*time.Hour,
"Amount of time to keep errors")
Add Firehose logging capabilities for result and status logs (#2022) - Refactor configuration for logging to use separate plugins - Move existing filesystem logging to filesystem plugin - Create new AWS firehose plugin - Update documentation around logging
2019-04-08 18:47:15 +00:00
// Firehose
man.addConfigString("firehose.region", "", "AWS Region to use")
add logging settings to config api response (#1467) - add docker-compose file for locally testing aws dependencies - update firehose & kinesis configs to optionally supply endpoint url override - serialize `logging` field in appconfig api response
2021-07-30 15:45:49 +00:00
man.addConfigString("firehose.endpoint_url", "",
"AWS Service Endpoint to use (leave empty for default service endpoints)")
Add Firehose logging capabilities for result and status logs (#2022) - Refactor configuration for logging to use separate plugins - Move existing filesystem logging to filesystem plugin - Create new AWS firehose plugin - Update documentation around logging
2019-04-08 18:47:15 +00:00
man.addConfigString("firehose.access_key_id", "", "Access Key ID for AWS authentication")
man.addConfigString("firehose.secret_access_key", "", "Secret Access Key for AWS authentication")
Add stdout and kinesis logger plugins and sts assume role to Firehose (#2282) Co-authored-by: Brendan Shaklovitz <nyanshak@users.noreply.github.com>
2020-08-19 21:56:44 +00:00
man.addConfigString("firehose.sts_assume_role_arn", "",
"ARN of role to assume for AWS")
Add Firehose logging capabilities for result and status logs (#2022) - Refactor configuration for logging to use separate plugins - Move existing filesystem logging to filesystem plugin - Create new AWS firehose plugin - Update documentation around logging
2019-04-08 18:47:15 +00:00
man.addConfigString("firehose.status_stream", "",
"Firehose stream name for status logs")
man.addConfigString("firehose.result_stream", "",
"Firehose stream name for result logs")
Add stdout and kinesis logger plugins and sts assume role to Firehose (#2282) Co-authored-by: Brendan Shaklovitz <nyanshak@users.noreply.github.com>
2020-08-19 21:56:44 +00:00
// Kinesis
man.addConfigString("kinesis.region", "", "AWS Region to use")
add logging settings to config api response (#1467) - add docker-compose file for locally testing aws dependencies - update firehose & kinesis configs to optionally supply endpoint url override - serialize `logging` field in appconfig api response
2021-07-30 15:45:49 +00:00
man.addConfigString("kinesis.endpoint_url", "",
"AWS Service Endpoint to use (leave empty for default service endpoints)")
Add stdout and kinesis logger plugins and sts assume role to Firehose (#2282) Co-authored-by: Brendan Shaklovitz <nyanshak@users.noreply.github.com>
2020-08-19 21:56:44 +00:00
man.addConfigString("kinesis.access_key_id", "", "Access Key ID for AWS authentication")
man.addConfigString("kinesis.secret_access_key", "", "Secret Access Key for AWS authentication")
man.addConfigString("kinesis.sts_assume_role_arn", "",
"ARN of role to assume for AWS")
man.addConfigString("kinesis.status_stream", "",
"Kinesis stream name for status logs")
man.addConfigString("kinesis.result_stream", "",
"Kinesis stream name for result logs")
Add AWS Lambda as logging plugin (#347) This plugin invokes the provided function with each log line as the payload. Closes #342
2021-02-24 18:02:26 +00:00
// Lambda
man.addConfigString("lambda.region", "", "AWS Region to use")
man.addConfigString("lambda.access_key_id", "", "Access Key ID for AWS authentication")
man.addConfigString("lambda.secret_access_key", "", "Secret Access Key for AWS authentication")
man.addConfigString("lambda.sts_assume_role_arn", "",
"ARN of role to assume for AWS")
man.addConfigString("lambda.status_function", "",
"Lambda function name for status logs")
man.addConfigString("lambda.result_function", "",
"Lambda function name for result logs")
Add AWS S3 as file carving backend (#126) This adds the option to set up an S3 bucket as the storage backend for file carving (partially solving #111). It works by using the multipart upload capabilities of S3 to maintain compatibility with the "upload in blocks" protocol that osquery uses. It does this basically replacing the carve_blocks table while still maintaining the metadata in the original place (it would probably be possible to rely completely on S3 by using object tagging at the cost of listing performance). To make this pluggable, I created a new field in the service struct dedicated to the CarveStore which, if no configuration for S3 is set up will be just a reference to the standard datastore, otherwise it will point to the S3 one (effectively this separation will allow in the future to add more backends).
2020-12-16 17:16:55 +00:00
// S3 for file carving
man.addConfigString("s3.bucket", "", "Bucket where to store file carves")
man.addConfigString("s3.prefix", "", "Prefix under which carves are stored")
add support for minio backend file carving (#2448) * add support for minio backend file carving * add changes file Co-authored-by: Zach Wasserman <zach@fleetdm.com>
2021-10-12 19:32:06 +00:00
man.addConfigString("s3.region", "", "AWS Region (if blank region is derived)")
man.addConfigString("s3.endpoint_url", "", "AWS Service Endpoint to use (leave blank for default service endpoints)")
Add AWS S3 as file carving backend (#126) This adds the option to set up an S3 bucket as the storage backend for file carving (partially solving #111). It works by using the multipart upload capabilities of S3 to maintain compatibility with the "upload in blocks" protocol that osquery uses. It does this basically replacing the carve_blocks table while still maintaining the metadata in the original place (it would probably be possible to rely completely on S3 by using object tagging at the cost of listing performance). To make this pluggable, I created a new field in the service struct dedicated to the CarveStore which, if no configuration for S3 is set up will be just a reference to the standard datastore, otherwise it will point to the S3 one (effectively this separation will allow in the future to add more backends).
2020-12-16 17:16:55 +00:00
man.addConfigString("s3.access_key_id", "", "Access Key ID for AWS authentication")
man.addConfigString("s3.secret_access_key", "", "Secret Access Key for AWS authentication")
man.addConfigString("s3.sts_assume_role_arn", "", "ARN of role to assume for AWS")
add support for minio backend file carving (#2448) * add support for minio backend file carving * add changes file Co-authored-by: Zach Wasserman <zach@fleetdm.com>
2021-10-12 19:32:06 +00:00
man.addConfigBool("s3.disable_ssl", false, "Disable SSL (typically for local testing)")
man.addConfigBool("s3.force_s3_path_style", false, "Set this to true to force path-style addressing, i.e., `http://s3.amazonaws.com/BUCKET/KEY`")
Add AWS S3 as file carving backend (#126) This adds the option to set up an S3 bucket as the storage backend for file carving (partially solving #111). It works by using the multipart upload capabilities of S3 to maintain compatibility with the "upload in blocks" protocol that osquery uses. It does this basically replacing the carve_blocks table while still maintaining the metadata in the original place (it would probably be possible to rely completely on S3 by using object tagging at the cost of listing performance). To make this pluggable, I created a new field in the service struct dedicated to the CarveStore which, if no configuration for S3 is set up will be just a reference to the standard datastore, otherwise it will point to the S3 one (effectively this separation will allow in the future to add more backends).
2020-12-16 17:16:55 +00:00
Add Google Cloud PubSub logging (#2049) Adds Google Cloud PubSub logging for status and results. This also changes the Write interface for logging modules to add a context.Context (only used by pubsub currently).
2019-07-16 22:41:50 +00:00
// PubSub
man.addConfigString("pubsub.project", "", "Google Cloud Project to use")
man.addConfigString("pubsub.status_topic", "", "PubSub topic for status logs")
man.addConfigString("pubsub.result_topic", "", "PubSub topic for result logs")
Copy log fields into GCP PubSub attributes (#712) Add a config setting to allow copying message fields and decorations into Google Pub/Sub attributes, making it possible to use these values for subscription filters.
2021-05-08 19:29:52 +00:00
man.addConfigBool("pubsub.add_attributes", false, "Add PubSub attributes in addition to the message body")
Add Google Cloud PubSub logging (#2049) Adds Google Cloud PubSub logging for status and results. This also changes the Write interface for logging modules to add a context.Context (only used by pubsub currently).
2019-07-16 22:41:50 +00:00
Add Firehose logging capabilities for result and status logs (#2022) - Refactor configuration for logging to use separate plugins - Move existing filesystem logging to filesystem plugin - Create new AWS firehose plugin - Update documentation around logging
2019-04-08 18:47:15 +00:00
// Filesystem
Windows friendly changes after walking through getting started guide (#1441) * update .gitattributes to be explicit about line endings with regards to the test certs * update building-fleet guide to include python2 dependency on windows * update configuration to default to OS specific temporary directories
2021-07-22 00:49:44 +00:00
man.addConfigString("filesystem.status_log_file", filepath.Join(os.TempDir(), "osquery_status"),
Add Firehose logging capabilities for result and status logs (#2022) - Refactor configuration for logging to use separate plugins - Move existing filesystem logging to filesystem plugin - Create new AWS firehose plugin - Update documentation around logging
2019-04-08 18:47:15 +00:00
"Log file path to use for status logs")
Windows friendly changes after walking through getting started guide (#1441) * update .gitattributes to be explicit about line endings with regards to the test certs * update building-fleet guide to include python2 dependency on windows * update configuration to default to OS specific temporary directories
2021-07-22 00:49:44 +00:00
man.addConfigString("filesystem.result_log_file", filepath.Join(os.TempDir(), "osquery_result"),
Add Firehose logging capabilities for result and status logs (#2022) - Refactor configuration for logging to use separate plugins - Move existing filesystem logging to filesystem plugin - Create new AWS firehose plugin - Update documentation around logging
2019-04-08 18:47:15 +00:00
"Log file path to use for result logs")
man.addConfigBool("filesystem.enable_log_rotation", false,
"Enable automatic rotation for osquery log files")
Add compression option for filesystem logs when they're rotated (#2292)
2020-09-09 20:33:32 +00:00
man.addConfigBool("filesystem.enable_log_compression", false,
"Enable compression for the rotated osquery log files")
Stub out licensing API (#810) - Add config option for license key. - Define license details data structure. - Include license details in app config API responses. Currently any non-empty value for `--license_key` behaves as though the installation is licensed for `basic`. If the license key is empty, `core` is returned. Still to come is the appropriate parsing for the license key.
2021-05-20 00:29:38 +00:00
Implementation of a Kafka REST Proxy logging plugin (#2534) This PR implements the status/result logger functions necessary interface with a Kafka REST Proxy service. Specifically, this is compatible with the [Confluent KAFKA Rest Proxy Service ](https://docs.confluent.io/1.0/kafka-rest/docs/intro.html).
2021-10-28 04:51:17 +00:00
// KafkaREST
man.addConfigString("kafkarest.status_topic", "", "Kafka REST topic for status logs")
man.addConfigString("kafkarest.result_topic", "", "Kafka REST topic for result logs")
man.addConfigString("kafkarest.proxyhost", "", "Kafka REST proxy host url")
man.addConfigInt("kafkarest.timeout", 5, "Kafka REST proxy json post timeout")
Stub out licensing API (#810) - Add config option for license key. - Define license details data structure. - Include license details in app config API responses. Currently any non-empty value for `--license_key` behaves as though the installation is licensed for `basic`. If the license key is empty, `core` is returned. Still to come is the appropriate parsing for the license key.
2021-05-20 00:29:38 +00:00
// License
Rename core->free and basic->premium (#1870) * Rename core->free and basic->premium * Fix lint js * Comment out portion of test that seems to timeout * Rename tier to premium if basic is still loaded
2021-09-03 16:05:23 +00:00
man.addConfigString("license.key", "", "Fleet license key (to enable Fleet Premium features)")
Make vulnerability processing more configurable (#1718) * Make vulnerability processing more configurable * Simplify leader selection
2021-08-18 20:25:14 +00:00
// Vulnerability processing
Issue 2099 enable vulnerability processing new installs (#3104) * Enable vulnerability processing by default * Add changes file * Remove wrong env var * Fix import * Fix tests * Update log line * Remove unneeded import
2021-12-03 17:44:57 +00:00
man.addConfigString("vulnerabilities.databases_path", "/tmp/vulndbs",
Make vulnerability processing more configurable (#1718) * Make vulnerability processing more configurable * Simplify leader selection
2021-08-18 20:25:14 +00:00
"Path where Fleet will download the data feeds to check CVEs")
man.addConfigDuration("vulnerabilities.periodicity", 1*time.Hour,
"How much time to wait between processing software for vulnerabilities.")
man.addConfigString("vulnerabilities.cpe_database_url", "",
"URL from which to get the latest CPE database. If empty, defaults to the official Github link.")
man.addConfigString("vulnerabilities.cve_feed_prefix_url", "",
"Prefix URL for the CVE data feed. If empty, default to https://nvd.nist.gov/")
man.addConfigString("vulnerabilities.current_instance_checks", "auto",
"Allows to manually select an instance to do the vulnerability processing.")
Issue 1963 vulnerabilities no sync (#1976) * wip * Add tests for skip sync * Add changes file * Fix lint
2021-09-14 13:58:35 +00:00
man.addConfigBool("vulnerabilities.disable_data_sync", false,
"Skips synchronizing data streams and expects them to be available in the databases_path.")
Fleet serve to exit if migrations are missing (default) (#2803) * Add option to fleet to exit if migrations are missing * Reverse serve exit migrations logic * Fix typo
2021-11-22 17:47:24 +00:00
// Upgrades
man.addConfigBool("upgrades.allow_missing_migrations", false,
"Allow serve to run even if migrations are missing.")
Pattern for defining and loading application configuration (#149) This provides a new pattern for defining and loading configuration for the Kolide server. With this PR, configuration is stored in the `config.KolideConfig` struct, and loaded through `config.Manager`. Refer to the patterns in `config/config.go` and `cli/prepare.go` to see how configuration is defined and used. A follow-up PR will work on removing further references to `viper` throughout the codebase, instead preferring to access configuration through the strongly typed `KolideConfig`.
2016-09-12 17:26:56 +00:00
}
// LoadConfig will load the config variables into a fully initialized
Remove kolide types and packages from backend (#974) Generally renamed `kolide` -> `fleet`
2021-06-06 22:07:29 +00:00
// FleetConfig struct
func (man Manager) LoadConfig() FleetConfig {
Pattern for defining and loading application configuration (#149) This provides a new pattern for defining and loading configuration for the Kolide server. With this PR, configuration is stored in the `config.KolideConfig` struct, and loaded through `config.Manager`. Refer to the patterns in `config/config.go` and `cli/prepare.go` to see how configuration is defined and used. A follow-up PR will work on removing further references to `viper` throughout the codebase, instead preferring to access configuration through the strongly typed `KolideConfig`.
2016-09-12 17:26:56 +00:00
man.loadConfigFile()
Add support for MySQL read replicas (#1786) Adds configuration options to use a read-only MySQL replica, and uses it instead of the primary for reads.
2021-09-01 19:50:52 +00:00
loadMysqlConfig := func(prefix string) MysqlConfig {
return MysqlConfig{
Protocol: man.getConfigString(prefix + ".protocol"),
Address: man.getConfigString(prefix + ".address"),
Username: man.getConfigString(prefix + ".username"),
Password: man.getConfigString(prefix + ".password"),
PasswordPath: man.getConfigString(prefix + ".password_path"),
Database: man.getConfigString(prefix + ".database"),
TLSCert: man.getConfigString(prefix + ".tls_cert"),
TLSKey: man.getConfigString(prefix + ".tls_key"),
TLSCA: man.getConfigString(prefix + ".tls_ca"),
TLSServerName: man.getConfigString(prefix + ".tls_server_name"),
TLSConfig: man.getConfigString(prefix + ".tls_config"),
MaxOpenConns: man.getConfigInt(prefix + ".max_open_conns"),
MaxIdleConns: man.getConfigInt(prefix + ".max_idle_conns"),
ConnMaxLifetime: man.getConfigInt(prefix + ".conn_max_lifetime"),
}
}
Remove kolide types and packages from backend (#974) Generally renamed `kolide` -> `fleet`
2021-06-06 22:07:29 +00:00
return FleetConfig{
Add support for MySQL read replicas (#1786) Adds configuration options to use a read-only MySQL replica, and uses it instead of the primary for reads.
2021-09-01 19:50:52 +00:00
Mysql: loadMysqlConfig("mysql"),
MysqlReadReplica: loadMysqlConfig("mysql_read_replica"),
Use redis for distributed query results when not in dev mode (#653) - Add appropriate configs for Redis - Use the Redis pubsub store by default, inmem in dev mode
2016-12-16 00:13:23 +00:00
Redis: RedisConfig{
Add configurable Redis connection retries and following of cluster redirections (#2045) Closes #1969
2021-09-15 12:50:32 +00:00
Address: man.getConfigString("redis.address"),
Password: man.getConfigString("redis.password"),
Database: man.getConfigInt("redis.database"),
UseTLS: man.getConfigBool("redis.use_tls"),
DuplicateResults: man.getConfigBool("redis.duplicate_results"),
ConnectTimeout: man.getConfigDuration("redis.connect_timeout"),
KeepAlive: man.getConfigDuration("redis.keep_alive"),
ConnectRetryAttempts: man.getConfigInt("redis.connect_retry_attempts"),
ClusterFollowRedirections: man.getConfigBool("redis.cluster_follow_redirections"),
Add configuration and support for Redis to read from replicas (#2509)
2021-10-18 13:32:17 +00:00
ClusterReadFromReplica: man.getConfigBool("redis.cluster_read_from_replica"),
Add TLS support to Redis connections (#2568)
2021-10-20 14:09:18 +00:00
TLSCert: man.getConfigString("redis.tls_cert"),
TLSKey: man.getConfigString("redis.tls_key"),
TLSCA: man.getConfigString("redis.tls_ca"),
TLSServerName: man.getConfigString("redis.tls_server_name"),
TLSHandshakeTimeout: man.getConfigDuration("redis.tls_handshake_timeout"),
MaxIdleConns: man.getConfigInt("redis.max_idle_conns"),
MaxOpenConns: man.getConfigInt("redis.max_open_conns"),
ConnMaxLifetime: man.getConfigDuration("redis.conn_max_lifetime"),
IdleTimeout: man.getConfigDuration("redis.idle_timeout"),
Implement async processing of hosts for label queries (#2288)
2021-11-01 18:13:16 +00:00
ConnWaitTimeout: man.getConfigDuration("redis.conn_wait_timeout"),
Use redis for distributed query results when not in dev mode (#653) - Add appropriate configs for Redis - Use the Redis pubsub store by default, inmem in dev mode
2016-12-16 00:13:23 +00:00
},
Pattern for defining and loading application configuration (#149) This provides a new pattern for defining and loading configuration for the Kolide server. With this PR, configuration is stored in the `config.KolideConfig` struct, and loaded through `config.Manager`. Refer to the patterns in `config/config.go` and `cli/prepare.go` to see how configuration is defined and used. A follow-up PR will work on removing further references to `viper` throughout the codebase, instead preferring to access configuration through the strongly typed `KolideConfig`.
2016-09-12 17:26:56 +00:00
Server: ServerConfig{
Add TLS profiles to command line (#1444) * Add TLS profiles to command line * Code review changes per @groob * fixed busted test
2017-03-28 04:21:48 +00:00
Address: man.getConfigString("server.address"),
Cert: man.getConfigString("server.cert"),
Key: man.getConfigString("server.key"),
TLS: man.getConfigBool("server.tls"),
TLSProfile: man.getConfigTLSProfile(),
Add ability to prefix Fleet URLs (#2112) - Add the server_url_prefix flag for configuring this functionality - Add prefix handling to the server routes - Refactor JS to use appropriate paths from modules - Use JS template to get URL prefix into JS environment - Update webpack config to support prefixing Thanks to securityonion.net for sponsoring the development of this feature. Closes #1661
2019-10-16 23:40:45 +00:00
URLPrefix: man.getConfigString("server.url_prefix"),
Add flag to disable HTTP keepalives (#741) In some environments, disabling keepalives helps prevent buildup of TCP sockets.
2021-05-08 00:29:54 +00:00
Keepalive: man.getConfigBool("server.keepalive"),
Pattern for defining and loading application configuration (#149) This provides a new pattern for defining and loading configuration for the Kolide server. With this PR, configuration is stored in the `config.KolideConfig` struct, and loaded through `config.Manager`. Refer to the patterns in `config/config.go` and `cli/prepare.go` to see how configuration is defined and used. A follow-up PR will work on removing further references to `viper` throughout the codebase, instead preferring to access configuration through the strongly typed `KolideConfig`.
2016-09-12 17:26:56 +00:00
},
Auth: AuthConfig{
BcryptCost: man.getConfigInt("auth.bcrypt_cost"),
SaltKeySize: man.getConfigInt("auth.salt_key_size"),
},
App: AppConfig{
Adds endpoints to invite new users to the application. (#235) User service checks that tokens are valid on new user signups. Closes #230
2016-09-29 02:44:05 +00:00
TokenKeySize: man.getConfigInt("app.token_key_size"),
InviteTokenValidityPeriod: man.getConfigDuration("app.invite_token_validity_period"),
Pattern for defining and loading application configuration (#149) This provides a new pattern for defining and loading configuration for the Kolide server. With this PR, configuration is stored in the `config.KolideConfig` struct, and loaded through `config.Manager`. Refer to the patterns in `config/config.go` and `cli/prepare.go` to see how configuration is defined and used. A follow-up PR will work on removing further references to `viper` throughout the codebase, instead preferring to access configuration through the strongly typed `KolideConfig`.
2016-09-12 17:26:56 +00:00
},
Session: SessionConfig{
Refactoring for config patterns (#159) This PR refactors most of the codebase to use the new config patterns implemented in #149. Now the core service keeps a copy of the KolideConfig struct, and service methods can reference the configuration in that struct when they need it. The most significant refactoring is in the sessions code, separating the business logic from the storage layer.
2016-09-14 16:11:06 +00:00
KeySize: man.getConfigInt("session.key_size"),
Duration: man.getConfigDuration("session.duration"),
Pattern for defining and loading application configuration (#149) This provides a new pattern for defining and loading configuration for the Kolide server. With this PR, configuration is stored in the `config.KolideConfig` struct, and loaded through `config.Manager`. Refer to the patterns in `config/config.go` and `cli/prepare.go` to see how configuration is defined and used. A follow-up PR will work on removing further references to `viper` throughout the codebase, instead preferring to access configuration through the strongly typed `KolideConfig`.
2016-09-12 17:26:56 +00:00
},
Osquery: OsqueryConfig{
Implement async processing of hosts for label queries (#2288)
2021-11-01 18:13:16 +00:00
NodeKeySize: man.getConfigInt("osquery.node_key_size"),
HostIdentifier: man.getConfigString("osquery.host_identifier"),
EnrollCooldown: man.getConfigDuration("osquery.enroll_cooldown"),
StatusLogPlugin: man.getConfigString("osquery.status_log_plugin"),
ResultLogPlugin: man.getConfigString("osquery.result_log_plugin"),
StatusLogFile: man.getConfigString("osquery.status_log_file"),
ResultLogFile: man.getConfigString("osquery.result_log_file"),
LabelUpdateInterval: man.getConfigDuration("osquery.label_update_interval"),
PolicyUpdateInterval: man.getConfigDuration("osquery.policy_update_interval"),
DetailUpdateInterval: man.getConfigDuration("osquery.detail_update_interval"),
EnableLogRotation: man.getConfigBool("osquery.enable_log_rotation"),
MaxJitterPercent: man.getConfigInt("osquery.max_jitter_percent"),
EnableAsyncHostProcessing: man.getConfigBool("osquery.enable_async_host_processing"),
AsyncHostCollectInterval: man.getConfigDuration("osquery.async_host_collect_interval"),
AsyncHostCollectMaxJitterPercent: man.getConfigInt("osquery.async_host_collect_max_jitter_percent"),
AsyncHostCollectLockTimeout: man.getConfigDuration("osquery.async_host_collect_lock_timeout"),
AsyncHostCollectLogStatsInterval: man.getConfigDuration("osquery.async_host_collect_log_stats_interval"),
AsyncHostInsertBatch: man.getConfigInt("osquery.async_host_insert_batch"),
AsyncHostDeleteBatch: man.getConfigInt("osquery.async_host_delete_batch"),
AsyncHostUpdateBatch: man.getConfigInt("osquery.async_host_update_batch"),
AsyncHostRedisPopCount: man.getConfigInt("osquery.async_host_redis_pop_count"),
AsyncHostRedisScanKeysCount: man.getConfigInt("osquery.async_host_redis_scan_keys_count"),
Pattern for defining and loading application configuration (#149) This provides a new pattern for defining and loading configuration for the Kolide server. With this PR, configuration is stored in the `config.KolideConfig` struct, and loaded through `config.Manager`. Refer to the patterns in `config/config.go` and `cli/prepare.go` to see how configuration is defined and used. A follow-up PR will work on removing further references to `viper` throughout the codebase, instead preferring to access configuration through the strongly typed `KolideConfig`.
2016-09-12 17:26:56 +00:00
},
Logging: LoggingConfig{
Issue 2027 better error visibility (#2069)
2021-11-02 17:35:57 +00:00
Debug: man.getConfigBool("logging.debug"),
JSON: man.getConfigBool("logging.json"),
DisableBanner: man.getConfigBool("logging.disable_banner"),
ErrorRetentionPeriod: man.getConfigDuration("logging.error_retention_period"),
Pattern for defining and loading application configuration (#149) This provides a new pattern for defining and loading configuration for the Kolide server. With this PR, configuration is stored in the `config.KolideConfig` struct, and loaded through `config.Manager`. Refer to the patterns in `config/config.go` and `cli/prepare.go` to see how configuration is defined and used. A follow-up PR will work on removing further references to `viper` throughout the codebase, instead preferring to access configuration through the strongly typed `KolideConfig`.
2016-09-12 17:26:56 +00:00
},
Add Firehose logging capabilities for result and status logs (#2022) - Refactor configuration for logging to use separate plugins - Move existing filesystem logging to filesystem plugin - Create new AWS firehose plugin - Update documentation around logging
2019-04-08 18:47:15 +00:00
Firehose: FirehoseConfig{
Add stdout and kinesis logger plugins and sts assume role to Firehose (#2282) Co-authored-by: Brendan Shaklovitz <nyanshak@users.noreply.github.com>
2020-08-19 21:56:44 +00:00
Region: man.getConfigString("firehose.region"),
add logging settings to config api response (#1467) - add docker-compose file for locally testing aws dependencies - update firehose & kinesis configs to optionally supply endpoint url override - serialize `logging` field in appconfig api response
2021-07-30 15:45:49 +00:00
EndpointURL: man.getConfigString("firehose.endpoint_url"),
Add stdout and kinesis logger plugins and sts assume role to Firehose (#2282) Co-authored-by: Brendan Shaklovitz <nyanshak@users.noreply.github.com>
2020-08-19 21:56:44 +00:00
AccessKeyID: man.getConfigString("firehose.access_key_id"),
SecretAccessKey: man.getConfigString("firehose.secret_access_key"),
StsAssumeRoleArn: man.getConfigString("firehose.sts_assume_role_arn"),
StatusStream: man.getConfigString("firehose.status_stream"),
ResultStream: man.getConfigString("firehose.result_stream"),
},
Kinesis: KinesisConfig{
Region: man.getConfigString("kinesis.region"),
add logging settings to config api response (#1467) - add docker-compose file for locally testing aws dependencies - update firehose & kinesis configs to optionally supply endpoint url override - serialize `logging` field in appconfig api response
2021-07-30 15:45:49 +00:00
EndpointURL: man.getConfigString("kinesis.endpoint_url"),
Add stdout and kinesis logger plugins and sts assume role to Firehose (#2282) Co-authored-by: Brendan Shaklovitz <nyanshak@users.noreply.github.com>
2020-08-19 21:56:44 +00:00
AccessKeyID: man.getConfigString("kinesis.access_key_id"),
SecretAccessKey: man.getConfigString("kinesis.secret_access_key"),
StatusStream: man.getConfigString("kinesis.status_stream"),
ResultStream: man.getConfigString("kinesis.result_stream"),
StsAssumeRoleArn: man.getConfigString("kinesis.sts_assume_role_arn"),
Add Firehose logging capabilities for result and status logs (#2022) - Refactor configuration for logging to use separate plugins - Move existing filesystem logging to filesystem plugin - Create new AWS firehose plugin - Update documentation around logging
2019-04-08 18:47:15 +00:00
},
Add AWS Lambda as logging plugin (#347) This plugin invokes the provided function with each log line as the payload. Closes #342
2021-02-24 18:02:26 +00:00
Lambda: LambdaConfig{
Region: man.getConfigString("lambda.region"),
AccessKeyID: man.getConfigString("lambda.access_key_id"),
SecretAccessKey: man.getConfigString("lambda.secret_access_key"),
StatusFunction: man.getConfigString("lambda.status_function"),
ResultFunction: man.getConfigString("lambda.result_function"),
StsAssumeRoleArn: man.getConfigString("lambda.sts_assume_role_arn"),
},
Add AWS S3 as file carving backend (#126) This adds the option to set up an S3 bucket as the storage backend for file carving (partially solving #111). It works by using the multipart upload capabilities of S3 to maintain compatibility with the "upload in blocks" protocol that osquery uses. It does this basically replacing the carve_blocks table while still maintaining the metadata in the original place (it would probably be possible to rely completely on S3 by using object tagging at the cost of listing performance). To make this pluggable, I created a new field in the service struct dedicated to the CarveStore which, if no configuration for S3 is set up will be just a reference to the standard datastore, otherwise it will point to the S3 one (effectively this separation will allow in the future to add more backends).
2020-12-16 17:16:55 +00:00
S3: S3Config{
Bucket: man.getConfigString("s3.bucket"),
Prefix: man.getConfigString("s3.prefix"),
add support for minio backend file carving (#2448) * add support for minio backend file carving * add changes file Co-authored-by: Zach Wasserman <zach@fleetdm.com>
2021-10-12 19:32:06 +00:00
Region: man.getConfigString("s3.region"),
EndpointURL: man.getConfigString("s3.endpoint_url"),
Add AWS S3 as file carving backend (#126) This adds the option to set up an S3 bucket as the storage backend for file carving (partially solving #111). It works by using the multipart upload capabilities of S3 to maintain compatibility with the "upload in blocks" protocol that osquery uses. It does this basically replacing the carve_blocks table while still maintaining the metadata in the original place (it would probably be possible to rely completely on S3 by using object tagging at the cost of listing performance). To make this pluggable, I created a new field in the service struct dedicated to the CarveStore which, if no configuration for S3 is set up will be just a reference to the standard datastore, otherwise it will point to the S3 one (effectively this separation will allow in the future to add more backends).
2020-12-16 17:16:55 +00:00
AccessKeyID: man.getConfigString("s3.access_key_id"),
SecretAccessKey: man.getConfigString("s3.secret_access_key"),
StsAssumeRoleArn: man.getConfigString("s3.sts_assume_role_arn"),
add support for minio backend file carving (#2448) * add support for minio backend file carving * add changes file Co-authored-by: Zach Wasserman <zach@fleetdm.com>
2021-10-12 19:32:06 +00:00
DisableSSL: man.getConfigBool("s3.disable_ssl"),
ForceS3PathStyle: man.getConfigBool("s3.force_s3_path_style"),
Add AWS S3 as file carving backend (#126) This adds the option to set up an S3 bucket as the storage backend for file carving (partially solving #111). It works by using the multipart upload capabilities of S3 to maintain compatibility with the "upload in blocks" protocol that osquery uses. It does this basically replacing the carve_blocks table while still maintaining the metadata in the original place (it would probably be possible to rely completely on S3 by using object tagging at the cost of listing performance). To make this pluggable, I created a new field in the service struct dedicated to the CarveStore which, if no configuration for S3 is set up will be just a reference to the standard datastore, otherwise it will point to the S3 one (effectively this separation will allow in the future to add more backends).
2020-12-16 17:16:55 +00:00
},
Add Google Cloud PubSub logging (#2049) Adds Google Cloud PubSub logging for status and results. This also changes the Write interface for logging modules to add a context.Context (only used by pubsub currently).
2019-07-16 22:41:50 +00:00
PubSub: PubSubConfig{
Copy log fields into GCP PubSub attributes (#712) Add a config setting to allow copying message fields and decorations into Google Pub/Sub attributes, making it possible to use these values for subscription filters.
2021-05-08 19:29:52 +00:00
Project: man.getConfigString("pubsub.project"),
StatusTopic: man.getConfigString("pubsub.status_topic"),
ResultTopic: man.getConfigString("pubsub.result_topic"),
AddAttributes: man.getConfigBool("pubsub.add_attributes"),
Add Google Cloud PubSub logging (#2049) Adds Google Cloud PubSub logging for status and results. This also changes the Write interface for logging modules to add a context.Context (only used by pubsub currently).
2019-07-16 22:41:50 +00:00
},
Add Firehose logging capabilities for result and status logs (#2022) - Refactor configuration for logging to use separate plugins - Move existing filesystem logging to filesystem plugin - Create new AWS firehose plugin - Update documentation around logging
2019-04-08 18:47:15 +00:00
Filesystem: FilesystemConfig{
Add compression option for filesystem logs when they're rotated (#2292)
2020-09-09 20:33:32 +00:00
StatusLogFile: man.getConfigString("filesystem.status_log_file"),
ResultLogFile: man.getConfigString("filesystem.result_log_file"),
EnableLogRotation: man.getConfigBool("filesystem.enable_log_rotation"),
EnableLogCompression: man.getConfigBool("filesystem.enable_log_compression"),
Add Firehose logging capabilities for result and status logs (#2022) - Refactor configuration for logging to use separate plugins - Move existing filesystem logging to filesystem plugin - Create new AWS firehose plugin - Update documentation around logging
2019-04-08 18:47:15 +00:00
},
Implementation of a Kafka REST Proxy logging plugin (#2534) This PR implements the status/result logger functions necessary interface with a Kafka REST Proxy service. Specifically, this is compatible with the [Confluent KAFKA Rest Proxy Service ](https://docs.confluent.io/1.0/kafka-rest/docs/intro.html).
2021-10-28 04:51:17 +00:00
KafkaREST: KafkaRESTConfig{
StatusTopic: man.getConfigString("kafkarest.status_topic"),
ResultTopic: man.getConfigString("kafkarest.result_topic"),
ProxyHost: man.getConfigString("kafkarest.proxyhost"),
Timeout: man.getConfigInt("kafkarest.timeout"),
},
Stub out licensing API (#810) - Add config option for license key. - Define license details data structure. - Include license details in app config API responses. Currently any non-empty value for `--license_key` behaves as though the installation is licensed for `basic`. If the license key is empty, `core` is returned. Still to come is the appropriate parsing for the license key.
2021-05-20 00:29:38 +00:00
License: LicenseConfig{
Key: man.getConfigString("license.key"),
},
Make vulnerability processing more configurable (#1718) * Make vulnerability processing more configurable * Simplify leader selection
2021-08-18 20:25:14 +00:00
Vulnerabilities: VulnerabilitiesConfig{
DatabasesPath: man.getConfigString("vulnerabilities.databases_path"),
Periodicity: man.getConfigDuration("vulnerabilities.periodicity"),
CPEDatabaseURL: man.getConfigString("vulnerabilities.cpe_database_url"),
CVEFeedPrefixURL: man.getConfigString("vulnerabilities.cve_feed_prefix_url"),
CurrentInstanceChecks: man.getConfigString("vulnerabilities.current_instance_checks"),
Issue 1963 vulnerabilities no sync (#1976) * wip * Add tests for skip sync * Add changes file * Fix lint
2021-09-14 13:58:35 +00:00
DisableDataSync: man.getConfigBool("vulnerabilities.disable_data_sync"),
Make vulnerability processing more configurable (#1718) * Make vulnerability processing more configurable * Simplify leader selection
2021-08-18 20:25:14 +00:00
},
Fleet serve to exit if migrations are missing (default) (#2803) * Add option to fleet to exit if migrations are missing * Reverse serve exit migrations logic * Fix typo
2021-11-22 17:47:24 +00:00
Upgrades: UpgradesConfig{
AllowMissingMigrations: man.getConfigBool("upgrades.allow_missing_migrations"),
},
Pattern for defining and loading application configuration (#149) This provides a new pattern for defining and loading configuration for the Kolide server. With this PR, configuration is stored in the `config.KolideConfig` struct, and loaded through `config.Manager`. Refer to the patterns in `config/config.go` and `cli/prepare.go` to see how configuration is defined and used. A follow-up PR will work on removing further references to `viper` throughout the codebase, instead preferring to access configuration through the strongly typed `KolideConfig`.
2016-09-12 17:26:56 +00:00
}
}
Enable serve over HTTPS (#263)
2016-10-03 21:47:31 +00:00
// IsSet determines whether a given config key has been explicitly set by any
// of the configuration sources. If false, the default value is being used.
func (man Manager) IsSet(key string) bool {
return man.viper.IsSet(key)
}
Pattern for defining and loading application configuration (#149) This provides a new pattern for defining and loading configuration for the Kolide server. With this PR, configuration is stored in the `config.KolideConfig` struct, and loaded through `config.Manager`. Refer to the patterns in `config/config.go` and `cli/prepare.go` to see how configuration is defined and used. A follow-up PR will work on removing further references to `viper` throughout the codebase, instead preferring to access configuration through the strongly typed `KolideConfig`.
2016-09-12 17:26:56 +00:00
// envNameFromConfigKey converts a config key into the corresponding
// environment variable name
func envNameFromConfigKey(key string) string {
return envPrefix + "_" + strings.ToUpper(strings.Replace(key, ".", "_", -1))
}
// flagNameFromConfigKey converts a config key into the corresponding flag name
func flagNameFromConfigKey(key string) string {
return strings.Replace(key, ".", "_", -1)
}
Replace uses of the term "Kolide" with "Fleet" (#1999) Almost two years ago, we began referring to the project as Fleet, but there are many occurences of the term "Kolide" throughout the UI and documentation. This PR attempts to clear up those uses where it is easily achievable. The term "Kolide" is used throughout the code as well, but modifying this would be more likely to introduce bugs.
2019-01-24 17:39:32 +00:00
// Manager manages the addition and retrieval of config values for Fleet
Pattern for defining and loading application configuration (#149) This provides a new pattern for defining and loading configuration for the Kolide server. With this PR, configuration is stored in the `config.KolideConfig` struct, and loaded through `config.Manager`. Refer to the patterns in `config/config.go` and `cli/prepare.go` to see how configuration is defined and used. A follow-up PR will work on removing further references to `viper` throughout the codebase, instead preferring to access configuration through the strongly typed `KolideConfig`.
2016-09-12 17:26:56 +00:00
// configs. It's only public API method is LoadConfig, which will return the
Remove kolide types and packages from backend (#974) Generally renamed `kolide` -> `fleet`
2021-06-06 22:07:29 +00:00
// populated FleetConfig struct.
Pattern for defining and loading application configuration (#149) This provides a new pattern for defining and loading configuration for the Kolide server. With this PR, configuration is stored in the `config.KolideConfig` struct, and loaded through `config.Manager`. Refer to the patterns in `config/config.go` and `cli/prepare.go` to see how configuration is defined and used. A follow-up PR will work on removing further references to `viper` throughout the codebase, instead preferring to access configuration through the strongly typed `KolideConfig`.
2016-09-12 17:26:56 +00:00
type Manager struct {
viper *viper.Viper
command *cobra.Command
defaults map[string]interface{}
}
// NewManager initializes a Manager wrapping the provided cobra
// command. All config flags will be attached to that command (and inherited by
// the subcommands). Typically this should be called just once, with the root
// command.
func NewManager(command *cobra.Command) Manager {
man := Manager{
viper: viper.New(),
command: command,
defaults: map[string]interface{}{},
Organizing cobra commands (#100)
2016-09-03 17:25:16 +00:00
}
Pattern for defining and loading application configuration (#149) This provides a new pattern for defining and loading configuration for the Kolide server. With this PR, configuration is stored in the `config.KolideConfig` struct, and loaded through `config.Manager`. Refer to the patterns in `config/config.go` and `cli/prepare.go` to see how configuration is defined and used. A follow-up PR will work on removing further references to `viper` throughout the codebase, instead preferring to access configuration through the strongly typed `KolideConfig`.
2016-09-12 17:26:56 +00:00
man.addConfigs()
return man
Organizing cobra commands (#100)
2016-09-03 17:25:16 +00:00
}
Pattern for defining and loading application configuration (#149) This provides a new pattern for defining and loading configuration for the Kolide server. With this PR, configuration is stored in the `config.KolideConfig` struct, and loaded through `config.Manager`. Refer to the patterns in `config/config.go` and `cli/prepare.go` to see how configuration is defined and used. A follow-up PR will work on removing further references to `viper` throughout the codebase, instead preferring to access configuration through the strongly typed `KolideConfig`.
2016-09-12 17:26:56 +00:00
// addDefault will check for duplication, then add a default value to the
// defaults map
func (man Manager) addDefault(key string, defVal interface{}) {
if _, exists := man.defaults[key]; exists {
panic("Trying to add duplicate config for key " + key)
Organizing cobra commands (#100)
2016-09-03 17:25:16 +00:00
}
Pattern for defining and loading application configuration (#149) This provides a new pattern for defining and loading configuration for the Kolide server. With this PR, configuration is stored in the `config.KolideConfig` struct, and loaded through `config.Manager`. Refer to the patterns in `config/config.go` and `cli/prepare.go` to see how configuration is defined and used. A follow-up PR will work on removing further references to `viper` throughout the codebase, instead preferring to access configuration through the strongly typed `KolideConfig`.
2016-09-12 17:26:56 +00:00
man.defaults[key] = defVal
}
Add inline flag documentation in --help (#1135) - Cleanup unused app.web_address flag
2017-01-31 18:06:30 +00:00
func getFlagUsage(key string, usage string) string {
return fmt.Sprintf("Env: %s\n\t\t%s", envNameFromConfigKey(key), usage)
}
Pattern for defining and loading application configuration (#149) This provides a new pattern for defining and loading configuration for the Kolide server. With this PR, configuration is stored in the `config.KolideConfig` struct, and loaded through `config.Manager`. Refer to the patterns in `config/config.go` and `cli/prepare.go` to see how configuration is defined and used. A follow-up PR will work on removing further references to `viper` throughout the codebase, instead preferring to access configuration through the strongly typed `KolideConfig`.
2016-09-12 17:26:56 +00:00
// getInterfaceVal is a helper function used by the getConfig* functions to
// retrieve the config value as interface{}, which will then be cast to the
// appropriate type by the getConfig* function.
func (man Manager) getInterfaceVal(key string) interface{} {
interfaceVal := man.viper.Get(key)
if interfaceVal == nil {
var ok bool
interfaceVal, ok = man.defaults[key]
if !ok {
panic("Tried to look up default value for nonexistent config option: " + key)
}
}
return interfaceVal
}
Organizing cobra commands (#100)
2016-09-03 17:25:16 +00:00
Pattern for defining and loading application configuration (#149) This provides a new pattern for defining and loading configuration for the Kolide server. With this PR, configuration is stored in the `config.KolideConfig` struct, and loaded through `config.Manager`. Refer to the patterns in `config/config.go` and `cli/prepare.go` to see how configuration is defined and used. A follow-up PR will work on removing further references to `viper` throughout the codebase, instead preferring to access configuration through the strongly typed `KolideConfig`.
2016-09-12 17:26:56 +00:00
// addConfigString adds a string config to the config options
Add inline flag documentation in --help (#1135) - Cleanup unused app.web_address flag
2017-01-31 18:06:30 +00:00
func (man Manager) addConfigString(key, defVal, usage string) {
man.command.PersistentFlags().String(flagNameFromConfigKey(key), defVal, getFlagUsage(key, usage))
Pattern for defining and loading application configuration (#149) This provides a new pattern for defining and loading configuration for the Kolide server. With this PR, configuration is stored in the `config.KolideConfig` struct, and loaded through `config.Manager`. Refer to the patterns in `config/config.go` and `cli/prepare.go` to see how configuration is defined and used. A follow-up PR will work on removing further references to `viper` throughout the codebase, instead preferring to access configuration through the strongly typed `KolideConfig`.
2016-09-12 17:26:56 +00:00
man.viper.BindPFlag(key, man.command.PersistentFlags().Lookup(flagNameFromConfigKey(key)))
man.viper.BindEnv(key, envNameFromConfigKey(key))
Organizing cobra commands (#100)
2016-09-03 17:25:16 +00:00
Pattern for defining and loading application configuration (#149) This provides a new pattern for defining and loading configuration for the Kolide server. With this PR, configuration is stored in the `config.KolideConfig` struct, and loaded through `config.Manager`. Refer to the patterns in `config/config.go` and `cli/prepare.go` to see how configuration is defined and used. A follow-up PR will work on removing further references to `viper` throughout the codebase, instead preferring to access configuration through the strongly typed `KolideConfig`.
2016-09-12 17:26:56 +00:00
// Add default
man.addDefault(key, defVal)
}
// getConfigString retrieves a string from the loaded config
func (man Manager) getConfigString(key string) string {
interfaceVal := man.getInterfaceVal(key)
stringVal, err := cast.ToStringE(interfaceVal)
Organizing cobra commands (#100)
2016-09-03 17:25:16 +00:00
if err != nil {
Pattern for defining and loading application configuration (#149) This provides a new pattern for defining and loading configuration for the Kolide server. With this PR, configuration is stored in the `config.KolideConfig` struct, and loaded through `config.Manager`. Refer to the patterns in `config/config.go` and `cli/prepare.go` to see how configuration is defined and used. A follow-up PR will work on removing further references to `viper` throughout the codebase, instead preferring to access configuration through the strongly typed `KolideConfig`.
2016-09-12 17:26:56 +00:00
panic("Unable to cast to string for key " + key + ": " + err.Error())
Organizing cobra commands (#100)
2016-09-03 17:25:16 +00:00
}
Pattern for defining and loading application configuration (#149) This provides a new pattern for defining and loading configuration for the Kolide server. With this PR, configuration is stored in the `config.KolideConfig` struct, and loaded through `config.Manager`. Refer to the patterns in `config/config.go` and `cli/prepare.go` to see how configuration is defined and used. A follow-up PR will work on removing further references to `viper` throughout the codebase, instead preferring to access configuration through the strongly typed `KolideConfig`.
2016-09-12 17:26:56 +00:00
return stringVal
}
Organizing cobra commands (#100)
2016-09-03 17:25:16 +00:00
Add TLS profiles to command line (#1444) * Add TLS profiles to command line * Code review changes per @groob * fixed busted test
2017-03-28 04:21:48 +00:00
// Custom handling for TLSProfile which can only accept specific values
// for the argument
func (man Manager) getConfigTLSProfile() string {
ival := man.getInterfaceVal(TLSProfileKey)
sval, err := cast.ToStringE(ival)
if err != nil {
panic(fmt.Sprintf("%s requires a string value: %s", TLSProfileKey, err.Error()))
}
switch sval {
Add deprecation warning for "old" TLS compatibility (#2183) Warn users in advance of removing this in #2142.
2020-01-14 17:36:07 +00:00
case TLSProfileModern, TLSProfileIntermediate:
Add TLS profiles to command line (#1444) * Add TLS profiles to command line * Code review changes per @groob * fixed busted test
2017-03-28 04:21:48 +00:00
default:
Remove Support for Deprecated TLSProfileOld (#2142) Co-authored-by: Zachary Wasserman <zach@dactiv.llc>
2020-09-10 16:31:01 +00:00
panic(fmt.Sprintf("%s must be one of %s or %s", TLSProfileKey,
TLSProfileModern, TLSProfileIntermediate))
Add TLS profiles to command line (#1444) * Add TLS profiles to command line * Code review changes per @groob * fixed busted test
2017-03-28 04:21:48 +00:00
}
return sval
}
Pattern for defining and loading application configuration (#149) This provides a new pattern for defining and loading configuration for the Kolide server. With this PR, configuration is stored in the `config.KolideConfig` struct, and loaded through `config.Manager`. Refer to the patterns in `config/config.go` and `cli/prepare.go` to see how configuration is defined and used. A follow-up PR will work on removing further references to `viper` throughout the codebase, instead preferring to access configuration through the strongly typed `KolideConfig`.
2016-09-12 17:26:56 +00:00
// addConfigInt adds a int config to the config options
Add inline flag documentation in --help (#1135) - Cleanup unused app.web_address flag
2017-01-31 18:06:30 +00:00
func (man Manager) addConfigInt(key string, defVal int, usage string) {
man.command.PersistentFlags().Int(flagNameFromConfigKey(key), defVal, getFlagUsage(key, usage))
Pattern for defining and loading application configuration (#149) This provides a new pattern for defining and loading configuration for the Kolide server. With this PR, configuration is stored in the `config.KolideConfig` struct, and loaded through `config.Manager`. Refer to the patterns in `config/config.go` and `cli/prepare.go` to see how configuration is defined and used. A follow-up PR will work on removing further references to `viper` throughout the codebase, instead preferring to access configuration through the strongly typed `KolideConfig`.
2016-09-12 17:26:56 +00:00
man.viper.BindPFlag(key, man.command.PersistentFlags().Lookup(flagNameFromConfigKey(key)))
man.viper.BindEnv(key, envNameFromConfigKey(key))
Organizing cobra commands (#100)
2016-09-03 17:25:16 +00:00
Pattern for defining and loading application configuration (#149) This provides a new pattern for defining and loading configuration for the Kolide server. With this PR, configuration is stored in the `config.KolideConfig` struct, and loaded through `config.Manager`. Refer to the patterns in `config/config.go` and `cli/prepare.go` to see how configuration is defined and used. A follow-up PR will work on removing further references to `viper` throughout the codebase, instead preferring to access configuration through the strongly typed `KolideConfig`.
2016-09-12 17:26:56 +00:00
// Add default
man.addDefault(key, defVal)
}
Organizing cobra commands (#100)
2016-09-03 17:25:16 +00:00
Pattern for defining and loading application configuration (#149) This provides a new pattern for defining and loading configuration for the Kolide server. With this PR, configuration is stored in the `config.KolideConfig` struct, and loaded through `config.Manager`. Refer to the patterns in `config/config.go` and `cli/prepare.go` to see how configuration is defined and used. A follow-up PR will work on removing further references to `viper` throughout the codebase, instead preferring to access configuration through the strongly typed `KolideConfig`.
2016-09-12 17:26:56 +00:00
// getConfigInt retrieves a int from the loaded config
func (man Manager) getConfigInt(key string) int {
interfaceVal := man.getInterfaceVal(key)
intVal, err := cast.ToIntE(interfaceVal)
if err != nil {
panic("Unable to cast to int for key " + key + ": " + err.Error())
}
Organizing cobra commands (#100)
2016-09-03 17:25:16 +00:00
Pattern for defining and loading application configuration (#149) This provides a new pattern for defining and loading configuration for the Kolide server. With this PR, configuration is stored in the `config.KolideConfig` struct, and loaded through `config.Manager`. Refer to the patterns in `config/config.go` and `cli/prepare.go` to see how configuration is defined and used. A follow-up PR will work on removing further references to `viper` throughout the codebase, instead preferring to access configuration through the strongly typed `KolideConfig`.
2016-09-12 17:26:56 +00:00
return intVal
}
Organizing cobra commands (#100)
2016-09-03 17:25:16 +00:00
Pattern for defining and loading application configuration (#149) This provides a new pattern for defining and loading configuration for the Kolide server. With this PR, configuration is stored in the `config.KolideConfig` struct, and loaded through `config.Manager`. Refer to the patterns in `config/config.go` and `cli/prepare.go` to see how configuration is defined and used. A follow-up PR will work on removing further references to `viper` throughout the codebase, instead preferring to access configuration through the strongly typed `KolideConfig`.
2016-09-12 17:26:56 +00:00
// addConfigBool adds a bool config to the config options
Add inline flag documentation in --help (#1135) - Cleanup unused app.web_address flag
2017-01-31 18:06:30 +00:00
func (man Manager) addConfigBool(key string, defVal bool, usage string) {
man.command.PersistentFlags().Bool(flagNameFromConfigKey(key), defVal, getFlagUsage(key, usage))
Pattern for defining and loading application configuration (#149) This provides a new pattern for defining and loading configuration for the Kolide server. With this PR, configuration is stored in the `config.KolideConfig` struct, and loaded through `config.Manager`. Refer to the patterns in `config/config.go` and `cli/prepare.go` to see how configuration is defined and used. A follow-up PR will work on removing further references to `viper` throughout the codebase, instead preferring to access configuration through the strongly typed `KolideConfig`.
2016-09-12 17:26:56 +00:00
man.viper.BindPFlag(key, man.command.PersistentFlags().Lookup(flagNameFromConfigKey(key)))
man.viper.BindEnv(key, envNameFromConfigKey(key))
Organizing cobra commands (#100)
2016-09-03 17:25:16 +00:00
Pattern for defining and loading application configuration (#149) This provides a new pattern for defining and loading configuration for the Kolide server. With this PR, configuration is stored in the `config.KolideConfig` struct, and loaded through `config.Manager`. Refer to the patterns in `config/config.go` and `cli/prepare.go` to see how configuration is defined and used. A follow-up PR will work on removing further references to `viper` throughout the codebase, instead preferring to access configuration through the strongly typed `KolideConfig`.
2016-09-12 17:26:56 +00:00
// Add default
man.addDefault(key, defVal)
}
// getConfigBool retrieves a bool from the loaded config
func (man Manager) getConfigBool(key string) bool {
interfaceVal := man.getInterfaceVal(key)
boolVal, err := cast.ToBoolE(interfaceVal)
if err != nil {
panic("Unable to cast to bool for key " + key + ": " + err.Error())
}
Organizing cobra commands (#100)
2016-09-03 17:25:16 +00:00
Pattern for defining and loading application configuration (#149) This provides a new pattern for defining and loading configuration for the Kolide server. With this PR, configuration is stored in the `config.KolideConfig` struct, and loaded through `config.Manager`. Refer to the patterns in `config/config.go` and `cli/prepare.go` to see how configuration is defined and used. A follow-up PR will work on removing further references to `viper` throughout the codebase, instead preferring to access configuration through the strongly typed `KolideConfig`.
2016-09-12 17:26:56 +00:00
return boolVal
}
Organizing cobra commands (#100)
2016-09-03 17:25:16 +00:00
Refactoring for config patterns (#159) This PR refactors most of the codebase to use the new config patterns implemented in #149. Now the core service keeps a copy of the KolideConfig struct, and service methods can reference the configuration in that struct when they need it. The most significant refactoring is in the sessions code, separating the business logic from the storage layer.
2016-09-14 16:11:06 +00:00
// addConfigDuration adds a duration config to the config options
Add inline flag documentation in --help (#1135) - Cleanup unused app.web_address flag
2017-01-31 18:06:30 +00:00
func (man Manager) addConfigDuration(key string, defVal time.Duration, usage string) {
man.command.PersistentFlags().Duration(flagNameFromConfigKey(key), defVal, getFlagUsage(key, usage))
Refactoring for config patterns (#159) This PR refactors most of the codebase to use the new config patterns implemented in #149. Now the core service keeps a copy of the KolideConfig struct, and service methods can reference the configuration in that struct when they need it. The most significant refactoring is in the sessions code, separating the business logic from the storage layer.
2016-09-14 16:11:06 +00:00
man.viper.BindPFlag(key, man.command.PersistentFlags().Lookup(flagNameFromConfigKey(key)))
man.viper.BindEnv(key, envNameFromConfigKey(key))
// Add default
man.addDefault(key, defVal)
}
// getConfigDuration retrieves a duration from the loaded config
func (man Manager) getConfigDuration(key string) time.Duration {
interfaceVal := man.getInterfaceVal(key)
durationVal, err := cast.ToDurationE(interfaceVal)
if err != nil {
panic("Unable to cast to duration for key " + key + ": " + err.Error())
}
return durationVal
}
Pattern for defining and loading application configuration (#149) This provides a new pattern for defining and loading configuration for the Kolide server. With this PR, configuration is stored in the `config.KolideConfig` struct, and loaded through `config.Manager`. Refer to the patterns in `config/config.go` and `cli/prepare.go` to see how configuration is defined and used. A follow-up PR will work on removing further references to `viper` throughout the codebase, instead preferring to access configuration through the strongly typed `KolideConfig`.
2016-09-12 17:26:56 +00:00
// loadConfigFile handles the loading of the config file.
func (man Manager) loadConfigFile() {
Only attempt to parse config file if it is specified by flag (#169) Previously, the behavior was to search for the config file in a variety of locations. Now we only attempt to load a config file if it has been explicitly specified with `-c` or `--config`. Fixes #165.
2016-09-15 15:44:05 +00:00
man.viper.SetConfigType("yaml")
Pattern for defining and loading application configuration (#149) This provides a new pattern for defining and loading configuration for the Kolide server. With this PR, configuration is stored in the `config.KolideConfig` struct, and loaded through `config.Manager`. Refer to the patterns in `config/config.go` and `cli/prepare.go` to see how configuration is defined and used. A follow-up PR will work on removing further references to `viper` throughout the codebase, instead preferring to access configuration through the strongly typed `KolideConfig`.
2016-09-12 17:26:56 +00:00
configFile := man.command.PersistentFlags().Lookup("config").Value.String()
Organizing cobra commands (#100)
2016-09-03 17:25:16 +00:00
Only attempt to parse config file if it is specified by flag (#169) Previously, the behavior was to search for the config file in a variety of locations. Now we only attempt to load a config file if it has been explicitly specified with `-c` or `--config`. Fixes #165.
2016-09-15 15:44:05 +00:00
if configFile == "" {
// No config file set, only use configs from env
// vars/flags/defaults
return
}
Pattern for defining and loading application configuration (#149) This provides a new pattern for defining and loading configuration for the Kolide server. With this PR, configuration is stored in the `config.KolideConfig` struct, and loaded through `config.Manager`. Refer to the patterns in `config/config.go` and `cli/prepare.go` to see how configuration is defined and used. A follow-up PR will work on removing further references to `viper` throughout the codebase, instead preferring to access configuration through the strongly typed `KolideConfig`.
2016-09-12 17:26:56 +00:00
Only attempt to parse config file if it is specified by flag (#169) Previously, the behavior was to search for the config file in a variety of locations. Now we only attempt to load a config file if it has been explicitly specified with `-c` or `--config`. Fixes #165.
2016-09-15 15:44:05 +00:00
man.viper.SetConfigFile(configFile)
Pattern for defining and loading application configuration (#149) This provides a new pattern for defining and loading configuration for the Kolide server. With this PR, configuration is stored in the `config.KolideConfig` struct, and loaded through `config.Manager`. Refer to the patterns in `config/config.go` and `cli/prepare.go` to see how configuration is defined and used. A follow-up PR will work on removing further references to `viper` throughout the codebase, instead preferring to access configuration through the strongly typed `KolideConfig`.
2016-09-12 17:26:56 +00:00
err := man.viper.ReadInConfig()
if err != nil {
Do not panic after error reading config file (#2033) Fixes #1445
2019-04-23 22:59:02 +00:00
fmt.Println("Error loading config file:", err)
os.Exit(1)
Organizing cobra commands (#100)
2016-09-03 17:25:16 +00:00
}
Do not panic after error reading config file (#2033) Fixes #1445
2019-04-23 22:59:02 +00:00
fmt.Println("Using config file: ", man.viper.ConfigFileUsed())
Organizing cobra commands (#100)
2016-09-03 17:25:16 +00:00
}
Refactoring for config patterns (#159) This PR refactors most of the codebase to use the new config patterns implemented in #149. Now the core service keeps a copy of the KolideConfig struct, and service methods can reference the configuration in that struct when they need it. The most significant refactoring is in the sessions code, separating the business logic from the storage layer.
2016-09-14 16:11:06 +00:00
// TestConfig returns a barebones configuration suitable for use in tests.
// Individual tests may want to override some of the values provided.
Remove kolide types and packages from backend (#974) Generally renamed `kolide` -> `fleet`
2021-06-06 22:07:29 +00:00
func TestConfig() FleetConfig {
Implementation of a Kafka REST Proxy logging plugin (#2534) This PR implements the status/result logger functions necessary interface with a Kafka REST Proxy service. Specifically, this is compatible with the [Confluent KAFKA Rest Proxy Service ](https://docs.confluent.io/1.0/kafka-rest/docs/intro.html).
2021-10-28 04:51:17 +00:00
testLogFile := "/dev/null"
Windows friendly changes after walking through getting started guide (#1441) * update .gitattributes to be explicit about line endings with regards to the test certs * update building-fleet guide to include python2 dependency on windows * update configuration to default to OS specific temporary directories
2021-07-22 00:49:44 +00:00
if runtime.GOOS == "windows" {
testLogFile = "NUL"
}
Remove kolide types and packages from backend (#974) Generally renamed `kolide` -> `fleet`
2021-06-06 22:07:29 +00:00
return FleetConfig{
Adds endpoints to invite new users to the application. (#235) User service checks that tokens are valid on new user signups. Closes #230
2016-09-29 02:44:05 +00:00
App: AppConfig{
Remove unused --app_token_key flag (#1479) Closes #1469
2017-04-12 00:13:38 +00:00
TokenKeySize: 24,
Adds endpoints to invite new users to the application. (#235) User service checks that tokens are valid on new user signups. Closes #230
2016-09-29 02:44:05 +00:00
InviteTokenValidityPeriod: 5 * 24 * time.Hour,
},
Refactoring for config patterns (#159) This PR refactors most of the codebase to use the new config patterns implemented in #149. Now the core service keeps a copy of the KolideConfig struct, and service methods can reference the configuration in that struct when they need it. The most significant refactoring is in the sessions code, separating the business logic from the storage layer.
2016-09-14 16:11:06 +00:00
Auth: AuthConfig{
BcryptCost: 6, // Low cost keeps tests fast
SaltKeySize: 24,
},
Session: SessionConfig{
KeySize: 64,
Duration: 24 * 90 * time.Hour,
},
Osquery: OsqueryConfig{
Add ability to modify host detail update interval (#2200) This may be desirable for some deployments to reduce server load.
2020-03-02 19:08:08 +00:00
NodeKeySize: 24,
Make host identifier configurable within Fleet (#417) Osquery now exposes more information during host enrollment than Fleet previously handled. We can use this to provide more options to users in problematic enrollment scenarios. Users can configure --osquery_host_identifier in Fleet to set which identifier is used to determine uniqueness of hosts. The default (provided) replicates existing behavior in Fleet. For many users, setting this to instance will provide better enrollment stability. Closes #373
2021-03-09 02:35:17 +00:00
HostIdentifier: "instance",
Make enrollment cooldown configurable (#418) The enrollment cooldown period was sometimes causing problems when osquery (probably unintentionally, see https://github.com/osquery/osquery/issues/6993) tried to enroll more than once from the same osqueryd process. We now set this to default to off and make it configurable. With #417 this feature may be unnecessary for most deployments.
2021-03-09 05:26:09 +00:00
EnrollCooldown: 42 * time.Minute,
Add ability to modify host detail update interval (#2200) This may be desirable for some deployments to reduce server load.
2020-03-02 19:08:08 +00:00
StatusLogPlugin: "filesystem",
ResultLogPlugin: "filesystem",
LabelUpdateInterval: 1 * time.Hour,
Add policy updated at (#2246) * wip * Add policy updated at interval and update the UI to use that * Update rest api * Fix tests
2021-09-27 19:27:38 +00:00
PolicyUpdateInterval: 1 * time.Hour,
Add ability to modify host detail update interval (#2200) This may be desirable for some deployments to reduce server load.
2020-03-02 19:08:08 +00:00
DetailUpdateInterval: 1 * time.Hour,
Add jitter to intervals (#2158) * Add max jitter percent config * Fix jitter calc * Remove comment * Reduce test jitter to make tests less flaky * Remove jitter entirely * Document new config * Fix doc link
2021-09-21 17:21:44 +00:00
MaxJitterPercent: 0,
Refactoring for config patterns (#159) This PR refactors most of the codebase to use the new config patterns implemented in #149. Now the core service keeps a copy of the KolideConfig struct, and service methods can reference the configuration in that struct when they need it. The most significant refactoring is in the sessions code, separating the business logic from the storage layer.
2016-09-14 16:11:06 +00:00
},
Logging: LoggingConfig{
Debug: true,
DisableBanner: true,
},
Add Firehose logging capabilities for result and status logs (#2022) - Refactor configuration for logging to use separate plugins - Move existing filesystem logging to filesystem plugin - Create new AWS firehose plugin - Update documentation around logging
2019-04-08 18:47:15 +00:00
Filesystem: FilesystemConfig{
Windows friendly changes after walking through getting started guide (#1441) * update .gitattributes to be explicit about line endings with regards to the test certs * update building-fleet guide to include python2 dependency on windows * update configuration to default to OS specific temporary directories
2021-07-22 00:49:44 +00:00
StatusLogFile: testLogFile,
ResultLogFile: testLogFile,
Add Firehose logging capabilities for result and status logs (#2022) - Refactor configuration for logging to use separate plugins - Move existing filesystem logging to filesystem plugin - Create new AWS firehose plugin - Update documentation around logging
2019-04-08 18:47:15 +00:00
},
Refactoring for config patterns (#159) This PR refactors most of the codebase to use the new config patterns implemented in #149. Now the core service keeps a copy of the KolideConfig struct, and service methods can reference the configuration in that struct when they need it. The most significant refactoring is in the sessions code, separating the business logic from the storage layer.
2016-09-14 16:11:06 +00:00
}
}
Reference in New Issue Copy Permalink