empayre/fleet
14
0
Fork 0
mirror of https://github.com/empayre/fleet.git synced 2024-11-06 17:05:18 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

Fix mdm direct query ingestion for non-mdm hosts (#3483)

Browse Source 
* Fix mdm direct query ingestion for non-mdm hosts

* Amend TODO comment

* Add dummy test
This commit is contained in:
Lucas Manuel Rodriguez 2021-12-24 09:43:31 -03:00 committed by GitHub
parent b54b5722d8
commit 30e922db07
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
3 changed files with 31 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

18
server/service/osquery_utils/queries.go
View File

@ -646,15 +646,23 @@ func directIngestMDM(ctx context.Context, logger log.Logger, host *fleet.Host, d
logger.Log("component", "service", "method", "ingestMDM", "warn",
fmt.Sprintf("mdm expected single result got %d", len(rows)))
}
enrolledVal := rows[0]["enrolled"]
if enrolledVal == "" {
return ctxerr.Wrap(ctx, fmt.Errorf("missing mdm.enrolled value: %d", host.ID))
}
enrolled, err := strconv.ParseBool(enrolledVal)
if err != nil {
return ctxerr.Wrap(ctx, err, "parsing enrolled")
}
if !enrolled {
// A row with enrolled=false and all other columns empty is a host with the osquery
// MDM table extensions installed (e.g. Orbit) but MDM unconfigured/disabled.
return nil
}
installedFromDep, err := strconv.ParseBool(rows[0]["installed_from_dep"])
if err != nil {
return ctxerr.Wrap(ctx, err, "parsing installed_from_dep")
}
enrolled, err := strconv.ParseBool(rows[0]["enrolled"])
if err != nil {
return ctxerr.Wrap(ctx, err, "parsing enrolled")
}
return ds.SetOrUpdateMDMData(ctx, host.ID, enrolled, rows[0]["server_url"], installedFromDep)
}

17
server/service/osquery_utils/queries_test.go
View File

@ -1,6 +1,7 @@
package osquery_utils
import (
"context"
"encoding/json"
"sort"
"testing"
@ -301,3 +302,19 @@ func TestGetDetailQueries(t *testing.T) {
sortedKeysCompare(t, queriesWithUsersAndSoftware,
append(baseQueries, "users", "software_macos", "software_linux", "software_windows"))
}
func TestDirectIngestMDM(t *testing.T) {
var host fleet.Host
err := directIngestMDM(context.Background(), log.NewNopLogger(), &host, nil, []map[string]string{}, true)
require.NoError(t, err)
err = directIngestMDM(context.Background(), log.NewNopLogger(), &host, nil, []map[string]string{
{
"enrolled": "false",
"installed_from_dep": "",
"server_url": "",
},
}, false)
require.NoError(t, err)
}

2
server/service/service_osquery.go
View File

@ -760,7 +760,7 @@ func (svc *Service) SubmitDistributedQueryResults(
}
if err != nil {
logging.WithErr(ctx, ctxerr.New(ctx, "error in live query ingestion"))
logging.WithErr(ctx, ctxerr.New(ctx, "error in query ingestion"))
logging.WithExtras(ctx, "ingestion-err", err)
}
}