Commit Graph

620 Commits

Author SHA1 Message Date
Michal Nicpon
9009857022
Add get team by name to fleetctl (#4202) 2022-02-15 11:48:09 -07:00
Martin Angers
290b5d90e5
Add team target filters to rego authorization checks for running queries (#4194) 2022-02-15 13:41:48 -05:00
Zachary Winnerman
c5c72ed713
Add apm for testing apm (#4053)
* Add apm for testing apm

* Testing opentracing

* testing

* Testing

* go fmt

* Add config switch for tracing.

* fixup

* Update cmd/fleet/serve.go

Co-authored-by: Tomas Touceda <chiiph@gmail.com>

* Add support for both elasticapm and opentelemetry

* Fix driver stuff and config options

* Fixup

* fixup

* Add changes file

* Add config for sql driver

* fixup

* Add doc to exported field

* testing

* fixup

* fixup

* Testing again

* fixup

* testing

* Undo

Co-authored-by: Tomas Touceda <chiiph@gmail.com>
2022-02-15 12:42:22 -05:00
Lucas Manuel Rodriguez
be72dc356c
Add CentOS parsing+post-processing to reduce false positives in vulnerability processing (#4037)
* Add CentOS parsing and post-processing in fleet

* Add tests and amend SyncCPEDatabase

* Add test for centosPostProcessing

* Changes from PR comments

* Amend software test

* Fix sync test

* Add index to source and vendor

* Use os.MkdirTemp

* Rearrange migrations

* Regenerate test schema

* Add support for testing migrations (#4112)

* Add support for testing migrations

* Rename migration in tests

* Changes suggested in PR

* Go mod tidy
2022-02-14 15:13:44 -03:00
Zachary Winnerman
3babf53cf4
Fix OSVersion to work properly when distribution does not follow symver (#3968)
* Fix OSVersion to work properly when distribution does not follow symver

Certain distros such as ClearLinux or ArchLinux do not use symver or any
dotted versioning scheme for their releases. Archlinux uses the static
string "Rolling" and ClearLinux uses a single build number such as 35550
for their versions.

In Fleet console, this shows up as a string like "Archlinux 0.0.0.0"
which makes very little sense to the user. This change makes it so that
if OSQuery cannot generate a dotted version number, we should instead
use the build id as an opaque string.

* Add /changes

* Add tests for os_version

* fixup

* fixup
2022-02-14 12:55:23 -05:00
Michal Nicpon
075702113a
Print version warning when using fleetctl (#4139)
* Remove deprecated call in fleetctl
* Remove duplicate error returned by app.Run in tests
2022-02-14 09:43:34 -07:00
dayld
c32a225104
users table to cached_users to improve performance (#4170)
* users table to cached_users to improve performance

* add changes file

Co-authored-by: dayld <>
2022-02-14 09:48:17 -03:00
Zach Wasserman
1e843f3b89
Allow short IdP name in server validation (#4077)
A customer encountered an error when setting the value to "SSO" which
seems quite reasonable.
2022-02-13 19:35:59 -08:00
Zach Wasserman
e20a9b4508
Add platform filters for MDM/Munki/Chrome queries (#4144)
* Add platform filters for MDM/Munki/Chrome queries

This should help quiet warnings that users/customers have reported when
these queries try to run on platforms without the macadmins extension
tables.

For #4123

* Improve documentation

* add changes file

* revert doc formatting

* Update tests

* Yet another test fix

Co-authored-by: Tomas Touceda <chiiph@gmail.com>
2022-02-11 14:10:26 -03:00
Tomas Touceda
d167556514
Make sure we handle unenrolling properly (#4158)
* Make sure we handle unenrolling properly

* Update failing test

* Fix test
2022-02-11 08:27:15 -03:00
Martin Angers
cc1cf69a0f
Use a dedicated table to store hosts_count and fix pagination with vulns (#4104) 2022-02-09 10:16:50 -05:00
Tomas Touceda
11887f87f7
Add enable scheduled query stats to fleet config (#4066)
* Add enable scheduled query stats to fleet config as well

* Add documentation

* Revert "Allow disabling scheduled query stats via app config (#4049)"

This reverts commit f98fd4d331.

* Add changes file

* Update ref

* Add missing docs
2022-02-09 08:20:29 -03:00
Michal Nicpon
578a9780f2
apply queries spec endpoint missing authorization check (#4068)
* do authorization check when updating existing query
2022-02-08 09:47:48 -07:00
Martin Angers
1686bcafb8
Fix requesting subsequent pages in list software (#4061) 2022-02-07 15:57:55 -05:00
Tomas Touceda
35eac78aed
Add CountsUpdatedAt for munki/mdm status (#4045)
* Add CountsUpdatedAt for munki/mdm status

* Update doc
2022-02-07 14:53:33 -03:00
Martin Angers
1751c7a548
Expand linux platform to all supported linux os in generate hosts stats (#4051) 2022-02-07 11:50:36 -05:00
Tomas Touceda
f98fd4d331
Allow disabling scheduled query stats via app config (#4049)
* Allow disabling scheduled query stats via app config

* Update tests

* Fix test

* Moar test fixes

* Remove redundant set

* Add documentation

* Fix typo in docs
2022-02-07 13:37:54 -03:00
Martin Angers
2cdd614253
Remove todos around queries/run authorization tests (#3992) 2022-02-07 09:00:48 -05:00
Tharun Rajendran
2084b7d310
feat(api): add endpoint to get team by id (#4018)
* feat(api): add endpoint to get team by id

* fix review feedbacks

* add integration test in enterprise suite
2022-02-04 14:33:22 -03:00
Lucas Manuel Rodriguez
a8135aa928
Fix typo and lint checks (#4013) 2022-02-03 17:06:49 -03:00
Tomas Touceda
656ef07df1
Move ApplyTeamSpec to ee (#4011)
* Move ApplyTeamSpec to ee

* Update test now that apply team specs is behind premium

* Check all auth first

* Change auth call for team creation
2022-02-03 16:24:03 -03:00
Tomas Touceda
cf529e70cf
Issue 3173 debug status processlist (#4009)
* Add innodb status and process list

* Make json output a bit prettier

* Add changes file

* fix lint issues
2022-02-03 14:56:22 -03:00
Lucas Manuel Rodriguez
ab8cc6e7bc
Split hosts in bucket of minutes for the jitter (#3767)
* Split hosts in bucket of minutes

* New approach on jitter

* Use minutes to define the amount of buckets

* Add logging to jitter hash creation

* Clean up code and remove unused jitter

* Fix test

* Add docs and address review comments

* Address review comments

* Fix typo in doc

Co-authored-by: Tomas Touceda <chiiph@gmail.com>
2022-02-03 14:56:11 -03:00
Tomas Touceda
b2d0a8c79f
Merge pull request from GHSA-ch68-7cf4-35vr
* Validate audience restrictions when validating SAML auth reqs

* EntityID is usually the audience

* Add coverage for failures on audience conditions
2022-02-02 15:50:09 -08:00
Martin Angers
6e2ba62744
Trigger webhooks for recently published vulnerabilities (#3941) 2022-02-02 16:34:37 -05:00
Martin Angers
4ab7fdd6bb
Return a null timestamp when there are no software counts available (#3955) 2022-01-31 17:08:03 -05:00
Martin Angers
ecf6bd8907
Migrate more user-authenticated endpoints to new pattern (#3933) 2022-01-31 16:35:22 -05:00
Tomas Touceda
1667fdcf22
Add vulnerabilities webhook config (#3897)
* Add vulnerabilities webhook config

* Fix tests

* Update documentation

* Update docs
2022-01-27 10:48:46 -03:00
Tomas Touceda
ffabf803a3
Aggregate munki and mdm data (#3886)
* Aggregate munki and mdm data

* Update doc

* Use reader to read

* Reader to read

* Address review comments
2022-01-26 17:55:07 -03:00
Martin Angers
9a0f749641
Add hosts_count field to "list software" endpoint (#3873) 2022-01-26 09:47:56 -05:00
Martin Angers
8b8cebb6fe
Migrate remaining user-authenticated endpoints (#3796) 2022-01-25 09:34:00 -05:00
Tomas Touceda
a18e09b613
Simplify fleetctl implementation and improve testing (#3830)
* Simplify fleetctl implementation and improve testing

* Add a few more

* Handle not founds better

* Fix tests

* Check that logout ds func is called
2022-01-24 16:40:51 -03:00
Tomas Touceda
f02bef6f2c
Add platform filter to host_summary (#3845)
* Add platform filter to host_summary

* Add documentation

* Actually forward the platform param down the chain

* Update mock

* Update mock
2022-01-24 14:49:21 -03:00
Tomas Touceda
9d572309ae
Add sentry (#3669)
* Add sentry

* Fix gosum

* More gosum fixes

* Add missing def for config

* Enrich sentry scope a bit

* Add changes file

* Add goroutine safe scope to errors

* Encapsulate sentry logic

* Add documentation for new flag

* Add sentry capturing to crons and other background tasks

* Only send to sentry when enabled
2022-01-20 16:41:02 -03:00
Zach Wasserman
4a70cd69fa
Shorten "simple" query API period to 25s (#3775)
This helps the period stay under the default request timeouts for most
load balancers.

Some default timeouts:
* AWS ALB - 60s
* Nginx - 60s
* GCP LB - 30s
2022-01-19 17:48:57 -08:00
Lucas Manuel Rodriguez
e5cb68cee9
Return 404 when listing policies for a team that does not exist (#3793)
* Return 404 when listing policies for a team that does not exist

* Set mock for auth test
2022-01-19 18:17:42 -03:00
Lucas Manuel Rodriguez
77c3a8a61e
Fix flaky TestPolicyWebhooks (#3777)
* Fix flaky TestPolicyWebhooks

* Run test redis cleanup before running tests
2022-01-19 16:17:00 -03:00
Lucas Manuel Rodriguez
47df5e83fe
Return 400 when trying to create packs, queries and policies with empty names (#3761)
* Return 400 when trying to create packs, queries and policies with empty names

* Amend sql query test
2022-01-19 16:07:58 -03:00
Martin Angers
afb3310937
Migrate team-related endpoints to new pattern (#3740) 2022-01-19 10:52:14 -05:00
Tomas Touceda
eee539cccc
Issue 3707 clean targets on delete (#3739)
* wip

* Delete targets when deleting teams, hosts, and labels

* Add changes file

* Fix error message

* Remove unused teamsTable

* Cleanup new pack

* Clean new packs at end of test
2022-01-19 10:28:08 -03:00
Zach Wasserman
a79d5fbfcc
Optimize users detail query (#3754)
@Smjert reported instances of Windows Domain Controllers having massive
resource utilization and being killed by the watchdog when running this
query. In his test environment, this new query performs much better.
2022-01-18 16:39:32 -08:00
Zach Wasserman
6232bfa1d6
Include browser extensions in software inventory (#3733)
Use appropriate JOINs against users table to include all results.

For #3557
2022-01-18 12:46:04 -08:00
Tomas Touceda
f85941e60c
Use time.after instead of time.tick to not leak (#3751) 2022-01-18 16:50:15 -03:00
Lucas Manuel Rodriguez
d4243d0a72
Team observers can browse global policies (#3737)
* Allow team observers to browse global policies

* Add integration core test for team observer

* Fix integration tests
2022-01-18 13:18:40 -03:00
Martin Angers
f19e676e62
Refactor async host processing to avoid redis SCAN keys (for policies) (#3657) 2022-01-18 09:56:43 -05:00
Tomas Touceda
b47cf3d2d4
Better jitter (#3716)
* Better jitter

* Fix lint

* Use milliseconds

* Make duration milliseconds

* Update based on Lucas' suggestion

* Add changes file

* Panic on error

* Fix compilation error
2022-01-18 11:29:57 -03:00
Lucas Manuel Rodriguez
371c533bfc
Improved Datastore usage of osquery hosts requests (#3601)
* WIP

* Amend tests

* Do not load aggregated stats for packs

* Add option to host lite

* Fix remaining TODOs

* Fix osquery_utils tests

* Fix SQL

* Fix SQL (bis)

* Restore AuthenticateHost to load once

* Code improvements and re-add deferred host save

* More fixes to the PR

* Wrap users table update on tx

* Add caching to ListPacksForHost and ListScheduledQueriesInPack

* Remove SaveHostSoftware (replaced by UpdateHostSoftware)

* Add unit tests for new functionality

* Add changes file

* Fix scheduled queries test
2022-01-17 22:52:09 -03:00
Martin Angers
c335272de2
Fix failing policy sets for redis cluster mode (#3725) 2022-01-17 15:16:54 -05:00
Martin Angers
1f185a7a8b
Refactor async host processing to avoid redis SCAN keys (for labels only) (#3639) 2022-01-17 14:53:59 -05:00
Zach Wasserman
72fc9dc524
Remove unused request-id in context (#3632)
This seems to be left over from the older authorization system in Fleet.
I couldn't find any other reference to the `request-id` in the code.
2022-01-13 14:12:56 -08:00