2014-07-31 00:35:19 +00:00
|
|
|
// Copyright 2004-present Facebook. All Rights Reserved.
|
|
|
|
|
|
2014-09-10 01:54:53 +00:00
|
|
|
#pragma once
|
2014-07-31 00:35:19 +00:00
|
|
|
|
|
|
|
|
#include <memory>
|
|
|
|
|
#include <string>
|
|
|
|
|
#include <vector>
|
|
|
|
|
|
|
|
|
|
#include <rocksdb/db.h>
|
|
|
|
|
|
2014-08-05 23:13:55 +00:00
|
|
|
#include "osquery/status.h"
|
2014-07-31 00:35:19 +00:00
|
|
|
|
2014-08-15 07:25:30 +00:00
|
|
|
namespace osquery {
|
2014-07-31 00:35:19 +00:00
|
|
|
|
|
|
|
|
/////////////////////////////////////////////////////////////////////////////
|
|
|
|
|
// Constants
|
|
|
|
|
/////////////////////////////////////////////////////////////////////////////
|
|
|
|
|
|
2014-09-16 00:13:22 +00:00
|
|
|
/// The default path of the RocksDB database on disk
|
2014-07-31 00:35:19 +00:00
|
|
|
extern const std::string kDBPath;
|
|
|
|
|
|
2014-09-16 07:28:23 +00:00
|
|
|
/**
|
|
|
|
|
* @brief A const vector of column families in RocksDB
|
2014-09-16 00:13:22 +00:00
|
|
|
*
|
2014-09-16 07:28:23 +00:00
|
|
|
* RocksDB has a concept of "column families" which are kind of like tables
|
|
|
|
|
* in other databases. kDomainds is populated with a list of all column
|
|
|
|
|
* families. If a string exists in kDomains, it's a column family in the
|
|
|
|
|
* database.
|
2014-09-16 00:13:22 +00:00
|
|
|
*/
|
2014-07-31 00:35:19 +00:00
|
|
|
extern const std::vector<std::string> kDomains;
|
|
|
|
|
|
2014-09-16 00:13:22 +00:00
|
|
|
/// The "domain" where the results of scheduled queries are stored
|
2014-07-31 00:35:19 +00:00
|
|
|
extern const std::string kQueries;
|
|
|
|
|
|
2014-09-16 00:13:22 +00:00
|
|
|
/// The "domain" where certain global configurations are stored
|
2014-07-31 00:35:19 +00:00
|
|
|
extern const std::string kConfigurations;
|
|
|
|
|
|
2014-09-19 08:54:33 +00:00
|
|
|
/// The "domain" where event results are stored, queued for querytime
|
|
|
|
|
extern const std::string kEvents;
|
|
|
|
|
|
2014-07-31 00:35:19 +00:00
|
|
|
/////////////////////////////////////////////////////////////////////////////
|
2014-09-16 00:13:22 +00:00
|
|
|
// DBHandle RAII singleton
|
2014-07-31 00:35:19 +00:00
|
|
|
/////////////////////////////////////////////////////////////////////////////
|
2014-09-16 00:13:22 +00:00
|
|
|
|
2014-09-16 07:28:23 +00:00
|
|
|
/**
|
|
|
|
|
* @brief RAII singleton around RocksDB database access.
|
2014-09-16 00:13:22 +00:00
|
|
|
*
|
2014-09-16 07:28:23 +00:00
|
|
|
* Accessing RocksDB necessitates creating several pointers which must be
|
|
|
|
|
* carefully memory managed. DBHandle offers you a singleton which takes
|
|
|
|
|
* care of acquiring and releasing the relevant pointers and data structures
|
|
|
|
|
* for you.
|
2014-09-16 00:13:22 +00:00
|
|
|
*/
|
2014-07-31 00:35:19 +00:00
|
|
|
class DBHandle {
|
2014-08-15 07:25:30 +00:00
|
|
|
public:
|
2014-09-16 07:28:23 +00:00
|
|
|
/**
|
|
|
|
|
* @brief Destructor which takes care of deallocating all previously
|
|
|
|
|
* allocated resources
|
2014-09-16 00:13:22 +00:00
|
|
|
*/
|
2014-07-31 00:35:19 +00:00
|
|
|
~DBHandle();
|
|
|
|
|
|
2014-09-16 07:28:23 +00:00
|
|
|
/**
|
|
|
|
|
* @brief The primary way to access the DBHandle singleton
|
2014-09-16 00:13:22 +00:00
|
|
|
*
|
2014-09-16 07:28:23 +00:00
|
|
|
* DBHandle::getInstance() provides access to the DBHandle singleton.
|
2014-09-16 00:13:22 +00:00
|
|
|
*
|
2014-09-16 07:28:23 +00:00
|
|
|
* @code{.cpp}
|
|
|
|
|
* auto db = DBHandle::getInstance();
|
|
|
|
|
* std::string value;
|
|
|
|
|
* auto status = db->Get("default", "foo", value);
|
|
|
|
|
* if (status.ok()) {
|
|
|
|
|
* assert(value == "bar");
|
|
|
|
|
* }
|
|
|
|
|
* @endcode
|
2014-09-16 00:13:22 +00:00
|
|
|
*
|
2014-09-16 07:28:23 +00:00
|
|
|
* @return a shared pointer to an instance of DBHandle
|
2014-09-16 00:13:22 +00:00
|
|
|
*/
|
2014-07-31 00:35:19 +00:00
|
|
|
static std::shared_ptr<DBHandle> getInstance();
|
|
|
|
|
|
2014-09-16 07:28:23 +00:00
|
|
|
/**
|
|
|
|
|
* @brief Getter for the status of the operations required to open the
|
|
|
|
|
* database
|
2014-09-16 00:13:22 +00:00
|
|
|
*
|
2014-09-16 07:28:23 +00:00
|
|
|
* @return an instance of osquery::Status which indicates the success or
|
|
|
|
|
* failure of connecting to RocksDB
|
2014-09-16 00:13:22 +00:00
|
|
|
*/
|
2014-08-05 23:13:55 +00:00
|
|
|
osquery::Status getStatus();
|
2014-07-31 00:35:19 +00:00
|
|
|
|
2014-09-16 07:28:23 +00:00
|
|
|
/**
|
|
|
|
|
* @brief Helper method which can be used to get a raw pointer to the
|
|
|
|
|
* underlying RocksDB database handle
|
2014-09-16 00:13:22 +00:00
|
|
|
*
|
2014-09-16 07:28:23 +00:00
|
|
|
* You probably shouldn't use this. DBHandle::getDB() should only be used
|
|
|
|
|
* when you're positive that it's the right thing to use.
|
2014-09-16 00:13:22 +00:00
|
|
|
*
|
2014-09-16 07:28:23 +00:00
|
|
|
* @return a pointer to the underlying RocksDB database handle
|
2014-09-16 00:13:22 +00:00
|
|
|
*/
|
2014-07-31 00:35:19 +00:00
|
|
|
rocksdb::DB* getDB();
|
|
|
|
|
|
|
|
|
|
/////////////////////////////////////////////////////////////////////////////
|
2014-09-16 00:13:22 +00:00
|
|
|
// Data access methods
|
2014-07-31 00:35:19 +00:00
|
|
|
/////////////////////////////////////////////////////////////////////////////
|
|
|
|
|
|
2014-09-16 07:28:23 +00:00
|
|
|
/**
|
|
|
|
|
* @brief Get data from the database
|
2014-09-16 00:13:22 +00:00
|
|
|
*
|
2014-09-16 07:28:23 +00:00
|
|
|
* @param domain the "domain" or "column family" that you'd like to retrieve
|
|
|
|
|
* the data from
|
|
|
|
|
* @param key the string key that you'd like to get
|
|
|
|
|
* @param value a non-const string reference where the result of the
|
|
|
|
|
* operation will be stored
|
2014-09-16 00:13:22 +00:00
|
|
|
*
|
2014-09-16 07:28:23 +00:00
|
|
|
* @return an instance of osquery::Status indicating the success or failure
|
|
|
|
|
* of the operation.
|
2014-09-16 00:13:22 +00:00
|
|
|
*/
|
2014-08-15 07:25:30 +00:00
|
|
|
osquery::Status Get(const std::string& domain,
|
|
|
|
|
const std::string& key,
|
|
|
|
|
std::string& value);
|
2014-07-31 00:35:19 +00:00
|
|
|
|
2014-09-16 07:28:23 +00:00
|
|
|
/**
|
|
|
|
|
* @brief Put data into the database
|
2014-09-16 00:13:22 +00:00
|
|
|
*
|
2014-09-16 07:28:23 +00:00
|
|
|
* @param domain the "domain" or "column family" that you'd like to insert
|
|
|
|
|
* data into
|
|
|
|
|
* @param key the string key that you'd like to put
|
|
|
|
|
* @param value the data that you'd like to put into RocksDB
|
2014-09-16 00:13:22 +00:00
|
|
|
*
|
2014-09-16 07:28:23 +00:00
|
|
|
* @return an instance of osquery::Status indicating the success or failure
|
|
|
|
|
* of the operation.
|
2014-09-16 00:13:22 +00:00
|
|
|
*/
|
2014-08-15 07:25:30 +00:00
|
|
|
osquery::Status Put(const std::string& domain,
|
|
|
|
|
const std::string& key,
|
|
|
|
|
const std::string& value);
|
2014-07-31 00:35:19 +00:00
|
|
|
|
2014-09-16 07:28:23 +00:00
|
|
|
/**
|
|
|
|
|
* @brief Delete data from the database
|
2014-09-16 00:13:22 +00:00
|
|
|
*
|
2014-09-16 07:28:23 +00:00
|
|
|
* @param domain the "domain" or "column family" that you'd like to delete
|
|
|
|
|
* data from
|
|
|
|
|
* @param key the string key that you'd like to delete
|
2014-09-16 00:13:22 +00:00
|
|
|
*
|
2014-09-16 07:28:23 +00:00
|
|
|
* @return an instance of osquery::Status indicating the success or failure
|
|
|
|
|
* of the operation.
|
2014-09-16 00:13:22 +00:00
|
|
|
*/
|
2014-08-15 07:25:30 +00:00
|
|
|
osquery::Status Delete(const std::string& domain, const std::string& key);
|
2014-07-31 00:35:19 +00:00
|
|
|
|
2014-09-16 07:28:23 +00:00
|
|
|
/**
|
|
|
|
|
* @brief List the data in a "domain"
|
2014-09-16 00:13:22 +00:00
|
|
|
*
|
2014-09-16 07:28:23 +00:00
|
|
|
* @param domain the "domain" or "column family" that you'd like to list
|
|
|
|
|
* data from
|
|
|
|
|
* @param results a non-const reference to a vector which will be populated
|
|
|
|
|
* with all of the keys from the supplied domain.
|
2014-09-16 00:13:22 +00:00
|
|
|
*
|
2014-09-16 07:28:23 +00:00
|
|
|
* @return an instance of osquery::Status indicating the success or failure
|
|
|
|
|
* of the operation.
|
2014-09-16 00:13:22 +00:00
|
|
|
*/
|
2014-08-15 07:25:30 +00:00
|
|
|
osquery::Status Scan(const std::string& domain,
|
|
|
|
|
std::vector<std::string>& results);
|
2014-07-31 00:35:19 +00:00
|
|
|
|
2014-08-15 07:25:30 +00:00
|
|
|
private:
|
2014-09-16 07:28:23 +00:00
|
|
|
/**
|
|
|
|
|
* @brief Default constructor
|
|
|
|
|
*
|
|
|
|
|
* DBHandle's constructor takes care of properly connecting to RocksDB and
|
|
|
|
|
* ensuring that all necessary column families are created. The resulting
|
|
|
|
|
* database handle can then be accessed via DBHandle::getDB() and the
|
|
|
|
|
* success of the connection can be determined by inspecting the resulting
|
|
|
|
|
* status code via DBHandle::getStatus()
|
2014-09-16 00:13:22 +00:00
|
|
|
*/
|
2014-07-31 00:35:19 +00:00
|
|
|
DBHandle();
|
2014-09-16 00:13:22 +00:00
|
|
|
|
2014-09-16 07:28:23 +00:00
|
|
|
/**
|
|
|
|
|
* @brief Internal only constructor used to create instances of DBHandle.
|
2014-09-16 00:13:22 +00:00
|
|
|
*
|
2014-09-16 07:28:23 +00:00
|
|
|
* This constructor allows you to specify a few more details about how you'd
|
|
|
|
|
* like DBHandle to be used. This is only used internally, so you should
|
|
|
|
|
* never actually use it.
|
2014-09-16 00:13:22 +00:00
|
|
|
*
|
2014-09-16 07:28:23 +00:00
|
|
|
* @param path the path to create/access the database
|
|
|
|
|
* @param in_memory a boolean indicating wether or not the database should
|
|
|
|
|
* be creating in memory or not.
|
2014-09-16 00:13:22 +00:00
|
|
|
*/
|
2014-07-31 00:35:19 +00:00
|
|
|
DBHandle(std::string path, bool in_memory);
|
|
|
|
|
|
2014-09-16 07:28:23 +00:00
|
|
|
/**
|
|
|
|
|
* @brief A method which allows you to override the database path
|
2014-09-16 00:13:22 +00:00
|
|
|
*
|
2014-09-16 07:28:23 +00:00
|
|
|
* This should only be used by unit tests. Never use it in production code.
|
2014-09-16 00:13:22 +00:00
|
|
|
*
|
2014-09-16 07:28:23 +00:00
|
|
|
* @return a shared pointer to an instance of DBHandle
|
2014-09-16 00:13:22 +00:00
|
|
|
*/
|
2014-07-31 00:35:19 +00:00
|
|
|
static std::shared_ptr<DBHandle> getInstanceAtPath(const std::string& path);
|
2014-09-16 00:13:22 +00:00
|
|
|
|
2014-09-16 07:28:23 +00:00
|
|
|
/**
|
|
|
|
|
* @brief A method which gets you an in-memory RocksDB instance.
|
2014-09-16 00:13:22 +00:00
|
|
|
*
|
2014-09-16 07:28:23 +00:00
|
|
|
* This should only be used by unit tests. Never use it in production code.
|
2014-09-16 00:13:22 +00:00
|
|
|
*
|
2014-09-16 07:28:23 +00:00
|
|
|
* @return a shared pointer to an instance of DBHandle
|
2014-09-16 00:13:22 +00:00
|
|
|
*/
|
2014-07-31 00:35:19 +00:00
|
|
|
static std::shared_ptr<DBHandle> getInstanceInMemory();
|
2014-09-16 00:13:22 +00:00
|
|
|
|
2014-09-16 07:28:23 +00:00
|
|
|
/**
|
|
|
|
|
* @brief A method which allows you to configure various aspects of RocksDB
|
|
|
|
|
* database options.
|
2014-09-16 00:13:22 +00:00
|
|
|
*
|
2014-09-16 07:28:23 +00:00
|
|
|
* This should only be used by unit tests. Never use it in production code.
|
2014-09-16 00:13:22 +00:00
|
|
|
*
|
2014-09-16 07:28:23 +00:00
|
|
|
* @param path the path to create/access the database
|
|
|
|
|
* @param in_memory a boolean indicating wether or not the database should
|
|
|
|
|
* be creating in memory or not.
|
2014-09-16 00:13:22 +00:00
|
|
|
*
|
2014-09-16 07:28:23 +00:00
|
|
|
* @return a shared pointer to an instance of DBHandle
|
2014-09-16 00:13:22 +00:00
|
|
|
*/
|
2014-08-15 07:25:30 +00:00
|
|
|
static std::shared_ptr<DBHandle> getInstance(const std::string& path,
|
|
|
|
|
bool in_memory);
|
2014-07-31 00:35:19 +00:00
|
|
|
|
2014-09-16 07:28:23 +00:00
|
|
|
/**
|
|
|
|
|
* @brief Private helper around accessing the column family handle for a
|
|
|
|
|
* specific column family, based on it's name
|
2014-09-16 00:13:22 +00:00
|
|
|
*/
|
2014-07-31 00:35:19 +00:00
|
|
|
rocksdb::ColumnFamilyHandle* getHandleForColumnFamily(const std::string& cf);
|
|
|
|
|
|
2014-08-15 07:25:30 +00:00
|
|
|
private:
|
2014-07-31 00:35:19 +00:00
|
|
|
/////////////////////////////////////////////////////////////////////////////
|
|
|
|
|
// Private members
|
|
|
|
|
/////////////////////////////////////////////////////////////////////////////
|
|
|
|
|
|
2014-09-16 00:13:22 +00:00
|
|
|
/// The database handle
|
2014-07-31 00:35:19 +00:00
|
|
|
rocksdb::DB* db_;
|
|
|
|
|
|
2014-09-16 00:13:22 +00:00
|
|
|
/// The status code that is generated while attempting to connect to RocksDB
|
2014-07-31 00:35:19 +00:00
|
|
|
rocksdb::Status status_;
|
|
|
|
|
|
2014-09-16 00:13:22 +00:00
|
|
|
/// Column family descriptors which are used to connect to RocksDB
|
2014-07-31 00:35:19 +00:00
|
|
|
std::vector<rocksdb::ColumnFamilyDescriptor> column_families_;
|
|
|
|
|
|
2014-09-16 00:13:22 +00:00
|
|
|
/// A vector of pointers to column family handles
|
2014-07-31 00:35:19 +00:00
|
|
|
std::vector<rocksdb::ColumnFamilyHandle*> handles_;
|
|
|
|
|
|
2014-09-16 00:13:22 +00:00
|
|
|
/// The RocksDB connection options that are used to connect to RocksDB
|
2014-07-31 00:35:19 +00:00
|
|
|
rocksdb::Options options_;
|
2014-08-15 07:25:30 +00:00
|
|
|
|
|
|
|
|
private:
|
2014-07-31 00:35:19 +00:00
|
|
|
/////////////////////////////////////////////////////////////////////////////
|
|
|
|
|
// Unit tests which can access private members
|
|
|
|
|
/////////////////////////////////////////////////////////////////////////////
|
|
|
|
|
|
2014-09-22 21:30:52 +00:00
|
|
|
friend class DBHandleTests;
|
|
|
|
|
friend class QueryTests;
|
2014-09-19 08:54:33 +00:00
|
|
|
friend class EventsDatabaseTests;
|
2014-07-31 00:35:19 +00:00
|
|
|
};
|
2014-08-15 07:25:30 +00:00
|
|
|
}
|
