Add store for Kolide ATC and prepare to use it in osquery runner

kolide · Jun 25, 2024 · 1645c4c · 1645c4c
1 parent edc91c6
commit 1645c4c
Show file tree

Hide file tree

Showing 10 changed files with 79 additions and 9 deletions.
diff --git a/cmd/launcher/launcher.go b/cmd/launcher/launcher.go
@@ -71,6 +71,7 @@ const (
 	serverDataSubsystemName  = "kolide_server_data"
 	desktopMenuSubsystemName = "kolide_desktop_menu"
 	authTokensSubsystemName  = "auth_tokens"
+	atcConfigSubsystemName   = "kolide_atc_config"
 )
 
 // runLauncher is the entry point into running launcher. It creates a
@@ -400,6 +401,9 @@ func runLauncher(ctx context.Context, cancel func(), multiSlogger, systemMultiSl
 		controlService.RegisterConsumer(serverDataSubsystemName, keyvalueconsumer.New(k.ServerProvidedDataStore()))
 		// agentFlagConsumer handles agent flags pushed from the control server
 		controlService.RegisterConsumer(agentFlagsSubsystemName, keyvalueconsumer.New(flagController))
+		// atcConfigConsumer handles updates to Kolide's custom ATC tables
+		controlService.RegisterConsumer(atcConfigSubsystemName, keyvalueconsumer.New(k.AtcConfigStore()))
+		controlService.RegisterSubscriber(atcConfigSubsystemName, osqueryRunner)
 
 		runner, err = desktopRunner.New(
 			k,

diff --git a/ee/agent/knapsack/knapsack.go b/ee/agent/knapsack/knapsack.go
@@ -87,6 +87,10 @@ func (k *knapsack) AgentFlagsStore() types.KVStore {
 	return k.getKVStore(storage.AgentFlagsStore)
 }
 
+func (k *knapsack) AtcConfigStore() types.KVStore {
+	return k.getKVStore(storage.AtcConfigStore)
+}
+
 func (k *knapsack) AutoupdateErrorsStore() types.KVStore {
 	return k.getKVStore(storage.AutoupdateErrorsStore)
 }

diff --git a/ee/agent/storage/bbolt/stores_bbolt.go b/ee/agent/storage/bbolt/stores_bbolt.go
@@ -20,6 +20,7 @@ func MakeStores(ctx context.Context, slogger *slog.Logger, db *bbolt.DB) (map[st
 
 	var storeNames = []storage.Store{
 		storage.AgentFlagsStore,
+		storage.AtcConfigStore,
 		storage.AutoupdateErrorsStore,
 		storage.ConfigStore,
 		storage.ControlStore,

diff --git a/ee/agent/storage/ci/stores_ci.go b/ee/agent/storage/ci/stores_ci.go
@@ -18,6 +18,7 @@ import (
 func MakeStores(t *testing.T, slogger *slog.Logger, db *bbolt.DB) (map[storage.Store]types.KVStore, error) {
 	var storeNames = []storage.Store{
 		storage.AgentFlagsStore,
+		storage.AtcConfigStore,
 		storage.AutoupdateErrorsStore,
 		storage.ConfigStore,
 		storage.ControlStore,

diff --git a/ee/agent/storage/stores.go b/ee/agent/storage/stores.go
@@ -5,6 +5,7 @@ type Store string
 
 const (
 	AgentFlagsStore             Store = "agent_flags"              // The store used for agent control flags.
+	AtcConfigStore              Store = "kolide_atc_config"        // The store used for Kolide custom ATC configuration
 	AutoupdateErrorsStore       Store = "tuf_autoupdate_errors"    // The store used for tracking new autoupdater errors.
 	ConfigStore                 Store = "config"                   // The store used for launcher configuration.
 	ControlStore                Store = "control_service_data"     // The store used for control service caching data.

diff --git a/ee/agent/types/mocks/knapsack.go b/ee/agent/types/mocks/knapsack.go
diff --git a/ee/agent/types/stores.go b/ee/agent/types/stores.go
@@ -5,6 +5,7 @@ import "github.com/kolide/launcher/ee/agent/storage"
 type Stores interface {
 	Stores() map[storage.Store]KVStore
 	AgentFlagsStore() KVStore
+	AtcConfigStore() KVStore
 	AutoupdateErrorsStore() KVStore
 	ConfigStore() KVStore
 	ControlStore() KVStore

diff --git a/pkg/osquery/interactive/interactive.go b/pkg/osquery/interactive/interactive.go
@@ -56,7 +56,7 @@ func StartProcess(knapsack types.Knapsack, interactiveRootDir string) (*os.Proce
 	}
 
 	// start building list of osq plugins with the kolide tables
-	osqPlugins := table.PlatformTables(knapsack.Slogger(), knapsack.OsquerydPath())
+	osqPlugins := table.PlatformTables(knapsack, knapsack.Slogger(), knapsack.OsquerydPath())
 
 	osqueryFlags := knapsack.OsqueryFlags()
 	// if we were not provided a config path flag, try to add default config

diff --git a/pkg/osquery/runtime/runner.go b/pkg/osquery/runtime/runner.go
@@ -183,6 +183,21 @@ func (r *Runner) FlagsChanged(flagKeys ...keys.FlagKey) {
 	}
 }
 
+// Ping satisfies the control.subscriber interface -- the runner subscribes to changes to
+// the kolide_atc_config subsystem.
+func (r *Runner) Ping() {
+	r.slogger.Log(context.TODO(), slog.LevelDebug,
+		"Kolide ATC configuration changed, restarting instance to apply",
+	)
+
+	if err := r.Restart(); err != nil {
+		r.slogger.Log(context.TODO(), slog.LevelError,
+			"could not restart osquery instance after Kolide ATC configuration changed",
+			"err", err,
+		)
+	}
+}
+
 // Restart allows you to cleanly shutdown the current instance and launch a new
 // instance with the same configurations.
 func (r *Runner) Restart() error {
@@ -469,7 +484,7 @@ func (r *Runner) launchOsqueryInstance() error {
 		)
 	}
 
-	// Now spawn an extension manage to for the tables. We need to
+	// Now spawn an extension manager for the tables. We need to
 	// start this one in the background, because the runner.Start
 	// function needs to return promptly enough for osquery to use
 	// it to enroll. Very racy
@@ -482,7 +497,7 @@ func (r *Runner) launchOsqueryInstance() error {
 			"errgroup", "kolide extension manager server launch",
 		)
 
-		plugins := table.PlatformTables(r.knapsack.Slogger().With("component", "platform_tables"), currentOsquerydBinaryPath)
+		plugins := table.PlatformTables(r.knapsack, r.knapsack.Slogger().With("component", "platform_tables"), currentOsquerydBinaryPath)
 
 		if len(plugins) == 0 {
 			return nil

diff --git a/pkg/osquery/table/table.go b/pkg/osquery/table/table.go
@@ -1,6 +1,7 @@
 package table
 
 import (
+	"context"
 	"log/slog"
 
 	"github.com/kolide/launcher/ee/agent/types"
@@ -37,7 +38,7 @@ func LauncherTables(k types.Knapsack) []osquery.OsqueryPlugin {
 }
 
 // PlatformTables returns all tables for the launcher build platform.
-func PlatformTables(slogger *slog.Logger, currentOsquerydBinaryPath string) []osquery.OsqueryPlugin {
+func PlatformTables(k types.Knapsack, slogger *slog.Logger, currentOsquerydBinaryPath string) []osquery.OsqueryPlugin {
 	// Common tables to all platforms
 	tables := []osquery.OsqueryPlugin{
 		ChromeLoginDataEmails(slogger),
@@ -65,5 +66,30 @@ func PlatformTables(slogger *slog.Logger, currentOsquerydBinaryPath string) []os
 	// add in the platform specific ones (as denoted by build tags)
 	tables = append(tables, platformSpecificTables(slogger, currentOsquerydBinaryPath)...)
 
+	// Add in the Kolide custom ATC tables
+	tables = append(tables, kolideCustomAtcTables(k, slogger)...)
+
 	return tables
 }
+
+// kolideCustomAtcTables will handle indexeddb tables and others in the future. For now,
+// it just logs the config.
+func kolideCustomAtcTables(k types.Knapsack, slogger *slog.Logger) []osquery.OsqueryPlugin {
+	loggableConfig := make(map[string]string)
+	if err := k.AtcConfigStore().ForEach(func(k []byte, v []byte) error {
+		loggableConfig[string(k)] = string(v)
+		return nil
+	}); err != nil {
+		slogger.Log(context.TODO(), slog.LevelDebug,
+			"could not retrieve contents of Kolide ATC config store",
+			"err", err,
+		)
+		return nil
+	}
+
+	slogger.Log(context.TODO(), slog.LevelDebug,
+		"retrieved contents of Kolide ATC config store",
+		"config", loggableConfig,
+	)
+	return nil
+}