From 691a668dc5ee3d0fea13628634991384dfca57cf Mon Sep 17 00:00:00 2001 From: Rebecca Mahany-Horton Date: Fri, 16 Feb 2024 14:50:22 -0500 Subject: [PATCH] [slogger] Move platform tables (some shared, some Darwin) to use slogger partially or fully (#1609) --- ee/tables/airport/table_darwin.go | 44 +++++++++------ ee/tables/airport/table_darwin_test.go | 5 +- .../apple_silicon_security_policy/table.go | 24 ++++++--- ee/tables/cryptoinfotable/table.go | 19 ++++--- ee/tables/dev_table_tooling/table.go | 25 ++++++--- ee/tables/dev_table_tooling/table_test.go | 3 +- ee/tables/filevault/filevault.go | 15 ++++-- ee/tables/firefox_preferences/table.go | 29 +++++----- ee/tables/firefox_preferences/table_test.go | 4 +- ee/tables/ioreg/ioreg.go | 23 +++++--- .../available_products_table.go | 12 +++-- .../recommended_updates_table.go | 15 ++++-- ee/tables/mdmclient/mdmclient.go | 35 ++++++++---- ee/tables/mdmclient/mdmclient_test.go | 3 +- ee/tables/munki/munki.go | 5 +- ee/tables/osquery_user_exec_table/table.go | 10 ++-- ee/tables/profiles/profiles.go | 22 +++++--- ee/tables/pwpolicy/pwpolicy.go | 23 +++++--- ee/tables/pwpolicy/pwpolicy_test.go | 6 ++- ee/tables/spotlight/spotlight.go | 9 ++-- ee/tables/systemprofiler/systemprofiler.go | 32 +++++++---- .../tablehelpers/exec_osquery_launchctl.go | 13 +++-- ee/tables/tdebug/gc.go | 20 ++++--- ee/tables/zfs/tables.go | 26 +++++---- pkg/osquery/interactive/interactive.go | 3 +- pkg/osquery/runtime/runner.go | 2 +- pkg/osquery/table/chrome_login_data_emails.go | 19 ++++--- pkg/osquery/table/chrome_login_keychain.go | 16 +++--- pkg/osquery/table/chrome_user_profiles.go | 19 ++++--- pkg/osquery/table/gdrive_sync.go | 15 +++--- pkg/osquery/table/gdrive_sync_history.go | 16 +++--- pkg/osquery/table/keyinfo.go | 17 +++--- pkg/osquery/table/mdm.go | 3 +- pkg/osquery/table/onepassword_config.go | 19 ++++--- pkg/osquery/table/platform_tables_darwin.go | 54 ++++++++++--------- pkg/osquery/table/platform_tables_linux.go | 10 ++-- pkg/osquery/table/platform_tables_windows.go | 7 +-- pkg/osquery/table/slack_config.go | 19 ++++--- pkg/osquery/table/sshkeys.go | 24 ++++----- pkg/osquery/table/table.go | 26 ++++----- pkg/osquery/table/table_util.go | 21 ++++---- pkg/osquery/table/touchid_system_darwin.go | 19 ++++--- pkg/osquery/table/touchid_user_darwin.go | 33 ++++++------ pkg/osquery/table/user_avatar_darwin.go | 18 +++---- 44 files changed, 450 insertions(+), 332 deletions(-) diff --git a/ee/tables/airport/table_darwin.go b/ee/tables/airport/table_darwin.go index ba9d16189..f7c216a19 100644 --- a/ee/tables/airport/table_darwin.go +++ b/ee/tables/airport/table_darwin.go @@ -9,10 +9,10 @@ import ( "context" "fmt" "io" + "log/slog" "strings" "github.com/go-kit/kit/log" - "github.com/go-kit/kit/log/level" "github.com/kolide/launcher/ee/allowedcmd" "github.com/kolide/launcher/ee/dataflatten" "github.com/kolide/launcher/ee/tables/dataflattentable" @@ -25,28 +25,31 @@ var ( ) type Table struct { - name string - logger log.Logger + name string + slogger *slog.Logger + logger log.Logger // preserved only for temporary use in dataflattentable and tablehelpers.Exec } const tableName = "kolide_airport_util" -func TablePlugin(logger log.Logger) *table.Plugin { +func TablePlugin(slogger *slog.Logger, logger log.Logger) *table.Plugin { columns := dataflattentable.Columns( table.TextColumn("option"), ) t := &Table{ - name: tableName, - logger: logger, + name: tableName, + slogger: slogger.With("name", tableName), + logger: logger, } return table.NewPlugin(t.name, columns, t.generate) } type airportExecutor struct { - ctx context.Context // nolint:containedctx - logger log.Logger + ctx context.Context // nolint:containedctx + slogger *slog.Logger + logger log.Logger // preserved only for temporary use in dataflattentable and tablehelpers.Exec } func (a *airportExecutor) Exec(option string) ([]byte, error) { @@ -60,14 +63,15 @@ type executor interface { func (t *Table) generate(ctx context.Context, queryContext table.QueryContext) ([]map[string]string, error) { airportExecutor := &airportExecutor{ - ctx: ctx, - logger: t.logger, + ctx: ctx, + slogger: t.slogger, + logger: t.logger, } - return generateAirportData(queryContext, airportExecutor, t.logger) + return generateAirportData(queryContext, airportExecutor, t.slogger, t.logger) } -func generateAirportData(queryContext table.QueryContext, airportExecutor executor, logger log.Logger) ([]map[string]string, error) { +func generateAirportData(queryContext table.QueryContext, airportExecutor executor, slogger *slog.Logger, logger log.Logger) ([]map[string]string, error) { options := tablehelpers.GetConstraints(queryContext, "option", tablehelpers.WithAllowedValues(allowedOptions)) if len(options) == 0 { @@ -78,13 +82,21 @@ func generateAirportData(queryContext table.QueryContext, airportExecutor execut for _, option := range options { airportOutput, err := airportExecutor.Exec(option) if err != nil { - level.Debug(logger).Log("msg", "Error execing airport", "option", option, "err", err) + slogger.Log(context.TODO(), slog.LevelDebug, + "error execing airport", + "option", option, + "err", err, + ) continue } - optionResult, err := processAirportOutput(bytes.NewReader(airportOutput), option, queryContext, logger) + optionResult, err := processAirportOutput(bytes.NewReader(airportOutput), option, queryContext, slogger, logger) if err != nil { - level.Debug(logger).Log("msg", "Error processing airport output", "option", option, "err", err) + slogger.Log(context.TODO(), slog.LevelDebug, + "error processing airport output", + "option", option, + "err", err, + ) continue } results = append(results, optionResult...) @@ -93,7 +105,7 @@ func generateAirportData(queryContext table.QueryContext, airportExecutor execut return results, nil } -func processAirportOutput(airportOutput io.Reader, option string, queryContext table.QueryContext, logger log.Logger) ([]map[string]string, error) { +func processAirportOutput(airportOutput io.Reader, option string, queryContext table.QueryContext, slogger *slog.Logger, logger log.Logger) ([]map[string]string, error) { var results []map[string]string var unmarshalledOutput []map[string]interface{} diff --git a/ee/tables/airport/table_darwin_test.go b/ee/tables/airport/table_darwin_test.go index 51f475ab8..b28a00fe1 100644 --- a/ee/tables/airport/table_darwin_test.go +++ b/ee/tables/airport/table_darwin_test.go @@ -14,6 +14,7 @@ import ( "github.com/go-kit/kit/log" "github.com/kolide/launcher/ee/tables/airport/mocks" "github.com/kolide/launcher/ee/tables/tablehelpers" + "github.com/kolide/launcher/pkg/log/multislogger" "github.com/osquery/osquery-go/plugin/table" "github.com/stretchr/testify/assert" @@ -100,7 +101,7 @@ func Test_generateAirportData_HappyPath(t *testing.T) { constraints["query"] = []string{tt.query} } - got, err := generateAirportData(tablehelpers.MockQueryContext(constraints), executor, log.NewNopLogger()) + got, err := generateAirportData(tablehelpers.MockQueryContext(constraints), executor, multislogger.New().Logger, log.NewNopLogger()) require.NoError(t, err) executor.AssertExpectations(t) @@ -218,7 +219,7 @@ func Test_generateAirportData_EdgeCases(t *testing.T) { executor.On("Exec", mock.Anything).Return(tt.execReturn()).Once() - got, err := generateAirportData(tt.args.queryContext, executor, log.NewNopLogger()) + got, err := generateAirportData(tt.args.queryContext, executor, multislogger.New().Logger, log.NewNopLogger()) tt.assertion(t, err) assert.Equal(t, tt.want, got) }) diff --git a/ee/tables/apple_silicon_security_policy/table.go b/ee/tables/apple_silicon_security_policy/table.go index 63b90b90d..75ef84383 100644 --- a/ee/tables/apple_silicon_security_policy/table.go +++ b/ee/tables/apple_silicon_security_policy/table.go @@ -6,10 +6,10 @@ package apple_silicon_security_policy import ( "bytes" "context" + "log/slog" "strings" "github.com/go-kit/kit/log" - "github.com/go-kit/kit/log/level" "github.com/kolide/launcher/ee/allowedcmd" "github.com/kolide/launcher/ee/dataflatten" "github.com/kolide/launcher/ee/tables/dataflattentable" @@ -20,16 +20,18 @@ import ( const bootPolicyUtilArgs = "--display-all-policies" type Table struct { - logger log.Logger + logger log.Logger // preserved only for temporary use in dataflattentable and tablehelpers.Exec + slogger *slog.Logger } -func TablePlugin(logger log.Logger) *table.Plugin { +func TablePlugin(slogger *slog.Logger, logger log.Logger) *table.Plugin { columns := dataflattentable.Columns() tableName := "kolide_apple_silicon_security_policy" t := &Table{ - logger: log.With(logger, "table", tableName), + slogger: slogger.With("table", tableName), + logger: log.With(logger, "table", tableName), } return table.NewPlugin(tableName, columns, t.generate) @@ -40,12 +42,17 @@ func (t *Table) generate(ctx context.Context, queryContext table.QueryContext) ( output, err := tablehelpers.Exec(ctx, t.logger, 30, allowedcmd.Bputil, []string{bootPolicyUtilArgs}, false) if err != nil { - level.Info(t.logger).Log("msg", "bputil failed", "err", err) + t.slogger.Log(ctx, slog.LevelInfo, + "bputil failed", + "err", err, + ) return nil, nil } if len(output) == 0 { - level.Info(t.logger).Log("msg", "No bputil data to parse") + t.slogger.Log(ctx, slog.LevelInfo, + "no bputil data to parse", + ) return nil, nil } @@ -54,7 +61,10 @@ func (t *Table) generate(ctx context.Context, queryContext table.QueryContext) ( for _, dataQuery := range tablehelpers.GetConstraints(queryContext, "query", tablehelpers.WithDefaults("*")) { flattened, err := dataflatten.Flatten(data, dataflatten.WithLogger(t.logger), dataflatten.WithQuery(strings.Split(dataQuery, "/"))) if err != nil { - level.Info(t.logger).Log("msg", "Error flattening data", "err", err) + t.slogger.Log(ctx, slog.LevelInfo, + "error flattening data", + "err", err, + ) return nil, nil } results = append(results, dataflattentable.ToMap(flattened, dataQuery, nil)...) diff --git a/ee/tables/cryptoinfotable/table.go b/ee/tables/cryptoinfotable/table.go index 53b8216cd..ec414e3ae 100644 --- a/ee/tables/cryptoinfotable/table.go +++ b/ee/tables/cryptoinfotable/table.go @@ -5,12 +5,12 @@ import ( "encoding/json" "errors" "fmt" + "log/slog" "os" "path/filepath" "strings" "github.com/go-kit/kit/log" - "github.com/go-kit/kit/log/level" "github.com/kolide/launcher/ee/cryptoinfo" "github.com/kolide/launcher/ee/dataflatten" "github.com/kolide/launcher/ee/tables/dataflattentable" @@ -19,17 +19,19 @@ import ( ) type Table struct { - logger log.Logger + logger log.Logger // preserved only temporarily for dataflattentable usage + slogger *slog.Logger } -func TablePlugin(logger log.Logger) *table.Plugin { +func TablePlugin(slogger *slog.Logger, logger log.Logger) *table.Plugin { columns := dataflattentable.Columns( table.TextColumn("passphrase"), table.TextColumn("path"), ) t := &Table{ - logger: logger, + slogger: slogger, + logger: logger, } return table.NewPlugin("kolide_cryptoinfo", columns, t.generate) @@ -48,7 +50,10 @@ func (t *Table) generate(ctx context.Context, queryContext table.QueryContext) ( // We take globs in via the sql %, but glob needs *. So convert. filePaths, err := filepath.Glob(strings.ReplaceAll(requestedPath, `%`, `*`)) if err != nil { - level.Info(t.logger).Log("msg", "bad file glob", "err", err) + t.slogger.Log(ctx, slog.LevelInfo, + "bad file glob", + "err", err, + ) continue } @@ -64,8 +69,8 @@ func (t *Table) generate(ctx context.Context, queryContext table.QueryContext) ( flatData, err := flattenCryptoInfo(filePath, passphrase, flattenOpts...) if err != nil { - level.Info(t.logger).Log( - "msg", "failed to get data for path", + t.slogger.Log(ctx, slog.LevelInfo, + "failed to get data for path", "path", filePath, "err", err, ) diff --git a/ee/tables/dev_table_tooling/table.go b/ee/tables/dev_table_tooling/table.go index 5e4edcaaa..9e5b04284 100644 --- a/ee/tables/dev_table_tooling/table.go +++ b/ee/tables/dev_table_tooling/table.go @@ -3,10 +3,10 @@ package dev_table_tooling import ( "context" "encoding/base64" + "log/slog" "strings" "github.com/go-kit/kit/log" - "github.com/go-kit/kit/log/level" "github.com/kolide/launcher/ee/allowedcmd" "github.com/kolide/launcher/ee/tables/tablehelpers" "github.com/osquery/osquery-go/plugin/table" @@ -20,10 +20,11 @@ type allowedCommand struct { } type Table struct { - logger log.Logger + logger log.Logger // preserved temporarily only for tablehelpers.Exec usage + slogger *slog.Logger } -func TablePlugin(logger log.Logger) *table.Plugin { +func TablePlugin(slogger *slog.Logger, logger log.Logger) *table.Plugin { columns := []table.ColumnDefinition{ table.TextColumn("name"), table.TextColumn("args"), @@ -34,7 +35,8 @@ func TablePlugin(logger log.Logger) *table.Plugin { tableName := "kolide_dev_table_tooling" t := &Table{ - logger: log.With(logger, "table", tableName), + slogger: slogger.With("table", tableName), + logger: log.With(logger, "table", tableName), } return table.NewPlugin(tableName, columns, t.generate) @@ -45,14 +47,19 @@ func (t *Table) generate(ctx context.Context, queryContext table.QueryContext) ( for _, name := range tablehelpers.GetConstraints(queryContext, "name", tablehelpers.WithDefaults("")) { if name == "" { - level.Info(t.logger).Log("msg", "Command name must not be blank") + t.slogger.Log(ctx, slog.LevelInfo, + "received blank command name, skipping", + ) continue } cmd, ok := allowedCommands[name] if !ok { - level.Info(t.logger).Log("msg", "Command not allowed", "name", name) + t.slogger.Log(ctx, slog.LevelInfo, + "command not allowed", + "name", name, + ) continue } @@ -64,7 +71,11 @@ func (t *Table) generate(ctx context.Context, queryContext table.QueryContext) ( } if output, err := tablehelpers.Exec(ctx, t.logger, 30, cmd.bin, cmd.args, false); err != nil { - level.Info(t.logger).Log("msg", "execution failed", "name", name, "err", err) + t.slogger.Log(ctx, slog.LevelInfo, + "execution failed", + "name", name, + "err", err, + ) result["error"] = err.Error() } else { result["output"] = base64.StdEncoding.EncodeToString(output) diff --git a/ee/tables/dev_table_tooling/table_test.go b/ee/tables/dev_table_tooling/table_test.go index 9c3771906..d69d729f6 100644 --- a/ee/tables/dev_table_tooling/table_test.go +++ b/ee/tables/dev_table_tooling/table_test.go @@ -9,6 +9,7 @@ import ( "github.com/go-kit/kit/log" "github.com/kolide/launcher/ee/tables/tablehelpers" + "github.com/kolide/launcher/pkg/log/multislogger" "github.com/stretchr/testify/assert" ) @@ -34,7 +35,7 @@ func Test_generate(t *testing.T) { }, } - table := Table{logger: log.NewNopLogger()} + table := Table{logger: log.NewNopLogger(), slogger: multislogger.New().Logger} for _, tt := range tests { tt := tt diff --git a/ee/tables/filevault/filevault.go b/ee/tables/filevault/filevault.go index f751c1b1b..0d85e869b 100644 --- a/ee/tables/filevault/filevault.go +++ b/ee/tables/filevault/filevault.go @@ -6,11 +6,11 @@ package filevault import ( "context" "fmt" + "log/slog" "os" "strings" "github.com/go-kit/kit/log" - "github.com/go-kit/kit/log/level" "github.com/kolide/launcher/ee/allowedcmd" "github.com/kolide/launcher/ee/tables/tablehelpers" "github.com/osquery/osquery-go/plugin/table" @@ -18,16 +18,18 @@ import ( ) type Table struct { - logger log.Logger + slogger *slog.Logger + logger log.Logger // preserved only for temporary use in tablehelpers.Exec } -func TablePlugin(logger log.Logger) *table.Plugin { +func TablePlugin(slogger *slog.Logger, logger log.Logger) *table.Plugin { columns := []table.ColumnDefinition{ table.TextColumn("status"), } t := &Table{ - logger: logger, + slogger: slogger.With("table", "kolide_filevault"), + logger: logger, } return table.NewPlugin("kolide_filevault", columns, t.generate) @@ -36,7 +38,10 @@ func TablePlugin(logger log.Logger) *table.Plugin { func (t *Table) generate(ctx context.Context, queryContext table.QueryContext) ([]map[string]string, error) { output, err := tablehelpers.Exec(ctx, t.logger, 10, allowedcmd.Fdesetup, []string{"status"}, false) if err != nil { - level.Info(t.logger).Log("msg", "fdesetup failed", "err", err) + t.slogger.Log(ctx, slog.LevelInfo, + "fdesetup failed", + "err", err, + ) // Don't error out if the binary isn't found if os.IsNotExist(errors.Cause(err)) { diff --git a/ee/tables/firefox_preferences/table.go b/ee/tables/firefox_preferences/table.go index bdc80e154..4117cb787 100644 --- a/ee/tables/firefox_preferences/table.go +++ b/ee/tables/firefox_preferences/table.go @@ -3,13 +3,11 @@ package firefox_preferences import ( "bufio" "context" - "fmt" + "log/slog" "os" "regexp" "strings" - "github.com/go-kit/kit/log" - "github.com/go-kit/kit/log/level" "github.com/kolide/launcher/ee/dataflatten" "github.com/kolide/launcher/ee/tables/dataflattentable" "github.com/kolide/launcher/ee/tables/tablehelpers" @@ -17,8 +15,8 @@ import ( ) type Table struct { - name string - logger log.Logger + name string + slogger *slog.Logger } const tableName = "kolide_firefox_preferences" @@ -35,14 +33,14 @@ const tableName = "kolide_firefox_preferences" // https://github.com/hansmi/go-mozpref var re = regexp.MustCompile(`^user_pref\("([^,]+)",\s*"?(.*?)"?\);$`) -func TablePlugin(logger log.Logger) *table.Plugin { +func TablePlugin(slogger *slog.Logger) *table.Plugin { columns := dataflattentable.Columns( table.TextColumn("path"), ) t := &Table{ - name: tableName, - logger: logger, + name: tableName, + slogger: slogger.With("table", tableName), } return table.NewPlugin(t.name, columns, t.generate) @@ -54,9 +52,8 @@ func (t *Table) generate(ctx context.Context, queryContext table.QueryContext) ( filePaths := tablehelpers.GetConstraints(queryContext, "path") if len(filePaths) == 0 { - level.Info(t.logger).Log( - "msg", fmt.Sprintf("no path provided to %s", tableName), - "table", tableName, + t.slogger.Log(ctx, slog.LevelInfo, + "no path provided", ) return results, nil } @@ -69,9 +66,8 @@ func (t *Table) generate(ctx context.Context, queryContext table.QueryContext) ( file, err := os.Open(filePath) if err != nil { - level.Info(t.logger).Log( - "msg", "failed to open file", - "table", tableName, + t.slogger.Log(ctx, slog.LevelInfo, + "failed to open file", "path", filePath, "err", err, ) @@ -103,9 +99,8 @@ func (t *Table) generate(ctx context.Context, queryContext table.QueryContext) ( flatData, err := dataflatten.Flatten(rawKeyVals, flattenOpts...) if err != nil { - level.Debug(t.logger).Log( - "msg", "failed to flatten data for path", - "table", tableName, + t.slogger.Log(ctx, slog.LevelDebug, + "failed to flatten data for path", "path", filePath, "err", err, ) diff --git a/ee/tables/firefox_preferences/table_test.go b/ee/tables/firefox_preferences/table_test.go index 532b0ff54..86165a75d 100644 --- a/ee/tables/firefox_preferences/table_test.go +++ b/ee/tables/firefox_preferences/table_test.go @@ -7,8 +7,8 @@ import ( "path" "testing" - "github.com/go-kit/kit/log" "github.com/kolide/launcher/ee/tables/tablehelpers" + "github.com/kolide/launcher/pkg/log/multislogger" "github.com/stretchr/testify/assert" "github.com/stretchr/testify/require" ) @@ -48,7 +48,7 @@ func Test_generate(t *testing.T) { }, } - table := Table{logger: log.NewNopLogger()} + table := Table{slogger: multislogger.New().Logger} for _, tt := range tests { tt := tt diff --git a/ee/tables/ioreg/ioreg.go b/ee/tables/ioreg/ioreg.go index 624fa9ce3..84416178a 100644 --- a/ee/tables/ioreg/ioreg.go +++ b/ee/tables/ioreg/ioreg.go @@ -11,10 +11,10 @@ package ioreg import ( "context" + "log/slog" "strings" "github.com/go-kit/kit/log" - "github.com/go-kit/kit/log/level" "github.com/kolide/launcher/ee/allowedcmd" "github.com/kolide/launcher/ee/dataflatten" "github.com/kolide/launcher/ee/tables/dataflattentable" @@ -25,11 +25,12 @@ import ( const allowedCharacters = "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789" type Table struct { - logger log.Logger + slogger *slog.Logger + logger log.Logger // preserved only for temporary use in dataflattentable and tablehelpers.Exec tableName string } -func TablePlugin(logger log.Logger) *table.Plugin { +func TablePlugin(slogger *slog.Logger, logger log.Logger) *table.Plugin { columns := dataflattentable.Columns( // ioreg input options. These match the ioreg @@ -43,6 +44,7 @@ func TablePlugin(logger log.Logger) *table.Plugin { ) t := &Table{ + slogger: slogger.With("table", "kolide_ioreg"), logger: logger, tableName: "kolide_ioreg", } @@ -93,7 +95,10 @@ func (t *Table) generate(ctx context.Context, queryContext table.QueryContext) ( case "1": ioregArgs = append(ioregArgs, "-r") default: - level.Info(t.logger).Log("msg", "r should be blank, 0, or 1") + t.slogger.Log(ctx, slog.LevelInfo, + "r should be blank, 0, or 1", + "r_value", ioR, + ) continue } @@ -102,13 +107,19 @@ func (t *Table) generate(ctx context.Context, queryContext table.QueryContext) ( ioregOutput, err := tablehelpers.Exec(ctx, t.logger, 30, allowedcmd.Ioreg, ioregArgs, false) if err != nil { - level.Info(t.logger).Log("msg", "ioreg failed", "err", err) + t.slogger.Log(ctx, slog.LevelInfo, + "ioreg failed", + "err", err, + ) continue } flatData, err := t.flattenOutput(dataQuery, ioregOutput) if err != nil { - level.Info(t.logger).Log("msg", "flatten failed", "err", err) + t.slogger.Log(ctx, slog.LevelInfo, + "flatten failed", + "err", err, + ) continue } diff --git a/ee/tables/macos_software_update/available_products_table.go b/ee/tables/macos_software_update/available_products_table.go index b6e949958..acec9ac94 100644 --- a/ee/tables/macos_software_update/available_products_table.go +++ b/ee/tables/macos_software_update/available_products_table.go @@ -13,11 +13,11 @@ import ( ) import ( "context" + "log/slog" "strings" "time" "github.com/go-kit/kit/log" - "github.com/go-kit/kit/log/level" "github.com/kolide/launcher/ee/dataflatten" "github.com/kolide/launcher/ee/tables/dataflattentable" "github.com/kolide/launcher/ee/tables/tablehelpers" @@ -27,13 +27,14 @@ import ( var productsData []map[string]interface{} var cachedTime time.Time -func AvailableProducts(logger log.Logger) *table.Plugin { +func AvailableProducts(slogger *slog.Logger, logger log.Logger) *table.Plugin { columns := dataflattentable.Columns() tableName := "kolide_macos_available_products" t := &Table{ - logger: log.With(logger, "table", tableName), + slogger: slogger.With("table", tableName), + logger: log.With(logger, "table", tableName), } return table.NewPlugin(tableName, columns, t.generateAvailableProducts) @@ -47,7 +48,10 @@ func (t *Table) generateAvailableProducts(ctx context.Context, queryContext tabl for _, dataQuery := range tablehelpers.GetConstraints(queryContext, "query", tablehelpers.WithDefaults("*")) { flattened, err := dataflatten.Flatten(data, dataflatten.WithLogger(t.logger), dataflatten.WithQuery(strings.Split(dataQuery, "/"))) if err != nil { - level.Info(t.logger).Log("msg", "Error flattening data", "err", err) + t.slogger.Log(ctx, slog.LevelInfo, + "error flattening data", + "err", err, + ) return nil, nil } results = append(results, dataflattentable.ToMap(flattened, dataQuery, nil)...) diff --git a/ee/tables/macos_software_update/recommended_updates_table.go b/ee/tables/macos_software_update/recommended_updates_table.go index 13f807350..68963ebaf 100644 --- a/ee/tables/macos_software_update/recommended_updates_table.go +++ b/ee/tables/macos_software_update/recommended_updates_table.go @@ -13,10 +13,10 @@ import ( ) import ( "context" + "log/slog" "strings" "github.com/go-kit/kit/log" - "github.com/go-kit/kit/log/level" "github.com/kolide/launcher/ee/dataflatten" "github.com/kolide/launcher/ee/tables/dataflattentable" "github.com/kolide/launcher/ee/tables/tablehelpers" @@ -26,16 +26,18 @@ import ( var updatesData []map[string]interface{} type Table struct { - logger log.Logger + slogger *slog.Logger + logger log.Logger // preserved only temporarily for dataflattentable } -func RecommendedUpdates(logger log.Logger) *table.Plugin { +func RecommendedUpdates(slogger *slog.Logger, logger log.Logger) *table.Plugin { columns := dataflattentable.Columns() tableName := "kolide_macos_recommended_updates" t := &Table{ - logger: log.With(logger, "table", tableName), + slogger: slogger.With("table", tableName), + logger: log.With(logger, "table", tableName), } return table.NewPlugin(tableName, columns, t.generate) @@ -49,7 +51,10 @@ func (t *Table) generate(ctx context.Context, queryContext table.QueryContext) ( for _, dataQuery := range tablehelpers.GetConstraints(queryContext, "query", tablehelpers.WithDefaults("*")) { flattened, err := dataflatten.Flatten(data, dataflatten.WithLogger(t.logger), dataflatten.WithQuery(strings.Split(dataQuery, "/"))) if err != nil { - level.Info(t.logger).Log("msg", "Error flattening data", "err", err) + t.slogger.Log(ctx, slog.LevelInfo, + "error flattening data", + "err", err, + ) return nil, nil } results = append(results, dataflattentable.ToMap(flattened, dataQuery, nil)...) diff --git a/ee/tables/mdmclient/mdmclient.go b/ee/tables/mdmclient/mdmclient.go index 63316f119..ac456712c 100644 --- a/ee/tables/mdmclient/mdmclient.go +++ b/ee/tables/mdmclient/mdmclient.go @@ -10,11 +10,11 @@ import ( "bytes" "context" "fmt" + "log/slog" "regexp" "strings" "github.com/go-kit/kit/log" - "github.com/go-kit/kit/log/level" "github.com/kolide/launcher/ee/allowedcmd" "github.com/kolide/launcher/ee/dataflatten" "github.com/kolide/launcher/ee/tables/dataflattentable" @@ -49,16 +49,18 @@ var headerRegex = regexp.MustCompile(`^=== CPF_GetInstalledProfiles === \( 1 { - level.Info(t.logger).Log("msg", "WARNING: Only using the first detaillevel request") + t.slogger.Log(ctx, slog.LevelWarn, + "received multiple detaillevel constraints, only using the first one", + ) } dl := q.Constraints[0].Expression @@ -141,16 +146,16 @@ func (t *Table) generate(ctx context.Context, queryContext table.QueryContext) ( if q, ok := queryContext.Constraints["query"]; ok && len(q.Constraints) != 0 { for _, constraint := range q.Constraints { dataQuery := constraint.Expression - results = append(results, t.getRowsFromOutput(dataQuery, detailLevel, systemProfilerOutput)...) + results = append(results, t.getRowsFromOutput(ctx, dataQuery, detailLevel, systemProfilerOutput)...) } } else { - results = append(results, t.getRowsFromOutput("", detailLevel, systemProfilerOutput)...) + results = append(results, t.getRowsFromOutput(ctx, "", detailLevel, systemProfilerOutput)...) } return results, nil } -func (t *Table) getRowsFromOutput(dataQuery, detailLevel string, systemProfilerOutput []byte) []map[string]string { +func (t *Table) getRowsFromOutput(ctx context.Context, dataQuery, detailLevel string, systemProfilerOutput []byte) []map[string]string { var results []map[string]string flattenOpts := []dataflatten.FlattenOpts{ @@ -160,7 +165,10 @@ func (t *Table) getRowsFromOutput(dataQuery, detailLevel string, systemProfilerO var systemProfilerResults []Result if err := plist.Unmarshal(systemProfilerOutput, &systemProfilerResults); err != nil { - level.Info(t.logger).Log("msg", "error unmarshalling system_profile output", "err", err) + t.slogger.Log(ctx, slog.LevelInfo, + "error unmarshalling system_profile output", + "err", err, + ) return nil } @@ -170,7 +178,10 @@ func (t *Table) getRowsFromOutput(dataQuery, detailLevel string, systemProfilerO flatData, err := dataflatten.Flatten(systemProfilerResult.Items, flattenOpts...) if err != nil { - level.Info(t.logger).Log("msg", "failure flattening system_profile output", "err", err) + t.slogger.Log(ctx, slog.LevelInfo, + "failure flattening system_profile output", + "err", err, + ) continue } @@ -212,7 +223,10 @@ func (t *Table) execSystemProfiler(ctx context.Context, detailLevel string, subc cmd.Stdout = &stdout cmd.Stderr = &stderr - level.Debug(t.logger).Log("msg", "calling system_profiler", "args", cmd.Args) + t.slogger.Log(ctx, slog.LevelDebug, + "calling system_profiler", + "args", cmd.Args, + ) if err := cmd.Run(); err != nil { return nil, fmt.Errorf("calling system_profiler. Got: %s: %w", stderr.String(), err) diff --git a/ee/tables/tablehelpers/exec_osquery_launchctl.go b/ee/tables/tablehelpers/exec_osquery_launchctl.go index e9b51c285..e38cff32d 100644 --- a/ee/tables/tablehelpers/exec_osquery_launchctl.go +++ b/ee/tables/tablehelpers/exec_osquery_launchctl.go @@ -8,18 +8,17 @@ import ( "context" "encoding/json" "fmt" + "log/slog" "os" "os/user" "time" - "github.com/go-kit/kit/log" - "github.com/go-kit/kit/log/level" "github.com/kolide/launcher/ee/agent" "github.com/kolide/launcher/ee/allowedcmd" ) // ExecOsqueryLaunchctl runs osquery under launchctl, in a user context. -func ExecOsqueryLaunchctl(ctx context.Context, logger log.Logger, timeoutSeconds int, username string, osqueryPath string, query string) ([]byte, error) { +func ExecOsqueryLaunchctl(ctx context.Context, timeoutSeconds int, username string, osqueryPath string, query string) ([]byte, error) { ctx, cancel := context.WithTimeout(ctx, time.Duration(timeoutSeconds)*time.Second) defer cancel() @@ -68,8 +67,8 @@ func ExecOsqueryLaunchctl(ctx context.Context, logger log.Logger, timeoutSeconds } -func ExecOsqueryLaunchctlParsed(ctx context.Context, logger log.Logger, timeoutSeconds int, username string, osqueryPath string, query string) ([]map[string]string, error) { - outBytes, err := ExecOsqueryLaunchctl(ctx, logger, timeoutSeconds, username, osqueryPath, query) +func ExecOsqueryLaunchctlParsed(ctx context.Context, slogger *slog.Logger, timeoutSeconds int, username string, osqueryPath string, query string) ([]map[string]string, error) { + outBytes, err := ExecOsqueryLaunchctl(ctx, timeoutSeconds, username, osqueryPath, query) if err != nil { return nil, err } @@ -77,8 +76,8 @@ func ExecOsqueryLaunchctlParsed(ctx context.Context, logger log.Logger, timeoutS var osqueryResults []map[string]string if err := json.Unmarshal(outBytes, &osqueryResults); err != nil { - level.Info(logger).Log( - "msg", "error unmarshalling json", + slogger.Log(ctx, slog.LevelInfo, + "error unmarshalling json", "err", err, "stdout", string(outBytes), ) diff --git a/ee/tables/tdebug/gc.go b/ee/tables/tdebug/gc.go index 054030af2..25c848a80 100644 --- a/ee/tables/tdebug/gc.go +++ b/ee/tables/tdebug/gc.go @@ -4,15 +4,14 @@ import ( "context" "encoding/json" "fmt" + "log/slog" "runtime/debug" "strings" + "github.com/go-kit/kit/log" "github.com/kolide/launcher/ee/dataflatten" "github.com/kolide/launcher/ee/tables/dataflattentable" "github.com/kolide/launcher/ee/tables/tablehelpers" - - "github.com/go-kit/kit/log" - "github.com/go-kit/kit/log/level" "github.com/osquery/osquery-go/plugin/table" ) @@ -21,15 +20,17 @@ const ( ) type gcTable struct { - logger log.Logger - stats debug.GCStats + logger log.Logger // preserved only for temporary dataflattentable use + slogger *slog.Logger + stats debug.GCStats } -func LauncherGcInfo(logger log.Logger) *table.Plugin { +func LauncherGcInfo(slogger *slog.Logger, logger log.Logger) *table.Plugin { columns := dataflattentable.Columns() t := &gcTable{ - logger: logger, + logger: logger, + slogger: slogger.With("table", gcTableName), } return table.NewPlugin(gcTableName, columns, t.generate) @@ -61,7 +62,10 @@ func (t *gcTable) generate(ctx context.Context, queryContext table.QueryContext) dataflatten.WithQuery(strings.Split(dataQuery, "/")), ) if err != nil { - level.Info(t.logger).Log("msg", "gc flatten failed", "err", err) + t.slogger.Log(ctx, slog.LevelInfo, + "gc flatten failed", + "err", err, + ) continue } results = append(results, dataflattentable.ToMap(flatData, dataQuery, nil)...) diff --git a/ee/tables/zfs/tables.go b/ee/tables/zfs/tables.go index 43e03a9da..73882f167 100644 --- a/ee/tables/zfs/tables.go +++ b/ee/tables/zfs/tables.go @@ -7,12 +7,12 @@ import ( "bufio" "bytes" "context" + "log/slog" "os" "strings" "github.com/go-kit/kit/log" - "github.com/go-kit/kit/log/level" "github.com/kolide/launcher/ee/allowedcmd" "github.com/kolide/launcher/ee/tables/tablehelpers" "github.com/osquery/osquery-go/plugin/table" @@ -22,8 +22,9 @@ import ( const allowedCharacters = "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789_-.@/" type Table struct { - logger log.Logger - cmd allowedcmd.AllowedCommand + slogger *slog.Logger + logger log.Logger // preserved only for temporary use in tablehelpers.Exec + cmd allowedcmd.AllowedCommand } func columns() []table.ColumnDefinition { @@ -35,19 +36,21 @@ func columns() []table.ColumnDefinition { } } -func ZfsPropertiesPlugin(logger log.Logger) *table.Plugin { +func ZfsPropertiesPlugin(slogger *slog.Logger, logger log.Logger) *table.Plugin { t := &Table{ - logger: logger, - cmd: allowedcmd.Zfs, + slogger: slogger.With("table", "kolide_zfs_properties"), + logger: logger, + cmd: allowedcmd.Zfs, } return table.NewPlugin("kolide_zfs_properties", columns(), t.generate) } -func ZpoolPropertiesPlugin(logger log.Logger) *table.Plugin { +func ZpoolPropertiesPlugin(slogger *slog.Logger, logger log.Logger) *table.Plugin { t := &Table{ - logger: logger, - cmd: allowedcmd.Zpool, + slogger: slogger.With("table", "kolide_zpool_properties"), + logger: logger, + cmd: allowedcmd.Zpool, } return table.NewPlugin("kolide_zpool_properties", columns(), t.generate) @@ -84,7 +87,10 @@ func (t *Table) generate(ctx context.Context, queryContext table.QueryContext) ( // ZFS can fail for weird reasons. I've started seeing fedora // machine that ship a zfs userspace, but no kernel driver. So, // only log, don't return the errors. - level.Info(t.logger).Log("msg", "failed to get zfs info", "err", err) + t.slogger.Log(ctx, slog.LevelInfo, + "failed to get zfs info", + "err", err, + ) return nil, nil } diff --git a/pkg/osquery/interactive/interactive.go b/pkg/osquery/interactive/interactive.go index ec198b497..8618891ba 100644 --- a/pkg/osquery/interactive/interactive.go +++ b/pkg/osquery/interactive/interactive.go @@ -10,6 +10,7 @@ import ( "github.com/go-kit/kit/log" "github.com/kolide/kit/fsutil" "github.com/kolide/launcher/pkg/augeas" + "github.com/kolide/launcher/pkg/log/multislogger" osqueryRuntime "github.com/kolide/launcher/pkg/osquery/runtime" "github.com/kolide/launcher/pkg/osquery/table" osquery "github.com/osquery/osquery-go" @@ -117,7 +118,7 @@ func loadExtensions(logger log.Logger, socketPath string, osquerydPath string) ( return extensionManagerServer, fmt.Errorf("error creating extension manager server: %w", err) } - extensionManagerServer.RegisterPlugin(table.PlatformTables(logger, osquerydPath)...) + extensionManagerServer.RegisterPlugin(table.PlatformTables(multislogger.New().Logger, logger, osquerydPath)...) if err := extensionManagerServer.Start(); err != nil { return nil, fmt.Errorf("error starting extension manager server: %w", err) diff --git a/pkg/osquery/runtime/runner.go b/pkg/osquery/runtime/runner.go index 68c4251fe..d2cce377d 100644 --- a/pkg/osquery/runtime/runner.go +++ b/pkg/osquery/runtime/runner.go @@ -528,7 +528,7 @@ func (r *Runner) launchOsqueryInstance() error { "errgroup", "kolide extension manager server launch", ) - plugins := table.PlatformTables(o.logger, currentOsquerydBinaryPath) + plugins := table.PlatformTables(r.knapsack.Slogger().With("component", "platform_tables"), o.logger, currentOsquerydBinaryPath) if len(plugins) == 0 { return nil diff --git a/pkg/osquery/table/chrome_login_data_emails.go b/pkg/osquery/table/chrome_login_data_emails.go index 3fa4ec5b9..5b30a8d0f 100644 --- a/pkg/osquery/table/chrome_login_data_emails.go +++ b/pkg/osquery/table/chrome_login_data_emails.go @@ -4,13 +4,12 @@ import ( "context" "database/sql" "fmt" + "log/slog" "os" "path/filepath" "runtime" "strings" - "github.com/go-kit/kit/log" - "github.com/go-kit/kit/log/level" "github.com/kolide/kit/fsutil" "github.com/kolide/launcher/ee/agent" "github.com/osquery/osquery-go/plugin/table" @@ -22,9 +21,9 @@ var profileDirs = map[string][]string{ } var profileDirsDefault = []string{".config/google-chrome", ".config/chromium", "snap/chromium/current/.config/chromium"} -func ChromeLoginDataEmails(logger log.Logger) *table.Plugin { +func ChromeLoginDataEmails(slogger *slog.Logger) *table.Plugin { c := &ChromeLoginDataEmailsTable{ - logger: logger, + slogger: slogger.With("table", "kolide_chrome_login_data_emails"), } columns := []table.ColumnDefinition{ table.TextColumn("username"), @@ -35,7 +34,7 @@ func ChromeLoginDataEmails(logger log.Logger) *table.Plugin { } type ChromeLoginDataEmailsTable struct { - logger log.Logger + slogger *slog.Logger } func (c *ChromeLoginDataEmailsTable) generateForPath(ctx context.Context, file userFileInfo) ([]map[string]string, error) { @@ -92,10 +91,10 @@ func (c *ChromeLoginDataEmailsTable) generate(ctx context.Context, queryContext } for _, profileDir := range osProfileDirs { - files, err := findFileInUserDirs(filepath.Join(profileDir, "*/Login Data"), c.logger) + files, err := findFileInUserDirs(filepath.Join(profileDir, "*/Login Data"), c.slogger) if err != nil { - level.Info(c.logger).Log( - "msg", "Find chrome login data sqlite DBs", + c.slogger.Log(ctx, slog.LevelInfo, + "finding chrome login data sqlite DBs", "path", profileDir, "err", err, ) @@ -105,8 +104,8 @@ func (c *ChromeLoginDataEmailsTable) generate(ctx context.Context, queryContext for _, file := range files { res, err := c.generateForPath(ctx, file) if err != nil { - level.Info(c.logger).Log( - "msg", "Generating chrome keychain result", + c.slogger.Log(ctx, slog.LevelInfo, + "generating chrome keychain result", "path", file.path, "err", err, ) diff --git a/pkg/osquery/table/chrome_login_keychain.go b/pkg/osquery/table/chrome_login_keychain.go index 0b1752d12..30db574c4 100644 --- a/pkg/osquery/table/chrome_login_keychain.go +++ b/pkg/osquery/table/chrome_login_keychain.go @@ -4,21 +4,19 @@ import ( "context" "database/sql" "fmt" + "log/slog" "os" "path/filepath" - "github.com/go-kit/kit/log" - "github.com/go-kit/kit/log/level" - "github.com/kolide/kit/fsutil" "github.com/kolide/launcher/ee/agent" "github.com/osquery/osquery-go/plugin/table" ) // DEPRECATED use kolide_chrome_login_data_emails -func ChromeLoginKeychainInfo(logger log.Logger) *table.Plugin { +func ChromeLoginKeychainInfo(slogger *slog.Logger) *table.Plugin { c := &ChromeLoginKeychain{ - logger: logger, + slogger: slogger.With("table", "kolide_chrome_login_keychain"), } columns := []table.ColumnDefinition{ table.TextColumn("origin_url"), @@ -29,7 +27,7 @@ func ChromeLoginKeychainInfo(logger log.Logger) *table.Plugin { } type ChromeLoginKeychain struct { - logger log.Logger + slogger *slog.Logger } func (c *ChromeLoginKeychain) generateForPath(ctx context.Context, path string) ([]map[string]string, error) { @@ -79,7 +77,7 @@ func (c *ChromeLoginKeychain) generateForPath(ctx context.Context, path string) } func (c *ChromeLoginKeychain) generate(ctx context.Context, queryContext table.QueryContext) ([]map[string]string, error) { - files, err := findFileInUserDirs("Library/Application Support/Google/Chrome/*/Login Data", c.logger) + files, err := findFileInUserDirs("Library/Application Support/Google/Chrome/*/Login Data", c.slogger) if err != nil { return nil, fmt.Errorf("find chrome login data sqlite DBs: %w", err) } @@ -88,8 +86,8 @@ func (c *ChromeLoginKeychain) generate(ctx context.Context, queryContext table.Q for _, file := range files { res, err := c.generateForPath(ctx, file.path) if err != nil { - level.Info(c.logger).Log( - "msg", "Generating chrome keychain result", + c.slogger.Log(ctx, slog.LevelInfo, + "generating chrome keychain result", "path", file.path, "err", err, ) diff --git a/pkg/osquery/table/chrome_user_profiles.go b/pkg/osquery/table/chrome_user_profiles.go index 6cdf7dc8b..f08a77428 100644 --- a/pkg/osquery/table/chrome_user_profiles.go +++ b/pkg/osquery/table/chrome_user_profiles.go @@ -4,13 +4,12 @@ import ( "context" "encoding/json" "fmt" + "log/slog" "os" "path/filepath" "runtime" "strconv" - "github.com/go-kit/kit/log" - "github.com/go-kit/kit/log/level" "github.com/osquery/osquery-go/plugin/table" ) @@ -22,9 +21,9 @@ var chromeLocalStateDirs = map[string][]string{ // try the list of known linux paths if runtime.GOOS doesn't match 'darwin' or 'windows' var chromeLocalStateDirDefault = []string{".config/google-chrome", ".config/chromium", "snap/chromium/current/.config/chromium"} -func ChromeUserProfiles(logger log.Logger) *table.Plugin { +func ChromeUserProfiles(slogger *slog.Logger) *table.Plugin { c := &chromeUserProfilesTable{ - logger: logger, + slogger: slogger.With("table", "kolide_chrome_user_profiles"), } columns := []table.ColumnDefinition{ @@ -38,7 +37,7 @@ func ChromeUserProfiles(logger log.Logger) *table.Plugin { } type chromeUserProfilesTable struct { - logger log.Logger + slogger *slog.Logger } type chromeLocalState struct { @@ -84,10 +83,10 @@ func (c *chromeUserProfilesTable) generate(ctx context.Context, queryContext tab var results []map[string]string for _, localStateFilePath := range osChromeLocalStateDirs { - userFiles, err := findFileInUserDirs(filepath.Join(localStateFilePath, "Local State"), c.logger) + userFiles, err := findFileInUserDirs(filepath.Join(localStateFilePath, "Local State"), c.slogger) if err != nil { - level.Info(c.logger).Log( - "msg", "Finding chrome local state file", + c.slogger.Log(ctx, slog.LevelInfo, + "finding chrome local state file", "path", localStateFilePath, "err", err, ) @@ -96,8 +95,8 @@ func (c *chromeUserProfilesTable) generate(ctx context.Context, queryContext tab for _, file := range userFiles { res, err := c.generateForPath(ctx, file) if err != nil { - level.Info(c.logger).Log( - "msg", "Generating user profile result", + c.slogger.Log(ctx, slog.LevelInfo, + "generating user profile result", "path", file.path, "err", err, ) diff --git a/pkg/osquery/table/gdrive_sync.go b/pkg/osquery/table/gdrive_sync.go index e1a1df950..9646d8182 100644 --- a/pkg/osquery/table/gdrive_sync.go +++ b/pkg/osquery/table/gdrive_sync.go @@ -4,19 +4,18 @@ import ( "context" "database/sql" "fmt" + "log/slog" "os" "path/filepath" - "github.com/go-kit/kit/log" - "github.com/go-kit/kit/log/level" "github.com/kolide/kit/fsutil" "github.com/kolide/launcher/ee/agent" "github.com/osquery/osquery-go/plugin/table" ) -func GDriveSyncConfig(logger log.Logger) *table.Plugin { +func GDriveSyncConfig(slogger *slog.Logger) *table.Plugin { g := &gdrive{ - logger: logger, + slogger: slogger.With("table", "kolide_gdrive_sync_config"), } columns := []table.ColumnDefinition{ @@ -27,7 +26,7 @@ func GDriveSyncConfig(logger log.Logger) *table.Plugin { } type gdrive struct { - logger log.Logger + slogger *slog.Logger } func (g *gdrive) generateForPath(ctx context.Context, path string) ([]map[string]string, error) { @@ -89,7 +88,7 @@ func (g *gdrive) generateForPath(ctx context.Context, path string) ([]map[string } func (g *gdrive) generate(ctx context.Context, queryContext table.QueryContext) ([]map[string]string, error) { - files, err := findFileInUserDirs("/Library/Application Support/Google/Drive/user_default/sync_config.db", g.logger) + files, err := findFileInUserDirs("/Library/Application Support/Google/Drive/user_default/sync_config.db", g.slogger) if err != nil { return nil, fmt.Errorf("find gdrive sync config sqlite DBs: %w", err) } @@ -98,8 +97,8 @@ func (g *gdrive) generate(ctx context.Context, queryContext table.QueryContext) for _, file := range files { res, err := g.generateForPath(ctx, file.path) if err != nil { - level.Info(g.logger).Log( - "msg", "Generating gdrive sync result", + g.slogger.Log(ctx, slog.LevelInfo, + "generating gdrive sync result", "path", file.path, "err", err, ) diff --git a/pkg/osquery/table/gdrive_sync_history.go b/pkg/osquery/table/gdrive_sync_history.go index 5834272f3..f946176ae 100644 --- a/pkg/osquery/table/gdrive_sync_history.go +++ b/pkg/osquery/table/gdrive_sync_history.go @@ -4,20 +4,18 @@ import ( "context" "database/sql" "fmt" + "log/slog" "os" "path/filepath" - "github.com/go-kit/kit/log" - "github.com/go-kit/kit/log/level" - "github.com/kolide/kit/fsutil" "github.com/kolide/launcher/ee/agent" "github.com/osquery/osquery-go/plugin/table" ) -func GDriveSyncHistoryInfo(logger log.Logger) *table.Plugin { +func GDriveSyncHistoryInfo(slogger *slog.Logger) *table.Plugin { g := &GDriveSyncHistory{ - logger: logger, + slogger: slogger.With("table", "kolide_gdrive_sync_history"), } columns := []table.ColumnDefinition{ table.TextColumn("inode"), @@ -29,7 +27,7 @@ func GDriveSyncHistoryInfo(logger log.Logger) *table.Plugin { } type GDriveSyncHistory struct { - logger log.Logger + slogger *slog.Logger } // GDriveSyncHistoryGenerate will be called whenever the table is queried. It should return @@ -85,7 +83,7 @@ func (g *GDriveSyncHistory) generateForPath(ctx context.Context, path string) ([ // GDriveSyncHistoryGenerate will be called whenever the table is queried. It should return // a full table scan. func (g *GDriveSyncHistory) generate(ctx context.Context, queryContext table.QueryContext) ([]map[string]string, error) { - files, err := findFileInUserDirs("Library/Application Support/Google/Drive/user_default/snapshot.db", g.logger) + files, err := findFileInUserDirs("Library/Application Support/Google/Drive/user_default/snapshot.db", g.slogger) if err != nil { return nil, fmt.Errorf("find gdrive sync history sqlite DBs: %w", err) } @@ -94,8 +92,8 @@ func (g *GDriveSyncHistory) generate(ctx context.Context, queryContext table.Que for _, file := range files { res, err := g.generateForPath(ctx, file.path) if err != nil { - level.Info(g.logger).Log( - "msg", "Generating gdrive history result", + g.slogger.Log(ctx, slog.LevelInfo, + "generating gdrive history result", "path", file.path, "err", err, ) diff --git a/pkg/osquery/table/keyinfo.go b/pkg/osquery/table/keyinfo.go index 981d57260..13655082c 100644 --- a/pkg/osquery/table/keyinfo.go +++ b/pkg/osquery/table/keyinfo.go @@ -3,20 +3,19 @@ package table import ( "context" "errors" + "log/slog" "strconv" - "github.com/go-kit/kit/log" - "github.com/go-kit/kit/log/level" "github.com/kolide/launcher/ee/keyidentifier" "github.com/osquery/osquery-go/plugin/table" ) type KeyInfoTable struct { - logger log.Logger + slogger *slog.Logger kIdentifer *keyidentifier.KeyIdentifier } -func KeyInfo(logger log.Logger) *table.Plugin { +func KeyInfo(slogger *slog.Logger) *table.Plugin { columns := []table.ColumnDefinition{ table.TextColumn("path"), @@ -30,15 +29,15 @@ func KeyInfo(logger log.Logger) *table.Plugin { // we don't want the logging in osquery, so don't instantiate WithLogger() kIdentifer, err := keyidentifier.New() if err != nil { - level.Info(logger).Log( - "msg", "Failed to create keyidentifier", + slogger.Log(context.TODO(), slog.LevelInfo, + "failed to create keyidentifier", "err", err, ) return nil } t := &KeyInfoTable{ - logger: logger, + slogger: slogger.With("table", "kolide_keyinfo"), kIdentifer: kIdentifer, } @@ -56,8 +55,8 @@ func (t *KeyInfoTable) generate(ctx context.Context, queryContext table.QueryCon for _, constraint := range q.Constraints { ki, err := t.kIdentifer.IdentifyFile(constraint.Expression) if err != nil { - level.Debug(t.logger).Log( - "msg", "Failed to get keyinfo for file", + t.slogger.Log(ctx, slog.LevelDebug, + "failed to get keyinfo for file", "file", constraint.Expression, "err", err, ) diff --git a/pkg/osquery/table/mdm.go b/pkg/osquery/table/mdm.go index 13777dcc0..191203ce4 100644 --- a/pkg/osquery/table/mdm.go +++ b/pkg/osquery/table/mdm.go @@ -10,13 +10,12 @@ import ( "strconv" "time" - "github.com/go-kit/kit/log" "github.com/groob/plist" "github.com/kolide/launcher/ee/allowedcmd" "github.com/osquery/osquery-go/plugin/table" ) -func MDMInfo(logger log.Logger) *table.Plugin { +func MDMInfo() *table.Plugin { columns := []table.ColumnDefinition{ table.TextColumn("enrolled"), table.TextColumn("server_url"), diff --git a/pkg/osquery/table/onepassword_config.go b/pkg/osquery/table/onepassword_config.go index 9615596e8..6ec288ad9 100644 --- a/pkg/osquery/table/onepassword_config.go +++ b/pkg/osquery/table/onepassword_config.go @@ -5,12 +5,11 @@ import ( "database/sql" "errors" "fmt" + "log/slog" "os" "path/filepath" "runtime" - "github.com/go-kit/kit/log" - "github.com/go-kit/kit/log/level" "github.com/kolide/kit/fsutil" "github.com/kolide/launcher/ee/agent" "github.com/osquery/osquery-go/plugin/table" @@ -25,7 +24,7 @@ var onepasswordDataFiles = map[string][]string{ }, } -func OnePasswordAccounts(logger log.Logger) *table.Plugin { +func OnePasswordAccounts(slogger *slog.Logger) *table.Plugin { columns := []table.ColumnDefinition{ table.TextColumn("username"), table.TextColumn("user_email"), @@ -37,14 +36,14 @@ func OnePasswordAccounts(logger log.Logger) *table.Plugin { } o := &onePasswordAccountsTable{ - logger: logger, + slogger: slogger.With("table", "kolide_onepassword_accounts"), } return table.NewPlugin("kolide_onepassword_accounts", columns, o.generate) } type onePasswordAccountsTable struct { - logger log.Logger + slogger *slog.Logger } // generate the onepassword account info results given the path to a @@ -100,10 +99,10 @@ func (o *onePasswordAccountsTable) generate(ctx context.Context, queryContext ta } for _, dataFilePath := range osDataFiles { - files, err := findFileInUserDirs(dataFilePath, o.logger) + files, err := findFileInUserDirs(dataFilePath, o.slogger) if err != nil { - level.Info(o.logger).Log( - "msg", "Find 1password sqlite DBs", + o.slogger.Log(ctx, slog.LevelInfo, + "find 1password sqlite DBs", "path", dataFilePath, "err", err, ) @@ -113,8 +112,8 @@ func (o *onePasswordAccountsTable) generate(ctx context.Context, queryContext ta for _, file := range files { res, err := o.generateForPath(ctx, file) if err != nil { - level.Info(o.logger).Log( - "msg", "Generating onepassword result", + o.slogger.Log(ctx, slog.LevelInfo, + "generating onepassword result", "path", file.path, "err", err, ) diff --git a/pkg/osquery/table/platform_tables_darwin.go b/pkg/osquery/table/platform_tables_darwin.go index 18dd444b6..68f6ee837 100644 --- a/pkg/osquery/table/platform_tables_darwin.go +++ b/pkg/osquery/table/platform_tables_darwin.go @@ -4,6 +4,8 @@ package table import ( + "log/slog" + "github.com/go-kit/kit/log" "github.com/knightsc/system_policy/osquery/table/kextpolicy" "github.com/knightsc/system_policy/osquery/table/legacyexec" @@ -38,14 +40,14 @@ const ( screenlockQuery = "select enabled, grace_period from screenlock" ) -func platformSpecificTables(logger log.Logger, currentOsquerydBinaryPath string) []osquery.OsqueryPlugin { +func platformSpecificTables(slogger *slog.Logger, logger log.Logger, currentOsquerydBinaryPath string) []osquery.OsqueryPlugin { munki := munki.New() // This table uses undocumented APIs, There is some discussion at the // PR adding the table. See // https://github.com/osquery/osquery/pull/6243 screenlockTable := osquery_user_exec_table.TablePlugin( - logger, "kolide_screenlock", + slogger, "kolide_screenlock", currentOsquerydBinaryPath, screenlockQuery, []table.ColumnDefinition{ table.IntegerColumn("enabled"), @@ -53,7 +55,7 @@ func platformSpecificTables(logger log.Logger, currentOsquerydBinaryPath string) }) keychainAclsTable := osquery_user_exec_table.TablePlugin( - logger, "kolide_keychain_acls", + slogger, "kolide_keychain_acls", currentOsquerydBinaryPath, keychainItemsQuery, []table.ColumnDefinition{ table.TextColumn("keychain_path"), @@ -64,7 +66,7 @@ func platformSpecificTables(logger log.Logger, currentOsquerydBinaryPath string) }) keychainItemsTable := osquery_user_exec_table.TablePlugin( - logger, "kolide_keychain_items", + slogger, "kolide_keychain_items", currentOsquerydBinaryPath, keychainAclsQuery, []table.ColumnDefinition{ table.TextColumn("label"), @@ -80,26 +82,26 @@ func platformSpecificTables(logger log.Logger, currentOsquerydBinaryPath string) keychainAclsTable, keychainItemsTable, appicons.AppIcons(), - ChromeLoginKeychainInfo(logger), + ChromeLoginKeychainInfo(slogger), firmwarepasswd.TablePlugin(logger), - GDriveSyncConfig(logger), - GDriveSyncHistoryInfo(logger), - MDMInfo(logger), + GDriveSyncConfig(slogger), + GDriveSyncHistoryInfo(slogger), + MDMInfo(), macos_software_update.MacOSUpdate(), - macos_software_update.RecommendedUpdates(logger), - macos_software_update.AvailableProducts(logger), + macos_software_update.RecommendedUpdates(slogger, logger), + macos_software_update.AvailableProducts(slogger, logger), MachoInfo(), - spotlight.TablePlugin(logger), - TouchIDUserConfig(logger), - TouchIDSystemConfig(logger), - UserAvatar(logger), - ioreg.TablePlugin(logger), - profiles.TablePlugin(logger), - airport.TablePlugin(logger), + spotlight.TablePlugin(slogger, logger), + TouchIDUserConfig(slogger), + TouchIDSystemConfig(slogger), + UserAvatar(slogger), + ioreg.TablePlugin(slogger, logger), + profiles.TablePlugin(slogger, logger), + airport.TablePlugin(slogger, logger), kextpolicy.TablePlugin(), - filevault.TablePlugin(logger), - mdmclient.TablePlugin(logger), - apple_silicon_security_policy.TablePlugin(logger), + filevault.TablePlugin(slogger, logger), + mdmclient.TablePlugin(slogger, logger), + apple_silicon_security_policy.TablePlugin(slogger, logger), legacyexec.TablePlugin(), dataflattentable.TablePluginExec(logger, "kolide_diskutil_list", dataflattentable.PlistType, allowedcmd.Diskutil, []string{"list", "-plist"}), @@ -114,16 +116,16 @@ func platformSpecificTables(logger log.Logger, currentOsquerydBinaryPath string) dataflattentable.TablePluginExec(logger, "kolide_powermetrics", dataflattentable.PlistType, allowedcmd.Powermetrics, []string{"-n", "1", "-f", "plist"}), screenlockTable, - pwpolicy.TablePlugin(logger), - systemprofiler.TablePlugin(logger), - munki.ManagedInstalls(logger), - munki.MunkiReport(logger), + pwpolicy.TablePlugin(slogger, logger), + systemprofiler.TablePlugin(slogger, logger), + munki.ManagedInstalls(), + munki.MunkiReport(), dataflattentable.TablePluginExec(logger, "kolide_nix_upgradeable", dataflattentable.XmlType, allowedcmd.NixEnv, []string{"--query", "--installed", "-c", "--xml"}), dataflattentable.NewExecAndParseTable(logger, "kolide_remotectl", remotectl.Parser, allowedcmd.Remotectl, []string{`dumpstate`}), dataflattentable.NewExecAndParseTable(logger, "kolide_softwareupdate", softwareupdate.Parser, allowedcmd.Softwareupdate, []string{`--list`, `--no-scan`}, dataflattentable.WithIncludeStderr()), dataflattentable.NewExecAndParseTable(logger, "kolide_softwareupdate_scan", softwareupdate.Parser, allowedcmd.Softwareupdate, []string{`--list`}, dataflattentable.WithIncludeStderr()), dataflattentable.NewExecAndParseTable(logger, "kolide_carbonblack_repcli_status", repcli.Parser, allowedcmd.Repcli, []string{"status"}, dataflattentable.WithIncludeStderr()), - zfs.ZfsPropertiesPlugin(logger), - zfs.ZpoolPropertiesPlugin(logger), + zfs.ZfsPropertiesPlugin(slogger, logger), + zfs.ZpoolPropertiesPlugin(slogger, logger), } } diff --git a/pkg/osquery/table/platform_tables_linux.go b/pkg/osquery/table/platform_tables_linux.go index ab2018ed4..1e92a396e 100644 --- a/pkg/osquery/table/platform_tables_linux.go +++ b/pkg/osquery/table/platform_tables_linux.go @@ -4,6 +4,8 @@ package table import ( + "log/slog" + "github.com/go-kit/kit/log" "github.com/kolide/launcher/ee/allowedcmd" "github.com/kolide/launcher/ee/tables/crowdstrike/falcon_kernel_check" @@ -21,7 +23,7 @@ import ( "github.com/kolide/launcher/ee/tables/execparsers/simple_array" "github.com/kolide/launcher/ee/tables/fscrypt_info" "github.com/kolide/launcher/ee/tables/gsettings" - "github.com/kolide/launcher/ee/tables/nix_env/upgradeable" + nix_env_upgradeable "github.com/kolide/launcher/ee/tables/nix_env/upgradeable" "github.com/kolide/launcher/ee/tables/secureboot" "github.com/kolide/launcher/ee/tables/xfconf" "github.com/kolide/launcher/ee/tables/xrdb" @@ -29,7 +31,7 @@ import ( osquery "github.com/osquery/osquery-go" ) -func platformSpecificTables(logger log.Logger, currentOsquerydBinaryPath string) []osquery.OsqueryPlugin { +func platformSpecificTables(slogger *slog.Logger, logger log.Logger, currentOsquerydBinaryPath string) []osquery.OsqueryPlugin { return []osquery.OsqueryPlugin{ cryptsetup.TablePlugin(logger), gsettings.Settings(logger), @@ -63,7 +65,7 @@ func platformSpecificTables(logger log.Logger, currentOsquerydBinaryPath string) dataflattentable.NewExecAndParseTable(logger, "kolide_rpm_version_info", rpm.Parser, allowedcmd.Rpm, []string{"-qai"}, dataflattentable.WithIncludeStderr()), dataflattentable.NewExecAndParseTable(logger, "kolide_carbonblack_repcli_status", repcli.Parser, allowedcmd.Repcli, []string{"status"}, dataflattentable.WithIncludeStderr()), dataflattentable.TablePluginExec(logger, "kolide_nftables", dataflattentable.JsonType, allowedcmd.Nftables, []string{"-jat", "list", "ruleset"}), // -j (json) -a (show object handles) -t (terse, omit set contents) - zfs.ZfsPropertiesPlugin(logger), - zfs.ZpoolPropertiesPlugin(logger), + zfs.ZfsPropertiesPlugin(slogger, logger), + zfs.ZpoolPropertiesPlugin(slogger, logger), } } diff --git a/pkg/osquery/table/platform_tables_windows.go b/pkg/osquery/table/platform_tables_windows.go index e8d7ddc59..f9afec901 100644 --- a/pkg/osquery/table/platform_tables_windows.go +++ b/pkg/osquery/table/platform_tables_windows.go @@ -4,6 +4,9 @@ package table import ( + "log/slog" + + "github.com/go-kit/kit/log" "github.com/kolide/launcher/ee/allowedcmd" "github.com/kolide/launcher/ee/tables/dataflattentable" "github.com/kolide/launcher/ee/tables/dsim_default_associations" @@ -12,12 +15,10 @@ import ( "github.com/kolide/launcher/ee/tables/wifi_networks" "github.com/kolide/launcher/ee/tables/windowsupdatetable" "github.com/kolide/launcher/ee/tables/wmitable" - - "github.com/go-kit/kit/log" osquery "github.com/osquery/osquery-go" ) -func platformSpecificTables(logger log.Logger, currentOsquerydBinaryPath string) []osquery.OsqueryPlugin { +func platformSpecificTables(_ *slog.Logger, logger log.Logger, currentOsquerydBinaryPath string) []osquery.OsqueryPlugin { return []osquery.OsqueryPlugin{ ProgramIcons(), dsim_default_associations.TablePlugin(logger), diff --git a/pkg/osquery/table/slack_config.go b/pkg/osquery/table/slack_config.go index 4cc9331c0..d1f5a4e05 100644 --- a/pkg/osquery/table/slack_config.go +++ b/pkg/osquery/table/slack_config.go @@ -5,13 +5,12 @@ import ( "encoding/json" "errors" "fmt" + "log/slog" "os" "path/filepath" "runtime" "strconv" - "github.com/go-kit/kit/log" - "github.com/go-kit/kit/log/level" "github.com/osquery/osquery-go/plugin/table" ) @@ -29,7 +28,7 @@ var slackConfigDirs = map[string][]string{ // try the list of known linux paths if runtime.GOOS doesn't match 'darwin' or 'windows' var slackConfigDirDefault = []string{".config/Slack"} -func SlackConfig(logger log.Logger) *table.Plugin { +func SlackConfig(slogger *slog.Logger) *table.Plugin { columns := []table.ColumnDefinition{ table.TextColumn("team_id"), table.TextColumn("team_name"), @@ -40,14 +39,14 @@ func SlackConfig(logger log.Logger) *table.Plugin { } t := &SlackConfigTable{ - logger: logger, + slogger: slogger.With("table", "kolide_slack_config"), } return table.NewPlugin("kolide_slack_config", columns, t.generate) } type SlackConfigTable struct { - logger log.Logger + slogger *slog.Logger } type slackTeamsFile map[string]struct { @@ -102,10 +101,10 @@ func (t *SlackConfigTable) generate(ctx context.Context, queryContext table.Quer osProfileDirs = slackConfigDirDefault } for _, profileDir := range osProfileDirs { - files, err := findFileInUserDirs(filepath.Join(profileDir, "storage/slack-teams"), t.logger) + files, err := findFileInUserDirs(filepath.Join(profileDir, "storage/slack-teams"), t.slogger) if err != nil { - level.Info(t.logger).Log( - "msg", "Finding slack teams json", + t.slogger.Log(ctx, slog.LevelInfo, + "finding slack teams json", "path", profileDir, "err", err, ) @@ -114,8 +113,8 @@ func (t *SlackConfigTable) generate(ctx context.Context, queryContext table.Quer for _, file := range files { res, err := t.generateForPath(ctx, file) if err != nil { - level.Info(t.logger).Log( - "msg", "Generating slack team result", + t.slogger.Log(ctx, slog.LevelInfo, + "generating slack team result", "path", file.path, "err", err, ) diff --git a/pkg/osquery/table/sshkeys.go b/pkg/osquery/table/sshkeys.go index 70d2b6816..0c35e4acf 100644 --- a/pkg/osquery/table/sshkeys.go +++ b/pkg/osquery/table/sshkeys.go @@ -6,12 +6,10 @@ package table import ( "context" + "log/slog" "runtime" "strconv" - "github.com/go-kit/kit/log" - "github.com/go-kit/kit/log/level" - "github.com/kolide/launcher/ee/keyidentifier" "github.com/osquery/osquery-go/plugin/table" ) @@ -23,12 +21,12 @@ var sshDirs = map[string][]string{ var sshDirsDefault = []string{".ssh/*"} type SshKeysTable struct { - logger log.Logger + slogger *slog.Logger kIdentifer *keyidentifier.KeyIdentifier } // New returns a new table extension -func SshKeys(logger log.Logger) *table.Plugin { +func SshKeys(slogger *slog.Logger) *table.Plugin { columns := []table.ColumnDefinition{ table.TextColumn("user"), table.TextColumn("path"), @@ -42,15 +40,15 @@ func SshKeys(logger log.Logger) *table.Plugin { // we don't want the logging in osquery, so don't instantiate WithLogger() kIdentifer, err := keyidentifier.New() if err != nil { - level.Info(logger).Log( - "msg", "Failed to create keyidentifier", + slogger.Log(context.TODO(), slog.LevelInfo, + "failed to create keyidentifier", "err", err, ) return nil } t := &SshKeysTable{ - logger: logger, + slogger: slogger.With("table", "kolide_ssh_keys"), kIdentifer: kIdentifer, } @@ -67,10 +65,10 @@ func (t *SshKeysTable) generate(ctx context.Context, queryContext table.QueryCon } for _, dir := range dirs { - files, err := findFileInUserDirs(dir, t.logger) + files, err := findFileInUserDirs(dir, t.slogger) if err != nil { - level.Info(t.logger).Log( - "msg", "Error finding ssh keys paths", + t.slogger.Log(ctx, slog.LevelInfo, + "error finding ssh keys paths", "path", dir, "err", err, ) @@ -80,8 +78,8 @@ func (t *SshKeysTable) generate(ctx context.Context, queryContext table.QueryCon for _, file := range files { ki, err := t.kIdentifer.IdentifyFile(file.path) if err != nil { - level.Debug(t.logger).Log( - "msg", "Failed to get keyinfo for file", + t.slogger.Log(ctx, slog.LevelInfo, + "failed to get keyinfo for file", "file", file.path, "err", err, ) diff --git a/pkg/osquery/table/table.go b/pkg/osquery/table/table.go index 4bdf0d26b..8b8e27f68 100644 --- a/pkg/osquery/table/table.go +++ b/pkg/osquery/table/table.go @@ -1,6 +1,8 @@ package table import ( + "log/slog" + "github.com/kolide/launcher/ee/agent/types" "github.com/kolide/launcher/ee/allowedcmd" "github.com/kolide/launcher/ee/tables/cryptoinfotable" @@ -35,32 +37,32 @@ func LauncherTables(k types.Knapsack) []osquery.OsqueryPlugin { } // PlatformTables returns all tables for the launcher build platform. -func PlatformTables(logger log.Logger, currentOsquerydBinaryPath string) []osquery.OsqueryPlugin { +func PlatformTables(slogger *slog.Logger, logger log.Logger, currentOsquerydBinaryPath string) []osquery.OsqueryPlugin { // Common tables to all platforms tables := []osquery.OsqueryPlugin{ - ChromeLoginDataEmails(logger), - ChromeUserProfiles(logger), - KeyInfo(logger), - OnePasswordAccounts(logger), - SlackConfig(logger), - SshKeys(logger), - cryptoinfotable.TablePlugin(logger), - dev_table_tooling.TablePlugin(logger), - firefox_preferences.TablePlugin(logger), + ChromeLoginDataEmails(slogger), + ChromeUserProfiles(slogger), + KeyInfo(slogger), + OnePasswordAccounts(slogger), + SlackConfig(slogger), + SshKeys(slogger), + cryptoinfotable.TablePlugin(slogger, logger), + dev_table_tooling.TablePlugin(slogger, logger), + firefox_preferences.TablePlugin(slogger), dataflattentable.TablePluginExec(logger, "kolide_zerotier_info", dataflattentable.JsonType, allowedcmd.ZerotierCli, []string{"info"}), dataflattentable.TablePluginExec(logger, "kolide_zerotier_networks", dataflattentable.JsonType, allowedcmd.ZerotierCli, []string{"listnetworks"}), dataflattentable.TablePluginExec(logger, "kolide_zerotier_peers", dataflattentable.JsonType, allowedcmd.ZerotierCli, []string{"listpeers"}), - tdebug.LauncherGcInfo(logger), + tdebug.LauncherGcInfo(slogger, logger), } // The dataflatten tables tables = append(tables, dataflattentable.AllTablePlugins(logger)...) // add in the platform specific ones (as denoted by build tags) - tables = append(tables, platformSpecificTables(logger, currentOsquerydBinaryPath)...) + tables = append(tables, platformSpecificTables(slogger, logger, currentOsquerydBinaryPath)...) return tables } diff --git a/pkg/osquery/table/table_util.go b/pkg/osquery/table/table_util.go index 6e0a23c82..ba789e04d 100644 --- a/pkg/osquery/table/table_util.go +++ b/pkg/osquery/table/table_util.go @@ -1,12 +1,11 @@ package table import ( + "context" + "log/slog" "os" "path/filepath" "runtime" - - "github.com/go-kit/kit/log" - "github.com/go-kit/kit/log/level" ) type findFile struct { @@ -35,7 +34,7 @@ type userFileInfo struct { // findFileInUserDirs looks for the existence of a specified path as a // subdirectory of users' home directories. It does this by searching // likely paths -func findFileInUserDirs(pattern string, logger log.Logger, opts ...FindFileOpt) ([]userFileInfo, error) { +func findFileInUserDirs(pattern string, slogger *slog.Logger, opts ...FindFileOpt) ([]userFileInfo, error) { ff := &findFile{} for _, opt := range opts { @@ -45,9 +44,9 @@ func findFileInUserDirs(pattern string, logger log.Logger, opts ...FindFileOpt) homedirRoots, ok := homeDirLocations[runtime.GOOS] if !ok { homedirRoots = homeDirDefaultLocation - level.Debug(logger).Log( - "msg", "platform not found using default", - "homeDirRoot", homedirRoots, + slogger.Log(context.TODO(), slog.LevelDebug, + "platform not found using default", + "home_dir_root", homedirRoots, ) } @@ -69,8 +68,8 @@ func findFileInUserDirs(pattern string, logger log.Logger, opts ...FindFileOpt) fullPaths, err := filepath.Glob(userPathPattern) if err != nil { // skipping ErrBadPattern - level.Debug(logger).Log( - "msg", "bad file pattern", + slogger.Log(context.TODO(), slog.LevelDebug, + "bad file pattern", "pattern", userPathPattern, ) continue @@ -95,8 +94,8 @@ func findFileInUserDirs(pattern string, logger log.Logger, opts ...FindFileOpt) fullPaths, err := filepath.Glob(userPathPattern) if err != nil { // skipping ErrBadPattern - level.Debug(logger).Log( - "msg", "bad file pattern", + slogger.Log(context.TODO(), slog.LevelDebug, + "bad file pattern", "pattern", userPathPattern, ) continue diff --git a/pkg/osquery/table/touchid_system_darwin.go b/pkg/osquery/table/touchid_system_darwin.go index 9505a6804..483c4f824 100644 --- a/pkg/osquery/table/touchid_system_darwin.go +++ b/pkg/osquery/table/touchid_system_darwin.go @@ -4,19 +4,18 @@ import ( "bytes" "context" "fmt" + "log/slog" "regexp" "strings" "time" - "github.com/go-kit/kit/log" - "github.com/go-kit/kit/log/level" "github.com/kolide/launcher/ee/allowedcmd" "github.com/osquery/osquery-go/plugin/table" ) -func TouchIDSystemConfig(logger log.Logger) *table.Plugin { +func TouchIDSystemConfig(slogger *slog.Logger) *table.Plugin { t := &touchIDSystemConfigTable{ - logger: logger, + slogger: slogger.With("table", "kolide_touchid_system_config"), } columns := []table.ColumnDefinition{ table.IntegerColumn("touchid_compatible"), @@ -29,7 +28,7 @@ func TouchIDSystemConfig(logger log.Logger) *table.Plugin { } type touchIDSystemConfigTable struct { - logger log.Logger + slogger *slog.Logger } // TouchIDSystemConfigGenerate will be called whenever the table is queried. @@ -44,7 +43,10 @@ func (t *touchIDSystemConfigTable) generate(ctx context.Context, queryContext ta var stdout bytes.Buffer cmd, err := allowedcmd.SystemProfiler(ctx, "SPiBridgeDataType") if err != nil { - level.Debug(t.logger).Log("msg", "could not create system_profiler command", "err", err) + t.slogger.Log(ctx, slog.LevelDebug, + "could not create system_profiler command", + "err", err, + ) return results, nil } cmd.Stdout = &stdout @@ -64,7 +66,10 @@ func (t *touchIDSystemConfigTable) generate(ctx context.Context, queryContext ta stdout.Reset() cmd, err = allowedcmd.Bioutil(ctx, "-r", "-s") if err != nil { - level.Debug(t.logger).Log("msg", "could not create bioutil command", "err", err) + t.slogger.Log(ctx, slog.LevelDebug, + "could not create bioutil command", + "err", err, + ) return results, nil } cmd.Stdout = &stdout diff --git a/pkg/osquery/table/touchid_user_darwin.go b/pkg/osquery/table/touchid_user_darwin.go index 8e3d6d3d0..a6c2fd887 100644 --- a/pkg/osquery/table/touchid_user_darwin.go +++ b/pkg/osquery/table/touchid_user_darwin.go @@ -5,22 +5,20 @@ import ( "context" "errors" "fmt" + "log/slog" "os/user" "strconv" "strings" "syscall" "time" - "github.com/go-kit/kit/log" - "github.com/go-kit/kit/log/level" "github.com/kolide/launcher/ee/allowedcmd" - "github.com/osquery/osquery-go/plugin/table" ) -func TouchIDUserConfig(logger log.Logger) *table.Plugin { +func TouchIDUserConfig(slogger *slog.Logger) *table.Plugin { t := &touchIDUserConfigTable{ - logger: logger, + slogger: slogger.With("table", "kolide_touchid_user_config"), } columns := []table.ColumnDefinition{ table.IntegerColumn("uid"), @@ -35,15 +33,14 @@ func TouchIDUserConfig(logger log.Logger) *table.Plugin { } type touchIDUserConfigTable struct { - logger log.Logger + slogger *slog.Logger } func (t *touchIDUserConfigTable) generate(ctx context.Context, queryContext table.QueryContext) ([]map[string]string, error) { q := queryContext.Constraints["uid"] if len(q.Constraints) == 0 { - level.Debug(t.logger).Log( - "msg", "The touchid_user_config table requires that you specify a constraint WHERE uid =", - "err", "no constraints", + t.slogger.Log(ctx, slog.LevelDebug, + "table requires a uid constraint, but none provided", ) return nil, errors.New("The touchid_user_config table requires that you specify a constraint WHERE uid =") } @@ -55,8 +52,8 @@ func (t *touchIDUserConfigTable) generate(ctx context.Context, queryContext tabl // Verify the user exists on the system before proceeding _, err := user.LookupId(constraint.Expression) if err != nil { - level.Debug(t.logger).Log( - "msg", "nonexistant user", + t.slogger.Log(ctx, slog.LevelDebug, + "nonexistent user", "uid", constraint.Expression, "err", err, ) @@ -67,8 +64,8 @@ func (t *touchIDUserConfigTable) generate(ctx context.Context, queryContext tabl // Get the user's TouchID config configOutput, err := runCommandContext(ctx, uid, allowedcmd.Bioutil, "-r") if err != nil { - level.Debug(t.logger).Log( - "msg", "could not run bioutil -r", + t.slogger.Log(ctx, slog.LevelInfo, + "could not run bioutil -r", "uid", uid, "err", err, ) @@ -86,10 +83,10 @@ func (t *touchIDUserConfigTable) generate(ctx context.Context, queryContext tabl effectiveUnlock = configSplit[4][1:2] effectiveApplePay = configSplit[5][1:2] } else { - level.Debug(t.logger).Log( - "msg", configOutput, + t.slogger.Log(ctx, slog.LevelDebug, + "bioutil -r returned unexpected output", "uid", uid, - "err", "bioutil -r returned unexpected output", + "output", configOutput, ) continue } @@ -97,8 +94,8 @@ func (t *touchIDUserConfigTable) generate(ctx context.Context, queryContext tabl // Grab the fingerprint count countOutStr, err := runCommandContext(ctx, uid, allowedcmd.Bioutil, "-c") if err != nil { - level.Debug(t.logger).Log( - "msg", "could not run bioutil -c", + t.slogger.Log(ctx, slog.LevelDebug, + "could not run bioutil -c", "uid", uid, "err", err, ) diff --git a/pkg/osquery/table/user_avatar_darwin.go b/pkg/osquery/table/user_avatar_darwin.go index 24283ffa5..18d7e6970 100644 --- a/pkg/osquery/table/user_avatar_darwin.go +++ b/pkg/osquery/table/user_avatar_darwin.go @@ -44,31 +44,29 @@ import ( "hash/crc64" "image" "image/png" + "log/slog" "strings" "unsafe" - "github.com/go-kit/kit/log" - "github.com/go-kit/kit/log/level" "github.com/nfnt/resize" "github.com/osquery/osquery-go/plugin/table" - "golang.org/x/image/tiff" ) var crcTable = crc64.MakeTable(crc64.ECMA) -func UserAvatar(logger log.Logger) *table.Plugin { +func UserAvatar(slogger *slog.Logger) *table.Plugin { columns := []table.ColumnDefinition{ table.TextColumn("username"), table.TextColumn("thumbnail"), table.TextColumn("hash"), } - t := &userAvatarTable{logger: logger} + t := &userAvatarTable{slogger: slogger.With("table", "kolide_user_avatars")} return table.NewPlugin("kolide_user_avatars", columns, t.generateAvatars) } type userAvatarTable struct { - logger log.Logger + slogger *slog.Logger } func (t *userAvatarTable) generateAvatars(ctx context.Context, queryContext table.QueryContext) ([]map[string]string, error) { @@ -88,8 +86,8 @@ func (t *userAvatarTable) generateAvatars(ctx context.Context, queryContext tabl for _, username := range usernames { image, hash, err := getUserAvatar(username) if err != nil { - level.Debug(t.logger).Log( - "msg", "error getting user avatar", + t.slogger.Log(ctx, slog.LevelDebug, + "error getting user avatar", "err", err, ) continue @@ -103,8 +101,8 @@ func (t *userAvatarTable) generateAvatars(ctx context.Context, queryContext tabl defer encoder.Close() thumbnail := resize.Thumbnail(150, 150, image, resize.Lanczos3) if err := png.Encode(encoder, thumbnail); err != nil { - level.Debug(t.logger).Log( - "msg", "error encoding resized user avatar to png", + t.slogger.Log(ctx, slog.LevelDebug, + "error encoding resized user avatar to png", "err", err, ) continue