Skip to content

Commit

Permalink
Expose current enrollment status through knapsack; add to checkup (#1632
Browse files Browse the repository at this point in the history
)
  • Loading branch information
RebeccaMahany authored Mar 1, 2024
1 parent 7b1b2f1 commit 5117ee4
Show file tree
Hide file tree
Showing 8 changed files with 80 additions and 16 deletions.
22 changes: 22 additions & 0 deletions ee/agent/knapsack/knapsack.go
Original file line number Diff line number Diff line change
Expand Up @@ -170,3 +170,25 @@ func (k *knapsack) ReadEnrollSecret() (string, error) {

return "", errors.New("enroll secret not set")
}

func (k *knapsack) CurrentEnrollmentStatus() (types.EnrollmentStatus, error) {
enrollSecret, err := k.ReadEnrollSecret()
if err != nil || enrollSecret == "" {
return types.NoEnrollmentKey, nil
}

if k.ConfigStore() == nil {
return types.Unknown, errors.New("no config store in knapsack")
}

key, err := k.ConfigStore().Get([]byte("nodeKey"))
if err != nil {
return types.Unknown, fmt.Errorf("getting node key from store: %w", err)
}

if len(key) == 0 {
return types.Unenrolled, nil
}

return types.Enrolled, nil
}
2 changes: 2 additions & 0 deletions ee/agent/types/knapsack.go
Original file line number Diff line number Diff line change
Expand Up @@ -13,4 +13,6 @@ type Knapsack interface {
LatestOsquerydPath(ctx context.Context) string
// ReadEnrollSecret returns the enroll secret value, checking in various locations.
ReadEnrollSecret() (string, error)
// CurrentEnrollmentStatus returns the current enrollment status of the launcher installation
CurrentEnrollmentStatus() (EnrollmentStatus, error)
}
24 changes: 24 additions & 0 deletions ee/agent/types/mocks/knapsack.go

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

10 changes: 10 additions & 0 deletions ee/agent/types/status.go
Original file line number Diff line number Diff line change
@@ -0,0 +1,10 @@
package types

type EnrollmentStatus string

const (
NoEnrollmentKey EnrollmentStatus = "no_enrollment_key"
Unenrolled EnrollmentStatus = "unenrolled"
Enrolled EnrollmentStatus = "enrolled"
Unknown EnrollmentStatus = "unknown"
)
2 changes: 2 additions & 0 deletions ee/debug/checkups/checkpoint_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -6,6 +6,7 @@ import (
"time"

storageci "github.com/kolide/launcher/ee/agent/storage/ci"
"github.com/kolide/launcher/ee/agent/types"
typesmocks "github.com/kolide/launcher/ee/agent/types/mocks"
"github.com/kolide/launcher/pkg/log/multislogger"
"github.com/stretchr/testify/require"
Expand All @@ -29,6 +30,7 @@ func TestInterrupt_Multiple(t *testing.T) {
mockKnapsack.On("Autoupdate").Return(true).Maybe()
mockKnapsack.On("LatestOsquerydPath").Return("").Maybe()
mockKnapsack.On("ServerProvidedDataStore").Return(nil).Maybe()
mockKnapsack.On("CurrentEnrollmentStatus").Return(types.Enrolled, nil).Maybe()
checkupLogger := NewCheckupLogger(multislogger.New().Logger, mockKnapsack)
mockKnapsack.AssertExpectations(t)

Expand Down
2 changes: 1 addition & 1 deletion ee/debug/checkups/checkups.go
Original file line number Diff line number Diff line change
Expand Up @@ -102,7 +102,7 @@ func checkupsFor(k types.Knapsack, target targetBits) []checkupInt {
{&BinaryDirectory{}, doctorSupported | flareSupported},
{&launchdCheckup{}, doctorSupported | flareSupported},
{&runtimeCheckup{}, flareSupported},
{&enrollSecretCheckup{}, doctorSupported | flareSupported},
{&enrollSecretCheckup{k: k}, doctorSupported | flareSupported},
{&bboltdbCheckup{k: k}, flareSupported},
{&networkCheckup{}, doctorSupported | flareSupported},
{&installCheckup{}, flareSupported},
Expand Down
33 changes: 18 additions & 15 deletions ee/debug/checkups/enroll-secret.go
Original file line number Diff line number Diff line change
Expand Up @@ -6,12 +6,14 @@ import (
"fmt"
"io"
"os"
"runtime"

"github.com/golang-jwt/jwt/v5"
"github.com/kolide/launcher/ee/agent/types"
"github.com/kolide/launcher/pkg/launcher"
)

type enrollSecretCheckup struct {
k types.Knapsack
summary string
status Status
}
Expand All @@ -24,9 +26,8 @@ func (c *enrollSecretCheckup) Run(_ context.Context, extraFH io.Writer) error {
secretStatus := make(map[string]Status, 0)
secretSummary := make(map[string]string, 0)

for _, secretPath := range getSecretPaths() {
// Later on, we want to fall back to the _first_ secrets status. Set it here

for _, secretPath := range c.getSecretPaths() {
// Later on, we want to fall back to the _first_ secret's status. Set it here
st, summary := parseSecret(extraFH, secretPath)
secretStatus[secretPath] = st
secretSummary[secretPath] = summary
Expand Down Expand Up @@ -74,19 +75,21 @@ func (c *enrollSecretCheckup) Data() any {
return nil
}

// getSecretPaths returns potential platform default secret path. It should probably get folded into flags, but I'm not
// quite sure how yet.
func getSecretPaths() []string {
switch runtime.GOOS {
case "darwin":
return []string{"/etc/kolide-k2/secret"}
case "linux":
return []string{"/etc/kolide-k2/secret"}
case "windows":
return []string{"C:\\Program Files\\Kolide\\Launcher-kolide-k2\\conf\\secret"}
// getSecretPaths returns the secret path configured via flags, if available; and the default
// secret path, if available and different from the configured path.
func (c *enrollSecretCheckup) getSecretPaths() []string {
enrollSecretPaths := make([]string, 0)

if c.k.EnrollSecretPath() != "" {
enrollSecretPaths = append(enrollSecretPaths, c.k.EnrollSecretPath())
}

return nil
defaultPath := launcher.DefaultPath(launcher.SecretFile)
if defaultPath != "" && c.k.EnrollSecretPath() != defaultPath {
enrollSecretPaths = append(enrollSecretPaths, defaultPath)
}

return enrollSecretPaths
}

func parseSecret(extraFH io.Writer, secretPath string) (Status, string) {
Expand Down
1 change: 1 addition & 0 deletions ee/debug/checkups/host.go
Original file line number Diff line number Diff line change
Expand Up @@ -39,6 +39,7 @@ func (hc *hostInfoCheckup) Run(ctx context.Context, extraFH io.Writer) error {
hc.data["bbolt_db_size"] = hc.bboltDbSize()
desktopProcesses := runner.InstanceDesktopProcessRecords()
hc.data["user_desktop_processes"] = desktopProcesses
hc.data["enrollment_status"] = naIfError(hc.k.CurrentEnrollmentStatus())

uptimeRaw, err := host.Uptime()
if err != nil {
Expand Down

0 comments on commit 5117ee4

Please sign in to comment.