From f6a17fe3d9990c1d383158355424d68e39bce9c0 Mon Sep 17 00:00:00 2001 From: James Pickett Date: Thu, 19 Dec 2024 10:01:43 -0800 Subject: [PATCH] drop reqs when detection locked (#2008) --- ee/desktop/runner/runner.go | 7 +++---- ee/desktop/runner/runner_test.go | 31 +++++++++++++++++++++++++++++++ ee/localserver/request-id.go | 1 - ee/localserver/request-id_test.go | 1 - ee/localserver/server.go | 10 ++++++---- 5 files changed, 40 insertions(+), 10 deletions(-) diff --git a/ee/desktop/runner/runner.go b/ee/desktop/runner/runner.go index d5bf62d7a..5805e7d87 100644 --- a/ee/desktop/runner/runner.go +++ b/ee/desktop/runner/runner.go @@ -290,21 +290,20 @@ func (r *DesktopUsersProcessesRunner) DetectPresence(reason string, interval tim } var lastErr error - var lastDurationSinceLastDetection time.Duration for _, proc := range r.uidProcs { client := client.New(r.userServerAuthToken, proc.socketPath) - lastDurationSinceLastDetection, err := client.DetectPresence(reason, interval) + durationSinceLastDetection, err := client.DetectPresence(reason, interval) if err != nil { lastErr = err continue } - return lastDurationSinceLastDetection, nil + return durationSinceLastDetection, nil } - return lastDurationSinceLastDetection, fmt.Errorf("no desktop processes detected presence, last error: %w", lastErr) + return presencedetection.DetectionFailedDurationValue, fmt.Errorf("no desktop processes detected presence, last error: %w", lastErr) } // killDesktopProcesses kills any existing desktop processes diff --git a/ee/desktop/runner/runner_test.go b/ee/desktop/runner/runner_test.go index 6b72d311d..217a01f2c 100644 --- a/ee/desktop/runner/runner_test.go +++ b/ee/desktop/runner/runner_test.go @@ -18,6 +18,7 @@ import ( "github.com/kolide/launcher/ee/agent/flags/keys" "github.com/kolide/launcher/ee/agent/types/mocks" "github.com/kolide/launcher/ee/desktop/user/notify" + "github.com/kolide/launcher/ee/presencedetection" "github.com/kolide/launcher/pkg/backoff" "github.com/kolide/launcher/pkg/log/multislogger" "github.com/kolide/launcher/pkg/threadsafebuffer" @@ -493,3 +494,33 @@ func countFilesWithPrefix(folderPath, prefix string) (int, error) { return count, nil } + +func TestDesktopUsersProcessesRunner_DetectPresence(t *testing.T) { + t.Parallel() + + t.Run("no user procs", func(t *testing.T) { + t.Parallel() + + runner := DesktopUsersProcessesRunner{} + d, err := runner.DetectPresence("whatevs", time.Second) + require.Error(t, err) + require.Equal(t, presencedetection.DetectionFailedDurationValue, d) + }) + + t.Run("cant connect to user server", func(t *testing.T) { + t.Parallel() + + u, err := user.Current() + require.NoError(t, err) + + runner := DesktopUsersProcessesRunner{ + uidProcs: map[string]processRecord{ + u.Uid: {}, + }, + } + + d, err := runner.DetectPresence("whatevs", time.Second) + require.Error(t, err) + require.Equal(t, presencedetection.DetectionFailedDurationValue, d) + }) +} diff --git a/ee/localserver/request-id.go b/ee/localserver/request-id.go index aad795413..0ecf3eafa 100644 --- a/ee/localserver/request-id.go +++ b/ee/localserver/request-id.go @@ -84,7 +84,6 @@ func (ls *localServer) requestIdHandlerFunc(w http.ResponseWriter, r *http.Reque Origin: r.Header.Get("Origin"), Status: status{ EnrollmentStatus: string(enrollmentStatus), - InstanceStatuses: ls.knapsack.InstanceStatuses(), }, } response.identifiers = ls.identifiers diff --git a/ee/localserver/request-id_test.go b/ee/localserver/request-id_test.go index d6a0af54a..8873bb34c 100644 --- a/ee/localserver/request-id_test.go +++ b/ee/localserver/request-id_test.go @@ -27,7 +27,6 @@ func Test_localServer_requestIdHandler(t *testing.T) { mockKnapsack.On("ConfigStore").Return(storageci.NewStore(t, multislogger.NewNopLogger(), storage.ConfigStore.String())) mockKnapsack.On("KolideServerURL").Return("localhost") mockKnapsack.On("CurrentEnrollmentStatus").Return(types.Enrolled, nil) - mockKnapsack.On("InstanceStatuses").Return(map[string]types.InstanceStatus{"default": types.InstanceStatusHealthy}) var logBytes bytes.Buffer slogger := slog.New(slog.NewJSONHandler(&logBytes, &slog.HandlerOptions{ diff --git a/ee/localserver/server.go b/ee/localserver/server.go index 053c09de4..9646d4aee 100644 --- a/ee/localserver/server.go +++ b/ee/localserver/server.go @@ -419,10 +419,6 @@ func (ls *localServer) rateLimitHandler(next http.Handler) http.Handler { func (ls *localServer) presenceDetectionHandler(next http.Handler) http.Handler { return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { - // ensure we only prompt for 1 presence detection at a time - ls.presenceDetectionMutex.Lock() - defer ls.presenceDetectionMutex.Unlock() - // can test this by adding an unauthed endpoint to the mux and running, for example: // curl -i -H "X-Kolide-Presence-Detection-Interval: 10s" -H "X-Kolide-Presence-Detection-Reason: my reason" localhost:12519/id detectionIntervalStr := r.Header.Get(kolidePresenceDetectionIntervalHeaderKey) @@ -461,6 +457,12 @@ func (ls *localServer) presenceDetectionHandler(next http.Handler) http.Handler ) } + if !ls.presenceDetectionMutex.TryLock() { + http.Error(w, "presence detection already in progress", http.StatusTooManyRequests) + return + } + defer ls.presenceDetectionMutex.Unlock() + durationSinceLastDetection, err := ls.presenceDetector.DetectPresence(reason, detectionIntervalDuration) if err != nil {