Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[KATC] Update config schema, including overlays #1772

Merged
merged 21 commits into from
Jul 15, 2024

Conversation

RebeccaMahany
Copy link
Contributor

@RebeccaMahany RebeccaMahany commented Jul 8, 2024

This PR makes the following config updates:

  • Rename source column to path to be more consistent with our e.g. dataflatten tables, which also return a path column
  • Rename source to source_paths for clarity; additionally, make it an array rather than a single string to allow for matching against multiple patterns
  • Rename query to source_query to disambiguate from the query column we use elsewhere
  • Rename platform to filters to clarify that we may have other types of filters in the future
  • Update config structure to include a list of overlays inside the table definition, which will allow us to define the table configuration across multiple platforms; move filters inside the overlays

This is an alternative implementation to #1770.

ee/katc/config.go Outdated Show resolved Hide resolved
ee/katc/config.go Outdated Show resolved Hide resolved
ee/katc/config.go Outdated Show resolved Hide resolved
return errors.New("key value consumer is nil")
}

var kvPairs map[string]any
Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Discovered when testing with @jbeker that the existing KV consumer in this package does not work for this config because Golang won't unmarshal the config as a map[string]string since it's a more complex object, which makes sense.

This is a quick fix, but maybe we want something cleverer?

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thinking out loud....

Hrm. To be honest, I had to pull them down and diff them to understand the difference.

If I read this right, the difference is that in the new case, k2 is sending map[string]any, while the old case is map[string]string.

The thing that seems weird, is that this is then json.Marshal back down to map[string]string I assume because the underlying ~everything expects that.

So I wonder... If we're going to json.Marshal down to strings anyhow, is it cleaner if K2 does that for us? It might not be, it's sorta of nice of the API is just the json, and not marshalled json. But I want to ask...

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Correct, this handles the error that Jeremy and I were seeing: failed to decode key-value json: json: cannot unmarshal object into Go value of type string.

I wasn't sure if it would be cleaner for K2 to update or not.

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

It's going to be pretty trivial on the k2 side. And I think it's pretty trivial here.

So I think we get to decide what feels like a cleaner protocol.

Having everything as a string feels clean, but having the KATC definitions marshalled into strings feels kinda weird. 🤷

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I guess I like it this way a little better, then -- it feels tidy that k2 doesn't need to know about the marshalling and unmarshalling to a string; launcher handles that itself for ease of storage in bucket/startup_settings.

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

It's step towards a more structured interface and API between k2 and launcher. (vs what we have now, which feels like it requires a very complete knowledge of all the parts)

directionless
directionless previously approved these changes Jul 13, 2024
return errors.New("key value consumer is nil")
}

var kvPairs map[string]any
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thinking out loud....

Hrm. To be honest, I had to pull them down and diff them to understand the difference.

If I read this right, the difference is that in the new case, k2 is sending map[string]any, while the old case is map[string]string.

The thing that seems weird, is that this is then json.Marshal back down to map[string]string I assume because the underlying ~everything expects that.

So I wonder... If we're going to json.Marshal down to strings anyhow, is it cleaner if K2 does that for us? It might not be, it's sorta of nice of the API is just the json, and not marshalled json. But I want to ask...

if sourceConstraintExists {
return &sourceConstraint
// getPathConstraint retrieves any constraints against the `path` column
func getPathConstraint(queryContext table.QueryContext) *table.ConstraintList {
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

FWIW https://github.com/kolide/launcher/blob/main/ee/tables/tablehelpers/getconstraints.go#L51 is similar, but returns []string. This is fine though...

Other caveat, is that I think this all only works if the constraints are =, it'll fail for LIKE or <. But, conveniently, I don't think those are passed in the QueryContext. At least, this assumption is also made in other parts of our code. Mostly noting it as an FYI for the future.

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Oh, I see you're handling LIKE and GLOB as well. I'm not sure osquery passes those, but that's nice completeness.

ee/katc/indexeddb_leveldb.go Outdated Show resolved Hide resolved
ee/katc/sqlite.go Outdated Show resolved Hide resolved
ee/katc/table.go Outdated Show resolved Hide resolved
Copy link
Contributor

@James-Pickett James-Pickett left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

nice

Copy link
Contributor

@directionless directionless left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Let's try!

@RebeccaMahany RebeccaMahany added this pull request to the merge queue Jul 15, 2024
Merged via the queue into kolide:main with commit 70b6d0b Jul 15, 2024
29 checks passed
@RebeccaMahany RebeccaMahany deleted the becca/katc-overlay branch July 15, 2024 22:37
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

4 participants