From fe1e78cdfa9184132c2fac2f0f398b444f4ca81b Mon Sep 17 00:00:00 2001 From: Mikita Iwanowski Date: Tue, 9 Jul 2024 14:09:03 +0200 Subject: [PATCH 1/5] feat: run status check on register erros --- apps/cnquery/cmd/login.go | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/apps/cnquery/cmd/login.go b/apps/cnquery/cmd/login.go index e5c1b4192c..1c01e088bb 100644 --- a/apps/cnquery/cmd/login.go +++ b/apps/cnquery/cmd/login.go @@ -60,7 +60,11 @@ You remain logged in until you explicitly log out using the 'logout' subcommand. annotations, _ := cmd.Flags().GetStringToString("annotation") timer, _ := cmd.Flags().GetInt("timer") splay, _ := cmd.Flags().GetInt("splay") - return register(token, annotations, timer, splay) + err := register(token, annotations, timer, splay) + if err != nil { + defer StatusCmd.RunE(cmd, args) + } + return err }, } From ef7912f9d7730b7b3dcd5e6ce13bebd67711a0e6 Mon Sep 17 00:00:00 2001 From: Mikita Iwanowski Date: Tue, 9 Jul 2024 16:43:00 +0200 Subject: [PATCH 2/5] fix: check statuscmd error --- apps/cnquery/cmd/login.go | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/apps/cnquery/cmd/login.go b/apps/cnquery/cmd/login.go index 1c01e088bb..1751ff97bd 100644 --- a/apps/cnquery/cmd/login.go +++ b/apps/cnquery/cmd/login.go @@ -62,7 +62,12 @@ You remain logged in until you explicitly log out using the 'logout' subcommand. splay, _ := cmd.Flags().GetInt("splay") err := register(token, annotations, timer, splay) if err != nil { - defer StatusCmd.RunE(cmd, args) + defer func() { + err := StatusCmd.RunE(cmd, args) + if err != nil { + log.Warn().Err(err).Msg("could not run status command") + } + }() } return err }, From 531a7489d7219da32c4c173471daa84038466be1 Mon Sep 17 00:00:00 2001 From: Mikita Iwanowski Date: Tue, 9 Jul 2024 17:47:17 +0200 Subject: [PATCH 3/5] feat: perform status check inside function, use function instead of command in login command --- apps/cnquery/cmd/login.go | 3 +- apps/cnquery/cmd/status.go | 144 ++++++++++++++++++++----------------- 2 files changed, 79 insertions(+), 68 deletions(-) diff --git a/apps/cnquery/cmd/login.go b/apps/cnquery/cmd/login.go index 1751ff97bd..84b4cba34b 100644 --- a/apps/cnquery/cmd/login.go +++ b/apps/cnquery/cmd/login.go @@ -63,10 +63,11 @@ You remain logged in until you explicitly log out using the 'logout' subcommand. err := register(token, annotations, timer, splay) if err != nil { defer func() { - err := StatusCmd.RunE(cmd, args) + s, err := checkStatus() if err != nil { log.Warn().Err(err).Msg("could not run status command") } + s.RenderCliStatus() }() } return err diff --git a/apps/cnquery/cmd/status.go b/apps/cnquery/cmd/status.go index 64b4e02bcf..d20bc43ed2 100644 --- a/apps/cnquery/cmd/status.go +++ b/apps/cnquery/cmd/status.go @@ -44,77 +44,12 @@ Status sends a ping to Mondoo Platform to verify the credentials. }, RunE: func(cmd *cobra.Command, args []string) error { defer providers.Coordinator.Shutdown() - opts, optsErr := config.Read() - if optsErr != nil { - return cli_errors.NewCommandError(errors.Wrap(optsErr, "could not load configuration"), 1) - } config.DisplayUsedConfig() - s := Status{ - Client: ClientStatus{ - Timestamp: time.Now().Format(time.RFC3339), - Version: cnquery.GetVersion(), - Build: cnquery.GetBuild(), - }, - } - - httpClient, err := opts.GetHttpClient() - if err != nil { - return cli_errors.NewCommandError(errors.Wrap(err, "failed to set up Mondoo API client"), 1) - } - - sysInfo, err := sysinfo.Get() - if err == nil { - s.Client.Platform = sysInfo.Platform - s.Client.Hostname = sysInfo.Hostname - s.Client.IP = sysInfo.IP - } - - // check server health and clock skew - upstreamStatus, err := health.CheckApiHealth(httpClient, opts.UpstreamApiEndpoint()) + s, err := checkStatus() if err != nil { - log.Error().Err(err).Msg("could not check upstream health") - } - s.Upstream = upstreamStatus - - latestVersion, err := cnquery.GetLatestVersion(httpClient) - if err != nil { - return cli_errors.NewCommandError(errors.Wrap(err, "failed to get latest version"), 1) - } - - s.Client.LatestVersion = latestVersion - - // check valid agent authentication - plugins := []ranger.ClientPlugin{} - - // try to load config into credentials struct - credentials := opts.GetServiceCredential() - if credentials != nil && len(credentials.Mrn) > 0 { - s.Client.ParentMrn = credentials.ParentMrn - s.Client.Registered = true - s.Client.ServiceAccount = credentials.Mrn - s.Client.Mrn = opts.AgentMrn - if s.Client.Mrn == "" { - s.Client.Mrn = "no managed client" - } - - certAuth, err := upstream.NewServiceAccountRangerPlugin(credentials) - if err != nil { - return cli_errors.NewCommandError(errors.Wrap(err, "invalid credentials"), ConfigurationErrorCode) - } - plugins = append(plugins, certAuth) - - // try to ping the server - client, err := upstream.NewAgentManagerClient(s.Upstream.API.Endpoint, httpClient, plugins...) - if err == nil { - _, err = client.PingPong(context.Background(), &upstream.Ping{}) - if err != nil { - s.Client.PingPongError = err - } - } else { - s.Client.PingPongError = err - } + return err } switch strings.ToLower(viper.GetString("output")) { @@ -135,6 +70,81 @@ Status sends a ping to Mondoo Platform to verify the credentials. }, } +func checkStatus() (Status, error) { + s := Status{ + Client: ClientStatus{ + Timestamp: time.Now().Format(time.RFC3339), + Version: cnquery.GetVersion(), + Build: cnquery.GetBuild(), + }, + } + + opts, optsErr := config.Read() + if optsErr != nil { + return s, cli_errors.NewCommandError(errors.Wrap(optsErr, "could not load configuration"), 1) + } + + httpClient, err := opts.GetHttpClient() + if err != nil { + return s, cli_errors.NewCommandError(errors.Wrap(err, "failed to set up Mondoo API client"), 1) + } + + sysInfo, err := sysinfo.Get() + if err == nil { + s.Client.Platform = sysInfo.Platform + s.Client.Hostname = sysInfo.Hostname + s.Client.IP = sysInfo.IP + } + + // check server health and clock skew + upstreamStatus, err := health.CheckApiHealth(httpClient, opts.UpstreamApiEndpoint()) + if err != nil { + log.Error().Err(err).Msg("could not check upstream health") + } + s.Upstream = upstreamStatus + + latestVersion, err := cnquery.GetLatestVersion(httpClient) + if err != nil { + return s, cli_errors.NewCommandError(errors.Wrap(err, "failed to get latest version"), 1) + } + + s.Client.LatestVersion = latestVersion + + // check valid agent authentication + plugins := []ranger.ClientPlugin{} + + // try to load config into credentials struct + credentials := opts.GetServiceCredential() + if credentials != nil && len(credentials.Mrn) > 0 { + s.Client.ParentMrn = credentials.ParentMrn + s.Client.Registered = true + s.Client.ServiceAccount = credentials.Mrn + s.Client.Mrn = opts.AgentMrn + if s.Client.Mrn == "" { + s.Client.Mrn = "no managed client" + } + + certAuth, err := upstream.NewServiceAccountRangerPlugin(credentials) + if err != nil { + return s, cli_errors.NewCommandError(errors.Wrap(err, "invalid credentials"), ConfigurationErrorCode) + } + plugins = append(plugins, certAuth) + + // try to ping the server + client, err := upstream.NewAgentManagerClient(s.Upstream.API.Endpoint, httpClient, plugins...) + if err == nil { + _, err = client.PingPong(context.Background(), &upstream.Ping{}) + if err != nil { + s.Client.PingPongError = err + } + } else { + s.Client.PingPongError = err + } + } + + return s, nil +} + type Status struct { Client ClientStatus `json:"client"` Upstream health.Status `json:"upstream"` From 28775151e900cce7c1e51a2efae15638d28df654 Mon Sep 17 00:00:00 2001 From: Mikita Iwanowski Date: Tue, 9 Jul 2024 18:07:18 +0200 Subject: [PATCH 4/5] fix: use scopeMrn instead of deprecated parentMrn --- apps/cnquery/cmd/status.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/apps/cnquery/cmd/status.go b/apps/cnquery/cmd/status.go index d20bc43ed2..b6416894df 100644 --- a/apps/cnquery/cmd/status.go +++ b/apps/cnquery/cmd/status.go @@ -116,7 +116,7 @@ func checkStatus() (Status, error) { // try to load config into credentials struct credentials := opts.GetServiceCredential() if credentials != nil && len(credentials.Mrn) > 0 { - s.Client.ParentMrn = credentials.ParentMrn + s.Client.ParentMrn = credentials.ScopeMrn s.Client.Registered = true s.Client.ServiceAccount = credentials.Mrn s.Client.Mrn = opts.AgentMrn From 032eb4764be24609584b3ecafa85b0c585651d74 Mon Sep 17 00:00:00 2001 From: Mikita Iwanowski Date: Wed, 10 Jul 2024 12:47:39 +0200 Subject: [PATCH 5/5] rollback to GetParentMrn --- apps/cnquery/cmd/status.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/apps/cnquery/cmd/status.go b/apps/cnquery/cmd/status.go index b6416894df..3c20d6bbcb 100644 --- a/apps/cnquery/cmd/status.go +++ b/apps/cnquery/cmd/status.go @@ -116,7 +116,7 @@ func checkStatus() (Status, error) { // try to load config into credentials struct credentials := opts.GetServiceCredential() if credentials != nil && len(credentials.Mrn) > 0 { - s.Client.ParentMrn = credentials.ScopeMrn + s.Client.ParentMrn = credentials.GetParentMrn() s.Client.Registered = true s.Client.ServiceAccount = credentials.Mrn s.Client.Mrn = opts.AgentMrn