Documentation ¶
Index ¶
- Constants
- func IsForeignKey(err error) bool
- func IsNotFound(err error) bool
- func RandomText(keySize int) (string, error)
- func WriteQueriesToYaml(queries []*Query) (string, error)
- type AlreadyExistsError
- type AppConfig
- type AppConfigPayload
- type AppConfigService
- type AppConfigStore
- type Auth
- type CampaignService
- type CampaignStore
- type CreateTimestamp
- type Datastore
- type DecoratorConfig
- type DistributedQueryCampaign
- type DistributedQueryCampaignTarget
- type DistributedQueryExecutionStatus
- type DistributedQueryResult
- type DistributedQueryStatus
- type Email
- type EnrollSecret
- type EnrollSecretSpec
- type FIMCategoryToPaths
- type ForeignKeyError
- type Host
- type HostExpirySettings
- type HostListOptions
- type HostService
- type HostSettings
- type HostStatus
- type HostStore
- type HostSummary
- type ImportConfig
- type ImportConfigResponse
- type ImportConfigService
- type ImportSection
- type ImportStatus
- type Invite
- type InvitePayload
- type InviteService
- type InviteStore
- type JSONLogger
- type Label
- type LabelMembershipType
- type LabelPayload
- type LabelQueryExecution
- type LabelService
- type LabelSpec
- type LabelStore
- type LabelType
- type ListOptions
- type LiveQueryStore
- type MailService
- type Mailer
- type MigrationStatus
- type ModifyAppConfigRequest
- type ModifyLabelPayload
- type NetworkInterface
- type NotFoundError
- type ObjectMetadata
- type OptionNameToValueMap
- type OptionOverrideType
- type OptionalArg
- type OptionsObject
- type OptionsOverrides
- type OptionsSpec
- type OrderDirection
- type OrgInfo
- type OsQueryConfigInt
- type OsqueryDistributedQueryResults
- type OsqueryOptionsService
- type OsqueryOptionsStore
- type OsqueryService
- type OsqueryStatus
- type Pack
- type PackContent
- type PackDetails
- type PackNameMap
- type PackNameToPackDetails
- type PackPayload
- type PackService
- type PackSpec
- type PackSpecQuery
- type PackSpecTargets
- type PackStore
- type PackTarget
- type Packs
- type PasswordResetRequest
- type PasswordResetStore
- type PermissivePackContent
- type PermissivePacks
- type PermissiveQueries
- type PermissiveQueryContent
- type Queries
- type Query
- type QueryContent
- type QueryDetails
- type QueryNameToQueryDetailsMap
- type QueryObject
- type QueryPayload
- type QueryResultStore
- type QueryService
- type QuerySpec
- type QueryStore
- type SMTPAuthMethod
- type SMTPAuthType
- type SMTPSettingsPayload
- type SSOSession
- type SSOSettings
- type SSOSettingsPayload
- type ScheduledQuery
- type ScheduledQueryPayload
- type ScheduledQueryService
- type ScheduledQueryStore
- type ServerSettings
- type Service
- type Session
- type SessionService
- type SessionStore
- type StatusService
- type Target
- type TargetMetrics
- type TargetSearchResults
- type TargetService
- type TargetStore
- type TargetType
- type Transaction
- type Transactions
- type UpdateCreateTimestamps
- type UpdateTimestamp
- type User
- type UserPayload
- type UserService
- type UserStore
- type WarningType
- type YARAConfig
Constants ¶
const ( AuthMethodNameCramMD5 = "authmethod_cram_md5" AuthMethodNameLogin = "authmethod_login" AuthMethodNamePlain = "authmethod_plain" AuthTypeNameUserNamePassword = "authtype_username_password" AuthTypeNameNone = "authtype_none" )
SMTP settings names returned from API, these map to SMTPAuthType and SMTPAuthMethod
const ( NoMigrationsCompleted = iota SomeMigrationsCompleted AllMigrationsCompleted )
const ( // StatusOnline host is active. StatusOnline = HostStatus("online") // StatusOffline no communication with host for OfflineDuration. StatusOffline = HostStatus("offline") // StatusMIA no communication with host for MIADuration. StatusMIA = HostStatus("mia") // StatusNew means the host has enrolled in the interval defined by // NewDuration. It is independent of offline and online. StatusNew = HostStatus("new") // NewDuration if a host has been created within this time period it's // considered new. NewDuration = 24 * time.Hour // OfflineDuration if a host hasn't been in communication for this period it // is considered MIA. MIADuration = 30 * 24 * time.Hour // OnlineIntervalBuffer is the additional time in seconds to add to the // online interval to avoid flapping of hosts that check in a bit later // than their expected checkin interval. OnlineIntervalBuffer = 30 )
const ( OptionsSection ImportSection = "options" PacksSection = "packs" QueriesSection = "queries" DecoratorsSection = "decorators" FilePathsSection = "file_paths" YARASigSection = "yara_signature_group" YARAFileSection = "yara_file_group" )
const ( PackDuplicate WarningType = "duplicate_pack" DifferentQuerySameName = "different_query_same_name" OptionAlreadySet = "option_already_set" OptionReadonly = "option_readonly" OptionUnknown = "option_unknown" QueryDuplicate = "duplicate_query" FIMDuplicate = "duplicate_fim" YARADuplicate = "duplicate_yara" Unsupported = "unsupported" )
const ( GlobPacks = "*" // ImportPackName is a custom pack name used for a pack we create to // hold imported scheduled queries. ImportPackName = "imported" )
const ApiVersion = "v1"
const (
AppConfigKind = "config"
)
const (
EnrollSecretKind = "enroll_secret"
)
const (
HostKind = "host"
)
const (
LabelKind = "label"
)
const (
OptionsKind = "options"
)
const (
PackKind = "pack"
)
const (
QueryKind = "query"
)
Variables ¶
This section is empty.
Functions ¶
func IsForeignKey ¶
func IsNotFound ¶
func RandomText ¶
RandomText returns a stdEncoded string of just what it says
func WriteQueriesToYaml ¶
Types ¶
type AlreadyExistsError ¶
AlreadyExists is returned when creating a datastore resource that already exists.
type AppConfig ¶
type AppConfig struct { ID uint OrgName string `db:"org_name"` OrgLogoURL string `db:"org_logo_url"` KolideServerURL string `db:"kolide_server_url"` // SMTPConfigured is a flag that indicates if smtp has been successfully // tested with the settings provided by an admin user. SMTPConfigured bool `db:"smtp_configured"` // SMTPSenderAddress is the email address that will appear in emails sent // from Fleet SMTPSenderAddress string `db:"smtp_sender_address"` // SMTPServer is the host name of the SMTP server Fleet will use to send mail SMTPServer string `db:"smtp_server"` // SMTPPort port SMTP server will use SMTPPort uint `db:"smtp_port"` // SMTPAuthenticationType type of authentication for SMTP SMTPAuthenticationType SMTPAuthType `db:"smtp_authentication_type"` // SMTPUserName must be provided if SMTPAuthenticationType is UserNamePassword SMTPUserName string `db:"smtp_user_name"` // SMTPPassword must be provided if SMTPAuthenticationType is UserNamePassword SMTPPassword string `db:"smtp_password"` // SMTPEnableSSLTLS whether to use SSL/TLS for SMTP SMTPEnableTLS bool `db:"smtp_enable_ssl_tls"` // SMTPAuthenticationMethod authentication method smtp server will use SMTPAuthenticationMethod SMTPAuthMethod `db:"smtp_authentication_method"` // SMTPDomain optional domain for SMTP SMTPDomain string `db:"smtp_domain"` // SMTPVerifySSLCerts defaults to true but can be turned off if self signed // SSL certs are used by the SMTP server SMTPVerifySSLCerts bool `db:"smtp_verify_ssl_certs"` // SMTPEnableStartTLS detects of TLS is enabled on mail server and starts to use it (default true) SMTPEnableStartTLS bool `db:"smtp_enable_start_tls"` // EntityID is a uri that identifies this service provider EntityID string `db:"entity_id"` // IssuerURI is the uri that identifies the identity provider IssuerURI string `db:"issuer_uri"` // IDPImageURL is a link to a logo or other image that is used for UX IDPImageURL string `db:"idp_image_url"` // Metadata contains IDP metadata XML Metadata string `db:"metadata"` // MetadataURL is a URL provided by the IDP which can be used to download // metadata MetadataURL string `db:"metadata_url"` // IDPName is a human friendly name for the IDP IDPName string `db:"idp_name"` // EnableSSO flag to determine whether or not to enable SSO EnableSSO bool `db:"enable_sso"` // FIMInterval defines the interval when file integrity checks will occur FIMInterval int `db:"fim_interval"` // FIMFileAccess defines the FIMSections which will be monitored for file access events as a JSON formatted array FIMFileAccesses string `db:"fim_file_accesses"` // HostExpiryEnabled defines whether automatic host cleanup is enabled. HostExpiryEnabled bool `db:"host_expiry_enabled"` // HostExpiryWindow defines a number in days after which a host will be removed if it has not communicated with Fleet. HostExpiryWindow int `db:"host_expiry_window"` // LiveQueryDisabled defines whether live queries are disabled. LiveQueryDisabled bool `db:"live_query_disabled"` // AdditionalQueries is the set of additional queries that should be run // when collecting details from hosts. AdditionalQueries *json.RawMessage `db:"additional_queries"` }
AppConfig holds configuration about the Fleet application. AppConfig data can be managed by a Fleet API user.
type AppConfigPayload ¶
type AppConfigPayload struct { OrgInfo *OrgInfo `json:"org_info"` ServerSettings *ServerSettings `json:"server_settings"` SMTPSettings *SMTPSettingsPayload `json:"smtp_settings"` HostExpirySettings *HostExpirySettings `json:"host_expiry_settings"` HostSettings *HostSettings `json:"host_settings"` // SMTPTest is a flag that if set will cause the server to test email configuration SMTPTest *bool `json:"smtp_test,omitempty"` // SSOSettings single sign settings SSOSettings *SSOSettingsPayload `json:"sso_settings"` }
AppConfigPayload contains request/response format of the AppConfig endpoints.
type AppConfigService ¶
type AppConfigService interface { NewAppConfig(ctx context.Context, p AppConfigPayload) (info *AppConfig, err error) AppConfig(ctx context.Context) (info *AppConfig, err error) ModifyAppConfig(ctx context.Context, p AppConfigPayload) (info *AppConfig, err error) SendTestEmail(ctx context.Context, config *AppConfig) error // ApplyEnrollSecretSpec adds and updates the enroll secrets specified in // the spec. ApplyEnrollSecretSpec(ctx context.Context, spec *EnrollSecretSpec) error // GetEnrollSecretSpec gets the spec for the current enroll secrets. GetEnrollSecretSpec(ctx context.Context) (*EnrollSecretSpec, error) // Certificate returns the PEM encoded certificate chain for osqueryd TLS termination. // For cases where the connection is self-signed, the server will attempt to // connect using the InsecureSkipVerify option in tls.Config. CertificateChain(ctx context.Context) (cert []byte, err error) }
AppConfigService provides methods for configuring the Fleet application
type AppConfigStore ¶
type AppConfigStore interface { NewAppConfig(info *AppConfig) (*AppConfig, error) AppConfig() (*AppConfig, error) SaveAppConfig(info *AppConfig) error // VerifyEnrollSecret checks that the provided secret matches an active // enroll secret. If it is successfully matched, the name of the secret is // returned. Otherwise an error is returned. VerifyEnrollSecret(secret string) (string, error) // ApplyEnrollSecretSpec adds and updates the enroll secrets specified in // the spec. ApplyEnrollSecretSpec(spec *EnrollSecretSpec) error // GetEnrollSecretSpec gets the spec for the current enroll secrets. GetEnrollSecretSpec() (*EnrollSecretSpec, error) }
AppConfigStore contains method for saving and retrieving application configuration
type CampaignService ¶
type CampaignService interface { // NewDistributedQueryCampaign creates a new distributed query campaign // with the provided query and host/label targets (specified by name). NewDistributedQueryCampaignByNames(ctx context.Context, queryString string, hosts []string, labels []string) (*DistributedQueryCampaign, error) // NewDistributedQueryCampaign creates a new distributed query campaign // with the provided query and host/label targets NewDistributedQueryCampaign(ctx context.Context, queryString string, hosts []uint, labels []uint) (*DistributedQueryCampaign, error) // StreamCampaignResults streams updates with query results and // expected host totals over the provided websocket. Note that the type // signature is somewhat inconsistent due to this being a streaming API // and not the typical go-kit RPC style. StreamCampaignResults(ctx context.Context, conn *websocket.Conn, campaignID uint) }
CampaignService defines the distributed query campaign related service methods
type CampaignStore ¶
type CampaignStore interface { // NewDistributedQueryCampaign creates a new distributed query campaign NewDistributedQueryCampaign(camp *DistributedQueryCampaign) (*DistributedQueryCampaign, error) // DistributedQueryCampaign loads a distributed query campaign by ID DistributedQueryCampaign(id uint) (*DistributedQueryCampaign, error) // SaveDistributedQueryCampaign updates an existing distributed query // campaign SaveDistributedQueryCampaign(camp *DistributedQueryCampaign) error // DistributedQueryCampaignTargetIDs gets the IDs of the targets for // the query campaign of the provided ID DistributedQueryCampaignTargetIDs(id uint) (hostIDs []uint, labelIDs []uint, err error) // NewDistributedQueryCampaignTarget adds a new target to an existing // distributed query campaign NewDistributedQueryCampaignTarget(target *DistributedQueryCampaignTarget) (*DistributedQueryCampaignTarget, error) // CleanupDistributedQueryCampaigns will clean and trim metadata for old // distributed query campaigns. Any campaign in the QueryWaiting state will // be moved to QueryComplete after one minute. Any campaign in the // QueryRunning state will be moved to QueryComplete after one day. Times // are from creation time. The now parameter makes this method easier to // test. The return values indicate how many campaigns were expired and any error. CleanupDistributedQueryCampaigns(now time.Time) (expired uint, err error) }
CampaignStore defines the distributed query campaign related datastore methods
type CreateTimestamp ¶
Createable contains common timestamp fields indicating create time
type Datastore ¶
type Datastore interface { UserStore QueryStore CampaignStore PackStore LabelStore HostStore TargetStore PasswordResetStore SessionStore AppConfigStore InviteStore ScheduledQueryStore OsqueryOptionsStore Name() string Drop() error // MigrateTables creates and migrates the table schemas MigrateTables() error // MigrateData populates built-in data MigrateData() error // MigrationStatus returns nil if migrations are complete, and an error // if migrations need to be run. MigrationStatus() (MigrationStatus, error) Begin() (Transaction, error) }
Datastore combines all the interfaces in the Fleet DAL
type DecoratorConfig ¶
type DecoratorConfig struct { Load []string `json:"load"` Always []string `json:"always"` /* Interval maps a string representation of a numeric interval to a set of decorator queries. { "interval": { "3600": [ "SELECT total_seconds FROM uptime;" ] } } */ Interval map[string][]string `json:"interval"` }
Decorator section of osquery config each section contains rows of decorator queries.
type DistributedQueryCampaign ¶
type DistributedQueryCampaign struct { UpdateCreateTimestamps Metrics TargetMetrics ID uint `json:"id"` QueryID uint `json:"query_id" db:"query_id"` Status DistributedQueryStatus `json:"status"` UserID uint `json:"user_id" db:"user_id"` }
DistributedQueryCampaign is the basic metadata associated with a distributed query.
type DistributedQueryCampaignTarget ¶
type DistributedQueryCampaignTarget struct { ID uint Type TargetType DistributedQueryCampaignID uint `db:"distributed_query_campaign_id"` TargetID uint `db:"target_id"` }
DistributedQueryCampaignTarget stores a target (host or label) for a distributed query campaign. There is a one -> many mapping of campaigns to targets.
type DistributedQueryExecutionStatus ¶
type DistributedQueryExecutionStatus int
DistributedQueryExecutionStatus is the status of a distributed query execution on a single host.
const ( ExecutionWaiting DistributedQueryExecutionStatus = iota ExecutionRequested ExecutionSucceeded ExecutionFailed )
type DistributedQueryResult ¶
type DistributedQueryResult struct { DistributedQueryCampaignID uint `json:"distributed_query_execution_id"` Host Host `json:"host"` Rows []map[string]string `json:"rows"` // osquery currently doesn't return any helpful error information, // but we use string here instead of bool for future-proofing. Note also // that we can't use the error interface here because something // implementing that interface may not (un)marshal properly Error *string `json:"error"` }
DistributedQueryResult is the result returned from the execution of a distributed query on a single host.
type DistributedQueryStatus ¶
type DistributedQueryStatus int
DistributedQueryStatus is the lifecycle status of a distributed query campaign.
const ( QueryWaiting DistributedQueryStatus = iota QueryRunning QueryComplete )
type EnrollSecret ¶
type EnrollSecret struct { // Name is the name assigned to the secret Name string `json:"name" db:"name"` // Secret is the actual secret key. Secret string `json:"secret" db:"secret"` // Active determines whether the secret is currently allowed to be used for // authentication. Active bool `json:"active" db:"active"` // CreatedAt is the time this enroll secret was first added. CreatedAt time.Time `json:"created_at" db:"created_at"` }
EnrollSecret contains information about an enroll secret, name, and active status. Enroll secrets are used for osquery authentication.
type EnrollSecretSpec ¶
type EnrollSecretSpec struct { // Secrets is the list of enroll secrets. Secrets []EnrollSecret `json:"secrets"` }
EnrollSecretSpec is the fleetctl spec type for enroll secrets.
type FIMCategoryToPaths ¶
type ForeignKeyError ¶
ForeignKeyError is returned when the operation fails due to foreign key constraints.
type Host ¶
type Host struct { UpdateCreateTimestamps ID uint `json:"id"` // OsqueryHostID is the key used in the request context that is // used to retrieve host information. It is sent from osquery and may currently be // a GUID or a Host Name, but in either case, it MUST be unique OsqueryHostID string `json:"-" db:"osquery_host_id"` DetailUpdateTime time.Time `json:"detail_updated_at" db:"detail_update_time"` // Time that the host details were last updated LabelUpdateTime time.Time `json:"label_updated_at" db:"label_update_time"` // Time that the host details were last updated SeenTime time.Time `json:"seen_time" db:"seen_time"` // Time that the host was last "seen" NodeKey string `json:"-" db:"node_key"` HostName string `json:"hostname" db:"host_name"` // there is a fulltext index on this field UUID string `json:"uuid" db:"uuid"` // there is a fulltext index on this field Platform string `json:"platform"` OsqueryVersion string `json:"osquery_version" db:"osquery_version"` OSVersion string `json:"os_version" db:"os_version"` Build string `json:"build"` PlatformLike string `json:"platform_like" db:"platform_like"` CodeName string `json:"code_name" db:"code_name"` Uptime time.Duration `json:"uptime"` PhysicalMemory int64 `json:"memory" sql:"type:bigint" db:"physical_memory"` // system_info fields CPUType string `json:"cpu_type" db:"cpu_type"` CPUSubtype string `json:"cpu_subtype" db:"cpu_subtype"` CPUBrand string `json:"cpu_brand" db:"cpu_brand"` CPUPhysicalCores int `json:"cpu_physical_cores" db:"cpu_physical_cores"` CPULogicalCores int `json:"cpu_logical_cores" db:"cpu_logical_cores"` HardwareVendor string `json:"hardware_vendor" db:"hardware_vendor"` HardwareModel string `json:"hardware_model" db:"hardware_model"` HardwareVersion string `json:"hardware_version" db:"hardware_version"` HardwareSerial string `json:"hardware_serial" db:"hardware_serial"` ComputerName string `json:"computer_name" db:"computer_name"` // PrimaryNetworkInterfaceID if present indicates to primary network for the host, the details of which // can be found in the NetworkInterfaces element with the same ip_address. PrimaryNetworkInterfaceID *uint `json:"primary_ip_id,omitempty" db:"primary_ip_id"` NetworkInterfaces []*NetworkInterface `json:"-" db:"-"` PrimaryIP string `json:"primary_ip" db:"primary_ip"` PrimaryMac string `json:"primary_mac" db:"primary_mac"` DistributedInterval uint `json:"distributed_interval" db:"distributed_interval"` ConfigTLSRefresh uint `json:"config_tls_refresh" db:"config_tls_refresh"` LoggerTLSPeriod uint `json:"logger_tls_period" db:"logger_tls_period"` Additional *json.RawMessage `json:"additional,omitempty" db:"additional"` EnrollSecretName string `json:"enroll_secret_name" db:"enroll_secret_name"` }
type HostExpirySettings ¶
type HostExpirySettings struct { HostExpiryEnabled *bool `json:"host_expiry_enabled,omitempty"` HostExpiryWindow *int `json:"host_expiry_window,omitempty"` }
HostExpirySettings contains settings pertaining to automatic host expiry.
type HostListOptions ¶
type HostListOptions struct { ListOptions StatusFilter HostStatus }
type HostService ¶
type HostService interface { ListHosts(ctx context.Context, opt HostListOptions) (hosts []*Host, err error) GetHost(ctx context.Context, id uint) (host *Host, err error) GetHostSummary(ctx context.Context) (summary *HostSummary, err error) DeleteHost(ctx context.Context, id uint) (err error) // HostByIdentifier returns one host matching the provided identifier. // Possible matches can be on osquery_host_identifier, node_key, UUID, or // hostname. HostByIdentifier(ctx context.Context, identifier string) (*Host, error) }
type HostSettings ¶
type HostSettings struct {
AdditionalQueries *json.RawMessage `json:"additional_queries"`
}
type HostStatus ¶
type HostStatus string
type HostStore ¶
type HostStore interface { // NewHost is deprecated and will be removed. Hosts should always be // enrolled via EnrollHost. NewHost(host *Host) (*Host, error) SaveHost(host *Host) error DeleteHost(hid uint) error Host(id uint) (*Host, error) EnrollHost(osqueryHostId, nodeKey, secretName string) (*Host, error) ListHosts(opt HostListOptions) ([]*Host, error) // AuthenticateHost authenticates and returns host metadata by node key. // This method should not return the host "additional" information as this // is not typically necessary for the operations performed by the osquery // endpoints. AuthenticateHost(nodeKey string) (*Host, error) MarkHostSeen(host *Host, t time.Time) error SearchHosts(query string, omit ...uint) ([]*Host, error) // CleanupIncomingHosts deletes hosts that have enrolled but never // updated their status details. This clears dead "incoming hosts" that // never complete their registration. // // A host is considered incoming if both the hostname and // osquery_version fields are empty. This means that multiple different // osquery queries failed to populate details. CleanupIncomingHosts(now time.Time) error // GenerateHostStatusStatistics retrieves the count of online, offline, // MIA and new hosts. GenerateHostStatusStatistics(now time.Time) (online, offline, mia, new uint, err error) // HostIDsByName Retrieve the IDs associated with the given hostnames HostIDsByName(hostnames []string) ([]uint, error) // HostByIdentifier returns one host matching the provided identifier. // Possible matches can be on osquery_host_identifier, node_key, UUID, or // hostname. HostByIdentifier(identifier string) (*Host, error) }
type HostSummary ¶
type HostSummary struct { OnlineCount uint `json:"online_count"` OfflineCount uint `json:"offline_count"` MIACount uint `json:"mia_count"` NewCount uint `json:"new_count"` }
HostSummary is a structure which represents a data summary about the total set of hosts in the database. This structure is returned by the HostService method GetHostSummary
type ImportConfig ¶
type ImportConfig struct { // DryRun if true an import will be attempted, and if successful will be completely rolled back DryRun bool // Options is a map of option name to a value which can be an int, // bool, or string. Options OptionNameToValueMap `json:"options"` // Schedule is a map of query names to details Schedule QueryNameToQueryDetailsMap `json:"schedule"` // Packs is a map of pack names to either PackDetails, or a string // containing a file path with a pack config. If a string, we expect // PackDetails to be stored in ExternalPacks. Packs PackNameMap `json:"packs"` // FileIntegrityMonitoring file integrity monitoring information. // See https://osquery.readthedocs.io/en/stable/deployment/file-integrity-monitoring/ FileIntegrityMonitoring FIMCategoryToPaths `json:"file_paths"` // YARA configuration YARA *YARAConfig `json:"yara"` Decorators *DecoratorConfig `json:"decorators"` // ExternalPacks are packs referenced when an item in the Packs map references // an external file. The PackName here must match the PackName in the Packs map. ExternalPacks PackNameToPackDetails `json:"-"` // GlobPackNames lists pack names that are globbed. GlobPackNames []string `json:"glob"` }
ImportConfig is a representation of an Osquery configuration. Osquery documentation has further details. See https://osquery.readthedocs.io/en/stable/deployment/configuration/
func (*ImportConfig) CollectPacks ¶
func (ic *ImportConfig) CollectPacks() (PackNameToPackDetails, error)
CollectPacks consolidates packs, globbed packs and external packs.
type ImportConfigResponse ¶
type ImportConfigResponse struct {
ImportStatusBySection map[ImportSection]*ImportStatus `json:"import_status"`
}
ImportConfigResponse contains information about the import of an osquery configuration file.
func (*ImportConfigResponse) Status ¶
func (ic *ImportConfigResponse) Status(section ImportSection) (status *ImportStatus)
Status returns a structure that contains information about the import of a particular section of an osquery configuration file.
type ImportConfigService ¶
type ImportConfigService interface { // ImportConfig create packs, queries, options etc based on imported // osquery configuration. ImportConfig(ctx context.Context, cfg *ImportConfig) (*ImportConfigResponse, error) }
type ImportSection ¶
type ImportSection string
ImportSection is used to categorize information associated with the import of a particular section of an imported osquery configuration file.
type ImportStatus ¶
type ImportStatus struct { // Title human readable name of the section of the import file that this // status pertains to. Title string `json:"title"` // ImportCount count of items successfully imported. ImportCount int `json:"import_count"` // SkipCount count of items that are skipped. The reasons for the omissions // can be found in Warnings. SkipCount int `json:"skip_count"` // Warnings groups categories of warnings with one or more detail messages. Warnings map[WarningType][]string `json:"warnings"` // Messages contains an entry for each import attempt. Messages []string `json:"messages"` }
ImportStatus contains information pertaining to the import of a section of an osquery configuration file.
func (*ImportStatus) Message ¶
func (is *ImportStatus) Message(fmtMsg string, args ...interface{})
Message is used to add a general message to ImportStatus, usually indicating what was changed in a successful import.
func (*ImportStatus) Warning ¶
func (is *ImportStatus) Warning(warnType WarningType, fmtMsg string, fmtArgs ...interface{})
Warning is used to add a warning message to ImportStatus.
type Invite ¶
type Invite struct { UpdateCreateTimestamps ID uint `json:"id"` InvitedBy uint `json:"invited_by" db:"invited_by"` Email string `json:"email"` Admin bool `json:"admin"` Name string `json:"name"` Position string `json:"position,omitempty"` Token string `json:"-"` SSOEnabled bool `json:"sso_enabled" db:"sso_enabled"` }
Invite represents an invitation for a user to join Fleet.
type InvitePayload ¶
type InvitePayload struct { InvitedBy *uint `json:"invited_by"` Email *string Admin *bool Name *string Position *string SSOEnabled *bool `json:"sso_enabled"` }
InvitePayload contains fields required to create a new user invite.
type InviteService ¶
type InviteService interface { // InviteNewUser creates an invite for a new user to join Fleet. InviteNewUser(ctx context.Context, payload InvitePayload) (invite *Invite, err error) // DeleteInvite removes an invite. DeleteInvite(ctx context.Context, id uint) (err error) // Invites returns a list of all invites. ListInvites(ctx context.Context, opt ListOptions) (invites []*Invite, err error) // VerifyInvite verifies that an invite exists and that it matches the // invite token. VerifyInvite(ctx context.Context, token string) (invite *Invite, err error) }
InviteService contains methods for a service which deals with user invites.
type InviteStore ¶
type InviteStore interface { // NewInvite creates and stores a new invitation in a DB. NewInvite(i *Invite) (*Invite, error) // Invites lists all invites in the datastore. ListInvites(opt ListOptions) ([]*Invite, error) // Invite retrieves an invite by it's ID. Invite(id uint) (*Invite, error) // InviteByEmail retrieves an invite for a specific email address. InviteByEmail(email string) (*Invite, error) // InviteByToken retrieves and invite using the token string. InviteByToken(token string) (*Invite, error) // SaveInvite saves an invitation in the datastore. SaveInvite(i *Invite) error // DeleteInvite deletes an invitation. DeleteInvite(id uint) error }
InviteStore contains the methods for managing user invites in a datastore.
type JSONLogger ¶
type JSONLogger interface { // Write writes the JSON log entries to the appropriate destination, // returning any errors that occurred. Write(ctx context.Context, logs []json.RawMessage) error }
JSONLogger defines an interface for loggers that can write JSON to various output sources.
type Label ¶
type Label struct { UpdateCreateTimestamps ID uint `json:"id"` Name string `json:"name"` Description string `json:"description"` Query string `json:"query"` Platform string `json:"platform"` LabelType LabelType `json:"label_type" db:"label_type"` LabelMembershipType LabelMembershipType `json:"label_membership_type" db:"label_membership_type"` HostCount int `json:"host_count" db:"host_count"` }
type LabelMembershipType ¶
type LabelMembershipType uint
LabelMembershipType sets how the membership of the label is determined.
const ( // LabelTypeDynamic indicates that the label is populated dynamically (by // the execution of a label query). LabelMembershipTypeDynamic LabelMembershipType = iota // LabelTypeManual indicates that the label is populated manually. LabelMembershipTypeManual )
func (LabelMembershipType) MarshalJSON ¶
func (t LabelMembershipType) MarshalJSON() ([]byte, error)
func (*LabelMembershipType) UnmarshalJSON ¶
func (t *LabelMembershipType) UnmarshalJSON(b []byte) error
type LabelPayload ¶
type LabelQueryExecution ¶
type LabelService ¶
type LabelService interface { // ApplyLabelSpecs applies a list of LabelSpecs to the datastore, // creating and updating labels as necessary. ApplyLabelSpecs(ctx context.Context, specs []*LabelSpec) error // GetLabelSpecs returns all of the stored LabelSpecs. GetLabelSpecs(ctx context.Context) ([]*LabelSpec, error) // GetLabelSpec gets the spec for the label with the given name. GetLabelSpec(ctx context.Context, name string) (*LabelSpec, error) NewLabel(ctx context.Context, p LabelPayload) (label *Label, err error) ModifyLabel(ctx context.Context, id uint, payload ModifyLabelPayload) (*Label, error) ListLabels(ctx context.Context, opt ListOptions) (labels []*Label, err error) GetLabel(ctx context.Context, id uint) (label *Label, err error) DeleteLabel(ctx context.Context, name string) (err error) // DeleteLabelByID is for backwards compatibility with the UI DeleteLabelByID(ctx context.Context, id uint) (err error) // ListHostsInLabel returns a slice of hosts in the label with the // given ID. ListHostsInLabel(ctx context.Context, lid uint, opt ListOptions) ([]Host, error) // LabelsForHost returns the labels that the given host is in. ListLabelsForHost(ctx context.Context, hid uint) ([]Label, error) // HostIDsForLabel returns ids of hosts that belong to the label identified // by lid HostIDsForLabel(lid uint) ([]uint, error) }
type LabelSpec ¶
type LabelSpec struct { ID uint Name string `json:"name"` Description string `json:"description"` Query string `json:"query"` Platform string `json:"platform,omitempty"` LabelType LabelType `json:"label_type,omitempty" db:"label_type"` LabelMembershipType LabelMembershipType `json:"label_membership_type" db:"label_membership_type"` Hosts []string `json:"hosts,omitempty"` }
type LabelStore ¶
type LabelStore interface { // ApplyLabelSpecs applies a list of LabelSpecs to the datastore, // creating and updating labels as necessary. ApplyLabelSpecs(specs []*LabelSpec) error // GetLabelSpecs returns all of the stored LabelSpecs. GetLabelSpecs() ([]*LabelSpec, error) // GetLabelSpec returns the spec for the named label. GetLabelSpec(name string) (*LabelSpec, error) // Label methods NewLabel(Label *Label, opts ...OptionalArg) (*Label, error) SaveLabel(label *Label) (*Label, error) DeleteLabel(name string) error Label(lid uint) (*Label, error) ListLabels(opt ListOptions) ([]*Label, error) // LabelQueriesForHost returns the label queries that should be executed // for the given host. The cutoff is the minimum timestamp a query // execution should have to be considered "fresh". Executions that are // not fresh will be repeated. Results are returned in a map of label // id -> query LabelQueriesForHost(host *Host, cutoff time.Time) (map[string]string, error) // RecordLabelQueryExecutions saves the results of label queries. The // results map is a map of label id -> whether or not the label // matches. The time parameter is the timestamp to save with the query // execution. RecordLabelQueryExecutions(host *Host, results map[uint]bool, t time.Time) error // LabelsForHost returns the labels that the given host is in. ListLabelsForHost(hid uint) ([]Label, error) // ListHostsInLabel returns a slice of hosts in the label with the // given ID. ListHostsInLabel(lid uint, opt ListOptions) ([]Host, error) // ListUniqueHostsInLabels returns a slice of all of the hosts in the // given label IDs. A host will only appear once in the results even if // it is in multiple of the provided labels. ListUniqueHostsInLabels(labels []uint) ([]Host, error) SearchLabels(query string, omit ...uint) ([]Label, error) // LabelIDsByName Retrieve the IDs associated with the given labels LabelIDsByName(labels []string) ([]uint, error) }
type LabelType ¶
type LabelType uint
LabelType is used to catagorize the kind of label
func (LabelType) MarshalJSON ¶
func (*LabelType) UnmarshalJSON ¶
type ListOptions ¶
type ListOptions struct { // Which page to return (must be positive integer) Page uint // How many results per page (must be positive integer, 0 indicates // unlimited) PerPage uint // Key to use for ordering OrderKey string // Direction of ordering OrderDirection OrderDirection }
ListOptions defines options related to paging and ordering to be used when listing objects
type LiveQueryStore ¶
type LiveQueryStore interface { // RunQuery starts a query with the given name and SQL, targeting the // provided host IDs. RunQuery(name, sql string, hostIDs []uint) error // StopQuery stops a running query with the given name. Hosts will no longer // receive the query after StopQuery has been called. StopQuery(name string) error // QueriesForHost returns the active queries for the given host ID. The // return value maps from query name to SQL. QueriesForHost(hostID uint) (map[string]string, error) // QueryCompletedByHost marks the query with the given name as completed by the // given host. After calling QueryCompleted, that query will no longer be // sent to the host. QueryCompletedByHost(name string, hostID uint) error }
LiveQueryStore defines an interface for storing and retrieving the status of live queries in the Fleet system.
type MailService ¶
type Mailer ¶
Mailer is an email campaign Types which implement the Campaign interface can be marshalled into an email body
type MigrationStatus ¶
type MigrationStatus int
type ModifyAppConfigRequest ¶
type ModifyAppConfigRequest struct { // TestSMTP is this is set to true, the SMTP configuration will be tested // with the results of the test returned to caller. No config changes // will be applied. TestSMTP bool `json:"test_smtp"` AppConfig AppConfig `json:"app_config"` }
ModifyAppConfigRequest contains application configuration information sent from front end and used to change app config elements.
type ModifyLabelPayload ¶
type ModifyLabelPayload struct { Name *string `json:"name"` Description *string `json:"description"` }
ModifyLabelPayload is used to change editable fields for a Label
type NetworkInterface ¶
type NetworkInterface struct { UpdateCreateTimestamps ID uint `json:"id"` // HostID foreign key establishes one host to many NetworkInterface relationship HostID uint `json:"-" db:"host_id"` Interface string `json:"interface"` IPAddress string `json:"address" db:"ip_address"` Mask string `json:"mask"` Broadcast string `json:"broadcast"` PointToPoint string `json:"point_to_point" db:"point_to_point"` MAC string `json:"mac"` Type int `json:"type"` MTU int `json:"mtu"` Metric int `json:"metric"` IPackets int64 `json:"ipackets"` OPackets int64 `json:"opackets"` IBytes int64 `json:"ibytes"` OBytes int64 `json:"obytes"` IErrors int64 `json:"ierrors"` OErrors int64 `json:"oerrors"` LastChange int64 `json:"last_change" db:"last_change"` }
type NotFoundError ¶
NotFoundError is returned when the datastore resource cannot be found.
type ObjectMetadata ¶
type OptionNameToValueMap ¶
type OptionNameToValueMap map[string]interface{}
type OptionOverrideType ¶
type OptionOverrideType int
OptionOverrideType is used to designate which override type a given set of options is used for. Currently the only supported override type is by platform.
const ( // OptionOverrideTypeDefault indicates that this is the default config // (provided to hosts when there is no override set for them). OptionOverrideTypeDefault OptionOverrideType = iota // OptionOverrideTypePlatform indicates that this is a // platform-specific config override (with precedence over the default // config). OptionOverrideTypePlatform )
type OptionalArg ¶
type OptionalArg func() interface{}
func HasTransaction ¶
func HasTransaction(tx Transaction) OptionalArg
type OptionsObject ¶
type OptionsObject struct { ObjectMetadata Spec OptionsSpec `json:"spec"` }
type OptionsOverrides ¶
type OptionsOverrides struct {
Platforms map[string]json.RawMessage `json:"platforms,omitempty"`
}
type OptionsSpec ¶
type OptionsSpec struct { Config json.RawMessage `json:"config"` Overrides OptionsOverrides `json:"overrides,omitempty"` }
type OrderDirection ¶
type OrderDirection int
const ( OrderAscending OrderDirection = iota OrderDescending )
type OrgInfo ¶
type OrgInfo struct { OrgName *string `json:"org_name,omitempty"` OrgLogoURL *string `json:"org_logo_url,omitempty"` }
OrgInfo contains general info about the organization using Fleet.
type OsQueryConfigInt ¶
type OsQueryConfigInt uint
OsQueryConfigInt is provided becase integers in the osquery config file may be represented as strings in the json. If we know a particular field is supposed to be an Integer, we convert from string to int if we can.
func (*OsQueryConfigInt) UnmarshalJSON ¶
func (c *OsQueryConfigInt) UnmarshalJSON(b []byte) error
type OsqueryDistributedQueryResults ¶
OsqueryDistributedQueryResults represents the format of the results of an osquery distributed query.
type OsqueryOptionsService ¶
type OsqueryOptionsService interface { ApplyOptionsSpec(ctx context.Context, spec *OptionsSpec) error GetOptionsSpec(ctx context.Context) (*OptionsSpec, error) }
type OsqueryOptionsStore ¶
type OsqueryOptionsStore interface { ApplyOptions(options *OptionsSpec) error GetOptions() (*OptionsSpec, error) OptionsForPlatform(platform string) (json.RawMessage, error) }
type OsqueryService ¶
type OsqueryService interface { EnrollAgent(ctx context.Context, enrollSecret, hostIdentifier string, hostDetails map[string](map[string]string)) (nodeKey string, err error) AuthenticateHost(ctx context.Context, nodeKey string) (host *Host, err error) GetClientConfig(ctx context.Context) (config map[string]interface{}, err error) // GetDistributedQueries retrieves the distributed queries to run for // the host in the provided context. These may be detail queries, label // queries, or user-initiated distributed queries. A map from query // name to query is returned. To enable the osquery "accelerated // checkins" feature, a positive integer (number of seconds to activate // for) should be returned. Returning 0 for this will not activate the // feature. GetDistributedQueries(ctx context.Context) (queries map[string]string, accelerate uint, err error) SubmitDistributedQueryResults(ctx context.Context, results OsqueryDistributedQueryResults, statuses map[string]OsqueryStatus) (err error) SubmitStatusLogs(ctx context.Context, logs []json.RawMessage) (err error) SubmitResultLogs(ctx context.Context, logs []json.RawMessage) (err error) }
type OsqueryStatus ¶
type OsqueryStatus int
OsqueryStatus represents osquery status codes (0 = success, nonzero = failure)
const ( // StatusOK is the success code returned by osquery StatusOK OsqueryStatus = 0 )
type Pack ¶
type Pack struct { UpdateCreateTimestamps ID uint `json:"id"` Name string `json:"name"` Description string `json:"description"` Platform string `json:"platform"` Disabled bool `json:"disabled"` }
Pack is the structure which represents an osquery query pack.
type PackContent ¶
type PackContent struct { Platform string `json:"platform,omitempty"` Version string `json:"version,omitempty"` Shard uint `json:"shard,omitempty"` Discovery []string `json:"discovery,omitempty"` Queries Queries `json:"queries"` }
PackContent is the format of an osquery query pack.
type PackDetails ¶
type PackDetails struct { Queries QueryNameToQueryDetailsMap `json:"queries"` Shard *OsQueryConfigInt `json:"shard"` Version *string `json:"version"` Platform string `json:"platform"` Discovery []string `json:"discovery"` }
PackDetails represents the "packs" section of an osquery configuration file.
type PackNameMap ¶
type PackNameMap map[string]interface{}
func (PackNameMap) UnmarshalJSON ¶
func (pnm PackNameMap) UnmarshalJSON(b []byte) error
UnmarshalJSON custom unmarshaling for PackNameMap will determine whether the pack section of an osquery config file refers to a file path, or pack details. Pack details are unmarshalled into into PackDetails structure as opposed to nested map[string]interface{}
type PackNameToPackDetails ¶
type PackNameToPackDetails map[string]PackDetails
type PackPayload ¶
type PackPayload struct { Name *string `json:"name"` Description *string `json:"description"` Platform *string `json:"platform"` Disabled *bool `json:"disabled"` HostIDs *[]uint `json:"host_ids"` LabelIDs *[]uint `json:"label_ids"` }
PackPayload is the struct which is used to create/update packs.
type PackService ¶
type PackService interface { // ApplyPackSpecs applies a list of PackSpecs to the datastore, // creating and updating packs as necessary. ApplyPackSpecs(ctx context.Context, specs []*PackSpec) error // GetPackSpecs returns all of the stored PackSpecs. GetPackSpecs(ctx context.Context) ([]*PackSpec, error) // GetPackSpec gets the spec for the pack with the given name. GetPackSpec(ctx context.Context, name string) (*PackSpec, error) // NewPack creates a new pack in the datastore. NewPack(ctx context.Context, p PackPayload) (pack *Pack, err error) // ModifyPack modifies an existing pack in the datastore. ModifyPack(ctx context.Context, id uint, p PackPayload) (pack *Pack, err error) // ListPacks lists all packs in the application. ListPacks(ctx context.Context, opt ListOptions) (packs []*Pack, err error) // GetPack retrieves a pack by ID. GetPack(ctx context.Context, id uint) (pack *Pack, err error) // DeletePack deletes a pack record from the datastore. DeletePack(ctx context.Context, name string) (err error) // DeletePackByID is for backwards compatibility with the UI DeletePackByID(ctx context.Context, id uint) (err error) // AddLabelToPack adds an existing label to an existing pack, both by ID. AddLabelToPack(ctx context.Context, lid, pid uint) (err error) // RemoveLabelFromPack removes an existing label from it's association with // an existing pack, both by ID. RemoveLabelFromPack(ctx context.Context, lid, pid uint) (err error) // ListLabelsForPack lists all labels that are associated with a pack. ListLabelsForPack(ctx context.Context, pid uint) (labels []*Label, err error) // AddHostToPack adds an existing host to an existing pack, both by ID. AddHostToPack(ctx context.Context, hid, pid uint) (err error) // RemoveHostFromPack removes an existing host from it's association with // an existing pack, both by ID. RemoveHostFromPack(ctx context.Context, hid, pid uint) (err error) // ListPacksForHost lists the packs that a host should execute. ListPacksForHost(ctx context.Context, hid uint) (packs []*Pack, err error) // ListHostsInPack lists the IDs of all hosts that are associated with a pack, // both through labels and manual associations. ListHostsInPack(ctx context.Context, pid uint, opt ListOptions) (hosts []uint, err error) // ListExplicitHostsInPack lists the IDs of hosts that have been manually associated // with a query pack. ListExplicitHostsInPack(ctx context.Context, pid uint, opt ListOptions) (hosts []uint, err error) }
PackService is the service interface for managing query packs.
type PackSpec ¶
type PackSpec struct { ID uint `json:"id,omitempty"` Name string `json:"name"` Description string `json:"description,omitempty"` Platform string `json:"platform,omitempty"` Disabled bool `json:"disabled"` Targets PackSpecTargets `json:"targets,omitempty"` Queries []PackSpecQuery `json:"queries,omitempty"` }
type PackSpecQuery ¶
type PackSpecQuery struct { QueryName string `json:"query" db:"query_name"` Name string `json:"name"` Description string `json:"description"` Interval uint `json:"interval"` Snapshot *bool `json:"snapshot,omitempty"` Removed *bool `json:"removed,omitempty"` Shard *uint `json:"shard,omitempty"` Platform *string `json:"platform,omitempty"` Version *string `json:"version,omitempty"` }
type PackSpecTargets ¶
type PackSpecTargets struct {
Labels []string `json:"labels"`
}
type PackStore ¶
type PackStore interface { // ApplyPackSpecs applies a list of PackSpecs to the datastore, // creating and updating packs as necessary. ApplyPackSpecs(specs []*PackSpec) error // GetPackSpecs returns all of the stored PackSpecs. GetPackSpecs() ([]*PackSpec, error) // GetPackSpec returns the spec for the named pack. GetPackSpec(name string) (*PackSpec, error) // NewPack creates a new pack in the datastore. NewPack(pack *Pack, opts ...OptionalArg) (*Pack, error) // SavePack updates an existing pack in the datastore. SavePack(pack *Pack) error // DeletePack deletes a pack record from the datastore. DeletePack(name string) error // Pack retrieves a pack from the datastore by ID. Pack(pid uint) (*Pack, error) // ListPacks lists all packs in the datastore. ListPacks(opt ListOptions) ([]*Pack, error) // PackByName fetches pack if it exists, if the pack // exists the bool return value is true PackByName(name string, opts ...OptionalArg) (*Pack, bool, error) // AddLabelToPack adds an existing label to an existing pack, both by ID. AddLabelToPack(lid, pid uint, opts ...OptionalArg) error // RemoveLabelFromPack removes an existing label from it's association with // an existing pack, both by ID. RemoveLabelFromPack(lid, pid uint) error // ListLabelsForPack lists all labels that are associated with a pack. ListLabelsForPack(pid uint) ([]*Label, error) // AddHostToPack adds an existing host to an existing pack, both by ID. AddHostToPack(hid uint, pid uint) error // RemoveHostFromPack removes an existing host from it's association with // an existing pack, both by ID. RemoveHostFromPack(hid uint, pid uint) error // ListPacksForHost lists the packs that a host should execute. ListPacksForHost(hid uint) (packs []*Pack, err error) // ListHostsInPack lists the IDs of all hosts that are associated with a pack // through labels. ListHostsInPack(pid uint, opt ListOptions) ([]uint, error) // ListExplicitHostsInPack lists the IDs of hosts that have been manually // associated with a query pack. ListExplicitHostsInPack(pid uint, opt ListOptions) ([]uint, error) }
PackStore is the datastore interface for managing query packs.
type PackTarget ¶
PackTarget associates a pack with either a host or a label
type Packs ¶
type Packs map[string]PackContent
Packs is a helper which represents the format of a list of osquery query packs.
type PasswordResetRequest ¶
type PasswordResetRequest struct { UpdateCreateTimestamps ID uint ExpiresAt time.Time `db:"expires_at"` UserID uint `db:"user_id"` Token string }
PasswordResetRequest represents a database table for Password Reset Requests
type PasswordResetStore ¶
type PasswordResetStore interface { NewPasswordResetRequest(req *PasswordResetRequest) (*PasswordResetRequest, error) SavePasswordResetRequest(req *PasswordResetRequest) error DeletePasswordResetRequest(req *PasswordResetRequest) error DeletePasswordResetRequestsForUser(userID uint) error FindPassswordResetByID(id uint) (*PasswordResetRequest, error) FindPassswordResetsByUserID(id uint) ([]*PasswordResetRequest, error) FindPassswordResetByToken(token string) (*PasswordResetRequest, error) FindPassswordResetByTokenAndUserID(token string, id uint) (*PasswordResetRequest, error) }
PasswordResetStore manages password resets in the Datastore
type PermissivePackContent ¶
type PermissivePackContent struct { Platform string `json:"platform,omitempty"` Version string `json:"version,omitempty"` Shard uint `json:"shard,omitempty"` Discovery []string `json:"discovery,omitempty"` Queries PermissiveQueries `json:"queries"` }
type PermissivePacks ¶
type PermissivePacks map[string]PermissivePackContent
type PermissiveQueries ¶
type PermissiveQueries map[string]PermissiveQueryContent
type PermissiveQueryContent ¶
type PermissiveQueryContent struct { QueryContent Interval interface{} `json:"interval"` }
type Queries ¶
type Queries map[string]QueryContent
Queries is a helper which represents the format of a set of queries in a pack.
type Query ¶
type Query struct { UpdateCreateTimestamps ID uint `json:"id"` Name string `json:"name"` Description string `json:"description"` Query string `json:"query"` Saved bool `json:"saved"` AuthorID *uint `json:"author_id" db:"author_id"` // AuthorName is retrieved with a join to the users table in the MySQL // backend (using AuthorID) AuthorName string `json:"author_name" db:"author_name"` // Packs is loaded when retrieving queries, but is stored in a join // table in the MySQL backend. Packs []Pack `json:"packs" db:"-"` }
func LoadQueriesFromYaml ¶
type QueryContent ¶
type QueryContent struct { Query string `json:"query"` Description string `json:"description,omitempty"` Interval uint `json:"interval"` Platform *string `json:"platform,omitempty"` Version *string `json:"version,omitempty"` Snapshot *bool `json:"snapshot,omitempty"` Removed *bool `json:"removed,omitempty"` Shard *uint `json:"shard,omitempty"` }
QueryContent is the format of a query stanza in an osquery configuration.
type QueryDetails ¶
type QueryDetails struct { Query string `json:"query"` Interval OsQueryConfigInt `json:"interval"` // Optional fields Removed *bool `json:"removed"` Platform *string `json:"platform"` Version *string `json:"version"` Shard *OsQueryConfigInt `json:"shard"` Snapshot *bool `json:"snapshot"` }
QueryDetails represents the query objects used in the packs and the schedule section of an osquery configuration.
type QueryNameToQueryDetailsMap ¶
type QueryNameToQueryDetailsMap map[string]QueryDetails
type QueryObject ¶
type QueryObject struct { ObjectMetadata Spec QuerySpec `json:"spec"` }
type QueryPayload ¶
type QueryResultStore ¶
type QueryResultStore interface { // WriteResult writes a distributed query result submitted by an // osqueryd client WriteResult(result DistributedQueryResult) error // ReadChannel returns a channel to be read for incoming distributed // query results. Channel values should be either // DistributedQueryResult or error ReadChannel(ctx context.Context, query DistributedQueryCampaign) (<-chan interface{}, error) // HealthCheck returns nil if the store is functioning properly, or an // error describing the problem. HealthCheck() error }
QueryResultStore defines functions for sending and receiving distributed query results over a pub/sub system. It is implemented by structs in package pubsub.
type QueryService ¶
type QueryService interface { // ApplyQuerySpecs applies a list of queries (creating or updating // them as necessary) ApplyQuerySpecs(ctx context.Context, specs []*QuerySpec) error // GetQuerySpecs gets the YAML file representing all the stored queries. GetQuerySpecs(ctx context.Context) ([]*QuerySpec, error) // GetQuerySpec gets the spec for the query with the given name. GetQuerySpec(ctx context.Context, name string) (*QuerySpec, error) // ListQueries returns a list of saved queries. Note only saved queries // should be returned (those that are created for distributed queries // but not saved should not be returned). ListQueries(ctx context.Context, opt ListOptions) ([]*Query, error) GetQuery(ctx context.Context, id uint) (*Query, error) NewQuery(ctx context.Context, p QueryPayload) (*Query, error) ModifyQuery(ctx context.Context, id uint, p QueryPayload) (*Query, error) DeleteQuery(ctx context.Context, name string) error // For backwards compatibility with UI DeleteQueryByID(ctx context.Context, id uint) error // DeleteQueries deletes the existing query objects with the provided IDs. // The number of deleted queries is returned along with any error. DeleteQueries(ctx context.Context, ids []uint) (uint, error) }
type QueryStore ¶
type QueryStore interface { // ApplyQueries applies a list of queries (likely from a yaml file) to // the datastore. Existing queries are updated, and new queries are // created. ApplyQueries(authorID uint, queries []*Query) error // NewQuery creates a new query object in thie datastore. The returned // query should have the ID updated. NewQuery(query *Query, opts ...OptionalArg) (*Query, error) // SaveQuery saves changes to an existing query object. SaveQuery(query *Query) error // DeleteQuery deletes an existing query object. DeleteQuery(name string) error // DeleteQueries deletes the existing query objects with the provided IDs. // The number of deleted queries is returned along with any error. DeleteQueries(ids []uint) (uint, error) // Query returns the query associated with the provided ID. Associated // packs should also be loaded. Query(id uint) (*Query, error) // ListQueries returns a list of queries with the provided sorting and // paging options. Associated packs should also be loaded. ListQueries(opt ListOptions) ([]*Query, error) // QueryByName looks up a query by name. QueryByName(name string, opts ...OptionalArg) (*Query, error) }
type SMTPAuthMethod ¶
type SMTPAuthMethod int
const ( AuthMethodPlain SMTPAuthMethod = iota AuthMethodCramMD5 AuthMethodLogin )
func (SMTPAuthMethod) String ¶
func (m SMTPAuthMethod) String() string
type SMTPAuthType ¶
type SMTPAuthType int
const ( AuthTypeUserNamePassword SMTPAuthType = iota AuthTypeNone )
func (SMTPAuthType) String ¶
func (a SMTPAuthType) String() string
type SMTPSettingsPayload ¶
type SMTPSettingsPayload struct { // SMTPEnabled indicates whether the user has selected that SMTP is // enabled in the UI. SMTPEnabled *bool `json:"enable_smtp"` // SMTPConfigured is a flag that indicates if smtp has been successfully // tested with the settings provided by an admin user. SMTPConfigured *bool `json:"configured"` // SMTPSenderAddress is the email address that will appear in emails sent // from Fleet SMTPSenderAddress *string `json:"sender_address"` // SMTPServer is the host name of the SMTP server Fleet will use to send mail SMTPServer *string `json:"server"` // SMTPPort port SMTP server will use SMTPPort *uint `json:"port"` // SMTPAuthenticationType type of authentication for SMTP SMTPAuthenticationType *string `json:"authentication_type"` // SMTPUserName must be provided if SMTPAuthenticationType is UserNamePassword SMTPUserName *string `json:"user_name"` // SMTPPassword must be provided if SMTPAuthenticationType is UserNamePassword SMTPPassword *string `json:"password"` // SMTPEnableSSLTLS whether to use SSL/TLS for SMTP SMTPEnableTLS *bool `json:"enable_ssl_tls"` // SMTPAuthenticationMethod authentication method smtp server will use SMTPAuthenticationMethod *string `json:"authentication_method"` // SMTPDomain optional domain for SMTP SMTPDomain *string `json:"domain"` // SMTPVerifySSLCerts defaults to true but can be turned off if self signed // SSL certs are used by the SMTP server SMTPVerifySSLCerts *bool `json:"verify_ssl_certs"` // SMTPEnableStartTLS detects of TLS is enabled on mail server and starts to use it (default true) SMTPEnableStartTLS *bool `json:"enable_start_tls"` }
SMTPSettingsPayload is part of the AppConfigPayload which defines the wire representation of the app config endpoints
type SSOSession ¶
type SSOSettings ¶
type SSOSettings struct { // IDPName is a human readable name for the IDP IDPName string `json:"idp_name"` // IDPImageURL https link to a logo image for the IDP. IDPImageURL string `json:"idp_image_url"` // SSOEnabled true if single sign on is enabled. SSOEnabled bool `json:"sso_enabled"` }
SSOSettings SSO information used prior to authentication.
type SSOSettingsPayload ¶
type SSOSettingsPayload struct { // EntityID is a uri that identifies this service provider EntityID *string `json:"entity_id"` // IssuerURI is the uri that identifies the identity provider IssuerURI *string `json:"issuer_uri"` // IDPImageURL is a link to a logo or other image that is used for UX IDPImageURL *string `json:"idp_image_url"` // Metadata contains IDP metadata XML Metadata *string `json:"metadata"` // MetadataURL is a URL provided by the IDP which can be used to download // metadata MetadataURL *string `json:"metadata_url"` // IDPName is a human friendly name for the IDP IDPName *string `json:"idp_name"` // EnableSSO flag to determine whether or not to enable SSO EnableSSO *bool `json:"enable_sso"` }
SSOSettingsPayload wire format for SSO settings
type ScheduledQuery ¶
type ScheduledQuery struct { UpdateCreateTimestamps ID uint `json:"id"` PackID uint `json:"pack_id" db:"pack_id"` Name string `json:"name"` QueryID uint `json:"query_id" db:"query_id"` QueryName string `json:"query_name" db:"query_name"` Query string `json:"query"` // populated via a join on queries Description string `json:"description,omitempty"` Interval uint `json:"interval"` Snapshot *bool `json:"snapshot"` Removed *bool `json:"removed"` Platform *string `json:"platform,omitempty"` Version *string `json:"version,omitempty"` Shard *uint `json:"shard"` }
type ScheduledQueryPayload ¶
type ScheduledQueryService ¶
type ScheduledQueryService interface { GetScheduledQueriesInPack(ctx context.Context, id uint, opts ListOptions) (queries []*ScheduledQuery, err error) GetScheduledQuery(ctx context.Context, id uint) (query *ScheduledQuery, err error) ScheduleQuery(ctx context.Context, sq *ScheduledQuery) (query *ScheduledQuery, err error) DeleteScheduledQuery(ctx context.Context, id uint) (err error) ModifyScheduledQuery(ctx context.Context, id uint, p ScheduledQueryPayload) (query *ScheduledQuery, err error) }
type ScheduledQueryStore ¶
type ScheduledQueryStore interface { ListScheduledQueriesInPack(id uint, opts ListOptions) ([]*ScheduledQuery, error) NewScheduledQuery(sq *ScheduledQuery, opts ...OptionalArg) (*ScheduledQuery, error) SaveScheduledQuery(sq *ScheduledQuery) (*ScheduledQuery, error) DeleteScheduledQuery(id uint) error ScheduledQuery(id uint) (*ScheduledQuery, error) }
type ServerSettings ¶
type ServerSettings struct { KolideServerURL *string `json:"kolide_server_url,omitempty"` LiveQueryDisabled *bool `json:"live_query_disabled,omitempty"` }
ServerSettings contains general settings about the kolide App.
type Service ¶
type Service interface { UserService SessionService PackService LabelService QueryService CampaignService OsqueryService OsqueryOptionsService HostService AppConfigService InviteService TargetService ScheduledQueryService StatusService }
service a interface stub
type Session ¶
type Session struct { CreateTimestamp ID uint AccessedAt time.Time `db:"accessed_at"` UserID uint `db:"user_id"` Key string }
Session is the model object which represents what an active session is
type SessionService ¶
type SessionService interface { // InitiateSSO is used to initiate an SSO session and returns a URL that // can be used in a redirect to the IDP. // Arguments: redirectURL is the URL of the protected resource that the user // was trying to access when they were promted to log in. InitiateSSO(ctx context.Context, redirectURL string) (string, error) // CallbackSSO handles the IDP response. The original URL the viewer attempted // to access is returned from this function so we can redirect back to the front end and // load the page the viewer originally attempted to access when prompted for login. CallbackSSO(ctx context.Context, auth Auth) (*SSOSession, error) // SSOSettings returns non sensitive single sign on information used before // authentication SSOSettings(ctx context.Context) (*SSOSettings, error) Login(ctx context.Context, username, password string) (user *User, token string, err error) Logout(ctx context.Context) (err error) DestroySession(ctx context.Context) (err error) GetInfoAboutSessionsForUser(ctx context.Context, id uint) (sessions []*Session, err error) DeleteSessionsForUser(ctx context.Context, id uint) (err error) GetInfoAboutSession(ctx context.Context, id uint) (session *Session, err error) GetSessionByKey(ctx context.Context, key string) (session *Session, err error) DeleteSession(ctx context.Context, id uint) (err error) }
type SessionStore ¶
type SessionStore interface { // Given a session key, find and return a session object or an error if one // could not be found for the given key SessionByKey(key string) (*Session, error) // Given a session id, find and return a session object or an error if one // could not be found for the given id SessionByID(id uint) (*Session, error) // Find all of the active sessions for a given user ListSessionsForUser(id uint) ([]*Session, error) // Store a new session struct NewSession(session *Session) (*Session, error) // Destroy the currently tracked session DestroySession(session *Session) error // Destroy all of the sessions for a given user DestroyAllSessionsForUser(id uint) error // Mark the currently tracked session as access to extend expiration MarkSessionAccessed(session *Session) error }
SessionStore is the abstract interface that all session backends must conform to.
type StatusService ¶
type StatusService interface { // StatusResultStore returns nil if the result store is functioning // correctly, or an error indicating the problem. StatusResultStore(ctx context.Context) error // StatusLiveQuery returns nil if live queries are enabled, or an // error indicating the problem. StatusLiveQuery(ctx context.Context) error }
type Target ¶
type Target struct { Type TargetType TargetID uint }
type TargetMetrics ¶
type TargetMetrics struct { // TotalHosts is the total hosts in any status. It should equal // OnlineHosts + OfflineHosts + MissingInActionHosts. TotalHosts uint `db:"total"` // OnlineHosts is the count of hosts that have checked in within their // expected checkin interval (based on the configuration interval // values, see Host.Status()). OnlineHosts uint `db:"online"` // OfflineHosts is the count of hosts that have not checked in within // their expected interval. OfflineHosts uint `db:"offline"` // MissingInActionHosts is the count of hosts that have not checked in // within the last 30 days. MissingInActionHosts uint `db:"mia"` // NewHosts is the count of hosts that have enrolled in the last 24 // hours. NewHosts uint `db:"new"` }
TargetMetrics contains information about the online status of a set of hosts.
type TargetSearchResults ¶
type TargetService ¶
type TargetService interface { // SearchTargets will accept a search query, a slice of IDs of hosts to omit, // and a slice of IDs of labels to omit, and it will return a set of targets // (hosts and label) which match the supplied search query. SearchTargets(ctx context.Context, query string, selectedHostIDs []uint, selectedLabelIDs []uint) (*TargetSearchResults, error) // CountHostsInTargets returns the metrics of the hosts in the provided // label and explicit host IDs. CountHostsInTargets(ctx context.Context, hostIDs []uint, labelIDs []uint) (*TargetMetrics, error) }
type TargetStore ¶
type TargetStore interface { // CountHostsInTargets returns the metrics of the hosts in the provided // label and explicit host IDs. CountHostsInTargets(hostIDs, labelIDs []uint, now time.Time) (TargetMetrics, error) // HostIDsInTargets returns the host IDs of the hosts in the provided label // and explicit host IDs. The returned host IDs should be sorted in // ascending order. HostIDsInTargets(hostIDs, labelIDs []uint) ([]uint, error) }
type Transaction ¶
type Transactions ¶
type Transactions interface {
Begin() (Transaction, error)
}
type UpdateCreateTimestamps ¶
type UpdateCreateTimestamps struct { CreateTimestamp UpdateTimestamp }
type UpdateTimestamp ¶
UpdateTimestamp contains a timestamp that is set whenever an entity is changed
type User ¶
type User struct { UpdateCreateTimestamps ID uint `json:"id"` Username string `json:"username"` Password []byte `json:"-"` Salt string `json:"-"` Name string `json:"name"` Email string `json:"email"` Admin bool `json:"admin"` Enabled bool `json:"enabled"` AdminForcedPasswordReset bool `json:"force_password_reset" db:"admin_forced_password_reset"` GravatarURL string `json:"gravatar_url" db:"gravatar_url"` Position string `json:"position,omitempty"` // job role // SSOEnabled if true, the single siqn on is used to log in SSOEnabled bool `json:"sso_enabled" db:"sso_enabled"` }
User is the model struct which represents a kolide user
func (*User) ValidatePassword ¶
ValidatePassword accepts a potential password for a given user and attempts to validate it against the hash stored in the database after joining the supplied password with the stored password salt
type UserPayload ¶
type UserPayload struct { Username *string `json:"username,omitempty"` Name *string `json:"name,omitempty"` Email *string `json:"email,omitempty"` Admin *bool `json:"admin,omitempty"` Enabled *bool `json:"enabled,omitempty"` Password *string `json:"password,omitempty"` GravatarURL *string `json:"gravatar_url,omitempty"` Position *string `json:"position,omitempty"` InviteToken *string `json:"invite_token,omitempty"` SSOInvite *bool `json:"sso_invite,omitempty"` SSOEnabled *bool `json:"sso_enabled,omitempty"` }
UserPayload is used to modify an existing user
type UserService ¶
type UserService interface { // NewUser creates a new User from a request Payload. NewUser(ctx context.Context, p UserPayload) (user *User, err error) // NewAdminCreatedUser allows an admin to create a new user without // first creating and validating invite tokens. NewAdminCreatedUser(ctx context.Context, p UserPayload) (user *User, err error) // User returns a valid User given a User ID. User(ctx context.Context, id uint) (user *User, err error) // AuthenticatedUser returns the current user from the viewer context. AuthenticatedUser(ctx context.Context) (user *User, err error) // ListUsers returns all users. ListUsers(ctx context.Context, opt ListOptions) (users []*User, err error) // ChangePassword validates the existing password, and sets the new // password. User is retrieved from the viewer context. ChangePassword(ctx context.Context, oldPass, newPass string) error // RequestPasswordReset generates a password reset request for the user // specified by email. The request results in a token emailed to the // user. RequestPasswordReset(ctx context.Context, email string) (err error) // RequirePasswordReset requires a password reset for the user // specified by ID (if require is true). It deletes all of the user's // sessions, and requires that their password be reset upon the next // login. Setting require to false will take a user out of this state. // The updated user is returned. RequirePasswordReset(ctx context.Context, uid uint, require bool) (*User, error) // PerformRequiredPasswordReset resets a password for a user that is in // the required reset state. It must be called with the logged in // viewer context of that user. PerformRequiredPasswordReset(ctx context.Context, password string) (*User, error) // ResetPassword validates the provided password reset token and // updates the user's password. ResetPassword(ctx context.Context, token, password string) (err error) // ModifyUser updates a user's parameters given a UserPayload. ModifyUser(ctx context.Context, userID uint, p UserPayload) (user *User, err error) // ChangeUserAdmin is used to modify the admin state of the user identified by id. ChangeUserAdmin(ctx context.Context, id uint, isAdmin bool) (*User, error) // ChangeUserEnabled is used to enable/disable the user identified by id. ChangeUserEnabled(ctx context.Context, id uint, isEnabled bool) (*User, error) // ChangeUserEmail is used to confirm new email address and if confirmed, // write the new email address to user. ChangeUserEmail(ctx context.Context, token string) (string, error) }
UserService contains methods for managing a Fleet User.
type UserStore ¶
type UserStore interface { NewUser(user *User) (*User, error) User(username string) (*User, error) ListUsers(opt ListOptions) ([]*User, error) UserByEmail(email string) (*User, error) UserByID(id uint) (*User, error) SaveUser(user *User) error // PendingEmailChange creates a record with a pending email change for a user identified // by uid. The change record is keyed by a unique token. The token is emailed to the user // with a link that they can use to confirm the change. PendingEmailChange(userID uint, newEmail, token string) error // ConfirmPendingEmailChange will confirm new email address identified by token is valid. // The new email will be written to user record. userID is the ID of the // user whose e-mail is being changed. ConfirmPendingEmailChange(userID uint, token string) (string, error) }
UserStore contains methods for managing users in a datastore
type WarningType ¶
type WarningType string
WarningType is used to group associated warnings for options, packs etc when importing on osquery configuration file.
type YARAConfig ¶
type YARAConfig struct { Signatures map[string][]string `json:"signatures"` FilePaths map[string][]string `json:"file_paths"` }
YARAConfig yara configuration maps keys to lists of files. See https://osquery.readthedocs.io/en/stable/deployment/yara/
Source Files ¶
- app.go
- campaigns.go
- datastore.go
- emails.go
- fleetctl.go
- hosts.go
- import_config.go
- import_config_unmarshaler.go
- invites.go
- labels.go
- live_query_store.go
- logging.go
- meta.go
- network_interfaces.go
- osquery.go
- osquery_options.go
- packs.go
- queries.go
- query_results.go
- scheduled_queries.go
- service.go
- sessions.go
- status.go
- targets.go
- traits.go
- transactions.go
- users.go