Store osquery configuration and data per-registration #1984
+230
−56
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
ee/agent/storage/keys.go
Outdated
| return newKey | ||
| } | ||
|
|
||
| func SplitKey(key []byte) ([]byte, []byte) { |
There was a problem hiding this comment.
wondering if you think it would be worth it to return all parts here and let callers disregard/take what they need? not critical/blocking, just wondering if the identifier type gets additional uses if callers would want that
There was a problem hiding this comment.
also fine with kicking that down the road I don't see much usage of this yet anyway
zackattack01
previously approved these changes
Dec 11, 2024
zackattack01
approved these changes
Dec 11, 2024
James-Pickett
approved these changes
Dec 11, 2024
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Closes #1939.
Some osquery data, like the node key, should be stored per registration instead of globally. This PR updates how we store data for non-default registrations in our key-value stores. We will store this data by "identifier type" and "identifier" -- so, for example, the key
nodeKeybecomesnodeKey:registration:<registration-id>.The data for the default registration will be stored just under the key (so,
uuid, notuuid:registration:default) -- this should give us good backwards compatibility if launcher rolls back to a previous version, and means we won't have to do any data migration (fromuuidtouuid:registration:default) to avoid e.g. a launcher re-enroll. This means that, since we only have the one default registration at the moment, the current data isn't actually being stored any differently!A note about the KATC config: the KATC config store contains a series of key-value pairs, where the key is the table name and the value is the config for that table. Under this new storage scheme, the keys (for non-default registrations) would therefore take the form
<table-name>:registration:<registration-id>. We treat the keys as such when retrieving the KATC config from bbolt. However, I am punting on setting the registration ID when setting the data in the KATC config store in bbolt to #1940 -- that will require figuring out how the control server wants to send down per-registration data to each subsystem, and I'm going to handle that in #1940 separately.