Elgato_dark/fleet
1
0
Fork 0
mirror of https://github.com/fleetdm/fleet synced 2026-05-16 21:48:48 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 47
fleet/cmd/fleetctl/scripts_test.go

448 lines
13 KiB
Go
Raw Normal View History

Add `fleetctl run-script` command (#13622)
2023-09-05 19:14:09 +00:00
package main
import (
"context"
"fmt"
"net/http"
"os"
"strings"
"testing"
"time"
"github.com/fleetdm/fleet/v4/server/fleet"
"github.com/fleetdm/fleet/v4/server/ptr"
"github.com/fleetdm/fleet/v4/server/service"
"github.com/stretchr/testify/require"
)
func TestRunScriptCommand(t *testing.T) {
feat: disable script endpoints and add error to cli (#15941) > 📜 Relevant PR: #14500 # Checklist for submitter If some of the following don't apply, delete the relevant line. <!-- Note that API documentation changes are now addressed by the product design team. --> - [x] Changes file added for user-visible changes in `changes/` or `orbit/changes/`. See [Changes files](https://fleetdm.com/docs/contributing/committing-changes#changes-files) for more information. - [x] Added/updated tests - [x] Manual QA for all new/changed functionality
2024-01-08 21:28:45 +00:00
_, ds := runServerWithMockedDS(t,
&service.TestServerOpts{
License: &fleet.LicenseInfo{
Tier: fleet.TierPremium,
},
},
&service.TestServerOpts{
HTTPServerConfig: &http.Server{WriteTimeout: 90 * time.Second}, // nolint:gosec
Add `fleetctl run-script` command (#13622)
2023-09-05 19:14:09 +00:00
},
feat: disable script endpoints and add error to cli (#15941) > 📜 Relevant PR: #14500 # Checklist for submitter If some of the following don't apply, delete the relevant line. <!-- Note that API documentation changes are now addressed by the product design team. --> - [x] Changes file added for user-visible changes in `changes/` or `orbit/changes/`. See [Changes files](https://fleetdm.com/docs/contributing/committing-changes#changes-files) for more information. - [x] Added/updated tests - [x] Manual QA for all new/changed functionality
2024-01-08 21:28:45 +00:00
)
Add `fleetctl run-script` command (#13622)
2023-09-05 19:14:09 +00:00
ds.LoadHostSoftwareFunc = func(ctx context.Context, host *fleet.Host, includeCVEScores bool) error {
return nil
}
ds.ListLabelsForHostFunc = func(ctx context.Context, hid uint) ([]*fleet.Label, error) {
return nil, nil
}
ds.ListPacksForHostFunc = func(ctx context.Context, hid uint) ([]*fleet.Pack, error) {
return nil, nil
}
ds.ListPoliciesForHostFunc = func(ctx context.Context, host *fleet.Host) ([]*fleet.HostPolicy, error) {
return nil, nil
}
ds.ListHostBatteriesFunc = func(ctx context.Context, hid uint) ([]*fleet.HostBattery, error) {
return nil, nil
}
feat: disable script endpoints and add error to cli (#15941) > 📜 Relevant PR: #14500 # Checklist for submitter If some of the following don't apply, delete the relevant line. <!-- Note that API documentation changes are now addressed by the product design team. --> - [x] Changes file added for user-visible changes in `changes/` or `orbit/changes/`. See [Changes files](https://fleetdm.com/docs/contributing/committing-changes#changes-files) for more information. - [x] Added/updated tests - [x] Manual QA for all new/changed functionality
2024-01-08 21:28:45 +00:00
ds.AppConfigFunc = func(ctx context.Context) (*fleet.AppConfig, error) {
return &fleet.AppConfig{ServerSettings: fleet.ServerSettings{ScriptsDisabled: false}}, nil
}
Update API and CLI to enable running scripts by name and team id (#17322) TODO: - Integration tests # Checklist for submitter If some of the following don't apply, delete the relevant line. <!-- Note that API documentation changes are now addressed by the product design team. --> - [ ] Changes file added for user-visible changes in `changes/` or `orbit/changes/`. See [Changes files](https://fleetdm.com/docs/contributing/committing-changes#changes-files) for more information. - [ ] Documented any permissions changes (docs/Using Fleet/manage-access.md) - [ ] Input data is properly validated, `SELECT *` is avoided, SQL injection is prevented (using placeholders for values in statements) - [ ] Added support on fleet's osquery simulator `cmd/osquery-perf` for new osquery data ingestion features. - [ ] Added/updated tests - [ ] If database migrations are included, checked table schema to confirm autoupdate - For database migrations: - [ ] Checked schema for all modified table for columns that will auto-update timestamps during migration. - [ ] Confirmed that updating the timestamps is acceptable, and will not cause unwanted side effects. - [ ] Manual QA for all new/changed functionality - For Orbit and Fleet Desktop changes: - [ ] Manual QA must be performed in the three main OSs, macOS, Windows and Linux. - [ ] Auto-update manual QA, from released version of component to new version (see [tools/tuf/test](../tools/tuf/test/README.md)).
2024-03-05 14:53:17 +00:00
ds.GetScriptIDByNameFunc = func(ctx context.Context, name string, teamID *uint) (uint, error) {
return 1, nil
}
ds.IsExecutionPendingForHostFunc = func(ctx context.Context, hid uint, scriptID uint) ([]*uint, error) {
return []*uint{}, nil
}
Add `fleetctl run-script` command (#13622)
2023-09-05 19:14:09 +00:00
generateValidPath := func() string {
return writeTmpScriptContents(t, "echo hello world", ".sh")
}
Use `--team` flag for `run-script` command (#17373)
2024-03-05 17:54:26 +00:00
exceedsMaxCharsUnsaved := strings.Repeat("a", fleet.UnsavedScriptMaxRuneLen+1)
exceedsMaxCharsSaved := strings.Repeat("a", fleet.SavedScriptMaxRuneLen+1)
expectedOutputSuccess := `
Exit code: 0 (Script ran successfully.)
Output:
-------------------------------------------------------------------------------------
hello world
-------------------------------------------------------------------------------------
`
Add `fleetctl run-script` command (#13622)
2023-09-05 19:14:09 +00:00
Adding cli improvements for run-scripts (#18010)
2024-05-07 15:10:22 +00:00
expectedQuietOutputSuccess := `hello world
`
Add `fleetctl run-script` command (#13622)
2023-09-05 19:14:09 +00:00
type testCase struct {
Use `--team` flag for `run-script` command (#17373)
2024-03-05 17:54:26 +00:00
name string
scriptPath func() string
scriptName string
teamID *uint
savedScriptContents func() ([]byte, error)
scriptResult *fleet.HostScriptResult
Adding cli improvements for run-scripts (#18010)
2024-05-07 15:10:22 +00:00
quiet bool
async bool
Use `--team` flag for `run-script` command (#17373)
2024-03-05 17:54:26 +00:00
expectOutput string
expectErrMsg string
expectNotFound bool
expectOffline bool
expectPending bool
Add `fleetctl run-script` command (#13622)
2023-09-05 19:14:09 +00:00
}
cases := []testCase{
{
name: "host offline",
scriptPath: generateValidPath,
expectErrMsg: fleet.RunScriptHostOfflineErrMsg,
expectOffline: true,
},
{
name: "host not found",
scriptPath: generateValidPath,
expectErrMsg: fleet.RunScriptHostNotFoundErrMsg,
expectNotFound: true,
},
{
name: "invalid file type",
scriptPath: func() string { return writeTmpScriptContents(t, "echo hello world", ".txt") },
expectErrMsg: fleet.RunScriptInvalidTypeErrMsg,
},
{
name: "invalid hashbang",
scriptPath: func() string { return writeTmpScriptContents(t, "#! /foo/bar", ".sh") },
Zsh script support (#18411) #17321
2024-04-30 18:38:56 +00:00
expectErrMsg: `Interpreter not supported. Shell scripts must run in "#!/bin/sh" or "#!/bin/zsh."`,
},
{
name: "unsupported hashbang",
scriptPath: func() string { return writeTmpScriptContents(t, "#!/bin/ksh", ".sh") },
expectErrMsg: `Interpreter not supported. Shell scripts must run in "#!/bin/sh" or "#!/bin/zsh."`,
},
{
name: "posix shell hashbang",
scriptPath: func() string { return writeTmpScriptContents(t, "#!/bin/sh", ".sh") },
scriptResult: &fleet.HostScriptResult{
ExitCode: ptr.Int64(0),
Output: "hello world",
},
expectOutput: expectedOutputSuccess,
},
{
name: "zsh hashbang",
scriptPath: func() string { return writeTmpScriptContents(t, "#!/bin/zsh", ".sh") },
scriptResult: &fleet.HostScriptResult{
ExitCode: ptr.Int64(0),
Output: "hello world",
},
expectOutput: expectedOutputSuccess,
},
{
name: "usr zsh hashbang",
scriptPath: func() string { return writeTmpScriptContents(t, "#!/usr/bin/zsh", ".sh") },
scriptResult: &fleet.HostScriptResult{
ExitCode: ptr.Int64(0),
Output: "hello world",
},
expectOutput: expectedOutputSuccess,
},
{
name: "zsh hashbang with arguments",
scriptPath: func() string { return writeTmpScriptContents(t, "#!/bin/zsh -x", ".sh") },
scriptResult: &fleet.HostScriptResult{
ExitCode: ptr.Int64(0),
Output: "hello world",
},
expectOutput: expectedOutputSuccess,
Add `fleetctl run-script` command (#13622)
2023-09-05 19:14:09 +00:00
},
{
Update API and CLI to enable running scripts by name and team id (#17322) TODO: - Integration tests # Checklist for submitter If some of the following don't apply, delete the relevant line. <!-- Note that API documentation changes are now addressed by the product design team. --> - [ ] Changes file added for user-visible changes in `changes/` or `orbit/changes/`. See [Changes files](https://fleetdm.com/docs/contributing/committing-changes#changes-files) for more information. - [ ] Documented any permissions changes (docs/Using Fleet/manage-access.md) - [ ] Input data is properly validated, `SELECT *` is avoided, SQL injection is prevented (using placeholders for values in statements) - [ ] Added support on fleet's osquery simulator `cmd/osquery-perf` for new osquery data ingestion features. - [ ] Added/updated tests - [ ] If database migrations are included, checked table schema to confirm autoupdate - For database migrations: - [ ] Checked schema for all modified table for columns that will auto-update timestamps during migration. - [ ] Confirmed that updating the timestamps is acceptable, and will not cause unwanted side effects. - [ ] Manual QA for all new/changed functionality - For Orbit and Fleet Desktop changes: - [ ] Manual QA must be performed in the three main OSs, macOS, Windows and Linux. - [ ] Auto-update manual QA, from released version of component to new version (see [tools/tuf/test](../tools/tuf/test/README.md)).
2024-03-05 14:53:17 +00:00
name: "script too long (unsaved)",
Add `fleetctl run-script` command (#13622)
2023-09-05 19:14:09 +00:00
scriptPath: func() string {
Use `--team` flag for `run-script` command (#17373)
2024-03-05 17:54:26 +00:00
return writeTmpScriptContents(t, exceedsMaxCharsUnsaved, ".sh")
Add `fleetctl run-script` command (#13622)
2023-09-05 19:14:09 +00:00
},
Update API and CLI to enable running scripts by name and team id (#17322) TODO: - Integration tests # Checklist for submitter If some of the following don't apply, delete the relevant line. <!-- Note that API documentation changes are now addressed by the product design team. --> - [ ] Changes file added for user-visible changes in `changes/` or `orbit/changes/`. See [Changes files](https://fleetdm.com/docs/contributing/committing-changes#changes-files) for more information. - [ ] Documented any permissions changes (docs/Using Fleet/manage-access.md) - [ ] Input data is properly validated, `SELECT *` is avoided, SQL injection is prevented (using placeholders for values in statements) - [ ] Added support on fleet's osquery simulator `cmd/osquery-perf` for new osquery data ingestion features. - [ ] Added/updated tests - [ ] If database migrations are included, checked table schema to confirm autoupdate - For database migrations: - [ ] Checked schema for all modified table for columns that will auto-update timestamps during migration. - [ ] Confirmed that updating the timestamps is acceptable, and will not cause unwanted side effects. - [ ] Manual QA for all new/changed functionality - For Orbit and Fleet Desktop changes: - [ ] Manual QA must be performed in the three main OSs, macOS, Windows and Linux. - [ ] Auto-update manual QA, from released version of component to new version (see [tools/tuf/test](../tools/tuf/test/README.md)).
2024-03-05 14:53:17 +00:00
expectErrMsg: "Script is too large. Script referenced by '--script-path' is limited to 10,000 characters. To run larger script save it to Fleet and use '--script-name'.",
},
Use `--team` flag for `run-script` command (#17373)
2024-03-05 17:54:26 +00:00
{
name: "script not too long (unsaved)",
scriptPath: func() string {
return writeTmpScriptContents(t, exceedsMaxCharsUnsaved[:fleet.UnsavedScriptMaxRuneLen], ".sh")
},
scriptResult: &fleet.HostScriptResult{
ExitCode: ptr.Int64(0),
Output: "hello world",
},
expectOutput: expectedOutputSuccess,
},
{
name: "script too long (saved)",
scriptName: "foo",
savedScriptContents: func() ([]byte, error) {
return []byte(exceedsMaxCharsSaved), nil
},
expectErrMsg: "Script is too large. It's limited to 500,000 characters (approximately 10,000 lines).",
},
{
name: "script not too long (saved)",
scriptName: "foo",
savedScriptContents: func() ([]byte, error) {
return []byte(exceedsMaxCharsUnsaved), nil
},
scriptResult: &fleet.HostScriptResult{
ExitCode: ptr.Int64(0),
Output: "hello world",
},
expectOutput: expectedOutputSuccess,
},
Update API and CLI to enable running scripts by name and team id (#17322) TODO: - Integration tests # Checklist for submitter If some of the following don't apply, delete the relevant line. <!-- Note that API documentation changes are now addressed by the product design team. --> - [ ] Changes file added for user-visible changes in `changes/` or `orbit/changes/`. See [Changes files](https://fleetdm.com/docs/contributing/committing-changes#changes-files) for more information. - [ ] Documented any permissions changes (docs/Using Fleet/manage-access.md) - [ ] Input data is properly validated, `SELECT *` is avoided, SQL injection is prevented (using placeholders for values in statements) - [ ] Added support on fleet's osquery simulator `cmd/osquery-perf` for new osquery data ingestion features. - [ ] Added/updated tests - [ ] If database migrations are included, checked table schema to confirm autoupdate - For database migrations: - [ ] Checked schema for all modified table for columns that will auto-update timestamps during migration. - [ ] Confirmed that updating the timestamps is acceptable, and will not cause unwanted side effects. - [ ] Manual QA for all new/changed functionality - For Orbit and Fleet Desktop changes: - [ ] Manual QA must be performed in the three main OSs, macOS, Windows and Linux. - [ ] Auto-update manual QA, from released version of component to new version (see [tools/tuf/test](../tools/tuf/test/README.md)).
2024-03-05 14:53:17 +00:00
{
name: "script-path and script-name disallowed",
scriptPath: generateValidPath,
scriptName: "foo",
Adding cli improvements for run-scripts (#18010)
2024-05-07 15:10:22 +00:00
expectErrMsg: `Only one of '--script-path' or '--script-name' or '-- <contents>' is allowed.`,
Update API and CLI to enable running scripts by name and team id (#17322) TODO: - Integration tests # Checklist for submitter If some of the following don't apply, delete the relevant line. <!-- Note that API documentation changes are now addressed by the product design team. --> - [ ] Changes file added for user-visible changes in `changes/` or `orbit/changes/`. See [Changes files](https://fleetdm.com/docs/contributing/committing-changes#changes-files) for more information. - [ ] Documented any permissions changes (docs/Using Fleet/manage-access.md) - [ ] Input data is properly validated, `SELECT *` is avoided, SQL injection is prevented (using placeholders for values in statements) - [ ] Added support on fleet's osquery simulator `cmd/osquery-perf` for new osquery data ingestion features. - [ ] Added/updated tests - [ ] If database migrations are included, checked table schema to confirm autoupdate - For database migrations: - [ ] Checked schema for all modified table for columns that will auto-update timestamps during migration. - [ ] Confirmed that updating the timestamps is acceptable, and will not cause unwanted side effects. - [ ] Manual QA for all new/changed functionality - For Orbit and Fleet Desktop changes: - [ ] Manual QA must be performed in the three main OSs, macOS, Windows and Linux. - [ ] Auto-update manual QA, from released version of component to new version (see [tools/tuf/test](../tools/tuf/test/README.md)).
2024-03-05 14:53:17 +00:00
},
{
name: "missing one of script-path and script-nqme",
Adding cli improvements for run-scripts (#18010)
2024-05-07 15:10:22 +00:00
expectErrMsg: `One of '--script-path' or '--script-name' or '-- <contents>' must be specified.`,
Update API and CLI to enable running scripts by name and team id (#17322) TODO: - Integration tests # Checklist for submitter If some of the following don't apply, delete the relevant line. <!-- Note that API documentation changes are now addressed by the product design team. --> - [ ] Changes file added for user-visible changes in `changes/` or `orbit/changes/`. See [Changes files](https://fleetdm.com/docs/contributing/committing-changes#changes-files) for more information. - [ ] Documented any permissions changes (docs/Using Fleet/manage-access.md) - [ ] Input data is properly validated, `SELECT *` is avoided, SQL injection is prevented (using placeholders for values in statements) - [ ] Added support on fleet's osquery simulator `cmd/osquery-perf` for new osquery data ingestion features. - [ ] Added/updated tests - [ ] If database migrations are included, checked table schema to confirm autoupdate - For database migrations: - [ ] Checked schema for all modified table for columns that will auto-update timestamps during migration. - [ ] Confirmed that updating the timestamps is acceptable, and will not cause unwanted side effects. - [ ] Manual QA for all new/changed functionality - For Orbit and Fleet Desktop changes: - [ ] Manual QA must be performed in the three main OSs, macOS, Windows and Linux. - [ ] Auto-update manual QA, from released version of component to new version (see [tools/tuf/test](../tools/tuf/test/README.md)).
2024-03-05 14:53:17 +00:00
},
{
Use `--team` flag for `run-script` command (#17373)
2024-03-05 17:54:26 +00:00
name: "script-path and team disallowed",
Update API and CLI to enable running scripts by name and team id (#17322) TODO: - Integration tests # Checklist for submitter If some of the following don't apply, delete the relevant line. <!-- Note that API documentation changes are now addressed by the product design team. --> - [ ] Changes file added for user-visible changes in `changes/` or `orbit/changes/`. See [Changes files](https://fleetdm.com/docs/contributing/committing-changes#changes-files) for more information. - [ ] Documented any permissions changes (docs/Using Fleet/manage-access.md) - [ ] Input data is properly validated, `SELECT *` is avoided, SQL injection is prevented (using placeholders for values in statements) - [ ] Added support on fleet's osquery simulator `cmd/osquery-perf` for new osquery data ingestion features. - [ ] Added/updated tests - [ ] If database migrations are included, checked table schema to confirm autoupdate - For database migrations: - [ ] Checked schema for all modified table for columns that will auto-update timestamps during migration. - [ ] Confirmed that updating the timestamps is acceptable, and will not cause unwanted side effects. - [ ] Manual QA for all new/changed functionality - For Orbit and Fleet Desktop changes: - [ ] Manual QA must be performed in the three main OSs, macOS, Windows and Linux. - [ ] Auto-update manual QA, from released version of component to new version (see [tools/tuf/test](../tools/tuf/test/README.md)).
2024-03-05 14:53:17 +00:00
scriptPath: generateValidPath,
teamID: ptr.Uint(1),
Use `--team` flag for `run-script` command (#17373)
2024-03-05 17:54:26 +00:00
expectErrMsg: `Only one of '--script-path' or '--team' is allowed.`,
Add `fleetctl run-script` command (#13622)
2023-09-05 19:14:09 +00:00
},
{
name: "script empty",
scriptPath: func() string { return writeTmpScriptContents(t, "", ".sh") },
expectErrMsg: `Script contents must not be empty.`,
},
{
name: "invalid utf8",
scriptPath: func() string { return writeTmpScriptContents(t, "\xff\xfa", ".sh") },
expectErrMsg: `Wrong data format. Only plain text allowed.`,
},
{
name: "script already running",
scriptPath: generateValidPath,
expectErrMsg: fleet.RunScriptAlreadyRunningErrMsg,
expectPending: true,
},
{
name: "script successful",
scriptPath: generateValidPath,
scriptResult: &fleet.HostScriptResult{
ExitCode: ptr.Int64(0),
Output: "hello world",
},
Use `--team` flag for `run-script` command (#17373)
2024-03-05 17:54:26 +00:00
expectOutput: expectedOutputSuccess,
Add `fleetctl run-script` command (#13622)
2023-09-05 19:14:09 +00:00
},
Adding cli improvements for run-scripts (#18010)
2024-05-07 15:10:22 +00:00
{
name: "script quiet",
scriptPath: generateValidPath,
scriptResult: &fleet.HostScriptResult{
ExitCode: ptr.Int64(0),
Output: "hello world\n",
},
expectOutput: expectedQuietOutputSuccess,
quiet: true,
},
Add `fleetctl run-script` command (#13622)
2023-09-05 19:14:09 +00:00
{
name: "script failed",
scriptPath: generateValidPath,
scriptResult: &fleet.HostScriptResult{
ExitCode: ptr.Int64(1),
Output: "",
},
expectOutput: `
Exit code: 1 (Script failed.)
Output:
-------------------------------------------------------------------------------------
-------------------------------------------------------------------------------------
`,
},
{
name: "script killed",
scriptPath: generateValidPath,
scriptResult: &fleet.HostScriptResult{
ExitCode: ptr.Int64(-1),
Output: "Oh no!",
Extend script execution timeout (#15779) #15196 This is the work of @ghernandez345 except for adding the `ResponseController` thing in Go to override the server timeout for that specific sync endpoint so that the calls don't timeout waiting for a script response (the default HTTP server timeout was 90s for our server). # Checklist for submitter If some of the following don't apply, delete the relevant line. <!-- Note that API documentation changes are now addressed by the product design team. --> - [x] Changes file added for user-visible changes in `changes/` or `orbit/changes/`. See [Changes files](https://fleetdm.com/docs/contributing/committing-changes#changes-files) for more information. - [x] Input data is properly validated, `SELECT *` is avoided, SQL injection is prevented (using placeholders for values in statements) - [x] Added/updated tests - [x] Manual QA for all new/changed functionality - For Orbit and Fleet Desktop changes: - [x] Manual QA must be performed in the three main OSs, macOS, Windows and Linux. - [x] Auto-update manual QA, from released version of component to new version (see [tools/tuf/test](../tools/tuf/test/README.md)). --------- Co-authored-by: Gabriel Hernandez <ghernandez345@gmail.com> Co-authored-by: Roberto Dip <me@roperzh.com> Co-authored-by: Roberto Dip <dip.jesusr@gmail.com>
2024-01-03 19:39:53 +00:00
Message: fleet.RunScriptScriptTimeoutErrMsg,
Add `fleetctl run-script` command (#13622)
2023-09-05 19:14:09 +00:00
},
expectOutput: `
Extend script execution timeout (#15779) #15196 This is the work of @ghernandez345 except for adding the `ResponseController` thing in Go to override the server timeout for that specific sync endpoint so that the calls don't timeout waiting for a script response (the default HTTP server timeout was 90s for our server). # Checklist for submitter If some of the following don't apply, delete the relevant line. <!-- Note that API documentation changes are now addressed by the product design team. --> - [x] Changes file added for user-visible changes in `changes/` or `orbit/changes/`. See [Changes files](https://fleetdm.com/docs/contributing/committing-changes#changes-files) for more information. - [x] Input data is properly validated, `SELECT *` is avoided, SQL injection is prevented (using placeholders for values in statements) - [x] Added/updated tests - [x] Manual QA for all new/changed functionality - For Orbit and Fleet Desktop changes: - [x] Manual QA must be performed in the three main OSs, macOS, Windows and Linux. - [x] Auto-update manual QA, from released version of component to new version (see [tools/tuf/test](../tools/tuf/test/README.md)). --------- Co-authored-by: Gabriel Hernandez <ghernandez345@gmail.com> Co-authored-by: Roberto Dip <me@roperzh.com> Co-authored-by: Roberto Dip <dip.jesusr@gmail.com>
2024-01-03 19:39:53 +00:00
Error: Timeout. Fleet stopped the script after 5 minutes to protect host performance.
Add `fleetctl run-script` command (#13622)
2023-09-05 19:14:09 +00:00
Output before timeout:
-------------------------------------------------------------------------------------
Oh no!
-------------------------------------------------------------------------------------
`,
},
{
name: "scripts disabled",
scriptPath: generateValidPath,
scriptResult: &fleet.HostScriptResult{
ExitCode: ptr.Int64(-2),
Output: "",
Bugfix: Only return host timeout error message when script exit code is nil (#15967)
2024-01-10 21:54:41 +00:00
Message: fleet.RunScriptDisabledErrMsg,
Add `fleetctl run-script` command (#13622)
2023-09-05 19:14:09 +00:00
},
expectOutput: `
Update error message when scripts are disabled for a host (#16301) In newer designs, we are moving toward always using the phrase "the fleetd agent" in place of "a Fleet installer", so updating this existing error message to reflect that.
2024-01-31 22:39:18 +00:00
Error: Scripts are disabled for this host. To run scripts, deploy the fleetd agent with scripts enabled.
Add `fleetctl run-script` command (#13622)
2023-09-05 19:14:09 +00:00
`,
},
{
name: "output truncated",
scriptPath: generateValidPath,
scriptResult: &fleet.HostScriptResult{
ExitCode: ptr.Int64(0),
Use `--team` flag for `run-script` command (#17373)
2024-03-05 17:54:26 +00:00
Output: exceedsMaxCharsUnsaved,
Add `fleetctl run-script` command (#13622)
2023-09-05 19:14:09 +00:00
},
expectOutput: fmt.Sprintf(`
Exit code: 0 (Script ran successfully.)
Output:
-------------------------------------------------------------------------------------
Fleet records the last 10,000 characters to prevent downtime.
%s
-------------------------------------------------------------------------------------
Use `--team` flag for `run-script` command (#17373)
2024-03-05 17:54:26 +00:00
`, exceedsMaxCharsUnsaved),
Add `fleetctl run-script` command (#13622)
2023-09-05 19:14:09 +00:00
},
Extend script execution timeout (#15779) #15196 This is the work of @ghernandez345 except for adding the `ResponseController` thing in Go to override the server timeout for that specific sync endpoint so that the calls don't timeout waiting for a script response (the default HTTP server timeout was 90s for our server). # Checklist for submitter If some of the following don't apply, delete the relevant line. <!-- Note that API documentation changes are now addressed by the product design team. --> - [x] Changes file added for user-visible changes in `changes/` or `orbit/changes/`. See [Changes files](https://fleetdm.com/docs/contributing/committing-changes#changes-files) for more information. - [x] Input data is properly validated, `SELECT *` is avoided, SQL injection is prevented (using placeholders for values in statements) - [x] Added/updated tests - [x] Manual QA for all new/changed functionality - For Orbit and Fleet Desktop changes: - [x] Manual QA must be performed in the three main OSs, macOS, Windows and Linux. - [x] Auto-update manual QA, from released version of component to new version (see [tools/tuf/test](../tools/tuf/test/README.md)). --------- Co-authored-by: Gabriel Hernandez <ghernandez345@gmail.com> Co-authored-by: Roberto Dip <me@roperzh.com> Co-authored-by: Roberto Dip <dip.jesusr@gmail.com>
2024-01-03 19:39:53 +00:00
// TODO: this would take 5 minutes to run, we don't want that kind of slowdown in our test suite
// but can be useful to have around for manual testing.
//{
// name: "host timeout",
// scriptPath: generateValidPath,
// expectErrMsg: fleet.RunScriptHostTimeoutErrMsg,
//},
feat: disable script endpoints and add error to cli (#15941) > 📜 Relevant PR: #14500 # Checklist for submitter If some of the following don't apply, delete the relevant line. <!-- Note that API documentation changes are now addressed by the product design team. --> - [x] Changes file added for user-visible changes in `changes/` or `orbit/changes/`. See [Changes files](https://fleetdm.com/docs/contributing/committing-changes#changes-files) for more information. - [x] Added/updated tests - [x] Manual QA for all new/changed functionality
2024-01-08 21:28:45 +00:00
{name: "disabled scripts globally", scriptPath: generateValidPath, expectErrMsg: fleet.RunScriptScriptsDisabledGloballyErrMsg},
Add `fleetctl run-script` command (#13622)
2023-09-05 19:14:09 +00:00
}
setupDS := func(t *testing.T, c testCase) {
ds.HostByIdentifierFunc = func(ctx context.Context, ident string) (*fleet.Host, error) {
if ident != "host1" || c.expectNotFound {
return nil, &notFoundError{}
}
Add validation to reject requests to enqueue scripts for plain osquery hosts (#16893)
2024-02-15 20:34:16 +00:00
return &fleet.Host{ID: 42, SeenTime: time.Now(), OrbitNodeKey: ptr.String("abc")}, nil
Add `fleetctl run-script` command (#13622)
2023-09-05 19:14:09 +00:00
}
ds.HostFunc = func(ctx context.Context, hid uint) (*fleet.Host, error) {
if hid != 42 || c.expectNotFound {
return nil, &notFoundError{}
}
Add validation to reject requests to enqueue scripts for plain osquery hosts (#16893)
2024-02-15 20:34:16 +00:00
h := fleet.Host{ID: hid, SeenTime: time.Now(), OrbitNodeKey: ptr.String("abc")}
Add `fleetctl run-script` command (#13622)
2023-09-05 19:14:09 +00:00
if c.expectOffline {
h.SeenTime = time.Now().Add(-time.Hour)
}
return &h, nil
}
Queued scripts feature (#16300) This is the feature branch for the [queued scripts](https://github.com/fleetdm/fleet/issues/15529) story. --------- Co-authored-by: Jahziel Villasana-Espinoza <jahziel@fleetdm.com> Co-authored-by: Gabriel Hernandez <ghernandez345@gmail.com> Co-authored-by: Sarah Gillespie <73313222+gillespi314@users.noreply.github.com> Co-authored-by: Roberto Dip <dip.jesusr@gmail.com>
2024-01-29 14:37:54 +00:00
ds.ListPendingHostScriptExecutionsFunc = func(ctx context.Context, hid uint) ([]*fleet.HostScriptResult, error) {
Add `fleetctl run-script` command (#13622)
2023-09-05 19:14:09 +00:00
require.Equal(t, uint(42), hid)
if c.expectPending {
return []*fleet.HostScriptResult{{HostID: uint(42)}}, nil
}
return nil, nil
}
ds.GetHostScriptExecutionResultFunc = func(ctx context.Context, execID string) (*fleet.HostScriptResult, error) {
if c.scriptResult != nil {
return c.scriptResult, nil
}
return &fleet.HostScriptResult{}, nil
}
Remote wipe: add API endpoint and activity (#17060)
2024-02-26 16:31:00 +00:00
ds.GetHostLockWipeStatusFunc = func(ctx context.Context, host *fleet.Host) (*fleet.HostLockWipeStatus, error) {
Feature: Remote Lock for macOS, Windows and Linux (#16783) Feature branch for the #9949 story. --------- Co-authored-by: Jahziel Villasana-Espinoza <jahziel@fleetdm.com> Co-authored-by: Roberto Dip <me@roperzh.com> Co-authored-by: Gabriel Hernandez <ghernandez345@gmail.com> Co-authored-by: Sarah Gillespie <sarah@fleetdm.com>
2024-02-13 18:03:53 +00:00
return &fleet.HostLockWipeStatus{}, nil
}
Add `fleetctl run-script` command (#13622)
2023-09-05 19:14:09 +00:00
ds.NewHostScriptExecutionRequestFunc = func(ctx context.Context, req *fleet.HostScriptRequestPayload) (*fleet.HostScriptResult, error) {
require.Equal(t, uint(42), req.HostID)
return &fleet.HostScriptResult{
Hostname: "host1",
HostID: req.HostID,
ScriptContents: req.ScriptContents,
}, nil
}
feat: disable script endpoints and add error to cli (#15941) > 📜 Relevant PR: #14500 # Checklist for submitter If some of the following don't apply, delete the relevant line. <!-- Note that API documentation changes are now addressed by the product design team. --> - [x] Changes file added for user-visible changes in `changes/` or `orbit/changes/`. See [Changes files](https://fleetdm.com/docs/contributing/committing-changes#changes-files) for more information. - [x] Added/updated tests - [x] Manual QA for all new/changed functionality
2024-01-08 21:28:45 +00:00
if c.name == "disabled scripts globally" {
ds.AppConfigFunc = func(ctx context.Context) (*fleet.AppConfig, error) {
return &fleet.AppConfig{ServerSettings: fleet.ServerSettings{ScriptsDisabled: true}}, nil
}
Update API and CLI to enable running scripts by name and team id (#17322) TODO: - Integration tests # Checklist for submitter If some of the following don't apply, delete the relevant line. <!-- Note that API documentation changes are now addressed by the product design team. --> - [ ] Changes file added for user-visible changes in `changes/` or `orbit/changes/`. See [Changes files](https://fleetdm.com/docs/contributing/committing-changes#changes-files) for more information. - [ ] Documented any permissions changes (docs/Using Fleet/manage-access.md) - [ ] Input data is properly validated, `SELECT *` is avoided, SQL injection is prevented (using placeholders for values in statements) - [ ] Added support on fleet's osquery simulator `cmd/osquery-perf` for new osquery data ingestion features. - [ ] Added/updated tests - [ ] If database migrations are included, checked table schema to confirm autoupdate - For database migrations: - [ ] Checked schema for all modified table for columns that will auto-update timestamps during migration. - [ ] Confirmed that updating the timestamps is acceptable, and will not cause unwanted side effects. - [ ] Manual QA for all new/changed functionality - For Orbit and Fleet Desktop changes: - [ ] Manual QA must be performed in the three main OSs, macOS, Windows and Linux. - [ ] Auto-update manual QA, from released version of component to new version (see [tools/tuf/test](../tools/tuf/test/README.md)).
2024-03-05 14:53:17 +00:00
} else {
ds.AppConfigFunc = func(ctx context.Context) (*fleet.AppConfig, error) {
return &fleet.AppConfig{ServerSettings: fleet.ServerSettings{ScriptsDisabled: false}}, nil
}
feat: disable script endpoints and add error to cli (#15941) > 📜 Relevant PR: #14500 # Checklist for submitter If some of the following don't apply, delete the relevant line. <!-- Note that API documentation changes are now addressed by the product design team. --> - [x] Changes file added for user-visible changes in `changes/` or `orbit/changes/`. See [Changes files](https://fleetdm.com/docs/contributing/committing-changes#changes-files) for more information. - [x] Added/updated tests - [x] Manual QA for all new/changed functionality
2024-01-08 21:28:45 +00:00
}
Use `--team` flag for `run-script` command (#17373)
2024-03-05 17:54:26 +00:00
if c.savedScriptContents != nil {
ds.GetScriptContentsFunc = func(ctx context.Context, id uint) ([]byte, error) {
return c.savedScriptContents()
}
ds.ScriptFunc = func(ctx context.Context, id uint) (*fleet.Script, error) {
return &fleet.Script{ID: id, Name: "foo"}, nil
}
} else {
ds.GetScriptContentsFunc = func(ctx context.Context, id uint) ([]byte, error) {
return []byte("echo hello world"), nil
}
ds.ScriptFunc = func(ctx context.Context, id uint) (*fleet.Script, error) {
return &fleet.Script{ID: id, Name: "foo"}, nil
}
}
Add `fleetctl run-script` command (#13622)
2023-09-05 19:14:09 +00:00
}
for _, c := range cases {
t.Run(c.name, func(t *testing.T) {
setupDS(t, c)
Update API and CLI to enable running scripts by name and team id (#17322) TODO: - Integration tests # Checklist for submitter If some of the following don't apply, delete the relevant line. <!-- Note that API documentation changes are now addressed by the product design team. --> - [ ] Changes file added for user-visible changes in `changes/` or `orbit/changes/`. See [Changes files](https://fleetdm.com/docs/contributing/committing-changes#changes-files) for more information. - [ ] Documented any permissions changes (docs/Using Fleet/manage-access.md) - [ ] Input data is properly validated, `SELECT *` is avoided, SQL injection is prevented (using placeholders for values in statements) - [ ] Added support on fleet's osquery simulator `cmd/osquery-perf` for new osquery data ingestion features. - [ ] Added/updated tests - [ ] If database migrations are included, checked table schema to confirm autoupdate - For database migrations: - [ ] Checked schema for all modified table for columns that will auto-update timestamps during migration. - [ ] Confirmed that updating the timestamps is acceptable, and will not cause unwanted side effects. - [ ] Manual QA for all new/changed functionality - For Orbit and Fleet Desktop changes: - [ ] Manual QA must be performed in the three main OSs, macOS, Windows and Linux. - [ ] Auto-update manual QA, from released version of component to new version (see [tools/tuf/test](../tools/tuf/test/README.md)).
2024-03-05 14:53:17 +00:00
args := []string{"run-script", "--host", "host1"}
if c.scriptPath != nil {
scriptPath := c.scriptPath()
defer os.Remove(scriptPath)
args = append(args, "--script-path", scriptPath)
}
if c.scriptName != "" {
args = append(args, "--script-name", c.scriptName)
}
Adding cli improvements for run-scripts (#18010)
2024-05-07 15:10:22 +00:00
if c.quiet {
args = append(args, "--quiet")
}
if c.async {
args = append(args, "--async")
}
Update API and CLI to enable running scripts by name and team id (#17322) TODO: - Integration tests # Checklist for submitter If some of the following don't apply, delete the relevant line. <!-- Note that API documentation changes are now addressed by the product design team. --> - [ ] Changes file added for user-visible changes in `changes/` or `orbit/changes/`. See [Changes files](https://fleetdm.com/docs/contributing/committing-changes#changes-files) for more information. - [ ] Documented any permissions changes (docs/Using Fleet/manage-access.md) - [ ] Input data is properly validated, `SELECT *` is avoided, SQL injection is prevented (using placeholders for values in statements) - [ ] Added support on fleet's osquery simulator `cmd/osquery-perf` for new osquery data ingestion features. - [ ] Added/updated tests - [ ] If database migrations are included, checked table schema to confirm autoupdate - For database migrations: - [ ] Checked schema for all modified table for columns that will auto-update timestamps during migration. - [ ] Confirmed that updating the timestamps is acceptable, and will not cause unwanted side effects. - [ ] Manual QA for all new/changed functionality - For Orbit and Fleet Desktop changes: - [ ] Manual QA must be performed in the three main OSs, macOS, Windows and Linux. - [ ] Auto-update manual QA, from released version of component to new version (see [tools/tuf/test](../tools/tuf/test/README.md)).
2024-03-05 14:53:17 +00:00
if c.teamID != nil {
Use `--team` flag for `run-script` command (#17373)
2024-03-05 17:54:26 +00:00
args = append(args, "--team", fmt.Sprintf("%d", *c.teamID))
Update API and CLI to enable running scripts by name and team id (#17322) TODO: - Integration tests # Checklist for submitter If some of the following don't apply, delete the relevant line. <!-- Note that API documentation changes are now addressed by the product design team. --> - [ ] Changes file added for user-visible changes in `changes/` or `orbit/changes/`. See [Changes files](https://fleetdm.com/docs/contributing/committing-changes#changes-files) for more information. - [ ] Documented any permissions changes (docs/Using Fleet/manage-access.md) - [ ] Input data is properly validated, `SELECT *` is avoided, SQL injection is prevented (using placeholders for values in statements) - [ ] Added support on fleet's osquery simulator `cmd/osquery-perf` for new osquery data ingestion features. - [ ] Added/updated tests - [ ] If database migrations are included, checked table schema to confirm autoupdate - For database migrations: - [ ] Checked schema for all modified table for columns that will auto-update timestamps during migration. - [ ] Confirmed that updating the timestamps is acceptable, and will not cause unwanted side effects. - [ ] Manual QA for all new/changed functionality - For Orbit and Fleet Desktop changes: - [ ] Manual QA must be performed in the three main OSs, macOS, Windows and Linux. - [ ] Auto-update manual QA, from released version of component to new version (see [tools/tuf/test](../tools/tuf/test/README.md)).
2024-03-05 14:53:17 +00:00
}
Add `fleetctl run-script` command (#13622)
2023-09-05 19:14:09 +00:00
Update API and CLI to enable running scripts by name and team id (#17322) TODO: - Integration tests # Checklist for submitter If some of the following don't apply, delete the relevant line. <!-- Note that API documentation changes are now addressed by the product design team. --> - [ ] Changes file added for user-visible changes in `changes/` or `orbit/changes/`. See [Changes files](https://fleetdm.com/docs/contributing/committing-changes#changes-files) for more information. - [ ] Documented any permissions changes (docs/Using Fleet/manage-access.md) - [ ] Input data is properly validated, `SELECT *` is avoided, SQL injection is prevented (using placeholders for values in statements) - [ ] Added support on fleet's osquery simulator `cmd/osquery-perf` for new osquery data ingestion features. - [ ] Added/updated tests - [ ] If database migrations are included, checked table schema to confirm autoupdate - For database migrations: - [ ] Checked schema for all modified table for columns that will auto-update timestamps during migration. - [ ] Confirmed that updating the timestamps is acceptable, and will not cause unwanted side effects. - [ ] Manual QA for all new/changed functionality - For Orbit and Fleet Desktop changes: - [ ] Manual QA must be performed in the three main OSs, macOS, Windows and Linux. - [ ] Auto-update manual QA, from released version of component to new version (see [tools/tuf/test](../tools/tuf/test/README.md)).
2024-03-05 14:53:17 +00:00
b, err := runAppNoChecks(args)
Add `fleetctl run-script` command (#13622)
2023-09-05 19:14:09 +00:00
if c.expectErrMsg != "" {
require.Error(t, err)
require.Contains(t, err.Error(), c.expectErrMsg)
} else {
require.NoError(t, err)
}
if c.scriptResult != nil {
out := b.String()
require.NoError(t, err)
require.NotEmpty(t, out)
require.Equal(t, c.expectOutput, out)
} else {
require.Empty(t, b.String())
}
})
}
}
func writeTmpScriptContents(t *testing.T, scriptContents string, extension string) string {
tmpFile, err := os.CreateTemp(t.TempDir(), "*"+extension)
require.NoError(t, err)
_, err = tmpFile.WriteString(scriptContents)
require.NoError(t, err)
return tmpFile.Name()
}
Reference in a new issue Copy permalink