diff --git a/cmd/fleet/cron.go b/cmd/fleet/cron.go index 50c9653ab3..932b8d022e 100644 --- a/cmd/fleet/cron.go +++ b/cmd/fleet/cron.go @@ -109,11 +109,11 @@ func cronVulnerabilities( ds fleet.Datastore, logger kitlog.Logger, identifier string, - config config.FleetConfig, + config config.VulnerabilitiesConfig, ) { logger = kitlog.With(logger, "cron", lockKeyVulnerabilities) - if config.Vulnerabilities.CurrentInstanceChecks == "no" || config.Vulnerabilities.CurrentInstanceChecks == "0" { + if config.CurrentInstanceChecks == "no" || config.CurrentInstanceChecks == "0" { level.Info(logger).Log("vulnerability scanning", "host not configured to check for vulnerabilities") return } @@ -126,7 +126,7 @@ func cronVulnerabilities( vulnDisabled := false if appConfig.VulnerabilitySettings.DatabasesPath == "" && - config.Vulnerabilities.DatabasesPath == "" { + config.DatabasesPath == "" { level.Info(logger).Log("vulnerability scanning", "not configured") vulnDisabled = true } @@ -137,10 +137,10 @@ func cronVulnerabilities( vulnPath := appConfig.VulnerabilitySettings.DatabasesPath if vulnPath == "" { - vulnPath = config.Vulnerabilities.DatabasesPath + vulnPath = config.DatabasesPath } - if config.Vulnerabilities.DatabasesPath != "" && config.Vulnerabilities.DatabasesPath != vulnPath { - vulnPath = config.Vulnerabilities.DatabasesPath + if config.DatabasesPath != "" && config.DatabasesPath != vulnPath { + vulnPath = config.DatabasesPath level.Info(logger).Log( "databases_path", "fleet config takes precedence over app config when both are configured", "result", vulnPath) @@ -149,10 +149,10 @@ func cronVulnerabilities( if !vulnDisabled { level.Info(logger).Log("databases-path", vulnPath) } - level.Info(logger).Log("periodicity", config.Vulnerabilities.Periodicity) + level.Info(logger).Log("periodicity", config.Periodicity) if !vulnDisabled { - if config.Vulnerabilities.CurrentInstanceChecks == "auto" { + if config.CurrentInstanceChecks == "auto" { level.Debug(logger).Log("current instance checks", "auto", "trying to create databases-path", vulnPath) err := os.MkdirAll(vulnPath, 0o755) if err != nil { @@ -168,12 +168,12 @@ func cronVulnerabilities( select { case <-ticker.C: level.Debug(logger).Log("waiting", "done") - ticker.Reset(config.Vulnerabilities.Periodicity) + ticker.Reset(config.Periodicity) case <-ctx.Done(): level.Debug(logger).Log("exit", "done with cron.") return } - if config.Vulnerabilities.CurrentInstanceChecks == "auto" { + if config.CurrentInstanceChecks == "auto" { if locked, err := ds.Lock(ctx, lockKeyVulnerabilities, identifier, 1*time.Hour); err != nil { errHandler(ctx, logger, "error acquiring lock", err) continue @@ -227,7 +227,7 @@ func cronVulnerabilities( collectVulns := vulnAutomationEnabled != "" nvdVulns := checkNVDVulnerabilities(ctx, ds, logger, vulnPath, config, collectVulns) ovalVulns := checkOvalVulnerabilities(ctx, ds, logger, vulnPath, config, collectVulns) - recentVulns := filterRecentVulns(ctx, ds, logger, nvdVulns, ovalVulns, config.Vulnerabilities.RecentVulnerabilityMaxAge) + recentVulns := filterRecentVulns(ctx, ds, logger, nvdVulns, ovalVulns, config.RecentVulnerabilityMaxAge) if len(recentVulns) > 0 { switch vulnAutomationEnabled { @@ -327,10 +327,10 @@ func checkOvalVulnerabilities( ds fleet.Datastore, logger kitlog.Logger, vulnPath string, - config config.FleetConfig, + config config.VulnerabilitiesConfig, collectVulns bool, ) []fleet.SoftwareVulnerability { - if config.Vulnerabilities.DisableDataSync { + if config.DisableDataSync { return nil } @@ -377,11 +377,11 @@ func checkNVDVulnerabilities( ds fleet.Datastore, logger kitlog.Logger, vulnPath string, - config config.FleetConfig, + config config.VulnerabilitiesConfig, collectVulns bool, ) []fleet.SoftwareVulnerability { - if !config.Vulnerabilities.DisableDataSync { - err := vulnerabilities.Sync(vulnPath, config.Vulnerabilities.CPEDatabaseURL) + if !config.DisableDataSync { + err := vulnerabilities.Sync(vulnPath, config.CPEDatabaseURL) if err != nil { errHandler(ctx, logger, "syncing vulnerability database", err) return nil diff --git a/cmd/fleet/serve.go b/cmd/fleet/serve.go index 1fe73c01d3..725b4e6bd0 100644 --- a/cmd/fleet/serve.go +++ b/cmd/fleet/serve.go @@ -683,7 +683,7 @@ func runCrons( go cronDB(ctx, ds, kitlog.With(logger, "cron", "cleanups"), ourIdentifier, license, enrollHostLimiter) go cronVulnerabilities( - ctx, ds, kitlog.With(logger, "cron", "vulnerabilities"), ourIdentifier, config) + ctx, ds, kitlog.With(logger, "cron", "vulnerabilities"), ourIdentifier, config.Vulnerabilities) go cronWebhooks(ctx, ds, kitlog.With(logger, "cron", "webhooks"), ourIdentifier, failingPoliciesSet, 1*time.Hour) go cronWorker(ctx, ds, kitlog.With(logger, "cron", "worker"), ourIdentifier) } diff --git a/cmd/fleet/serve_test.go b/cmd/fleet/serve_test.go index 6399b85926..18ca08d4a7 100644 --- a/cmd/fleet/serve_test.go +++ b/cmd/fleet/serve_test.go @@ -202,17 +202,15 @@ func TestCronVulnerabilitiesCreatesDatabasesPath(t *testing.T) { vulnPath := path.Join(t.TempDir(), "something") require.NoDirExists(t, vulnPath) - fleetConfig := config.FleetConfig{ - Vulnerabilities: config.VulnerabilitiesConfig{ - DatabasesPath: vulnPath, - Periodicity: 10 * time.Second, - CurrentInstanceChecks: "auto", - }, + config := config.VulnerabilitiesConfig{ + DatabasesPath: vulnPath, + Periodicity: 10 * time.Second, + CurrentInstanceChecks: "auto", } // We cancel right away so cronsVulnerailities finishes. The logic we are testing happens before the loop starts cancelFunc() - cronVulnerabilities(ctx, ds, kitlog.NewNopLogger(), "AAA", fleetConfig) + cronVulnerabilities(ctx, ds, kitlog.NewNopLogger(), "AAA", config) require.DirExists(t, vulnPath) } @@ -237,17 +235,15 @@ func TestCronVulnerabilitiesAcceptsExistingDbPath(t *testing.T) { return nil } - fleetConfig := config.FleetConfig{ - Vulnerabilities: config.VulnerabilitiesConfig{ - DatabasesPath: t.TempDir(), - Periodicity: 10 * time.Second, - CurrentInstanceChecks: "auto", - }, + config := config.VulnerabilitiesConfig{ + DatabasesPath: t.TempDir(), + Periodicity: 10 * time.Second, + CurrentInstanceChecks: "auto", } // We cancel right away so cronsVulnerailities finishes. The logic we are testing happens before the loop starts cancelFunc() - cronVulnerabilities(ctx, ds, logger, "AAA", fleetConfig) + cronVulnerabilities(ctx, ds, logger, "AAA", config) require.Contains(t, buf.String(), `"waiting":"on ticker"`) } @@ -276,17 +272,15 @@ func TestCronVulnerabilitiesQuitsIfErrorVulnPath(t *testing.T) { _, err := os.Create(fileVulnPath) require.NoError(t, err) - fleetConfig := config.FleetConfig{ - Vulnerabilities: config.VulnerabilitiesConfig{ - DatabasesPath: fileVulnPath, - Periodicity: 10 * time.Second, - CurrentInstanceChecks: "auto", - }, + config := config.VulnerabilitiesConfig{ + DatabasesPath: fileVulnPath, + Periodicity: 10 * time.Second, + CurrentInstanceChecks: "auto", } // We cancel right away so cronsVulnerailities finishes. The logic we are testing happens before the loop starts cancelFunc() - cronVulnerabilities(ctx, ds, logger, "AAA", fleetConfig) + cronVulnerabilities(ctx, ds, logger, "AAA", config) require.Contains(t, buf.String(), `"databases-path":"creation failed, returning"`) } @@ -312,17 +306,15 @@ func TestCronVulnerabilitiesSkipCreationIfStatic(t *testing.T) { vulnPath := path.Join(t.TempDir(), "something") require.NoDirExists(t, vulnPath) - fleetConfig := config.FleetConfig{ - Vulnerabilities: config.VulnerabilitiesConfig{ - DatabasesPath: vulnPath, - Periodicity: 10 * time.Second, - CurrentInstanceChecks: "1", - }, + config := config.VulnerabilitiesConfig{ + DatabasesPath: vulnPath, + Periodicity: 10 * time.Second, + CurrentInstanceChecks: "1", } // We cancel right away so cronsVulnerailities finishes. The logic we are testing happens before the loop starts cancelFunc() - cronVulnerabilities(ctx, ds, logger, "AAA", fleetConfig) + cronVulnerabilities(ctx, ds, logger, "AAA", config) require.NoDirExists(t, vulnPath) }