From c6e20456a5fa73d8ed8758584b87f911fc65fea1 Mon Sep 17 00:00:00 2001 From: Lucas Manuel Rodriguez Date: Fri, 30 Aug 2024 18:58:20 -0300 Subject: [PATCH] Do not queue installations on vanilla osquery devices (#21718) Another small fix for #21428. --- server/service/integration_enterprise_test.go | 20 ++++++++++++++++++- server/service/osquery.go | 7 ++++++- 2 files changed, 25 insertions(+), 2 deletions(-) diff --git a/server/service/integration_enterprise_test.go b/server/service/integration_enterprise_test.go index bba5df5c89..b4f4148bb3 100644 --- a/server/service/integration_enterprise_test.go +++ b/server/service/integration_enterprise_test.go @@ -12764,7 +12764,7 @@ func (s *integrationEnterpriseTestSuite) TestPolicyAutomationsSoftwareInstallers team2, err := s.ds.NewTeam(ctx, &fleet.Team{Name: t.Name() + "team2"}) require.NoError(t, err) - newFleetdHost := func(name string, teamID *uint, platform string) *fleet.Host { + newHost := func(name string, teamID *uint, platform string) *fleet.Host { h, err := s.ds.NewHost(ctx, &fleet.Host{ DetailUpdatedAt: time.Now(), LabelUpdatedAt: time.Now(), @@ -12778,6 +12778,10 @@ func (s *integrationEnterpriseTestSuite) TestPolicyAutomationsSoftwareInstallers TeamID: teamID, }) require.NoError(t, err) + return h + } + newFleetdHost := func(name string, teamID *uint, platform string) *fleet.Host { + h := newHost(name, teamID, platform) orbitKey := setOrbitEnrollment(t, h, s.ds) h.OrbitNodeKey = &orbitKey return h @@ -12787,6 +12791,7 @@ func (s *integrationEnterpriseTestSuite) TestPolicyAutomationsSoftwareInstallers host1Team1 := newFleetdHost("host1Team1", &team1.ID, "darwin") host2Team1 := newFleetdHost("host2Team1", &team1.ID, "ubuntu") host3Team2 := newFleetdHost("host3Team2", &team2.ID, "windows") + hostVanillaOsquery5Team1 := newHost("hostVanillaOsquery5Team2", &team1.ID, "darwin") // Upload dummy_installer.pkg to team1. pkgPayload := &fleet.UploadSoftwareInstallerPayload{ @@ -13351,4 +13356,17 @@ func (s *integrationEnterpriseTestSuite) TestPolicyAutomationsSoftwareInstallers require.NotNil(t, actor.UserName) require.Equal(t, "Test Name admin1@example.com", *actor.UserName) require.Equal(t, "admin1@example.com", actor.UserEmail) + + // hostVanillaOsquery5Team1 sends policy results with failed policies with associated installers. + // Fleet should not queue an install for vanilla osquery hosts. + distributedResp = submitDistributedQueryResultsResponse{} + s.DoJSONWithoutAuth("POST", "/api/osquery/distributed/write", genDistributedReqWithPolicyResults( + hostVanillaOsquery5Team1, + map[uint]*bool{ + policy1Team1.ID: ptr.Bool(false), + }, + ), http.StatusOK, &distributedResp) + hostVanillaOsquery5Team1LastInstall, err := s.ds.GetHostLastInstallData(ctx, hostVanillaOsquery5Team1.ID, dummyInstallerPkgInstallerID) + require.NoError(t, err) + require.Nil(t, hostVanillaOsquery5Team1LastInstall) } diff --git a/server/service/osquery.go b/server/service/osquery.go index a38d26407e..f98c2cdc79 100644 --- a/server/service/osquery.go +++ b/server/service/osquery.go @@ -1008,7 +1008,7 @@ func (svc *Service) SubmitDistributedQueryResults( logging.WithErr(ctx, err) } - if err := svc.processSoftwareForNewlyFailingPolicies(ctx, host.ID, host.TeamID, host.Platform, policyResults); err != nil { + if err := svc.processSoftwareForNewlyFailingPolicies(ctx, host.ID, host.TeamID, host.Platform, host.OrbitNodeKey, policyResults); err != nil { logging.WithErr(ctx, err) } @@ -1616,8 +1616,13 @@ func (svc *Service) processSoftwareForNewlyFailingPolicies( hostID uint, hostTeamID *uint, hostPlatform string, + hostOrbitNodeKey *string, incomingPolicyResults map[uint]*bool, ) error { + if hostOrbitNodeKey == nil || *hostOrbitNodeKey == "" { + // We do not want to queue software installations on vanilla osquery hosts. + return nil + } if hostTeamID == nil { // TODO(lucas): Support hosts in "No team". return nil