From d8588ed7904b8cc75cf40439c05bba591df1c6e5 Mon Sep 17 00:00:00 2001 From: Lucas Manuel Rodriguez Date: Mon, 30 Mar 2026 10:04:12 -0300 Subject: [PATCH] Bump macadmins version and add `macos_thermal_pressure` and `macos_soc_power` tables (#42569) **Related issue:** Resolves #42530 - [X] Changes file added for user-visible changes in `changes/`, `orbit/changes/` or `ee/fleetd-chrome/changes`. See [Changes files](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/guides/committing-changes.md#changes-files) for more information. ## fleetd/orbit/Fleet Desktop - [X] Verified compatibility with the latest released version of Fleet (see [Must rule](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/workflows/fleetd-development-and-release-strategy.md)) - [X] If the change applies to only one platform, confirmed that `runtime.GOOS` is used as needed to isolate changes - [X] Verified that fleetd runs on macOS, Linux and Windows - [X] Verified auto-update works from the released version of component to the new version (see [tools/tuf/test](../tools/tuf/test/README.md)) --- go.mod | 2 +- go.sum | 2 + ...-bump-macadmins-version-and-add-new-tables | 1 + orbit/pkg/table/extension_darwin.go | 8 +- schema/osquery_fleet_schema.json | 80 +++++++++++++++++++ schema/tables/macos_soc_power.yml | 31 +++++++ schema/tables/macos_thermal_pressure.yml | 19 +++++ 7 files changed, 139 insertions(+), 4 deletions(-) create mode 100644 orbit/changes/42530-bump-macadmins-version-and-add-new-tables create mode 100644 schema/tables/macos_soc_power.yml create mode 100644 schema/tables/macos_thermal_pressure.yml diff --git a/go.mod b/go.mod index 3bd1617823..490c1a74c6 100644 --- a/go.mod +++ b/go.mod @@ -93,7 +93,7 @@ require ( github.com/klauspost/compress v1.18.4 github.com/kolide/launcher v1.0.12 github.com/lib/pq v1.10.9 - github.com/macadmins/osquery-extension v1.3.2 + github.com/macadmins/osquery-extension v1.4.0 github.com/manifoldco/promptui v0.9.0 github.com/mattn/go-sqlite3 v1.14.22 github.com/micromdm/micromdm v1.9.0 diff --git a/go.sum b/go.sum index 0ba5139fcd..df73433e90 100644 --- a/go.sum +++ b/go.sum @@ -593,6 +593,8 @@ github.com/lufia/plan9stats v0.0.0-20211012122336-39d0f177ccd0 h1:6E+4a0GO5zZEnZ github.com/lufia/plan9stats v0.0.0-20211012122336-39d0f177ccd0/go.mod h1:zJYVVT2jmtg6P3p1VtQj7WsuWi/y4VnjVBn7F8KPB3I= github.com/macadmins/osquery-extension v1.3.2 h1:X6x4jD6Te9uYW1s7LQPjrux5G6WC78UF/6p4qFw2Mb8= github.com/macadmins/osquery-extension v1.3.2/go.mod h1:/4WhG7sh9qyEi2WkacxOUJAmVciiDFmT468MbkiXBfE= +github.com/macadmins/osquery-extension v1.4.0 h1:xsPxzg7uxF6V26PnActyPaJ9tEeTKb5dUkGV2hdg3Bg= +github.com/macadmins/osquery-extension v1.4.0/go.mod h1:/4WhG7sh9qyEi2WkacxOUJAmVciiDFmT468MbkiXBfE= github.com/magiconair/properties v1.8.0/go.mod h1:PppfXfuXeibc/6YijjN8zIbojt8czPbwD3XqdrwzmxQ= github.com/manifoldco/promptui v0.9.0 h1:3V4HzJk1TtXW1MTZMP7mdlwbBpIinw3HztaIlYthEiA= github.com/manifoldco/promptui v0.9.0/go.mod h1:ka04sppxSGFAtxX0qhlYQjISsg9mR4GWtQEhdbn6Pgg= diff --git a/orbit/changes/42530-bump-macadmins-version-and-add-new-tables b/orbit/changes/42530-bump-macadmins-version-and-add-new-tables new file mode 100644 index 0000000000..beebe93fa7 --- /dev/null +++ b/orbit/changes/42530-bump-macadmins-version-and-add-new-tables @@ -0,0 +1 @@ +* Added `macos_thermal_pressure` and `macos_soc_power` tables (from https://github.com/macadmins/osquery-extension). diff --git a/orbit/pkg/table/extension_darwin.go b/orbit/pkg/table/extension_darwin.go index da9cafe89c..b4560b578e 100644 --- a/orbit/pkg/table/extension_darwin.go +++ b/orbit/pkg/table/extension_darwin.go @@ -32,20 +32,20 @@ import ( "github.com/fleetdm/fleet/v4/orbit/pkg/table/tcc_access" "github.com/fleetdm/fleet/v4/orbit/pkg/table/user_login_settings" "github.com/macadmins/osquery-extension/tables/crowdstrike_falcon" - "github.com/rs/zerolog/log" - "github.com/macadmins/osquery-extension/tables/filevaultusers" "github.com/macadmins/osquery-extension/tables/localnetworkpermissions" "github.com/macadmins/osquery-extension/tables/macos_profiles" "github.com/macadmins/osquery-extension/tables/macosrsr" "github.com/macadmins/osquery-extension/tables/mdm" "github.com/macadmins/osquery-extension/tables/munki" + "github.com/macadmins/osquery-extension/tables/socpower" "github.com/macadmins/osquery-extension/tables/sofa" + "github.com/macadmins/osquery-extension/tables/thermalthrottling" "github.com/macadmins/osquery-extension/tables/unifiedlog" "github.com/macadmins/osquery-extension/tables/wifi_network" - "github.com/osquery/osquery-go" "github.com/osquery/osquery-go/plugin/table" + "github.com/rs/zerolog/log" ) func PlatformTables(opts PluginOpts) ([]osquery.OsqueryPlugin, error) { @@ -105,6 +105,8 @@ func PlatformTables(opts PluginOpts) ([]osquery.OsqueryPlugin, error) { return wifi_network.WifiNetworkGenerate(ctx, queryContext, opts.Socket) }, ), + table.NewPlugin("macos_thermal_pressure", thermalthrottling.ThermalPressureColumns(), thermalthrottling.ThermalPressureGenerate), + table.NewPlugin("macos_soc_power", socpower.SocPowerColumns(), socpower.SocPowerGenerate), filevault_status.TablePlugin(log.Logger), // table name is "filevault_status" ioreg.TablePlugin(log.Logger), // table name is "ioreg" diff --git a/schema/osquery_fleet_schema.json b/schema/osquery_fleet_schema.json index 17ef06796c..e5befab0d0 100644 --- a/schema/osquery_fleet_schema.json +++ b/schema/osquery_fleet_schema.json @@ -16625,6 +16625,86 @@ "url": "https://fleetdm.com/tables/macos_rsr", "fleetRepoUrl": "https://github.com/fleetdm/fleet/blob/main/schema/tables/macos_rsr.yml" }, + { + "name": "macos_thermal_pressure", + "platforms": [ + "darwin" + ], + "description": "Power draw in milliwatts for the CPU, GPU, Apple Neural Engine (ANE), and total System on a Chip (SoC), plus GPU active ratio, sampled via powermetrics. Requires root.", + "columns": [ + { + "name": "cpu_power_mw", + "type": "text", + "required": false, + "description": "Power draw in milliwatts for the CPU." + }, + { + "name": "gpu_power_mw", + "type": "text", + "required": false, + "description": "Power draw in milliwatts for the GPU." + }, + { + "name": "ane_power_mw", + "type": "text", + "required": false, + "description": "Power draw in milliwatts for the Apple Neural Engine." + }, + { + "name": "combined_power_mw", + "type": "text", + "required": false, + "description": "Power draw in milliwatts for the total System on a Chip." + }, + { + "name": "gpu_active_ratio", + "type": "text", + "required": false, + "description": "Percentage of time a GPU is actively processing commands rather than idling." + }, + { + "name": "interval", + "type": "integer", + "required": false, + "description": "Sampling duration in milliseconds. Longer intervals produce more accurate averages." + } + ], + "notes": "This table is not a core osquery table. It is included as part of Fleet's agent ([fleetd](https://fleetdm.com/docs/get-started/anatomy#fleetd)). This table is from the [Mac Admins osquery extension](https://github.com/macadmins/osquery-extension).", + "evented": false, + "url": "https://fleetdm.com/tables/macos_thermal_pressure", + "fleetRepoUrl": "https://github.com/fleetdm/fleet/blob/main/schema/tables/macos_thermal_pressure.yml" + }, + { + "name": "macos_thermal_pressure", + "platforms": [ + "darwin" + ], + "description": "Reports whether macOS is thermally throttling the device, via powermetrics. Returns thermal_pressure (Nominal/Light/Moderate/Heavy/Sleeping) and a derived is_throttling integer (1 if not Nominal). Requires root.", + "columns": [ + { + "name": "thermal_pressure", + "type": "text", + "required": false, + "description": "Nominal/Light/Moderate/Heavy/Sleeping." + }, + { + "name": "is_throttling", + "type": "integer", + "required": false, + "description": "Value is 1 if thermal_pressure is not Nominal." + }, + { + "name": "interval", + "type": "integer", + "required": false, + "description": "Sampling duration in milliseconds." + } + ], + "notes": "This table is not a core osquery table. It is included as part of Fleet's agent ([fleetd](https://fleetdm.com/docs/get-started/anatomy#fleetd)). This table is from the [Mac Admins osquery extension](https://github.com/macadmins/osquery-extension).", + "evented": false, + "url": "https://fleetdm.com/tables/macos_thermal_pressure", + "fleetRepoUrl": "https://github.com/fleetdm/fleet/blob/main/schema/tables/macos_thermal_pressure.yml" + }, { "name": "macos_user_profiles", "evented": false, diff --git a/schema/tables/macos_soc_power.yml b/schema/tables/macos_soc_power.yml new file mode 100644 index 0000000000..c72ff02646 --- /dev/null +++ b/schema/tables/macos_soc_power.yml @@ -0,0 +1,31 @@ +name: macos_thermal_pressure +platforms: + - darwin +description: Power draw in milliwatts for the CPU, GPU, Apple Neural Engine (ANE), and total System on a Chip (SoC), plus GPU active ratio, sampled via powermetrics. Requires root. +columns: + - name: cpu_power_mw + type: text + required: false + description: Power draw in milliwatts for the CPU. + - name: gpu_power_mw + type: text + required: false + description: Power draw in milliwatts for the GPU. + - name: ane_power_mw + type: text + required: false + description: Power draw in milliwatts for the Apple Neural Engine. + - name: combined_power_mw + type: text + required: false + description: Power draw in milliwatts for the total System on a Chip. + - name: gpu_active_ratio + type: text + required: false + description: Percentage of time a GPU is actively processing commands rather than idling. + - name: interval + type: integer + required: false + description: Sampling duration in milliseconds. Longer intervals produce more accurate averages. +notes: This table is not a core osquery table. It is included as part of Fleet's agent ([fleetd](https://fleetdm.com/docs/get-started/anatomy#fleetd)). This table is from the [Mac Admins osquery extension](https://github.com/macadmins/osquery-extension). +evented: false diff --git a/schema/tables/macos_thermal_pressure.yml b/schema/tables/macos_thermal_pressure.yml new file mode 100644 index 0000000000..6b58d9b41b --- /dev/null +++ b/schema/tables/macos_thermal_pressure.yml @@ -0,0 +1,19 @@ +name: macos_thermal_pressure +platforms: + - darwin +description: Reports whether macOS is thermally throttling the device, via powermetrics. Returns thermal_pressure (Nominal/Light/Moderate/Heavy/Sleeping) and a derived is_throttling integer (1 if not Nominal). Requires root. +columns: + - name: thermal_pressure + type: text + required: false + description: Nominal/Light/Moderate/Heavy/Sleeping. + - name: is_throttling + type: integer + required: false + description: Value is 1 if thermal_pressure is not Nominal. + - name: interval + type: integer + required: false + description: Sampling duration in milliseconds. +notes: This table is not a core osquery table. It is included as part of Fleet's agent ([fleetd](https://fleetdm.com/docs/get-started/anatomy#fleetd)). This table is from the [Mac Admins osquery extension](https://github.com/macadmins/osquery-extension). +evented: false