Move team identifier from software to host/software API

fleetdm · Nov 15, 2024 · 13ffe36 · 13ffe36
1 parent 3231292
commit 13ffe36
Show file tree

Hide file tree

Showing 10 changed files with 182 additions and 216 deletions.
diff --git a/server/datastore/mysql/migrations/tables/20241110152838_AddTeamIdentifierToSoftware.go b/server/datastore/mysql/migrations/tables/20241110152838_AddTeamIdentifierToSoftware.go
diff --git a/...e/mysql/migrations/tables/20241110152839_AddTeamIdentifierToHostSoftwareInstalledPaths.go b/...e/mysql/migrations/tables/20241110152839_AddTeamIdentifierToHostSoftwareInstalledPaths.go
@@ -0,0 +1,23 @@
+package tables
+
+import (
+	"database/sql"
+	"fmt"
+)
+
+func init() {
+	MigrationClient.AddMigration(Up_20241110152839, Down_20241110152839)
+}
+
+func Up_20241110152839(tx *sql.Tx) error {
+	if _, err := tx.Exec(`
+		ALTER TABLE host_software_installed_paths ADD COLUMN team_identifier VARCHAR(10) CHARACTER SET utf8mb4 COLLATE utf8mb4_unicode_ci NOT NULL DEFAULT ''`,
+	); err != nil {
+		return fmt.Errorf("failed to add team_identifier to host_software_installed_paths table: %w", err)
+	}
+	return nil
+}
+
+func Down_20241110152839(tx *sql.Tx) error {
+	return nil
+}
diff --git a/server/datastore/mysql/schema.sql b/server/datastore/mysql/schema.sql
diff --git a/server/datastore/mysql/software.go b/server/datastore/mysql/software.go
@@ -91,7 +91,7 @@ func (ds *Datastore) getHostSoftwareInstalledPaths(
 	error,
 ) {
 	stmt := `
-		SELECT t.id, t.host_id, t.software_id, t.installed_path
+		SELECT t.id, t.host_id, t.software_id, t.installed_path, t.team_identifier
 		FROM host_software_installed_paths t
 		WHERE t.host_id = ?
 	`
@@ -145,7 +145,10 @@ func hostSoftwareInstalledPathsDelta(
 			continue
 		}
 
-		key := fmt.Sprintf("%s%s%s", r.InstalledPath, fleet.SoftwareFieldSeparator, s.ToUniqueStr())
+		key := fmt.Sprintf(
+			"%s%s%s%s%s",
+			r.InstalledPath, fleet.SoftwareFieldSeparator, r.TeamIdentifier, fleet.SoftwareFieldSeparator, s.ToUniqueStr(),
+		)
 		iSPathLookup[key] = r
 
 		// Anything stored but not reported should be deleted
@@ -155,8 +158,8 @@ func hostSoftwareInstalledPathsDelta(
 	}
 
 	for key := range reported {
-		parts := strings.SplitN(key, fleet.SoftwareFieldSeparator, 2)
-		iSPath, unqStr := parts[0], parts[1]
+		parts := strings.SplitN(key, fleet.SoftwareFieldSeparator, 3)
+		installedPath, teamIdentifier, unqStr := parts[0], parts[1], parts[2]
 
 		// Shouldn't be possible ... everything 'reported' should be in the the software table
 		// because this executes after 'ds.UpdateHostSoftware'
@@ -172,9 +175,10 @@ func hostSoftwareInstalledPathsDelta(
 		}
 
 		toInsert = append(toInsert, fleet.HostSoftwareInstalledPath{
-			HostID:        hostID,
-			SoftwareID:    s.ID,
-			InstalledPath: iSPath,
+			HostID:         hostID,
+			SoftwareID:     s.ID,
+			InstalledPath:  installedPath,
+			TeamIdentifier: teamIdentifier,
 		})
 	}
 
@@ -211,7 +215,7 @@ func insertHostSoftwareInstalledPaths(
 		return nil
 	}
 
-	stmt := "INSERT INTO host_software_installed_paths (host_id, software_id, installed_path) VALUES %s"
+	stmt := "INSERT INTO host_software_installed_paths (host_id, software_id, installed_path, team_identifier) VALUES %s"
 	batchSize := 500
 
 	for i := 0; i < len(toInsert); i += batchSize {
@@ -223,10 +227,10 @@ func insertHostSoftwareInstalledPaths(
 
 		var args []interface{}
 		for _, v := range batch {
-			args = append(args, v.HostID, v.SoftwareID, v.InstalledPath)
+			args = append(args, v.HostID, v.SoftwareID, v.InstalledPath, v.TeamIdentifier)
 		}
 
-		placeHolders := strings.TrimSuffix(strings.Repeat("(?, ?, ?), ", len(batch)), ", ")
+		placeHolders := strings.TrimSuffix(strings.Repeat("(?, ?, ?, ?), ", len(batch)), ", ")
 		stmt := fmt.Sprintf(stmt, placeHolders)
 
 		_, err := tx.ExecContext(ctx, stmt, args...)
@@ -305,7 +309,6 @@ SELECT
     s.vendor,
     s.arch,
     s.extension_id,
-    s.team_identifier,
     hs.last_opened_at
 FROM
     software s
@@ -584,10 +587,6 @@ func deleteUninstalledHostSoftwareDB(
 func computeRawChecksum(sw fleet.Software) ([]byte, error) {
 	h := md5.New() //nolint:gosec // This hash is used as a DB optimization for software row lookup, not security
 	cols := []string{sw.Name, sw.Version, sw.Source, sw.BundleIdentifier, sw.Release, sw.Arch, sw.Vendor, sw.Browser, sw.ExtensionID}
-	// TeamIdentifier was added after the migration that added the checksum.
-	if sw.TeamIdentifier != "" {
-		cols = append(cols, sw.TeamIdentifier)
-	}
 	_, err := fmt.Fprint(h, strings.Join(cols, "\x00"))
 	if err != nil {
 		return nil, err
@@ -638,9 +637,9 @@ func (ds *Datastore) insertNewInstalledHostSoftwareDB(
 			totalToProcess := end - start
 
 			// Insert into software
-			const numberOfArgsPerSoftware = 12 // number of ? in each VALUES clause
+			const numberOfArgsPerSoftware = 11 // number of ? in each VALUES clause
 			values := strings.TrimSuffix(
-				strings.Repeat("(?,?,?,?,?,?,?,?,?,?,?,?),", totalToProcess), ",",
+				strings.Repeat("(?,?,?,?,?,?,?,?,?,?,?),", totalToProcess), ",",
 			)
 			// INSERT IGNORE is used to avoid duplicate key errors, which may occur since our previous read came from the replica.
 			stmt := fmt.Sprintf(
@@ -655,7 +654,6 @@ func (ds *Datastore) insertNewInstalledHostSoftwareDB(
 					extension_id,
 					browser,
 					title_id,
-					team_identifier,
 					checksum
 				) VALUES %s`,
 				values,
@@ -684,7 +682,7 @@ func (ds *Datastore) insertNewInstalledHostSoftwareDB(
 				}
 				args = append(
 					args, sw.Name, sw.Version, sw.Source, sw.Release, sw.Vendor, sw.Arch, sw.BundleIdentifier, sw.ExtensionID, sw.Browser,
-					titleID, sw.TeamIdentifier, checksum,
+					titleID, checksum,
 				)
 			}
 			if _, err := tx.ExecContext(ctx, stmt, args...); err != nil {
@@ -977,7 +975,6 @@ func selectSoftwareSQL(opts fleet.SoftwareListOptions) (string, []interface{}, e
 			"s.source",
 			"s.bundle_identifier",
 			"s.extension_id",
-			"s.team_identifier",
 			"s.browser",
 			"s.release",
 			"s.vendor",
@@ -1138,7 +1135,6 @@ func selectSoftwareSQL(opts fleet.SoftwareListOptions) (string, []interface{}, e
 		"s.source",
 		"s.bundle_identifier",
 		"s.extension_id",
-		"s.team_identifier",
 		"s.browser",
 		"s.release",
 		"s.vendor",
@@ -1159,7 +1155,6 @@ func selectSoftwareSQL(opts fleet.SoftwareListOptions) (string, []interface{}, e
 			"s.source",
 			"s.bundle_identifier",
 			"s.extension_id",
-			"s.team_identifier",
 			"s.browser",
 			"s.release",
 			"s.vendor",
@@ -1249,16 +1244,22 @@ func (ds *Datastore) LoadHostSoftware(ctx context.Context, host *fleet.Host, inc
 		return err
 	}
 
-	lookup := make(map[uint][]string)
+	installedPathsList := make(map[uint][]string)
+	pathSignatureInformation := make(map[uint][]fleet.PathSignatureInformation)
 	for _, ip := range installedPaths {
-		lookup[ip.SoftwareID] = append(lookup[ip.SoftwareID], ip.InstalledPath)
+		installedPathsList[ip.SoftwareID] = append(installedPathsList[ip.SoftwareID], ip.InstalledPath)
+		pathSignatureInformation[ip.SoftwareID] = append(pathSignatureInformation[ip.SoftwareID], fleet.PathSignatureInformation{
+			InstalledPath:  ip.InstalledPath,
+			TeamIdentifier: ip.TeamIdentifier,
+		})
 	}
 
 	host.Software = make([]fleet.HostSoftwareEntry, 0, len(software))
 	for _, s := range software {
 		host.Software = append(host.Software, fleet.HostSoftwareEntry{
-			Software:       s,
-			InstalledPaths: lookup[s.ID],
+			Software:                 s,
+			InstalledPaths:           installedPathsList[s.ID],
+			PathSignatureInformation: pathSignatureInformation[s.ID],
 		})
 	}
 	return nil
@@ -1304,7 +1305,7 @@ func (ds *Datastore) AllSoftwareIterator(
 	var args []interface{}
 
 	stmt := `SELECT
-		s.id, s.name, s.version, s.source, s.bundle_identifier, s.release, s.arch, s.vendor, s.browser, s.extension_id, s.team_identifier, s.title_id ,
+		s.id, s.name, s.version, s.source, s.bundle_identifier, s.release, s.arch, s.vendor, s.browser, s.extension_id, s.title_id,
 		COALESCE(sc.cpe, '') AS generated_cpe
 	FROM software s
 	LEFT JOIN software_cpe sc ON (s.id=sc.software_id)`
@@ -1491,7 +1492,6 @@ func (ds *Datastore) SoftwareByID(ctx context.Context, id uint, teamID *uint, in
 			"s.vendor",
 			"s.arch",
 			"s.extension_id",
-			"s.team_identifier",
 			"scv.cve",
 			"scv.created_at",
 			goqu.COALESCE(goqu.I("scp.cpe"), "").As("generated_cpe"),
@@ -2546,6 +2546,8 @@ INNER JOIN software_cve scve ON scve.software_id = s.id
 			st.id as software_title_id,
 			s.id as software_id,
 			s.version,
+			s.bundle_identifier,
+			s.source,
 			hs.last_opened_at
 		FROM
 			software s
@@ -2610,7 +2612,8 @@ INNER JOIN software_cve scve ON scve.software_id = s.id
 			const pathsStmt = `
 			SELECT
 				hsip.software_id,
-				hsip.installed_path
+				hsip.installed_path,
+				hsip.team_identifier
 			FROM
 				host_software_installed_paths hsip
 			WHERE
@@ -2620,8 +2623,9 @@ INNER JOIN software_cve scve ON scve.software_id = s.id
 				software_id, installed_path
 	`
 			type installedPath struct {
-				SoftwareID    uint   `db:"software_id"`
-				InstalledPath string `db:"installed_path"`
+				SoftwareID     uint   `db:"software_id"`
+				InstalledPath  string `db:"installed_path"`
+				TeamIdentifier string `db:"team_identifier"`
 			}
 			var installedPaths []installedPath
 			stmt, args, err = sqlx.In(pathsStmt, host.ID, softwareIDs)
@@ -2636,6 +2640,12 @@ INNER JOIN software_cve scve ON scve.software_id = s.id
 			for _, path := range installedPaths {
 				ver := bySoftwareID[path.SoftwareID]
 				ver.InstalledPaths = append(ver.InstalledPaths, path.InstalledPath)
+				if ver.Source == "apps" {
+					ver.SignatureInformation = append(ver.SignatureInformation, fleet.PathSignatureInformation{
+						InstalledPath:  path.InstalledPath,
+						TeamIdentifier: path.TeamIdentifier,
+					})
+				}
 			}
 		}
 	}