Implement fleetctl goquery (#2186)

- Update fleet APIs to support necessary operations in goquery
- Implement support for goquery in fleetctl

Author: zwass

cmd/fleetctl/fleetctl.go

@@ -50,6 +50,7 @@ func main() {
 			},
 		},
 		convertCommand(),
+		goqueryCommand(),
 	}
 
 	app.RunAndExitOnError()

cmd/fleetctl/goquery.go

@@ -0,0 +1,132 @@
+package main
+
+import (
+	"fmt"
+	"strconv"
+
+	"github.com/AbGuthrie/goquery/v2"
+	gqconfig "github.com/AbGuthrie/goquery/v2/config"
+	gqhosts "github.com/AbGuthrie/goquery/v2/hosts"
+	gqmodels "github.com/AbGuthrie/goquery/v2/models"
+	"github.com/kolide/fleet/server/kolide"
+	"github.com/kolide/fleet/server/service"
+	"github.com/pkg/errors"
+	"github.com/urfave/cli"
+)
+
+type activeQuery struct {
+	status  string
+	results []map[string]string
+}
+
+type goqueryClient struct {
+	client       *service.Client
+	queryCounter int
+	queries      map[string]activeQuery
+	// goquery passes the UUID, while we need the hostname (or ID) to
+	// query against Fleet. Keep a mapping so that we know how to target
+	// the host.
+	hostnameByUUID map[string]string
+}
+
+func newGoqueryClient(fleetClient *service.Client) *goqueryClient {
+	return &goqueryClient{
+		client:         fleetClient,
+		queryCounter:   0,
+		queries:        make(map[string]activeQuery),
+		hostnameByUUID: make(map[string]string),
+	}
+}
+
+func (c *goqueryClient) CheckHost(query string) (gqhosts.Host, error) {
+	res, err := c.client.SearchTargets(query, nil, nil)
+	if err != nil {
+		return gqhosts.Host{}, err
+	}
+
+	var host *kolide.Host
+	for _, h := range res.Hosts {
+		// We allow hosts to be looked up by hostname in addition to UUID
+		if query == h.UUID || query == h.HostName || query == h.ComputerName {
+			host = &h
+			break
+		}
+	}
+
+	if host == nil {
+		return gqhosts.Host{}, fmt.Errorf("host %s not found", query)
+	}
+
+	c.hostnameByUUID[host.UUID] = host.HostName
+
+	return gqhosts.Host{
+		UUID:         host.UUID,
+		ComputerName: host.ComputerName,
+		Platform:     host.Platform,
+		Version:      host.OsqueryVersion,
+	}, nil
+}
+
+func (c *goqueryClient) ScheduleQuery(uuid, query string) (string, error) {
+	c.queryCounter++
+	queryName := strconv.Itoa(c.queryCounter)
+
+	hostname, ok := c.hostnameByUUID[uuid]
+	if !ok {
+		return "", errors.New("could not lookup host")
+	}
+
+	res, err := c.client.LiveQuery(query, []string{}, []string{hostname})
+	if err != nil {
+		return "", err
+	}
+
+	c.queries[queryName] = activeQuery{status: "Pending"}
+
+	// We need to start a separate thread due to goquery expecting
+	// scheduling a query and retrieving results to be separate
+	// operations.
+	go func() {
+		select {
+		case hostResult := <-res.Results():
+			c.queries[queryName] = activeQuery{status: "Completed", results: hostResult.Rows}
+
+			// Print an error
+		case err := <-res.Errors():
+			c.queries[queryName] = activeQuery{status: "error: " + err.Error()}
+		}
+	}()
+
+	gqhosts.AddQueryToHost(uuid, gqhosts.Query{Name: queryName, SQL: query})
+	return queryName, nil
+}
+
+func (c *goqueryClient) FetchResults(queryName string) (gqmodels.Rows, string, error) {
+	res, ok := c.queries[queryName]
+	if !ok {
+		return nil, "", fmt.Errorf("Unknown query %s", queryName)
+	}
+
+	return res.results, res.status, nil
+}
+
+func goqueryCommand() cli.Command {
+	return cli.Command{
+		Name:  "goquery",
+		Usage: "Start the goquery interface",
+		Flags: []cli.Flag{
+			configFlag(),
+			contextFlag(),
+			yamlFlag(),
+		},
+		Action: func(c *cli.Context) error {
+			fleet, err := clientFromCLI(c)
+			if err != nil {
+				return err
+			}
+
+			goquery.Run(newGoqueryClient(fleet), gqconfig.Config{})
+			return nil
+		},
+	}
+}

docs/cli/README.md

@@ -24,3 +24,30 @@ Fleet exposes the aspects of an osquery deployment as a set of "objects". Object
 > Objects can be created, updated, and deleted by storing multiple object configuration files in a directory and using `kubectl apply` to recursively create and update those objects as needed.
 
 Similarly, Fleet objects can be created, updated, and deleted by storing multiple object configuration files in a directory and using `fleetctl apply` to recursively create and update those objects as needed.
+
+### Using goquery with `fleetctl`
+
+Fleet and `fleetctl` have built in support for [goquery](https://github.com/AbGuthrie/goquery).
+
+Use `fleetctl goquery` to open up the goquery console. When used with Fleet, goquery can connect using either a hostname or UUID.
+
+```
+$ ./build/fleetctl get hosts
++--------------------------------------+--------------+----------+---------+
+|                 UUID                 |   HOSTNAME   | PLATFORM | STATUS  |
++--------------------------------------+--------------+----------+---------+
+| 192343D5-0000-0000-B85B-58F656BED4C7 | 6523f89187f8 | centos   | online  |
++--------------------------------------+--------------+----------+---------+
+$ ./build/fleetctl goquery
+goquery> .connect 6523f89187f8
+Verified Host(6523f89187f8) Exists.
+.
+goquery | 6523f89187f8:> .query select unix_time from time
+...
+------------------------------
+| host_hostname | unix_time  |
+------------------------------
+| 6523f89187f8  | 1579842569 |
+------------------------------
+goquery | 6523f89187f8:>
+```

go.mod

@@ -4,10 +4,11 @@ go 1.12
 
 require (
 	cloud.google.com/go v0.37.4
+	github.com/AbGuthrie/goquery/v2 v2.0.1
 	github.com/VividCortex/gohistogram v1.0.0 // indirect
 	github.com/VividCortex/mysqlerr v0.0.0-20170204212430-6c6b55f8796f
 	github.com/WatchBeam/clock v0.0.0-20170901150240-b08e6b4da7ea
-	github.com/aws/aws-sdk-go v1.19.8
+	github.com/aws/aws-sdk-go v1.26.8
 	github.com/beevik/etree v1.1.0
 	github.com/briandowns/spinner v0.0.0-20170614154858-48dbb65d7bd5
 	github.com/dgrijalva/jwt-go v3.2.0+incompatible
@@ -26,17 +27,14 @@ require (
 	github.com/igm/sockjs-go v0.0.0-20171030210102-c8a8c6429d10
 	github.com/inconshreveable/mousetrap v1.0.0 // indirect
 	github.com/jmoiron/sqlx v0.0.0-20180406164412-2aeb6a910c2b
-	github.com/jonboulle/clockwork v0.1.0 // indirect
 	github.com/kolide/goose v0.0.0-20181015214854-7aebd1deb5ab
 	github.com/kolide/kit v0.0.0-20180421083548-36eb8dc43916
 	github.com/kolide/launcher v0.0.0-20180427153757-cb412b945cf7
 	github.com/kolide/osquery-go v0.0.0-20190904034940-a74aa860032d
-	github.com/kr/pretty v0.1.0 // indirect
 	github.com/lib/pq v1.2.0 // indirect
 	github.com/magiconair/properties v1.7.6 // indirect
-	github.com/mattn/go-colorable v0.0.9 // indirect
-	github.com/mattn/go-isatty v0.0.3 // indirect
-	github.com/mattn/go-runewidth v0.0.2 // indirect
+	github.com/mattn/go-isatty v0.0.12 // indirect
+	github.com/mattn/go-runewidth v0.0.8 // indirect
 	github.com/mattn/go-sqlite3 v1.11.0 // indirect
 	github.com/mitchellh/mapstructure v0.0.0-20180220230111-00c29f56e238 // indirect
 	github.com/olekukonko/tablewriter v0.0.0-20180506121414-d4647c9c7a84
@@ -56,14 +54,13 @@ require (
 	github.com/stretchr/testify v1.4.0
 	github.com/urfave/cli v1.20.0
 	go.opencensus.io v0.20.2 // indirect
-	golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2
+	golang.org/x/crypto v0.0.0-20191002192127-34f69633bfdc
 	golang.org/x/oauth2 v0.0.0-20190402181905-9f3314589c9a // indirect
-	golang.org/x/sync v0.0.0-20190412183630-56d357773e84 // indirect
-	golang.org/x/sys v0.0.0-20190909082730-f460065e899a // indirect
+	golang.org/x/sys v0.0.0-20200122134326-e047566fdf82 // indirect
 	google.golang.org/api v0.3.2 // indirect
 	google.golang.org/grpc v1.19.0
-	gopkg.in/check.v1 v1.0.0-20190902080502-41f04d3bba15 // indirect
 	gopkg.in/guregu/null.v3 v3.4.0
 	gopkg.in/natefinch/lumberjack.v2 v2.0.0-20170531160350-a96e63847dc3
 	gopkg.in/yaml.v2 v2.2.2
+	honnef.co/go/tools v0.0.0-20190106161140-3f1c8253044a
 )