Merge pull request #54 from netboxlabs/develop

release 🚚

Author: leoparente

.github/workflows/develop.yaml

@@ -0,0 +1,55 @@
+name: Orb Agent - develop
+on:
+  workflow_dispatch:
+  push:
+    branches: [ develop ]
+    paths:
+      - "agent/**"
+      - "cmd/**"
+      - "!agent/docker/**"
+
+permissions:
+  contents: write
+
+env:
+  GO_VERSION: '1.23'
+
+jobs:
+    build-and-push:
+      runs-on: ubuntu-latest
+      strategy:
+        fail-fast: false
+      steps:
+        - name: Checkout
+          uses: actions/checkout@v4
+
+        - name: Set up QEMU
+          uses: docker/setup-qemu-action@49b3bc8e6bdd4a60e6116a5414239cba5943d3cf #v3.2.0
+
+        - name: Set up Docker Buildx
+          uses: docker/setup-buildx-action@6524bf65af31da8d45b59e8c27de4bd072b392f5 #v3.8.0
+
+        - name: Login to Docker Hub
+          uses: docker/login-action@9780b0c442fbb1117ed29e0efdff1e18412f7567 #v3.3.0
+          with:
+            username: ${{ secrets.DOCKERHUB_USERNAME }}
+            password: ${{ secrets.DOCKERHUB_TOKEN }}
+
+        - name: Set build info
+          run: |
+            echo ${GITHUB_SHA::7} > ./agent/version/BUILD_COMMIT.txt
+            LATEST_RELEASE=$(curl --silent "https://api.github.com/repos/${{ github.repository }}/releases/latest" | jq -r '.tag_name')
+            echo $LATEST_RELEASE > ./agent/version/BUILD_VERSION.txt
+
+        - name: Build image and push
+          uses: docker/build-push-action@48aba3b46d1b1fec4febb7c5d0c644b249a11355 #v6.10.0
+          with:
+            context: .
+            file: agent/docker/Dockerfile
+            platforms: linux/amd64, linux/arm64
+            push: true
+            cache-from: type=gha
+            cache-to: type=gha,mode=max
+            tags: netboxlabs/orb-agent:develop
+            build-args: |
+              GO_VERSION=${{ env.GO_VERSION }}  

.github/workflows/lint.yaml

@@ -15,15 +15,13 @@ jobs:
       - name: Checkout
         uses: actions/checkout@v4
       - name: Setup Go
-        uses: actions/setup-go@v4
+        uses: actions/setup-go@v5
         with:
-          go-version: '1.23'
+          go-version: '1.23.x'
           check-latest: true
       - name: Lint
-        uses: golangci/golangci-lint-action@v3
+        uses: golangci/golangci-lint-action@971e284b6050e8a5849b72094c50ab08da042db8 #v6.1.1
         with:
           version: v1.62
           working-directory: .
           args: --config .github/golangci.yaml
-          skip-pkg-cache: true
-          skip-build-cache: true

.github/workflows/release.yaml

@@ -15,7 +15,7 @@ concurrency:
 env:
   GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
   SEMANTIC_RELEASE_PACKAGE: ${{ github.repository }}
-  GO_VERSION: '1.23'
+  GO_VERSION: '1.23.x'
   APP_NAME: orb-agent
 
 permissions:
@@ -34,7 +34,7 @@ jobs:
         with:
           node-version: "lts/*"
       - name: Write package.json
-        uses: DamianReeves/write-file-action@master
+        uses: DamianReeves/write-file-action@6929a9a6d1807689191dcc8bbe62b54d70a32b42 #v1.3
         with:
           path: ./package.json
           write-mode: overwrite
@@ -48,7 +48,7 @@ jobs:
               }
             }
       - name: Write .releaserc.json
-        uses: DamianReeves/write-file-action@master
+        uses: DamianReeves/write-file-action@6929a9a6d1807689191dcc8bbe62b54d70a32b42 #v1.3
         with:
           path: ./.releaserc.json
           write-mode: overwrite
@@ -132,13 +132,13 @@ jobs:
         uses: actions/checkout@v4
 
       - name: Set up QEMU
-        uses: docker/setup-qemu-action@v3
+        uses: docker/setup-qemu-action@49b3bc8e6bdd4a60e6116a5414239cba5943d3cf #v3.2.0
 
       - name: Set up Docker Buildx
-        uses: docker/setup-buildx-action@v3
+        uses: docker/setup-buildx-action@6524bf65af31da8d45b59e8c27de4bd072b392f5 #v3.8.0
 
       - name: Login to Docker Hub
-        uses: docker/login-action@v3
+        uses: docker/login-action@9780b0c442fbb1117ed29e0efdff1e18412f7567 #v3.3.0
         with:
           username: ${{ secrets.DOCKERHUB_USERNAME }}
           password: ${{ secrets.DOCKERHUB_TOKEN }}
@@ -149,7 +149,7 @@ jobs:
           echo $BUILD_VERSION > ./agent/version/BUILD_VERSION.txt
 
       - name: Build image and push
-        uses: docker/build-push-action@v6
+        uses: docker/build-push-action@48aba3b46d1b1fec4febb7c5d0c644b249a11355 #v6.10.0
         with:
           context: .
           file: agent/docker/Dockerfile
@@ -174,7 +174,7 @@ jobs:
         with:
           node-version: "lts/*"
       - name: Write package.json
-        uses: DamianReeves/write-file-action@master
+        uses: DamianReeves/write-file-action@6929a9a6d1807689191dcc8bbe62b54d70a32b42 #v1.3
         with:
           path: ./package.json
           write-mode: overwrite
@@ -188,7 +188,7 @@ jobs:
               }
             }
       - name: Write .releaserc.json
-        uses: DamianReeves/write-file-action@master
+        uses: DamianReeves/write-file-action@6929a9a6d1807689191dcc8bbe62b54d70a32b42 #v1.3
         with:
           path: ./.releaserc.json
           write-mode: overwrite

.github/workflows/tests.yaml

@@ -1,4 +1,4 @@
-name: Orb Agent - test
+name: Orb Agent - tests
 on:
   push:
     branches:
@@ -32,9 +32,9 @@ jobs:
       - name: Checkout
         uses: actions/checkout@v4
       - name: Setup Go
-        uses: actions/setup-go@v4
+        uses: actions/setup-go@v5
         with:
-          go-version: '1.23'
+          go-version: '1.23.x'
           check-latest: true
       - name: Run go build
         run: go build ./...
@@ -54,14 +54,14 @@ jobs:
         if: always()
         run: cat .coverage/test-report.md
       - name: Find comment
-        uses: peter-evans/find-comment@v3
+        uses: peter-evans/find-comment@3eae4d37986fb5a8592848f6a574fdf654e61f9e #v3.1.0
         id: existing-comment
         with:
           issue-number: ${{ github.event.pull_request.number }}
           comment-author: 'github-actions[bot]'
           body-includes: Go test coverage
       - name: Post comment
-        uses: peter-evans/create-or-update-comment@v4
+        uses: peter-evans/create-or-update-comment@71345be0265236311c031f5c7866368bd1eff043 #v4.0.0
         with:
           comment-id: ${{ steps.existing-comment.outputs.comment-id }}
           issue-number: ${{ github.event.pull_request.number }}

README.md

@@ -36,9 +36,10 @@ orb:
     network_discovery:
     ...
 ```
-Only the `network_discovery` and `device_discovery` backends are currently supported. They do not require any special configuration.
+Only the `network_discovery`, `device_discovery` and `worker` backends are currently supported. They do not require any special configuration.
 - [Device Discovery](./docs/backends/device_discovery.md) 
 - [Network Discovery](./docs/backends/network_discovery.md)
+- [Worker](./docs/backends/worker.md)
 
 #### Common
 A special `common` subsection under `backends` defines configuration settings that are shared with all backends. Currently, it supports passing [diode](https://github.com/netboxlabs/diode) server settings to all backends.
@@ -66,14 +67,22 @@ orb:
     network_discovery:
       network_policy_1:
        # see docs/backends/network_discovery.md
+    worker:
+      worker_policy_1:
+       # see docs/backends/worker.md
  ```
 
 ## Running the agent
 
 To run `orb-agent`, use the following command from the directory where your created your `agent.yaml` file:
 
 ```sh
- docker run -v $(PWD):/opt/orb/ netboxlabs/orb-agent:latest run -c /opt/orb/agent.yaml
+ docker run --net=host -v $(PWD):/opt/orb/ netboxlabs/orb-agent:latest run -c /opt/orb/agent.yaml
+```
+The container needs sufficient permissions, to send `icmp` and `tcp` packets. This can either be achieved by setting the network-mode to `host` or by changing the container user to `root`: 
+
+```sh
+ docker run -u root -v $(PWD):/opt/orb/ netboxlabs/orb-agent:latest run -c /opt/orb/agent.yaml
 ```
 
 ### Configuration samples

agent/backend/devicediscovery/device_discovery.go

@@ -109,12 +109,14 @@ func (d *deviceDiscoveryBackend) Start(ctx context.Context, cancelFunc context.C
 		"--host", d.apiHost,
 		"--port", d.apiPort,
 		"--diode-target", d.diodeTarget,
-		"--diode-api-key", d.diodeAPIKey,
+		"--diode-api-key", "********",
 		"--diode-app-name-prefix", d.diodeAppNamePrefix,
 	}
 
 	d.logger.Info("device-discovery startup", zap.Strings("arguments", pvOptions))
 
+	pvOptions[7] = d.diodeAPIKey
+
 	d.proc = cmd.NewCmdOptions(cmd.Options{
 		Buffered:  false,
 		Streaming: true,
@@ -271,14 +273,14 @@ func (d *deviceDiscoveryBackend) ApplyPolicy(data policies.PolicyData, updatePol
 
 	policyYaml, err := yaml.Marshal(fullPolicy)
 	if err != nil {
-		d.logger.Warn("yaml policy marshal failure", zap.String("policy_id", data.ID), zap.Any("policy", fullPolicy))
+		d.logger.Warn("policy yaml marshal failure", zap.String("policy_id", data.ID), zap.Any("policy", fullPolicy))
 		return err
 	}
 
 	var resp map[string]interface{}
 	err = d.request("policies", &resp, http.MethodPost, bytes.NewBuffer(policyYaml), "application/x-yaml", applyPolicyTimeout)
 	if err != nil {
-		d.logger.Warn("yaml policy application failure", zap.String("policy_id", data.ID), zap.ByteString("policy", policyYaml))
+		d.logger.Warn("policy application failure", zap.String("policy_id", data.ID), zap.ByteString("policy", policyYaml))
 		return err
 	}
 

agent/backend/devicediscovery/utils.go

@@ -79,7 +79,7 @@ func (d *deviceDiscoveryBackend) request(url string, payload interface{}, method
 			var jsonBody map[string]interface{}
 			err := json.Unmarshal(body, &jsonBody)
 			if err == nil {
-				if errMsg, ok := jsonBody["error"]; ok {
+				if errMsg, ok := jsonBody["detail"]; ok {
 					return fmt.Errorf("%d %s", res.StatusCode, errMsg)
 				}
 			}

agent/backend/networkdiscovery/network_discovery.go

@@ -109,12 +109,14 @@ func (d *networkDiscoveryBackend) Start(ctx context.Context, cancelFunc context.
 		"--host", d.apiHost,
 		"--port", d.apiPort,
 		"--diode-target", d.diodeTarget,
-		"--diode-api-key", d.diodeAPIKey,
+		"--diode-api-key", "********",
 		"--diode-app-name-prefix", d.diodeAppNamePrefix,
 	}
 
 	d.logger.Info("network-discovery startup", zap.Strings("arguments", pvOptions))
 
+	pvOptions[7] = d.diodeAPIKey
+
 	d.proc = cmd.NewCmdOptions(cmd.Options{
 		Buffered:  false,
 		Streaming: true,
@@ -271,14 +273,14 @@ func (d *networkDiscoveryBackend) ApplyPolicy(data policies.PolicyData, updatePo
 
 	policyYaml, err := yaml.Marshal(fullPolicy)
 	if err != nil {
-		d.logger.Warn("yaml policy marshal failure", zap.String("policy_id", data.ID), zap.Any("policy", fullPolicy))
+		d.logger.Warn("policy yaml marshal failure", zap.String("policy_id", data.ID), zap.Any("policy", fullPolicy))
 		return err
 	}
 
 	var resp map[string]interface{}
 	err = d.request("policies", &resp, http.MethodPost, bytes.NewBuffer(policyYaml), "application/x-yaml", applyPolicyTimeout)
 	if err != nil {
-		d.logger.Warn("yaml policy application failure", zap.String("policy_id", data.ID), zap.ByteString("policy", policyYaml))
+		d.logger.Warn("policy application failure", zap.String("policy_id", data.ID), zap.ByteString("policy", policyYaml))
 		return err
 	}
 

agent/backend/networkdiscovery/utils.go

@@ -79,7 +79,7 @@ func (d *networkDiscoveryBackend) request(url string, payload interface{}, metho
 			var jsonBody map[string]interface{}
 			err := json.Unmarshal(body, &jsonBody)
 			if err == nil {
-				if errMsg, ok := jsonBody["error"]; ok {
+				if errMsg, ok := jsonBody["detail"]; ok {
 					return fmt.Errorf("%d %s", res.StatusCode, errMsg)
 				}
 			}

agent/backend/worker/utils.go

@@ -0,0 +1,96 @@
+package worker
+
+import (
+	"encoding/json"
+	"fmt"
+	"io"
+	"net/http"
+	"time"
+
+	"go.uber.org/zap"
+
+	"github.com/netboxlabs/orb-agent/agent/backend"
+)
+
+func (d *workerBackend) getProcRunningStatus() (backend.RunningStatus, string, error) {
+	if d.proc == nil {
+		return backend.Unknown, "backend not started yet", nil
+	}
+	status := d.proc.Status()
+
+	if status.Error != nil {
+		errMsg := fmt.Sprintf("worker process error: %v", status.Error)
+		return backend.BackendError, errMsg, status.Error
+	}
+
+	if status.Complete {
+		err := d.proc.Stop()
+		return backend.Offline, "worker process ended", err
+	}
+
+	if status.StopTs > 0 {
+		return backend.Offline, "worker process ended", nil
+	}
+	return backend.Running, "", nil
+}
+
+// note this needs to be stateless because it is called for multiple go routines
+func (d *workerBackend) request(url string, payload interface{}, method string, body io.Reader, contentType string, timeout int32) error {
+	client := http.Client{
+		Timeout: time.Second * time.Duration(timeout),
+	}
+
+	status, _, err := d.getProcRunningStatus()
+	if status != backend.Running {
+		d.logger.Warn("skipping device discovery REST API request because process is not running or is unresponsive", zap.String("url", url), zap.String("method", method), zap.Error(err))
+		return err
+	}
+
+	URL := fmt.Sprintf("%s://%s:%s/api/v1/%s", d.apiProtocol, d.apiHost, d.apiPort, url)
+
+	req, err := http.NewRequest(method, URL, body)
+	if err != nil {
+		d.logger.Error("received error from payload", zap.Error(err))
+		return err
+	}
+
+	req.Header.Add("Content-Type", contentType)
+	res, getErr := client.Do(req)
+
+	if getErr != nil {
+		d.logger.Error("received error from payload", zap.Error(getErr))
+		return getErr
+	}
+
+	defer func() {
+		if err := res.Body.Close(); err != nil {
+			d.logger.Error("failed to close response body", zap.Error(err))
+		}
+	}()
+
+	if (res.StatusCode < 200) || (res.StatusCode > 299) {
+		body, err := io.ReadAll(res.Body)
+		if err != nil {
+			return fmt.Errorf("non 2xx HTTP error code from worker, no or invalid body: %d", res.StatusCode)
+		}
+		if len(body) == 0 {
+			return fmt.Errorf("%d empty body", res.StatusCode)
+		} else if body[0] == '{' {
+			var jsonBody map[string]interface{}
+			err := json.Unmarshal(body, &jsonBody)
+			if err == nil {
+				if errMsg, ok := jsonBody["detail"]; ok {
+					return fmt.Errorf("%d %s", res.StatusCode, errMsg)
+				}
+			}
+		}
+	}
+
+	if res.Body != nil {
+		err = json.NewDecoder(res.Body).Decode(&payload)
+		if err != nil {
+			return err
+		}
+	}
+	return nil
+}