crowdsec/pkg/database/machines.go

package database

import (
	"fmt"
	"time"

	"github.com/go-openapi/strfmt"
	"github.com/pkg/errors"
	"golang.org/x/crypto/bcrypt"

	"github.com/crowdsecurity/crowdsec/pkg/database/ent"
	"github.com/crowdsecurity/crowdsec/pkg/database/ent/machine"
	"github.com/crowdsecurity/crowdsec/pkg/types"
)

const CapiMachineID = types.CAPIOrigin
const CapiListsMachineID = types.ListOrigin

func (c *Client) CreateMachine(machineID *string, password *strfmt.Password, ipAddress string, isValidated bool, force bool, authType string) (*ent.Machine, error) {
	hashPassword, err := bcrypt.GenerateFromPassword([]byte(*password), bcrypt.DefaultCost)
	if err != nil {
		c.Log.Warningf("CreateMachine: %s", err)
		return nil, HashError
	}

	machineExist, err := c.Ent.Machine.
		Query().
		Where(machine.MachineIdEQ(*machineID)).
		Select(machine.FieldMachineId).Strings(c.CTX)
	if err != nil {
		return nil, errors.Wrapf(QueryFail, "machine '%s': %s", *machineID, err)
	}
	if len(machineExist) > 0 {
		if force {
			_, err := c.Ent.Machine.Update().Where(machine.MachineIdEQ(*machineID)).SetPassword(string(hashPassword)).Save(c.CTX)
			if err != nil {
				c.Log.Warningf("CreateMachine : %s", err)
				return nil, errors.Wrapf(UpdateFail, "machine '%s'", *machineID)
			}
			machine, err := c.QueryMachineByID(*machineID)
			if err != nil {
				return nil, errors.Wrapf(QueryFail, "machine '%s': %s", *machineID, err)
			}
			return machine, nil
		}
		return nil, errors.Wrapf(UserExists, "user '%s'", *machineID)
	}

	machine, err := c.Ent.Machine.
		Create().
		SetMachineId(*machineID).
		SetPassword(string(hashPassword)).
		SetIpAddress(ipAddress).
		SetIsValidated(isValidated).
		SetAuthType(authType).
		Save(c.CTX)

	if err != nil {
		c.Log.Warningf("CreateMachine : %s", err)
		return nil, errors.Wrapf(InsertFail, "creating machine '%s'", *machineID)
	}

	return machine, nil
}

func (c *Client) QueryMachineByID(machineID string) (*ent.Machine, error) {
	machine, err := c.Ent.Machine.
		Query().
		Where(machine.MachineIdEQ(machineID)).
		Only(c.CTX)
	if err != nil {
		c.Log.Warningf("QueryMachineByID : %s", err)
		return &ent.Machine{}, errors.Wrapf(UserNotExists, "user '%s'", machineID)
	}
	return machine, nil
}

func (c *Client) ListMachines() ([]*ent.Machine, error) {
	machines, err := c.Ent.Machine.Query().All(c.CTX)
	if err != nil {
		return nil, errors.Wrapf(QueryFail, "listing machines: %s", err)
	}
	return machines, nil
}

func (c *Client) ValidateMachine(machineID string) error {
	rets, err := c.Ent.Machine.Update().Where(machine.MachineIdEQ(machineID)).SetIsValidated(true).Save(c.CTX)
	if err != nil {
		return errors.Wrapf(UpdateFail, "validating machine: %s", err)
	}
	if rets == 0 {
		return fmt.Errorf("machine not found")
	}
	return nil
}

func (c *Client) QueryPendingMachine() ([]*ent.Machine, error) {
	var machines []*ent.Machine
	var err error

	machines, err = c.Ent.Machine.Query().Where(machine.IsValidatedEQ(false)).All(c.CTX)
	if err != nil {
		c.Log.Warningf("QueryPendingMachine : %s", err)
		return nil, errors.Wrapf(QueryFail, "querying pending machines: %s", err)
	}
	return machines, nil
}

func (c *Client) DeleteWatcher(name string) error {
	nbDeleted, err := c.Ent.Machine.
		Delete().
		Where(machine.MachineIdEQ(name)).
		Exec(c.CTX)
	if err != nil {
		return err
	}

	if nbDeleted == 0 {
		return fmt.Errorf("machine doesn't exist")
	}

	return nil
}

func (c *Client) BulkDeleteWatchers(machines []*ent.Machine) (int, error) {
	ids := make([]int, len(machines))
	for i, b := range machines {
		ids[i] = b.ID
	}
	nbDeleted, err := c.Ent.Machine.Delete().Where(machine.IDIn(ids...)).Exec(c.CTX)
	if err != nil {
		return nbDeleted, err
	}
	return nbDeleted, nil
}

func (c *Client) UpdateMachineLastPush(machineID string) error {
	_, err := c.Ent.Machine.Update().Where(machine.MachineIdEQ(machineID)).SetLastPush(time.Now().UTC()).Save(c.CTX)
	if err != nil {
		return errors.Wrapf(UpdateFail, "updating machine last_push: %s", err)
	}
	return nil
}

func (c *Client) UpdateMachineLastHeartBeat(machineID string) error {
	_, err := c.Ent.Machine.Update().Where(machine.MachineIdEQ(machineID)).SetLastHeartbeat(time.Now().UTC()).Save(c.CTX)
	if err != nil {
		return errors.Wrapf(UpdateFail, "updating machine last_heartbeat: %s", err)
	}
	return nil
}

func (c *Client) UpdateMachineScenarios(scenarios string, ID int) error {
	_, err := c.Ent.Machine.UpdateOneID(ID).
		SetUpdatedAt(time.Now().UTC()).
		SetScenarios(scenarios).
		Save(c.CTX)
	if err != nil {
		return fmt.Errorf("unable to update machine in database: %s", err)
	}
	return nil
}

func (c *Client) UpdateMachineIP(ipAddr string, ID int) error {
	_, err := c.Ent.Machine.UpdateOneID(ID).
		SetIpAddress(ipAddr).
		Save(c.CTX)
	if err != nil {
		return fmt.Errorf("unable to update machine IP in database: %s", err)
	}
	return nil
}

func (c *Client) UpdateMachineVersion(ipAddr string, ID int) error {
	_, err := c.Ent.Machine.UpdateOneID(ID).
		SetVersion(ipAddr).
		Save(c.CTX)
	if err != nil {
		return fmt.Errorf("unable to update machine version in database: %s", err)
	}
	return nil
}

func (c *Client) IsMachineRegistered(machineID string) (bool, error) {
	exist, err := c.Ent.Machine.Query().Where().Select(machine.FieldMachineId).Strings(c.CTX)
	if err != nil {
		return false, err
	}
	if len(exist) == 1 {
		return true, nil
	}
	if len(exist) > 1 {
		return false, fmt.Errorf("more than one item with the same machineID in database")
	}

	return false, nil

}

func (c *Client) QueryLastValidatedHeartbeatLT(t time.Time) ([]*ent.Machine, error) {
	return c.Ent.Machine.Query().Where(machine.LastHeartbeatLT(t), machine.IsValidatedEQ(true)).All(c.CTX)
}
local api (#482) Co-authored-by: AlteredCoder Co-authored-by: erenJag 2020-11-30 09:37:17 +00:00			`package database`

			`import (`
			`"fmt"`
			`"time"`

			`"github.com/go-openapi/strfmt"`
Update go dependencies (#2293) - update fatih/color (fix windows issue) - update mongo-driver (fix build issue) - go.mod: merge two "require" blocks - update semver dependency (same version as indirect dep), fix test checks in cscli setup - remove gotest.tools dependency (use testify, cstest) - update x/ exp, mod, sys dependencies 2023-06-22 09:31:41 +00:00			`"github.com/pkg/errors"`
			`"golang.org/x/crypto/bcrypt"`
local api (#482) Co-authored-by: AlteredCoder Co-authored-by: erenJag 2020-11-30 09:37:17 +00:00
			`"github.com/crowdsecurity/crowdsec/pkg/database/ent"`
			`"github.com/crowdsecurity/crowdsec/pkg/database/ent/machine"`
Polling API Integration (#1715) Co-authored-by: alteredCoder <kevin@crowdsec.net> Co-authored-by: he2ss <hamza.essahely@gmail.com> Co-authored-by: Sebastien Blot <sebastien@crowdsec.net> 2023-01-31 13:47:44 +00:00			`"github.com/crowdsecurity/crowdsec/pkg/types"`
local api (#482) Co-authored-by: AlteredCoder Co-authored-by: erenJag 2020-11-30 09:37:17 +00:00			`)`

Polling API Integration (#1715) Co-authored-by: alteredCoder <kevin@crowdsec.net> Co-authored-by: he2ss <hamza.essahely@gmail.com> Co-authored-by: Sebastien Blot <sebastien@crowdsec.net> 2023-01-31 13:47:44 +00:00			`const CapiMachineID = types.CAPIOrigin`
			`const CapiListsMachineID = types.ListOrigin`
Improve CAPI pull management (#871) * prepare for new consensus : thousands of ips Co-authored-by: Sebastien Blot <sebastien@crowdsec.net> 2021-08-25 09:45:29 +00:00
Add support for certificate authentication for agents and bouncers (#1428) 2022-06-08 14:05:52 +00:00			`func (c Client) CreateMachine(machineID string, password strfmt.Password, ipAddress string, isValidated bool, force bool, authType string) (ent.Machine, error) {`
local api (#482) Co-authored-by: AlteredCoder Co-authored-by: erenJag 2020-11-30 09:37:17 +00:00			`hashPassword, err := bcrypt.GenerateFromPassword([]byte(*password), bcrypt.DefaultCost)`
			`if err != nil {`
Refact bouncer auth (#2456) Co-authored-by: blotus <sebastien@crowdsec.net> 2023-12-04 22:06:01 +00:00			`c.Log.Warningf("CreateMachine: %s", err)`
			`return nil, HashError`
local api (#482) Co-authored-by: AlteredCoder Co-authored-by: erenJag 2020-11-30 09:37:17 +00:00			`}`

			`machineExist, err := c.Ent.Machine.`
			`Query().`
			`Where(machine.MachineIdEQ(*machineID)).`
			`Select(machine.FieldMachineId).Strings(c.CTX)`
			`if err != nil {`
Add support for certificate authentication for agents and bouncers (#1428) 2022-06-08 14:05:52 +00:00			`return nil, errors.Wrapf(QueryFail, "machine '%s': %s", *machineID, err)`
local api (#482) Co-authored-by: AlteredCoder Co-authored-by: erenJag 2020-11-30 09:37:17 +00:00			`}`
			`if len(machineExist) > 0 {`
			`if force {`
			`_, err := c.Ent.Machine.Update().Where(machine.MachineIdEQ(*machineID)).SetPassword(string(hashPassword)).Save(c.CTX)`
			`if err != nil {`
fix #677 (#684) 2021-03-12 14:10:56 +00:00			`c.Log.Warningf("CreateMachine : %s", err)`
Add support for certificate authentication for agents and bouncers (#1428) 2022-06-08 14:05:52 +00:00			`return nil, errors.Wrapf(UpdateFail, "machine '%s'", *machineID)`
local api (#482) Co-authored-by: AlteredCoder Co-authored-by: erenJag 2020-11-30 09:37:17 +00:00			`}`
Add support for certificate authentication for agents and bouncers (#1428) 2022-06-08 14:05:52 +00:00			`machine, err := c.QueryMachineByID(*machineID)`
			`if err != nil {`
			`return nil, errors.Wrapf(QueryFail, "machine '%s': %s", *machineID, err)`
			`}`
			`return machine, nil`
local api (#482) Co-authored-by: AlteredCoder Co-authored-by: erenJag 2020-11-30 09:37:17 +00:00			`}`
Add support for certificate authentication for agents and bouncers (#1428) 2022-06-08 14:05:52 +00:00			`return nil, errors.Wrapf(UserExists, "user '%s'", *machineID)`
local api (#482) Co-authored-by: AlteredCoder Co-authored-by: erenJag 2020-11-30 09:37:17 +00:00			`}`

Add support for certificate authentication for agents and bouncers (#1428) 2022-06-08 14:05:52 +00:00			`machine, err := c.Ent.Machine.`
local api (#482) Co-authored-by: AlteredCoder Co-authored-by: erenJag 2020-11-30 09:37:17 +00:00			`Create().`
			`SetMachineId(*machineID).`
			`SetPassword(string(hashPassword)).`
			`SetIpAddress(ipAddress).`
			`SetIsValidated(isValidated).`
Add support for certificate authentication for agents and bouncers (#1428) 2022-06-08 14:05:52 +00:00			`SetAuthType(authType).`
local api (#482) Co-authored-by: AlteredCoder Co-authored-by: erenJag 2020-11-30 09:37:17 +00:00			`Save(c.CTX)`

			`if err != nil {`
fix #677 (#684) 2021-03-12 14:10:56 +00:00			`c.Log.Warningf("CreateMachine : %s", err)`
Add support for certificate authentication for agents and bouncers (#1428) 2022-06-08 14:05:52 +00:00			`return nil, errors.Wrapf(InsertFail, "creating machine '%s'", *machineID)`
local api (#482) Co-authored-by: AlteredCoder Co-authored-by: erenJag 2020-11-30 09:37:17 +00:00			`}`

Add support for certificate authentication for agents and bouncers (#1428) 2022-06-08 14:05:52 +00:00			`return machine, nil`
local api (#482) Co-authored-by: AlteredCoder Co-authored-by: erenJag 2020-11-30 09:37:17 +00:00			`}`

			`func (c Client) QueryMachineByID(machineID string) (ent.Machine, error) {`
			`machine, err := c.Ent.Machine.`
			`Query().`
			`Where(machine.MachineIdEQ(machineID)).`
			`Only(c.CTX)`
			`if err != nil {`
fix #677 (#684) 2021-03-12 14:10:56 +00:00			`c.Log.Warningf("QueryMachineByID : %s", err)`
local api (#482) Co-authored-by: AlteredCoder Co-authored-by: erenJag 2020-11-30 09:37:17 +00:00			`return &ent.Machine{}, errors.Wrapf(UserNotExists, "user '%s'", machineID)`
			`}`
			`return machine, nil`
			`}`

			`func (c Client) ListMachines() ([]ent.Machine, error) {`
			`machines, err := c.Ent.Machine.Query().All(c.CTX)`
			`if err != nil {`
Refact bouncer auth (#2456) Co-authored-by: blotus <sebastien@crowdsec.net> 2023-12-04 22:06:01 +00:00			`return nil, errors.Wrapf(QueryFail, "listing machines: %s", err)`
local api (#482) Co-authored-by: AlteredCoder Co-authored-by: erenJag 2020-11-30 09:37:17 +00:00			`}`
			`return machines, nil`
			`}`

			`func (c *Client) ValidateMachine(machineID string) error {`
fix #1131 : complain when validating unknown machine (#1146) 2022-01-05 12:50:04 +00:00			`rets, err := c.Ent.Machine.Update().Where(machine.MachineIdEQ(machineID)).SetIsValidated(true).Save(c.CTX)`
local api (#482) Co-authored-by: AlteredCoder Co-authored-by: erenJag 2020-11-30 09:37:17 +00:00			`if err != nil {`
update the config.yaml file (#674) 2021-03-11 10:18:09 +00:00			`return errors.Wrapf(UpdateFail, "validating machine: %s", err)`
local api (#482) Co-authored-by: AlteredCoder Co-authored-by: erenJag 2020-11-30 09:37:17 +00:00			`}`
fix #1131 : complain when validating unknown machine (#1146) 2022-01-05 12:50:04 +00:00			`if rets == 0 {`
			`return fmt.Errorf("machine not found")`
			`}`
local api (#482) Co-authored-by: AlteredCoder Co-authored-by: erenJag 2020-11-30 09:37:17 +00:00			`return nil`
			`}`

			`func (c Client) QueryPendingMachine() ([]ent.Machine, error) {`
			`var machines []*ent.Machine`
			`var err error`

			`machines, err = c.Ent.Machine.Query().Where(machine.IsValidatedEQ(false)).All(c.CTX)`
			`if err != nil {`
fix #677 (#684) 2021-03-12 14:10:56 +00:00			`c.Log.Warningf("QueryPendingMachine : %s", err)`
Refact bouncer auth (#2456) Co-authored-by: blotus <sebastien@crowdsec.net> 2023-12-04 22:06:01 +00:00			`return nil, errors.Wrapf(QueryFail, "querying pending machines: %s", err)`
local api (#482) Co-authored-by: AlteredCoder Co-authored-by: erenJag 2020-11-30 09:37:17 +00:00			`}`
			`return machines, nil`
			`}`

			`func (c *Client) DeleteWatcher(name string) error {`
cscli machines delete: return an error if machines doesn't exist (#1689) * cscli machines delete: return an error if machines doesn't exist 2022-07-28 15:32:12 +00:00			`nbDeleted, err := c.Ent.Machine.`
local api (#482) Co-authored-by: AlteredCoder Co-authored-by: erenJag 2020-11-30 09:37:17 +00:00			`Delete().`
			`Where(machine.MachineIdEQ(name)).`
			`Exec(c.CTX)`
			`if err != nil {`
cscli machines delete: return an error if machines doesn't exist (#1689) * cscli machines delete: return an error if machines doesn't exist 2022-07-28 15:32:12 +00:00			`return err`
local api (#482) Co-authored-by: AlteredCoder Co-authored-by: erenJag 2020-11-30 09:37:17 +00:00			`}`
cscli machines delete: return an error if machines doesn't exist (#1689) * cscli machines delete: return an error if machines doesn't exist 2022-07-28 15:32:12 +00:00
			`if nbDeleted == 0 {`
			`return fmt.Errorf("machine doesn't exist")`
			`}`

local api (#482) Co-authored-by: AlteredCoder Co-authored-by: erenJag 2020-11-30 09:37:17 +00:00			`return nil`
			`}`

Add machines prune command (#2011) * Add machines prune command * Fix scope variable for naming scheme * Add some freshness and add new features * Fix force and fix duration if less than 60 * Allow duration to be more readable * Fix description * Improve func wording and make int machines length * No point overloading functions * Add prune to list of commands * Check if GID is already the group if so no need to chown * Revert "Check if GID is already the group if so no need to chown" This reverts commit c7cef1773e38a7eef784da1bce8d35092da7c7c3. * change all short desc to be similar, and made it really really clear when pruning it is not recoverable * Better examples * Match bouncer like for like * Fix merge error * Dont use log. and dont return error on user input to abort 2023-07-28 14:23:47 +00:00			`func (c Client) BulkDeleteWatchers(machines []ent.Machine) (int, error) {`
			`ids := make([]int, len(machines))`
			`for i, b := range machines {`
			`ids[i] = b.ID`
			`}`
			`nbDeleted, err := c.Ent.Machine.Delete().Where(machine.IDIn(ids...)).Exec(c.CTX)`
			`if err != nil {`
			`return nbDeleted, err`
			`}`
			`return nbDeleted, nil`
			`}`

lapi to capi : allow push of tainted/custom/manual decisions (#1154) * add console command to control signal sharing * modify metrics endpoint to add lastpush Co-authored-by: alteredCoder <kevin@crowdsec.net> 2022-01-13 15:46:16 +00:00			`func (c *Client) UpdateMachineLastPush(machineID string) error {`
switch to utc time everywhere (#1167) * switch to utc time everywhere Co-authored-by: alteredCoder <kevin@crowdsec.net> 2022-01-19 13:56:05 +00:00			`_, err := c.Ent.Machine.Update().Where(machine.MachineIdEQ(machineID)).SetLastPush(time.Now().UTC()).Save(c.CTX)`
lapi to capi : allow push of tainted/custom/manual decisions (#1154) * add console command to control signal sharing * modify metrics endpoint to add lastpush Co-authored-by: alteredCoder <kevin@crowdsec.net> 2022-01-13 15:46:16 +00:00			`if err != nil {`
			`return errors.Wrapf(UpdateFail, "updating machine last_push: %s", err)`
			`}`
			`return nil`
			`}`

Add support for machine heartbeat (#1541) * add the last_heartbeat field * add heartbeat controller * add endpoint of heartbeat * heartbeat integration * add last_heartbeat to cscli machines list 2022-05-19 13:47:27 +00:00			`func (c *Client) UpdateMachineLastHeartBeat(machineID string) error {`
			`_, err := c.Ent.Machine.Update().Where(machine.MachineIdEQ(machineID)).SetLastHeartbeat(time.Now().UTC()).Save(c.CTX)`
			`if err != nil {`
			`return errors.Wrapf(UpdateFail, "updating machine last_heartbeat: %s", err)`
			`}`
			`return nil`
			`}`

local api (#482) Co-authored-by: AlteredCoder Co-authored-by: erenJag 2020-11-30 09:37:17 +00:00			`func (c *Client) UpdateMachineScenarios(scenarios string, ID int) error {`
			`_, err := c.Ent.Machine.UpdateOneID(ID).`
switch to utc time everywhere (#1167) * switch to utc time everywhere Co-authored-by: alteredCoder <kevin@crowdsec.net> 2022-01-19 13:56:05 +00:00			`SetUpdatedAt(time.Now().UTC()).`
local api (#482) Co-authored-by: AlteredCoder Co-authored-by: erenJag 2020-11-30 09:37:17 +00:00			`SetScenarios(scenarios).`
			`Save(c.CTX)`
			`if err != nil {`
			`return fmt.Errorf("unable to update machine in database: %s", err)`
			`}`
			`return nil`
			`}`

			`func (c *Client) UpdateMachineIP(ipAddr string, ID int) error {`
			`_, err := c.Ent.Machine.UpdateOneID(ID).`
			`SetIpAddress(ipAddr).`
			`Save(c.CTX)`
			`if err != nil {`
cscli machines delete: return an error if machines doesn't exist (#1689) * cscli machines delete: return an error if machines doesn't exist 2022-07-28 15:32:12 +00:00			`return fmt.Errorf("unable to update machine IP in database: %s", err)`
local api (#482) Co-authored-by: AlteredCoder Co-authored-by: erenJag 2020-11-30 09:37:17 +00:00			`}`
			`return nil`
			`}`

			`func (c *Client) UpdateMachineVersion(ipAddr string, ID int) error {`
			`_, err := c.Ent.Machine.UpdateOneID(ID).`
			`SetVersion(ipAddr).`
			`Save(c.CTX)`
			`if err != nil {`
cscli machines delete: return an error if machines doesn't exist (#1689) * cscli machines delete: return an error if machines doesn't exist 2022-07-28 15:32:12 +00:00			`return fmt.Errorf("unable to update machine version in database: %s", err)`
local api (#482) Co-authored-by: AlteredCoder Co-authored-by: erenJag 2020-11-30 09:37:17 +00:00			`}`
			`return nil`
			`}`

			`func (c *Client) IsMachineRegistered(machineID string) (bool, error) {`
			`exist, err := c.Ent.Machine.Query().Where().Select(machine.FieldMachineId).Strings(c.CTX)`
			`if err != nil {`
			`return false, err`
			`}`
			`if len(exist) == 1 {`
			`return true, nil`
			`}`
			`if len(exist) > 1 {`
Refact bouncer auth (#2456) Co-authored-by: blotus <sebastien@crowdsec.net> 2023-12-04 22:06:01 +00:00			`return false, fmt.Errorf("more than one item with the same machineID in database")`
local api (#482) Co-authored-by: AlteredCoder Co-authored-by: erenJag 2020-11-30 09:37:17 +00:00			`}`

			`return false, nil`

			`}`
Refact bouncer auth (#2456) Co-authored-by: blotus <sebastien@crowdsec.net> 2023-12-04 22:06:01 +00:00
Add machines prune command (#2011) * Add machines prune command * Fix scope variable for naming scheme * Add some freshness and add new features * Fix force and fix duration if less than 60 * Allow duration to be more readable * Fix description * Improve func wording and make int machines length * No point overloading functions * Add prune to list of commands * Check if GID is already the group if so no need to chown * Revert "Check if GID is already the group if so no need to chown" This reverts commit c7cef1773e38a7eef784da1bce8d35092da7c7c3. * change all short desc to be similar, and made it really really clear when pruning it is not recoverable * Better examples * Match bouncer like for like * Fix merge error * Dont use log. and dont return error on user input to abort 2023-07-28 14:23:47 +00:00			`func (c Client) QueryLastValidatedHeartbeatLT(t time.Time) ([]ent.Machine, error) {`
			`return c.Ent.Machine.Query().Where(machine.LastHeartbeatLT(t), machine.IsValidatedEQ(true)).All(c.CTX)`
			`}`