Skip to content

Commit

Permalink
Merge branch 'main' into dependabot/go_modules/github.com/elastic/ela…
Browse files Browse the repository at this point in the history
…stic-agent-libs-0.7.3
  • Loading branch information
cmacknz authored Jan 4, 2024
2 parents 53bbcd4 + 9500980 commit 75bd0b0
Show file tree
Hide file tree
Showing 6 changed files with 45 additions and 37 deletions.
22 changes: 22 additions & 0 deletions .github/dependabot.yml
Original file line number Diff line number Diff line change
Expand Up @@ -15,3 +15,25 @@ updates:
reviewers:
- "elastic/elastic-agent-control-plane"
open-pull-requests-limit: 10
- package-ecosystem: "gomod"
directory: "/"
schedule:
interval: "daily"
labels:
- automation
- skip-changelog
- Team:Elastic-Agent
groups:
otel-dependencies:
patterns:
- "*"
update-types:
- "minor"
- "patch"
allow:
# Only update internal dependencies for now while we evaluate this workflow.
- dependency-name: "go.opentelemetry.io/collector/*"
- dependency-name: "github.com/open-telemetry/opentelemetry-collector-contrib/*"
reviewers:
- "elastic/elastic-agent-control-plane"
open-pull-requests-limit: 10
5 changes: 5 additions & 0 deletions README.md
Original file line number Diff line number Diff line change
Expand Up @@ -18,6 +18,11 @@ The source files for the general Elastic Agent documentation are currently store
in the [ingest-docs](https://github.com/elastic/ingest-docs/tree/main/docs/en/ingest-management) repository.
The following docs are only focused on getting developers started building code for Elastic Agent.

### Test Framework

In addition to standard Go tests, changes to the Elastic Agent are always installed and tested on cross-platform virtual machines.
For details on writing and running tests see the [Test Framework Developer Guide](docs/test-framework-dev-guide.md).

### Changelog

The changelog for the Elastic Agent is generated and maintained using the [elastic-agent-changelog-tool](https://github.com/elastic/elastic-agent-changelog-tool). Read the [installation](https://github.com/elastic/elastic-agent-changelog-tool/blob/main/docs/install.md)
Expand Down
Binary file added docs/images/testing-framework.png
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
8 changes: 8 additions & 0 deletions docs/test-framework-dev-guide.md
Original file line number Diff line number Diff line change
@@ -1,5 +1,13 @@
# Developer Guide for the Integration and E2E Testing Framework

The agent testing framework allows running integration and end-to-end tests against real agents
installed on remotely provisioned virtual machines. The current set of integration tests can be
found in https://github.com/elastic/elastic-agent/tree/main/testing/integration. Each test must
start with a `define.Require` declaration describing how the test can be run. The diagram below
provides a high level overview of the testing framework.

<center><img src="./images/testing-framework.png" alt="Elastic Agent Testing Framework"></center>

## Prerequisites

### Dependencies
Expand Down
37 changes: 3 additions & 34 deletions pkg/control/v2/server/listener_windows.go
Original file line number Diff line number Diff line change
Expand Up @@ -10,7 +10,6 @@ import (
"fmt"
"net"
"os/user"
"strings"

"github.com/elastic/elastic-agent-libs/api/npipe"

Expand All @@ -37,14 +36,10 @@ func securityDescriptor(log *logger.Logger) (string, error) {
if err != nil {
return "", fmt.Errorf("failed to get current user: %w", err)
}
// Named pipe security and access rights.
// We create the pipe and the specific users should only be able to write to it.
// See docs: https://docs.microsoft.com/en-us/windows/win32/ipc/named-pipe-security-and-access-rights
// String definition: https://docs.microsoft.com/en-us/windows/win32/secauthz/ace-strings
// Give generic read/write access to the specified user.

descriptor := "D:P(A;;GA;;;" + u.Uid + ")"

if isAdmin, err := isWindowsAdmin(u); err != nil {
if isAdmin, err := utils.HasRoot(); err != nil {
// do not fail, agent would end up in a loop, continue with limited permissions
log.Warnf("failed to detect admin: %w", err)
} else if isAdmin {
Expand All @@ -53,32 +48,6 @@ func securityDescriptor(log *logger.Logger) (string, error) {
// https://support.microsoft.com/en-us/help/243330/well-known-security-identifiers-in-windows-operating-systems
descriptor += "(A;;GA;;;" + utils.AdministratorSID + ")"
}
return descriptor, nil
}

func isWindowsAdmin(u *user.User) (bool, error) {
if u.Username == "NT AUTHORITY\\SYSTEM" {
return true, nil
}

if equalsSystemGroup(u.Uid) || equalsSystemGroup(u.Gid) {
return true, nil
}

groups, err := u.GroupIds()
if err != nil {
return false, fmt.Errorf("failed to get current user groups: %w", err)
}

for _, groupSid := range groups {
if equalsSystemGroup(groupSid) {
return true, nil
}
}

return false, nil
}

func equalsSystemGroup(s string) bool {
return strings.EqualFold(s, utils.SystemSID) || strings.EqualFold(s, utils.AdministratorSID)
return descriptor, nil
}
10 changes: 7 additions & 3 deletions pkg/utils/root_windows.go
Original file line number Diff line number Diff line change
Expand Up @@ -7,7 +7,8 @@
package utils

import (
"github.com/pkg/errors"
"fmt"

"golang.org/x/sys/windows"
)

Expand All @@ -28,14 +29,17 @@ func HasRoot() (bool, error) {
0, 0, 0, 0, 0, 0,
&sid)
if err != nil {
return false, errors.Errorf("sid error: %s", err)
return false, fmt.Errorf("allocate sid error: %w", err)
}
defer func() {
_ = windows.FreeSid(sid)
}()

token := windows.Token(0)

member, err := token.IsMember(sid)
if err != nil {
return false, errors.Errorf("token membership error: %s", err)
return false, fmt.Errorf("token membership error: %w", err)
}

return member, nil
Expand Down

0 comments on commit 75bd0b0

Please sign in to comment.