def assemble_distributed_queries(node): ''' Retrieve all distributed queries assigned to a particular node in the NEW state. This function will change the state of the distributed query to PENDING, however will not commit the change. It is the responsibility of the caller to commit or rollback on the current database session. ''' now = dt.datetime.utcnow() pending_query_count = 0 query_recon_count = db.session.query(db.func.count(DistributedQueryTask.id)) \ .filter( DistributedQueryTask.node == node, DistributedQueryTask.status == DistributedQueryTask.NEW, DistributedQueryTask.priority == DistributedQueryTask.HIGH, ) for r in query_recon_count: pending_query_count = r[0] if pending_query_count > 0: query = db.session.query(DistributedQueryTask) \ .join(DistributedQuery) \ .filter( DistributedQueryTask.node == node, DistributedQueryTask.status == DistributedQueryTask.NEW, DistributedQuery.not_before < now, DistributedQueryTask.priority == DistributedQueryTask.HIGH, ).options( db.lazyload('*'), db.contains_eager(DistributedQueryTask.distributed_query) ) else: query = db.session.query(DistributedQueryTask) \ .join(DistributedQuery) \ .filter( DistributedQueryTask.node == node, DistributedQueryTask.status == DistributedQueryTask.NEW, DistributedQuery.not_before < now, DistributedQueryTask.priority == DistributedQueryTask.LOW, ).options( db.lazyload('*'), db.contains_eager(DistributedQueryTask.distributed_query) ).limit(1) queries = {} for task in query: if task.sql: queries[task.guid] = task.sql else: queries[task.guid] = task.distributed_query.sql task.update(status=DistributedQueryTask.PENDING, timestamp=now, commit=False) # add this query to the session, but don't commit until we're # as sure as we possibly can be that it's been received by the # osqueryd client. unfortunately, there are no guarantees though. db.session.add(task) return queries
def assemble_packs(node, config_json=None): if config_json: packs = {} for pack in node.packs.join(querypacks).join(Query) \ .options(db.contains_eager(Pack.queries)).all(): packs[pack.name] = pack.to_dict() if config_json: packs = merge_two_dicts(packs, config_json.get('packs')) else: packs = [] for pack in node.packs.join(querypacks).join(Query) \ .options(db.contains_eager(Pack.queries)).all(): packs.append(pack.to_dict()) return packs
def assemble_packs(node): packs = {} for pack in node.packs.join(querypacks).join(Query) \ .options(db.contains_eager(Pack.queries)).all(): packs[pack.name] = pack.to_dict() return packs