Add support for Windows (#12)

* Add initial Windows support. Remove apt/yumrepo_core hard dependencies. * Update checkout action to v3 * Update checkout action to v4
gibbs · Jan 26, 2024 · 53fdf8a · 53fdf8a
1 parent 422e12a
commit 53fdf8a
Show file tree

Hide file tree

Showing 12 changed files with 107 additions and 17 deletions.
diff --git a/.fixtures.yml b/.fixtures.yml
@@ -2,6 +2,7 @@
 fixtures:
   repositories:
     apt: https://github.com/puppetlabs/puppetlabs-apt.git
+    chocolatey: https://github.com/puppetlabs/puppetlabs-chocolatey.git
     facts: https://github.com/puppetlabs/puppetlabs-facts.git
     provision: https://github.com/puppetlabs/provision.git
     puppet_agent: https://github.com/puppetlabs/puppetlabs-puppet_agent.git

diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
@@ -16,7 +16,7 @@ jobs:
       puppet_unit_test_matrix: ${{ steps.get-outputs.outputs.puppet_unit_test_matrix }}
       github_action_test_matrix: ${{ steps.get-outputs.outputs.github_action_test_matrix }}
     steps:
-      - uses: actions/checkout@v2
+      - uses: actions/checkout@v4
 
       - name: Setup ruby
         uses: ruby/setup-ruby@v1
@@ -44,7 +44,7 @@ jobs:
         include: ${{fromJson(needs.setup_matrix.outputs.puppet_unit_test_matrix)}}
     name: Spec Puppet ${{ matrix.puppet }} (Ruby ${{ matrix.ruby }})
     steps:
-      - uses: actions/checkout@v2
+      - uses: actions/checkout@v4
 
       - name: Setup ruby
         uses: ruby/setup-ruby@v1
@@ -62,7 +62,7 @@ jobs:
       BOLT_GEM: true
       CI: true
     steps:
-      - uses: actions/checkout@v2
+      - uses: actions/checkout@v4
       - name: Setup ruby
         uses: ruby/setup-ruby@v1
         with:

diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
@@ -11,7 +11,7 @@ jobs:
     runs-on: ubuntu-20.04
     if: github.repository_owner == 'gibbs'
     steps:
-      - uses: actions/checkout@v2
+      - uses: actions/checkout@v4
 
       - name: Setup Ruby
         uses: ruby/setup-ruby@v1

diff --git a/README.md b/README.md
@@ -55,3 +55,21 @@ osquery::settings:
         query: SELECT * FROM suid_bins;
         interval: 3600
 ```
+
+## Dependencies
+
+The following modules are soft dependencies that are required
+depending on the OS family used.
+
+### Debian Family
+
+- `puppetlabs/apt` >= 9.1.0
+
+### RedHat Family
+
+- `puppetlabs/yumrepo_core` >= 1.2.0
+
+### Windows Family
+
+- `puppetlabs/chocolatey` >= 8.0.0
+
diff --git a/REFERENCE.md b/REFERENCE.md
@@ -31,6 +31,8 @@ The following parameters are available in the `osquery` class:
 * [`config_group`](#-osquery--config_group)
 * [`package_name`](#-osquery--package_name)
 * [`package_ensure`](#-osquery--package_ensure)
+* [`package_provider`](#-osquery--package_provider)
+* [`package_install_options`](#-osquery--package_install_options)
 * [`service_name`](#-osquery--service_name)
 * [`service_enable`](#-osquery--service_enable)
 * [`service_ensure`](#-osquery--service_ensure)
@@ -39,6 +41,7 @@ The following parameters are available in the `osquery` class:
 * [`repo_key_id`](#-osquery--repo_key_id)
 * [`repo_key_server`](#-osquery--repo_key_server)
 * [`settings`](#-osquery--settings)
+* [`validate_cmd`](#-osquery--validate_cmd)
 
 ##### <a name="-osquery--config_path"></a>`config_path`
 
@@ -80,6 +83,22 @@ The osquery package ensure state
 
 Default value: `'installed'`
 
+##### <a name="-osquery--package_provider"></a>`package_provider`
+
+Data type: `Optional[String]`
+
+The package provider to use (Windows)
+
+Default value: `undef`
+
+##### <a name="-osquery--package_install_options"></a>`package_install_options`
+
+Data type: `Optional[Array]`
+
+The install_options to provide when using Chocolatey (Windows)
+
+Default value: `undef`
+
 ##### <a name="-osquery--service_name"></a>`service_name`
 
 Data type: `String[1]`
@@ -114,7 +133,7 @@ Default value: `true`
 
 ##### <a name="-osquery--repo_url"></a>`repo_url`
 
-Data type: `String`
+Data type: `Optional[String]`
 
 The osquery repository URL to use
 
@@ -144,3 +163,11 @@ A hash of settings to set in the osquery configuration file
 
 Default value: `{}`
 
+##### <a name="-osquery--validate_cmd"></a>`validate_cmd`
+
+Data type: `String`
+
+The command to validate osquery.conf format changes
+
+Default value: `'/usr/bin/osqueryi --config_path % --config_check'`
+
diff --git a/data/common.yaml b/data/common.yaml
@@ -8,6 +8,7 @@ osquery::service_ensure: running
 osquery::config_path: /etc/osquery/osquery.conf
 osquery::config_owner: 0
 osquery::config_group: 0
+osquery::validate_cmd: '/usr/bin/osqueryi --config_path % --config_check'
 
 osquery::settings:
   options:

diff --git a/data/windows.yaml b/data/windows.yaml
@@ -0,0 +1,11 @@
+---
+osquery::config_path: 'C:/Program Files/osquery/osquery.conf'
+osquery::config_group: Administrator
+osquery::config_owner: Administrator
+osquery::package_provider: chocolatey
+osquery::package_install_options:
+  - -params
+  - /InstallService
+osquery::service_name: osqueryd
+osquery::settings: ~
+osquery::validate_cmd: 'C:/Program Files/osquery/osqueryi --config_path "%" --config_check'
diff --git a/manifests/config.pp b/manifests/config.pp
@@ -10,9 +10,9 @@
     owner        => $osquery::config_owner,
     group        => $osquery::config_group,
     mode         => '0640',
-    content      => to_json_pretty($osquery::settings),
+    content      => stdlib::to_json_pretty($osquery::settings),
     notify       => Service[$osquery::service_name],
     require      => Package[$osquery::package_name],
-    validate_cmd => '/usr/bin/osqueryi --config_path % --config_check',
+    validate_cmd => $osquery::validate_cmd,
   }
 }
diff --git a/manifests/init.pp b/manifests/init.pp
@@ -15,6 +15,12 @@
 # @param package_ensure
 #   The osquery package ensure state
 #
+# @param package_provider
+#   The package provider to use (Windows)
+#
+# @param package_install_options
+#   The install_options to provide when using Chocolatey (Windows)
+#
 # @param service_name
 #   The osquery service name
 #
@@ -39,6 +45,9 @@
 # @param settings
 #   A hash of settings to set in the osquery configuration file
 #
+# @param validate_cmd
+#   The command to validate osquery.conf format changes
+#
 # @author Dan Gibbs <[email protected]>
 #
 class osquery (
@@ -47,14 +56,17 @@
   Variant[Integer[0], String[1]] $config_group = 0,
   String[1] $package_name                      = 'osquery',
   String $package_ensure                       = 'installed',
+  Optional[String] $package_provider           = undef,
+  Optional[Array] $package_install_options     = undef,
   String[1] $service_name                      = 'osqueryd',
   Boolean $service_enable                      = true,
   Stdlib::Ensure::Service $service_ensure      = 'running',
   Boolean $manage_repo                         = true,
-  String $repo_url                             = undef,
+  Optional[String] $repo_url                   = undef,
   Optional[String] $repo_key_id                = undef,
   Optional[String] $repo_key_server            = undef,
   Hash $settings                               = {},
+  String $validate_cmd                         = '/usr/bin/osqueryi --config_path % --config_check',
 ) {
   contain osquery::package
   contain osquery::config

diff --git a/manifests/package.pp b/manifests/package.pp
@@ -35,6 +35,17 @@
           require => Yumrepo['osquery-s3-rpm'],
         }
       }
+      'windows': {
+        Package<|title == $osquery::package_name|> {
+          provider => $osquery::package_provider,
+        }
+
+        if $osquery::package_provider == 'chocolatey' {
+          Package<|title == $osquery::package_name|> {
+            install_options => $osquery::package_install_options,
+          }
+        }
+      }
       default: {
         fail("Repository for ${facts[os][family]} is not supported.")
       }

diff --git a/metadata.json b/metadata.json
@@ -11,14 +11,6 @@
     {
       "name": "puppetlabs/stdlib",
       "version_requirement": ">= 5.0.0 < 10.0.0"
-    },
-    {
-      "name": "puppetlabs/apt",
-      "version_requirement": ">= 6.0.0 < 10.0.0"
-    },
-    {
-      "name": "puppetlabs/yumrepo_core",
-      "version_requirement": ">= 1.0.0 < 3.0.0"
     }
   ],
   "operatingsystem_support": [
@@ -52,6 +44,16 @@
         "22.04",
         "20.04"
       ]
+    },
+    {
+      "operatingsystem": "Windows",
+      "operatingsystemrelease": [
+        "11",
+        "10",
+        "2012",
+        "2019",
+        "2022"
+      ]
     }
   ],
   "requirements": [

diff --git a/spec/classes/init_spec.rb b/spec/classes/init_spec.rb
@@ -25,9 +25,16 @@
           it { is_expected.to contain_yumrepo('osquery-s3-rpm') }
         end
 
+        if ['Debian', 'Redhat'].include? facts[:os]['family']
+          it { is_expected.to contain_file('/etc/osquery/osquery.conf') }
+        end
+
+        if facts[:os]['family'] == 'windows'
+          it { is_expected.to contain_file('C:/Program Files/osquery/osquery.conf') }
+        end
+
         it { is_expected.to contain_package('osquery') }
         it { is_expected.to contain_service('osqueryd') }
-        it { is_expected.to contain_file('/etc/osquery/osquery.conf') }
       end
     end
   end