Initial linux agent and api functionality for enrolling servers

agent/README.md

@@ -0,0 +1,23 @@
+# keywarden-agent
+
+Minimal Go agent scaffold for Keywarden.
+
+## Build
+
+```
+go build -o keywarden-agent ./cmd/keywarden-agent
+```
+
+## Run
+
+```
+./keywarden-agent -config /etc/keywarden/agent.json -server-url https://keywarden.example.com -enroll-token <token>
+```
+
+You can also pass `KEYWARDEN_SERVER_URL` and `KEYWARDEN_ENROLL_TOKEN` as environment variables.
+
+## Config
+
+On first boot, the agent will create a config file if it does not exist. Only `server_url` is required for bootstrapping.
+
+See `config.example.json`.

agent/cmd/keywarden-agent/main.go

@@ -0,0 +1,223 @@
+package main
+
+import (
+	"context"
+	"crypto/rand"
+	"crypto/rsa"
+	"crypto/x509"
+	"crypto/x509/pkix"
+	"encoding/json"
+	"encoding/pem"
+	"flag"
+	"fmt"
+	"log"
+	"os"
+	"os/signal"
+	"syscall"
+	"time"
+
+	"keywarden/agent/internal/client"
+	"keywarden/agent/internal/config"
+	"keywarden/agent/internal/logs"
+	"keywarden/agent/internal/version"
+)
+
+func main() {
+	configPath := flag.String("config", config.DefaultConfigPath, "Path to agent config JSON")
+	serverURL := flag.String("server-url", "", "Keywarden server URL (first boot)")
+	enrollToken := flag.String("enroll-token", "", "Enrollment token (first boot)")
+	showVersion := flag.Bool("version", false, "Print version and exit")
+	flag.Parse()
+
+	if *showVersion {
+		fmt.Printf("keywarden-agent %s (commit %s, built %s)\n", version.Version, version.Commit, version.BuildDate)
+		return
+	}
+
+	cfg, err := config.LoadOrInit(*configPath, pickServerURL(*serverURL))
+	if err != nil {
+		log.Fatalf("config error: %v", err)
+	}
+	if err := ensureDirs(cfg); err != nil {
+		log.Fatalf("state dir error: %v", err)
+	}
+
+	if err := bootstrapIfNeeded(cfg, *configPath, pickEnrollToken(*enrollToken)); err != nil {
+		log.Fatalf("bootstrap error: %v", err)
+	}
+
+	apiClient, err := client.New(cfg)
+	if err != nil {
+		log.Fatalf("client error: %v", err)
+	}
+
+	ctx, stop := signal.NotifyContext(context.Background(), os.Interrupt, syscall.SIGTERM)
+	defer stop()
+
+	interval := time.Duration(cfg.SyncIntervalSeconds) * time.Second
+	log.Printf("keywarden-agent started: server_id=%s interval=%s", cfg.ServerID, interval)
+
+	ticker := time.NewTicker(interval)
+	defer ticker.Stop()
+
+	runOnce(ctx, apiClient, cfg)
+
+	for {
+		select {
+		case <-ctx.Done():
+			log.Printf("shutdown requested")
+			return
+		case <-ticker.C:
+			runOnce(ctx, apiClient, cfg)
+		}
+	}
+}
+
+func runOnce(ctx context.Context, apiClient *client.Client, cfg *config.Config) {
+	if err := apiClient.SyncAccounts(ctx, cfg.ServerID); err != nil {
+		log.Printf("sync accounts error: %v", err)
+	}
+	if err := shipLogs(ctx, apiClient, cfg); err != nil {
+		log.Printf("log shipping error: %v", err)
+	}
+}
+
+func ensureDirs(cfg *config.Config) error {
+	if err := os.MkdirAll(cfg.StateDir, 0o700); err != nil {
+		return err
+	}
+	if err := os.MkdirAll(cfg.LogSpoolDir(), 0o700); err != nil {
+		return err
+	}
+	return nil
+}
+
+func shipLogs(ctx context.Context, apiClient *client.Client, cfg *config.Config) error {
+	send := func(payload []byte) error {
+		return apiClient.SendLogBatch(ctx, cfg.ServerID, payload)
+	}
+	if err := logs.DrainSpool(cfg.LogSpoolDir(), send); err != nil {
+		return err
+	}
+
+	cursor, err := logs.ReadCursor(cfg.LogCursorPath())
+	if err != nil {
+		return err
+	}
+	collector := logs.NewCollector()
+	events, nextCursor, err := collector.Collect(ctx, cursor, cfg.LogBatchSize)
+	if err != nil {
+		return err
+	}
+	if len(events) == 0 {
+		return nil
+	}
+	payload, err := json.Marshal(events)
+	if err != nil {
+		return err
+	}
+	if err := send(payload); err != nil {
+		if spoolErr := logs.SaveSpool(cfg.LogSpoolDir(), payload); spoolErr != nil {
+			return spoolErr
+		}
+		return err
+	}
+	if err := logs.WriteCursor(cfg.LogCursorPath(), nextCursor); err != nil {
+		return err
+	}
+	return nil
+}
+
+func pickServerURL(flagValue string) string {
+	if flagValue != "" {
+		return flagValue
+	}
+	return os.Getenv("KEYWARDEN_SERVER_URL")
+}
+
+func pickEnrollToken(flagValue string) string {
+	if flagValue != "" {
+		return flagValue
+	}
+	return os.Getenv("KEYWARDEN_ENROLL_TOKEN")
+}
+
+func bootstrapIfNeeded(cfg *config.Config, configPath string, enrollToken string) error {
+	if cfg.ServerID != "" && fileExists(cfg.ClientCertPath()) && fileExists(cfg.CACertPath()) {
+		return nil
+	}
+	if enrollToken == "" {
+		return fmt.Errorf("missing enrollment token; set KEYWARDEN_ENROLL_TOKEN or -enroll-token")
+	}
+	keyPath := cfg.ClientKeyPath()
+	if !fileExists(keyPath) {
+		if err := generateKey(keyPath); err != nil {
+			return err
+		}
+	}
+	csrPEM, err := buildCSR(keyPath)
+	if err != nil {
+		return err
+	}
+	hostname, _ := os.Hostname()
+	resp, err := client.Enroll(context.Background(), cfg.ServerURL, client.EnrollRequest{
+		Token:  enrollToken,
+		CSRPEM: csrPEM,
+		Host:   hostname,
+	})
+	if err != nil {
+		return err
+	}
+	if err := os.WriteFile(cfg.ClientCertPath(), []byte(resp.ClientCert), 0o600); err != nil {
+		return err
+	}
+	if err := os.WriteFile(cfg.CACertPath(), []byte(resp.CACert), 0o600); err != nil {
+		return err
+	}
+	cfg.ServerID = resp.ServerID
+	if err := config.Save(configPath, cfg); err != nil {
+		return err
+	}
+	return nil
+}
+
+func generateKey(path string) error {
+	key, err := rsa.GenerateKey(rand.Reader, 2048)
+	if err != nil {
+		return err
+	}
+	keyDER := x509.MarshalPKCS1PrivateKey(key)
+	block := &pem.Block{Type: "RSA PRIVATE KEY", Bytes: keyDER}
+	data := pem.EncodeToMemory(block)
+	return os.WriteFile(path, data, 0o600)
+}
+
+func buildCSR(keyPath string) (string, error) {
+	keyData, err := os.ReadFile(keyPath)
+	if err != nil {
+		return "", err
+	}
+	block, _ := pem.Decode(keyData)
+	if block == nil || block.Type != "RSA PRIVATE KEY" {
+		return "", fmt.Errorf("invalid private key")
+	}
+	key, err := x509.ParsePKCS1PrivateKey(block.Bytes)
+	if err != nil {
+		return "", err
+	}
+	csrTemplate := &x509.CertificateRequest{Subject: pkix.Name{CommonName: "keywarden-agent"}}
+	csrDER, err := x509.CreateCertificateRequest(rand.Reader, csrTemplate, key)
+	if err != nil {
+		return "", err
+	}
+	csrBlock := &pem.Block{Type: "CERTIFICATE REQUEST", Bytes: csrDER}
+	return string(pem.EncodeToMemory(csrBlock)), nil
+}
+
+func fileExists(path string) bool {
+	info, err := os.Stat(path)
+	if err != nil {
+		return false
+	}
+	return !info.IsDir()
+}

agent/config.example.json

@@ -0,0 +1,14 @@
+{
+  "server_url": "https://keywarden.example.com",
+  "server_id": "",
+  "sync_interval_seconds": 30,
+  "log_batch_size": 500,
+  "state_dir": "/var/lib/keywarden-agent",
+  "account_policy": {
+    "username_template": "{{username}}_{{user_id}}",
+    "default_shell": "/bin/bash",
+    "admin_group": "sudo",
+    "create_home": true,
+    "lock_on_revoke": true
+  }
+}

agent/go.mod

@@ -0,0 +1,7 @@
+module keywarden/agent
+
+go 1.22
+
+require (
+	github.com/coreos/go-systemd/v22 v22.5.0
+)

agent/go.sum

@@ -0,0 +1,3 @@
+github.com/coreos/go-systemd/v22 v22.5.0 h1:RrqgGjYQKalulkV8NGVIfkXQf6YYmOyiJKk8iXXhfZs=
+github.com/coreos/go-systemd/v22 v22.5.0/go.mod h1:Y58oyj3AT4RCenI/lSvhwexgC+NSVTIJ3seZv2GcEnc=
+github.com/godbus/dbus/v5 v5.0.4/go.mod h1:xhWf0FNVPg57R7Z0UbKHbJfkEywrmjJnf7w5xrFpKfA=

agent/internal/client/client.go

@@ -0,0 +1,132 @@
+package client
+
+import (
+	"bytes"
+	"context"
+	"crypto/tls"
+	"crypto/x509"
+	"encoding/json"
+	"errors"
+	"fmt"
+	"net/http"
+	"os"
+	"strings"
+	"time"
+
+	"keywarden/agent/internal/config"
+)
+
+const defaultTimeout = 15 * time.Second
+
+type Client struct {
+	baseURL string
+	http    *http.Client
+}
+
+func New(cfg *config.Config) (*Client, error) {
+	baseURL := strings.TrimRight(cfg.ServerURL, "/")
+	if baseURL == "" {
+		return nil, errors.New("server url is required")
+	}
+	cert, err := tls.LoadX509KeyPair(cfg.ClientCertPath(), cfg.ClientKeyPath())
+	if err != nil {
+		return nil, fmt.Errorf("load client cert: %w", err)
+	}
+	caData, err := os.ReadFile(cfg.CACertPath())
+	if err != nil {
+		return nil, fmt.Errorf("read ca cert: %w", err)
+	}
+	caPool := x509.NewCertPool()
+	if !caPool.AppendCertsFromPEM(caData) {
+		return nil, errors.New("parse ca cert")
+	}
+
+	tlsConfig := &tls.Config{
+		Certificates: []tls.Certificate{cert},
+		RootCAs:      caPool,
+		MinVersion:   tls.VersionTLS12,
+	}
+
+	transport := &http.Transport{
+		TLSClientConfig: tlsConfig,
+	}
+
+	httpClient := &http.Client{
+		Timeout:   defaultTimeout,
+		Transport: transport,
+	}
+
+	return &Client{baseURL: baseURL, http: httpClient}, nil
+}
+
+type EnrollRequest struct {
+	Token   string `json:"token"`
+	CSRPEM  string `json:"csr_pem"`
+	Host    string `json:"host"`
+	AgentID string `json:"agent_id,omitempty"`
+}
+
+type EnrollResponse struct {
+	ServerID     string `json:"server_id"`
+	ClientCert  string `json:"client_cert_pem"`
+	CACert      string `json:"ca_cert_pem"`
+	SyncProfile  string `json:"sync_profile,omitempty"`
+	DisplayName string `json:"display_name,omitempty"`
+}
+
+func Enroll(ctx context.Context, serverURL string, req EnrollRequest) (*EnrollResponse, error) {
+	baseURL := strings.TrimRight(serverURL, "/")
+	if baseURL == "" {
+		return nil, errors.New("server url is required")
+	}
+	body, err := json.Marshal(req)
+	if err != nil {
+		return nil, fmt.Errorf("encode enroll request: %w", err)
+	}
+	httpClient := &http.Client{Timeout: defaultTimeout}
+	httpReq, err := http.NewRequestWithContext(ctx, http.MethodPost, baseURL+"/agent/enroll", bytes.NewReader(body))
+	if err != nil {
+		return nil, fmt.Errorf("build enroll request: %w", err)
+	}
+	httpReq.Header.Set("Content-Type", "application/json")
+	resp, err := httpClient.Do(httpReq)
+	if err != nil {
+		return nil, fmt.Errorf("enroll request: %w", err)
+	}
+	defer resp.Body.Close()
+	if resp.StatusCode != http.StatusOK {
+		return nil, fmt.Errorf("enroll failed: status %s", resp.Status)
+	}
+	var out EnrollResponse
+	if err := json.NewDecoder(resp.Body).Decode(&out); err != nil {
+		return nil, fmt.Errorf("decode enroll response: %w", err)
+	}
+	if out.ServerID == "" || out.ClientCert == "" || out.CACert == "" {
+		return nil, errors.New("enroll response missing required fields")
+	}
+	return &out, nil
+}
+
+func (c *Client) SyncAccounts(ctx context.Context, serverID string) error {
+	_ = ctx
+	_ = serverID
+	// TODO: call API to fetch account policy + approved access list.
+	return nil
+}
+
+func (c *Client) SendLogBatch(ctx context.Context, serverID string, payload []byte) error {
+	req, err := http.NewRequestWithContext(ctx, http.MethodPost, c.baseURL+"/agent/servers/"+serverID+"/logs", bytes.NewReader(payload))
+	if err != nil {
+		return fmt.Errorf("build log request: %w", err)
+	}
+	req.Header.Set("Content-Type", "application/json")
+	resp, err := c.http.Do(req)
+	if err != nil {
+		return fmt.Errorf("send log batch: %w", err)
+	}
+	defer resp.Body.Close()
+	if resp.StatusCode >= 300 {
+		return fmt.Errorf("log batch failed: status %s", resp.Status)
+	}
+	return nil
+}

agent/internal/config/config.go

@@ -0,0 +1,148 @@
+package config
+
+import (
+	"encoding/json"
+	"errors"
+	"fmt"
+	"os"
+	"strings"
+)
+
+const (
+	DefaultConfigPath          = "/etc/keywarden/agent.json"
+	DefaultStateDir            = "/var/lib/keywarden-agent"
+	DefaultSyncIntervalSeconds = 30
+	DefaultLogBatchSize        = 500
+	DefaultUsernameTemplate    = "{{username}}_{{user_id}}"
+	DefaultShell               = "/bin/bash"
+	DefaultAdminGroup          = "sudo"
+)
+
+type AccountPolicy struct {
+	UsernameTemplate string `json:"username_template"`
+	DefaultShell     string `json:"default_shell"`
+	AdminGroup       string `json:"admin_group"`
+	CreateHome       bool   `json:"create_home"`
+	LockOnRevoke     bool   `json:"lock_on_revoke"`
+}
+
+type Config struct {
+	ServerURL           string        `json:"server_url"`
+	ServerID            string        `json:"server_id,omitempty"`
+	SyncIntervalSeconds int           `json:"sync_interval_seconds,omitempty"`
+	LogBatchSize        int           `json:"log_batch_size,omitempty"`
+	StateDir            string        `json:"state_dir,omitempty"`
+	AccountPolicy       AccountPolicy `json:"account_policy,omitempty"`
+}
+
+func LoadOrInit(path string, serverURL string) (*Config, error) {
+	if path == "" {
+		path = DefaultConfigPath
+	}
+	data, err := os.ReadFile(path)
+	if err != nil {
+		if !errors.Is(err, os.ErrNotExist) {
+			return nil, fmt.Errorf("read config: %w", err)
+		}
+		if serverURL == "" {
+			return nil, errors.New("server url required for first boot")
+		}
+		cfg := &Config{ServerURL: serverURL}
+		applyDefaults(cfg)
+		if err := validate(cfg, false); err != nil {
+			return nil, err
+		}
+		if err := Save(path, cfg); err != nil {
+			return nil, err
+		}
+		return cfg, nil
+	}
+	cfg := &Config{}
+	if err := json.Unmarshal(data, cfg); err != nil {
+		return nil, fmt.Errorf("parse config: %w", err)
+	}
+	applyDefaults(cfg)
+	if err := validate(cfg, false); err != nil {
+		return nil, err
+	}
+	return cfg, nil
+}
+
+func Save(path string, cfg *Config) error {
+	data, err := json.MarshalIndent(cfg, "", "  ")
+	if err != nil {
+		return fmt.Errorf("encode config: %w", err)
+	}
+	if err := os.MkdirAll(dir(path), 0o755); err != nil {
+		return fmt.Errorf("create config dir: %w", err)
+	}
+	if err := os.WriteFile(path, data, 0o600); err != nil {
+		return fmt.Errorf("write config: %w", err)
+	}
+	return nil
+}
+
+func applyDefaults(cfg *Config) {
+	if cfg.SyncIntervalSeconds <= 0 {
+		cfg.SyncIntervalSeconds = DefaultSyncIntervalSeconds
+	}
+	if cfg.LogBatchSize <= 0 {
+		cfg.LogBatchSize = DefaultLogBatchSize
+	}
+	if cfg.StateDir == "" {
+		cfg.StateDir = DefaultStateDir
+	}
+	if cfg.AccountPolicy.UsernameTemplate == "" {
+		cfg.AccountPolicy.UsernameTemplate = DefaultUsernameTemplate
+	}
+	if cfg.AccountPolicy.DefaultShell == "" {
+		cfg.AccountPolicy.DefaultShell = DefaultShell
+	}
+	if cfg.AccountPolicy.AdminGroup == "" {
+		cfg.AccountPolicy.AdminGroup = DefaultAdminGroup
+	}
+}
+
+func validate(cfg *Config, requireServerID bool) error {
+	var missing []string
+	if cfg.ServerURL == "" {
+		missing = append(missing, "server_url")
+	}
+	if requireServerID && cfg.ServerID == "" {
+		missing = append(missing, "server_id")
+	}
+	if len(missing) > 0 {
+		return fmt.Errorf("missing required config fields: %v", missing)
+	}
+	if cfg.SyncIntervalSeconds < 5 {
+		return errors.New("sync_interval_seconds must be >= 5")
+	}
+	return nil
+}
+
+func (c *Config) ClientCertPath() string {
+	return c.StateDir + "/agent.crt"
+}
+
+func (c *Config) ClientKeyPath() string {
+	return c.StateDir + "/agent.key"
+}
+
+func (c *Config) CACertPath() string {
+	return c.StateDir + "/ca.crt"
+}
+
+func (c *Config) LogCursorPath() string {
+	return c.StateDir + "/journal.cursor"
+}
+
+func (c *Config) LogSpoolDir() string {
+	return c.StateDir + "/spool"
+}
+
+func dir(path string) string {
+	if idx := strings.LastIndex(path, string(os.PathSeparator)); idx != -1 {
+		return path[:idx]
+	}
+	return "."
+}

agent/internal/logs/collector.go

@@ -0,0 +1,177 @@
+package logs
+
+import (
+	"context"
+	"strings"
+	"time"
+
+	"github.com/coreos/go-systemd/v22/sdjournal"
+)
+
+const defaultLimit = 500
+
+type Collector struct {
+	matches []string
+}
+
+func NewCollector() *Collector {
+	return &Collector{matches: defaultMatches()}
+}
+
+func (c *Collector) Collect(ctx context.Context, cursor string, limit int) ([]Event, string, error) {
+	if limit <= 0 {
+		limit = defaultLimit
+	}
+	j, err := sdjournal.NewJournal()
+	if err != nil {
+		return nil, "", err
+	}
+	defer j.Close()
+
+	for i, match := range c.matches {
+		if i > 0 {
+			if err := j.AddDisjunction(); err != nil {
+				return nil, "", err
+			}
+		}
+		if err := j.AddMatch(match); err != nil {
+			return nil, "", err
+		}
+	}
+
+	if cursor != "" {
+		if err := j.SeekCursor(cursor); err == nil {
+			_, _ = j.Next()
+		}
+	} else {
+		_ = j.SeekTail()
+		_, _ = j.Next()
+	}
+
+	var events []Event
+	var nextCursor string
+	for len(events) < limit {
+		select {
+		case <-ctx.Done():
+			return events, nextCursor, ctx.Err()
+		default:
+		}
+		n, err := j.Next()
+		if err != nil {
+			return events, nextCursor, err
+		}
+		if n == 0 {
+			break
+		}
+		entry, err := j.GetEntry()
+		if err != nil {
+			return events, nextCursor, err
+		}
+		event := fromEntry(entry)
+		events = append(events, event)
+		nextCursor = entry.Cursor
+	}
+
+	return events, nextCursor, nil
+}
+
+func defaultMatches() []string {
+	return []string{
+		"_SYSTEMD_UNIT=sshd.service",
+		"_SYSTEMD_UNIT=sudo.service",
+		"_SYSTEMD_UNIT=systemd-networkd.service",
+		"_SYSTEMD_UNIT=NetworkManager.service",
+		"_SYSTEMD_UNIT=systemd-logind.service",
+		"_TRANSPORT=kernel",
+	}
+}
+
+func fromEntry(entry *sdjournal.JournalEntry) Event {
+	ts := time.Unix(0, int64(entry.RealtimeTimestamp)*int64(time.Microsecond))
+	event := NewEvent(ts)
+	fields := entry.Fields
+	unit := fields["_SYSTEMD_UNIT"]
+	message := fields["MESSAGE"]
+	identifier := fields["SYSLOG_IDENTIFIER"]
+
+	event.Unit = unit
+	event.Message = message
+	event.Priority = fields["PRIORITY"]
+	event.Hostname = fields["_HOSTNAME"]
+	event.Fields = fields
+
+	event.Category = categorize(unit, identifier, fields)
+	event.EventType, event.Username, event.SourceIP, event.SessionID = parseMessage(event.Category, message)
+	if event.EventType == "" {
+		event.EventType = defaultEventType(event.Category)
+	}
+	return event
+}
+
+func categorize(unit string, identifier string, fields map[string]string) string {
+	switch {
+	case unit == "sshd.service" || identifier == "sshd":
+		return "access"
+	case unit == "sudo.service" || identifier == "sudo":
+		return "auth"
+	case unit == "systemd-networkd.service" || identifier == "NetworkManager":
+		return "network"
+	case fields["_TRANSPORT"] == "kernel":
+		return "system"
+	default:
+		return "system"
+	}
+}
+
+func defaultEventType(category string) string {
+	switch category {
+	case "access":
+		return "ssh"
+	case "auth":
+		return "auth"
+	case "network":
+		return "network"
+	default:
+		return "system"
+	}
+}
+
+func parseMessage(category string, msg string) (eventType string, username string, sourceIP string, sessionID string) {
+	if msg == "" {
+		return "", "", "", ""
+	}
+	lower := strings.ToLower(msg)
+	if category == "access" {
+		switch {
+		case strings.Contains(lower, "accepted"):
+			eventType = "ssh.login.success"
+			username = extractBetween(msg, "for ", " from")
+			sourceIP = extractBetween(msg, "from ", " port")
+		case strings.Contains(lower, "failed password"):
+			eventType = "ssh.login.fail"
+			username = extractBetween(msg, "for ", " from")
+			sourceIP = extractBetween(msg, "from ", " port")
+		case strings.Contains(lower, "session opened"):
+			eventType = "ssh.session.open"
+			username = extractBetween(msg, "for user ", " by")
+		case strings.Contains(lower, "session closed"):
+			eventType = "ssh.session.close"
+			username = extractBetween(msg, "for user ", " by")
+		}
+	}
+	return eventType, strings.TrimSpace(username), strings.TrimSpace(sourceIP), strings.TrimSpace(sessionID)
+}
+
+func extractBetween(msg string, start string, end string) string {
+	startIdx := strings.Index(msg, start)
+	if startIdx == -1 {
+		return ""
+	}
+	startIdx += len(start)
+	rest := msg[startIdx:]
+	endIdx := strings.Index(rest, end)
+	if endIdx == -1 {
+		return strings.TrimSpace(rest)
+	}
+	return strings.TrimSpace(rest[:endIdx])
+}

agent/internal/logs/cursor.go

@@ -0,0 +1,24 @@
+package logs
+
+import (
+	"os"
+	"strings"
+)
+
+func ReadCursor(path string) (string, error) {
+	data, err := os.ReadFile(path)
+	if err != nil {
+		if os.IsNotExist(err) {
+			return "", nil
+		}
+		return "", err
+	}
+	return strings.TrimSpace(string(data)), nil
+}
+
+func WriteCursor(path string, cursor string) error {
+	if cursor == "" {
+		return nil
+	}
+	return os.WriteFile(path, []byte(cursor+"\n"), 0o600)
+}

agent/internal/logs/spool.go

@@ -0,0 +1,53 @@
+package logs
+
+import (
+	"fmt"
+	"os"
+	"path/filepath"
+	"sort"
+	"time"
+)
+
+func SaveSpool(dir string, payload []byte) error {
+	if err := os.MkdirAll(dir, 0o700); err != nil {
+		return err
+	}
+	name := fmt.Sprintf("%d.json", time.Now().UnixNano())
+	tmp := filepath.Join(dir, name+".tmp")
+	final := filepath.Join(dir, name)
+	if err := os.WriteFile(tmp, payload, 0o600); err != nil {
+		return err
+	}
+	return os.Rename(tmp, final)
+}
+
+func DrainSpool(dir string, send func([]byte) error) error {
+	entries, err := os.ReadDir(dir)
+	if err != nil {
+		if os.IsNotExist(err) {
+			return nil
+		}
+		return err
+	}
+	var files []string
+	for _, entry := range entries {
+		if entry.IsDir() {
+			continue
+		}
+		files = append(files, filepath.Join(dir, entry.Name()))
+	}
+	sort.Strings(files)
+	for _, path := range files {
+		data, err := os.ReadFile(path)
+		if err != nil {
+			return err
+		}
+		if err := send(data); err != nil {
+			return err
+		}
+		if err := os.Remove(path); err != nil {
+			return err
+		}
+	}
+	return nil
+}

agent/internal/logs/types.go

@@ -0,0 +1,23 @@
+package logs
+
+import "time"
+
+type Event struct {
+	Timestamp string            `json:"timestamp"`
+	Category  string            `json:"category"`
+	EventType string            `json:"event_type"`
+	Unit      string            `json:"unit,omitempty"`
+	Priority  string            `json:"priority,omitempty"`
+	Hostname  string            `json:"hostname,omitempty"`
+	Username  string            `json:"username,omitempty"`
+	Principal string            `json:"principal,omitempty"`
+	SourceIP  string            `json:"source_ip,omitempty"`
+	SessionID string            `json:"session_id,omitempty"`
+	Message   string            `json:"message,omitempty"`
+	Raw       string            `json:"raw,omitempty"`
+	Fields    map[string]string `json:"fields,omitempty"`
+}
+
+func NewEvent(ts time.Time) Event {
+	return Event{Timestamp: ts.UTC().Format(time.RFC3339Nano)}
+}

agent/internal/version/version.go

@@ -0,0 +1,7 @@
+package version
+
+var (
+	Version   = "0.0.1-dev"
+	Commit    = ""
+	BuildDate = ""
+)