TheArchive/tailscale
1
0
Fork 0
mirror of https://github.com/tailscale/tailscale.git synced 2025-04-16 11:41:39 +00:00
Code Issues Packages Projects Releases Wiki Activity

util/syspolicy: add policy counters (#10471)

Browse Source 
Fixes tailscale/corp#16138

Signed-off-by: Claire Wang <claire@tailscale.com>
This commit is contained in:
Claire Wang 2023-12-05 17:13:05 -05:00 committed by GitHub
parent a95b3cbfa8
commit 47db67fef5
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
2 changed files with 85 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

55
util/syspolicy/handler_windows.go
View File

@ -5,21 +5,72 @@ package syspolicy
import ( import (
"errors" "errors"
"fmt"
"tailscale.com/util/clientmetric"
"tailscale.com/util/winutil" "tailscale.com/util/winutil"
) )
var (
windowsErrors = clientmetric.NewCounter("windows_mdm_setting_errors")
windowsAny = clientmetric.NewGauge("windows_mdm_setting_any")
)
type windowsHandler struct{} type windowsHandler struct{}
func init() { func init() {
RegisterHandler(NewCachingHandler(windowsHandler{})) RegisterHandler(NewCachingHandler(windowsHandler{}))
keyList := []struct {
isSet func(Key) bool
keys []Key
}{
{
isSet: func(k Key) bool {
_, err := handler.ReadString(string(k))
return err == nil
},
keys: stringKeys,
},
{
isSet: func(k Key) bool {
_, err := handler.ReadBoolean(string(k))
return err == nil
},
keys: boolKeys,
},
{
isSet: func(k Key) bool {
_, err := handler.ReadUInt64(string(k))
return err == nil
},
keys: uint64Keys,
},
}
var anySet bool
for _, l := range keyList {
for _, k := range l.keys {
if !l.isSet(k) {
continue
}
clientmetric.NewGauge(fmt.Sprintf("windows_mdm_setting_%s", k)).Set(1)
anySet = true
}
}
if anySet {
windowsAny.Set(1)
}
} }
func (windowsHandler) ReadString(key string) (string, error) { func (windowsHandler) ReadString(key string) (string, error) {
s, err := winutil.GetPolicyString(key) s, err := winutil.GetPolicyString(key)
if errors.Is(err, winutil.ErrNoValue) { if errors.Is(err, winutil.ErrNoValue) {
err = ErrNoSuchKey err = ErrNoSuchKey
} else if err != nil {
windowsErrors.Add(1)
} }
return s, err return s, err
} }
@ -27,6 +78,8 @@ func (windowsHandler) ReadUInt64(key string) (uint64, error) {
value, err := winutil.GetPolicyInteger(key) value, err := winutil.GetPolicyInteger(key)
if errors.Is(err, winutil.ErrNoValue) { if errors.Is(err, winutil.ErrNoValue) {
err = ErrNoSuchKey err = ErrNoSuchKey
} else if err != nil {
windowsErrors.Add(1)
} }
return value, err return value, err
} }
@ -35,6 +88,8 @@ func (windowsHandler) ReadBoolean(key string) (bool, error) {
value, err := winutil.GetPolicyInteger(key) value, err := winutil.GetPolicyInteger(key)
if errors.Is(err, winutil.ErrNoValue) { if errors.Is(err, winutil.ErrNoValue) {
err = ErrNoSuchKey err = ErrNoSuchKey
} else if err != nil {
windowsErrors.Add(1)
} }
return value != 0, err return value != 0, err
} }

30
util/syspolicy/policy_keys.go
View File

@ -50,3 +50,33 @@ const (
// The default is "user-decides" unless otherwise stated. // The default is "user-decides" unless otherwise stated.
PostureChecking Key = "PostureChecking" PostureChecking Key = "PostureChecking"
) )
var stringKeys = []Key{
ControlURL,
LogTarget,
Tailnet,
ExitNodeID,
ExitNodeIP,
EnableIncomingConnections,
EnableServerMode,
ExitNodeAllowLANAccess,
EnableTailscaleDNS,
EnableTailscaleSubnets,
AdminConsoleVisibility,
NetworkDevicesVisibility,
TestMenuVisibility,
UpdateMenuVisibility,
RunExitNodeVisibility,
PreferencesMenuVisibility,
ExitNodeMenuVisibility,
AutoUpdateVisibility,
KeyExpirationNoticeTime,
PostureChecking,
}
var boolKeys = []Key{
LogSCMInteractions,
FlushDNSOnSessionUnlock,
}
var uint64Keys = []Key{}