Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

check munemo in local server #2095

Merged
merged 7 commits into from
Feb 14, 2025
Merged

check munemo in local server #2095

merged 7 commits into from
Feb 14, 2025

Conversation

James-Pickett
Copy link
Contributor

@James-Pickett James-Pickett commented Feb 7, 2025
edited
Loading

Add handler to local server to reject requests that don't match munemo from enroll secret.

This should stop the issue where presence detection window get "refreshed" because 2 launcher instances are trying to do presence detection in Kolide's dual launcher set up.

corresponding k2 pr https://github.com/kolide/k2/pull/11339

@James-Pickett James-Pickett marked this pull request as ready for review February 7, 2025 00:16
@zackattack01
Copy link
Contributor

zackattack01 commented Feb 7, 2025
edited
Loading

The code seems great to me just a couple questions/comments:

  • it seems like the intention server side (from the linked PR) is to send that munemo header for every organization, which means this enroll secret read + parse will get added for every request. maybe faster if we don't include that header at all by default for other orgs? since this is only supposed to fix the internal dual-install scenarios. edit: never mind I see why you had to do it like this
  • otherwise I wonder if we shouldn't cache the munemo somewhere? just seems kinda expensive to do this inside the request handling

@James-Pickett
Copy link
Contributor Author

James-Pickett commented Feb 7, 2025
edited
Loading

The code seems great to me just a couple questions/comments:

  • it seems like the intention server side (from the linked PR) is to send that munemo header for every organization, which means this enroll secret read + parse will get added for every request. maybe faster if we don't include that header at all by default for other orgs? since this is only supposed to fix the internal dual-install scenarios. edit: never mind I see why you had to do it like this
  • otherwise I wonder if we shouldn't cache the munemo somewhere? just seems kinda expensive to do this inside the request handling

Yea, I'm cool with caching the munemo, probably in knapsack ... or perhaps just on the local server struct so we only parse once

zackattack01
zackattack01 previously approved these changes Feb 7, 2025
View reviewed changes
@James-Pickett James-Pickett added this pull request to the merge queue Feb 14, 2025
Merged via the queue into kolide:main with commit 267cd33 Feb 14, 2025
32 checks passed
@James-Pickett James-Pickett deleted the james/local-server-munemo-match branch February 14, 2025 18:28
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@zackattack01 zackattack01 zackattack01 approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@James-Pickett @zackattack01