[slogger] Move Linux platform tables to use slogger partially or fully (

#1611)

ee/tables/crowdstrike/falcon_kernel_check/table.go

@@ -6,20 +6,21 @@ package falcon_kernel_check
 import (
 	"context"
 	"fmt"
+	"log/slog"
 	"regexp"
 
 	"github.com/go-kit/kit/log"
-	"github.com/go-kit/kit/log/level"
 	"github.com/kolide/launcher/ee/allowedcmd"
 	"github.com/kolide/launcher/ee/tables/tablehelpers"
 	"github.com/osquery/osquery-go/plugin/table"
 )
 
 type Table struct {
-	logger log.Logger
+	slogger *slog.Logger
+	logger  log.Logger // preserved only for temporary use in tablehelpers.Exec
 }
 
-func TablePlugin(logger log.Logger) *table.Plugin {
+func TablePlugin(slogger *slog.Logger, logger log.Logger) *table.Plugin {
 	columns := []table.ColumnDefinition{
 		table.TextColumn("kernel"),
 		table.IntegerColumn("supported"),
@@ -29,7 +30,8 @@ func TablePlugin(logger log.Logger) *table.Plugin {
 	tableName := "kolide_falcon_kernel_check"
 
 	t := &Table{
-		logger: log.With(logger, "table", tableName),
+		slogger: slogger.With("table", tableName),
+		logger:  log.With(logger, "table", tableName),
 	}
 
 	return table.NewPlugin(tableName, columns, t.generate)
@@ -38,13 +40,19 @@ func TablePlugin(logger log.Logger) *table.Plugin {
 func (t *Table) generate(ctx context.Context, queryContext table.QueryContext) ([]map[string]string, error) {
 	output, err := tablehelpers.Exec(ctx, t.logger, 5, allowedcmd.FalconKernelCheck, []string{}, false)
 	if err != nil {
-		level.Info(t.logger).Log("msg", "exec failed", "err", err)
+		t.slogger.Log(ctx, slog.LevelInfo,
+			"exec failed",
+			"err", err,
+		)
 		return nil, err
 	}
 
 	status, err := parseStatus(string(output))
 	if err != nil {
-		level.Info(t.logger).Log("msg", "Error parsing exec status", "err", err)
+		t.slogger.Log(ctx, slog.LevelInfo,
+			"error parsing exec status",
+			"err", err,
+		)
 		return nil, err
 	}
 

ee/tables/crowdstrike/falconctl/table.go

@@ -7,10 +7,10 @@ import (
 	"bytes"
 	"context"
 	"fmt"
+	"log/slog"
 	"strings"
 
 	"github.com/go-kit/kit/log"
-	"github.com/go-kit/kit/log/level"
 	"github.com/kolide/launcher/ee/allowedcmd"
 	"github.com/kolide/launcher/ee/dataflatten"
 	"github.com/kolide/launcher/ee/tables/dataflattentable"
@@ -42,17 +42,19 @@ var (
 type execFunc func(context.Context, log.Logger, int, allowedcmd.AllowedCommand, []string, bool) ([]byte, error)
 
 type falconctlOptionsTable struct {
-	logger    log.Logger
+	slogger   *slog.Logger
+	logger    log.Logger // preserved temporarily for use in dataflattentables/tablehelpers
 	tableName string
 	execFunc  execFunc
 }
 
-func NewFalconctlOptionTable(logger log.Logger) *table.Plugin {
+func NewFalconctlOptionTable(slogger *slog.Logger, logger log.Logger) *table.Plugin {
 	columns := dataflattentable.Columns(
 		table.TextColumn("options"),
 	)
 
 	t := &falconctlOptionsTable{
+		slogger:   slogger.With("table", "kolide_falconctl_options"),
 		logger:    log.With(logger, "table", "kolide_falconctl_options"),
 		tableName: "kolide_falconctl_options",
 		execFunc:  tablehelpers.Exec,
@@ -79,7 +81,10 @@ OUTER:
 		for _, option := range options {
 			option = strings.Trim(option, " ")
 			if !optionAllowed(option) {
-				level.Info(t.logger).Log("msg", "requested option not allowed", "option", option)
+				t.slogger.Log(ctx, slog.LevelInfo,
+					"requested option not allowed",
+					"option", option,
+				)
 				continue OUTER
 			}
 		}
@@ -92,14 +97,20 @@ OUTER:
 
 		output, err := t.execFunc(ctx, t.logger, 30, allowedcmd.Falconctl, args, false)
 		if err != nil {
-			level.Info(t.logger).Log("msg", "exec failed", "err", err)
+			t.slogger.Log(ctx, slog.LevelInfo,
+				"exec failed",
+				"err", err,
+			)
 			synthesizedData := map[string]string{
 				"_error": fmt.Sprintf("falconctl parse failure: %s", err),
 			}
 
 			flattened, err := dataflatten.Flatten(synthesizedData)
 			if err != nil {
-				level.Info(t.logger).Log("msg", "failure flattening output", "err", err)
+				t.slogger.Log(ctx, slog.LevelInfo,
+					"failure flattening output",
+					"err", err,
+				)
 				continue
 			}
 
@@ -109,7 +120,10 @@ OUTER:
 
 		parsed, err := parseOptions(bytes.NewReader(output))
 		if err != nil {
-			level.Info(t.logger).Log("msg", "parse failed", "err", err)
+			t.slogger.Log(ctx, slog.LevelInfo,
+				"parse failed",
+				"err", err,
+			)
 			parsed = map[string]string{
 				"_error": fmt.Sprintf("falconctl parse failure: %s", err),
 			}
@@ -123,7 +137,10 @@ OUTER:
 
 			flattened, err := dataflatten.Flatten(parsed, flattenOpts...)
 			if err != nil {
-				level.Info(t.logger).Log("msg", "failure flattening output", "err", err)
+				t.slogger.Log(ctx, slog.LevelInfo,
+					"failure flattening output",
+					"err", err,
+				)
 				continue
 			}
 

ee/tables/crowdstrike/falconctl/table_test.go

@@ -4,14 +4,16 @@
 package falconctl
 
 import (
-	"bytes"
 	"context"
+	"log/slog"
 	"strings"
 	"testing"
 
 	"github.com/go-kit/kit/log"
 	"github.com/kolide/launcher/ee/allowedcmd"
 	"github.com/kolide/launcher/ee/tables/tablehelpers"
+	"github.com/kolide/launcher/pkg/log/multislogger"
+	"github.com/kolide/launcher/pkg/threadsafebuffer"
 	"github.com/stretchr/testify/require"
 )
 
@@ -62,9 +64,10 @@ func TestOptionRestrictions(t *testing.T) {
 		t.Run(tt.name, func(t *testing.T) {
 			t.Parallel()
 
-			var logBytes bytes.Buffer
+			var logBytes threadsafebuffer.ThreadSafeBuffer
 
 			testTable := &falconctlOptionsTable{
+				slogger:  multislogger.New(slog.NewJSONHandler(&logBytes, &slog.HandlerOptions{Level: slog.LevelDebug})).Logger,
 				logger:   log.NewLogfmtLogger(&logBytes),
 				execFunc: noopExec,
 			}

ee/tables/cryptsetup/table.go

@@ -6,10 +6,10 @@ package cryptsetup
 import (
 	"context"
 	"fmt"
+	"log/slog"
 	"strings"
 
 	"github.com/go-kit/kit/log"
-	"github.com/go-kit/kit/log/level"
 	"github.com/kolide/launcher/ee/allowedcmd"
 	"github.com/kolide/launcher/ee/dataflatten"
 	"github.com/kolide/launcher/ee/tables/dataflattentable"
@@ -20,18 +20,20 @@ import (
 const allowedNameCharacters = "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789-/_"
 
 type Table struct {
-	logger log.Logger
-	name   string
+	slogger *slog.Logger
+	logger  log.Logger // preserved only for use in dataflattentable/tablehelpers.Exec temporarily
+	name    string
 }
 
-func TablePlugin(logger log.Logger) *table.Plugin {
+func TablePlugin(slogger *slog.Logger, logger log.Logger) *table.Plugin {
 	columns := dataflattentable.Columns(
 		table.TextColumn("name"),
 	)
 
 	t := &Table{
-		logger: logger,
-		name:   "kolide_cryptsetup_status",
+		slogger: slogger.With("table", "kolide_cryptsetup_status"),
+		logger:  logger,
+		name:    "kolide_cryptsetup_status",
 	}
 
 	return table.NewPlugin(t.name, columns, t.generate)
@@ -52,20 +54,31 @@ func (t *Table) generate(ctx context.Context, queryContext table.QueryContext) (
 	for _, name := range requestedNames {
 		output, err := tablehelpers.Exec(ctx, t.logger, 15, allowedcmd.Cryptsetup, []string{"--readonly", "status", name}, false)
 		if err != nil {
-			level.Debug(t.logger).Log("msg", "Error execing for status", "name", name, "err", err)
+			t.slogger.Log(ctx, slog.LevelDebug,
+				"error execing for status",
+				"name", name,
+				"err", err,
+			)
 			continue
 		}
 
 		status, err := parseStatus(output)
 		if err != nil {
-			level.Info(t.logger).Log("msg", "Error parsing status", "name", name, "err", err)
+			t.slogger.Log(ctx, slog.LevelInfo,
+				"error parsing status",
+				"name", name,
+				"err", err,
+			)
 			continue
 		}
 
 		for _, dataQuery := range tablehelpers.GetConstraints(queryContext, "query", tablehelpers.WithDefaults("*")) {
 			flatData, err := t.flattenOutput(dataQuery, status)
 			if err != nil {
-				level.Info(t.logger).Log("msg", "flatten failed", "err", err)
+				t.slogger.Log(ctx, slog.LevelInfo,
+					"flatten failed",
+					"err", err,
+				)
 				continue
 			}
 

ee/tables/fscrypt_info/generate.go

@@ -6,16 +6,14 @@ package fscrypt_info
 import (
 	"context"
 	"errors"
-	"runtime"
+	"log/slog"
 
-	"github.com/go-kit/kit/log/level"
 	"github.com/osquery/osquery-go/plugin/table"
 )
 
 func (t *Table) generate(ctx context.Context, queryContext table.QueryContext) ([]map[string]string, error) {
-	level.Info(t.logger).Log(
-		"msg", tableName+" is only supported on linux",
-		"goos", runtime.GOOS,
+	t.slogger.Log(ctx, slog.LevelInfo,
+		"table only supported on linux",
 	)
 	return nil, errors.New("Platform Unsupported")
 }

ee/tables/fscrypt_info/generate_linux.go

@@ -6,8 +6,8 @@ package fscrypt_info
 import (
 	"context"
 	"errors"
+	"log/slog"
 
-	"github.com/go-kit/kit/log/level"
 	"github.com/kolide/launcher/ee/tables/tablehelpers"
 	"github.com/osquery/osquery-go/plugin/table"
 )
@@ -27,8 +27,8 @@ func (t *Table) generate(ctx context.Context, queryContext table.QueryContext) (
 	for i, dirpath := range paths {
 		info, err := GetInfo(dirpath)
 		if err != nil {
-			level.Info(t.logger).Log(
-				"msg", "error getting fscrypt info",
+			t.slogger.Log(ctx, slog.LevelInfo,
+				"error getting fscrypt info",
 				"path", dirpath,
 				"err", err,
 			)

ee/tables/fscrypt_info/table.go

@@ -1,7 +1,8 @@
 package fscrypt_info
 
 import (
-	"github.com/go-kit/kit/log"
+	"log/slog"
+
 	"github.com/osquery/osquery-go/plugin/table"
 )
 
@@ -10,10 +11,10 @@ const (
 )
 
 type Table struct {
-	logger log.Logger
+	slogger *slog.Logger
 }
 
-func TablePlugin(logger log.Logger) *table.Plugin {
+func TablePlugin(slogger *slog.Logger) *table.Plugin {
 	columns := []table.ColumnDefinition{
 		table.TextColumn("path"),
 		table.IntegerColumn("encrypted"),
@@ -26,7 +27,7 @@ func TablePlugin(logger log.Logger) *table.Plugin {
 	}
 
 	t := &Table{
-		logger: logger,
+		slogger: slogger.With("table", tableName),
 	}
 	return table.NewPlugin(tableName, columns, t.generate)
 }