Check agent options for correct key path

Author: dantecatalfamo

ee/server/service/teams.go

@@ -414,6 +414,19 @@ func (svc *Service) ModifyTeamAgentOptions(ctx context.Context, teamID uint, tea
 
 	if teamOptions != nil {
 		if err := fleet.ValidateJSONAgentOptions(ctx, svc.ds, teamOptions, true); err != nil {
+			if field := fleet.GetJSONUnknownField(err); field != nil {
+				correctKeyPath, keyErr := fleet.FindAgentOptionsKeyPath(*field)
+				if keyErr != nil {
+					level.Error(svc.logger).Log("err", err, "msg", "failed to find missing agent option")
+				}
+				var keyPathJoined string
+				if len(correctKeyPath) > 1 {
+					keyPathJoined = fmt.Sprintf("%q", strings.Join(correctKeyPath[:len(correctKeyPath)-1], "."))
+				} else {
+					keyPathJoined = "top level"
+				}
+				err = fmt.Errorf("%q should be part of the %s object", *field, keyPathJoined)
+			}
 			err = fleet.NewUserMessageError(err, http.StatusBadRequest)
 			if applyOptions.Force && !applyOptions.DryRun {
 				level.Info(svc.logger).Log("err", err, "msg", "force-apply team agent options with validation errors")

server/fleet/agent_options.go

@@ -325,3 +325,85 @@ func validateJSONAgentOptionsSet(rawJSON json.RawMessage) error {
 	}
 	return nil
 }
+
+func FindAgentOptionsKeyPath(key string) ([]string, error) {
+	if key == "script_execution_timeout" {
+		return []string{"script_execution_timeout"}, nil
+	}
+
+	configPath, err := locateStructJSONKeyPath(key, "config", osqueryAgentOptions{})
+	if err != nil {
+		return nil, fmt.Errorf("locating key path in agent options: %w", err)
+	}
+	if configPath != nil {
+		return configPath, nil
+	}
+
+	if key == "overrides" {
+		return []string{"overrides"}, nil
+	}
+	if key == "platforms" {
+		return []string{"overrides", "platforms"}, nil
+	}
+
+	commandLinePath, err := locateStructJSONKeyPath(key, "command_line_flags", osqueryCommandLineFlags{})
+	if err != nil {
+		return nil, fmt.Errorf("locating key path in agent command line options: %w", err)
+	}
+	if commandLinePath != nil {
+		return commandLinePath, nil
+	}
+
+	extensionsPath, err := locateStructJSONKeyPath(key, "extensions", ExtensionInfo{})
+	if err != nil {
+		return nil, fmt.Errorf("locating key path in agent extensions options: %w", err)
+	}
+	if extensionsPath != nil {
+		return extensionsPath, nil
+	}
+
+	channelsPath, err := locateStructJSONKeyPath(key, "update_channels", OrbitUpdateChannels{})
+	if err != nil {
+		return nil, fmt.Errorf("locating key path in agent update channels: %w", err)
+	}
+	if channelsPath != nil {
+		return channelsPath, nil
+	}
+
+	return nil, nil
+}
+
+// Only searches two layers deep
+func locateStructJSONKeyPath(key, startKey string, target any) ([]string, error) {
+	optionsBytes, err := json.Marshal(target)
+	if err != nil {
+		return nil, fmt.Errorf("unable to marshall target: %w", err)
+	}
+
+	var opts map[string]any
+
+	if err := json.Unmarshal(optionsBytes, &opts); err != nil {
+		return nil, fmt.Errorf("unable to unmarshall target: %w", err)
+	}
+
+	var path [3]string
+	path[0] = startKey
+	for k, v := range opts {
+		path[1] = k
+		if k == key {
+			return path[:2], nil
+		}
+
+		switch v.(type) {
+		case map[string]any:
+			for k2 := range v.(map[string]any) {
+				path[2] = k2
+				if key == k2 {
+					return path[:3], nil
+				}
+			}
+		}
+	}
+
+	return nil, nil
+}

server/fleet/errors.go

@@ -468,6 +468,15 @@ func IsJSONUnknownFieldError(err error) bool {
 	return rxJSONUnknownField.MatchString(err.Error())
 }
 
+func GetJSONUnknownField(err error) *string {
+	errCause := Cause(err)
+	if IsJSONUnknownFieldError(errCause) {
+		substr := rxJSONUnknownField.FindStringSubmatch(errCause.Error())
+		return &substr[1]
+	}
+	return nil
+}
+
 // UserMessage implements the user-friendly translation of the error if its
 // root cause is one of the supported types, otherwise it returns the error
 // message.