[receiver/osqueryreceiver] Add osquery receiver skeleton (#30458)

This change adds the skeleton for the
[osquery](https://osquery.io/) receiver, a new log receiver that pulls
structured system data from the [osquery
daemon](https://github.com/osquery/osquery).

**Link to tracking Issue:** #30375

**Testing:** Skeleton unit tests added.

**Documentation:** See README.md in receiver folder. For osquery
documentation, see [here](https://osquery.readthedocs.io/en/stable/).

.chloggen/osquery-receiver-1.yaml

@@ -0,0 +1,11 @@
+# One of 'breaking', 'deprecation', 'new_component', 'enhancement', 'bug_fix'
+change_type: new_component
+
+# The name of the component, or a single word describing the area of concern, (e.g. filelogreceiver)
+component: osqueryreceiver
+
+# A brief description of the change.  Surround your text with quotes ("") if it needs to start with a backtick (`).
+note: Adds osquery receiver skeleton
+
+# One or more tracking issues related to the change
+issues: [30375]

.github/CODEOWNERS

@@ -230,6 +230,7 @@ receiver/nginxreceiver/                                  @open-telemetry/collect
 receiver/nsxtreceiver/                                   @open-telemetry/collector-contrib-approvers @dashpole @schmikei
 receiver/opencensusreceiver/                             @open-telemetry/collector-contrib-approvers @open-telemetry/collector-approvers
 receiver/oracledbreceiver/                               @open-telemetry/collector-contrib-approvers @dmitryax @crobert-1 @atoulme
+receiver/osqueryreceiver/                                @open-telemetry/collector-contrib-approvers @codeboten @nslaughter @smithclay
 receiver/otlpjsonfilereceiver/                           @open-telemetry/collector-contrib-approvers @djaglowski @atoulme
 receiver/podmanreceiver/                                 @open-telemetry/collector-contrib-approvers @rogercoll
 receiver/postgresqlreceiver/                             @open-telemetry/collector-contrib-approvers @djaglowski

.github/ISSUE_TEMPLATE/bug_report.yaml

@@ -225,6 +225,7 @@ body:
       - receiver/nsxt
       - receiver/opencensus
       - receiver/oracledb
+      - receiver/osquery
       - receiver/otlpjsonfile
       - receiver/podman
       - receiver/postgresql

.github/ISSUE_TEMPLATE/feature_request.yaml

@@ -219,6 +219,7 @@ body:
       - receiver/nsxt
       - receiver/opencensus
       - receiver/oracledb
+      - receiver/osquery
       - receiver/otlpjsonfile
       - receiver/podman
       - receiver/postgresql

.github/ISSUE_TEMPLATE/other.yaml

@@ -219,6 +219,7 @@ body:
       - receiver/nsxt
       - receiver/opencensus
       - receiver/oracledb
+      - receiver/osquery
       - receiver/otlpjsonfile
       - receiver/podman
       - receiver/postgresql

receiver/osqueryreceiver/Makefile

@@ -0,0 +1 @@
+include ../../Makefile.Common

receiver/osqueryreceiver/README.md

@@ -0,0 +1,41 @@
+# osquery Receiver
+<!-- status autogenerated section -->
+| Status        |           |
+| ------------- |-----------|
+| Stability     | [development]: logs   |
+| Distributions | [] |
+| Issues        | [![Open issues](https://img.shields.io/github/issues-search/open-telemetry/opentelemetry-collector-contrib?query=is%3Aissue%20is%3Aopen%20label%3Areceiver%2Fosquery%20&label=open&color=orange&logo=opentelemetry)](https://github.com/open-telemetry/opentelemetry-collector-contrib/issues?q=is%3Aopen+is%3Aissue+label%3Areceiver%2Fosquery) [![Closed issues](https://img.shields.io/github/issues-search/open-telemetry/opentelemetry-collector-contrib?query=is%3Aissue%20is%3Aclosed%20label%3Areceiver%2Fosquery%20&label=closed&color=blue&logo=opentelemetry)](https://github.com/open-telemetry/opentelemetry-collector-contrib/issues?q=is%3Aclosed+is%3Aissue+label%3Areceiver%2Fosquery) |
+| [Code Owners](https://github.com/open-telemetry/opentelemetry-collector-contrib/blob/main/CONTRIBUTING.md#becoming-a-code-owner)    | [@codeboten](https://www.github.com/codeboten), [@nslaughter](https://www.github.com/nslaughter), [@smithclay](https://www.github.com/smithclay) |
+
+[development]: https://github.com/open-telemetry/opentelemetry-collector#development
+<!-- end autogenerated section -->
+
+The osquery receiver runs queries run on an [osquery](https://osquery.io/)'s daemon on a schedule and converts the output to logs.
+
+## Configuration
+
+The following settings are required:
+
+- `queries`: list of queries to run on an osquery daemon
+
+The following settings are optional:
+
+- `collection_interval` (default = 10s): How often queries are run on the system
+- `extensions_socket` (default = `/var/osquery/osquery.em`): The osquery daemon's extension socket. Used to communicate with osquery on the system.
+
+## Getting started
+
+[osquery](https://osquery.io/) must be installed on the system where the collector is running. Once running as a daemon, the collector can connect to it using osquery's extension socket.
+
+Example queries and data sources for querying are available in the [osquery docs](https://osquery.io/).
+
+## Example configuration
+
+```
+  osquery:
+    collection_internal: 10s
+    extensions_socket: /var/osquery/osquery.em
+    queries:
+      - "select * from certificates"
+      - "select * from block_devices"
+```

receiver/osqueryreceiver/config.go

@@ -0,0 +1,41 @@
+// Copyright The OpenTelemetry Authors
+// SPDX-License-Identifier: Apache-2.0
+
+package osqueryreceiver // import "github.com/open-telemetry/opentelemetry-collector-contrib/receiver/osqueryreceiver"
+
+import (
+	"errors"
+	"time"
+
+	"go.opentelemetry.io/collector/component"
+	"go.opentelemetry.io/collector/receiver/scraperhelper"
+
+	"github.com/open-telemetry/opentelemetry-collector-contrib/receiver/osqueryreceiver/internal/metadata"
+)
+
+const (
+	defaultSocket = "/var/osquery/osquery.em"
+)
+
+func createDefaultConfig() component.Config {
+	scs := scraperhelper.NewDefaultScraperControllerSettings(metadata.Type)
+	scs.CollectionInterval = 30 * time.Second
+
+	return &Config{
+		ExtensionsSocket:          defaultSocket,
+		ScraperControllerSettings: scs,
+	}
+}
+
+type Config struct {
+	scraperhelper.ScraperControllerSettings `mapstructure:",squash"`
+	ExtensionsSocket                        string   `mapstructure:"extensions_socket"`
+	Queries                                 []string `mapstructure:"queries"`
+}
+
+func (c Config) Validate() error {
+	if len(c.Queries) == 0 {
+		return errors.New("queries cannot be empty")
+	}
+	return nil
+}

receiver/osqueryreceiver/config_test.go

@@ -0,0 +1,19 @@
+// Copyright The OpenTelemetry Authors
+// SPDX-License-Identifier: Apache-2.0
+
+package osqueryreceiver
+
+import (
+	"testing"
+
+	"github.com/stretchr/testify/assert"
+)
+
+func TestConfig_Validate(t *testing.T) {
+	cfg := createDefaultConfig()
+	rc := cfg.(*Config)
+	assert.Error(t, rc.Validate())
+
+	rc.Queries = []string{"select * from certificates"}
+	assert.NoError(t, rc.Validate())
+}

receiver/osqueryreceiver/doc.go

@@ -0,0 +1,7 @@
+// Copyright The OpenTelemetry Authors
+// SPDX-License-Identifier: Apache-2.0
+
+//go:generate mdatagen metadata.yaml
+
+// Package osqueryreciever emits osquery results as logs
+package osqueryreceiver // import "github.com/open-telemetry/opentelemetry-collector-contrib/receiver/osqueryreceiver"

receiver/osqueryreceiver/factory.go

@@ -0,0 +1,17 @@
+// Copyright The OpenTelemetry Authors
+// SPDX-License-Identifier: Apache-2.0
+
+package osqueryreceiver // import "github.com/open-telemetry/opentelemetry-collector-contrib/receiver/osqueryreceiver"
+
+import (
+	"go.opentelemetry.io/collector/receiver"
+
+	"github.com/open-telemetry/opentelemetry-collector-contrib/receiver/osqueryreceiver/internal/metadata"
+)
+
+func NewFactory() receiver.Factory {
+	return receiver.NewFactory(
+		metadata.Type,
+		createDefaultConfig,
+	)
+}

receiver/osqueryreceiver/factory_test.go

@@ -0,0 +1,20 @@
+// Copyright The OpenTelemetry Authors
+// SPDX-License-Identifier: Apache-2.0
+
+package osqueryreceiver
+
+import (
+	"testing"
+	"time"
+
+	"github.com/stretchr/testify/assert"
+)
+
+func TestFactory(t *testing.T) {
+	f := NewFactory()
+	assert.EqualValues(t, "osquery", f.Type())
+	cfg := f.CreateDefaultConfig()
+	assert.NotNil(t, cfg)
+	duration, _ := time.ParseDuration("30s")
+	assert.Equal(t, duration, cfg.(*Config).ScraperControllerSettings.CollectionInterval)
+}

receiver/osqueryreceiver/go.mod

@@ -0,0 +1,45 @@
+module github.com/open-telemetry/opentelemetry-collector-contrib/receiver/osqueryreceiver
+
+go 1.20
+
+require (
+	github.com/stretchr/testify v1.8.4
+	go.opentelemetry.io/collector/component v0.92.1-0.20240112172857-83d463ceba06
+	go.opentelemetry.io/collector/receiver v0.92.1-0.20240112172857-83d463ceba06
+	go.opentelemetry.io/otel/metric v1.21.0
+	go.opentelemetry.io/otel/trace v1.21.0
+)
+
+require (
+	github.com/davecgh/go-spew v1.1.1 // indirect
+	github.com/gogo/protobuf v1.3.2 // indirect
+	github.com/golang/protobuf v1.5.3 // indirect
+	github.com/hashicorp/go-version v1.6.0 // indirect
+	github.com/json-iterator/go v1.1.12 // indirect
+	github.com/knadh/koanf/maps v0.1.1 // indirect
+	github.com/knadh/koanf/providers/confmap v0.1.0 // indirect
+	github.com/knadh/koanf/v2 v2.0.1 // indirect
+	github.com/mitchellh/copystructure v1.2.0 // indirect
+	github.com/mitchellh/mapstructure v1.5.1-0.20220423185008-bf980b35cac4 // indirect
+	github.com/mitchellh/reflectwalk v1.0.2 // indirect
+	github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd // indirect
+	github.com/modern-go/reflect2 v1.0.2 // indirect
+	github.com/pmezard/go-difflib v1.0.0 // indirect
+	go.opencensus.io v0.24.0 // indirect
+	go.opentelemetry.io/collector v0.92.1-0.20240112172857-83d463ceba06 // indirect
+	go.opentelemetry.io/collector/config/configtelemetry v0.92.1-0.20240112172857-83d463ceba06 // indirect
+	go.opentelemetry.io/collector/confmap v0.92.1-0.20240112172857-83d463ceba06 // indirect
+	go.opentelemetry.io/collector/consumer v0.92.1-0.20240112172857-83d463ceba06 // indirect
+	go.opentelemetry.io/collector/featuregate v1.0.2-0.20240112172857-83d463ceba06 // indirect
+	go.opentelemetry.io/collector/pdata v1.0.2-0.20240112172857-83d463ceba06 // indirect
+	go.opentelemetry.io/otel v1.21.0 // indirect
+	go.uber.org/multierr v1.11.0 // indirect
+	go.uber.org/zap v1.26.0 // indirect
+	golang.org/x/net v0.19.0 // indirect
+	golang.org/x/sys v0.15.0 // indirect
+	golang.org/x/text v0.14.0 // indirect
+	google.golang.org/genproto/googleapis/rpc v0.0.0-20231002182017-d307bd883b97 // indirect
+	google.golang.org/grpc v1.60.1 // indirect
+	google.golang.org/protobuf v1.32.0 // indirect
+	gopkg.in/yaml.v3 v3.0.1 // indirect
+)