Rudolph does not sync with Santa agents starting with v2024.6

[sean-m-benson]

Describe the bug
Rudolph does not support sync with Santa agents starting with v2024.6

To Reproduce
We observe the following behavior when running santactl sync using Santa agent v2024.8.

❯ santactl version
santad          | 2024.8 (build 672617603)
santactl        | 2024.8 (build 672617603)
SantaGUI        | 2024.8 (build 672617603)

❯ santactl sync
Missing Machine Owner.
Preflight starting
Performing request, attempt 1 (of 5 maximum)...
Server Trust: /O=(null)/OU=(null)/CN=[redacted]
Preflight complete
Event upload starting
Event upload complete
Rule download starting
Performing request, attempt 1 (of 5 maximum)...
Failed to parse response JSON into message: INVALID_ARGUMENT: invalid JSON in santa.sync.v1.RuleDownloadResponse   @ cursor: string,   near 1:22 (offset 21): unexpected   character: '{'; expected '"'
Error downloading rules: Error Domain=com.google.santa.syncservice Code=3 "Failed to parse response JSON into message: INVALID_ARGUMENT: invalid JSON in santa.sync.v1.RuleDownloadResponse   @ cursor: string,   near 1:22 (offset 21): unexpected   character: '{'; expected '"'" UserInfo={NSLocalizedDescription=Failed to parse response JSON into message: INVALID_ARGUMENT: invalid JSON in santa.sync.v1.RuleDownloadResponse   @ cursor: string,   near 1:22 (offset 21): unexpected   character: '{'; expected '"'}
Rule download failed, aborting run

Expected behavior
We see expected behavior when attempting to santactl sync running Santa agent v2024.5.

❯ santactl version
santad          | 2024.5 (build 635843070)
santactl        | 2024.5 (build 635843070)
SantaGUI        | 2024.5 (build 635843070)

❯ santactl sync
Missing Machine Owner.
Preflight starting
Performing request, attempt 1 (of 5 maximum)...
Server Trust: /O=(null)/OU=(null)/CN=[redacted]
Preflight complete
Event upload starting
Event upload complete
Rule download starting
Performing request, attempt 1 (of 5 maximum)...
Received 0 rules
Performing request, attempt 1 (of 5 maximum)...
Received 0 rules
Rule download complete
Postflight starting
Performing request, attempt 1 (of 5 maximum)...
Postflight complete
Sync completed successfully

Screenshots
If applicable, add screenshots to help explain your problem.

Environment:

• Deployment OS Version: Linux (unsure of specifics)
• Terraform Version: 1.8.0
• Golang version: 1.22
• aws-cli version: aws-cli/2.16.10
• rudolph version: development

Additional context
Per discussion here

[pmarkowsky]

The issue is related to the cursor field in the RuleDownloadRequest. Prior to 2024.6 Santa just used Foundation to parse the JSON to an NSDictionary. This meant that parsing was less strict and you could put any sort of JSON under the cursor field. Currently Rudolph expects to be able to pass the cursor field as JSON object.

In 2024.6 and afterwards the JSON is being parsed using the proto3 mapping to JSON. This makes the cursor field strictly a string.

The cursor field in the sync protocol is intended to be an opaque field and is expected to be parsed / unmarshalled after you've pulled the field out of the JSON. The fix should be then to serialize the cursor in the ruledownload request / response to a string and then marshal / unmarshal it separately.

I've written a fix here however I've not opened a PR because I've not been able to test it. Specifically I've not been able to get Rudolph up and running from a clean checkout without terraform errors related to IAM for the store module. This may be an error on my part.