New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
add a table for more convenient access to docker container environment #7313
Conversation
Hi @nabilschear ! It looks like the integration test is commented out, was this intentional? |
@mike-myers-tob nearly all the docker_* tables have this very simple structure for their tests. They are basically smoketests to make sure that the query can run (but don't check any returned values). See https://github.com/osquery/osquery/blob/master/tests/integration/tables/docker_image_labels.cpp as an example. In my case, I copied from this file: https://github.com/osquery/osquery/blob/master/tests/integration/tables/docker_container_labels.cpp |
any updates on this one? |
description("Docker container environment variables.") | ||
schema([ | ||
Column("id", TEXT, "Container ID", index=True), | ||
Column("key", TEXT, "Environment variable name", index=True), |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This is not indexed.
It might need additional
since it's part of the row's primary key.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I removed indexed from key
. It now has a similar structure to the process_envs
table, which I think is right (replacing pid
for id
)
de53a9e
to
812fc13
Compare
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
While I'm not totally sure we need it, it seems reasonably in keeping with the rest of the docker tables. Approved, pending CI
I'm going to close and reopen this PR to try to rerun the CI workflows |
I suspect the build failures are because of the LE cert expiration. That should be fixed on HEAD. Can you rebase please? |
Closing and reopening the PR (as Mike previously did) automatically updates the temporary merge branch that Github uses with the CI behind the curtains, aligning it to master. It should be fine now. |
All the docker container environment variables are joined with a comma and embedded into a single field in the
docker_containers
table. This makes it hard to construct queries against individual variables. This change introduces a new table calleddocker_container_envs
that splits these environment variables out in separate rows so that they can be used in a similar manner to theprocess_envs
table.Structured in a similar manner to the
docker_container_labels
table and re-using the variable parsing code fromprocess_envs