π fix core asset.labels + β¨ new asset.platformMetadata
#5227
Conversation
Test Results3β369 testsβ +15βββ3β365 β
+15βββ1m 37s β±οΈ -7s Results for commit 274f071.βΒ± Comparison against base commit 03ab221. β»οΈ This comment has been updated with latest results. |
|
Why did we use Platform.Labels before and what change does it make to switch to Asset.Labels? Are there different code paths that set these across different providers? I'm worried that with both fields existing we might run into similar problems again. |
|
I do some extra testing but this is what I discussed with @afiune as a solution. It stuck me that we use asset.Annotations but not asset.Labels. I am 99% sure the labels from platform are actually incorrect. |
|
@chris-rock I asked @afiune to investigate the solution, so we make sure it doesn't break things. We shouldn't have both structures because it can lead to bugs like this one :) |
|
Thank you both, I agree with @arlimus, if we don't use one, we should get rid of it. I will do some digging and report back any findings. |
afiune
force-pushed
the
afiune/fix/core-asset-labels
branch
3 times, most recently
from
1b6975b to
155fb1f
Compare
|
@chris-rock @arlimus I found a few places where we are using |
There was a problem hiding this comment.
Asset labels and platform labels have two different purposes and are not the same. We introduced platform labels to allow platform detection to add dynamic data that is not part of the normal go struct eg. windows uses that
cnquery/providers/os/resources/asset_cpe.go
Lines 43 to 45 in 0162b01
cnquery/providers/os/detector/detector_win.go
Lines 45 to 46 in 0162b01
Generally, asset labels are derived from the asset itself eg. EC2 instance tags and platform labels are operating system / platform specific, like Windows attaches specific information. I think the use of the same name 'labels' on two different structs leads to confusion as it is not always clear for new engineers what the difference is.
I think we should do the following:
- we expose platform labels as
asset.platformMetadataon asset. - we rename
platform.Labelsstruct toplatform.Metadata, which leads to less confusion
This would also require us to update the asset schema:
// General asset information
asset @defaults("name platform version") {
// Human readable name of the asset
name string
// Platform for this asset (redhat, windows, k8s-pod)
platform string
// Version of the platform
version string
// Architecture this OS is running on
arch string
// Human-readable title of the platform (e.g., "Red Hat 8, Container")
title string
// List of platform families that this platform belongs to
family []string
// Fully qualified domain name (optional)
fqdn string
// Build version of the platform (optional)
build string
// Platform Metadata eg. key values from /etc/os/release
platformMetadata map[string]string
// Asset labels derived from the source system
labels map[string]string
// User-provided custom annotations (tags) on the asset
annotations map[string]string
}Since policies may depend on platform labels to be exposed on asset, we need to apply this migration into two steps:
- Introduce
platformMetadatafield - Ensure all policies are migrated away to the new
platformMetadatafield - Switch
asset.Labelsfield over toasset.Labelsfromplatform.Labelsin v12
cli/reporter/cnquery_report.pb.go
Outdated
| @@ -4,7 +4,7 @@ | |||
| // Code generated by protoc-gen-go. DO NOT EDIT. | |||
| // versions: | |||
| // protoc-gen-go v1.35.2 | |||
| // protoc v5.29.2 | |||
| // protoc v5.29.3 | |||
There was a problem hiding this comment.
Those updates should not be part of this PR since they distract the review.
providers-sdk/v1/upstream/mvd/mvd.go
Outdated
| // platform object we use for MVD | ||
| func NewMvdPlatform(pf *inventory.Platform) *Platform { | ||
| if pf == nil { | ||
| func NewMvdPlatform(asset *inventory.Asset) *Platform { |
There was a problem hiding this comment.
That is not correct. Mvd Platform is just a conversion of the platform object.
| conn shared.Connection | ||
| platform *inventory.Platform | ||
| conn shared.Connection | ||
| asset *inventory.Asset |
There was a problem hiding this comment.
pkg managers do not need to know the asset information
The labels of an asset come from the asset itself, not the platform. Signed-off-by: Salim Afiune Maya <afiune@mondoo.com>
Signed-off-by: Salim Afiune Maya <afiune@mondoo.com>
afiune
force-pushed
the
afiune/fix/core-asset-labels
branch
from
155fb1f to
2138e1d
Compare
afiune
changed the title
asset.labelsasset.labels + β¨ new asset.platformMetadata
afiune
force-pushed
the
afiune/fix/core-asset-labels
branch
from
363a056 to
1ac237d
Compare
We will merge `asset.Labels` and `asset.Platform.Labels` for backwards compatibility. Should be removed in v12 when we remove `asset.Platform.Labels`. Signed-off-by: Salim Afiune Maya <afiune@mondoo.com>
afiune
force-pushed
the
afiune/fix/core-asset-labels
branch
from
1ac237d to
274f071
Compare
The labels of an asset come from the asset itself, not the platform, but as some point
we made a mistake to use the platform labels, this PR is the first step to fix this issue.
In this PR we are:
asset.Platform.Metadatawith the goalto give more clarity and avoid confusions with
asset.Labelsasset.Platform.Labelsin favor ofasset.Platform.Metadata(this fieldwill be remove in
v12)asset.platformMetadatato theassetMQL schema, thisnew field will have the
asset.Platform.Metadataasset.labelsMQL resource to have the actual asset labels but, we aregoing to merge this field with the platform labels for backwards compatibility
After merging this PR, we will start migrating the use of
asset.Platform.Labelstoasset.Platform.Metadata, so that inv12we can remove `asset.Platform.Labels.