From a46e8798f0b0ab486d47880b74c361b1627e51f4 Mon Sep 17 00:00:00 2001 From: Maxwell Borden Date: Tue, 27 Jun 2023 17:15:34 +0200 Subject: [PATCH 1/4] Move container.privileged to container.security_context.privileged I did not rebase correctly to resolve conflicts in the previous PR and merged the incorrect initial path to the privileged flag --- schemas/container.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/schemas/container.yml b/schemas/container.yml index 85b888dfce..329a4e627d 100644 --- a/schemas/container.yml +++ b/schemas/container.yml @@ -121,7 +121,7 @@ The number of bytes (gauge) sent out on all network interfaces by the container since the last metric collection. - - name: privileged + - name: security_context.privileged type: bool level: extended short: Indicates whether the container is running in privileged mode. From 3ff29022a2e5adda4d203c9c8633dcbb0934653f Mon Sep 17 00:00:00 2001 From: Maxwell Borden Date: Tue, 27 Jun 2023 17:16:11 +0200 Subject: [PATCH 2/4] Regenerate Artifacts --- docs/fields/field-details.asciidoc | 20 +++++++++---------- experimental/generated/beats/fields.ecs.yml | 10 +++++----- experimental/generated/csv/fields.csv | 2 +- experimental/generated/ecs/ecs_flat.yml | 18 ++++++++--------- experimental/generated/ecs/ecs_nested.yml | 18 ++++++++--------- .../composable/component/container.json | 10 +++++++--- .../elasticsearch/legacy/template.json | 10 +++++++--- generated/beats/fields.ecs.yml | 10 +++++----- generated/csv/fields.csv | 2 +- generated/ecs/ecs_flat.yml | 18 ++++++++--------- generated/ecs/ecs_nested.yml | 18 ++++++++--------- .../composable/component/container.json | 10 +++++++--- generated/elasticsearch/legacy/template.json | 10 +++++++--- 13 files changed, 86 insertions(+), 70 deletions(-) diff --git a/docs/fields/field-details.asciidoc b/docs/fields/field-details.asciidoc index 0d92b86aa2..3b75701633 100644 --- a/docs/fields/field-details.asciidoc +++ b/docs/fields/field-details.asciidoc @@ -1218,32 +1218,32 @@ type: long // =============================================================== | -[[field-container-privileged]] -<> - -a| Indicates whether the container is running in privileged mode. +[[field-container-runtime]] +<> -type: bool +a| Runtime managing this container. +type: keyword +example: `docker` | extended // =============================================================== | -[[field-container-runtime]] -<> +[[field-container-security-context-privileged]] +<> -a| Runtime managing this container. +a| Indicates whether the container is running in privileged mode. + +type: bool -type: keyword -example: `docker` | extended diff --git a/experimental/generated/beats/fields.ecs.yml b/experimental/generated/beats/fields.ecs.yml index b1f439752f..bddf67659a 100644 --- a/experimental/generated/beats/fields.ecs.yml +++ b/experimental/generated/beats/fields.ecs.yml @@ -944,17 +944,17 @@ description: The number of bytes received (gauge) on all network interfaces by the container since the last metric collection. default_field: false - - name: privileged - level: extended - type: bool - description: Indicates whether the container is running in privileged mode. - default_field: false - name: runtime level: extended type: keyword ignore_above: 1024 description: Runtime managing this container. example: docker + - name: security_context.privileged + level: extended + type: bool + description: Indicates whether the container is running in privileged mode. + default_field: false - name: data_stream title: Data Stream group: 2 diff --git a/experimental/generated/csv/fields.csv b/experimental/generated/csv/fields.csv index 09b70c2f1a..ea92bdc24a 100644 --- a/experimental/generated/csv/fields.csv +++ b/experimental/generated/csv/fields.csv @@ -99,8 +99,8 @@ ECS_Version,Indexed,Field_Set,Field,Type,Level,Normalization,Example,Description 8.10.0-dev+exp,true,container,container.name,keyword,extended,,,Container name. 8.10.0-dev+exp,true,container,container.network.egress.bytes,long,extended,,,The number of bytes sent on all network interfaces. 8.10.0-dev+exp,true,container,container.network.ingress.bytes,long,extended,,,The number of bytes received on all network interfaces. -8.10.0-dev+exp,true,container,container.privileged,bool,extended,,,Indicates whether the container is running in privileged mode. 8.10.0-dev+exp,true,container,container.runtime,keyword,extended,,docker,Runtime managing this container. +8.10.0-dev+exp,true,container,container.security_context.privileged,bool,extended,,,Indicates whether the container is running in privileged mode. 8.10.0-dev+exp,true,data_stream,data_stream.dataset,constant_keyword,extended,,nginx.access,The field can contain anything that makes sense to signify the source of the data. 8.10.0-dev+exp,true,data_stream,data_stream.namespace,constant_keyword,extended,,production,A user defined namespace. Namespaces are useful to allow grouping of data. 8.10.0-dev+exp,true,data_stream,data_stream.type,constant_keyword,extended,,logs,An overarching type for the data stream. diff --git a/experimental/generated/ecs/ecs_flat.yml b/experimental/generated/ecs/ecs_flat.yml index 1b8c568342..5a9f0cceda 100644 --- a/experimental/generated/ecs/ecs_flat.yml +++ b/experimental/generated/ecs/ecs_flat.yml @@ -1183,15 +1183,6 @@ container.network.ingress.bytes: normalize: [] short: The number of bytes received on all network interfaces. type: long -container.privileged: - dashed_name: container-privileged - description: Indicates whether the container is running in privileged mode. - flat_name: container.privileged - level: extended - name: privileged - normalize: [] - short: Indicates whether the container is running in privileged mode. - type: bool container.runtime: dashed_name: container-runtime description: Runtime managing this container. @@ -1203,6 +1194,15 @@ container.runtime: normalize: [] short: Runtime managing this container. type: keyword +container.security_context.privileged: + dashed_name: container-security-context-privileged + description: Indicates whether the container is running in privileged mode. + flat_name: container.security_context.privileged + level: extended + name: security_context.privileged + normalize: [] + short: Indicates whether the container is running in privileged mode. + type: bool data_stream.dataset: dashed_name: data-stream-dataset description: "The field can contain anything that makes sense to signify the source\ diff --git a/experimental/generated/ecs/ecs_nested.yml b/experimental/generated/ecs/ecs_nested.yml index 5dc98a22f8..0a4cc7c982 100644 --- a/experimental/generated/ecs/ecs_nested.yml +++ b/experimental/generated/ecs/ecs_nested.yml @@ -1562,15 +1562,6 @@ container: normalize: [] short: The number of bytes received on all network interfaces. type: long - container.privileged: - dashed_name: container-privileged - description: Indicates whether the container is running in privileged mode. - flat_name: container.privileged - level: extended - name: privileged - normalize: [] - short: Indicates whether the container is running in privileged mode. - type: bool container.runtime: dashed_name: container-runtime description: Runtime managing this container. @@ -1582,6 +1573,15 @@ container: normalize: [] short: Runtime managing this container. type: keyword + container.security_context.privileged: + dashed_name: container-security-context-privileged + description: Indicates whether the container is running in privileged mode. + flat_name: container.security_context.privileged + level: extended + name: security_context.privileged + normalize: [] + short: Indicates whether the container is running in privileged mode. + type: bool group: 2 name: container prefix: container. diff --git a/experimental/generated/elasticsearch/composable/component/container.json b/experimental/generated/elasticsearch/composable/component/container.json index fa7a0421ef..d4c1071e52 100644 --- a/experimental/generated/elasticsearch/composable/component/container.json +++ b/experimental/generated/elasticsearch/composable/component/container.json @@ -91,12 +91,16 @@ } } }, - "privileged": { - "type": "bool" - }, "runtime": { "ignore_above": 1024, "type": "keyword" + }, + "security_context": { + "properties": { + "privileged": { + "type": "bool" + } + } } } } diff --git a/experimental/generated/elasticsearch/legacy/template.json b/experimental/generated/elasticsearch/legacy/template.json index fa866c0253..17b103099e 100644 --- a/experimental/generated/elasticsearch/legacy/template.json +++ b/experimental/generated/elasticsearch/legacy/template.json @@ -560,12 +560,16 @@ } } }, - "privileged": { - "type": "bool" - }, "runtime": { "ignore_above": 1024, "type": "keyword" + }, + "security_context": { + "properties": { + "privileged": { + "type": "bool" + } + } } } }, diff --git a/generated/beats/fields.ecs.yml b/generated/beats/fields.ecs.yml index f64dda3f11..17d08da261 100644 --- a/generated/beats/fields.ecs.yml +++ b/generated/beats/fields.ecs.yml @@ -894,17 +894,17 @@ description: The number of bytes received (gauge) on all network interfaces by the container since the last metric collection. default_field: false - - name: privileged - level: extended - type: bool - description: Indicates whether the container is running in privileged mode. - default_field: false - name: runtime level: extended type: keyword ignore_above: 1024 description: Runtime managing this container. example: docker + - name: security_context.privileged + level: extended + type: bool + description: Indicates whether the container is running in privileged mode. + default_field: false - name: data_stream title: Data Stream group: 2 diff --git a/generated/csv/fields.csv b/generated/csv/fields.csv index c2d9534ddb..c41f611017 100644 --- a/generated/csv/fields.csv +++ b/generated/csv/fields.csv @@ -92,8 +92,8 @@ ECS_Version,Indexed,Field_Set,Field,Type,Level,Normalization,Example,Description 8.10.0-dev,true,container,container.name,keyword,extended,,,Container name. 8.10.0-dev,true,container,container.network.egress.bytes,long,extended,,,The number of bytes sent on all network interfaces. 8.10.0-dev,true,container,container.network.ingress.bytes,long,extended,,,The number of bytes received on all network interfaces. -8.10.0-dev,true,container,container.privileged,bool,extended,,,Indicates whether the container is running in privileged mode. 8.10.0-dev,true,container,container.runtime,keyword,extended,,docker,Runtime managing this container. +8.10.0-dev,true,container,container.security_context.privileged,bool,extended,,,Indicates whether the container is running in privileged mode. 8.10.0-dev,true,data_stream,data_stream.dataset,constant_keyword,extended,,nginx.access,The field can contain anything that makes sense to signify the source of the data. 8.10.0-dev,true,data_stream,data_stream.namespace,constant_keyword,extended,,production,A user defined namespace. Namespaces are useful to allow grouping of data. 8.10.0-dev,true,data_stream,data_stream.type,constant_keyword,extended,,logs,An overarching type for the data stream. diff --git a/generated/ecs/ecs_flat.yml b/generated/ecs/ecs_flat.yml index 1256ae19b4..845d61ecef 100644 --- a/generated/ecs/ecs_flat.yml +++ b/generated/ecs/ecs_flat.yml @@ -1114,15 +1114,6 @@ container.network.ingress.bytes: normalize: [] short: The number of bytes received on all network interfaces. type: long -container.privileged: - dashed_name: container-privileged - description: Indicates whether the container is running in privileged mode. - flat_name: container.privileged - level: extended - name: privileged - normalize: [] - short: Indicates whether the container is running in privileged mode. - type: bool container.runtime: dashed_name: container-runtime description: Runtime managing this container. @@ -1134,6 +1125,15 @@ container.runtime: normalize: [] short: Runtime managing this container. type: keyword +container.security_context.privileged: + dashed_name: container-security-context-privileged + description: Indicates whether the container is running in privileged mode. + flat_name: container.security_context.privileged + level: extended + name: security_context.privileged + normalize: [] + short: Indicates whether the container is running in privileged mode. + type: bool data_stream.dataset: dashed_name: data-stream-dataset description: "The field can contain anything that makes sense to signify the source\ diff --git a/generated/ecs/ecs_nested.yml b/generated/ecs/ecs_nested.yml index b097520208..a34185add4 100644 --- a/generated/ecs/ecs_nested.yml +++ b/generated/ecs/ecs_nested.yml @@ -1482,15 +1482,6 @@ container: normalize: [] short: The number of bytes received on all network interfaces. type: long - container.privileged: - dashed_name: container-privileged - description: Indicates whether the container is running in privileged mode. - flat_name: container.privileged - level: extended - name: privileged - normalize: [] - short: Indicates whether the container is running in privileged mode. - type: bool container.runtime: dashed_name: container-runtime description: Runtime managing this container. @@ -1502,6 +1493,15 @@ container: normalize: [] short: Runtime managing this container. type: keyword + container.security_context.privileged: + dashed_name: container-security-context-privileged + description: Indicates whether the container is running in privileged mode. + flat_name: container.security_context.privileged + level: extended + name: security_context.privileged + normalize: [] + short: Indicates whether the container is running in privileged mode. + type: bool group: 2 name: container prefix: container. diff --git a/generated/elasticsearch/composable/component/container.json b/generated/elasticsearch/composable/component/container.json index a840e22ba5..8f479ed72c 100644 --- a/generated/elasticsearch/composable/component/container.json +++ b/generated/elasticsearch/composable/component/container.json @@ -91,12 +91,16 @@ } } }, - "privileged": { - "type": "bool" - }, "runtime": { "ignore_above": 1024, "type": "keyword" + }, + "security_context": { + "properties": { + "privileged": { + "type": "bool" + } + } } } } diff --git a/generated/elasticsearch/legacy/template.json b/generated/elasticsearch/legacy/template.json index c20ce4daef..c12bbf937c 100644 --- a/generated/elasticsearch/legacy/template.json +++ b/generated/elasticsearch/legacy/template.json @@ -518,12 +518,16 @@ } } }, - "privileged": { - "type": "bool" - }, "runtime": { "ignore_above": 1024, "type": "keyword" + }, + "security_context": { + "properties": { + "privileged": { + "type": "bool" + } + } } } }, From 313cc227a3df22d2b3568fb3967e010ade6668a8 Mon Sep 17 00:00:00 2001 From: Maxwell Borden Date: Tue, 27 Jun 2023 17:18:00 +0200 Subject: [PATCH 3/4] Update changelog --- CHANGELOG.next.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/CHANGELOG.next.md b/CHANGELOG.next.md index b527829e84..75bc1fcdeb 100644 --- a/CHANGELOG.next.md +++ b/CHANGELOG.next.md @@ -15,7 +15,7 @@ Thanks, you're awesome :-) --> #### Bugfixes #### Added -* Added `container.privileged` to indicated whether a container was started in privileged mode. #2219 +* Added `container.security_context.privileged` to indicated whether a container was started in privileged mode. #2219 #### Improvements From 4207f771305983d040319870435c13c8c9b5a6c7 Mon Sep 17 00:00:00 2001 From: Maxwell Borden Date: Wed, 28 Jun 2023 17:47:21 +0200 Subject: [PATCH 4/4] Update CHANGELOG.next.md Co-authored-by: Eric Beahan --- CHANGELOG.next.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/CHANGELOG.next.md b/CHANGELOG.next.md index 75bc1fcdeb..81824e7f03 100644 --- a/CHANGELOG.next.md +++ b/CHANGELOG.next.md @@ -15,7 +15,7 @@ Thanks, you're awesome :-) --> #### Bugfixes #### Added -* Added `container.security_context.privileged` to indicated whether a container was started in privileged mode. #2219 +* Added `container.security_context.privileged` to indicated whether a container was started in privileged mode. #2219, #2225 #### Improvements