open-telemetry
/
semantic-conventions
mirror of https://github.com/open-telemetry/semantic-conventions.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Fix more process attributes without namespace (#1363) 

Co-authored-by: Josh Suereth <joshuasuereth@google.com>
This commit is contained in:
Liudmila Molkova 2024-08-28 05:33:12 -07:00 committed by GitHub
parent 46d9eacef9
commit 5eb37f7068
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
5 changed files with 35 additions and 15 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
docs/attributes-registry/process.md
View File

@ -39,17 +39,17 @@ An operating system process.
| `process.saved_user.id` | int | The saved user ID (SUID) of the process. | `1002` | ![Experimental](https://img.shields.io/badge/-experimental-blue) |
| `process.saved_user.name` | string | The username of the saved user. | `operator` | ![Experimental](https://img.shields.io/badge/-experimental-blue) |
| `process.session_leader.pid` | int | The PID of the process's session leader. This is also the session ID (SID) of the process. | `14` | ![Experimental](https://img.shields.io/badge/-experimental-blue) |
| `process.title` | string | Process title (proctitle) [2] | `cat /etc/hostname`; `xfce4-session`; `bash` | ![Experimental](https://img.shields.io/badge/-experimental-blue) |
| `process.user.id` | int | The effective user ID (EUID) of the process. | `1001` | ![Experimental](https://img.shields.io/badge/-experimental-blue) |
| `process.user.name` | string | The username of the effective user of the process. | `root` | ![Experimental](https://img.shields.io/badge/-experimental-blue) |
| `process.vpid` | int | Virtual process identifier. [2] | `12` | ![Experimental](https://img.shields.io/badge/-experimental-blue) |
| `title` | string | Process title (proctitle) [3] | `cat /etc/hostname`; `xfce4-session`; `bash` | ![Experimental](https://img.shields.io/badge/-experimental-blue) |
| `working_directory` | string | The working directory of the process. | `/root` | ![Experimental](https://img.shields.io/badge/-experimental-blue) |
| `process.vpid` | int | Virtual process identifier. [3] | `12` | ![Experimental](https://img.shields.io/badge/-experimental-blue) |
| `process.working_directory` | string | The working directory of the process. | `/root` | ![Experimental](https://img.shields.io/badge/-experimental-blue) |
**[1]:** This field can be useful for querying or performing bucket analysis on how many arguments were provided to start a process. More arguments may be an indication of suspicious activity.
**[2]:** The process ID within a PID namespace. This is not necessarily unique across all processes on the host but it is unique within the process namespace that the process exists within.
**[2]:** In many Unix-like systems, process title (proctitle), is the string that represents the name or command line of a running process, displayed by system monitoring tools like ps, top, and htop.
**[3]:** In many Unix-like systems, process title (proctitle), is the string that represents the name or command line of a running process, displayed by system monitoring tools like ps, top, and htop.
**[3]:** The process ID within a PID namespace. This is not necessarily unique across all processes on the host but it is unique within the process namespace that the process exists within.
`process.context_switch_type` has the following list of well-known values. If one of them applies, then the respective value MUST be used; otherwise, a custom value MAY be used.

4
model/registry/process.yaml
View File

@ -159,7 +159,7 @@ groups:
An additional description about the runtime of the process, for example
a specific vendor customization of the runtime environment.
examples: 'Eclipse OpenJ9 Eclipse OpenJ9 VM openj9-0.21.0'
- id: title
- id: process.title
type: string
stability: experimental
brief: >
@ -192,7 +192,7 @@ groups:
stability: experimental
brief: >
Whether the process is connected to an interactive shell.
- id: working_directory
- id: process.working_directory
type: string
stability: experimental
brief: >

16
policies/yaml_schema.rego
View File

@ -11,6 +11,20 @@ deny[yaml_schema_violation(description, group.id, name)] {
description := sprintf("Attribute name '%s' is invalid. Attribute name %s", [name, invalid_name_helper])
}
# checks attribute name has a namespace
deny[yaml_schema_violation(description, group.id, name)] {
group := input.groups[_]
attr := group.attributes[_]
name := attr.id
# some deprecated attributes have no namespace and need to be ignored
not attr.deprecated
not regex.match(has_namespace_regex, name)
description := sprintf("Attribute name '%s' should have a namespace. Attribute name %s", [name, invalid_name_helper])
}
# checks metric name format
deny[yaml_schema_violation(description, group.id, name)] {
group := input.groups[_]
@ -71,4 +85,6 @@ yaml_schema_violation(description, group, attr) = violation {
# valid: 'foo.bar', 'foo.1bar', 'foo.1_bar'
name_regex := "^[a-z][a-z0-9]*([._][a-z0-9]+)*$"
has_namespace_regex := "^[a-z0-9_]+\\.([a-z0-9._]+)+$"
invalid_name_helper := "must consist of lowercase alphanumeric characters separated by '_' and '.'"

14
policies/yaml_schema_test.rego
View File

@ -4,19 +4,23 @@ import future.keywords
test_fails_on_invalid_attribute_name if {
every name in invalid_names {
count(deny) == 1 with input as {"groups": create_attribute_group(name)}
count(deny) >= 1 with input as {"groups": create_attribute_group(name)}
}
}
test_fails_on_attribute_name_without_namespace if {
count(deny) >= 1 with input as {"groups": create_attribute_group("foo")}
}
test_fails_on_invalid_metric_name if {
every name in invalid_names {
count(deny) == 1 with input as {"groups": create_metric(name)}
count(deny) >= 1 with input as {"groups": create_metric(name)}
}
}
test_fails_on_invalid_event_name if {
every name in invalid_names {
count(deny) == 1 with input as {"groups": create_event(name)}
count(deny) >= 1 with input as {"groups": create_event(name)}
}
}
@ -52,9 +56,9 @@ invalid_names := [
"foo.bar.",
"foo..bar",
"foo._bar",
"foo__bar",
"foo.bar__baz",
"foo_.bar",
"foo,bar",
"foo.bar,baz",
"fü.bär",
]

6
policies_test/registry_test.rego
View File

@ -11,10 +11,10 @@ test_registry_attribute_groups if {
test_attribute_ids if {
# This requires a prefix for use with opa, but weaver will fill in.
count(before_resolution.deny) > 0 with input as {"groups": [{"id": "not_registry", "prefix": "", "attributes": [{"id": "foo"}]}]}
count(before_resolution.deny) > 0 with input as {"groups": [{"id": "not_registry", "prefix": "", "attributes": [{"id": "foo.bar"}]}]}
count(before_resolution.deny) == 0 with input as {"groups": [
{"id": "registry.test", "prefix": "", "attributes": [{"id": "foo"}]},
{"id": "not_registry", "prefix": "", "attributes": [{"ref": "foo"}]},
{"id": "registry.test", "prefix": "", "attributes": [{"id": "foo.bar"}]},
{"id": "not_registry", "prefix": "", "attributes": [{"ref": "foo.bar"}]},
]}
}