search

mondoohq / cnspec

An open source, cloud-native security to protect everything from build to runtime
https://cnspec.io
Other
272 stars 13 forks source link

vsphere provider returns also VMs where the test is true #919

Open atomic111 opened 1 year ago

atomic111 commented 1 year ago

i have the following test. My expectation is that I get only the list where the test result is false, but I get all VMs in the sphere cluster

vsphere.datacenters.all( vms.all( advancedSettings['tools.guest.desktop.autolock'].downcase == false ) )
[failed] [].all()
  actual:   [
    0: vsphere.datacenter moid="Datacenter-datacenter-3" name="Mondoo Datacenter 1" {
      vms: [
        0: vsphere.datacenter vsphere.vm id = VirtualMachine-vm-3014
        1: vsphere.datacenter vsphere.vm id = VirtualMachine-vm-19
        2: vsphere.datacenter vsphere.vm id = VirtualMachine-vm-39150
        3: vsphere.datacenter vsphere.vm id = VirtualMachine-vm-39108
      ]
    }
    1: vsphere.datacenter moid="Datacenter-datacenter-8" name="Mondoo Datacenter 2" {
      vms: [
        0: vsphere.datacenter vsphere.vm id = VirtualMachine-vm-40016
        1: vsphere.datacenter vsphere.vm id = VirtualMachine-vm-2008
        2: vsphere.datacenter vsphere.vm id = VirtualMachine-vm-27
        3: vsphere.datacenter vsphere.vm id = VirtualMachine-vm-40050
        4: vsphere.datacenter vsphere.vm id = VirtualMachine-vm-39121
        5: vsphere.datacenter vsphere.vm id = VirtualMachine-vm-40139
        6: vsphere.datacenter vsphere.vm id = VirtualMachine-vm-5005
        7: vsphere.datacenter vsphere.vm id = VirtualMachine-vm-1022
        8: vsphere.datacenter vsphere.vm id = VirtualMachine-vm-3013
        9: vsphere.datacenter vsphere.vm id = VirtualMachine-vm-4011
        10: vsphere.datacenter vsphere.vm id = VirtualMachine-vm-1013
        11: vsphere.datacenter vsphere.vm id = VirtualMachine-vm-1009
        12: vsphere.datacenter vsphere.vm id = VirtualMachine-vm-3007
        13: vsphere.datacenter vsphere.vm id = VirtualMachine-vm-44769
      ]
    }
  ]

to confirm it here the query

vsphere.datacenters.all( vms { name moid advancedSettings['tools.guest.desktop.autolock'].downcase == false } )
[failed] [].all()
  actual:   [
    0: vsphere.datacenter moid="Datacenter-datacenter-3" name="Mondoo Datacenter 1" {
      vms: [
        0: vsphere.datacenter vsphere.vm id = VirtualMachine-vm-3014
        1: vsphere.datacenter vsphere.vm id = VirtualMachine-vm-19
        2: vsphere.datacenter vsphere.vm id = VirtualMachine-vm-39150
        3: vsphere.datacenter vsphere.vm id = VirtualMachine-vm-39108
      ]
      vms: [
        0: vsphere.datacenter moid="VirtualMachine-vm-3014" name="Windows2019-DE-lunalectric" {
          advancedSettings[tools.guest.desktop.autolock].downcase == false: true
        }
        1: vsphere.datacenter moid="VirtualMachine-vm-19" name="vCenter" {
          advancedSettings[tools.guest.desktop.autolock].downcase == false: true
        }
        2: vsphere.datacenter moid="VirtualMachine-vm-39150" name="suse11" {
          advancedSettings[tools.guest.desktop.autolock].downcase == false: true
        }
        3: vsphere.datacenter moid="VirtualMachine-vm-39108" name="Splunk" {
          advancedSettings[tools.guest.desktop.autolock].downcase == false: false
        }
      ]
    }
    1: vsphere.datacenter moid="Datacenter-datacenter-8" name="Mondoo Datacenter 2" {
      vms: [
        0: vsphere.datacenter vsphere.vm id = VirtualMachine-vm-40016
        1: vsphere.datacenter vsphere.vm id = VirtualMachine-vm-2008
        2: vsphere.datacenter vsphere.vm id = VirtualMachine-vm-27
        3: vsphere.datacenter vsphere.vm id = VirtualMachine-vm-40050
        4: vsphere.datacenter vsphere.vm id = VirtualMachine-vm-39121
        5: vsphere.datacenter vsphere.vm id = VirtualMachine-vm-40139
        6: vsphere.datacenter vsphere.vm id = VirtualMachine-vm-5005
        7: vsphere.datacenter vsphere.vm id = VirtualMachine-vm-1022
        8: vsphere.datacenter vsphere.vm id = VirtualMachine-vm-3013
        9: vsphere.datacenter vsphere.vm id = VirtualMachine-vm-4011
        10: vsphere.datacenter vsphere.vm id = VirtualMachine-vm-1013
        11: vsphere.datacenter vsphere.vm id = VirtualMachine-vm-1009
        12: vsphere.datacenter vsphere.vm id = VirtualMachine-vm-3007
        13: vsphere.datacenter vsphere.vm id = VirtualMachine-vm-44769
      ]
      vms: [
        0: vsphere.datacenter moid="VirtualMachine-vm-40016" name="mondoo-build-vmware-appliance" {
          advancedSettings[tools.guest.desktop.autolock].downcase == false: true
        }
        1: vsphere.datacenter moid="VirtualMachine-vm-2008" name="build mondoo appliance - Lunalectric" {
          advancedSettings[tools.guest.desktop.autolock].downcase == false: true
        }
        2: vsphere.datacenter moid="VirtualMachine-vm-27" name="mondoo-appliance - lunalectric" {
          advancedSettings[tools.guest.desktop.autolock].downcase == false: false
        }
        3: vsphere.datacenter moid="VirtualMachine-vm-40050" name="mondoo-appliance-testing-debian12-final" {
          advancedSettings[tools.guest.desktop.autolock].downcase == false: false
        }
        4: vsphere.datacenter moid="VirtualMachine-vm-39121" name="ONTAPdeploy" {
          advancedSettings[tools.guest.desktop.autolock].downcase == false: false
        }
        5: vsphere.datacenter moid="VirtualMachine-vm-40139" name="manuel-mondoo-appliance-tf" {
          advancedSettings[tools.guest.desktop.autolock].downcase == false: false
        }
        6: vsphere.datacenter moid="VirtualMachine-vm-5005" name="win10 - Lunalectric" {
          advancedSettings[tools.guest.desktop.autolock].downcase == false: false
        }
        7: vsphere.datacenter moid="VirtualMachine-vm-1022" name="kali" {
          advancedSettings[tools.guest.desktop.autolock].downcase == false: true
        }
        8: vsphere.datacenter moid="VirtualMachine-vm-3013" name="PopOS - lunalectric" {
          advancedSettings[tools.guest.desktop.autolock].downcase == false: false
        }
        9: vsphere.datacenter moid="VirtualMachine-vm-4011" name="Fedora 64-bit" {
          advancedSettings[tools.guest.desktop.autolock].downcase == false: false
        }
        10: vsphere.datacenter moid="VirtualMachine-vm-1013" name="Windows Server 2016 - lunalectric" {
          advancedSettings[tools.guest.desktop.autolock].downcase == false: true
        }
        11: vsphere.datacenter moid="VirtualMachine-vm-1009" name="Kali Linux - do not touch" {
          advancedSettings[tools.guest.desktop.autolock].downcase == false: false
        }
        12: vsphere.datacenter moid="VirtualMachine-vm-3007" name="WinXP Ability Hack - Testing-do not touch" {
          advancedSettings[tools.guest.desktop.autolock].downcase == false: false
        }
        13: vsphere.datacenter moid="VirtualMachine-vm-44769" name="mondoo-appliance" {
          advancedSettings[tools.guest.desktop.autolock].downcase == false: false
        }
      ]
    }
  ]
vjeffrey commented 5 months ago

do the results change at all if the query is modified from vsphere.datacenters.all( vms.all( advancedSettings['tools.guest.desktop.autolock'].downcase == false ) ) [failed] [].all()

to

vsphere.datacenters.all( vms.where( advancedSettings['tools.guest.desktop.autolock'].downcase == false ) ) [failed] [].all()

vjeffrey commented 4 months ago

when I tested this I believe I noticed that the expected true case was coming back as string true, not bool true.

ill go run that test again soon and update here

chris-rock commented 4 months ago

This could also be caused by the nested .all( x.all () )

jaym commented 3 months ago

I think its what Chris said. all is special in its compilation and meaning. Its going to be the outer all that has special data collection. That all is about datacenters. So its going to display all the datacenters for which the inner condition fails.

This can be seen in the compilation of the query:

-> block 1
   entrypoints: [<1,4>]
   1: vsphere
   2: datacenters bind: <1,1> type:[]vsphere.datacenter
   3: $whereNot bind: <1,2> type:[]vsphere.datacenter (ref<1,2>, => <2,0>)
   4: $all bind: <1,3> type:bool
   5: {} bind: <1,3> type:[]block (=> <4,0>)
-> block 2
   entrypoints: [<2,4>]
   1: vsphere.datacenter id = context
   2: vms bind: <2,1> type:[]vsphere.vm
   3: $whereNot bind: <2,2> type:[]vsphere.vm (ref<2,2>, => <3,0>)
   4: $all bind: <2,3> type:bool
   5: {} bind: <2,3> type:[]block (=> <5,0>)
-> block 3
   entrypoints: [<3,5>]
   1: vsphere.vm id = context
   2: advancedSettings bind: <3,1> type:map[string]string
   3: [] bind: <3,2> type:string ("tools.guest.desktop.autolock")
   4: downcase bind: <3,3> type:string
   5: == bind: <3,4> type:bool (false)
-> block 4
   entrypoints: [<4,2> <4,3> <4,4>]
   1: vsphere.datacenter id = context
   2: moid bind: <4,1> type:string
   3: name bind: <4,1> type:string
   4: vms bind: <4,1> type:[]vsphere.vm
-> block 5
   entrypoints: [<5,2> <5,3> <5,4> <5,5> <5,6>]
   1: vsphere.vm id = context
   2: moid bind: <5,1> type:string
   3: name bind: <5,1> type:string
   4: advancedSettings bind: <5,1> type:map[string]string
   5: [] bind: <5,4> type:string ("tools.guest.desktop.autolock")
   6: downcase bind: <5,5> type:string

all gets compiled down to a whereNot. We call block 4 on things matching the whereNot, which in this cause is moid, name, and vms

jaym commented 3 months ago

@atomic111 can we see if https://github.com/mondoohq/cnquery/pull/4360 improves the display for you