feat(libsinsp/container_info): change default / init lookup state to FAILED

[incertum]

What type of PR is this?

Uncomment one (or more) /kind <> lines:

/kind bug

/kind cleanup

/kind design

/kind documentation

/kind failing-test

/kind feature

Any specific area of the project related to this PR?

Uncomment one (or more) /area <> lines:

/area API-version

/area build

/area CI

/area driver-kmod

/area driver-bpf

/area driver-modern-bpf

/area libscap-engine-bpf

/area libscap-engine-gvisor

/area libscap-engine-kmod

/area libscap-engine-modern-bpf

/area libscap-engine-nodriver

/area libscap-engine-noop

/area libscap-engine-source-plugin

/area libscap-engine-savefile

/area libscap

/area libpman

/area libsinsp

/area tests

/area proposals

Does this PR require a change in the driver versions?

/version driver-API-version-major

/version driver-API-version-minor

/version driver-API-version-patch

/version driver-SCHEMA-version-major

/version driver-SCHEMA-version-minor

/version driver-SCHEMA-version-patch

What this PR does / why we need it:

While working on #1595 it became evident that the init state is set wrongly. Curious if something breaks, if it does we likely will have found more improvement areas in regards to the container engine in general.

Opened it again against the libs repo directly to allow for easier testing.

CC @therealbobo @leogr @deepskyblue86

Which issue(s) this PR fixes:

Fixes #

Special notes for your reviewer:

Does this PR introduce a user-facing change?:

NONE

[leogr]

Opened it again against the libs repo directly to allow for easier testing.

It seems at least 3 tests are failing:

[  FAILED  ] sinsp_with_test_input.event_sources
[  FAILED  ] sinsp_with_test_input.container_parser_cri_containerd
[  FAILED  ] sinsp_with_test_input.container_parser_cri_crio

Still trying to figure out where the problem is: the change or the tests? 🤔

[Andreagit97]

any news here?

[incertum]

We first wanted to get the other container PRs in. They are all merged now. Let me rebase today and check.

[incertum]

Was it intentional to use the deprecated event type PPME_CONTAINER_JSON_E? Changed it to PPME_CONTAINER_JSON_2_E

[leogr]

cc @FedeDP

[FedeDP]

I didn't write those tests, i don't know why they used PPME_CONTAINER_JSON_E. Most probably it was just an oversight.

[incertum]

Unit tests just needed to be updated w/ set_lookup_status(sinsp_container_lookup::state::SUCCESSFUL).

[Andreagit97]

Changes LGTM, but I don't have so much context on this area can anyone double-check them?

[LucaGuerra]

Not an expert in this specific engine but changes LGTM

[poiana]

LGTM label has been added.

Git tree hash: 6aebd6a961b17e8166d2f9af082aa60b1030b7b9

[incertum]

CRI and docker mostly handled the lookup state correctly, except here it was necessary to add.

[incertum]

Wasn't aware we were gonna move already forward with this PR. In turns out that all the non primary container engines never explicitly set the status (see last commit) ... probably why the default came from. I believe this is a great first step towards more transparent lookup status handling and please keep in mind that there is an open ticket for a more comprehensive future refactor #1708.

[leogr]

Wasn't aware we were gonna move already forward with this PR. In turns out that all the non primary container engines never explicitly set the status (see last commit) ... probably why the default came from. I believe this is a great first step towards more transparent lookup status handling and please keep in mind that there is an open ticket for a more comprehensive future refactor #1708.

This PR hadn't a milestone, but I guess it should be for the 0.16 (since it's too late for 0.15, further testing and another round of maintainers' opinion is likely needed cc @falcosecurity/libs-maintainers)

/milestone 0.16

Let me know if you disagree.

[poiana]

@leogr: The provided milestone is not valid for this repository. Milestones in this repository: [0.15.0, 0.16.0, TBD, next-driver]

Use /milestone clear to clear the milestone.

In response to this:

Wasn't aware we were gonna move already forward with this PR. In turns out that all the non primary container engines never explicitly set the status (see last commit) ... probably why the default came from. I believe this is a great first step towards more transparent lookup status handling and please keep in mind that there is an open ticket for a more comprehensive future refactor #1708.

This PR hadn't a milestone, but I guess it should be for the 0.16 (since it's too late for 0.15, further testing and another round of maintainers' opinion is likely needed cc @falcosecurity/libs-maintainers)

/milestone 0.16

Let me know if you disagree.

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

[leogr]

@leogr: The provided milestone is not valid for this repository. Milestones in this repository: [0.15.0, 0.16.0, TBD, next-driver]

Use /milestone clear to clear the milestone.

sorry

/milestone 0.16.0

[incertum]

Exactly @leogr there was never a milestone since it's not particularly urgent from a functionality point of view, but it's one step towards making sure we don't break the container engine every time we try to touch it. It also aligns with #1747 (better documentation, more transparency). Furthermore, it's the first step towards improving the container information lookup functionality, see #1708, more to follow.

I manually tested these changes for docker and CRI ...

[incertum]

Rebased so that the new container e2e tests can run.

[incertum]

Updates on this PR? Thanks.

[FedeDP]

I was wondering whether it would be better to set the SUCCESSFUL lookup status inside
container_cache().notify_new_container(): it requires less changes and it "feels" better, ie: since we are notifying the new container, we mark the container as successfully looked up.

[FedeDP]

It feels less error prone too (like: a new engine gets introduced and we forgot to add the set_lookup_state call).

[incertum]

Except some container engines (e.g. libvirt_lxc) add the container to the cache and already expect the lookup status to be SUCCESSFUL, so that notify_new_container() doesn't do anything.

As stated more at the beginning of the PR this change is just an initial improvement so that the lookup state is not SUCCESSFUL by default, which makes not a lot of sense and can backfire even more. We have this issue (#1708) we wanted to work on after Falco 0.38.0.

[FedeDP]

Oh sorry, i completely overlooked that. Then we are good to go!

[FedeDP]

/approve

[poiana]

LGTM label has been added.

Git tree hash: a8cb40c7bcdda56b62e57ec6c84ec07cc6b455d5

[poiana]

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: FedeDP, incertum, LucaGuerra

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Needs approval from an approver in each of these files:

• OWNERS [FedeDP,LucaGuerra,incertum]

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment