From d4790f7f5afbdbc9df74dabe45589463185a7e1a Mon Sep 17 00:00:00 2001 From: Adam Leff Date: Wed, 13 Sep 2017 08:16:53 -0400 Subject: [PATCH] Ignore linked container names when parsing docker containers (#2134) * Ignore linked container names when parsing docker containers If a container is linked to another container, the normal `docker ps` output does not include this information. However, when pulling the `.Names` field with `docker ps --format`, the linked container is listed in the name. This is confusing for users trying to use InSpec to audit a container. This change strips any linked container names from the actual container name. Signed-off-by: Adam Leff * Linked container names aren't guaranteed to be last depending on how they were linked Signed-off-by: Adam Leff --- lib/resources/docker.rb | 9 ++++++++- test/unit/mock/cmd/docker-ps-a | 4 ++-- 2 files changed, 10 insertions(+), 3 deletions(-) diff --git a/lib/resources/docker.rb b/lib/resources/docker.rb index eda44ef0b..21d9fa514 100644 --- a/lib/resources/docker.rb +++ b/lib/resources/docker.rb @@ -63,7 +63,7 @@ module Inspec::Resources # For compatability with Serverspec we also offer the following resouses: # - docker_container # - docker_image - class Docker < Inspec.resource(1) + class Docker < Inspec.resource(1) # rubocop:disable Metrics/ClassLength name 'docker' desc " @@ -167,6 +167,13 @@ module Inspec::Resources # ensure all keys are there j = ensure_container_keys(j) + + # strip off any linked container names + # Depending on how it was linked, the actual container name may come before + # or after the link information, so we'll just look for the first name that + # does not include a slash since that is not a valid character in a container name + j['names'] = j['names'].split(',').find { |c| !c.include?('/') } + ps.push(j) } ps diff --git a/test/unit/mock/cmd/docker-ps-a b/test/unit/mock/cmd/docker-ps-a index f93973949..0d0eab74f 100644 --- a/test/unit/mock/cmd/docker-ps-a +++ b/test/unit/mock/cmd/docker-ps-a @@ -1,4 +1,4 @@ {"Command":"\"/bin/bash\"","CreatedAt":"2017-04-24 10:29:12 +0200 CEST","ID":"3def9aa450f8bd772c3d5b07e27ec934e5f58575e955367a0aca2d93e0687536","Image":"ubuntu:12.04","Labels":"","LocalVolumes":"0","Mounts":"","Names":"sleepy_khorana","Networks":"bridge","Ports":"","RunningFor":"29 minutes","Size":"0 B","Status":"Exited (127) 2 seconds ago"} -{"Command":"\"/bin/sh\"","CreatedAt":"2017-04-22 22:44:42 +0200 CEST","ID":"d94f854370d2b02912e8fc636502bc72b74fbd567a7eba3fc6a52045bb28904e","Image":"alpine","Labels":"","LocalVolumes":"0","Mounts":"","Names":"laughing_austin","Networks":"bridge","Ports":"","RunningFor":"36 hours","Size":"0 B","Status":"Exited (0) 35 hours ago"} +{"Command":"\"/bin/sh\"","CreatedAt":"2017-04-22 22:44:42 +0200 CEST","ID":"d94f854370d2b02912e8fc636502bc72b74fbd567a7eba3fc6a52045bb28904e","Image":"alpine","Labels":"","LocalVolumes":"0","Mounts":"","Names":"laughing_austin,sleepy_khorana/container1","Networks":"bridge","Ports":"","RunningFor":"36 hours","Size":"0 B","Status":"Exited (0) 35 hours ago"} {"Command":"\"/bin/sh\"","CreatedAt":"2017-08-03 12:56:03 +0200 CEST","ID":"5a83c301f30ccd48579a74a84af6fdd0c0e0d66aacc7bb52abfa2ba2544c6c0c","Image":"repo.example.com:5000/ubuntu:14.04","Labels":"","LocalVolumes":"0","Mounts":"","Names":"heuristic_almeida","Networks":"bridge","Ports":"","RunningFor":"5 hours","Size":"0 B","Status":"Exited (0) 24 hours ago"} -{"Command":"\"/bin/sh\"","CreatedAt":"2017-08-03 12:56:03 +0200 CEST","ID":"5a83c301f30ccd48579a74a84af6fdd0c0e0d66aacc7bb52abfa2ba2544c6c0c","Image":"repo.example.com:5000/ubuntu","Labels":"","LocalVolumes":"0","Mounts":"","Names":"laughing_lamport","Networks":"bridge","Ports":"","RunningFor":"5 hours","Size":"0 B","Status":"Exited (0) 24 hours ago"} +{"Command":"\"/bin/sh\"","CreatedAt":"2017-08-03 12:56:03 +0200 CEST","ID":"5a83c301f30ccd48579a74a84af6fdd0c0e0d66aacc7bb52abfa2ba2544c6c0c","Image":"repo.example.com:5000/ubuntu","Labels":"","LocalVolumes":"0","Mounts":"","Names":"sleepy_khorana/container1,laughing_austin/container2,laughing_lamport","Networks":"bridge","Ports":"","RunningFor":"5 hours","Size":"0 B","Status":"Exited (0) 24 hours ago"}