https://github.com/osquery/osquery logo
Join Slack
Powered by
How does it not convert `decorators` over to yaml?
# kolide
z
How does it not convert 
decorators
over to yaml?
s
From the description of the 
convert
command: 
Convert osquery packs into decomposed fleet configs
z
Yes.
s
So what is your question?
Decorators are not a part of a pack, so they wouldn’t be included in this
z
so it wouldn't converted anything in that json?
ALL it does is take json that contains queries and converts them?
s
Looking at the code, it handles packs and queries
z
looks like it'll do convert based on 
Kind, Version, Spec
and dump anything that matches 
Queries, Packs, Labels
into the yaml file?
s
osquery doesn’t have the concept of labels, that’s a Fleet thing. This handles queries and packs
z
ok.
s
If you wanted to open a PR to add support for converting more items from the osquery config to the Fleet config YAML, I’m sure it would be accepted
z
Ok, thanks.
z
Keep in mind JSON is valid yaml so you could just paste your decorators block into the yaml.
z
Well, the end goal is formulating some sort of CI/CD pipeline that'll convert and deploy changes to Fleet
because if I'm not mistaken, the 
profile.py
script wouldn't work on fleet yaml?
z
Is there a reason you can't write yaml to your repo? If not, you could always parse the json and pull out that block.
Or implement conversion for that like @sundsta said.
z
I could absolutely write yaml to the repo, but the goal is to do some profiling first.
z
Ah, with profile.py?
Does that work on decorators?
Could be interesting to add yaml parsing to profile.py or fleetctl export for yaml to json.
But I'm not sure that would solve your issue with decorators.
z
No, that's separate issue, I was testing with 
osquery.conf
and noticed it didn't pick up 
decorators
. I'll have to dig into how 
fleetctl convert
does that, and make a PR for decorators.
I just noticed it because my intent is to gitops deploying new queries.
2 Views
Open in Slack
PreviousNext
Powered by