Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

"email" column does not exist for policy using "users" table query #25553

Open
jmwatts opened this issue Jan 17, 2025 · 4 comments
Open

"email" column does not exist for policy using "users" table query #25553

jmwatts opened this issue Jan 17, 2025 · 4 comments
Assignees
@sgress454
Labels
bug Something isn't working as documented #g-orchestration Orchestration product group :incoming New issue in triage process. :release Ready to write code. Scheduled in a release. See "Making changes" in handbook. ~released bug This bug was found in a stable release.
Milestone
4.64.0-tentative

Comments

@jmwatts
Copy link
Member

jmwatts commented Jan 17, 2025
edited by rachaelshaw
Loading

Fleet version: v4.62.0

Web browser and operating system: N/A

πŸ’₯ Β Actual behavior

level=debug ts=2025-01-17T14:40:46.533137Z query=fleet_policy_query_93 message="no such column: email" hostID=30

πŸ§‘β€πŸ’» Β Steps to reproduce

  1. Create a policy with the query SELECT 1 from users where email='[email protected]';
  2. Note that email is listed in columns and the policy says it's compatible with Windows, Linux, Mac, and Chromebooks (with fleetd chrome extension)
    Image
  3. Run the policy

πŸ•―οΈ More info (optional)

osquery does not list email as an available column
Image

There is an additional column "include_remote" that we do not list. I don't know if it works because I don't have an AD server to bind to but maybe worth investigating.

πŸ› οΈ To fix

Update tooltip text for "Compatible with":

Estimated compatibility based on the tables used in this query. Check the table documentation (schema) to verify compatibility of individual columns.

Only live queries are supported on ChromeOS.

Querying iPhones & iPads is not supported.
@jmwatts jmwatts added :incoming New issue in triage process. :release Ready to write code. Scheduled in a release. See "Making changes" in handbook. bug Something isn't working as documented ~released bug This bug was found in a stable release. #g-orchestration Orchestration product group labels Jan 17, 2025
@RachelElysia
Copy link
Member

RachelElysia commented Jan 17, 2025
edited
Loading

@jmwatts when you hover over the email key, you can see a tooltip that says only available on Chrome so the error you're seeing with users is expected. Please cmiiw though!

Image

This comes from /schema/tables/users.yml that /schema/tables/ directory is used to add tables/columns that do not match directly to osquery, and then we (usually Eric Shaw) run a script that Eric Shaw wrote website/scripts/generate-merged-schema.js to merge that with the osquery tables. (Our tables are more robust, especially because ChromeOS doesn't use Osquery)

Hope that helps clarify things.

As for include_remote, I don't know when we update the osquery tables data.

@sharon-fdm
Copy link
Collaborator

Hey team! Please add your planning poker estimate with Zenhub @dantecatalfamo @jacobshandling @lucasmrod @sgress454

@jmwatts
Copy link
Member Author

jmwatts commented Jan 20, 2025

@sharon-fdm as @RachelElysia pointed out, this may not be a bug.
Per the hover text, the email field only works for ChromeOS (which only works if you have the fleetd Chrome extension)
If we are happy that the hover text points out that it's only "available on chrome", then this can be closed as not a bug.

@sharon-fdm sharon-fdm added the :product Product Design department (shows up on 🦒 Drafting board) label Jan 20, 2025
@sharon-fdm sharon-fdm removed the :release Ready to write code. Scheduled in a release. See "Making changes" in handbook. label Jan 20, 2025
@rachaelshaw
Copy link
Member

Updated the issue description. We'll update the "Compatible with" tooltip to clarify that we're not taking individual columns into account:

Estimated compatibility based on the tables used in this query. Check the table documentation (schema) to verify compatibility of individual columns.

Only live queries are supported on ChromeOS.

Querying iPhones & iPads is not supported.

@rachaelshaw rachaelshaw added :release Ready to write code. Scheduled in a release. See "Making changes" in handbook. and removed :product Product Design department (shows up on 🦒 Drafting board) labels Jan 23, 2025
@rachaelshaw rachaelshaw removed their assignment Jan 23, 2025
@sgress454 sgress454 self-assigned this Jan 29, 2025
@sgress454 sgress454 mentioned this issue Jan 30, 2025
Open
1 task
@sgress454 sgress454 added this to the 4.64.0-tentative milestone Jan 30, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@sgress454 sgress454

Labels
bug Something isn't working as documented #g-orchestration Orchestration product group :incoming New issue in triage process. :release Ready to write code. Scheduled in a release. See "Making changes" in handbook. ~released bug This bug was found in a stable release.
Milestone
4.64.0-tentative
Development

No branches or pull requests
5 participants
@sgress454 @rachaelshaw @RachelElysia @sharon-fdm @jmwatts