Skip to content

Commit

Permalink
add templated fields
Browse files Browse the repository at this point in the history
Signed-off-by: Thomas Labarussias <issif+github@gadz.org>
  • Loading branch information
Issif committed Aug 2, 2022
1 parent 22d98ea commit 5c7a896
Show file tree
Hide file tree
Showing 4 changed files with 37 additions and 1 deletion.
14 changes: 14 additions & 0 deletions config.go
Original file line number Diff line number Diff line change
Expand Up @@ -379,6 +379,20 @@ func getConfig() *types.Configuration {
}
}

if value, present := os.LookupEnv("TEMPLATEDFIELDS"); present {
templatedfields := strings.Split(value, ",")
for _, label := range templatedfields {
tagkeys := strings.Split(label, ":")
if len(tagkeys) == 2 {
if _, err := template.New("").Parse(tagkeys[1]); err != nil {
log.Printf("[ERROR] : Error parsing templated fields %v : %s", tagkeys[0], err)
} else {
c.Templatedfields[tagkeys[0]] = tagkeys[1]
}
}
}
}

if value, present := os.LookupEnv("WEBHOOK_CUSTOMHEADERS"); present {
customheaders := strings.Split(value, ",")
for _, label := range customheaders {
Expand Down
2 changes: 2 additions & 0 deletions config_example.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -5,6 +5,8 @@ customfields: # custom fields are added to falco events and metrics
Akey: "AValue"
Bkey: "BValue"
Ckey: "CValue"
templatedfields: # templated fields are added to falco events and metrics, it uses Go template + output_fields values
Dkey: '{{ or (index . "k8s.ns.labels.foo") "bar" }}'
mutualtlsfilespath: "/etc/certs" # folder which will used to store client.crt, client.key and ca.crt files for mutual tls (default: "/etc/certs")

slack:
Expand Down
21 changes: 20 additions & 1 deletion handlers.go
Original file line number Diff line number Diff line change
Expand Up @@ -8,6 +8,7 @@ import (
"log"
"net/http"
"strings"
"text/template"
"time"

"github.com/falcosecurity/falcosidekick/types"
Expand Down Expand Up @@ -107,6 +108,24 @@ func newFalcoPayload(payload io.Reader) (types.FalcoPayload, error) {
}
}

if len(config.Templatedfields) > 0 {
if falcopayload.OutputFields == nil {
falcopayload.OutputFields = make(map[string]interface{})
}
for key, value := range config.Templatedfields {
tmpl, err := template.New("").Parse(value)
if err != nil {
log.Printf("[ERROR] : Parsing error for templated field '%v': %v\n", key, err)
continue
}
v := new(bytes.Buffer)
if err := tmpl.Execute(v, falcopayload.OutputFields); err != nil {
log.Printf("[ERROR] : Parsing error for templated field '%v': %v\n", key, err)
}
falcopayload.OutputFields[key] = v.String()
}
}

nullClient.CountMetric("falco.accepted", 1, []string{"priority:" + falcopayload.Priority.String()})
stats.Falco.Add(strings.ToLower(falcopayload.Priority.String()), 1)
promLabels := map[string]string{"rule": falcopayload.Rule, "priority": falcopayload.Priority.String(), "k8s_ns_name": kn, "k8s_pod_name": kp}
Expand All @@ -132,7 +151,7 @@ func newFalcoPayload(payload io.Reader) (types.FalcoPayload, error) {

if config.Debug {
body, _ := json.Marshal(falcopayload)
log.Printf("[DEBUG] : Falco's payload : %v", string(body))
log.Printf("[DEBUG] : Falco's payload : %v\n", string(body))
}

return falcopayload, nil
Expand Down
1 change: 1 addition & 0 deletions types/types.go
Original file line number Diff line number Diff line change
Expand Up @@ -33,6 +33,7 @@ type Configuration struct {
ListenAddress string
ListenPort int
Customfields map[string]string
Templatedfields map[string]string
Prometheus prometheusOutputConfig
Slack SlackOutputConfig
Cliq CliqOutputConfig
Expand Down

0 comments on commit 5c7a896

Please sign in to comment.