diff --git a/outputs/alertmanager_test.go b/outputs/alertmanager_test.go index 6fc991ccd..db7ae4c6f 100644 --- a/outputs/alertmanager_test.go +++ b/outputs/alertmanager_test.go @@ -9,7 +9,7 @@ import ( ) func TestNewAlertmanagerPayload(t *testing.T) { - expectedOutput := `[{"labels":{"proc_name":"falcosidekick","rule":"Test rule","source":"falco","user_name":"falcosidekick"},"annotations":{"info":"This is a test from falcosidekick","summary":"Test rule"}}]` + expectedOutput := `[{"labels":{"proc_name":"falcosidekick","rule":"Test rule","source":"falco"},"annotations":{"info":"This is a test from falcosidekick","summary":"Test rule"}}]` var f types.FalcoPayload json.Unmarshal([]byte(falcoTestInput), &f) diff --git a/outputs/client_test.go b/outputs/client_test.go index eeaa9672e..5aa774ed4 100644 --- a/outputs/client_test.go +++ b/outputs/client_test.go @@ -11,7 +11,7 @@ import ( "github.com/falcosecurity/falcosidekick/types" ) -var falcoTestInput = `{"output":"This is a test from falcosidekick","priority":"Debug","rule":"Test rule", "time":"2001-01-01T01:10:00Z","output_fields": {"proc.name":"falcosidekick","user.name":"falcosidekick", "proc.tty": 1234}}` +var falcoTestInput = `{"output":"This is a test from falcosidekick","priority":"Debug","rule":"Test rule", "time":"2001-01-01T01:10:00Z","output_fields": {"proc.name":"falcosidekick", "proc.tty": 1234}}` func TestNewClient(t *testing.T) { u, _ := url.Parse("http://localhost") diff --git a/outputs/datadog.go b/outputs/datadog.go index 61518bb33..de19488d5 100644 --- a/outputs/datadog.go +++ b/outputs/datadog.go @@ -27,6 +27,8 @@ func newDatadogPayload(falcopayload types.FalcoPayload) datadogPayload { switch j.(type) { case string: tags = append(tags, i+":"+j.(string)) + default: + continue } } d.Tags = tags diff --git a/outputs/datadog_test.go b/outputs/datadog_test.go index 3beb3bdf5..7af24310f 100644 --- a/outputs/datadog_test.go +++ b/outputs/datadog_test.go @@ -9,7 +9,7 @@ import ( ) func TestNewDatadogPayload(t *testing.T) { - expectedOutput := `{"title":"Test rule","text":"This is a test from falcosidekick","alert_type":"info","source_type_name":"falco","tags":["proc.name:falcosidekick","user.name:falcosidekick"]}` + expectedOutput := `{"title":"Test rule","text":"This is a test from falcosidekick","alert_type":"info","source_type_name":"falco","tags":["proc.name:falcosidekick"]}` var f types.FalcoPayload json.Unmarshal([]byte(falcoTestInput), &f) diff --git a/outputs/influxdb.go b/outputs/influxdb.go index 3a27e846d..819d15db2 100644 --- a/outputs/influxdb.go +++ b/outputs/influxdb.go @@ -17,6 +17,8 @@ func newInfluxdbPayload(falcopayload types.FalcoPayload, config *types.Configura switch j.(type) { case string: s += "," + i + "=" + strings.Replace(j.(string), " ", "_", -1) + default: + continue } } diff --git a/outputs/influxdb_test.go b/outputs/influxdb_test.go index e84b2b32a..2f515acad 100644 --- a/outputs/influxdb_test.go +++ b/outputs/influxdb_test.go @@ -8,7 +8,7 @@ import ( ) func TestNewInfluxdbPayload(t *testing.T) { - expectedOutput := `"events,rule=Test_rule,priority=Debug,proc.name=falcosidekick,user.name=falcosidekick value=\"This is a test from falcosidekick\""` + expectedOutput := `"events,rule=Test_rule,priority=Debug,proc.name=falcosidekick value=\"This is a test from falcosidekick\""` var f types.FalcoPayload json.Unmarshal([]byte(falcoTestInput), &f) diff --git a/outputs/loki.go b/outputs/loki.go index 1ea04f478..4db99b357 100644 --- a/outputs/loki.go +++ b/outputs/loki.go @@ -30,6 +30,8 @@ func newLokiPayload(falcopayload types.FalcoPayload, config *types.Configuration switch j.(type) { case string: s += strings.Replace(strings.Replace(strings.Replace(i, ".", "", -1), "]", "", -1), "[", "", -1) + "=\"" + j.(string) + "\"," + default: + continue } } s += "rule=\"" + falcopayload.Rule + "\"," diff --git a/outputs/loki_test.go b/outputs/loki_test.go new file mode 100644 index 000000000..79c9676bf --- /dev/null +++ b/outputs/loki_test.go @@ -0,0 +1,32 @@ +package outputs + +import ( + "encoding/json" + "reflect" + "testing" + + "github.com/falcosecurity/falcosidekick/types" +) + +func TestNewLokiPayload(t *testing.T) { + expectedOutput := lokiPayload{ + Streams: []lokiStream{ + lokiStream{ + Labels: "{procname=\"falcosidekick\",rule=\"Test rule\",priority=\"Debug\"}", + Entries: []lokiEntry{ + lokiEntry{ + Ts: "2001-01-01T01:10:00Z", + Line: "This is a test from falcosidekick", + }, + }, + }, + }, + } + + var f types.FalcoPayload + json.Unmarshal([]byte(falcoTestInput), &f) + output := newLokiPayload(f, &types.Configuration{}) + if !reflect.DeepEqual(output, expectedOutput) { + t.Fatalf("\nexpected payload: \n%#v\ngot: \n%#v\n", expectedOutput, output) + } +} diff --git a/outputs/opsgenie.go b/outputs/opsgenie.go index aaba01c3d..a73af28cb 100644 --- a/outputs/opsgenie.go +++ b/outputs/opsgenie.go @@ -7,7 +7,7 @@ import ( type opsgeniePayload struct { Message string `json:"message"` - User string `json:"entity,omitempty"` + Entity string `json:"entity,omitempty"` Description string `json:"description,omitempty"` Details map[string]string `json:"details,omitempty"` Priority string `json:"priority,omitempty"` @@ -19,31 +19,32 @@ func newOpsgeniePayload(falcopayload types.FalcoPayload, config *types.Configura switch j.(type) { case string: details[i] = j.(string) + default: + continue } } var prio string switch strings.ToLower(falcopayload.Priority) { - case "emergency", "alert", "critical": + case "emergency", "alert": prio = "P1" - case "error": + case "critical": prio = "P2" - case "warning": + case "error": prio = "P3" - case "notice", "informationnal": + case "warning": prio = "P4" default: prio = "P5" } - ogpayload := opsgeniePayload{ + return opsgeniePayload{ Message: falcopayload.Output, - User: "Falcosidekick", + Entity: "Falcosidekick", Description: falcopayload.Rule, Details: details, Priority: prio, } - return ogpayload } // OpsgeniePost posts event to OpsGenie diff --git a/outputs/opsgenie_test.go b/outputs/opsgenie_test.go new file mode 100644 index 000000000..f9b48f0bb --- /dev/null +++ b/outputs/opsgenie_test.go @@ -0,0 +1,28 @@ +package outputs + +import ( + "encoding/json" + "reflect" + "testing" + + "github.com/falcosecurity/falcosidekick/types" +) + +func TestNewOpsgeniePayload(t *testing.T) { + expectedOutput := opsgeniePayload{ + Message: "This is a test from falcosidekick", + Entity: "Falcosidekick", + Description: "Test rule", + Details: map[string]string{ + "proc.name": "falcosidekick", + }, + Priority: "P5", + } + + var f types.FalcoPayload + json.Unmarshal([]byte(falcoTestInput), &f) + output := newOpsgeniePayload(f, &types.Configuration{}) + if !reflect.DeepEqual(output, expectedOutput) { + t.Fatalf("\nexpected payload: \n%#v\ngot: \n%#v\n", expectedOutput, output) + } +} diff --git a/outputs/slack_test.go b/outputs/slack_test.go index 15ae1e407..230277360 100644 --- a/outputs/slack_test.go +++ b/outputs/slack_test.go @@ -10,7 +10,7 @@ import ( func TestNewSlackPayload(t *testing.T) { expectedOutput := slackPayload{ - Username: "Falco Sidekick", + Username: "Falcosidekick", IconURL: "https://raw.githubusercontent.com/falcosecurity/falcosidekick/master/imgs/falcosidekick.png", Attachments: []slackAttachment{ slackAttachment{ @@ -24,11 +24,6 @@ func TestNewSlackPayload(t *testing.T) { Value: "falcosidekick", Short: true, }, - slackAttachmentField{ - Title: "user.name", - Value: "falcosidekick", - Short: true, - }, slackAttachmentField{ Title: "rule", Value: "Test rule", diff --git a/outputs/teams_test.go b/outputs/teams_test.go index 304243cdf..840b44761 100644 --- a/outputs/teams_test.go +++ b/outputs/teams_test.go @@ -24,10 +24,6 @@ func TestNewTeamsPayload(t *testing.T) { Name: "proc.name", Value: "falcosidekick", }, - teamsFact{ - Name: "user.name", - Value: "falcosidekick", - }, teamsFact{ Name: "rule", Value: "Test rule",