Add and use priority type.

config.go

@@ -222,7 +222,6 @@ func getMessageFormatTemplate(output, temp string) *template.Template {
 		if err != nil {
 			log.Fatalf("[ERROR] : Error compiling %v message template : %v\n", output, err)
 		}
-
 		return t
 	}
 

handlers.go

@@ -7,28 +7,13 @@ import (
 	"io/ioutil"
 	"log"
 	"net/http"
-	"strings"
 	"time"
 
 	"github.com/falcosecurity/falcosidekick/types"
 )
 
 const TestRule string = "Test rule"
 
-func getPriorityMap() map[string]int {
-	return map[string]int{
-		"emergency":     8,
-		"alert":         7,
-		"critical":      6,
-		"error":         5,
-		"warning":       4,
-		"notice":        3,
-		"informational": 2,
-		"debug":         1,
-		"":              0,
-	}
-}
-
 // mainHandler is Falco Sidekick main handler (default).
 func mainHandler(w http.ResponseWriter, r *http.Request) {
 	stats.Requests.Add("total", 1)
@@ -104,14 +89,6 @@ func newFalcoPayload(payload io.Reader) (types.FalcoPayload, error) {
 	}
 
 	var kn, kp string
-	p := "unknown"
-	priority := strings.ToLower(falcopayload.Priority)
-
-	switch priority {
-	case "emergency", "alert", "critical", "error", "warning", "notice", "informational", "debug":
-		p = priority
-	}
-
 	for i, j := range falcopayload.OutputFields {
 		if i == "k8s_ns_name" {
 			kn = j.(string)
@@ -121,9 +98,9 @@ func newFalcoPayload(payload io.Reader) (types.FalcoPayload, error) {
 		}
 	}
 
-	nullClient.CountMetric("falco.accepted", 1, []string{"priority:" + p})
-	stats.Falco.Add(p, 1)
-	promStats.Falco.With(map[string]string{"rule": falcopayload.Rule, "priority": p, "k8s_ns_name": kn, "k8s_pod_name": kp}).Inc()
+	nullClient.CountMetric("falco.accepted", 1, []string{"priority:" + falcopayload.Priority.String()})
+	stats.Falco.Add(falcopayload.Priority.String(), 1)
+	promStats.Falco.With(map[string]string{"rule": falcopayload.Rule, "priority": falcopayload.Priority.String(), "k8s_ns_name": kn, "k8s_pod_name": kp}).Inc()
 
 	if config.Debug == true {
 		body, _ := json.Marshal(falcopayload)
@@ -134,99 +111,99 @@ func newFalcoPayload(payload io.Reader) (types.FalcoPayload, error) {
 }
 
 func forwardEvent(falcopayload types.FalcoPayload) {
-	if config.Slack.WebhookURL != "" && (priorityMap[strings.ToLower(falcopayload.Priority)] >= priorityMap[strings.ToLower(config.Slack.MinimumPriority)] || falcopayload.Rule == TestRule) {
+	if config.Slack.WebhookURL != "" && (falcopayload.Priority >= types.Priority(config.Slack.MinimumPriority) || falcopayload.Rule == TestRule) {
 		go slackClient.SlackPost(falcopayload)
 	}
 
-	if config.Rocketchat.WebhookURL != "" && (priorityMap[strings.ToLower(falcopayload.Priority)] >= priorityMap[strings.ToLower(config.Rocketchat.MinimumPriority)] || falcopayload.Rule == TestRule) {
+	if config.Rocketchat.WebhookURL != "" && (falcopayload.Priority >= types.Priority(config.Rocketchat.MinimumPriority) || falcopayload.Rule == TestRule) {
 		go rocketchatClient.RocketchatPost(falcopayload)
 	}
 
-	if config.Mattermost.WebhookURL != "" && (priorityMap[strings.ToLower(falcopayload.Priority)] >= priorityMap[strings.ToLower(config.Mattermost.MinimumPriority)] || falcopayload.Rule == TestRule) {
+	if config.Mattermost.WebhookURL != "" && (falcopayload.Priority >= types.Priority(config.Mattermost.MinimumPriority) || falcopayload.Rule == TestRule) {
 		go mattermostClient.MattermostPost(falcopayload)
 	}
 
-	if config.Teams.WebhookURL != "" && (priorityMap[strings.ToLower(falcopayload.Priority)] >= priorityMap[strings.ToLower(config.Teams.MinimumPriority)] || falcopayload.Rule == TestRule) {
+	if config.Teams.WebhookURL != "" && (falcopayload.Priority >= types.Priority(config.Teams.MinimumPriority) || falcopayload.Rule == TestRule) {
 		go teamsClient.TeamsPost(falcopayload)
 	}
 
-	if config.Datadog.APIKey != "" && (priorityMap[strings.ToLower(falcopayload.Priority)] >= priorityMap[strings.ToLower(config.Datadog.MinimumPriority)] || falcopayload.Rule == TestRule) {
+	if config.Datadog.APIKey != "" && (falcopayload.Priority >= types.Priority(config.Datadog.MinimumPriority) || falcopayload.Rule == TestRule) {
 		go datadogClient.DatadogPost(falcopayload)
 	}
 
-	if config.Discord.WebhookURL != "" && (priorityMap[strings.ToLower(falcopayload.Priority)] >= priorityMap[strings.ToLower(config.Discord.MinimumPriority)] || falcopayload.Rule == TestRule) {
+	if config.Discord.WebhookURL != "" && (falcopayload.Priority >= types.Priority(config.Discord.MinimumPriority) || falcopayload.Rule == TestRule) {
 		go discordClient.DiscordPost(falcopayload)
 	}
 
-	if config.Alertmanager.HostPort != "" && (priorityMap[strings.ToLower(falcopayload.Priority)] >= priorityMap[strings.ToLower(config.Alertmanager.MinimumPriority)] || falcopayload.Rule == TestRule) {
+	if config.Alertmanager.HostPort != "" && (falcopayload.Priority >= types.Priority(config.Alertmanager.MinimumPriority) || falcopayload.Rule == TestRule) {
 		go alertmanagerClient.AlertmanagerPost(falcopayload)
 	}
 
-	if config.Elasticsearch.HostPort != "" && (priorityMap[strings.ToLower(falcopayload.Priority)] >= priorityMap[strings.ToLower(config.Elasticsearch.MinimumPriority)] || falcopayload.Rule == TestRule) {
+	if config.Elasticsearch.HostPort != "" && (falcopayload.Priority >= types.Priority(config.Elasticsearch.MinimumPriority) || falcopayload.Rule == TestRule) {
 		go elasticsearchClient.ElasticsearchPost(falcopayload)
 	}
 
-	if config.Influxdb.HostPort != "" && (priorityMap[strings.ToLower(falcopayload.Priority)] >= priorityMap[strings.ToLower(config.Influxdb.MinimumPriority)] || falcopayload.Rule == TestRule) {
+	if config.Influxdb.HostPort != "" && (falcopayload.Priority >= types.Priority(config.Influxdb.MinimumPriority) || falcopayload.Rule == TestRule) {
 		go influxdbClient.InfluxdbPost(falcopayload)
 	}
 
-	if config.Loki.HostPort != "" && (priorityMap[strings.ToLower(falcopayload.Priority)] >= priorityMap[strings.ToLower(config.Loki.MinimumPriority)] || falcopayload.Rule == TestRule) {
+	if config.Loki.HostPort != "" && (falcopayload.Priority >= types.Priority(config.Loki.MinimumPriority) || falcopayload.Rule == TestRule) {
 		go lokiClient.LokiPost(falcopayload)
 	}
 
-	if config.Nats.HostPort != "" && (priorityMap[strings.ToLower(falcopayload.Priority)] >= priorityMap[strings.ToLower(config.Nats.MinimumPriority)] || falcopayload.Rule == TestRule) {
+	if config.Nats.HostPort != "" && (falcopayload.Priority >= types.Priority(config.Nats.MinimumPriority) || falcopayload.Rule == TestRule) {
 		go natsClient.NatsPublish(falcopayload)
 	}
 
-	if config.Stan.HostPort != "" && config.Stan.ClusterID != "" && config.Stan.ClientID != "" && (priorityMap[strings.ToLower(falcopayload.Priority)] >= priorityMap[strings.ToLower(config.Stan.MinimumPriority)] || falcopayload.Rule == TestRule) {
+	if config.Stan.HostPort != "" && config.Stan.ClusterID != "" && config.Stan.ClientID != "" && (falcopayload.Priority >= types.Priority(config.Stan.MinimumPriority) || falcopayload.Rule == TestRule) {
 		go stanClient.StanPublish(falcopayload)
 	}
 
-	if config.AWS.Lambda.FunctionName != "" && (priorityMap[strings.ToLower(falcopayload.Priority)] >= priorityMap[strings.ToLower(config.AWS.Lambda.MinimumPriority)] || falcopayload.Rule == TestRule) {
+	if config.AWS.Lambda.FunctionName != "" && (falcopayload.Priority >= types.Priority(config.AWS.Lambda.MinimumPriority) || falcopayload.Rule == TestRule) {
 		go awsClient.InvokeLambda(falcopayload)
 	}
 
-	if config.AWS.SQS.URL != "" && (priorityMap[strings.ToLower(falcopayload.Priority)] >= priorityMap[strings.ToLower(config.AWS.SQS.MinimumPriority)] || falcopayload.Rule == TestRule) {
+	if config.AWS.SQS.URL != "" && (falcopayload.Priority >= types.Priority(config.AWS.SQS.MinimumPriority) || falcopayload.Rule == TestRule) {
 		go awsClient.SendMessage(falcopayload)
 	}
 
-	if config.AWS.SNS.TopicArn != "" && (priorityMap[strings.ToLower(falcopayload.Priority)] >= priorityMap[strings.ToLower(config.AWS.SNS.MinimumPriority)] || falcopayload.Rule == TestRule) {
+	if config.AWS.SNS.TopicArn != "" && (falcopayload.Priority >= types.Priority(config.AWS.SNS.MinimumPriority) || falcopayload.Rule == TestRule) {
 		go awsClient.PublishTopic(falcopayload)
 	}
 
-	if config.AWS.CloudWatchLogs.LogGroup != "" && (priorityMap[strings.ToLower(falcopayload.Priority)] >= priorityMap[strings.ToLower(config.AWS.CloudWatchLogs.MinimumPriority)] || falcopayload.Rule == TestRule) {
+	if config.AWS.CloudWatchLogs.LogGroup != "" && (falcopayload.Priority >= types.Priority(config.AWS.CloudWatchLogs.MinimumPriority) || falcopayload.Rule == TestRule) {
 		go awsClient.SendCloudWatchLog(falcopayload)
 	}
 
-	if config.SMTP.HostPort != "" && (priorityMap[strings.ToLower(falcopayload.Priority)] >= priorityMap[strings.ToLower(config.SMTP.MinimumPriority)] || falcopayload.Rule == TestRule) {
+	if config.SMTP.HostPort != "" && (falcopayload.Priority >= types.Priority(config.SMTP.MinimumPriority) || falcopayload.Rule == TestRule) {
 		go smtpClient.SendMail(falcopayload)
 	}
 
-	if config.Opsgenie.APIKey != "" && (priorityMap[strings.ToLower(falcopayload.Priority)] >= priorityMap[strings.ToLower(config.Opsgenie.MinimumPriority)] || falcopayload.Rule == TestRule) {
+	if config.Opsgenie.APIKey != "" && (falcopayload.Priority >= types.Priority(config.Opsgenie.MinimumPriority) || falcopayload.Rule == TestRule) {
 		go opsgenieClient.OpsgeniePost(falcopayload)
 	}
 
-	if config.Webhook.Address != "" && (priorityMap[strings.ToLower(falcopayload.Priority)] >= priorityMap[strings.ToLower(config.Webhook.MinimumPriority)] || falcopayload.Rule == TestRule) {
+	if config.Webhook.Address != "" && (falcopayload.Priority >= types.Priority(config.Webhook.MinimumPriority) || falcopayload.Rule == TestRule) {
 		go webhookClient.WebhookPost(falcopayload)
 	}
 
-	if config.Azure.EventHub.Name != "" && (priorityMap[strings.ToLower(falcopayload.Priority)] >= priorityMap[strings.ToLower(config.Azure.EventHub.MinimumPriority)] || falcopayload.Rule == TestRule) {
+	if config.Azure.EventHub.Name != "" && (falcopayload.Priority >= types.Priority(config.Azure.EventHub.MinimumPriority) || falcopayload.Rule == TestRule) {
 		go azureClient.EventHubPost(falcopayload)
 	}
 
-	if config.GCP.PubSub.ProjectID != "" && config.GCP.PubSub.Topic != "" && (priorityMap[strings.ToLower(falcopayload.Priority)] >= priorityMap[strings.ToLower(config.GCP.PubSub.MinimumPriority)] || falcopayload.Rule == TestRule) {
+	if config.GCP.PubSub.ProjectID != "" && config.GCP.PubSub.Topic != "" && (falcopayload.Priority >= types.Priority(config.GCP.PubSub.MinimumPriority) || falcopayload.Rule == TestRule) {
 		go gcpClient.GCPPublishTopic(falcopayload)
 	}
 
-	if config.Googlechat.WebhookURL != "" && (priorityMap[strings.ToLower(falcopayload.Priority)] >= priorityMap[strings.ToLower(config.Googlechat.MinimumPriority)] || falcopayload.Rule == TestRule) {
+	if config.Googlechat.WebhookURL != "" && (falcopayload.Priority >= types.Priority(config.Googlechat.MinimumPriority) || falcopayload.Rule == TestRule) {
 		go googleChatClient.GooglechatPost(falcopayload)
 	}
 
-	if config.Kafka.HostPort != "" && (priorityMap[strings.ToLower(falcopayload.Priority)] >= priorityMap[strings.ToLower(config.Kafka.MinimumPriority)] || falcopayload.Rule == TestRule) {
+	if config.Kafka.HostPort != "" && (falcopayload.Priority >= types.Priority(config.Kafka.MinimumPriority) || falcopayload.Rule == TestRule) {
 		go kafkaClient.KafkaProduce(falcopayload)
 	}
 
-	if config.Pagerduty.APIKey != "" && config.Pagerduty.Service != "" && (priorityMap[strings.ToLower(falcopayload.Priority)] >= priorityMap[strings.ToLower(config.Pagerduty.MinimumPriority)] || falcopayload.Rule == TestRule) {
+	if config.Pagerduty.APIKey != "" && config.Pagerduty.Service != "" && (falcopayload.Priority >= types.Priority(config.Pagerduty.MinimumPriority) || falcopayload.Rule == TestRule) {
 		go pagerdutyClient.PagerdutyCreateIncident(falcopayload)
 	}
 }

main.go

@@ -41,14 +41,12 @@ var (
 	config                        *types.Configuration
 	stats                         *types.Statistics
 	promStats                     *types.PromStatistics
-	priorityMap                   map[string]int
 )
 
 func init() {
 	config = getConfig()
 	stats = getInitStats()
 	promStats = getInitPromStats()
-	priorityMap = getPriorityMap()
 
 	enabledOutputsText := "[INFO]  : Enabled Outputs : "
 

outputs/alertmanager.go

@@ -36,25 +36,25 @@ func newAlertmanagerPayload(falcopayload types.FalcoPayload) []alertmanagerPaylo
 				switch {
 				case d == 0:
 					jj = "0"
-					falcopayload.Priority = Warning
+					falcopayload.Priority = types.Warning
 				case d < 10:
 					jj = "<10"
-					falcopayload.Priority = Warning
+					falcopayload.Priority = types.Warning
 				case d > 10000:
 					jj = ">10000"
-					falcopayload.Priority = Critical
+					falcopayload.Priority = types.Critical
 				case d > 1000:
 					jj = ">1000"
-					falcopayload.Priority = Critical
+					falcopayload.Priority = types.Critical
 				case d > 100:
 					jj = ">100"
-					falcopayload.Priority = Critical
+					falcopayload.Priority = types.Critical
 				case d > 10:
 					jj = ">10"
-					falcopayload.Priority = Warning
+					falcopayload.Priority = types.Warning
 				default:
 					jj = j.(string)
-					falcopayload.Priority = Critical
+					falcopayload.Priority = types.Critical
 				}
 
 				amPayload.Labels[i] = jj

outputs/aws.go

@@ -149,7 +149,7 @@ func (c *Client) PublishTopic(falcopayload types.FalcoPayload) {
 			MessageAttributes: map[string]*sns.MessageAttributeValue{
 				"priority": {
 					DataType:    aws.String("String"),
-					StringValue: aws.String(falcopayload.Priority),
+					StringValue: aws.String(falcopayload.Priority.String()),
 				},
 				"rule": {
 					DataType:    aws.String("String"),

outputs/datadog.go

@@ -1,10 +1,8 @@
 package outputs
 
 import (
-	"log"
-	"strings"
-
 	"github.com/falcosecurity/falcosidekick/types"
+	"log"
 )
 
 const (
@@ -39,10 +37,10 @@ func newDatadogPayload(falcopayload types.FalcoPayload) datadogPayload {
 	d.SourceType = "falco"
 
 	var status string
-	switch strings.ToLower(falcopayload.Priority) {
-	case Emergency, Alert, Critical, Error:
+	switch falcopayload.Priority {
+	case types.Emergency, types.Alert, types.Critical, types.Error:
 		status = Error
-	case Warning:
+	case types.Warning:
 		status = Warning
 	default:
 		status = Info

outputs/discord.go

@@ -2,10 +2,8 @@ package outputs
 
 import (
 	"fmt"
-	"log"
-	"strings"
-
 	"github.com/falcosecurity/falcosidekick/types"
+	"log"
 )
 
 type discordPayload struct {
@@ -37,22 +35,22 @@ func newDiscordPayload(falcopayload types.FalcoPayload, config *types.Configurat
 	}
 
 	var color string
-	switch strings.ToLower(falcopayload.Priority) {
-	case Emergency:
+	switch falcopayload.Priority {
+	case types.Emergency:
 		color = "15158332" // red
-	case Alert:
+	case types.Alert:
 		color = "11027200" // dark orange
-	case Critical:
+	case types.Critical:
 		color = "15105570" // orange
-	case Error:
+	case types.Error:
 		color = "15844367" // gold
-	case Warning:
+	case types.Warning:
 		color = "12745742" // dark gold
-	case Notice:
+	case types.Notice:
 		color = "3066993" // teal
-	case Informational:
+	case types.Informational:
 		color = "3447003" // blue
-	case Debug:
+	case types.Debug:
 		color = "12370112" // light grey
 	}
 
@@ -73,7 +71,7 @@ func newDiscordPayload(falcopayload types.FalcoPayload, config *types.Configurat
 	}
 
 	embedFields = append(embedFields, discordEmbedFieldPayload{Rule, falcopayload.Rule, true})
-	embedFields = append(embedFields, discordEmbedFieldPayload{Priority, falcopayload.Priority, true})
+	embedFields = append(embedFields, discordEmbedFieldPayload{Priority, falcopayload.Priority.String(), true})
 	embedFields = append(embedFields, discordEmbedFieldPayload{Time, falcopayload.Time.String(), true})
 
 	embed := discordEmbedPayload{

outputs/googlechat.go

@@ -72,7 +72,7 @@ func newGooglechatPayload(falcopayload types.FalcoPayload, config *types.Configu
 	}
 
 	widgets = append(widgets, widget{KeyValue: keyValue{"rule", falcopayload.Rule}})
-	widgets = append(widgets, widget{KeyValue: keyValue{"priority", falcopayload.Priority}})
+	widgets = append(widgets, widget{KeyValue: keyValue{"priority", falcopayload.Priority.String()}})
 	widgets = append(widgets, widget{KeyValue: keyValue{"time", falcopayload.Time.String()}})
 
 	return googlechatPayload{

outputs/influxdb.go

@@ -10,7 +10,7 @@ import (
 type influxdbPayload string
 
 func newInfluxdbPayload(falcopayload types.FalcoPayload, config *types.Configuration) influxdbPayload {
-	s := "events,rule=" + strings.Replace(falcopayload.Rule, " ", "_", -1) + ",priority=" + strings.Replace(falcopayload.Priority, " ", "_", -1)
+	s := "events,rule=" + strings.Replace(falcopayload.Rule, " ", "_", -1) + ",priority=" + falcopayload.Priority.String()
 
 	for i, j := range falcopayload.OutputFields {
 		switch v := j.(type) {

outputs/loki.go

@@ -37,7 +37,7 @@ func newLokiPayload(falcopayload types.FalcoPayload, config *types.Configuration
 	}
 
 	s += "rule=\"" + falcopayload.Rule + "\","
-	s += "priority=\"" + falcopayload.Priority + "\","
+	s += "priority=\"" + falcopayload.Priority.String() + "\","
 
 	ls.Labels = "{" + s[:len(s)-1] + "}"