-
Notifications
You must be signed in to change notification settings - Fork 182
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Mutual tls support for falcosidekick authentication #231
Conversation
Welcome @jasiam! It looks like this is your first PR to falcosecurity/falcosidekick 🎉 |
1e714aa
to
c369704
Compare
Can you complete the description of your PR please. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I know it's a WIP, I just added few suggestions and comments.
I like the client_test.go
with crt/key generation for unit tests. 👍
main.go
Outdated
@@ -282,7 +282,7 @@ func init() { | |||
|
|||
if config.CloudEvents.Address != "" { | |||
var err error | |||
cloudeventsClient, err = outputs.NewClient("CloudEvents", config.CloudEvents.Address, config, stats, promStats, statsdClient, dogstatsdClient) | |||
cloudeventsClient, err = outputs.NewClient("CloudEvents", config.CloudEvents.Address, false, config, stats, promStats, statsdClient, dogstatsdClient) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
cloudeventsClient, err = outputs.NewClient("CloudEvents", config.CloudEvents.Address, false, config, stats, promStats, statsdClient, dogstatsdClient) | |
cloudeventsClient, err = outputs.NewClient("CloudEvents", config.CloudEvents.Address, config.CloudEvents.MutualTls, config, stats, promStats, statsdClient, dogstatsdClient) |
Do we really want to add the mutualtls support for all outputs which use the NewClient method? For instance, Loki doesn't support this kind of authentication (or any) and you'd need a reverse proxy in order to use it. |
Only for outputs which allow it. This is why it's a "by output" setting. |
So... I'm confused. Do you want to add the config.[OUTPUT].MutualTLS parameter in the NewClient method even if the output doesn't support mutual tls authN? I know the default value is false, but I'm afraid some users think they can use mutual tls when the actually can't. |
It's super weird. If I try to edit the description I can see everything I wrote yesterday when I opened the PR, but nothing is shown when I update it. |
We can discuss about this on Slack, feel free to contact me 😉 |
Signed-off-by: Jose Angel Santiago <>
cc75cf3
to
9e6b0f4
Compare
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
The README is not up to date with config_example.yaml
and it misses variables for MutualTLS
and CheckCert
in list of env vars.
In config.go
, default values are missing for MutualTLS
and CheckCert
, they should all be there, to only have explicit values.
Thanks. 🙏
Signed-off-by: Jose Angel Santiago <>
I think all required changes are now in the PR |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
can you check both README and config_example have same variables please
Signed-off-by: Jose Angel Santiago <>
e8b0348
to
42fb1d2
Compare
My fault, I forgot to update the env vars part in README file. Now README and config_example.yaml files are synchronized. |
LGTM label has been added. Git tree hash: 3d064bd02d27d3037c12c366a66340c2333994b1
|
[APPROVALNOTIFIER] This PR is APPROVED This pull-request has been approved by: Issif The full list of commands accepted by this bot can be found here. The pull request process is described here
Needs approval from an approver in each of these files:
Approvers can indicate their approval by writing |
/ready |
v.SetDefault("Kafka.HostPort", "") | ||
v.SetDefault("Kafka.Topic", "") | ||
v.SetDefault("Kafka.MinimumPriority", "") | ||
v.SetDefault("Pagerduty.RoutingKey", "") | ||
v.SetDefault("Pagerduty.MinimumPriority", "") | ||
v.SetDefault("Googlechat.MutualTls", false) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
What type of PR is this?
/kind feature
Any specific area of the project related to this PR?
What this PR does / why we need it:
It adds mutual tls support to be used in alertmanager, elasticsearch, influxdb, NATs and webhook outputs
Which issue(s) this PR fixes:
Fixes #216
Special notes for your reviewer: