Adds policy report output support for falcosidekick

README.md

@@ -90,6 +90,9 @@ It works as a single endpoint for as many as you want `Falco` instances :
 - **Webhook**
 - [**WebUI**](https://github.com/falcosecurity/falcosidekick-ui) (a Web UI for displaying latest events in real time)
 
+### Other
+- [**Policy Report**](https://github.com/kubernetes-sigs/wg-policy-prototypes/tree/master/policy-report/falco-adapter)
+
 ## Usage
 
 Run the daemon as any other daemon in your architecture (systemd, k8s daemonset,
@@ -426,6 +429,13 @@ grafana:
   # checkcert: true # check if ssl certificate of the output is valid (default: true)
   # minimumpriority: "debug" # minimum priority of event for using this output, order is emergency|alert|critical|error|warning|notice|informational|debug or "" (default)
 
+policyreport:
+  enabled: false  # if true; policyreport output is enabled
+  kubeconfig: "~/.kube/config"  # Kubeconfig file to use (only if falcosidekick is running outside the cluster)
+  minimumpriority: "debug" # events with a priority above this are mapped to fail in PolicyReport Summary and lower that those are mapped to warn (default="")
+  maxevents: 1000 # the max number of events that can be in a policyreport (default: 1000)
+  prunebypriority: false # if true; the events with lowest severity are pruned first, in FIFO order (default: false)
+
 webui:
   url: "" # WebUI URL, if not empty, WebUI output is enabled
 
@@ -828,6 +838,12 @@ care of lower/uppercases**) : `yaml: a.b --> envvar: A_B` :
 - **SYSLOG_PROTOCOL**: Syslog transport protocol. It can be either "tcp" or "udp"
 - **SYSLOG_MINIMUMPRIORITY**: minimum priority of event for using this output, order is emergency|alert|critical|error|warning|notice|informational|debug or "" (default: "debug")
 
+- **POLICYREPORT_ENABLED**: if true policyreport output is enabled (default: `false`)
+- **POLICYREPORT_KUBECONFIG**: Kubeconfig file to use (only if falcosidekick is running outside the cluster)
+- **POLICYREPORT_MINIMUMPRIORITY**: events with priority above this are mapped to fail in PolicyReport summary and lower that those are mapped to warn 
+- **POLICYREPORT_MAXEVENTS**: the max number of events that can be per report (default: 1000)
+- **POLICYREPORT_PRUNEBYPRIORITY**: if true; the events with lowest severity are pruned first, in FIFO order (default: `false`)
+
 #### Slack/Rocketchat/Mattermost/Googlechat Message Formatting
 
 The `SLACK_MESSAGEFORMAT` environment variable and `slack.messageformat` YAML
@@ -1090,6 +1106,11 @@ time                akey    bkey    ckey    priority rule      value
 
 ![google chat text example](https://github.com/falcosecurity/falcosidekick/raw/master/imgs/google_chat_example.png)
 
+## Installing Policy Report Custom Resource Definition (CRD)
+
+Information about how to find and install the CRD for the reports can be found [here](https://github.com/kubernetes-sigs/wg-policy-prototypes/tree/master/policy-report#installing). Installation of the Policy Report Custom Resource Definition (CRD) is a prerequisite for using Policy Report output.
+
+
 ## Development
 
 ### Build

config.go

@@ -268,6 +268,13 @@ func getConfig() *types.Configuration {
 	v.SetDefault("Webui.URL", "")
 	v.SetDefault("Webui.MutualTls", false)
 	v.SetDefault("Webui.CheckCert", true)
+
+	v.SetDefault("PolicyReport.Enabled", false)
+	v.SetDefault("PolicyReport.Kubeconfig", "")
+	v.SetDefault("PolicyReport.MinimumPriority", "")
+	v.SetDefault("PolicyReport.MaxEvents", 1000)
+	v.SetDefault("PolicyReport.PruneByPriority", false)
+
 	v.SetDefault("Rabbitmq.URL", "")
 	v.SetDefault("Rabbitmq.Queue", "")
 	v.SetDefault("Rabbitmq.MinimumPriority", "")

config_example.yaml

@@ -273,3 +273,11 @@ fission:
   # minimumpriority: "debug" # minimum priority of event for using this output, order is emergency|alert|critical|error|warning|notice|informational|debug or "" (default)
   # checkcert: true # check if ssl certificate of the output is valid (default: true)
   # mutualtls: false # if true, checkcert flag will be ignored (server cert will always be checked)
+
+policyreport:
+  enabled: false  # if true policyreport output is enabled
+  kubeconfig: "~/.kube/config"  # Kubeconfig file to use (only if falcosidekick is running outside the cluster)
+  failthreshold: 4 # events with priority above this threshold are mapped to fail in PolicyReport Summary and lower that those are mapped to warn (default=4)
+  maxevents: 1000 # the max number of events per report(default: 1000)
+  prunebypriority: false # if true; the events with lowest severity are pruned first, in FIFO order (default: false)
+

go.mod

@@ -15,6 +15,8 @@ require (
 	github.com/emersion/go-smtp v0.14.0
 	github.com/google/uuid v1.2.0
 	github.com/googleapis/gax-go v1.0.3
+	github.com/kubernetes-sigs/wg-policy-prototypes/policy-report/kube-bench-adapter v0.0.0-20210714174227-a3d56502c383
+	github.com/nats-io/nats-streaming-server v0.19.0 // indirect
 	github.com/nats-io/nats.go v1.10.0
 	github.com/nats-io/stan.go v0.8.3
 	github.com/prometheus/client_golang v1.9.0
@@ -27,7 +29,8 @@ require (
 	google.golang.org/api v0.40.0
 	google.golang.org/genproto v0.0.0-20210226172003-ab064af71705
 	gopkg.in/alecthomas/kingpin.v2 v2.2.6
-	k8s.io/client-go v0.20.4
+	k8s.io/apimachinery v0.20.5
+	k8s.io/client-go v11.0.0+incompatible
 )
 
 require (
@@ -52,7 +55,7 @@ require (
 	github.com/devigned/tab v0.1.1 // indirect
 	github.com/form3tech-oss/jwt-go v3.2.2+incompatible // indirect
 	github.com/fsnotify/fsnotify v1.4.9 // indirect
-	github.com/go-logr/logr v0.2.0 // indirect
+	github.com/go-logr/logr v0.3.0 // indirect
 	github.com/gogo/protobuf v1.3.2 // indirect
 	github.com/golang/groupcache v0.0.0-20200121045136-8c9f03a8e57e // indirect
 	github.com/golang/protobuf v1.4.3 // indirect
@@ -61,26 +64,25 @@ require (
 	github.com/google/go-querystring v1.0.0 // indirect
 	github.com/google/gofuzz v1.1.0 // indirect
 	github.com/googleapis/gax-go/v2 v2.0.5 // indirect
-	github.com/googleapis/gnostic v0.4.1 // indirect
+	github.com/googleapis/gnostic v0.5.1 // indirect
 	github.com/hashicorp/hcl v1.0.0 // indirect
-	github.com/imdario/mergo v0.3.7 // indirect
+	github.com/imdario/mergo v0.3.10 // indirect
 	github.com/jmespath/go-jmespath v0.4.0 // indirect
 	github.com/jpillora/backoff v1.0.0 // indirect
 	github.com/json-iterator/go v1.1.10 // indirect
 	github.com/jstemmer/go-junit-report v0.9.1 // indirect
 	github.com/klauspost/compress v1.9.8 // indirect
 	github.com/lightstep/tracecontext.go v0.0.0-20181129014701-1757c391b1ac // indirect
 	github.com/magiconair/properties v1.8.1 // indirect
-	github.com/matttproud/golang_protobuf_extensions v1.0.1 // indirect
+	github.com/matttproud/golang_protobuf_extensions v1.0.2-0.20181231171920-c182affec369 // indirect
 	github.com/mitchellh/mapstructure v1.1.2 // indirect
 	github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd // indirect
 	github.com/modern-go/reflect2 v1.0.1 // indirect
 	github.com/nats-io/jwt v1.1.0 // indirect
 	github.com/nats-io/nats-server/v2 v2.1.9 // indirect
-	github.com/nats-io/nats-streaming-server v0.19.0 // indirect
 	github.com/nats-io/nkeys v0.1.4 // indirect
 	github.com/nats-io/nuid v1.0.1 // indirect
-	github.com/pelletier/go-toml v1.2.0 // indirect
+	github.com/pelletier/go-toml v1.8.1 // indirect
 	github.com/pierrec/lz4 v2.6.0+incompatible // indirect
 	github.com/pkg/errors v0.9.1 // indirect
 	github.com/pmezard/go-difflib v1.0.0 // indirect
@@ -93,10 +95,9 @@ require (
 	github.com/spf13/pflag v1.0.5 // indirect
 	github.com/subosito/gotenv v1.2.0 // indirect
 	go.opencensus.io v0.22.5 // indirect
-	go.uber.org/atomic v1.5.0 // indirect
-	go.uber.org/multierr v1.3.0 // indirect
-	go.uber.org/tools v0.0.0-20190618225709-2cfd321de3ee // indirect
-	go.uber.org/zap v1.13.0 // indirect
+	go.uber.org/atomic v1.6.0 // indirect
+	go.uber.org/multierr v1.5.0 // indirect
+	go.uber.org/zap v1.15.0 // indirect
 	golang.org/x/crypto v0.0.0-20201016220609-9e8e0b390897 // indirect
 	golang.org/x/exp v0.0.0-20200224162631-6cc2880d07d6 // indirect
 	golang.org/x/lint v0.0.0-20201208152925-83fdc39ff7b5 // indirect
@@ -114,12 +115,14 @@ require (
 	gopkg.in/inf.v0 v0.9.1 // indirect
 	gopkg.in/ini.v1 v1.51.0 // indirect
 	gopkg.in/yaml.v2 v2.3.0 // indirect
-	gopkg.in/yaml.v3 v3.0.0-20200313102051-9f266ea9e77c // indirect
+	gopkg.in/yaml.v3 v3.0.0-20200615113413-eeeca48fe776 // indirect
 	honnef.co/go/tools v0.0.1-2020.1.4 // indirect
-	k8s.io/api v0.20.4 // indirect
-	k8s.io/apimachinery v0.20.4 // indirect
+	k8s.io/api v0.20.5 // indirect
 	k8s.io/klog/v2 v2.4.0 // indirect
-	k8s.io/utils v0.0.0-20201110183641-67b214c5f920 // indirect
+	k8s.io/utils v0.0.0-20210111153108-fddb29f9d009 // indirect
+	sigs.k8s.io/controller-runtime v0.8.3 // indirect
 	sigs.k8s.io/structured-merge-diff/v4 v4.0.2 // indirect
 	sigs.k8s.io/yaml v1.2.0 // indirect
 )
+
+replace k8s.io/client-go => k8s.io/client-go v0.20.5