allow to set custom headers for loki, elasticsearch and grafana

Signed-off-by: Thomas Labarussias <[email protected]>

README.md

@@ -253,6 +253,8 @@ elasticsearch:
   # checkcert: true # check if ssl certificate of the output is valid (default: true)
   # username: "" # use this username to authenticate to Elasticsearch if the username is not empty (default: "")
   # password: "" # use this password to authenticate to Elasticsearch if the password is not empty (default: "")
+  # customHeaders: # Custom headers to add in POST, useful for Authentication
+  #   key: value
 
 influxdb:
   # hostport: "" # http://{domain or ip}:{port}, if not empty, Influxdb output is enabled
@@ -276,6 +278,8 @@ loki:
   # tenant: "" # Add the tenant header if needed. Enabled if not empty
   # endpoint: "/api/prom/push" # The endpoint URL path, default is "/api/prom/push" more info : https://grafana.com/docs/loki/latest/api/#post-apiprompush
   # extralabels: "" # comma separated list of fields to use as labels additionally to rule, source, priority, tags and custom_fields
+  # customHeaders: # Custom headers to add in POST, useful for Authentication
+  #   key: value
 
 stan:
   # hostport: "" # nats://{domain or ip}:{port}, if not empty, STAN output is enabled
@@ -485,6 +489,8 @@ grafana:
   # mutualtls: false # if true, checkcert flag will be ignored (server cert will always be checked)
   # checkcert: true # check if ssl certificate of the output is valid (default: true)
   # minimumpriority: "debug" # minimum priority of event for using this output, order is emergency|alert|critical|error|warning|notice|informational|debug or "" (default)
+  # customHeaders: # Custom headers to add in POST, useful for Authentication
+  #   key: value
 
 policyreport:
   enabled: false  # if true; policyreport output is enabled
@@ -707,6 +713,8 @@ care of lower/uppercases**) : `yaml: a.b --> envvar: A_B` :
   username is not empty (default: "")
 - **ELASTICSEARCH_PASSWORD** : use this password to authenticate to Elasticsearch if the
   password is not empty (default: "")
+- **ELASTICSEARCH_CUSTOMHEADERS** : a list of comma separated custom headers to add,
+  syntax is "key:value,key:value"
 - **INFLUXDB_HOSTPORT** : Influxdb http://host:port, if not `empty`, Influxdb is
   _enabled_
 - **INFLUXDB_DATABASE** : Influxdb database (default: falco)
@@ -735,6 +743,8 @@ care of lower/uppercases**) : `yaml: a.b --> envvar: A_B` :
 - **LOKI_ENDPOINT** : Loki endpoint URL path, default is "/api/prom/push" more info : https://grafana.com/docs/loki/latest/api/#post-apiprompush
 - **NATS_HOSTPORT** : NATS "nats://host:port", if not `empty`, NATS is _enabled_
 - **LOKI_EXTRALABELS** : comma separated list of fields to use as labels additionally to rule, source, priority, tags and custom_fields
+- **LOKI_CUSTOMHEADERS** : a list of comma separated custom headers to add,
+  syntax is "key:value,key:value"
 - **NATS_MINIMUMPRIORITY** : minimum priority of event for using this output,
   order is
   `emergency|alert|critical|error|warning|notice|informational|debug or "" (default)`
@@ -987,6 +997,8 @@ care of lower/uppercases**) : `yaml: a.b --> envvar: A_B` :
 - **GRAFANA_CHECKCERT**: check if ssl certificate of the output is valid (default: true)
 - **GRAFANA_MINIMUMPRIORITY**: minimum priority of event for using this output, order is
   `emergency|alert|critical|error|warning|notice|informational|debug or "" (default)`
+- **GRAFANA_CUSTOMHEADERS** : a list of comma separated custom headers to add,
+  syntax is "key:value,key:value"
 - **YANDEX_ACCESSKEYID** : Yandex Access Key Id
 - **YANDEX_SECRETACCESSKEY** : Yandex Secret Access Key
 - **YANDEX_REGION**: Yandex region (default: ru-central-1)

config.go

@@ -19,10 +19,13 @@ import (
 
 func getConfig() *types.Configuration {
 	c := &types.Configuration{
-		Customfields: make(map[string]string),
-		Webhook:      types.WebhookOutputConfig{CustomHeaders: make(map[string]string)},
-		Alertmanager: types.AlertmanagerOutputConfig{ExtraLabels: make(map[string]string), ExtraAnnotations: make(map[string]string)},
-		CloudEvents:  types.CloudEventsOutputConfig{Extensions: make(map[string]string)},
+		Customfields:  make(map[string]string),
+		Grafana:       types.GrafanaOutputConfig{CustomHeaders: make(map[string]string)},
+		Loki:          types.LokiOutputConfig{CustomHeaders: make(map[string]string)},
+		Elasticsearch: types.ElasticsearchOutputConfig{CustomHeaders: make(map[string]string)},
+		Webhook:       types.WebhookOutputConfig{CustomHeaders: make(map[string]string)},
+		Alertmanager:  types.AlertmanagerOutputConfig{ExtraLabels: make(map[string]string), ExtraAnnotations: make(map[string]string)},
+		CloudEvents:   types.CloudEventsOutputConfig{Extensions: make(map[string]string)},
 	}
 
 	configFile := kingpin.Flag("config-file", "config file").Short('c').ExistingFile()

config_example.yaml

@@ -73,6 +73,8 @@ elasticsearch:
   # checkcert: true # check if ssl certificate of the output is valid (default: true)
   # username: "" # use this username to authenticate to Elasticsearch if the username is not empty (default: "")
   # password: "" # use this password to authenticate to Elasticsearch if the password is not empty (default: "")
+  # customHeaders: # Custom headers to add in POST, useful for Authentication
+  #   key: value
 
 influxdb:
   # hostport: "" # http://{domain or ip}:{port}, if not empty, Influxdb output is enabled
@@ -97,6 +99,8 @@ loki:
   # tenant: "" # Add the Tenant header
   # endpoint: "/loki/api/v1/push" # The endpoint URL path, default is "/loki/api/v1/push" more info : https://grafana.com/docs/loki/latest/api/#post-apiprompush
   # extralabels: "" # comma separated list of fields to use as labels additionally to rule, source, priority, tags and custom_fields
+  # customHeaders: # Custom headers to add in POST, useful for Authentication
+  #   key: value
 
 nats:
   # hostport: "" # nats://{domain or ip}:{port}, if not empty, NATS output is enabled
@@ -313,6 +317,8 @@ grafana:
   # allfieldsastags: false # if true, all custom fields are added as tags (default: false)
   # mutualtls: false # if true, checkcert flag will be ignored (server cert will always be checked)
   # checkcert: true # check if ssl certificate of the output is valid (default: true)
+  # customHeaders: # Custom headers to add in POST, useful for Authentication
+  #   key: value
   # minimumpriority: "debug" # minimum priority of event for using this output, order is emergency|alert|critical|error|warning|notice|informational|debug or "" (default)
 
 webui:

outputs/elasticsearch.go

@@ -39,6 +39,10 @@ func (c *Client) ElasticsearchPost(falcopayload types.FalcoPayload) {
 		c.BasicAuth(c.Config.Elasticsearch.Username, c.Config.Elasticsearch.Password)
 	}
 
+	for i, j := range c.Config.Elasticsearch.CustomHeaders {
+		c.AddHeader(i, j)
+	}
+
 	err = c.Post(falcopayload)
 	if err != nil {
 		c.setElasticSearchErrorMetrics()

outputs/grafana.go

@@ -63,6 +63,9 @@ func (c *Client) GrafanaPost(falcopayload types.FalcoPayload) {
 	c.httpClientLock.Lock()
 	defer c.httpClientLock.Unlock()
 	c.AddHeader("Authorization", "Bearer "+c.Config.Grafana.APIKey)
+	for i, j := range c.Config.Grafana.CustomHeaders {
+		c.AddHeader(i, j)
+	}
 
 	err := c.Post(newGrafanaPayload(falcopayload, c.Config))
 	if err != nil {

outputs/loki.go

@@ -78,6 +78,10 @@ func (c *Client) LokiPost(falcopayload types.FalcoPayload) {
 		c.BasicAuth(c.Config.Loki.User, c.Config.Loki.APIKey)
 	}
 
+	for i, j := range c.Config.Loki.CustomHeaders {
+		c.AddHeader(i, j)
+	}
+
 	err := c.Post(newLokiPayload(falcopayload, c.Config))
 	if err != nil {
 		go c.CountMetric(Outputs, 1, []string{"output:loki", "status:error"})

types/types.go

@@ -63,9 +63,9 @@ type Configuration struct {
 	Datadog            datadogOutputConfig
 	Discord            DiscordOutputConfig
 	Alertmanager       AlertmanagerOutputConfig
-	Elasticsearch      elasticsearchOutputConfig
+	Elasticsearch      ElasticsearchOutputConfig
 	Influxdb           influxdbOutputConfig
-	Loki               lokiOutputConfig
+	Loki               LokiOutputConfig
 	Nats               natsOutputConfig
 	Stan               stanOutputConfig
 	AWS                awsOutputConfig
@@ -89,7 +89,7 @@ type Configuration struct {
 	Rabbitmq           RabbitmqConfig
 	Wavefront          WavefrontOutputConfig
 	Fission            fissionConfig
-	Grafana            grafanaOutputConfig
+	Grafana            GrafanaOutputConfig
 	Yandex             YandexOutputConfig
 	Syslog             SyslogConfig
 	NodeRed            NodeRedOutputConfig
@@ -205,7 +205,7 @@ type AlertmanagerOutputConfig struct {
 	ExtraAnnotations map[string]string
 }
 
-type elasticsearchOutputConfig struct {
+type ElasticsearchOutputConfig struct {
 	HostPort        string
 	Index           string
 	Type            string
@@ -215,6 +215,7 @@ type elasticsearchOutputConfig struct {
 	Password        string
 	CheckCert       bool
 	MutualTLS       bool
+	CustomHeaders   map[string]string
 }
 
 type influxdbOutputConfig struct {
@@ -231,7 +232,7 @@ type influxdbOutputConfig struct {
 	MutualTLS       bool
 }
 
-type lokiOutputConfig struct {
+type LokiOutputConfig struct {
 	HostPort        string
 	User            string
 	APIKey          string
@@ -242,6 +243,7 @@ type lokiOutputConfig struct {
 	Endpoint        string
 	ExtraLabels     string
 	ExtraLabelsList []string
+	CustomHeaders   map[string]string
 }
 
 type prometheusOutputConfig struct {
@@ -518,8 +520,8 @@ type RabbitmqConfig struct {
 	MinimumPriority string
 }
 
-// grafanaOutputConfig represents parameters for Grafana
-type grafanaOutputConfig struct {
+// GrafanaOutputConfig represents parameters for Grafana
+type GrafanaOutputConfig struct {
 	HostPort        string
 	APIKey          string
 	DashboardID     int
@@ -528,6 +530,7 @@ type grafanaOutputConfig struct {
 	CheckCert       bool
 	MutualTLS       bool
 	MinimumPriority string
+	CustomHeaders   map[string]string
 }
 
 type YandexOutputConfig struct {