-
Notifications
You must be signed in to change notification settings - Fork 174
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Reorg Headers, Add Basic Auth for Elasticsearch #245
Reorg Headers, Add Basic Auth for Elasticsearch #245
Conversation
Welcome @distortedsignal! It looks like this is your first PR to falcosecurity/falcosidekick 🎉 |
Signed-off-by: Tom Kelley <[email protected]>
9fa38d8
to
2f9bf74
Compare
Signed-off-by: Tom Kelley <[email protected]>
Signed-off-by: Tom Kelley <[email protected]>
Signed-off-by: Tom Kelley <[email protected]>
Signed-off-by: Tom Kelley <[email protected]>
Signed-off-by: Tom Kelley <[email protected]>
I don't know if this will give anyone any kind of confidence in the quality of this change, but I got this output on my machine: ➜ falcosidekick git:(add-es-basic-auth) date && make falcosidekick && date && make test && date && make test-coverage && date
Sat Jun 19 01:31:01 PDT 2021
go build -gcflags all=-trimpath=/src -asmflags all=-trimpath=/src -a -installsuffix cgo -o falcosidekick .
Sat Jun 19 01:31:27 PDT 2021
go vet ./...
go test -v -race ./...
? github.com/falcosecurity/falcosidekick [no test files]
=== RUN TestNewAlertmanagerPayloadO
--- PASS: TestNewAlertmanagerPayloadO (0.00s)
=== RUN TestNewClient
2021/06/19 01:31:34 [ERROR] : test - Bad Endpoint
--- PASS: TestNewClient (0.00s)
=== RUN TestPost
2021/06/19 01:31:34 [ERROR] : - Header missing (400)
2021/06/19 01:31:34 [ERROR] : - Authentication Error (401)
2021/06/19 01:31:34 [ERROR] : - Access Denied (403)
2021/06/19 01:31:34 [ERROR] : - Resource not found (404)
2021/06/19 01:31:34 [ERROR] : - Bad Request (422)
2021/06/19 01:31:34 [ERROR] : - Exceeding post rate limit (429)
2021/06/19 01:31:34 [ERROR] : - Unexpected Response (502)
2021/06/19 01:31:34 [INFO] : - Post OK (200)
--- PASS: TestPost (0.01s)
=== RUN TestAddHeader
2021/06/19 01:31:34 [INFO] : - Post OK (200)
--- PASS: TestAddHeader (0.00s)
=== RUN TestAddBasicAuth
2021/06/19 01:31:34 [INFO] : - Post OK (200)
--- PASS: TestAddBasicAuth (0.00s)
=== RUN TestMutualTlsPost
2021/06/19 01:31:48 [INFO] : - Post OK (200)
--- PASS: TestMutualTlsPost (14.07s)
=== RUN TestNewDatadogPayload
--- PASS: TestNewDatadogPayload (0.00s)
=== RUN TestNewDiscordPayload
--- PASS: TestNewDiscordPayload (0.00s)
=== RUN TestNewGoogleChatPayload
--- PASS: TestNewGoogleChatPayload (0.00s)
=== RUN TestNewInfluxdbPayload
--- PASS: TestNewInfluxdbPayload (0.00s)
=== RUN TestNewLokiPayload
--- PASS: TestNewLokiPayload (0.00s)
=== RUN TestMattermostPayload
--- PASS: TestMattermostPayload (0.00s)
=== RUN TestNewOpsgeniePayload
--- PASS: TestNewOpsgeniePayload (0.00s)
=== RUN TestPagerdutyPayload
--- PASS: TestPagerdutyPayload (0.00s)
=== RUN TestNewRocketchatPayload
--- PASS: TestNewRocketchatPayload (0.00s)
=== RUN TestNewSlackPayload
--- PASS: TestNewSlackPayload (0.00s)
=== RUN TestNewTeamsPayload
--- PASS: TestNewTeamsPayload (0.00s)
PASS
ok github.com/falcosecurity/falcosidekick/outputs 14.752s
=== RUN TestPriorityType_MarshalJSON
=== RUN TestPriorityType_MarshalJSON/Default
=== RUN TestPriorityType_MarshalJSON/Debug
=== RUN TestPriorityType_MarshalJSON/Informational
=== RUN TestPriorityType_MarshalJSON/Notice
=== RUN TestPriorityType_MarshalJSON/Warning
=== RUN TestPriorityType_MarshalJSON/Error
=== RUN TestPriorityType_MarshalJSON/Critical
=== RUN TestPriorityType_MarshalJSON/Alert
=== RUN TestPriorityType_MarshalJSON/Emergency
=== RUN TestPriorityType_MarshalJSON/Unknown_Key
--- PASS: TestPriorityType_MarshalJSON (0.00s)
--- PASS: TestPriorityType_MarshalJSON/Default (0.00s)
--- PASS: TestPriorityType_MarshalJSON/Debug (0.00s)
--- PASS: TestPriorityType_MarshalJSON/Informational (0.00s)
--- PASS: TestPriorityType_MarshalJSON/Notice (0.00s)
--- PASS: TestPriorityType_MarshalJSON/Warning (0.00s)
--- PASS: TestPriorityType_MarshalJSON/Error (0.00s)
--- PASS: TestPriorityType_MarshalJSON/Critical (0.00s)
--- PASS: TestPriorityType_MarshalJSON/Alert (0.00s)
--- PASS: TestPriorityType_MarshalJSON/Emergency (0.00s)
--- PASS: TestPriorityType_MarshalJSON/Unknown_Key (0.00s)
=== RUN TestPriorityType_UnmarshalJSON
=== RUN TestPriorityType_UnmarshalJSON/Default
=== RUN TestPriorityType_UnmarshalJSON/Debug
=== RUN TestPriorityType_UnmarshalJSON/Informational
=== RUN TestPriorityType_UnmarshalJSON/Notice
=== RUN TestPriorityType_UnmarshalJSON/Warning
=== RUN TestPriorityType_UnmarshalJSON/Error
=== RUN TestPriorityType_UnmarshalJSON/Critical
=== RUN TestPriorityType_UnmarshalJSON/Alert
=== RUN TestPriorityType_UnmarshalJSON/Emergency
=== RUN TestPriorityType_UnmarshalJSON/Unknown_Key
=== RUN TestPriorityType_UnmarshalJSON/an_error
--- PASS: TestPriorityType_UnmarshalJSON (0.00s)
--- PASS: TestPriorityType_UnmarshalJSON/Default (0.00s)
--- PASS: TestPriorityType_UnmarshalJSON/Debug (0.00s)
--- PASS: TestPriorityType_UnmarshalJSON/Informational (0.00s)
--- PASS: TestPriorityType_UnmarshalJSON/Notice (0.00s)
--- PASS: TestPriorityType_UnmarshalJSON/Warning (0.00s)
--- PASS: TestPriorityType_UnmarshalJSON/Error (0.00s)
--- PASS: TestPriorityType_UnmarshalJSON/Critical (0.00s)
--- PASS: TestPriorityType_UnmarshalJSON/Alert (0.00s)
--- PASS: TestPriorityType_UnmarshalJSON/Emergency (0.00s)
--- PASS: TestPriorityType_UnmarshalJSON/Unknown_Key (0.00s)
--- PASS: TestPriorityType_UnmarshalJSON/an_error (0.00s)
=== RUN TestPriority
=== RUN TestPriority/Default
=== RUN TestPriority/Debug
=== RUN TestPriority/Informational
=== RUN TestPriority/Notice
=== RUN TestPriority/Warning
=== RUN TestPriority/Error
=== RUN TestPriority/Critical
=== RUN TestPriority/Alert
=== RUN TestPriority/Emergency
=== RUN TestPriority/Debug#01
=== RUN TestPriority/Informational#01
=== RUN TestPriority/Notice#01
=== RUN TestPriority/Warning#01
=== RUN TestPriority/Error#01
=== RUN TestPriority/Critical#01
=== RUN TestPriority/Alert#01
=== RUN TestPriority/Emergency#01
=== RUN TestPriority/Unknown_Key
--- PASS: TestPriority (0.01s)
--- PASS: TestPriority/Default (0.00s)
--- PASS: TestPriority/Debug (0.00s)
--- PASS: TestPriority/Informational (0.00s)
--- PASS: TestPriority/Notice (0.00s)
--- PASS: TestPriority/Warning (0.00s)
--- PASS: TestPriority/Error (0.00s)
--- PASS: TestPriority/Critical (0.00s)
--- PASS: TestPriority/Alert (0.00s)
--- PASS: TestPriority/Emergency (0.00s)
--- PASS: TestPriority/Debug#01 (0.00s)
--- PASS: TestPriority/Informational#01 (0.00s)
--- PASS: TestPriority/Notice#01 (0.00s)
--- PASS: TestPriority/Warning#01 (0.00s)
--- PASS: TestPriority/Error#01 (0.00s)
--- PASS: TestPriority/Critical#01 (0.00s)
--- PASS: TestPriority/Alert#01 (0.00s)
--- PASS: TestPriority/Emergency#01 (0.00s)
--- PASS: TestPriority/Unknown_Key (0.00s)
PASS
ok github.com/falcosecurity/falcosidekick/types (cached)
Sat Jun 19 01:31:48 PDT 2021
go test ./outputs -count=1 -cover -v ./...
=== RUN TestNewAlertmanagerPayloadO
--- PASS: TestNewAlertmanagerPayloadO (0.00s)
=== RUN TestNewClient
2021/06/19 01:32:00 [ERROR] : test - Bad Endpoint
--- PASS: TestNewClient (0.00s)
=== RUN TestPost
2021/06/19 01:32:00 [INFO] : - Post OK (200)
2021/06/19 01:32:00 [ERROR] : - Header missing (400)
2021/06/19 01:32:00 [ERROR] : - Authentication Error (401)
2021/06/19 01:32:00 [ERROR] : - Access Denied (403)
2021/06/19 01:32:00 [ERROR] : - Resource not found (404)
2021/06/19 01:32:00 [ERROR] : - Bad Request (422)
2021/06/19 01:32:00 [ERROR] : - Exceeding post rate limit (429)
2021/06/19 01:32:00 [ERROR] : - Unexpected Response (502)
--- PASS: TestPost (0.00s)
=== RUN TestAddHeader
2021/06/19 01:32:00 [INFO] : - Post OK (200)
--- PASS: TestAddHeader (0.00s)
=== RUN TestAddBasicAuth
2021/06/19 01:32:00 [INFO] : - Post OK (200)
--- PASS: TestAddBasicAuth (0.00s)
=== RUN TestMutualTlsPost
2021/06/19 01:32:03 [INFO] : - Post OK (200)
--- PASS: TestMutualTlsPost (3.21s)
=== RUN TestNewDatadogPayload
--- PASS: TestNewDatadogPayload (0.00s)
=== RUN TestNewDiscordPayload
--- PASS: TestNewDiscordPayload (0.00s)
=== RUN TestNewGoogleChatPayload
--- PASS: TestNewGoogleChatPayload (0.00s)
=== RUN TestNewInfluxdbPayload
--- PASS: TestNewInfluxdbPayload (0.00s)
=== RUN TestNewLokiPayload
--- PASS: TestNewLokiPayload (0.00s)
=== RUN TestMattermostPayload
--- PASS: TestMattermostPayload (0.00s)
=== RUN TestNewOpsgeniePayload
--- PASS: TestNewOpsgeniePayload (0.00s)
=== RUN TestPagerdutyPayload
--- PASS: TestPagerdutyPayload (0.00s)
=== RUN TestNewRocketchatPayload
--- PASS: TestNewRocketchatPayload (0.00s)
=== RUN TestNewSlackPayload
--- PASS: TestNewSlackPayload (0.00s)
=== RUN TestNewTeamsPayload
--- PASS: TestNewTeamsPayload (0.00s)
PASS
coverage: 25.9% of statements
ok github.com/falcosecurity/falcosidekick/outputs 3.600s coverage: 25.9% of statements
Sat Jun 19 01:32:03 PDT 2021 |
Signed-off-by: Tom Kelley <[email protected]>
@@ -10,6 +10,10 @@ import ( | |||
func (c *Client) CloudRunFunctionPost(falcopayload types.FalcoPayload) { | |||
c.Stats.GCPCloudRun.Add(Total, 1) | |||
|
|||
if c.Config.GCP.CloudRun.JWT != "" { | |||
c.AddHeader(AuthorizationHeaderKey, "Bearer "+c.Config.GCP.CloudRun.JWT) | |||
} |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Compare to the following hunk in the current main branch:
falcosidekick/outputs/client.go
Lines 181 to 183 in 970a905
if c.OutputType == "GCPCloudRun" && c.Config.GCP.CloudRun.JWT != "" { | |
req.Header.Add("Authorization", "Bearer "+c.Config.GCP.CloudRun.JWT) | |
} |
@@ -72,6 +80,11 @@ func (c *Client) KubelessCall(falcopayload types.FalcoPayload) { | |||
} | |||
log.Printf("[INFO] : Kubeless - Function Response : %v\n", string(rawbody)) | |||
} else { | |||
c.AddHeader(KubelessEventIDKey, uuid.New().String()) | |||
c.AddHeader(KubelessEventTypeKey, KubelessEventTypeValue) | |||
c.AddHeader(KubelessEventNamespaceKey, c.Config.Kubeless.Namespace) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Compare to the following hunk in the current main branch:
falcosidekick/outputs/client.go
Lines 175 to 179 in 970a905
if c.OutputType == Kubeless { | |
req.Header.Add("event-id", uuid.New().String()) | |
req.Header.Add("event-type", "falco") | |
req.Header.Add("event-namespace", c.Config.Kubeless.Namespace) | |
} |
c.AddHeader(KubelessEventIDKey, uuid.New().String()) | ||
c.AddHeader(KubelessEventTypeKey, KubelessEventTypeValue) | ||
c.AddHeader(KubelessEventNamespaceKey, c.Config.Kubeless.Namespace) | ||
c.ContentType = KubelessContentType |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Compare to the following hunk in the current main branch:
falcosidekick/outputs/client.go
Lines 165 to 168 in 970a905
contentType := "application/json; charset=utf-8" | |
if c.OutputType == "Loki" || c.OutputType == Kubeless { | |
contentType = "application/json" | |
} |
@@ -47,6 +50,7 @@ func newLokiPayload(falcopayload types.FalcoPayload, config *types.Configuration | |||
// LokiPost posts event to Loki | |||
func (c *Client) LokiPost(falcopayload types.FalcoPayload) { | |||
c.Stats.Loki.Add(Total, 1) | |||
c.ContentType = LokiContentType |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Compare to the following hunk in the current main branch:
falcosidekick/outputs/client.go
Lines 165 to 168 in 970a905
contentType := "application/json; charset=utf-8" | |
if c.OutputType == "Loki" || c.OutputType == Kubeless { | |
contentType = "application/json" | |
} |
@@ -51,6 +51,7 @@ func newOpsgeniePayload(falcopayload types.FalcoPayload, config *types.Configura | |||
// OpsgeniePost posts event to OpsGenie | |||
func (c *Client) OpsgeniePost(falcopayload types.FalcoPayload) { | |||
c.Stats.Opsgenie.Add(Total, 1) | |||
c.AddHeader(AuthorizationHeaderKey, "GenieKey "+c.Config.Opsgenie.APIKey) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Compare to the following hunk in the current main branch:
falcosidekick/outputs/client.go
Lines 171 to 173 in 970a905
if c.OutputType == "Opsgenie" { | |
req.Header.Add("Authorization", "GenieKey "+c.Config.Opsgenie.APIKey) | |
} |
for i, j := range c.Config.Webhook.CustomHeaders { | ||
c.AddHeader(i, j) | ||
} | ||
} |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Compare to the following hunk in the current main branch:
falcosidekick/outputs/client.go
Lines 187 to 191 in 970a905
if len(c.Config.Webhook.CustomHeaders) != 0 && c.OutputType == "Webhook" { | |
for i, j := range c.Config.Webhook.CustomHeaders { | |
req.Header.Add(i, j) | |
} | |
} |
Signed-off-by: Tom Kelley <[email protected]>
Signed-off-by: Tom Kelley <[email protected]>
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Really nice PR, thank you a lot. I had in my todo list for a while to refactore client.go
. I was just too lazy for 😛 .
It's really nice to add sources for comparison, it's so convenient for the review, thank you.
I have a just a small comment for consistency of descriptions between files, else is good
The last commit message should be "Standardize wording across documentation", but I can't spell right now. |
You can fix the last commit with |
Signed-off-by: Tom Kelley <[email protected]>
f4b49dc
to
0f2a0f2
Compare
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
well done 👍
LGTM label has been added. Git tree hash: b1210d5f4c499f9a0a2af650db46f096728b6006
|
[APPROVALNOTIFIER] This PR is APPROVED This pull-request has been approved by: distortedsignal, Issif The full list of commands accepted by this bot can be found here. The pull request process is described here
Needs approval from an approver in each of these files:
Approvers can indicate their approval by writing |
What type of PR is this?
/kind feature
Any specific area of the project related to this PR?
/area outputs
/area tests
What this PR does / why we need it:
Elasticsearch primarily supports Basic Authentication as the means of authenticating to the server. This PR should allow users to use HTTP Basic Authentication with Elasticsearch. There was an attempt to make it easy to apply Basic Authentication to other providers as well, though no other output providers are configured in this PR.
This PR also cleans up the Post method in client.go to force the outputs to set the headers in their own Post methods.
Which issue(s) this PR fixes:
N/A
Special notes for your reviewer:
Previously: I'm going to get to the tests eventually. Trust me.
Now: Maybe I got to the tests? Maybe?