Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add attributes to GCP PubSub messages #505

Merged
merged 1 commit into from
Jun 12, 2023
Merged

Add attributes to GCP PubSub messages #505

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
5 changes: 5 additions & 0 deletions README.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -407,6 +407,8 @@ gcp:
projectid: "" # The GCP Project ID containing the Pub/Sub Topic
topic: "" # The name of the Pub/Sub topic
# minimumpriority: "debug" # minimum priority of event for using this output, order is emergency|alert|critical|error|warning|notice|informational|debug or "" (default)
# customAttributes: # Custom attributes to add to the Pub/Sub messages
# key: value
storage:
# prefix : "" # name of prefix, keys will have format: gs://<bucket>/<prefix>/YYYY-MM-DD/YYYY-MM-DDTHH:mm:ss.s+01:00.json
bucket: "" # The name of the bucket
Expand Down Expand Up @@ -918,6 +920,9 @@ care of lower/uppercases**) : `yaml: a.b --> envvar: A_B` :
- **GCP_PUBSUB_TOPIC**: The name of the Pub/Sub topic
- **GCP_PUBSUB_MINIMUMPRIORITY**: minimum priority of event for using this
output, order is
`emergency|alert|critical|error|warning|notice|informational|debug or "" (default)`
- **GCP_PUBSUB_CUSTOMATTRIBUTES**: a list of comma separated custom headers to add,
syntax is "key:value,key:value"
- **GCP_STORAGE_BUCKET**: The name of the bucket
- **GCP_STORAGE_PREFIX**: name of prefix, keys will have format: gs://<bucket>/<prefix>/YYYY-MM-DD/YYYY-MM-DDTHH:mm:ss.s+01:00.json
- **GCP_STORAGE_MINIMUMPRIORITY**: minimum priority of event for using this
Expand Down
12 changes: 12 additions & 0 deletions config.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -27,6 +27,7 @@ func getConfig() *types.Configuration {
Webhook: types.WebhookOutputConfig{CustomHeaders: make(map[string]string)},
Alertmanager: types.AlertmanagerOutputConfig{ExtraLabels: make(map[string]string), ExtraAnnotations: make(map[string]string)},
CloudEvents: types.CloudEventsOutputConfig{Extensions: make(map[string]string)},
GCP: types.GcpOutputConfig{PubSub: types.GcpPubSub{CustomAttributes: make(map[string]string)}},
}

configFile := kingpin.Flag("config-file", "config file").Short('c').ExistingFile()
Expand Down Expand Up @@ -463,6 +464,7 @@ func getConfig() *types.Configuration {
v.GetStringMapString("CloudEvents.Extensions")
v.GetStringMapString("AlertManager.ExtraLabels")
v.GetStringMapString("AlertManager.ExtraAnnotations")
v.GetStringMapString("GCP.PubSub.CustomAttributes")
if err := v.Unmarshal(c); err != nil {
log.Printf("[ERROR] : Error unmarshalling config : %s", err)
}
Expand Down Expand Up @@ -549,6 +551,16 @@ func getConfig() *types.Configuration {
}
}

if value, present := os.LookupEnv("GCP_PUBSUB_CUSTOMATTRIBUTES"); present {
customattributes := strings.Split(value, ",")
for _, label := range customattributes {
tagkeys := strings.Split(label, ":")
if len(tagkeys) == 2 {
c.GCP.PubSub.CustomAttributes[tagkeys[0]] = tagkeys[1]
}
}
}

if c.AWS.SecurityLake.Interval < 5 {
c.AWS.SecurityLake.Interval = 5
}
Expand Down
2 changes: 2 additions & 0 deletions config_example.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -228,6 +228,8 @@ gcp:
projectid: "" # The GCP Project ID containing the Pub/Sub Topic
topic: "" # The name of the Pub/Sub topic
# minimumpriority: "debug" # minimum priority of event for using this output, order is emergency|alert|critical|error|warning|notice|informational|debug or "" (default)
# customAttributes: # Custom attributes to add to the Pub/Sub messages
# key: value
storage:
# prefix : "" # name of prefix, keys will have format: gs://<bucket>/<prefix>/YYYY-MM-DD/YYYY-MM-DDTHH:mm:ss.s+01:00.json
bucket: "" # The name of the bucket
Expand Down
3 changes: 2 additions & 1 deletion outputs/gcp.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -138,7 +138,8 @@ func (c *Client) GCPPublishTopic(falcopayload types.FalcoPayload) {

payload, _ := json.Marshal(falcopayload)
message := &pubsub.Message{
Data: payload,
Data: payload,
Attributes: c.Config.GCP.PubSub.CustomAttributes,
}

result := c.GCPTopicClient.Publish(context.Background(), message)
Expand Down
15 changes: 8 additions & 7 deletions types/types.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -76,7 +76,7 @@ type Configuration struct {
Webhook WebhookOutputConfig
CloudEvents CloudEventsOutputConfig
Azure azureConfig
GCP gcpOutputConfig
GCP GcpOutputConfig
Googlechat GooglechatConfig
Kafka kafkaConfig
KafkaRest KafkaRestConfig
Expand Down Expand Up @@ -409,10 +409,10 @@ type gcpCloudRun struct {
MinimumPriority string
}

type gcpOutputConfig struct {
type GcpOutputConfig struct {
Credentials string
WorkloadIdentity bool
PubSub gcpPubSub
PubSub GcpPubSub
Storage gcpStorage
CloudFunctions gcpCloudFunctions
CloudRun gcpCloudRun
Expand All @@ -423,10 +423,11 @@ type gcpCloudFunctions struct {
MinimumPriority string
}

type gcpPubSub struct {
ProjectID string
Topic string
MinimumPriority string
type GcpPubSub struct {
ProjectID string
Topic string
MinimumPriority string
CustomAttributes map[string]string
}

type gcpStorage struct {
Expand Down
Loading