From dabfe0e154a96802f7afb8e86c9d9908fa20e7f5 Mon Sep 17 00:00:00 2001 From: Federico Di Pierro Date: Thu, 5 Sep 2024 08:22:52 +0200 Subject: [PATCH] cleanup(userspace/falco): drop deprecated -t,-T,-D options. Signed-off-by: Federico Di Pierro --- .../falco/app/actions/load_rules_files.cpp | 33 ----------------- userspace/falco/app/options.cpp | 37 ------------------- userspace/falco/app/options.h | 3 -- 3 files changed, 73 deletions(-) diff --git a/userspace/falco/app/actions/load_rules_files.cpp b/userspace/falco/app/actions/load_rules_files.cpp index 521d26e1544..d1b6df45c83 100644 --- a/userspace/falco/app/actions/load_rules_files.cpp +++ b/userspace/falco/app/actions/load_rules_files.cpp @@ -131,39 +131,6 @@ falco::app::run_result falco::app::actions::load_rules_files(falco::app::state& return run_result::fatal(err); } - if((!s.options.disabled_rule_substrings.empty() || !s.options.disabled_rule_tags.empty() || !s.options.enabled_rule_tags.empty()) && - !s.config->m_rules_selection.empty()) - { - return run_result::fatal("Specifying -D, -t, -T command line options together with \"rules:\" configuration or -o \"rules...\" is not supported."); - } - - for (const auto& substring : s.options.disabled_rule_substrings) - { - falco_logger::log(falco_logger::level::INFO, "Disabling rules matching substring: " + substring + "\n"); - s.engine->enable_rule(substring, false); - } - - if(!s.options.disabled_rule_tags.empty()) - { - for(const auto &tag : s.options.disabled_rule_tags) - { - falco_logger::log(falco_logger::level::INFO, "Disabling rules with tag: " + tag + "\n"); - } - s.engine->enable_rule_by_tag(s.options.disabled_rule_tags, false); - } - - if(!s.options.enabled_rule_tags.empty()) - { - // Since we only want to enable specific - // rules, first disable all rules. - s.engine->enable_rule(all_rules, false); - for(const auto &tag : s.options.enabled_rule_tags) - { - falco_logger::log(falco_logger::level::INFO, "Enabling rules with tag: " + tag + "\n"); - } - s.engine->enable_rule_by_tag(s.options.enabled_rule_tags, true); - } - for(const auto& sel : s.config->m_rules_selection) { bool enable = sel.m_op == falco_configuration::rule_selection_operation::enable; diff --git a/userspace/falco/app/options.cpp b/userspace/falco/app/options.cpp index 27c83ff9071..31240cbdc2a 100644 --- a/userspace/falco/app/options.cpp +++ b/userspace/falco/app/options.cpp @@ -95,40 +95,6 @@ bool options::parse(int argc, char **argv, std::string &errstr) } } - // Convert the vectors of enabled/disabled tags into sets to match falco engine API - if(m_cmdline_parsed.count("T") > 0) - { - falco_logger::log(falco_logger::level::WARNING, "The -T option is deprecated and will be removed in Falco 0.39.0. Use -o rules[].disable.tag= instead."); - for(auto &tag : m_cmdline_parsed["T"].as>()) - { - disabled_rule_tags.insert(tag); - } - } - - if(m_cmdline_parsed.count("t") > 0) - { - falco_logger::log(falco_logger::level::WARNING, "The -t option is deprecated and will be removed in Falco 0.39.0. Use -o rules[].disable.rule=* -o rules[].enable.tag= instead."); - for(auto &tag : m_cmdline_parsed["t"].as>()) - { - enabled_rule_tags.insert(tag); - } - } - - if(disabled_rule_substrings.size() > 0) - { - falco_logger::log(falco_logger::level::WARNING, "The -D option is deprecated and will be removed in Falco 0.39.0. Use -o rules[].disable.rule= instead."); - } - - // Some combinations of arguments are not allowed. - - // You can't both disable and enable rules - if((disabled_rule_substrings.size() + disabled_rule_tags.size() > 0) && - !enabled_rule_tags.empty()) - { - errstr = std::string("You can not specify both disabled (-D/-T) and enabled (-t) rules"); - return false; - } - list_fields = m_cmdline_parsed.count("list") > 0; return true; @@ -156,7 +122,6 @@ void options::define(cxxopts::Options& opts) #endif ("disable-source", "Turn off a specific . By default, all loaded sources get enabled. Available sources are 'syscall' plus all sources defined by loaded plugins supporting the event sourcing capability. This option can be passed multiple times, but turning off all event sources simultaneously is not permitted. This option can not be mixed with --enable-source. This option has no effect when reproducing events from a capture file.", cxxopts::value(disable_sources), "") ("dry-run", "Run Falco without processing events. It can help check that the configuration and rules do not have any errors.", cxxopts::value(dry_run)->default_value("false")) - ("D", "DEPRECATED: use -o rules[].disable.rule= instead. Turn off any rules with names having the substring . This option can be passed multiple times. It cannot be mixed with -t.", cxxopts::value(disabled_rule_substrings), "") ("enable-source", "Enable a specific . By default, all loaded sources get enabled. Available sources are 'syscall' plus all sources defined by loaded plugins supporting the event sourcing capability. This option can be passed multiple times. When using this option, only the event sources specified by it will be enabled. This option can not be mixed with --disable-source. This option has no effect when reproducing events from a capture file.", cxxopts::value(enable_sources), "") #ifdef HAS_GVISOR ("gvisor-generate-config", "Generate a configuration file that can be used for gVisor and exit. See --gvisor-config for more details.", cxxopts::value(gvisor_generate_config_with_socket)->implicit_value("/run/falco/gvisor.sock"), "") @@ -177,8 +142,6 @@ void options::define(cxxopts::Options& opts) ("r", "Rules file or directory to be loaded. This option can be passed multiple times. Falco defaults to the values in the configuration file when this option is not specified.", cxxopts::value>(), "") ("S,snaplen", "Collect only the first bytes of each I/O buffer for 'syscall' events. By default, the first 80 bytes are collected by the driver and sent to the user space for processing. Use this option with caution since it can have a strong performance impact.", cxxopts::value(snaplen)->default_value("0"), "") ("support", "Print support information, including version, rules files used, loaded configuration, etc., and exit. The output is in JSON format.", cxxopts::value(print_support)->default_value("false")) - ("T", "DEPRECATED: use -o rules[].disable.tag= instead. Turn off any rules with a tag=. This option can be passed multiple times. This option can not be mixed with -t.", cxxopts::value>(), "") - ("t", "DEPRECATED: use -o rules[].disable.rule=* -o rules[].enable.tag= instead. Only enable those rules with a tag=. This option can be passed multiple times. This option can not be mixed with -T/-D.", cxxopts::value>(), "") ("U,unbuffered", "Turn off output buffering for configured outputs. This causes every single line emitted by Falco to be flushed, which generates higher CPU usage but is useful when piping those outputs into another process or a script.", cxxopts::value(unbuffered_outputs)->default_value("false")) ("V,validate", "Read the contents of the specified file(s), validate the loaded rules, and exit. This option can be passed multiple times to validate multiple files.", cxxopts::value(validate_rules_filenames), "") ("v", "Enable verbose output.", cxxopts::value(verbose)->default_value("false")) diff --git a/userspace/falco/app/options.h b/userspace/falco/app/options.h index cbd4ee12a6b..86d7f143113 100644 --- a/userspace/falco/app/options.h +++ b/userspace/falco/app/options.h @@ -46,7 +46,6 @@ class options { std::vector cri_socket_paths; bool disable_cri_async = false; std::vector disable_sources; - std::vector disabled_rule_substrings; std::vector enable_sources; std::string gvisor_generate_config_with_socket; bool describe_all_rules = false; @@ -67,8 +66,6 @@ class options { std::list rules_filenames; uint64_t snaplen = 0; bool print_support = false; - std::set disabled_rule_tags; - std::set enabled_rule_tags; bool unbuffered_outputs = false; std::vector validate_rules_filenames; bool verbose = false;