new(plugins/k8smeta): update k8smeta plugin to require plugin API version 3.9.0. #625
Conversation
poiana
added
kind/cleanup
dco-signoff: yes
kind/feature
|
[APPROVALNOTIFIER] This PR is NOT APPROVED This pull-request has been approved by: FedeDP The full list of commands accepted by this bot can be found here.
Needs approval from an approver in each of these files:
Approvers can indicate their approval by writing |
| @@ -6,7 +6,7 @@ message( | |||
| FetchContent_Declare( | |||
| plugin-sdk-cpp | |||
| GIT_REPOSITORY https://github.com/falcosecurity/plugin-sdk-cpp.git | |||
| GIT_TAG 2097bdb5a5d77f3f38162da1f438382912465340) | |||
| GIT_TAG 0.2.0) | |||
There was a problem hiding this comment.
Use tagged sdk-cpp version.
| @@ -138,8 +138,8 @@ falcosecurity::init_schema my_plugin::get_init_schema() | |||
| }, | |||
| "hostProc": { | |||
| "type": "string", | |||
| "title": "Path to reach the '/proc' folder we want to scan.", | |||
| "description": "The plugin needs to scan the '/proc' of the host on which is running. In Falco usually we put the host '/proc' folder under '/host/proc' so the the default for this config is '/host'. The path used here must not have a final '/'." | |||
| "title": "[DEPRECATED] Path to reach the '/proc' folder we want to scan.", | |||
There was a problem hiding this comment.
Deprecated initConfig key, unused now.
There was a problem hiding this comment.
Do you confirm that this setting won't produce any effect anymore?
If so, we should add a notice in addition to the deprecation. Make sense?
| @@ -428,11 +295,20 @@ bool my_plugin::init(falcosecurity::init_input& in) | |||
| try | |||
| { | |||
| m_thread_table = t.get_table(THREAD_TABLE_NAME, st::SS_PLUGIN_ST_INT64); | |||
|
|
|||
| // get the 'cgroups' field accessor from the thread table | |||
| m_thread_field_cgroups = m_thread_table.get_field( | |||
There was a problem hiding this comment.
We need these to be able to correctly fetch cgroups string from the thread entry in the capture_open() listen CAP callback.
| SPDLOG_DEBUG("enriching initial thread table entries"); | ||
| auto& tr = in.get_table_reader(); | ||
| auto& tw = in.get_table_writer(); | ||
| m_thread_table.iterate_entries( |
There was a problem hiding this comment.
We iterate over all thread table entries, and for each, we iterate over its cgroups vector, taking the ->second (cgroups are a vector of std::pair and second hosts the cgroup path, while first hosts the cgroup controller); for each cgroup path we try to extract the pod_uid and, if successful, we break the loop for the current thread entry.
plugins/k8smeta/src/plugin.cpp
Outdated
| @@ -520,7 +438,7 @@ std::vector<falcosecurity::field_info> my_plugin::get_fields() | |||
| // Use an array to perform a static_assert one the size. | |||
| const falcosecurity::field_info fields[] = { | |||
| {ft::FTYPE_STRING, "k8smeta.pod.name", "Pod Name", | |||
| "Kubernetes pod name."}, | |||
| "Kubernetes pod name.", {}, false, {}, true}, // use as suggested output format | |||
There was a problem hiding this comment.
Mark this field as suggested output format.
plugins/k8smeta/src/plugin.cpp
Outdated
| @@ -535,7 +453,7 @@ std::vector<falcosecurity::field_info> my_plugin::get_fields() | |||
| {ft::FTYPE_STRING, "k8smeta.pod.ip", "Pod Ip", "Kubernetes pod ip"}, | |||
|
|
|||
| {ft::FTYPE_STRING, "k8smeta.ns.name", "Namespace Name", | |||
| "Kubernetes namespace name."}, | |||
| "Kubernetes namespace name.", {}, false, {}, true}, // use as suggested output format | |||
There was a problem hiding this comment.
Mark this field as suggested output format.
…sion 3.9.0. Implement the suggested output fields feature, by suggesting `k8smeta.pod.name` and `k8smeta.ns.name` as output fields. Also, entirely avoid the proc scan, instead relying on the listening CAPability to initially loop over the thread table to attach pod_uid to threads. `hostProc` initConfig key is now deprecated and unused. Moved the plugin to 0.3.0 too. Signed-off-by: Federico Di Pierro <[email protected]>
FedeDP
force-pushed
the
new/k8smeta_update
branch
from
e7b1571 to
f8c60d8
Compare
| @@ -282,3 +286,4 @@ FALCOSECURITY_PLUGIN(my_plugin); | |||
| FALCOSECURITY_PLUGIN_FIELD_EXTRACTION(my_plugin); | |||
| FALCOSECURITY_PLUGIN_ASYNC_EVENTS(my_plugin); | |||
| FALCOSECURITY_PLUGIN_EVENT_PARSING(my_plugin); | |||
| FALCOSECURITY_PLUGIN_CAPTURE_LISTENING(my_plugin); | |||
| @@ -245,7 +250,7 @@ class my_plugin | |||
| private: | |||
| // Async thread | |||
| std::thread m_async_thread; | |||
| std::atomic<bool> m_async_thread_quit; | |||
| std::atomic<bool> m_async_thread_quit = false; | |||
Signed-off-by: Federico Di Pierro <[email protected]>
Rules files suggestions |
Signed-off-by: Federico Di Pierro <[email protected]>
Signed-off-by: Federico Di Pierro <[email protected]>
Rules files suggestions |
Signed-off-by: Federico Di Pierro <[email protected]>
Rules files suggestions |
1 similar comment
Rules files suggestions |
FedeDP
force-pushed
the
new/k8smeta_update
branch
from
e90d163 to
d8815ba
Compare
|
/hold |
Rules files suggestions |
| @@ -138,8 +138,8 @@ falcosecurity::init_schema my_plugin::get_init_schema() | |||
| }, | |||
| "hostProc": { | |||
| "type": "string", | |||
| "title": "Path to reach the '/proc' folder we want to scan.", | |||
| "description": "The plugin needs to scan the '/proc' of the host on which is running. In Falco usually we put the host '/proc' folder under '/host/proc' so the the default for this config is '/host'. The path used here must not have a final '/'." | |||
| "title": "[DEPRECATED] Path to reach the '/proc' folder we want to scan.", | |||
There was a problem hiding this comment.
Do you confirm that this setting won't produce any effect anymore?
If so, we should add a notice in addition to the deprecation. Make sense?
Moreover, dropped proc-scan related tests. Signed-off-by: Federico Di Pierro <[email protected]>
Signed-off-by: Federico Di Pierro <[email protected]>
FedeDP
force-pushed
the
new/k8smeta_update
branch
from
d8815ba to
fcba3e4
Compare
|
@leogr pushed changes to address your review! Thanks! |
Rules files suggestions |
|
Also, we might want to use the provided logger by the sdk, like i did here for the container plugin: FedeDP/container_plugin#26 This would allow use to drop the I will make the change in its own commit. |
What type of PR is this?
/kind cleanup
/kind feature
Any specific area of the project related to this PR?
/area plugins
What this PR does / why we need it:
Implemented the "suggested output fields feature", by suggesting
k8smeta.pod.nameandk8smeta.ns.nameas output fields.Also, entirely avoid the proc scan, instead relying on the listening CAPability to initially loop over the thread table to attach pod_uid to threads.
Following the above,
hostProcinitConfig key is now deprecated and unused.Moved the plugin to 0.3.0 too (given the minimum plugin API version changes).
Which issue(s) this PR fixes:
Fixes #
Special notes for your reviewer: