-
Notifications
You must be signed in to change notification settings - Fork 873
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
added validation function for config keys #3004
base: master
Are you sure you want to change the base?
Conversation
Welcome @h4l0gen! It looks like this is your first PR to falcosecurity/falco 🎉 |
ei @h4l0gen thank you for this! We will try to take a look ASAP! We are in the middle of Falco 0.37.0 release so we could have a little delay with the review of new PRs |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Hey,
I quickly looked at this, and it is a great starting point! Thank you.
First thing that came to my mind is: Could we relay on some more formal validation mechanism (like https://json-schema.org/specification) instead of just having fixed.yaml
with all default values? 🤔
IIRC, YAML can be validated using a json-schema (cc @jasondellaluce @LucaGuerra )
Also left a comment (see below)
userspace/falco/configuration.cpp
Outdated
} | ||
void falco_configuration::load_yaml(const std::string& config_name, const yaml_helper& config) | ||
{ | ||
YAML::Node fixedSchema = YAML::LoadFile("userspace/falco/fixed.yaml"); |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This can work only when in development mode. A better solution would be to embed the file into the Falco binary so as not to load an external file at runtime.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
hey @leogr,
Thanks for reviewing. I will embed file into Falco binary and along with that try to find other validation mechanisms too.
Fully agree with this one! We already have the |
|
Hey @Andreagit97 @leogr @FedeDP, I have included Valijson and utilized the YAML-CPP adapter. Please take a look and provide any suggestions or corrections if I have made any mistakes. Thank you!! |
userspace/falco/configuration.cpp
Outdated
#include <re2/re2.h> | ||
|
||
#include "valijson/adapters/yaml_cpp_adapters.hpp" | ||
#include "ValidationUtils.h" |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Where does ValidationUtils.h
come from? 🤔
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Sorry for this, @leogr. I forgot to commit the ValidationUtils.h file 😅. This header file is being used for the validateKeysRecursive function.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Hey @leogr , could you please take a look at this PR so that we can finish our work on it?
fce2570
to
96cc234
Compare
Hey @leogr, could you please review this PR again? It would be greatly appreciated, and we can then finish our work on this issue. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Hey @leogr, could you please review this PR again? It would be greatly appreciated, and we can finish our work on this issue.
The valijson version we are pulling via libs is v0.6 (which does not come with the yaml adapter). So, to make this work, we must first try to update valijson in libs (0.7 or later) (@LucaGuerra @FedeDP can you take a look at that?)
@h4l0gen, meanwhile, I suggest you clean up this PR by removing all now unnecessary stuff (e.g., userspace/falco/fixed.yaml
and possibly other stuff). Also, rebase on top of the latest master. Thank you!
userspace/falco/configuration.cpp
Outdated
@@ -183,6 +184,45 @@ void falco_configuration::load_engine_config(const std::string& config_name, con | |||
m_changes_in_engine_config = true; | |||
} | |||
|
|||
|
|||
std::vector<std::string> fixedSchemaKeysVec = { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Since we are going to use valijson, do we still need this?
@@ -0,0 +1,161 @@ | |||
rules_file: |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I guess this file is not needed anymore.
As an example, this is a schema file describing the rules YAML files format: https://github.com/falcosecurity/falco-playground/blob/main/src/components/Editor/falcoSchema.json We basically need something similar for the falco.yaml config. |
Okay, thanks @leogr . I will implement this change. |
Signed-off-by: h4l0gen <ks3913688@gmail.com>
Signed-off-by: h4l0gen <ks3913688@gmail.com>
Signed-off-by: h4l0gen <ks3913688@gmail.com>
Signed-off-by: h4l0gen <ks3913688@gmail.com>
Signed-off-by: h4l0gen <ks3913688@gmail.com>
Signed-off-by: h4l0gen <ks3913688@gmail.com>
This reverts commit 1373bb2. Signed-off-by: h4l0gen <ks3913688@gmail.com>
This reverts commit d809cbe. Signed-off-by: h4l0gen <ks3913688@gmail.com>
This reverts commit 9fec747. Signed-off-by: h4l0gen <ks3913688@gmail.com>
[APPROVALNOTIFIER] This PR is NOT APPROVED This pull-request has been approved by: h4l0gen The full list of commands accepted by this bot can be found here.
Needs approval from an approver in each of these files:
Approvers can indicate their approval by writing |
1 similar comment
[APPROVALNOTIFIER] This PR is NOT APPROVED This pull-request has been approved by: h4l0gen The full list of commands accepted by this bot can be found here.
Needs approval from an approver in each of these files:
Approvers can indicate their approval by writing |
Signed-off-by: Andrea Terzolo <andreaterzolo3@gmail.com>
Signed-off-by: Andrea Terzolo <andreaterzolo3@gmail.com>
Signed-off-by: Andrea Terzolo <andreaterzolo3@gmail.com>
I added again the commits but it seems that now the CI is broken for another reason 😮💨 i will take a look ASAP! |
/milestone 0.39.0 |
What type of PR is this?
/kind feature
Any specific area of the project related to this PR?
/area build
What this PR does / why we need it:
This PR checks for existing configuration keys in falco.yaml.
Which issue(s) this PR fixes:
Emit a warning when trying to set a non-existing config key #2924
Fixes #2924
Special notes for your reviewer:
I'd like to discuss the available configuration options that I added in the fixed.yaml schema.
Does this PR introduce a user-facing change?: