From 46e8f2c14ba3d7aa87e3d50fd6b7f694ff58a299 Mon Sep 17 00:00:00 2001 From: Lorenzo Susini Date: Wed, 2 Aug 2023 13:18:50 +0000 Subject: [PATCH] update(userspace/falco): handle the new rule matching configuration key Added a set method for the rule matching strategy on the engine. This allows to modify the stategy at runtime withotu the need to rebuild an engine from scratch. Signed-off-by: Lorenzo Susini --- userspace/falco/app/actions/init_falco_engine.cpp | 1 + userspace/falco/configuration.cpp | 6 ++++++ userspace/falco/configuration.h | 2 ++ 3 files changed, 9 insertions(+) diff --git a/userspace/falco/app/actions/init_falco_engine.cpp b/userspace/falco/app/actions/init_falco_engine.cpp index 54b10192..ac50ce35 100644 --- a/userspace/falco/app/actions/init_falco_engine.cpp +++ b/userspace/falco/app/actions/init_falco_engine.cpp @@ -120,6 +120,7 @@ falco::app::run_result falco::app::actions::init_falco_engine(falco::app::state& configure_output_format(s); s.engine->set_min_priority(s.config->m_min_priority); + s.engine->set_rule_matching(s.config->m_rule_matching); return run_result::ok(); } diff --git a/userspace/falco/configuration.cpp b/userspace/falco/configuration.cpp index 34157cc1..353f5b08 100644 --- a/userspace/falco/configuration.cpp +++ b/userspace/falco/configuration.cpp @@ -244,6 +244,12 @@ void falco_configuration::load_yaml(const std::string& config_name, const yaml_h m_notifications_rate = config.get_scalar("outputs.rate", 0); m_notifications_max_burst = config.get_scalar("outputs.max_burst", 1000); + std::string rule_matching = config.get_scalar("rule_matching", "first"); + if (!falco_common::parse_rule_matching(rule_matching, m_rule_matching)) + { + throw std::logic_error("Unknown rule matching strategy \"" + rule_matching + "\"--must be one of first, all"); + } + std::string priority = config.get_scalar("priority", "debug"); if (!falco_common::parse_priority(priority, m_min_priority)) { diff --git a/userspace/falco/configuration.h b/userspace/falco/configuration.h index 2b85ac34..1b3bf7f1 100644 --- a/userspace/falco/configuration.h +++ b/userspace/falco/configuration.h @@ -58,6 +58,7 @@ public: std::list m_loaded_rules_filenames; // List of loaded rule folders std::list m_loaded_rules_folders; + bool m_json_output; bool m_json_include_output_property; bool m_json_include_tags_property; @@ -67,6 +68,7 @@ public: uint32_t m_notifications_max_burst; falco_common::priority_type m_min_priority; + falco_common::rule_matching m_rule_matching; bool m_watch_config_files; bool m_buffered_outputs;