github/falco
1
0
Fork 0
mirror of https://github.com/falcosecurity/falco.git synced 2025-07-07 11:49:07 +00:00
Code Issues Projects Releases Wiki Activity

new(userspace/falco): read all the gRPC server configs

Browse Source 
Signed-off-by: Leonardo Di Donato <leodidonato@gmail.com>
This commit is contained in:
Leonardo Di Donato 2019-09-16 05:31:33 +00:00 committed by Leo Di Donato
parent bc42c075cb
commit 6e2de3ce93
2 changed files with 80 additions and 61 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

30
userspace/falco/configuration.cpp
View File

@ -29,8 +29,8 @@ limitations under the License.
using namespace std; using namespace std;
falco_configuration::falco_configuration() falco_configuration::falco_configuration():
: m_buffered_outputs(false), m_buffered_outputs(false),
m_time_format_iso_8601(false), m_time_format_iso_8601(false),
m_webserver_enabled(false), m_webserver_enabled(false),
m_webserver_listen_port(8765), m_webserver_listen_port(8765),
@ -148,11 +148,20 @@ void falco_configuration::init(string conf_filename, list<string> &cmdline_optio
m_outputs.push_back(http_output); m_outputs.push_back(http_output);
} }
m_grpc_enabled = m_config->get_scalar<bool>("grpc", "enabled", false);
m_grpc_bind_address = m_config->get_scalar<string>("grpc", "bind_address", "0.0.0.0:5060");
m_grpc_threadiness = m_config->get_scalar<uint32_t>("grpc", "threadiness", 8);
// todo(fntlnz,leodido) > chose correct paths
m_grpc_private_key = m_config->get_scalar<string>("grpc", "private_key", "");
m_grpc_cert_chain = m_config->get_scalar<string>("grpc", "cert_chain", "");
m_grpc_root_certs = m_config->get_scalar<string>("grpc", "root_certs", "");
falco_outputs::output_config grpc_output; falco_outputs::output_config grpc_output;
grpc_output.name = "grpc"; grpc_output.name = "grpc";
if(m_config->get_scalar<bool>("grpc_output", "enabled", false)) // gRPC output is enabled only if gRPC server is enabled too
if(m_config->get_scalar<bool>("grpc_output", "enabled", false) && m_grpc_enabled)
{ {
// todo > grpc_output is enabled but we should constraint it to the grpc server being enabled too // todo >
m_outputs.push_back(grpc_output); m_outputs.push_back(grpc_output);
} }
@ -299,7 +308,8 @@ static bool split(const string &str, char delim, pair<string,string> &parts)
{ {
size_t pos; size_t pos;
if ((pos = str.find_first_of(delim)) == string::npos) { if((pos = str.find_first_of(delim)) == string::npos)
{
return false; return false;
} }
parts.first = str.substr(0, pos); parts.first = str.substr(0, pos);
@ -321,13 +331,17 @@ void falco_configuration::set_cmdline_option(const string &opt)
pair<string, string> keyval; pair<string, string> keyval;
pair<string, string> subkey; pair<string, string> subkey;
if (! split(opt, '=', keyval)) { if(!split(opt, '=', keyval))
{
throw invalid_argument("Error parsing config option \"" + opt + "\". Must be of the form key=val or key.subkey=val"); throw invalid_argument("Error parsing config option \"" + opt + "\". Must be of the form key=val or key.subkey=val");
} }
if (split(keyval.first, '.', subkey)) { if(split(keyval.first, '.', subkey))
{
m_config->set_scalar(subkey.first, subkey.second, keyval.second); m_config->set_scalar(subkey.first, subkey.second, keyval.second);
} else { }
else
{
m_config->set_scalar(keyval.first, keyval.second); m_config->set_scalar(keyval.first, keyval.second);
} }
} }

13
userspace/falco/configuration.h
View File

@ -70,7 +70,8 @@ public:
{ {
return node.as<T>(); return node.as<T>();
} }
} catch (const YAML::BadConversion& ex) }
catch(const YAML::BadConversion& ex)
{ {
std::cerr << "Cannot read config file (" + m_path + "): wrong type at key " + key + "\n"; std::cerr << "Cannot read config file (" + m_path + "): wrong type at key " + key + "\n";
throw; throw;
@ -183,7 +184,6 @@ private:
YAML::Node m_root; YAML::Node m_root;
}; };
class falco_configuration class falco_configuration
{ {
public: public:
@ -207,6 +207,13 @@ class falco_configuration
bool m_buffered_outputs; bool m_buffered_outputs;
bool m_time_format_iso_8601; bool m_time_format_iso_8601;
bool m_grpc_enabled;
int m_grpc_threadiness;
std::string m_grpc_bind_address;
std::string m_grpc_private_key;
std::string m_grpc_cert_chain;
std::string m_grpc_root_certs;
bool m_webserver_enabled; bool m_webserver_enabled;
uint32_t m_webserver_listen_port; uint32_t m_webserver_listen_port;
std::string m_webserver_k8s_audit_endpoint; std::string m_webserver_k8s_audit_endpoint;
@ -219,7 +226,6 @@ class falco_configuration
// Only used for testing // Only used for testing
bool m_syscall_evt_simulate_drops; bool m_syscall_evt_simulate_drops;
private: private:
void init_cmdline_options(std::list<std::string>& cmdline_options); void init_cmdline_options(std::list<std::string>& cmdline_options);
@ -233,4 +239,3 @@ class falco_configuration
yaml_configuration* m_config; yaml_configuration* m_config;
}; };