From 3bd008175329354252a5a0c796e32a24931ddb76 Mon Sep 17 00:00:00 2001
From: Lorenzo David <lorenzo.david@sysdig.com>
Date: Wed, 5 Dec 2018 12:49:04 -0800
Subject: [PATCH] Implementing required gen_event virtual methods

As per https://github.com/draios/sysdig/pull/1275, the gen_event class
mandate the implementation of two new methods.

This change aims to simplify the implementation of a generic event
processing infrastructure, that could handle both sinsp and json
events.
---
 userspace/engine/json_evt.h | 14 +++++++++++++-
 1 file changed, 13 insertions(+), 1 deletion(-)

diff --git a/userspace/engine/json_evt.h b/userspace/engine/json_evt.h
index 524999a2..29a4779a 100644
--- a/userspace/engine/json_evt.h
+++ b/userspace/engine/json_evt.h
@@ -42,6 +42,17 @@ public:
 
 	uint64_t get_ts();
 
+	inline uint16_t get_source()
+	{
+		return ESRC_K8S_AUDIT;
+	}
+
+	inline uint16_t get_type()
+	{
+		// All k8s audit events have the single tag "1". - see falco_engine::process_k8s_audit_event
+		return 1;
+	}
+
 protected:
 	nlohmann::json m_jevt;
 
@@ -275,10 +286,11 @@ public:
 	std::string tostring(json_event *ev);
 	std::string tojson(json_event *ev);
 
+	void resolve_tokens(json_event *ev, std::list<std::pair<std::string,std::string>> &resolved);
+
 private:
 	void parse_format();
 
-	void resolve_tokens(json_event *ev, std::list<std::pair<std::string,std::string>> &resolved);
 
 	// A format token is either a combination of a filtercheck
 	// name (ka.value) and filtercheck object as key, or an empty