new(usersapce/falco): add an app option for dry-run

Signed-off-by: Jason Dellaluce <jasondellaluce@gmail.com>

userspace/falco/app/actions/create_signal_handlers.cpp

@@ -71,6 +71,12 @@ bool create_handler(int sig, void (*func)(int), run_result &ret)
 
 falco::app::run_result falco::app::actions::create_signal_handlers(falco::app::state& s)
 {
+	if (s.options.dry_run)
+	{
+		falco_logger::log(LOG_DEBUG, "Skipping signal handlers creation in dry-run\n");
+		return run_result::ok();
+	}
+
 	falco::app::g_terminate_signal.reset();
 	falco::app::g_restart_signal.reset();
 	falco::app::g_reopen_outputs_signal.reset();
@@ -96,6 +102,12 @@ falco::app::run_result falco::app::actions::create_signal_handlers(falco::app::s
 
 falco::app::run_result falco::app::actions::attach_inotify_signals(falco::app::state& s)
 {
+	if (s.options.dry_run)
+	{
+		falco_logger::log(LOG_DEBUG, "Skipping attaching inotify signals in dry-run\n");
+		return run_result::ok();
+	}
+
     if (s.config->m_watch_config_files)
 	{
 		inot_fd = inotify_init();
@@ -167,6 +179,12 @@ falco::app::run_result falco::app::actions::attach_inotify_signals(falco::app::s
 
 falco::app::run_result falco::app::actions::unregister_signal_handlers(falco::app::state& s)
 {
+	if (s.options.dry_run)
+	{
+		falco_logger::log(LOG_DEBUG, "Skipping unregistering signal handlers in dry-run\n");
+		return run_result::ok();
+	}
+
 	run_result ret;
 	close(inot_fd);
 	if(! create_handler(SIGINT, SIG_DFL, ret) ||

userspace/falco/app/actions/daemonize.cpp

@@ -27,6 +27,12 @@ static bool s_daemonized = false;
 
 falco::app::run_result falco::app::actions::daemonize(falco::app::state& s)
 {
+	if (s.options.dry_run)
+	{
+		falco_logger::log(LOG_DEBUG, "Skipping daemonizing in dry-run\n");
+		return run_result::ok();
+	}
+
 	// If daemonizing, do it here so any init errors will
 	// be returned in the foreground process.
 	if (s.options.daemon && !s_daemonized) {

userspace/falco/app/actions/init_clients.cpp

@@ -35,6 +35,12 @@ falco::app::run_result falco::app::actions::init_clients(falco::app::state& s)
 	falco_logger::log(LOG_DEBUG, "Setting metadata download watch frequency to " + std::to_string(s.config->m_metadata_download_watch_freq_sec) + " seconds\n");
 	inspector->set_metadata_download_params(s.config->m_metadata_download_max_mb * 1024 * 1024, s.config->m_metadata_download_chunk_wait_us, s.config->m_metadata_download_watch_freq_sec);
 
+	if (s.options.dry_run)
+	{
+		falco_logger::log(LOG_DEBUG, "Skipping clients initialization in dry-run\n");
+		return run_result::ok();
+	}
+
 	//
 	// Run k8s, if required
 	//

userspace/falco/app/actions/init_outputs.cpp

@@ -49,6 +49,12 @@ falco::app::run_result falco::app::actions::init_outputs(falco::app::state& s)
 		hostname = c_hostname;
 	}
 
+	if (s.options.dry_run)
+	{
+		falco_logger::log(LOG_DEBUG, "Skipping daemonizing in dry-run\n");
+		return run_result::ok();
+	}
+
 	s.outputs.reset(new falco_outputs(
 		s.engine,
 		s.config->m_outputs,

userspace/falco/app/actions/process_events.cpp

@@ -410,6 +410,12 @@ falco::app::run_result falco::app::actions::process_events(falco::app::state& s)
 	// Initialize stats writer
 	auto statsw = init_stats_writer(s.options);
 
+	if (s.options.dry_run)
+	{
+		falco_logger::log(LOG_DEBUG, "Skipping event processing in dry-run\n");
+		return run_result::ok();
+	}
+
 	// Start processing events
 	if(s.is_capture_mode())
 	{

userspace/falco/app/actions/start_grpc_server.cpp

@@ -29,6 +29,12 @@ falco::app::run_result falco::app::actions::start_grpc_server(falco::app::state&
 	// gRPC server
 	if(s.config->m_grpc_enabled)
 	{
+		if (s.options.dry_run)
+		{
+			falco_logger::log(LOG_DEBUG, "Skipping starting gRPC server in dry-run\n");
+			return run_result::ok();
+		}
+
 		falco_logger::log(LOG_INFO, "gRPC server threadiness equals to " + std::to_string(s.config->m_grpc_threadiness) + "\n");
 		// TODO(fntlnz,leodido): when we want to spawn multiple threads we need to have a queue per thread, or implement
 		// different queuing mechanisms, round robin, fanout? What we want to achieve?
@@ -51,10 +57,19 @@ falco::app::run_result falco::app::actions::start_grpc_server(falco::app::state&
 falco::app::run_result falco::app::actions::stop_grpc_server(falco::app::state& s)
 {
 #ifndef MINIMAL_BUILD
-	if(s.grpc_server_thread.joinable())
+	if(s.config->m_grpc_enabled)
 	{
-		s.grpc_server.shutdown();
-		s.grpc_server_thread.join();
+		if (s.options.dry_run)
+		{
+			falco_logger::log(LOG_DEBUG, "Skipping stopping gRPC server in dry-run\n");
+			return run_result::ok();
+		}
+
+		if(s.grpc_server_thread.joinable())
+		{
+			s.grpc_server.shutdown();
+			s.grpc_server_thread.join();
+		}
 	}
 #endif
 	return run_result::ok();

userspace/falco/app/actions/start_webserver.cpp

@@ -28,6 +28,12 @@ falco::app::run_result falco::app::actions::start_webserver(falco::app::state& s
 #ifndef MINIMAL_BUILD
 	if(!s.is_capture_mode() && s.config->m_webserver_enabled)
 	{
+		if (s.options.dry_run)
+		{
+			falco_logger::log(LOG_DEBUG, "Skipping starting webserver in dry-run\n");
+			return run_result::ok();
+		}
+	
 		std::string ssl_option = (s.config->m_webserver_ssl_enabled ? " (SSL)" : "");
 		falco_logger::log(LOG_INFO, "Starting health webserver with threadiness "
 			+ std::to_string(s.config->m_webserver_threadiness)
@@ -50,8 +56,14 @@ falco::app::run_result falco::app::actions::start_webserver(falco::app::state& s
 falco::app::run_result falco::app::actions::stop_webserver(falco::app::state& s)
 {
 #ifndef MINIMAL_BUILD
-	if(!s.is_capture_mode())
+	if(!s.is_capture_mode() && s.config->m_webserver_enabled)
 	{
+		if (s.options.dry_run)
+		{
+			falco_logger::log(LOG_DEBUG, "Skipping stopping webserver in dry-run\n");
+			return run_result::ok();
+		}
+
 		s.webserver.stop();
 	}
 #endif

userspace/falco/app/options.cpp

@@ -165,6 +165,7 @@ void options::define()
 		("d,daemon",                      "Run as a daemon.", cxxopts::value(daemon)->default_value("false"))
 		("disable-cri-async",             "Disable asynchronous CRI metadata fetching. This is useful to let the input event wait for the container metadata fetch to finish before moving forward. Async fetching, in some environments leads to empty fields for container metadata when the fetch is not fast enough to be completed asynchronously. This can have a performance penalty on your environment depending on the number of containers and the frequency at which they are created/started/stopped.", cxxopts::value(disable_cri_async)->default_value("false"))
 		("disable-source",                "Disable a specific event source. By default, all loaded sources get enabled. Available sources are 'syscall' and all sources defined by loaded plugins supporting the event sourcing capability. This option can be passed multiple times. This has no offect when reading events from a trace file. Can not disable all event sources. Can not be mixed with --enable-source.", cxxopts::value(disable_sources), "<event_source>")
+		("dry-run",                       "Run Falco without proceesing events. Can be useful for checking that the configuration and rules do not have any errors.", cxxopts::value(dry_run)->default_value("false"))
 		("D",                             "Disable any rules with names having the substring <substring>. This option can be passed multiple times. Can not be mixed with -t.", cxxopts::value(disabled_rule_substrings), "<substring>")
 		("e",                             "Read the events from a trace file <events_file> in .scap format instead of tapping into live.", cxxopts::value(trace_filename), "<events_file>")
 		("enable-source",                 "Enable a specific event source. If used, all loaded sources get disabled by default and only the ones passed with this option get enabled. Available sources are 'syscall' and all sources defined by loaded plugins supporting the event sourcing capability. This option can be passed multiple times. This has no offect when reading events from a trace file. Can not be mixed with --disable-source.", cxxopts::value(enable_sources), "<event_source>")

userspace/falco/app/options.h

@@ -84,6 +84,7 @@ public:
 	bool print_version_info;
 	bool print_page_size;
 	bool modern_bpf;
+	bool dry_run;
 
 	bool parse(int argc, char **argv, std::string &errstr);