pkg/csconfig: use yaml.v3; deprecate yaml.v2 for new code

.golangci.yml

@@ -72,6 +72,56 @@ linters-settings:
         deny:
           - pkg: "github.com/pkg/errors"
             desc: "errors.Wrap() is deprecated in favor of fmt.Errorf()"
+      yaml:
+        files:
+          - "!**/cmd/crowdsec-cli/alerts.go"
+          - "!**/cmd/crowdsec-cli/capi.go"
+          - "!**/cmd/crowdsec-cli/config_show.go"
+          - "!**/cmd/crowdsec-cli/hubtest.go"
+          - "!**/cmd/crowdsec-cli/lapi.go"
+          - "!**/cmd/crowdsec-cli/simulation.go"
+          - "!**/cmd/crowdsec/crowdsec.go"
+          - "!**/cmd/notification-dummy/main.go"
+          - "!**/cmd/notification-email/main.go"
+          - "!**/cmd/notification-http/main.go"
+          - "!**/cmd/notification-slack/main.go"
+          - "!**/cmd/notification-splunk/main.go"
+          - "!**/pkg/acquisition/acquisition.go"
+          - "!**/pkg/acquisition/acquisition_test.go"
+          - "!**/pkg/acquisition/modules/appsec/appsec.go"
+          - "!**/pkg/acquisition/modules/cloudwatch/cloudwatch.go"
+          - "!**/pkg/acquisition/modules/docker/docker.go"
+          - "!**/pkg/acquisition/modules/file/file.go"
+          - "!**/pkg/acquisition/modules/journalctl/journalctl.go"
+          - "!**/pkg/acquisition/modules/kafka/kafka.go"
+          - "!**/pkg/acquisition/modules/kinesis/kinesis.go"
+          - "!**/pkg/acquisition/modules/kubernetesaudit/k8s_audit.go"
+          - "!**/pkg/acquisition/modules/loki/loki.go"
+          - "!**/pkg/acquisition/modules/loki/timestamp_test.go"
+          - "!**/pkg/acquisition/modules/s3/s3.go"
+          - "!**/pkg/acquisition/modules/syslog/syslog.go"
+          - "!**/pkg/acquisition/modules/wineventlog/wineventlog_windows.go"
+          - "!**/pkg/appsec/appsec.go"
+          - "!**/pkg/appsec/loader.go"
+          - "!**/pkg/csplugin/broker.go"
+          - "!**/pkg/csplugin/broker_test.go"
+          - "!**/pkg/dumps/bucker_dump.go"
+          - "!**/pkg/dumps/bucket_dump.go"
+          - "!**/pkg/dumps/parser_dump.go"
+          - "!**/pkg/hubtest/coverage.go"
+          - "!**/pkg/hubtest/hubtest_item.go"
+          - "!**/pkg/hubtest/parser_assert.go"
+          - "!**/pkg/hubtest/scenario_assert.go"
+          - "!**/pkg/leakybucket/buckets_test.go"
+          - "!**/pkg/leakybucket/manager_load.go"
+          - "!**/pkg/metabase/metabase.go"
+          - "!**/pkg/parser/node.go"
+          - "!**/pkg/parser/node_test.go"
+          - "!**/pkg/parser/parsing_test.go"
+          - "!**/pkg/parser/stage.go"
+        deny:
+          - pkg: "gopkg.in/yaml.v2"
+            desc: "yaml.v2 is deprecated for new code in favor of yaml.v3"
 
   wsl:
     # Allow blocks to end with comments

pkg/csconfig/api.go

@@ -1,6 +1,7 @@
 package csconfig
 
 import (
+	"bytes"
 	"crypto/tls"
 	"crypto/x509"
 	"errors"
@@ -12,7 +13,7 @@
 	"time"
 
 	log "github.com/sirupsen/logrus"
-	"gopkg.in/yaml.v2"
+	"gopkg.in/yaml.v3"
 
 	"github.com/crowdsecurity/go-cs-lib/ptr"
 	"github.com/crowdsecurity/go-cs-lib/yamlpatch"
@@ -92,9 +93,14 @@
 		return err
 	}
 
-	err = yaml.UnmarshalStrict(fcontent, o.Credentials)
+	dec := yaml.NewDecoder(bytes.NewReader(fcontent))
+	dec.KnownFields(true)
+
+	err = dec.Decode(o.Credentials)
 	if err != nil {
-		return fmt.Errorf("failed unmarshaling api server credentials configuration file '%s': %w", o.CredentialsFilePath, err)
+		if !errors.Is(err, io.EOF) {
+			return fmt.Errorf("failed unmarshaling api server credentials configuration file '%s': %w", o.CredentialsFilePath, err)
+		}
 	}
 
 	switch {
@@ -120,9 +126,14 @@
 		return err
 	}
 
-	err = yaml.UnmarshalStrict(fcontent, &l.Credentials)
+	dec := yaml.NewDecoder(bytes.NewReader(fcontent))
+	dec.KnownFields(true)
+
+	err = dec.Decode(&l.Credentials)
 	if err != nil {
-		return fmt.Errorf("failed unmarshaling api client credential configuration file '%s': %w", l.CredentialsFilePath, err)
+		if !errors.Is(err, io.EOF) {
+			return fmt.Errorf("failed unmarshaling api client credential configuration file '%s': %w", l.CredentialsFilePath, err)
+		}
 	}
 
 	if l.Credentials == nil || l.Credentials.URL == "" {

pkg/csconfig/api_test.go

@@ -9,7 +9,7 @@ import (
 	log "github.com/sirupsen/logrus"
 	"github.com/stretchr/testify/assert"
 	"github.com/stretchr/testify/require"
-	"gopkg.in/yaml.v2"
+	"gopkg.in/yaml.v3"
 
 	"github.com/crowdsecurity/go-cs-lib/cstest"
 	"github.com/crowdsecurity/go-cs-lib/ptr"
@@ -147,7 +147,11 @@ func TestLoadAPIServer(t *testing.T) {
 	require.NoError(t, err)
 
 	configData := os.ExpandEnv(string(fcontent))
-	err = yaml.UnmarshalStrict([]byte(configData), &config)
+
+	dec := yaml.NewDecoder(strings.NewReader(configData))
+	dec.KnownFields(true)
+
+	err = dec.Decode(&config)
 	require.NoError(t, err)
 
 	tests := []struct {

pkg/csconfig/config.go

@@ -3,12 +3,15 @@
 package csconfig
 
 import (
+	"errors"
 	"fmt"
+	"io"
 	"os"
 	"path/filepath"
+	"strings"
 
 	log "github.com/sirupsen/logrus"
-	"gopkg.in/yaml.v2"
+	"gopkg.in/yaml.v3"
 
 	"github.com/crowdsecurity/go-cs-lib/csstring"
 	"github.com/crowdsecurity/go-cs-lib/ptr"
@@ -57,10 +60,15 @@ func NewConfig(configFile string, disableAgent bool, disableAPI bool, inCli bool
 		DisableAPI:   disableAPI,
 	}
 
-	err = yaml.UnmarshalStrict([]byte(configData), &cfg)
+	dec := yaml.NewDecoder(strings.NewReader(configData))
+	dec.KnownFields(true)
+
+	err = dec.Decode(&cfg)
 	if err != nil {
-		// this is actually the "merged" yaml
-		return nil, "", fmt.Errorf("%s: %w", configFile, err)
+		if !errors.Is(err, io.EOF) {
+			// this is actually the "merged" yaml
+			return nil, "", fmt.Errorf("%s: %w", configFile, err)
+		}
 	}
 
 	if cfg.Prometheus == nil {

pkg/csconfig/config_test.go

@@ -5,7 +5,7 @@ import (
 
 	"github.com/stretchr/testify/assert"
 	"github.com/stretchr/testify/require"
-	"gopkg.in/yaml.v2"
+	"gopkg.in/yaml.v3"
 
 	"github.com/crowdsecurity/go-cs-lib/cstest"
 )

pkg/csconfig/console.go

@@ -5,7 +5,7 @@ import (
 	"os"
 
 	log "github.com/sirupsen/logrus"
-	"gopkg.in/yaml.v2"
+	"gopkg.in/yaml.v3"
 
 	"github.com/crowdsecurity/go-cs-lib/ptr"
 )

pkg/csconfig/crowdsec_service.go

@@ -6,7 +6,7 @@ import (
 	"path/filepath"
 
 	log "github.com/sirupsen/logrus"
-	"gopkg.in/yaml.v2"
+	"gopkg.in/yaml.v3"
 
 	"github.com/crowdsecurity/go-cs-lib/ptr"
 )

pkg/csconfig/database.go

@@ -45,6 +45,7 @@ type AuthGCCfg struct {
 
 type FlushDBCfg struct {
 	MaxItems   *int       `yaml:"max_items,omitempty"`
+	// We could unmarshal as time.Duration, but alert filters right now are a map of strings
 	MaxAge     *string    `yaml:"max_age,omitempty"`
 	BouncersGC *AuthGCCfg `yaml:"bouncers_autodelete,omitempty"`
 	AgentsGC   *AuthGCCfg `yaml:"agents_autodelete,omitempty"`

pkg/csconfig/profiles.go

@@ -6,7 +6,7 @@ import (
 	"fmt"
 	"io"
 
-	"gopkg.in/yaml.v2"
+	"gopkg.in/yaml.v3"
 
 	"github.com/crowdsecurity/go-cs-lib/yamlpatch"
 
@@ -45,7 +45,7 @@ func (c *LocalApiServerCfg) LoadProfiles() error {
 	reader := bytes.NewReader(fcontent)
 
 	dec := yaml.NewDecoder(reader)
-	dec.SetStrict(true)
+	dec.KnownFields(true)
 	for {
 		t := ProfileCfg{}
 		err = dec.Decode(&t)

pkg/csconfig/simulation.go

@@ -1,10 +1,13 @@
 package csconfig
 
 import (
+	"bytes"
+	"errors"
 	"fmt"
+	"io"
 	"path/filepath"
 
-	"gopkg.in/yaml.v2"
+	"gopkg.in/yaml.v3"
 
 	"github.com/crowdsecurity/go-cs-lib/yamlpatch"
 )
@@ -40,8 +43,12 @@
 	if err != nil {
 		return err
 	}
-	if err := yaml.UnmarshalStrict(rcfg, &simCfg); err != nil {
-		return fmt.Errorf("while unmarshaling simulation file '%s' : %s", c.ConfigPaths.SimulationFilePath, err)
+	dec := yaml.NewDecoder(bytes.NewReader(rcfg))
+	dec.KnownFields(true)
+	if err := dec.Decode(&simCfg); err != nil {
+		if !errors.Is(err, io.EOF) {
+			return fmt.Errorf("while unmarshaling simulation file '%s' : %s", c.ConfigPaths.SimulationFilePath, err)
+		}
 	}
 	if simCfg.Simulation == nil {
 		simCfg.Simulation = new(bool)