Refactor integration images

.circleci/config.yml

@@ -21,13 +21,13 @@ jobs:
             cmake ..
             popd
       - run:
-          name: build
+          name: Build
           command: |
             pushd build
             make -j4 all
             popd
       - run:
-          name: run unit tests
+          name: Run unit tests
           command: |
             pushd build
             make tests

docker/tester/root/runners/deb.Dockerfile

@@ -0,0 +1,21 @@
+FROM ubuntu:18.04
+LABEL maintainer="opensource@sysdig.com"
+
+ARG FALCO_VERSION=
+RUN test -n FALCO_VERSION
+ENV FALCO_VERSION ${FALCO_VERSION}
+
+RUN apt update -y
+RUN apt install dkms libyaml-0-2 -y
+
+ADD falco-${FALCO_VERSION}-x86_64.deb /
+RUN dpkg -i /falco-${FALCO_VERSION}-x86_64.deb
+
+# Change the falco config within the container to enable ISO 8601 output.
+RUN sed -e 's/time_format_iso_8601: false/time_format_iso_8601: true/' < /etc/falco/falco.yaml > /etc/falco/falco.yaml.new \
+    && mv /etc/falco/falco.yaml.new /etc/falco/falco.yaml
+
+COPY rules/*.yaml /rules/
+COPY trace_files/*.scap /traces/
+
+CMD ["/usr/bin/falco"]

docker/tester/root/runners/rpm.Dockerfile

@@ -0,0 +1,22 @@
+FROM centos:7
+
+LABEL maintainer="opensource@sysdig.com"
+
+ARG FALCO_VERSION=
+RUN test -n FALCO_VERSION
+ENV FALCO_VERSION ${FALCO_VERSION}
+
+RUN yum update -y
+RUN yum install epel-release -y
+
+ADD falco-${FALCO_VERSION}-x86_64.rpm /
+RUN yum install -y /falco-${FALCO_VERSION}-x86_64.rpm
+
+# Change the falco config within the container to enable ISO 8601 output.
+RUN sed -e 's/time_format_iso_8601: false/time_format_iso_8601: true/' < /etc/falco/falco.yaml > /etc/falco/falco.yaml.new \
+    && mv /etc/falco/falco.yaml.new /etc/falco/falco.yaml
+
+COPY rules/*.yaml /rules/
+COPY trace_files/*.scap /traces/
+
+CMD ["/usr/bin/falco"]

docker/tester/root/usr/bin/entrypoint

@@ -7,7 +7,7 @@ BUILD_DIR=/build
 CMD=${1:-test}
 shift
 
-# Build type can be "debug" or "release", fallbacks to "release" by default
+# build type can be "debug" or "release", fallbacks to "release" by default
 BUILD_TYPE=$(echo "$BUILD_TYPE" | tr "[:upper:]" "[:lower:]")
 case "$BUILD_TYPE" in
 "debug")
@@ -17,40 +17,62 @@ case "$BUILD_TYPE" in
     ;;
 esac
 
-case "$CMD" in
-"test")
-    if [ ! -d "$BUILD_DIR/$BUILD_TYPE/docker/local" ]; then
-        echo "Missing $BUILD_DIR/$BUILD_TYPE/docker/local directory." >&2
+build_image() {
+    BUILD_DIR=$1
+    BUILD_TYPE=$2
+    FALCO_VERSION=$3
+    PACKAGE_TYPE=$4
+    PACKAGE="$BUILD_DIR/$BUILD_TYPE/falco-$FALCO_VERSION-x86_64.${PACKAGE_TYPE}"
+    if [ ! -f "$PACKAGE" ]; then
+        echo "Package not found: ${PACKAGE}." >&2
         exit 1
     fi
+    DOCKER_IMAGE_NAME="falcosecurity/falco:test-${PACKAGE_TYPE}"
+    echo "Building local docker image $DOCKER_IMAGE_NAME from latest ${PACKAGE_TYPE} package..."
+
+    mkdir -p /runner-rootfs
+    cp "$PACKAGE" /runner-rootfs
+    cp -R "$SOURCE_DIR/falco/test/rules" /runner-rootfs
+    cp -R "$SOURCE_DIR/falco/test/trace_files" /runner-rootfs
+    docker build -f "/runners/$PACKAGE_TYPE.Dockerfile" --build-arg FALCO_VERSION="$FALCO_VERSION" -t "$DOCKER_IMAGE_NAME" /runner-rootfs
+}
+
+clean_image() {
+    PACKAGE_TYPE=$1
+    DOCKER_IMAGE_NAME="falcosecurity/falco:test-${PACKAGE_TYPE}"
+    docker rmi -f "$DOCKER_IMAGE_NAME"
+}
+
+case "$CMD" in
+"test")
     if [ -z "$FALCO_VERSION" ]; then
         echo "Automatically figuring out Falco version."
-        FALCO_VERSION=$($BUILD_DIR/$BUILD_TYPE/userspace/falco/falco --version | cut -d' ' -f3 | tr -d '\r')
+        FALCO_VERSION=$("$BUILD_DIR/$BUILD_TYPE/userspace/falco/falco" --version | cut -d' ' -f3 | tr -d '\r')
+        echo "Falco version: $FALCO_VERSION"
     fi
     if [ -z "$FALCO_VERSION" ]; then
         echo "Falco version cannot be guessed, please provide it with the FALCO_VERSION environment variable." >&2
         exit 1
     fi
-    PACKAGE="$BUILD_DIR/$BUILD_TYPE/falco-$FALCO_VERSION-x86_64.deb"
-    if [ ! -f "$PACKAGE" ]; then
-        echo "Package(s) not found." >&2
-        exit 1
-    fi
-    DOCKER_IMAGE_NAME="falcosecurity/falco:test"
-    echo "Building local docker image $DOCKER_IMAGE_NAME from latest debian package..."
-    cp "$PACKAGE" $BUILD_DIR/$BUILD_TYPE/docker/local
-    cd $BUILD_DIR/$BUILD_TYPE/docker/local
-    docker build --build-arg FALCO_VERSION="$FALCO_VERSION" -t "$DOCKER_IMAGE_NAME" .
 
-    # Check that source directory contains Falco and sysdig
+    # build docker images
+    build_image "$BUILD_DIR" "$BUILD_TYPE" "$FALCO_VERSION" "deb"
+    build_image "$BUILD_DIR" "$BUILD_TYPE" "$FALCO_VERSION" "rpm"
+
+    # check that source directory contains Falco
     if [ ! -d "$SOURCE_DIR/falco/test" ]; then
         echo "Missing $SOURCE_DIR/falco/test directory." >&2
         exit 1
     fi
+
+    # run tests
     echo "Running regression tests ..."
-    cd $SOURCE_DIR/falco/test
-    ./run_regression_tests.sh $BUILD_DIR/$BUILD_TYPE
-    docker rmi "$DOCKER_IMAGE_NAME" || true
+    cd "$SOURCE_DIR/falco/test"
+    ./run_regression_tests.sh "$BUILD_DIR/$BUILD_TYPE"
+
+    # clean docker images
+    clean_image "deb"
+    clean_image "rpm"
     ;;
 "bash")
     CMD=/bin/bash

test/falco_test.py

@@ -333,14 +333,11 @@ def install_package(self):
             # doesn't have an -i equivalent.
             res = process.run("docker rm falco-test", ignore_status=True)
 
-            rules_dir = os.path.abspath(os.path.join(self.basedir, "./rules"))
-            conf_dir = os.path.abspath(os.path.join(self.basedir, "../"))
-            traces_dir = os.path.abspath(os.path.join(self.basedir, "./trace_files"))
             self.falco_binary_path = "docker run --rm --name falco-test --privileged " \
                                      "-v /var/run/docker.sock:/host/var/run/docker.sock " \
                                      "-v /dev:/host/dev -v /proc:/host/proc:ro -v /boot:/host/boot:ro " \
-                                     "-v /lib/modules:/host/lib/modules:ro -v {}:/root/.sysdig:ro -v " \
-                                     "/usr:/host/usr:ro {} {} falco".format(
+                                     "-v /lib/modules:/host/lib/modules:ro -v {}:/root/.sysdig:ro " \
+                                     "-v /usr:/host/usr:ro {} {} falco".format(
                                          self.module_dir, self.addl_docker_run_args, image)
 
         elif self.package.endswith(".deb"):

test/falco_tests_package.yaml

@@ -16,18 +16,18 @@
 #
 trace_files: !mux
 
-  docker_package:
-    package: docker:falcosecurity/falco:test
+  docker_deb_package:
+    package: docker:falcosecurity/falco:test-deb
     detect: True
     detect_level: WARNING
     rules_file: /rules/rule_names_with_spaces.yaml
     trace_file: /traces/cat_write.scap
     conf_file: /etc/falco/falco.yaml
 
-  centos_package:
-    package: falco*.rpm
+  docker_rpm_package:
+    package: docker:falcosecurity/falco:test-rpm
     detect: True
     detect_level: WARNING
-    rules_file:
-      - rules/rule_names_with_spaces.yaml
-    trace_file: trace_files/cat_write.scap
+    rules_file: /rules/rule_names_with_spaces.yaml
+    trace_file: /traces/cat_write.scap
+    conf_file: /etc/falco/falco.yaml