feat: support parsing of system environment variables in yaml #2562
Conversation
|
Welcome @therealdwright! It looks like this is your first PR to falcosecurity/falco 🎉 |
therealdwright
force-pushed
the
falco-config-yaml-env-var-support
branch
from
fafb60f
to
78b2efd
Compare
|
This is interesting! Thanks a lot. I'm gonna set this to the current release milestone just to not lose track of it, however keep in mind that we're very close to a Falco release and getting this into it will require a decision among the Falco maintainers and the release managers. /milestone 0.35.0 cc @falcosecurity/falco-maintainers |
|
I love this! 👍 from me for the 0.35 milestone. |
|
LGTM label has been added. Git tree hash: db4fea09ce034163dfa7815ec098655c97a36b58
|
There was a problem hiding this comment.
I love this feature. However, I would like more time for testing and thinking about corner cases. For example:
-
How can I escape from it if I wanted the literal
$SOMETHINGas a string (instead of the env var value)? 🤔 -
How this feature interact with the program_output which is a shell code? 🤔
-
Are any other possible side effects? 🤔
For the reasons above and since we are a few days from releasing Falco 0.35, I propose pushing this to Falco 0.36. Let's discuss it!
In most other applications, you would quote the string e.g.
The above response covers this somewhat, but I also tested the original behaviour and ran regression tests while developing the change. Does the regression suite cover such cases? In terms of timeline, I'll leave it to the maintainers, I selfishly want this sooner rather than later as not being able to define environment variables leads to one of two consequences for my organisation.
Neither of these are the direction we want to take, but if we have to, so be it. Edit: please let me know if you want additional unit testing to cover such cases, I would be happy to do so. |
AFAIK, no. The filebeat example is interesting. I have never used it so, but their docs report:
Anyway, I'm not saying this is necessarily an issue - I just don't know yet and I couldn't find enough time to iterate on that 😅
👍 I'm open to any decision, just the timeline is unfortunate. Let's see other maintainers' opinions.
Out of curiosity: have you ever tried using N.B. I'm not saying this is a clean solution. |
|
Let me know if you would like this PR extended to handle the special case scenario similarly to filebeat. I'm happy to update the PR.
I wasn't aware this was an option; I'll take a look tomorrow and give it a try. |
|
Unfortunately, moving forward with http_output configured as an option did the job of getting the config in but resulted in a new bug which has been raised as #2579 |
|
I'd move this to 0.36.0 since we have not reach an agreement for this to get merged in time for 0.35. /milestone 0.36.0 |
|
/hold |
therealdwright
force-pushed
the
falco-config-yaml-env-var-support
branch
5 times, most recently
from
c62db2f
to
13ab729
Compare
|
OK @Andreagit97 @leogr and @FedeDP This has taken me a bit to get around as I have not thought about or touched this codebase for three months, and each piece of feedback in isolation was reasonable, but there were some conflicts to resolve to appease it all. I think I have struck a good balance here.
I think I have adequately covered the various edge cases in the unit test, as I hope you can appreciate there are a lot of edge cases to check for here. Please re-review and let me know what you think. I would appreciate it if the team could come back to me soon as it's very hard to step away from this project and C++ for so long and be productive. If you would like me to write some user-facing docs, LMK, I'd be happy to do so. |
therealdwright
force-pushed
the
falco-config-yaml-env-var-support
branch
2 times, most recently
from
33e7c6f
to
4f2babc
Compare
Agree with the design, thanks! |
There was a problem hiding this comment.
LGTM! Agree with @Andreagit97 comments, then we are good to go!
Thanks for the effort @therealdwright !
+1 for me too! Thank you! |
therealdwright
force-pushed
the
falco-config-yaml-env-var-support
branch
from
4f2babc
to
396c53d
Compare
|
LGTM label has been added. Git tree hash: 304a49cfa14a173eb0e94edcbd448caf86039aae
|
therealdwright
force-pushed
the
falco-config-yaml-env-var-support
branch
from
396c53d
to
53d71a6
Compare
In order to allow the user to supply environment variables in standard
ways performed in other applications the get_scalar function has been
extended to support defining an environment variable in the format
`${FOO}`. Environment variables can be escaped via defining as `$${FOO}`.
As this handles some additional complexity, a unit test has been added
to cover this new functionality
Signed-off-by: Daniel Wright <danielwright@bitgo.com>
therealdwright
force-pushed
the
falco-config-yaml-env-var-support
branch
from
53d71a6
to
62a664b
Compare
|
For posterity, PR description and commit message body have been updated to reflect the new state of the change. |
|
[APPROVALNOTIFIER] This PR is APPROVED This pull-request has been approved by: Andreagit97, FedeDP, therealdwright The full list of commands accepted by this bot can be found here. The pull request process is described here
Needs approval from an approver in each of these files:
Approvers can indicate their approval by writing |
|
/unhold |
|
Let's go with this one! Again, thank you very much for your effort 🚀 |
What type of PR is this?
/kind feature
Any specific area of the project related to this PR?
/area engine
/area tests
What this PR does / why we need it:
In order to allow the user to supply environment variables in standard
ways performed in other applications the get_scalar function has been
extended to support defining an environment variable in the format
${FOO}. Environment variables can be escaped via defining as$${FOO}.As this handles some additional complexity, a unit test has been added
to cover this new functionality
Which issue(s) this PR fixes:
Fixes #2561
Special notes for your reviewer:
Does this PR introduce a user-facing change?: