Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Escaping quotes with sysdig_secure_list resource #29

Closed
heydonovan opened this issue May 12, 2020 · 3 comments
Closed

Escaping quotes with sysdig_secure_list resource #29

heydonovan opened this issue May 12, 2020 · 3 comments
Assignees
@tembleking

Comments

@heydonovan
Copy link

heydonovan commented May 12, 2020
edited
Loading 

resource "sysdig_secure_list" "company_trusted_host_processes" {
  name = "company_trusted_host_processes"
  items = [
    "\"12345.dkr.ecr.us-east-1.amazonaws.com/test123\"",
    "\"12345.dkr.ecr.us-east-1.amazonaws.com/test456\""
  ]
}

We have to escape the double-quotes to prevent syntax errors like this one:

 235: syntax error, unexpected 'dkr', expecting ')', ','

Which is fine, just makes it a bit more difficult to read.

Also, how does the sysdig_secure_rule_falco resource know to create the sysdig_secure_list resource before referencing it? For example:

resource "sysdig_secure_rule_falco" "company_container_whitelist" {
  name        = "company_container_whitelist"
  description = "..."
  tags        = local.tags
  condition   = "container and container_started and not container.image.repository in (company_trusted_host_processes)"
  output      = ":fire: Unapproved container launch occured\ncontainer.image.repository=%container.image.repository\nevt.type=%evt.type"
  priority    = "emergency"
  source      = "syscall"
}

I think there might be a race condition here. I don't think I can include the name of the list resource in the condition itself, since we need to evaluate the list in terraform first, and then pass the full condition to the sysdig api (if that makes sense).

We also ran into this exception a few times, but I've been unable to determine the exact reason:

sysdig_secure_list.company_trusted_host_processes: Creating...

Error: rpc error: code = Unavailable desc = transport is closing



Error: rpc error: code = Unavailable desc = transport is closing



Error: rpc error: code = Canceled desc = context canceled



Error: rpc error: code = Unavailable desc = transport is closing



Error: rpc error: code = Unavailable desc = transport is closing



Error: rpc error: code = Unavailable desc = transport is closing



Error: rpc error: code = Canceled desc = context canceled



Error: rpc error: code = Unavailable desc = transport is closing



Error: rpc error: code = Unavailable desc = transport is closing



Error: rpc error: code = Unavailable desc = transport is closing



Error: rpc error: code = Unavailable desc = transport is closing



Error: rpc error: code = Unavailable desc = transport is closing


Releasing state lock. This may take a few moments...

sysdig_secure_rule_falco.company_attach_exec_pod_known: Still creating... [20s elapsed]
sysdig_secure_rule_falco.company_attach_exec_pod_known: Still creating... [30s elapsed]
sysdig_secure_rule_falco.company_attach_exec_pod_known: Still creating... [40s elapsed]
sysdig_secure_rule_falco.company_attach_exec_pod_known: Still creating... [50s elapsed]

Error: 500 Server Error

  on lists.tf line 35, in resource "sysdig_secure_list" "company_trusted_images":
  35: resource "sysdig_secure_list" "company_trusted_images" {



Error: <html><body><h1>504 Gateway Time-out</h1>
The server didn't respond in time.
</body></html>
@tembleking
Copy link
Member

tembleking commented May 12, 2020
edited
Loading

Hi @heydonovan, thanks for your feedback.
I will look into the quoting problem, but I believe you can just type down the values without the double quotes as so:
https://github.com/draios/terraform-provider-sysdig/blob/7ea6a9d71f44923456b3e626ac5e24779eacdcf7/sysdig/resource_sysdig_secure_list_test.go#L59

About that question of the sysdig_secure_rule_falco referencing the sysdig_secure_list, you can do it without problems I guess, but instead of writing the name of the rule in plain text, use a reference to the resource. Take a look at this example in this test where a list is being referenced by a macro: https://github.com/draios/terraform-provider-sysdig/blob/7ea6a9d71f44923456b3e626ac5e24779eacdcf7/sysdig/resource_sysdig_secure_macro_test.go#L97

Terraform will create first the list and then the macro using the name of the list already created.

About those 500 errors, they look like connection problems, maybe in our side. If they happen again, please tell me again about it and I will take care of it. FYI the TF_LOG=DEBUG should be working now so you can check the API calls being sent back and forth, if you could attach them that'd be helpful.

@tembleking
Copy link
Member

Hello @heydonovan, did you manage to give a try to the comment I sent about referencing the List in a Falco Rule?

@ukitazume ukitazume mentioned this issue May 25, 2020
Closed
@tembleking
Copy link
Member

Hello @heydonovan, @ukitazume tried the Error: rpc error: code = Unavailable desc = transport is closing problem after this 290e398 commit and it seems like it's not happening anymore.
I will close this issue but feel free to open it again if you feel like it's not solved.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@tembleking tembleking

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@heydonovan @tembleking