Add compat old k8s filter fields #893
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
As a part of the changes in #826, we added several breaking changes to rules files like renaming/removing some filter fields. This isn't ideal for customers who are using their own rules files. We shouldn't break older rules files in this way, so add some minimal backwards compatibility which adds back the fields that were removed *and* actually used in k8s_audit_rules.yaml. They have the same functionality as before. One exception is ka.req.binding.subject.has_name, which was only used in a single output field for debugging and shouldn't have been in the rules file in the first place. This always returns the string "N/A". Signed-off-by: Mark Stemm <mark.stemm@gmail.com>
Add tests that verify that this falco is backwards compatible with the v4 k8s audit rules file. It includes tests for: - checking images by repository/image: ka.req.container.image/ka.req.container.image.repository - checking privileged status of any container in a pod: ka.req.container.privileged - checking host_network: ka.req.container.host_network The tests were copied from the v5 versions of the tests, when necessary adding back v4-compatible versions of macros like allowed_k8s_containers. Signed-off-by: Mark Stemm <mark.stemm@gmail.com>
mstemm
force-pushed
the
add-compat-old-k8s-filter-fields
branch
from
09ec86c
to
cab71eb
Compare
fntlnz
approved these changes
Oct 20, 2019
|
LGTM label has been added. Git tree hash: 928c5565de658712e9ff11b8ea7d18aef7bd2098
|
|
[APPROVALNOTIFIER] This PR is APPROVED This pull-request has been approved by: fntlnz The full list of commands accepted by this bot can be found here. The pull request process is described here
Needs approval from an approver in each of these files:
Approvers can indicate their approval by writing |
|
Thanks for fixing this @mstemm |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
What type of PR is this?
/kind bug
Any specific area of the project related to this PR?
/area engine
/area tests
What this PR does / why we need it:
Which issue(s) this PR fixes:
Fixes #
Special notes for your reviewer:
Does this PR introduce a user-facing change?: