Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

vote: Add AKS audit logs plugin #551

Merged
merged 8 commits into from
Jan 7, 2025
Merged

vote: Add AKS audit logs plugin #551

merged 8 commits into from
Jan 7, 2025

Conversation

IgorEulalio
Copy link
Contributor

@IgorEulalio IgorEulalio commented Dec 16, 2024
edited by leogr
Loading

/kind feature

/area plugins

What this PR does / why we need it:
That PR aims to add support for ingesting Azure AKS audit logs plugins and stream them to k8s_audit plugin.

Fixes #243
Fixes #368

@leogr
Copy link
Member

leogr commented Dec 16, 2024

cc @tspearconquest @alfredomagallon 🥳

@IgorEulalio IgorEulalio force-pushed the main branch 3 times, most recently from 118f1c6 to 345e7bd Compare December 16, 2024 16:51
@github-actions GitHub Actions
Copy link

Rules files suggestions

@github-actions GitHub Actions
Copy link

Rules files suggestions

@IgorEulalio IgorEulalio changed the title WIP: Add AKS audit logs plugin Add AKS audit logs plugin Dec 16, 2024
@github-actions GitHub Actions
Copy link

Rules files suggestions

leogr
leogr reviewed Dec 17, 2024
View reviewed changes
Copy link
Member

@leogr leogr left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Overall, SGTM!

I've just left a few minor comments (see below).

Thanks!

plugins/k8saudit-aks/README.md Outdated Show resolved Hide resolved
plugins/k8saudit-aks/falco_aks_audit.yaml Outdated Show resolved Hide resolved
plugins/k8saudit-aks/plugin/main.go Outdated Show resolved Hide resolved
plugins/k8saudit-aks/pkg/k8sauditaks/k8sauditaks.go Show resolved Hide resolved
shared/go/azure/eventhub/processor.go Show resolved Hide resolved
@github-actions GitHub Actions
Copy link

Rules files suggestions

2 similar comments
@github-actions GitHub Actions
Copy link

Rules files suggestions

@github-actions GitHub Actions
Copy link

Rules files suggestions

@leogr
Copy link
Member

leogr commented Dec 19, 2024

Hey @IgorEulalio

Since this is a maintainer addition, as per our governance, we will go with a quick majority vote among @falcosecurity/plugins-maintainers. This process will take no more than one week.

Meanwhile, we are already reviewing the code. You may expect some delay, considering the upcoming holidays, but I want to let you know that we are on it :)

Thanks

@leogr leogr changed the title Add AKS audit logs plugin vote: Add AKS audit logs plugin Dec 19, 2024
@github-actions GitHub Actions
Copy link

Rules files suggestions

jasondellaluce
jasondellaluce reviewed Jan 7, 2025
View reviewed changes
Copy link
Contributor

@jasondellaluce jasondellaluce left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

+1

@leogr
Copy link
Member

leogr commented Jan 7, 2025

+1 from me too!

@pirrofra @IgorEulalio
feat(plugins/aksaudit): add aks audit logs plugin
f3624c7 
Signed-off-by: Francesco Pirrò <[email protected]>

update(plugins/gcpaudit): bump plugin version to 0.5.0

Signed-off-by: Francesco Pirrò <[email protected]>

chore(plugins/gcpaudit): update changelogs with v0.5.0 changes

Signed-off-by: Francesco Pirrò <[email protected]>

add initial plugin structure

Signed-off-by: Igor Eulalio <[email protected]>

add processor function, refactor workflow to leverage channels

Signed-off-by: Igor Eulalio <[email protected]>

refactoring main function to handle Process in underlying package, introducing channels

Signed-off-by: Igor Eulalio <[email protected]>

add makefile

Signed-off-by: Igor Eulalio <[email protected]>

update regisry + readme for k8saudit-aks

Signed-off-by: Thomas Labarussias <[email protected]>

add owners

Signed-off-by: Thomas Labarussias <[email protected]>

fix Open method arg

Signed-off-by: Thomas Labarussias <[email protected]>

refactor code to handle the channel logic, add Makefile helpers, add new rule

Signed-off-by: Igor Eulalio <[email protected]>

add logs using proper plugin, finish configuration

Signed-off-by: Igor Eulalio <[email protected]>

feat: add .envrc to gitignore

Signed-off-by: Igor Eulalio <[email protected]>

feat: add .envrc to gitignore

Signed-off-by: Igor Eulalio <[email protected]>
@IgorEulalio
feat: refactor to remove print logs, add .envrc to .gitignore, config…
382547c 
…ure proper resource shutdown for partitionClient

Signed-off-by: Igor Eulalio <[email protected]>
@IgorEulalio
feat: handling channel closenes in order
3b9af8b 
Signed-off-by: Igor Eulalio <[email protected]>
@IgorEulalio
chore: remove unused print
69bd186 
Signed-off-by: Igor Eulalio <[email protected]>
@IgorEulalio
chore: fix license description on all files, remove test rules file, …
3b08d18 
…fix typo on README

Signed-off-by: Igor Eulalio <[email protected]>
@IgorEulalio
fix: add waitgroup to prevent sending messages on closed channels
80dafb5 
Signed-off-by: Igor Eulalio <[email protected]>
@IgorEulalio
feat: refactor it to use init config instead environment variables, a…
da64977 
…dd plugin max event size configuration

Signed-off-by: Igor Eulalio <[email protected]>
@IgorEulalio
chore: update docs
f75ee79 
Signed-off-by: Igor Eulalio <[email protected]>
LucaGuerra
LucaGuerra approved these changes Jan 7, 2025
View reviewed changes
Copy link
Contributor

@LucaGuerra LucaGuerra left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

+1!

@poiana poiana added the lgtm label Jan 7, 2025
@poiana
Copy link
Contributor

poiana commented Jan 7, 2025

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: IgorEulalio, LucaGuerra

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

@poiana
Copy link
Contributor

poiana commented Jan 7, 2025

LGTM label has been added.

Git tree hash: d40038fac876264d033b7f52f576e3128b63701b

@poiana poiana added the approved label Jan 7, 2025
@poiana poiana merged commit 34dac61 into falcosecurity:main Jan 7, 2025
6 of 9 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@jasondellaluce jasondellaluce jasondellaluce left review comments

@leogr leogr leogr left review comments

@LucaGuerra LucaGuerra LucaGuerra approved these changes

Assignees

@LucaGuerra LucaGuerra

Labels
approved dco-signoff: yes lgtm size/XXL
Projects
None yet
Milestone
No milestone
6 participants
@IgorEulalio @leogr @poiana @jasondellaluce @LucaGuerra @pirrofra