added fission output type

Signed-off-by: Gaurav Gahlot <[email protected]>
falcosecurity · Jul 20, 2021 · 61b0431 · 61b0431
1 parent bd7f5fe
commit 61b0431
Show file tree

Hide file tree

Showing 8 changed files with 145 additions and 0 deletions.
diff --git a/config.go b/config.go
@@ -197,6 +197,16 @@ func getConfig() *types.Configuration {
 	v.SetDefault("Openfaas.MutualTls", false)
 	v.SetDefault("Openfaas.CheckCert", true)
 
+	v.SetDefault("Fission.RouterNamespace", "fission")
+	v.SetDefault("Fission.RouterService", "router")
+	v.SetDefault("Fission.RouterPort", 80)
+	v.SetDefault("Fission.FunctionNamespace", "fission-function")
+	v.SetDefault("Fission.Function", "")
+	v.SetDefault("Fission.Kubeconfig", "")
+	v.SetDefault("Fission.MinimumPriority", "")
+	v.SetDefault("Fission.MutualTls", false)
+	v.SetDefault("Fission.CheckCert", true)
+
 	v.SetDefault("Webui.URL", "")
 	v.SetDefault("Webui.MutualTls", false)
 	v.SetDefault("Webui.CheckCert", true)
@@ -302,6 +312,7 @@ func getConfig() *types.Configuration {
 	c.Pagerduty.MinimumPriority = checkPriority(c.Pagerduty.MinimumPriority)
 	c.Kubeless.MinimumPriority = checkPriority(c.Kubeless.MinimumPriority)
 	c.Openfaas.MinimumPriority = checkPriority(c.Openfaas.MinimumPriority)
+	c.Fission.MinimumPriority = checkPriority(c.Fission.MinimumPriority)
 	c.Rabbitmq.MinimumPriority = checkPriority(c.Rabbitmq.MinimumPriority)
 	c.Wavefront.MinimumPriority = checkPriority(c.Wavefront.MinimumPriority)
 

diff --git a/handlers.go b/handlers.go
@@ -252,4 +252,8 @@ func forwardEvent(falcopayload types.FalcoPayload) {
 	if config.WebUI.URL != "" {
 		go webUIClient.WebUIPost(falcopayload)
 	}
+
+	if config.Fission.Function != "" && (falcopayload.Priority >= types.Priority(config.Fission.MinimumPriority) || falcopayload.Rule == testRule) {
+		go fissionClient.FissionCall(falcopayload)
+	}
 }
diff --git a/main.go b/main.go
@@ -45,6 +45,7 @@ var (
 	webUIClient         *outputs.Client
 	rabbitmqClient      *outputs.Client
 	wavefrontClient     *outputs.Client
+	fissionClient       *outputs.Client
 
 	statsdClient, dogstatsdClient *statsd.Client
 	config                        *types.Configuration
@@ -426,6 +427,16 @@ func init() {
 		}
 	}
 
+	if config.Fission.Function != "" {
+		var err error
+		fissionClient, err = outputs.NewFissionClient(config, stats, promStats, statsdClient, dogstatsdClient)
+		if err != nil {
+			log.Printf("[ERROR] : Fission - %v\n", err)
+		} else {
+			outputs.EnabledOutputs = append(outputs.EnabledOutputs, outputs.Fission)
+		}
+	}
+
 	log.Printf("[INFO]  : Enabled Outputs : %s\n", outputs.EnabledOutputs)
 }
 

diff --git a/outputs/client.go b/outputs/client.go
@@ -209,6 +209,8 @@ func (c *Client) Post(payload interface{}) error {
 		} else if c.OutputType == Openfaas {
 			log.Printf("[INFO]  : %v - Function Response : %v\n", Openfaas,
 				string(body))
+		} else if c.OutputType == Fission {
+			log.Printf("[INFO]  : %v - Function Response : %v\n", Fission, string(body))
 		}
 		return nil
 	case http.StatusBadRequest: //400

diff --git a/outputs/constants.go b/outputs/constants.go
@@ -38,4 +38,5 @@ const (
 
 	Kubeless string = "Kubeless"
 	Openfaas string = "OpenFaas"
+	Fission  string = "Fission"
 )
diff --git a/outputs/fission.go b/outputs/fission.go
@@ -0,0 +1,102 @@
+package outputs
+
+import (
+	"context"
+	"encoding/json"
+	"log"
+	"strconv"
+
+	"github.com/DataDog/datadog-go/statsd"
+	"github.com/google/uuid"
+	"k8s.io/client-go/kubernetes"
+	"k8s.io/client-go/tools/clientcmd"
+
+	"github.com/falcosecurity/falcosidekick/types"
+)
+
+// Some constant strings to use in request headers
+const FissionEventIDKey = "event-id"
+const FissionEventNamespaceKey = "event-namespace"
+const FissionContentType = "application/json"
+
+// NewFissionClient returns a new output.Client for accessing Kubernetes.
+func NewFissionClient(config *types.Configuration, stats *types.Statistics, promStats *types.PromStatistics,
+	statsdClient, dogstatsdClient *statsd.Client) (*Client, error) {
+	if config.Fission.KubeConfig != "" {
+		restConfig, err := clientcmd.BuildConfigFromFlags("", config.Fission.KubeConfig)
+		if err != nil {
+			return nil, err
+		}
+		clientset, err := kubernetes.NewForConfig(restConfig)
+		if err != nil {
+			return nil, err
+		}
+		return &Client{
+			OutputType:       Fission,
+			Config:           config,
+			Stats:            stats,
+			PromStats:        promStats,
+			StatsdClient:     statsdClient,
+			DogstatsdClient:  dogstatsdClient,
+			KubernetesClient: clientset,
+		}, nil
+	}
+	return NewClient(
+		Fission,
+		"http://"+config.Fission.RouterService+"."+config.Fission.RouterNamespace+
+			".svc.cluster.local:"+strconv.Itoa(config.Fission.RouterPort)+
+			"/fission-function/"+config.Fission.Function,
+		config.Fission.MutualTLS,
+		config.Fission.CheckCert,
+		config,
+		stats,
+		promStats,
+		statsdClient,
+		dogstatsdClient,
+	)
+}
+
+// FissionCall .
+func (c *Client) FissionCall(falcopayload types.FalcoPayload) {
+	c.Stats.Fission.Add(Total, 1)
+
+	if c.Config.Fission.KubeConfig != "" {
+		str, _ := json.Marshal(falcopayload)
+		req := c.KubernetesClient.CoreV1().RESTClient().Post().AbsPath("/api/v1/namespaces/" +
+			c.Config.Fission.RouterNamespace + "/services/" + c.Config.Fission.RouterService +
+			":" + strconv.Itoa(c.Config.Fission.RouterPort) + "/proxy/" + "/fission-function/" +
+			c.Config.Fission.Function).Body(str)
+		req.SetHeader(FissionEventIDKey, uuid.New().String())
+		req.SetHeader(ContentTypeHeaderKey, FissionContentType)
+		req.SetHeader(UserAgentHeaderKey, UserAgentHeaderValue)
+
+		res := req.Do(context.TODO())
+		rawbody, err := res.Raw()
+		if err != nil {
+			go c.CountMetric(Outputs, 1, []string{"output:Fission", "status:error"})
+			c.Stats.Fission.Add(Error, 1)
+			c.PromStats.Outputs.With(map[string]string{"destination": "Fission", "status": Error}).Inc()
+			log.Println("[INFO] : Fission - KubeConfig not empty")
+			log.Printf("[ERROR] : Fission - %v\n", err.Error())
+			return
+		}
+		log.Printf("[INFO]  : Fission - Function Response : %v\n", string(rawbody))
+	} else {
+		c.AddHeader(FissionEventIDKey, uuid.New().String())
+		c.ContentType = FissionContentType
+
+		err := c.Post(falcopayload)
+		if err != nil {
+			go c.CountMetric(Outputs, 1, []string{"output:Fission", "status:error"})
+			c.Stats.Fission.Add(Error, 1)
+			c.PromStats.Outputs.With(map[string]string{"destination": "Fission", "status": Error}).Inc()
+			log.Println("[INFO] : Fission - KubeConfig empty")
+			log.Printf("[ERROR] : %s - %v\n", Fission, err.Error())
+			return
+		}
+	}
+	log.Printf("[INFO]  : %s - Call Function \"%v\" OK\n", Fission, c.Config.Fission.Function)
+	go c.CountMetric(Outputs, 1, []string{"output:Fission", "status:ok"})
+	c.Stats.Fission.Add(OK, 1)
+	c.PromStats.Outputs.With(map[string]string{"destination": "Fission", "status": OK}).Inc()
+}
diff --git a/stats.go b/stats.go
@@ -58,6 +58,7 @@ func getInitStats() *types.Statistics {
 		WebUI:             getOutputNewMap("webui"),
 		Rabbitmq:          getOutputNewMap("rabbitmq"),
 		Wavefront:         getOutputNewMap("wavefront"),
+		Fission:           getOutputNewMap("fission"),
 	}
 	stats.Falco.Add(outputs.Emergency, 0)
 	stats.Falco.Add(outputs.Alert, 0)

diff --git a/types/types.go b/types/types.go
@@ -54,6 +54,7 @@ type Configuration struct {
 	WebUI              WebUIOutputConfig
 	Rabbitmq           RabbitmqConfig
 	Wavefront          WavefrontOutputConfig
+	Fission            fissionConfig
 }
 
 // SlackOutputConfig represents parameters for Slack
@@ -414,6 +415,7 @@ type Statistics struct {
 	WebUI             *expvar.Map
 	Rabbitmq          *expvar.Map
 	Wavefront         *expvar.Map
+	Fission           *expvar.Map
 }
 
 // PromStatistics is a struct to store prometheus metrics
@@ -422,3 +424,14 @@ type PromStatistics struct {
 	Inputs  *prometheus.CounterVec
 	Outputs *prometheus.CounterVec
 }
+
+type fissionConfig struct {
+	RouterNamespace string
+	RouterService   string
+	RouterPort      int
+	Function        string
+	KubeConfig      string
+	MinimumPriority string
+	CheckCert       bool
+	MutualTLS       bool
+}