new(userspace/falco): added an option to listen to changes on the config file and rules files, and trigger a Falco reload #1991
Conversation
…fig file and rules files, and trigger a Falco reload. Signed-off-by: Federico Di Pierro <[email protected]>
Signed-off-by: Federico Di Pierro <[email protected]>
Signed-off-by: Federico Di Pierro <[email protected]>
…ch rules folders, when specified. This means that when starting Falco passing to it a folder for its rules, it will properly manage changes to any file inside the folders, plus any created/deleted file inside it. Unified list of rules parsing, instead of having it done twice inside cmdline_options and configuration. Instead, it is done only once, inside load_rules_files. Signed-off-by: Federico Di Pierro <[email protected]>
| @@ -86,12 +86,17 @@ application::run_result application::load_rules_files() | |||
| } | |||
|
|
|||
| falco_logger::log(LOG_DEBUG, "Configured rules filenames:\n"); | |||
| for (auto filename : m_state->config->m_rules_filenames) | |||
| for (const auto& path : m_state->config->m_rules_filenames) | |||
There was a problem hiding this comment.
This is different from the old behavior because now we are printing exact same options as configured by user, instead of already expanded ones (in case of folders).
I don't know whether this is fine or not; i can easily update it to support real loaded rules files.
There was a problem hiding this comment.
I don't think this is wrong, i mean, in log debug, we also print the "loading rules from file X" line, below while loading rules.
Therefore i thought it would be good to have a point where we print the actually passed-by-user rules paths.
There was a problem hiding this comment.
I agree Fede, I think this works better
|
LGTM label has been added. Git tree hash: 946e340c327e150806dc37638d1bfdbeab849b25
|
Signed-off-by: Federico Di Pierro <[email protected]> Co-authored-by: Leonardo Grasso <[email protected]>
|
LGTM label has been added. Git tree hash: 4ed35d3cc5c531ea84226e9d918a2b0287c306a9
|
|
[APPROVALNOTIFIER] This PR is APPROVED This pull-request has been approved by: FedeDP, jasondellaluce, leogr The full list of commands accepted by this bot can be found here. The pull request process is described here
Needs approval from an approver in each of these files:
Approvers can indicate their approval by writing |
|
/milestone 0.32.0 |
What type of PR is this?
/kind feature
Any specific area of the project related to this PR?
/area engine
What this PR does / why we need it:
This PR adds a new config option
watch_config_files, to allow it to trigger a Falco restart whenever a change is detected in the rules files or conf file.Which issue(s) this PR fixes:
Fixes #
Special notes for your reviewer:
Does this PR introduce a user-facing change?: