Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

refactor(userspace/libsinsp): support field transformers in formatters #1847

Merged
merged 2 commits into from
May 7, 2024
Merged

refactor(userspace/libsinsp): support field transformers in formatters #1847

merged 2 commits into from
May 7, 2024

Conversation

jasondellaluce
Copy link
Contributor

@jasondellaluce jasondellaluce commented May 7, 2024
edited
Loading

What type of PR is this?

/kind feature

Any specific area of the project related to this PR?

/area libsinsp

/area tests

Does this PR require a change in the driver versions?

What this PR does / why we need it:

This is the (hopefully) last PR on libs for the series of #1789. This lastly adds support to field transformers in libsinsp's formatters, which are also used to produce Falco rules outputs. Tests are included. This takes the chance for polishing a bit the implementation of sinsp_evt_formatter, which hasn't been touched for years.

After consulting with other maintainers and some product experts the UX decision has been that, whenever transformers are used in an output, the output field map (and the JSON output) will include both the non-transformed field and the transformed one. This will ensure that current expectations are not broken, while also including (optionally, configurable through API) the new information. Example taken from the tests:

TEST_F(sinsp_formatter_test, field_with_nested_transformer)
{
	format("start %tolower(toupper(proc.name)) end");
	EXPECT_EQ(m_last_res, true);
	EXPECT_EQ(m_last_output, "start init end");
	EXPECT_EQ(m_last_field_values.size(), 2) << pretty_print(m_last_field_values);
	EXPECT_EQ(m_last_field_values["proc.name"], "init");
	EXPECT_EQ(m_last_field_values["tolower(toupper(proc.name))"], "init");
}

Which issue(s) this PR fixes:

Special notes for your reviewer:

/milestone 0.17.0

Does this PR introduce a user-facing change?:

refactor(userspace/libsinsp): support field transformers in formatters

@poiana poiana added this to the 0.17.0 milestone May 7, 2024
@poiana poiana requested a review from hbrueckner May 7, 2024 10:22
@poiana poiana added the approved label May 7, 2024
@poiana poiana requested a review from incertum May 7, 2024 10:22
@poiana poiana added the size/XL label May 7, 2024
@jasondellaluce jasondellaluce mentioned this pull request May 7, 2024
Closed
6 tasks
FedeDP
FedeDP approved these changes May 7, 2024
View reviewed changes
Copy link
Contributor

@FedeDP FedeDP left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

/approve
🚀

@poiana poiana added the lgtm label May 7, 2024
@poiana
Copy link
Contributor

poiana commented May 7, 2024

LGTM label has been added.

Git tree hash: 1f596a5c2cde4a503e072e01a292f0d97c72be88

incertum
incertum approved these changes May 7, 2024
View reviewed changes
Copy link
Contributor

@incertum incertum left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

/approve

@poiana
Copy link
Contributor

poiana commented May 7, 2024

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: FedeDP, incertum, jasondellaluce

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Needs approval from an approver in each of these files:
  • OWNERS [FedeDP,incertum,jasondellaluce]

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

@poiana poiana merged commit b130797 into master May 7, 2024
40 checks passed
@poiana poiana deleted the refactor/field-transformers-in-formatters branch May 7, 2024 17:37
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@incertum incertum incertum approved these changes

@FedeDP FedeDP FedeDP approved these changes

@hbrueckner hbrueckner Awaiting requested review from hbrueckner

Assignees

@FedeDP FedeDP

@incertum incertum

Labels
approved area/libsinsp area/tests dco-signoff: yes kind/feature New feature or request lgtm release-note size/XL
Projects
None yet
Milestone
0.17.0
Development

Successfully merging this pull request may close these issues.
4 participants
@jasondellaluce @poiana @FedeDP @incertum