Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Rules versioning (falcosecurity#492)
* Add ability to print field names only Add ability to print field names only instead of all information about fields (description, etc) using -N cmdline option. This will be used to add some versioning support steps that check for a changed set of fields. * Add an engine version that changes w/ filter flds Add a method falco_engine::engine_version() that returns the current engine version (e.g. set of supported fields, rules objects, operators, etc.). It's defined in falco_engine_version.h, starts at 2 and should be updated whenever a breaking change is made. The most common reason for an engine change will be an update to the set of filter fields. To make this easy to diagnose, add a build time check that compares the sha256 output of "falco --list -N" against a value that's embedded in falco_engine_version.h. A mismatch fails the build. * Check engine version when loading rules A rules file can now have a field "required_engine_version N". If present, the number is compared to the falco engine version. If the falco engine version is less, an error is thrown. * Unit tests for engine versioning Add a required version: 2 to one trace file to check the positive case and add a new test that verifies that a too-new rules file won't be loaded. * Rename falco test docker image Rename sysdig/falco to falcosecurity/falco in unit tests. * Don't pin falco_rules.yaml to an engine version Currently, falco_rules.yaml is compatible with versions <= 0.13.1 other than the required_engine_version object itself, so keep that line commented out so users can use this rules file with older falco versions. We'll uncomment it with the first incompatible falco engine change.
- Loading branch information
