add dry_run option

Signed-off-by: Thomas Labarussias <issif+github@gadz.org>
falcosecurity · Oct 15, 2023 · 8f9c87c · 8f9c87c
1 parent e10100c
commit 8f9c87c
Show file tree

Hide file tree

Showing 4 changed files with 22 additions and 10 deletions.
diff --git a/README.md b/README.md
@@ -201,6 +201,7 @@ Actions to trigger for events are set with rules with this syntax:
         <string>: <string>
   continue: <bool>
   before: <bool>
+  dry_run: <bool>
   notifiers:
     - <string>
     - <string>
@@ -219,6 +220,8 @@ With:
   * `parameters`: key:value map of parameters for the action. value can be a string, an int or a map.
 * `continue`: if `true`, no more action are applied after the rule has been triggerd (default is `true`).
 * `before`: if `true`, no more action are applied after the rule has been triggerd (default is `true`).
+* `dry_run`: if `true`; the action is not applied (default: `false`).
+* `notifiers`: list of notifiers to enabled for the action, in addition with the defaults.
 
 Examples:
 

diff --git a/actionners/actionners.go b/actionners/actionners.go
@@ -189,7 +189,13 @@ func Trigger(rule *rules.Rule, event *events.Event) {
 					}
 				}
 			}
-			result, err := i.Action(rule, event)
+			result := utils.LogLine{
+				Output: "no action, dry-run is enabled",
+			}
+			var err error
+			if !rule.DryRun {
+				result, err = i.Action(rule, event)
+			}
 			result.Rule = ruleName
 			result.Action = action
 			result.TraceID = event.TraceID

diff --git a/actionners/kubernetes/terminate/terminate.go b/actionners/kubernetes/terminate/terminate.go
@@ -1,6 +1,7 @@
 package terminate
 
 import (
+	"context"
 	"fmt"
 	"regexp"
 	"strconv"
@@ -10,6 +11,7 @@ import (
 	kubernetes "github.com/Issif/falco-talon/internal/kubernetes/client"
 	"github.com/Issif/falco-talon/internal/rules"
 	"github.com/Issif/falco-talon/utils"
+	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
 )
 
 var Terminate = func(rule *rules.Rule, event *events.Event) (utils.LogLine, error) {
@@ -105,15 +107,15 @@ var Terminate = func(rule *rules.Rule, event *events.Event) (utils.LogLine, erro
 		}
 	}
 
-	// err := client.Clientset.CoreV1().Pods(namespace).Delete(context.Background(), podName, metav1.DeleteOptions{GracePeriodSeconds: gracePeriodSeconds})
-	// if err != nil {
-	// 	return utils.LogLine{
-	// 			Objects: objects,
-	// 			Status:  "failure",
-	// 			Error:   err.Error(),
-	// 		},
-	// 		err
-	// }
+	err := client.Clientset.CoreV1().Pods(namespace).Delete(context.Background(), podName, metav1.DeleteOptions{GracePeriodSeconds: gracePeriodSeconds})
+	if err != nil {
+		return utils.LogLine{
+				Objects: objects,
+				Status:  "failure",
+				Error:   err.Error(),
+			},
+			err
+	}
 	return utils.LogLine{
 			Objects: objects,
 			Status:  "success",

diff --git a/internal/rules/rules.go b/internal/rules/rules.go
@@ -20,6 +20,7 @@ type Rule struct {
 	Continue  string   `yaml:"continue"`
 	Before    string   `yaml:"before"`
 	Match     Match    `yaml:"match"`
+	DryRun    bool     `yaml:"dry_run"`
 }
 
 type Action struct {