diff --git a/README.md b/README.md index aa958ca3..59c6fd99 100644 --- a/README.md +++ b/README.md @@ -201,6 +201,7 @@ Actions to trigger for events are set with rules with this syntax: : continue: before: + dry_run: notifiers: - - @@ -219,6 +220,8 @@ With: * `parameters`: key:value map of parameters for the action. value can be a string, an int or a map. * `continue`: if `true`, no more action are applied after the rule has been triggerd (default is `true`). * `before`: if `true`, no more action are applied after the rule has been triggerd (default is `true`). +* `dry_run`: if `true`; the action is not applied (default: `false`). +* `notifiers`: list of notifiers to enabled for the action, in addition with the defaults. Examples: diff --git a/actionners/actionners.go b/actionners/actionners.go index a04e3ef1..97e6dbc9 100644 --- a/actionners/actionners.go +++ b/actionners/actionners.go @@ -189,7 +189,13 @@ func Trigger(rule *rules.Rule, event *events.Event) { } } } - result, err := i.Action(rule, event) + result := utils.LogLine{ + Output: "no action, dry-run is enabled", + } + var err error + if !rule.DryRun { + result, err = i.Action(rule, event) + } result.Rule = ruleName result.Action = action result.TraceID = event.TraceID diff --git a/actionners/kubernetes/terminate/terminate.go b/actionners/kubernetes/terminate/terminate.go index b0595fa7..02249c03 100644 --- a/actionners/kubernetes/terminate/terminate.go +++ b/actionners/kubernetes/terminate/terminate.go @@ -1,6 +1,7 @@ package terminate import ( + "context" "fmt" "regexp" "strconv" @@ -10,6 +11,7 @@ import ( kubernetes "github.com/Issif/falco-talon/internal/kubernetes/client" "github.com/Issif/falco-talon/internal/rules" "github.com/Issif/falco-talon/utils" + metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" ) var Terminate = func(rule *rules.Rule, event *events.Event) (utils.LogLine, error) { @@ -105,15 +107,15 @@ var Terminate = func(rule *rules.Rule, event *events.Event) (utils.LogLine, erro } } - // err := client.Clientset.CoreV1().Pods(namespace).Delete(context.Background(), podName, metav1.DeleteOptions{GracePeriodSeconds: gracePeriodSeconds}) - // if err != nil { - // return utils.LogLine{ - // Objects: objects, - // Status: "failure", - // Error: err.Error(), - // }, - // err - // } + err := client.Clientset.CoreV1().Pods(namespace).Delete(context.Background(), podName, metav1.DeleteOptions{GracePeriodSeconds: gracePeriodSeconds}) + if err != nil { + return utils.LogLine{ + Objects: objects, + Status: "failure", + Error: err.Error(), + }, + err + } return utils.LogLine{ Objects: objects, Status: "success", diff --git a/internal/rules/rules.go b/internal/rules/rules.go index 724e2e3c..fbc09741 100644 --- a/internal/rules/rules.go +++ b/internal/rules/rules.go @@ -20,6 +20,7 @@ type Rule struct { Continue string `yaml:"continue"` Before string `yaml:"before"` Match Match `yaml:"match"` + DryRun bool `yaml:"dry_run"` } type Action struct {