Merge pull request #169 from Issif/kubernetes-logs

new actionner kubernetes:log

README.md

@@ -11,6 +11,7 @@
     - [`kubernetes:networkpolicy`](#kubernetesnetworkpolicy)
     - [`kubernetes:exec`](#kubernetesexec)
     - [`kubernetes:script`](#kubernetesscript)
+    - [`kubernetes:log`](#kuberneteslog)
   - [Notifiers](#notifiers)
     - [K8s Events](#k8s-events)
     - [Slack](#slack)
@@ -116,6 +117,16 @@ Each `actionner` is configured with:
   * `k8s.pod.name`
   * `k8s.ns.name`
 
+### `kubernetes:log`
+
+* Description: **Get logs from a pod**
+* Continue: `true`
+* Parameters:
+  * `tail_lines`: The number of lines from the end of the logs to show (default: `1000`)
+* Required fields:
+  * `k8s.pod.name`
+  * `k8s.ns.name`
+
 ## Notifiers
 
 `Notifiers` define which outputs to notify with result of actions.

actionners/actionners.go

@@ -5,6 +5,7 @@ import (
 
 	"github.com/Issif/falco-talon/actionners/kubernetes/exec"
 	labelize "github.com/Issif/falco-talon/actionners/kubernetes/labelize"
+	logActionner "github.com/Issif/falco-talon/actionners/kubernetes/log"
 	networkpolicy "github.com/Issif/falco-talon/actionners/kubernetes/networkpolicy"
 	"github.com/Issif/falco-talon/actionners/kubernetes/script"
 	terminate "github.com/Issif/falco-talon/actionners/kubernetes/terminate"
@@ -97,7 +98,19 @@ func GetDefaultActionners() *Actionners {
 				},
 				CheckParameters: script.CheckParameters,
 				Action:          script.Script,
-			})
+			},
+			&Actionner{
+				Category:        "kubernetes",
+				Name:            "log",
+				DefaultContinue: true,
+				Init:            kubernetes.Init,
+				Checks: []checkActionner{
+					kubernetes.CheckPodExist,
+				},
+				CheckParameters: logActionner.CheckParameters,
+				Action:          logActionner.Log,
+			},
+		)
 	}
 
 	return defaultActionners

actionners/kubernetes/log/log.go

@@ -0,0 +1,109 @@
+package log
+
+import (
+	"bytes"
+	"context"
+	"fmt"
+	"io"
+
+	corev1 "k8s.io/api/core/v1"
+
+	"github.com/Issif/falco-talon/internal/events"
+	kubernetes "github.com/Issif/falco-talon/internal/kubernetes/client"
+	"github.com/Issif/falco-talon/internal/rules"
+	"github.com/Issif/falco-talon/utils"
+)
+
+var Log = func(rule *rules.Rule, action *rules.Action, event *events.Event) (utils.LogLine, error) {
+	pod := event.GetPodName()
+	namespace := event.GetNamespaceName()
+
+	objects := map[string]string{
+		"Pod":       pod,
+		"Namespace": namespace,
+	}
+
+	parameters := action.GetParameters()
+	tailLines := new(int64)
+	if parameters["tail_lines"] != nil {
+		*tailLines = int64(parameters["tail_lines"].(int))
+	}
+	if *tailLines == 0 {
+		*tailLines = 20
+	}
+
+	command := new(string)
+	if parameters["command"] != nil {
+		*command = parameters["command"].(string)
+	}
+
+	client := kubernetes.GetClient()
+
+	p, _ := client.GetPod(pod, namespace)
+	containers := kubernetes.GetContainers(p)
+	if len(containers) == 0 {
+		err := fmt.Errorf("no container found")
+		return utils.LogLine{
+				Objects: objects,
+				Error:   err.Error(),
+				Status:  "failure",
+			},
+			err
+	}
+
+	ctx := context.Background()
+	var output string
+
+	for i, container := range containers {
+		logs, err := client.Clientset.CoreV1().Pods(namespace).GetLogs(pod, &corev1.PodLogOptions{
+			Container: container,
+			TailLines: tailLines,
+		}).Stream(ctx)
+		if err != nil {
+			if err != nil {
+				if i == len(containers)-1 {
+					return utils.LogLine{
+						Objects: objects,
+						Error:   err.Error(),
+						Status:  "failure",
+					}, err
+				}
+				continue
+			}
+		}
+		defer logs.Close()
+
+		buf := new(bytes.Buffer)
+		_, err = io.Copy(buf, logs)
+		if err != nil {
+			return utils.LogLine{
+					Objects: objects,
+					Status:  "failure",
+					Error:   err.Error(),
+				},
+				err
+		}
+
+		output = buf.String()
+		if output != "" {
+			break
+		}
+	}
+
+	return utils.LogLine{
+			Objects: objects,
+			Output:  output,
+			Status:  "success",
+		},
+		nil
+}
+
+var CheckParameters = func(action *rules.Action) error {
+	parameters := action.GetParameters()
+	err := utils.CheckParameters(parameters, "tail_lines", utils.IntStr, nil, false)
+	if err != nil {
+		return err
+	}
+
+	return nil
+}

notifiers/smtp/smtp.go

@@ -59,7 +59,7 @@ var Init = func(fields map[string]interface{}) error {
 
 var Notify = func(log utils.LogLine) error {
 	if smtpconfig.HostPort == "" {
-		return errors.New("wrong config")
+		return errors.New("wrong host_port")
 	}
 
 	payload, err := NewPayload(log)

notifiers/smtp/templates.go

@@ -34,7 +34,7 @@ var htmlTmpl = `
     td{font-family:arial,helvetica,sans-serif;}
 </style>
 
-<table cellpadding="3" cellspacing="0" style="font-family:arial,helvetica,sans-serif; height:2px; width:700px;">
+<table cellpadding="5" cellspacing="0" style="font-family:arial,helvetica,sans-serif; height:2px; width:800px;">
     <tbody>
         <tr>
             <td><img src="https://raw.githubusercontent.com/cncf/artwork/master/projects/falco/horizontal/color/falco-horizontal-color.png" width="117px" height="47"></td>
@@ -43,14 +43,14 @@ var htmlTmpl = `
     </tbody>
 </table>
 <br>
-<table cellpadding="3" cellspacing="0" style="font-family:arial,helvetica,sans-serif; height:2px; width:700px;">
+<table cellpadding="3" cellspacing="0" style="font-family:arial,helvetica,sans-serif; height:2px; width:800px;">
     <tbody>
         <tr>
-            <td style="background-color:{{ $color }}; width:700px; text-align:center;"><span style="font-size:12px; color:#fff;"><strong>{{ .Status }}</strong></span></td>
+            <td style="background-color:{{ $color }}; width:800px; text-align:center;"><span style="font-size:12px; color:#fff;"><strong>{{ .Status }}</strong></span></td>
         </tr>
     </tbody>
 </table>
-<table cellpadding="5" cellspacing="0" style="font-family:arial,helvetica,sans-serif; width:700px; font-size:13px">
+<table cellpadding="5" cellspacing="0" style="font-family:arial,helvetica,sans-serif; width:800px; font-size:13px">
     <tbody>
         <tr>
             <td style="background-color:#858585"><span style="font-size:14px;color:#fff;"><strong>Action</strong></span></td>
@@ -97,7 +97,7 @@ var htmlTmpl = `
         {{ if .Output }}
         <tr>
             <td style="background-color:#858585"><span style="font-size:14px;color:#fff;"><strong>Output</strong></span></td>
-            <td style="background-color:#d1d6da">{{ printf "%s" .Output }}</td>
+            <td style="background-color:#d1d6da;max-width:502px;overflow:hidden;">{{ printf "%s" .Output }}</td>
         </tr>
         {{ end }}
     </tbody>