diff --git a/.gitignore b/.gitignore index 4bb0fa8b..1ab7a413 100644 --- a/.gitignore +++ b/.gitignore @@ -10,4 +10,5 @@ DO-NOT-COMMIT-local-setup.yaml deployment/compose/minio/data deployment/compose/tempo/data deployment/compose/loki/data -.env \ No newline at end of file +.env +pod*.yaml diff --git a/actionners/actionners.go b/actionners/actionners.go index 93910c2e..b523a951 100644 --- a/actionners/actionners.go +++ b/actionners/actionners.go @@ -20,6 +20,7 @@ import ( lambdaInvoke "github.com/falco-talon/falco-talon/actionners/aws/lambda" calicoNetworkpolicy "github.com/falco-talon/falco-talon/actionners/calico/networkpolicy" ciliumNetworkpolicy "github.com/falco-talon/falco-talon/actionners/cilium/networkpolicy" + gcpFunctionCall "github.com/falco-talon/falco-talon/actionners/gcp/function" k8sCordon "github.com/falco-talon/falco-talon/actionners/kubernetes/cordon" k8sDelete "github.com/falco-talon/falco-talon/actionners/kubernetes/delete" k8sDownload "github.com/falco-talon/falco-talon/actionners/kubernetes/download" @@ -81,6 +82,7 @@ func ListDefaultActionners() *Actionners { k8sDownload.Register(), k8sTcpdump.Register(), lambdaInvoke.Register(), + gcpFunctionCall.Register(), calicoNetworkpolicy.Register(), ciliumNetworkpolicy.Register(), ) diff --git a/actionners/gcp/function/function.go b/actionners/gcp/function/function.go new file mode 100644 index 00000000..ca35fefc --- /dev/null +++ b/actionners/gcp/function/function.go @@ -0,0 +1,254 @@ +package functions + +import ( + "bytes" + "context" + "encoding/json" + "fmt" + "io" + "net/http" + "strconv" + "time" + + "cloud.google.com/go/functions/apiv2/functionspb" + "google.golang.org/api/idtoken" + + "github.com/falco-talon/falco-talon/internal/events" + "github.com/falco-talon/falco-talon/internal/gcp/checks" + "github.com/falco-talon/falco-talon/internal/gcp/client" + "github.com/falco-talon/falco-talon/internal/models" + "github.com/falco-talon/falco-talon/internal/rules" + "github.com/falco-talon/falco-talon/utils" +) + +const ( + Name string = "function" + Category string = "gcp" + Description string = "Invoke a GCP function forwarding the Falco event payload" + Source string = "any" + Continue bool = true + AllowOutput bool = false + RequireOutput bool = false + Permissions string = `{ + "roles/cloudfunctions.invoker" + }` + Example string = `- action: Invoke GCP Cloud Function + actionner: gcp:function + parameters: + gcp_function_name: sample-function + gcp_function_location: us-central1 + gcp_function_timeout: 10 + ` +) + +var ( + RequiredOutputFields = []string{} +) + +type Parameters struct { + GCPFunctionName string `mapstructure:"gcp_function_name" validate:"required"` + GCPFunctionLocation string `mapstructure:"gcp_function_location" validate:"required"` + GCPFunctionTimeout int `mapstructure:"gcp_function_timeout"` +} + +type Actionner struct{} + +func Register() *Actionner { + return new(Actionner) +} + +func (a Actionner) Init() error { + return client.Init() +} + +func (a Actionner) Information() models.Information { + return models.Information{ + Name: Name, + FullName: Category + ":" + Name, + Category: Category, + Description: Description, + Source: Source, + RequiredOutputFields: RequiredOutputFields, + Permissions: Permissions, + Example: Example, + Continue: Continue, + AllowOutput: AllowOutput, + RequireOutput: RequireOutput, + } +} + +func (a Actionner) Parameters() models.Parameters { + return Parameters{ + GCPFunctionName: "", + GCPFunctionLocation: "us-central1", // Default location + } +} + +func (a Actionner) Checks(_ *events.Event, action *rules.Action) error { + var parameters Parameters + err := utils.DecodeParams(action.GetParameters(), ¶meters) + if err != nil { + return err + } + + return checks.CheckFunctionExist{}.Run(parameters.GCPFunctionName, parameters.GCPFunctionLocation) +} + +func (a Actionner) Run(event *events.Event, action *rules.Action) (utils.LogLine, *models.Data, error) { + gcpClient, err := client.GetGCPClient() + if err != nil { + return utils.LogLine{ + Objects: nil, + Error: err.Error(), + Status: utils.FailureStr, + }, nil, err + } + return a.RunWithClient(gcpClient, event, action) +} + +func (a Actionner) CheckParameters(action *rules.Action) error { + var parameters Parameters + err := utils.DecodeParams(action.GetParameters(), ¶meters) + if err != nil { + return err + } + + err = utils.ValidateStruct(parameters) + if err != nil { + return err + } + return nil +} + +func (a Actionner) RunWithClient(c client.GCPClientAPI, event *events.Event, action *rules.Action) (utils.LogLine, *models.Data, error) { + var parameters Parameters + err := utils.DecodeParams(action.GetParameters(), ¶meters) + if err != nil { + return utils.LogLine{ + Objects: nil, + Error: err.Error(), + Status: utils.FailureStr, + }, nil, err + } + + objects := map[string]string{ + "name": parameters.GCPFunctionName, + "location": parameters.GCPFunctionLocation, + } + + functionName := fmt.Sprintf("projects/%s/locations/%s/functions/%s", c.ProjectID(), parameters.GCPFunctionLocation, parameters.GCPFunctionName) + + getFunctionReq := &functionspb.GetFunctionRequest{ + Name: functionName, + } + + gcpFunctionClient, err := c.GetGcpFunctionClient(context.Background()) + if err != nil { + return utils.LogLine{ + Objects: objects, + Error: err.Error(), + Status: utils.FailureStr, + }, nil, err + } + + ctx := context.Background() + + function, err := gcpFunctionClient.GetFunction(ctx, getFunctionReq) + if err != nil { + return utils.LogLine{ + Objects: objects, + Error: fmt.Sprintf("failed to get function: %v", err), + Status: utils.FailureStr, + }, nil, err + } + + if function.ServiceConfig.Uri == "" { + return utils.LogLine{ + Objects: objects, + Error: "function does not have a valid URL", + Status: utils.FailureStr, + }, nil, fmt.Errorf("function does not have a valid URL") + } + + functionURL := function.ServiceConfig.Uri + + payload, err := json.Marshal(event) + if err != nil { + return utils.LogLine{ + Objects: objects, + Error: err.Error(), + Status: utils.FailureStr, + }, nil, err + } + + tokenSource, err := idtoken.NewTokenSource(ctx, functionURL) + if err != nil { + return utils.LogLine{ + Objects: objects, + Error: fmt.Sprintf("failed to create ID token source: %v", err), + Status: utils.FailureStr, + }, nil, err + } + token, err := tokenSource.Token() + if err != nil { + return utils.LogLine{ + Objects: objects, + Error: fmt.Sprintf("failed to obtain ID token: %v", err), + Status: utils.FailureStr, + }, nil, err + } + + req, err := http.NewRequestWithContext(ctx, "POST", functionURL, bytes.NewReader(payload)) + if err != nil { + return utils.LogLine{ + Objects: objects, + Error: fmt.Sprintf("failed to create HTTP request: %v", err), + Status: utils.FailureStr, + }, nil, err + } + + req.Header.Set("Content-Type", "application/json") + req.Header.Set("Authorization", "Bearer "+token.AccessToken) + + if parameters.GCPFunctionTimeout > 0 { + httpClient := http.Client{ + Timeout: time.Duration(parameters.GCPFunctionTimeout), + } + c.SetHTTPClient(&httpClient) + } + + resp, err := c.HTTPClient().Do(req) + if err != nil { + return utils.LogLine{ + Objects: objects, + Error: fmt.Sprintf("failed to invoke function: %v", err), + Status: utils.FailureStr, + }, nil, err + } + defer resp.Body.Close() + + respBody, err := io.ReadAll(resp.Body) + if err != nil { + return utils.LogLine{ + Objects: objects, + Error: fmt.Sprintf("failed to read response body: %v", err), + Status: utils.FailureStr, + }, nil, err + } + + if resp.StatusCode != http.StatusOK { + return utils.LogLine{ + Objects: objects, + Error: fmt.Sprintf("function invocation failed with status %d: %s", resp.StatusCode, string(respBody)), + Status: utils.FailureStr, + }, nil, fmt.Errorf("function invocation failed with status %d: %s", resp.StatusCode, string(respBody)) + } + + objects["function_response"] = string(respBody) + objects["function_response_status"] = strconv.Itoa(resp.StatusCode) + + return utils.LogLine{ + Objects: objects, + Status: utils.SuccessStr, + }, nil, nil +} diff --git a/configuration/configuration.go b/configuration/configuration.go index 63effc0c..acb4db8e 100644 --- a/configuration/configuration.go +++ b/configuration/configuration.go @@ -35,19 +35,20 @@ type Otel struct { } type Configuration struct { - Notifiers map[string]map[string]any `mapstructure:"notifiers"` - AwsConfig AwsConfig `mapstructure:"aws"` - LogFormat string `mapstructure:"log_format"` - KubeConfig string `mapstructure:"kubeconfig"` - ListenAddress string `mapstructure:"listen_address"` - MinioConfig MinioConfig `mapstructure:"minio"` - RulesFiles []string `mapstructure:"rules_files"` - DefaultNotifiers []string `mapstructure:"default_notifiers"` - Otel Otel `mapstructure:"otel"` - Deduplication deduplication `mapstructure:"deduplication"` - ListenPort int `mapstructure:"listen_port"` - WatchRules bool `mapstructure:"watch_rules"` - PrintAllEvents bool `mapstructure:"print_all_events"` + Notifiers map[string]map[string]interface{} `mapstructure:"notifiers"` + AwsConfig AwsConfig `mapstructure:"aws"` + GcpConfig GcpConfig `mapstructure:"gcp"` + LogFormat string `mapstructure:"log_format"` + KubeConfig string `mapstructure:"kubeconfig"` + ListenAddress string `mapstructure:"listen_address"` + MinioConfig MinioConfig `mapstructure:"minio"` + RulesFiles []string `mapstructure:"rules_files"` + DefaultNotifiers []string `mapstructure:"default_notifiers"` + Otel Otel `mapstructure:"otel"` + Deduplication deduplication `mapstructure:"deduplication"` + ListenPort int `mapstructure:"listen_port"` + WatchRules bool `mapstructure:"watch_rules"` + PrintAllEvents bool `mapstructure:"print_all_events"` } type deduplication struct { @@ -63,6 +64,11 @@ type AwsConfig struct { ExternalID string `mapstructure:"external_id"` } +type GcpConfig struct { + Region string `mapstructure:"region"` + CredentialsPath string `mapstructure:"credentials_path"` +} + type MinioConfig struct { Endpoint string `mapstructure:"endpoint"` AccessKey string `mapstructure:"access_key"` diff --git a/go.mod b/go.mod index 36f455cb..f836f4bc 100644 --- a/go.mod +++ b/go.mod @@ -5,6 +5,9 @@ go 1.22.0 toolchain go1.22.2 require ( + cloud.google.com/go/functions v1.19.1 + cloud.google.com/go/iam v1.2.1 + cloud.google.com/go/storage v1.43.0 github.com/aws/aws-sdk-go-v2 v1.31.0 github.com/aws/aws-sdk-go-v2/config v1.27.39 github.com/aws/aws-sdk-go-v2/credentials v1.17.37 @@ -29,6 +32,7 @@ require ( github.com/rs/zerolog v1.33.0 github.com/spf13/cobra v1.8.1 github.com/spf13/viper v1.19.0 + github.com/stretchr/testify v1.9.0 go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.55.0 go.opentelemetry.io/otel v1.30.0 go.opentelemetry.io/otel/exporters/otlp/otlpmetric/otlpmetricgrpc v1.30.0 @@ -39,6 +43,7 @@ require ( go.opentelemetry.io/otel/sdk/metric v1.30.0 go.opentelemetry.io/otel/trace v1.30.0 golang.org/x/text v0.18.0 + google.golang.org/api v0.196.0 gopkg.in/yaml.v2 v2.4.0 gopkg.in/yaml.v3 v3.0.1 k8s.io/api v0.31.1 @@ -49,6 +54,11 @@ require ( ) require ( + cloud.google.com/go v0.115.1 // indirect + cloud.google.com/go/auth v0.9.3 // indirect + cloud.google.com/go/auth/oauth2adapt v0.2.4 // indirect + cloud.google.com/go/compute/metadata v0.5.0 // indirect + cloud.google.com/go/longrunning v0.6.0 // indirect github.com/asaskevich/govalidator v0.0.0-20230301143203-a9d515a09cc2 // indirect github.com/aws/aws-sdk-go-v2/aws/protocol/eventstream v1.6.5 // indirect github.com/aws/aws-sdk-go-v2/internal/configsources v1.3.18 // indirect @@ -98,6 +108,9 @@ require ( github.com/google/go-cmp v0.6.0 // indirect github.com/google/gofuzz v1.2.0 // indirect github.com/google/gopacket v1.1.19 // indirect + github.com/google/s2a-go v0.1.8 // indirect + github.com/googleapis/enterprise-certificate-proxy v0.3.3 // indirect + github.com/googleapis/gax-go/v2 v2.13.0 // indirect github.com/gorilla/websocket v1.5.3 // indirect github.com/grpc-ecosystem/grpc-gateway/v2 v2.22.0 // indirect github.com/hashicorp/hcl v1.0.1-vault-5 // indirect @@ -145,11 +158,14 @@ require ( github.com/spf13/afero v1.11.0 // indirect github.com/spf13/cast v1.6.0 // indirect github.com/spf13/pflag v1.0.6-0.20210604193023-d5e0c0615ace // indirect + github.com/stretchr/objx v0.5.2 // indirect github.com/subosito/gotenv v1.6.0 // indirect github.com/vishvananda/netlink v1.2.1-beta.2.0.20240524165444-4d4ba1473f21 // indirect github.com/vishvananda/netns v0.0.4 // indirect github.com/x448/float16 v0.8.4 // indirect go.mongodb.org/mongo-driver v1.15.1 // indirect + go.opencensus.io v0.24.0 // indirect + go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc v0.54.0 // indirect go.opentelemetry.io/otel/exporters/otlp/otlptrace v1.30.0 // indirect go.opentelemetry.io/proto/otlp v1.3.1 // indirect go.uber.org/dig v1.17.1 // indirect @@ -163,6 +179,7 @@ require ( golang.org/x/sys v0.25.0 // indirect golang.org/x/term v0.24.0 // indirect golang.org/x/time v0.6.0 // indirect + google.golang.org/genproto v0.0.0-20240903143218-8af14fe29dc1 // indirect google.golang.org/genproto/googleapis/api v0.0.0-20240903143218-8af14fe29dc1 // indirect google.golang.org/genproto/googleapis/rpc v0.0.0-20240903143218-8af14fe29dc1 // indirect google.golang.org/grpc v1.66.1 // indirect diff --git a/go.sum b/go.sum index 472bd555..c76ddd38 100644 --- a/go.sum +++ b/go.sum @@ -1,9 +1,41 @@ cel.dev/expr v0.15.0 h1:O1jzfJCQBfL5BFoYktaxwIhuttaQPsVWerH9/EEKx0w= cel.dev/expr v0.15.0/go.mod h1:TRSuuV7DlVCE/uwv5QbAiW/v8l5O8C4eEPHeu7gf7Sg= +cloud.google.com/go v0.26.0/go.mod h1:aQUYkXzVsufM+DwF1aE+0xfcU+56JwCaLick0ClmMTw= +cloud.google.com/go v0.112.1 h1:uJSeirPke5UNZHIb4SxfZklVSiWWVqW4oXlETwZziwM= +cloud.google.com/go v0.112.1/go.mod h1:+Vbu+Y1UU+I1rjmzeMOb/8RfkKJK2Gyxi1X6jJCZLo4= +cloud.google.com/go v0.115.1 h1:Jo0SM9cQnSkYfp44+v+NQXHpcHqlnRJk2qxh6yvxxxQ= +cloud.google.com/go v0.115.1/go.mod h1:DuujITeaufu3gL68/lOFIirVNJwQeyf5UXyi+Wbgknc= +cloud.google.com/go/auth v0.9.3 h1:VOEUIAADkkLtyfr3BLa3R8Ed/j6w1jTBmARx+wb5w5U= +cloud.google.com/go/auth v0.9.3/go.mod h1:7z6VY+7h3KUdRov5F1i8NDP5ZzWKYmEPO842BgCsmTk= +cloud.google.com/go/auth/oauth2adapt v0.2.4 h1:0GWE/FUsXhf6C+jAkWgYm7X9tK8cuEIfy19DBn6B6bY= +cloud.google.com/go/auth/oauth2adapt v0.2.4/go.mod h1:jC/jOpwFP6JBxhB3P5Rr0a9HLMC/Pe3eaL4NmdvqPtc= +cloud.google.com/go/compute/metadata v0.3.0 h1:Tz+eQXMEqDIKRsmY3cHTL6FVaynIjX2QxYC4trgAKZc= +cloud.google.com/go/compute/metadata v0.3.0/go.mod h1:zFmK7XCadkQkj6TtorcaGlCW1hT1fIilQDwofLpJ20k= +cloud.google.com/go/compute/metadata v0.5.0 h1:Zr0eK8JbFv6+Wi4ilXAR8FJ3wyNdpxHKJNPos6LTZOY= +cloud.google.com/go/compute/metadata v0.5.0/go.mod h1:aHnloV2TPI38yx4s9+wAZhHykWvVCfu7hQbF+9CWoiY= +cloud.google.com/go/functions v1.16.0 h1:IWVylmK5F6hJ3R5zaRW7jI5PrWhCvtBVU4axQLmXSo4= +cloud.google.com/go/functions v1.16.0/go.mod h1:nbNpfAG7SG7Duw/o1iZ6ohvL7mc6MapWQVpqtM29n8k= +cloud.google.com/go/functions v1.19.1 h1:eWjTZohtJX/9rckZYXaYVViGi06JkNJRKvm0aO+ce+g= +cloud.google.com/go/functions v1.19.1/go.mod h1:18RszySpwRg6aH5UTTVsRfdCwDooSf/5mvSnU7NAk4A= +cloud.google.com/go/iam v1.1.6 h1:bEa06k05IO4f4uJonbB5iAgKTPpABy1ayxaIZV/GHVc= +cloud.google.com/go/iam v1.1.6/go.mod h1:O0zxdPeGBoFdWW3HWmBxJsk0pfvNM/p/qa82rWOGTwI= +cloud.google.com/go/iam v1.2.0 h1:kZKMKVNk/IsSSc/udOb83K0hL/Yh/Gcqpz+oAkoIFN8= +cloud.google.com/go/iam v1.2.0/go.mod h1:zITGuWgsLZxd8OwAlX+eMFgZDXzBm7icj1PVTYG766Q= +cloud.google.com/go/iam v1.2.1 h1:QFct02HRb7H12J/3utj0qf5tobFh9V4vR6h9eX5EBRU= +cloud.google.com/go/iam v1.2.1/go.mod h1:3VUIJDPpwT6p/amXRC5GY8fCCh70lxPygguVtI0Z4/g= +cloud.google.com/go/longrunning v0.5.5 h1:GOE6pZFdSrTb4KAiKnXsJBtlE6mEyaW44oKyMILWnOg= +cloud.google.com/go/longrunning v0.5.5/go.mod h1:WV2LAxD8/rg5Z1cNW6FJ/ZpX4E4VnDnoTk0yawPBB7s= +cloud.google.com/go/longrunning v0.6.0 h1:mM1ZmaNsQsnb+5n1DNPeL0KwQd9jQRqSqSDEkBZr+aI= +cloud.google.com/go/longrunning v0.6.0/go.mod h1:uHzSZqW89h7/pasCWNYdUpwGz3PcVWhrWupreVPYLts= +cloud.google.com/go/storage v1.38.0 h1:Az68ZRGlnNTpIBbLjSMIV2BDcwwXYlRlQzis0llkpJg= +cloud.google.com/go/storage v1.38.0/go.mod h1:tlUADB0mAb9BgYls9lq+8MGkfzOXuLrnHXlpHmvFJoY= +cloud.google.com/go/storage v1.43.0 h1:CcxnSohZwizt4LCzQHWvBf1/kvtHUn7gk9QERXPyXFs= +cloud.google.com/go/storage v1.43.0/go.mod h1:ajvxEa7WmZS1PxvKRq4bq0tFT3vMd502JwstCcYv0Q0= dario.cat/mergo v0.3.16 h1:wrt7QIfeqlABnUvmf9WpFwB0mGBwtySAJKTgCpnsbOE= dario.cat/mergo v0.3.16/go.mod h1:WBLT9ZmE3lPoWsEzCh9LPo3TiwVN+ZKEjmz+hD27ysY= github.com/AdaLogics/go-fuzz-headers v0.0.0-20230811130428-ced1acdcaa24 h1:bvDV9vkmnHYOMsOr4WLk+Vo07yKIzd94sVoIqshQ4bU= github.com/AdaLogics/go-fuzz-headers v0.0.0-20230811130428-ced1acdcaa24/go.mod h1:8o94RPi1/7XTJvwPpRSzSUedZrtlirdB3r9Z20bi2f8= +github.com/BurntSushi/toml v0.3.1/go.mod h1:xHWCNGjB5oqiDr8zfno3MHue2Ht5sIBksp03qcyfWMU= github.com/armon/go-socks5 v0.0.0-20160902184237-e75332964ef5 h1:0CwZNZbxp69SHPdPJAN/hZIm0C4OItdklCFmMRWYpio= github.com/armon/go-socks5 v0.0.0-20160902184237-e75332964ef5/go.mod h1:wHh0iHkYZB8zMSxRWpUBQtwG5a7fFgvEO+odwuTv2gs= github.com/asaskevich/govalidator v0.0.0-20230301143203-a9d515a09cc2 h1:DklsrG3dyBCFEj5IhUbnKptjxatkF07cF2ak3yi77so= @@ -52,6 +84,7 @@ github.com/blang/semver/v4 v4.0.0 h1:1PFHFE6yCCTv8C1TeyNNarDzntLi7wMI5i/pzqYIsAM github.com/blang/semver/v4 v4.0.0/go.mod h1:IbckMUScFkM3pff0VJDNKRiT6TG/YpiHIM2yvyW5YoQ= github.com/cenkalti/backoff/v4 v4.3.0 h1:MyRJ/UdXutAwSAT+s3wNd7MfTIcy71VQueUuFK343L8= github.com/cenkalti/backoff/v4 v4.3.0/go.mod h1:Y3VNntkOUPxTVeUxJ/G5vcM//AlwfmyYozVcomhLiZE= +github.com/census-instrumentation/opencensus-proto v0.2.1/go.mod h1:f6KPmirojxKA12rnyqOA5BBL4O983OfeGPqjHWSTneU= github.com/census-instrumentation/opencensus-proto v0.4.1 h1:iKLQ0xPNFxR/2hzXZMrBo8f1j86j5WHzznCCQxV/b8g= github.com/census-instrumentation/opencensus-proto v0.4.1/go.mod h1:4T9NM4+4Vw91VeyqjLS6ao50K5bOcLKN6Q42XnYaRYw= github.com/cespare/xxhash/v2 v2.3.0 h1:UL815xU9SqsFlibzuggzjXhog7bL6oX9BbNZnL2UFvs= @@ -64,6 +97,8 @@ github.com/cilium/hive v0.0.0-20240529072208-d997f86e4219 h1:iX4v9lg63iTv8x8MWUM github.com/cilium/hive v0.0.0-20240529072208-d997f86e4219/go.mod h1:6tW1eCwSq8Wz8IVtpZE0MemoCWSrEOUa8aLKotmBRCo= github.com/cilium/proxy v0.0.0-20240618122847-ad3de30275e3 h1:gH9xPv7DRKaE9Xpdqqd1sGvBmyNs4KFWcdlYgj91Pdw= github.com/cilium/proxy v0.0.0-20240618122847-ad3de30275e3/go.mod h1:Mp1mep7EJc1LFKRStLKMO4vJdYzBIwZw2sXGN7y0xWA= +github.com/client9/misspell v0.3.4/go.mod h1:qj6jICC3Q7zFZvVWo7KLAzC3yx5G7kyvSDkc90ppPyw= +github.com/cncf/udpa/go v0.0.0-20191209042840-269d4d468f6f/go.mod h1:M8M6+tZqaGXZJjfX53e64911xZQV5JYwmTeXPW+k8Sc= github.com/cncf/xds/go v0.0.0-20240423153145-555b57ec207b h1:ga8SEFjZ60pxLcmhnThWgvH2wg8376yUJmPhEH4H3kw= github.com/cncf/xds/go v0.0.0-20240423153145-555b57ec207b/go.mod h1:W+zGtBO5Y1IgJhy4+A9GOqVhqLpfZi+vwmdNXUehLA8= github.com/coreos/go-systemd/v22 v22.5.0/go.mod h1:Y58oyj3AT4RCenI/lSvhwexgC+NSVTIJ3seZv2GcEnc= @@ -82,6 +117,10 @@ github.com/emersion/go-smtp v0.21.3 h1:7uVwagE8iPYE48WhNsng3RRpCUpFvNl39JGNSIyGV github.com/emersion/go-smtp v0.21.3/go.mod h1:qm27SGYgoIPRot6ubfQ/GpiPy/g3PaZAVRxiO/sDUgQ= github.com/emicklei/go-restful/v3 v3.12.1 h1:PJMDIM/ak7btuL8Ex0iYET9hxM3CI2sjZtzpL63nKAU= github.com/emicklei/go-restful/v3 v3.12.1/go.mod h1:6n3XBCmQQb25CM2LCACGz8ukIrRry+4bhvbpWn3mrbc= +github.com/envoyproxy/go-control-plane v0.9.0/go.mod h1:YTl/9mNaCwkRvm6d1a2C3ymFceY/DCBVvsKhRF0iEA4= +github.com/envoyproxy/go-control-plane v0.9.1-0.20191026205805-5f8ba28d4473/go.mod h1:YTl/9mNaCwkRvm6d1a2C3ymFceY/DCBVvsKhRF0iEA4= +github.com/envoyproxy/go-control-plane v0.9.4/go.mod h1:6rpuAdCZL397s3pYoYcLgu1mIlRU8Am5FuJP05cCM98= +github.com/envoyproxy/protoc-gen-validate v0.1.0/go.mod h1:iSmxcyjqTsJpI2R4NaDN7+kN2VEUnK/pcBlmesArF7c= github.com/envoyproxy/protoc-gen-validate v1.0.4 h1:gVPz/FMfvh57HdSJQyvBtF00j8JU4zdyUgIUNhlgg0A= github.com/envoyproxy/protoc-gen-validate v1.0.4/go.mod h1:qys6tmnRsYrQqIhm2bvKZH4Blx/1gTIZ2UKVY1M+Yew= github.com/felixge/httpsnoop v1.0.4 h1:NFTV2Zj1bL4mc9sqWACXbQFVBBg2W3GPvqp8/ESS2Wg= @@ -140,12 +179,30 @@ github.com/goccy/go-json v0.10.3/go.mod h1:oq7eo15ShAhp70Anwd5lgX2pLfOS3QCiwU/PU github.com/godbus/dbus/v5 v5.0.4/go.mod h1:xhWf0FNVPg57R7Z0UbKHbJfkEywrmjJnf7w5xrFpKfA= github.com/gogo/protobuf v1.3.2 h1:Ov1cvc58UF3b5XjBnZv7+opcTcQFZebYjWzi34vdm4Q= github.com/gogo/protobuf v1.3.2/go.mod h1:P1XiOD3dCwIKUDQYPy72D8LYyHL2YPYrpS2s69NZV8Q= +github.com/golang/glog v0.0.0-20160126235308-23def4e6c14b/go.mod h1:SBH7ygxi8pfUlaOkMMuAQtPIUF8ecWP5IEl/CR7VP2Q= +github.com/golang/groupcache v0.0.0-20200121045136-8c9f03a8e57e/go.mod h1:cIg4eruTrX1D+g88fzRXU5OdNfaM+9IcxsU14FzY7Hc= github.com/golang/groupcache v0.0.0-20210331224755-41bb18bfe9da h1:oI5xCqsCo564l8iNU+DwB5epxmsaqB+rhGL0m5jtYqE= github.com/golang/groupcache v0.0.0-20210331224755-41bb18bfe9da/go.mod h1:cIg4eruTrX1D+g88fzRXU5OdNfaM+9IcxsU14FzY7Hc= +github.com/golang/mock v1.1.1/go.mod h1:oTYuIxOrZwtPieC+H1uAHpcLFnEyAGVDL/k47Jfbm0A= +github.com/golang/protobuf v1.2.0/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5yJMmIC1U= +github.com/golang/protobuf v1.3.2/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5yJMmIC1U= +github.com/golang/protobuf v1.4.0-rc.1/go.mod h1:ceaxUfeHdC40wWswd/P6IGgMaK3YpKi5j83Wpe3EHw8= +github.com/golang/protobuf v1.4.0-rc.1.0.20200221234624-67d41d38c208/go.mod h1:xKAWHe0F5eneWXFV3EuXVDTCmh+JuBKY0li0aMyXATA= +github.com/golang/protobuf v1.4.0-rc.2/go.mod h1:LlEzMj4AhA7rCAGe4KMBDvJI+AwstrUpVNzEA03Pprs= +github.com/golang/protobuf v1.4.0-rc.4.0.20200313231945-b860323f09d0/go.mod h1:WU3c8KckQ9AFe+yFwt9sWVRKCVIyN9cPHBJSNnbL67w= +github.com/golang/protobuf v1.4.0/go.mod h1:jodUvKwWbYaEsadDk5Fwe5c77LiNKVO9IDvqG2KuDX0= +github.com/golang/protobuf v1.4.1/go.mod h1:U8fpvMrcmy5pZrNK1lt4xCsGvpyWQ/VVv6QDs8UjoX8= +github.com/golang/protobuf v1.4.3/go.mod h1:oDoupMAO8OvCJWAcko0GGGIgR6R6ocIYbsSw735rRwI= github.com/golang/protobuf v1.5.4 h1:i7eJL8qZTpSEXOPTxNKhASYpMn+8e5Q6AdndVa1dWek= github.com/golang/protobuf v1.5.4/go.mod h1:lnTiLA8Wa4RWRcIUkrtSVa5nRhsEGBg48fD6rSs7xps= github.com/google/gnostic-models v0.6.8 h1:yo/ABAfM5IMRsS1VnXjTBvUb61tFIHozhlYvRgGre9I= github.com/google/gnostic-models v0.6.8/go.mod h1:5n7qKqH0f5wFt+aWF8CW6pZLLNOfYuF5OpfBSENuI8U= +github.com/google/go-cmp v0.2.0/go.mod h1:oXzfMopK8JAjlY9xF4vHSVASa0yLyX7SntLO5aqRK0M= +github.com/google/go-cmp v0.3.0/go.mod h1:8QqcDgzrUqlUb/G2PQTWiueGozuR1884gddMywk6iLU= +github.com/google/go-cmp v0.3.1/go.mod h1:8QqcDgzrUqlUb/G2PQTWiueGozuR1884gddMywk6iLU= +github.com/google/go-cmp v0.4.0/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE= +github.com/google/go-cmp v0.5.0/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE= +github.com/google/go-cmp v0.5.3/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE= github.com/google/go-cmp v0.5.9/go.mod h1:17dUlkBOakJ0+DkrSSNjCkIjxS6bF9zb3elmeNGIjoY= github.com/google/go-cmp v0.6.0 h1:ofyhxvXcZhMsU5ulbFiLKl/XBFqE1GSq7atu8tAmTRI= github.com/google/go-cmp v0.6.0/go.mod h1:17dUlkBOakJ0+DkrSSNjCkIjxS6bF9zb3elmeNGIjoY= @@ -154,10 +211,25 @@ github.com/google/gofuzz v1.2.0 h1:xRy4A+RhZaiKjJ1bPfwQ8sedCA+YS2YcCHW6ec7JMi0= github.com/google/gofuzz v1.2.0/go.mod h1:dBl0BpW6vV/+mYPU4Po3pmUjxk6FQPldtuIdl/M65Eg= github.com/google/gopacket v1.1.19 h1:ves8RnFZPGiFnTS0uPQStjwru6uO6h+nlr9j6fL7kF8= github.com/google/gopacket v1.1.19/go.mod h1:iJ8V8n6KS+z2U1A8pUwu8bW5SyEMkXJB8Yo/Vo+TKTo= +github.com/google/martian/v3 v3.3.2 h1:IqNFLAmvJOgVlpdEBiQbDc2EwKW77amAycfTuWKdfvw= +github.com/google/martian/v3 v3.3.2/go.mod h1:oBOf6HBosgwRXnUGWUB05QECsc6uvmMiJ3+6W4l/CUk= github.com/google/pprof v0.0.0-20240525223248-4bfdf5a9a2af h1:kmjWCqn2qkEml422C2Rrd27c3VGxi6a/6HNq8QmHRKM= github.com/google/pprof v0.0.0-20240525223248-4bfdf5a9a2af/go.mod h1:K1liHPHnj73Fdn/EKuT8nrFqBihUSKXoLYU0BuatOYo= +github.com/google/s2a-go v0.1.7 h1:60BLSyTrOV4/haCDW4zb1guZItoSq8foHCXrAnjBo/o= +github.com/google/s2a-go v0.1.7/go.mod h1:50CgR4k1jNlWBu4UfS4AcfhVe1r6pdZPygJ3R8F0Qdw= +github.com/google/s2a-go v0.1.8 h1:zZDs9gcbt9ZPLV0ndSyQk6Kacx2g/X+SKYovpnz3SMM= +github.com/google/s2a-go v0.1.8/go.mod h1:6iNWHTpQ+nfNRN5E00MSdfDwVesa8hhS32PhPO8deJA= +github.com/google/uuid v1.1.2/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo= github.com/google/uuid v1.6.0 h1:NIvaJDMOsjHA8n1jAhLSgzrAzy1Hgr+hNrb57e+94F0= github.com/google/uuid v1.6.0/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo= +github.com/googleapis/enterprise-certificate-proxy v0.3.2 h1:Vie5ybvEvT75RniqhfFxPRy3Bf7vr3h0cechB90XaQs= +github.com/googleapis/enterprise-certificate-proxy v0.3.2/go.mod h1:VLSiSSBs/ksPL8kq3OBOQ6WRI2QnaFynd1DCjZ62+V0= +github.com/googleapis/enterprise-certificate-proxy v0.3.3 h1:QRje2j5GZimBzlbhGA2V2QlGNgL8G6e+wGo/+/2bWI0= +github.com/googleapis/enterprise-certificate-proxy v0.3.3/go.mod h1:YKe7cfqYXjKGpGvmSg28/fFvhNzinZQm8DGnaburhGA= +github.com/googleapis/gax-go/v2 v2.12.3 h1:5/zPPDvw8Q1SuXjrqrZslrqT7dL/uJT2CQii/cLCKqA= +github.com/googleapis/gax-go/v2 v2.12.3/go.mod h1:AKloxT6GtNbaLm8QTNSidHUVsHYcBHwWRvkNFJUQcS4= +github.com/googleapis/gax-go/v2 v2.13.0 h1:yitjD5f7jQHhyDsnhKEBU52NdvvdSeGzlAnDPT0hH1s= +github.com/googleapis/gax-go/v2 v2.13.0/go.mod h1:Z/fvTZXF8/uw7Xu5GuslPw+bplx6SS338j1Is2S+B7A= github.com/gorilla/websocket v1.5.3 h1:saDtZ6Pbx/0u+bgYQ3q96pZgCzfhKXGPqt7kZ72aNNg= github.com/gorilla/websocket v1.5.3/go.mod h1:YR8l580nyteQvAITg2hZ9XVh4b55+EU/adAjf1fMHhE= github.com/grpc-ecosystem/grpc-gateway/v2 v2.22.0 h1:asbCHRVmodnJTuQ3qamDwqVOIjwqUPTYmYuemVOx+Ys= @@ -261,6 +333,7 @@ github.com/projectcalico/api v0.0.0-20231218190037-9183ab93f33e h1:y+vvu0zmrVjJ3 github.com/projectcalico/api v0.0.0-20231218190037-9183ab93f33e/go.mod h1:Ld33cK0XfntgQU6YdMZ/Hb0JbWTD2NvBR8L4K8MH1ME= github.com/prometheus/client_golang v1.20.4 h1:Tgh3Yr67PaOv/uTqloMsCEdeuFTatm5zIq5+qNN23vI= github.com/prometheus/client_golang v1.20.4/go.mod h1:PIEt8X02hGcP8JWbeHyeZ53Y/jReSnHgO035n//V5WE= +github.com/prometheus/client_model v0.0.0-20190812154241-14fe0d1b01d4/go.mod h1:xMI15A0UPsDsEKsMN9yxemIoYk6Tm2C1GtYGdfGttqA= github.com/prometheus/client_model v0.6.1 h1:ZKSh/rekM+n3CeS952MLRAdFwIKqeY8b62p8ais2e9E= github.com/prometheus/client_model v0.6.1/go.mod h1:OrxVMOVHjw3lKMa8+x6HeMGkHMQyHDk9E3jmP2AmGiY= github.com/prometheus/common v0.59.1 h1:LXb1quJHWm1P6wq/U824uxYi4Sg0oGvNeUm1z5dJoX0= @@ -300,11 +373,13 @@ github.com/spf13/viper v1.19.0/go.mod h1:GQUN9bilAbhU/jgc1bKs99f/suXKeUMct8Adx5+ github.com/stretchr/objx v0.1.0/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME= github.com/stretchr/objx v0.4.0/go.mod h1:YvHI0jy2hoMjB+UWwv71VJQ9isScKT/TqJzVSSt89Yw= github.com/stretchr/objx v0.5.0/go.mod h1:Yh+to48EsGEfYuaHDzXPcE3xhTkx73EhmCGUpEOglKo= +github.com/stretchr/objx v0.5.2 h1:xuMeJ0Sdp5ZMRXx/aWO6RZxdr3beISkG5/G/aIRr3pY= github.com/stretchr/objx v0.5.2/go.mod h1:FRsXN1f5AsAjCGJKqEizvkpNtU+EGNCLh3NxZ/8L+MA= github.com/stretchr/testify v1.3.0/go.mod h1:M5WIy9Dh21IEIfnGCwXGc5bZfKNJtfHm1UVUgZn+9EI= github.com/stretchr/testify v1.7.0/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg= github.com/stretchr/testify v1.7.1/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg= github.com/stretchr/testify v1.8.0/go.mod h1:yNjHg4UonilssWZ8iaSj1OCr/vHnekPRkoO+kdMU+MU= +github.com/stretchr/testify v1.8.1/go.mod h1:w2LPCIKwWwSfY2zedu0+kehJoqGctiVI29o6fzry7u4= github.com/stretchr/testify v1.8.4/go.mod h1:sz/lmYIOXD/1dqDmKjjqLyZ2RngseejIcXlSw2iwfAo= github.com/stretchr/testify v1.9.0 h1:HtqpIVDClZ4nwg75+f6Lvsy/wHu+3BoSGCbBAcpTsTg= github.com/stretchr/testify v1.9.0/go.mod h1:r2ic/lqez/lEtzL7wO/rwa5dbSLXVDPFyf8C91i36aY= @@ -321,6 +396,12 @@ github.com/yuin/goldmark v1.1.27/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9de github.com/yuin/goldmark v1.2.1/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74= go.mongodb.org/mongo-driver v1.15.1 h1:l+RvoUOoMXFmADTLfYDm7On9dRm7p4T80/lEQM+r7HU= go.mongodb.org/mongo-driver v1.15.1/go.mod h1:Vzb0Mk/pa7e6cWw85R4F/endUC3u0U9jGcNU603k65c= +go.opencensus.io v0.24.0 h1:y73uSU6J157QMP2kn2r30vwW1A2W2WFwSCGnAVxeaD0= +go.opencensus.io v0.24.0/go.mod h1:vNK8G9p7aAivkbmorf4v+7Hgx+Zs0yY+0fOtgBfjQKo= +go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc v0.49.0 h1:4Pp6oUg3+e/6M4C0A/3kJ2VYa++dsWVTtGgLVj5xtHg= +go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc v0.49.0/go.mod h1:Mjt1i1INqiaoZOMGR1RIUJN+i3ChKoFRqzrRQhlkbs0= +go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc v0.54.0 h1:r6I7RJCN86bpD/FQwedZ0vSixDpwuWREjW9oRMsmqDc= +go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc v0.54.0/go.mod h1:B9yO6b04uB80CzjedvewuqDhxJxi11s7/GtiGa8bAjI= go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.55.0 h1:ZIg3ZT/aQ7AfKqdwp7ECpOK6vHqquXXuyTjIO8ZdmPs= go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.55.0/go.mod h1:DQAwmETtZV00skUwgD6+0U89g80NKsJE3DCKeLLPQMI= go.opentelemetry.io/otel v1.30.0 h1:F2t8sK4qf1fAmY9ua4ohFS/K+FUuOPemHUIXHtktrts= @@ -356,25 +437,38 @@ golang.org/x/crypto v0.0.0-20191011191535-87dc89f01550/go.mod h1:yigFU9vqHzYiE8U golang.org/x/crypto v0.0.0-20200622213623-75b288015ac9/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto= golang.org/x/crypto v0.27.0 h1:GXm2NjJrPaiv/h1tb2UH8QfgC/hOf/+z0p6PT8o1w7A= golang.org/x/crypto v0.27.0/go.mod h1:1Xngt8kV6Dvbssa53Ziq6Eqn0HqbZi5Z6R0ZpwQzt70= +golang.org/x/exp v0.0.0-20190121172915-509febef88a4/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA= golang.org/x/exp v0.0.0-20240613232115-7f521ea00fb8 h1:yixxcjnhBmY0nkL253HFVIm0JsFHwrHdT3Yh6szTnfY= golang.org/x/exp v0.0.0-20240613232115-7f521ea00fb8/go.mod h1:jj3sYF3dwk5D+ghuXyeI3r5MFf+NT2An6/9dOA95KSI= +golang.org/x/lint v0.0.0-20181026193005-c67002cb31c3/go.mod h1:UVdnD1Gm6xHRNCYTkRU2/jEulfH38KcIWyp/GAMgvoE= +golang.org/x/lint v0.0.0-20190227174305-5b3e6a55c961/go.mod h1:wehouNa3lNwaWXcvxsM5YxQ5yQlVC4a0KAMCusXpPoU= +golang.org/x/lint v0.0.0-20190313153728-d0100b6bd8b3/go.mod h1:6SW0HCj/g11FgYtHlgUYUwCkIfeOF89ocIRzGO/8vkc= golang.org/x/lint v0.0.0-20200302205851-738671d3881b/go.mod h1:3xt1FjdF8hUf6vQPIChWIBhFzV8gjjsPE/fR3IyQdNY= golang.org/x/mod v0.1.1-0.20191105210325-c90efee705ee/go.mod h1:QqPTAvyqsEbceGzBzNggFXnrqF1CaUcvgkdR5Ot7KZg= golang.org/x/mod v0.2.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA= golang.org/x/mod v0.3.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA= +golang.org/x/net v0.0.0-20180724234803-3673e40ba225/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= +golang.org/x/net v0.0.0-20180826012351-8a410e7b638d/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= +golang.org/x/net v0.0.0-20190213061140-3a22650c66bd/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= +golang.org/x/net v0.0.0-20190311183353-d8887717615a/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg= golang.org/x/net v0.0.0-20190404232315-eb5bcb51f2a3/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg= golang.org/x/net v0.0.0-20190620200207-3b0461eec859/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= golang.org/x/net v0.0.0-20200226121028-0de0cce0169b/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= golang.org/x/net v0.0.0-20201021035429-f5854403a974/go.mod h1:sp8m0HH+o8qH0wwXwYZr8TS3Oi6o0r6Gce1SSxlDquU= +golang.org/x/net v0.0.0-20201110031124-69a78807bb2b/go.mod h1:sp8m0HH+o8qH0wwXwYZr8TS3Oi6o0r6Gce1SSxlDquU= golang.org/x/net v0.29.0 h1:5ORfpBpCs4HzDYoodCDBbwHzdR5UrLBZ3sOnUJmFoHo= golang.org/x/net v0.29.0/go.mod h1:gLkgy8jTGERgjzMic6DS9+SP0ajcu6Xu3Orq/SpETg0= +golang.org/x/oauth2 v0.0.0-20180821212333-d2e6202438be/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U= golang.org/x/oauth2 v0.22.0 h1:BzDx2FehcG7jJwgWLELCdmLuxk2i+x9UDpSiss2u0ZA= golang.org/x/oauth2 v0.22.0/go.mod h1:XYTD2NtWslqkgxebSiOHnXEap4TF09sJSc7H1sXbhtI= +golang.org/x/sync v0.0.0-20180314180146-1d60e4601c6f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= +golang.org/x/sync v0.0.0-20181108010431-42b317875d0f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.0.0-20190423024810-112230192c58/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.0.0-20190911185100-cd5d95a43a6e/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.0.0-20201020160332-67f06af15bc9/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.8.0 h1:3NFvSEYkUoMifnESzZl15y791HH1qU2xm6eCJU5ZPXQ= golang.org/x/sync v0.8.0/go.mod h1:Czt+wKu1gCyEFDUtn0jG5QVvpJ6rzVqr5aXyt9drQfk= +golang.org/x/sys v0.0.0-20180830151530-49385e6e1522/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= golang.org/x/sys v0.0.0-20190215142949-d0b11bdaac8a/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= golang.org/x/sys v0.0.0-20190412213103-97732733099d/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20200217220822-9197077df867/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= @@ -397,6 +491,10 @@ golang.org/x/text v0.18.0/go.mod h1:BuEKDfySbSR4drPmRPG/7iBdf8hvFMuRexcpahXilzY= golang.org/x/time v0.6.0 h1:eTDhh4ZXt5Qf0augr54TN6suAUudPcawVZeIAPU7D4U= golang.org/x/time v0.6.0/go.mod h1:3BpzKBy/shNhVucY/MWOyx10tF3SFh9QdLuxbVysPQM= golang.org/x/tools v0.0.0-20180917221912-90fa682c2a6e/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ= +golang.org/x/tools v0.0.0-20190114222345-bf090417da8b/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ= +golang.org/x/tools v0.0.0-20190226205152-f727befe758c/go.mod h1:9Yl7xja0Znq3iFh3HoIrodX9oNMXvdceNzlUR8zjMvY= +golang.org/x/tools v0.0.0-20190311212946-11955173bddd/go.mod h1:LCzVGOaR6xXOjkQ3onu1FJEFr0SW1gC7cKk1uF8kGRs= +golang.org/x/tools v0.0.0-20190524140312-2c0ae7006135/go.mod h1:RgjU9mgBXZiqYHBnxXauZ1Gv1EHHAz9KjViQ78xBX0Q= golang.org/x/tools v0.0.0-20191119224855-298f0cb1881e/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo= golang.org/x/tools v0.0.0-20200130002326-2f3ba24bd6e7/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28= golang.org/x/tools v0.0.0-20200619180055-7c47624df98f/go.mod h1:EkVYQZoAsY45+roYkvgYkIh4xh/qjgUK9TdY2XT94GE= @@ -407,12 +505,41 @@ golang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7/go.mod h1:I/5z698sn9Ka8T golang.org/x/xerrors v0.0.0-20191011141410-1b5146add898/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= golang.org/x/xerrors v0.0.0-20200804184101-5ec99f83aff1/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= +golang.org/x/xerrors v0.0.0-20231012003039-104605ab7028 h1:+cNy6SZtPcJQH3LJVLOSmiC7MMxXNOb3PU/VUEz+EhU= +golang.org/x/xerrors v0.0.0-20231012003039-104605ab7028/go.mod h1:NDW/Ps6MPRej6fsCIbMTohpP40sJ/P/vI1MoTEGwX90= +google.golang.org/api v0.171.0 h1:w174hnBPqut76FzW5Qaupt7zY8Kql6fiVjgys4f58sU= +google.golang.org/api v0.171.0/go.mod h1:Hnq5AHm4OTMt2BUVjael2CWZFD6vksJdWCWiUAmjC9o= +google.golang.org/api v0.196.0 h1:k/RafYqebaIJBO3+SMnfEGtFVlvp5vSgqTUF54UN/zg= +google.golang.org/api v0.196.0/go.mod h1:g9IL21uGkYgvQ5BZg6BAtoGJQIm8r6EgaAbpNey5wBE= +google.golang.org/appengine v1.1.0/go.mod h1:EbEs0AVv82hx2wNQdGPgUI5lhzA/G0D9YwlJXL52JkM= +google.golang.org/appengine v1.4.0/go.mod h1:xpcJRLb0r/rnEns0DIKYYv+WjYCduHsrkT7/EB5XEv4= +google.golang.org/genproto v0.0.0-20180817151627-c66870c02cf8/go.mod h1:JiN7NxoALGmiZfu7CAH4rXhgtRTLTxftemlI0sWmxmc= +google.golang.org/genproto v0.0.0-20190819201941-24fa4b261c55/go.mod h1:DMBHOl98Agz4BDEuKkezgsaosCRResVns1a3J2ZsMNc= +google.golang.org/genproto v0.0.0-20200526211855-cb27e3aa2013/go.mod h1:NbSheEEYHJ7i3ixzK3sjbqSGDJWnxyFXZblF3eUsNvo= +google.golang.org/genproto v0.0.0-20240213162025-012b6fc9bca9 h1:9+tzLLstTlPTRyJTh+ah5wIMsBW5c4tQwGTN3thOW9Y= +google.golang.org/genproto v0.0.0-20240213162025-012b6fc9bca9/go.mod h1:mqHbVIp48Muh7Ywss/AD6I5kNVKZMmAa/QEW58Gxp2s= +google.golang.org/genproto v0.0.0-20240903143218-8af14fe29dc1 h1:BulPr26Jqjnd4eYDVe+YvyR7Yc2vJGkO5/0UxD0/jZU= +google.golang.org/genproto v0.0.0-20240903143218-8af14fe29dc1/go.mod h1:hL97c3SYopEHblzpxRL4lSs523++l8DYxGM1FQiYmb4= google.golang.org/genproto/googleapis/api v0.0.0-20240903143218-8af14fe29dc1 h1:hjSy6tcFQZ171igDaN5QHOw2n6vx40juYbC/x67CEhc= google.golang.org/genproto/googleapis/api v0.0.0-20240903143218-8af14fe29dc1/go.mod h1:qpvKtACPCQhAdu3PyQgV4l3LMXZEtft7y8QcarRsp9I= google.golang.org/genproto/googleapis/rpc v0.0.0-20240903143218-8af14fe29dc1 h1:pPJltXNxVzT4pK9yD8vR9X75DaWYYmLGMsEvBfFQZzQ= google.golang.org/genproto/googleapis/rpc v0.0.0-20240903143218-8af14fe29dc1/go.mod h1:UqMtugtsSgubUsoxbuAoiCXvqvErP7Gf0so0mK9tHxU= +google.golang.org/grpc v1.19.0/go.mod h1:mqu4LbDTu4XGKhr4mRzUsmM4RtVoemTSY81AxZiDr8c= +google.golang.org/grpc v1.23.0/go.mod h1:Y5yQAOtifL1yxbo5wqy6BxZv8vAUGQwXBOALyacEbxg= +google.golang.org/grpc v1.25.1/go.mod h1:c3i+UQWmh7LiEpx4sFZnkU36qjEYZ0imhYfXVyQciAY= +google.golang.org/grpc v1.27.0/go.mod h1:qbnxyOmOxrQa7FizSgH+ReBfzJrCY1pSN7KXBS8abTk= +google.golang.org/grpc v1.33.2/go.mod h1:JMHMWHQWaTccqQQlmk3MJZS+GWXOdAesneDmEnv2fbc= google.golang.org/grpc v1.66.1 h1:hO5qAXR19+/Z44hmvIM4dQFMSYX9XcWsByfoxutBpAM= google.golang.org/grpc v1.66.1/go.mod h1:s3/l6xSSCURdVfAnL+TqCNMyTDAGN6+lZeVxnZR128Y= +google.golang.org/protobuf v0.0.0-20200109180630-ec00e32a8dfd/go.mod h1:DFci5gLYBciE7Vtevhsrf46CRTquxDuWsQurQQe4oz8= +google.golang.org/protobuf v0.0.0-20200221191635-4d8936d0db64/go.mod h1:kwYJMbMJ01Woi6D6+Kah6886xMZcty6N08ah7+eCXa0= +google.golang.org/protobuf v0.0.0-20200228230310-ab0ca4ff8a60/go.mod h1:cfTl7dwQJ+fmap5saPgwCLgHXTUD7jkjRqWcaiX5VyM= +google.golang.org/protobuf v1.20.1-0.20200309200217-e05f789c0967/go.mod h1:A+miEFZTKqfCUM6K7xSMQL9OKL/b6hQv+e19PK+JZNE= +google.golang.org/protobuf v1.21.0/go.mod h1:47Nbq4nVaFHyn7ilMalzfO3qCViNmqZ2kzikPIcrTAo= +google.golang.org/protobuf v1.22.0/go.mod h1:EGpADcykh3NcUnDUJcl1+ZksZNG86OlYog2l/sGQquU= +google.golang.org/protobuf v1.23.0/go.mod h1:EGpADcykh3NcUnDUJcl1+ZksZNG86OlYog2l/sGQquU= +google.golang.org/protobuf v1.23.1-0.20200526195155-81db48ad09cc/go.mod h1:EGpADcykh3NcUnDUJcl1+ZksZNG86OlYog2l/sGQquU= +google.golang.org/protobuf v1.25.0/go.mod h1:9JNX74DMeImyA3h4bdi1ymwjUzf21/xIlbajtzgsN7c= google.golang.org/protobuf v1.34.2 h1:6xV6lTsCfpGD21XK49h7MhtcApnLqkfYgPcdHftf6hg= google.golang.org/protobuf v1.34.2/go.mod h1:qYOHts0dSfpeUzUFpOMr/WGzszTmLH+DiWniOlNbLDw= gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= @@ -432,6 +559,8 @@ gopkg.in/yaml.v2 v2.4.0/go.mod h1:RDklbk79AGWmwhnvt/jBztapEOGDOx6ZbXqjP6csGnQ= gopkg.in/yaml.v3 v3.0.0-20200313102051-9f266ea9e77c/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM= gopkg.in/yaml.v3 v3.0.1 h1:fxVm/GzAzEWqLHuvctI91KS9hhNmmWOoWu0XTYJS7CA= gopkg.in/yaml.v3 v3.0.1/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM= +honnef.co/go/tools v0.0.0-20190102054323-c2f93a96b099/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4= +honnef.co/go/tools v0.0.0-20190523083050-ea95bdfd59fc/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4= k8s.io/api v0.31.1 h1:Xe1hX/fPW3PXYYv8BlozYqw63ytA92snr96zMW9gWTU= k8s.io/api v0.31.1/go.mod h1:sbN1g6eY6XVLeqNsZGLnI5FwVseTrZX7Fv3O26rhAaI= k8s.io/apimachinery v0.31.1 h1:mhcUBbj7KUjaVhyXILglcVjuS4nYXiwC+KKFBgIVy7U= diff --git a/internal/gcp/checks/checks.go b/internal/gcp/checks/checks.go new file mode 100644 index 00000000..7446af55 --- /dev/null +++ b/internal/gcp/checks/checks.go @@ -0,0 +1,39 @@ +package checks + +import ( + "context" + + "cloud.google.com/go/functions/apiv2/functionspb" + + "github.com/falco-talon/falco-talon/internal/gcp/client" +) + +type CheckFunctionExist struct{} + +func (c CheckFunctionExist) Name() string { + return "CheckFunctionExist" +} + +func (c CheckFunctionExist) Run(functionName, location string) error { + gcpClient, err := client.GetGCPClient() + if err != nil { + return err + } + + functionClient, err := gcpClient.GetGcpFunctionClient(context.Background()) + if err != nil { + return err + } + + // Create a request to get function information + req := &functionspb.GetFunctionRequest{ + Name: "projects/" + gcpClient.ProjectID() + "/locations/" + location + "/functions/" + functionName, + } + + _, err = functionClient.GetFunction(context.Background(), req) + if err != nil { + return err + } + + return nil +} diff --git a/internal/gcp/client/client.go b/internal/gcp/client/client.go new file mode 100644 index 00000000..21ae1e0a --- /dev/null +++ b/internal/gcp/client/client.go @@ -0,0 +1,174 @@ +package client + +import ( + "context" + "fmt" + "net/http" + "sync" + + functionsv2 "cloud.google.com/go/functions/apiv2" + "cloud.google.com/go/functions/apiv2/functionspb" + "cloud.google.com/go/storage" + "github.com/googleapis/gax-go/v2" + "golang.org/x/oauth2/google" + "google.golang.org/api/option" + + "github.com/falco-talon/falco-talon/configuration" + "github.com/falco-talon/falco-talon/utils" +) + +const functionServiceScope = "https://www.googleapis.com/auth/cloud-platform" + +// nolint:govet +type GCPClient struct { + clientOpts []option.ClientOption + functionsClient *functionsv2.FunctionClient + storageClient *storage.Client + httpClient HTTPClient + projectID string + functionsClientOnce sync.Once + storageClientOnce sync.Once +} + +type GCPClientAPI interface { + GetGcpFunctionClient(context.Context) (*functionsv2.FunctionClient, error) + GetStorageClient(context.Context) (*storage.Client, error) + ProjectID() string + HTTPClient() HTTPClient + SetHTTPClient(httpClient HTTPClient) + Close() []error +} + +type HTTPClient interface { + Do(req *http.Request) (*http.Response, error) +} + +type GcpFunctionAPI interface { + GetFunction(ctx context.Context, req *functionspb.GetFunctionRequest, opts ...gax.CallOption) (*functionspb.Function, error) + Close() error +} + +type GcpGcsAPI interface { + Bucket(name string) *storage.BucketHandle + Close() error +} + +var ( + gcpClient *GCPClient + once sync.Once +) + +func Init() error { + if gcpClient != nil { + return nil + } + + var initErr error + once.Do(func() { + gcpConfig := configuration.GetConfiguration().GcpConfig + + var clientOptions []option.ClientOption + var creds *google.Credentials + var err error + + if gcpConfig.CredentialsPath != "" { + creds, err = google.CredentialsFromJSON(context.Background(), []byte(gcpConfig.CredentialsPath), functionServiceScope) + if err != nil { + initErr = fmt.Errorf("unable to load credentials from file: %v", err) + return + } + clientOptions = append(clientOptions, option.WithCredentials(creds)) + } else { + creds, err = google.FindDefaultCredentials(context.Background(), functionServiceScope) + if err != nil { + initErr = fmt.Errorf("unable to find default credentials: %v", err) + return + } + clientOptions = append(clientOptions, option.WithCredentials(creds)) + } + + projectID, err := getProjectID(creds) + if err != nil { + initErr = err + return + } + + gcpClient = &GCPClient{ + clientOpts: clientOptions, + projectID: projectID, + httpClient: &http.Client{}, + } + + utils.PrintLog("info", utils.LogLine{Message: "init", Category: "gcp", Status: utils.SuccessStr}) + }) + + return initErr +} + +func GetGCPClient() (*GCPClient, error) { + if gcpClient == nil { + err := Init() + if err != nil { + return nil, err + } + } + return gcpClient, nil +} + +func (c *GCPClient) GetGcpFunctionClient(ctx context.Context) (*functionsv2.FunctionClient, error) { + var err error + c.functionsClientOnce.Do(func() { + c.functionsClient, err = functionsv2.NewFunctionClient(ctx, c.clientOpts...) + }) + if err != nil { + return nil, err + } + return c.functionsClient, nil +} + +func (c *GCPClient) GetStorageClient(ctx context.Context) (*storage.Client, error) { + var err error + c.storageClientOnce.Do(func() { + c.storageClient, err = storage.NewClient(ctx, c.clientOpts...) + }) + if err != nil { + return nil, err + } + return c.storageClient, nil +} + +func (c *GCPClient) ProjectID() string { + return c.projectID +} + +func (c *GCPClient) HTTPClient() HTTPClient { + return c.httpClient +} + +// SetHTTPClient allows the user to set a custom HTTP client +// to be used by the GCP client +// this allows for better testing and control over the HTTP client +func (c *GCPClient) SetHTTPClient(httpClient HTTPClient) { + c.httpClient = httpClient +} + +// Close at the main client level is responsible +// for shutting down all the underlying service clients +func (c *GCPClient) Close() []error { + var errorList []error + + if c.functionsClient != nil { + errorList = append(errorList, c.functionsClient.Close()) + } + if c.storageClient != nil { + errorList = append(errorList, c.storageClient.Close()) + } + return errorList +} + +func getProjectID(creds *google.Credentials) (string, error) { + if creds.ProjectID == "" { + return "", fmt.Errorf("project ID not available in the credentials, please specify your project ID in the GCP configuration") + } + return creds.ProjectID, nil +} diff --git a/notifiers/slack/slack.go b/notifiers/slack/slack.go index f99a045d..f2a380d1 100644 --- a/notifiers/slack/slack.go +++ b/notifiers/slack/slack.go @@ -25,11 +25,11 @@ const ( ) const ( - Red string = "#e20b0b" - Green string = "#23ba47" - Grey string = "#a4a8b1" - - ignoredStr string = "ignored" + Red string = "#e20b0b" + Green string = "#23ba47" + Grey string = "#a4a8b1" + threeBackticks = "```" + ignoredStr string = "ignored" ) type Parameters struct { @@ -190,7 +190,7 @@ func newPayload(log utils.LogLine) Payload { } if log.Event != "" { field.Title = "Event" - field.Value = "```" + log.Event + "```" + field.Value = threeBackticks + log.Event + threeBackticks field.Short = false fields = append(fields, field) } diff --git a/outputs/gcs/gcs.go b/outputs/gcs/gcs.go new file mode 100644 index 00000000..b1486f9d --- /dev/null +++ b/outputs/gcs/gcs.go @@ -0,0 +1,174 @@ +package gcs + +import ( + "context" + "fmt" + "strings" + "time" + + "github.com/falco-talon/falco-talon/internal/gcp/client" + "github.com/falco-talon/falco-talon/internal/models" + "github.com/falco-talon/falco-talon/internal/rules" + "github.com/falco-talon/falco-talon/utils" +) + +const ( + Name string = "gcs" + Category string = "gcp" + Description string = "Store on GCP Cloud Storage" + Permissions string = `Required IAM permissions for GCS: +- storage.objects.create +- storage.objects.get +- storage.objects.list +- storage.objects.update` + Example string = `- action: Get logs of the pod + actionner: kubernetes:download + parameters: + tail_lines: 200 + output: + target: gcp:gcs + parameters: + bucket: falco-talon + prefix: files +` +) + +type Parameters struct { + Bucket string `mapstructure:"bucket" validate:"required"` + Prefix string `mapstructure:"prefix" validate:""` +} + +type Output struct{} + +func Register() *Output { + return new(Output) +} + +func (o Output) Init() error { + return client.Init() +} + +func (o Output) Information() models.Information { + return models.Information{ + Name: Name, + FullName: Category + ":" + Name, + Category: Category, + Description: Description, + Permissions: Permissions, + Example: Example, + } +} + +func (o Output) Parameters() models.Parameters { + return Parameters{ + Prefix: "", + Bucket: "", + } +} + +func (o Output) Checks(_ *rules.Output) error { return nil } + +func (o Output) Run(output *rules.Output, data *models.Data) (utils.LogLine, error) { + gcpClient, err := client.GetGCPClient() + if err != nil { + return utils.LogLine{ + Objects: nil, + Error: err.Error(), + Status: utils.FailureStr, + }, err + } + + storageClient, err := gcpClient.GetStorageClient(context.Background()) + if err != nil { + return utils.LogLine{ + Objects: nil, + Error: err.Error(), + Status: utils.FailureStr, + }, err + } + return o.RunWithClient(storageClient, output, data) +} + +func (o Output) CheckParameters(output *rules.Output) error { + var parameters Parameters + + err := utils.DecodeParams(output.GetParameters(), ¶meters) + if err != nil { + return err + } + + err = utils.ValidateStruct(parameters) + if err != nil { + return err + } + + return nil +} + +func (o Output) RunWithClient(client client.GcpGcsAPI, output *rules.Output, data *models.Data) (utils.LogLine, error) { + var parameters Parameters + err := utils.DecodeParams(output.GetParameters(), ¶meters) + if err != nil { + return utils.LogLine{ + Objects: nil, + Error: err.Error(), + Status: utils.FailureStr, + }, err + } + + parameters.Prefix = strings.TrimSuffix(parameters.Prefix, "/") + if parameters.Prefix != "" { + parameters.Prefix += "/" + } + + var key string + switch { + case data.Objects["namespace"] != "" && data.Objects["pod"] != "": + key = fmt.Sprintf("%v_%v_%v_%v", time.Now().Format("2006-01-02T15-04-05Z"), data.Objects["namespace"], data.Objects["pod"], strings.ReplaceAll(data.Name, "/", "_")) + case data.Objects["hostname"] != "": + key = fmt.Sprintf("%v_%v_%v", time.Now().Format("2006-01-02T15-04-05Z"), data.Objects["hostname"], strings.ReplaceAll(data.Name, "/", "_")) + default: + var s string + for i, j := range data.Objects { + if i != "file" { + s += j + "_" + } + } + key = fmt.Sprintf("%v_%v%v", time.Now().Format("2006-01-02T15-04-05Z"), s, strings.ReplaceAll(data.Name, "/", "_")) + } + + objects := map[string]string{ + "file": data.Name, + "bucket": parameters.Bucket, + "prefix": parameters.Prefix, + "key": key, + } + + ctx := context.Background() + + if err := putObject(ctx, client, parameters.Bucket, parameters.Prefix, key, *data); err != nil { + return utils.LogLine{ + Objects: objects, + Error: err.Error(), + Status: utils.FailureStr, + }, err + } + + return utils.LogLine{ + Objects: objects, + Output: fmt.Sprintf("The file '%v' has been uploaded as the key '%v' to the bucket '%v'", data.Name, parameters.Prefix+key, parameters.Bucket), + Status: utils.SuccessStr, + }, nil +} + +func putObject(ctx context.Context, storageClient client.GcpGcsAPI, bucketName, prefix, key string, data models.Data) error { + bucket := storageClient.Bucket(bucketName) + objectName := prefix + key + wc := bucket.Object(objectName).NewWriter(ctx) + defer wc.Close() + + if _, err := wc.Write(data.Bytes); err != nil { + return err + } + return nil +} diff --git a/outputs/outputs.go b/outputs/outputs.go index 18673915..4cdb2758 100644 --- a/outputs/outputs.go +++ b/outputs/outputs.go @@ -4,7 +4,8 @@ import ( "github.com/falco-talon/falco-talon/internal/rules" awss3 "github.com/falco-talon/falco-talon/outputs/aws/s3" "github.com/falco-talon/falco-talon/outputs/file" - minio "github.com/falco-talon/falco-talon/outputs/minio" + "github.com/falco-talon/falco-talon/outputs/gcs" + "github.com/falco-talon/falco-talon/outputs/minio" "github.com/falco-talon/falco-talon/internal/models" "github.com/falco-talon/falco-talon/utils" @@ -36,6 +37,7 @@ func ListDefaultOutputs() *Outputs { file.Register(), minio.Register(), awss3.Register(), + gcs.Register(), ) } diff --git a/rules.yaml b/rules.yaml index 2df9d78b..424d8bad 100644 --- a/rules.yaml +++ b/rules.yaml @@ -31,6 +31,14 @@ aws_lambda_alias_or_version: $LATEST aws_lambda_invocation_type: RequestResponse +- action: Invoke GCP function + actionner: gcp:function + additional_contexts: + - aws + parameters: + gcp_function_name: simple-http-function + gcp_function_location: us-central1 + - rule: Suspicious outbound connection description: "Label pods with suspicious outbound connections if not in the kube-system" match: @@ -59,6 +67,13 @@ actions: - action: Invoke Lambda function +- rule: Test invoke GCP function + match: + rules: + - Test invoke GCP function + actions: + - action: Invoke GCP function + - rule: Delete unknown namespace match: rules: