From cd64bf6b44f8d39529c30538a3639ed3764501ee Mon Sep 17 00:00:00 2001 From: Claudiu Belu Date: Mon, 30 Sep 2024 15:08:34 +0000 Subject: [PATCH 1/2] Adds falco-driver-loader 0.38.2 rock The falco-driver-loader is just the falco image with a different entrypoint. Note that Pebble doesn't like it when a process finishes too quickly. Which is why we're adding a sleep workaround for this rock image, as it is expected for the image workload to eventually end. Adds falco-driver-loader usage to the integration test. We also need to set the "driver.kind=modern_ebpf" Helm chart option, in order for the falco-driver-loader init container to properly run. By default, it will try to autodetect the right driver, but it will fail when trying to use the kmod driver (insmod will fail with "Operation not permitted"), but the script exit code is still 0, meaning that the init container "successfully" finishes, which results in the workload container to not start properly. --- .../0.38.2/pebble-entrypoint.patch | 13 ++ falco-driver-loader/0.38.2/rockcraft.yaml | 143 ++++++++++++++++++ tests/integration/test_falco.py | 11 ++ tests/sanity/test_falco.py | 7 +- 4 files changed, 171 insertions(+), 3 deletions(-) create mode 100644 falco-driver-loader/0.38.2/pebble-entrypoint.patch create mode 100644 falco-driver-loader/0.38.2/rockcraft.yaml diff --git a/falco-driver-loader/0.38.2/pebble-entrypoint.patch b/falco-driver-loader/0.38.2/pebble-entrypoint.patch new file mode 100644 index 0000000..43385fe --- /dev/null +++ b/falco-driver-loader/0.38.2/pebble-entrypoint.patch @@ -0,0 +1,13 @@ +diff --git a/docker/driver-loader/docker-entrypoint.sh b/docker/driver-loader/docker-entrypoint.sh +index 52df15f3..1eea148c 100755 +--- a/docker/driver-loader/docker-entrypoint.sh ++++ b/docker/driver-loader/docker-entrypoint.sh +@@ -17,6 +17,8 @@ + # limitations under the License. + # + ++# Pebble doesn't like it when the process ends too suddenly. ++trap "sleep 1.1" EXIT + + print_usage() { + echo "" diff --git a/falco-driver-loader/0.38.2/rockcraft.yaml b/falco-driver-loader/0.38.2/rockcraft.yaml new file mode 100644 index 0000000..103c418 --- /dev/null +++ b/falco-driver-loader/0.38.2/rockcraft.yaml @@ -0,0 +1,143 @@ +# Copyright 2024 Canonical, Ltd. +# See LICENSE file for licensing details + +# Based on the Falco 0.38.2 rockcraft.yaml file. +name: falco-driver-loader +summary: falco-driver-loader rock +description: | + A rock containing the Falco driver loader. + + Falco is a cloud native runtime security tool for Linux operating systems. It is designed + to detect and alert on abnormal behavior and potential security threats in real-time. + + This rock closely resembles the Falco rock of the same version, the only difference being + the entrypoint and entrypoint script. +license: Apache-2.0 +version: 0.38.2 + +base: ubuntu@24.04 +build-base: ubuntu@24.04 + +platforms: + amd64: + arm64: + +environment: + # https://github.com/falcosecurity/falco/blob/0.38.2/docker/falco/Dockerfile#L12-L16 + VERSION_BUCKET: deb + FALCO_VERSION: 0.38.2 + HOST_ROOT: /host + HOME: /root + +# Services to be loaded by the Pebble entrypoint. +services: + entrypoint: + summary: "entrypoint service" + override: replace + startup: enabled + command: "/docker-entrypoint.sh [ --help ]" + on-success: shutdown + on-failure: shutdown + +entrypoint-service: entrypoint + +parts: + build-falco: + plugin: nil + source: https://github.com/falcosecurity/falco + source-type: git + source-tag: $CRAFT_PROJECT_VERSION + source-depth: 1 + build-packages: + # https://falco.org/docs/developer-guide/source/ + - git + - cmake + - clang + - build-essential + - linux-tools-common + - linux-tools-generic + - libelf-dev + - llvm + # On ubuntu-24.04, we have gcc 13, and abseil (grpc's dependency) fails to build with + # this version of gcc. Thus, we're building with gcc 12. + # xref: https://github.com/apache/arrow/issues/36969 + - gcc-12 + - g++-12 + stage-packages: + # https://github.com/falcosecurity/falco/blob/0.38.2/docker/falco/Dockerfile#L20-L42 + - bc + - bison + - ca-certificates + - clang + - curl + - dkms + - dwarves + - flex + - gcc + - gcc-11 + - gnupg2 + - jq + - libc6-dev + - libelf-dev + - libssl-dev + - llvm + - make + - netcat-openbsd + - patchelf + - xz-utils + - zstd + build-environment: + - GOOS: linux + - GOARCH: $CRAFT_ARCH_BUILD_FOR + - HOST_ROOT: /host + override-build: | + # Installing additional packages here because of the $(uname -r) part. We need that for + # build idempotency, so we can build locally *and* in the CI. + # linux-tools and linux-cloud-tools are required for building BPF (for x86_64). + if [ "$(uname -m)" == "x86_64" ]; then + apt install -y linux-headers-$(uname -r) linux-tools-$(uname -r) linux-cloud-tools-$(uname -r) + else + apt install -y linux-headers-$(uname -r) linux-tools-$(uname -r) linux-cloud-tools + fi + + # https://falco.org/docs/developer-guide/source/ + mkdir -p build + pushd build + # On ubuntu-24.04, we have gcc 13, and abseil (grpc's dependency) fails to build with + # this version of gcc. Thus, we're building with gcc 12. + # xref: https://github.com/apache/arrow/issues/36969 + update-alternatives --install /usr/bin/gcc gcc /usr/bin/gcc-12 12 --slave /usr/bin/g++ g++ /usr/bin/g++-12 + + # Based on: https://github.com/falcosecurity/falco/blob/0.38.2/.github/workflows/reusable_build_packages.yaml#L105 + cmake -S .. \ + -DUSE_BUNDLED_DEPS=On \ + -DBUILD_BPF=On \ + -DFALCO_ETC_DIR=/etc/falco \ + -DBUILD_DRIVER=Off \ + -DCREATE_TEST_TARGETS=Off + make falco -j6 + + # Generate the .deb file. + # make package will also generate the .tar.gz amd .rpm files, which we do not need, + # so we call cpack ourselves. + # make package depends on the preinstall target. + make preinstall + cpack --config ./CPackConfig.cmake -G DEB + popd + + # Unpack the .deb into the install directory. + dpkg-deb --extract build/falco-*.deb ${CRAFT_PART_INSTALL}/ + + # Change the falco config within the container to enable ISO 8601 output. + # https://github.com/falcosecurity/falco/blob/0.38.2/docker/falco/Dockerfile#L52 + sed -i -e 's/time_format_iso_8601: false/time_format_iso_8601: true/' ${CRAFT_PART_INSTALL}/etc/falco/falco.yaml + + # https://github.com/falcosecurity/falco/blob/0.38.2/docker/falco/Dockerfile#L61 + mkdir -p ${CRAFT_PART_INSTALL}/lib + ln -s $HOST_ROOT/lib/modules ${CRAFT_PART_INSTALL}/lib/modules + + # The entrypoint script is different from the falco image. + # We do however need to apply a patch for Pebble's sake (it doesn't like it when + # processes end too suddenly).. + git apply -v $CRAFT_PROJECT_DIR/pebble-entrypoint.patch + cp docker/driver-loader/docker-entrypoint.sh ${CRAFT_PART_INSTALL}/ diff --git a/tests/integration/test_falco.py b/tests/integration/test_falco.py index 3fcf3b8..850f8a6 100644 --- a/tests/integration/test_falco.py +++ b/tests/integration/test_falco.py @@ -34,9 +34,18 @@ def _get_falco_helm_cmd(image_version: str): "falcoctl", "0.9.0", "amd64" ) + driver_loader_rock = env_util.get_build_meta_info_for_rock_version( + "falco-driver-loader", image_version, "amd64" + ) + images = [ k8s_util.HelmImage(falco_rock.image), k8s_util.HelmImage(falcoctl_rock.image, "falcoctl"), + k8s_util.HelmImage(driver_loader_rock.image, "driver.loader.initContainer"), + ] + + set_configs = [ + "driver.kind=modern_ebpf", ] return k8s_util.get_helm_install_command( @@ -45,6 +54,8 @@ def _get_falco_helm_cmd(image_version: str): namespace="falco", repository="https://falcosecurity.github.io/charts", images=images, + runAsUser=0, + set_configs=set_configs, split_image_registry=True, ) diff --git a/tests/sanity/test_falco.py b/tests/sanity/test_falco.py index eb86f4c..4e68a2c 100644 --- a/tests/sanity/test_falco.py +++ b/tests/sanity/test_falco.py @@ -18,11 +18,12 @@ ] +@pytest.mark.parametrize("rock_name", ["falco", "falco-driver-loader"]) @pytest.mark.parametrize("image_version", ["0.38.2"]) -def test_falco_rock(image_version): - """Test falco rock.""" +def test_falco_rock(rock_name, image_version): + """Test falco rocks.""" rock = env_util.get_build_meta_info_for_rock_version( - "falco", image_version, "amd64" + rock_name, image_version, "amd64" ) image = rock.image From e02d467df2489552788cd0c5b30f52df18975f51 Mon Sep 17 00:00:00 2001 From: Claudiu Belu Date: Tue, 1 Oct 2024 09:51:27 +0000 Subject: [PATCH 2/2] Adds falco and falco-driver-loader 0.39.0 and falcoctl 0.10.0 rocks Note that the Dockerfiles are identical to the previous versions. Thus, the rockfiles are also the same. Falco 0.39.0 comes with falcoctl 0.10.0, which is why we're building that version as well. Added the new versions into the sanity and integration tests. --- .../0.39.0/pebble-entrypoint.patch | 13 ++ falco-driver-loader/0.39.0/rockcraft.yaml | 143 ++++++++++++++++++ falco/0.39.0/rockcraft.yaml | 136 +++++++++++++++++ falcoctl/0.10.0/falcoctl-entrypoint.sh | 9 ++ falcoctl/0.10.0/rockcraft.yaml | 67 ++++++++ tests/integration/test_falco.py | 20 ++- tests/sanity/test_falco.py | 2 +- tests/sanity/test_falcoctl.py | 2 +- 8 files changed, 385 insertions(+), 7 deletions(-) create mode 100644 falco-driver-loader/0.39.0/pebble-entrypoint.patch create mode 100644 falco-driver-loader/0.39.0/rockcraft.yaml create mode 100644 falco/0.39.0/rockcraft.yaml create mode 100755 falcoctl/0.10.0/falcoctl-entrypoint.sh create mode 100644 falcoctl/0.10.0/rockcraft.yaml diff --git a/falco-driver-loader/0.39.0/pebble-entrypoint.patch b/falco-driver-loader/0.39.0/pebble-entrypoint.patch new file mode 100644 index 0000000..43385fe --- /dev/null +++ b/falco-driver-loader/0.39.0/pebble-entrypoint.patch @@ -0,0 +1,13 @@ +diff --git a/docker/driver-loader/docker-entrypoint.sh b/docker/driver-loader/docker-entrypoint.sh +index 52df15f3..1eea148c 100755 +--- a/docker/driver-loader/docker-entrypoint.sh ++++ b/docker/driver-loader/docker-entrypoint.sh +@@ -17,6 +17,8 @@ + # limitations under the License. + # + ++# Pebble doesn't like it when the process ends too suddenly. ++trap "sleep 1.1" EXIT + + print_usage() { + echo "" diff --git a/falco-driver-loader/0.39.0/rockcraft.yaml b/falco-driver-loader/0.39.0/rockcraft.yaml new file mode 100644 index 0000000..60d8cbe --- /dev/null +++ b/falco-driver-loader/0.39.0/rockcraft.yaml @@ -0,0 +1,143 @@ +# Copyright 2024 Canonical, Ltd. +# See LICENSE file for licensing details + +# Based on the Falco 0.39.0 rockcraft.yaml file. +name: falco-driver-loader +summary: falco-driver-loader rock +description: | + A rock containing the Falco driver loader. + + Falco is a cloud native runtime security tool for Linux operating systems. It is designed + to detect and alert on abnormal behavior and potential security threats in real-time. + + This rock closely resembles the Falco rock of the same version, the only difference being + the entrypoint and entrypoint script. +license: Apache-2.0 +version: 0.39.0 + +base: ubuntu@24.04 +build-base: ubuntu@24.04 + +platforms: + amd64: + arm64: + +environment: + # https://github.com/falcosecurity/falco/blob/0.39.0/docker/falco/Dockerfile#L12-L16 + VERSION_BUCKET: deb + FALCO_VERSION: 0.39.0 + HOST_ROOT: /host + HOME: /root + +# Services to be loaded by the Pebble entrypoint. +services: + entrypoint: + summary: "entrypoint service" + override: replace + startup: enabled + command: "/docker-entrypoint.sh [ --help ]" + on-success: shutdown + on-failure: shutdown + +entrypoint-service: entrypoint + +parts: + build-falco: + plugin: nil + source: https://github.com/falcosecurity/falco + source-type: git + source-tag: $CRAFT_PROJECT_VERSION + source-depth: 1 + build-packages: + # https://falco.org/docs/developer-guide/source/ + - git + - cmake + - clang + - build-essential + - linux-tools-common + - linux-tools-generic + - libelf-dev + - llvm + # On ubuntu-24.04, we have gcc 13, and abseil (grpc's dependency) fails to build with + # this version of gcc. Thus, we're building with gcc 12. + # xref: https://github.com/apache/arrow/issues/36969 + - gcc-12 + - g++-12 + stage-packages: + # https://github.com/falcosecurity/falco/blob/0.39.0/docker/falco/Dockerfile#L20-L42 + - bc + - bison + - ca-certificates + - clang + - curl + - dkms + - dwarves + - flex + - gcc + - gcc-11 + - gnupg2 + - jq + - libc6-dev + - libelf-dev + - libssl-dev + - llvm + - make + - netcat-openbsd + - patchelf + - xz-utils + - zstd + build-environment: + - GOOS: linux + - GOARCH: $CRAFT_ARCH_BUILD_FOR + - HOST_ROOT: /host + override-build: | + # Installing additional packages here because of the $(uname -r) part. We need that for + # build idempotency, so we can build locally *and* in the CI. + # linux-tools and linux-cloud-tools are required for building BPF (for x86_64). + if [ "$(uname -m)" == "x86_64" ]; then + apt install -y linux-headers-$(uname -r) linux-tools-$(uname -r) linux-cloud-tools-$(uname -r) + else + apt install -y linux-headers-$(uname -r) linux-tools-$(uname -r) linux-cloud-tools + fi + + # https://falco.org/docs/developer-guide/source/ + mkdir -p build + pushd build + # On ubuntu-24.04, we have gcc 13, and abseil (grpc's dependency) fails to build with + # this version of gcc. Thus, we're building with gcc 12. + # xref: https://github.com/apache/arrow/issues/36969 + update-alternatives --install /usr/bin/gcc gcc /usr/bin/gcc-12 12 --slave /usr/bin/g++ g++ /usr/bin/g++-12 + + # Based on: https://github.com/falcosecurity/falco/blob/0.39.0/.github/workflows/reusable_build_packages.yaml#L105 + cmake -S .. \ + -DUSE_BUNDLED_DEPS=On \ + -DBUILD_BPF=On \ + -DFALCO_ETC_DIR=/etc/falco \ + -DBUILD_DRIVER=Off \ + -DCREATE_TEST_TARGETS=Off + make falco -j6 + + # Generate the .deb file. + # make package will also generate the .tar.gz amd .rpm files, which we do not need, + # so we call cpack ourselves. + # make package depends on the preinstall target. + make preinstall + cpack --config ./CPackConfig.cmake -G DEB + popd + + # Unpack the .deb into the install directory. + dpkg-deb --extract build/falco-*.deb ${CRAFT_PART_INSTALL}/ + + # Change the falco config within the container to enable ISO 8601 output. + # https://github.com/falcosecurity/falco/blob/0.39.0/docker/falco/Dockerfile#L52 + sed -i -e 's/time_format_iso_8601: false/time_format_iso_8601: true/' ${CRAFT_PART_INSTALL}/etc/falco/falco.yaml + + # https://github.com/falcosecurity/falco/blob/0.39.0/docker/falco/Dockerfile#L61 + mkdir -p ${CRAFT_PART_INSTALL}/lib + ln -s $HOST_ROOT/lib/modules ${CRAFT_PART_INSTALL}/lib/modules + + # The entrypoint script is different from the falco image. + # We do however need to apply a patch for Pebble's sake (it doesn't like it when + # processes end too suddenly).. + git apply -v $CRAFT_PROJECT_DIR/pebble-entrypoint.patch + cp docker/driver-loader/docker-entrypoint.sh ${CRAFT_PART_INSTALL}/ diff --git a/falco/0.39.0/rockcraft.yaml b/falco/0.39.0/rockcraft.yaml new file mode 100644 index 0000000..3fc839d --- /dev/null +++ b/falco/0.39.0/rockcraft.yaml @@ -0,0 +1,136 @@ +# Copyright 2024 Canonical, Ltd. +# See LICENSE file for licensing details + +# Based on: https://github.com/falcosecurity/falco/blob/0.39.0/docker/falco/Dockerfile +name: falco +summary: Falco rock +description: | + A rock containing Falco. + + Falco is a cloud native runtime security tool for Linux operating systems. It is designed + to detect and alert on abnormal behavior and potential security threats in real-time. +license: Apache-2.0 +version: 0.39.0 + +base: ubuntu@24.04 +build-base: ubuntu@24.04 + +platforms: + amd64: + arm64: + +environment: + # https://github.com/falcosecurity/falco/blob/0.39.0/docker/falco/Dockerfile#L12-L16 + VERSION_BUCKET: deb + FALCO_VERSION: 0.39.0 + HOST_ROOT: /host + HOME: /root + +# Services to be loaded by the Pebble entrypoint. +services: + falco: + summary: "falco service" + override: replace + startup: enabled + command: "/docker-entrypoint.sh /usr/bin/falco [ --help ]" + on-success: shutdown + on-failure: shutdown + +entrypoint-service: falco + +parts: + build-falco: + plugin: nil + source: https://github.com/falcosecurity/falco + source-type: git + source-tag: $CRAFT_PROJECT_VERSION + source-depth: 1 + build-packages: + # https://falco.org/docs/developer-guide/source/ + - git + - cmake + - clang + - build-essential + - linux-tools-common + - linux-tools-generic + - libelf-dev + - llvm + # On ubuntu-24.04, we have gcc 13, and abseil (grpc's dependency) fails to build with + # this version of gcc. Thus, we're building with gcc 12. + # xref: https://github.com/apache/arrow/issues/36969 + - gcc-12 + - g++-12 + stage-packages: + # https://github.com/falcosecurity/falco/blob/0.39.0/docker/falco/Dockerfile#L20-L42 + - bc + - bison + - ca-certificates + - clang + - curl + - dkms + - dwarves + - flex + - gcc + - gcc-11 + - gnupg2 + - jq + - libc6-dev + - libelf-dev + - libssl-dev + - llvm + - make + - netcat-openbsd + - patchelf + - xz-utils + - zstd + build-environment: + - GOOS: linux + - GOARCH: $CRAFT_ARCH_BUILD_FOR + - HOST_ROOT: /host + override-build: | + # Installing additional packages here because of the $(uname -r) part. We need that for + # build idempotency, so we can build locally *and* in the CI. + # linux-tools and linux-cloud-tools are required for building BPF (for x86_64). + if [ "$(uname -m)" == "x86_64" ]; then + apt install -y linux-headers-$(uname -r) linux-tools-$(uname -r) linux-cloud-tools-$(uname -r) + else + apt install -y linux-headers-$(uname -r) linux-tools-$(uname -r) linux-cloud-tools + fi + + # https://falco.org/docs/developer-guide/source/ + mkdir -p build + pushd build + # On ubuntu-24.04, we have gcc 13, and abseil (grpc's dependency) fails to build with + # this version of gcc. Thus, we're building with gcc 12. + # xref: https://github.com/apache/arrow/issues/36969 + update-alternatives --install /usr/bin/gcc gcc /usr/bin/gcc-12 12 --slave /usr/bin/g++ g++ /usr/bin/g++-12 + + # Based on: https://github.com/falcosecurity/falco/blob/0.39.0/.github/workflows/reusable_build_packages.yaml#L105 + cmake -S .. \ + -DUSE_BUNDLED_DEPS=On \ + -DBUILD_BPF=On \ + -DFALCO_ETC_DIR=/etc/falco \ + -DBUILD_DRIVER=Off \ + -DCREATE_TEST_TARGETS=Off + make falco -j6 + + # Generate the .deb file. + # make package will also generate the .tar.gz amd .rpm files, which we do not need, + # so we call cpack ourselves. + # make package depends on the preinstall target. + make preinstall + cpack --config ./CPackConfig.cmake -G DEB + popd + + # Unpack the .deb into the install directory. + dpkg-deb --extract build/falco-*.deb ${CRAFT_PART_INSTALL}/ + + # Change the falco config within the container to enable ISO 8601 output. + # https://github.com/falcosecurity/falco/blob/0.39.0/docker/falco/Dockerfile#L52 + sed -i -e 's/time_format_iso_8601: false/time_format_iso_8601: true/' ${CRAFT_PART_INSTALL}/etc/falco/falco.yaml + + # https://github.com/falcosecurity/falco/blob/0.39.0/docker/falco/Dockerfile#L61 + mkdir -p ${CRAFT_PART_INSTALL}/lib + ln -s $HOST_ROOT/lib/modules ${CRAFT_PART_INSTALL}/lib/modules + + cp docker/falco/docker-entrypoint.sh ${CRAFT_PART_INSTALL}/ diff --git a/falcoctl/0.10.0/falcoctl-entrypoint.sh b/falcoctl/0.10.0/falcoctl-entrypoint.sh new file mode 100755 index 0000000..bce99fe --- /dev/null +++ b/falcoctl/0.10.0/falcoctl-entrypoint.sh @@ -0,0 +1,9 @@ +#!/bin/bash + +# Required to prevent Pebble from considering the service to have +# exited too quickly to be worth restarting or respecting the +# "on-failure: shutdown" directive and thus hanging indefinitely: +# https://github.com/canonical/pebble/issues/240#issuecomment-1599722443 +sleep 1.1 + +/usr/bin/falcoctl $@ diff --git a/falcoctl/0.10.0/rockcraft.yaml b/falcoctl/0.10.0/rockcraft.yaml new file mode 100644 index 0000000..d624900 --- /dev/null +++ b/falcoctl/0.10.0/rockcraft.yaml @@ -0,0 +1,67 @@ +# Copyright 2024 Canonical, Ltd. +# See LICENSE file for licensing details + +# Based on: https://github.com/falcosecurity/falcoctl/blob/v0.10.0/build/Dockerfile +name: falcoctl +summary: falcoctl rock +description: | + A rock containing falcoctl. + + falcoctl is the official CLI tool for working with Falco and its ecosystem components. +license: Apache-2.0 +version: 0.10.0 + +base: ubuntu@24.04 +build-base: ubuntu@24.04 +run-user: _daemon_ + +platforms: + amd64: + arm64: + +environment: + APP_VERSION: 0.10.0 + +# Services to be loaded by the Pebble entrypoint. +services: + falcoctl: + summary: "falcoctl service" + override: replace + startup: enabled + command: "/falcoctl-entrypoint.sh [ --help ]" + on-success: shutdown + on-failure: shutdown + +entrypoint-service: falcoctl + +parts: + build-falcoctl: + plugin: go + source: https://github.com/falcosecurity/falcoctl + source-type: git + source-tag: v${CRAFT_PROJECT_VERSION} + source-depth: 1 + stage-packages: + # Required by falcoctl in order to verify certificates. + - ca-certificates + build-snaps: + - go/1.23/stable + build-environment: + - CGO_ENABLED: 0 + - GOOS: linux + - GOARCH: $CRAFT_ARCH_BUILD_FOR + - VERSION: $CRAFT_PROJECT_VERSION + - PROJECT: github.com/falcosecurity/falcoctl + - LDFLAGS: -X $PROJECT/cmd/version.semVersion=$VERSION -X $PROJECT/cmd/version.buildDate="\"$(date -u +'%Y-%m-%dT%H:%M:%SZ')\"" -s -w + override-build: | + mkdir -p ${CRAFT_PART_INSTALL}/usr/bin/ + go mod download + go build -o ${CRAFT_PART_INSTALL}/usr/bin/ -ldflags "${LDFLAGS}" . + + add-falcoctl-entrypoint: + plugin: nil + override-build: | + # Running falcoctl directly may finish sooner than 1 second, which means Pebble will just + # hang around and not finish, which is undesirable for an init container. + # We're setting this as the entrypoint, which will just pass the arguments to falcoctl + 1.1s sleep. + cp $CRAFT_PROJECT_DIR/falcoctl-entrypoint.sh ${CRAFT_PART_INSTALL}/ diff --git a/tests/integration/test_falco.py b/tests/integration/test_falco.py index 850f8a6..22d172f 100644 --- a/tests/integration/test_falco.py +++ b/tests/integration/test_falco.py @@ -6,12 +6,21 @@ import logging import time +import pytest from k8s_test_harness import harness from k8s_test_harness.util import constants, env_util, k8s_util LOG = logging.getLogger(__name__) +_FALCOCTL_VERSIONS = { + # Based on the Falco releases. + # falco_version: falcoctl_version + "0.38.2": "0.9.0", + "0.39.0": "0.10.0", +} + + def _get_event_generator_helm_cmd(): return k8s_util.get_helm_install_command( "event-generator", @@ -25,13 +34,13 @@ def _get_event_generator_helm_cmd(): ) -def _get_falco_helm_cmd(image_version: str): +def _get_falco_helm_cmd(falco_version: str): falco_rock = env_util.get_build_meta_info_for_rock_version( - "falco", image_version, "amd64" + "falco", falco_version, "amd64" ) falcoctl_rock = env_util.get_build_meta_info_for_rock_version( - "falcoctl", "0.9.0", "amd64" + "falcoctl", _FALCOCTL_VERSIONS[falco_version], "amd64" ) driver_loader_rock = env_util.get_build_meta_info_for_rock_version( @@ -105,9 +114,10 @@ def _assert_falco_logs(instance: harness.Instance): assert False, "Expected Falco logs to contain Warnings, based on event-generator" -def test_integration_falco(function_instance: harness.Instance): +@pytest.mark.parametrize("image_version", ["0.38.2", "0.39.0"]) +def test_integration_falco(function_instance: harness.Instance, image_version): # Deploy Falco helm chart and wait for it to become active. - function_instance.exec(_get_falco_helm_cmd("0.38.2")) + function_instance.exec(_get_falco_helm_cmd(image_version)) # Wait for the daemonset to become Active. k8s_util.wait_for_daemonset(function_instance, "falco", "falco", retry_times=10) diff --git a/tests/sanity/test_falco.py b/tests/sanity/test_falco.py index 4e68a2c..1ffe8ff 100644 --- a/tests/sanity/test_falco.py +++ b/tests/sanity/test_falco.py @@ -19,7 +19,7 @@ @pytest.mark.parametrize("rock_name", ["falco", "falco-driver-loader"]) -@pytest.mark.parametrize("image_version", ["0.38.2"]) +@pytest.mark.parametrize("image_version", ["0.38.2", "0.39.0"]) def test_falco_rock(rock_name, image_version): """Test falco rocks.""" rock = env_util.get_build_meta_info_for_rock_version( diff --git a/tests/sanity/test_falcoctl.py b/tests/sanity/test_falcoctl.py index 899feb6..92b1f53 100644 --- a/tests/sanity/test_falcoctl.py +++ b/tests/sanity/test_falcoctl.py @@ -7,7 +7,7 @@ from k8s_test_harness.util import docker_util, env_util -@pytest.mark.parametrize("image_version", ["0.9.0"]) +@pytest.mark.parametrize("image_version", ["0.9.0", "0.10.0"]) def test_falcoctl_rock(image_version): """Test falcoctl rock.""" rock = env_util.get_build_meta_info_for_rock_version(