Mutual tls support for falcosidekick authentication #231
Conversation
|
Welcome @jasiam! It looks like this is your first PR to falcosecurity/falcosidekick 🎉 |
jasiam
force-pushed
the
mutualTLS-support
branch
from
1e714aa
to
c369704
Compare
|
Can you complete the description of your PR please. |
Issif
changed the title
main.go
Outdated
| @@ -282,7 +282,7 @@ func init() { | |||
|
|
|||
| if config.CloudEvents.Address != "" { | |||
| var err error | |||
| cloudeventsClient, err = outputs.NewClient("CloudEvents", config.CloudEvents.Address, config, stats, promStats, statsdClient, dogstatsdClient) | |||
| cloudeventsClient, err = outputs.NewClient("CloudEvents", config.CloudEvents.Address, false, config, stats, promStats, statsdClient, dogstatsdClient) | |||
There was a problem hiding this comment.
| cloudeventsClient, err = outputs.NewClient("CloudEvents", config.CloudEvents.Address, false, config, stats, promStats, statsdClient, dogstatsdClient) | |
| cloudeventsClient, err = outputs.NewClient("CloudEvents", config.CloudEvents.Address, config.CloudEvents.MutualTls, config, stats, promStats, statsdClient, dogstatsdClient) |
|
Do we really want to add the mutualtls support for all outputs which use the NewClient method? For instance, Loki doesn't support this kind of authentication (or any) and you'd need a reverse proxy in order to use it. |
Only for outputs which allow it. This is why it's a "by output" setting. |
So... I'm confused. Do you want to add the config.[OUTPUT].MutualTLS parameter in the NewClient method even if the output doesn't support mutual tls authN? I know the default value is false, but I'm afraid some users think they can use mutual tls when the actually can't. |
It's super weird. If I try to edit the description I can see everything I wrote yesterday when I opened the PR, but nothing is shown when I update it. |
We can discuss about this on Slack, feel free to contact me 😉 |
Signed-off-by: Jose Angel Santiago <>
jasiam
force-pushed
the
mutualTLS-support
branch
from
cc75cf3
to
9e6b0f4
Compare
There was a problem hiding this comment.
The README is not up to date with config_example.yaml and it misses variables for MutualTLS and CheckCert in list of env vars.
In config.go, default values are missing for MutualTLS and CheckCert, they should all be there, to only have explicit values.
Thanks. 🙏
Signed-off-by: Jose Angel Santiago <>
I think all required changes are now in the PR |
Signed-off-by: Jose Angel Santiago <>
jasiam
force-pushed
the
mutualTLS-support
branch
from
e8b0348
to
42fb1d2
Compare
My fault, I forgot to update the env vars part in README file. Now README and config_example.yaml files are synchronized. |
|
LGTM label has been added. Git tree hash: 3d064bd02d27d3037c12c366a66340c2333994b1
|
|
[APPROVALNOTIFIER] This PR is APPROVED This pull-request has been approved by: Issif The full list of commands accepted by this bot can be found here. The pull request process is described here
Needs approval from an approver in each of these files:
Approvers can indicate their approval by writing |
Issif
changed the title
|
/ready |
| v.SetDefault("Kafka.HostPort", "") | ||
| v.SetDefault("Kafka.Topic", "") | ||
| v.SetDefault("Kafka.MinimumPriority", "") | ||
| v.SetDefault("Pagerduty.RoutingKey", "") | ||
| v.SetDefault("Pagerduty.MinimumPriority", "") | ||
| v.SetDefault("Googlechat.MutualTls", false) |
What type of PR is this?
/kind feature
Any specific area of the project related to this PR?
What this PR does / why we need it:
It adds mutual tls support to be used in alertmanager, elasticsearch, influxdb, NATs and webhook outputs
Which issue(s) this PR fixes:
Fixes #216
Special notes for your reviewer: