new(cmd/driver,pkg/driver): implement driver select commit to Falco c…

…onfig/configmap. Moreover, switch to use driverkit kernelrelease package. Signed-off-by: Federico Di Pierro <[email protected]>
falcosecurity · Nov 7, 2023 · 1d0e7f5 · 1d0e7f5
1 parent 6a7390b
commit 1d0e7f5
Show file tree

Hide file tree

Showing 18 changed files with 270 additions and 156 deletions.
diff --git a/cmd/driver/prepare/prepare.go b/cmd/driver/prepare/prepare.go
@@ -105,24 +105,17 @@ func (o *driverPrepareOptions) RunDriverPrepare(_ context.Context, _ []string) e
 		return err
 	}
 
-	info, err := driverkernel.FetchInfo()
+	info, err := driverkernel.FetchInfo(o.DriverKernelRelease, o.DriverKernelVersion)
 	if err != nil {
 		return err
 	}
 
-	if o.DriverKernelRelease != "" {
-		info.KernelRelease = o.DriverKernelRelease
-	}
-	if o.DriverKernelVersion != "" {
-		info.KernelVersion = driverkernel.FormatVersion(o.DriverKernelVersion)
-	}
-
 	o.Printer.Logger.Info("Running falcoctl driver prepare", o.Printer.Logger.Args(
 		"driver version", o.DriverVersion,
 		"driver type", driver.Type,
 		"driver name", o.Name,
-		"arch", driverdistro.GetArchitecture(),
-		"kernel release", info.KernelRelease,
+		"arch", info.Architecture.ToNonDeb(),
+		"kernel release", info.String(),
 		"kernel version", info.KernelVersion))
 
 	if !driver.Type.HasArtifacts() {
@@ -139,7 +132,7 @@ func (o *driverPrepareOptions) RunDriverPrepare(_ context.Context, _ []string) e
 			return fmt.Errorf("detected an unsupported target system, please get in touch with the Falco community")
 		}
 	}
-	o.Printer.Logger.Info("found distro", o.Printer.Logger.Args("target", d.GetTargetID()))
+	o.Printer.Logger.Info("found distro", o.Printer.Logger.Args("target", d))
 
 	err = driver.Type.Prepare(o.Printer, o.Name)
 	if err != nil {

diff --git a/cmd/driver/select/select.go b/cmd/driver/select/select.go
@@ -17,6 +17,7 @@ package driverselect
 
 import (
 	"fmt"
+	"strings"
 
 	"github.com/spf13/cobra"
 	"golang.org/x/net/context"
@@ -33,6 +34,7 @@ import (
 type driverSelectOptions struct {
 	*options.Common
 	*options.Driver
+	Type string
 }
 
 // NewDriverSelectCmd selects a driver and stores it in config.
@@ -47,47 +49,48 @@ func NewDriverSelectCmd(ctx context.Context, opt *options.Common) *cobra.Command
 		DisableFlagsInUseLine: true,
 		Short:                 "Select a driver",
 		Long:                  "Select a driver for future usages with other driver subcommands",
-		Args:                  cobra.MaximumNArgs(1),
 		RunE: func(cmd *cobra.Command, args []string) error {
 			driverType, err := o.RunDriverSelect(ctx, args)
 			if err == nil {
 				o.Printer.Logger.Info("Selected driver", o.Printer.Logger.Args("type", driverType))
+				return drivertype.Commit(o.HostRoot, driverType)
 			}
 			return err
 		},
 	}
 
 	output.ExitOnErr(o.Printer, o.Driver.AddFlags(cmd))
+	cmd.Flags().StringVar(&o.Type, "driver-type", "", "Driver type to be selected. Allowed: "+strings.Join(drivertype.GetDriverTypes(), ","))
 	return cmd
 }
 
 // RunDriverSelect implements the driver selection command.
-func (o *driverSelectOptions) RunDriverSelect(_ context.Context, args []string) (drivertype.DriverType, error) {
-	if len(args) == 1 {
+func (o *driverSelectOptions) RunDriverSelect(_ context.Context, _ []string) (drivertype.DriverType, error) {
+	if o.Type != "" {
 		// Ok driver type was enforced by the user
-		dType, err := drivertype.Parse(args[0])
+		dType, err := drivertype.Parse(o.Type)
 		if err != nil {
 			return nil, err
 		}
 		return dType, config.SelectDriver(dType.String(), o.ConfigFile)
 	}
 
 	// automatic logic
-	info, err := driverkernel.FetchInfo()
+	info, err := driverkernel.FetchInfo("", "")
 	if err != nil {
 		return nil, err
 	}
 
 	o.Printer.Logger.Info("Running falcoctl driver select", o.Printer.Logger.Args(
-		"arch", driverdistro.GetArchitecture(),
-		"kernel release", info.KernelRelease,
+		"arch", info.Architecture.ToNonDeb(),
+		"kernel release", info.String(),
 		"kernel version", info.KernelVersion))
 
 	d, err := driverdistro.DiscoverDistro(info, o.HostRoot)
 	if err != nil {
 		return nil, err
 	}
-	o.Printer.Logger.Info("found distro", o.Printer.Logger.Args("target", d.GetTargetID()))
+	o.Printer.Logger.Info("found distro", o.Printer.Logger.Args("target", d))
 
 	preferredDriver := d.PreferredDriver(info)
 	if preferredDriver == nil {

diff --git a/go.mod b/go.mod
@@ -8,6 +8,7 @@ require (
 	github.com/distribution/distribution/v3 v3.0.0-20230608105614-4501a6e06d3b
 	github.com/docker/cli v24.0.5+incompatible
 	github.com/docker/docker v24.0.7+incompatible
+	github.com/falcosecurity/driverkit v0.15.5-0.20231107084811-38b2d9015bc0
 	github.com/go-oauth2/oauth2/v4 v4.5.2
 	github.com/golang-jwt/jwt v3.2.2+incompatible
 	github.com/google/go-containerregistry v0.16.1
@@ -29,8 +30,11 @@ require (
 	google.golang.org/api v0.138.0
 	gopkg.in/ini.v1 v1.67.0
 	gopkg.in/yaml.v3 v3.0.1
+	k8s.io/api v0.28.1
+	k8s.io/apimachinery v0.28.1
+	k8s.io/client-go v0.28.1
 	k8s.io/utils v0.0.0-20230726121419-3b25d923346b
-	oras.land/oras-go/v2 v2.2.1
+	oras.land/oras-go/v2 v2.3.0
 )
 
 require (
@@ -144,7 +148,7 @@ require (
 	github.com/go-piv/piv-go v1.11.0 // indirect
 	github.com/go-playground/locales v0.14.1 // indirect
 	github.com/go-playground/universal-translator v0.18.1 // indirect
-	github.com/go-playground/validator/v10 v10.15.2 // indirect
+	github.com/go-playground/validator/v10 v10.15.3 // indirect
 	github.com/go-task/slim-sprig v0.0.0-20230315185526-52ccab3ef572 // indirect
 	github.com/goccy/go-json v0.10.2 // indirect
 	github.com/gogo/protobuf v1.3.2 // indirect
@@ -203,7 +207,7 @@ require (
 	github.com/opentracing/opentracing-go v1.2.0 // indirect
 	github.com/outcaste-io/ristretto v0.2.3 // indirect
 	github.com/pborman/uuid v1.2.1 // indirect
-	github.com/pelletier/go-toml/v2 v2.0.9 // indirect
+	github.com/pelletier/go-toml/v2 v2.1.0 // indirect
 	github.com/philhofer/fwd v1.1.2 // indirect
 	github.com/pkg/errors v0.9.1 // indirect
 	github.com/pmezard/go-difflib v1.0.0 // indirect
@@ -277,11 +281,8 @@ require (
 	gopkg.in/inf.v0 v0.9.1 // indirect
 	gopkg.in/square/go-jose.v2 v2.6.0 // indirect
 	inet.af/netaddr v0.0.0-20230525184311-b8eac61e914a // indirect
-	k8s.io/api v0.28.1 // indirect
-	k8s.io/apimachinery v0.28.1 // indirect
-	k8s.io/client-go v0.28.1 // indirect
 	k8s.io/klog/v2 v2.100.1 // indirect
-	k8s.io/kube-openapi v0.0.0-20230816210353-14e408962443 // indirect
+	k8s.io/kube-openapi v0.0.0-20230901164831-6c774f458599 // indirect
 	sigs.k8s.io/json v0.0.0-20221116044647-bc3834ca7abd // indirect
 	sigs.k8s.io/release-utils v0.7.4 // indirect
 	sigs.k8s.io/structured-merge-diff/v4 v4.3.0 // indirect

diff --git a/go.sum b/go.sum
@@ -341,6 +341,8 @@ github.com/envoyproxy/go-control-plane v0.9.7/go.mod h1:cwu0lG7PUMfa9snN8LXBig5y
 github.com/envoyproxy/go-control-plane v0.9.9-0.20201210154907-fd9021fe5dad/go.mod h1:cXg6YxExXjJnVBQHBLXeUAgxn2UodCpnH306RInaBQk=
 github.com/envoyproxy/go-control-plane v0.9.10-0.20210907150352-cf90f659a021/go.mod h1:AFq3mo9L8Lqqiid3OhADV3RfLJnjiw63cSpi+fDTRC0=
 github.com/envoyproxy/protoc-gen-validate v0.1.0/go.mod h1:iSmxcyjqTsJpI2R4NaDN7+kN2VEUnK/pcBlmesArF7c=
+github.com/falcosecurity/driverkit v0.15.5-0.20231107084811-38b2d9015bc0 h1:yd2FjRDXZIE/DJ0Lj+gS+2ySDVYfXxiE4qgiFy+OnnM=
+github.com/falcosecurity/driverkit v0.15.5-0.20231107084811-38b2d9015bc0/go.mod h1:vGGEx4jQFuTCYdPn70Pb7d3PjrgBULCKhOlW/serJTw=
 github.com/fasthttp-contrib/websocket v0.0.0-20160511215533-1f3b11f56072/go.mod h1:duJ4Jxv5lDcvg4QuQr0oowTf7dz4/CR8NtyCooz9HL8=
 github.com/fatih/color v1.15.0 h1:kOqh6YHBtK8aywxGerMG2Eq3H6Qgoqeo13Bk2Mv/nBs=
 github.com/fatih/color v1.15.0/go.mod h1:0h5ZqXfHYED7Bhv2ZJamyIOUej9KtShiJESRwBDUSsw=
@@ -426,8 +428,8 @@ github.com/go-playground/locales v0.14.1 h1:EWaQ/wswjilfKLTECiXz7Rh+3BjFhfDFKv/o
 github.com/go-playground/locales v0.14.1/go.mod h1:hxrqLVvrK65+Rwrd5Fc6F2O76J/NuW9t0sjnWqG1slY=
 github.com/go-playground/universal-translator v0.18.1 h1:Bcnm0ZwsGyWbCzImXv+pAJnYK9S473LQFuzCbDbfSFY=
 github.com/go-playground/universal-translator v0.18.1/go.mod h1:xekY+UJKNuX9WP91TpwSH2VMlDf28Uj24BCp08ZFTUY=
-github.com/go-playground/validator/v10 v10.15.2 h1:Ra5cll2/eF8X0Ff2+8SMD7euo2nenQ8WEpgqfy4NhHU=
-github.com/go-playground/validator/v10 v10.15.2/go.mod h1:9iXMNT7sEkjXb0I+enO7QXmzG6QCsPWY4zveKFVRSyU=
+github.com/go-playground/validator/v10 v10.15.3 h1:S+sSpunYjNPDuXkWbK+x+bA7iXiW296KG4dL3X7xUZo=
+github.com/go-playground/validator/v10 v10.15.3/go.mod h1:9iXMNT7sEkjXb0I+enO7QXmzG6QCsPWY4zveKFVRSyU=
 github.com/go-rod/rod v0.114.2 h1:Qwt+vZHHnb117zc0q+XjhAJCkB01hchWSxH/raCyLb4=
 github.com/go-rod/rod v0.114.2/go.mod h1:aiedSEFg5DwG/fnNbUOTPMTTWX3MRj6vIs/a684Mthw=
 github.com/go-session/session v3.1.2+incompatible/go.mod h1:8B3iivBQjrz/JtC68Np2T1yBBLxTan3mn/3OM0CyRt0=
@@ -791,8 +793,8 @@ github.com/outcaste-io/ristretto v0.2.3/go.mod h1:W8HywhmtlopSB1jeMg3JtdIhf+DYkL
 github.com/pborman/uuid v1.2.1 h1:+ZZIw58t/ozdjRaXh/3awHfmWRbzYxJoAdNJxe/3pvw=
 github.com/pborman/uuid v1.2.1/go.mod h1:X/NO0urCmaxf9VXbdlT7C2Yzkj2IKimNn4k+gtPdI/k=
 github.com/pelletier/go-toml v1.7.0/go.mod h1:vwGMzjaWMwyfHwgIBhI2YUM4fB6nL6lVAvS1LBMMhTE=
-github.com/pelletier/go-toml/v2 v2.0.9 h1:uH2qQXheeefCCkuBBSLi7jCiSmj3VRh2+Goq2N7Xxu0=
-github.com/pelletier/go-toml/v2 v2.0.9/go.mod h1:tJU2Z3ZkXwnxa4DPO899bsyIoywizdUvyaeZurnPPDc=
+github.com/pelletier/go-toml/v2 v2.1.0 h1:FnwAJ4oYMvbT/34k9zzHuZNrhlz48GB3/s6at6/MHO4=
+github.com/pelletier/go-toml/v2 v2.1.0/go.mod h1:tJU2Z3ZkXwnxa4DPO899bsyIoywizdUvyaeZurnPPDc=
 github.com/philhofer/fwd v1.1.2 h1:bnDivRJ1EWPjUIRXV5KfORO897HTbpFAQddBdE8t7Gw=
 github.com/philhofer/fwd v1.1.2/go.mod h1:qkPdfjR2SIEbspLqpe1tO4n5yICnr2DY7mqEx2tUTP0=
 github.com/pkg/browser v0.0.0-20210911075715-681adbf594b8 h1:KoWmjvw+nsYOo29YJK9vDA65RGE3NrOnUtO7a+RF9HU=
@@ -1559,6 +1561,8 @@ gopkg.in/yaml.v3 v3.0.0-20200615113413-eeeca48fe776/go.mod h1:K4uyk7z7BCEPqu6E+C
 gopkg.in/yaml.v3 v3.0.0-20210107192922-496545a6307b/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM=
 gopkg.in/yaml.v3 v3.0.1 h1:fxVm/GzAzEWqLHuvctI91KS9hhNmmWOoWu0XTYJS7CA=
 gopkg.in/yaml.v3 v3.0.1/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM=
+gotest.tools v2.2.0+incompatible h1:VsBPFP1AI068pPrMxtb/S8Zkgf9xEmTLJjfM+P5UIEo=
+gotest.tools v2.2.0+incompatible/go.mod h1:DsYFclhRJ6vuDpmuTbkuFWG+y2sxOXAzmJt81HFBacw=
 gotest.tools/v3 v3.5.0 h1:Ljk6PdHdOhAb5aDMWXjDLMMhph+BpztA4v1QdqEW2eY=
 gotest.tools/v3 v3.5.0/go.mod h1:isy3WKz7GK6uNw/sbHzfKBLvlvXwUyV06n6brMxxopU=
 honnef.co/go/tools v0.0.0-20190102054323-c2f93a96b099/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4=
@@ -1578,12 +1582,12 @@ k8s.io/client-go v0.28.1 h1:pRhMzB8HyLfVwpngWKE8hDcXRqifh1ga2Z/PU9SXVK8=
 k8s.io/client-go v0.28.1/go.mod h1:pEZA3FqOsVkCc07pFVzK076R+P/eXqsgx5zuuRWukNE=
 k8s.io/klog/v2 v2.100.1 h1:7WCHKK6K8fNhTqfBhISHQ97KrnJNFZMcQvKp7gP/tmg=
 k8s.io/klog/v2 v2.100.1/go.mod h1:y1WjHnz7Dj687irZUWR/WLkLc5N1YHtjLdmgWjndZn0=
-k8s.io/kube-openapi v0.0.0-20230816210353-14e408962443 h1:CAIciCnJnSOQxPd0xvpV6JU3D4AJvnYbImPpFpO9Hnw=
-k8s.io/kube-openapi v0.0.0-20230816210353-14e408962443/go.mod h1:wZK2AVp1uHCp4VamDVgBP2COHZjqD1T68Rf0CM3YjSM=
+k8s.io/kube-openapi v0.0.0-20230901164831-6c774f458599 h1:nVKRi5eItf3x9kkIMfdT4D1/LqPzj0bLjxLYWbdUtV0=
+k8s.io/kube-openapi v0.0.0-20230901164831-6c774f458599/go.mod h1:AsvuZPBlUDVuCdzJ87iajxtXuR9oktsTctW/R9wwouA=
 k8s.io/utils v0.0.0-20230726121419-3b25d923346b h1:sgn3ZU783SCgtaSJjpcVVlRqd6GSnlTLKgpAAttJvpI=
 k8s.io/utils v0.0.0-20230726121419-3b25d923346b/go.mod h1:OLgZIPagt7ERELqWJFomSt595RzquPNLL48iOWgYOg0=
-oras.land/oras-go/v2 v2.2.1 h1:3VJTYqy5KfelEF9c2jo1MLSpr+TM3mX8K42wzZcd6qE=
-oras.land/oras-go/v2 v2.2.1/go.mod h1:GeAwLuC4G/JpNwkd+bSZ6SkDMGaaYglt6YK2WvZP7uQ=
+oras.land/oras-go/v2 v2.3.0 h1:lqX1aXdN+DAmDTKjiDyvq85cIaI4RkIKp/PghWlAGIU=
+oras.land/oras-go/v2 v2.3.0/go.mod h1:GeAwLuC4G/JpNwkd+bSZ6SkDMGaaYglt6YK2WvZP7uQ=
 rsc.io/binaryregexp v0.2.0/go.mod h1:qTv7/COck+e2FymRvadv62gMdZztPaShugOCi3I+8D8=
 rsc.io/quote/v3 v3.1.0/go.mod h1:yEA65RcK8LyAZtP9Kv3t0HmxON59tX3rD+tICJqUlj0=
 rsc.io/sampler v1.3.0/go.mod h1:T1hPZKmBbMNahiBKFy5HrXp6adAjACjK9JXDnKaTXpA=

diff --git a/pkg/driver/distro/amzn.go b/pkg/driver/distro/amzn.go
@@ -18,9 +18,8 @@ package driverdistro
 import (
 	"fmt"
 
+	"github.com/falcosecurity/driverkit/pkg/kernelrelease"
 	"gopkg.in/ini.v1"
-
-	driverkernel "github.com/falcosecurity/falcoctl/pkg/driver/kernel"
 )
 
 func init() {
@@ -31,7 +30,7 @@ type amzn struct {
 	*generic
 }
 
-func (a *amzn) init(i driverkernel.Info, _ string, cfg *ini.File) error {
+func (a *amzn) init(kr kernelrelease.KernelRelease, _ string, cfg *ini.File) error {
 	idKey := cfg.Section("").Key("VERSION_ID")
 	if idKey == nil {
 		// OS-release without `VERSION_ID` (can it happen?)
@@ -49,5 +48,5 @@ func (a *amzn) init(i driverkernel.Info, _ string, cfg *ini.File) error {
 	default:
 		newID = "amazonlinux"
 	}
-	return a.generic.init(i, newID, cfg)
+	return a.generic.init(kr, newID, cfg)
 }
diff --git a/pkg/driver/distro/bottlerocket.go b/pkg/driver/distro/bottlerocket.go
@@ -19,9 +19,8 @@ import (
 	"fmt"
 	"strings"
 
+	"github.com/falcosecurity/driverkit/pkg/kernelrelease"
 	"gopkg.in/ini.v1"
-
-	driverkernel "github.com/falcosecurity/falcoctl/pkg/driver/kernel"
 )
 
 func init() {
@@ -34,7 +33,7 @@ type bottlerocket struct {
 	versionID string
 }
 
-func (b *bottlerocket) init(i driverkernel.Info, id string, cfg *ini.File) error {
+func (b *bottlerocket) init(kr kernelrelease.KernelRelease, id string, cfg *ini.File) error {
 	idKey := cfg.Section("").Key("VERSION_ID")
 	if idKey == nil {
 		// OS-release without `VERSION_ID` (can it happen?)
@@ -48,10 +47,10 @@ func (b *bottlerocket) init(i driverkernel.Info, id string, cfg *ini.File) error
 	}
 	b.variantID = strings.Split(idKey.String(), "-")[0]
 
-	return b.generic.init(i, id, cfg)
+	return b.generic.init(kr, id, cfg)
 }
 
-func (b *bottlerocket) fixupKernel(i driverkernel.Info) driverkernel.Info {
-	i.KernelVersion = fmt.Sprintf("1_%s-%s", b.versionID, b.variantID)
-	return i
+func (b *bottlerocket) fixupKernel(kr kernelrelease.KernelRelease) kernelrelease.KernelRelease {
+	kr.KernelVersion = fmt.Sprintf("1_%s-%s", b.versionID, b.variantID)
+	return kr
 }
diff --git a/pkg/driver/distro/debian.go b/pkg/driver/distro/debian.go
@@ -20,6 +20,8 @@ import (
 	"os"
 	"regexp"
 
+	"github.com/falcosecurity/driverkit/pkg/kernelrelease"
+
 	driverkernel "github.com/falcosecurity/falcoctl/pkg/driver/kernel"
 )
 
@@ -43,8 +45,8 @@ func (d *debian) check(hostRoot string) bool {
 	return false
 }
 
-func (d *debian) fixupKernel(i driverkernel.Info) driverkernel.Info {
-	// Workaround: debian kernelreleases might now be actual kernel running;
+func (d *debian) fixupKernel(kr kernelrelease.KernelRelease) kernelrelease.KernelRelease {
+	// Workaround: debian kernelreleases might not be actual kernel running;
 	// instead, they might be the Debian kernel package
 	// providing the compatible kernel ABI
 	// See https://lists.debian.org/debian-user/2017/03/msg00485.html
@@ -58,13 +60,16 @@ func (d *debian) fixupKernel(i driverkernel.Info) driverkernel.Info {
 	// Example: KERNEL_RELEASE="5.10.0-0.deb10.22-rt-amd64" and `uname -v`="5.10.178-3"
 	// should lead to: KERNEL_RELEASE="5.10.178-3-rt-amd64"
 	archExtra := ""
-	if debianKernelReleaseRegex.MatchString(i.KernelRelease) {
-		matches := debianKernelReleaseRegex.FindStringSubmatch(i.KernelRelease)
+	if debianKernelReleaseRegex.MatchString(kr.FullExtraversion) {
+		matches := debianKernelReleaseRegex.FindStringSubmatch(kr.FullExtraversion)
+		// -rt-amd64
 		archExtra = fmt.Sprintf("-%s%s", matches[1], matches[2])
 	}
-	if debianKernelVersionRegex.MatchString(i.KernelVersion) {
-		matches := debianKernelVersionRegex.FindStringSubmatch(i.KernelVersion)
-		i.KernelRelease = fmt.Sprintf("%s%s", matches[1], archExtra)
+	if debianKernelVersionRegex.MatchString(kr.KernelVersion) {
+		// Real kernel release becomes: "5.10.178-3-rt-amd64"
+		realKernelReleaseStr := fmt.Sprintf("%s%s", kr.KernelVersion, archExtra)
+		// Parse it once again to a KernelRelease struct
+		kr, _ = driverkernel.FetchInfo(realKernelReleaseStr, "1")
 	}
-	return i
+	return kr
 }