Dynatrace output - Client cerfification check even if check certificate is disabled

[henrikrexed]

Describe the bug

When using the dynatrace output i discovered in the logs of falcosidekick that it tries to check the certificate even if this option is disbabled.
here is an output on the logs produced:

2024/09/04 09:18:25 [INFO] : Dynatrace - POST OK (204)
2024/09/04 09:18:25 [ERROR] : Dynatrace - open /etc/certs/client/ca.crt: no such file or directory

How to reproduce it

install falco and falcosidekick:
helm install falco
--set driver.kind=modern_ebpf
--set tty=true
--set collectors.kubernetes.enabled=true
--set falco.json_output=true
--set metrics.enabled=true
--set falcosidekick.enabled=true
--set falcosidekick.config.otlp.traces.checkcert=false
--set falcosidekick.config.otlp.traces.endpoint=http://otel-collector.default.svc.cluster.local:4318/v1/traces
--set falcosidekick.config.otlp.traces.minimumpriority=debug
--set falcosidekick.config.otlp.traces.protocol=grpc
--set falcosidekick.config.otlp.traces.synced=true
--set falcosidekick.config.dynatrace.apiurl=$DTURL/api
--set falcosidekick.config.dynatrace.apitoken=$DTTOKEN
--set falcosidekick.config.dynatrace.minimumpriority=debug
--set falcosidekick.config.dynatrace.checkcert=false
--set falcosidekick.webui.enabled=true
--namespace falco --create-namespace falcosecurity/falco

install the ungard application that would produce falco events:

helm repo add bitnami https://charts.bitnami.com/bitnami
helm install unguard-mariadb bitnami/mariadb --version 11.5.7 --set primary.persistence.enabled=false --wait --namespace unguard --create-namespace
helm install unguard oci://ghcr.io/dynatrace-oss/unguard/chart/unguard --wait --namespace unguard --create-namespace

Expected behaviour
the logs sent by falcosidekick should be ingested in dynatrace without validating the certificate.

Environment

• Falco version: 0.38.2
  helm chart: falco-4.8.1

• Cloud provider or hardware configuration:

• Installation method:

Falco installed on a GKE cluster.
Here is the github repo with the instructions for this environment:
https://github.com/isItObservable/falco

[Issif]

Thanks Henrik, I'll take a look in the next days.

[Issif]

I found the issue, it comes from a mistake in the values.yaml of the helm chart: https://github.com/falcosecurity/charts/blob/4d2da46d13bf580026fcb9286cb017d6c6f749fe/charts/falcosidekick/values.yaml#L168 this value should be empty by default. This issue is generic to all outputs using the http client. I'll create a fix for that.

Edit: PR falcosecurity/charts#736

[Issif]

The fix has been merged in the chart.