diff --git a/userspace/falco/app/actions/start_webserver.cpp b/userspace/falco/app/actions/start_webserver.cpp index 76dd3f82621..d4e2c365b0e 100644 --- a/userspace/falco/app/actions/start_webserver.cpp +++ b/userspace/falco/app/actions/start_webserver.cpp @@ -24,61 +24,57 @@ limitations under the License. using namespace falco::app; using namespace falco::app::actions; -falco::app::run_result falco::app::actions::start_webserver(falco::app::state& s) +falco::app::run_result falco::app::actions::start_webserver(falco::app::state& state) { #if !defined(_WIN32) && !defined(__EMSCRIPTEN__) && !defined(MINIMAL_BUILD) - if(!s.is_capture_mode() && s.config->m_webserver_enabled) + if(!state.is_capture_mode() && state.config->m_webserver_enabled) { - if (s.options.dry_run) + if (state.options.dry_run) { falco_logger::log(falco_logger::level::DEBUG, "Skipping starting webserver in dry-run\n"); return run_result::ok(); } - std::string ssl_option = (s.config->m_webserver_ssl_enabled ? " (SSL)" : ""); + falco_configuration::webserver_config webserver_config = state.config->m_webserver_config; + std::string ssl_option = (webserver_config.m_ssl_enabled ? " (SSL)" : ""); falco_logger::log(falco_logger::level::INFO, "Starting health webserver with threadiness " - + std::to_string(s.config->m_webserver_threadiness) + + std::to_string(webserver_config.m_threadiness) + ", listening on " - + s.config->m_webserver_listen_address + + webserver_config.m_listen_address + ":" - + std::to_string(s.config->m_webserver_listen_port) + + std::to_string(webserver_config.m_listen_port) + ssl_option + "\n"); std::vector metrics_collectors; - if (s.config->m_metrics_enabled && s.config->m_webserver_metrics_enabled) + if (state.config->m_metrics_enabled && webserver_config.m_metrics_enabled) { - for (const auto& source_info: s.source_infos) + for (const auto& source_info: state.source_infos) { - metrics_collectors.push_back(libs::metrics::libs_metrics_collector(source_info.inspector.get(), s.config->m_metrics_flags)); + metrics_collectors.push_back(libs::metrics::libs_metrics_collector(source_info.inspector.get(), state.config->m_metrics_flags)); } } - s.webserver.start( - s.offline_inspector, + state.webserver.start( + state.offline_inspector, metrics_collectors, - s.config->m_webserver_threadiness, - s.config->m_webserver_listen_port, - s.config->m_webserver_listen_address, - s.config->m_webserver_k8s_healthz_endpoint, - s.config->m_webserver_ssl_certificate, - s.config->m_webserver_ssl_enabled); + webserver_config); } #endif return run_result::ok(); } -falco::app::run_result falco::app::actions::stop_webserver(falco::app::state& s) +falco::app::run_result falco::app::actions::stop_webserver(falco::app::state& state) { #if !defined(_WIN32) && !defined(__EMSCRIPTEN__) && !defined(MINIMAL_BUILD) - if(!s.is_capture_mode() && s.config->m_webserver_enabled) + if(!state.is_capture_mode() && state.config->m_webserver_enabled) { - if (s.options.dry_run) + if (state.options.dry_run) { falco_logger::log(falco_logger::level::DEBUG, "Skipping stopping webserver in dry-run\n"); return run_result::ok(); } - s.webserver.stop(); + state.webserver.stop(); } #endif return run_result::ok(); diff --git a/userspace/falco/configuration.cpp b/userspace/falco/configuration.cpp index 008043bda2b..5c6942a9a7a 100644 --- a/userspace/falco/configuration.cpp +++ b/userspace/falco/configuration.cpp @@ -60,12 +60,6 @@ falco_configuration::falco_configuration(): m_grpc_enabled(false), m_grpc_threadiness(0), m_webserver_enabled(false), - m_webserver_threadiness(0), - m_webserver_listen_port(8765), - m_webserver_listen_address("0.0.0.0"), - m_webserver_k8s_healthz_endpoint("/healthz"), - m_webserver_ssl_enabled(false), - m_webserver_metrics_enabled(false), m_syscall_evt_drop_threshold(.1), m_syscall_evt_drop_rate(.03333), m_syscall_evt_drop_max_burst(1), @@ -373,22 +367,22 @@ void falco_configuration::load_yaml(const std::string& config_name, const yaml_h m_time_format_iso_8601 = config.get_scalar("time_format_iso_8601", false); m_webserver_enabled = config.get_scalar("webserver.enabled", false); - m_webserver_threadiness = config.get_scalar("webserver.threadiness", 0); - m_webserver_listen_port = config.get_scalar("webserver.listen_port", 8765); - m_webserver_listen_address = config.get_scalar("webserver.listen_address", "0.0.0.0"); - if(!re2::RE2::FullMatch(m_webserver_listen_address, ip_address_re)) + m_webserver_config.m_threadiness = config.get_scalar("webserver.threadiness", 0); + m_webserver_config.m_listen_port = config.get_scalar("webserver.listen_port", 8765); + m_webserver_config.m_listen_address = config.get_scalar("webserver.listen_address", "0.0.0.0"); + if(!re2::RE2::FullMatch(m_webserver_config.m_listen_address, ip_address_re)) { - throw std::logic_error("Error reading config file (" + config_name + "): webserver listen address \"" + m_webserver_listen_address + "\" is not a valid IP address"); + throw std::logic_error("Error reading config file (" + config_name + "): webserver listen address \"" + m_webserver_config.m_listen_address + "\" is not a valid IP address"); } - m_webserver_k8s_healthz_endpoint = config.get_scalar("webserver.k8s_healthz_endpoint", "/healthz"); - m_webserver_ssl_enabled = config.get_scalar("webserver.ssl_enabled", false); - m_webserver_ssl_certificate = config.get_scalar("webserver.ssl_certificate", "/etc/falco/falco.pem"); - if(m_webserver_threadiness == 0) + m_webserver_config.m_k8s_healthz_endpoint = config.get_scalar("webserver.k8s_healthz_endpoint", "/healthz"); + m_webserver_config.m_ssl_enabled = config.get_scalar("webserver.ssl_enabled", false); + m_webserver_config.m_ssl_certificate = config.get_scalar("webserver.ssl_certificate", "/etc/falco/falco.pem"); + if(m_webserver_config.m_threadiness == 0) { - m_webserver_threadiness = falco::utils::hardware_concurrency(); + m_webserver_config.m_threadiness = falco::utils::hardware_concurrency(); } - m_webserver_metrics_enabled = config.get_scalar("webserver.metrics_enabled", false); + m_webserver_config.m_metrics_enabled = config.get_scalar("webserver.metrics_enabled", false); std::list syscall_event_drop_acts; config.get_sequence(syscall_event_drop_acts, "syscall_event_drops.actions"); diff --git a/userspace/falco/configuration.h b/userspace/falco/configuration.h index 9f1e36fe604..ad6371bc747 100644 --- a/userspace/falco/configuration.h +++ b/userspace/falco/configuration.h @@ -83,6 +83,16 @@ class falco_configuration std::string m_root; }; + struct webserver_config { + uint32_t m_threadiness = 0; + uint32_t m_listen_port = 8765; + std::string m_listen_address = "0.0.0.0"; + std::string m_k8s_healthz_endpoint = "/healthz"; + bool m_ssl_enabled = false; + std::string m_ssl_certificate; + bool m_metrics_enabled = false; + }; + falco_configuration(); virtual ~falco_configuration() = default; @@ -120,13 +130,7 @@ class falco_configuration std::string m_grpc_root_certs; bool m_webserver_enabled; - uint32_t m_webserver_threadiness; - uint32_t m_webserver_listen_port; - std::string m_webserver_listen_address; - std::string m_webserver_k8s_healthz_endpoint; - bool m_webserver_ssl_enabled; - std::string m_webserver_ssl_certificate; - bool m_webserver_metrics_enabled; + webserver_config m_webserver_config; syscall_evt_drop_actions m_syscall_evt_drop_actions; double m_syscall_evt_drop_threshold; diff --git a/userspace/falco/webserver.cpp b/userspace/falco/webserver.cpp index d6890ec42f7..33e55477728 100644 --- a/userspace/falco/webserver.cpp +++ b/userspace/falco/webserver.cpp @@ -28,12 +28,7 @@ falco_webserver::~falco_webserver() void falco_webserver::start( const std::shared_ptr& inspector, const std::vector& metrics_collectors, - uint32_t threadiness, - uint32_t listen_port, - std::string& listen_address, - std::string& healthz_endpoint, - std::string &ssl_certificate, - bool ssl_enabled) + const falco_configuration::webserver_config& configuration) { if (m_running) { @@ -42,11 +37,11 @@ void falco_webserver::start( } // allocate and configure server - if (ssl_enabled) + if (configuration.m_ssl_enabled) { m_server = std::make_unique( - ssl_certificate.c_str(), - ssl_certificate.c_str()); + configuration.m_ssl_certificate.c_str(), + configuration.m_ssl_certificate.c_str()); } else { @@ -54,10 +49,10 @@ void falco_webserver::start( } // configure server - m_server->new_task_queue = [&threadiness] { return new httplib::ThreadPool(threadiness); }; + m_server->new_task_queue = [configuration] { return new httplib::ThreadPool(configuration.m_threadiness); }; // setup healthz endpoint - m_server->Get(healthz_endpoint, + m_server->Get(configuration.m_k8s_healthz_endpoint, [](const httplib::Request &, httplib::Response &res) { res.set_content("{\"status\": \"ok\"}", "application/json"); }); @@ -100,11 +95,11 @@ void falco_webserver::start( std::atomic failed; failed.store(false, std::memory_order_release); - m_server_thread = std::thread([this, listen_address, listen_port, &failed] + m_server_thread = std::thread([this, configuration, &failed] { try { - this->m_server->listen(listen_address, listen_port); + this->m_server->listen(configuration.m_listen_address, configuration.m_listen_port); } catch(std::exception &e) { diff --git a/userspace/falco/webserver.h b/userspace/falco/webserver.h index 81f446d5d61..57eae4d2b23 100644 --- a/userspace/falco/webserver.h +++ b/userspace/falco/webserver.h @@ -37,12 +37,7 @@ class falco_webserver virtual void start( const std::shared_ptr& inspector, const std::vector& metrics_collectors, - uint32_t threadiness, - uint32_t listen_port, - std::string& list_address, - std::string& healthz_endpoint, - std::string &ssl_certificate, - bool ssl_enabled); + const falco_configuration::webserver_config& configuration); virtual void stop(); private: