poiana
commented
1 week ago Welcome @maxd-wttj! It looks like this is your first PR to falcosecurity/falcosidekick 🎉
Closed maxd-wttj closed 1 week ago
poiana
commented
1 week ago Welcome @maxd-wttj! It looks like this is your first PR to falcosecurity/falcosidekick 🎉
poiana
commented
1 week ago LGTM label has been added. Git tree hash: cea7c51f675cbc2a680bc08e0ff7519af6f5aaf8
Issif
commented
1 week ago An unit test is failing:
=== RUN TestNewDatadogPayload
datadog_test.go:24:
Error Trace: /home/runner/work/falcosidekick/falcosidekick/outputs/datadog_test.go:24
Error: Not equal:
expected: outputs.datadogPayload{Title:"Test rule", Text:"This is a test from falcosidekick", AlertType:"info", SourceType:"falco", Tags:[]string{"proc.name:falcosidekick", "source:syscalls", "hostname:test-host", "example", "test"}}
actual : outputs.datadogPayload{Title:"Test rule", Text:"This is a test from falcosidekick", AlertType:"info", SourceType:"falco", Tags:[]string{"proc.name:falcosidekick", "source:syscalls", "source:falco", "hostname:test-host", "example", "test"}}
Diff:
--- Expected
+++ Actual
@@ -5,5 +5,6 @@
SourceType: (string) (len=5) "falco",
- Tags: ([]string) (len=5) {
+ Tags: ([]string) (len=6) {
(string) (len=23) "proc.name:falcosidekick",
(string) (len=15) "source:syscalls",
+ (string) (len=12) "source:falco",
(string) (len=18) "hostname:test-host",
Test: TestNewDatadogPayload
maxd-wttj
commented
1 week ago An unit test is failing:
=== RUN TestNewDatadogPayload datadog_test.go:24: Error Trace: /home/runner/work/falcosidekick/falcosidekick/outputs/datadog_test.go:24 Error: Not equal: expected: outputs.datadogPayload{Title:"Test rule", Text:"This is a test from falcosidekick", AlertType:"info", SourceType:"falco", Tags:[]string{"proc.name:falcosidekick", "source:syscalls", "hostname:test-host", "example", "test"}} actual : outputs.datadogPayload{Title:"Test rule", Text:"This is a test from falcosidekick", AlertType:"info", SourceType:"falco", Tags:[]string{"proc.name:falcosidekick", "source:syscalls", "source:falco", "hostname:test-host", "example", "test"}} Diff: --- Expected +++ Actual @@ -5,5 +5,6 @@ SourceType: (string) (len=5) "falco", - Tags: ([]string) (len=5) { + Tags: ([]string) (len=6) { (string) (len=23) "proc.name:falcosidekick", (string) (len=15) "source:syscalls", + (string) (len=12) "source:falco", (string) (len=18) "hostname:test-host", Test: TestNewDatadogPayload
I'll check the test and update accordingly
poiana
commented
1 week ago [APPROVALNOTIFIER] This PR is APPROVED
This pull-request has been approved by: Issif, maxd-wttj
The full list of commands accepted by this bot can be found here.
The pull request process is described here
poiana
commented
1 week ago LGTM label has been added. Git tree hash: a447964562e4d89721765f01b84d77c5e1b1ea4e
What type of PR is this?
/kind feature
Any specific area of the project related to this PR?
What this PR does / why we need it:
This PR adds a "falco" source tag to events sent to Datadog. Currently, these events are only tagged according to the Falco event source, and the Datadog default "my apps" tag, which makes targeting all falco events in datadog quite cumbersome. With an additional "falco" tag, it is now easier to filter falco events.
Before:
After:
Which issue(s) this PR fixes:
Fixes #1017
Special notes for your reviewer: