refactor(userspace/engine): decoupling ruleset reading, parsing, and compilation steps #1970
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
The rule_loader is now simply responsible of collecting list/macro/rule definitions and then compiling them as falco_rules. The ruleset file reading code will be moved to another class Signed-off-by: Jason Dellaluce <jasondellaluce@gmail.com>
The rule_reader class is responsible of parsing the YAML ruleset text and of using the rule_loader to store the new definition in the internal state. This is a first step towards separating the YAML reading logic from the rule parsing one. Potentially, this will allow us to read rulesets from another YAML library or from something different than YAML files too. Signed-off-by: Jason Dellaluce <jasondellaluce@gmail.com>
Signed-off-by: Jason Dellaluce <jasondellaluce@gmail.com>
mstemm
requested changes
Apr 13, 2022
Once all rule files have been loaded, and all the rules have been compiled into filters and inserted in the engine rulesets, the loader definitions are maintained in memory without really being used. This commit adds a convenience method to clear the loader state and free-up some memory when engine consumers do not require such information in memory anymore. Signed-off-by: Jason Dellaluce <jasondellaluce@gmail.com>
…and rule_reader Signed-off-by: Jason Dellaluce <jasondellaluce@gmail.com>
jasondellaluce
force-pushed
the
poc/rule-loader-decouplin
branch
from
062f413 to
802ab61
Compare
mstemm
approved these changes
Apr 14, 2022
|
LGTM label has been added. Git tree hash: 1b5b7fa644dd814ba25ce4f4a4267a1d79c6baf8
|
|
[APPROVALNOTIFIER] This PR is APPROVED This pull-request has been approved by: jasondellaluce, leogr The full list of commands accepted by this bot can be found here. The pull request process is described here
Needs approval from an approver in each of these files:
Approvers can indicate their approval by writing |
|
/milestone 0.32.0 |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
What type of PR is this?
/kind cleanup
/kind design
/kind feature
Any specific area of the project related to this PR?
/area engine
What this PR does / why we need it:
This is PR is not supposed to bring any breaking changes. The goal of this is to de-couple the logic related to ruleset file/content loading in the Falco Engine. With this, YAML reading and rule parsing/compilation are operated by the two distinct classes
rule_readerandrule_loader. This not only makes the code more clean, but will also allow us to swap YAML library in the future, or even support alternative methods of loading rulesets.On top of that, this also adds the optional feature of clearing the rule loader state with a
clear_loadermethod in the engine, which is helpful to free some memory once all rule files have been loaded and when such information is not used anymore.Which issue(s) this PR fixes:
Special notes for your reviewer:
Does this PR introduce a user-facing change?: