logs: rules as received from RC use some specific consts. (#24484)

DataDog · Apr 8, 2024 · 415f595 · 415f595
1 parent 5c66b7c
commit 415f595
Showing 1 changed file with 53 additions and 32 deletions.
diff --git a/pkg/logs/sds/scanner.go b/pkg/logs/sds/scanner.go
@@ -47,6 +47,17 @@ func CreateScanner() *Scanner {
 	return scanner
 }
 
+// MatchActions as exposed by the RC configurations.
+const (
+	matchActionRCHash          = "hash"
+	matchActionRCNone          = "none"
+	matchActionRCPartialRedact = "partial_redact"
+	matchActionRCRedact        = "redact"
+
+	RCPartialRedactFirstCharacters = "first"
+	RCPartialRedactLastCharacters  = "last"
+)
+
 // Reconfigure uses the given `ReconfigureOrder` to reconfigure in-memory
 // standard rules or user configuration.
 // The order contains both the kind of reconfiguration to do and the raw bytes
@@ -133,12 +144,11 @@ func (s *Scanner) reconfigureRules(rawConfig []byte) error {
 		return fmt.Errorf("Can't unmarshal raw configuration: %v", err)
 	}
 
-
 	// ignore disabled rules
 	totalRulesReceived := len(config.Rules)
 	config = config.OnlyEnabled()
 
-	log.Infof("Starting an SDS reconfiguration: %d rules received (in which %d are disabled)", totalRulesReceived, totalRulesReceived - len(config.Rules))
+	log.Infof("Starting an SDS reconfiguration: %d rules received (in which %d are disabled)", totalRulesReceived, totalRulesReceived-len(config.Rules))
 
 	// if we received an empty array of rules or all rules disabled, interprets this as "stop SDS".
 	if len(config.Rules) == 0 {
@@ -164,36 +174,12 @@ func (s *Scanner) reconfigureRules(rawConfig []byte) error {
 			continue
 		}
 
-		// from here: `standardRule` contains the definition, with the name, pattern, etc.
-		//            `userRule`     contains the configuration done by the user: match action, etc.
-
-		var extraConfig sds.ExtraConfig
-		if len(userRule.IncludedKeywords.Keywords) > 0 {
-			extraConfig.ProximityKeywords = sds.CreateProximityKeywordsConfig(userRule.IncludedKeywords.CharacterCount, userRule.IncludedKeywords.Keywords, nil)
-		}
-
-		// create the rules for the scanner
-		matchAction := strings.ToLower(userRule.MatchAction.Type)
-		switch matchAction {
-		case strings.ToLower(string(sds.MatchActionNone)):
-			sdsRules = append(sdsRules, sds.NewMatchingRule(standardRule.Name, standardRule.Pattern, extraConfig))
-		case strings.ToLower(string(sds.MatchActionRedact)):
-			sdsRules = append(sdsRules, sds.NewRedactingRule(standardRule.Name, standardRule.Pattern, userRule.MatchAction.Placeholder, extraConfig))
-		case strings.ToLower(string(sds.MatchActionPartialRedact)):
-			direction := sds.LastCharacters
-			switch userRule.MatchAction.Direction {
-			case string(sds.LastCharacters):
-				direction = sds.LastCharacters
-			case string(sds.FirstCharacters):
-				direction = sds.FirstCharacters
-			default:
-				log.Warnf("Unknown PartialRedact direction (%v), falling back on LastCharacters", userRule.MatchAction.Direction)
-			}
-			sdsRules = append(sdsRules, sds.NewPartialRedactRule(standardRule.Name, standardRule.Pattern, userRule.MatchAction.CharacterCount, direction, extraConfig))
-		case strings.ToLower(string(sds.MatchActionHash)):
-			sdsRules = append(sdsRules, sds.NewHashRule(standardRule.Name, standardRule.Pattern, extraConfig))
-		default:
-			log.Warnf("Unknown MatchAction type (%v) for rule '%s':", matchAction, standardRule.Name)
+		if rule, err := interpretRCRule(userRule, standardRule); err != nil {
+			// we warn that we can't interpret this rule, but we continue in order
+			// to properly continue processing with the rest of the rules.
+			log.Warnf("%v", err.Error())
+		} else {
+			sdsRules = append(sdsRules, rule)
 		}
 	}
 
@@ -221,6 +207,41 @@ func (s *Scanner) reconfigureRules(rawConfig []byte) error {
 	return nil
 }
 
+// interpretRCRule interprets a rule as received through RC to return
+// an sds.Rule usable with the shared library.
+// `standardRule` contains the definition, with the name, pattern, etc.
+// `userRule`     contains the configuration done by the user: match action, etc.
+func interpretRCRule(userRule RuleConfig, standardRule StandardRuleConfig) (sds.Rule, error) {
+	var extraConfig sds.ExtraConfig
+	if len(userRule.IncludedKeywords.Keywords) > 0 {
+		extraConfig.ProximityKeywords = sds.CreateProximityKeywordsConfig(userRule.IncludedKeywords.CharacterCount, userRule.IncludedKeywords.Keywords, nil)
+	}
+
+	// create the rules for the scanner
+	matchAction := strings.ToLower(userRule.MatchAction.Type)
+	switch matchAction {
+	case matchActionRCNone:
+		return sds.NewMatchingRule(standardRule.Name, standardRule.Pattern, extraConfig), nil
+	case matchActionRCRedact:
+		return sds.NewRedactingRule(standardRule.Name, standardRule.Pattern, userRule.MatchAction.Placeholder, extraConfig), nil
+	case matchActionRCPartialRedact:
+		direction := sds.LastCharacters
+		switch userRule.MatchAction.Direction {
+		case string(RCPartialRedactLastCharacters):
+			direction = sds.LastCharacters
+		case string(RCPartialRedactFirstCharacters):
+			direction = sds.FirstCharacters
+		default:
+			log.Warnf("Unknown PartialRedact direction (%v), falling back on LastCharacters", userRule.MatchAction.Direction)
+		}
+		return sds.NewPartialRedactRule(standardRule.Name, standardRule.Pattern, userRule.MatchAction.CharacterCount, direction, extraConfig), nil
+	case matchActionRCHash:
+		return sds.NewHashRule(standardRule.Name, standardRule.Pattern, extraConfig), nil
+	}
+
+	return sds.Rule{}, fmt.Errorf("Unknown MatchAction type (%v) received through RC for rule '%s':", matchAction, standardRule.Name)
+}
+
 // Scan scans the given `event` using the internal SDS scanner.
 // Returns an error if the internal SDS scanner is not ready. If you need to
 // validate that the internal SDS scanner can be used, use `IsReady()`.