From 31d89f7db0e18409a2ce68c7c39e3c5c3f37a2d1 Mon Sep 17 00:00:00 2001 From: William Findlay Date: Wed, 11 Dec 2024 15:04:10 -0500 Subject: [PATCH] api: ensure CIDR and IP CEL extensions are documented Add CIDR and IP CEL extensions to the docs by sneaking them in through gRPC API documentation. A subsequent commit will add similar docs to the event filtering documentation. Signed-off-by: William Findlay --- api/v1/README.md | 2 +- api/v1/tetragon/events.pb.go | 3 ++- api/v1/tetragon/events.proto | 3 ++- .../github.com/cilium/tetragon/api/v1/tetragon/events.pb.go | 3 ++- .../github.com/cilium/tetragon/api/v1/tetragon/events.proto | 3 ++- docs/content/en/docs/reference/grpc-api.md | 2 +- vendor/github.com/cilium/tetragon/api/v1/tetragon/events.pb.go | 3 ++- vendor/github.com/cilium/tetragon/api/v1/tetragon/events.proto | 3 ++- 8 files changed, 14 insertions(+), 8 deletions(-) diff --git a/api/v1/README.md b/api/v1/README.md index 741a939ec4c..d357a634950 100644 --- a/api/v1/README.md +++ b/api/v1/README.md @@ -1426,7 +1426,7 @@ Capability set to filter over. NOTE: you may specify only ONE set here. | policy_names | [string](#string) | repeated | Filter events by tracing policy names | | capabilities | [CapFilter](#tetragon-CapFilter) | | Filter events by Linux process capability | | parent_binary_regex | [string](#string) | repeated | Filter parent process' binary using RE2 regular expression syntax. | -| cel_expression | [string](#string) | repeated | Filter using CEL expressions. | +| cel_expression | [string](#string) | repeated | Filter using CEL expressions. CEL filters support IP and CIDR notiation extensions from the k8s project. See https://pkg.go.dev/k8s.io/apiserver/pkg/cel/library#IP and https://pkg.go.dev/k8s.io/apiserver/pkg/cel/library#CIDR for details. | | parent_arguments_regex | [string](#string) | repeated | Filter by process.parent.arguments field using RE2 regular expression syntax: https://github.com/google/re2/wiki/Syntax | | container_id | [string](#string) | repeated | Filter by the container ID in the process.docker field using RE2 regular expression syntax: https://github.com/google/re2/wiki/Syntax | | in_init_tree | [google.protobuf.BoolValue](#google-protobuf-BoolValue) | | Filter containerized processes based on whether they are descendants of the container's init process. This can be used, for example, to watch for processes injected into a container via docker exec, kubectl exec, or similar mechanisms. | diff --git a/api/v1/tetragon/events.pb.go b/api/v1/tetragon/events.pb.go index acf20bfb855..61ff7de73eb 100644 --- a/api/v1/tetragon/events.pb.go +++ b/api/v1/tetragon/events.pb.go @@ -232,7 +232,8 @@ type Filter struct { Capabilities *CapFilter `protobuf:"bytes,11,opt,name=capabilities,proto3" json:"capabilities,omitempty"` // Filter parent process' binary using RE2 regular expression syntax. ParentBinaryRegex []string `protobuf:"bytes,12,rep,name=parent_binary_regex,json=parentBinaryRegex,proto3" json:"parent_binary_regex,omitempty"` - // Filter using CEL expressions. + // Filter using CEL expressions. CEL filters support IP and CIDR notiation extensions from the k8s project. + // See https://pkg.go.dev/k8s.io/apiserver/pkg/cel/library#IP and https://pkg.go.dev/k8s.io/apiserver/pkg/cel/library#CIDR for details. CelExpression []string `protobuf:"bytes,13,rep,name=cel_expression,json=celExpression,proto3" json:"cel_expression,omitempty"` // Filter by process.parent.arguments field using RE2 regular expression syntax: // https://github.com/google/re2/wiki/Syntax diff --git a/api/v1/tetragon/events.proto b/api/v1/tetragon/events.proto index 5411bb9937f..c6ed6f698e3 100644 --- a/api/v1/tetragon/events.proto +++ b/api/v1/tetragon/events.proto @@ -61,7 +61,8 @@ message Filter { CapFilter capabilities = 11; // Filter parent process' binary using RE2 regular expression syntax. repeated string parent_binary_regex = 12; - // Filter using CEL expressions. + // Filter using CEL expressions. CEL filters support IP and CIDR notiation extensions from the k8s project. + // See https://pkg.go.dev/k8s.io/apiserver/pkg/cel/library#IP and https://pkg.go.dev/k8s.io/apiserver/pkg/cel/library#CIDR for details. repeated string cel_expression = 13; // Filter by process.parent.arguments field using RE2 regular expression syntax: // https://github.com/google/re2/wiki/Syntax diff --git a/contrib/tetragon-rthooks/vendor/github.com/cilium/tetragon/api/v1/tetragon/events.pb.go b/contrib/tetragon-rthooks/vendor/github.com/cilium/tetragon/api/v1/tetragon/events.pb.go index acf20bfb855..61ff7de73eb 100644 --- a/contrib/tetragon-rthooks/vendor/github.com/cilium/tetragon/api/v1/tetragon/events.pb.go +++ b/contrib/tetragon-rthooks/vendor/github.com/cilium/tetragon/api/v1/tetragon/events.pb.go @@ -232,7 +232,8 @@ type Filter struct { Capabilities *CapFilter `protobuf:"bytes,11,opt,name=capabilities,proto3" json:"capabilities,omitempty"` // Filter parent process' binary using RE2 regular expression syntax. ParentBinaryRegex []string `protobuf:"bytes,12,rep,name=parent_binary_regex,json=parentBinaryRegex,proto3" json:"parent_binary_regex,omitempty"` - // Filter using CEL expressions. + // Filter using CEL expressions. CEL filters support IP and CIDR notiation extensions from the k8s project. + // See https://pkg.go.dev/k8s.io/apiserver/pkg/cel/library#IP and https://pkg.go.dev/k8s.io/apiserver/pkg/cel/library#CIDR for details. CelExpression []string `protobuf:"bytes,13,rep,name=cel_expression,json=celExpression,proto3" json:"cel_expression,omitempty"` // Filter by process.parent.arguments field using RE2 regular expression syntax: // https://github.com/google/re2/wiki/Syntax diff --git a/contrib/tetragon-rthooks/vendor/github.com/cilium/tetragon/api/v1/tetragon/events.proto b/contrib/tetragon-rthooks/vendor/github.com/cilium/tetragon/api/v1/tetragon/events.proto index 5411bb9937f..c6ed6f698e3 100644 --- a/contrib/tetragon-rthooks/vendor/github.com/cilium/tetragon/api/v1/tetragon/events.proto +++ b/contrib/tetragon-rthooks/vendor/github.com/cilium/tetragon/api/v1/tetragon/events.proto @@ -61,7 +61,8 @@ message Filter { CapFilter capabilities = 11; // Filter parent process' binary using RE2 regular expression syntax. repeated string parent_binary_regex = 12; - // Filter using CEL expressions. + // Filter using CEL expressions. CEL filters support IP and CIDR notiation extensions from the k8s project. + // See https://pkg.go.dev/k8s.io/apiserver/pkg/cel/library#IP and https://pkg.go.dev/k8s.io/apiserver/pkg/cel/library#CIDR for details. repeated string cel_expression = 13; // Filter by process.parent.arguments field using RE2 regular expression syntax: // https://github.com/google/re2/wiki/Syntax diff --git a/docs/content/en/docs/reference/grpc-api.md b/docs/content/en/docs/reference/grpc-api.md index 16bd72adefa..2575a5aa6a0 100644 --- a/docs/content/en/docs/reference/grpc-api.md +++ b/docs/content/en/docs/reference/grpc-api.md @@ -894,7 +894,7 @@ Capability set to filter over. NOTE: you may specify only ONE set here. | policy_names | [string](#string) | repeated | Filter events by tracing policy names | | capabilities | [CapFilter](#tetragon-CapFilter) | | Filter events by Linux process capability | | parent_binary_regex | [string](#string) | repeated | Filter parent process' binary using RE2 regular expression syntax. | -| cel_expression | [string](#string) | repeated | Filter using CEL expressions. | +| cel_expression | [string](#string) | repeated | Filter using CEL expressions. CEL filters support IP and CIDR notiation extensions from the k8s project. See https://pkg.go.dev/k8s.io/apiserver/pkg/cel/library#IP and https://pkg.go.dev/k8s.io/apiserver/pkg/cel/library#CIDR for details. | | parent_arguments_regex | [string](#string) | repeated | Filter by process.parent.arguments field using RE2 regular expression syntax: https://github.com/google/re2/wiki/Syntax | | container_id | [string](#string) | repeated | Filter by the container ID in the process.docker field using RE2 regular expression syntax: https://github.com/google/re2/wiki/Syntax | | in_init_tree | [google.protobuf.BoolValue](#google-protobuf-BoolValue) | | Filter containerized processes based on whether they are descendants of the container's init process. This can be used, for example, to watch for processes injected into a container via docker exec, kubectl exec, or similar mechanisms. | diff --git a/vendor/github.com/cilium/tetragon/api/v1/tetragon/events.pb.go b/vendor/github.com/cilium/tetragon/api/v1/tetragon/events.pb.go index acf20bfb855..61ff7de73eb 100644 --- a/vendor/github.com/cilium/tetragon/api/v1/tetragon/events.pb.go +++ b/vendor/github.com/cilium/tetragon/api/v1/tetragon/events.pb.go @@ -232,7 +232,8 @@ type Filter struct { Capabilities *CapFilter `protobuf:"bytes,11,opt,name=capabilities,proto3" json:"capabilities,omitempty"` // Filter parent process' binary using RE2 regular expression syntax. ParentBinaryRegex []string `protobuf:"bytes,12,rep,name=parent_binary_regex,json=parentBinaryRegex,proto3" json:"parent_binary_regex,omitempty"` - // Filter using CEL expressions. + // Filter using CEL expressions. CEL filters support IP and CIDR notiation extensions from the k8s project. + // See https://pkg.go.dev/k8s.io/apiserver/pkg/cel/library#IP and https://pkg.go.dev/k8s.io/apiserver/pkg/cel/library#CIDR for details. CelExpression []string `protobuf:"bytes,13,rep,name=cel_expression,json=celExpression,proto3" json:"cel_expression,omitempty"` // Filter by process.parent.arguments field using RE2 regular expression syntax: // https://github.com/google/re2/wiki/Syntax diff --git a/vendor/github.com/cilium/tetragon/api/v1/tetragon/events.proto b/vendor/github.com/cilium/tetragon/api/v1/tetragon/events.proto index 5411bb9937f..c6ed6f698e3 100644 --- a/vendor/github.com/cilium/tetragon/api/v1/tetragon/events.proto +++ b/vendor/github.com/cilium/tetragon/api/v1/tetragon/events.proto @@ -61,7 +61,8 @@ message Filter { CapFilter capabilities = 11; // Filter parent process' binary using RE2 regular expression syntax. repeated string parent_binary_regex = 12; - // Filter using CEL expressions. + // Filter using CEL expressions. CEL filters support IP and CIDR notiation extensions from the k8s project. + // See https://pkg.go.dev/k8s.io/apiserver/pkg/cel/library#IP and https://pkg.go.dev/k8s.io/apiserver/pkg/cel/library#CIDR for details. repeated string cel_expression = 13; // Filter by process.parent.arguments field using RE2 regular expression syntax: // https://github.com/google/re2/wiki/Syntax