v0.3.0-rc1

Changelog

• 738e43f: new(docs): add installation instructions (@alacuku)
• b572636: new(docs): add docs for the falcoctl tool (@alacuku)
• 713be47: feature(cmd): add new global flag --disable-styling (@alacuku)
• ddae9b6: update(ci): use -ldflags="-s -w" when building falcoctl (@alacuku)
• fc322ac: new(Dockerfile): introduce Dockerfile for falcoctl (@alacuku)
• 93d4a3d: new(CI): build and push docker images when releasing a new version (@alacuku)
• 8752ed5: refactor(cmd): remove duplicated code when creating pullers and pushers (@alacuku)
• 9168358: fix(build): use new-style GCI CLI (@LucaGuerra)
• cf1e1ad: update(build): update GCI to 0.9.0 (@LucaGuerra)
• 309c5ef: update(output): add new methods to the printer (@alacuku)
• b4e66d9: refactor(cmd/internal): move package utils from cmd/internal to internal (@alacuku)
• 4489ef0: refactor(cmd/artifact): move artifact subcommands from cmd to internal/artifact (@alacuku)
• a6c2655: refactor(cmd/index): move index subcommands from cmd to internal/index (@alacuku)
• 7a47783: refactor(cmd/registry): move registry subcommands from cmd to internal/registry (@alacuku)
• b5eb8e5: refactor(cmd/tls): move tls subcommands from cmd to internal/tls (@alacuku)
• 4fe0e84: refactor(pkg/version): move version command from cmd to internal/version (@alacuku)
• 20ff37f: cleanup(cmd/root) remove unused variables (@alacuku)
• 19a4ab7: chore(artifact/install): move default paths for plugins and rulesfiles to internal/config package (@alacuku)
• aedee8f: update(internal/utils): return full path of the extracted files in ExtractTarGz func (@alacuku)
• a2efb4a: update(output/tracker): return a nil tracker if the printer is nil (@alacuku)
• c189eb0: update(CI): add floating tags to docker image based on major and minor version numbers of a release (@alacuku)
• 47045d5: new(pkg/oci): use functional options for creating repositories (@loresuso)
• 744ada5: update(pkg/oci): adapt creation of repositories with functional options (@loresuso)
• b33f6a8: feat(oci/puller): add Descriptor method to retrieve artifacts' descriptor (@alacuku)
• 93d0fe8: feat(internal/validate): add new helper to extract the TAG from an artifacts' reference (@alacuku)
• 084ac34: new(internal/follower): add Follower type and related package (@alacuku)
• 0eac03c: feat(artifact/follow): add new command "artifact follow" (@alacuku)
• ca7e5d6: new(cmd/artifact): add the follow subcommand to the artifact command (@alacuku)
• 4ad4a3e: chore(cmd/root): print log messagge when a termination signal is received (@alacuku)
• 1a41d32: fix(pkg): create repo with functional options and fix main branch error (@loresuso)
• f566ad6: chore: improve error messages in Login and ClientForRegistry (@loresuso)
• f1005d0: docs: switch ref and file in push short usage (@loresuso)
• 3acd4fc: new(cmd): add artifact type to search (@LucaGuerra)
• ed240e9: new(cmd): add falcoctl artifact list (@LucaGuerra)
• 2e8c023: fix(cmd): clarify artifact types (@LucaGuerra)
• 49b4ed6: update: add oauth2 dependency (@loresuso)
• 5c4e575: new(cmd): implement oauth client credential flow (@loresuso)
• 3c3a90e: update(internal/registry): add possibility store access token (@loresuso)
• 3616fc7: update: reworking client creation to accommodate oauth (@loresuso)
• 983a593: refactor: use functional options to create http client (@loresuso)
• 04dd860: update: add logic to store and retrieve client credentials (@loresuso)
• c94ca13: refactor: start using oauth in the *ForRegistry function (@loresuso)
• 48ead1b: update: add options for oauth and plain http for pusher and puller (@loresuso)
• 4e6ea2a: update: introduce registry and repository package (@loresuso)
• 57bf41f: refactor: make use of the new registry type (@loresuso)
• f5ebdce: refactor: move responsability of listing tag to repository struct (@loresuso)
• c424401: refactor: create client with correct method and use repository.Tags in artifact info (@loresuso)
• d894fc7: update: port oauth and plain-http flags to artifact commands (@loresuso)
• 484ec0c: chore: please the linter (@loresuso)
• 57f13b1: refactor: bring check on v2 API in registry package (@loresuso)
• 0ebee0c: chore: use default tag concurrency equal to 1 (@loresuso)
• 364102b: refactor(oci/client): avoid yet another wrapper for the oci client (@alacuku)
• 1f6a9ee: fix: correctly remove temp files when pushing (@loresuso)
• fe5e90c: fix(pkg/oci/repository): do not error when parsing semver tags that do not strictly adhere to semver (@alacuku)
• cfcf917: update(pkg/oci): add requirements concept to artifact config (@leogr)
• 116b194: refactor: artifact config with requirements (@leogr)
• 3cc43d9: update: add artifact name in artifact config (@leogr)
• aa4d4ca: update: add artifact name in artifact config (@leogr)
• 1f8a346: chore(pkg/oci): fix typo in function name (@alacuku)
• fa51ff0: fix(linting): remove hugeParam warning (@alacuku)
• a8cf20a: fix(pkg/ogi): allow the alternatives when setting a dependency in the artifact config (@alacuku)
• e9b93d3: fix(ci): use main branch instead of master in codeql workflow (@alacuku)
• 4c4cd3d: chore(ci): bump codeql version to v2 (@alacuku)
• f883f38: chore: don't use logrus as logger (@loresuso)
• b57196b: chore: use const when possible (@loresuso)
• a7e5058: update: add alias ls to artifact list command (@loresuso)
• 6046fd4: new(internal/artifact/install): introduce a function to resolve dependencies between artifacts (@loresuso)
• 65d6f5c: test(internal/artifact/install): test artifact dependencies resolution (@loresuso)
• 01dcba1: new(pkg/oci/puller): introduce a new function to retrieve config layer of an artifact (@loresuso)
• 9ed9f66: upddate(internal/artifact/install): make use of resolve deps functionality in the artifact install command (@loresuso)
• a0cfff1: chore: fix linter issues (@loresuso)
• 16b8745: chore: address minor comments (@loresuso)
• 8d8808c: update: get name directly from config layer. (@loresuso)
• 0a1e73f: update: make artifact commands use a configuration file to enable feed feature (@loresuso)
• bca2e11: update: make sure to load config file only on commands that need it (@loresuso)
• fa7b5e6: update: load config values in artifact related commands (@loresuso)
• 71c678c: update: remove unnecessary oauth flag (@loresuso)
• 70f331d: update: load config in index related commands (@loresuso)
• 665aba5: update: bump linter version (@loresuso)
• 27145c3: update: correct way to handle oauth credentials using registry name as key (@loresuso)
• 582a638: update: add logic to handle config file with viper (@loresuso)
• a3fa21d: update: update testdata to pass tests (@loresuso)
• 5954486: fix: ensure all directories exists using MkdirAll (@loresuso)
• b875332: fix: let client for registry use empty credentials if any credential was found (@loresuso)
• 6880e5e: fix: ensure options are always initialized (@loresuso)
• 175f565: fix: falco is returning a string for all versions (@loresuso)
• 867d7ce: fix: create config file directory if needed (@loresuso)

v0.2.0-rc1

Changelog

• 3e3fc65: chore: remove install module command (@leogr)
• f6311ba: chore: clean up old kubernetes stuff (@leogr)
• e65bed6: chore(cmd): internalize validation package (@leogr)
• 2948631: refactor: general refactor and cleanup (@leogr)
• 144a7e2: test(cmd): update CLI test to reflect new impl (@leogr)
• 45508c1: build: upgrade deps (@leogr)
• 89f9d1b: cleanup(cmd): removing commands about PSP convertion (@loresuso)
• 48568a3: cleanup(pkg/converter): removing PSP convertion logic (@loresuso)
• 5e7e427: cleanup: update go.mod and go.sum (@loresuso)
• c5227ad: fix(tests): fixing testdata to pass tests (@loresuso)
• c971d56: doc(README): state that falcoclt is currently under development (@loresuso)
• 183d9d0: new: adds registry types and functions (@andreabonanno)
• fd06b64: new: adds search registry command and its option/config (@andreabonanno)
• 2421e00: update: config file in dedicated directory (@andreabonanno)
• 8dceffa: new: introduce github actions for building, testing and code quality (@loresuso)
• 002cf4d: cleanup: remove circleci (@loresuso)
• 99c2a2c: update: update testdata to pass tests (@loresuso)
• 229855c: chore: fix typos (@andreabonanno)
• 753375f: new: adds "repo add" command and internal representation of repo sources (@andreabonanno)
• d3c3663: update: fix write permissions and typos (@andreabonanno)
• 38f80a0: new: adds repo remove command (@andreabonanno)
• 7dd77c7: fix(cmd): missing dot (@leogr)
• 2a38d47: test(cmd): update test data (@leogr)
• b59757b: new: adds list repo command (@andreabonanno)
• 3a23769: chore(cmd): better output formatting of list repo command (@loresuso)
• 30f73dd: update(cmd/testdata): update testdata to pass tests (@loresuso)
• cdb01fa: update(OWNERS): move inactive approvers to emeritus_approvers (@jasondellaluce)
• 6619707: chore(falcoctl): bump go version to 1.19 (@alacuku)
• 7c4d21c: chore(falcoctl): bump dependecies (@alacuku)
• 46618f6: removed shorthand (@atharva29)
• 12d759f: removed country shorthand (@atharva29)
• 20b3f52: update(tests): fix broken tests (@alacuku)
• 12643eb: chore(docs): remove release notes section from PR template (@alacuku)
• fba071e: feat(CI): add linting (@alacuku)
• 5d20078: new(CI): support building falcoctl for different OSs and archs (@alacuku)
• 3d9e31f: new(Makefile): add new targets to the Makefile (@alacuku)
• 00fc4b4: chore(falcoctl): format and add license header to go files. (@alacuku)
• d207a18: refacto(cli): move 'install tls' business logic in 'install/tls' (@alacuku)
• 40077a5: refactor(cli): remove pkg/tls/generator.go (@alacuku)
• 280f0cc: refacto(cli): remove linux OS specific 'install tls' command (@alacuku)
• 989da56: update(cli): simplify and make the 'install tls' OS agnostic (@alacuku)
• d502313: chore(cli): add doc.go file to the tls package (@alacuku)
• 3890ca2: update(Makefile): lint all files changed from the master branch (@alacuku)
• dd68f13: new(cli): add generic output handler for the commands (@alacuku)
• e037a42: new(tests): add unit tests for the output package. (@alacuku)
• f8eb694: new(pkg/options): add the options packages (@alacuku)
• 7e07734: new(cli): add version command (@alacuku)
• af03b47: new(tests): add unit tests for the version command (@alacuku)
• 34f7d5d: update(Makefile): update the build target to set the version info (@alacuku)
• 2b95e0b: chore(go.mod/sum): update go.mod and go.sum (@alacuku)
• c3023d2: refactor(cli): drop cmd/config_options.go in favor of pkg/options (@alacuku)
• 68cd2c5: refactor(cmd/root): drop custom signal handling for the root cmd (@alacuku)
• 97ab63d: cleanup(cli): remove unused commands and interfaces. (@alacuku)
• 0849885: fix(tests): fix output tests (@alacuku)
• 38e7789: update(build): update goreleaser configuration file (@alacuku)
• f973774: update(CI): use goreleaser in integration pipeline when building falcoctl (@alacuku)
• 28f4470: new(CI): add the release CI workflow (@alacuku)
• d451243: fix(docs): use correct link for slack (@loresuso)
• e04be6d: cleanup: remove repo related commands (@loresuso)
• df332a8: fix: update testdata to pass tests (@loresuso)
• b22e244: new: create new client library. (@loresuso)
• 1cf5af1: new: create a library to store and retrieve credentials on files. (@loresuso)
• 4cf51be: new: implement the login command (@loresuso)
• 7702933: new: implement the logout command (@loresuso)
• 446048d: new: implement the registry umbrella command and add it to root command (@loresuso)
• dc5c9f1: new: create a library to push Falco artifacts to a remote OCI compliant registry (@loresuso)
• 3ab496e: new: create a library to push Falco artifacts to a remote OCI compliant registry (@loresuso)
• 8bca6f5: new: define useful types for the oci pkg (@loresuso)
• c092e6f: new: implement the push command (@loresuso)
• f041fc5: new: implement the pull command (@loresuso)
• e9c86e5: new: add constants to the oci pkg (@loresuso)
• 756cf3e: update: update test data to pass tests (@loresuso)
• 9ec7c3b: update: introduce the doc.go file on each new create package (@loresuso)
• 144e504: update: update go.mod, go.su and .gitignore (@loresuso)
• 6860a91: update: rename config options to common options (@loresuso)
• cbf2125: fix: fix build on windows using os package to get stdin (@loresuso)
• 907c773: fix: go mod tidyness (@loresuso)
• 6707134: fix: golangci/goheader, exclude goheader for multi authors files (@loresuso)
• 690bc97: cleanup(cmd): remove unused code and outdated commands (@alacuku)
• 982c661: update(pkg/oci/pusher): add support for image index manifest (@alacuku)
• 731ba23: update(pkg/oci/puller): handle special case for plugins when image index is present (@alacuku)
• 1ed27ea: update(registry commands): support image index in pull and push cmds (@alacuku)
• b9859f5: update(login/logout): correctly handle context (@alacuku)
• 0b3343b: update(cmd): update register and root command (@alacuku)
• 2501d18: chore(go.mod): update go.mod (@alacuku)
• c2f12a5: chore(tests): update tests based on the latest changes (@alacuku)
• f08acf9: cleanup: remove unused packages and dead code (@alacuku)
• abfead8: fix(pusher): retrieve only the index and not all the layers (@alacuku)
• 7986eaa: update(OWNERS): add new maintainers and reviewers (@jasondellaluce)
• 23a4bf3: update(OWNERS): remove mfdii from reviewers
  (@jasondellaluce)
• e6ddd81: refactor: rename rule to more appropriate rulesfile (@loresuso)
• b26e929: refactor: rename subcommands of registry to more appropriate registry_* (@loresuso)
• cc37344: chore: allow '_' in the --platform options. needed for pushing/pulling e.g 'x86_64' (@loresuso)
• 60f0e5f: new(pkg): introduce a function to download a remote index (@loresuso)
• faf9353: new(pkg): create a library to manage indexes (@loresuso)
• 88e47bf: new(pkg): create a library to manage index configs (@loresuso)
• 7488a2f...

v0.1.0

Changelog

80ee501 update: remove rajibmitra from OWNERS
854ef9a refactor(cmd): cleanup rootCmd wrapper
16428bb chore: temporarily disable test race
9ce591e update(cmd/testdata): test help command and flag
05c786b new(cmd): CLI tests
83ddbd4 new(cmd/testdata): CLI fixtures
6a4915e update(cmd): wrap root command
e21c17f deps: go modules
0fe2a2b fix(.circleci): correct typo in config path
f90860c fix(Makefile): correct target name
7dc1415 chore: initial circleci configuration just for testing
0bb8d91 new: add makefile
0b7ff21 fix(pkg/kubernetes): add missing formatting directive
6f96074 refactor(cmd): improve PersistentPreRun
34c4afd chore: update deps
73e1479 fix(cmd): automatically fallback flags to ENV and config file
3fefd44 chore(cmd): cleanup IOStreams from options
311b704 chore(cmd): init kube flags only when needed
f9b9f8d chore(cmd): basic config options with validation
4e5c20d refactor(pkg/tls): simplified TLS implementation
38e19ac fix(cmd): correct error handling in PSP conversion func
ec60f49 fix(cmd): correct misspelled words
58e262b fix: apply gofmt
4b5ec61 refactor(pkg/rules): remove unused package
d4ff33c refactor(pkg/cli): remove unused package
25187c4 fix(pkg/tls): correct dir permission bits
d14b2a6 fix(cmd): correct undefined func calls
577d22a docs: logo from community repo + refinements to README
1ee329e docs: adding logo to README.md
885d6d5 chore(cmd): rename probeloader to kernelmoduleloader
b0d030c refactor: Use apierrors package
3a3f5be Create auditsink resource idempotently
3834c07 refactored pkg directory inline with go idiomatic practices
104f6a0 refactored pkg directory inline with go idiomatic practices
0b592a6 refactored cmd package inline with go idiomatic practices
389b00c Removing ds.yaml
d2363a2 Adding basic README.md content
5969b1d fix(cmd): typo in install tls command
ab01b4e update: add leogr to OWNERS file
820f637 new(pkg/tls): generate client key/cert
69e20d6 fix(pkg/tls): set default expiration to 356 days
be0bd2b fix(pkg/tls): correct CN default, subject name and add missing CA extensions
037c951 fix(pkg/tls): correct server cert signing
a45142d fix(pkg/tls): do not get basedir of the certs path
7d450ed fix(cmd): search for env var, if missing fallback to default value correctly
cd4ba67 Add cleanup for cr, crb and auditsink
a5e1b4a Update appsv1beta2 -> appsv1
a52449d Interface for processes
2726966 update(cmd): install rule skeleton
8026504 docs(pkg/rules): license header
dedf40e fix(cmd): stop exec when TLS errors out
5df43d6 fix(cmd): help messages for TLS commands
d1e20ac adding changes
b4457a4 More work on the Kubernetes package
4159403 Commit at the airport, working on fixing install and stubbing out Falco object
941c569 Few cleanup items
475807c Adding TLS generation for Falcoctl

v0.0.7

Changelog

c4493b3 Add ability to limit generated rules to namespaces

v0.0.6

Changelog

4ca37e8 update: prerun check for install probe command
563e9dd fix(cmd): falco version is mandatory (and has no default) for install probe command
84af345 Limit syscall activity for psp rules to containers
2595a4c Parse PSPs strictly, disallowing unknown fields

v0.0.6-rc.0

Changelog

4ca37e8 update: prerun check for install probe command
563e9dd fix(cmd): falco version is mandatory (and has no default) for install probe command
84af345 Limit syscall activity for psp rules to containers
2595a4c Parse PSPs strictly, disallowing unknown fields

v0.0.5

Changelog

87a0cd0 fix: not releasing docker images for falcoctl
48f59d5 docs: release markdown fixes
a316d0f build: ignore dist directory
be026df build: releases using goreleaser
2b7319d build: allow falcoctl to be built on non-linux machines by disabling the probe loader on GOOS != linux

v0.0.4

Summary

This release builds on v0.0.3, adding some safeguards to handle spaces/dashes in name prefixes when generating rules from PSPs.

v0.0.3

Summary

This release has a minor change to support prefixes in rules/macros/lists/rule names when generating rules from PSPs.

With PSP Conversion Support

This release refactors command support to use commands/subcommands like you would find in tools like kubectl. Here's the output for falcoctl help:

./falcoctl help
The main control tool for running Falco in Kubernetes, ...

Usage:
  falcoctl
  falcoctl [command]

Available Commands:
  convert     Conversion helpers
  delete      Delete a component wih falcoctl
  help        Help about any command
  install     Install a component wih falcoctl

Flags:
      --as string                      Username to impersonate for the operation
      --as-group stringArray           Group to impersonate for the operation, this flag can be repeated to specify multiple groups.
      --cache-dir string               Default HTTP cache directory (default "/Users/mstemm/.kube/http-cache")
      --certificate-authority string   Path to a cert file for the certificate authority
      --client-certificate string      Path to a client certificate file for TLS
      --client-key string              Path to a client key file for TLS
      --cluster string                 The name of the kubeconfig cluster to use
      --context string                 The name of the kubeconfig context to use
  -f, --fab                            Enable rainbow logs
  -h, --help                           help for falcoctl
      --insecure-skip-tls-verify       If true, the server's certificate will not be checked for validity. This will make your HTTPS connections insecure
      --kubeconfig string              Path to the kubeconfig file to use for CLI requests.
      --match-server-version           Require server version to match client version
  -n, --namespace string               If present, the namespace scope for this CLI request
      --request-timeout string         The length of time to wait before giving up on a single server request. Non-zero values should contain a corresponding time unit (e.g. 1s, 2m, 3h). A value of zero means don't timeout requests. (default "0")
  -s, --server string                  The address and port of the Kubernetes API server
      --token string                   Bearer token for authentication to the API server
      --user string                    The name of the kubeconfig user to use

Use "falcoctl [command] --help" for more information about a command.

It also adds support for a falcoctl convert psp subcommand which allows converting a K8s Pod Security Policy (PSP) to a set of falco rules that evaluate the conditions in the PSP.