new: driver command

[FedeDP]

What type of PR is this?

/kind feature

Any specific area of the project related to this PR?

/area library
/area cli

What this PR does / why we need it:

First draft at implementing falcoctl driver command, see #327

Which issue(s) this PR fixes:

Eventually #327 will get fixed, but i don't think a single PR will make it :)

Fixes #

Special notes for your reviewer:

What we need:

• select subcmd with possibility for an "autoselection" smart logic in place; this is not required by Falco but might be useful for other consumers of the falcoctl libraries and for us in the future
• select stores the currently selected driver in the falcoctl config
• select must be able to communicate to Falco the driver it must use (we need a patch to allow Falco config to specify a driver to be used) -> new: driver selection in falco.yaml falco#2413 -> this is implemented in falcoctl, even if will need some more fixes
• select tests
• prepare skeleton (this will be the step where we either download or build the drivers)
• autoload of target driverversion from running Falco process, if any Retired with new: driver command #343 (comment)
• prepare download
• prepare build
• specific distros support (similar to the get_target_id falco-driver-loader function)
• prepare tests
• Support options that were supported by falco-driver-loader:
• • echo " DRIVER_INSECURE_DOWNLOAD whether you want to allow insecure downloads or not"
• • echo " DRIVER_CURL_OPTIONS specify additional options to be passed to curl command used to download Falco drivers" -> DEPRECATED
• • echo " DRIVER_KERNEL_RELEASE specify the kernel release for which to download/build the driver in the same format used by 'uname -r' (e.g. '6.1.0-10-cloud-amd64')"
• • echo " DRIVER_KERNEL_VERSION specify the kernel version for which to download/build the driver in the same format used by 'uname -v' (e.g. '#1 SMP PREEMPT_DYNAMIC Debian 6.1.38-2 (2023-07-27)')"

[FedeDP]

About select smart autologic; this is as simple as adding new "distro" overriding the PreferredDriver interface method, like this:

func init() {
	distros["arch"] = &arch{generic: &generic{}}
}

type arch struct {
	*generic
}

func (c *arch) PreferredDriver(info kernel.Info) _type.DriverType {
        if info.Architecture == "aarch64" {
            dtype, _ := _type.Parse("bpf")
            return dtype
        }
        dtype, _ := _type.Parse("modern-bpf")
        return dtype
}

(ok this is a super stupid example btw!)

[FedeDP]

Example output:

sudo ./falcoctl driver prepare --driver-version 6.0.1+driver
[sudo] password di federico:
2023-11-03 15:31:36 INFO  Running falcoctl driver prepare
                      ├ driver version: 6.0.1+driver
                      ├ driver type: kmod
                      ├ arch: x86_64
                      ├ kernel release: 6.5.7-arch1-1
                      └ kernel version: 1
2023-11-03 15:31:36 INFO  found distro target: arch
2023-11-03 15:31:36 INFO  Trying to download a driver url: https://download.falco.org/driver/6.0.1+driver/x86_64/falco_arch_6.5.7-arch1-1_1.ko
2023-11-03 15:31:36 ERROR unable to find a prebuilt falco driver
2023-11-03 15:31:36 ERROR build unimplemented

[FedeDP]

  -s    Include SPDX identifier in license header. Set -s=only to only include SPDX identifier.

[FedeDP]

driver subcmd is only available on linux systems.

[FedeDP]

By returning an empty command, cobra will skip it.

[FedeDP]

errUnsupported returns a generic distro, to attempt a build.

[FedeDP]

What is implemented so far:

• get_target_id magic
• kmod/bpf download
• clean_kernel_module magic
• mounting of debugfs for bpf

What we miss:

• build kmod
• build bpf
• cos_version_greater
• get_kernel_config
• flatcar_relocate_tools
• insmod/modprobe of kmod once built/downloaded
• DRIVER_INSECURE_DOWNLOAD, DRIVER_CURL_OPTIONS, DRIVER_KERNEL_RELEASE, DRIVER_KERNEL_VERSION support

Open points:

• who will pass --driver-version parameter? Falco knows it, but falcoctl does not (unless we let it call the Falco endpoint to gather the info, but since falcoctl driver needs to run before Falco...)
• how to support source_only and print_env falco-driver-loader options?

[FedeDP]

I think this is already big enough as a starting point.
/cc @alacuku @leogr

[FedeDP]

/hold

[alacuku]

Thanks for the PR, left some comments.

[FedeDP]

I consider this PR ready!
I will add tests and eventually improve things (together with @alacuku perhaps!) in next PRs (yes there will surely be other PRs) 😄

[FedeDP]

Squashed to a single commit :) @alacuku is now happy 😃

[alacuku]

/LGTM

[FedeDP]

/unhold

[maxgio92]

/approve

[poiana]

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: alacuku, FedeDP, maxgio92

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Details

Needs approval from an approver in each of these files:

• OWNERS [FedeDP,maxgio92]

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

[maxgio92]

Great job @FedeDP! 👏🏻 ❤️