From 3f841fa78468d8fb1e8a2743f51bd90b5b005ecb Mon Sep 17 00:00:00 2001
From: Fabrice Jammes <fabrice.jammes@clermont.in2p3.fr>
Date: Tue, 5 Nov 2024 17:24:17 +0100
Subject: [PATCH] Fail cluster creation if audit file is not found

---
 cmd/create.go              |  6 +++++-
 cmd/install_falco.go       | 43 ++++++++++++++++++++++++++++++++++++++
 cmd/util.go                |  1 -
 internal/config.go         | 24 ++++++++++++++++++---
 internal/config_test.go    |  4 ++--
 resources/constants.go     |  3 +++
 resources/install-falco.sh | 24 +++++++++++++++++++++
 7 files changed, 98 insertions(+), 7 deletions(-)
 create mode 100644 cmd/install_falco.go
 delete mode 100644 cmd/util.go
 create mode 100755 resources/install-falco.sh

diff --git a/cmd/create.go b/cmd/create.go
index adbb331..4c09b1f 100644
--- a/cmd/create.go
+++ b/cmd/create.go
@@ -55,7 +55,11 @@ func createCluster(clusterName string) {
 		os.Exit(1)
 	}
 
-	c := internal.GetConfig()
+	c, err := internal.GetConfig()
+	if err != nil {
+		slog.Error("unable to get ktbx configuration", "error", err)
+		os.Exit(1)
+	}
 
 	slog.Debug("ktbx configuration", "data", c)
 
diff --git a/cmd/install_falco.go b/cmd/install_falco.go
new file mode 100644
index 0000000..34a7b62
--- /dev/null
+++ b/cmd/install_falco.go
@@ -0,0 +1,43 @@
+/*
+Copyright © 2023 Fabrice Jammes fabrice.jammes@k8s-school.fr
+*/
+package cmd
+
+import (
+	"log/slog"
+	"os"
+
+	"github.com/k8s-school/ktbx/resources"
+	"github.com/spf13/cobra"
+)
+
+// falcoCmd represents the argocd command
+var falcoCmd = &cobra.Command{
+	Use:     "falco",
+	Aliases: []string{"fa"},
+	Short:   "Install Falco",
+	Long:    `Install Falco`,
+	Run: func(cmd *cobra.Command, args []string) {
+		slog.Info("Install Falco")
+
+		_, _, err := ExecCmd(resources.FalcoInstallScript, false)
+		if err != nil {
+			slog.Error("Error while installing Falco", "error", err)
+			os.Exit(1)
+		}
+	},
+}
+
+func init() {
+	installCmd.AddCommand(falcoCmd)
+
+	// Here you will define your flags and configuration settings.
+
+	// Cobra supports Persistent Flags which will work for this command
+	// and all subcommands, e.g.:
+	// argocdCmd.PersistentFlags().String("foo", "", "A help for foo")
+
+	// Cobra supports local flags which will only run when this command
+	// is called directly, e.g.:
+	// argocdCmd.Flags().BoolP("toggle", "t", false, "Help message for toggle")
+}
diff --git a/cmd/util.go b/cmd/util.go
deleted file mode 100644
index 1d619dd..0000000
--- a/cmd/util.go
+++ /dev/null
@@ -1 +0,0 @@
-package cmd
diff --git a/internal/config.go b/internal/config.go
index 429b6e7..b23b92d 100644
--- a/internal/config.go
+++ b/internal/config.go
@@ -4,6 +4,7 @@ Copyright © 2023 NAME HERE <EMAIL ADDRESS>
 package internal
 
 import (
+	"errors"
 	"os"
 	"path"
 	"strings"
@@ -76,15 +77,32 @@ func FormatTemplate(tplStr string, v interface{}) (string, error) {
 	return b.String(), err
 }
 
-func GetConfig() KtbxConfig {
+func GetConfig() (KtbxConfig, error) {
 	c := new(KtbxConfig)
 	defaults.SetDefaults(c)
 	err := viperUnmarshalKey(Kind, c)
-	cobra.CheckErr(err)
+	if err != nil {
+		slog.Error("unable to unmarshal ktbx configuration", "error", err)
+		return *c, err
+	}
+
 	if viper.GetBool("single") {
 		c.Workers = 0
 	}
-	return *c
+
+	info, err := os.Stat(c.AuditPolicy)
+	if err != nil {
+		slog.Error("Audit policy file not found", "file", c.AuditPolicy, "error", err)
+		return *c, errors.New("audit policy file not found: " + c.AuditPolicy)
+	}
+
+	if info.IsDir() {
+		slog.Error("Audit policy file is a directory", "file", c.AuditPolicy)
+		// return error
+		return *c, errors.New("audit policy file is a directory: " + c.AuditPolicy)
+	}
+
+	return *c, nil
 }
 
 func GenerateKindConfigFile(c KtbxConfig) (string, error) {
diff --git a/internal/config_test.go b/internal/config_test.go
index 70e2093..87bcbf0 100644
--- a/internal/config_test.go
+++ b/internal/config_test.go
@@ -50,11 +50,11 @@ func TestGetConfig(t *testing.T) {
 
 	require := require.New(t)
 	ReadConfig()
-	c := GetConfig()
+	c, err := GetConfig()
 	t.Logf("Config: %+v", c)
+	require.NoError(err)
 	require.Equal(uint(1), c.Workers)
 	require.Equal("", c.Cni)
-
 }
 func TestGenerateKindConfigFile(t *testing.T) {
 	teardownSuite := setupSuite(t)
diff --git a/resources/constants.go b/resources/constants.go
index 52393b8..1da3530 100644
--- a/resources/constants.go
+++ b/resources/constants.go
@@ -19,6 +19,9 @@ var CiliumInstallScript string
 //go:embed desk.sh
 var DeskRunScript string
 
+//go:embed install-falco.sh
+var FalcoInstallScript string
+
 //go:embed install-helm.sh
 var HelmInstallScript string
 
diff --git a/resources/install-falco.sh b/resources/install-falco.sh
new file mode 100755
index 0000000..e017bf1
--- /dev/null
+++ b/resources/install-falco.sh
@@ -0,0 +1,24 @@
+#!/bin/bash
+
+# Install Helm on the client machine
+
+# @author Fabrice Jammes
+#!/bin/bash
+
+set -euxo pipefail
+
+helm repo add falcosecurity https://falcosecurity.github.io/charts
+helm repo update
+
+echo "Install Falco"
+helm install --replace falco --namespace falco --create-namespace \
+  --set tty=true \
+  --set falcosidekick.enabled=true \
+  --set falcosidekick.webui.enabled=true \
+  falcosecurity/falco
+
+echo "Check that the Falco pods are running"
+kubectl get pods -n falco
+
+echo "Falco pod(s) might need a few seconds to start. Wait until they are ready..."
+kubectl wait pods --for=condition=Ready --all -n falco