Skip to content

Commit

Permalink
cleanup(falco)!: remove outputs.rate and outputs.max_burst
Browse files Browse the repository at this point in the history
Signed-off-by: Andrea Terzolo <[email protected]>
  • Loading branch information
Andreagit97 authored and poiana committed Sep 28, 2023
1 parent 09b1f92 commit 29d2406
Show file tree
Hide file tree
Showing 4 changed files with 1 addition and 58 deletions.
28 changes: 0 additions & 28 deletions falco.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -273,34 +273,6 @@ json_include_tags_property: true
# output mechanism. By default, buffering is disabled (false).
buffered_outputs: false

# [Stable] `outputs`
#
# [DEPRECATED]
# This config is deprecated and it will be removed in Falco 0.37
#
# A throttling mechanism, implemented as a token bucket, can be used to control
# the rate of Falco outputs. Each event source has its own rate limiter,
# ensuring that alerts from one source do not affect the throttling of others.
# The following options control the mechanism:
# - rate: the number of tokens (i.e. right to send a notification) gained per
# second. When 0, the throttling mechanism is disabled. Defaults to 0.
# - max_burst: the maximum number of tokens outstanding. Defaults to 1000.
#
# For example, setting the rate to 1 allows Falco to send up to 1000
# notifications initially, followed by 1 notification per second. The burst
# capacity is fully restored after 1000 seconds of no activity.
#
# Throttling can be useful in various scenarios, such as preventing notification
# floods, managing system load, controlling event processing, or complying with
# rate limits imposed by external systems or APIs. It allows for better resource
# utilization, avoids overwhelming downstream systems, and helps maintain a
# balanced and controlled flow of notifications.
#
# With the default settings, the throttling mechanism is disabled.
outputs:
rate: 0
max_burst: 1000

# [Experimental] `rule_matching`
#
# The `rule_matching` configuration key's values are:
Expand Down
20 changes: 1 addition & 19 deletions userspace/falco/app/actions/process_events.cpp
Original file line number Diff line number Diff line change
Expand Up @@ -25,7 +25,6 @@ limitations under the License.
#include <unordered_map>

#include "falco_utils.h"
#include "token_bucket.h"

#include "actions.h"
#include "helpers.h"
Expand Down Expand Up @@ -137,8 +136,6 @@ static falco::app::run_result do_inspect(
stats_writer::collector stats_collector(statsw);
uint64_t duration_start = 0;
uint32_t timeouts_since_last_success_or_msg = 0;
token_bucket rate_limiter;
const bool rate_limiter_enabled = s.config->m_notifications_rate > 0;
const bool is_capture_mode = source.empty();
size_t source_engine_idx = 0;

Expand All @@ -156,14 +153,6 @@ static falco::app::run_result do_inspect(
source_engine_idx = s.source_infos.at(source)->engine_idx;
}

// if enabled, init rate limiter
if (rate_limiter_enabled)
{
rate_limiter.init(
s.config->m_notifications_rate,
s.config->m_notifications_max_burst);
}

// reset event counter
num_evts = 0;

Expand Down Expand Up @@ -333,14 +322,7 @@ static falco::app::run_result do_inspect(
{
for(auto& rule_res : *res.get())
{
if (!rate_limiter_enabled || rate_limiter.claim())
{
s.outputs->handle_event(rule_res.evt, rule_res.rule, rule_res.source, rule_res.priority_num, rule_res.format, rule_res.tags);
}
else
{
falco_logger::log(LOG_DEBUG, "Skipping rate-limited notification for rule " + rule_res.rule + "\n");
}
s.outputs->handle_event(rule_res.evt, rule_res.rule, rule_res.source, rule_res.priority_num, rule_res.format, rule_res.tags);
}
}

Expand Down
9 changes: 0 additions & 9 deletions userspace/falco/configuration.cpp
Original file line number Diff line number Diff line change
Expand Up @@ -36,8 +36,6 @@ falco_configuration::falco_configuration():
m_json_output(false),
m_json_include_output_property(true),
m_json_include_tags_property(true),
m_notifications_rate(0),
m_notifications_max_burst(1000),
m_rule_matching(falco_common::rule_matching::FIRST),
m_watch_config_files(true),
m_buffered_outputs(false),
Expand Down Expand Up @@ -264,13 +262,6 @@ void falco_configuration::load_yaml(const std::string& config_name, const yaml_h

m_output_timeout = config.get_scalar<uint32_t>("output_timeout", 2000);

m_notifications_rate = config.get_scalar<uint32_t>("outputs.rate", 0);
if(m_notifications_rate != 0)
{
falco_logger::log(LOG_WARNING, "'output.rate' config is deprecated and it will be removed in Falco 0.37\n");
}
m_notifications_max_burst = config.get_scalar<uint32_t>("outputs.max_burst", 1000);

std::string rule_matching = config.get_scalar<std::string>("rule_matching", "first");
if (!falco_common::parse_rule_matching(rule_matching, m_rule_matching))
{
Expand Down
2 changes: 0 additions & 2 deletions userspace/falco/configuration.h
Original file line number Diff line number Diff line change
Expand Up @@ -65,8 +65,6 @@ class falco_configuration
bool m_json_include_tags_property;
std::string m_log_level;
std::vector<falco::outputs::config> m_outputs;
uint32_t m_notifications_rate;
uint32_t m_notifications_max_burst;

falco_common::priority_type m_min_priority;
falco_common::rule_matching m_rule_matching;
Expand Down

0 comments on commit 29d2406

Please sign in to comment.