Skip to content

flag(stores): new flag format #5012

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Draft
josedonizetti wants to merge 1 commit into
base: main
Choose a base branch
from
Draft

flag(stores): new flag format #5012

josedonizetti wants to merge 1 commit into from

Conversation

@josedonizetti
Copy link
Collaborator

@josedonizetti josedonizetti commented Nov 4, 2025
edited
Loading

New stores flag:

--stores dns.enabled 
--stores dns.max-entries=<entries>
--stores process.enabled 
--stores process.max-processes=<num_processes> 
--stores process.max-threads=<num_threads> 
--stores process.source=<source>
--stores process.use-procfs

⚠️ Breaking change: Old flags are removed.

@codecov
Copy link

codecov bot commented Nov 4, 2025
edited
Loading

Codecov Report

❌ Patch coverage is 68.42105% with 42 lines in your changes missing coverage. Please review.
✅ Project coverage is 31.09%. Comparing base (034cbab) to head (5750274).
⚠️ Report is 71 commits behind head on main.

Files with missing lines Patch % Lines
pkg/cmd/flags/stores.go 74.57% 28 Missing and 2 partials ⚠️
pkg/cmd/cobra/cobra.go 0.00% 5 Missing ⚠️
cmd/tracee/cmd/root.go 0.00% 4 Missing ⚠️
cmd/tracee/cmd/man.go 25.00% 3 Missing ⚠️
Additional details and impacted files 
@@            Coverage Diff             @@
##             main    #5012      +/-   ##
==========================================
+ Coverage   29.72%   31.09%   +1.36%     
==========================================
  Files         234      234              
  Lines       26186    26691     +505     
==========================================
+ Hits         7785     8300     +515     
+ Misses      17864    17849      -15     
- Partials      537      542       +5
Flag Coverage Δ
unit 31.09% <68.42%> (+1.36%) ⬆️
Files with missing lines Coverage Δ
pkg/cmd/flags/config.go 95.37% <100.00%> (+95.37%) ⬆️
pkg/datastores/dns/dnscache.go 85.71% <ø> (ø)
pkg/datastores/process/proctree.go 30.49% <ø> (-1.35%) ⬇️
cmd/tracee/cmd/man.go 40.62% <25.00%> (-0.34%) ⬇️
cmd/tracee/cmd/root.go 0.00% <0.00%> (ø)
pkg/cmd/cobra/cobra.go 0.00% <0.00%> (ø)
pkg/cmd/flags/stores.go 74.57% <74.57%> (ø)

... and 21 files with indirect coverage changes

🚀 New features to boost your workflow:
  • ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.

@josedonizetti josedonizetti force-pushed the newStoresFlag branch 2 times, most recently from c173b06 to 326ef06 Compare November 8, 2025 01:06
@josedonizetti josedonizetti force-pushed the newStoresFlag branch 4 times, most recently from 422800f to 067ff81 Compare November 27, 2025 02:35
@josedonizetti josedonizetti marked this pull request as ready for review November 27, 2025 02:40
@josedonizetti josedonizetti requested a review from geyslan December 4, 2025 13:11
geyslan
geyslan approved these changes Dec 4, 2025
View reviewed changes
Copy link
Member

@geyslan geyslan left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM, some thoughts were put.

pkg/cmd/flags/stores_test.go Outdated
Procfs: true,
},
},
expectedError: "flags.PrepareStores: invalid stores flag: invalid-flag=value, use 'trace man stores' for more info",
Copy link
Member

@geyslan geyslan Dec 4, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

as mentioned in other prs.

@josedonizetti josedonizetti mentioned this pull request Dec 5, 2025
Open
@josedonizetti
flag(stores)!: new flag format
5750274 
BREAKING CHANGE: add flag --stores to replace
--proctree --dnscache
@josedonizetti josedonizetti requested a review from geyslan December 7, 2025 06:35
yanivagman
yanivagman requested changes Dec 7, 2025
View reviewed changes
docs/docs/advanced/data-sources/builtin/process-tree.md

```bash
sudo tracee --output option:sort-events --output json --output option:parse-arguments --proctree source=both --events <event_type>
sudo tracee --output option:sort-events --output json --output option:parse-arguments --stores process.enabled --stores process.source=both --events <event_type>
Copy link
Collaborator

@yanivagman yanivagman Dec 7, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Is it required to set --stores process.enabled if the user selected --stores process.source=both? if not, can we auto enable when process.source is specified and remove the need to specify process.enabled?

docs/docs/flags/stores.1.md
- **process.max-threads**=*size*: Set the maximum number of threads to cache in the process tree. Default is 21856. This is an LRU cache that will evict least recently accessed entries when full.

- **process.source**=*source*: Set the source for process tree enrichment. Valid values are:
- **none**: Process tree source is disabled (default).
Copy link
Collaborator

@yanivagman yanivagman Dec 7, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Can we remove this "none" option now that we added the enabled config?
I believe we should remove it and make signals the default

docs/docs/flags/stores.1.md
Comment on lines +63 to +91
4. Enable process tree with custom cache sizes:
```console
--stores process.enabled --stores process.max-processes=8192 --stores process.max-threads=16384
```

5. Enable process tree with events source:
```console
--stores process.enabled --stores process.source=events
```

6. Enable process tree with both events and signals sources:
```console
--stores process.enabled --stores process.source=both
```

7. Enable process tree with procfs support:
```console
--stores process.enabled --stores process.use-procfs
```

8. Combine DNS and process stores:
```console
--stores dns.enabled --stores dns.max-entries=5000 --stores process.enabled --stores process.source=both --stores process.max-processes=8192
```

9. Complete configuration example:
```console
--stores dns.enabled --stores dns.max-entries=5000 --stores process.enabled --stores process.max-processes=8192 --stores process.max-threads=16384 --stores process.source=both --stores process.use-procfs
```
Copy link
Collaborator

@yanivagman yanivagman Dec 7, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Same suggestion as before about the syntactic sugar of not requiring to specify "enabled" when some other configuration of the datastore is given

docs/docs/flags/stores.1.md
--stores dns.enabled --stores dns.max-entries=5000 --stores process.enabled --stores process.max-processes=8192 --stores process.max-threads=16384 --stores process.source=both --stores process.use-procfs
```

Please refer to the [DNS data source documentation](../advanced/data-sources/builtin/dns.md) and [Process Tree data source documentation](../advanced/data-sources/builtin/process-tree.md) for more information.
Copy link
Collaborator

@yanivagman yanivagman Dec 7, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This should be modified after we will merge the new datastores PR to point to datastores instead of datasources (deprecated)

docs/docs/install/config/index.md


__NOTE__: You can view more in the [Process Tree section](../../advanced/data-sources/builtin/process-tree.md).
__NOTE__: You can view more in the [Process Tree section](../../advanced/data-sources/builtin/process-tree.md) and [DNS Cache section](../../advanced/data-sources/builtin/dns.md).
Copy link
Collaborator

@yanivagman yanivagman Dec 7, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This note should refer to the new datastores docs once merged

pkg/cmd/cobra/cobra.go
Comment on lines +155 to +156
cfg.ProcTree = stores.GetProcTreeConfig()
cfg.DNSCacheConfig = stores.GetDNSCacheConfig()
Copy link
Collaborator

@yanivagman yanivagman Dec 7, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

FYI this will soon be changed by one of the followup commits of detectors where all datastores are grouped together (see detectors draft PR)

@josedonizetti josedonizetti marked this pull request as draft December 8, 2025 22:48
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@yanivagman yanivagman yanivagman requested changes

@geyslan geyslan Awaiting requested review from geyslan

Requested changes must be addressed to merge this pull request.

Assignees

@josedonizetti josedonizetti

Labels

area/flags area/kubernetes area/testing area/UX kind/documentation

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@josedonizetti @geyslan @yanivagman