Add support for log enricher profile recording

Signed-off-by: Sascha Grunert <sgrunert@redhat.com>

.golangci.yml

@@ -78,6 +78,8 @@ linters:
     # - testpackage
     # - wsl
 linters-settings:
+  nestif:
+    min-complexity: 10
   gci:
     local-prefixes: sigs.k8s.io/security-profiles-operator
   errcheck:

api/profilerecording/v1alpha1/profilerecording_types.go

@@ -26,12 +26,23 @@ const (
 	ProfileRecordingKindSeccompProfile ProfileRecordingKind = "SeccompProfile"
 )
 
+type ProfileRecorder string
+
+const (
+	ProfileRecorderHook ProfileRecorder = "hook"
+	ProfileRecorderLogs ProfileRecorder = "logs"
+)
+
 // ProfileRecordingSpec defines the desired state of ProfileRecording.
 type ProfileRecordingSpec struct {
 	// Kind of object to be recorded.
 	// +kubebuilder:validation:Enum=SeccompProfile
 	Kind ProfileRecordingKind `json:"kind"`
 
+	// Recorder to be used.
+	// +kubebuilder:validation:Enum=hook;logs
+	Recorder ProfileRecorder `json:"recorder"`
+
 	// PodSelector selects the pods to record. This field follows standard
 	// label selector semantics. An empty podSelector matches all pods in this
 	// namespace.

api/server/api.proto

@@ -21,6 +21,9 @@ option go_package = "/api";
 
 service SecurityProfilesOperator {
     rpc MetricsAuditInc(MetricsAuditRequest) returns (EmptyResponse) {}
+    rpc RecordSyscall(RecordSyscallRequest) returns (EmptyResponse) {}
+    rpc Syscalls(SyscallsRequest) returns (SyscallsResponse) {}
+    rpc ResetSyscalls(SyscallsRequest) returns (EmptyResponse) {}
 }
 
 message MetricsAuditRequest {
@@ -37,4 +40,17 @@ message MetricsAuditRequest {
     string syscall = 7;
 }
 
+message RecordSyscallRequest {
+    string profile = 1;
+    string syscall = 2;
+}
+
+message SyscallsRequest {
+    string profile = 1;
+}
+
+message SyscallsResponse {
+    repeated string syscalls = 1;
+}
+
 message EmptyResponse {}