CoTerm Configuration Rules
Cette page n'est pas encore disponible en français, sa traduction est en cours.
Si vous avez des questions ou des retours sur notre projet de traduction actuel, 
n'hésitez pas à nous contacter.
You can configure CoTerm to take specific actions when it intercepts certain commands by adding lints and rules to your .ddcoterm/config.yaml file under process_config.
These lints and rules are written in Lua. For syntax and further details, see Lua’s documentation.
Lints
process_config:
  commands:
    - command: "kubectl"
      lints:
        - |
          if has_arg("scale") and flags.context == nil then
            return string.format("No kubectl context specified (effective context: '%s'). It is recommended to always explicitly specify the context when running `kubectl scale`.", k8s_context)
          end
Each item under lints is a Lua snippet that can return a string. Lints are evaluated in order. If a lint returns a string, that string is shown to the user as a warning prompt:
The user then has the option to continue or abort.
Rules
process_config:
  commands:
    - command: "kubectl"
      rules:
        # Record and require approval for all executions of `kubectl scale` in a production context
        - rule: |
            local k8s_context = flags.context or k8s_current_context or "unknown"
            local matches = has_arg("scale") and k8s_context:match("prod")
            local user_message = "Proceed with caution. This command may disrupt your Kubernetes cluster setup."
            local approver_message = "Ensure that the user has documented a rollback plan before approving."
            return matches, user_message, approver_message
          actions: ["record", "logs", "process_info", "approval"]
        # Record all other executions of kubectl scale, but don't require approval and don't bother with messages for users+approvers
        - rule: has_arg("scale")
          actions: ["record", "logs", "process_info"]
        # For all other kubectl commands, just run the command with ~zero overhead; no recording, no requiring approval
        - rule: true
          actions: []
Rules are more powerful than lints. For each item under rules, set rule, a Lua snippet that returns 1-3 values; and actions, a list of actions for CoTerm to take.
Rule return values
Each rule returns 1-3 values: boolean, [string], [string].
- (required) A Boolean, whether the rule matches.
- (optional) A string, containing a message for the user. This string provides context to the user. It is only displayed if the first return value is true.
- (optional) A string, containing a message for the approver. If the first return value is trueand the correspondingactionsfield containsapproval, this string is displayed in the approval request in Datadog.
Actions
CoTerm can take the following actions when rule returns true:
- record: Record the terminal session and send it to Datadog.
- logs: Generate Datadog logs, containing searchable snapshots of terminal output.
- process_info: Record all processes launched inside the terminal session and generate an event for each process.
- approval: Require approval before running the command.
- incidents: Associate the recording with the Datadog Incident that the user is responding to, if any. If the user is responding to more than one incident, they are prompted to pick one.
To take no action (other than running the command) when rule returns true, set actions: [].
Rule evaluation
Rules are evaluated in order. CoTerm runs the actions specified for the first rule that evaluates to true, and does not evaluate any further rules.
Action hierarchy
You can specify actions for CoTerm to take in a number of different ways. CoTerm decides which actions to take according to the following hierarchy:
- CLI flags: If you specify actions in CLI flags (such as --save-level,--approval), CoTerm takes only the actions specified through these CLI flags. This overrides all other configurations.
- Lua configuration file: If no CLI flags specify actions, but a Lua rule in .ddcoterm/config.yamlevaluates totrue, CoTerm takes the actions specified with the first rule that evaluates totrue. Overrides all configurations other than CLI flags.
- process_config.default_actions: If no CLI flags specify actions, and no Lua rules match, CoTerm takes the actions specified in- process_config.default_actionsin- .ddcoterm/config.yaml, if any.
- Default actions: If no CLI flags specify actions, no Lua rules match, and process_config.default_actionsis not set, CoTerm takes the following actions:["record", "logs", "process_info"].
Lua environment and helper functions
All Lua snippets are executed inside a sandboxed Luau runtime. CoTerm injects the following variables and functions into the runtime:
Global variables
- executable- string
- The executable in your command.
 Forkubectl foo bar,executableiskubectl.
- args- array<string>
- The arguments in your command.
 Forkubectl foo --bar=baz,argsis["foo", "--bar=baz"].
- flags- table
- A table of any --key-value flags in your command.
 Forcommand foo --bar bazorcommand foo --bar=baz,flagshas one entry wherekeyisbarandvalueisbaz. That is,flags.bar = baz.
- k8s_current_context- string
- The current-contextvalue from~./kube/config. If this value is not found,k8s_current_contextis nil.
Helper functions
- has_arg(<string>)
- Returns trueif argument is present.
 Forkubectl foo bar,has_arg("bar")returnstrue.
Further reading
Documentation, liens et articles supplémentaires utiles: