diff --git a/pkg/security/resolvers/cgroup/resolver.go b/pkg/security/resolvers/cgroup/resolver.go index a7daf7527df50..28a85576fee8a 100644 --- a/pkg/security/resolvers/cgroup/resolver.go +++ b/pkg/security/resolvers/cgroup/resolver.go @@ -32,6 +32,17 @@ const ( CGroupMaxEvent ) +// ResolverInterface defines the interface implemented by a cgroup resolver +type ResolverInterface interface { + Start(context.Context) + AddPID(*model.ProcessCacheEntry) + GetWorkload(string) (*cgroupModel.CacheEntry, bool) + DelPID(uint32) + DelPIDWithID(string, uint32) + Len() int + RegisterListener(Event, utils.Listener[*cgroupModel.CacheEntry]) error +} + // Resolver defines a cgroup monitor type Resolver struct { *utils.Notifier[Event, *cgroupModel.CacheEntry] @@ -48,7 +59,7 @@ func NewResolver() (*Resolver, error) { value.CallReleaseCallback() value.Deleted.Store(true) - cr.NotifyListener(CGroupDeleted, value) + cr.NotifyListeners(CGroupDeleted, value) }) if err != nil { return nil, err @@ -84,7 +95,7 @@ func (cr *Resolver) AddPID(process *model.ProcessCacheEntry) { // add the new CGroup to the cache cr.workloads.Add(string(process.ContainerID), newCGroup) - cr.NotifyListener(CGroupCreated, newCGroup) + cr.NotifyListeners(CGroupCreated, newCGroup) } // GetWorkload returns the workload referenced by the provided ID diff --git a/pkg/security/resolvers/resolvers_ebpf.go b/pkg/security/resolvers/resolvers_ebpf.go index 4ce42b33037a0..2b10ac629cd0e 100644 --- a/pkg/security/resolvers/resolvers_ebpf.go +++ b/pkg/security/resolvers/resolvers_ebpf.go @@ -195,7 +195,7 @@ func (r *EBPFResolvers) Start(ctx context.Context) error { return err } - if err := r.TagsResolver.Start(ctx); err != nil { + if err := r.TagsResolver.Start(ctx, r.CGroupResolver); err != nil { return err } diff --git a/pkg/security/resolvers/resolvers_ebpfless.go b/pkg/security/resolvers/resolvers_ebpfless.go index 381197a53035d..4270b82013d2b 100644 --- a/pkg/security/resolvers/resolvers_ebpfless.go +++ b/pkg/security/resolvers/resolvers_ebpfless.go @@ -73,7 +73,7 @@ func (r *EBPFLessResolvers) Start(ctx context.Context) error { return err } - if err := r.TagsResolver.Start(ctx); err != nil { + if err := r.TagsResolver.Start(ctx, nil); err != nil { return err } diff --git a/pkg/security/resolvers/tags/resolver.go b/pkg/security/resolvers/tags/resolver.go index 3b33fec3ab252..130ae61395da3 100644 --- a/pkg/security/resolvers/tags/resolver.go +++ b/pkg/security/resolvers/tags/resolver.go @@ -19,6 +19,7 @@ import ( "github.com/DataDog/datadog-agent/pkg/api/security" pkgconfigsetup "github.com/DataDog/datadog-agent/pkg/config/setup" "github.com/DataDog/datadog-agent/pkg/security/probe/config" + "github.com/DataDog/datadog-agent/pkg/security/resolvers/cgroup" cgroupModel "github.com/DataDog/datadog-agent/pkg/security/resolvers/cgroup/model" "github.com/DataDog/datadog-agent/pkg/security/utils" "github.com/DataDog/datadog-agent/pkg/util/log" @@ -55,10 +56,10 @@ func (n *nullTagger) Tag(_ types.EntityID, _ types.TagCardinality) ([]string, er // Resolver represents a cache resolver type Resolver interface { - Start(ctx context.Context) error + Start(ctx context.Context, cgroupManager cgroup.ResolverInterface) error Stop() error Resolve(id string) []string - ResolveWithErr(id string) ([]string, error) + ResolveWithErr(fid string) ([]string, error) GetValue(id string, tag string) string RegisterListener(event Event, listener utils.Listener[*cgroupModel.CacheEntry]) error } @@ -94,7 +95,7 @@ func (t *DefaultResolver) GetValue(id string, tag string) string { } // Start the resolver -func (t *DefaultResolver) Start(ctx context.Context) error { +func (t *DefaultResolver) Start(ctx context.Context, _ cgroup.ResolverInterface) error { go func() { if err := t.tagger.Start(ctx); err != nil { log.Errorf("failed to init tagger: %s", err) diff --git a/pkg/security/resolvers/tags/resolver_linux.go b/pkg/security/resolvers/tags/resolver_linux.go index d3a548e68896c..571f6b5a685b4 100644 --- a/pkg/security/resolvers/tags/resolver_linux.go +++ b/pkg/security/resolvers/tags/resolver_linux.go @@ -25,12 +25,12 @@ type LinuxResolver struct { } // Start the resolver -func (t *LinuxResolver) Start(ctx context.Context) error { - if err := t.DefaultResolver.Start(ctx); err != nil { +func (t *LinuxResolver) Start(ctx context.Context, cgroupResolver cgroup.ResolverInterface) error { + if err := t.DefaultResolver.Start(ctx, cgroupResolver); err != nil { return err } - if err := t.cgroupResolver.RegisterListener(cgroup.CGroupCreated, t.checkTags); err != nil { + if err := cgroupResolver.RegisterListener(cgroup.CGroupCreated, t.checkTags); err != nil { return err } @@ -74,7 +74,7 @@ func (t *LinuxResolver) checkTags(workload *cgroupModel.CacheEntry) { } } - t.NotifyListener(WorkloadSelectorResolved, workload) + t.NotifyListeners(WorkloadSelectorResolved, workload) } // fetchTags fetches tags for the provided workload diff --git a/pkg/security/tests/fake_tags_resolver.go b/pkg/security/tests/fake_tags_resolver.go index 74e8355ad9e1e..37d2ea59f3529 100644 --- a/pkg/security/tests/fake_tags_resolver.go +++ b/pkg/security/tests/fake_tags_resolver.go @@ -13,6 +13,7 @@ import ( "fmt" "sync" + "github.com/DataDog/datadog-agent/pkg/security/resolvers/cgroup" cgroupModel "github.com/DataDog/datadog-agent/pkg/security/resolvers/cgroup/model" "github.com/DataDog/datadog-agent/pkg/security/resolvers/tags" "github.com/DataDog/datadog-agent/pkg/security/utils" @@ -27,9 +28,14 @@ type FakeResolver struct { containerIDs []string } +// checkTags checks if the tags of a workload were properly set +func (fr *FakeResolver) checkTags(workload *cgroupModel.CacheEntry) { + fr.NotifyListeners(tags.WorkloadSelectorResolved, workload) +} + // Start the resolver -func (fr *FakeResolver) Start(_ context.Context) error { - return nil +func (fr *FakeResolver) Start(_ context.Context, cgroupResolver cgroup.ResolverInterface) error { + return cgroupResolver.RegisterListener(cgroup.CGroupCreated, fr.checkTags) } // Stop the resolver @@ -77,9 +83,14 @@ type FakeMonoResolver struct { *utils.Notifier[tags.Event, *cgroupModel.CacheEntry] } +// checkTags checks if the tags of a workload were properly set +func (fmr *FakeMonoResolver) checkTags(workload *cgroupModel.CacheEntry) { + fmr.NotifyListeners(tags.WorkloadSelectorResolved, workload) +} + // Start the resolver -func (fmr *FakeMonoResolver) Start(_ context.Context) error { - return nil +func (fmr *FakeMonoResolver) Start(_ context.Context, cgroupResolver cgroup.ResolverInterface) error { + return cgroupResolver.RegisterListener(cgroup.CGroupCreated, fmr.checkTags) } // Stop the resolver @@ -120,9 +131,14 @@ type FakeManualResolver struct { nextSelectors []*cgroupModel.WorkloadSelector } +// checkTags checks if the tags of a workload were properly set +func (fmr *FakeManualResolver) checkTags(workload *cgroupModel.CacheEntry) { + fmr.NotifyListeners(tags.WorkloadSelectorResolved, workload) +} + // Start the resolver -func (fmr *FakeManualResolver) Start(_ context.Context) error { - return nil +func (fmr *FakeManualResolver) Start(_ context.Context, cgroupResolver cgroup.ResolverInterface) error { + return cgroupResolver.RegisterListener(cgroup.CGroupCreated, fmr.checkTags) } // Stop the resolver diff --git a/pkg/security/utils/notifier.go b/pkg/security/utils/notifier.go index f9d1738c9bd2e..8a28e686bdcf5 100644 --- a/pkg/security/utils/notifier.go +++ b/pkg/security/utils/notifier.go @@ -35,7 +35,8 @@ func (n *Notifier[E, O]) RegisterListener(event E, listener Listener[O]) error { return nil } -func (n *Notifier[E, O]) NotifyListener(event E, obj O) { +// NotifyListeners notifies all listeners of an event type +func (n *Notifier[E, O]) NotifyListeners(event E, obj O) { // notify listeners n.listenersLock.RLock() for _, l := range n.listeners[event] {