Skip to content

Commit

Permalink
pipe tag resolver to windows probe
Browse files Browse the repository at this point in the history
  • Loading branch information
paulcacheux committed Nov 18, 2024
1 parent d0a1d25 commit d585234
Show file tree
Hide file tree
Showing 8 changed files with 100 additions and 55 deletions.
4 changes: 4 additions & 0 deletions pkg/security/probe/opts_windows.go
Original file line number Diff line number Diff line change
Expand Up @@ -9,6 +9,7 @@
package probe

import (
"github.com/DataDog/datadog-agent/pkg/security/resolvers/tags"
"github.com/DataDog/datadog-go/v5/statsd"
)

Expand All @@ -23,6 +24,9 @@ type Opts struct {
// EnvsVarResolutionEnabled defines if environment variables resolution is enabled
EnvsVarResolutionEnabled bool

// TagsResolver will override the default one. Mainly here for tests.
TagsResolver tags.Resolver

// this option for test purposes only; should never be true in main code
disableProcmon bool
}
Expand Down
6 changes: 5 additions & 1 deletion pkg/security/probe/probe_windows.go
Original file line number Diff line number Diff line change
Expand Up @@ -1296,7 +1296,11 @@ func NewWindowsProbe(probe *Probe, config *config.Config, opts Opts, telemetry t
return nil, err
}
p.probe = probe
p.Resolvers, err = resolvers.NewResolvers(config, p.statsdClient, probe.scrubber, telemetry)

resolversOpts := resolvers.Opts{
TagsResolver: probe.Opts.TagsResolver,
}
p.Resolvers, err = resolvers.NewResolvers(config, p.statsdClient, probe.scrubber, telemetry, resolversOpts)
if err != nil {
return nil, err
}
Expand Down
51 changes: 0 additions & 51 deletions pkg/security/resolvers/cgroup/model/model.go
Original file line number Diff line number Diff line change
Expand Up @@ -9,8 +9,6 @@
package model

import (
"errors"
"fmt"
"sync"

"go.uber.org/atomic"
Expand All @@ -20,55 +18,6 @@ import (
"github.com/DataDog/datadog-agent/pkg/security/utils"
)

var (
ErrNoImageProvided = errors.New("no image name provided") // ErrNoImageProvided is returned when no image name is provided
)

// WorkloadSelector is a selector used to uniquely indentify the image of a workload
type WorkloadSelector struct {
Image string
Tag string
}

// NewWorkloadSelector returns an initialized instance of a WorkloadSelector
func NewWorkloadSelector(image string, tag string) (WorkloadSelector, error) {
if image == "" {
return WorkloadSelector{}, ErrNoImageProvided
} else if tag == "" {
tag = "latest"
}
return WorkloadSelector{
Image: image,
Tag: tag,
}, nil
}

// IsReady returns true if the selector is ready
func (ws *WorkloadSelector) IsReady() bool {
return len(ws.Image) != 0
}

// Match returns true if the input selector matches the current selector
func (ws *WorkloadSelector) Match(selector WorkloadSelector) bool {
if ws.Tag == "*" || selector.Tag == "*" {
return ws.Image == selector.Image
}
return ws.Image == selector.Image && ws.Tag == selector.Tag
}

// String returns a string representation of a workload selector
func (ws WorkloadSelector) String() string {
return fmt.Sprintf("[image_name:%s image_tag:%s]", ws.Image, ws.Tag)
}

// ToTags returns a string array representation of a workload selector
func (ws WorkloadSelector) ToTags() []string {
return []string{
"image_name:" + ws.Image,
"image_tag:" + ws.Tag,
}
}

// CacheEntry cgroup resolver cache entry
type CacheEntry struct {
model.CGroupContext
Expand Down
63 changes: 63 additions & 0 deletions pkg/security/resolvers/cgroup/model/types.go
Original file line number Diff line number Diff line change
@@ -0,0 +1,63 @@
// Unless explicitly stated otherwise all files in this repository are licensed
// under the Apache License Version 2.0.
// This product includes software developed at Datadog (https://www.datadoghq.com/).
// Copyright 2016-present Datadog, Inc.

//go:build linux || windows

// Package model holds model related files
package model

import (
"errors"
"fmt"
)

var (
ErrNoImageProvided = errors.New("no image name provided") // ErrNoImageProvided is returned when no image name is provided
)

// WorkloadSelector is a selector used to uniquely indentify the image of a workload
type WorkloadSelector struct {
Image string
Tag string
}

// NewWorkloadSelector returns an initialized instance of a WorkloadSelector
func NewWorkloadSelector(image string, tag string) (WorkloadSelector, error) {
if image == "" {
return WorkloadSelector{}, ErrNoImageProvided
} else if tag == "" {
tag = "latest"
}
return WorkloadSelector{
Image: image,
Tag: tag,
}, nil
}

// IsReady returns true if the selector is ready
func (ws *WorkloadSelector) IsReady() bool {
return len(ws.Image) != 0
}

// Match returns true if the input selector matches the current selector
func (ws *WorkloadSelector) Match(selector WorkloadSelector) bool {
if ws.Tag == "*" || selector.Tag == "*" {
return ws.Image == selector.Image
}
return ws.Image == selector.Image && ws.Tag == selector.Tag
}

// String returns a string representation of a workload selector
func (ws WorkloadSelector) String() string {
return fmt.Sprintf("[image_name:%s image_tag:%s]", ws.Image, ws.Tag)
}

// ToTags returns a string array representation of a workload selector
func (ws WorkloadSelector) ToTags() []string {
return []string{
"image_name:" + ws.Image,
"image_tag:" + ws.Tag,
}
}
14 changes: 14 additions & 0 deletions pkg/security/resolvers/opts_windows.go
Original file line number Diff line number Diff line change
@@ -0,0 +1,14 @@
// Unless explicitly stated otherwise all files in this repository are licensed
// under the Apache License Version 2.0.
// This product includes software developed at Datadog (https://www.datadoghq.com/).
// Copyright 2016-present Datadog, Inc.

// Package resolvers holds resolvers related files
package resolvers

import "github.com/DataDog/datadog-agent/pkg/security/resolvers/tags"

// Opts defines common options
type Opts struct {
TagsResolver tags.Resolver
}
9 changes: 7 additions & 2 deletions pkg/security/resolvers/resolvers_windows.go
Original file line number Diff line number Diff line change
Expand Up @@ -29,13 +29,18 @@ type Resolvers struct {
}

// NewResolvers creates a new instance of Resolvers
func NewResolvers(config *config.Config, statsdClient statsd.ClientInterface, scrubber *procutil.DataScrubber, telemetry telemetry.Component) (*Resolvers, error) {
func NewResolvers(config *config.Config, statsdClient statsd.ClientInterface, scrubber *procutil.DataScrubber, telemetry telemetry.Component, opts Opts) (*Resolvers, error) {
processResolver, err := process.NewResolver(config, statsdClient, scrubber, process.NewResolverOpts())
if err != nil {
return nil, err
}

tagsResolver := tags.NewResolver(telemetry)
var tagsResolver tags.Resolver
if opts.TagsResolver != nil {
tagsResolver = opts.TagsResolver
} else {
tagsResolver = tags.NewResolver(telemetry)
}

userSessionsResolver, err := usersessions.NewResolver(config.RuntimeSecurity)
if err != nil {
Expand Down
2 changes: 1 addition & 1 deletion pkg/security/tests/fake_tags_resolver.go
Original file line number Diff line number Diff line change
Expand Up @@ -3,7 +3,7 @@
// This product includes software developed at Datadog (https://www.datadoghq.com/).
// Copyright 2016-present Datadog, Inc.

//go:build linux
//go:build linux || windows

// Package tests holds tests related files
package tests
Expand Down
6 changes: 6 additions & 0 deletions pkg/security/tests/module_tester_windows.go
Original file line number Diff line number Diff line change
Expand Up @@ -157,6 +157,12 @@ func newTestModule(t testing.TB, macroDefs []*rules.MacroDefinition, ruleDefs []
DontDiscardRuntime: true,
},
}
if opts.staticOpts.tagsResolver != nil {
emopts.ProbeOpts.TagsResolver = opts.staticOpts.tagsResolver
} else {
emopts.ProbeOpts.TagsResolver = NewFakeResolverDifferentImageNames()
}

testMod.eventMonitor, err = eventmonitor.NewEventMonitor(emconfig, secconfig, emopts, nil)
if err != nil {
return nil, err
Expand Down

0 comments on commit d585234

Please sign in to comment.