DataDog · dd-mergequeue · Nov 19, 2024 · Nov 16, 2024
@@ -9,6 +9,7 @@
 package probe
 
 import (
+	"github.com/DataDog/datadog-agent/pkg/security/resolvers/tags"
 	"github.com/DataDog/datadog-go/v5/statsd"
 )
 
@@ -23,6 +24,9 @@ type Opts struct {
 	// EnvsVarResolutionEnabled defines if environment variables resolution is enabled
 	EnvsVarResolutionEnabled bool
 
+	// Tagger will override the default one. Mainly here for tests.
+	Tagger tags.Tagger
+
 	// this option for test purposes only; should never be true in main code
 	disableProcmon bool
 }

@@ -1296,7 +1296,11 @@ func NewWindowsProbe(probe *Probe, config *config.Config, opts Opts, telemetry t
 		return nil, err
 	}
 	p.probe = probe
-	p.Resolvers, err = resolvers.NewResolvers(config, p.statsdClient, probe.scrubber, telemetry)
+
+	resolversOpts := resolvers.Opts{
+		Tagger: probe.Opts.Tagger,
+	}
+	p.Resolvers, err = resolvers.NewResolvers(config, p.statsdClient, probe.scrubber, telemetry, resolversOpts)
 	if err != nil {
 		return nil, err
 	}

@@ -9,8 +9,6 @@
 package model
 
 import (
-	"errors"
-	"fmt"
 	"sync"
 
 	"go.uber.org/atomic"
@@ -20,55 +18,6 @@ import (
 	"github.com/DataDog/datadog-agent/pkg/security/utils"
 )
 
-var (
-	ErrNoImageProvided = errors.New("no image name provided") // ErrNoImageProvided is returned when no image name is provided
-)
-
-// WorkloadSelector is a selector used to uniquely indentify the image of a workload
-type WorkloadSelector struct {
-	Image string
-	Tag   string
-}
-
-// NewWorkloadSelector returns an initialized instance of a WorkloadSelector
-func NewWorkloadSelector(image string, tag string) (WorkloadSelector, error) {
-	if image == "" {
-		return WorkloadSelector{}, ErrNoImageProvided
-	} else if tag == "" {
-		tag = "latest"
-	}
-	return WorkloadSelector{
-		Image: image,
-		Tag:   tag,
-	}, nil
-}
-
-// IsReady returns true if the selector is ready
-func (ws *WorkloadSelector) IsReady() bool {
-	return len(ws.Image) != 0
-}
-
-// Match returns true if the input selector matches the current selector
-func (ws *WorkloadSelector) Match(selector WorkloadSelector) bool {
-	if ws.Tag == "*" || selector.Tag == "*" {
-		return ws.Image == selector.Image
-	}
-	return ws.Image == selector.Image && ws.Tag == selector.Tag
-}
-
-// String returns a string representation of a workload selector
-func (ws WorkloadSelector) String() string {
-	return fmt.Sprintf("[image_name:%s image_tag:%s]", ws.Image, ws.Tag)
-}
-
-// ToTags returns a string array representation of a workload selector
-func (ws WorkloadSelector) ToTags() []string {
-	return []string{
-		"image_name:" + ws.Image,
-		"image_tag:" + ws.Tag,
-	}
-}
-
 // CacheEntry cgroup resolver cache entry
 type CacheEntry struct {
 	model.CGroupContext

@@ -0,0 +1,63 @@
+// Unless explicitly stated otherwise all files in this repository are licensed
+// under the Apache License Version 2.0.
+// This product includes software developed at Datadog (https://www.datadoghq.com/).
+// Copyright 2016-present Datadog, Inc.
+
+//go:build linux || windows
+
+// Package model holds model related files
+package model
+
+import (
+	"errors"
+	"fmt"
+)
+
+var (
+	ErrNoImageProvided = errors.New("no image name provided") // ErrNoImageProvided is returned when no image name is provided
+)
+
+// WorkloadSelector is a selector used to uniquely indentify the image of a workload
+type WorkloadSelector struct {
+	Image string
+	Tag   string
+}
+
+// NewWorkloadSelector returns an initialized instance of a WorkloadSelector
+func NewWorkloadSelector(image string, tag string) (WorkloadSelector, error) {
+	if image == "" {
+		return WorkloadSelector{}, ErrNoImageProvided
+	} else if tag == "" {
+		tag = "latest"
+	}
+	return WorkloadSelector{
+		Image: image,
+		Tag:   tag,
+	}, nil
+}
+
+// IsReady returns true if the selector is ready
+func (ws *WorkloadSelector) IsReady() bool {
+	return len(ws.Image) != 0
+}
+
+// Match returns true if the input selector matches the current selector
+func (ws *WorkloadSelector) Match(selector WorkloadSelector) bool {
+	if ws.Tag == "*" || selector.Tag == "*" {
+		return ws.Image == selector.Image
+	}
+	return ws.Image == selector.Image && ws.Tag == selector.Tag
+}
+
+// String returns a string representation of a workload selector
+func (ws WorkloadSelector) String() string {
+	return fmt.Sprintf("[image_name:%s image_tag:%s]", ws.Image, ws.Tag)
+}
+
+// ToTags returns a string array representation of a workload selector
+func (ws WorkloadSelector) ToTags() []string {
+	return []string{
+		"image_name:" + ws.Image,
+		"image_tag:" + ws.Tag,
+	}
+}
@@ -0,0 +1,14 @@
+// Unless explicitly stated otherwise all files in this repository are licensed
+// under the Apache License Version 2.0.
+// This product includes software developed at Datadog (https://www.datadoghq.com/).
+// Copyright 2016-present Datadog, Inc.
+
+// Package resolvers holds resolvers related files
+package resolvers
+
+import "github.com/DataDog/datadog-agent/pkg/security/resolvers/tags"
+
+// Opts defines common options
+type Opts struct {
+	Tagger tags.Tagger
+}
@@ -29,13 +29,13 @@ type Resolvers struct {
 }
 
 // NewResolvers creates a new instance of Resolvers
-func NewResolvers(config *config.Config, statsdClient statsd.ClientInterface, scrubber *procutil.DataScrubber, telemetry telemetry.Component) (*Resolvers, error) {
+func NewResolvers(config *config.Config, statsdClient statsd.ClientInterface, scrubber *procutil.DataScrubber, telemetry telemetry.Component, opts Opts) (*Resolvers, error) {
 	processResolver, err := process.NewResolver(config, statsdClient, scrubber, process.NewResolverOpts())
 	if err != nil {
 		return nil, err
 	}
 
-	tagsResolver := tags.NewResolver(telemetry, nil)
+	tagsResolver := tags.NewResolver(telemetry, opts.Tagger)
 
 	userSessionsResolver, err := usersessions.NewResolver(config.RuntimeSecurity)
 	if err != nil {

@@ -3,7 +3,7 @@
 // This product includes software developed at Datadog (https://www.datadoghq.com/).
 // Copyright 2016-present Datadog, Inc.
 
-//go:build linux
+//go:build linux || windows
 
 // Package tests holds tests related files
 package tests

@@ -157,6 +157,12 @@ func newTestModule(t testing.TB, macroDefs []*rules.MacroDefinition, ruleDefs []
 			DontDiscardRuntime: true,
 		},
 	}
+	if opts.staticOpts.tagger != nil {
+		emopts.ProbeOpts.Tagger = opts.staticOpts.tagger
+	} else {
+		emopts.ProbeOpts.Tagger = NewFakeTaggerDifferentImageNames()
+	}
+
 	testMod.eventMonitor, err = eventmonitor.NewEventMonitor(emconfig, secconfig, emopts, nil)
 	if err != nil {
 		return nil, err