diff --git a/LICENSE-3rdparty.csv b/LICENSE-3rdparty.csv index f196205ae326f..dfe208d349e1c 100644 --- a/LICENSE-3rdparty.csv +++ b/LICENSE-3rdparty.csv @@ -1176,19 +1176,7 @@ core,github.com/google/gopacket/pcap,BSD-3-Clause,"Copyright (c) 2009-2011 Andre core,github.com/google/gopacket/pcapgo,BSD-3-Clause,"Copyright (c) 2009-2011 Andreas Krennmair. All rights reserved. | Copyright (c) 2012 Google, Inc. All rights reserved." core,github.com/google/licenseclassifier/v2,Apache-2.0,Copyright 2017 Google LLC All Rights Reserved. | Copyright 2020 Google LLC All Rights Reserved. core,github.com/google/licenseclassifier/v2/assets,Apache-2.0,Copyright 2017 Google LLC All Rights Reserved. | Copyright 2020 Google LLC All Rights Reserved. -core,github.com/google/pprof/driver,Apache-2.0,Andrew Hunter | Google Inc. | Hyoun Kyu Cho | Martin Spier | Raul Silvera | Taco de Wolff | Tipp Moseley -core,github.com/google/pprof/internal/binutils,Apache-2.0,Andrew Hunter | Google Inc. | Hyoun Kyu Cho | Martin Spier | Raul Silvera | Taco de Wolff | Tipp Moseley -core,github.com/google/pprof/internal/driver,Apache-2.0,Andrew Hunter | Google Inc. | Hyoun Kyu Cho | Martin Spier | Raul Silvera | Taco de Wolff | Tipp Moseley -core,github.com/google/pprof/internal/elfexec,Apache-2.0,Andrew Hunter | Google Inc. | Hyoun Kyu Cho | Martin Spier | Raul Silvera | Taco de Wolff | Tipp Moseley -core,github.com/google/pprof/internal/graph,Apache-2.0,Andrew Hunter | Google Inc. | Hyoun Kyu Cho | Martin Spier | Raul Silvera | Taco de Wolff | Tipp Moseley -core,github.com/google/pprof/internal/measurement,Apache-2.0,Andrew Hunter | Google Inc. | Hyoun Kyu Cho | Martin Spier | Raul Silvera | Taco de Wolff | Tipp Moseley -core,github.com/google/pprof/internal/plugin,Apache-2.0,Andrew Hunter | Google Inc. | Hyoun Kyu Cho | Martin Spier | Raul Silvera | Taco de Wolff | Tipp Moseley -core,github.com/google/pprof/internal/report,Apache-2.0,Andrew Hunter | Google Inc. | Hyoun Kyu Cho | Martin Spier | Raul Silvera | Taco de Wolff | Tipp Moseley -core,github.com/google/pprof/internal/symbolizer,Apache-2.0,Andrew Hunter | Google Inc. | Hyoun Kyu Cho | Martin Spier | Raul Silvera | Taco de Wolff | Tipp Moseley -core,github.com/google/pprof/internal/symbolz,Apache-2.0,Andrew Hunter | Google Inc. | Hyoun Kyu Cho | Martin Spier | Raul Silvera | Taco de Wolff | Tipp Moseley -core,github.com/google/pprof/internal/transport,Apache-2.0,Andrew Hunter | Google Inc. | Hyoun Kyu Cho | Martin Spier | Raul Silvera | Taco de Wolff | Tipp Moseley core,github.com/google/pprof/profile,Apache-2.0,Andrew Hunter | Google Inc. | Hyoun Kyu Cho | Martin Spier | Raul Silvera | Taco de Wolff | Tipp Moseley -core,github.com/google/pprof/third_party/svgpan,BSD-3-Clause,Andrew Hunter | Copyright 2009-2017 Andrea Leofreddi . All rights reserved | Google Inc. | Hyoun Kyu Cho | Martin Spier | Raul Silvera | Taco de Wolff | Tipp Moseley core,github.com/google/s2a-go,Apache-2.0,Copyright (c) 2020 Google core,github.com/google/s2a-go/fallback,Apache-2.0,Copyright (c) 2020 Google core,github.com/google/s2a-go/internal/authinfo,Apache-2.0,Copyright (c) 2020 Google @@ -1298,7 +1286,6 @@ core,github.com/hetznercloud/hcloud-go/v2/hcloud/internal/instrumentation,MIT,Co core,github.com/hetznercloud/hcloud-go/v2/hcloud/schema,MIT,Copyright (c) 2018-2020 Hetzner Cloud GmbH core,github.com/huandu/xstrings,MIT,Copyright (c) 2015 Huan Du core,github.com/iancoleman/strcase,MIT,"Copyright (c) 2015 Ian Coleman | Copyright (c) 2018 Ma_124, " -core,github.com/ianlancetaylor/demangle,BSD-3-Clause,Copyright (c) 2015 The Go Authors. All rights reserved core,github.com/imdario/mergo,BSD-3-Clause,Copyright (c) 2012 The Go Authors. All rights reserved | Copyright (c) 2013 Dario Castañé. All rights reserved core,github.com/in-toto/in-toto-golang/in_toto,Apache-2.0,Copyright 2018 New York University core,github.com/in-toto/in-toto-golang/in_toto/slsa_provenance/common,Apache-2.0,Copyright 2018 New York University diff --git a/go.mod b/go.mod index d0d3b487e40d5..a1f0367beeed8 100644 --- a/go.mod +++ b/go.mod @@ -220,7 +220,7 @@ require ( github.com/google/go-containerregistry v0.20.2 github.com/google/gofuzz v1.2.0 github.com/google/gopacket v1.1.19 - github.com/google/pprof v0.0.0-20240827171923-fa2c70bbbfe5 + github.com/google/pprof v0.0.0-20240827171923-fa2c70bbbfe5 // indirect github.com/gorilla/mux v1.8.1 github.com/gosnmp/gosnmp v1.38.0 github.com/grpc-ecosystem/go-grpc-middleware v1.4.0 @@ -444,7 +444,6 @@ require ( github.com/hashicorp/hcl v1.0.1-vault-5 // indirect github.com/hashicorp/serf v0.10.1 // indirect github.com/huandu/xstrings v1.5.0 // indirect - github.com/ianlancetaylor/demangle v0.0.0-20240312041847-bd984b5ce465 // indirect github.com/in-toto/in-toto-golang v0.9.0 // indirect github.com/inconshreveable/mousetrap v1.1.0 // indirect github.com/itchyny/timefmt-go v0.1.6 // indirect diff --git a/go.sum b/go.sum index 64d9e49a03ed2..2139597acb719 100644 --- a/go.sum +++ b/go.sum @@ -1027,8 +1027,6 @@ github.com/iancoleman/strcase v0.3.0 h1:nTXanmYxhfFAMjZL34Ov6gkzEsSJZ5DbhxWjvSAS github.com/iancoleman/strcase v0.3.0/go.mod h1:iwCmte+B7n89clKwxIoIXy/HfoL7AsD47ZCWhYzw7ho= github.com/ianlancetaylor/demangle v0.0.0-20181102032728-5e5cf60278f6/go.mod h1:aSSvb/t6k1mPoxDqO4vJh6VOCGPwU4O0C2/Eqndh1Sc= github.com/ianlancetaylor/demangle v0.0.0-20200824232613-28f6c0f3b639/go.mod h1:aSSvb/t6k1mPoxDqO4vJh6VOCGPwU4O0C2/Eqndh1Sc= -github.com/ianlancetaylor/demangle v0.0.0-20240312041847-bd984b5ce465 h1:KwWnWVWCNtNq/ewIX7HIKnELmEx2nDP42yskD/pi7QE= -github.com/ianlancetaylor/demangle v0.0.0-20240312041847-bd984b5ce465/go.mod h1:gx7rwoVhcfuVKG5uya9Hs3Sxj7EIvldVofAWIUtGouw= github.com/imdario/mergo v0.3.5/go.mod h1:2EnlNZ0deacrJVfApfmtdGgDfMuh/nq6Ok1EcJh5FfA= github.com/imdario/mergo v0.3.16 h1:wwQJbIsHYGMUyLSPrEq1CT16AhnhNJQ51+4fdHUnCl4= github.com/imdario/mergo v0.3.16/go.mod h1:WBLT9ZmE3lPoWsEzCh9LPo3TiwVN+ZKEjmz+hD27ysY= diff --git a/pkg/security/tests/.gitignore b/pkg/security/tests/.gitignore index 60bf37628c7b5..5fb1586c9528e 100644 --- a/pkg/security/tests/.gitignore +++ b/pkg/security/tests/.gitignore @@ -1,4 +1,2 @@ testsuite -stresssuite -!latency/bin !syscall_tester/bin diff --git a/pkg/security/tests/activity_dumps_common.go b/pkg/security/tests/activity_dumps_common.go index 0115e6765b265..5640aa6e78041 100644 --- a/pkg/security/tests/activity_dumps_common.go +++ b/pkg/security/tests/activity_dumps_common.go @@ -3,7 +3,7 @@ // This product includes software developed at Datadog (https://www.datadoghq.com/). // Copyright 2016-present Datadog, Inc. -//go:build linux && (functionaltests || stresstests) +//go:build linux && functionaltests // Package tests holds tests related files package tests diff --git a/pkg/security/tests/cmdwrapper.go b/pkg/security/tests/cmdwrapper.go index e2335a32a897b..1d25a6b4a7664 100644 --- a/pkg/security/tests/cmdwrapper.go +++ b/pkg/security/tests/cmdwrapper.go @@ -3,7 +3,7 @@ // This product includes software developed at Datadog (https://www.datadoghq.com/). // Copyright 2016-present Datadog, Inc. -//go:build functionaltests || stresstests +//go:build functionaltests // Package tests holds tests related files package tests diff --git a/pkg/security/tests/discarders_stress_test.go b/pkg/security/tests/discarders_stress_test.go deleted file mode 100644 index e9eb5f9a28123..0000000000000 --- a/pkg/security/tests/discarders_stress_test.go +++ /dev/null @@ -1,250 +0,0 @@ -// Unless explicitly stated otherwise all files in this repository are licensed -// under the Apache License Version 2.0. -// This product includes software developed at Datadog (https://www.datadoghq.com/). -// Copyright 2016-present Datadog, Inc. - -//go:build stresstests - -// Package tests holds tests related files -package tests - -import ( - "flag" - "fmt" - "os" - "runtime" - "runtime/pprof" - "strings" - "testing" - "time" - - "github.com/DataDog/datadog-agent/pkg/security/metrics" - "github.com/DataDog/datadog-agent/pkg/security/secl/rules" -) - -var ( - nbDiscardersRuns int - testDuration time.Duration - maxTotalFiles int - eventsPerSec int - mountDir bool - mountParentDir bool - remountEvery time.Duration - maxDepth int - memTopFrom string - open bool -) - -type metric struct { - vals []int64 - min int64 - max int64 - avg int64 -} - -func computeMetrics(metrics map[string]*metric) { - for _, metric := range metrics { - metric.min = metric.vals[0] - metric.max = metric.vals[0] - total := metric.vals[0] - for _, val := range metric.vals[1:] { - if val > metric.max { - metric.max = val - } else if val < metric.min { - metric.min = val - } - total += val - } - metric.avg = int64(total / int64(len(metric.vals))) - } -} - -func dumpMetrics(metrics map[string]*metric) { - fmt.Printf("\nRESULT METRICS for %d runs of %v: \n", nbDiscardersRuns, testDuration) - for id, metric := range metrics { - if strings.Contains(id, "action.") { - fmt.Printf("%s: %d (min: %d, max: %d)\n", id, metric.avg, metric.min, metric.max) - } - } - fmt.Printf("---\n") - for id, metric := range metrics { - if strings.Contains(id, "datadog.") { - fmt.Printf("%s: %d (min: %d, max: %d)\n", id, metric.avg, metric.min, metric.max) - } - } - fmt.Printf("---\n") - for id, metric := range metrics { - if strings.Contains(id, "mem.") { - fmt.Printf("%s: %d (min: %d, max: %d)\n", id, metric.avg, metric.min, metric.max) - } - } -} - -func addMetricVal(ms map[string]*metric, key string, val int64) { - m := ms[key] - if m == nil { - m = &metric{} - ms[key] = m - } - m.vals = append(m.vals, val) -} - -func addResultMetrics(res *EstimatedResult, metrics map[string]*metric) { - addMetricVal(metrics, "action.file_creation", res.FileCreation) - addMetricVal(metrics, "action.file_access", res.FileAccess) - addMetricVal(metrics, "action.file_deletion", res.FileDeletion) -} - -func addMemoryMetrics(t *testing.T, test *testModule, metrics map[string]*metric) error { - runtime.GC() - proMemFile, err := os.CreateTemp("/tmp", "stress-mem-") - if err != nil { - t.Error(err) - return err - } - - if err := pprof.WriteHeapProfile(proMemFile); err != nil { - t.Error(err) - return err - } - - topDataMem, err := getTopData(proMemFile.Name(), memTopFrom, 50) - if err != nil { - t.Error(err) - return err - } - - fmt.Printf("\nMemory report:\n%s\n", string(topDataMem)) - return nil -} - -func addModuleMetrics(test *testModule, ms map[string]*metric) { - test.eventMonitor.SendStats() - test.eventMonitor.SendStats() - - fmt.Printf("Metrics:\n") - - key := metrics.MetricDiscarderAdded + ":event_type:open" - val := test.statsdClient.Get(key) - key = metrics.MetricDiscarderAdded + ":event_type:unlink" - val += test.statsdClient.Get(key) - fmt.Printf(" %s:event_type:* %d\n", metrics.MetricDiscarderAdded, val) - addMetricVal(ms, metrics.MetricDiscarderAdded, val) - - key = metrics.MetricEventDiscarded + ":event_type:open" - val = test.statsdClient.Get(key) - key = metrics.MetricEventDiscarded + ":event_type:unlink" - val += test.statsdClient.Get(key) - fmt.Printf(" %s:event_type:* %d\n", metrics.MetricEventDiscarded, val) - addMetricVal(ms, metrics.MetricEventDiscarded, val) - - key = metrics.MetricPerfBufferEventsWrite + ":event_type:open" - val = test.statsdClient.Get(key) - key = metrics.MetricPerfBufferEventsWrite + ":event_type:unlink" - val += test.statsdClient.Get(key) - fmt.Printf(" %s:event_type:* %d\n", metrics.MetricPerfBufferEventsWrite, val) - addMetricVal(ms, metrics.MetricPerfBufferEventsWrite, val) - - key = metrics.MetricPerfBufferEventsRead + ":event_type:open" - val = test.statsdClient.Get(key) - key = metrics.MetricPerfBufferEventsRead + ":event_type:unlink" - val += test.statsdClient.Get(key) - fmt.Printf(" %s:event_type:* %d\n", metrics.MetricPerfBufferEventsRead, val) - addMetricVal(ms, metrics.MetricPerfBufferEventsRead, val) - - for _, key = range []string{ - metrics.MetricPerfBufferBytesWrite + ":map:events", - metrics.MetricPerfBufferBytesRead + ":map:events", - metrics.MetricDentryResolverHits + ":type:cache", - metrics.MetricDentryResolverMiss + ":type:cache", - } { - val = test.statsdClient.Get(key) - fmt.Printf(" %s: %d\n", key, val) - addMetricVal(ms, key, val) - } -} - -// goal: measure the performance behavior of discarders on load -func runTestDiscarders(t *testing.T, metrics map[string]*metric) { - rules := []*rules.RuleDefinition{ - { - ID: "rule", - Expression: fmt.Sprintf(`open.file.path =~ "{{.Root}}/files_generator_root/%s/no-approver-*"`, noDiscardersDirName), - }, - { - ID: "rule2", - Expression: fmt.Sprintf(`unlink.file.path =~ "{{.Root}}/files_generator_root/%s/no-approver-*"`, noDiscardersDirName), - }, - } - test, err := newTestModule(t, nil, rules, withStaticOpts(testOpts{enableActivityDump: false})) - if err != nil { - t.Fatal(err) - } - defer test.Close() - - rootPath, _, err := test.Path("files_generator_root") - if err != nil { - t.Fatal(err) - } - fileGen, err := NewFileGenerator(rootPath) - if err != nil { - t.Fatal(err) - } - defer os.RemoveAll(rootPath) - - err = fileGen.PrepareFileGenerator(FileGeneratorConfig{ - id: "parent_mount", - TestDuration: testDuration, - Debug: false, - MaxTotalFiles: maxTotalFiles, - EventsPerSec: eventsPerSec, - MountDir: mountDir, - MountParentDir: mountParentDir, - RemountEvery: remountEvery, - MaxDepth: maxDepth, - Open: open, - }) - if err != nil { - t.Fatal(err) - } - if err := fileGen.Start(); err != nil { - t.Fatal(err) - } - res, err := fileGen.Wait() - if err != nil { - t.Fatal(err) - } - - fmt.Printf("Test result:\n") - res.Print() - addResultMetrics(res, metrics) - res = nil - - addModuleMetrics(test, metrics) - addMemoryMetrics(t, test, metrics) -} - -// goal: measure the performance behavior of discarders on load -func TestDiscarders(t *testing.T) { - metrics := make(map[string]*metric) - - for i := 0; i < nbDiscardersRuns; i++ { - fmt.Printf("\nRUN: %d\n", i+1) - runTestDiscarders(t, metrics) - } - computeMetrics(metrics) - dumpMetrics(metrics) -} - -func init() { - flag.IntVar(&nbDiscardersRuns, "nb_discarders_runs", 5, "number of tests to run") - flag.DurationVar(&testDuration, "test_duration", time.Second*60*5, "duration of the test") - flag.IntVar(&maxTotalFiles, "max_total_files", 10000, "maximum number of files") - flag.IntVar(&eventsPerSec, "events_per_sec", 2000, "max events per sec") - flag.BoolVar(&mountDir, "mount_dir", true, "set to true to have a working directory tmpfs mounted") - flag.BoolVar(&mountParentDir, "mount_parent_dir", false, "set to true to have a parent working directory tmpfs mounted") - flag.DurationVar(&remountEvery, "remount_every", time.Second*60*3, "time between every mount points umount/remount") - flag.IntVar(&maxDepth, "max_depth", 1, "directories max depth") - flag.StringVar(&memTopFrom, "memory top from", "probe", "set to the package to filter for mem stats") - flag.BoolVar(&open, "open", true, "true to enable randomly open events") -} diff --git a/pkg/security/tests/files_generator.go b/pkg/security/tests/files_generator.go index 5fc0a2e448590..809a85b692500 100644 --- a/pkg/security/tests/files_generator.go +++ b/pkg/security/tests/files_generator.go @@ -3,7 +3,7 @@ // This product includes software developed at Datadog (https://www.datadoghq.com/). // Copyright 2016-present Datadog, Inc. -//go:build linux && (functionaltests || stresstests) +//go:build linux && functionaltests // Package tests holds tests related files package tests diff --git a/pkg/security/tests/latency_test.go b/pkg/security/tests/latency_test.go deleted file mode 100644 index 6685f6f81758a..0000000000000 --- a/pkg/security/tests/latency_test.go +++ /dev/null @@ -1,146 +0,0 @@ -// Unless explicitly stated otherwise all files in this repository are licensed -// under the Apache License Version 2.0. -// This product includes software developed at Datadog (https://www.datadoghq.com/). -// Copyright 2016-present Datadog, Inc. - -//go:build linux && stresstests - -// Package tests holds tests related files -package tests - -import ( - "embed" - "flag" - "fmt" - "os" - "os/exec" - "testing" - "unsafe" - - "github.com/DataDog/datadog-agent/pkg/security/secl/rules" -) - -var ( - coreID int - nbRuns int - nbSkips int - host string -) - -//go:embed latency/bin -var benchLatencyhFS embed.FS - -// modified version of testModule.CreateWithOption, to be able to call it without testing module -func CreateWithOptions(tb testing.TB, filename string, user, group, mode int) (string, unsafe.Pointer, error) { - var macros []*rules.MacroDefinition - var rules []*rules.RuleDefinition - - if err := initLogger(); err != nil { - return "", nil, err - } - - st, err := newSimpleTest(tb, macros, rules, "") - if err != nil { - return "", nil, err - } - - testFile, testFilePtr, err := st.Path(filename) - if err != nil { - return testFile, testFilePtr, err - } - - // Create file - f, err := os.OpenFile(testFile, os.O_CREATE, os.FileMode(mode)) - if err != nil { - return "", nil, err - } - f.Close() - - // Chown the file - err = os.Chown(testFile, user, group) - return testFile, testFilePtr, err -} - -// load embedded binary -func loadBenchLatencyBin(tb testing.TB, binary string) (string, error) { - testerBin, err := benchLatencyhFS.ReadFile(fmt.Sprintf("latency/bin/%s", binary)) - if err != nil { - return "", err - } - - perm := 0o700 - binPath, _, _ := CreateWithOptions(tb, binary, -1, -1, perm) - - f, err := os.OpenFile(binPath, os.O_WRONLY|os.O_CREATE, os.FileMode(perm)) - if err != nil { - return "", err - } - - if _, err = f.Write(testerBin); err != nil { - f.Close() - return "", err - } - f.Close() - - return binPath, nil -} - -// bench induced latency for DNS req -func benchLatencyDNS(t *testing.T, rule *rules.RuleDefinition, executable string) { - // do not load module if no rule is provided - if rule != nil { - var ruleDefs []*rules.RuleDefinition - ruleDefs = append(ruleDefs, rule) - test, err := newTestModule(t, nil, ruleDefs) - if err != nil { - t.Fatal(err) - } - defer test.Close() - } - - // load bench binary - executable, err := loadBenchLatencyBin(t, executable) - if err != nil { - t.Fatal(err) - } - defer os.RemoveAll(executable) - - // exec the bench tool - cmd := exec.Command("taskset", "-c", fmt.Sprint(coreID), - executable, host, fmt.Sprint(nbRuns), fmt.Sprint(nbSkips)) - output, err := cmd.CombinedOutput() - t.Logf("Output:\n%s", output) - if err != nil { - t.Fatal(err) - } -} - -// goal: measure the induced latency when no kprobes/tc are loaded -func TestLatency_DNSNoKprobe(t *testing.T) { - benchLatencyDNS(t, nil, "bench_net_DNS") -} - -// goal: measure the induced latency when kprobes are loaded, but without a matching rule -func TestLatency_DNSNoRule(t *testing.T) { - rule := &rules.RuleDefinition{ - ID: "test_rule", - Expression: fmt.Sprintf(`dns.question.name == "%s.nope"`, host), - } - benchLatencyDNS(t, rule, "bench_net_DNS") -} - -// goal: measure the induced latency when kprobes are loaded, with a matching rule -func TestLatency_DNS(t *testing.T) { - rule := &rules.RuleDefinition{ - ID: "test_rule", - Expression: fmt.Sprintf(`dns.question.name == "%s"`, host), - } - benchLatencyDNS(t, rule, "bench_net_DNS") -} - -func init() { - flag.IntVar(&nbRuns, "nbruns", 100100, "number of runs to perform") - flag.IntVar(&nbSkips, "nbskips", 100, "number of first runs to skip from measurement") - flag.IntVar(&coreID, "coreid", 0, "CPU core ID to pin the bench program") - flag.StringVar(&host, "host", "google.com", "Host to query") -} diff --git a/pkg/security/tests/main_linux.go b/pkg/security/tests/main_linux.go index 47398d60d71e2..1caee6dd31363 100644 --- a/pkg/security/tests/main_linux.go +++ b/pkg/security/tests/main_linux.go @@ -3,7 +3,7 @@ // This product includes software developed at Datadog (https://www.datadoghq.com/). // Copyright 2016-present Datadog, Inc. -//go:build linux && (functionaltests || stresstests) +//go:build linux && functionaltests // Package tests holds tests related files package tests diff --git a/pkg/security/tests/main_test.go b/pkg/security/tests/main_test.go index c9be26e73f733..6ef5e6cdb8a80 100644 --- a/pkg/security/tests/main_test.go +++ b/pkg/security/tests/main_test.go @@ -3,7 +3,7 @@ // This product includes software developed at Datadog (https://www.datadoghq.com/). // Copyright 2016-present Datadog, Inc. -//go:build functionaltests || stresstests +//go:build functionaltests // Package tests holds tests related files package tests diff --git a/pkg/security/tests/main_windows.go b/pkg/security/tests/main_windows.go index 85b515be3be2d..945126ae6c59c 100644 --- a/pkg/security/tests/main_windows.go +++ b/pkg/security/tests/main_windows.go @@ -3,7 +3,7 @@ // This product includes software developed at Datadog (https://www.datadoghq.com/). // Copyright 2016-present Datadog, Inc. -//go:build windows && (functionaltests || stresstests) +//go:build windows && functionaltests // Package tests holds tests related files package tests diff --git a/pkg/security/tests/module_stresser.go b/pkg/security/tests/module_stresser.go deleted file mode 100644 index 7053f665acdea..0000000000000 --- a/pkg/security/tests/module_stresser.go +++ /dev/null @@ -1,353 +0,0 @@ -// Unless explicitly stated otherwise all files in this repository are licensed -// under the Apache License Version 2.0. -// This product includes software developed at Datadog (https://www.datadoghq.com/). -// Copyright 2016-present Datadog, Inc. - -//go:build stresstests - -// Package tests holds tests related files -package tests - -import ( - "bufio" - "encoding/json" - "fmt" - "os" - "runtime" - "runtime/pprof" - "strings" - "testing" - "text/tabwriter" - "time" - - "github.com/google/pprof/driver" -) - -// StressOpts defines Stresser options -type StressOpts struct { - KeepProfile bool - ReportFile string - DiffBase string - TopFrom string - Duration time.Duration -} - -// StressFlag implements pprof Flag interface -type StressFlag struct { - Path string - Top string - From string -} - -// Bool implements pprof Flag interface -func (s *StressFlag) Bool(name string, def bool, usage string) *bool { - v := def - - switch name { - case "top": - v = true - } - - return &v -} - -// Int implements pprof Flag interface -func (s *StressFlag) Int(name string, def int, usage string) *int { - v := def - return &v -} - -// Float64 implements pprof Flag interface -func (s *StressFlag) Float64(name string, def float64, usage string) *float64 { - v := def - return &v -} - -// String implements pprof Flag interface -func (s *StressFlag) String(name string, def string, usage string) *string { - v := def - - switch name { - case "output": - v = s.Top - case "show_from": - v = s.From - } - - return &v -} - -// StringList implements pprof Flag interface -func (s *StressFlag) StringList(name string, def string, usage string) *[]*string { - v := []*string{&def} - return &v -} - -// ExtraUsage implements pprof Flag interface -func (s *StressFlag) ExtraUsage() string { - return "" -} - -// AddExtraUsage implements pprof Flag interface -func (s *StressFlag) AddExtraUsage(eu string) {} - -// Parse implements pprof Flag interface -func (s *StressFlag) Parse(usage func()) []string { - return []string{s.Path} -} - -// StressReports represents a map of StressReport -type StressReports map[string]*StressReport - -// StressReport defines a Stresser report -type StressReport struct { - Duration time.Duration - Iteration int - BaseIteration int `json:",omitempty"` - Extras map[string]struct { - Value float64 - Unit string - } `json:",omitempty"` - TopCPU []byte `json:"-"` - TopMem []byte `json:"-"` -} - -// AddMetric add custom metrics to the report -func (s *StressReport) AddMetric(name string, value float64, unit string) { - if s.Extras == nil { - s.Extras = map[string]struct { - Value float64 - Unit string - }{} - } - s.Extras[name] = struct { - Value float64 - Unit string - }{ - Value: value, - Unit: unit, - } -} - -// Delta returns the delta between the base and the currrent report in percentage -func (s *StressReport) Delta() float64 { - if s.BaseIteration != 0 { - return float64(s.Iteration-s.BaseIteration) * 100.0 / float64(s.BaseIteration) - } - - return 0 -} - -// Print prints the report in a human readable format -func (s *StressReport) Print(t *testing.T) { - fmt.Printf("----- Stress Report for %s -----\n", t.Name()) - w := tabwriter.NewWriter(os.Stdout, 0, 8, 1, '\t', tabwriter.AlignRight) - fmt.Fprintf(w, "%s\t\t%d iterations\t%15.4f ns/iteration", s.Duration, s.Iteration, float64(s.Duration.Nanoseconds())/float64(s.Iteration)) - if s.Extras != nil { - for _, metric := range s.Extras { - fmt.Fprintf(w, "\t%15.4f %s", metric.Value, metric.Unit) - } - } - - if delta := s.Delta(); delta != 0 { - fmt.Fprintf(w, "\t%15.4f %%iterations", delta) - } - - fmt.Fprintln(w) - w.Flush() - - fmt.Println() - fmt.Printf("----- Profiling Report CPU for %s -----\n", t.Name()) - fmt.Println(string(s.TopCPU)) - fmt.Println() - - fmt.Println() - fmt.Printf("----- Profiling Report Memory for %s -----\n", t.Name()) - fmt.Println(string(s.TopMem)) - fmt.Println() -} - -// Save writes the report information for delta computation -func (s *StressReport) Save(filename string, name string) error { - var reports StressReports - if err := reports.Load(filename); err != nil { - reports = map[string]*StressReport{ - name: s, - } - } else { - reports[name] = s - } - - fmt.Printf("Writing reports in %s\n", filename) - - j, _ := json.Marshal(reports) - return os.WriteFile(filename, j, 0644) -} - -// Load previous report -func (s *StressReports) Load(filename string) error { - data, err := os.ReadFile(filename) - if err != nil { - return err - } - - return json.Unmarshal(data, s) -} - -func getTopData(filename string, from string, size int) ([]byte, error) { - topFile, err := os.CreateTemp("/tmp", "stress-top-") - if err != nil { - return nil, err - } - defer os.Remove(topFile.Name()) - - flagSet := &StressFlag{Path: filename, Top: topFile.Name(), From: from} - - if err := driver.PProf(&driver.Options{Flagset: flagSet}); err != nil { - return nil, err - } - - file, err := os.Open(topFile.Name()) - if err != nil { - return nil, err - } - - scanner := bufio.NewScanner(file) - scanner.Split(bufio.ScanLines) - - var topLines []string - for scanner.Scan() { - topLines = append(topLines, scanner.Text()) - if len(topLines) > size { - break - } - } - file.Close() - - return []byte(strings.Join(topLines, "\n")), nil -} - -// StressIt starts the stress test -func StressIt(t *testing.T, pre, post, fnc func() error, opts StressOpts) (StressReport, error) { - var report StressReport - - proCPUFile, err := os.CreateTemp("/tmp", "stress-cpu-") - if err != nil { - t.Error(err) - return report, err - } - - if !opts.KeepProfile { - defer os.Remove(proCPUFile.Name()) - } else { - fmt.Printf("Generating CPU profile in %s\n", proCPUFile.Name()) - } - - if pre != nil { - if err := pre(); err != nil { - t.Error(err) - return report, err - } - } - - if err := pprof.StartCPUProfile(proCPUFile); err != nil { - t.Error(err) - return report, err - } - - done := make(chan bool) - var iteration int - - start := time.Now() - - go func() { - time.Sleep(opts.Duration) - done <- true - }() - -LOOP: - for { - select { - case <-done: - break LOOP - default: - err = fnc() - iteration++ - - if err != nil { - break LOOP - } - } - } - - duration := time.Since(start) - - pprof.StopCPUProfile() - proCPUFile.Close() - - runtime.GC() - proMemFile, err := os.CreateTemp("/tmp", "stress-mem-") - if err != nil { - t.Error(err) - return report, err - } - - if !opts.KeepProfile { - defer os.Remove(proMemFile.Name()) - } else { - fmt.Printf("Generating Memory profile in %s\n", proMemFile.Name()) - } - - if err := pprof.WriteHeapProfile(proMemFile); err != nil { - t.Error(err) - return report, err - } - - if post != nil { - if err := post(); err != nil { - t.Error(err) - return report, err - } - } - - topDataCPU, err := getTopData(proCPUFile.Name(), opts.TopFrom, 50) - if err != nil { - t.Error(err) - return report, err - } - - topDataMem, err := getTopData(proMemFile.Name(), opts.TopFrom, 50) - if err != nil { - t.Error(err) - return report, err - } - - report = StressReport{ - Duration: duration, - Iteration: iteration, - TopCPU: topDataCPU, - TopMem: topDataMem, - } - - if opts.DiffBase != "" { - var baseReports StressReports - if err := baseReports.Load(opts.DiffBase); err != nil { - t.Log(err) - } else { - baseReport, exists := baseReports[t.Name()] - if exists { - report.BaseIteration = baseReport.Iteration - } - } - } - - // save report for further comparison - if opts.ReportFile != "" { - if err := report.Save(opts.ReportFile, t.Name()); err != nil { - t.Error(err) - return report, err - } - } - - return report, err -} diff --git a/pkg/security/tests/module_tester.go b/pkg/security/tests/module_tester.go index ebfcc3eba0a52..22711615cc70f 100644 --- a/pkg/security/tests/module_tester.go +++ b/pkg/security/tests/module_tester.go @@ -3,7 +3,7 @@ // This product includes software developed at Datadog (https://www.datadoghq.com/). // Copyright 2016-present Datadog, Inc. -//go:build functionaltests || stresstests +//go:build functionaltests // Package tests holds tests related files package tests diff --git a/pkg/security/tests/module_tester_linux.go b/pkg/security/tests/module_tester_linux.go index 1b20ff18cd690..0012e19426ee1 100644 --- a/pkg/security/tests/module_tester_linux.go +++ b/pkg/security/tests/module_tester_linux.go @@ -3,7 +3,7 @@ // This product includes software developed at Datadog (https://www.datadoghq.com/). // Copyright 2016-present Datadog, Inc. -//go:build linux && (functionaltests || stresstests) +//go:build linux && functionaltests // Package tests holds tests related files package tests diff --git a/pkg/security/tests/module_tester_windows.go b/pkg/security/tests/module_tester_windows.go index a52bf144c7db6..0d68f2aed4023 100644 --- a/pkg/security/tests/module_tester_windows.go +++ b/pkg/security/tests/module_tester_windows.go @@ -3,7 +3,7 @@ // This product includes software developed at Datadog (https://www.datadoghq.com/). // Copyright 2016-present Datadog, Inc. -//go:build windows && (functionaltests || stresstests) +//go:build windows && functionaltests // Package tests holds tests related files package tests diff --git a/pkg/security/tests/schemas.go b/pkg/security/tests/schemas.go index a9fcacc601369..3fd8e7c006b77 100644 --- a/pkg/security/tests/schemas.go +++ b/pkg/security/tests/schemas.go @@ -3,7 +3,7 @@ // This product includes software developed at Datadog (https://www.datadoghq.com/). // Copyright 2016-present Datadog, Inc. -//go:build linux && (functionaltests || stresstests) +//go:build linux && functionaltests // Package tests holds tests related files package tests diff --git a/pkg/security/tests/simple_test.go b/pkg/security/tests/simple_test.go index 5ea30457e8dd2..fb7f93e38f8ea 100644 --- a/pkg/security/tests/simple_test.go +++ b/pkg/security/tests/simple_test.go @@ -3,7 +3,7 @@ // This product includes software developed at Datadog (https://www.datadoghq.com/). // Copyright 2016-present Datadog, Inc. -//go:build functionaltests || stresstests +//go:build functionaltests // Package tests holds tests related files package tests diff --git a/pkg/security/tests/stress_test.go b/pkg/security/tests/stress_test.go deleted file mode 100644 index db6172d6900cb..0000000000000 --- a/pkg/security/tests/stress_test.go +++ /dev/null @@ -1,284 +0,0 @@ -// Unless explicitly stated otherwise all files in this repository are licensed -// under the Apache License Version 2.0. -// This product includes software developed at Datadog (https://www.datadoghq.com/). -// Copyright 2016-present Datadog, Inc. - -//go:build stresstests - -// Package tests holds tests related files -package tests - -import ( - "flag" - "fmt" - "os" - "os/exec" - "path" - "testing" - "time" - - sprobe "github.com/DataDog/datadog-agent/pkg/security/probe" - "github.com/DataDog/datadog-agent/pkg/security/secl/model" - "github.com/DataDog/datadog-agent/pkg/security/secl/rules" -) - -var ( - keepProfile bool - reportFile string - diffBase string - duration int -) - -// Stress test of open syscalls -func stressOpen(t *testing.T, rule *rules.RuleDefinition, pathname string, size int) { - var ruleDefs []*rules.RuleDefinition - if rule != nil { - ruleDefs = append(ruleDefs, rule) - } - - test, err := newTestModule(t, nil, ruleDefs) - if err != nil { - t.Fatal(err) - } - defer test.Close() - - p, ok := test.probe.PlatformProbe.(*sprobe.EBPFProbe) - if !ok { - t.Skip("not supported") - } - - testFolder, _, err := test.Path(path.Dir(pathname)) - if err != nil { - t.Fatal(err) - } - - os.MkdirAll(testFolder, os.ModePerm) - - testFile, _, err := test.Path(pathname) - if err != nil { - t.Fatal(err) - } - - eventStreamMonitor := p.GetMonitors().GetEventStreamMonitor() - - eventStreamMonitor.GetAndResetLostCount("events", -1) - eventStreamMonitor.GetKernelLostCount("events", -1, model.MaxKernelEventType) - - fnc := func() error { - f, err := os.Create(testFile) - if err != nil { - return err - } - - if size > 0 { - data := make([]byte, size, size) - if n, err := f.Write(data); err != nil || n != 1024 { - return err - } - } - - return f.Close() - } - - opts := StressOpts{ - Duration: time.Duration(duration) * time.Second, - KeepProfile: keepProfile, - DiffBase: diffBase, - TopFrom: "probe", - ReportFile: reportFile, - } - - events := 0 - test.RegisterRuleEventHandler(func(_ *model.Event, _ *rules.Rule) { - events++ - }) - defer test.RegisterRuleEventHandler(nil) - - report, err := StressIt(t, nil, nil, fnc, opts) - test.RegisterRuleEventHandler(nil) - - if err != nil { - t.Fatal(err) - } - - report.AddMetric("lost", float64(eventStreamMonitor.GetLostCount("events", -1)), "lost") - report.AddMetric("kernel_lost", float64(eventStreamMonitor.GetKernelLostCount("events", -1, model.MaxKernelEventType)), "kernel lost") - report.AddMetric("events", float64(events), "events") - report.AddMetric("events/sec", float64(events)/report.Duration.Seconds(), "event/s") - - report.Print(t) - - if report.Delta() < -2.0 { - t.Error("unexpected performance degradation") - - cmdOutput, _ := exec.Command("pstree").Output() - fmt.Println(string(cmdOutput)) - - cmdOutput, _ = exec.Command("ps", "aux").Output() - fmt.Println(string(cmdOutput)) - } -} - -// goal: measure host abality to handle open syscall without any kprobe, act as a reference -// this benchmark generate syscall but without having kprobe installed - -func TestStress_E2EOpenNoKprobe(t *testing.T) { - stressOpen(t, nil, "folder1/folder2/folder1/folder2/test", 0) -} - -// goal: measure the impact of an event catched and passed from the kernel to the userspace -// this benchmark generate event that passs from the kernel to the userspace -func TestStress_E2EOpenEvent(t *testing.T) { - rule := &rules.RuleDefinition{ - ID: "test_rule", - Expression: `open.file.path == "{{.Root}}/folder1/folder2/test" && open.flags & O_CREAT != 0`, - } - - stressOpen(t, rule, "folder1/folder2/test", 0) -} - -// goal: measure the impact on the kprobe only -// this benchmark generate syscall but without having event generated -func TestStress_E2EOpenNoEvent(t *testing.T) { - rule := &rules.RuleDefinition{ - ID: "test_rule", - Expression: `open.file.path == "{{.Root}}/folder1/folder2/test-no-event" && open.flags & O_APPEND != 0`, - } - - stressOpen(t, rule, "folder1/folder2/test", 0) -} - -// goal: measure the impact of an event catched and passed from the kernel to the userspace -// this benchmark generate event that passs from the kernel to the userspace -func TestStress_E2EOpenWrite1KEvent(t *testing.T) { - rule := &rules.RuleDefinition{ - ID: "test_rule", - Expression: `open.file.path == "{{.Root}}/folder1/folder2/test" && open.flags & O_CREAT != 0`, - } - - stressOpen(t, rule, "folder1/folder2/test", 1024) -} - -// goal: measure host abality to handle open syscall without any kprobe, act as a reference -// this benchmark generate syscall but without having kprobe installed - -func TestStress_E2EOpenWrite1KNoKprobe(t *testing.T) { - stressOpen(t, nil, "folder1/folder2/test", 1024) -} - -// goal: measure the impact on the kprobe only -// this benchmark generate syscall but without having event generated -func TestStress_E2EOpenWrite1KNoEvent(t *testing.T) { - rule := &rules.RuleDefinition{ - ID: "test_rule", - Expression: `open.file.path == "{{.Root}}/folder1/folder2/test-no-event" && open.flags & O_APPEND != 0`, - } - - stressOpen(t, rule, "folder1/folder2/test", 1024) -} - -// Stress test of fork/exec syscalls -func stressExec(t *testing.T, rule *rules.RuleDefinition, pathname string, executable string) { - var ruleDefs []*rules.RuleDefinition - if rule != nil { - ruleDefs = append(ruleDefs, rule) - } - - test, err := newTestModule(t, nil, ruleDefs) - if err != nil { - t.Fatal(err) - } - defer test.Close() - - p, ok := test.probe.PlatformProbe.(*sprobe.EBPFProbe) - if !ok { - t.Skip("not supported") - } - - testFolder, _, err := test.Path(path.Dir(pathname)) - if err != nil { - t.Fatal(err) - } - - os.MkdirAll(testFolder, os.ModePerm) - - testFile, _, err := test.Path(pathname) - if err != nil { - t.Fatal(err) - } - - eventStreamMonitor := p.GetMonitors().GetEventStreamMonitor() - eventStreamMonitor.GetAndResetLostCount("events", -1) - eventStreamMonitor.GetKernelLostCount("events", -1, model.MaxKernelEventType) - - fnc := func() error { - cmd := exec.Command(executable, testFile) - _, err := cmd.CombinedOutput() - return err - } - - opts := StressOpts{ - Duration: time.Duration(duration) * time.Second, - KeepProfile: keepProfile, - DiffBase: diffBase, - TopFrom: "probe", - ReportFile: reportFile, - } - - events := 0 - test.RegisterRuleEventHandler(func(_ *model.Event, _ *rules.Rule) { - events++ - }) - defer test.RegisterRuleEventHandler(nil) - - kevents := 0 - test.RegisterProbeEventHandler(func(_ *model.Event) { - kevents++ - }) - defer test.RegisterProbeEventHandler(nil) - - report, err := StressIt(t, nil, nil, fnc, opts) - if err != nil { - t.Fatal(err) - } - - time.Sleep(2 * time.Second) - - report.AddMetric("lost", float64(eventStreamMonitor.GetLostCount("events", -1)), "lost") - report.AddMetric("kernel_lost", float64(eventStreamMonitor.GetKernelLostCount("events", -1, model.MaxKernelEventType)), "kernel lost") - report.AddMetric("events", float64(events), "events") - report.AddMetric("events/sec", float64(events)/report.Duration.Seconds(), "event/s") - report.AddMetric("kevents", float64(kevents), "kevents") - report.AddMetric("kevents/sec", float64(kevents)/report.Duration.Seconds(), "kevent/s") - - report.Print(t) -} - -// goal: measure host abality to handle open syscall without any kprobe, act as a reference -// this benchmark generate syscall but without having kprobe installed - -func TestStress_E2EExecNoKprobe(t *testing.T) { - executable := which(t, "touch") - - stressExec(t, nil, "folder1/folder2/folder1/folder2/test", executable) -} - -// goal: measure the impact of an event catched and passed from the kernel to the userspace -// this benchmark generate event that passs from the kernel to the userspace -func TestStress_E2EExecEvent(t *testing.T) { - executable := which(t, "touch") - - rule := &rules.RuleDefinition{ - ID: "test_rule", - Expression: fmt.Sprintf(`open.file.path == "{{.Root}}/folder1/folder2/test-ancestors" && process.file.name == "%s"`, "touch"), - } - - stressExec(t, rule, "folder1/folder2/test-ancestors", executable) -} - -func init() { - flag.BoolVar(&keepProfile, "keep-profile", false, "do not delete profile after run") - flag.StringVar(&reportFile, "report-file", "", "save report of the stress test") - flag.StringVar(&diffBase, "diff-base", "", "source of base stress report for comparison") - flag.IntVar(&duration, "duration", 60, "duration of the run in second") -} diff --git a/pkg/security/tests/syscalls_amd64.go b/pkg/security/tests/syscalls_amd64.go index 6538e1943f6ea..9432105640bc2 100644 --- a/pkg/security/tests/syscalls_amd64.go +++ b/pkg/security/tests/syscalls_amd64.go @@ -3,7 +3,7 @@ // This product includes software developed at Datadog (https://www.datadoghq.com/). // Copyright 2016-present Datadog, Inc. -//go:build linux && ((functionaltests && amd64) || (stresstests && amd64)) +//go:build linux && functionaltests && amd64 // Package tests holds tests related files package tests diff --git a/pkg/security/tests/syscalls_arm64.go b/pkg/security/tests/syscalls_arm64.go index beaeea527f7db..1ea1f0ff45415 100644 --- a/pkg/security/tests/syscalls_arm64.go +++ b/pkg/security/tests/syscalls_arm64.go @@ -3,7 +3,7 @@ // This product includes software developed at Datadog (https://www.datadoghq.com/). // Copyright 2016-present Datadog, Inc. -//go:build (functionaltests && !amd64) || (stresstests && !amd64) +//go:build linux && functionaltests && arm64 package tests diff --git a/pkg/security/tests/testopts.go b/pkg/security/tests/testopts.go index f1a37fc300b57..fe1a31333cc26 100644 --- a/pkg/security/tests/testopts.go +++ b/pkg/security/tests/testopts.go @@ -3,7 +3,7 @@ // This product includes software developed at Datadog (https://www.datadoghq.com/). // Copyright 2016-present Datadog, Inc. -//go:build functionaltests || stresstests +//go:build functionaltests // Package tests holds tests related files package tests diff --git a/tasks/kmt.py b/tasks/kmt.py index 12b0ac2ba1953..2a70c89788ba8 100644 --- a/tasks/kmt.py +++ b/tasks/kmt.py @@ -51,7 +51,7 @@ from tasks.libs.pipeline.tools import loop_status from tasks.libs.releasing.version import VERSION_RE, check_version from tasks.libs.types.arch import Arch, KMTArchName -from tasks.security_agent import build_functional_tests, build_stress_tests +from tasks.security_agent import build_functional_tests from tasks.system_probe import ( BPF_TAG, EMBEDDED_SHARE_DIR, @@ -694,7 +694,6 @@ def kmt_secagent_prepare( skip_object_files=True, arch=arch, ) - build_stress_tests(ctx, output=f"{kmt_paths.secagent_tests}/pkg/security/stresssuite", skip_linters=True) go_path = "go" go_root = os.getenv("GOROOT") diff --git a/tasks/security_agent.py b/tasks/security_agent.py index ee6f65f2b82bc..6b5f20ac20092 100644 --- a/tasks/security_agent.py +++ b/tasks/security_agent.py @@ -45,7 +45,6 @@ BIN_DIR = os.path.join(".", "bin") BIN_PATH = os.path.join(BIN_DIR, "security-agent", bin_name("security-agent")) CI_PROJECT_DIR = os.environ.get("CI_PROJECT_DIR", ".") -STRESS_TEST_SUITE = "stresssuite" @task(iterable=["build_tags"]) @@ -256,47 +255,6 @@ def ninja_c_syscall_tester_common(nw, file_name, build_dir, flags=None, libs=Non return syscall_tester_exe_file -def ninja_c_latency_common(nw, file_name, build_dir, flags=None, libs=None, static=True): - if flags is None: - flags = [] - if libs is None: - libs = [] - - latency_c_dir = os.path.join("pkg", "security", "tests", "latency", "c") - latency_c_file = os.path.join(latency_c_dir, f"{file_name}.c") - latency_exe_file = os.path.join(build_dir, file_name) - - if static: - flags.append("-static") - - nw.build( - inputs=[latency_c_file], - outputs=[latency_exe_file], - rule="execlang", - variables={"exeflags": flags, "exelibs": libs}, - ) - return latency_exe_file - - -def ninja_latency_tools(ctx, build_dir, static=True): - return ninja_c_latency_common(ctx, "bench_net_DNS", build_dir, libs=["-lpthread"], static=static) - - -@task -def build_embed_latency_tools(ctx, static=True): - check_for_ninja(ctx) - build_dir = os.path.join("pkg", "security", "tests", "latency", "bin") - create_dir_if_needed(build_dir) - - nf_path = os.path.join(ctx.cwd, 'latency-tools.ninja') - with open(nf_path, 'w') as ninja_file: - nw = NinjaWriter(ninja_file, width=120) - ninja_define_exe_compiler(nw) - ninja_latency_tools(nw, build_dir, static=static) - - ctx.run(f"ninja -f {nf_path}") - - def ninja_syscall_x86_tester(ctx, build_dir, static=True, compiler='clang'): return ninja_c_syscall_tester_common( ctx, "syscall_x86_tester", build_dir, flags=["-m32"], static=static, compiler=compiler @@ -431,55 +389,6 @@ def build_functional_tests( ctx.run(cmd.format(**args), env=env) -@task -def build_stress_tests( - ctx, - output=f"pkg/security/tests/{STRESS_TEST_SUITE}", - major_version='7', - bundle_ebpf=True, - skip_linters=False, - kernel_release=None, -): - build_embed_latency_tools(ctx) - build_functional_tests( - ctx, - output=output, - major_version=major_version, - build_tags='stresstests', - bundle_ebpf=bundle_ebpf, - skip_linters=skip_linters, - kernel_release=kernel_release, - ) - - -@task -def stress_tests( - ctx, - verbose=False, - major_version='7', - output=f"pkg/security/tests/{STRESS_TEST_SUITE}", - bundle_ebpf=True, - testflags='', - skip_linters=False, - kernel_release=None, -): - build_stress_tests( - ctx, - major_version=major_version, - output=output, - bundle_ebpf=bundle_ebpf, - skip_linters=skip_linters, - kernel_release=kernel_release, - ) - - run_functional_tests( - ctx, - testsuite=output, - verbose=verbose, - testflags=testflags, - ) - - @task def functional_tests( ctx,