[usm] service discovery, system-probe ignore configured services by name

[yuri-lipnesh]

What does this PR do?

This code adds a hashmap to store processes that should be excluded from processing based on the service name.
This code adds excludes service name 'datadog-agent' from processing.

Motivation

USMON-1226
Some processes cannot be excluded based on the command name, which may be a generic name such as "agent".
In this case, a service can be excluded based on the service name. When a service name is identified, the process ID is stored in an internal table to exclude it from processing.

Describe how to test/QA your changes

This code passed service discovery unit test on local VM
PASS
ok github.com/DataDog/datadog-agent/pkg/collector/corechecks/servicediscovery/module 38.766s

Started couple of programs on local VM and dogfeeded to dddev environment.
Checked that services were reported on APM page "Identify and close your observability gaps"
Checked that services are not reported anymore after adding services to the list of bypassed services.

Possible Drawbacks / Trade-offs

Additional Notes

[agent-platform-auto-pr]

Test changes on VM

Use this command from test-infra-definitions to manually test this PR changes on a VM:

inv create-vm --pipeline-id=48395348 --os-family=ubuntu

Note: This applies to commit a777efa

[guyarb]

why is it in a new file?

[yuri-lipnesh]

source file impl_linux.go already reached 600 lines, which I think it considered large file, I didn't want to increase this file further, this is why new file.

[guyarb]

it is misleading to have methods of the same struct defined on multiple files
let's fold it back to the original file

[yuri-lipnesh]

done

[guyarb]

why only datadog agent?

[yuri-lipnesh]

This is meantime only service defined in scope of the ticket to be bypassed.

[guyarb]

The PR is pretty much irrelevant
Customers with the datadog agent don't set DD_SERVICE for us, and we don't do that by default

So I'm concerned the current implementation does not provide any actual value and impact

[yuri-lipnesh]

Do you want to delete this PR and close Jira ticket?

[guyarb]

no, I want to improve the ticket description, and make the implementation better for the general case

[yuri-lipnesh]

I've updated Jira ticket and title of this PR. Now this PR allows to add excluded service name to system-probe config. The config has one default service "datadog-agent"

[cit-pr-commenter]

Regression Detector

[guyarb]

a function called should.... should only report true/false, and not changing an internal state

[yuri-lipnesh]

I've changed this function

[guyarb]

Always prefer defered unlock, it guarantees future modifications won't miss the unlock

Suggested change

	s.mux.Lock()
	s.ignorePids[pid] = true
	s.mux.Unlock()
	s.mux.Lock()
	defer s.mux.Unlock()
	s.ignorePids[pid] = true

[yuri-lipnesh]

This is very short frequently used function, 'defer' instruction requires additional allocation, which is not necessary in this case. This function is not expected to grow significantly.

[guyarb]

that's a very negligible optimization.
Please follow the effective go guidelines https://go.dev/doc/effective_go#defer
Those are meant to reduce human errors and mistakes

[yuri-lipnesh]

I've changed this function to use 'defer'

[guyarb]

no need to get Process here, if you care only about the PID

[yuri-lipnesh]

I've changed this code and separated ignored service and ignored pid

[guyarb]

why os.Environ?

[yuri-lipnesh]

fixed

[guyarb]

Suggested change

	err := cmd.Start()
	require.NoError(t, err)
	require.NoError(t, cmd.Start())

[yuri-lipnesh]

done

[guyarb]

you're expecting for a certain value (based on the environment variable value), use it

[yuri-lipnesh]

this unit test intends to check that Pid has been bypassed, there are other unit test covering service name extraction. I do not think this unit test should check match of service name.

[guyarb]

then why do you test ddServiceName?

[yuri-lipnesh]

I've added service name verification

[guyarb]

why don't you add the pid to the ignore list?

[yuri-lipnesh]

I've changed this code and separated ignored service and addition of ignored pid

[guyarb]

The ticket and PR should not focus merely on DD_SERVICE, but to filter entries by service name

Please fix the code, PR description and title accordingly

[guyarb]

copy-paste bug, commands list is inaccurate

[yuri-lipnesh]

fixed

[yuri-lipnesh]

/merge

[dd-devflow]

Devflow running: /merge

View all feedbacks in Devflow UI.

---

2024-11-07 17:42:40 UTC ℹ️ MergeQueue: waiting for PR to be ready

This merge request is not mergeable yet, because of pending checks/missing approvals. It will be added to the queue as soon as checks pass and/or get approvals.
Note: if you pushed new commits since the last approval, you may need additional approval.
You can remove it from the waiting list with /remove command.

---

2024-11-07 21:22:32 UTC ℹ️ MergeQueue: pull request added to the queue

The median merge time in main is 24m.

[brycekahle]

Add security-agent and other processes listed in cmd/*?

[yuri-lipnesh]

APM Distributed Tracing team provided us with some test environment with service discovery enabled, I took some DD services from that environment. Apparently security is not enabled there, that's why I don't see that service-agent in the discovery list. I would be careful about adding names that I don't know how they show up in discovery. This is why I prefer not to extend this list at this point.

[guyarb]

@yuri-lipnesh - Bryce is mentioning another DD product that it is not enabled in your environment. Please open a follow up PR to address that, and run PR in dogfooding.

[yuri-lipnesh]

I've created USMON-1339