ROX-26344: adds runtime configuration to collector (#1866)

Includes support for enabling/disabling external IPs based on runtime config, deferring to existing feature flag if none is provided
stackrox · Oct 1, 2024 · d7ceed3 · d7ceed3
1 parent 8b2d4e6
commit d7ceed3
Show file tree

Hide file tree

Showing 3 changed files with 93 additions and 2 deletions.
diff --git a/collector/lib/CollectorConfig.h b/collector/lib/CollectorConfig.h
@@ -1,13 +1,16 @@
 #ifndef _COLLECTOR_CONFIG_H_
 #define _COLLECTOR_CONFIG_H_
 
+#include <optional>
 #include <ostream>
 #include <vector>
 
 #include <json/json.h>
 
 #include <grpcpp/channel.h>
 
+#include <internalapi/sensor/collector.pb.h>
+
 #include "CollectionMethod.h"
 #include "HostConfig.h"
 #include "NetworkConnection.h"
@@ -83,7 +86,19 @@ class CollectorConfig {
   bool IsProcessesListeningOnPortsEnabled() const { return enable_processes_listening_on_ports_; }
   bool ImportUsers() const { return import_users_; }
   bool CollectConnectionStatus() const { return collect_connection_status_; }
-  bool EnableExternalIPs() const { return enable_external_ips_; }
+
+  // EnableExternalIPs will check for the existence
+  // of a runtime configuration, and defer to that value
+  // otherwise, we rely on the feature flag (env var)
+  bool EnableExternalIPs() const {
+    if (runtime_config_.has_value()) {
+      const auto& cfg = runtime_config_.value();
+      const auto& network_cfg = cfg.network_connection_config();
+      return network_cfg.enable_external_ips();
+    }
+    return enable_external_ips_;
+  }
+
   bool EnableConnectionStats() const { return enable_connection_stats_; }
   bool EnableDetailedMetrics() const { return enable_detailed_metrics_; }
   bool EnableRuntimeConfig() const { return enable_runtime_config_; }
@@ -102,6 +117,18 @@ class CollectorConfig {
 
   static std::pair<option::ArgStatus, std::string> CheckConfiguration(const char* config, Json::Value* root);
 
+  void SetRuntimeConfig(sensor::CollectorConfig&& runtime_config) {
+    runtime_config_ = runtime_config;
+  }
+
+  void SetRuntimeConfig(sensor::CollectorConfig runtime_config) {
+    runtime_config_ = std::move(runtime_config);
+  }
+
+  const std::optional<sensor::CollectorConfig>& GetRuntimeConfig() const {
+    return runtime_config_;
+  }
+
   std::shared_ptr<grpc::Channel> grpc_channel;
 
  protected:
@@ -156,6 +183,8 @@ class CollectorConfig {
 
   std::optional<TlsConfig> tls_config_;
 
+  std::optional<sensor::CollectorConfig> runtime_config_;
+
   void HandleAfterglowEnvVars();
   void HandleConnectionStatsEnvVars();
   void HandleSinspEnvVars();
@@ -165,6 +194,10 @@ class CollectorConfig {
   void SetSinspTotalBufferSize(unsigned int total_buffer_size);
   void SetSinspCpuPerBuffer(unsigned int buffer_size);
   void SetHostConfig(HostConfig* config);
+
+  void SetEnableExternalIPs(bool value) {
+    enable_external_ips_ = value;
+  }
 };
 
 std::ostream& operator<<(std::ostream& os, const CollectorConfig& c);

diff --git a/collector/proto/third_party/stackrox b/collector/proto/third_party/stackrox
diff --git a/collector/test/CollectorConfigTest.cpp b/collector/test/CollectorConfigTest.cpp
@@ -1,3 +1,5 @@
+#include <optional>
+
 #include "CollectorArgs.h"
 #include "CollectorConfig.h"
 #include "gmock/gmock.h"
@@ -26,6 +28,10 @@ class MockCollectorConfig : public CollectorConfig {
   void MockSetSinspCpuPerBuffer(unsigned int value) {
     SetSinspCpuPerBuffer(value);
   }
+
+  void MockSetEnableExternalIPs(bool value) {
+    SetEnableExternalIPs(value);
+  }
 };
 
 // Test that unmodified value is returned, when some dependency values are
@@ -87,4 +93,56 @@ TEST(CollectorConfigTest, TestSinspCpuPerBufferAdjusted) {
   EXPECT_EQ(16384, config.GetSinspBufferSize());
 }
 
+TEST(CollectorConfigTest, TestSetRuntimeConfig) {
+  MockCollectorConfig config;
+
+  EXPECT_EQ(std::nullopt, config.GetRuntimeConfig());
+
+  sensor::CollectorConfig runtime_config;
+
+  config.SetRuntimeConfig(runtime_config);
+
+  EXPECT_NE(std::nullopt, config.GetRuntimeConfig());
+}
+
+TEST(CollectorConfigTest, TestEnableExternalIpsFeatureFlag) {
+  MockCollectorConfig config;
+
+  // without the presence of the runtime configuration
+  // the enable_external_ips_ flag should be used
+
+  config.MockSetEnableExternalIPs(false);
+
+  EXPECT_FALSE(config.EnableExternalIPs());
+
+  config.MockSetEnableExternalIPs(true);
+
+  EXPECT_TRUE(config.EnableExternalIPs());
+}
+
+TEST(CollectorConfigTest, TestEnableExternalIpsRuntimeConfig) {
+  MockCollectorConfig config;
+
+  // With the presence of runtime config, the feature
+  // flag should be ignored
+
+  config.MockSetEnableExternalIPs(true);
+
+  sensor::CollectorConfig runtime_config;
+  sensor::NetworkConnectionConfig* network_config = runtime_config.mutable_network_connection_config();
+
+  network_config->set_enable_external_ips(false);
+
+  config.SetRuntimeConfig(runtime_config);
+
+  EXPECT_FALSE(config.EnableExternalIPs());
+
+  config.MockSetEnableExternalIPs(false);
+
+  network_config->set_enable_external_ips(true);
+  config.SetRuntimeConfig(runtime_config);
+
+  EXPECT_TRUE(config.EnableExternalIPs());
+}
+
 }  // namespace collector