ROX-26344: adds runtime configuration to collector

[Stringy]

Description

Includes support for enabling/disabling external IPs based on runtime config, deferring to existing feature flag if none is provided

In subsequent PRs, the runtime configuration will be populated.

Checklist

• Investigated and inspected CI test results
  - [x] Updated documentation accordingly

Automated testing

• Added unit tests
  - [ ] Added integration tests
  - [ ] Added regression tests

If any of these don't apply, please comment below.

Testing Performed

Unit tests added to exercise the intended behaviour. It is not possible to integration-test this until Sensor->Collector communication has been built.

[ovalenti]

Using the CollectorConfig object makes sense, good idea !

I think that the next steps should be:

• on the Sensor side:
  • Update the proto defs to introduce an enum type wrapping and replacing NetworkFlowsControlMessage
  • introduce the runtime-config object in the new enum
  • implement a switch-case in NetworkStatusNotifier in onRecvControlMessage or its successor
  • when receiving a runtime-config in the new switch-case, update the value in CollectorConfig
• on the ConnTracker side:
  • everytime we start a scrape in either NetworkStatusNotifier::RunSingle or NetworkStatusNotifier::RunSingleAfterglow, set the ExtIP attribute using ConnectionTracker::EnableExternalIPs

[ovalenti]

As discussed previously and in #11746 , we should remember to unify the names of the environment variables that enable the ExtIP feature.

collector/collector/lib/CollectorConfig.cpp

Line 50 in 9828784

BoolEnvVar enable_external_ips("ROX_ENABLE_EXTERNAL_IPS", false);

I think that it would make sense to update CollectorConfig's env var name to match the one in Central (ROX_EXTERNAL_IPS) as part of this PR.

The proposed change has been made, thanks !

[Molter73]

Lets not copy the object every time it's accessed.

Suggested change

	std::optional<sensor::CollectorConfig> GetRuntimeConfig() const {
	const std::optional<sensor::CollectorConfig>& GetRuntimeConfig() const {

[Molter73]

I actually think the ENABLE makes it clearer what the env variable is for. But I would argue a variable in the form <PROGRAM>_<FEATURE>_<PARAM> is even more clear, so in this case we might want to name the variable ROX_EXTERNAL_IPS_ENABLE or ROX_COLLECTOR_EXTERNAL_IPS_ENABLE

[Stringy]

In general I think I agree. @ovalenti what do you think? should we update the central feature flag?

[ovalenti]

In Central, it looks like the convention is to use short names and no verb... https://github.com/stackrox/stackrox/blob/0b83c7607cb58d28e0165e20936f30d0c11d12c0/pkg/features/list.go

Although unifying the flag names seemed like a good idea at first, the collector one is likely not going to be used directly by any customer. So I am starting to think that we could keep the names as they were, or as Mauro suggests.

[JoukoVirtanen]

I don't think ENABLE is needed in the name. In stackrox/stackrox the function to check the value of feature flags is Enable(), so it would seem to be redundant.

[Molter73]

In stackrox/stackrox the function to check the value of feature flags is Enable(), so it would seem to be redundant.

It wouldn't be redundant to a user that is trying to configure collector without any knowledge of what the code in the main repo looks like 🙂

[Stringy]

I will revert this for now and we can decide on naming conventions later on

[JoukoVirtanen]

Approving, but before merging update the stackrox/stackrox submodule as I merged the internal protobuf definitions. Also get approvals from others before merging.

[Molter73]

LGTM!

[Molter73]

We could've also done something like...

return runtime_config_.value()
  .network_connection_config()
  .enable_external_ips();

But meh, this is good too.