From 9828784f88b7b7f07b0af6b5af0653ce85af823a Mon Sep 17 00:00:00 2001 From: Giles Hutton Date: Thu, 26 Sep 2024 10:37:58 +0100 Subject: [PATCH 1/6] ROX-26344: adds runtime configuration to collector Includes support for enabling/disabling external IPs based on runtime config, deferring to existing feature flag if none is provided --- collector/lib/CollectorConfig.h | 31 +++++++++++++- collector/proto/third_party/stackrox | 2 +- collector/test/CollectorConfigTest.cpp | 58 ++++++++++++++++++++++++++ 3 files changed, 89 insertions(+), 2 deletions(-) diff --git a/collector/lib/CollectorConfig.h b/collector/lib/CollectorConfig.h index 1d803ed1e3..b0210ca86d 100644 --- a/collector/lib/CollectorConfig.h +++ b/collector/lib/CollectorConfig.h @@ -1,6 +1,7 @@ #ifndef _COLLECTOR_CONFIG_H_ #define _COLLECTOR_CONFIG_H_ +#include #include #include @@ -8,6 +9,8 @@ #include +#include + #include "CollectionMethod.h" #include "HostConfig.h" #include "NetworkConnection.h" @@ -75,7 +78,19 @@ class CollectorConfig { bool IsProcessesListeningOnPortsEnabled() const { return enable_processes_listening_on_ports_; } bool ImportUsers() const { return import_users_; } bool CollectConnectionStatus() const { return collect_connection_status_; } - bool EnableExternalIPs() const { return enable_external_ips_; } + + // EnableExternalIPs will check for the existence + // of a runtime configuration, and defer to that value + // otherwise, we rely on the feature flag (env var) + bool EnableExternalIPs() const { + if (runtime_config_.has_value()) { + auto cfg = runtime_config_.value(); + auto network_cfg = cfg.network_connection_config(); + return network_cfg.enable_external_ips(); + } + return enable_external_ips_; + } + bool EnableConnectionStats() const { return enable_connection_stats_; } bool EnableDetailedMetrics() const { return enable_detailed_metrics_; } bool EnableRuntimeConfig() const { return enable_runtime_config_; } @@ -93,6 +108,14 @@ class CollectorConfig { static std::pair CheckConfiguration(const char* config, Json::Value* root); + void SetRuntimeConfig(sensor::CollectorConfig runtime_config) { + runtime_config_ = std::move(runtime_config); + } + + std::optional GetRuntimeConfig() const { + return runtime_config_; + } + std::shared_ptr grpc_channel; protected: @@ -146,6 +169,8 @@ class CollectorConfig { std::optional tls_config_; + std::optional runtime_config_; + void HandleAfterglowEnvVars(); void HandleConnectionStatsEnvVars(); void HandleSinspEnvVars(); @@ -155,6 +180,10 @@ class CollectorConfig { void SetSinspTotalBufferSize(unsigned int total_buffer_size); void SetSinspCpuPerBuffer(unsigned int buffer_size); void SetHostConfig(HostConfig* config); + + void SetEnableExternalIPs(bool value) { + enable_external_ips_ = value; + } }; std::ostream& operator<<(std::ostream& os, const CollectorConfig& c); diff --git a/collector/proto/third_party/stackrox b/collector/proto/third_party/stackrox index 7b6bc042b9..1c826a2fdc 160000 --- a/collector/proto/third_party/stackrox +++ b/collector/proto/third_party/stackrox @@ -1 +1 @@ -Subproject commit 7b6bc042b9352869ccfbc5e928889cdc61ece7b5 +Subproject commit 1c826a2fdcc086a07c9b58390dee02c092f82ec7 diff --git a/collector/test/CollectorConfigTest.cpp b/collector/test/CollectorConfigTest.cpp index e6138a796b..bdf5af190e 100644 --- a/collector/test/CollectorConfigTest.cpp +++ b/collector/test/CollectorConfigTest.cpp @@ -1,3 +1,5 @@ +#include + #include "CollectorArgs.h" #include "CollectorConfig.h" #include "gmock/gmock.h" @@ -26,6 +28,10 @@ class MockCollectorConfig : public CollectorConfig { void MockSetSinspCpuPerBuffer(unsigned int value) { SetSinspCpuPerBuffer(value); } + + void MockSetEnableExternalIPs(bool value) { + SetEnableExternalIPs(value); + } }; // Test that unmodified value is returned, when some dependency values are @@ -87,4 +93,56 @@ TEST(CollectorConfigTest, TestSinspCpuPerBufferAdjusted) { EXPECT_EQ(16384, config.GetSinspBufferSize()); } +TEST(CollectorConfigTest, TestSetRuntimeConfig) { + MockCollectorConfig config; + + EXPECT_EQ(std::nullopt, config.GetRuntimeConfig()); + + sensor::CollectorConfig runtime_config; + + config.SetRuntimeConfig(runtime_config); + + EXPECT_NE(std::nullopt, config.GetRuntimeConfig()); +} + +TEST(CollectorConfigTest, TestEnableExternalIpsFeatureFlag) { + MockCollectorConfig config; + + // without the presence of the runtime configuration + // the enable_external_ips_ flag should be used + + config.MockSetEnableExternalIPs(false); + + EXPECT_FALSE(config.EnableExternalIPs()); + + config.MockSetEnableExternalIPs(true); + + EXPECT_TRUE(config.EnableExternalIPs()); +} + +TEST(CollectorConfigTest, TestEnableExternalIpsRuntimeConfig) { + MockCollectorConfig config; + + // With the presence of runtime config, the feature + // flag should be ignored + + config.MockSetEnableExternalIPs(true); + + sensor::CollectorConfig runtime_config; + sensor::NetworkConnectionConfig* network_config = runtime_config.mutable_network_connection_config(); + + network_config->set_enable_external_ips(false); + + config.SetRuntimeConfig(runtime_config); + + EXPECT_FALSE(config.EnableExternalIPs()); + + config.MockSetEnableExternalIPs(false); + + network_config->set_enable_external_ips(true); + config.SetRuntimeConfig(runtime_config); + + EXPECT_TRUE(config.EnableExternalIPs()); +} + } // namespace collector From f69fb511561628366275caee7cfa539df121b1ff Mon Sep 17 00:00:00 2001 From: Giles Hutton Date: Thu, 26 Sep 2024 14:45:11 +0100 Subject: [PATCH 2/6] Normalize external IPs feature flag to match central --- collector/lib/CollectorConfig.cpp | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/collector/lib/CollectorConfig.cpp b/collector/lib/CollectorConfig.cpp index a876c872f7..114e33f58d 100644 --- a/collector/lib/CollectorConfig.cpp +++ b/collector/lib/CollectorConfig.cpp @@ -47,7 +47,7 @@ BoolEnvVar set_import_users("ROX_COLLECTOR_SET_IMPORT_USERS", false); BoolEnvVar collect_connection_status("ROX_COLLECT_CONNECTION_STATUS", true); -BoolEnvVar enable_external_ips("ROX_ENABLE_EXTERNAL_IPS", false); +BoolEnvVar enable_external_ips("ROX_EXTERNAL_IPS", false); BoolEnvVar enable_connection_stats("ROX_COLLECTOR_ENABLE_CONNECTION_STATS", true); From 659408162335b607468564a63f4dde8b4931c975 Mon Sep 17 00:00:00 2001 From: Giles Hutton Date: Fri, 27 Sep 2024 10:42:42 +0100 Subject: [PATCH 3/6] Avoid copies --- collector/lib/CollectorConfig.h | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/collector/lib/CollectorConfig.h b/collector/lib/CollectorConfig.h index b0210ca86d..a223e9cdf7 100644 --- a/collector/lib/CollectorConfig.h +++ b/collector/lib/CollectorConfig.h @@ -84,8 +84,8 @@ class CollectorConfig { // otherwise, we rely on the feature flag (env var) bool EnableExternalIPs() const { if (runtime_config_.has_value()) { - auto cfg = runtime_config_.value(); - auto network_cfg = cfg.network_connection_config(); + const auto& cfg = runtime_config_.value(); + const auto& network_cfg = cfg.network_connection_config(); return network_cfg.enable_external_ips(); } return enable_external_ips_; @@ -112,7 +112,7 @@ class CollectorConfig { runtime_config_ = std::move(runtime_config); } - std::optional GetRuntimeConfig() const { + const std::optional& GetRuntimeConfig() const { return runtime_config_; } From 56d2ac32889cca1abc234595f6b4b451fa48df16 Mon Sep 17 00:00:00 2001 From: Giles Hutton Date: Fri, 27 Sep 2024 13:56:39 +0100 Subject: [PATCH 4/6] Add rvalue version of SetRuntimeConfig --- collector/lib/CollectorConfig.h | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/collector/lib/CollectorConfig.h b/collector/lib/CollectorConfig.h index a223e9cdf7..3783cebc69 100644 --- a/collector/lib/CollectorConfig.h +++ b/collector/lib/CollectorConfig.h @@ -108,6 +108,10 @@ class CollectorConfig { static std::pair CheckConfiguration(const char* config, Json::Value* root); + void SetRuntimeConfig(sensor::CollectorConfig&& runtime_config) { + runtime_config_ = runtime_config; + } + void SetRuntimeConfig(sensor::CollectorConfig runtime_config) { runtime_config_ = std::move(runtime_config); } From 7c8f09e6eef9b0ea69f11f4ba53ea7ab55257fef Mon Sep 17 00:00:00 2001 From: Giles Hutton Date: Mon, 30 Sep 2024 08:42:36 +0100 Subject: [PATCH 5/6] Update stackrox submodule to include finalised runtime config protos --- collector/proto/third_party/stackrox | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/collector/proto/third_party/stackrox b/collector/proto/third_party/stackrox index 1c826a2fdc..830cd40b68 160000 --- a/collector/proto/third_party/stackrox +++ b/collector/proto/third_party/stackrox @@ -1 +1 @@ -Subproject commit 1c826a2fdcc086a07c9b58390dee02c092f82ec7 +Subproject commit 830cd40b682bd1c3f92ca5bd4a12e3455c6a8e77 From 1b242b3b72d7341f4337451529721556208f86a8 Mon Sep 17 00:00:00 2001 From: Giles Hutton Date: Tue, 1 Oct 2024 09:11:56 +0100 Subject: [PATCH 6/6] Revert external ips env var name change --- collector/lib/CollectorConfig.cpp | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/collector/lib/CollectorConfig.cpp b/collector/lib/CollectorConfig.cpp index 114e33f58d..a876c872f7 100644 --- a/collector/lib/CollectorConfig.cpp +++ b/collector/lib/CollectorConfig.cpp @@ -47,7 +47,7 @@ BoolEnvVar set_import_users("ROX_COLLECTOR_SET_IMPORT_USERS", false); BoolEnvVar collect_connection_status("ROX_COLLECT_CONNECTION_STATUS", true); -BoolEnvVar enable_external_ips("ROX_EXTERNAL_IPS", false); +BoolEnvVar enable_external_ips("ROX_ENABLE_EXTERNAL_IPS", false); BoolEnvVar enable_connection_stats("ROX_COLLECTOR_ENABLE_CONNECTION_STATS", true);