Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

ROX-26516: Introspection endpoint for runtime config #1879

Merged
merged 7 commits into from
Oct 10, 2024
Merged

ROX-26516: Introspection endpoint for runtime config #1879

merged 7 commits into from
Oct 10, 2024

Conversation

JoukoVirtanen
Copy link
Contributor

@JoukoVirtanen JoukoVirtanen commented Oct 8, 2024
edited
Loading

Description

Makes it possible to find the current state of the runtime configuration by querying a collector endpoint.

Checklist

  • Investigated and inspected CI test results
  • Updated documentation accordingly

Automated testing

  • Added unit tests
  • Added integration tests
  • Added regression tests

If any of these don't apply, please comment below.

Testing Performed

Deployed ACS on a GKE cluster. Changed the collector image to the one for this PR. Also added the following environment variable

        - name: ROX_COLLECTOR_INTROSPECTION_ENABLE
          value: "true"

Ran the following command

kubectl -n stackrox port-forward ds/collector 8080:8080 > /dev/null 2>&1 &

Queried the endpoint

curl http://localhost:8080/state/config

and got this response

{"networkConnectionConfig":{"enableExternalIps":true}}

Set enableExternalIps to false

The result in this case was

{"networkConnectionConfig":{}}

Not using a ConfigMap

In this case the response was

{}

@JoukoVirtanen JoukoVirtanen force-pushed the jv-ROX-26516-introspection-endpoint-for-runtime-config branch 2 times, most recently from 02326d9 to 691f393 Compare October 9, 2024 00:43
@JoukoVirtanen JoukoVirtanen marked this pull request as ready for review October 9, 2024 00:44
@JoukoVirtanen JoukoVirtanen requested a review from a team as a code owner October 9, 2024 00:44
@ovalenti
Copy link
Contributor

ovalenti commented Oct 9, 2024

I believe that the builder regeneration logic bases its decision on modifications that are part of the PR, which is incorrect here (the base PR modifies builder). Added the build-builder-image with the hope that it fixes the build.

ovalenti
ovalenti previously requested changes Oct 9, 2024
View reviewed changes
docs/troubleshooting.md Outdated Show resolved Hide resolved
collector/lib/CollectorConfigInspector.cpp Outdated Show resolved Hide resolved
Molter73
Molter73 reviewed Oct 9, 2024
View reviewed changes
collector/lib/CollectorConfigInspector.cpp Outdated Show resolved Hide resolved
collector/lib/CollectorConfigInspector.cpp Outdated Show resolved Hide resolved
collector/lib/CollectorConfigInspector.cpp Outdated
CollectorConfigInspector::CollectorConfigInspector(const std::shared_ptr<CollectorConfig> config) : config_(config) {
}

Json::Value CollectorConfigInspector::configToJson() {
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

There are a few situations in this method that could be considered errors, like failing to convert the configuration to JSON, it'd be nice if we could change the HTTP status to 500 if one of these occur, maybe we can return a tuple with the result and the json? Or use a std::variant of sorts?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Done

collector/lib/CollectorConfigInspector.cpp Outdated
Comment on lines 34 to 40
Json::CharReaderBuilder readerBuilder;
std::string errs;
std::istringstream iss(jsonString);
if (!Json::parseFromStream(readerBuilder, iss, &root, &errs)) {
CLOG(ERROR) << "Failed to parse JSON string: " << errs;
return Json::Value();
}
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

If the caller to this method is just going to grab the Json::Value object and turn it into a string, why are we grabbing a string and turning it into a Json::Value here? Why can't we just return the string?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Done

collector/lib/CollectorConfigInspector.h Outdated Show resolved Hide resolved
@ovalenti ovalenti dismissed their stale review October 9, 2024 16:04

Includes changes have been applied

Molter73
Molter73 approved these changes Oct 9, 2024
View reviewed changes
Copy link
Collaborator

@Molter73 Molter73 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Just some minor nitpicks, but otherwise LGTM!

collector/lib/CollectorConfigInspector.cpp Outdated Show resolved Hide resolved
collector/lib/CollectorConfigInspector.cpp Outdated Show resolved Hide resolved
docs/troubleshooting.md Outdated Show resolved Hide resolved
Base automatically changed from jv-read-config-map to master October 9, 2024 17:32
@JoukoVirtanen JoukoVirtanen force-pushed the jv-ROX-26516-introspection-endpoint-for-runtime-config branch from 1aecc1f to 78fde17 Compare October 9, 2024 17:40
@JoukoVirtanen JoukoVirtanen merged commit d6e4d5b into master Oct 10, 2024
70 of 71 checks passed
@JoukoVirtanen JoukoVirtanen deleted the jv-ROX-26516-introspection-endpoint-for-runtime-config branch October 10, 2024 00:08
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@Molter73 Molter73 Molter73 approved these changes

@ovalenti ovalenti ovalenti left review comments

Assignees
No one assigned
Labels
build-builder-image
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@JoukoVirtanen @ovalenti @Molter73