fix(shield): move host response action helper to features

Signed-off-by: Roberto Scolaro <[email protected]>

Author: therealbobo

charts/shield/templates/host/_helpers.tpl

@@ -231,16 +231,13 @@ true
 
 {{/*
   This function checks if the response_actions feature is enabled for the host.
-  It first checks the additional_settings and then the features.
-  If neither is found, it defaults to false.
+  It checks features.respond or features.responding for response_actions.
+  If not found, it defaults to false.
 */}}
 {{- define "host.response_actions_enabled" }}
-{{- $feature_respond := dig "respond" (dict) .Values.features }}
-{{- $additional_features := dig "features" (dict) .Values.host.additional_settings }}
-{{- $additional_respond := dig "respond" (dict) $additional_features }}
-{{- if hasKey $additional_respond "response_actions" }}
-{{- dig "response_actions" "enabled" false $additional_respond -}}
-{{- else if hasKey $feature_respond "response_actions" }}
+{{- $respondKey := include "host.respond_key" .Values.features }}
+{{- $feature_respond := dig $respondKey (dict) .Values.features }}
+{{- if hasKey $feature_respond "response_actions" }}
 {{- dig "response_actions" "enabled" false $feature_respond -}}
 {{- end }}
 {{- end }}
@@ -252,13 +249,10 @@ true
 */}}
 {{- define "host.response_actions_needs_higher_privileges" }}
 {{- if eq (include "host.response_actions_enabled" .) "true" }}
-{{- $feature_respond := dig "respond" (dict) .Values.features }}
-{{- $additional_features := dig "features" (dict) .Values.host.additional_settings }}
-{{- $additional_respond := dig "respond" (dict) $additional_features }}
+{{- $respondKey := include "host.respond_key" .Values.features }}
+{{- $feature_respond := dig $respondKey (dict) .Values.features }}
 {{- $response_actions := dict }}
-{{- if hasKey $additional_respond "response_actions" }}
-  {{- $response_actions = get $additional_respond "response_actions" }}
-{{- else if hasKey $feature_respond "response_actions" }}
+{{- if hasKey $feature_respond "response_actions" }}
   {{- $response_actions = get $feature_respond "response_actions" }}
 {{- end }}
 {{- $file_acquire_trigger := dig "file_acquire" "trigger" "all" $response_actions }}

charts/shield/tests/host/daemonset_test.yaml

@@ -382,29 +382,6 @@ tests:
       - notExists:
           path: spec.template.spec.volumes[?(@.name == "host-tmp")]
 
-  - it: Host root mounted when response_actions is enabled (additional_settings)
-    set:
-      host:
-        additional_settings:
-          features:
-            respond:
-              response_actions:
-                enabled: true
-    asserts:
-      - contains:
-          path: spec.template.spec.volumes
-          content:
-            name: host-root
-            hostPath:
-              path: /
-      - contains:
-          path: spec.template.spec.containers[?(@.name == "sysdig-host-shield")].volumeMounts
-          content:
-            name: host-root
-            mountPath: /host
-      - notExists:
-          path: spec.template.spec.volumes[?(@.name == "host-tmp")]
-
   - it: Host root mounted when response_actions is enabled (features)
     set:
       features:
@@ -426,33 +403,6 @@ tests:
       - notExists:
           path: spec.template.spec.volumes[?(@.name == "host-tmp")]
 
-  - it: Host root mounted when response_actions is enabled (only on additional_settings)
-    set:
-      features:
-        respond:
-          response_actions:
-            enabled: false
-      host:
-        additional_settings:
-          features:
-            respond:
-              response_actions:
-                enabled: true
-    asserts:
-      - contains:
-          path: spec.template.spec.volumes
-          content:
-            name: host-root
-            hostPath:
-              path: /
-      - contains:
-          path: spec.template.spec.containers[?(@.name == "sysdig-host-shield")].volumeMounts
-          content:
-            name: host-root
-            mountPath: /host
-      - notExists:
-          path: spec.template.spec.volumes[?(@.name == "host-tmp")]
-
   - it: Host root mounted when host scanner is enabled
     set:
       features: