Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Fix runtime security volumes creation #362

Merged
merged 1 commit into from
Aug 25, 2021
Merged

Fix runtime security volumes creation #362

merged 1 commit into from
Aug 25, 2021

Conversation

clamoriniere
Copy link
Collaborator

What does this PR do?

Bug discovered during the QA of #342.

  • Fix defaulting of system-probe if security.runtime is enabled.
  • Mount the security-runtime empty dir even if policydir is not set.

Motivation

Additional Notes

Anything else we should know when reviewing?

Describe your test plan

Bug discovered with the following DatadogAgent configuration

apiVersion: datadoghq.com/v1alpha1
kind: DatadogAgent
metadata:
  name: datadog
  namespace: datadog
spec:
  credentials:
    apiKey: REDACTED
    appKey: REDACTED
  agent:
    clusterName: foo
    config:
      kubelet:
        tlsVerify: false
    image:
      name: "gcr.io/datadoghq/agent:latest"
    apm:
      enabled: true
    process:
      enabled: true
      processCollectionEnabled: true
    log:
      enabled: true
    systemProbe:
      bpfDebugEnabled: true
    security:
      runtime:
        enabled: true

@clamoriniere clamoriniere requested a review from a team as a code owner August 23, 2021 12:46
@clamoriniere clamoriniere added this to the v0.7 milestone Aug 23, 2021
@clamoriniere clamoriniere added bug Something isn't working component/controller labels Aug 23, 2021
@clamoriniere clamoriniere changed the base branch from main to v0.7 August 23, 2021 14:07
@clamoriniere clamoriniere changed the base branch from v0.7 to main August 23, 2021 14:08
@clamoriniere clamoriniere force-pushed the clamoriniere/fix-security-runtime-volumes branch from 5daf433 to 725b908 Compare August 23, 2021 14:15
@clamoriniere clamoriniere changed the base branch from main to v0.7 August 23, 2021 14:16
@codecov-commenter
Copy link

Codecov Report

Merging #362 (725b908) into v0.7 (9655bc5) will increase coverage by 0.01%.
The diff coverage is 72.72%.

Impacted file tree graph

@@            Coverage Diff             @@
##             v0.7     #362      +/-   ##
==========================================
+ Coverage   65.04%   65.06%   +0.01%     
==========================================
  Files          63       63              
  Lines        6901     6907       +6     
==========================================
+ Hits         4489     4494       +5     
- Misses       2093     2094       +1     
  Partials      319      319
Flag Coverage Δ
unittests 65.06% <72.72%> (+0.01%) ⬆️

Flags with carried forward coverage won't be shown. Click here to find out more.

Impacted Files Coverage Δ
api/v1alpha1/datadogagent_default.go 81.12% <40.00%> (-0.08%) ⬇️
controllers/datadogagent/utils.go 84.30% <100.00%> (+0.03%) ⬆️

Continue to review full report at Codecov.

Legend - Click here to learn more
Δ = absolute <relative> (impact), ø = not affected, ? = missing data
Powered by Codecov. Last update 9655bc5...725b908. Read the comment docs.

clamoriniere
clamoriniere commented Aug 23, 2021
View reviewed changes
api/v1alpha1/datadogagent_default.go
sysOverride = agent.SystemProbe
}

if agent.Security != nil && BoolValue(agent.Security.Runtime.Enabled) {
Copy link
Collaborator Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

agent.Security.Runtime is not a pointer: link

@clamoriniere clamoriniere merged commit aa76649 into v0.7 Aug 25, 2021
@clamoriniere clamoriniere deleted the clamoriniere/fix-security-runtime-volumes branch August 25, 2021 10:18
@clamoriniere clamoriniere mentioned this pull request Sep 13, 2021
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@davidor davidor davidor approved these changes

@github-actions github-actions[bot] github-actions approved these changes

Assignees
No one assigned
Labels
bug Something isn't working component/controller
Projects
None yet
Milestone
v0.7
Development

Successfully merging this pull request may close these issues.

None yet
3 participants
@clamoriniere @codecov-commenter @davidor