[CSPM][SEC-5583] migrate compliance check to fx (#14052)

* move compliance check to fx * move stuff around so that it's importable * rename file * migrate cluster agent to use new component enabled check * bug fixes * improve cluster agent config setup * fix windows build
DataDog · Dec 21, 2022 · b47d7b8 · b47d7b8
1 parent 7d28bab
commit b47d7b8
Show file tree

Hide file tree

Showing 9 changed files with 172 additions and 169 deletions.
diff --git a/cmd/cluster-agent/app/compliance_cmd.go b/cmd/cluster-agent/app/compliance_cmd.go
@@ -9,13 +9,10 @@
 package app
 
 import (
-	"fmt"
-
 	"github.com/spf13/cobra"
 
-	"github.com/DataDog/datadog-agent/cmd/agent/common"
-	"github.com/DataDog/datadog-agent/cmd/security-agent/app"
-	"github.com/DataDog/datadog-agent/pkg/config"
+	"github.com/DataDog/datadog-agent/cmd/security-agent/app/subcommands/check"
+	"github.com/DataDog/datadog-agent/comp/core"
 )
 
 var (
@@ -26,17 +23,11 @@ var (
 )
 
 func init() {
-	checkCmd := app.CheckCmd()
-	checkCmd.PreRunE = func(cmd *cobra.Command, args []string) error {
-		// we'll search for a config file named `datadog-cluster.yaml`
-		config.Datadog.SetConfigName("datadog-cluster")
-		err := common.SetupConfig(confPath)
-		if err != nil {
-			return fmt.Errorf("unable to set up global cluster agent configuration: %w", err)
-		}
-		return nil
-	}
+	bundleParams := core.BundleParams{
+		ConfFilePath: confPath,
+		ConfigName:   "datadog-cluster",
+	}.LogForOneShot(string(loggerName), "off", true)
 
-	complianceCmd.AddCommand(checkCmd)
+	complianceCmd.AddCommand(check.Commands(bundleParams)...)
 	ClusterAgentCmd.AddCommand(complianceCmd)
 }
diff --git a/cmd/security-agent/app/app.go b/cmd/security-agent/app/app.go
@@ -35,9 +35,6 @@ import (
 	"github.com/DataDog/datadog-agent/pkg/config/resolver"
 	"github.com/DataDog/datadog-agent/pkg/config/settings"
 	"github.com/DataDog/datadog-agent/pkg/forwarder"
-	"github.com/DataDog/datadog-agent/pkg/logs/client"
-	logshttp "github.com/DataDog/datadog-agent/pkg/logs/client/http"
-	"github.com/DataDog/datadog-agent/pkg/logs/config"
 	"github.com/DataDog/datadog-agent/pkg/pidfile"
 	"github.com/DataDog/datadog-agent/pkg/status/health"
 	"github.com/DataDog/datadog-agent/pkg/tagger"
@@ -112,30 +109,6 @@ Datadog Security Agent takes care of running compliance and security checks.`,
 	return SecurityAgentCmd
 }
 
-func newLogContext(logsConfig *config.LogsConfigKeys, endpointPrefix string, intakeTrackType config.IntakeTrackType, intakeOrigin config.IntakeOrigin, intakeProtocol config.IntakeProtocol) (*config.Endpoints, *client.DestinationsContext, error) {
-	endpoints, err := config.BuildHTTPEndpointsWithConfig(logsConfig, endpointPrefix, intakeTrackType, intakeProtocol, intakeOrigin)
-	if err != nil {
-		endpoints, err = config.BuildHTTPEndpoints(intakeTrackType, intakeProtocol, intakeOrigin)
-		if err == nil {
-			httpConnectivity := logshttp.CheckConnectivity(endpoints.Main)
-			endpoints, err = config.BuildEndpoints(httpConnectivity, intakeTrackType, intakeProtocol, intakeOrigin)
-		}
-	}
-
-	if err != nil {
-		return nil, nil, log.Errorf("Invalid endpoints: %v", err)
-	}
-
-	for _, status := range endpoints.GetStatus() {
-		log.Info(status)
-	}
-
-	destinationsCtx := client.NewDestinationsContext()
-	destinationsCtx.Start()
-
-	return endpoints, destinationsCtx, nil
-}
-
 var errAllComponentsDisabled = errors.New("all security-agent component are disabled")
 
 // RunAgent initialized resources and starts API server

diff --git a/cmd/security-agent/app/common/logs_context.go b/cmd/security-agent/app/common/logs_context.go
@@ -0,0 +1,44 @@
+// Unless explicitly stated otherwise all files in this repository are licensed
+// under the Apache License Version 2.0.
+// This product includes software developed at Datadog (https://www.datadoghq.com/).
+// Copyright 2016-present Datadog, Inc.
+
+package common
+
+import (
+	coreconfig "github.com/DataDog/datadog-agent/pkg/config"
+	"github.com/DataDog/datadog-agent/pkg/logs"
+	"github.com/DataDog/datadog-agent/pkg/logs/client"
+	logshttp "github.com/DataDog/datadog-agent/pkg/logs/client/http"
+	"github.com/DataDog/datadog-agent/pkg/logs/config"
+	"github.com/DataDog/datadog-agent/pkg/util/log"
+)
+
+func NewLogContextCompliance() (*config.Endpoints, *client.DestinationsContext, error) {
+	logsConfigComplianceKeys := config.NewLogsConfigKeys("compliance_config.endpoints.", coreconfig.Datadog)
+	return NewLogContext(logsConfigComplianceKeys, "cspm-intake.", "compliance", config.DefaultIntakeOrigin, logs.AgentJSONIntakeProtocol)
+}
+
+func NewLogContext(logsConfig *config.LogsConfigKeys, endpointPrefix string, intakeTrackType config.IntakeTrackType, intakeOrigin config.IntakeOrigin, intakeProtocol config.IntakeProtocol) (*config.Endpoints, *client.DestinationsContext, error) {
+	endpoints, err := config.BuildHTTPEndpointsWithConfig(logsConfig, endpointPrefix, intakeTrackType, intakeProtocol, intakeOrigin)
+	if err != nil {
+		endpoints, err = config.BuildHTTPEndpoints(intakeTrackType, intakeProtocol, intakeOrigin)
+		if err == nil {
+			httpConnectivity := logshttp.CheckConnectivity(endpoints.Main)
+			endpoints, err = config.BuildEndpoints(httpConnectivity, intakeTrackType, intakeProtocol, intakeOrigin)
+		}
+	}
+
+	if err != nil {
+		return nil, nil, log.Errorf("Invalid endpoints: %v", err)
+	}
+
+	for _, status := range endpoints.GetStatus() {
+		log.Info(status)
+	}
+
+	destinationsCtx := client.NewDestinationsContext()
+	destinationsCtx.Start()
+
+	return endpoints, destinationsCtx, nil
+}
diff --git a/cmd/security-agent/app/compliance.go b/cmd/security-agent/app/compliance.go
@@ -12,29 +12,22 @@ import (
 
 	ddgostatsd "github.com/DataDog/datadog-go/v5/statsd"
 
+	"github.com/DataDog/datadog-agent/cmd/security-agent/app/common"
 	"github.com/DataDog/datadog-agent/pkg/collector/runner"
 	"github.com/DataDog/datadog-agent/pkg/collector/scheduler"
 	"github.com/DataDog/datadog-agent/pkg/compliance/agent"
 	"github.com/DataDog/datadog-agent/pkg/compliance/checks"
 	"github.com/DataDog/datadog-agent/pkg/compliance/event"
 	coreconfig "github.com/DataDog/datadog-agent/pkg/config"
-	"github.com/DataDog/datadog-agent/pkg/logs"
-	"github.com/DataDog/datadog-agent/pkg/logs/client"
-	"github.com/DataDog/datadog-agent/pkg/logs/config"
 	"github.com/DataDog/datadog-agent/pkg/util/log"
 	"github.com/DataDog/datadog-agent/pkg/util/startstop"
 )
 
-func newLogContextCompliance() (*config.Endpoints, *client.DestinationsContext, error) {
-	logsConfigComplianceKeys := config.NewLogsConfigKeys("compliance_config.endpoints.", coreconfig.Datadog)
-	return newLogContext(logsConfigComplianceKeys, "cspm-intake.", "compliance", config.DefaultIntakeOrigin, logs.AgentJSONIntakeProtocol)
-}
-
 func eventRun(eventArgs *eventCliParams) error {
 	stopper := startstop.NewSerialStopper()
 	defer stopper.Stop()
 
-	endpoints, dstContext, err := newLogContextCompliance()
+	endpoints, dstContext, err := common.NewLogContextCompliance()
 	if err != nil {
 		return err
 	}
@@ -66,7 +59,7 @@ func startCompliance(hostname string, stopper startstop.Stopper, statsdClient *d
 		return nil, nil
 	}
 
-	endpoints, context, err := newLogContextCompliance()
+	endpoints, context, err := common.NewLogContextCompliance()
 	if err != nil {
 		log.Error(err)
 	}

diff --git a/cmd/security-agent/app/compliance_cmds.go b/cmd/security-agent/app/compliance_cmds.go
@@ -9,6 +9,7 @@ import (
 	"github.com/spf13/cobra"
 
 	"github.com/DataDog/datadog-agent/cmd/security-agent/app/common"
+	"github.com/DataDog/datadog-agent/cmd/security-agent/app/subcommands/check"
 	"github.com/DataDog/datadog-agent/pkg/compliance/event"
 )
 
@@ -19,7 +20,7 @@ func ComplianceCommands(globalParams *common.GlobalParams) []*cobra.Command {
 	}
 
 	complianceCmd.AddCommand(complianceEventCommand(globalParams))
-	complianceCmd.AddCommand(CheckCommands(globalParams)...)
+	complianceCmd.AddCommand(check.SecAgentCommands(globalParams)...)
 
 	return []*cobra.Command{complianceCmd}
 }

diff --git a/cmd/security-agent/app/runtime.go b/cmd/security-agent/app/runtime.go
@@ -659,7 +659,7 @@ func newRuntimeReporter(stopper startstop.Stopper, sourceName, sourceType string
 // This function will only be used on Linux. The only platforms where the runtime agent runs
 func newLogContextRuntime() (*config.Endpoints, *client.DestinationsContext, error) { // nolint: deadcode, unused
 	logsConfigComplianceKeys := config.NewLogsConfigKeys("runtime_security_config.endpoints.", coreconfig.Datadog)
-	return newLogContext(logsConfigComplianceKeys, "runtime-security-http-intake.logs.", "logs", cwsIntakeOrigin, config.DefaultIntakeProtocol)
+	return common.NewLogContext(logsConfigComplianceKeys, "runtime-security-http-intake.logs.", "logs", cwsIntakeOrigin, config.DefaultIntakeProtocol)
 }
 
 func startRuntimeSecurity(hostname string, stopper startstop.Stopper, statsdClient *ddgostatsd.Client) (*secagent.RuntimeSecurityAgent, error) {