diff --git a/test/kitchen/test-definitions/upgrade6-test.yml b/test/kitchen/test-definitions/upgrade6-test.yml index 0d63edc7782ff..166c7df74e270 100644 --- a/test/kitchen/test-definitions/upgrade6-test.yml +++ b/test/kitchen/test-definitions/upgrade6-test.yml @@ -37,6 +37,5 @@ suites: dd-agent-upgrade-rspec: # Used by the rspec test to know the version to which the agent should be upgraded agent_expected_version: &agent_expected_version <%= ENV['DD_AGENT_EXPECTED_VERSION'] || "5.99.0" %> - cws_included: &cws_included <%= ENV['WINDOWS_DDPROCMON_DRIVER'] || false %> dd-agent-rspec: skip_windows_signing_test: &skip_windows_signing_test <%= ENV['SKIP_SIGNATURE_TEST'] || false %> diff --git a/test/kitchen/test-definitions/upgrade7-test.yml b/test/kitchen/test-definitions/upgrade7-test.yml index 18a997c7572a9..0a5f6a7e75bf3 100644 --- a/test/kitchen/test-definitions/upgrade7-test.yml +++ b/test/kitchen/test-definitions/upgrade7-test.yml @@ -43,6 +43,5 @@ suites: dd-agent-upgrade-rspec: # Used by the rspec test to know the version to which the agent should be upgraded agent_expected_version: &agent_expected_version <%= ENV['DD_AGENT_EXPECTED_VERSION'] || "5.99.0" %> - cws_included: &cws_included <%= ENV['WINDOWS_DDPROCMON_DRIVER'] || false %> dd-agent-rspec: skip_windows_signing_test: &skip_windows_signing_test <%= ENV['SKIP_SIGNATURE_TEST'] || false %> diff --git a/test/kitchen/test-definitions/windows-cwsinstall.yml b/test/kitchen/test-definitions/windows-cwsinstall.yml index 6bcacae7f71b5..f2baf33d3737a 100644 --- a/test/kitchen/test-definitions/windows-cwsinstall.yml +++ b/test/kitchen/test-definitions/windows-cwsinstall.yml @@ -28,4 +28,3 @@ suites: dd-agent-rspec: agent_flavor: <%= ENV['AGENT_FLAVOR'] || "datadog-agent" %> skip_windows_signing_test: &skip_windows_signing_test <%= ENV['SKIP_SIGNATURE_TEST'] || false %> - cws_included: &cws_included <%= ENV['WINDOWS_DDPROCMON_DRIVER'] || false %> diff --git a/test/kitchen/test/integration/common/rspec_datadog/spec_helper.rb b/test/kitchen/test/integration/common/rspec_datadog/spec_helper.rb index 386e9e19e2bca..dd2344e198a4e 100644 --- a/test/kitchen/test/integration/common/rspec_datadog/spec_helper.rb +++ b/test/kitchen/test/integration/common/rspec_datadog/spec_helper.rb @@ -370,17 +370,6 @@ def dogstatsd_processes_running? false end -def expect_windows_cws? - if os == :windows && get_agent_flavor == 'datadog-agent' - cws = parse_dna().fetch('dd-agent-rspec').fetch('cws_included') - if cws == "testsigned" || cws == "release-signed" || cws == "attestation-signed" - return true - end - end - return false - -end - def deploy_cws? os != :windows && get_agent_flavor == 'datadog-agent' && diff --git a/test/kitchen/test/integration/win-agent-with-cws-option/rspec_datadog/win-agent-with-cws-option_spec.rb b/test/kitchen/test/integration/win-agent-with-cws-option/rspec_datadog/win-agent-with-cws-option_spec.rb index ef56917863609..ee4063d3e1a1d 100644 --- a/test/kitchen/test/integration/win-agent-with-cws-option/rspec_datadog/win-agent-with-cws-option_spec.rb +++ b/test/kitchen/test/integration/win-agent-with-cws-option/rspec_datadog/win-agent-with-cws-option_spec.rb @@ -3,10 +3,8 @@ shared_examples_for 'a Windows Agent with CWS driver disabled' do - if expect_windows_cws? - it 'has the service disabled' do - expect(is_windows_service_disabled("ddprocmon")).to be_truthy - end + it 'has the service disabled' do + expect(is_windows_service_disabled("ddprocmon")).to be_truthy end end @@ -15,80 +13,61 @@ expect(is_windows_service_installed("datadog-system-probe")).to be_truthy end - if expect_windows_cws? - it 'has required services installed' do - expect(is_windows_service_installed("datadog-security-agent")).to be_truthy - expect(is_windows_service_installed("ddprocmon")).to be_truthy - end - it 'has driver files' do - program_files = safe_program_files - expect(File).to exist("#{program_files}\\DataDog\\Datadog Agent\\bin\\agent\\driver\\ddprocmon.cat") - expect(File).to exist("#{program_files}\\DataDog\\Datadog Agent\\bin\\agent\\driver\\ddprocmon.sys") - expect(File).to exist("#{program_files}\\DataDog\\Datadog Agent\\bin\\agent\\driver\\ddprocmon.inf") - end + it 'has required services installed' do + expect(is_windows_service_installed("datadog-security-agent")).to be_truthy + expect(is_windows_service_installed("ddprocmon")).to be_truthy + end + it 'has driver files' do + program_files = safe_program_files + expect(File).to exist("#{program_files}\\DataDog\\Datadog Agent\\bin\\agent\\driver\\ddprocmon.cat") + expect(File).to exist("#{program_files}\\DataDog\\Datadog Agent\\bin\\agent\\driver\\ddprocmon.sys") + expect(File).to exist("#{program_files}\\DataDog\\Datadog Agent\\bin\\agent\\driver\\ddprocmon.inf") + end - it 'does not have the driver running on install' do - ## verify that the driver is not started yet - expect(is_service_running?("ddprocmon")).to be_falsey - end - else - ## if windows CWS is not expected, do the reverse check (that services aren't installed, files - ## not present, etc.) Once CWS is released, remove this part of the test. - it 'does not have cws services installed' do - expect(is_windows_service_installed("datadog-security-agent")).to be_falsey - expect(is_windows_service_installed("ddprocmon")).to be_falsey - end - it 'does not have driver files' do - program_files = safe_program_files - expect(File).not_to exist("#{program_files}\\DataDog\\Datadog Agent\\bin\\agent\\driver\\ddprocmon.cat") - expect(File).not_to exist("#{program_files}\\DataDog\\Datadog Agent\\bin\\agent\\driver\\ddprocmon.sys") - expect(File).not_to exist("#{program_files}\\DataDog\\Datadog Agent\\bin\\agent\\driver\\ddprocmon.inf") - end + it 'does not have the driver running on install' do + ## verify that the driver is not started yet + expect(is_service_running?("ddprocmon")).to be_falsey end - - end shared_examples_for 'a Windows Agent with CWS running' do - if expect_windows_cws? - it 'has cws services not started by default' do - expect(is_service_running?("datadog-system-probe")).to be_falsey - expect(is_service_running?("datadog-security-agent")).to be_falsey - end + it 'has cws services not started by default' do + expect(is_service_running?("datadog-system-probe")).to be_falsey + expect(is_service_running?("datadog-security-agent")).to be_falsey + end - it 'has default config files' do - expect(File).to exist(get_conf_file("system-probe.yaml")) - expect(File).to exist(get_conf_file("security-agent.yaml")) - end - it 'can start security agent' do + it 'has default config files' do + expect(File).to exist(get_conf_file("system-probe.yaml")) + expect(File).to exist(get_conf_file("security-agent.yaml")) + end + it 'can start security agent' do - enable_cws(get_conf_file("system-probe.yaml"), true) - enable_cws(get_conf_file("security-agent.yaml"), true) + enable_cws(get_conf_file("system-probe.yaml"), true) + enable_cws(get_conf_file("security-agent.yaml"), true) - stop "datadog-agent" - - start "datadog-agent" - sleep 30 - expect(is_service_running?("datadogagent")).to be_truthy - expect(is_service_running?("datadog-system-probe")).to be_truthy - expect(is_service_running?("datadog-security-agent")).to be_truthy - end - it 'can gracefully shut down security agent' do - stop "datadog-agent" - - ## these tests return false for any state other than running. So "shutting down" - ## will erroneously pass here - expect(is_service_running?("datadogagent")).to be_falsey - expect(is_service_running?("datadog-system-probe")).to be_falsey - expect(is_service_running?("datadog-security-agent")).to be_falsey + stop "datadog-agent" + + start "datadog-agent" + sleep 30 + expect(is_service_running?("datadogagent")).to be_truthy + expect(is_service_running?("datadog-system-probe")).to be_truthy + expect(is_service_running?("datadog-security-agent")).to be_truthy + end + it 'can gracefully shut down security agent' do + stop "datadog-agent" + + ## these tests return false for any state other than running. So "shutting down" + ## will erroneously pass here + expect(is_service_running?("datadogagent")).to be_falsey + expect(is_service_running?("datadog-system-probe")).to be_falsey + expect(is_service_running?("datadog-security-agent")).to be_falsey - ## so also check that the process is actually gone - expect(security_agent_running?).to be_falsey - expect(system_probe_running?).to be_falsey + ## so also check that the process is actually gone + expect(security_agent_running?).to be_falsey + expect(system_probe_running?).to be_falsey - end - end ## endif expect CWS, no tests at all if not expected. + end end diff --git a/tools/windows/DatadogAgentInstaller/CustomActions/ServiceCustomAction.cs b/tools/windows/DatadogAgentInstaller/CustomActions/ServiceCustomAction.cs index f5a820156e194..2df3f31f84eee 100644 --- a/tools/windows/DatadogAgentInstaller/CustomActions/ServiceCustomAction.cs +++ b/tools/windows/DatadogAgentInstaller/CustomActions/ServiceCustomAction.cs @@ -193,11 +193,7 @@ private void ConfigureServiceUsers(string ddAgentUserName, SecurityIdentifier dd _serviceController.SetCredentials(Constants.SystemProbeServiceName, "LocalSystem", ""); _serviceController.SetCredentials(Constants.ProcessAgentServiceName, "LocalSystem", ""); - var installCWS = _session.Property("INSTALL_CWS"); - if (!string.IsNullOrEmpty(installCWS)) - { - _serviceController.SetCredentials(Constants.SecurityAgentServiceName, ddAgentUserName, ddAgentUserPassword); - } + _serviceController.SetCredentials(Constants.SecurityAgentServiceName, ddAgentUserName, ddAgentUserPassword); } private void UpdateAndLogAccessControl(string serviceName, CommonSecurityDescriptor securityDescriptor) @@ -229,10 +225,7 @@ private void ConfigureServicePermissions(SecurityIdentifier ddAgentUserSID) Constants.AgentServiceName, }; - if (!string.IsNullOrEmpty(_session.Property("INSTALL_CWS"))) - { - services.Add(Constants.SecurityAgentServiceName); - } + services.Add(Constants.SecurityAgentServiceName); foreach (var serviceName in services) { diff --git a/tools/windows/DatadogAgentInstaller/WixSetup/Datadog/AgentCustomActions.cs b/tools/windows/DatadogAgentInstaller/WixSetup/Datadog/AgentCustomActions.cs index a018bba4b34db..a3b7f9d403c6f 100644 --- a/tools/windows/DatadogAgentInstaller/WixSetup/Datadog/AgentCustomActions.cs +++ b/tools/windows/DatadogAgentInstaller/WixSetup/Datadog/AgentCustomActions.cs @@ -429,8 +429,7 @@ public AgentCustomActions() Impersonate = false } .SetProperties("DDAGENTUSER_PROCESSED_PASSWORD=[DDAGENTUSER_PROCESSED_PASSWORD], " + - "DDAGENTUSER_PROCESSED_FQ_NAME=[DDAGENTUSER_PROCESSED_FQ_NAME], " + - "INSTALL_CWS=[INSTALL_CWS]") + "DDAGENTUSER_PROCESSED_FQ_NAME=[DDAGENTUSER_PROCESSED_FQ_NAME], ") .HideTarget(true); ConfigureServicesRollback = new CustomAction( @@ -445,8 +444,7 @@ public AgentCustomActions() Execute = Execute.rollback, Impersonate = false } - .SetProperties("DDAGENTUSER_PROCESSED_FQ_NAME=[DDAGENTUSER_PROCESSED_FQ_NAME], " + - "INSTALL_CWS=[INSTALL_CWS]") + .SetProperties("DDAGENTUSER_PROCESSED_FQ_NAME=[DDAGENTUSER_PROCESSED_FQ_NAME], ") .HideTarget(true); // WiX built-in StopServices only stops services if the component is changing. diff --git a/tools/windows/DatadogAgentInstaller/WixSetup/Datadog/AgentInstaller.cs b/tools/windows/DatadogAgentInstaller/WixSetup/Datadog/AgentInstaller.cs index 0c215f9f3f98a..d2fd09cdee18d 100644 --- a/tools/windows/DatadogAgentInstaller/WixSetup/Datadog/AgentInstaller.cs +++ b/tools/windows/DatadogAgentInstaller/WixSetup/Datadog/AgentInstaller.cs @@ -129,13 +129,6 @@ public Project ConfigureProject() } ); - // Conditionally include the PROCMON MSM while it is in active development to make it easier - // to build/ship without it. - if (!string.IsNullOrEmpty(Environment.GetEnvironmentVariable("WINDOWS_DDPROCMON_DRIVER"))) - { - project.AddProperty(new Property("INSTALL_CWS", "1")); - } - // Always generate a new GUID otherwise WixSharp will generate one based on // the version project.ProductId = Guid.NewGuid(); @@ -296,20 +289,15 @@ public Project ConfigureProject() .First(x => x.HasAttribute("Id", value => value == "MainApplication")) .AddElement("MergeRef", "Id=ddapminstall"); } - // Conditionally include the PROCMON MSM while it is in active development to make it easier - // to build/ship without it. - if (!string.IsNullOrEmpty(Environment.GetEnvironmentVariable("WINDOWS_DDPROCMON_DRIVER"))) - { - document - .FindAll("Directory") - .First(x => x.HasAttribute("Id", value => value == "AGENT")) - .AddElement("Merge", - $"Id=ddprocmoninstall; SourceFile={BinSource}\\agent\\ddprocmon.msm; DiskId=1; Language=1033"); - document - .FindAll("Feature") - .First(x => x.HasAttribute("Id", value => value == "MainApplication")) - .AddElement("MergeRef", "Id=ddprocmoninstall"); - } + document + .FindAll("Directory") + .First(x => x.HasAttribute("Id", value => value == "AGENT")) + .AddElement("Merge", + $"Id=ddprocmoninstall; SourceFile={BinSource}\\agent\\ddprocmon.msm; DiskId=1; Language=1033"); + document + .FindAll("Feature") + .First(x => x.HasAttribute("Id", value => value == "MainApplication")) + .AddElement("MergeRef", "Id=ddprocmoninstall"); }; project.WixSourceFormated += (ref string content) => WixSourceFormated?.Invoke(content); project.WixSourceSaved += name => WixSourceSaved?.Invoke(name); @@ -502,26 +490,23 @@ private Dir CreateBinFolder() } ); - if (!string.IsNullOrEmpty(Environment.GetEnvironmentVariable("WINDOWS_DDPROCMON_DRIVER"))) + var securityAgentService = GenerateDependentServiceInstaller( + new Id("ddagentsecurityservice"), + Constants.SecurityAgentServiceName, + "Datadog Security Service", + "Send Security events to Datadog", + "[DDAGENTUSER_PROCESSED_FQ_NAME]", + "[DDAGENTUSER_PROCESSED_PASSWORD]"); + agentBinDir.AddFile(new WixSharp.File(_agentBinaries.SecurityAgent, securityAgentService)); + + agentBinDir.Add(new EventSource { - var securityAgentService = GenerateDependentServiceInstaller( - new Id("ddagentsecurityservice"), - Constants.SecurityAgentServiceName, - "Datadog Security Service", - "Send Security events to Datadog", - "[DDAGENTUSER_PROCESSED_FQ_NAME]", - "[DDAGENTUSER_PROCESSED_PASSWORD]"); - agentBinDir.AddFile(new WixSharp.File(_agentBinaries.SecurityAgent, securityAgentService)); - - agentBinDir.Add(new EventSource - { - Name = Constants.SecurityAgentServiceName, - Log = "Application", - EventMessageFile = $"[AGENT]{Path.GetFileName(_agentBinaries.SecurityAgent)}", - AttributesDefinition = "SupportsErrors=yes; SupportsInformationals=yes; SupportsWarnings=yes; KeyPath=yes" - } - ); + Name = Constants.SecurityAgentServiceName, + Log = "Application", + EventMessageFile = $"[AGENT]{Path.GetFileName(_agentBinaries.SecurityAgent)}", + AttributesDefinition = "SupportsErrors=yes; SupportsInformationals=yes; SupportsWarnings=yes; KeyPath=yes" } + ); var targetBinFolder = new Dir(new Id("BIN"), "bin", new WixSharp.File(_agentBinaries.Agent, agentService), // Each EventSource must have KeyPath=yes to avoid having the parent directory placed in the CreateFolder table. @@ -559,13 +544,10 @@ private Dir CreateAppDataFolder() new Files($@"{EtcSource}\extra_package_files\EXAMPLECONFSLOCATION\*") )); - if (!string.IsNullOrEmpty(Environment.GetEnvironmentVariable("WINDOWS_DDPROCMON_DRIVER"))) - { - appData.AddDir(new Dir(new Id("security.d"), - "runtime-security.d", - new WixSharp.File($@"{EtcSource}\runtime-security.d\default.policy.example") - )); - } + appData.AddDir(new Dir(new Id("security.d"), + "runtime-security.d", + new WixSharp.File($@"{EtcSource}\runtime-security.d\default.policy.example") + )); return new Dir(new Id("%CommonAppData%"), appData) { Attributes = { { "Name", "CommonAppData" } }