Only validate in config set

DataDog · Dec 13, 2024 · 4b12fd8 · 4b12fd8
1 parent 02294c3
commit 4b12fd8
Show file tree

Hide file tree

Showing 7 changed files with 31 additions and 42 deletions.
diff --git a/cmd/process-agent/api/config_set.go b/cmd/process-agent/api/config_set.go
@@ -0,0 +1,21 @@
+// Unless explicitly stated otherwise all files in this repository are licensed
+// under the Apache License Version 2.0.
+// This product includes software developed at Datadog (https://www.datadoghq.com/).
+// Copyright 2016-present Datadog, Inc.
+
+package api
+
+import (
+	"net/http"
+
+	"github.com/DataDog/datadog-agent/pkg/api/util"
+)
+
+func configSetHandler(deps APIServerDeps, w http.ResponseWriter, r *http.Request) {
+	if err := util.Validate(w, r); err != nil {
+		deps.Log.Warnf("invalid auth token for %s request to %s: %s", r.Method, r.RequestURI, err)
+		return
+	}
+
+	deps.Settings.SetValue(w, r)
+}
diff --git a/cmd/process-agent/api/server.go b/cmd/process-agent/api/server.go
@@ -43,8 +43,7 @@ func SetupAPIServerHandlers(deps APIServerDeps, r *mux.Router) {
 	r.HandleFunc("/config/all", deps.Settings.GetFullConfig("")).Methods("GET") // Get all fields from process-agent Config object
 	r.HandleFunc("/config/list-runtime", deps.Settings.ListConfigurable).Methods("GET")
 	r.HandleFunc("/config/{setting}", deps.Settings.GetValue).Methods("GET")
-	r.HandleFunc("/config/{setting}", deps.Settings.SetValue).Methods("POST")
-
+	r.HandleFunc("/config/{setting}", injectDeps(deps, configSetHandler)).Methods("POST")
 	r.HandleFunc("/agent/status", injectDeps(deps, statusHandler)).Methods("GET")
 	r.HandleFunc("/agent/tagger-list", injectDeps(deps, getTaggerList)).Methods("GET")
 	r.HandleFunc("/agent/workload-list/short", func(w http.ResponseWriter, _ *http.Request) {

diff --git a/cmd/process-agent/subcommands/status/status.go b/cmd/process-agent/subcommands/status/status.go
@@ -21,7 +21,6 @@ import (
 	log "github.com/DataDog/datadog-agent/comp/core/log/def"
 	compStatus "github.com/DataDog/datadog-agent/comp/core/status"
 	"github.com/DataDog/datadog-agent/comp/process"
-	"github.com/DataDog/datadog-agent/pkg/api/util"
 	apiutil "github.com/DataDog/datadog-agent/pkg/api/util"
 	"github.com/DataDog/datadog-agent/pkg/collector/python"
 	pkgconfigsetup "github.com/DataDog/datadog-agent/pkg/config/setup"
@@ -149,11 +148,6 @@ func runStatus(deps dependencies) error {
 		return err
 	}
 
-	err = util.SetAuthToken(pkgconfigsetup.Datadog())
-	if err != nil {
-		return err
-	}
-
 	getAndWriteStatus(deps.Log, statusURL, os.Stdout)
 	return nil
 }
diff --git a/cmd/process-agent/subcommands/status/status_test.go b/cmd/process-agent/subcommands/status/status_test.go
@@ -19,7 +19,6 @@ import (
 
 	"github.com/DataDog/datadog-agent/cmd/process-agent/command"
 	hostMetadataUtils "github.com/DataDog/datadog-agent/comp/metadata/host/hostimpl/utils"
-	"github.com/DataDog/datadog-agent/pkg/api/util"
 	configmock "github.com/DataDog/datadog-agent/pkg/config/mock"
 	pkgconfigsetup "github.com/DataDog/datadog-agent/pkg/config/setup"
 	"github.com/DataDog/datadog-agent/pkg/process/util/status"
@@ -52,8 +51,6 @@ func TestStatus(t *testing.T) {
 
 	server := fakeStatusServer(t, statusInfo)
 	defer server.Close()
-	err := util.CreateAndSetAuthToken(pkgconfigsetup.Datadog())
-	require.NoError(t, err)
 
 	// Build the actual status
 	var statusBuilder strings.Builder

diff --git a/cmd/process-agent/subcommands/taggerlist/tagger_list.go b/cmd/process-agent/subcommands/taggerlist/tagger_list.go
@@ -18,7 +18,6 @@ import (
 	"github.com/DataDog/datadog-agent/comp/core/config"
 	log "github.com/DataDog/datadog-agent/comp/core/log/def"
 	"github.com/DataDog/datadog-agent/comp/core/tagger/api"
-	"github.com/DataDog/datadog-agent/pkg/api/util"
 	pkgconfigsetup "github.com/DataDog/datadog-agent/pkg/config/setup"
 	"github.com/DataDog/datadog-agent/pkg/util/fxutil"
 )
@@ -54,11 +53,6 @@ type dependencies struct {
 func taggerList(deps dependencies) error {
 	deps.Log.Info("Got a request for the tagger-list. Calling tagger.")
 
-	err := util.SetAuthToken(pkgconfigsetup.Datadog())
-	if err != nil {
-		return err
-	}
-
 	taggerURL, err := getTaggerURL()
 	if err != nil {
 		return err

diff --git a/comp/process/apiserver/apiserver.go b/comp/process/apiserver/apiserver.go
@@ -16,9 +16,7 @@ import (
 
 	"github.com/DataDog/datadog-agent/cmd/process-agent/api"
 	logcomp "github.com/DataDog/datadog-agent/comp/core/log/def"
-	"github.com/DataDog/datadog-agent/pkg/api/util"
 	pkgconfigsetup "github.com/DataDog/datadog-agent/pkg/config/setup"
-	"github.com/DataDog/datadog-agent/pkg/util/log"
 )
 
 var _ Component = (*apiserver)(nil)
@@ -41,8 +39,6 @@ type dependencies struct {
 func newApiServer(deps dependencies) Component {
 	r := mux.NewRouter()
 
-	r.Use(validateToken)
-
 	api.SetupAPIServerHandlers(deps.APIServerDeps, r) // Set up routes
 
 	addr, err := pkgconfigsetup.GetProcessAPIAddressPort(pkgconfigsetup.Datadog())
@@ -85,13 +81,3 @@ func newApiServer(deps dependencies) Component {
 
 	return apiserver
 }
-
-func validateToken(next http.Handler) http.Handler {
-	return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
-		if err := util.Validate(w, r); err != nil {
-			log.Warnf("invalid auth token for %s request to %s: %s", r.Method, r.RequestURI, err)
-			return
-		}
-		next.ServeHTTP(w, r)
-	})
-}
diff --git a/comp/process/apiserver/apiserver_test.go b/comp/process/apiserver/apiserver_test.go
@@ -44,20 +44,18 @@ func TestLifecycle(t *testing.T) {
 		settingsimpl.MockModule(),
 	))
 
-	assert.EventuallyWithT(t, func(c *assert.CollectT) {
-		// With authentication
-		req, err := http.NewRequest("GET", "http://localhost:6162/config", nil)
-		require.NoError(c, err)
-		util.CreateAndSetAuthToken(pkgconfigsetup.Datadog())
-		req.Header.Set("Authorization", "Bearer "+util.GetAuthToken())
-		res, err := util.GetClient(false).Do(req)
-		require.NoError(c, err)
+	assert.Eventually(t, func() bool {
+		res, err := http.Get("http://localhost:6162/config")
+		if err != nil {
+			return false
+		}
 		defer res.Body.Close()
-		assert.Equal(c, http.StatusOK, res.StatusCode)
+
+		return res.StatusCode == http.StatusOK
 	}, 5*time.Second, time.Second)
 }
 
-func TestAuthentication(t *testing.T) {
+func TestPostAuthentication(t *testing.T) {
 	_ = fxutil.Test[Component](t, fx.Options(
 		Module(),
 		core.MockBundle(),
@@ -76,7 +74,7 @@ func TestAuthentication(t *testing.T) {
 
 	assert.EventuallyWithT(t, func(c *assert.CollectT) {
 		// No authentication
-		req, err := http.NewRequest("GET", "http://localhost:6162/config", nil)
+		req, err := http.NewRequest("POST", "http://localhost:6162/config/log_level?value=debug", nil)
 		require.NoError(c, err)
 		res, err := util.GetClient(false).Do(req)
 		require.NoError(c, err)