From aa138cb97357c24e9ca53fdb0e13376ddac7d6dd Mon Sep 17 00:00:00 2001 From: Dustin Long Date: Tue, 21 Nov 2023 12:17:15 -0500 Subject: [PATCH] Review fixes: Windows, remove IsEnabled, Configure defaults --- cmd/agent/common/common_windows.go | 2 +- cmd/agent/common/helpers.go | 46 ---------------- cmd/agent/common/test_helpers.go | 54 +++++++++++++++++++ cmd/agent/subcommands/run/command_windows.go | 3 ++ cmd/serverless/main_test.go | 6 +-- comp/core/config/config.go | 2 +- comp/core/config/setup.go | 2 +- comp/core/secrets/component.go | 2 - comp/core/secrets/secretsimpl/fetch_secret.go | 15 ++---- .../secrets/secretsimpl/fetch_secret_test.go | 8 +-- comp/core/secrets/secretsimpl/info_nix.go | 6 +-- .../core/secrets/secretsimpl/info_nix_test.go | 4 +- comp/core/secrets/secretsimpl/info_windows.go | 4 +- .../secrets/secretsimpl/info_windows_test.go | 20 +++---- comp/core/secrets/secretsimpl/secrets.go | 37 +++++++------ comp/core/secrets/secretsimpl/secrets_mock.go | 5 -- comp/trace/bundle.go | 2 - comp/trace/bundle_test.go | 2 - pkg/autodiscovery/secrets_test.go | 4 -- pkg/diagnose/check.go | 2 +- .../corechecks/docker/main_test.go | 2 +- 21 files changed, 108 insertions(+), 120 deletions(-) create mode 100644 cmd/agent/common/test_helpers.go diff --git a/cmd/agent/common/common_windows.go b/cmd/agent/common/common_windows.go index 21790bb6663cd..77aafa1a67ccb 100644 --- a/cmd/agent/common/common_windows.go +++ b/cmd/agent/common/common_windows.go @@ -49,7 +49,7 @@ func CheckAndUpgradeConfig() error { return nil } config.Datadog.AddConfigPath(path.DefaultConfPath) - _, err := config.Load() + _, err := config.LoadWithoutSecret() if err == nil { // was able to read config, check for api key if config.Datadog.GetString("api_key") != "" { diff --git a/cmd/agent/common/helpers.go b/cmd/agent/common/helpers.go index 1e501f6afe9a5..9fecc2a94ba7e 100644 --- a/cmd/agent/common/helpers.go +++ b/cmd/agent/common/helpers.go @@ -6,59 +6,13 @@ package common import ( - "errors" - "fmt" - "io/fs" - "runtime" - "strings" - - "github.com/DataDog/datadog-agent/cmd/agent/common/path" - "github.com/DataDog/datadog-agent/comp/core/secrets" "github.com/DataDog/datadog-agent/pkg/autodiscovery/integration" "github.com/DataDog/datadog-agent/pkg/config" "github.com/DataDog/datadog-agent/pkg/config/model" "github.com/DataDog/datadog-agent/pkg/config/settings" "github.com/DataDog/datadog-agent/pkg/util/log" - "github.com/DataDog/datadog-agent/pkg/util/optional" - - "github.com/DataDog/viper" ) -// SetupConfigForTest fires up the configuration system and returns warnings if any. -func SetupConfigForTest(confFilePath string) (*config.Warnings, error) { - cfg := config.Datadog - origin := "datadog.yaml" - // set the paths where a config file is expected - if len(confFilePath) != 0 { - // if the configuration file path was supplied on the command line, - // add that first so it's first in line - cfg.AddConfigPath(confFilePath) - // If they set a config file directly, let's try to honor that - if strings.HasSuffix(confFilePath, ".yaml") { - cfg.SetConfigFile(confFilePath) - } - } - cfg.AddConfigPath(path.DefaultConfPath) - // load the configuration - warnings, err := config.LoadDatadogCustom(cfg, origin, optional.NewNoneOption[secrets.Component](), nil) - // If `!failOnMissingFile`, do not issue an error if we cannot find the default config file. - var e viper.ConfigFileNotFoundError - if err != nil && (!errors.As(err, &e) || confFilePath != "") { - // special-case permission-denied with a clearer error message - if errors.Is(err, fs.ErrPermission) { - if runtime.GOOS == "windows" { - err = fmt.Errorf(`cannot access the Datadog config file (%w); try running the command in an Administrator shell"`, err) - } else { - err = fmt.Errorf("cannot access the Datadog config file (%w); try running the command under the same user as the Datadog Agent", err) - } - } else { - err = fmt.Errorf("unable to load Datadog config file: %w", err) - } - return warnings, err - } - return warnings, nil -} - // SelectedCheckMatcherBuilder returns a function that returns true if the number of configs found for the // check name is more or equal to min instances func SelectedCheckMatcherBuilder(checkNames []string, minInstances uint) func(configs []integration.Config) bool { diff --git a/cmd/agent/common/test_helpers.go b/cmd/agent/common/test_helpers.go new file mode 100644 index 0000000000000..f9048ec9faae6 --- /dev/null +++ b/cmd/agent/common/test_helpers.go @@ -0,0 +1,54 @@ +// Unless explicitly stated otherwise all files in this repository are licensed +// under the Apache License Version 2.0. +// This product includes software developed at Datadog (https://www.datadoghq.com/). +// Copyright 2016-present Datadog, Inc. + +//go:build test + +package common + +import ( + "errors" + "fmt" + "io/fs" + "runtime" + "strings" + + "github.com/DataDog/datadog-agent/cmd/agent/common/path" + "github.com/DataDog/datadog-agent/comp/core/secrets" + "github.com/DataDog/datadog-agent/pkg/config" + "github.com/DataDog/datadog-agent/pkg/util/optional" +) + +// SetupConfigForTest fires up the configuration system and returns warnings if any. +func SetupConfigForTest(confFilePath string) (*config.Warnings, error) { + cfg := config.Datadog + origin := "datadog.yaml" + // set the paths where a config file is expected + if len(confFilePath) != 0 { + // if the configuration file path was supplied on the command line, + // add that first so it's first in line + cfg.AddConfigPath(confFilePath) + // If they set a config file directly, let's try to honor that + if strings.HasSuffix(confFilePath, ".yaml") { + cfg.SetConfigFile(confFilePath) + } + } + cfg.AddConfigPath(path.DefaultConfPath) + // load the configuration + warnings, err := config.LoadDatadogCustom(cfg, origin, optional.NewNoneOption[secrets.Component](), nil) + if err != nil { + // special-case permission-denied with a clearer error message + if errors.Is(err, fs.ErrPermission) { + if runtime.GOOS == "windows" { + err = fmt.Errorf(`cannot access the Datadog config file (%w); try running the command in an Administrator shell"`, err) + } else { + err = fmt.Errorf("cannot access the Datadog config file (%w); try running the command under the same user as the Datadog Agent", err) + } + } else { + err = fmt.Errorf("unable to load Datadog config file: %w", err) + } + return warnings, err + } + return warnings, nil +} diff --git a/cmd/agent/subcommands/run/command_windows.go b/cmd/agent/subcommands/run/command_windows.go index f9ff99ae6aa73..0608618c65a09 100644 --- a/cmd/agent/subcommands/run/command_windows.go +++ b/cmd/agent/subcommands/run/command_windows.go @@ -33,6 +33,7 @@ import ( "github.com/DataDog/datadog-agent/comp/core/config" "github.com/DataDog/datadog-agent/comp/core/flare" "github.com/DataDog/datadog-agent/comp/core/log" + "github.com/DataDog/datadog-agent/comp/core/secrets" "github.com/DataDog/datadog-agent/comp/core/sysprobeconfig" "github.com/DataDog/datadog-agent/comp/core/sysprobeconfig/sysprobeconfigimpl" "github.com/DataDog/datadog-agent/comp/core/telemetry" @@ -88,6 +89,7 @@ func StartAgentWithDefaults(ctxChan <-chan context.Context) (<-chan error, error hostMetadata host.Component, invAgent inventoryagent.Component, invHost inventoryhost.Component, + secretResolver secrets.Component, _ netflowServer.Component, ) error { @@ -113,6 +115,7 @@ func StartAgentWithDefaults(ctxChan <-chan context.Context) (<-chan error, error invAgent, invHost, ) + secretResolver) if err != nil { return err } diff --git a/cmd/serverless/main_test.go b/cmd/serverless/main_test.go index 858b50c53a274..e3835840a737a 100644 --- a/cmd/serverless/main_test.go +++ b/cmd/serverless/main_test.go @@ -45,7 +45,7 @@ func TestProxyLoadedFromEnvVars(t *testing.T) { t.Setenv("DD_PROXY_HTTP", proxyHTTP) t.Setenv("DD_PROXY_HTTPS", proxyHTTPS) - config.Load() + config.LoadWithoutSecret() proxyHTTPConfig := config.Datadog.GetString("proxy.http") proxyHTTPSConfig := config.Datadog.GetString("proxy.https") @@ -61,7 +61,7 @@ func TestProxyLoadedFromConfigFile(t *testing.T) { os.WriteFile(configTest, []byte("proxy:\n http: \"c:1\"\n https: \"c:2\""), 0644) config.Datadog.AddConfigPath(tempDir) - config.Load() + config.LoadWithoutSecret() proxyHTTPConfig := config.Datadog.GetString("proxy.http") proxyHTTPSConfig := config.Datadog.GetString("proxy.https") @@ -82,7 +82,7 @@ func TestProxyLoadedFromConfigFileAndEnvVars(t *testing.T) { os.WriteFile(configTest, []byte("proxy:\n http: \"e:1\"\n https: \"e:2\""), 0644) config.Datadog.AddConfigPath(tempDir) - config.Load() + config.LoadWithoutSecret() proxyHTTPConfig := config.Datadog.GetString("proxy.http") proxyHTTPSConfig := config.Datadog.GetString("proxy.https") diff --git a/comp/core/config/config.go b/comp/core/config/config.go index 9d61044f3a7ef..cc2f98eb78c15 100644 --- a/comp/core/config/config.go +++ b/comp/core/config/config.go @@ -29,7 +29,7 @@ type cfg struct { } // configDependencies is an interface that mimics the fx-oriented dependencies struct -// TODO: investigate whether this interrface is worth keeping, otherwise delete it and just use dependencies +// TODO: (components) investigate whether this interface is worth keeping, otherwise delete it and just use dependencies type configDependencies interface { getParams() *Params getSecretResolver() secrets.Component diff --git a/comp/core/config/setup.go b/comp/core/config/setup.go index 6b95b25baf959..3c79bd0ca5697 100644 --- a/comp/core/config/setup.go +++ b/comp/core/config/setup.go @@ -48,7 +48,7 @@ func setupConfig(deps configDependencies) (*config.Warnings, error) { var err error var warnings *config.Warnings resolver := deps.getSecretResolver() - if resolver == nil || !resolver.IsEnabled() { + if resolver == nil { warnings, err = config.LoadWithoutSecret() } else { warnings, err = config.LoadWithSecret(resolver) diff --git a/comp/core/secrets/component.go b/comp/core/secrets/component.go index 28d928429b8dc..f0c1dc81e3985 100644 --- a/comp/core/secrets/component.go +++ b/comp/core/secrets/component.go @@ -18,8 +18,6 @@ type Component interface { Configure(command string, arguments []string, timeout, maxSize int, groupExecPerm, removeLinebreak bool) // Get debug information and write it to the parameter GetDebugInfo(w io.Writer) - // Whether this component is enabled, if disabled other methods will only log and error and return - IsEnabled() bool // Decrypt the given handle and return the corresponding secret value Decrypt(data []byte, origin string) ([]byte, error) } diff --git a/comp/core/secrets/secretsimpl/fetch_secret.go b/comp/core/secrets/secretsimpl/fetch_secret.go index 6787055f33598..c3841608be909 100644 --- a/comp/core/secrets/secretsimpl/fetch_secret.go +++ b/comp/core/secrets/secretsimpl/fetch_secret.go @@ -38,20 +38,13 @@ func (b *limitBuffer) Write(p []byte) (n int, err error) { } func (r *secretResolver) execCommand(inputPayload string) ([]byte, error) { + // hook used only for tests if r.commandHookFunc != nil { return r.commandHookFunc(inputPayload) } - commandTimeout := r.backendTimeout - if commandTimeout == 0 { - commandTimeout = SecretBackendTimeoutDefault - } - responseMaxSize := r.responseMaxSize - if responseMaxSize == 0 { - responseMaxSize = SecretBackendOutputMaxSizeDefault - } ctx, cancel := context.WithTimeout(context.Background(), - time.Duration(commandTimeout)*time.Second) + time.Duration(r.backendTimeout)*time.Second) defer cancel() cmd, done, err := commandContext(ctx, r.backendCommand, r.backendArguments...) @@ -68,11 +61,11 @@ func (r *secretResolver) execCommand(inputPayload string) ([]byte, error) { stdout := limitBuffer{ buf: &bytes.Buffer{}, - max: responseMaxSize, + max: r.responseMaxSize, } stderr := limitBuffer{ buf: &bytes.Buffer{}, - max: responseMaxSize, + max: r.responseMaxSize, } cmd.Stdout = &stdout cmd.Stderr = &stderr diff --git a/comp/core/secrets/secretsimpl/fetch_secret_test.go b/comp/core/secrets/secretsimpl/fetch_secret_test.go index 68f8187dd7ae8..15f0ba5ae21bd 100644 --- a/comp/core/secrets/secretsimpl/fetch_secret_test.go +++ b/comp/core/secrets/secretsimpl/fetch_secret_test.go @@ -101,7 +101,7 @@ func TestExecCommandError(t *testing.T) { t.Run("No Error", func(t *testing.T) { resolver := newEnabledSecretResolver() - resolver.backendCommand = "./test/simple/simple" + binExtension + resolver.Configure("./test/simple/simple"+binExtension, nil, 0, 0, false, false) setCorrectRight(resolver.backendCommand) resp, err := resolver.execCommand(inputPayload) require.NoError(t, err) @@ -118,7 +118,7 @@ func TestExecCommandError(t *testing.T) { t.Run("argument", func(t *testing.T) { resolver := newEnabledSecretResolver() - resolver.backendCommand = "./test/argument/argument" + binExtension + resolver.Configure("./test/argument/argument"+binExtension, nil, 0, 0, false, false) setCorrectRight(resolver.backendCommand) resolver.backendArguments = []string{"arg1"} _, err := resolver.execCommand(inputPayload) @@ -131,7 +131,7 @@ func TestExecCommandError(t *testing.T) { t.Run("input", func(t *testing.T) { resolver := newEnabledSecretResolver() - resolver.backendCommand = "./test/input/input" + binExtension + resolver.Configure("./test/input/input"+binExtension, nil, 0, 0, false, false) setCorrectRight(resolver.backendCommand) resp, err := resolver.execCommand(inputPayload) require.NoError(t, err) @@ -140,7 +140,7 @@ func TestExecCommandError(t *testing.T) { t.Run("buffer limit", func(t *testing.T) { resolver := newEnabledSecretResolver() - resolver.backendCommand = "./test/response_too_long/response_too_long" + binExtension + resolver.Configure("./test/response_too_long/response_too_long"+binExtension, nil, 0, 0, false, false) setCorrectRight(resolver.backendCommand) resolver.responseMaxSize = 20 _, err := resolver.execCommand(inputPayload) diff --git a/comp/core/secrets/secretsimpl/info_nix.go b/comp/core/secrets/secretsimpl/info_nix.go index 3ab467ac5585b..61bc34cf3e968 100644 --- a/comp/core/secrets/secretsimpl/info_nix.go +++ b/comp/core/secrets/secretsimpl/info_nix.go @@ -24,10 +24,10 @@ type permissionsDetails struct { Group string } -func getExecutablePermissions(secret *secretResolver) (interface{}, error) { +func (r *secretResolver) getExecutablePermissions() (interface{}, error) { var stat syscall.Stat_t - if err := syscall.Stat(secret.backendCommand, &stat); err != nil { - return nil, fmt.Errorf("Could not stat %s: %s", secret.backendCommand, err) + if err := syscall.Stat(r.backendCommand, &stat); err != nil { + return nil, fmt.Errorf("Could not stat %s: %s", r.backendCommand, err) } details := permissionsDetails{ diff --git a/comp/core/secrets/secretsimpl/info_nix_test.go b/comp/core/secrets/secretsimpl/info_nix_test.go index aae8a06a27404..7deb57ef2be47 100644 --- a/comp/core/secrets/secretsimpl/info_nix_test.go +++ b/comp/core/secrets/secretsimpl/info_nix_test.go @@ -30,7 +30,7 @@ func TestGetExecutablePermissionsError(t *testing.T) { resolver := newEnabledSecretResolver() resolver.backendCommand = "some_command" - _, err := getExecutablePermissions(resolver) + _, err := resolver.getExecutablePermissions() assert.Error(t, err, "getExecutablePermissions should fail when secretBackendCommand file does not exists") } @@ -57,7 +57,7 @@ func TestGetExecutablePermissionsSuccess(t *testing.T) { resolver := newEnabledSecretResolver() currentUser, currentGroup := setupSecretCommand(t, resolver) - res, err := getExecutablePermissions(resolver) + res, err := resolver.getExecutablePermissions() require.NoError(t, err) require.IsType(t, permissionsDetails{}, res) details := res.(permissionsDetails) diff --git a/comp/core/secrets/secretsimpl/info_windows.go b/comp/core/secrets/secretsimpl/info_windows.go index bda448b39fe36..137fa9873fe3a 100644 --- a/comp/core/secrets/secretsimpl/info_windows.go +++ b/comp/core/secrets/secretsimpl/info_windows.go @@ -24,8 +24,8 @@ type permissionsDetails struct { Stderr string } -func getExecutablePermissions() (interface{}, error) { - execPath := fmt.Sprintf("\"%s\"", strings.TrimSpace(secretBackendCommand)) +func (r *secretResolver) getExecutablePermissions() (interface{}, error) { + execPath := fmt.Sprintf("\"%s\"", strings.TrimSpace(r.backendCommand)) ps, err := exec.LookPath("powershell.exe") if err != nil { return nil, fmt.Errorf("Could not find executable powershell.exe: %s", err) diff --git a/comp/core/secrets/secretsimpl/info_windows_test.go b/comp/core/secrets/secretsimpl/info_windows_test.go index 63200960e14ae..e11d4f8c47058 100644 --- a/comp/core/secrets/secretsimpl/info_windows_test.go +++ b/comp/core/secrets/secretsimpl/info_windows_test.go @@ -19,10 +19,10 @@ import ( ) func TestGetExecutablePermissionsError(t *testing.T) { - secretBackendCommand = "some_command" - t.Cleanup(resetPackageVars) + resolver := newEnabledSecretResolver() + resolver.backendCommand = "some_command" - res, err := getExecutablePermissions() + res, err := resolver.getExecutablePermissions() require.NoError(t, err) require.IsType(t, permissionsDetails{}, res) details := res.(permissionsDetails) @@ -31,17 +31,16 @@ func TestGetExecutablePermissionsError(t *testing.T) { assert.NotEqual(t, "", details.Stderr) } -func setupSecretCommmand(t *testing.T) { +func setupSecretCommmand(t *testing.T, resolver *secretResolver) { dir := t.TempDir() - t.Cleanup(resetPackageVars) - secretBackendCommand = filepath.Join(dir, "an executable with space") - f, err := os.Create(secretBackendCommand) + resolver.backendCommand = filepath.Join(dir, "an executable with space") + f, err := os.Create(resolver.backendCommand) require.NoError(t, err) f.Close() exec.Command("powershell", "test/setAcl.ps1", - "-file", fmt.Sprintf("\"%s\"", secretBackendCommand), + "-file", fmt.Sprintf("\"%s\"", resolver.backendCommand), "-removeAllUser", "0", "-removeAdmin", "0", "-removeLocalSystem", "0", @@ -49,9 +48,10 @@ func setupSecretCommmand(t *testing.T) { } func TestGetExecutablePermissionsSuccess(t *testing.T) { - setupSecretCommmand(t) + resolver := newEnabledSecretResolver() + setupSecretCommmand(t, resolver) - res, err := getExecutablePermissions() + res, err := resolver.getExecutablePermissions() require.NoError(t, err) require.IsType(t, permissionsDetails{}, res) details := res.(permissionsDetails) diff --git a/comp/core/secrets/secretsimpl/secrets.go b/comp/core/secrets/secretsimpl/secrets.go index 358df4e5afd13..9085f949d0def 100644 --- a/comp/core/secrets/secretsimpl/secrets.go +++ b/comp/core/secrets/secretsimpl/secrets.go @@ -80,7 +80,7 @@ type secretContext struct { yamlPath string } -// TODO: Hack to maintain a singleton reference to the secrets Component +// TODO: (components) Hack to maintain a singleton reference to the secrets Component // // Only needed temporarily, since the secrets.Component is needed for the diagnose functionality. // It is very difficult right now to modify diagnose because it would require modifying many @@ -103,12 +103,10 @@ func newSecretResolverProvider(deps dependencies) provides { resolver := newEnabledSecretResolver() resolver.enabled = deps.Params.Enabled - { - mu.Lock() - defer mu.Unlock() - if instance == nil { - instance = resolver - } + mu.Lock() + defer mu.Unlock() + if instance == nil { + instance = resolver } return provides{ @@ -117,16 +115,12 @@ func newSecretResolverProvider(deps dependencies) provides { } } -func (r *secretResolver) IsEnabled() bool { - return r.enabled -} - // GetInstance returns the singleton instance of the secret.Component func GetInstance() secrets.Component { mu.Lock() defer mu.Unlock() if instance == nil { - deps := dependencies{Params: secrets.Params{Enabled: true}} + deps := dependencies{Params: secrets.Params{Enabled: false}} p := newSecretResolverProvider(deps) instance = p.Comp.(*secretResolver) } @@ -155,6 +149,7 @@ func (r *secretResolver) registerSecretOrigin(handle string, origin string, yaml if len(yamlPath) != 0 { lastElem := yamlPath[len(yamlPath)-1:] if r.scrubHookFunc != nil { + // hook used only for tests r.scrubHookFunc(lastElem) } else { scrubber.AddStrippedKeys(lastElem) @@ -178,8 +173,12 @@ func (r *secretResolver) Configure(command string, arguments []string, timeout, r.backendCommand = command r.backendArguments = arguments r.backendTimeout = timeout - if maxSize != 0 { - r.responseMaxSize = maxSize + if r.backendTimeout == 0 { + r.backendTimeout = SecretBackendTimeoutDefault + } + r.responseMaxSize = maxSize + if r.responseMaxSize == 0 { + r.responseMaxSize = SecretBackendOutputMaxSizeDefault } r.commandAllowGroupExec = groupExecPerm r.removeTrailingLinebreak = removeLinebreak @@ -270,9 +269,8 @@ func isEnc(str string) (bool, string) { // "secret_backend_command" once if all secrets aren't present in the cache. func (r *secretResolver) Decrypt(data []byte, origin string) ([]byte, error) { if !r.enabled { - e := fmt.Errorf("Agent secrets is disabled by caller") - log.Error(e) - return nil, e + log.Infof("Agent secrets is disabled by caller") + return nil, nil } if data == nil || r.backendCommand == "" { return data, nil @@ -318,6 +316,7 @@ func (r *secretResolver) Decrypt(data []byte, origin string) ([]byte, error) { var secrets map[string]string var err error if r.fetchHookFunc != nil { + // hook used only for tests secrets, err = r.fetchHookFunc(newHandles) } else { secrets, err = r.fetchSecret(newHandles) @@ -367,7 +366,7 @@ type secretInfo struct { // GetDebugInfo exposes debug informations about secrets to be included in a flare func (r *secretResolver) GetDebugInfo(w io.Writer) { if !r.enabled { - log.Errorf("Agent secrets is disabled by caller") + fmt.Fprintf(w, "Agent secrets is disabled by caller") return } if r.backendCommand == "" { @@ -395,7 +394,7 @@ func (r *secretResolver) GetDebugInfo(w io.Writer) { permissions = fmt.Sprintf("error: %s", err) } - details, err := getExecutablePermissions(r) + details, err := r.getExecutablePermissions() info := secretInfo{ Executable: r.backendCommand, ExecutablePermissions: permissions, diff --git a/comp/core/secrets/secretsimpl/secrets_mock.go b/comp/core/secrets/secretsimpl/secrets_mock.go index 4e2bcd7c7862b..45bf33d9d276a 100644 --- a/comp/core/secrets/secretsimpl/secrets_mock.go +++ b/comp/core/secrets/secretsimpl/secrets_mock.go @@ -29,11 +29,6 @@ func (m *MockSecretResolver) Configure(_ string, _ []string, _, _ int, _, _ bool // GetDebugInfo is not implemented func (m *MockSecretResolver) GetDebugInfo(_ io.Writer) {} -// IsEnabled always returns true -func (m *MockSecretResolver) IsEnabled() bool { - return true -} - // Inject adds data to be decrypted, by returning the value for the given key func (m *MockSecretResolver) Inject(key, value string) { m.resolve[key] = value diff --git a/comp/trace/bundle.go b/comp/trace/bundle.go index eb9d2f4232097..cc9451e8e49b7 100644 --- a/comp/trace/bundle.go +++ b/comp/trace/bundle.go @@ -12,7 +12,6 @@ package trace import ( - "github.com/DataDog/datadog-agent/comp/core/secrets/secretsimpl" "github.com/DataDog/datadog-agent/comp/trace/agent" "github.com/DataDog/datadog-agent/comp/trace/config" "github.com/DataDog/datadog-agent/pkg/util/fxutil" @@ -24,5 +23,4 @@ import ( var Bundle = fxutil.Bundle( config.Module, agent.Module, - secretsimpl.Module, ) diff --git a/comp/trace/bundle_test.go b/comp/trace/bundle_test.go index 331de93b1dbfd..242052c979237 100644 --- a/comp/trace/bundle_test.go +++ b/comp/trace/bundle_test.go @@ -14,7 +14,6 @@ import ( "go.uber.org/fx" "github.com/DataDog/datadog-agent/comp/core" - "github.com/DataDog/datadog-agent/comp/core/secrets" "github.com/DataDog/datadog-agent/comp/core/secrets/secretsimpl" "github.com/DataDog/datadog-agent/comp/core/workloadmeta" "github.com/DataDog/datadog-agent/comp/trace/agent" @@ -35,7 +34,6 @@ func TestBundleDependencies(t *testing.T) { workloadmeta.Module, fx.Provide(func(cfg config.Component) telemetry.TelemetryCollector { return telemetry.NewCollector(cfg.Object()) }), secretsimpl.MockModule, - fx.Provide(secrets.NewDisabledParams), fx.Supply(&agent.Params{}), ) } diff --git a/pkg/autodiscovery/secrets_test.go b/pkg/autodiscovery/secrets_test.go index 0554b94ca7687..b6590e9cdd2e0 100644 --- a/pkg/autodiscovery/secrets_test.go +++ b/pkg/autodiscovery/secrets_test.go @@ -38,10 +38,6 @@ func (m *MockSecretResolver) Configure(_ string, _ []string, _, _ int, _, _ bool func (m *MockSecretResolver) GetDebugInfo(_ io.Writer) {} -func (m *MockSecretResolver) IsEnabled() bool { - return true -} - func (m *MockSecretResolver) Decrypt(data []byte, origin string) ([]byte, error) { if m.scenarios == nil { return data, nil diff --git a/pkg/diagnose/check.go b/pkg/diagnose/check.go index c63cfad2e4518..229fc94d68110 100644 --- a/pkg/diagnose/check.go +++ b/pkg/diagnose/check.go @@ -98,7 +98,7 @@ func diagnoseChecksInCLIProcess(diagCfg diagnosis.Config, senderManager diagnose } } - // TODO: Hack to retrieve a singleton reference to the secrets Component + // TODO: (components) Hack to retrieve a singleton reference to the secrets Component // // Only needed temporarily, since the secrets.Component is needed for the diagnose functionality. // It is very difficult right now to modify diagnose because it would require modifying many diff --git a/test/integration/corechecks/docker/main_test.go b/test/integration/corechecks/docker/main_test.go index 832fb5ba3e888..24bc4ebae307a 100644 --- a/test/integration/corechecks/docker/main_test.go +++ b/test/integration/corechecks/docker/main_test.go @@ -114,7 +114,7 @@ func setup() error { // Note: workloadmeta will be started by fx with the App var store workloadmeta.Component fxApp, store, err = fxutil.TestApp[workloadmeta.Component](fx.Options( - fx.Supply(compcfg.NewAgentParamsWithoutSecrets( + fx.Supply(compcfg.NewAgentParams( "", compcfg.WithConfigMissingOK(true))), compcfg.Module, fx.Supply(complog.ForOneShot("TEST", "info", false)),