From 03167ce6aaa4ce1fcf82072d91793f5ca3352c2c Mon Sep 17 00:00:00 2001
From: Hasan Mahmood <6599778+hmahmood@users.noreply.github.com>
Date: Mon, 23 Sep 2024 12:32:51 -0400
Subject: [PATCH] [NPM] Set `CsmEnabled` in agent payload from
 `runtime_security_config.enabled` (#29449)

---
 cmd/system-probe/config/config.go            |  3 +-
 cmd/system-probe/config/config_linux_test.go | 29 ++++++---
 pkg/network/encoding/marshal/modeler.go      |  2 +
 pkg/network/encoding/marshal/modeler_test.go | 67 ++++++++++++++++++++
 4 files changed, 90 insertions(+), 11 deletions(-)
 create mode 100644 pkg/network/encoding/marshal/modeler_test.go

diff --git a/cmd/system-probe/config/config.go b/cmd/system-probe/config/config.go
index b592cc2f65f7f..e6f0575248e2a 100644
--- a/cmd/system-probe/config/config.go
+++ b/cmd/system-probe/config/config.go
@@ -121,8 +121,9 @@ func load() (*types.Config, error) {
 	npmEnabled := cfg.GetBool(netNS("enabled"))
 	usmEnabled := cfg.GetBool(smNS("enabled"))
 	ccmEnabled := cfg.GetBool(ccmNS("enabled"))
+	csmEnabled := cfg.GetBool(secNS("enabled"))
 
-	if npmEnabled || usmEnabled || ccmEnabled {
+	if npmEnabled || usmEnabled || ccmEnabled || csmEnabled {
 		c.EnabledModules[NetworkTracerModule] = struct{}{}
 	}
 	if cfg.GetBool(spNS("enable_tcp_queue_length")) {
diff --git a/cmd/system-probe/config/config_linux_test.go b/cmd/system-probe/config/config_linux_test.go
index aab12a5c52ed5..0998e2ce69b74 100644
--- a/cmd/system-probe/config/config_linux_test.go
+++ b/cmd/system-probe/config/config_linux_test.go
@@ -73,17 +73,25 @@ func TestEventStreamEnabledForSupportedKernelsLinux(t *testing.T) {
 
 func TestNPMEnabled(t *testing.T) {
 	tests := []struct {
-		npm, usm, ccm bool
-		npmEnabled    bool
+		npm, usm, ccm, csm bool
+		npmEnabled         bool
 	}{
-		{false, false, false, false},
-		{false, false, true, true},
-		{false, true, false, true},
-		{false, true, true, true},
-		{true, false, false, true},
-		{true, false, true, true},
-		{true, true, false, true},
-		{true, true, true, true},
+		{false, false, false, false, false},
+		{false, false, true, false, true},
+		{false, true, false, false, true},
+		{false, true, true, false, true},
+		{true, false, false, false, true},
+		{true, false, true, false, true},
+		{true, true, false, false, true},
+		{true, true, true, false, true},
+		{false, false, false, true, true},
+		{false, false, true, true, true},
+		{false, true, false, true, true},
+		{false, true, true, true, true},
+		{true, false, false, true, true},
+		{true, false, true, true, true},
+		{true, true, false, true, true},
+		{true, true, true, true, true},
 	}
 
 	mock.NewSystemProbe(t)
@@ -92,6 +100,7 @@ func TestNPMEnabled(t *testing.T) {
 			t.Setenv("DD_SYSTEM_PROBE_NETWORK_ENABLED", strconv.FormatBool(te.npm))
 			t.Setenv("DD_SYSTEM_PROBE_SERVICE_MONITORING_ENABLED", strconv.FormatBool(te.usm))
 			t.Setenv("DD_CCM_NETWORK_CONFIG_ENABLED", strconv.FormatBool(te.ccm))
+			t.Setenv("DD_RUNTIME_SECURITY_CONFIG_ENABLED", strconv.FormatBool(te.csm))
 			cfg, err := New("", "")
 			require.NoError(t, err)
 			assert.Equal(t, te.npmEnabled, cfg.ModuleIsEnabled(NetworkTracerModule), "unexpected network tracer module enablement: npm: %v, usm: %v, ccm: %v", te.npm, te.usm, te.ccm)
diff --git a/pkg/network/encoding/marshal/modeler.go b/pkg/network/encoding/marshal/modeler.go
index 33e5c82f23e45..f365ed34d91b5 100644
--- a/pkg/network/encoding/marshal/modeler.go
+++ b/pkg/network/encoding/marshal/modeler.go
@@ -67,6 +67,7 @@ func (c *ConnectionsModeler) modelConnections(builder *model.ConnectionsBuilder,
 			NpmEnabled: pkgconfigsetup.SystemProbe().GetBool("network_config.enabled"),
 			UsmEnabled: pkgconfigsetup.SystemProbe().GetBool("service_monitoring_config.enabled"),
 			CcmEnabled: pkgconfigsetup.SystemProbe().GetBool("ccm_network_config.enabled"),
+			CsmEnabled: pkgconfigsetup.SystemProbe().GetBool("runtime_security_config.enabled"),
 		}
 	})
 
@@ -86,6 +87,7 @@ func (c *ConnectionsModeler) modelConnections(builder *model.ConnectionsBuilder,
 		w.SetNpmEnabled(agentCfg.NpmEnabled)
 		w.SetUsmEnabled(agentCfg.UsmEnabled)
 		w.SetCcmEnabled(agentCfg.CcmEnabled)
+		w.SetCsmEnabled(agentCfg.CsmEnabled)
 	})
 	for _, d := range c.dnsFormatter.Domains() {
 		builder.AddDomains(d)
diff --git a/pkg/network/encoding/marshal/modeler_test.go b/pkg/network/encoding/marshal/modeler_test.go
new file mode 100644
index 0000000000000..bac1f11891670
--- /dev/null
+++ b/pkg/network/encoding/marshal/modeler_test.go
@@ -0,0 +1,67 @@
+// Unless explicitly stated otherwise all files in this repository are licensed
+// under the Apache License Version 2.0.
+// This product includes software developed at Datadog (https://www.datadoghq.com/).
+// Copyright 2016-present Datadog, Inc.
+
+package marshal
+
+import (
+	"strconv"
+	"sync"
+	"testing"
+
+	model "github.com/DataDog/agent-payload/v5/process"
+	"github.com/stretchr/testify/assert"
+
+	"github.com/DataDog/datadog-agent/pkg/config/mock"
+	"github.com/DataDog/datadog-agent/pkg/network"
+)
+
+func TestConnectionModelerAgentConfiguration(t *testing.T) {
+	tests := []struct {
+		npm, usm, ccm, csm bool
+	}{
+		{false, false, false, false},
+		{false, false, true, false},
+		{false, true, false, false},
+		{false, true, true, false},
+		{true, false, false, false},
+		{true, false, true, false},
+		{true, true, false, false},
+		{true, true, true, false},
+		{false, false, false, true},
+		{false, false, true, true},
+		{false, true, false, true},
+		{false, true, true, true},
+		{true, false, false, true},
+		{true, false, true, true},
+		{true, true, false, true},
+		{true, true, true, true},
+	}
+
+	for _, te := range tests {
+		t.Run("", func(t *testing.T) {
+			t.Setenv("DD_SYSTEM_PROBE_NETWORK_ENABLED", strconv.FormatBool(te.npm))
+			t.Setenv("DD_SYSTEM_PROBE_SERVICE_MONITORING_ENABLED", strconv.FormatBool(te.usm))
+			t.Setenv("DD_CCM_NETWORK_CONFIG_ENABLED", strconv.FormatBool(te.ccm))
+			t.Setenv("DD_RUNTIME_SECURITY_CONFIG_ENABLED", strconv.FormatBool(te.csm))
+			mock.NewSystemProbe(t)
+			cfgOnce = sync.Once{}
+			conns := &network.Connections{}
+			mod := NewConnectionsModeler(conns)
+			streamer := NewProtoTestStreamer[*model.Connections]()
+			builder := model.NewConnectionsBuilder(streamer)
+			expected := &model.AgentConfiguration{
+				CcmEnabled: te.ccm,
+				CsmEnabled: te.csm,
+				UsmEnabled: te.usm,
+				NpmEnabled: te.npm,
+			}
+
+			mod.modelConnections(builder, conns)
+
+			actual := streamer.Unwrap(t, &model.Connections{})
+			assert.Equal(t, expected, actual.AgentConfiguration)
+		})
+	}
+}