USM: tests: add test helper to get empty config (DataDog#31567)

pkg/network/usm/compile_test.go

@@ -13,8 +13,8 @@ import (
 	"github.com/stretchr/testify/require"
 
 	"github.com/DataDog/datadog-agent/pkg/ebpf/ebpftest"
-	"github.com/DataDog/datadog-agent/pkg/network/config"
 	usmconfig "github.com/DataDog/datadog-agent/pkg/network/usm/config"
+	"github.com/DataDog/datadog-agent/pkg/network/usm/utils"
 	"github.com/DataDog/datadog-agent/pkg/util/kernel"
 )
 
@@ -25,7 +25,7 @@ func TestHttpCompile(t *testing.T) {
 		if currKernelVersion < usmconfig.MinimumKernelVersion {
 			t.Skip("USM Runtime compilation not supported on this kernel version")
 		}
-		cfg := config.New()
+		cfg := utils.NewUSMEmptyConfig()
 		cfg.BPFDebug = true
 		out, err := getRuntimeCompiledUSM(cfg)
 		require.NoError(t, err)

pkg/network/usm/ebpf_ssl_test.go

@@ -16,7 +16,6 @@ import (
 
 	"github.com/stretchr/testify/require"
 
-	"github.com/DataDog/datadog-agent/pkg/network/config"
 	"github.com/DataDog/datadog-agent/pkg/network/protocols/http/testutil"
 	usmconfig "github.com/DataDog/datadog-agent/pkg/network/usm/config"
 	"github.com/DataDog/datadog-agent/pkg/network/usm/consts"
@@ -25,7 +24,7 @@ import (
 )
 
 func testArch(t *testing.T, arch string) {
-	cfg := config.New()
+	cfg := utils.NewUSMEmptyConfig()
 	cfg.EnableNativeTLSMonitoring = true
 
 	if !usmconfig.TLSSupported(cfg) {

pkg/network/usm/istio_test.go

@@ -38,7 +38,7 @@ func TestGetEnvoyPath(t *testing.T) {
 }
 
 func TestGetEnvoyPathWithConfig(t *testing.T) {
-	cfg := config.New()
+	cfg := utils.NewUSMEmptyConfig()
 	cfg.EnableIstioMonitoring = true
 	cfg.EnvoyPath = "/test/envoy"
 	monitor := newIstioTestMonitorWithCFG(t, cfg)
@@ -100,7 +100,7 @@ func createFakeProcess(t *testing.T, processName string) (procRoot string, pid i
 }
 
 func newIstioTestMonitor(t *testing.T) *istioMonitor {
-	cfg := config.New()
+	cfg := utils.NewUSMEmptyConfig()
 	cfg.EnableIstioMonitoring = true
 
 	return newIstioTestMonitorWithCFG(t, cfg)

pkg/network/usm/kafka_monitor_test.go

@@ -168,7 +168,7 @@ func (s *KafkaProtocolParsingSuite) TestKafkaProtocolParsing() {
 
 	for mode, name := range map[bool]string{false: "without TLS", true: "with TLS"} {
 		t.Run(name, func(t *testing.T) {
-			if mode && !gotlsutils.GoTLSSupported(t, config.New()) {
+			if mode && !gotlsutils.GoTLSSupported(t, utils.NewUSMEmptyConfig()) {
 				t.Skip("GoTLS not supported for this setup")
 			}
 			if mode && isUnsupportedUbuntu(t) {
@@ -1265,7 +1265,7 @@ func (s *KafkaProtocolParsingSuite) TestKafkaFetchRaw() {
 	})
 
 	t.Run("with TLS", func(t *testing.T) {
-		if !gotlsutils.GoTLSSupported(t, config.New()) {
+		if !gotlsutils.GoTLSSupported(t, utils.NewUSMEmptyConfig()) {
 			t.Skip("GoTLS not supported for this setup")
 		}
 		if isUnsupportedUbuntu(t) {
@@ -1494,7 +1494,7 @@ func (s *KafkaProtocolParsingSuite) TestKafkaProduceRaw() {
 	})
 
 	t.Run("with TLS", func(t *testing.T) {
-		if !gotlsutils.GoTLSSupported(t, config.New()) {
+		if !gotlsutils.GoTLSSupported(t, utils.NewUSMEmptyConfig()) {
 			t.Skip("GoTLS not supported for this setup")
 		}
 		if isUnsupportedUbuntu(t) {
@@ -1619,7 +1619,7 @@ func getAndValidateKafkaStatsWithErrorCodes(t *testing.T, monitor *Monitor, expe
 }
 
 func getDefaultTestConfiguration(tls bool) *config.Config {
-	cfg := config.New()
+	cfg := utils.NewUSMEmptyConfig()
 	cfg.EnableKafkaMonitoring = true
 	cfg.MaxTrackedConnections = 1000
 	cfg.EnableGoTLSSupport = tls
@@ -1723,7 +1723,7 @@ func TestLoadKafkaBinary(t *testing.T) {
 }
 
 func loadKafkaBinary(t *testing.T, debug bool) {
-	cfg := config.New()
+	cfg := utils.NewUSMEmptyConfig()
 	// We don't have a way of enabling kafka without http at the moment
 	cfg.EnableGoTLSSupport = false
 	cfg.EnableKafkaMonitoring = true

pkg/network/usm/monitor_test.go

@@ -39,6 +39,7 @@ import (
 	"github.com/DataDog/datadog-agent/pkg/network/protocols/http/testutil"
 	libtelemetry "github.com/DataDog/datadog-agent/pkg/network/protocols/telemetry"
 	usmconfig "github.com/DataDog/datadog-agent/pkg/network/usm/config"
+	"github.com/DataDog/datadog-agent/pkg/network/usm/utils"
 	"github.com/DataDog/datadog-agent/pkg/util/kernel"
 	"github.com/DataDog/datadog-agent/pkg/util/log"
 )
@@ -80,10 +81,8 @@ func TestMonitorProtocolFail(t *testing.T) {
 			// Replace the HTTP protocol with a Mock
 			patchProtocolMock(t, tt.spec)
 
-			cfg := config.New()
-			cfg.EnableGoTLSSupport = false
+			cfg := utils.NewUSMEmptyConfig()
 			cfg.EnableHTTPMonitoring = true
-			cfg.EnableIstioMonitoring = false
 
 			monitor, err := NewMonitor(cfg, nil)
 			skipIfNotSupported(t, err)
@@ -123,7 +122,7 @@ func (s *HTTPTestSuite) TestHTTPStats() {
 	})
 	t.Cleanup(srvDoneFn)
 
-	monitor := newHTTPMonitorWithCfg(t, config.New())
+	monitor := newHTTPMonitorWithCfg(t, utils.NewUSMEmptyConfig())
 
 	resp, err := nethttp.Get(fmt.Sprintf("http://%s/%d/test", serverAddr, nethttp.StatusNoContent))
 	require.NoError(t, err)
@@ -155,7 +154,7 @@ func (s *HTTPTestSuite) TestHTTPMonitorLoadWithIncompleteBuffers() {
 	slowServerAddr := "localhost:8080"
 	fastServerAddr := "localhost:8081"
 
-	monitor := newHTTPMonitorWithCfg(t, config.New())
+	monitor := newHTTPMonitorWithCfg(t, utils.NewUSMEmptyConfig())
 	slowSrvDoneFn := testutil.HTTPServer(t, slowServerAddr, testutil.Options{
 		SlowResponse: time.Millisecond * 500, // Half a second.
 		WriteTimeout: time.Millisecond * 200,
@@ -230,7 +229,7 @@ func (s *HTTPTestSuite) TestHTTPMonitorIntegrationWithResponseBody() {
 	}
 	for _, tt := range tests {
 		t.Run(tt.name, func(t *testing.T) {
-			monitor := newHTTPMonitorWithCfg(t, config.New())
+			monitor := newHTTPMonitorWithCfg(t, utils.NewUSMEmptyConfig())
 			srvDoneFn := testutil.HTTPServer(t, serverAddr, testutil.Options{
 				EnableKeepAlive: true,
 			})
@@ -286,7 +285,7 @@ func (s *HTTPTestSuite) TestHTTPMonitorIntegrationSlowResponse() {
 	}
 	for _, tt := range tests {
 		t.Run(tt.name, func(t *testing.T) {
-			cfg := config.New()
+			cfg := utils.NewUSMEmptyConfig()
 			cfg.HTTPMapCleanerInterval = time.Duration(tt.mapCleanerIntervalSeconds) * time.Second
 			cfg.HTTPIdleConnectionTTL = time.Duration(tt.httpIdleConnectionTTLSeconds) * time.Second
 			monitor := newHTTPMonitorWithCfg(t, cfg)
@@ -353,7 +352,7 @@ func (s *HTTPTestSuite) TestSanity() {
 		t.Run(tt.name, func(t *testing.T) {
 			for _, keepAliveEnabled := range []bool{true, false} {
 				t.Run(testNameHelper("with keep alive", "without keep alive", keepAliveEnabled), func(t *testing.T) {
-					monitor := newHTTPMonitorWithCfg(t, config.New())
+					monitor := newHTTPMonitorWithCfg(t, utils.NewUSMEmptyConfig())
 
 					srvDoneFn := testutil.HTTPServer(t, tt.serverAddress, testutil.Options{EnableKeepAlive: keepAliveEnabled})
 					t.Cleanup(srvDoneFn)
@@ -379,7 +378,7 @@ func (s *HTTPTestSuite) TestSanity() {
 func (s *HTTPTestSuite) TestRSTPacketRegression() {
 	t := s.T()
 
-	monitor := newHTTPMonitorWithCfg(t, config.New())
+	monitor := newHTTPMonitorWithCfg(t, utils.NewUSMEmptyConfig())
 
 	serverAddr := "127.0.0.1:8080"
 	srvDoneFn := testutil.HTTPServer(t, serverAddr, testutil.Options{
@@ -414,7 +413,7 @@ func (s *HTTPTestSuite) TestRSTPacketRegression() {
 func (s *HTTPTestSuite) TestKeepAliveWithIncompleteResponseRegression() {
 	t := s.T()
 
-	monitor := newHTTPMonitorWithCfg(t, config.New())
+	monitor := newHTTPMonitorWithCfg(t, utils.NewUSMEmptyConfig())
 
 	const req = "GET /200/foobar HTTP/1.1\n"
 	const rsp = "HTTP/1.1 200 OK\n"
@@ -474,6 +473,22 @@ func (s *HTTPTestSuite) TestKeepAliveWithIncompleteResponseRegression() {
 	assertAllRequestsExists(t, monitor, []*nethttp.Request{{URL: url, Method: "GET"}})
 }
 
+// TestEmptyConfig checks the test helper indeed returns a config with no
+// protocols enable, by checking it prevents USM from running.
+// If this test fails after enabling a protocol by default, you MUST NOT change
+// this test, and instead update `NewUSMEmptyConfig` to make sure it disables the
+// new protocol.
+func TestEmptyConfig(t *testing.T) {
+	cfg := utils.NewUSMEmptyConfig()
+	require.True(t, cfg.ServiceMonitoringEnabled)
+
+	// The monitor should not start, and not return an error when no protocols
+	// are enabled.
+	monitor, err := NewMonitor(cfg, nil)
+	require.Nil(t, monitor)
+	require.NoError(t, err)
+}
+
 func assertAllRequestsExists(t *testing.T, monitor *Monitor, requests []*nethttp.Request) {
 	requestsExist := make([]bool, len(requests))
 

pkg/network/usm/monitor_tls_test.go

@@ -59,7 +59,7 @@ func TestTLSSuite(t *testing.T) {
 		modes = append(modes, ebpftest.Prebuilt)
 	}
 	ebpftest.TestBuildModes(t, modes, "", func(t *testing.T) {
-		if !usmconfig.TLSSupported(config.New()) {
+		if !usmconfig.TLSSupported(utils.NewUSMEmptyConfig()) {
 			t.Skip("TLS not supported for this setup")
 		}
 		suite.Run(t, new(tlsSuite))
@@ -69,8 +69,7 @@ func TestTLSSuite(t *testing.T) {
 func (s *tlsSuite) TestHTTPSViaLibraryIntegration() {
 	t := s.T()
 
-	cfg := config.New()
-	cfg.EnableGoTLSSupport = false
+	cfg := utils.NewUSMEmptyConfig()
 	cfg.EnableHTTPMonitoring = true
 	cfg.EnableNativeTLSMonitoring = true
 	/* enable protocol classification : TLS */
@@ -287,8 +286,7 @@ func prefetchLib(t *testing.T, filenames ...string) *exec.Cmd {
 func (s *tlsSuite) TestOpenSSLVersions() {
 	t := s.T()
 
-	cfg := config.New()
-	cfg.EnableGoTLSSupport = false
+	cfg := utils.NewUSMEmptyConfig()
 	cfg.EnableNativeTLSMonitoring = true
 	cfg.EnableHTTPMonitoring = true
 	usmMonitor := setupUSMTLSMonitor(t, cfg)
@@ -347,8 +345,7 @@ func (s *tlsSuite) TestOpenSSLVersions() {
 func (s *tlsSuite) TestOpenSSLVersionsSlowStart() {
 	t := s.T()
 
-	cfg := config.New()
-	cfg.EnableGoTLSSupport = false
+	cfg := utils.NewUSMEmptyConfig()
 	cfg.EnableNativeTLSMonitoring = true
 	cfg.EnableHTTPMonitoring = true
 
@@ -476,15 +473,15 @@ func TestHTTPGoTLSAttachProbes(t *testing.T) {
 
 	modes := []ebpftest.BuildMode{ebpftest.RuntimeCompiled, ebpftest.CORE}
 	ebpftest.TestBuildModes(t, modes, "", func(t *testing.T) {
-		if !gotlstestutil.GoTLSSupported(t, config.New()) {
+		if !gotlstestutil.GoTLSSupported(t, utils.NewUSMEmptyConfig()) {
 			t.Skip("GoTLS not supported for this setup")
 		}
 
 		t.Run("new process", func(t *testing.T) {
-			testHTTPGoTLSCaptureNewProcess(t, config.New(), false)
+			testHTTPGoTLSCaptureNewProcess(t, utils.NewUSMEmptyConfig(), false)
 		})
 		t.Run("already running process", func(t *testing.T) {
-			testHTTPGoTLSCaptureAlreadyRunning(t, config.New(), false)
+			testHTTPGoTLSCaptureAlreadyRunning(t, utils.NewUSMEmptyConfig(), false)
 		})
 	})
 }
@@ -511,13 +508,13 @@ func testHTTP2GoTLSAttachProbes(t *testing.T, cfg *config.Config) {
 func TestHTTP2GoTLSAttachProbes(t *testing.T) {
 	t.Run("netlink",
 		func(tt *testing.T) {
-			cfg := config.New()
+			cfg := utils.NewUSMEmptyConfig()
 			cfg.EnableUSMEventStream = false
 			testHTTP2GoTLSAttachProbes(tt, cfg)
 		})
 	t.Run("event stream",
 		func(tt *testing.T) {
-			cfg := config.New()
+			cfg := utils.NewUSMEmptyConfig()
 			cfg.EnableUSMEventStream = true
 			testHTTP2GoTLSAttachProbes(tt, cfg)
 		})
@@ -527,15 +524,15 @@ func TestHTTPSGoTLSAttachProbesOnContainer(t *testing.T) {
 	t.Skip("Skipping a flaky test")
 	modes := []ebpftest.BuildMode{ebpftest.RuntimeCompiled, ebpftest.CORE}
 	ebpftest.TestBuildModes(t, modes, "", func(t *testing.T) {
-		if !gotlstestutil.GoTLSSupported(t, config.New()) {
+		if !gotlstestutil.GoTLSSupported(t, utils.NewUSMEmptyConfig()) {
 			t.Skip("GoTLS not supported for this setup")
 		}
 
 		t.Run("new process", func(t *testing.T) {
-			testHTTPSGoTLSCaptureNewProcessContainer(t, config.New())
+			testHTTPSGoTLSCaptureNewProcessContainer(t, utils.NewUSMEmptyConfig())
 		})
 		t.Run("already running process", func(t *testing.T) {
-			testHTTPSGoTLSCaptureAlreadyRunningContainer(t, config.New())
+			testHTTPSGoTLSCaptureAlreadyRunningContainer(t, utils.NewUSMEmptyConfig())
 		})
 	})
 }
@@ -545,7 +542,7 @@ func TestOldConnectionRegression(t *testing.T) {
 
 	modes := []ebpftest.BuildMode{ebpftest.RuntimeCompiled, ebpftest.CORE}
 	ebpftest.TestBuildModes(t, modes, "", func(t *testing.T) {
-		if !gotlstestutil.GoTLSSupported(t, config.New()) {
+		if !gotlstestutil.GoTLSSupported(t, utils.NewUSMEmptyConfig()) {
 			t.Skip("GoTLS not supported for this setup")
 		}
 
@@ -567,7 +564,7 @@ func TestOldConnectionRegression(t *testing.T) {
 		defer conn.Close()
 
 		// Start USM monitor
-		cfg := config.New()
+		cfg := utils.NewUSMEmptyConfig()
 		cfg.EnableHTTPMonitoring = true
 		cfg.EnableGoTLSSupport = true
 		cfg.GoTLSExcludeSelf = false
@@ -620,7 +617,7 @@ func TestOldConnectionRegression(t *testing.T) {
 func TestLimitListenerRegression(t *testing.T) {
 	modes := []ebpftest.BuildMode{ebpftest.RuntimeCompiled, ebpftest.CORE}
 	ebpftest.TestBuildModes(t, modes, "", func(t *testing.T) {
-		if !gotlstestutil.GoTLSSupported(t, config.New()) {
+		if !gotlstestutil.GoTLSSupported(t, utils.NewUSMEmptyConfig()) {
 			t.Skip("GoTLS not supported for this setup")
 		}
 
@@ -634,7 +631,7 @@ func TestLimitListenerRegression(t *testing.T) {
 		t.Cleanup(closeServer)
 
 		// Start USM monitor
-		cfg := config.New()
+		cfg := utils.NewUSMEmptyConfig()
 		cfg.EnableHTTPMonitoring = true
 		cfg.EnableGoTLSSupport = true
 		cfg.GoTLSExcludeSelf = false
@@ -907,8 +904,7 @@ func (s *tlsSuite) TestNodeJSTLS() {
 	nodeJSPID, err := nodejs.GetNodeJSDockerPID()
 	require.NoError(t, err)
 
-	cfg := config.New()
-	cfg.EnableGoTLSSupport = false
+	cfg := utils.NewUSMEmptyConfig()
 	cfg.EnableHTTPMonitoring = true
 	cfg.EnableNodeJSMonitoring = true
 

pkg/network/usm/postgres_monitor_test.go

@@ -144,7 +144,7 @@ func (s *postgresProtocolParsingSuite) TestDecoding() {
 	}
 	for _, tt := range tests {
 		t.Run(tt.name, func(t *testing.T) {
-			if tt.isTLS && !gotlstestutil.GoTLSSupported(t, config.New()) {
+			if tt.isTLS && !gotlstestutil.GoTLSSupported(t, utils.NewUSMEmptyConfig()) {
 				t.Skip("GoTLS not supported for this setup")
 			}
 			testDecoding(t, tt.isTLS)
@@ -762,7 +762,7 @@ func (s *postgresProtocolParsingSuite) TestCleanupEBPFEntriesOnTermination() {
 }
 
 func getPostgresDefaultTestConfiguration(enableTLS bool) *config.Config {
-	cfg := config.New()
+	cfg := utils.NewUSMEmptyConfig()
 	cfg.EnablePostgresMonitoring = true
 	cfg.MaxTrackedConnections = 1000
 	cfg.EnableGoTLSSupport = enableTLS