From 0399385a21a07949d3b1f31b5971e6c1bfece4cc Mon Sep 17 00:00:00 2001 From: Guillaume Pagnoux Date: Mon, 2 Dec 2024 12:42:21 +0100 Subject: [PATCH] USM: tests: add test helper to get empty config (#31567) --- pkg/network/usm/compile_test.go | 4 +- pkg/network/usm/ebpf_ssl_test.go | 3 +- pkg/network/usm/istio_test.go | 4 +- pkg/network/usm/kafka_monitor_test.go | 10 ++--- pkg/network/usm/monitor_test.go | 35 ++++++++++++----- pkg/network/usm/monitor_tls_test.go | 38 +++++++++---------- pkg/network/usm/postgres_monitor_test.go | 4 +- .../usm/sharedlibraries/watcher_test.go | 15 ++++---- .../usm/tests/tracer_usm_linux_test.go | 8 +++- pkg/network/usm/usm_grpc_monitor_test.go | 5 +-- pkg/network/usm/utils/testutils.go | 23 ++++++++++- 11 files changed, 91 insertions(+), 58 deletions(-) diff --git a/pkg/network/usm/compile_test.go b/pkg/network/usm/compile_test.go index e15ec250797b7..02cbe64026eda 100644 --- a/pkg/network/usm/compile_test.go +++ b/pkg/network/usm/compile_test.go @@ -13,8 +13,8 @@ import ( "github.com/stretchr/testify/require" "github.com/DataDog/datadog-agent/pkg/ebpf/ebpftest" - "github.com/DataDog/datadog-agent/pkg/network/config" usmconfig "github.com/DataDog/datadog-agent/pkg/network/usm/config" + "github.com/DataDog/datadog-agent/pkg/network/usm/utils" "github.com/DataDog/datadog-agent/pkg/util/kernel" ) @@ -25,7 +25,7 @@ func TestHttpCompile(t *testing.T) { if currKernelVersion < usmconfig.MinimumKernelVersion { t.Skip("USM Runtime compilation not supported on this kernel version") } - cfg := config.New() + cfg := utils.NewUSMEmptyConfig() cfg.BPFDebug = true out, err := getRuntimeCompiledUSM(cfg) require.NoError(t, err) diff --git a/pkg/network/usm/ebpf_ssl_test.go b/pkg/network/usm/ebpf_ssl_test.go index f94dde8fb3110..2e3ef3043d00d 100644 --- a/pkg/network/usm/ebpf_ssl_test.go +++ b/pkg/network/usm/ebpf_ssl_test.go @@ -16,7 +16,6 @@ import ( "github.com/stretchr/testify/require" - "github.com/DataDog/datadog-agent/pkg/network/config" "github.com/DataDog/datadog-agent/pkg/network/protocols/http/testutil" usmconfig "github.com/DataDog/datadog-agent/pkg/network/usm/config" "github.com/DataDog/datadog-agent/pkg/network/usm/consts" @@ -25,7 +24,7 @@ import ( ) func testArch(t *testing.T, arch string) { - cfg := config.New() + cfg := utils.NewUSMEmptyConfig() cfg.EnableNativeTLSMonitoring = true if !usmconfig.TLSSupported(cfg) { diff --git a/pkg/network/usm/istio_test.go b/pkg/network/usm/istio_test.go index e61c3372ccc77..73efaf1a4ef4b 100644 --- a/pkg/network/usm/istio_test.go +++ b/pkg/network/usm/istio_test.go @@ -38,7 +38,7 @@ func TestGetEnvoyPath(t *testing.T) { } func TestGetEnvoyPathWithConfig(t *testing.T) { - cfg := config.New() + cfg := utils.NewUSMEmptyConfig() cfg.EnableIstioMonitoring = true cfg.EnvoyPath = "/test/envoy" monitor := newIstioTestMonitorWithCFG(t, cfg) @@ -100,7 +100,7 @@ func createFakeProcess(t *testing.T, processName string) (procRoot string, pid i } func newIstioTestMonitor(t *testing.T) *istioMonitor { - cfg := config.New() + cfg := utils.NewUSMEmptyConfig() cfg.EnableIstioMonitoring = true return newIstioTestMonitorWithCFG(t, cfg) diff --git a/pkg/network/usm/kafka_monitor_test.go b/pkg/network/usm/kafka_monitor_test.go index 52177ad873c24..645db1e3bc064 100644 --- a/pkg/network/usm/kafka_monitor_test.go +++ b/pkg/network/usm/kafka_monitor_test.go @@ -168,7 +168,7 @@ func (s *KafkaProtocolParsingSuite) TestKafkaProtocolParsing() { for mode, name := range map[bool]string{false: "without TLS", true: "with TLS"} { t.Run(name, func(t *testing.T) { - if mode && !gotlsutils.GoTLSSupported(t, config.New()) { + if mode && !gotlsutils.GoTLSSupported(t, utils.NewUSMEmptyConfig()) { t.Skip("GoTLS not supported for this setup") } if mode && isUnsupportedUbuntu(t) { @@ -1265,7 +1265,7 @@ func (s *KafkaProtocolParsingSuite) TestKafkaFetchRaw() { }) t.Run("with TLS", func(t *testing.T) { - if !gotlsutils.GoTLSSupported(t, config.New()) { + if !gotlsutils.GoTLSSupported(t, utils.NewUSMEmptyConfig()) { t.Skip("GoTLS not supported for this setup") } if isUnsupportedUbuntu(t) { @@ -1494,7 +1494,7 @@ func (s *KafkaProtocolParsingSuite) TestKafkaProduceRaw() { }) t.Run("with TLS", func(t *testing.T) { - if !gotlsutils.GoTLSSupported(t, config.New()) { + if !gotlsutils.GoTLSSupported(t, utils.NewUSMEmptyConfig()) { t.Skip("GoTLS not supported for this setup") } if isUnsupportedUbuntu(t) { @@ -1619,7 +1619,7 @@ func getAndValidateKafkaStatsWithErrorCodes(t *testing.T, monitor *Monitor, expe } func getDefaultTestConfiguration(tls bool) *config.Config { - cfg := config.New() + cfg := utils.NewUSMEmptyConfig() cfg.EnableKafkaMonitoring = true cfg.MaxTrackedConnections = 1000 cfg.EnableGoTLSSupport = tls @@ -1723,7 +1723,7 @@ func TestLoadKafkaBinary(t *testing.T) { } func loadKafkaBinary(t *testing.T, debug bool) { - cfg := config.New() + cfg := utils.NewUSMEmptyConfig() // We don't have a way of enabling kafka without http at the moment cfg.EnableGoTLSSupport = false cfg.EnableKafkaMonitoring = true diff --git a/pkg/network/usm/monitor_test.go b/pkg/network/usm/monitor_test.go index 014511d786ad6..402243c2562d1 100644 --- a/pkg/network/usm/monitor_test.go +++ b/pkg/network/usm/monitor_test.go @@ -39,6 +39,7 @@ import ( "github.com/DataDog/datadog-agent/pkg/network/protocols/http/testutil" libtelemetry "github.com/DataDog/datadog-agent/pkg/network/protocols/telemetry" usmconfig "github.com/DataDog/datadog-agent/pkg/network/usm/config" + "github.com/DataDog/datadog-agent/pkg/network/usm/utils" "github.com/DataDog/datadog-agent/pkg/util/kernel" "github.com/DataDog/datadog-agent/pkg/util/log" ) @@ -80,10 +81,8 @@ func TestMonitorProtocolFail(t *testing.T) { // Replace the HTTP protocol with a Mock patchProtocolMock(t, tt.spec) - cfg := config.New() - cfg.EnableGoTLSSupport = false + cfg := utils.NewUSMEmptyConfig() cfg.EnableHTTPMonitoring = true - cfg.EnableIstioMonitoring = false monitor, err := NewMonitor(cfg, nil) skipIfNotSupported(t, err) @@ -123,7 +122,7 @@ func (s *HTTPTestSuite) TestHTTPStats() { }) t.Cleanup(srvDoneFn) - monitor := newHTTPMonitorWithCfg(t, config.New()) + monitor := newHTTPMonitorWithCfg(t, utils.NewUSMEmptyConfig()) resp, err := nethttp.Get(fmt.Sprintf("http://%s/%d/test", serverAddr, nethttp.StatusNoContent)) require.NoError(t, err) @@ -155,7 +154,7 @@ func (s *HTTPTestSuite) TestHTTPMonitorLoadWithIncompleteBuffers() { slowServerAddr := "localhost:8080" fastServerAddr := "localhost:8081" - monitor := newHTTPMonitorWithCfg(t, config.New()) + monitor := newHTTPMonitorWithCfg(t, utils.NewUSMEmptyConfig()) slowSrvDoneFn := testutil.HTTPServer(t, slowServerAddr, testutil.Options{ SlowResponse: time.Millisecond * 500, // Half a second. WriteTimeout: time.Millisecond * 200, @@ -230,7 +229,7 @@ func (s *HTTPTestSuite) TestHTTPMonitorIntegrationWithResponseBody() { } for _, tt := range tests { t.Run(tt.name, func(t *testing.T) { - monitor := newHTTPMonitorWithCfg(t, config.New()) + monitor := newHTTPMonitorWithCfg(t, utils.NewUSMEmptyConfig()) srvDoneFn := testutil.HTTPServer(t, serverAddr, testutil.Options{ EnableKeepAlive: true, }) @@ -286,7 +285,7 @@ func (s *HTTPTestSuite) TestHTTPMonitorIntegrationSlowResponse() { } for _, tt := range tests { t.Run(tt.name, func(t *testing.T) { - cfg := config.New() + cfg := utils.NewUSMEmptyConfig() cfg.HTTPMapCleanerInterval = time.Duration(tt.mapCleanerIntervalSeconds) * time.Second cfg.HTTPIdleConnectionTTL = time.Duration(tt.httpIdleConnectionTTLSeconds) * time.Second monitor := newHTTPMonitorWithCfg(t, cfg) @@ -353,7 +352,7 @@ func (s *HTTPTestSuite) TestSanity() { t.Run(tt.name, func(t *testing.T) { for _, keepAliveEnabled := range []bool{true, false} { t.Run(testNameHelper("with keep alive", "without keep alive", keepAliveEnabled), func(t *testing.T) { - monitor := newHTTPMonitorWithCfg(t, config.New()) + monitor := newHTTPMonitorWithCfg(t, utils.NewUSMEmptyConfig()) srvDoneFn := testutil.HTTPServer(t, tt.serverAddress, testutil.Options{EnableKeepAlive: keepAliveEnabled}) t.Cleanup(srvDoneFn) @@ -379,7 +378,7 @@ func (s *HTTPTestSuite) TestSanity() { func (s *HTTPTestSuite) TestRSTPacketRegression() { t := s.T() - monitor := newHTTPMonitorWithCfg(t, config.New()) + monitor := newHTTPMonitorWithCfg(t, utils.NewUSMEmptyConfig()) serverAddr := "127.0.0.1:8080" srvDoneFn := testutil.HTTPServer(t, serverAddr, testutil.Options{ @@ -414,7 +413,7 @@ func (s *HTTPTestSuite) TestRSTPacketRegression() { func (s *HTTPTestSuite) TestKeepAliveWithIncompleteResponseRegression() { t := s.T() - monitor := newHTTPMonitorWithCfg(t, config.New()) + monitor := newHTTPMonitorWithCfg(t, utils.NewUSMEmptyConfig()) const req = "GET /200/foobar HTTP/1.1\n" const rsp = "HTTP/1.1 200 OK\n" @@ -474,6 +473,22 @@ func (s *HTTPTestSuite) TestKeepAliveWithIncompleteResponseRegression() { assertAllRequestsExists(t, monitor, []*nethttp.Request{{URL: url, Method: "GET"}}) } +// TestEmptyConfig checks the test helper indeed returns a config with no +// protocols enable, by checking it prevents USM from running. +// If this test fails after enabling a protocol by default, you MUST NOT change +// this test, and instead update `NewUSMEmptyConfig` to make sure it disables the +// new protocol. +func TestEmptyConfig(t *testing.T) { + cfg := utils.NewUSMEmptyConfig() + require.True(t, cfg.ServiceMonitoringEnabled) + + // The monitor should not start, and not return an error when no protocols + // are enabled. + monitor, err := NewMonitor(cfg, nil) + require.Nil(t, monitor) + require.NoError(t, err) +} + func assertAllRequestsExists(t *testing.T, monitor *Monitor, requests []*nethttp.Request) { requestsExist := make([]bool, len(requests)) diff --git a/pkg/network/usm/monitor_tls_test.go b/pkg/network/usm/monitor_tls_test.go index c7553370b7c7b..a4fd5924bd630 100644 --- a/pkg/network/usm/monitor_tls_test.go +++ b/pkg/network/usm/monitor_tls_test.go @@ -59,7 +59,7 @@ func TestTLSSuite(t *testing.T) { modes = append(modes, ebpftest.Prebuilt) } ebpftest.TestBuildModes(t, modes, "", func(t *testing.T) { - if !usmconfig.TLSSupported(config.New()) { + if !usmconfig.TLSSupported(utils.NewUSMEmptyConfig()) { t.Skip("TLS not supported for this setup") } suite.Run(t, new(tlsSuite)) @@ -69,8 +69,7 @@ func TestTLSSuite(t *testing.T) { func (s *tlsSuite) TestHTTPSViaLibraryIntegration() { t := s.T() - cfg := config.New() - cfg.EnableGoTLSSupport = false + cfg := utils.NewUSMEmptyConfig() cfg.EnableHTTPMonitoring = true cfg.EnableNativeTLSMonitoring = true /* enable protocol classification : TLS */ @@ -287,8 +286,7 @@ func prefetchLib(t *testing.T, filenames ...string) *exec.Cmd { func (s *tlsSuite) TestOpenSSLVersions() { t := s.T() - cfg := config.New() - cfg.EnableGoTLSSupport = false + cfg := utils.NewUSMEmptyConfig() cfg.EnableNativeTLSMonitoring = true cfg.EnableHTTPMonitoring = true usmMonitor := setupUSMTLSMonitor(t, cfg) @@ -347,8 +345,7 @@ func (s *tlsSuite) TestOpenSSLVersions() { func (s *tlsSuite) TestOpenSSLVersionsSlowStart() { t := s.T() - cfg := config.New() - cfg.EnableGoTLSSupport = false + cfg := utils.NewUSMEmptyConfig() cfg.EnableNativeTLSMonitoring = true cfg.EnableHTTPMonitoring = true @@ -476,15 +473,15 @@ func TestHTTPGoTLSAttachProbes(t *testing.T) { modes := []ebpftest.BuildMode{ebpftest.RuntimeCompiled, ebpftest.CORE} ebpftest.TestBuildModes(t, modes, "", func(t *testing.T) { - if !gotlstestutil.GoTLSSupported(t, config.New()) { + if !gotlstestutil.GoTLSSupported(t, utils.NewUSMEmptyConfig()) { t.Skip("GoTLS not supported for this setup") } t.Run("new process", func(t *testing.T) { - testHTTPGoTLSCaptureNewProcess(t, config.New(), false) + testHTTPGoTLSCaptureNewProcess(t, utils.NewUSMEmptyConfig(), false) }) t.Run("already running process", func(t *testing.T) { - testHTTPGoTLSCaptureAlreadyRunning(t, config.New(), false) + testHTTPGoTLSCaptureAlreadyRunning(t, utils.NewUSMEmptyConfig(), false) }) }) } @@ -511,13 +508,13 @@ func testHTTP2GoTLSAttachProbes(t *testing.T, cfg *config.Config) { func TestHTTP2GoTLSAttachProbes(t *testing.T) { t.Run("netlink", func(tt *testing.T) { - cfg := config.New() + cfg := utils.NewUSMEmptyConfig() cfg.EnableUSMEventStream = false testHTTP2GoTLSAttachProbes(tt, cfg) }) t.Run("event stream", func(tt *testing.T) { - cfg := config.New() + cfg := utils.NewUSMEmptyConfig() cfg.EnableUSMEventStream = true testHTTP2GoTLSAttachProbes(tt, cfg) }) @@ -527,15 +524,15 @@ func TestHTTPSGoTLSAttachProbesOnContainer(t *testing.T) { t.Skip("Skipping a flaky test") modes := []ebpftest.BuildMode{ebpftest.RuntimeCompiled, ebpftest.CORE} ebpftest.TestBuildModes(t, modes, "", func(t *testing.T) { - if !gotlstestutil.GoTLSSupported(t, config.New()) { + if !gotlstestutil.GoTLSSupported(t, utils.NewUSMEmptyConfig()) { t.Skip("GoTLS not supported for this setup") } t.Run("new process", func(t *testing.T) { - testHTTPSGoTLSCaptureNewProcessContainer(t, config.New()) + testHTTPSGoTLSCaptureNewProcessContainer(t, utils.NewUSMEmptyConfig()) }) t.Run("already running process", func(t *testing.T) { - testHTTPSGoTLSCaptureAlreadyRunningContainer(t, config.New()) + testHTTPSGoTLSCaptureAlreadyRunningContainer(t, utils.NewUSMEmptyConfig()) }) }) } @@ -545,7 +542,7 @@ func TestOldConnectionRegression(t *testing.T) { modes := []ebpftest.BuildMode{ebpftest.RuntimeCompiled, ebpftest.CORE} ebpftest.TestBuildModes(t, modes, "", func(t *testing.T) { - if !gotlstestutil.GoTLSSupported(t, config.New()) { + if !gotlstestutil.GoTLSSupported(t, utils.NewUSMEmptyConfig()) { t.Skip("GoTLS not supported for this setup") } @@ -567,7 +564,7 @@ func TestOldConnectionRegression(t *testing.T) { defer conn.Close() // Start USM monitor - cfg := config.New() + cfg := utils.NewUSMEmptyConfig() cfg.EnableHTTPMonitoring = true cfg.EnableGoTLSSupport = true cfg.GoTLSExcludeSelf = false @@ -620,7 +617,7 @@ func TestOldConnectionRegression(t *testing.T) { func TestLimitListenerRegression(t *testing.T) { modes := []ebpftest.BuildMode{ebpftest.RuntimeCompiled, ebpftest.CORE} ebpftest.TestBuildModes(t, modes, "", func(t *testing.T) { - if !gotlstestutil.GoTLSSupported(t, config.New()) { + if !gotlstestutil.GoTLSSupported(t, utils.NewUSMEmptyConfig()) { t.Skip("GoTLS not supported for this setup") } @@ -634,7 +631,7 @@ func TestLimitListenerRegression(t *testing.T) { t.Cleanup(closeServer) // Start USM monitor - cfg := config.New() + cfg := utils.NewUSMEmptyConfig() cfg.EnableHTTPMonitoring = true cfg.EnableGoTLSSupport = true cfg.GoTLSExcludeSelf = false @@ -907,8 +904,7 @@ func (s *tlsSuite) TestNodeJSTLS() { nodeJSPID, err := nodejs.GetNodeJSDockerPID() require.NoError(t, err) - cfg := config.New() - cfg.EnableGoTLSSupport = false + cfg := utils.NewUSMEmptyConfig() cfg.EnableHTTPMonitoring = true cfg.EnableNodeJSMonitoring = true diff --git a/pkg/network/usm/postgres_monitor_test.go b/pkg/network/usm/postgres_monitor_test.go index 9243756cfe76c..76c616beff5bd 100644 --- a/pkg/network/usm/postgres_monitor_test.go +++ b/pkg/network/usm/postgres_monitor_test.go @@ -144,7 +144,7 @@ func (s *postgresProtocolParsingSuite) TestDecoding() { } for _, tt := range tests { t.Run(tt.name, func(t *testing.T) { - if tt.isTLS && !gotlstestutil.GoTLSSupported(t, config.New()) { + if tt.isTLS && !gotlstestutil.GoTLSSupported(t, utils.NewUSMEmptyConfig()) { t.Skip("GoTLS not supported for this setup") } testDecoding(t, tt.isTLS) @@ -762,7 +762,7 @@ func (s *postgresProtocolParsingSuite) TestCleanupEBPFEntriesOnTermination() { } func getPostgresDefaultTestConfiguration(enableTLS bool) *config.Config { - cfg := config.New() + cfg := utils.NewUSMEmptyConfig() cfg.EnablePostgresMonitoring = true cfg.MaxTrackedConnections = 1000 cfg.EnableGoTLSSupport = enableTLS diff --git a/pkg/network/usm/sharedlibraries/watcher_test.go b/pkg/network/usm/sharedlibraries/watcher_test.go index deb27b067b673..ec8eddb5f8edf 100644 --- a/pkg/network/usm/sharedlibraries/watcher_test.go +++ b/pkg/network/usm/sharedlibraries/watcher_test.go @@ -28,7 +28,6 @@ import ( "github.com/DataDog/datadog-agent/pkg/ebpf/ebpftest" "github.com/DataDog/datadog-agent/pkg/ebpf/prebuilt" eventmonitortestutil "github.com/DataDog/datadog-agent/pkg/eventmonitor/testutil" - "github.com/DataDog/datadog-agent/pkg/network/config" usmconfig "github.com/DataDog/datadog-agent/pkg/network/usm/config" fileopener "github.com/DataDog/datadog-agent/pkg/network/usm/sharedlibraries/testutil" "github.com/DataDog/datadog-agent/pkg/network/usm/utils" @@ -52,7 +51,7 @@ type SharedLibrarySuite struct { } func TestSharedLibrary(t *testing.T) { - if !usmconfig.TLSSupported(config.New()) { + if !usmconfig.TLSSupported(utils.NewUSMEmptyConfig()) { t.Skip("shared library tracing not supported for this platform") } @@ -81,7 +80,7 @@ func (s *SharedLibrarySuite) TestSharedLibraryDetection() { registerRecorder := new(utils.CallbackRecorder) unregisterRecorder := new(utils.CallbackRecorder) - watcher, err := NewWatcher(config.New(), LibsetCrypto, + watcher, err := NewWatcher(utils.NewUSMEmptyConfig(), LibsetCrypto, Rule{ Re: regexp.MustCompile(`foo-libssl.so`), RegisterCB: registerRecorder.Callback(), @@ -138,7 +137,7 @@ func (s *SharedLibrarySuite) TestSharedLibraryDetectionWithPIDAndRootNamespace() return nil } - watcher, err := NewWatcher(config.New(), LibsetCrypto, + watcher, err := NewWatcher(utils.NewUSMEmptyConfig(), LibsetCrypto, Rule{ Re: regexp.MustCompile(`fooroot-crypto.so`), RegisterCB: callback, @@ -186,7 +185,7 @@ func (s *SharedLibrarySuite) TestSameInodeRegression() { registerRecorder := new(utils.CallbackRecorder) unregisterRecorder := new(utils.CallbackRecorder) - watcher, err := NewWatcher(config.New(), LibsetCrypto, + watcher, err := NewWatcher(utils.NewUSMEmptyConfig(), LibsetCrypto, Rule{ Re: regexp.MustCompile(`foo-libssl.so`), RegisterCB: registerRecorder.Callback(), @@ -227,7 +226,7 @@ func (s *SharedLibrarySuite) TestSoWatcherLeaks() { registerCB := registerRecorder.Callback() unregisterCB := unregisterRecorder.Callback() - watcher, err := NewWatcher(config.New(), LibsetCrypto, + watcher, err := NewWatcher(utils.NewUSMEmptyConfig(), LibsetCrypto, Rule{ Re: regexp.MustCompile(`foo-libssl.so`), RegisterCB: registerCB, @@ -293,7 +292,7 @@ func (s *SharedLibrarySuite) TestSoWatcherProcessAlreadyHoldingReferences() { registerCB := registerRecorder.Callback() unregisterCB := unregisterRecorder.Callback() - watcher, err := NewWatcher(config.New(), LibsetCrypto, + watcher, err := NewWatcher(utils.NewUSMEmptyConfig(), LibsetCrypto, Rule{ Re: regexp.MustCompile(`foo-libssl.so`), RegisterCB: registerCB, @@ -363,7 +362,7 @@ func createTempTestFile(t *testing.T, name string) (string, utils.PathIdentifier } func BenchmarkScanSOWatcherNew(b *testing.B) { - w, _ := NewWatcher(config.New(), LibsetCrypto, + w, _ := NewWatcher(utils.NewUSMEmptyConfig(), LibsetCrypto, Rule{ Re: regexp.MustCompile(`libssl.so`), }, diff --git a/pkg/network/usm/tests/tracer_usm_linux_test.go b/pkg/network/usm/tests/tracer_usm_linux_test.go index 551bf8e9650a7..9187bfbde28b5 100644 --- a/pkg/network/usm/tests/tracer_usm_linux_test.go +++ b/pkg/network/usm/tests/tracer_usm_linux_test.go @@ -119,7 +119,7 @@ func skipIfUsingNAT(t *testing.T, ctx testContext) { // skipIfGoTLSNotSupported skips the test if GoTLS is not supported. func skipIfGoTLSNotSupported(t *testing.T, _ testContext) { - if !gotlstestutil.GoTLSSupported(t, config.New()) { + if !gotlstestutil.GoTLSSupported(t, utils.NewUSMEmptyConfig()) { t.Skip("GoTLS is not supported") } } @@ -685,7 +685,11 @@ func testHTTPSClassification(t *testing.T, tr *tracer.Tracer, clientHost, target } func TestFullMonitorWithTracer(t *testing.T) { - cfg := config.New() + if !httpSupported() { + t.Skip("USM is not supported") + } + + cfg := utils.NewUSMEmptyConfig() cfg.EnableHTTPMonitoring = true cfg.EnableHTTP2Monitoring = true cfg.EnableKafkaMonitoring = true diff --git a/pkg/network/usm/usm_grpc_monitor_test.go b/pkg/network/usm/usm_grpc_monitor_test.go index f597935aeecad..bfc6833bf897d 100644 --- a/pkg/network/usm/usm_grpc_monitor_test.go +++ b/pkg/network/usm/usm_grpc_monitor_test.go @@ -78,7 +78,7 @@ func TestGRPCScenarios(t *testing.T) { }, } { t.Run(tc.name, func(t *testing.T) { - if tc.isTLS && !gotlsutils.GoTLSSupported(t, config.New()) { + if tc.isTLS && !gotlsutils.GoTLSSupported(t, utils.NewUSMEmptyConfig()) { t.Skip("GoTLS not supported for this setup") } suite.Run(t, &usmGRPCSuite{isTLS: tc.isTLS}) @@ -105,8 +105,7 @@ func getGRPCClientsArray(t *testing.T, size int, withTLS bool) ([]*grpc.Client, } func (s *usmGRPCSuite) getConfig() *config.Config { - cfg := config.New() - cfg.EnableIstioMonitoring = false + cfg := utils.NewUSMEmptyConfig() cfg.EnableHTTP2Monitoring = true cfg.EnableGoTLSSupport = s.isTLS cfg.GoTLSExcludeSelf = s.isTLS diff --git a/pkg/network/usm/utils/testutils.go b/pkg/network/usm/utils/testutils.go index 9622c0486a999..2b9f2d19a126e 100644 --- a/pkg/network/usm/utils/testutils.go +++ b/pkg/network/usm/utils/testutils.go @@ -7,7 +7,11 @@ package utils -import "sync" +import ( + "sync" + + "github.com/DataDog/datadog-agent/pkg/network/config" +) // CallbackRecorder is meant to assist with *testing* the `FileRegistry` code // as well as code interacting with it such as `sharedlibraries.Watcher`. @@ -56,3 +60,20 @@ func (r *CallbackRecorder) TotalCalls() int { } return total } + +// NewUSMEmptyConfig creates a new network config, with every USM protocols disabled. +func NewUSMEmptyConfig() *config.Config { + cfg := config.New() + cfg.ServiceMonitoringEnabled = true + cfg.EnableHTTPMonitoring = false + cfg.EnableHTTP2Monitoring = false + cfg.EnableKafkaMonitoring = false + cfg.EnablePostgresMonitoring = false + cfg.EnableRedisMonitoring = false + cfg.EnableNativeTLSMonitoring = false + cfg.EnableIstioMonitoring = false + cfg.EnableNodeJSMonitoring = false + cfg.EnableGoTLSSupport = false + + return cfg +}