Remove app protect agent (#3646)

* Setup AppProtect logLevel --------- Co-authored-by: Venktesh Shivam Patel <[email protected]>
nginx · Mar 20, 2023 · cc61703 · cc61703
1 parent a2ad492
commit cc61703
Show file tree

Hide file tree

Showing 3 changed files with 10 additions and 54 deletions.
diff --git a/cmd/nginx-ingress/main.go b/cmd/nginx-ingress/main.go
@@ -75,7 +75,7 @@ func main() {
 
 	templateExecutor, templateExecutorV2 := createTemplateExecutors()
 
-	aPPluginDone, aPAgentDone, aPPDosAgentDone := startApAgentsAndPlugins(nginxManager)
+	aPPluginDone, aPPDosAgentDone := startApAgentsAndPlugins(nginxManager)
 
 	sslRejectHandshake := processDefaultServerSecret(kubeClient, nginxManager)
 
@@ -185,7 +185,7 @@ func main() {
 	}
 
 	if *appProtect || *appProtectDos {
-		go handleTerminationWithAppProtect(lbc, nginxManager, syslogListener, nginxDone, aPAgentDone, aPPluginDone, aPPDosAgentDone, *appProtect, *appProtectDos)
+		go handleTerminationWithAppProtect(lbc, nginxManager, syslogListener, nginxDone, aPPluginDone, aPPDosAgentDone, *appProtect, *appProtectDos)
 	} else {
 		go handleTermination(lbc, nginxManager, syslogListener, nginxDone)
 	}
@@ -387,16 +387,12 @@ func getNginxVersionInfo(nginxManager nginx.Manager) string {
 	return nginxVersion
 }
 
-func startApAgentsAndPlugins(nginxManager nginx.Manager) (chan error, chan error, chan error) {
+func startApAgentsAndPlugins(nginxManager nginx.Manager) (chan error, chan error) {
 	var aPPluginDone chan error
-	var aPAgentDone chan error
 
 	if *appProtect {
 		aPPluginDone = make(chan error, 1)
-		aPAgentDone = make(chan error, 1)
-
-		nginxManager.AppProtectAgentStart(aPAgentDone, *appProtectLogLevel)
-		nginxManager.AppProtectPluginStart(aPPluginDone)
+		nginxManager.AppProtectPluginStart(aPPluginDone, *appProtectLogLevel)
 	}
 
 	var aPPDosAgentDone chan error
@@ -405,7 +401,7 @@ func startApAgentsAndPlugins(nginxManager nginx.Manager) (chan error, chan error
 		aPPDosAgentDone = make(chan error, 1)
 		nginxManager.AppProtectDosAgentStart(aPPDosAgentDone, *appProtectDosDebug, *appProtectDosMaxDaemons, *appProtectDosMaxWorkers, *appProtectDosMemory)
 	}
-	return aPPluginDone, aPAgentDone, aPPDosAgentDone
+	return aPPluginDone, aPPDosAgentDone
 }
 
 func processDefaultServerSecret(kubeClient *kubernetes.Clientset, nginxManager nginx.Manager) bool {
@@ -548,7 +544,7 @@ func getAndValidateSecret(kubeClient *kubernetes.Clientset, secretNsName string)
 	return secret, nil
 }
 
-func handleTerminationWithAppProtect(lbc *k8s.LoadBalancerController, nginxManager nginx.Manager, listener metrics.SyslogListener, nginxDone, agentDone, pluginDone, agentDosDone chan error, appProtectEnabled, appProtectDosEnabled bool) {
+func handleTerminationWithAppProtect(lbc *k8s.LoadBalancerController, nginxManager nginx.Manager, listener metrics.SyslogListener, nginxDone, pluginDone, agentDosDone chan error, appProtectEnabled, appProtectDosEnabled bool) {
 	signalChan := make(chan os.Signal, 1)
 	signal.Notify(signalChan, syscall.SIGTERM)
 
@@ -557,8 +553,6 @@ func handleTerminationWithAppProtect(lbc *k8s.LoadBalancerController, nginxManag
 		glog.Fatalf("nginx command exited unexpectedly with status: %v", err)
 	case err := <-pluginDone:
 		glog.Fatalf("AppProtectPlugin command exited unexpectedly with status: %v", err)
-	case err := <-agentDone:
-		glog.Fatalf("AppProtectAgent command exited unexpectedly with status: %v", err)
 	case err := <-agentDosDone:
 		glog.Fatalf("AppProtectDosAgent command exited unexpectedly with status: %v", err)
 	case <-signalChan:
@@ -569,8 +563,6 @@ func handleTerminationWithAppProtect(lbc *k8s.LoadBalancerController, nginxManag
 		if appProtectEnabled {
 			nginxManager.AppProtectPluginQuit()
 			<-pluginDone
-			nginxManager.AppProtectAgentQuit()
-			<-agentDone
 		}
 		if appProtectDosEnabled {
 			nginxManager.AppProtectDosAgentQuit()

diff --git a/internal/nginx/fake_manager.go b/internal/nginx/fake_manager.go
@@ -150,18 +150,8 @@ func (*FakeManager) CreateOpenTracingTracerConfig(_ string) error {
 func (*FakeManager) SetOpenTracing(_ bool) {
 }
 
-// AppProtectAgentStart is a fake implementation of AppProtectAgentStart
-func (*FakeManager) AppProtectAgentStart(_ chan error, _ string) {
-	glog.V(3).Infof("Starting FakeAppProtectAgent")
-}
-
-// AppProtectAgentQuit is a fake implementation AppProtectAgentQuit
-func (*FakeManager) AppProtectAgentQuit() {
-	glog.V(3).Infof("Quitting FakeAppProtectAgent")
-}
-
 // AppProtectPluginStart is a fake implementation AppProtectPluginStart
-func (*FakeManager) AppProtectPluginStart(_ chan error) {
+func (*FakeManager) AppProtectPluginStart(_ chan error, _ string) {
 	glog.V(3).Infof("Starting FakeAppProtectPlugin")
 }
 

diff --git a/internal/nginx/manager.go b/internal/nginx/manager.go
@@ -35,7 +35,6 @@ const (
 	nginxBinaryPathDebug         = "/usr/sbin/nginx-debug"
 
 	appProtectPluginStartCmd = "/usr/share/ts/bin/bd-socket-plugin"
-	appProtectAgentStartCmd  = "/opt/app_protect/bin/bd_agent"
 	appProtectLogLevelCmd    = "/opt/app_protect/bin/set_log_level"
 
 	// appPluginParams is the configuration of App-Protect plugin
@@ -80,9 +79,7 @@ type Manager interface {
 	UpdateServersInPlus(upstream string, servers []string, config ServerConfig) error
 	UpdateStreamServersInPlus(upstream string, servers []string) error
 	SetOpenTracing(openTracing bool)
-	AppProtectAgentStart(apaDone chan error, logLevel string)
-	AppProtectAgentQuit()
-	AppProtectPluginStart(appDone chan error)
+	AppProtectPluginStart(appDone chan error, logLevel string)
 	AppProtectPluginQuit()
 	AppProtectDosAgentStart(apdaDone chan error, debug bool, maxDaemon int, maxWorkers int, memory int)
 	AppProtectDosAgentQuit()
@@ -107,7 +104,6 @@ type LocalManager struct {
 	metricsCollector             collectors.ManagerCollector
 	OpenTracing                  bool
 	appProtectPluginPid          int
-	appProtectAgentPid           int
 	appProtectDosAgentPid        int
 }
 
@@ -462,37 +458,15 @@ func (lm *LocalManager) SetOpenTracing(openTracing bool) {
 	lm.OpenTracing = openTracing
 }
 
-// AppProtectAgentStart starts the AppProtect agent
-func (lm *LocalManager) AppProtectAgentStart(apaDone chan error, logLevel string) {
+// AppProtectPluginStart starts the AppProtect plugin and sets AppProtect log level.
+func (lm *LocalManager) AppProtectPluginStart(appDone chan error, logLevel string) {
 	glog.V(3).Info("Setting log level for App Protect - ", logLevel)
 	appProtectLogLevelCmdfull := fmt.Sprintf("%v %v", appProtectLogLevelCmd, logLevel)
 	logLevelCmd := exec.Command("sh", "-c", appProtectLogLevelCmdfull) // #nosec G204
 	if err := logLevelCmd.Run(); err != nil {
 		glog.Fatalf("Failed to set log level for AppProtect: %v", err)
 	}
 
-	glog.V(3).Info("Starting AppProtect Agent")
-	cmd := exec.Command(appProtectAgentStartCmd)
-	if err := cmd.Start(); err != nil {
-		glog.Fatalf("Failed to start AppProtect Agent: %v", err)
-	}
-	lm.appProtectAgentPid = cmd.Process.Pid
-	go func() {
-		apaDone <- cmd.Wait()
-	}()
-}
-
-// AppProtectAgentQuit gracefully ends AppProtect Agent.
-func (lm *LocalManager) AppProtectAgentQuit() {
-	glog.V(3).Info("Quitting AppProtect Agent")
-	killcmd := fmt.Sprintf("kill %d", lm.appProtectAgentPid)
-	if err := shellOut(killcmd); err != nil {
-		glog.Fatalf("Failed to quit AppProtect Agent: %v", err)
-	}
-}
-
-// AppProtectPluginStart starts the AppProtect plugin.
-func (lm *LocalManager) AppProtectPluginStart(appDone chan error) {
 	glog.V(3).Info("Starting AppProtect Plugin")
 	startupParams := strings.Fields(appPluginParams)
 	cmd := exec.Command(appProtectPluginStartCmd, startupParams...)