Merge pull request #22 from sysdiglabs/feature_fixes

fix: Update feature parsing for app checks and secure_light
sysdiglabs · May 25, 2023 · c149084 · c149084
2 parents c28b377 + 1c401bf
commit c149084
Show file tree

Hide file tree

Showing 2 changed files with 50 additions and 9 deletions.
diff --git a/filter_plugins/dragent.py b/filter_plugins/dragent.py
@@ -162,15 +162,15 @@ def __init__(self, config):
                                           features=config["features"].get("monitoring", {}))
 
     def generate(self) -> dict:
+        ret = self._get_config(["app_checks", "jmx", "prometheus", "statsd"])
         if not self.config.is_enabled():
-            ret = {"app_checks_enabled": False}
             ret.update({feature: {"enabled": False} for feature in [
+                "app_checks",
                 "jmx",
                 "prometheus",
                 "statsd"
             ]})
-            return ret
-        return self._get_config(["app_checks", "jmx", "prometheus", "statsd"])
+        return ret
 
 
 class DragentSecureSettings(DragentSettings):
@@ -180,17 +180,30 @@ def __init__(self, config):
                                          features=config["features"].get("security", {}))
 
     def generate(self) -> dict:
+        disabled_features = []
         if not self.config.is_enabled():
-            return {feature: {"enabled": False} for feature in [
+            disabled_features.extend([
                 "commandlines_capture",
                 "drift_control",
                 "drift_killer",
                 "falcobaseline",
                 "memdump",
+                "network_topology",
                 "secure_audit_streams"
-            ]}
-        return self._get_config(["commandlines_capture", "drift_detection",
-                                 "falcobaseline", "memdumper", "secure_audit_streams"])
+            ])
+        if self.config.type() == "light":
+            disabled_features.extend([
+                "drift_control",
+                "drift_killer",
+                "falcobaseline",
+                "memdump",
+                "network_topology"
+            ])
+
+        res = self._get_config(["commandlines_capture", "drift_detection",
+                                "falcobaseline", "memdumper", "secure_audit_streams"])
+        res.update({feature: {"enabled": False} for feature in disabled_features})
+        return res
 
 
 class DragentExtraSettings(DragentSettings):
@@ -217,11 +230,30 @@ def __init__(self, config: dict):
             DragentExtraSettings(config=config)
         ]
 
+    @staticmethod
+    def _patch_configuration(config: dict) -> dict:
+        if not config.get("app_checks"):
+            return config
+
+        if "enabled" in config["app_checks"]:
+            config.update({"app_checks_enabled": config["app_checks"]["enabled"]})
+
+            if not config["app_checks"]["enabled"]:
+                del config["app_checks"]
+            else:
+                del config["app_checks"]["enabled"]
+
+        if config.get("app_checks", {}).get("applications"):
+            config["app_checks"] = config["app_checks"]["applications"]
+
+        return config
+
     def generate(self) -> dict:
         ret = {}
         for config_type in self._config_types:
             ret.update(config_type.generate())
-        return ret
+
+        return self._patch_configuration(ret)
 
 
 def to_dragent_configuration(data):

diff --git a/meta/argument_specs.yml b/meta/argument_specs.yml
@@ -131,6 +131,15 @@ argument_specs:
                 type: dict
                 required: false
                 description: "Legacy Sysdig App Check configuration."
+                options:
+                  enabled:
+                    type: bool
+                    required: false
+                    description: "Enable or disable legacy App Checks"
+                  applications:
+                    type: list
+                    required: false
+                    description: "Configurations for App Check modules"
               jmx:
                 type: dict
                 required: false
@@ -164,7 +173,7 @@ argument_specs:
                 type: dict
                 required: false
                 description: "Sysdig Secure Falco Baseliner configuration"
-              memdumper:
+              memdump:
                 type: dict
                 required: false
                 description: "Sysdig Secure Memdumper configuration"