class TestE2EKubernetes(unittest.TestCase): namespace = "default" in_cluster = False def setUp(self): warnings.simplefilter("ignore", category=ResourceWarning) warnings.simplefilter("ignore", category=UserWarning) warnings.simplefilter("ignore", category=DeprecationWarning) self.rule_id = None self.policies = None self.App = App() self.kubernetes_helper = KubernetesHelper(namespace=self.namespace, in_cluster=self.in_cluster) self.policy_loader = PolicyLoader() def tearDown(self): if self.rule_id: self.App.delete_rule(self.rule_id) if self.policies: os.remove(self.policies) def test_open_signal(self): print("") dir = tempfile.TemporaryDirectory(prefix="e2e-temp-folder") dirname = dir.name filename = f"{dirname}/secret" test_id = str(uuid.uuid4())[:4] desc = f"e2e test rule {test_id}" data = None with Step(msg=f"check rule({test_id}) creation", emoji=":straight_ruler:"): self.rule_id = self.App.create_cws_rule( desc, "rule for e2e testing", f"e2e_{test_id}", f'open.file.path == "{filename}"', ) with Step(msg="check policies download", emoji=":file_folder:"): self.policies = self.App.download_policies() data = self.policy_loader.load(self.policies) self.assertIsNotNone(data, msg="unable to load policy") with Step(msg="check rule presence in policies", emoji=":bullseye:"): rule = self.policy_loader.get_rule_by_desc(desc) self.assertIsNotNone(rule, msg="unable to find e2e rule") with Step(msg="select pod", emoji=":man_running:"): self.kubernetes_helper.select_pod_name("app=datadog-agent") with Step(msg="check security-agent start", emoji=":customs:"): wait_agent_log("security-agent", self.kubernetes_helper, SECURITY_START_LOG) with Step(msg="check system-probe start", emoji=":customs:"): wait_agent_log("system-probe", self.kubernetes_helper, SYS_PROBE_START_LOG) with Step(msg="wait for host tags(~2m)", emoji=":alarm_clock:"): time.sleep(3 * 60) with Step(msg="upload policies", emoji=":down_arrow:"): self.kubernetes_helper.cp_to_agent( "system-probe", self.policies, "/tmp/runtime-security.d/default.policy") with Step(msg="restart system-probe", emoji=":rocket:"): self.kubernetes_helper.kill_agent("system-probe", "-HUP") time.sleep(60) with Step(msg="check agent event", emoji=":check_mark_button:"): os.system(f"touch {filename}") rule_id = rule["id"] wait_agent_log( "system-probe", self.kubernetes_helper, f"Sending event message for rule `{rule_id}`", ) with Step(msg="check app event", emoji=":chart_increasing_with_yen:"): rule_id = rule["id"] event = self.App.wait_app_log(f"rule_id:{rule_id}") attributes = event["data"][0]["attributes"] self.assertIn("tag1", attributes["tags"], "unable to find tag") self.assertIn("tag2", attributes["tags"], "unable to find tag") with Step(msg="check app signal", emoji=":1st_place_medal:"): rule_id = rule["id"] tag = f"rule_id:{rule_id}" signal = self.App.wait_app_signal(tag) attributes = signal["data"][0]["attributes"] self.assertIn(tag, attributes["tags"], "unable to find rule_id tag") self.assertEqual( rule["id"], attributes["attributes"]["agent"]["rule_id"], "unable to find rule_id tag attribute", ) print(emoji.emojize(":heart_on_fire:"), flush=True)
class TestE2EDocker(unittest.TestCase): def setUp(self): warnings.simplefilter("ignore", category=ResourceWarning) warnings.simplefilter("ignore", category=UserWarning) self.rule_id = None self.policies = None self.App = App() self.docker_helper = DockerHelper() self.policy_loader = PolicyLoader() def tearDown(self): if self.rule_id: self.App.delete_rule(self.rule_id) if self.policies: os.remove(self.policies) self.docker_helper.close() def test_open_signal(self): print("") dir = tempfile.TemporaryDirectory(prefix="e2e-temp-folder") dirname = dir.name filename = f"{dirname}/secret" test_id = str(uuid.uuid4())[:4] desc = f"e2e test rule {test_id}" data = None with Step(msg=f"check rule({test_id}) creation", emoji=":straight_ruler:"): self.rule_id = self.App.create_cws_rule( desc, "rule for e2e testing", f"e2e_{test_id}", f'open.file.path == "{filename}"', ) with Step(msg="check policies download", emoji=":file_folder:"): self.policies = self.App.download_policies() data = self.policy_loader.load(self.policies) self.assertIsNotNone(data, msg="unable to load policy") with Step(msg="check rule presence in policies", emoji=":bullseye:"): rule = self.policy_loader.get_rule_by_desc(desc) self.assertIsNotNone(rule, msg="unable to find e2e rule") with Step(msg="check agent start", emoji=":man_running:"): image = os.getenv("DD_AGENT_IMAGE") hostname = f"host_{test_id}" self.datadog_agent_config = gen_datadog_agent_config( hostname=hostname, log_level="DEBUG", tags=["tag1", "tag2"]) self.system_probe_config = gen_system_probe_config( log_level="TRACE", log_patterns=["module.APIServer.*"]) self.container = self.docker_helper.start_agent( image, self.policies, datadog_agent_config=self.datadog_agent_config, system_probe_config=self.system_probe_config, ) self.assertIsNotNone(self.container, msg="unable to start container") self.docker_helper.wait_agent_container() wait_agent_log("security-agent", self.docker_helper, SECURITY_START_LOG) wait_agent_log("system-probe", self.docker_helper, SYS_PROBE_START_LOG) with Step(msg="wait for host tags(~2m)", emoji=":alarm_clock:"): time.sleep(3 * 60) with Step(msg="check agent event", emoji=":check_mark_button:"): os.system(f"touch {filename}") rule_id = rule["id"] wait_agent_log( "system-probe", self.docker_helper, f"Sending event message for rule `{rule_id}`", ) with Step(msg="check app event", emoji=":chart_increasing_with_yen:"): rule_id = rule["id"] event = self.App.wait_app_log(f"rule_id:{rule_id}") attributes = event["data"][0]["attributes"] self.assertIn("tag1", attributes["tags"], "unable to find tag") self.assertIn("tag2", attributes["tags"], "unable to find tag") with Step(msg="check app signal", emoji=":1st_place_medal:"): rule_id = rule["id"] tag = f"rule_id:{rule_id}" signal = self.App.wait_app_signal(tag) attributes = signal["data"][0]["attributes"] self.assertIn(tag, attributes["tags"], "unable to find rule_id tag") self.assertEqual( rule["id"], attributes["attributes"]["agent"]["rule_id"], "unable to find rule_id tag attribute", )