diff --git a/cmd/system-probe/command/command.go b/cmd/system-probe/command/command.go index 12ca79c4b8d706..bf92151ef6df8a 100644 --- a/cmd/system-probe/command/command.go +++ b/cmd/system-probe/command/command.go @@ -8,6 +8,7 @@ package command import ( "os" + "path/filepath" "slices" "strings" @@ -27,10 +28,27 @@ type GlobalParams struct { // file, to allow overrides from the command line ConfFilePath string + // datadogConfFilePath holds the path to the folder containing the datadog.yaml configuration file + datadogConfFilePath string + // FleetPoliciesDirPath holds the path to the folder containing the fleet policies FleetPoliciesDirPath string } +// DatadogConfFilePath uses a fallback from datadogConfFilePath to ConfFilePath if not specified +func (g GlobalParams) DatadogConfFilePath() string { + confPath := g.datadogConfFilePath + // if no explicit path provided for datadog.yaml, fallback to provided directory of system-probe.yaml + if confPath == "" && g.ConfFilePath != "" { + confPath = g.ConfFilePath + if strings.HasSuffix(confPath, ".yaml") { + // strip filename because it is specifying system-probe.yaml file, not datadog.yaml + confPath = filepath.Dir(confPath) + } + } + return confPath +} + // SubcommandFactory is a callable that will return a slice of subcommands. type SubcommandFactory func(globalParams *GlobalParams) []*cobra.Command @@ -50,6 +68,7 @@ Runtime Security Monitoring, Universal Service Monitoring, and others.`, } sysprobeCmd.PersistentFlags().StringVarP(&globalParams.ConfFilePath, "config", "c", "", "path to directory containing system-probe.yaml") + sysprobeCmd.PersistentFlags().StringVarP(&globalParams.datadogConfFilePath, "datadogcfgpath", "", "", "path to directory containing datadog.yaml") sysprobeCmd.PersistentFlags().StringVarP(&globalParams.FleetPoliciesDirPath, "fleetcfgpath", "", "", "path to the directory containing fleet policies") _ = sysprobeCmd.PersistentFlags().MarkHidden("fleetcfgpath") diff --git a/cmd/system-probe/command/command_unix_test.go b/cmd/system-probe/command/command_unix_test.go new file mode 100644 index 00000000000000..db3bbed91dfbec --- /dev/null +++ b/cmd/system-probe/command/command_unix_test.go @@ -0,0 +1,31 @@ +// Unless explicitly stated otherwise all files in this repository are licensed +// under the Apache License Version 2.0. +// This product includes software developed at Datadog (https://www.datadoghq.com/). +// Copyright 2025-present Datadog, Inc. + +//go:build unix + +package command + +import ( + "testing" + + "github.com/stretchr/testify/assert" +) + +func TestDatadogConfPath(t *testing.T) { + cases := []struct { + params GlobalParams + expected string + }{ + {GlobalParams{}, ""}, + {GlobalParams{ConfFilePath: "/a/b/c"}, "/a/b/c"}, + {GlobalParams{ConfFilePath: "/a/b/c/system-probe.yaml"}, "/a/b/c"}, + {GlobalParams{ConfFilePath: "/a/b/c", datadogConfFilePath: "/x/y"}, "/x/y"}, + {GlobalParams{ConfFilePath: "/a/b/c", datadogConfFilePath: "/x/y/datadog.yaml"}, "/x/y/datadog.yaml"}, + } + + for _, c := range cases { + assert.Equal(t, c.expected, c.params.DatadogConfFilePath(), "%+v", c.params) + } +} diff --git a/cmd/system-probe/command/command_windows_test.go b/cmd/system-probe/command/command_windows_test.go new file mode 100644 index 00000000000000..b1ab0c9add47a1 --- /dev/null +++ b/cmd/system-probe/command/command_windows_test.go @@ -0,0 +1,29 @@ +// Unless explicitly stated otherwise all files in this repository are licensed +// under the Apache License Version 2.0. +// This product includes software developed at Datadog (https://www.datadoghq.com/). +// Copyright 2025-present Datadog, Inc. + +package command + +import ( + "testing" + + "github.com/stretchr/testify/assert" +) + +func TestDatadogConfPath(t *testing.T) { + cases := []struct { + params GlobalParams + expected string + }{ + {GlobalParams{}, ""}, + {GlobalParams{ConfFilePath: "C:\\a\\b\\c"}, "C:\\a\\b\\c"}, + {GlobalParams{ConfFilePath: "C:\\a\\b\\c\\system-probe.yaml"}, "C:\\a\\b\\c"}, + {GlobalParams{ConfFilePath: "C:\\a\\b\\c", datadogConfFilePath: "C:\\x\\y"}, "C:\\x\\y"}, + {GlobalParams{ConfFilePath: "C:\\a\\b\\c", datadogConfFilePath: "C:\\x\\y\\datadog.yaml"}, "C:\\x\\y\\datadog.yaml"}, + } + + for _, c := range cases { + assert.Equal(t, c.expected, c.params.DatadogConfFilePath(), "%+v", c.params) + } +} diff --git a/cmd/system-probe/subcommands/compliance/command.go b/cmd/system-probe/subcommands/compliance/command.go index c4204efa8a7f3d..1f834edb200376 100644 --- a/cmd/system-probe/subcommands/compliance/command.go +++ b/cmd/system-probe/subcommands/compliance/command.go @@ -39,7 +39,7 @@ func Commands(globalParams *command.GlobalParams) []*cobra.Command { } // CheckCommand returns the 'compliance check' command -func CheckCommand(_ *command.GlobalParams) *cobra.Command { +func CheckCommand(globalParams *command.GlobalParams) *cobra.Command { checkArgs := &cli.CheckParams{} cmd := &cobra.Command{ @@ -47,7 +47,7 @@ func CheckCommand(_ *command.GlobalParams) *cobra.Command { Short: "Run compliance check(s)", RunE: func(_ *cobra.Command, args []string) error { bundleParams := core.BundleParams{ - ConfigParams: config.NewAgentParams(""), + ConfigParams: config.NewAgentParams(globalParams.DatadogConfFilePath()), LogParams: log.ForOneShot(command.LoggerName, "info", true), } @@ -73,7 +73,7 @@ func CheckCommand(_ *command.GlobalParams) *cobra.Command { return cmd } -func complianceLoadCommand(_ *command.GlobalParams) *cobra.Command { +func complianceLoadCommand(globalParams *command.GlobalParams) *cobra.Command { loadArgs := &cli.LoadParams{} loadCmd := &cobra.Command{ @@ -85,7 +85,7 @@ func complianceLoadCommand(_ *command.GlobalParams) *cobra.Command { return fxutil.OneShot(cli.RunLoad, fx.Supply(loadArgs), fx.Supply(core.BundleParams{ - ConfigParams: config.NewAgentParams(""), + ConfigParams: config.NewAgentParams(globalParams.DatadogConfFilePath()), LogParams: log.ForOneShot(command.LoggerName, "info", true), }), core.Bundle(), diff --git a/cmd/system-probe/subcommands/config/command.go b/cmd/system-probe/subcommands/config/command.go index 2aa54f2655af9a..8b66b48a709f70 100644 --- a/cmd/system-probe/subcommands/config/command.go +++ b/cmd/system-probe/subcommands/config/command.go @@ -46,7 +46,7 @@ func Commands(globalParams *command.GlobalParams) []*cobra.Command { return fxutil.OneShot(callback, fx.Supply(cliParams), fx.Supply(core.BundleParams{ - ConfigParams: config.NewAgentParams(""), + ConfigParams: config.NewAgentParams(globalParams.DatadogConfFilePath()), SysprobeConfigParams: sysprobeconfigimpl.NewParams(sysprobeconfigimpl.WithSysProbeConfFilePath(globalParams.ConfFilePath), sysprobeconfigimpl.WithFleetPoliciesDirPath(globalParams.FleetPoliciesDirPath)), LogParams: log.ForOneShot(command.LoggerName, "off", true), }), diff --git a/cmd/system-probe/subcommands/coverage/command.go b/cmd/system-probe/subcommands/coverage/command.go index aab0c4aba5b2bc..a93ecfe2e47f93 100644 --- a/cmd/system-probe/subcommands/coverage/command.go +++ b/cmd/system-probe/subcommands/coverage/command.go @@ -46,7 +46,7 @@ func Commands(globalParams *command.GlobalParams) []*cobra.Command { return fxutil.OneShot(requestCoverage, fx.Supply(cliParams), fx.Supply(core.BundleParams{ - ConfigParams: config.NewAgentParams(""), + ConfigParams: config.NewAgentParams(globalParams.DatadogConfFilePath()), SysprobeConfigParams: sysprobeconfigimpl.NewParams(sysprobeconfigimpl.WithSysProbeConfFilePath(globalParams.ConfFilePath), sysprobeconfigimpl.WithFleetPoliciesDirPath(globalParams.FleetPoliciesDirPath)), LogParams: log.ForOneShot(command.LoggerName, "off", false), }), diff --git a/cmd/system-probe/subcommands/debug/command.go b/cmd/system-probe/subcommands/debug/command.go index bfaff557582298..6cae854d27b1ba 100644 --- a/cmd/system-probe/subcommands/debug/command.go +++ b/cmd/system-probe/subcommands/debug/command.go @@ -49,7 +49,7 @@ func Commands(globalParams *command.GlobalParams) []*cobra.Command { return fxutil.OneShot(debugRuntime, fx.Supply(cliParams), fx.Supply(core.BundleParams{ - ConfigParams: config.NewAgentParams(""), + ConfigParams: config.NewAgentParams(globalParams.DatadogConfFilePath()), SysprobeConfigParams: sysprobeconfigimpl.NewParams(sysprobeconfigimpl.WithSysProbeConfFilePath(globalParams.ConfFilePath), sysprobeconfigimpl.WithFleetPoliciesDirPath(globalParams.FleetPoliciesDirPath)), LogParams: log.ForOneShot(command.LoggerName, "off", false), }), diff --git a/cmd/system-probe/subcommands/modrestart/command.go b/cmd/system-probe/subcommands/modrestart/command.go index e62625c58e78eb..480454c46482bd 100644 --- a/cmd/system-probe/subcommands/modrestart/command.go +++ b/cmd/system-probe/subcommands/modrestart/command.go @@ -46,7 +46,7 @@ func Commands(globalParams *command.GlobalParams) []*cobra.Command { return fxutil.OneShot(moduleRestart, fx.Supply(cliParams), fx.Supply(core.BundleParams{ - ConfigParams: config.NewAgentParams(""), + ConfigParams: config.NewAgentParams(globalParams.DatadogConfFilePath()), SysprobeConfigParams: sysprobeconfigimpl.NewParams(sysprobeconfigimpl.WithSysProbeConfFilePath(globalParams.ConfFilePath), sysprobeconfigimpl.WithFleetPoliciesDirPath(globalParams.FleetPoliciesDirPath)), LogParams: log.ForOneShot(command.LoggerName, "off", false), }), diff --git a/cmd/system-probe/subcommands/run/command.go b/cmd/system-probe/subcommands/run/command.go index a30d5bc9088050..8af4bbbd39f3f3 100644 --- a/cmd/system-probe/subcommands/run/command.go +++ b/cmd/system-probe/subcommands/run/command.go @@ -99,7 +99,7 @@ func Commands(globalParams *command.GlobalParams) []*cobra.Command { Long: `Runs the system-probe in the foreground`, RunE: func(_ *cobra.Command, _ []string) error { return fxutil.OneShot(run, - fx.Supply(config.NewAgentParams("")), + fx.Supply(config.NewAgentParams(globalParams.DatadogConfFilePath())), // Force FX to load Datadog configuration before System Probe config. // This is necessary because the 'software_inventory.enabled' setting is defined in the Datadog configuration. // Without this explicit dependency, FX might initialize System Probe's config first, causing pkgconfigsetup.Datadog().GetBool() diff --git a/cmd/system-probe/subcommands/runtime/activity_dump.go b/cmd/system-probe/subcommands/runtime/activity_dump.go index e3ad45c557263c..7f5af398230881 100644 --- a/cmd/system-probe/subcommands/runtime/activity_dump.go +++ b/cmd/system-probe/subcommands/runtime/activity_dump.go @@ -62,14 +62,14 @@ func activityDumpCommands(globalParams *command.GlobalParams) []*cobra.Command { return []*cobra.Command{activityDumpCmd} } -func listCommands(_ *command.GlobalParams) []*cobra.Command { +func listCommands(globalParams *command.GlobalParams) []*cobra.Command { activityDumpListCmd := &cobra.Command{ Use: "list", Short: "get the list of running activity dumps", RunE: func(_ *cobra.Command, _ []string) error { return fxutil.OneShot(listActivityDumps, fx.Supply(core.BundleParams{ - ConfigParams: config.NewAgentParams(""), + ConfigParams: config.NewAgentParams(globalParams.DatadogConfFilePath()), LogParams: log.ForOneShot(command.LoggerName, "info", true)}), core.Bundle(), secretsnoopfx.Module(), @@ -92,7 +92,7 @@ func stopCommands(globalParams *command.GlobalParams) []*cobra.Command { return fxutil.OneShot(stopActivityDump, fx.Supply(cliParams), fx.Supply(core.BundleParams{ - ConfigParams: config.NewAgentParams(""), + ConfigParams: config.NewAgentParams(globalParams.DatadogConfFilePath()), LogParams: log.ForOneShot(command.LoggerName, "info", true)}), core.Bundle(), secretsnoopfx.Module(), @@ -145,7 +145,7 @@ func generateDumpCommands(globalParams *command.GlobalParams) []*cobra.Command { return fxutil.OneShot(generateActivityDump, fx.Supply(cliParams), fx.Supply(core.BundleParams{ - ConfigParams: config.NewAgentParams(""), + ConfigParams: config.NewAgentParams(globalParams.DatadogConfFilePath()), LogParams: log.ForOneShot(command.LoggerName, "info", true)}), core.Bundle(), secretsnoopfx.Module(), @@ -223,7 +223,7 @@ func generateEncodingCommands(globalParams *command.GlobalParams) []*cobra.Comma return fxutil.OneShot(generateEncodingFromActivityDump, fx.Supply(cliParams), fx.Supply(core.BundleParams{ - ConfigParams: config.NewAgentParams(""), + ConfigParams: config.NewAgentParams(globalParams.DatadogConfFilePath()), LogParams: log.ForOneShot(command.LoggerName, "info", true)}), core.Bundle(), secretsnoopfx.Module(), @@ -284,7 +284,7 @@ func diffCommands(globalParams *command.GlobalParams) []*cobra.Command { return fxutil.OneShot(diffActivityDump, fx.Supply(cliParams), fx.Supply(core.BundleParams{ - ConfigParams: config.NewAgentParams(""), + ConfigParams: config.NewAgentParams(globalParams.DatadogConfFilePath()), LogParams: log.ForOneShot(command.LoggerName, "info", true)}), core.Bundle(), secretsnoopfx.Module(), diff --git a/cmd/system-probe/subcommands/runtime/command.go b/cmd/system-probe/subcommands/runtime/command.go index 3930d5d35367f4..0597923e79274a 100644 --- a/cmd/system-probe/subcommands/runtime/command.go +++ b/cmd/system-probe/subcommands/runtime/command.go @@ -85,7 +85,7 @@ func evalCommands(globalParams *command.GlobalParams) []*cobra.Command { return fxutil.OneShot(evalRule, fx.Supply(evalArgs), fx.Supply(core.BundleParams{ - ConfigParams: config.NewAgentParams(""), + ConfigParams: config.NewAgentParams(globalParams.DatadogConfFilePath()), LogParams: log.ForOneShot(command.LoggerName, "off", false)}), core.Bundle(), secretsnoopfx.Module(), @@ -118,7 +118,7 @@ func commonCheckPoliciesCommands(globalParams *command.GlobalParams) []*cobra.Co return fxutil.OneShot(checkPolicies, fx.Supply(cliParams), fx.Supply(core.BundleParams{ - ConfigParams: config.NewAgentParams(""), + ConfigParams: config.NewAgentParams(globalParams.DatadogConfFilePath()), LogParams: log.ForOneShot(command.LoggerName, "off", false)}), core.Bundle(), secretsnoopfx.Module(), @@ -135,14 +135,14 @@ func commonCheckPoliciesCommands(globalParams *command.GlobalParams) []*cobra.Co return []*cobra.Command{commonCheckPoliciesCmd} } -func commonReloadPoliciesCommands(_ *command.GlobalParams) []*cobra.Command { +func commonReloadPoliciesCommands(globalParams *command.GlobalParams) []*cobra.Command { commonReloadPoliciesCmd := &cobra.Command{ Use: "reload", Short: "Reload policies", RunE: func(_ *cobra.Command, _ []string) error { return fxutil.OneShot(reloadRuntimePolicies, fx.Supply(core.BundleParams{ - ConfigParams: config.NewAgentParams(""), + ConfigParams: config.NewAgentParams(globalParams.DatadogConfFilePath()), LogParams: log.ForOneShot(command.LoggerName, "info", true)}), core.Bundle(), secretsnoopfx.Module(), @@ -153,14 +153,14 @@ func commonReloadPoliciesCommands(_ *command.GlobalParams) []*cobra.Command { } // nolint: deadcode, unused -func selfTestCommands(_ *command.GlobalParams) []*cobra.Command { +func selfTestCommands(globalParams *command.GlobalParams) []*cobra.Command { selfTestCmd := &cobra.Command{ Use: "self-test", Short: "Run runtime self test", RunE: func(_ *cobra.Command, _ []string) error { return fxutil.OneShot(runRuntimeSelfTest, fx.Supply(core.BundleParams{ - ConfigParams: config.NewAgentParams(""), + ConfigParams: config.NewAgentParams(globalParams.DatadogConfFilePath()), LogParams: log.ForOneShot(command.LoggerName, "info", true)}), core.Bundle(), secretsnoopfx.Module(), @@ -191,7 +191,7 @@ func downloadPolicyCommands(globalParams *command.GlobalParams) []*cobra.Command return fxutil.OneShot(downloadPolicy, fx.Supply(downloadPolicyArgs), fx.Supply(core.BundleParams{ - ConfigParams: config.NewAgentParams(globalParams.ConfFilePath), + ConfigParams: config.NewAgentParams(globalParams.DatadogConfFilePath()), LogParams: log.ForOneShot(command.LoggerName, "off", false)}), core.Bundle(), secretsnoopfx.Module(), @@ -227,7 +227,7 @@ func processCacheCommands(globalParams *command.GlobalParams) []*cobra.Command { return fxutil.OneShot(dumpProcessCache, fx.Supply(cliParams), fx.Supply(core.BundleParams{ - ConfigParams: config.NewAgentParams(""), + ConfigParams: config.NewAgentParams(globalParams.DatadogConfFilePath()), LogParams: log.ForOneShot(command.LoggerName, "info", true)}), core.Bundle(), secretsnoopfx.Module(), @@ -266,7 +266,7 @@ func networkNamespaceCommands(globalParams *command.GlobalParams) []*cobra.Comma return fxutil.OneShot(dumpNetworkNamespace, fx.Supply(cliParams), fx.Supply(core.BundleParams{ - ConfigParams: config.NewAgentParams(""), + ConfigParams: config.NewAgentParams(globalParams.DatadogConfFilePath()), LogParams: log.ForOneShot(command.LoggerName, "info", true)}), core.Bundle(), secretsnoopfx.Module(), @@ -285,7 +285,7 @@ func networkNamespaceCommands(globalParams *command.GlobalParams) []*cobra.Comma } //nolint:unused // TODO(SEC) Fix unused linter -func discardersCommands(_ *command.GlobalParams) []*cobra.Command { +func discardersCommands(globalParams *command.GlobalParams) []*cobra.Command { dumpDiscardersCmd := &cobra.Command{ Use: "dump", @@ -293,7 +293,7 @@ func discardersCommands(_ *command.GlobalParams) []*cobra.Command { RunE: func(_ *cobra.Command, _ []string) error { return fxutil.OneShot(dumpDiscarders, fx.Supply(core.BundleParams{ - ConfigParams: config.NewAgentParams(""), + ConfigParams: config.NewAgentParams(globalParams.DatadogConfFilePath()), LogParams: log.ForOneShot(command.LoggerName, "info", true)}), core.Bundle(), secretsnoopfx.Module(), diff --git a/cmd/system-probe/subcommands/runtime/security_profile.go b/cmd/system-probe/subcommands/runtime/security_profile.go index f135d97d4b7104..ee63ce33744243 100644 --- a/cmd/system-probe/subcommands/runtime/security_profile.go +++ b/cmd/system-probe/subcommands/runtime/security_profile.go @@ -61,7 +61,7 @@ func securityProfileShowCommands(globalParams *command.GlobalParams) []*cobra.Co return fxutil.OneShot(showSecurityProfile, fx.Supply(cliParams), fx.Supply(core.BundleParams{ - ConfigParams: config.NewAgentParams(""), + ConfigParams: config.NewAgentParams(globalParams.DatadogConfFilePath()), LogParams: log.ForOneShot(command.LoggerName, "info", true)}), core.Bundle(), secretsnoopfx.Module(), @@ -107,7 +107,7 @@ func listSecurityProfileCommands(globalParams *command.GlobalParams) []*cobra.Co return fxutil.OneShot(listSecurityProfiles, fx.Supply(cliParams), fx.Supply(core.BundleParams{ - ConfigParams: config.NewAgentParams(""), + ConfigParams: config.NewAgentParams(globalParams.DatadogConfFilePath()), LogParams: log.ForOneShot(command.LoggerName, "info", true)}), core.Bundle(), secretsnoopfx.Module(), @@ -221,7 +221,7 @@ func saveSecurityProfileCommands(globalParams *command.GlobalParams) []*cobra.Co return fxutil.OneShot(saveSecurityProfile, fx.Supply(cliParams), fx.Supply(core.BundleParams{ - ConfigParams: config.NewAgentParams(""), + ConfigParams: config.NewAgentParams(globalParams.DatadogConfFilePath()), LogParams: log.ForOneShot(command.LoggerName, "info", true)}), core.Bundle(), secretsnoopfx.Module(), diff --git a/cmd/system-probe/subcommands/usm/shared.go b/cmd/system-probe/subcommands/usm/shared.go index 783ec4ba92c4a0..80bb822d5ffd45 100644 --- a/cmd/system-probe/subcommands/usm/shared.go +++ b/cmd/system-probe/subcommands/usm/shared.go @@ -33,7 +33,7 @@ func makeOneShotCommand( runFunc, fx.Supply(globalParams), fx.Supply(core.BundleParams{ - ConfigParams: config.NewAgentParams(""), + ConfigParams: config.NewAgentParams(globalParams.DatadogConfFilePath()), SysprobeConfigParams: sysconfigimpl.NewParams( sysconfigimpl.WithSysProbeConfFilePath(globalParams.ConfFilePath), sysconfigimpl.WithFleetPoliciesDirPath(globalParams.FleetPoliciesDirPath)), diff --git a/releasenotes/notes/sysprobe-datadog-cfg-path-728640a48d0359a9.yaml b/releasenotes/notes/sysprobe-datadog-cfg-path-728640a48d0359a9.yaml new file mode 100644 index 00000000000000..ca49491e5ce319 --- /dev/null +++ b/releasenotes/notes/sysprobe-datadog-cfg-path-728640a48d0359a9.yaml @@ -0,0 +1,6 @@ +--- +upgrade: + - | + system-probe will now attempt to read `datadog.yaml` from the same directory as `system-probe.yaml`. + Previously, system-probe would always use the default configuration directory to read `datadog.yaml`. + If you need to specify a different directory for `datadog.yaml`, you may use the `--datadogcfgpath` CLI argument to system-probe.