Fix config of datadog for bastion

degica · Feb 29, 2024 · 5fe76af · 5fe76af
1 parent f3c1709
commit 5fe76af
Show file tree

Hide file tree

Showing 2 changed files with 72 additions and 35 deletions.
diff --git a/lib/barcelona/plugins/datadog_plugin.rb b/lib/barcelona/plugins/datadog_plugin.rb
@@ -19,7 +19,7 @@ def on_network_stack_template(_stack, template)
         return template if bastion_lc.nil?
 
         user_data = InstanceUserData.load_or_initialize(bastion_lc["Properties"]["UserData"])
-        add_files!(user_data)
+        add_files!(user_data, has_docker: false)
         user_data.run_commands += [
           agent_command(has_docker: false)
         ]
@@ -56,38 +56,71 @@ def api_key
         attributes["api_key"]
       end
 
-      def add_files!(user_data)
+      def add_files!(user_data, has_docker: true)
         # this seems to be added to the bastion instance as well. "role:app" should probably be "role:bastion" to be accurate
-        user_data.add_file("/etc/datadog-agent/datadog.yaml", "root:root", "000755", <<~DATADOG_YAML)
-          api_key: #{api_key}
-          logs_enabled: true
-          listeners:
-            - name: docker
-          config_providers:
-            - name: docker
-              polling: true
-          logs_config:
-            container_collect_all: true
-          process_config:
-            enabled: 'true'
-          runtime_security_config:
-            enabled: true
-          compliance_config:
-            enabled: true
-          sbom:
-            enabled: true
+        if has_docker
+          user_data.add_file("/etc/datadog-agent/datadog.yaml", "root:root", "000755", <<~DATADOG_YAML)
+            api_key: #{api_key}
+            logs_enabled: true
+            listeners:
+              - name: docker
+            config_providers:
+              - name: docker
+                polling: true
+            logs_config:
+              container_collect_all: true
+            process_config:
+              enabled: 'true'
+            runtime_security_config:
+              enabled: true
+            compliance_config:
+              enabled: true
+            sbom:
+              enabled: true
+              container_image:
+                enabled: true
+              host:
+                enabled: true
             container_image:
               enabled: true
-            host:
+            tags:
+              - barcelona:#{district.name}
+              - barcelona-dd-agent
+              - district:#{district.name}
+              - role:app
+          DATADOG_YAML
+        else
+          user_data.add_file("/etc/datadog-agent/datadog.yaml", "root:root", "000755", <<~DATADOG_YAML)
+            api_key: #{api_key}
+            logs_enabled: true
+            listeners:
+              - name: docker
+            config_providers:
+              - name: docker
+                polling: true
+            logs_config:
+              container_collect_all: false
+            process_config:
+              enabled: 'true'
+            runtime_security_config:
               enabled: true
-          container_image:
-            enabled: true
-          tags:
-            - barcelona:#{district.name}
-            - barcelona-dd-agent
-            - district:#{district.name}
-            - role:app
-        DATADOG_YAML
+            compliance_config:
+              enabled: true
+            sbom:
+              enabled: true
+              container_image:
+                enabled: false
+              host:
+                enabled: true
+            container_image:
+              enabled: false
+            tags:
+              - barcelona:#{district.name}
+              - barcelona-dd-agent
+              - district:#{district.name}
+              - role:app
+          DATADOG_YAML
+        end
 
         user_data.add_file("/etc/datadog-agent/system-probe.yaml", "root:root", "000755", <<~YAML)
           runtime_security_config:
@@ -103,12 +136,14 @@ def add_files!(user_data)
               enabled: true
         YAML
 
-        user_data.add_file("/etc/datadog-agent/conf.d/docker.d/docker_daemon.yaml", "root:root", "000755", <<~YAML)
-          init_config:
-          instances:
-            - url: "unix://var/run/docker.sock"
-              new_tag_names: true
-        YAML
+        if has_docker
+          user_data.add_file("/etc/datadog-agent/conf.d/docker.d/docker_daemon.yaml", "root:root", "000755", <<~YAML)
+            init_config:
+            instances:
+              - url: "unix://var/run/docker.sock"
+                new_tag_names: true
+          YAML
+        end
 
         user_data.add_file("/etc/datadog-agent/conf.d/journal.d/conf.yaml", "root:root", "000755", <<~YAML)
           logs:

diff --git a/spec/lib/barcelona/plugins/datadog_plugin_spec.rb b/spec/lib/barcelona/plugins/datadog_plugin_spec.rb
@@ -74,7 +74,9 @@ module Plugins
             agent_config_hash = YAML.load(agent_config['content'])
             expect(agent_config_hash['api_key']).to eq(api_key)
             expect(agent_config_hash['logs_enabled']).to eq(true)
+            expect(agent_config_hash['logs_config']['container_collect_all']).not_to eq(true)
             expect(agent_config_hash['runtime_security_config']['enabled']).to eq(true)
+            expect(agent_config_hash['container_image']['enabled']).not_to eq(true)
           end
 
           it "installs system-probe config file to bastion servers" do