[CSPM] Disabling host benchmarks should be propagated to the agent

DataDog · Jul 8, 2024 · 3477a3d · 3477a3d
1 parent 4c1f839
commit 3477a3d
Show file tree

Hide file tree

Showing 2 changed files with 9 additions and 6 deletions.
diff --git a/controllers/datadogagent/feature/cspm/feature.go b/controllers/datadogagent/feature/cspm/feature.go
@@ -383,13 +383,11 @@ func (f *cspmFeature) ManageNodeAgent(managers feature.PodTemplateManagers, prov
 		managers.EnvVar().AddEnvVarToContainer(apicommonv1.SecurityAgentContainerName, intervalEnvVar)
 	}
 
-	if f.hostBenchmarksEnabled {
-		hostBenchmarksEnabledEnvVar := &corev1.EnvVar{
-			Name:  apicommon.DDComplianceHostBenchmarksEnabled,
-			Value: apiutils.BoolToString(&f.hostBenchmarksEnabled),
-		}
-		managers.EnvVar().AddEnvVarToContainer(apicommonv1.SecurityAgentContainerName, hostBenchmarksEnabledEnvVar)
+	hostBenchmarksEnabledEnvVar := &corev1.EnvVar{
+		Name:  apicommon.DDComplianceHostBenchmarksEnabled,
+		Value: apiutils.BoolToString(&f.hostBenchmarksEnabled),
 	}
+	managers.EnvVar().AddEnvVarToContainer(apicommonv1.SecurityAgentContainerName, hostBenchmarksEnabledEnvVar)
 
 	return nil
 }

diff --git a/controllers/datadogagent/feature/cspm/feature_test.go b/controllers/datadogagent/feature/cspm/feature_test.go
@@ -213,6 +213,11 @@ func cspmAgentNodeWantFunc(useDDAV2 bool) *test.ComponentTest {
 					Name:  apicommon.DDComplianceHostBenchmarksEnabled,
 					Value: "true",
 				})
+			} else {
+				want = append(want, &corev1.EnvVar{
+					Name:  apicommon.DDComplianceHostBenchmarksEnabled,
+					Value: "false",
+				})
 			}
 			securityAgentEnvVars := mgr.EnvVarMgr.EnvVarsByC[apicommonv1.SecurityAgentContainerName]
 			assert.True(t, apiutils.IsEqualStruct(securityAgentEnvVars, want), "Agent envvars \ndiff = %s", cmp.Diff(securityAgentEnvVars, want))