[DatadogAgent][Flare] Additional environment variables and RBAC to pe…

…rmit user manifests retrieval (#1477) * Inject DCA, node Agent and DDA names in DCA * Add DCA RBAC to query dd CR * Add utils test * Change datadog_agent_cr_name to datadogagent_cr_name
DataDog · Nov 6, 2024 · ae0c0ff · ae0c0ff
1 parent 7c7d028
commit ae0c0ff
Show file tree

Hide file tree

Showing 6 changed files with 153 additions and 0 deletions.
diff --git a/internal/controller/datadogagent/feature/enabledefault/const.go b/internal/controller/datadogagent/feature/enabledefault/const.go
@@ -0,0 +1,12 @@
+// Unless explicitly stated otherwise all files in this repository are licensed
+// under the Apache License Version 2.0.
+// This product includes software developed at Datadog (https://www.datadoghq.com/).
+// Copyright 2016-present Datadog, Inc.
+
+package enabledefault
+
+const (
+	DDAgentDaemonSet             = "AGENT_DAEMONSET"
+	DDClusterAgentDeployment     = "CLUSTER_AGENT_DEPLOYMENT"
+	DDDatadogAgentCustomResource = "DATADOGAGENT_CR_NAME"
+)
diff --git a/internal/controller/datadogagent/feature/enabledefault/feature.go b/internal/controller/datadogagent/feature/enabledefault/feature.go
@@ -386,6 +386,18 @@ func (f *defaultFeature) ManageClusterAgent(managers feature.PodTemplateManagers
 		Name:  apicommon.DDClusterAgentServiceAccountName,
 		Value: f.clusterAgent.serviceAccountName,
 	})
+	managers.EnvVar().AddEnvVar(&corev1.EnvVar{
+		Name:  DDAgentDaemonSet,
+		Value: getDaemonSetNameFromDatadogAgent(f.owner.(*v2alpha1.DatadogAgent)),
+	})
+	managers.EnvVar().AddEnvVar(&corev1.EnvVar{
+		Name:  DDClusterAgentDeployment,
+		Value: getDeploymentNameFromDatadogAgent(f.owner.(*v2alpha1.DatadogAgent)),
+	})
+	managers.EnvVar().AddEnvVar(&corev1.EnvVar{
+		Name:  DDDatadogAgentCustomResource,
+		Value: f.owner.GetName(),
+	})
 	return nil
 }
 

diff --git a/internal/controller/datadogagent/feature/enabledefault/rbac.go b/internal/controller/datadogagent/feature/enabledefault/rbac.go
@@ -89,6 +89,14 @@ func getDefaultClusterAgentRolePolicyRules(dda metav1.Object) []rbacv1.PolicyRul
 		},
 		Verbs: []string{rbac.GetVerb, rbac.UpdateVerb, rbac.CreateVerb},
 	})
+	rules = append(rules, rbacv1.PolicyRule{
+		APIGroups: []string{rbac.DatadogAPIGroup},
+		Resources: []string{rbac.DatadogAgentsResource},
+		ResourceNames: []string{
+			dda.GetName(),
+		},
+		Verbs: []string{rbac.GetVerb},
+	})
 	return rules
 }
 

diff --git a/internal/controller/datadogagent/feature/enabledefault/utils.go b/internal/controller/datadogagent/feature/enabledefault/utils.go
@@ -0,0 +1,36 @@
+// Unless explicitly stated otherwise all files in this repository are licensed
+// under the Apache License Version 2.0.
+// This product includes software developed at Datadog (https://www.datadoghq.com/).
+// Copyright 2016-present Datadog, Inc.
+
+package enabledefault
+
+import (
+	"github.com/DataDog/datadog-operator/api/datadoghq/v2alpha1"
+	componentagent "github.com/DataDog/datadog-operator/internal/controller/datadogagent/component/agent"
+	componentdca "github.com/DataDog/datadog-operator/internal/controller/datadogagent/component/clusteragent"
+)
+
+// getDaemonSetNameFromDatadogAgent returns the expected node Agent DS/EDS name based on
+// the DDA name and nodeAgent name override
+func getDaemonSetNameFromDatadogAgent(dda *v2alpha1.DatadogAgent) string {
+	dsName := componentagent.GetAgentName(dda)
+	if componentOverride, ok := dda.Spec.Override[v2alpha1.NodeAgentComponentName]; ok {
+		if componentOverride.Name != nil && *componentOverride.Name != "" {
+			dsName = *componentOverride.Name
+		}
+	}
+	return dsName
+}
+
+// getDeploymentNameFromDatadogAgent returns the expected Cluster Agent Deployment name based on
+// the DDA name and clusterAgent name override
+func getDeploymentNameFromDatadogAgent(dda *v2alpha1.DatadogAgent) string {
+	deployName := componentdca.GetClusterAgentName(dda)
+	if componentOverride, ok := dda.Spec.Override[v2alpha1.ClusterAgentComponentName]; ok {
+		if componentOverride.Name != nil && *componentOverride.Name != "" {
+			deployName = *componentOverride.Name
+		}
+	}
+	return deployName
+}
diff --git a/internal/controller/datadogagent/feature/enabledefault/utils_test.go b/internal/controller/datadogagent/feature/enabledefault/utils_test.go
@@ -0,0 +1,84 @@
+// Unless explicitly stated otherwise all files in this repository are licensed
+// under the Apache License Version 2.0.
+// This product includes software developed at Datadog (https://www.datadoghq.com/).
+// Copyright 2016-present Datadog, Inc.
+
+package enabledefault
+
+import (
+	"testing"
+
+	"github.com/DataDog/datadog-operator/api/datadoghq/v2alpha1"
+	v2alpha1test "github.com/DataDog/datadog-operator/api/datadoghq/v2alpha1/test"
+	"github.com/stretchr/testify/assert"
+)
+
+func Test_getDaemonSetNameFromDatadogAgent(t *testing.T) {
+	tests := []struct {
+		name              string
+		ddaName           string
+		overrideAgentName string
+		expectedName      string
+	}{
+		{
+			name:              "No override",
+			ddaName:           "foo",
+			overrideAgentName: "",
+			expectedName:      "foo-agent",
+		},
+		{
+			name:              "With override",
+			ddaName:           "bar",
+			overrideAgentName: "node",
+			expectedName:      "node",
+		},
+	}
+
+	for _, tt := range tests {
+		t.Run(tt.name, func(t *testing.T) {
+			dda := v2alpha1test.NewDatadogAgentBuilder().
+				WithName(tt.ddaName).
+				WithComponentOverride(v2alpha1.NodeAgentComponentName, v2alpha1.DatadogAgentComponentOverride{
+					Name: &tt.overrideAgentName,
+				}).
+				Build()
+			dsName := getDaemonSetNameFromDatadogAgent(dda)
+			assert.Equal(t, tt.expectedName, dsName)
+		})
+	}
+}
+
+func Test_getDeploymentNameFromDatadogAgent(t *testing.T) {
+	tests := []struct {
+		name                     string
+		ddaName                  string
+		overrideClusterAgentName string
+		expectedName             string
+	}{
+		{
+			name:                     "No override",
+			ddaName:                  "foo",
+			overrideClusterAgentName: "",
+			expectedName:             "foo-cluster-agent",
+		},
+		{
+			name:                     "With override",
+			ddaName:                  "bar",
+			overrideClusterAgentName: "dca",
+			expectedName:             "dca",
+		},
+	}
+
+	for _, tt := range tests {
+		t.Run(tt.name, func(t *testing.T) {
+			dda := v2alpha1test.NewDatadogAgentBuilder().
+				WithName(tt.ddaName).
+				WithComponentOverride(v2alpha1.ClusterAgentComponentName, v2alpha1.DatadogAgentComponentOverride{
+					Name: &tt.overrideClusterAgentName,
+				}).
+				Build()
+			deployName := getDeploymentNameFromDatadogAgent(dda)
+			assert.Equal(t, tt.expectedName, deployName)
+		})
+	}
+}
diff --git a/pkg/kubernetes/rbac/const.go b/pkg/kubernetes/rbac/const.go
@@ -43,6 +43,7 @@ const (
 	CronjobsResource                    = "cronjobs"
 	CustomResourceDefinitionsResource   = "customresourcedefinitions"
 	DaemonsetsResource                  = "daemonsets"
+	DatadogAgentsResource               = "datadogagents"
 	DatadogMetricsResource              = "datadogmetrics"
 	DatadogMetricsStatusResource        = "datadogmetrics/status"
 	DatadogPodAutoscalersResource       = "datadogpodautoscalers"