From e323824fd1add7bf258abd80c0fd944d7f0e122f Mon Sep 17 00:00:00 2001 From: Michi Mutsuzaki Date: Mon, 28 Aug 2023 16:52:24 +0000 Subject: [PATCH] process.GetPodInfo: Don't return Cilium endpoint The return value is always ignored, and it's only being used by unit tests. Signed-off-by: Michi Mutsuzaki --- pkg/grpc/exec/exec.go | 2 +- pkg/grpc/process_manager_test.go | 9 +++------ pkg/process/podinfo.go | 9 ++++----- pkg/process/podinfo_test.go | 2 +- pkg/process/process.go | 18 ++++++++---------- 5 files changed, 17 insertions(+), 23 deletions(-) diff --git a/pkg/grpc/exec/exec.go b/pkg/grpc/exec/exec.go index 57afffc7658..741334c7c93 100644 --- a/pkg/grpc/exec/exec.go +++ b/pkg/grpc/exec/exec.go @@ -173,7 +173,7 @@ func (msg *MsgExecveEventUnix) Retry(internal *process.ProcessInternal, ev notif nspid := msg.Process.NSPID if option.Config.EnableK8s && containerId != "" { - podInfo, _ = process.GetPodInfo(containerId, filename, args, nspid) + podInfo = process.GetPodInfo(containerId, filename, args, nspid) if podInfo == nil { errormetrics.ErrorTotalInc(errormetrics.EventCachePodInfoRetryFailed) return eventcache.ErrFailedToGetPodInfo diff --git a/pkg/grpc/process_manager_test.go b/pkg/grpc/process_manager_test.go index 0382043b961..b0a41aafff3 100644 --- a/pkg/grpc/process_manager_test.go +++ b/pkg/grpc/process_manager_test.go @@ -59,10 +59,9 @@ func TestProcessManager_getPodInfo(t *testing.T) { err = process.InitCache(watcher.NewFakeK8sWatcher(pods), 10) assert.NoError(t, err) defer process.FreeCache() - pod, endpoint := process.GetPodInfo("container-id-not-found", "", "", 0) + pod := process.GetPodInfo("container-id-not-found", "", "", 0) assert.Nil(t, pod) - assert.Nil(t, endpoint) - pod, endpoint = process.GetPodInfo("aaaaaaa", "", "", 1234) + pod = process.GetPodInfo("aaaaaaa", "", "", 1234) assert.Equal(t, &tetragon.Pod{ Namespace: podA.Namespace, @@ -81,7 +80,6 @@ func TestProcessManager_getPodInfo(t *testing.T) { Pid: &wrapperspb.UInt32Value{Value: 1234}, }, }, pod) - assert.Nil(t, endpoint) } func TestProcessManager_getPodInfoMaybeExecProbe(t *testing.T) { @@ -119,7 +117,7 @@ func TestProcessManager_getPodInfoMaybeExecProbe(t *testing.T) { err = process.InitCache(watcher.NewFakeK8sWatcher(pods), 10) assert.NoError(t, err) defer process.FreeCache() - pod, endpoint := process.GetPodInfo("aaaaaaa", "/bin/command", "arg-a arg-b", 1234) + pod := process.GetPodInfo("aaaaaaa", "/bin/command", "arg-a arg-b", 1234) assert.Equal(t, &tetragon.Pod{ Namespace: podA.Namespace, @@ -132,7 +130,6 @@ func TestProcessManager_getPodInfoMaybeExecProbe(t *testing.T) { MaybeExecProbe: true, }, }, pod) - assert.Nil(t, endpoint) } func TestProcessManager_GetProcessExec(t *testing.T) { diff --git a/pkg/process/podinfo.go b/pkg/process/podinfo.go index 1a4b7720e1f..c98e199940b 100644 --- a/pkg/process/podinfo.go +++ b/pkg/process/podinfo.go @@ -9,7 +9,6 @@ import ( "github.com/cilium/tetragon/pkg/filters" "github.com/cilium/tetragon/pkg/logger" "github.com/cilium/tetragon/pkg/metrics/watchermetrics" - hubblev1 "github.com/cilium/tetragon/pkg/oldhubble/api/v1" "github.com/cilium/tetragon/pkg/watcher" "google.golang.org/protobuf/types/known/timestamppb" @@ -39,15 +38,15 @@ func getPodInfo( binary string, args string, nspid uint32, -) (*tetragon.Pod, *hubblev1.Endpoint) { +) *tetragon.Pod { if containerID == "" { - return nil, nil + return nil } pod, container, ok := w.FindContainer(containerID) if !ok { watchermetrics.GetWatcherErrors("k8s", watchermetrics.FailedToGetPodError).Inc() logger.GetLogger().WithField("container id", containerID).Trace("failed to get pod") - return nil, nil + return nil } var startTime *timestamppb.Timestamp livenessProbe, readinessProbe := getProbes(pod, container) @@ -89,5 +88,5 @@ func getPodInfo( StartTime: startTime, MaybeExecProbe: maybeExecProbe, }, - }, endpoint + } } diff --git a/pkg/process/podinfo_test.go b/pkg/process/podinfo_test.go index 2b2c4b9cd6b..9779e5c4101 100644 --- a/pkg/process/podinfo_test.go +++ b/pkg/process/podinfo_test.go @@ -46,7 +46,7 @@ func TestK8sWatcher_GetPodInfo(t *testing.T) { k8sClient := fake.NewSimpleClientset(&pod) watcher := watcher.NewK8sWatcher(k8sClient, time.Hour) pid := uint32(1) - podInfo, _ := getPodInfo(watcher, "abcd1234", "curl", "cilium.io", 1) + podInfo := getPodInfo(watcher, "abcd1234", "curl", "cilium.io", 1) assert.True(t, proto.Equal(podInfo, &tetragon.Pod{ Namespace: pod.Namespace, Name: pod.Name, diff --git a/pkg/process/process.go b/pkg/process/process.go index fe3428bbf41..f52518f5866 100644 --- a/pkg/process/process.go +++ b/pkg/process/process.go @@ -28,8 +28,6 @@ import ( "github.com/cilium/tetragon/pkg/watcher" "google.golang.org/protobuf/proto" "google.golang.org/protobuf/types/known/wrapperspb" - - hubblev1 "github.com/cilium/tetragon/pkg/oldhubble/api/v1" ) // ProcessInternal is the internal representation of a process. @@ -192,7 +190,7 @@ func initProcessInternalExec( parent tetragonAPI.MsgExecveKey, capabilities tetragonAPI.MsgCapabilities, namespaces tetragonAPI.MsgNamespaces, -) (*ProcessInternal, *hubblev1.Endpoint) { +) *ProcessInternal { args, cwd := ArgsDecoder(process.Args, process.Flags) var parentExecID string if parent.Pid != 0 { @@ -201,7 +199,7 @@ func initProcessInternalExec( parentExecID = GetProcessID(0, 1) } execID := GetExecID(&process) - protoPod, endpoint := GetPodInfo(containerID, process.Filename, args, process.NSPID) + protoPod := GetPodInfo(containerID, process.Filename, args, process.NSPID) caps := caps.GetMsgCapabilities(capabilities) ns := namespace.GetMsgNamespaces(namespaces) return &ProcessInternal{ @@ -224,7 +222,7 @@ func initProcessInternalExec( capabilities: caps, namespaces: ns, refcnt: 1, - }, endpoint + } } // initProcessInternalClone() initialize and returns ProcessInternal from @@ -269,7 +267,7 @@ func initProcessInternalClone(event *tetragonAPI.MsgCloneEvent, pi.process.Pod.Container.Pid = &wrapperspb.UInt32Value{Value: event.NSPID} } if option.Config.EnableK8s && pi.process.Docker != "" && pi.process.Pod == nil { - if podInfo, _ := GetPodInfo(pi.process.Docker, pi.process.Binary, pi.process.Arguments, event.NSPID); podInfo != nil { + if podInfo := GetPodInfo(pi.process.Docker, pi.process.Binary, pi.process.Arguments, event.NSPID); podInfo != nil { pi.AddPodInfo(podInfo) } } @@ -277,9 +275,9 @@ func initProcessInternalClone(event *tetragonAPI.MsgCloneEvent, return pi, nil } -// GetPodInfo() constructs and returns the Kubernetes Pod information associated with +// GetPodInfo constructs and returns the Kubernetes Pod information associated with // the Container ID and the PID inside this container. -func GetPodInfo(cid, bin, args string, nspid uint32) (*tetragon.Pod, *hubblev1.Endpoint) { +func GetPodInfo(cid, bin, args string, nspid uint32) *tetragon.Pod { return getPodInfo(k8s, cid, bin, args, nspid) } @@ -307,9 +305,9 @@ func AddExecEvent(event *tetragonAPI.MsgExecveEventUnix) *ProcessInternal { if event.CleanupProcess.Ktime == 0 || event.Process.Flags&api.EventClone != 0 { // there is a case where we cannot find this entry in execve_map // in that case we use as parent what Linux knows - proc, _ = initProcessInternalExec(event.Process, event.Kube.Docker, event.Parent, event.Capabilities, event.Namespaces) + proc = initProcessInternalExec(event.Process, event.Kube.Docker, event.Parent, event.Capabilities, event.Namespaces) } else { - proc, _ = initProcessInternalExec(event.Process, event.Kube.Docker, event.CleanupProcess, event.Capabilities, event.Namespaces) + proc = initProcessInternalExec(event.Process, event.Kube.Docker, event.CleanupProcess, event.Capabilities, event.Namespaces) } // Ensure that exported events have the TID set. For events from Kernel