fix hello message fields

DataDog · Nov 27, 2024 · 9f54f58 · 9f54f58
1 parent 3596d47
commit 9f54f58
Show file tree

Hide file tree

Showing 3 changed files with 26 additions and 5 deletions.
diff --git a/pkg/security/probe/custom_events.go b/pkg/security/probe/custom_events.go
@@ -11,11 +11,14 @@
 package probe
 
 import (
+	coretags "github.com/DataDog/datadog-agent/comp/core/tagger/tags"
 	"github.com/DataDog/datadog-agent/pkg/process/procutil"
 	"github.com/DataDog/datadog-agent/pkg/security/events"
 	"github.com/DataDog/datadog-agent/pkg/security/proto/ebpfless"
+	"github.com/DataDog/datadog-agent/pkg/security/resolvers/tags"
 	"github.com/DataDog/datadog-agent/pkg/security/secl/model"
 	"github.com/DataDog/datadog-agent/pkg/security/secl/rules"
+	"github.com/DataDog/datadog-agent/pkg/security/seclog"
 	"github.com/DataDog/datadog-agent/pkg/security/serializers"
 	"github.com/DataDog/datadog-agent/pkg/security/utils"
 )
@@ -71,7 +74,7 @@ func (e EBPFLessHelloMsgEvent) ToJSON() ([]byte, error) {
 }
 
 // NewEBPFLessHelloMsgEvent returns a eBPFLess hello custom event
-func NewEBPFLessHelloMsgEvent(acc *events.AgentContainerContext, msg *ebpfless.HelloMsg, scrubber *procutil.DataScrubber) (*rules.Rule, *events.CustomEvent) {
+func NewEBPFLessHelloMsgEvent(acc *events.AgentContainerContext, msg *ebpfless.HelloMsg, scrubber *procutil.DataScrubber, tagger tags.Tagger) (*rules.Rule, *events.CustomEvent) {
 	args := msg.EntrypointArgs
 	if scrubber != nil {
 		args, _ = scrubber.ScrubCommand(msg.EntrypointArgs)
@@ -81,6 +84,18 @@ func NewEBPFLessHelloMsgEvent(acc *events.AgentContainerContext, msg *ebpfless.H
 		NSID: msg.NSID,
 	}
 	evt.Container.ID = msg.ContainerContext.ID
+
+	if tagger != nil {
+		tags, err := tags.GetTagsOfContainer(tagger, msg.ContainerContext.ID)
+		if err != nil {
+			seclog.Errorf("Failed to get tags for container %s: %v", msg.ContainerContext.ID, err)
+		} else {
+			evt.Container.Name = utils.GetTagValue(coretags.EcsContainerName, tags)
+			evt.Container.ImageShortName = utils.GetTagValue(coretags.ShortImage, tags)
+			evt.Container.ImageTag = utils.GetTagValue(coretags.ImageTag, tags)
+		}
+	}
+
 	evt.EntrypointArgs = args
 
 	evt.FillCustomEventCommonFields(acc)

diff --git a/pkg/security/probe/probe_ebpfless.go b/pkg/security/probe/probe_ebpfless.go
@@ -96,7 +96,7 @@ func (p *EBPFLessProbe) handleClientMsg(cl *client, msg *ebpfless.Message) {
 	case ebpfless.MessageTypeHello:
 		if cl.nsID == 0 {
 			p.probe.DispatchCustomEvent(
-				NewEBPFLessHelloMsgEvent(p.GetAgentContainerContext(), msg.Hello, p.probe.scrubber),
+				NewEBPFLessHelloMsgEvent(p.GetAgentContainerContext(), msg.Hello, p.probe.scrubber, p.probe.Opts.Tagger),
 			)
 
 			cl.nsID = msg.Hello.NSID

diff --git a/pkg/security/resolvers/tags/resolver.go b/pkg/security/resolvers/tags/resolver.go
@@ -53,12 +53,18 @@ func (t *DefaultResolver) Resolve(id string) []string {
 
 // ResolveWithErr returns the tags for the given id
 func (t *DefaultResolver) ResolveWithErr(id string) ([]string, error) {
-	if t.tagger == nil {
+	return GetTagsOfContainer(t.tagger, id)
+}
+
+// GetTagsOfContainer returns the tags for the given container id
+// exported to share the code with other non-resolver users of tagger
+func GetTagsOfContainer(tagger Tagger, containerID string) ([]string, error) {
+	if tagger == nil {
 		return nil, nil
 	}
 
-	entityID := types.NewEntityID(types.ContainerID, id)
-	return t.tagger.Tag(entityID, types.OrchestratorCardinality)
+	entityID := types.NewEntityID(types.ContainerID, containerID)
+	return tagger.Tag(entityID, types.OrchestratorCardinality)
 }
 
 // GetValue return the tag value for the given id and tag name