chore: add datadog.no_waf build tag (#47)

- [x] Add `datadog.no_waf` build tag in all go:build directives
- [x] Add platform section as an excuse to talk about `datadog.no_waf`
build tag
- [x] Add new file to explain the new reason why the waf could be
disabled
- [x] Run the CI with the disabled build tag on most cases to extend
coverage to the new file
- [x] Rename "Unsupported" with "Disabled" for some identifiers as it
makes more sense now

---------

Signed-off-by: Eliott Bouhana <[email protected]>
Co-authored-by: Julio Guerra <[email protected]>

Author: eliottness

.github/workflows/test.yml

@@ -14,7 +14,7 @@ jobs:
     strategy:
       fail-fast: false
       matrix:
-        runs-on: [ macos-13, macos-12, macos-11, ubuntu-22.04, ubuntu-20.04, windows-latest ]
+        runs-on: [ macos-13, macos-12, macos-11, ubuntu-22.04, ubuntu-20.04 ]
         go-version: [ "1.21", "1.20", "1.19" ]
         cgo_enabled: [ "0", "1" ] # test it compiles with and without cgo
         include:
@@ -30,7 +30,6 @@ jobs:
         with:
           go-version: ${{ matrix.go-version }}
           cache: true
-
       - name: go test
         shell: bash
         run: |
@@ -39,6 +38,30 @@ jobs:
           # Run the tests with gotestsum
           env ${{ matrix.env }} CGO_ENABLED=${{ matrix.cgo_enabled }} ./gotestsum -- -v -count=10 -shuffle=on ./...
 
+  disabled:
+    strategy:
+      fail-fast: false
+      matrix:
+        runs-on: [ windows-latest, ubuntu-latest, macos-13 ]
+        go-args: [ "-tags datadog.no_waf", "-tags go1.22" ]
+        include:
+          - runs-on: windows-latest
+            go-args: ""
+    runs-on: ${{ matrix.runs-on }}
+    steps:
+      - uses: actions/checkout@v3
+      - uses: actions/setup-go@v4
+        with:
+          go-version: 'stable' # get latest stable version from https://github.com/actions/go-versions/blob/main/versions-manifest.json
+          cache: true
+      - name: go test
+        shell: bash
+        run: |
+          # Install gotestsum
+          env GOBIN=$PWD go install gotest.tools/gotestsum@latest
+          # Run the tests with gotestsum
+          ./gotestsum -- -v ${{ matrix.go-tags }} -shuffle=on ./...
+
   # Same tests but on the official golang container for linux
   golang-linux-container:
     runs-on: ubuntu-latest

README.md

@@ -41,6 +41,24 @@ But with the appearance of `ddwaf_object` tree like structure,
 but also with the intention to build CGO-less bindings, this project size has grown to be a fully integrated brick in the DataDog tracer structure.
 Which in turn made it necessary to document the project, to maintain it in an orderly fashion.
 
+## Supported platforms
+
+This library currently support the following platform doublets:
+
+| OS    | Arch    |
+| ----- | ------- |
+| Linux | amd64   |
+| Linux | aarch64 |
+| OSX   | amd64   |
+| OSX   | arm64   |
+
+This means that when the platform is not supported, top-level functions will return a `WafDisabledError` error including the purpose of it.
+
+Note that:
+* Linux support include for glibc and musl variants
+* OSX under 10.9 is not supported
+* A build tag named `datadog.no_waf` can be manually added to force the WAF to be disabled.
+
 ## Design
 
 The WAF bindings have multiple moving parts that are necessary to understand:

ctypes_test.go

@@ -4,7 +4,7 @@
 // Copyright 2016-present Datadog, Inc.
 
 // Purego only works on linux/macOS with amd64 and arm64 from now
-//go:build (linux || darwin) && (amd64 || arm64) && !go1.22
+//go:build (linux || darwin) && (amd64 || arm64) && !go1.22 && !datadog.no_waf
 
 package waf
 

encoder_decoder_test.go

@@ -3,7 +3,7 @@
 // This product includes software developed at Datadog (https://www.datadoghq.com/).
 // Copyright 2016-present Datadog, Inc.
 
-//go:build (amd64 || arm64) && (linux || darwin) && !go1.22
+//go:build (amd64 || arm64) && (linux || darwin) && !go1.22 && !datadog.no_waf
 
 package waf
 

handle_test.go

@@ -13,7 +13,7 @@ import (
 )
 
 func TestNewHandle(t *testing.T) {
-	if supported, err := supportsTarget(); !supported || err != nil {
+	if supported, err := Health(); !supported || err != nil {
 		t.Skip("target is not supported by the WAF")
 		return
 	}

internal/lib/lib.go

@@ -3,7 +3,7 @@
 // This product includes software developed at Datadog (https://www.datadoghq.com/).
 // Copyright 2016-present Datadog, Inc.
 
-//go:build ((darwin && (amd64 || arm64)) || (linux && (amd64 || arm64))) && !go1.22
+//go:build ((darwin && (amd64 || arm64)) || (linux && (amd64 || arm64))) && !go1.22 && !datadog.no_waf
 
 package lib
 

internal/lib/lib_darwin_amd64.go

@@ -3,7 +3,8 @@
 // This product includes software developed at Datadog (https://www.datadoghq.com/).
 // Copyright 2016-present Datadog, Inc.
 
-//go:build darwin && amd64 && !go1.22
+//go:build darwin && amd64 && !go1.22 && !datadog.no_waf
+
 package lib
 
 import _ "embed" // Needed for go:embed

internal/lib/lib_darwin_arm64.go

@@ -3,7 +3,8 @@
 // This product includes software developed at Datadog (https://www.datadoghq.com/).
 // Copyright 2016-present Datadog, Inc.
 
-//go:build darwin && arm64 && !go1.22
+//go:build darwin && arm64 && !go1.22 && !datadog.no_waf
+
 package lib
 
 import _ "embed" // Needed for go:embed

internal/lib/lib_linux_amd64.go

@@ -3,7 +3,8 @@
 // This product includes software developed at Datadog (https://www.datadoghq.com/).
 // Copyright 2016-present Datadog, Inc.
 
-//go:build linux && amd64 && !go1.22
+//go:build linux && amd64 && !go1.22 && !datadog.no_waf
+
 package lib
 
 import _ "embed" // Needed for go:embed

internal/lib/lib_linux_arm64.go

@@ -3,7 +3,8 @@
 // This product includes software developed at Datadog (https://www.datadoghq.com/).
 // Copyright 2016-present Datadog, Inc.
 
-//go:build linux && arm64 && !go1.22
+//go:build linux && arm64 && !go1.22 && !datadog.no_waf
+
 package lib
 
 import _ "embed" // Needed for go:embed