Report NGINX App Protect instances (#1122)

Author: dhurley

api/grpc/mpi/v1/command.pb.go

@@ -296,7 +296,7 @@ message InstanceRuntime {
     // the process identifier
     int32 process_id = 1;
     // the binary path location
-    string binary_path = 2 [(buf.validate.field).string.prefix = "/"];
+    string binary_path = 2 [(buf.validate.field).string.pattern = "^\\/.*|^$"];
     // the config path location
     string config_path = 3 [(buf.validate.field).string.pattern = "^\\/.*|^$"];
     // more detailed runtime objects
@@ -362,6 +362,8 @@ message NGINXAppProtectRuntimeInfo {
     string attack_signature_version = 2;
     // Threat campaign version
     string threat_campaign_version = 3;
+    // Enforcer engine version
+    string enforcer_engine_version = 4;
 }
 
 // A set of actions that can be performed on an instance

api/grpc/mpi/v1/command.pb.validate.go

@@ -1053,6 +1053,7 @@ A set of runtime NGINX App Protect settings
 | release | [string](#string) |  | NGINX App Protect Release |
 | attack_signature_version | [string](#string) |  | Attack signature version |
 | threat_campaign_version | [string](#string) |  | Threat campaign version |
+| enforcer_engine_version | [string](#string) |  | Enforcer engine version |
 
 
 

api/grpc/mpi/v1/command.proto

@@ -39,18 +39,17 @@ type (
 	}
 
 	InstanceWatcherService struct {
-		processOperator              process.ProcessOperatorInterface
-		nginxConfigParser            parser.ConfigParser
-		executer                     exec.ExecInterface
-		enabled                      *atomic.Bool
-		agentConfig                  *config.Config
-		instanceCache                map[string]*mpi.Instance
-		nginxConfigCache             map[string]*model.NginxConfigContext
-		instancesChannel             chan<- InstanceUpdatesMessage
-		nginxConfigContextChannel    chan<- NginxConfigContextMessage
-		nginxParser                  processParser
-		nginxAppProtectProcessParser processParser
-		cacheMutex                   sync.Mutex
+		processOperator           process.ProcessOperatorInterface
+		nginxConfigParser         parser.ConfigParser
+		executer                  exec.ExecInterface
+		enabled                   *atomic.Bool
+		agentConfig               *config.Config
+		instanceCache             map[string]*mpi.Instance
+		nginxConfigCache          map[string]*model.NginxConfigContext
+		instancesChannel          chan<- InstanceUpdatesMessage
+		nginxConfigContextChannel chan<- NginxConfigContextMessage
+		nginxParser               processParser
+		cacheMutex                sync.Mutex
 	}
 
 	InstanceUpdates struct {
@@ -75,16 +74,15 @@ func NewInstanceWatcherService(agentConfig *config.Config) *InstanceWatcherServi
 	enabled.Store(true)
 
 	return &InstanceWatcherService{
-		agentConfig:                  agentConfig,
-		processOperator:              process.NewProcessOperator(),
-		nginxParser:                  NewNginxProcessParser(),
-		nginxAppProtectProcessParser: NewNginxAppProtectProcessParser(),
-		nginxConfigParser:            parser.NewNginxConfigParser(agentConfig),
-		instanceCache:                make(map[string]*mpi.Instance),
-		cacheMutex:                   sync.Mutex{},
-		nginxConfigCache:             make(map[string]*model.NginxConfigContext),
-		executer:                     &exec.Exec{},
-		enabled:                      enabled,
+		agentConfig:       agentConfig,
+		processOperator:   process.NewProcessOperator(),
+		nginxParser:       NewNginxProcessParser(),
+		nginxConfigParser: parser.NewNginxConfigParser(agentConfig),
+		instanceCache:     make(map[string]*mpi.Instance),
+		cacheMutex:        sync.Mutex{},
+		nginxConfigCache:  make(map[string]*model.NginxConfigContext),
+		executer:          &exec.Exec{},
+		enabled:           enabled,
 	}
 }
 
@@ -265,7 +263,7 @@ func (iw *InstanceWatcherService) instanceUpdates(ctx context.Context) (
 ) {
 	iw.cacheMutex.Lock()
 	defer iw.cacheMutex.Unlock()
-	nginxProcesses, nginxAppProtectProcesses, err := iw.processOperator.Processes(ctx)
+	nginxProcesses, err := iw.processOperator.Processes(ctx)
 	if err != nil {
 		return instanceUpdates, err
 	}
@@ -280,10 +278,6 @@ func (iw *InstanceWatcherService) instanceUpdates(ctx context.Context) (
 		instancesFound[instance.GetInstanceMeta().GetInstanceId()] = instance
 	}
 
-	nginxAppProtectInstances := iw.nginxAppProtectProcessParser.Parse(ctx, nginxAppProtectProcesses)
-	for _, instance := range nginxAppProtectInstances {
-		instancesFound[instance.GetInstanceMeta().GetInstanceId()] = instance
-	}
 	newInstances, updatedInstances, deletedInstances := compareInstances(iw.instanceCache, instancesFound)
 
 	instanceUpdates.NewInstances = newInstances

docs/proto/protos.md

@@ -28,7 +28,7 @@ func TestInstanceWatcherService_checkForUpdates(t *testing.T) {
 	nginxConfigContext := testModel.ConfigContext()
 
 	fakeProcessWatcher := &processfakes.FakeProcessOperatorInterface{}
-	fakeProcessWatcher.ProcessesReturns(nil, nil, nil)
+	fakeProcessWatcher.ProcessesReturns(nil, nil)
 
 	fakeProcessParser := &instancefakes.FakeProcessParser{}
 	fakeProcessParser.ParseReturns(map[string]*mpi.Instance{
@@ -44,7 +44,6 @@ func TestInstanceWatcherService_checkForUpdates(t *testing.T) {
 	instanceWatcherService := NewInstanceWatcherService(types.AgentConfig())
 	instanceWatcherService.processOperator = fakeProcessWatcher
 	instanceWatcherService.nginxParser = fakeProcessParser
-	instanceWatcherService.nginxAppProtectProcessParser = fakeProcessParser
 	instanceWatcherService.nginxConfigParser = fakeNginxConfigParser
 	instanceWatcherService.instancesChannel = instanceUpdatesChannel
 	instanceWatcherService.nginxConfigContextChannel = nginxConfigContextChannel
@@ -132,7 +131,7 @@ func TestInstanceWatcherService_instanceUpdates(t *testing.T) {
 	for _, test := range tests {
 		t.Run(test.name, func(tt *testing.T) {
 			fakeProcessWatcher := &processfakes.FakeProcessOperatorInterface{}
-			fakeProcessWatcher.ProcessesReturns(nil, nil, nil)
+			fakeProcessWatcher.ProcessesReturns(nil, nil)
 
 			fakeProcessParser := &instancefakes.FakeProcessParser{}
 			fakeProcessParser.ParseReturns(test.parsedInstances)
@@ -144,7 +143,6 @@ func TestInstanceWatcherService_instanceUpdates(t *testing.T) {
 			instanceWatcherService := NewInstanceWatcherService(types.AgentConfig())
 			instanceWatcherService.processOperator = fakeProcessWatcher
 			instanceWatcherService.nginxParser = fakeProcessParser
-			instanceWatcherService.nginxAppProtectProcessParser = fakeProcessParser
 			instanceWatcherService.instanceCache = test.oldInstances
 			instanceWatcherService.executer = fakeExec