add paths for NAP upon instance discovery

Author: sean-breen

.golangci.yml

@@ -340,6 +340,7 @@ linters-settings:
       - google.golang.org/grpc/credentials
       - github.com/testcontainers/testcontainers-go
       - google.golang.org/grpc
+      - github.com/nginx/agent/v3/api/grpc/mpi
   lll:
     # Max line length, lines longer will be reported.
     # '\t' is counted as 1 character by default, and can be changed with the tab-width option.

internal/watcher/instance/nginx-app-protect-instance-watcher.go

@@ -20,6 +20,7 @@ import (
 )
 
 var (
+	napDirPath                     = "/opt/app_protect"
 	versionFilePath                = "/opt/app_protect/VERSION"
 	releaseFilePath                = "/opt/app_protect/RELEASE"
 	attackSignatureVersionFilePath = "/opt/app_protect/var/update_files/signatures/version"
@@ -49,6 +50,7 @@ type NginxAppProtectInstanceWatcher struct {
 }
 
 func NewNginxAppProtectInstanceWatcher(agentConfig *config.Config) *NginxAppProtectInstanceWatcher {
+	agentConfig.AllowedDirectories = append(agentConfig.AllowedDirectories, "/opt/app_protect")
 	return &NginxAppProtectInstanceWatcher{
 		agentConfig:       agentConfig,
 		filesBeingWatched: make(map[string]bool),

internal/watcher/instance/nginx-app-protect-instance-watcher_test.go

@@ -8,6 +8,7 @@ package instance
 import (
 	"context"
 	"os"
+	"slices"
 	"testing"
 	"time"
 
@@ -95,6 +96,13 @@ func TestNginxAppProtectInstanceWatcher_Watch(t *testing.T) {
 		},
 	)
 
+	assert.True(t,
+		slices.Contains(
+			nginxAppProtectInstanceWatcher.agentConfig.AllowedDirectories,
+			napDirPath,
+		),
+	)
+
 	go nginxAppProtectInstanceWatcher.Watch(ctx, instancesChannel)
 
 	t.Run("Test 1: New instance", func(t *testing.T) {
@@ -112,7 +120,6 @@ func TestNginxAppProtectInstanceWatcher_Watch(t *testing.T) {
 			t.Fatalf("Timed out waiting for instance updates")
 		}
 	})
-
 	t.Run("Test 2: Update instance", func(t *testing.T) {
 		_, err = enforcerEngineVersionFile.WriteAt([]byte("6.113.0"), 0)
 		require.NoError(t, err)