diff --git a/spec/security-agent_spec.rb b/spec/security-agent_spec.rb index 5bc3199f..e7d025bf 100644 --- a/spec/security-agent_spec.rb +++ b/spec/security-agent_spec.rb @@ -69,4 +69,59 @@ }) end end + + context 'with CWS enabled on Windows' do + cached(:solo) do + ChefSpec::SoloRunner.new( + platform: 'windows', + version: '2012R2' + ) do |node| + node.name 'chef-nodename' # expected to be used as the hostname in `datadog.yaml` + node.normal['datadog'] = { + 'api_key' => 'somethingnotnil', + 'agent_major_version' => 6, + 'security_agent' => { + 'cws' => { + 'enabled' => true, + } + }, + 'extra_config' => { + 'security_agent' => { + 'runtime_security_config' => { + 'activity_dump' => { + 'enabled' => true, + } + } + } + } + } + end + end + + cached(:chef_run) do + solo.converge(described_recipe) do + solo.resource_collection.insert( + Chef::Resource::Service.new('datadog-agent', solo.run_context)) + end + end + + it 'security-agent.yaml is created' do + expect(chef_run).to create_template('C:/ProgramData/Datadog/security-agent.yaml') + end + + it 'security-agent.yaml contains expected YAML configuration' do + expected_yaml = <<-EOF + compliance_config: + enabled: false + runtime_security_config: + enabled: true + activity_dump: + enabled: true + EOF + + expect(chef_run).to(render_file('C:/ProgramData/Datadog/security-agent.yaml').with_content { |content| + expect(YAML.safe_load(content).to_json).to be_json_eql(YAML.safe_load(expected_yaml).to_json) + }) + end + end end diff --git a/spec/system-probe_spec.rb b/spec/system-probe_spec.rb index e393967c..7bfb8f95 100644 --- a/spec/system-probe_spec.rb +++ b/spec/system-probe_spec.rb @@ -240,4 +240,115 @@ }) end end + + context 'with CWS enabled' do + cached(:solo) do + ChefSpec::SoloRunner.new( + platform: 'ubuntu', + version: '16.04' + ) do |node| + node.name 'chef-nodename' # expected to be used as the hostname in `datadog.yaml` + node.normal['datadog'] = { + 'api_key' => 'somethingnotnil', + 'agent_major_version' => 6, + 'security_agent' => { + 'cws' => { + 'enabled' => true, + } + }, + 'extra_config' => { + 'security_agent' => { + 'runtime_security_config' => { + 'activity_dump' => { + 'enabled' => true, + } + } + } + } + } + end + end + + cached(:chef_run) do + solo.converge(described_recipe) do + solo.resource_collection.insert( + Chef::Resource::Service.new('datadog-agent', solo.run_context)) + solo.resource_collection.insert( + Chef::Resource::Service.new('datadog-agent-security', solo.run_context)) + end + end + + it 'system-probe.yaml is created' do + expect(chef_run).to create_template('/etc/datadog-agent/system-probe.yaml') + end + + it 'system-probe.yaml contains expected YAML configuration' do + expected_yaml = <<-EOF + runtime_security_config: + enabled: true + activity_dump: + enabled: true + system_probe_config: + enabled: false + bpf_debug: false + debug_port: 0 + enable_conntrack: false + sysprobe_socket: '/opt/datadog-agent/run/sysprobe.sock' + EOF + + expect(chef_run).to(render_file('/etc/datadog-agent/system-probe.yaml').with_content { |content| + expect(YAML.safe_load(content).to_json).to be_json_eql(YAML.safe_load(expected_yaml).to_json) + }) + end + end + + context 'with CWS enabled on Windows' do + cached(:solo) do + ChefSpec::SoloRunner.new( + platform: 'windows', + version: '2012R2' + ) do |node| + node.name 'chef-nodename' # expected to be used as the hostname in `datadog.yaml` + node.normal['datadog'] = { + 'api_key' => 'somethingnotnil', + 'agent_major_version' => 6, + 'security_agent' => { + 'cws' => { + 'enabled' => true, + } + } + } + end + end + + cached(:chef_run) do + solo.converge(described_recipe) do + solo.resource_collection.insert( + Chef::Resource::Service.new('datadog-agent', solo.run_context)) + solo.resource_collection.insert( + Chef::Resource::Service.new('datadog-agent-security', solo.run_context)) + end + end + + it 'system-probe.yaml is created' do + expect(chef_run).to create_template('C:/ProgramData/Datadog/system-probe.yaml') + end + + it 'system-probe.yaml contains expected YAML configuration' do + expected_yaml = <<-EOF + runtime_security_config: + enabled: true + system_probe_config: + enabled: false + bpf_debug: false + debug_port: 0 + enable_conntrack: false + sysprobe_socket: 'localhost:3333' + EOF + + expect(chef_run).to(render_file('C:/ProgramData/Datadog/system-probe.yaml').with_content { |content| + expect(YAML.safe_load(content).to_json).to be_json_eql(YAML.safe_load(expected_yaml).to_json) + }) + end + end end