[EBPF] Do not send API key to KMT microVMs (#27635)

Co-authored-by: agent-platform-auto-pr[bot] <153269286+agent-platform-auto-pr[bot]@users.noreply.github.com>
DataDog · Dec 3, 2024 · 06a9a23 · 06a9a23
1 parent 8880060
commit 06a9a23
Show file tree

Hide file tree

Showing 2 changed files with 11 additions and 5 deletions.
diff --git a/.gitlab/kernel_matrix_testing/common.yml b/.gitlab/kernel_matrix_testing/common.yml
@@ -216,9 +216,9 @@
     # ssh into each micro-vm and run initialization script. This script will also run the tests.
     - scp "$DD_AGENT_TESTING_DIR/job_env.txt" "metal_instance:/home/ubuntu/job_env-${ARCH}-${TAG}-${TEST_SET}.txt"
     - ssh metal_instance "scp /home/ubuntu/job_env-${ARCH}-${TAG}-${TEST_SET}.txt ${MICRO_VM_IP}:/job_env.txt"
-    - NESTED_VM_CMD="/home/ubuntu/connector -host ${MICRO_VM_IP} -user root -ssh-file /home/kernel-version-testing/ddvm_rsa -vm-cmd '/root/fetch_dependencies.sh ${ARCH} && /opt/kernel-version-testing/micro-vm-init.sh -retry ${RETRY} -test-root /system-probe-tests -packages-run-config /${TEST_SET}.json'"
-    - $CI_PROJECT_DIR/connector-$ARCH -host $INSTANCE_IP -user ubuntu -ssh-file $AWS_EC2_SSH_KEY_FILE -vm-cmd "${NESTED_VM_CMD}"
-    - ssh metal_instance "ssh ${MICRO_VM_IP} '/test-json-review'"
+    - NESTED_VM_CMD="/home/ubuntu/connector -host ${MICRO_VM_IP} -user root -ssh-file /home/kernel-version-testing/ddvm_rsa -vm-cmd 'CI=true /root/fetch_dependencies.sh ${ARCH} && /opt/micro-vm-init.sh -test-tools /opt/testing-tools -retry ${RETRY} -test-root /opt/${TEST_COMPONENT}-tests -packages-run-config /opt/${TEST_SET}.json'"
+    - $CI_PROJECT_DIR/connector-$ARCH -host $INSTANCE_IP -user ubuntu -ssh-file $AWS_EC2_SSH_KEY_FILE -vm-cmd "${NESTED_VM_CMD}" -send-env-vars DD_API_KEY # Allow DD_API_KEY to be passed to the metal instance, so we can use it to send metrics from the connector.
+    - ssh metal_instance "ssh ${MICRO_VM_IP} '/opt/testing-tools/test-json-review"
   artifacts:
     expire_in: 2 weeks
     when: always

diff --git a/test/new-e2e/system-probe/connector/main.go b/test/new-e2e/system-probe/connector/main.go
@@ -17,6 +17,7 @@ import (
 	"net"
 	"os"
 	"os/exec"
+	"strings"
 	"time"
 
 	"github.com/DataDog/datadog-api-client-go/v2/api/datadog"
@@ -44,6 +45,7 @@ type args struct {
 	serverKeepAliveMaxCount int
 	sshFilePath             string
 	vmCommand               string
+	sendEnvVars             []string
 }
 
 func readArgs() *args {
@@ -54,6 +56,7 @@ func readArgs() *args {
 	serverAliveCountPtr := flag.Int("server-alive-count", 560, "Maximum keep alive messages to send before disconnecting upon no reply")
 	sshFilePathPtr := flag.String("ssh-file", "", "Path to private ssh key")
 	vmCmd := flag.String("vm-cmd", "", "command to run on VM")
+	sendEnvVars := flag.String("send-env-vars", "", "Comma-separated list of environment variables to send through the connection")
 
 	flag.Parse()
 
@@ -65,6 +68,7 @@ func readArgs() *args {
 		serverKeepAliveMaxCount: *serverAliveCountPtr,
 		sshFilePath:             *sshFilePathPtr,
 		vmCommand:               *vmCmd,
+		sendEnvVars:             strings.Split(*sendEnvVars, ","),
 	}
 }
 
@@ -151,8 +155,10 @@ func run() (err error) {
 		return fmt.Errorf("connect: %s", err)
 	}
 
-	if val := os.Getenv("DD_API_KEY"); val != "" {
-		cmd.Env = append(cmd.Env, fmt.Sprintf("DD_API_KEY=%s", val))
+	for _, envVar := range args.sendEnvVars {
+		if val := os.Getenv(envVar); val != "" {
+			cmd.Env = append(cmd.Env, fmt.Sprintf("%s=%s", envVar, val))
+		}
 	}
 
 	cmd.Command = args.vmCommand