config

package
v0.0.0-...-bfe00b6 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: May 2, 2026 License: Apache-2.0 Imports: 19 Imported by: 0

Documentation

Index

Constants

View Source 
const (

	// rshell commands belong to a namespace, currently only "rshell:" is supported.
	RshellCommandNamespacePrefix = "rshell:"
)

Variables

View Source 
var BundleInheritedAllowedActions = []BundleInheritedAllowedAction{
	{ActionFQN: "com.datadoghq.gitlab.users.testConnection", ExpectedPrefix: "com.datadoghq.gitlab"},
	{ActionFQN: "com.datadoghq.kubernetes.core.testConnection", ExpectedPrefix: "com.datadoghq.kubernetes"},
	{ActionFQN: "com.datadoghq.script.testConnection", ExpectedPrefix: "com.datadoghq.script"},
	{ActionFQN: "com.datadoghq.script.enrichScript", ExpectedPrefix: "com.datadoghq.script"},
	{ActionFQN: "com.datadoghq.http.testConnection", ExpectedPrefix: "com.datadoghq.http"},
	{ActionFQN: "com.datadoghq.remoteaction.testConnection", ExpectedPrefix: "com.datadoghq.remoteaction"},
}

BundleInheritedAllowedActions is a list of actions that are automatically allowed if at least one other action matching their expected prefix is allowed

View Source 
var DefaultActionFQNs = append([]string{}, defaultCommonActionFQNs...)

DefaultActionFQNs is a list of action FQNs that are enabled by default for non-Cluster-Agent flavors. Users can opt out by setting private_action_runner.default_actions_enabled to false.

View Source 
var DefaultClusterAgentActionFQNs = append([]string{

	"com.datadoghq.kubernetes.apps.listDeployment",
	"com.datadoghq.kubernetes.apps.getDeployment",

	"com.datadoghq.kubernetes.apps.getDaemonSet",
	"com.datadoghq.kubernetes.apps.listDaemonSet",

	"com.datadoghq.kubernetes.apps.getStatefulSet",
	"com.datadoghq.kubernetes.apps.listStatefulSet",

	"com.datadoghq.kubernetes.core.getPod",
	"com.datadoghq.kubernetes.core.listPod",

	"com.datadoghq.kubernetes.core.getConfigMap",
	"com.datadoghq.kubernetes.core.listConfigMap",

	"com.datadoghq.kubernetes.core.getService",
	"com.datadoghq.kubernetes.core.listService",

	"com.datadoghq.kubernetes.core.getNode",
	"com.datadoghq.kubernetes.core.listNode",

	"com.datadoghq.kubernetes.core.listEvent",

	"com.datadoghq.kubernetes.core.listNamespace",

	"com.datadoghq.kubernetes.batch.getJob",
	"com.datadoghq.kubernetes.batch.listJob",
	"com.datadoghq.kubernetes.batch.getCronJob",
	"com.datadoghq.kubernetes.batch.listCronJob",
}, defaultCommonActionFQNs...)

DefaultClusterAgentActionFQNs is a list of action FQNs that are enabled by default when the agent runs as a Cluster Agent flavor. Users can opt out by setting private_action_runner.default_actions_enabled to false.

Functions

func GetBundleInheritedAllowedActions 

func GetBundleInheritedAllowedActions(actionsAllowlist map[string]sets.Set[string]) map[string]sets.Set[string]

Types

type BundleInheritedAllowedAction 

type BundleInheritedAllowedAction struct {
	ActionFQN      string
	ExpectedPrefix string
}

BundleInheritedAllowedAction represents an action that is automatically allowed if at least one other action matching the expected prefix is allowed

type Config 

type Config struct {
	ActionsAllowlist      map[string]sets.Set[string] // map of allowed bundle IDs to a set of allowed action names
	Allowlist             []string
	AllowIMDSEndpoint     bool
	RShellAllowedPaths    []string
	RShellAllowedCommands []string
	DDHost                string
	DDApiHost             string
	Modes                 []modes.Mode
	OrgId                 int64
	PrivateKey            *ecdsa.PrivateKey
	RunnerId              string
	Urn                   string
	Tags                  []observability.Tag

	// RemoteConfig related fields
	DatadogSite string

	// the following are constants with default values. They are part of the config struct to allow for the ability to be overwritten in the YAML config file if needed
	MaxBackoff                 time.Duration
	MinBackoff                 time.Duration
	MaxAttempts                int32
	WaitBeforeRetry            time.Duration
	LoopInterval               time.Duration
	OpmsRequestTimeout         int32
	RunnerPoolSize             int32
	HealthCheckInterval        int32
	HttpServerReadTimeout      int32
	HttpServerWriteTimeout     int32
	HTTPTimeout                time.Duration
	TaskTimeoutSeconds         *int32
	RunnerAccessTokenHeader    string
	RunnerAccessTokenIdHeader  string
	Port                       int32
	JWTRefreshInterval         time.Duration
	HealthCheckEndpoint        string
	HeartbeatInterval          time.Duration
	EnableProfiling            bool
	DisableCredentialTemplates bool

	Version string

	OpmsExtraHeaders map[string]string

	MetricsClient statsd.ClientInterface
}

func FromDDConfig 

func FromDDConfig(config config.Component) (*Config, error)

func (*Config) IdentityIsIncomplete 

func (c *Config) IdentityIsIncomplete() bool

func (*Config) IsActionAllowed 

func (c *Config) IsActionAllowed(bundleId, actionName string) bool

func (*Config) IsURLInAllowlist 

func (c *Config) IsURLInAllowlist(urlStr string) bool

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.