[RCM-632] Add UUID in request (#15088)

* Add org uuid field * Add org uuid in request * Remove generate file * Comment exported method
DataDog · Jan 17, 2023 · 24caf73 · 24caf73
1 parent 552a7d7
commit 24caf73
Show file tree

Hide file tree

Showing 6 changed files with 230 additions and 183 deletions.
diff --git a/pkg/config/remote/service/service.go b/pkg/config/remote/service/service.go
@@ -84,6 +84,7 @@ type uptaneClient interface {
 	Update(response *pbgo.LatestConfigsResponse) error
 	State() (uptane.State, error)
 	DirectorRoot(version uint64) ([]byte, error)
+	StoredOrgUUID() (string, error)
 	Targets() (data.TargetFiles, error)
 	TargetFile(path string) ([]byte, error)
 	TargetsMeta() ([]byte, error)
@@ -267,7 +268,12 @@ func (s *Service) refresh() error {
 	if err != nil {
 		log.Warnf("could not get previous backend client state: %v", err)
 	}
-	request := buildLatestConfigsRequest(s.hostname, s.traceAgentEnv, previousState, activeClients, s.products, s.newProducts, s.lastUpdateErr, clientState)
+	orgUUID, err := s.uptane.StoredOrgUUID()
+	if err != nil {
+		return err
+	}
+
+	request := buildLatestConfigsRequest(s.hostname, s.traceAgentEnv, orgUUID, previousState, activeClients, s.products, s.newProducts, s.lastUpdateErr, clientState)
 	s.Unlock()
 	ctx := context.Background()
 	response, err := s.api.Fetch(ctx, request)

diff --git a/pkg/config/remote/service/service_test.go b/pkg/config/remote/service/service_test.go
@@ -66,6 +66,11 @@ func (m *mockUptane) DirectorRoot(version uint64) ([]byte, error) {
 	return args.Get(0).([]byte), args.Error(1)
 }
 
+func (m *mockUptane) StoredOrgUUID() (string, error) {
+	args := m.Called()
+	return args.Get(0).(string), args.Error(1)
+}
+
 func (m *mockUptane) Targets() (data.TargetFiles, error) {
 	args := m.Called()
 	return args.Get(0).(data.TargetFiles), args.Error(1)
@@ -133,7 +138,9 @@ func TestServiceBackoffFailure(t *testing.T) {
 		CurrentDirectorRootVersion:   0,
 		Products:                     []string{},
 		NewProducts:                  []string{},
+		OrgUuid:                      "abcdef",
 	}).Return(lastConfigResponse, errors.New("simulated HTTP error"))
+	uptaneClient.On("StoredOrgUUID").Return("abcdef", nil)
 	uptaneClient.On("TUFVersionState").Return(uptane.TUFVersions{}, nil)
 	uptaneClient.On("Update", lastConfigResponse).Return(nil)
 	uptaneClient.On("TargetsCustom").Return([]byte{}, nil)
@@ -158,7 +165,9 @@ func TestServiceBackoffFailure(t *testing.T) {
 		NewProducts:                  []string{},
 		HasError:                     true,
 		Error:                        httpError,
+		OrgUuid:                      "abcdef",
 	}).Return(lastConfigResponse, errors.New("simulated HTTP error"))
+	uptaneClient.On("StoredOrgUUID").Return("abcdef", nil)
 	uptaneClient.On("TUFVersionState").Return(uptane.TUFVersions{}, nil)
 	uptaneClient.On("Update", lastConfigResponse).Return(nil)
 	uptaneClient.On("TargetsCustom").Return([]byte{}, nil)
@@ -208,7 +217,9 @@ func TestServiceBackoffFailureRecovery(t *testing.T) {
 		CurrentDirectorRootVersion:   0,
 		Products:                     []string{},
 		NewProducts:                  []string{},
+		OrgUuid:                      "abcdef",
 	}).Return(lastConfigResponse, nil)
+	uptaneClient.On("StoredOrgUUID").Return("abcdef", nil)
 	uptaneClient.On("TUFVersionState").Return(uptane.TUFVersions{}, nil)
 	uptaneClient.On("Update", lastConfigResponse).Return(nil)
 	uptaneClient.On("TargetsCustom").Return([]byte{}, nil)
@@ -334,7 +345,9 @@ func TestService(t *testing.T) {
 		CurrentDirectorRootVersion:   0,
 		Products:                     []string{},
 		NewProducts:                  []string{},
+		OrgUuid:                      "abcdef",
 	}).Return(lastConfigResponse, nil)
+	uptaneClient.On("StoredOrgUUID").Return("abcdef", nil)
 	uptaneClient.On("TUFVersionState").Return(uptane.TUFVersions{}, nil)
 	uptaneClient.On("Update", lastConfigResponse).Return(nil)
 	uptaneClient.On("TargetsCustom").Return([]byte{}, nil)
@@ -368,6 +381,7 @@ func TestService(t *testing.T) {
 	}
 	fileAPM1 := []byte(`testapm1`)
 	fileAPM2 := []byte(`testapm2`)
+	uptaneClient.On("StoredOrgUUID").Return("abcdef", nil)
 	uptaneClient.On("TargetsMeta").Return(targets, nil)
 	uptaneClient.On("TargetsCustom").Return(testTargetsCustom, nil)
 
@@ -417,6 +431,7 @@ func TestService(t *testing.T) {
 		BackendClientState: []byte(`test_state`),
 		HasError:           false,
 		Error:              "",
+		OrgUuid:            "abcdef",
 	}).Return(lastConfigResponse, nil)
 
 	service.clients.seen(client) // Avoid blocking on channel sending when nothing is at the other end
@@ -476,6 +491,7 @@ func TestServiceClientPredicates(t *testing.T) {
 			AppVersion: "1",
 		},
 	}
+	uptaneClient.On("StoredOrgUUID").Return("abcdef", nil)
 	uptaneClient.On("TargetsMeta").Return([]byte(`{"signed": "testtargets"}`), nil)
 	uptaneClient.On("TargetsCustom").Return([]byte(`{"opaque_backend_state":"dGVzdF9zdGF0ZQ=="}`), nil)
 
@@ -523,6 +539,7 @@ func TestServiceClientPredicates(t *testing.T) {
 		BackendClientState: []byte(`test_state`),
 		HasError:           false,
 		Error:              "",
+		OrgUuid:            "abcdef",
 	}).Return(lastConfigResponse, nil)
 
 	service.clients.seen(client) // Avoid blocking on channel sending when nothing is at the other end
@@ -561,10 +578,12 @@ func TestServiceGetRefreshIntervalNone(t *testing.T) {
 		Products:                     []string{},
 		NewProducts:                  []string{},
 		BackendClientState:           []byte("test_state"),
+		OrgUuid:                      "abcdef",
 	}).Return(lastConfigResponse, nil)
 
 	// No explicit refresh interval is provided by the backend
 	testTargetsCustomNoOverride := []byte(`{"opaque_backend_state":"dGVzdF9zdGF0ZQ=="}`)
+	uptaneClient.On("StoredOrgUUID").Return("abcdef", nil)
 	uptaneClient.On("TUFVersionState").Return(uptane.TUFVersions{}, nil)
 	uptaneClient.On("Update", lastConfigResponse).Return(nil)
 	uptaneClient.On("TargetsCustom").Return(testTargetsCustomNoOverride, nil)
@@ -596,10 +615,12 @@ func TestServiceGetRefreshIntervalValid(t *testing.T) {
 		Products:                     []string{},
 		NewProducts:                  []string{},
 		BackendClientState:           []byte("test_state"),
+		OrgUuid:                      "abcdef",
 	}).Return(lastConfigResponse, nil)
 
 	// An acceptable refresh interval is provided by the backend
 	testTargetsCustomOk := []byte(`{"opaque_backend_state":"dGVzdF9zdGF0ZQ==", "agent_refresh_interval": 42}`)
+	uptaneClient.On("StoredOrgUUID").Return("abcdef", nil)
 	uptaneClient.On("TUFVersionState").Return(uptane.TUFVersions{}, nil)
 	uptaneClient.On("Update", lastConfigResponse).Return(nil)
 	uptaneClient.On("TargetsCustom").Return(testTargetsCustomOk, nil)
@@ -631,10 +652,12 @@ func TestServiceGetRefreshIntervalTooSmall(t *testing.T) {
 		Products:                     []string{},
 		NewProducts:                  []string{},
 		BackendClientState:           []byte("test_state"),
+		OrgUuid:                      "abcdef",
 	}).Return(lastConfigResponse, nil)
 
 	// A too small refresh interval is provided by the backend (the refresh interval should not change)
 	testTargetsCustomOverrideOutOfRangeSmall := []byte(`{"opaque_backend_state":"dGVzdF9zdGF0ZQ==", "agent_refresh_interval": -1}`)
+	uptaneClient.On("StoredOrgUUID").Return("abcdef", nil)
 	uptaneClient.On("TUFVersionState").Return(uptane.TUFVersions{}, nil)
 	uptaneClient.On("Update", lastConfigResponse).Return(nil)
 	uptaneClient.On("TargetsCustom").Return(testTargetsCustomOverrideOutOfRangeSmall, nil)
@@ -666,10 +689,12 @@ func TestServiceGetRefreshIntervalTooBig(t *testing.T) {
 		Products:                     []string{},
 		NewProducts:                  []string{},
 		BackendClientState:           []byte("test_state"),
+		OrgUuid:                      "abcdef",
 	}).Return(lastConfigResponse, nil)
 
 	// A too large refresh interval is provided by the backend (the refresh interval should not change)
 	testTargetsCustomOverrideOutOfRangeBig := []byte(`{"opaque_backend_state":"dGVzdF9zdGF0ZQ==", "agent_refresh_interval": 500}`)
+	uptaneClient.On("StoredOrgUUID").Return("abcdef", nil)
 	uptaneClient.On("TUFVersionState").Return(uptane.TUFVersions{}, nil)
 	uptaneClient.On("Update", lastConfigResponse).Return(nil)
 	uptaneClient.On("TargetsCustom").Return(testTargetsCustomOverrideOutOfRangeBig, nil)
@@ -704,10 +729,12 @@ func TestServiceGetRefreshIntervalNoOverrideAllowed(t *testing.T) {
 		Products:                     []string{},
 		NewProducts:                  []string{},
 		BackendClientState:           []byte("test_state"),
+		OrgUuid:                      "abcdef",
 	}).Return(lastConfigResponse, nil)
 
 	// An interval is provided, but it should not be applied
 	testTargetsCustomOk := []byte(`{"opaque_backend_state":"dGVzdF9zdGF0ZQ==", "agent_refresh_interval": 42}`)
+	uptaneClient.On("StoredOrgUUID").Return("abcdef", nil)
 	uptaneClient.On("TUFVersionState").Return(uptane.TUFVersions{}, nil)
 	uptaneClient.On("Update", lastConfigResponse).Return(nil)
 	uptaneClient.On("TargetsCustom").Return(testTargetsCustomOk, nil)
@@ -752,6 +779,7 @@ func TestConfigExpiration(t *testing.T) {
 			AppVersion: "1",
 		},
 	}
+	uptaneClient.On("StoredOrgUUID").Return("abcdef", nil)
 	uptaneClient.On("TargetsMeta").Return([]byte(`{"signed": "testtargets"}`), nil)
 	uptaneClient.On("TargetsCustom").Return([]byte(`{"opaque_backend_state":"dGVzdF9zdGF0ZQ=="}`), nil)
 	uptaneClient.On("Targets").Return(data.TargetFiles{
@@ -783,6 +811,7 @@ func TestConfigExpiration(t *testing.T) {
 		BackendClientState: []byte(`test_state`),
 		HasError:           false,
 		Error:              "",
+		OrgUuid:            "abcdef",
 	}).Return(lastConfigResponse, nil)
 
 	service.clients.seen(client) // Avoid blocking on channel sending when nothing is at the other end

diff --git a/pkg/config/remote/service/util.go b/pkg/config/remote/service/util.go
@@ -154,7 +154,7 @@ func getRemoteConfigAuthKeys(apiKey string, rcKey string) (remoteConfigAuthKeys,
 	}, nil
 }
 
-func buildLatestConfigsRequest(hostname string, traceAgentEnv string, state uptane.TUFVersions, activeClients []*pbgo.Client, products map[data.Product]struct{}, newProducts map[data.Product]struct{}, lastUpdateErr error, clientState []byte) *pbgo.LatestConfigsRequest {
+func buildLatestConfigsRequest(hostname string, traceAgentEnv string, orgUUID string, state uptane.TUFVersions, activeClients []*pbgo.Client, products map[data.Product]struct{}, newProducts map[data.Product]struct{}, lastUpdateErr error, clientState []byte) *pbgo.LatestConfigsRequest {
 	productsList := make([]data.Product, len(products))
 	i := 0
 	for k := range products {
@@ -185,6 +185,7 @@ func buildLatestConfigsRequest(hostname string, traceAgentEnv string, state upta
 		HasError:                     lastUpdateErr != nil,
 		Error:                        lastUpdateErrString,
 		TraceAgentEnv:                traceAgentEnv,
+		OrgUuid:                      orgUUID,
 	}
 }
 

diff --git a/pkg/config/remote/uptane/client.go b/pkg/config/remote/uptane/client.go
@@ -249,7 +249,8 @@ func (c *Client) verify() error {
 	return nil
 }
 
-func (c *Client) storedOrgUUID() (string, error) {
+// StoredOrgUUID returns the org UUID given by the backend
+func (c *Client) StoredOrgUUID() (string, error) {
 	// This is an important block of code : to avoid being locked out
 	// of the agent in case of a wrong uuid being stored, we link an
 	// org UUID storage to a root version. What this means in practice
@@ -289,7 +290,7 @@ func (c *Client) verifyOrg() error {
 	// we can remove the orgUUID from the snapshot and they'll work
 	// again. This being said, this is last resort.
 	if custom.OrgUUID != nil {
-		orgUUID, err := c.storedOrgUUID()
+		orgUUID, err := c.StoredOrgUUID()
 		if err != nil {
 			return fmt.Errorf("could not obtain stored/remote orgUUID: %v", err)
 		}

diff --git a/pkg/proto/datadog/remoteconfig/remoteconfig.proto b/pkg/proto/datadog/remoteconfig/remoteconfig.proto
@@ -53,6 +53,7 @@ message LatestConfigsRequest {
   bool has_error = 11;
   string error = 12;
   string trace_agent_env = 13;
+  string org_uuid = 14;
 }
 
 message LatestConfigsResponse {