Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

The returnArg of TracingPolicy does not work as documented #3369

Closed
z63d opened this issue Feb 7, 2025 · 2 comments · Fixed by #3388
Closed

The returnArg of TracingPolicy does not work as documented #3369

z63d opened this issue Feb 7, 2025 · 2 comments · Fixed by #3388
Labels
kind/bug Something isn't working

Comments

@z63d
Copy link
Contributor

z63d commented Feb 7, 2025

What happened?

The document describes the following TracingPolicy. However, when I apply this, an error occurs.
https://tetragon.io/docs/concepts/tracing-policy/hooks/#return-values

apiVersion: cilium.io/v1alpha1
kind: TracingPolicy
metadata:
  name: "sample"
spec:
  kprobes:
  - call: "sk_alloc"
    syscall: false
    return: true
    args:
    - index: 1
      type: int
      label: "family"
    returnArg:
      type: sock

❯ kubectl apply -f sample-tracing-policy.yaml
The TracingPolicy "sample" is invalid: spec.kprobes[0].returnArg.index: Required value

Checking the TracingPolicy CRD, the following format seems to be correct:

apiVersion: cilium.io/v1alpha1
kind: TracingPolicy
metadata:
  name: "sample"
spec:
  kprobes:
  - call: "sk_alloc"
    syscall: false
    return: true
    args:
    - index: 1
      type: int
      label: "family"
    returnArg:
      index: 0
      type: sock

❯ kubectl apply -f sample-tracing-policy.yaml
tracingpolicy.cilium.io/sample created

Is this the expected behavior?
If this is a mistake in the documentation, I will fix it.

Tetragon Version

1.3.0

Kernel Version

6.12.10-orbstack-00297-gf8f6e015b993

Kubernetes Version

1.32.0

Bugtool

No response

Relevant log output



Anything else?


No response

      		
    

      
  





        

            


            

              
            

        

      


      
    








      

    



      

  
            

    

      
    

    


      

          @z63d
z63d




          added
  the 

  kind/bug

  Something isn't working
 label


      Feb 7, 2025

    

  








      

  
      



  

  @kkourt





  


    

      

  

    

        
    
    

  


      
          
  
      
            Copy link

  

      
    

  


  

      

  
    Contributor


      

  


  

    

      

      
            kkourt
  

      

      

      commented


        Feb 10, 2025


      
    


  





      


        


  
    

      
          
As far as I can tell, the index is required even if it does not make sense for return arguments because it is not set as optional in the CRD: 

  

    

      tetragon/pkg/k8s/apis/cilium.io/v1alpha1/types.go
    

    

        Lines 60 to 62
      in
      0bf690a
    

  

  

    


        

          
           // +kubebuilder:validation:Minimum=0 
        


        

          
           // Position of the argument. 
        


        

          
           Index uint32 `json:"index"` 
        

    

  



.


So, indeed I think the docs are wrong. It would be great if you could submit a PR to fix them.


We can also set the argument to optional since it does not make sense for return arguments, but that's another discussion.


CC: @mtardy


Thanks!

      		
    

  





        


            

            

              
            

        

      


      

            
  

    
  
    
    

  

  



    












      

  
          

  

    
  


  

      

    @z63d
z63d



    mentioned this issue
    
      Feb 12, 2025
    





  


  

      
   Merged

  







  









      

  
      



  

  @mtardy





  


    

      

  

    

        
    
    

  


      
          
  
      
            Copy link

  

      
    

  


  

      

  
  Member


      

  


  

    

      

      
            mtardy
  

      

      

      commented


        Feb 13, 2025


      
    


  





      


        


  
    

      
          
Yes agree, I imagine it's just because we reuse the same go struct with the kubebuilder validation things!




We can also set the argument to optional since it does not make sense for return arguments, but that's another discussion.




So that would require a proper struct but indeed that's another discussion, let's first fix the docs :)

      		
    

  





        


            

            

              
            

        

      


      

            
  

    
  
    
    

  

  



    












      

  
            

    











  
  

    

      

  





  




  
  

              

  
    Sign up for free
    to join this conversation on GitHub.
    Already have an account?
    Sign in to comment


  



  






  
                  




    

  


      
  

    Assignees
  



        

    No one assigned







      


  


  

    Labels
  



    

      

    kind/bug

  Something isn't working








      

  

    

        

    Projects
  


        




    None yet




  



      


  

    
  

    Milestone
  


      No milestone





    
      
          
  

    

      
        

          
    

    Development
  




            
  
Successfully merging a pull request may close this issue.





    


  
          
      fix: returnArg index of TracingPolicy is not specified

    
      z63d/tetragon
    





      
    

  


      

    

  
      

  

    

      3 participants
    

    

        
          @kkourt 
        
          @mtardy 
        
          @z63d