prometheus support locally managed

2025-11-17 09:45:29 +03:00 · 2025-11-09 13:39:50 +02:00
2 changed files with 32 additions and 35 deletions
--- a/build_system/docker/entry.sh
+++ b/build_system/docker/entry.sh
@@ -36,7 +36,7 @@ if [ ! -f /nano-service-installers/$ORCHESTRATION_INSTALLATION_SCRIPT ]; then
    exit 1
 fi
-if [ -z "$1" ]; then
+if [ -z $1 ]; then
    var_mode="--hybrid_mode"
 fi
@@ -60,30 +60,30 @@ while true; do
    shift
 done
-if [ -z "$var_token" ] && [ "$var_mode" != "--hybrid_mode" ]; then
+if [ -z $var_token ] && [ $var_mode != "--hybrid_mode" ]; then
    var_token=$(env | grep 'AGENT_TOKEN=' | cut -d'=' -f2-)
-    if  [ -z "$var_token" ]; then
+    if  [ -z $var_token ]; then
        echo "Error: Token was not provided as input argument."
        exit 1
    fi
 fi
 orchestration_service_installation_flags="--container_mode --skip_registration"
-if [ -n "$var_token" ]; then
+if [ ! -z $var_token ]; then
    export AGENT_TOKEN="$var_token"
    orchestration_service_installation_flags="$orchestration_service_installation_flags --token $var_token"
 fi
-if [ -n "$var_fog_address" ]; then
+if [ ! -z $var_fog_address ]; then
    orchestration_service_installation_flags="$orchestration_service_installation_flags --fog $var_fog_address"
 fi
-if [ -n "$var_proxy" ]; then
+if [ ! -z $var_proxy ]; then
    orchestration_service_installation_flags="$orchestration_service_installation_flags --proxy $var_proxy"
 fi
-if [ -n "$var_mode" ]; then
+if [ ! -z $var_mode ]; then
    orchestration_service_installation_flags="$orchestration_service_installation_flags $var_mode"
 fi
-if [ -n "$var_ignore" ]; then
+if [ ! -z "$var_ignore" ]; then
    orchestration_service_installation_flags="$orchestration_service_installation_flags $var_ignore"
 fi
@@ -114,7 +114,7 @@ fi
 # use advanced model if exist as data for agent
 FILE=/advanced-model/open-appsec-advanced-model.tgz
 if [ -f "$FILE" ]; then
-    tar -xzvf "$FILE" -C /etc/cp/conf/waap
+    tar -xzvf $FILE -C /etc/cp/conf/waap
 fi
 touch /etc/cp/watchdog/wd.startup
--- a/components/security_apps/local_policy_mgmt_gen/k8s_policy_utils.cc
+++ b/components/security_apps/local_policy_mgmt_gen/k8s_policy_utils.cc
@@ -515,63 +515,60 @@ K8sPolicyUtils::createAppsecPolicyK8sFromV1beta2Crds(
 }
 // LCOV_EXCL_STOP
-tuple<Maybe<AppsecLinuxPolicy>, Maybe<V1beta2AppsecLinuxPolicy>>
+std::tuple<Maybe<AppsecLinuxPolicy>, Maybe<V1beta2AppsecLinuxPolicy>>
 K8sPolicyUtils::createAppsecPolicyK8s(const string &policy_name, const string &ingress_mode) const
 {
    auto maybe_appsec_policy_spec = getObjectFromCluster<AppsecSpecParser<AppsecPolicySpec>>(
        "/apis/openappsec.io/v1beta1/policies/" + policy_name
    );
    if (!maybe_appsec_policy_spec.ok() ||
        maybe_appsec_policy_spec.unpack().getApiVersion().find("v1beta1") == std::string::npos
    ) {
        try {
            std::string v1beta1_error =
                maybe_appsec_policy_spec.ok() ? "There is no v1beta1 policy" : maybe_appsec_policy_spec.getErr();
            dbgWarning(D_LOCAL_POLICY
            ) << "Failed to retrieve Appsec policy with crds version: v1beta1, Trying version: v1beta2";
            string ns_suffix = getAppSecScopeType() == "namespaced" ? "ns" : "";
            string ns = getAppSecScopeType() == "namespaced" ? "namespaces/" : "";
            auto maybe_v1beta2_appsec_policy_spec = getObjectFromCluster<AppsecSpecParser<NewAppsecPolicySpec>>(
                "/apis/openappsec.io/v1beta2/" + ns + agent_ns + "policies" + ns_suffix + "/" + policy_name
            );
-    if (!maybe_v1beta2_appsec_policy_spec.ok() ||
+            if (!maybe_v1beta2_appsec_policy_spec.ok()) {
        maybe_v1beta2_appsec_policy_spec.unpack().getApiVersion().find("v1beta2") == std::string::npos
    ) {
        try {
            string policy_error = maybe_v1beta2_appsec_policy_spec.getErr();
            string v1beta2_error =
                maybe_v1beta2_appsec_policy_spec.ok() ? "There is no v1beta2 policy" : policy_error;
            dbgWarning(D_LOCAL_POLICY
            ) << "Failed to retrieve Appsec policy with crds version: v1beta1, Trying version: v1beta2";
            auto maybe_appsec_policy_spec = getObjectFromCluster<AppsecSpecParser<AppsecPolicySpec>>(
                "/apis/openappsec.io/v1beta1/policies/" + policy_name
            );
            if (!maybe_appsec_policy_spec.ok()) {
                dbgWarning(D_LOCAL_POLICY)
-                    << "Failed to retrieve AppSec policy. Error: " << maybe_appsec_policy_spec.getErr();
+                    << "Failed to retrieve AppSec policy. Error: " << maybe_v1beta2_appsec_policy_spec.getErr();
                return std::make_tuple(
-                    genError("Failed to retrieve AppSec v1beta1 policy. Error: " + maybe_appsec_policy_spec.getErr()),
+                    genError("Failed to retrieve AppSec v1beta1 policy. Error: " + v1beta1_error),
                    genError(
-                        "Failed to retrieve AppSec v1beta2 policy. Error: " + v1beta2_error
+                        "Failed to retrieve AppSec v1beta2 policy. Error: " + maybe_v1beta2_appsec_policy_spec.getErr()
                    )
                );
            }
            return std::make_tuple(
-                createAppsecPolicyK8sFromV1beta1Crds(maybe_appsec_policy_spec.unpack(), ingress_mode),
+                genError("There is no v1beta1 policy"),
-                genError("There is no v1beta2 policy")
+                createAppsecPolicyK8sFromV1beta2Crds(maybe_v1beta2_appsec_policy_spec.unpack(), ingress_mode)
            );
        } catch (const PolicyGenException &e) {
            dbgDebug(D_LOCAL_POLICY) << "Failed in policy generation. Error: " << e.what();
-            return make_tuple(
+            return std::make_tuple(
                genError("There is no v1beta1 policy"),
                genError("Failed to retrieve AppSec v1beta2 policy. Error: " + string(e.what()))
            );
        }
    }
-    return make_tuple(
+    return std::make_tuple(
-        genError("There is no v1beta1 policy"),
+        createAppsecPolicyK8sFromV1beta1Crds(maybe_appsec_policy_spec.unpack(), ingress_mode),
-        createAppsecPolicyK8sFromV1beta2Crds(maybe_v1beta2_appsec_policy_spec.unpack(), ingress_mode)
+        genError("There is no v1beta2 policy"));
    );
 }
 template<class T, class K>
 void
 K8sPolicyUtils::createPolicyFromIngress(
    T &appsec_policy,
-    map<string, T> &policies,
+    map<std::string, T> &policies,
    map<AnnotationKeys, string> &annotations_values,
    const SingleIngressData &item) const
 {
@@ -611,7 +608,7 @@ template<class T, class K>
 void
 K8sPolicyUtils::createPolicyFromActivation(
    T &appsec_policy,
-    map<string, T> &policies,
+    map<std::string, T> &policies,
    const EnabledPolicy &policy) const
 {
    if (policies.find(policy.getName()) == policies.end()) {