-
Notifications
You must be signed in to change notification settings - Fork 424
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
feat(dependencies): further adopt dependencies API to ksymbols and probes #3967
feat(dependencies): further adopt dependencies API to ksymbols and probes #3967
Conversation
This PR was extracted from #3965 and will serve it for its logic |
This however won't solve the issue that we need to update the |
34ba958
to
89b530b
Compare
For sure, could you put TODO comments? |
5542f04
to
706ea06
Compare
d44a759
to
578bbb6
Compare
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I want to go over the logic again later this week.
return false, nil | ||
} | ||
|
||
// second stage: validate events |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I have added support for unexpected events only in this function (ExpectAtLeastOneForEach
) as I only used this one.
If its seems good to you @NDStrahilevitz I can add it to all other functions as well.
I admit that I think that the current API created by @geyslan is a bit too complicated - it has too many functions so the differences between them is hard to understand. Anyways this PR is not about the testing infrastructure, so I only open it here for discussion.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I admit that I think that the current API created by @geyslan is a bit too complicated
I agree with you @AlonZivony. Integration API must be rethought.
c134e0b
to
eaf952a
Compare
eaf952a
to
4d3a9bf
Compare
After a conversation with @yanivagman we arrived to the following problems that should be addressed with the watchers mechanism:
|
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Nice work @AlonZivony
The automatic handling of event dependencies will make it easier to implement dynamic policy modification in the future. @geyslan FYI
4d3a9bf
to
0f62fe0
Compare
846ccee
to
e582e84
Compare
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Mostly nit comments,
great work!
- A rebase is required
- Please fix race condition as discussed offline
- Consider changing the order of remove watchers
a33dd49
to
b016ebd
Compare
Add the option to track probes dependencies as node in the manager. With this addition, the API was changed to support many node types. The watchers interface was made more generic, and Actions were introduced. The only supported Action currently available is node addition cancellation.
Introduced a watcher to the dependencies manager that tracks event additions and validates that the event's ksymbols are available. If the required symbols are missing, the watcher will cancel the event via the manager. Updated the current validation process to be per-event to align with the watcher's API.
Introduced watchers to the dependencies manager that track probe additions and removals, and attach or detach them accordingly. If a probe attach fails, the watcher will cancel the operation.
…ager Add e2e tests for the use of the dependencies manager in Tracee. The test verifies that the ksymbols validation and attachments and detachments work well after the change.
b016ebd
to
5f1f181
Compare
1. Explain what the PR does
This PR expands and uses the dependencies API introduced in #3931 for other events dependencies handling.
It adds the probes dependencies to the dependencies manager, and use it to manage probes cancelling.
This PR also add the dependencies watchers for adding and removing the probes, and use the dependencies to cancel events with missing ksymbols.
Fix #3933
2. Explain how to test it
3. Other comments