Add config files for datadog seucirty

degica · Feb 27, 2024 · 67dc3cf · 67dc3cf
1 parent a764be2
commit 67dc3cf
Show file tree

Hide file tree

Showing 2 changed files with 34 additions and 0 deletions.
diff --git a/lib/barcelona/plugins/datadog_plugin.rb b/lib/barcelona/plugins/datadog_plugin.rb
@@ -72,6 +72,22 @@ def add_files!(user_data)
             - role:app
         DATADOG_YAML
 
+        user_data.add_file("/etc/datadog-agent/system-probe.yaml", "root:root", "000755", <<~YAML)
+          runtime_security_config:
+            enabled: true
+        YAML
+
+        user_data.add_file("/etc/datadog-agent/security-agent.yaml", "root:root", "000755", <<~YAML)
+          runtime_security_config:
+            enabled: true
+          runtime_security_config:
+            enabled: true
+          compliance_config:
+            enabled: true
+            host_benchmarks:
+              enabled: true
+        YAML
+
         user_data.add_file("/etc/datadog-agent/conf.d/docker.d/docker_daemon.yaml", "root:root", "000755", <<~YAML)
           init_config:
           instances:

diff --git a/spec/lib/barcelona/plugins/datadog_plugin_spec.rb b/spec/lib/barcelona/plugins/datadog_plugin_spec.rb
@@ -33,6 +33,24 @@ module Plugins
           expect(agent_config_hash['logs_enabled']).to eq(true)
           expect(agent_config_hash['runtime_security_config']['enabled']).to eq(true)
         end
+
+        it "installs system-probe config file" do
+          system_probe_config = user_data['write_files'].find do |f|
+            f['path'] == '/etc/datadog-agent/system-probe.yaml'
+          end
+          system_probe_config_hash = YAML.load(system_probe_config['content'])
+          expect(system_probe_config_hash['runtime_security_config']['enabled']).to eq(true)
+        end
+
+        it "installs security-agent config file" do
+          security_agent_config = user_data['write_files'].find do |f|
+            f['path'] == '/etc/datadog-agent/security-agent.yaml'
+          end
+          security_agent_config_hash = YAML.load(security_agent_config['content'])
+          expect(security_agent_config_hash['runtime_security_config']['enabled']).to eq(true)
+          expect(security_agent_config_hash['compliance_config']['enabled']).to eq(true)
+          expect(security_agent_config_hash['compliance_config']['host_benchmarks']['enabled']).to eq(true)
+        end
       end
     end
   end