Merge branch 'release/v1.65.0' into samhazlehurst/bpop-1162-agent-pro…

…xy-snapshots-do-not-use-the-configured-proxy
observIQ · Nov 19, 2024 · ce69dda · ce69dda
2 parents 8789a6c + 8895796
commit ce69dda
Show file tree

Hide file tree

Showing 3 changed files with 218 additions and 0 deletions.
diff --git a/exporter/chronicleexporter/marshal.go b/exporter/chronicleexporter/marshal.go
@@ -254,6 +254,44 @@ func (m *protoMarshaler) getIngestionLabels(logRecord plog.LogRecord) ([]*api.La
 }
 
 func (m *protoMarshaler) getRawField(ctx context.Context, field string, logRecord plog.LogRecord, scope plog.ScopeLogs, resource plog.ResourceLogs) (string, error) {
+	switch field {
+	case "body":
+		switch logRecord.Body().Type() {
+		case pcommon.ValueTypeStr:
+			return logRecord.Body().Str(), nil
+		case pcommon.ValueTypeMap:
+			bytes, err := json.Marshal(logRecord.Body().AsRaw())
+			if err != nil {
+				return "", fmt.Errorf("marshal log body: %w", err)
+			}
+			return string(bytes), nil
+		}
+	case logTypeField:
+		attributes := logRecord.Attributes().AsRaw()
+		if logType, ok := attributes["log_type"]; ok {
+			if v, ok := logType.(string); ok {
+				return v, nil
+			}
+		}
+		return "", nil
+	case chronicleLogTypeField:
+		attributes := logRecord.Attributes().AsRaw()
+		if logType, ok := attributes["chronicle_log_type"]; ok {
+			if v, ok := logType.(string); ok {
+				return v, nil
+			}
+		}
+		return "", nil
+	case chronicleNamespaceField:
+		attributes := logRecord.Attributes().AsRaw()
+		if namespace, ok := attributes["chronicle_namespace"]; ok {
+			if v, ok := namespace.(string); ok {
+				return v, nil
+			}
+		}
+		return "", nil
+	}
+
 	lrExpr, err := expr.NewOTTLLogRecordExpression(field, m.teleSettings)
 	if err != nil {
 		return "", fmt.Errorf("raw_log_field is invalid: %s", err)

diff --git a/exporter/chronicleexporter/marshal_test.go b/exporter/chronicleexporter/marshal_test.go
@@ -535,3 +535,180 @@ func mockLogs(record plog.LogRecord) plog.Logs {
 	record.CopyTo(sl.LogRecords().AppendEmpty())
 	return logs
 }
+
+type getRawFieldCase struct {
+	name         string
+	field        string
+	logRecord    plog.LogRecord
+	scope        plog.ScopeLogs
+	resource     plog.ResourceLogs
+	expect       string
+	expectErrStr string
+}
+
+// Used by tests and benchmarks
+var getRawFieldCases = []getRawFieldCase{
+	{
+		name:  "String body",
+		field: "body",
+		logRecord: func() plog.LogRecord {
+			lr := plog.NewLogRecord()
+			lr.Body().SetStr("<Event xmlns='http://schemas.microsoft.com/win/2004/08/events/event'><System><Provider Name='Service Control Manager' Guid='{555908d1-a6d7-4695-8e1e-26931d2012f4}' EventSourceName='Service Control Manager'/><EventID Qualifiers='16384'>7036</EventID><Version>0</Version><Level>4</Level><Task>0</Task><Opcode>0</Opcode><Keywords>0x8080000000000000</Keywords><TimeCreated SystemTime='2024-11-08T18:51:13.504187700Z'/><EventRecordID>3562</EventRecordID><Correlation/><Execution ProcessID='604' ThreadID='4792'/><Channel>System</Channel><Computer>WIN-L6PC55MPB98</Computer><Security/></System><EventData><Data Name='param1'>Print Spooler</Data><Data Name='param2'>stopped</Data><Binary>530070006F006F006C00650072002F0031000000</Binary></EventData></Event>")
+			return lr
+		}(),
+		scope:    plog.NewScopeLogs(),
+		resource: plog.NewResourceLogs(),
+		expect:   "<Event xmlns='http://schemas.microsoft.com/win/2004/08/events/event'><System><Provider Name='Service Control Manager' Guid='{555908d1-a6d7-4695-8e1e-26931d2012f4}' EventSourceName='Service Control Manager'/><EventID Qualifiers='16384'>7036</EventID><Version>0</Version><Level>4</Level><Task>0</Task><Opcode>0</Opcode><Keywords>0x8080000000000000</Keywords><TimeCreated SystemTime='2024-11-08T18:51:13.504187700Z'/><EventRecordID>3562</EventRecordID><Correlation/><Execution ProcessID='604' ThreadID='4792'/><Channel>System</Channel><Computer>WIN-L6PC55MPB98</Computer><Security/></System><EventData><Data Name='param1'>Print Spooler</Data><Data Name='param2'>stopped</Data><Binary>530070006F006F006C00650072002F0031000000</Binary></EventData></Event>",
+	},
+	{
+		name:  "Empty body",
+		field: "body",
+		logRecord: func() plog.LogRecord {
+			lr := plog.NewLogRecord()
+			lr.Body().SetStr("")
+			return lr
+		}(),
+		scope:    plog.NewScopeLogs(),
+		resource: plog.NewResourceLogs(),
+		expect:   "",
+	},
+	{
+		name:  "Map body",
+		field: "body",
+		logRecord: func() plog.LogRecord {
+			lr := plog.NewLogRecord()
+			lr.Body().SetEmptyMap()
+			lr.Body().Map().PutStr("param1", "Print Spooler")
+			lr.Body().Map().PutStr("param2", "stopped")
+			lr.Body().Map().PutStr("binary", "530070006F006F006C00650072002F0031000000")
+			return lr
+		}(),
+		scope:    plog.NewScopeLogs(),
+		resource: plog.NewResourceLogs(),
+		expect:   `{"binary":"530070006F006F006C00650072002F0031000000","param1":"Print Spooler","param2":"stopped"}`,
+	},
+	{
+		name:  "Map body field",
+		field: "body[\"param1\"]",
+		logRecord: func() plog.LogRecord {
+			lr := plog.NewLogRecord()
+			lr.Body().SetEmptyMap()
+			lr.Body().Map().PutStr("param1", "Print Spooler")
+			lr.Body().Map().PutStr("param2", "stopped")
+			lr.Body().Map().PutStr("binary", "530070006F006F006C00650072002F0031000000")
+			return lr
+		}(),
+		scope:    plog.NewScopeLogs(),
+		resource: plog.NewResourceLogs(),
+		expect:   "Print Spooler",
+	},
+	{
+		name:  "Map body field missing",
+		field: "body[\"missing\"]",
+		logRecord: func() plog.LogRecord {
+			lr := plog.NewLogRecord()
+			lr.Body().SetEmptyMap()
+			lr.Body().Map().PutStr("param1", "Print Spooler")
+			lr.Body().Map().PutStr("param2", "stopped")
+			lr.Body().Map().PutStr("binary", "530070006F006F006C00650072002F0031000000")
+			return lr
+		}(),
+		scope:    plog.NewScopeLogs(),
+		resource: plog.NewResourceLogs(),
+		expect:   "",
+	},
+	{
+		name:  "Attribute log_type",
+		field: `attributes["log_type"]`,
+		logRecord: func() plog.LogRecord {
+			lr := plog.NewLogRecord()
+			lr.Attributes().PutStr("status", "200")
+			lr.Attributes().PutStr("log.file.name", "/var/log/containers/agent_agent_ns.log")
+			lr.Attributes().PutStr("log_type", "WINEVTLOG")
+			return lr
+		}(),
+		scope:    plog.NewScopeLogs(),
+		resource: plog.NewResourceLogs(),
+		expect:   "WINEVTLOG",
+	},
+	{
+		name:  "Attribute log_type missing",
+		field: `attributes["log_type"]`,
+		logRecord: func() plog.LogRecord {
+			lr := plog.NewLogRecord()
+			lr.Attributes().PutStr("status", "200")
+			lr.Attributes().PutStr("log.file.name", "/var/log/containers/agent_agent_ns.log")
+			return lr
+		}(),
+		scope:    plog.NewScopeLogs(),
+		resource: plog.NewResourceLogs(),
+		expect:   "",
+	},
+	{
+		name:  "Attribute chronicle_log_type",
+		field: `attributes["chronicle_log_type"]`,
+		logRecord: func() plog.LogRecord {
+			lr := plog.NewLogRecord()
+			lr.Attributes().PutStr("status", "200")
+			lr.Attributes().PutStr("log.file.name", "/var/log/containers/agent_agent_ns.log")
+			lr.Attributes().PutStr("chronicle_log_type", "MICROSOFT_SQL")
+			return lr
+		}(),
+		scope:    plog.NewScopeLogs(),
+		resource: plog.NewResourceLogs(),
+		expect:   "MICROSOFT_SQL",
+	},
+	{
+		name:  "Attribute chronicle_namespace",
+		field: `attributes["chronicle_namespace"]`,
+		logRecord: func() plog.LogRecord {
+			lr := plog.NewLogRecord()
+			lr.Attributes().PutStr("status", "200")
+			lr.Attributes().PutStr("log_type", "k8s-container")
+			lr.Attributes().PutStr("log.file.name", "/var/log/containers/agent_agent_ns.log")
+			lr.Attributes().PutStr("chronicle_log_type", "MICROSOFT_SQL")
+			lr.Attributes().PutStr("chronicle_namespace", "test")
+			return lr
+		}(),
+		scope:    plog.NewScopeLogs(),
+		resource: plog.NewResourceLogs(),
+		expect:   "test",
+	},
+}
+
+func Test_getRawField(t *testing.T) {
+	for _, tc := range getRawFieldCases {
+		t.Run(tc.name, func(t *testing.T) {
+			m := &protoMarshaler{}
+			m.teleSettings.Logger = zap.NewNop()
+
+			ctx := context.Background()
+
+			rawField, err := m.getRawField(ctx, tc.field, tc.logRecord, tc.scope, tc.resource)
+			if tc.expectErrStr != "" {
+				require.Contains(t, err.Error(), tc.expectErrStr)
+				return
+			}
+
+			require.NoError(t, err)
+			require.Equal(t, tc.expect, rawField)
+		})
+	}
+}
+
+func Benchmark_getRawField(b *testing.B) {
+	m := &protoMarshaler{}
+	m.teleSettings.Logger = zap.NewNop()
+
+	ctx := context.Background()
+
+	for _, tc := range getRawFieldCases {
+		b.ResetTimer()
+		b.Run(tc.name, func(b *testing.B) {
+			for i := 0; i < b.N; i++ {
+				_, _ = m.getRawField(ctx, tc.field, tc.logRecord, tc.scope, tc.resource)
+			}
+		})
+	}
+
+}
diff --git a/scripts/install/install_unix.sh b/scripts/install/install_unix.sh
@@ -183,6 +183,9 @@ Usage:
       set to configure the agent version.
       Example: '-v 1.2.12' will download 1.2.12.
 
+  $(fg_yellow '-r, --uninstall')
+      Stops the agent services and uninstalls the agent.
+
   $(fg_yellow '-l, --url')
       Defines the URL that the components will be downloaded from.
       If not provided, this will default to BindPlane Agent\'s GitHub releases.