Skip to content

Update SSI auto-injection tests to validate workload selection policies#6501

Merged
gh-worker-dd-mergequeue-cf854d[bot] merged 19 commits intomainfrom
anna.cai/update-test-blocklist-auto-inject
Mar 30, 2026
Merged

Update SSI auto-injection tests to validate workload selection policies#6501
gh-worker-dd-mergequeue-cf854d[bot] merged 19 commits intomainfrom
anna.cai/update-test-blocklist-auto-inject

Conversation

@annacai21
Copy link
Copy Markdown
Contributor

@annacai21 annacai21 commented Mar 13, 2026
edited by atlassian bot
Loading

Motivation

These tests used to rely on commands listed in the SDK’s requirements.json (e.g. java -version, dotnet restore) being denied for auto-injection, and asserted on logs within the Go process such as “not injecting; on deny list”. With evaluation moving to requirements.bin, those commands are denied earlier by workload selection, before the Go process runs, so those Go log lines no longer appear and the old assertions fail.

Changes

  • Update assertions to use workload-selection specific logs from the C code instead of the Go process

Workflow

  1. ⚠️ Create your PR as draft ⚠️
  2. Work on you PR until the CI passes
  3. Mark it as ready for review
    • Test logic is modified? -> Get a review from RFC owner.
    • Framework is modified, or non obvious usage of it -> get a review from R&P team

🚀 Once your PR is reviewed and the CI green, you can merge it!

🛟 #apm-shared-testing 🛟

Reviewer checklist

  • Anything but tests/ or manifests/ is modified ? I have the approval from R&P team
  • A docker base image is modified?
    • the relevant build-XXX-image label is present
  • A scenario is added, removed or renamed?

INPLAT-1018

@github-actions
Copy link
Copy Markdown
Contributor

github-actions bot commented Mar 13, 2026
edited
Loading

CODEOWNERS have been resolved as:

manifests/java.yml                                                      @DataDog/asm-java @DataDog/apm-java
tests/auto_inject/test_blocklist_auto_inject.py                         @DataDog/system-tests-core
tests/test_the_test/scenarios.json                                      @DataDog/system-tests-core
utils/onboarding/injection_log_parser.py                                @DataDog/system-tests-core

@annacai21 annacai21 force-pushed the anna.cai/update-test-blocklist-auto-inject branch 7 times, most recently from 1fe69a4 to 8b93400 Compare March 27, 2026 04:08
@annacai21 annacai21 marked this pull request as ready for review March 27, 2026 12:33
@annacai21 annacai21 requested a review from a team as a code owner March 27, 2026 12:33
chatgpt-codex-connector[bot]
chatgpt-codex-connector bot reviewed Mar 27, 2026
View reviewed changes
Copy link
Copy Markdown

@chatgpt-codex-connector chatgpt-codex-connector bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

💡 Codex Review

Here are some automated review suggestions for this pull request.

Reviewed commit: f9628e250f

ℹ️ About Codex in GitHub

Codex has been enabled to automatically review pull requests in this repo. Reviews are triggered when you

  • Open a pull request for review
  • Mark a draft as ready
  • Comment "@codex review".

If Codex has suggestions, it will comment; otherwise it will react with 👍.

When you sign up for Codex through ChatGPT, Codex can also answer questions or update the PR, like "@codex address that feedback".

Comment thread tests/test_the_test/scenarios.json Outdated
"CONTAINER_AUTO_INJECTION_INSTALL_SCRIPT_APPSEC"
],
"tests/auto_inject/test_blocklist_auto_inject.py::TestAutoInjectBlockListInstallManualHost::test_builtin_block_commands": [
"tests/auto_inject/test_auto_inject_workload_selection.py::TestAutoInjectWorkloadSelectionInstallManualHost::test_commands_excluded_by_workload_policy": [
Copy link
Copy Markdown

@chatgpt-codex-connector chatgpt-codex-connector bot Mar 27, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

P2 Badge Align scenario map nodeids with renamed test methods

The scenario map now references nodeids such as test_commands_excluded_by_workload_policy/test_args_*, but the renamed test file defines test_no_language_found_commands, test_commands_denied_by_workload_selection, and test_commands_allowed_by_workload_selection instead (tests/auto_inject/test_auto_inject_workload_selection.py, lines 77/93/112). Because compute_libraries_and_scenarios.py matches manifest changes by nodeid prefix, manifest updates targeting the real method names will no longer resolve to INSTALLER_AUTO_INJECTION, causing CI scenario selection to miss these tests.

Useful? React with 👍 / 👎.

@annacai21 annacai21 changed the title Update SSI auto-injection tests to validate workload selection policies (replace deny list) Update SSI auto-injection tests to validate workload selection policies Mar 27, 2026
@annacai21 annacai21 force-pushed the anna.cai/update-test-blocklist-auto-inject branch from 366538d to bbcd9c0 Compare March 27, 2026 13:08
@annacai21 annacai21 force-pushed the anna.cai/update-test-blocklist-auto-inject branch from bbcd9c0 to 72042ae Compare March 27, 2026 13:17
@annacai21 annacai21 requested review from a team as code owners March 27, 2026 13:25
@annacai21 annacai21 force-pushed the anna.cai/update-test-blocklist-auto-inject branch from e922a18 to 72042ae Compare March 27, 2026 13:26
@annacai21 annacai21 requested review from a team, claponcet, daniel-romano-DD and mhlidd March 27, 2026 13:47
natitsechanski
natitsechanski approved these changes Mar 27, 2026
View reviewed changes
Copy link
Copy Markdown
Contributor

@natitsechanski natitsechanski left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

lgtm

@gh-worker-dd-mergequeue-cf854d gh-worker-dd-mergequeue-cf854d bot merged commit fe4c8b8 into main Mar 30, 2026
6641 of 6750 checks passed
@gh-worker-dd-mergequeue-cf854d gh-worker-dd-mergequeue-cf854d bot deleted the anna.cai/update-test-blocklist-auto-inject branch March 30, 2026 12:05
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@chatgpt-codex-connector chatgpt-codex-connector[bot] chatgpt-codex-connector[bot] left review comments

@pawelchcki pawelchcki pawelchcki approved these changes

@robertomonteromiguel robertomonteromiguel robertomonteromiguel approved these changes

@natitsechanski natitsechanski natitsechanski approved these changes

@mhlidd mhlidd Awaiting requested review from mhlidd mhlidd is a code owner automatically assigned from DataDog/apm-java

@claponcet claponcet Awaiting requested review from claponcet claponcet is a code owner automatically assigned from DataDog/asm-java

@daniel-romano-DD daniel-romano-DD Awaiting requested review from daniel-romano-DD daniel-romano-DD is a code owner automatically assigned from DataDog/asm-java

Assignees

No one assigned

Labels

mergequeue-status: done

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

4 participants

@annacai21 @pawelchcki @robertomonteromiguel @natitsechanski