Skip to content

feat(config): add EnableSslTracing / DSsl flags for the OpenSSL L7 gadget#835

Closed
matthyx wants to merge 1 commit into
mainfrom
feat/ssl-tracing-config-flag
Closed

feat(config): add EnableSslTracing / DSsl flags for the OpenSSL L7 gadget#835
matthyx wants to merge 1 commit into
mainfrom
feat/ssl-tracing-config-flag

Conversation

@matthyx

@matthyx matthyx commented Jun 15, 2026
edited by coderabbitai Bot
Loading

Copy link
Copy Markdown
Contributor

What

Adds two config flags to config.Config:

  • EnableSslTracing (sslTracingEnabled) — enable the native OpenSSL TLS-capture (R-L7-1) gadget.
  • DSsl (dSsl) — disable override, mirroring the existing DHttp/dHttp pair.

Both default to false (zero value), so behavior is unchanged unless explicitly set. configuration/config.json documents sslTracingEnabled, and config_test.go asserts the default.

Why

armosec/private-node-agent ships a native OpenSSL uprobe gadget that captures decrypted TLS plaintext per-container and exports it as R-L7-1 records. It needs an off-by-default toggle following the same pattern as HTTP detection (EnableHttpDetection/DHttp).

Because config.Config lives here (not in private-node-agent), that gadget currently gates on a local ENABLE_SSL_TRACING env var as a stopgap. Adding the field upstream lets the gate move to the standard config mechanism — a two-line swap on the consumer side (cfg.EnableSslTracing instead of the env helper) once this is released.

Test

  • go build ./pkg/config/
  • go test ./pkg/config/ ✓ (the DeepEqual against the parsed configuration/config.json includes the new sslTracingEnabled: false)
  • gofmt clean; config.json validates.

🤖 Generated with Claude Code

Summary by CodeRabbit

  • Chores
    • Added a new configuration option to enable SSL tracing capabilities, with the feature disabled by default.

@matthyx @claude
feat(config): add EnableSslTracing / DSsl flags for the OpenSSL L7 ga…
57c3452 
…dget

armosec/private-node-agent ships a native OpenSSL TLS-capture gadget
(R-L7-1) that needs an off-by-default toggle, mirroring the HTTP detection
pair. config.Config is external to that repo, so it currently gates on a
local ENABLE_SSL_TRACING env var; adding the field here lets it move to the
standard config mechanism.

- EnableSslTracing (sslTracingEnabled): enable the SSL/TLS L7 capture gadget.
- DSsl (dSsl): disable override, mirroring DHttp/dHttp.

Both default to false (zero value), so behavior is unchanged unless set.
Sample configuration/config.json documents sslTracingEnabled; config_test
updated to assert the default.

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
@coderabbitai

coderabbitai Bot commented Jun 15, 2026
edited
Loading

Copy link
Copy Markdown

Review Change Stack

No actionable comments were generated in the recent review. 🎉

ℹ️ Recent review info
⚙️ Run configuration

Configuration used: defaults

Review profile: CHILL

Plan: Pro

Run ID: 06233d8c-9860-4fb2-aee7-ee01abe475a1

📥 Commits

Reviewing files that changed from the base of the PR and between 7edbd72 and 57c3452.

📒 Files selected for processing (3)
  • configuration/config.json
  • pkg/config/config.go
  • pkg/config/config_test.go
📝 Walkthrough

Walkthrough

Adds two new boolean fields (DSsl and EnableSslTracing) to the Config struct in pkg/config/config.go, adds the corresponding sslTracingEnabled key set to "false" in configuration/config.json, and updates the TestLoadConfig expectation to include EnableSslTracing: false.

Changes

SSL Tracing Configuration

Layer / File(s) Summary
Config struct fields, JSON default, and test expectation
pkg/config/config.go, configuration/config.json, pkg/config/config_test.go		 Config gains DSsl bool (mapstructure dSsl) and EnableSslTracing bool (mapstructure sslTracingEnabled); the JSON config file sets sslTracingEnabled to "false"; TestLoadConfig adds EnableSslTracing: false to the expected struct.

Estimated code review effort

🎯 1 (Trivial) | ⏱️ ~3 minutes

Poem

🐇 A flag for SSL, so small and so neat,
Just false in the JSON, a calm, quiet feat.
The struct gains two fields, the test gains one line,
All carefully placed in a tidy design.
Hop along, tracing — when you're ready, you'll shine! ✨

🚥 Pre-merge checks | ✅ 4 | ❌ 1

❌ Failed checks (1 warning)

Check name Status Explanation Resolution
Docstring Coverage ⚠️ Warning Docstring coverage is 0.00% which is insufficient. The required threshold is 80.00%. Write docstrings for the functions missing them to satisfy the coverage threshold.
✅ Passed checks (4 passed)
Check name Status Explanation
Description Check ✅ Passed Check skipped - CodeRabbit’s high-level summary is enabled.
Title check ✅ Passed The title clearly and specifically summarizes the main change: adding two new configuration flags (EnableSslTracing and DSsl) for OpenSSL L7 gadget support.
Linked Issues check ✅ Passed Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check ✅ Passed Check skipped because no linked issues were found for this pull request.

✏️ Tip: You can configure your own custom pre-merge checks in the settings.

✨ Finishing Touches
📝 Generate docstrings
  • Create stacked PR
  • Commit on current branch
🧪 Generate unit tests (beta)
  • Create PR with unit tests
  • Commit unit tests in branch feat/ssl-tracing-config-flag

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

Comment @coderabbitai help to get the list of available commands and usage tips.

@github-actions

github-actions Bot commented Jun 15, 2026

Copy link
Copy Markdown

Performance Benchmark Results

Node-Agent Resource Usage
Metric BEFORE AFTER Delta
Avg CPU (cores) 0.164 0.159 -2.9%
Peak CPU (cores) 0.173 0.168 -2.9%
Avg Memory (MiB) 336.104 279.142 -16.9%
Peak Memory (MiB) 339.277 287.582 -15.2%
Dedup Effectiveness

No data available.

@matthyx

matthyx commented Jun 15, 2026

Copy link
Copy Markdown
Contributor Author

Closing — these config fields aren't needed upstream after all; the consuming side no longer relies on an upstream config field for this. Thanks!

@matthyx matthyx closed this Jun 15, 2026
@matthyx matthyx moved this to To Archive in KS PRs tracking Jun 16, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

KS PRs tracking
Status: To Archive

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@matthyx