Skip to content

ROX-30390: Extract Update Computer#16452

Merged
vikin91 merged 17 commits intomasterfrom
piotr/ROX-30390-update-computer
Sep 1, 2025
Merged

ROX-30390: Extract Update Computer#16452
vikin91 merged 17 commits intomasterfrom
piotr/ROX-30390-update-computer

Conversation

@vikin91
Copy link
Contributor

@vikin91 vikin91 commented Aug 19, 2025
edited
Loading

🐑 Shepherd of this stack is @lvalerom and @rhybrillou (when back)

Description

This PR extracts the calculation logic for sending updates to Central. A new updateComputer package is introduced that is responsible for determining what should be sent to central and what skipped. In this PR, there is only one implementation of the updateComputer called Legacy. The Legacy implements the update calculation behavior without any changes to the logic.

Some metrics and dedicated tests are added for the new updateComputer package.

User-facing documentation

Testing and quality

  • the change is production ready: the change is GA, or otherwise the functionality is gated by a feature flag
  • CI results are inspected

Automated testing

  • added unit tests
  • added e2e tests
  • added regression tests
  • added compatibility tests
  • modified existing tests

How I validated my change

  • CI should be enough

@openshift-ci
Copy link

openshift-ci bot commented Aug 19, 2025

Skipping CI for Draft Pull Request.
If you want CI signal for your change, please convert it to an actual PR.
You can still manually trigger a test run with /test all

@red-hat-konflux

This comment was marked as off-topic.

Sign in to view
@vikin91
Copy link
Contributor Author

vikin91 commented Aug 19, 2025
edited
Loading

This change is part of the following stack:

Change managed by git-spice.

This was referenced Aug 19, 2025
Closed
Merged
@rhacs-bot
Copy link
Contributor

rhacs-bot commented Aug 19, 2025
edited
Loading

Images are ready for the commit at 3a951ff.

To use with deploy scripts, first export MAIN_IMAGE_TAG=4.9.x-578-g3a951fff64.

@codecov
Copy link

codecov bot commented Aug 19, 2025
edited
Loading

Codecov Report

❌ Patch coverage is 72.58065% with 34 lines in your changes missing coverage. Please review.
✅ Project coverage is 49.09%. Comparing base (7ae2bca) to head (9f663c4).
⚠️ Report is 12 commits behind head on master.

Files with missing lines Patch % Lines
sensor/common/networkflow/updatecomputer/legacy.go 70.87% 30 Missing ⚠️
sensor/common/networkflow/manager/manager_impl.go 80.95% 4 Missing ⚠️
Additional details and impacted files 
@@           Coverage Diff           @@
##           master   #16452   +/-   ##
=======================================
  Coverage   49.09%   49.09%           
=======================================
  Files        2649     2650    +1     
  Lines      196680   196706   +26     
=======================================
+ Hits        96551    96564   +13     
- Misses      92572    92588   +16     
+ Partials     7557     7554    -3
Flag Coverage Δ
go-unit-tests 49.09% <72.58%> (+<0.01%) ⬆️

Flags with carried forward coverage won't be shown. Click here to find out more.

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:
  • 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.

@vikin91
Copy link
Contributor Author

vikin91 commented Aug 20, 2025

/test all

Base automatically changed from piotr/ROX-30390-indicators to master August 21, 2025 07:47
@vikin91 vikin91 force-pushed the piotr/ROX-30390-update-computer branch from 942c125 to f65318b Compare August 21, 2025 08:38
sourcery-ai[bot]
sourcery-ai bot reviewed Aug 21, 2025
View reviewed changes
Copy link
Contributor

@sourcery-ai sourcery-ai bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Hey there - I've reviewed your changes - here's some feedback:

  • Consider making the UpdateComputer implementation injectable via NewManager options rather than hardcoding NewLegacy, to improve configurability and facilitate future implementations.
  • Since updateComputer is always initialized in NewManager, you can remove the redundant nil checks around m.updateComputer to simplify the code.
  • Add an integration test in networkFlowManager to ensure it correctly delegates to the UpdateComputer and maintains equivalent state transitions across ticks.
Prompt for AI Agents 
Please address the comments from this code review:
## Overall Comments
- Consider making the UpdateComputer implementation injectable via NewManager options rather than hardcoding NewLegacy, to improve configurability and facilitate future implementations.
- Since updateComputer is always initialized in NewManager, you can remove the redundant nil checks around m.updateComputer to simplify the code.
- Add an integration test in networkFlowManager to ensure it correctly delegates to the UpdateComputer and maintains equivalent state transitions across ticks.

## Individual Comments

### Comment 1
<location> `sensor/common/networkflow/updatecomputer/update_computer_test.go:154` </location>
<code_context>
+	}
+}
+
+func TestComputeUpdatedEndpoints(t *testing.T) {
+	entity1 := networkgraph.Entity{Type: storage.NetworkEntityInfo_DEPLOYMENT, ID: "deployment-1"}
+
</code_context>

<issue_to_address>
Endpoint update tests lack coverage for state transitions and removals.

Please add tests for endpoints transitioning from open to closed, and for endpoints that are removed from the state, to match the coverage of connection tests and address possible edge cases.
</issue_to_address>

<suggested_fix>
<<<<<<< SEARCH
func TestComputeUpdatedEndpoints(t *testing.T) {
	entity1 := networkgraph.Entity{Type: storage.NetworkEntityInfo_DEPLOYMENT, ID: "deployment-1"}

=======
func TestComputeUpdatedEndpoints(t *testing.T) {
	entity1 := networkgraph.Entity{Type: storage.NetworkEntityInfo_DEPLOYMENT, ID: "deployment-1"}

	// Endpoint transitions from open to closed
	t.Run("endpoint transitions from open to closed", func(t *testing.T) {
		openEndpoint := indicator.Endpoint{
			Entity:    entity1,
			Port:      8080,
			Protocol:  storage.L4Protocol_L4_PROTOCOL_TCP,
			State:     indicator.EndpointStateOpen,
			FirstSeen: timestamp.Now(),
		}
		closedEndpoint := openEndpoint
		closedEndpoint.State = indicator.EndpointStateClosed

		initialState := []*indicator.Endpoint{&openEndpoint}
		currentState := []*indicator.Endpoint{&closedEndpoint}

		computer := NewUpdateComputer()
		computer.UpdateState(nil, initialState, nil)
		updates := computer.ComputeUpdatedEndpoints(currentState)
		assert.Len(t, updates, 1)
		assert.Equal(t, indicator.EndpointStateClosed, updates[0].State)
	})

	// Endpoint removed from state
	t.Run("endpoint removed from state", func(t *testing.T) {
		endpoint := indicator.Endpoint{
			Entity:    entity1,
			Port:      8081,
			Protocol:  storage.L4Protocol_L4_PROTOCOL_TCP,
			State:     indicator.EndpointStateOpen,
			FirstSeen: timestamp.Now(),
		}

		initialState := []*indicator.Endpoint{&endpoint}
		currentState := []*indicator.Endpoint{}

		computer := NewUpdateComputer()
		computer.UpdateState(nil, initialState, nil)
		updates := computer.ComputeUpdatedEndpoints(currentState)
		// Expect an update indicating removal (implementation may vary)
		assert.True(t, len(updates) == 1 || len(updates) == 0, "Should handle endpoint removal gracefully")
	})
>>>>>>> REPLACE

</suggested_fix>

### Comment 2
<location> `sensor/common/networkflow/updatecomputer/update_computer_test.go:205` </location>
<code_context>
+
+// TestComputeUpdatedProcesses relies on exactly the same method as for endpoints.
+// Adding this test despite that to ensure test coverage.
+func TestComputeUpdatedProcesses(t *testing.T) {
+	process1 := indicator.ProcessListening{
+		Process: indicator.ProcessInfo{
</code_context>

<issue_to_address>
Process update tests do not verify feature flag behavior.

Please add a test case with ProcessesListeningOnPort set to false to confirm that no updates are produced when the flag is disabled.
</issue_to_address>
Sourcery is free for open source - if you like our reviews please consider sharing them ✨
Help me be more useful! Please click 👍 or 👎 on each comment and I'll use the feedback to improve your reviews.

@vikin91
Copy link
Contributor Author

vikin91 commented Aug 21, 2025

  • Consider making the UpdateComputer implementation injectable via NewManager options rather than hardcoding NewLegacy, to improve configurability and facilitate future implementations.
  • Since updateComputer is always initialized in NewManager, you can remove the redundant nil checks around m.updateComputer to simplify the code.

I did the first one in 40a11cd, so that the second one does not apply.

  • Add an integration test in networkFlowManager to ensure it correctly delegates to the UpdateComputer and maintains equivalent state transitions across ticks.

This feels huge as I would need to: (1) build a mock for update computer, (2) execute tests for networkFlowManager, (3) assert on the state of the mocked update computer. I can do that if human reviewers want that, but at this stage I consider it a bit of overkill.

@stackrox stackrox deleted a comment from openshift-ci bot Aug 21, 2025
@vikin91 vikin91 marked this pull request as ready for review August 21, 2025 15:56
@vikin91 vikin91 requested a review from a team as a code owner August 21, 2025 15:56
@vikin91 vikin91 requested a review from lvalerom August 21, 2025 15:56
sourcery-ai[bot]
sourcery-ai bot reviewed Aug 21, 2025
View reviewed changes
Copy link
Contributor

@sourcery-ai sourcery-ai bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Hey there - I've reviewed your changes and they look great!

Sourcery is free for open source - if you like our reviews please consider sharing them ✨
Help me be more useful! Please click 👍 or 👎 on each comment and I'll use the feedback to improve your reviews.

@vikin91 vikin91 mentioned this pull request Aug 25, 2025
Merged
10 tasks
@vikin91 vikin91 force-pushed the piotr/ROX-30390-update-computer branch from 40a11cd to 3a951ff Compare August 25, 2025 13:04
@vikin91 vikin91 added the auto-retest PRs with this label will be automatically retested if prow checks fails label Aug 26, 2025
@rhacs-bot
Copy link
Contributor

rhacs-bot commented Aug 26, 2025
edited
Loading

Images are ready for the commit at 6cd5354.

To use with deploy scripts, first export MAIN_IMAGE_TAG=4.9.x-585-g6cd5354659.

@vikin91 vikin91 mentioned this pull request Aug 26, 2025
Merged
9 tasks
janisz
janisz reviewed Aug 26, 2025
View reviewed changes
@janisz janisz requested a review from a team August 26, 2025 10:09
lvalerom
lvalerom reviewed Aug 26, 2025
View reviewed changes
Copy link
Contributor

@lvalerom lvalerom left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Looks good! I left a few comments but 99% of them are nitpicks. The only one that concerns me is the one regarding updating the state before we know if the update was sent.

Also (I couldn't comment in the file because the line was not changed in the PR) the loggingRateLimiter in the manager_impl.go file can be deleted.

@rhacs-bot
Copy link
Contributor

rhacs-bot commented Aug 27, 2025

/retest

lvalerom
lvalerom approved these changes Aug 28, 2025
View reviewed changes
Copy link
Contributor

@lvalerom lvalerom left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM. Feel free to ignore the last nit if you think it's overkill 🙂

@rhacs-bot
Copy link
Contributor

rhacs-bot commented Aug 29, 2025
edited
Loading

Images are ready for the commit at 9f663c4.

To use with deploy scripts, first export MAIN_IMAGE_TAG=4.9.x-639-g9f663c477a.

vikin91 added 17 commits August 29, 2025 18:17
@vikin91
Empty commit
2468aac
@vikin91
Extract update calculation logic into updatecomputer
4c7091a
@vikin91
Minor: Add comments
16f0f9b
@vikin91
Update comments and minimize the diff
a448b13
@vikin91
Fix metric for processes size
7c0f995
@vikin91
Cleanup tests and comments
ee1c30b
@vikin91
Add more test cases to TestComputeUpdatedEndpoints
57ef6e6
@vikin91
Add more test cases to TestComputeUpdatedProcesses
689786e
@vikin91
Extract updateComputer as dependency to NetworkManager
47e8a87
@vikin91
Update internal state only if sending to Central was successful
d257454
@vikin91
Use maps.Clone in UpdateState. Skip updates on nil
e59950d
@vikin91
Delete unused const loggingRateLimiter
f92a387
@vikin91
Use open var in test for the ease of reading
f289a25
@vikin91
Add testcases for handling nils
4fa2881
@vikin91
Improve metric help texts
c3e542c
@vikin91
Remove name arg from RecordSizeMetrics
b51eec1
@vikin91
Ensure that call to UpdateState(nil, nil, nil) changes no state
9f663c4
@vikin91 vikin91 force-pushed the piotr/ROX-30390-update-computer branch from b136877 to 9f663c4 Compare August 29, 2025 16:18
@vikin91 vikin91 merged commit ffc3ea6 into master Sep 1, 2025
141 of 169 checks passed
@vikin91 vikin91 deleted the piotr/ROX-30390-update-computer branch September 1, 2025 08:53
This was referenced Sep 2, 2025
Merged
Merged
@vikin91 vikin91 mentioned this pull request Sep 11, 2025
Merged
9 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@janisz janisz janisz left review comments

@sourcery-ai sourcery-ai[bot] sourcery-ai[bot] left review comments

@lvalerom lvalerom lvalerom approved these changes

Assignees

No one assigned

Labels

ai-review area/sensor auto-retest PRs with this label will be automatically retested if prow checks fails

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

4 participants

@vikin91 @rhacs-bot @janisz @lvalerom