ROX-33308: Add process criteria to node event policies#19252
ROX-33308: Add process criteria to node event policies#19252
Conversation
|
Skipping CI for Draft Pull Request. |
Process Name, Process Ancestor, Process Arguments, and Process UID are now available as criteria when creating Node event policies. A section validator enforces that process criteria cannot be used without File Path, since detection is driven by file access events and process info is metadata on those events. Backend support (ROX-30807, ROX-33000) must register these process fields for NODE_EVENT before the criteria will function end-to-end. Partially generated by AI. Signed-off-by: Saif Chaudhry <schaudhr@redhat.com>
0d98d45 to
0a478bb
Compare
|
Images are ready for the commit at add617f. To use with deploy scripts, first |
The 4 process criteria descriptors (Process Name, Process Ancestor, Process Arguments, Process UID) were duplicated identically between policyCriteriaDescriptors and nodeEventDescriptor arrays. Extract into a shared processActivityDescriptors constant and spread into both arrays to eliminate ~80 lines of duplication. Partially generated by AI Signed-off-by: Saif Chaudhry <schaudhr@redhat.com>
Codecov Report✅ All modified and coverable lines are covered by tests. Additional details and impacted files@@ Coverage Diff @@
## master #19252 +/- ##
==========================================
- Coverage 49.64% 49.63% -0.01%
==========================================
Files 2679 2679
Lines 202130 202130
==========================================
- Hits 100338 100332 -6
- Misses 94317 94321 +4
- Partials 7475 7477 +2
Flags with carried forward coverage won't be shown. Click here to find out more. ☔ View full report in Codecov by Sentry. 🚀 New features to boost your workflow:
|
|
/test gke-ui-e2e-tests |
| name: 'Process criteria require file path', | ||
| appliesTo: (context) => | ||
| context.lifecycleStages.includes('RUNTIME') && | ||
| (context.eventSource === 'NODE_EVENT' || context.eventSource === 'DEPLOYMENT_EVENT'), |
There was a problem hiding this comment.
I might be missing context here, but is this a new requirement for DEPLOYMENT_EVENT policies? Are process criteria not relevant with the other deployment events that existed before the addition of file access criteria in 4.10?
There was a problem hiding this comment.
From the requirements in https://issues.redhat.com/browse/ROX-32633 the following was mentioned:
"ability to combine existing process criteria with file access criteria for deployment and node policies"
So from the product side, it seems like this was what they wanted. Whether this is a breaking change is something maybe @Stringy can answer. @Stringy is this something that we need to change in the requirements? Dave is right that we didn't have the file activity field requirements for the deployment event policies before.
There was a problem hiding this comment.
@JoukoVirtanen maybe your PR is relevant to the conversation #19200. You didn't add any field dependencies, but from the tests, it looks like the intent is "process criteria are only meaningful in combination with file access criteria". Is that right?
Description
Jira: ROX-33308
Add Process Name, Process Ancestor, Process Arguments, and Process UID
as available criteria when creating Node event policies in the policy wizard.
Also add a section validator enforcing that process criteria require File Path,
since detection is file-access-driven and process info is metadata on those events.
nodeEventDescriptorNote: Backend support (ROX-30807, ROX-33000) must land before these
criteria function end-to-end.
User-facing documentation
Testing and quality
Automated testing
How I validated my change
npm run test-- 1343 passed, 2 skipped)Screenshots
Screen.Recording.2026-03-02.at.8.51.24.AM.mov