chore: make dependencies manager a singleton

geyslan · geyslan · commit 2ef9365fab93 · 2024-06-28T16:05:30.000-03:00
This tidies up the dependencies manager by making it a singleton. It's
a necessary step to decouple the manager from the Tracee object allowing
it to be accessed from other parts of the codebase and be detached from
other logic.

It introduces the temporary ResetManagerFromTests() to reset the manager
state between tests.

NOTE: It continues being not thread-safe. This will be addressed in a
future PR.
diff --git a/pkg/ebpf/ksymbols.go b/pkg/ebpf/ksymbols.go
@@ -5,6 +5,7 @@ import (
 
 	"github.com/aquasecurity/tracee/pkg/errfmt"
 	"github.com/aquasecurity/tracee/pkg/events"
+	"github.com/aquasecurity/tracee/pkg/events/dependencies"
 	"github.com/aquasecurity/tracee/pkg/logger"
 )
 
@@ -26,7 +27,7 @@ func (t *Tracee) UpdateKallsyms() error {
 
 	// Wrap long method names.
 	evtDefSymDeps := func(id events.ID) []events.KSymbol {
-		depsNode, _ := t.eventsDependencies.GetEvent(id)
+		depsNode, _ := dependencies.GetManagerInstance().GetEvent(id)
 		deps := depsNode.GetDependencies()
 		return deps.GetKSymbols()
 	}
diff --git a/pkg/ebpf/tracee.go b/pkg/ebpf/tracee.go
@@ -119,8 +119,6 @@ type Tracee struct {
 	streamsManager *streams.StreamsManager
 	// policyManager manages policy state
 	policyManager *policyManager
-	// The dependencies of events used by Tracee
-	eventsDependencies *dependencies.Manager
 
 	// Ksymbols needed to be kept alive in table.
 	// This does not mean they are required for tracee to function.
@@ -180,7 +178,7 @@ func (t *Tracee) addDependenciesToStateRecursive(eventNode *dependencies.EventNo
 	eventID := eventNode.GetID()
 	for _, dependencyEventID := range eventNode.GetDependencies().GetIDs() {
 		t.addDependencyEventToState(dependencyEventID, []events.ID{eventID})
-		dependencyNode, err := t.eventsDependencies.GetEvent(dependencyEventID)
+		dependencyNode, err := dependencies.GetManagerInstance().GetEvent(dependencyEventID)
 		if err == nil {
 			t.addDependenciesToStateRecursive(dependencyNode)
 		}
@@ -189,7 +187,7 @@ func (t *Tracee) addDependenciesToStateRecursive(eventNode *dependencies.EventNo
 
 func (t *Tracee) selectEvent(eventID events.ID, chosenState events.EventState) {
 	t.addEventState(eventID, chosenState)
-	eventNode, err := t.eventsDependencies.SelectEvent(eventID)
+	eventNode, err := dependencies.GetManagerInstance().SelectEvent(eventID)
 	if err != nil {
 		logger.Errorw("Event selection failed",
 			"event", events.Core.GetDefinitionByID(eventID).GetName())
@@ -239,16 +237,17 @@ func New(cfg config.Config) (*Tracee, error) {
 		eventSignatures: make(map[events.ID]bool),
 		streamsManager:  streams.NewStreamsManager(),
 		policyManager:   policyManager,
-		eventsDependencies: dependencies.NewDependenciesManager(
-			func(id events.ID) events.Dependencies {
-				return events.Core.GetDefinitionByID(id).GetDependencies()
-			}),
-		requiredKsyms: []string{},
+		requiredKsyms:   []string{},
 	}
 
+	eventsDependencies := dependencies.NewDependenciesManager(
+		func(id events.ID) events.Dependencies {
+			return events.Core.GetDefinitionByID(id).GetDependencies()
+		})
+
 	// TODO: As dynamic event addition or removal becomes a thing, we should subscribe all the watchers
 	// before selecting them. There is no reason to select the event in the New function anyhow.
-	t.eventsDependencies.SubscribeAdd(
+	eventsDependencies.SubscribeAdd(
 		dependencies.EventNodeType,
 		func(node interface{}) []dependencies.Action {
 			eventNode, ok := node.(*dependencies.EventNode)
@@ -259,7 +258,7 @@ func New(cfg config.Config) (*Tracee, error) {
 			t.addDependencyEventToState(eventNode.GetID(), eventNode.GetDependents())
 			return nil
 		})
-	t.eventsDependencies.SubscribeRemove(
+	eventsDependencies.SubscribeRemove(
 		dependencies.EventNodeType,
 		func(node interface{}) []dependencies.Action {
 			eventNode, ok := node.(*dependencies.EventNode)
@@ -353,7 +352,7 @@ func New(cfg config.Config) (*Tracee, error) {
 		if !events.Core.IsDefined(id) {
 			return t, errfmt.Errorf("event %d is not defined", id)
 		}
-		depsNode, err := t.eventsDependencies.GetEvent(id)
+		depsNode, err := eventsDependencies.GetEvent(id)
 		if err == nil {
 			deps := depsNode.GetDependencies()
 			evtCaps := deps.GetCapabilities()
@@ -915,7 +914,7 @@ func (t *Tracee) initKsymTableRequiredSyms() error {
 			return errfmt.Errorf("event %d is not defined", id)
 		}
 
-		depsNode, err := t.eventsDependencies.GetEvent(id)
+		depsNode, err := dependencies.GetManagerInstance().GetEvent(id)
 		if err != nil {
 			logger.Warnw("failed to extract required ksymbols from event", "event_id", id, "error", err)
 			continue
@@ -1029,8 +1028,10 @@ func getUnavailbaleKsymbols(ksymbols []events.KSymbol, kernelSymbols *environmen
 // from the kallsyms file to check for missing symbols. If some symbols are
 // missing, it will cancel their event with informative error message.
 func (t *Tracee) validateKallsymsDependencies() {
+	depsInstance := dependencies.GetManagerInstance()
+
 	evtDefSymDeps := func(id events.ID) []events.KSymbol {
-		depsNode, _ := t.eventsDependencies.GetEvent(id)
+		depsNode, _ := depsInstance.GetEvent(id)
 		deps := depsNode.GetDependencies()
 		return deps.GetKSymbols()
 	}
@@ -1059,7 +1060,7 @@ func (t *Tracee) validateKallsymsDependencies() {
 		return true
 	}
 
-	t.eventsDependencies.SubscribeAdd(
+	depsInstance.SubscribeAdd(
 		dependencies.EventNodeType,
 		func(node interface{}) []dependencies.Action {
 			eventNode, ok := node.(*dependencies.EventNode)
@@ -1076,7 +1077,7 @@ func (t *Tracee) validateKallsymsDependencies() {
 	for eventId := range t.eventsState {
 		if !validateEvent(eventId) {
 			// Cancel the event, its dependencies and its dependent events
-			err := t.eventsDependencies.RemoveEvent(eventId)
+			err := depsInstance.RemoveEvent(eventId)
 			if err != nil {
 				logger.Warnw("Failed to remove event from dependencies manager", "remove reason", "missing ksymbols", "error", err)
 			}
@@ -1245,7 +1246,7 @@ func (t *Tracee) populateFilterMaps(newPolicies *policy.Policies, updateProcTree
 // Return whether the event was successfully attached or not.
 func (t *Tracee) attachEvent(id events.ID) error {
 	evtName := events.Core.GetDefinitionByID(id).GetName()
-	depsNode, err := t.eventsDependencies.GetEvent(id)
+	depsNode, err := dependencies.GetManagerInstance().GetEvent(id)
 	if err != nil {
 		logger.Errorw("Missing event in dependencies", "event", evtName)
 		return err
@@ -1274,9 +1275,11 @@ func (t *Tracee) attachEvent(id events.ID) error {
 
 // attachProbes attaches selected events probes to their respective eBPF programs.
 func (t *Tracee) attachProbes() error {
+	depsInstance := dependencies.GetManagerInstance()
+
 	// Subscribe to all watchers on the dependencies to attach and/or detach
 	// probes upon changes
-	t.eventsDependencies.SubscribeAdd(
+	depsInstance.SubscribeAdd(
 		dependencies.ProbeNodeType,
 		func(node interface{}) []dependencies.Action {
 			probeNode, ok := node.(*dependencies.ProbeNode)
@@ -1291,7 +1294,7 @@ func (t *Tracee) attachProbes() error {
 			return nil
 		})
 
-	t.eventsDependencies.SubscribeRemove(
+	depsInstance.SubscribeRemove(
 		dependencies.ProbeNodeType,
 		func(node interface{}) []dependencies.Action {
 			probeNode, ok := node.(*dependencies.ProbeNode)
@@ -1312,7 +1315,7 @@ func (t *Tracee) attachProbes() error {
 	for eventID := range t.eventsState {
 		err := t.attachEvent(eventID)
 		if err != nil {
-			err := t.eventsDependencies.RemoveEvent(eventID)
+			err := depsInstance.RemoveEvent(eventID)
 			if err != nil {
 				logger.Warnw("Failed to remove event from dependencies manager", "remove reason", "failed probes attachment", "error", err)
 			}
diff --git a/pkg/events/dependencies/manager.go b/pkg/events/dependencies/manager.go
@@ -3,6 +3,7 @@ package dependencies
 import (
 	"fmt"
 	"reflect"
+	"sync"
 
 	"github.com/aquasecurity/tracee/pkg/ebpf/probes"
 	"github.com/aquasecurity/tracee/pkg/events"
@@ -18,11 +19,17 @@ const (
 	IllegalNodeType NodeType = "illegal"
 )
 
+var (
+	managerInstance *Manager
+	once            sync.Once
+	mu              sync.Mutex // workaround mutex to protect the singleton instance in the integration tests
+)
+
 // Manager is a management tree for the current dependencies of events.
 // As events can depend on multiple things (e.g events, probes), it manages their connections in the form of a tree.
 // The tree supports watcher functions for adding and removing nodes.
 // The watchers should be used as the way to handle changes in events, probes or any other node type in Tracee.
-// The manager is *not* thread-safe.
+// The manager is *NOT* thread-safe.
 type Manager struct {
 	events             map[events.ID]*EventNode
 	probes             map[probes.Handle]*ProbeNode
@@ -32,13 +39,40 @@ type Manager struct {
 }
 
 func NewDependenciesManager(dependenciesGetter func(events.ID) events.Dependencies) *Manager {
-	return &Manager{
-		events:             make(map[events.ID]*EventNode),
-		probes:             make(map[probes.Handle]*ProbeNode),
-		onAdd:              make(map[NodeType][]func(node interface{}) []Action),
-		onRemove:           make(map[NodeType][]func(node interface{}) []Action),
-		dependenciesGetter: dependenciesGetter,
+	mu.Lock()
+	defer mu.Unlock()
+
+	once.Do(func() {
+		managerInstance = &Manager{
+			events:             make(map[events.ID]*EventNode),
+			probes:             make(map[probes.Handle]*ProbeNode),
+			onAdd:              make(map[NodeType][]func(node interface{}) []Action),
+			onRemove:           make(map[NodeType][]func(node interface{}) []Action),
+			dependenciesGetter: dependenciesGetter,
+		}
+	})
+
+	return managerInstance
+}
+
+func GetManagerInstance() *Manager {
+	mu.Lock()
+	defer mu.Unlock()
+
+	if managerInstance == nil {
+		panic("Manager instance not initialized. Call NewDependenciesManager first.")
 	}
+
+	return managerInstance
+}
+
+// ResetManagerFromTests is a workaround for tests to reset the manager instance.
+// TODO: remove this when the manager is refactored to be thread-safe.
+func ResetManagerFromTests() {
+	mu.Lock()
+	defer mu.Unlock()
+
+	once = sync.Once{}
 }
 
 // SubscribeAdd adds a watcher function called upon the addition of an event to the tree.
diff --git a/pkg/events/dependencies/manager_test.go b/pkg/events/dependencies/manager_test.go
@@ -81,6 +81,11 @@ func TestManager_AddEvent(t *testing.T) {
 			t.Run(testCase.name, func(t *testing.T) {
 				// Create a new Manager instance
 				m := dependencies.NewDependenciesManager(getTestDependenciesFunc(testCase.deps))
+				defer func() {
+					dependencies.ResetManagerFromTests()
+					t.Logf("  --- reset dependencies ---")
+				}()
+
 				var eventsAdditions []events.ID
 				m.SubscribeAdd(
 					dependencies.EventNodeType,
@@ -136,6 +141,11 @@ func TestManager_AddEvent(t *testing.T) {
 			t.Run(testCase.name, func(t *testing.T) {
 				// Create a new Manager instance
 				m := dependencies.NewDependenciesManager(getTestDependenciesFunc(testCase.deps))
+				defer func() {
+					dependencies.ResetManagerFromTests()
+					t.Logf("  --- reset dependencies ---")
+				}()
+
 				var eventsAdditions, eventsRemove []events.ID
 				// Count additions
 				m.SubscribeAdd(
@@ -331,6 +341,10 @@ func TestManager_RemoveEvent(t *testing.T) {
 			testCase.name, func(t *testing.T) {
 				// Create a new Manager instance
 				m := dependencies.NewDependenciesManager(getTestDependenciesFunc(testCase.deps))
+				defer func() {
+					dependencies.ResetManagerFromTests()
+					t.Logf("  --- reset dependencies ---")
+				}()
 
 				var eventsRemoved []events.ID
 				m.SubscribeRemove(
@@ -505,6 +519,10 @@ func TestManager_UnselectEvent(t *testing.T) {
 			testCase.name, func(t *testing.T) {
 				// Create a new Manager instance
 				m := dependencies.NewDependenciesManager(getTestDependenciesFunc(testCase.deps))
+				defer func() {
+					dependencies.ResetManagerFromTests()
+					t.Logf("  --- reset dependencies ---")
+				}()
 
 				var eventsRemoved []events.ID
 				m.SubscribeRemove(
diff --git a/tests/integration/dependencies_test.go b/tests/integration/dependencies_test.go
@@ -13,6 +13,7 @@ import (
 
 	"github.com/aquasecurity/tracee/pkg/config"
 	"github.com/aquasecurity/tracee/pkg/events"
+	"github.com/aquasecurity/tracee/pkg/events/dependencies"
 	"github.com/aquasecurity/tracee/pkg/logger"
 	"github.com/aquasecurity/tracee/pkg/policy"
 	"github.com/aquasecurity/tracee/tests/testutils"
@@ -147,6 +148,10 @@ func Test_EventsDependencies(t *testing.T) {
 					cancel()
 					t.Fatal(err)
 				}
+				defer func() {
+					dependencies.ResetManagerFromTests()
+					t.Logf("  --- reset dependencies ---")
+				}()
 
 				stream := trc.SubscribeAll()
 				defer trc.Unsubscribe(stream)
diff --git a/tests/integration/event_filters_test.go b/tests/integration/event_filters_test.go
@@ -14,6 +14,7 @@ import (
 
 	"github.com/aquasecurity/tracee/pkg/config"
 	"github.com/aquasecurity/tracee/pkg/events"
+	"github.com/aquasecurity/tracee/pkg/events/dependencies"
 	k8s "github.com/aquasecurity/tracee/pkg/k8s/apis/tracee.aquasec.com/v1beta1"
 	"github.com/aquasecurity/tracee/pkg/policy"
 	"github.com/aquasecurity/tracee/pkg/policy/v1beta1"
@@ -1733,6 +1734,10 @@ func Test_EventFilters(t *testing.T) {
 				cancel()
 				t.Fatal(err)
 			}
+			defer func() {
+				dependencies.ResetManagerFromTests()
+				t.Logf("  --- reset dependencies ---")
+			}()
 
 			stream := trc.SubscribeAll()
 			defer trc.Unsubscribe(stream)

Original file line number	Diff line number	Diff line change
`@@ -5,6 +5,7 @@ import (`
`5`	`5`
`6`	`6`	`"github.com/aquasecurity/tracee/pkg/errfmt"`
`7`	`7`	`"github.com/aquasecurity/tracee/pkg/events"`
	`8`	`+ "github.com/aquasecurity/tracee/pkg/events/dependencies"`
`8`	`9`	`"github.com/aquasecurity/tracee/pkg/logger"`
`9`	`10`	`)`
`10`	`11`
`@@ -26,7 +27,7 @@ func (t *Tracee) UpdateKallsyms() error {`
`26`	`27`
`27`	`28`	`// Wrap long method names.`
`28`	`29`	`evtDefSymDeps := func(id events.ID) []events.KSymbol {`
`29`		`- depsNode, _ := t.eventsDependencies.GetEvent(id)`
	`30`	`+ depsNode, _ := dependencies.GetManagerInstance().GetEvent(id)`
`30`	`31`	`deps := depsNode.GetDependencies()`
`31`	`32`	`return deps.GetKSymbols()`
`32`	`33`	`}`