feat(shield): use alt region in host-shield windows only when version higher than 0.7.1

Author: AlbertoBarba

charts/shield/templates/cluster/_config.tpl

@@ -58,7 +58,7 @@
       "ca_cert_file" (printf "%s%s" (include "cluster.tls_certificates.mount_path" .) (include "cluster.tls_certificates.ca_cert_file_name" .))
     ) -}}
     {{- if (include "cluster.audit_enabled" .) -}}
-      {{- if regexMatch "^v?([0-9]+)(\\.[0-9]+)?(\\.[0-9]+)?(-([0-9A-Za-z\\-]+(\\.[0-9A-Za-z\\-]+)*))?(\\+([0-9A-Za-z\\-]+(\\.[0-9A-Za-z\\-]+)*))?$" (.Values.on_prem_version | default "") -}}
+      {{- if (include "common.semver.is_valid" (.Values.on_prem_version | default "")) -}}
         {{- if semverCompare "< 6.12.0" .Values.on_prem_version -}}
           {{- if not (include "common.credentials.has_secure_api_token" . ) -}}
             {{- fail "Secure API Token is required for kubernetes audit with On Premise Versions < 6.12.0" -}}
@@ -81,7 +81,7 @@
       {{- $_ := set $clusterScannerConfig "leader_election_lock_name" (include "cluster.container_vulnerability_management_lease_name" .) -}}
       {{- $_ := set $config "cluster_scanner" $clusterScannerConfig -}}
 
-      {{- if regexMatch "^v?([0-9]+)(\\.[0-9]+)?(\\.[0-9]+)?(-([0-9A-Za-z\\-]+(\\.[0-9A-Za-z\\-]+)*))?(\\+([0-9A-Za-z\\-]+(\\.[0-9A-Za-z\\-]+)*))?$" (.Values.on_prem_version | default "") -}}
+      {{- if (include "common.semver.is_valid" (.Values.on_prem_version | default "")) -}}
         {{- if semverCompare "< 6.12.0" .Values.on_prem_version -}}
           {{- $_ := set $config.features.container_vulnerability_management "platform_services_enabled" false -}}
         {{- end -}}

charts/shield/templates/common/_semver.tpl

@@ -0,0 +1,5 @@
+{{- define "common.semver.is_valid" -}}
+  {{- if regexMatch "^v?([0-9]+)(\\.[0-9]+)?(\\.[0-9]+)?(-([0-9A-Za-z\\-]+(\\.[0-9A-Za-z\\-]+)*))?(\\+([0-9A-Za-z\\-]+(\\.[0-9A-Za-z\\-]+)*))?$" . -}}
+    {{- true -}}
+  {{- end -}}
+{{- end -}}

charts/shield/templates/host/_windows_configmap_helpers.tpl

@@ -42,10 +42,12 @@
     {{- end -}}
 {{- end -}}
 {{- if (include "common.is_alt_region" .) -}}
-  {{- $_ := set $sysdigEndpointConfig "region" "custom" -}}
-  {{- $_ := set $sysdigEndpointConfig "api_url" (printf "https://%s" (include "common.secure_api_endpoint" .)) -}}
-  {{- $_ := set $sysdigEndpointConfig.collector "host" (include "common.collector_endpoint" .) -}}
-  {{- $_ := set $sysdigEndpointConfig.collector "port" 6443 -}}
+  {{- if not (include "host.windows.supports_alt_regions" .) -}}
+    {{- $_ := set $sysdigEndpointConfig "region" "custom" -}}
+    {{- $_ := set $sysdigEndpointConfig "api_url" (printf "https://%s" (include "common.secure_api_endpoint" .)) -}}
+    {{- $_ := set $sysdigEndpointConfig.collector "host" (include "common.collector_endpoint" .) -}}
+    {{- $_ := set $sysdigEndpointConfig.collector "port" 6443 -}}
+  {{- end -}}
 {{- end -}}
 {{- $_ := set $config "sysdig_endpoint" $sysdigEndpointConfig -}}
 
@@ -70,6 +72,16 @@
 {{- $finalConfig | toYaml }}
 {{- end }}
 
+{{- define "host.windows.supports_alt_regions" -}}
+  {{- if (include "common.semver.is_valid" (.Values.host_windows.image.tag | default "")) -}}
+    {{- if semverCompare "> 0.7.1" .Values.host_windows.image.tag -}}
+      {{- true -}}
+    {{- end -}}
+  {{- else -}}
+    {{- true -}}
+  {{- end -}}
+{{- end -}}
+
 {{/* Generate the 'dragent.yaml' content */}}
 {{- define "host.windows.configmap" }}
 {{- $config := dict

charts/shield/tests/host/configmap-dragent-yaml_test.yaml

@@ -1147,7 +1147,6 @@ tests:
       - notExists:
           path: data["prometheus.yaml"]
 
-
   - it: Alternative regions
     set:
       sysdig_endpoint:

charts/shield/tests/host/configmap-windows-dragent-yaml_test.yaml

@@ -708,7 +708,6 @@ tests:
             log:
               console_priority: debug
 
-
   - it: Alternative regions
     set:
       sysdig_endpoint:

charts/shield/tests/host/configmap-windows-host-shield-config_test.yaml

@@ -331,7 +331,7 @@ tests:
             proxy:
               no_proxy: example.com
 
-  - it: Alternative regions
+  - it: Alternative regions (default)
     set:
       sysdig_endpoint:
         region: "eu1-alt"
@@ -356,3 +356,62 @@ tests:
                 host: ingest-alt-eu1.app.sysdig.com
                 port: 6443
               region: custom
+
+  - it: Alternative regions (host-shield windows version <= 0.7.1)
+    set:
+      sysdig_endpoint:
+        region: "eu1-alt"
+      host_windows:
+        image:
+          tag: "0.7.1"
+    asserts:
+      - hasDocuments:
+          count: 1
+      - containsDocument:
+          kind: ConfigMap
+          apiVersion: v1
+          name: release-name-shield-host-windows
+      - equal:
+          path: metadata.namespace
+          value: shield-namespace
+      - exists:
+          path: data["host-shield.yaml"]
+      - matchRegex:
+          path: data["host-shield.yaml"]
+          pattern: |
+            sysdig_endpoint:
+              api_url: https://eu1.app.sysdig.com
+              collector:
+                host: ingest-alt-eu1.app.sysdig.com
+                port: 6443
+              region: custom
+
+  - it: Alternative regions (host-shield windows version > 0.7.1)
+    set:
+      sysdig_endpoint:
+        region: "eu1-alt"
+        api_url:
+        collector:
+          host:
+          port:
+      host_windows:
+        image:
+          tag: "0.7.2"
+    asserts:
+      - hasDocuments:
+          count: 1
+      - containsDocument:
+          kind: ConfigMap
+          apiVersion: v1
+          name: release-name-shield-host-windows
+      - equal:
+          path: metadata.namespace
+          value: shield-namespace
+      - exists:
+          path: data["host-shield.yaml"]
+      - matchRegex:
+          path: data["host-shield.yaml"]
+          pattern: |
+            sysdig_endpoint:
+              collector: {}
+              region: eu1-alt