[CWS-1120] Merge activity dump and security profile managers

[YoannGh]

What does this PR do?

• Merge activity dump and security profile managers into a single manager responsible for handling both types of object
• Refactor the activity dump and security profile data types, introducing a new Profile type that includes fields used for both activity collection (dump) and profile lookups.

Motivation

• Remove the need to unmarshal every newly created activity dump to check whether it should be loaded to be used as a security profile

Describe how you validated your changes

Possible Drawbacks / Trade-offs

Additional Notes

[spikat]

Maybe we could have an helper like NewEmpty here (and on the other similar places), instead of having to call a func with a lot of variables (for code clarity). WDYT ?

[spikat]

Should we use slices.Contains() instead ?

[spikat]

we should not use the tag of the profile here IMHO

[spikat]

should we use the p.selector.String() instead? To avoid having to compute the selector every time

[spikat]

we should use the imagetag of the event if any, not the profile's one

[spikat]

Not directly linked to your PR, but this looks insufficient for the new cgroup selectors

[spikat]

why not creating directly a slice instead of a map (to then copy it to a slice) ?

[spikat]

IMHO we should really try to simplify this representation. Having a cgroup selector as key for the first map, and as value on the second is super error prone.
We need to spend some time discussing together, but a first idea to simplify it would be:

• Don't bother having selector with versions. At the end, what we want is only image_name as selector (and '*' as tag/version), right?
• I would also suggest to keep only the last version of a profile when persisting a new one. I don't see the point of keeping old versions of a profile (except for debug purposes?)
• Ideally, if we can only keep the first map (selector to files) IMHO it would be great and would simplify by a lot the code complexity

[spikat]

It starts to be such a huge file! Could we find a way to split it on multiple files? If it make sense to you

[spikat]

like load_controller / snapshot / stats / grpc funcs etc (I think we should try to keep dump/profile logic funcs in the same place)

[spikat]

It's a big file, I guess it's mostly copied funcs from original dump/profile managers + some plumbing. Should I look specifically on some parts for the review?

[spikat]

should we remove the else here?

[spikat]

same here, should we remove the else?

[spikat]

maybe add a comment to tell it's only used for test purposes?

[spikat]

I'm not sure the comments are still aligned with the code. here we only have a the case of a dump right?

[cit-pr-commenter]

Go Package Import Differences

Baseline: e3dc9b4
Comparison: 2d49296

binary	os	arch	change
security-agent	linux	amd64	+2, -0 +github.com/DataDog/datadog-agent/pkg/security/security_profile +github.com/DataDog/datadog-agent/pkg/security/security_profile/storage
security-agent	linux	arm64	+2, -0 +github.com/DataDog/datadog-agent/pkg/security/security_profile +github.com/DataDog/datadog-agent/pkg/security/security_profile/storage
security-agent	windows	amd64	+2, -1 -github.com/DataDog/datadog-agent/pkg/security/security_profile/dump +github.com/DataDog/datadog-agent/pkg/security/security_profile/profile +github.com/DataDog/datadog-agent/pkg/security/security_profile/storage
system-probe	linux	amd64	+2, -0 +github.com/DataDog/datadog-agent/pkg/security/security_profile +github.com/DataDog/datadog-agent/pkg/security/security_profile/storage
system-probe	linux	arm64	+2, -0 +github.com/DataDog/datadog-agent/pkg/security/security_profile +github.com/DataDog/datadog-agent/pkg/security/security_profile/storage
system-probe	windows	amd64	+2, -1 -github.com/DataDog/datadog-agent/pkg/security/security_profile/dump +github.com/DataDog/datadog-agent/pkg/security/security_profile/profile +github.com/DataDog/datadog-agent/pkg/security/security_profile/storage

[agent-platform-auto-pr]

Uncompressed package size comparison

Comparison with ancestor e3dc9b4580ef0d221a536a0fde89d39203ccf02f

Diff per package

package	diff	status	size	ancestor	threshold
datadog-dogstatsd-amd64-deb	0.00MB	✅	39.42MB	39.42MB	0.50MB
datadog-dogstatsd-x86_64-rpm	0.00MB	✅	39.50MB	39.50MB	0.50MB
datadog-dogstatsd-x86_64-suse	0.00MB	✅	39.50MB	39.50MB	0.50MB
datadog-dogstatsd-arm64-deb	0.00MB	✅	37.96MB	37.96MB	0.50MB
datadog-heroku-agent-amd64-deb	0.00MB	✅	443.42MB	443.42MB	0.50MB
datadog-iot-agent-amd64-deb	0.00MB	✅	62.05MB	62.05MB	0.50MB
datadog-iot-agent-x86_64-rpm	0.00MB	✅	62.12MB	62.12MB	0.50MB
datadog-iot-agent-x86_64-suse	0.00MB	✅	62.12MB	62.12MB	0.50MB
datadog-iot-agent-arm64-deb	0.00MB	✅	59.29MB	59.29MB	0.50MB
datadog-iot-agent-aarch64-rpm	0.00MB	✅	59.36MB	59.36MB	0.50MB
datadog-agent-arm64-deb	-0.12MB	✅	808.85MB	808.97MB	0.50MB
datadog-agent-aarch64-rpm	-0.12MB	✅	818.62MB	818.74MB	0.50MB
datadog-agent-amd64-deb	-0.12MB	✅	817.88MB	818.00MB	0.50MB
datadog-agent-x86_64-rpm	-0.12MB	✅	827.67MB	827.79MB	0.50MB
datadog-agent-x86_64-suse	-0.12MB	✅	827.67MB	827.79MB	0.50MB

Decision

✅ Passed

[cit-pr-commenter]

Regression Detector

Regression Detector Results

Metrics dashboard
Target profiles
Run ID: ed2222aa-6a3c-4705-ab70-42ccdb3e08d2

Baseline: e3dc9b4
Comparison: 2d49296
Diff

Optimization Goals: ✅ No significant changes detected

Fine details of change detection per experiment

perf	experiment	goal	Δ mean %	Δ mean % CI	trials	links
➖	quality_gate_logs	% cpu utilization	+3.04	[+0.04, +6.04]	1	Logs
➖	tcp_syslog_to_blackhole	ingress throughput	+0.75	[+0.70, +0.81]	1	Logs
➖	uds_dogstatsd_to_api_cpu	% cpu utilization	+0.74	[-0.14, +1.62]	1	Logs
➖	file_to_blackhole_500ms_latency	egress throughput	+0.30	[-0.47, +1.08]	1	Logs
➖	quality_gate_idle	memory utilization	+0.14	[+0.11, +0.18]	1	Logs bounds checks dashboard
➖	quality_gate_idle_all_features	memory utilization	+0.04	[-0.01, +0.10]	1	Logs bounds checks dashboard
➖	file_to_blackhole_0ms_latency	egress throughput	+0.02	[-0.85, +0.88]	1	Logs
➖	file_to_blackhole_0ms_latency_http1	egress throughput	+0.01	[-0.82, +0.83]	1	Logs
➖	file_to_blackhole_300ms_latency	egress throughput	+0.00	[-0.62, +0.63]	1	Logs
➖	tcp_dd_logs_filter_exclude	ingress throughput	-0.00	[-0.02, +0.02]	1	Logs
➖	uds_dogstatsd_to_api	ingress throughput	-0.01	[-0.29, +0.28]	1	Logs
➖	file_to_blackhole_100ms_latency	egress throughput	-0.02	[-0.64, +0.60]	1	Logs
➖	file_to_blackhole_0ms_latency_http2	egress throughput	-0.04	[-0.84, +0.77]	1	Logs
➖	file_to_blackhole_1000ms_latency	egress throughput	-0.04	[-0.82, +0.74]	1	Logs
➖	file_to_blackhole_1000ms_latency_linear_load	egress throughput	-0.11	[-0.57, +0.35]	1	Logs
➖	file_tree	memory utilization	-0.28	[-0.34, -0.22]	1	Logs

Bounds Checks: ✅ Passed

perf	experiment	bounds_check_name	replicates_passed	links
✅	file_to_blackhole_0ms_latency	lost_bytes	10/10
✅	file_to_blackhole_0ms_latency	memory_usage	10/10
✅	file_to_blackhole_0ms_latency_http1	lost_bytes	10/10
✅	file_to_blackhole_0ms_latency_http1	memory_usage	10/10
✅	file_to_blackhole_0ms_latency_http2	lost_bytes	10/10
✅	file_to_blackhole_0ms_latency_http2	memory_usage	10/10
✅	file_to_blackhole_1000ms_latency	memory_usage	10/10
✅	file_to_blackhole_1000ms_latency_linear_load	memory_usage	10/10
✅	file_to_blackhole_100ms_latency	lost_bytes	10/10
✅	file_to_blackhole_100ms_latency	memory_usage	10/10
✅	file_to_blackhole_300ms_latency	lost_bytes	10/10
✅	file_to_blackhole_300ms_latency	memory_usage	10/10
✅	file_to_blackhole_500ms_latency	lost_bytes	10/10
✅	file_to_blackhole_500ms_latency	memory_usage	10/10
✅	quality_gate_idle	intake_connections	10/10	bounds checks dashboard
✅	quality_gate_idle	memory_usage	10/10	bounds checks dashboard
✅	quality_gate_idle_all_features	intake_connections	10/10	bounds checks dashboard
✅	quality_gate_idle_all_features	memory_usage	10/10	bounds checks dashboard
✅	quality_gate_logs	intake_connections	10/10
✅	quality_gate_logs	lost_bytes	10/10
✅	quality_gate_logs	memory_usage	10/10

Explanation

Confidence level: 90.00%
Effect size tolerance: |Δ mean %| ≥ 5.00%

Performance changes are noted in the perf column of each table:

• ✅ = significantly better comparison variant performance
• ❌ = significantly worse comparison variant performance
• ➖ = no significant change in performance

A regression test is an A/B test of target performance in a repeatable rig, where "performance" is measured as "comparison variant minus baseline variant" for an optimization goal (e.g., ingress throughput). Due to intrinsic variability in measuring that goal, we can only estimate its mean value for each experiment; we report uncertainty in that value as a 90.00% confidence interval denoted "Δ mean % CI".

For each experiment, we decide whether a change in performance is a "regression" -- a change worth investigating further -- if all of the following criteria are true:

1. Its estimated |Δ mean %| ≥ 5.00%, indicating the change is big enough to merit a closer look.

2. Its 90.00% confidence interval "Δ mean % CI" does not contain zero, indicating that if our statistical model is accurate, there is at least a 90.00% chance there is a difference in performance between baseline and comparison variants.

3. Its configuration does not mark it "erratic".

CI Pass/Fail Decision

✅ Passed. All Quality Gates passed.

• quality_gate_idle, bounds check intake_connections: 10/10 replicas passed. Gate passed.
• quality_gate_idle, bounds check memory_usage: 10/10 replicas passed. Gate passed.
• quality_gate_idle_all_features, bounds check memory_usage: 10/10 replicas passed. Gate passed.
• quality_gate_idle_all_features, bounds check intake_connections: 10/10 replicas passed. Gate passed.
• quality_gate_logs, bounds check intake_connections: 10/10 replicas passed. Gate passed.
• quality_gate_logs, bounds check memory_usage: 10/10 replicas passed. Gate passed.
• quality_gate_logs, bounds check lost_bytes: 10/10 replicas passed. Gate passed.