enable falcobaseline for agent version 12.9.x and above

charts/agent/Chart.yaml

@@ -30,4 +30,4 @@ sources:
 - https://app.sysdigcloud.com/#/settings/user
 - https://github.com/draios/sysdig
 type: application
-version: 1.19.0
+version: 1.19.1

charts/agent/templates/_helpers.tpl

@@ -411,6 +411,12 @@ agent config to prevent a backend push from enabling them after installation.
             "secure_audit_streams") }}
             {{- $_ := set $secureConfig $secureFeature (dict "enabled" false) }}
         {{- end }}
+    {{ else if and $secureLightMode (semverCompare ">= 12.19.x" .Values.image.tag) }}
+        {{- range $secureFeature := (list
+            "memdump"
+            "network_topology") }}
+            {{- $_ := set $secureConfig $secureFeature (dict "enabled" false) }}
+        {{- end }}
     {{ else if $secureLightMode }}
         {{- range $secureFeature := (list
             "drift_control"

charts/agent/tests/drift_prevention_test.yaml

@@ -25,20 +25,6 @@ tests:
               enabled: false
     template: templates/configmap.yaml
 
-  - it: Drift prevention must be false when is secure_light
-    set:
-      sysdig:
-        settings:
-          feature:
-            mode: secure_light
-    asserts:
-      - matchRegex:
-          path: data['dragent.yaml']
-          pattern: |-
-            drift_killer:
-              enabled: false
-    template: templates/configmap.yaml
-
   - it: Drift prevention must be false when is running on GKE Autopilot
     set:
       gke:
@@ -115,20 +101,6 @@ tests:
               enabled: false
     template: templates/configmap.yaml
 
-  - it: Drift control must be false when is secure_light
-    set:
-      sysdig:
-        settings:
-          feature:
-            mode: secure_light
-    asserts:
-      - matchRegex:
-          path: data['dragent.yaml']
-          pattern: |-
-            drift_control:
-              enabled: false
-    template: templates/configmap.yaml
-
   - it: Drift control must be false when is running on GKE Autopilot
     set:
       gke:

charts/agent/tests/secure_enable_test.yaml

@@ -42,21 +42,6 @@ tests:
           pattern: |-
             commandlines_capture:
               enabled: false
-      - matchRegex:
-          path: data['dragent.yaml']
-          pattern: |-
-            drift_control:
-              enabled: false
-      - matchRegex:
-          path: data['dragent.yaml']
-          pattern: |-
-            drift_killer:
-              enabled: false
-      - matchRegex:
-          path: data['dragent.yaml']
-          pattern: |-
-            falcobaseline:
-              enabled: false
       - matchRegex:
           path: data['dragent.yaml']
           pattern: |-
@@ -141,21 +126,6 @@ tests:
           pattern: |-
             statsd:
               enabled: false
-      - matchRegex:
-          path: data['dragent.yaml']
-          pattern: |-
-            drift_control:
-              enabled: false
-      - matchRegex:
-          path: data['dragent.yaml']
-          pattern: |-
-            drift_killer:
-              enabled: false
-      - matchRegex:
-          path: data['dragent.yaml']
-          pattern: |-
-            falcobaseline:
-              enabled: false
       - matchRegex:
           path: data['dragent.yaml']
           pattern: |-

charts/agent/tests/secure_light_config_test.yaml

@@ -0,0 +1,81 @@
+suite: Testing seetings for secure light mode
+templates:
+  - configmap.yaml
+tests:
+  - it: Testing if certain settings set to false for agent version =< 12.18.x
+    set:
+      image:
+        tag: 12.18.1
+      sysdig:
+        accessKey: AAAAAAAA-BBBB-CCCC-DDDD-EEEEEEEEEEEE
+        settings:
+          feature:
+            mode: secure_light
+      secure:
+        enabled: true
+    asserts:
+      - matchRegex:
+          path: data['dragent.yaml']
+          pattern: |-
+            drift_control:
+              enabled: false
+      - matchRegex:
+          path: data['dragent.yaml']
+          pattern: |-
+            drift_killer:
+              enabled: false
+      - matchRegex:
+          path: data['dragent.yaml']
+          pattern: |-
+            falcobaseline:
+              enabled: false
+      - matchRegex:
+          path: data['dragent.yaml']
+          pattern: |-
+            memdump:
+              enabled: false
+      - matchRegex:
+          path: data['dragent.yaml']
+          pattern: |-
+            network_topology:
+              enabled: false
+    template: configmap.yaml
+
+  - it: Testing if certain settings set to false for agent version > 12.18.x
+    set:
+      image:
+        tag: 12.19.0
+      sysdig:
+        accessKey: AAAAAAAA-BBBB-CCCC-DDDD-EEEEEEEEEEEE
+        settings:
+          feature:
+            mode: secure_light
+      secure:
+        enabled: true
+    asserts:
+      - notMatchRegex:
+          path: data['dragent.yaml']
+          pattern: |-
+            drift_control:
+              enabled: false
+      - notMatchRegex:
+          path: data['dragent.yaml']
+          pattern: |-
+            drift_killer:
+              enabled: false
+      - notMatchRegex:
+          path: data['dragent.yaml']
+          pattern: |-
+            falcobaseline:
+              enabled: false
+      - matchRegex:
+          path: data['dragent.yaml']
+          pattern: |-
+            memdump:
+              enabled: false
+      - matchRegex:
+          path: data['dragent.yaml']
+          pattern: |-
+            network_topology:
+              enabled: false
+    template: configmap.yaml