DataDog
diff --git a/‎comp/core/workloadfilter/catalog/common.go‎
Lines changed: 48 additions & 0 deletions b/‎comp/core/workloadfilter/catalog/common.go‎
Lines changed: 48 additions & 0 deletions
diff --git a/‎comp/core/workloadfilter/catalog/container.go‎
Lines changed: 1 addition & 78 deletions b/‎comp/core/workloadfilter/catalog/container.go‎
Lines changed: 1 addition & 78 deletions
diff --git a/‎comp/core/workloadfilter/catalog/kube_endpoints.go‎
Lines changed: 0 additions & 16 deletions b/‎comp/core/workloadfilter/catalog/kube_endpoints.go‎
Lines changed: 0 additions & 16 deletions
diff --git a/‎comp/core/workloadfilter/catalog/kube_service.go‎
Lines changed: 0 additions & 16 deletions b/‎comp/core/workloadfilter/catalog/kube_service.go‎
Lines changed: 0 additions & 16 deletions
diff --git a/‎comp/core/workloadfilter/catalog/pod.go‎
Lines changed: 0 additions & 8 deletions b/‎comp/core/workloadfilter/catalog/pod.go‎
Lines changed: 0 additions & 8 deletions
diff --git a/‎comp/core/workloadfilter/catalog/utils.go‎
Lines changed: 2 additions & 147 deletions b/‎comp/core/workloadfilter/catalog/utils.go‎
Lines changed: 2 additions & 147 deletions
@@ -9,7 +9,9 @@ package catalog
 // This file contains filter programs that can be shared across different entity types.
 
 import (
+	log "github.com/DataDog/datadog-agent/comp/core/log/def"
 	"github.com/DataDog/datadog-agent/comp/core/workloadfilter/program"
+	"github.com/DataDog/datadog-agent/pkg/util/containers"
 )
 
 // AutodiscoveryAnnotations creates a CEL program for autodiscovery annotations.
@@ -35,3 +37,49 @@ func AutodiscoveryLogsAnnotations() program.FilterProgram {
 		ExcludePrefix: "logs_",
 	}
 }
+
+// LegacyContainerGlobalProgram creates a legacy filter program for global containerized filtering
+func LegacyContainerGlobalProgram(cfg *FilterConfig, logger log.Component) program.FilterProgram {
+	return createLegacyContainerProgram("LegacyContainerGlobalProgram", cfg.ContainerInclude, cfg.ContainerExclude, logger)
+}
+
+// LegacyContainerMetricsProgram creates a legacy filter program for containerized metrics filtering
+func LegacyContainerMetricsProgram(cfg *FilterConfig, logger log.Component) program.FilterProgram {
+	return createLegacyContainerProgram("LegacyContainerMetricsProgram", cfg.ContainerIncludeMetrics, cfg.ContainerExcludeMetrics, logger)
+}
+
+// LegacyContainerLogsProgram creates a legacy filter program for containerized logs filtering
+func LegacyContainerLogsProgram(cfg *FilterConfig, logger log.Component) program.FilterProgram {
+	return createLegacyContainerProgram("LegacyContainerLogsProgram", cfg.ContainerIncludeLogs, cfg.ContainerExcludeLogs, logger)
+}
+
+// LegacyContainerACExcludeProgram creates a legacy filter program for containerized AC exclusion filtering
+func LegacyContainerACExcludeProgram(cfg *FilterConfig, logger log.Component) program.FilterProgram {
+	return createLegacyContainerProgram("LegacyContainerACExcludeProgram", nil, cfg.ACExclude, logger)
+}
+
+// LegacyContainerACIncludeProgram creates a legacy filter program for containerized AC inclusion filtering
+func LegacyContainerACIncludeProgram(cfg *FilterConfig, logger log.Component) program.FilterProgram {
+	return createLegacyContainerProgram("LegacyContainerACIncludeProgram", cfg.ACInclude, nil, logger)
+}
+
+// LegacyContainerSBOMProgram creates a legacy filter program for containerized SBOM filtering
+func LegacyContainerSBOMProgram(cfg *FilterConfig, logger log.Component) program.FilterProgram {
+	return createLegacyContainerProgram("LegacyContainerSBOMProgram", cfg.SBOMContainerInclude, cfg.SBOMContainerExclude, logger)
+}
+
+func createLegacyContainerProgram(programName string, include, exclude []string, logger log.Component) program.FilterProgram {
+	var initErrors []error
+
+	filter, err := containers.NewFilter(containers.GlobalFilter, include, exclude)
+	if err != nil {
+		initErrors = append(initErrors, err)
+		logger.Warnf("Failed to create filter '%s': %v", programName, err)
+	}
+
+	return program.LegacyFilterProgram{
+		Name:                 programName,
+		Filter:               filter,
+		InitializationErrors: initErrors,
+	}
+}
@@ -7,92 +7,15 @@
 package catalog
 
 import (
-	"regexp"
-	"strings"
-
 	log "github.com/DataDog/datadog-agent/comp/core/log/def"
 	workloadfilter "github.com/DataDog/datadog-agent/comp/core/workloadfilter/def"
 	"github.com/DataDog/datadog-agent/comp/core/workloadfilter/program"
 	"github.com/DataDog/datadog-agent/pkg/util/containers"
 )
 
-// LegacyContainerMetricsProgram creates a program for filtering container metrics
-func LegacyContainerMetricsProgram(filterConfig *FilterConfig, logger log.Component) program.FilterProgram {
-	programName := "LegacyContainerMetricsProgram"
-	include := filterConfig.ContainerIncludeMetrics
-	exclude := filterConfig.ContainerExcludeMetrics
-	return createFromOldFilters(programName, include, exclude, workloadfilter.ContainerType, logger)
-}
-
-// LegacyContainerLogsProgram creates a program for filtering container logs
-func LegacyContainerLogsProgram(filterConfig *FilterConfig, logger log.Component) program.FilterProgram {
-	programName := "LegacyContainerLogsProgram"
-	include := filterConfig.ContainerIncludeLogs
-	exclude := filterConfig.ContainerExcludeLogs
-	return createFromOldFilters(programName, include, exclude, workloadfilter.ContainerType, logger)
-}
-
-// LegacyContainerACExcludeProgram creates a program for excluding containers via legacy `AC` filters
-func LegacyContainerACExcludeProgram(filterConfig *FilterConfig, logger log.Component) program.FilterProgram {
-	programName := "LegacyContainerACExcludeProgram"
-	exclude := filterConfig.ACExclude
-	return createFromOldFilters(programName, nil, exclude, workloadfilter.ContainerType, logger)
-}
-
-// LegacyContainerACIncludeProgram creates a program for including containers via legacy `AC` filters
-func LegacyContainerACIncludeProgram(filterConfig *FilterConfig, logger log.Component) program.FilterProgram {
-	programName := "LegacyContainerACIncludeProgram"
-	include := filterConfig.ACInclude
-	return createFromOldFilters(programName, include, nil, workloadfilter.ContainerType, logger)
-}
-
-// LegacyContainerGlobalProgram creates a program for filtering container globally
-func LegacyContainerGlobalProgram(filterConfig *FilterConfig, logger log.Component) program.FilterProgram {
-	programName := "LegacyContainerGlobalProgram"
-	include := filterConfig.ContainerInclude
-	exclude := filterConfig.ContainerExclude
-	return createFromOldFilters(programName, include, exclude, workloadfilter.ContainerType, logger)
-}
-
-// LegacyContainerSBOMProgram creates a program for filtering container SBOMs
-func LegacyContainerSBOMProgram(filterConfig *FilterConfig, logger log.Component) program.FilterProgram {
-	programName := "LegacyContainerSBOMProgram"
-	include := filterConfig.SBOMContainerInclude
-	exclude := filterConfig.SBOMContainerExclude
-	return createFromOldFilters(programName, include, exclude, workloadfilter.ContainerType, logger)
-}
-
 // ContainerPausedProgram creates a program for filtering paused containers
 func ContainerPausedProgram(_ *FilterConfig, logger log.Component) program.FilterProgram {
-	programName := "ContainerPausedProgram"
-	var initErrors []error
-
-	exclude := containers.GetPauseContainerExcludeList()
-
-	excludeRegex := make([]*regexp.Regexp, 0, len(exclude))
-	for _, pattern := range exclude {
-		pattern = strings.TrimPrefix(pattern, "image:")
-		regex, err := regexp.Compile(pattern)
-		if err != nil {
-			initErrors = append(initErrors, err)
-			logger.Warnf("Error compiling regex pattern for %s: %v", programName, err)
-			continue
-		}
-		excludeRegex = append(excludeRegex, regex)
-	}
-
-	return &program.RegexProgram{
-		Name:         programName,
-		ExcludeRegex: excludeRegex,
-		ExtractField: func(entity workloadfilter.Filterable) string {
-			container, ok := entity.(*workloadfilter.Container)
-			if !ok {
-				return ""
-			}
-			return container.GetImage()
-		},
-		InitializationErrors: initErrors,
-	}
+	return createLegacyContainerProgram("ContainerPausedProgram", nil, containers.GetPauseContainerExcludeList(), logger)
 }
 
 // ContainerCELMetricsProgram creates a program for filtering container metrics via CEL rules
 
@@ -12,22 +12,6 @@ import (
 	"github.com/DataDog/datadog-agent/comp/core/workloadfilter/program"
 )
 
-// LegacyEndpointsMetricsProgram creates a program for filtering endpoints metrics
-func LegacyEndpointsMetricsProgram(filterConfig *FilterConfig, logger log.Component) program.FilterProgram {
-	programName := "LegacyEndpointsMetricsProgram"
-	include := filterConfig.ContainerIncludeMetrics
-	exclude := filterConfig.ContainerExcludeMetrics
-	return createFromOldFilters(programName, include, exclude, workloadfilter.EndpointType, logger)
-}
-
-// LegacyEndpointsGlobalProgram creates a program for filtering endpoints globally
-func LegacyEndpointsGlobalProgram(filterConfig *FilterConfig, logger log.Component) program.FilterProgram {
-	programName := "LegacyEndpointsGlobalProgram"
-	includeList := filterConfig.GetLegacyContainerInclude()
-	excludeList := filterConfig.GetLegacyContainerExclude()
-	return createFromOldFilters(programName, includeList, excludeList, workloadfilter.EndpointType, logger)
-}
-
 // EndpointCELMetricsProgram creates a program for filtering endpoints metrics via CEL rules
 func EndpointCELMetricsProgram(filterConfig *FilterConfig, logger log.Component) program.FilterProgram {
 	programName := "EndpointCELMetricsProgram"
 
@@ -12,22 +12,6 @@ import (
 	"github.com/DataDog/datadog-agent/comp/core/workloadfilter/program"
 )
 
-// LegacyServiceMetricsProgram creates a program for filtering service metrics
-func LegacyServiceMetricsProgram(filterConfig *FilterConfig, logger log.Component) program.FilterProgram {
-	programName := "LegacyServiceMetricsProgram"
-	include := filterConfig.ContainerIncludeMetrics
-	exclude := filterConfig.ContainerExcludeMetrics
-	return createFromOldFilters(programName, include, exclude, workloadfilter.ServiceType, logger)
-}
-
-// LegacyServiceGlobalProgram creates a program for filtering services globally
-func LegacyServiceGlobalProgram(filterConfig *FilterConfig, logger log.Component) program.FilterProgram {
-	programName := "LegacyServiceGlobalProgram"
-	includeList := filterConfig.GetLegacyContainerInclude()
-	excludeList := filterConfig.GetLegacyContainerExclude()
-	return createFromOldFilters(programName, includeList, excludeList, workloadfilter.ServiceType, logger)
-}
-
 // ServiceCELMetricsProgram creates a program for filtering services metrics via CEL rules
 func ServiceCELMetricsProgram(filterConfig *FilterConfig, logger log.Component) program.FilterProgram {
 	programName := "ServiceCELMetricsProgram"
 
@@ -12,14 +12,6 @@ import (
 	"github.com/DataDog/datadog-agent/comp/core/workloadfilter/program"
 )
 
-// LegacyPodProgram creates a program for filtering legacy pods.
-func LegacyPodProgram(filterConfig *FilterConfig, loggger log.Component) program.FilterProgram {
-	programName := "LegacyPodProgram"
-	includeList := append(filterConfig.ContainerInclude, filterConfig.ContainerIncludeMetrics...)
-	excludeList := append(filterConfig.ContainerExclude, filterConfig.ContainerExcludeMetrics...)
-	return createFromOldFilters(programName, includeList, excludeList, workloadfilter.PodType, loggger)
-}
-
 // PodCELMetricsProgram creates a program for filtering pods metrics via CEL rules
 func PodCELMetricsProgram(filterConfig *FilterConfig, logger log.Component) program.FilterProgram {
 	programName := "PodCELMetricsProgram"
 
@@ -9,162 +9,17 @@
 package catalog
 
 import (
-	"fmt"
 	"os"
-	"strconv"
-	"strings"
-
-	"github.com/google/cel-go/cel"
 
 	log "github.com/DataDog/datadog-agent/comp/core/log/def"
 	"github.com/DataDog/datadog-agent/comp/core/workloadfilter/program"
+	"github.com/DataDog/datadog-agent/comp/core/workloadfilter/util/celprogram"
 
 	workloadfilter "github.com/DataDog/datadog-agent/comp/core/workloadfilter/def"
-	legacyFilter "github.com/DataDog/datadog-agent/pkg/util/containers"
 )
 
-func createFromOldFilters(name string, oldInclude, oldExclude []string, objectType workloadfilter.ResourceType, logger log.Component) program.FilterProgram {
-	var initErrors []error
-
-	includeProgram, includeErr := createProgramFromOldFilters(oldInclude, objectType)
-	if includeErr != nil {
-		initErrors = append(initErrors, includeErr)
-		logger.Warnf("error creating include program for %s: %v", name, includeErr)
-	}
-
-	excludeProgram, excludeErr := createProgramFromOldFilters(oldExclude, objectType)
-	if excludeErr != nil {
-		initErrors = append(initErrors, excludeErr)
-		logger.Warnf("error creating exclude program for %s: %v", name, excludeErr)
-	}
-
-	return program.CELProgram{
-		Name:                 name,
-		Include:              includeProgram,
-		Exclude:              excludeProgram,
-		InitializationErrors: initErrors,
-	}
-}
-
-// createProgramFromOldFilters handles the conversion of old filters to new filters and creates a CEL program.
-// Returns both the program and any errors encountered during creation.
-func createProgramFromOldFilters(oldFilters []string, objectType workloadfilter.ResourceType) (cel.Program, error) {
-	filterString, err := convertOldToNewFilter(oldFilters, objectType)
-	if err != nil {
-		return nil, err
-	}
-
-	program, err := compileCELProgram(filterString, objectType)
-	if err != nil {
-		return nil, err
-	}
-
-	return program, nil
-}
-
-func compileCELProgram(rules string, objectType workloadfilter.ResourceType) (cel.Program, error) {
-	if rules == "" {
-		return nil, nil
-	}
-	env, err := cel.NewEnv(
-		cel.Types(&workloadfilter.Container{}, &workloadfilter.Pod{}, &workloadfilter.Process{}),
-		cel.Variable(string(objectType), cel.ObjectType(convertTypeToProtoType(objectType))),
-	)
-	if err != nil {
-		return nil, err
-	}
-	abstractSyntaxTree, issues := env.Compile(rules)
-	if issues != nil && issues.Err() != nil {
-		return nil, issues.Err()
-	}
-	prg, err := env.Program(abstractSyntaxTree, cel.EvalOptions(cel.OptOptimize))
-	if err != nil {
-		return nil, err
-	}
-	return prg, nil
-}
-
-// getFieldMapping creates a map to associate old filter prefixes with new filter fields
-func getFieldMapping(objectType workloadfilter.ResourceType) map[string]string {
-	return map[string]string{
-		"name":  fmt.Sprintf("%s.name.matches", objectType),
-		"image": fmt.Sprintf("%s.image.matches", objectType),
-		"kube_namespace": func() string {
-			if objectType == workloadfilter.ContainerType {
-				return fmt.Sprintf("%s.%s.namespace.matches", objectType, workloadfilter.PodType)
-			}
-			return fmt.Sprintf("%s.namespace.matches", objectType)
-
-		}(),
-	}
-}
-
-// convertOldToNewFilter converts the legacy regex ad filter format to cel-go format.
-//
-// Old Format: []string{"image:nginx.*", "name:xyz-.*"},
-// New Format: "container.name.matches('xyz-.*') || container.image.matches('nginx.*')"
-func convertOldToNewFilter(oldFilters []string, objectType workloadfilter.ResourceType) (string, error) {
-	if oldFilters == nil {
-		return "", nil
-	}
-
-	legacyFieldMapping := getFieldMapping(objectType)
-
-	var newFilters []string
-	for _, oldFilter := range oldFilters {
-
-		if oldFilter == "" {
-			continue
-		}
-
-		// Split the filter into key and value using the first colon
-		key, value, ok := strings.Cut(oldFilter, ":")
-		if !ok {
-			return "", fmt.Errorf("invalid filter format: %s", oldFilter)
-		}
-
-		// Check if the key applies for the particular workload type
-		if objectType != workloadfilter.ContainerType && key == "image" {
-			continue
-		}
-		if objectType == workloadfilter.PodType && key != "kube_namespace" {
-			continue
-		}
-
-		// Legacy support for image filtering
-		if key == "image" {
-			value = legacyFilter.PreprocessImageFilter(value)
-		}
-
-		if newField, ok := legacyFieldMapping[key]; ok {
-			newFilters = append(newFilters, fmt.Sprintf(`%s(%s)`, newField, strconv.Quote(value)))
-		} else {
-			return "", fmt.Errorf("container filter %s:%s is unknown, ignoring it. The supported filters are 'image', 'name' and 'kube_namespace'", key, value)
-		}
-	}
-	return strings.Join(newFilters, " || "), nil
-}
-
-// convertTypeToProtoType converts a filter.ResourceType to its corresponding proto type string.
-func convertTypeToProtoType(key workloadfilter.ResourceType) string {
-	switch key {
-	case workloadfilter.ContainerType:
-		return "datadog.filter.FilterContainer"
-	case workloadfilter.PodType:
-		return "datadog.filter.FilterPod"
-	case workloadfilter.ServiceType:
-		return "datadog.filter.FilterKubeService"
-	case workloadfilter.EndpointType:
-		return "datadog.filter.FilterKubeEndpoint"
-	case workloadfilter.ProcessType:
-		return "datadog.filter.FilterProcess"
-	default:
-		return ""
-	}
-}
-
 func createCELExcludeProgram(name string, rules string, objectType workloadfilter.ResourceType, logger log.Component) program.FilterProgram {
-	excludeProgram, excludeErr := compileCELProgram(rules, objectType)
+	excludeProgram, excludeErr := celprogram.CreateCELProgram(rules, objectType)
 	if excludeErr != nil {
 		logger.Criticalf(`failed to compile '%s' from 'cel_workload_exclude' filters: %v`, name, excludeErr)
 		logger.Flush()