CWS: fix runtime policies loading, when no config map is defined

[paulcacheux]

What does this PR do?

When loading the agent through the operator with a default config like:

apiVersion: datadoghq.com/v1alpha1
kind: DatadogAgent
metadata:
  name: datadog
spec:
  credentials:
    apiKey: XX
    appKey: YY
  agent:
    security:
      runtime:
        enabled: true

The CWS policies directory is empty. The reason explaining this issue is that the policies dir is always mounted, even when no override is defined by the user. This means that in the default case we are overriding the default rules with a mount to a non-existant/empty folder

Motivation

What inspired you to submit this pull request?

Additional Notes

Anything else we should know when reviewing?

Describe your test plan

Write there any instructions and details you may have to test your PR.

[github-actions]

This pull request does not contain a valid label. Please add one of the following labels: bug, enhancement, refactoring, documentation, tooling

[CharlyF]

Seems like we still create the empty volume at the pod spec level when no custom policies are used. Should we get rid of this too or the volume mount in the system probe is enough?

datadog-operator/controllers/datadogagent/utils.go

Lines 1320 to 1333 in 3114084

	if isRuntimeSecurityEnabled(&dda.Spec) {
	volumes = append(volumes,
	corev1.Volume{
	Name: datadoghqv1alpha1.SecurityAgentRuntimePoliciesDirVolumeName,
	VolumeSource: corev1.VolumeSource{
	EmptyDir: &corev1.EmptyDirVolumeSource{},
	},
	})
	if dda.Spec.Agent.Security.Runtime.PoliciesDir != nil {
	volumes = append(volumes,
	getVolumeFromConfigDirSpec(datadoghqv1alpha1.SecurityAgentRuntimeCustomPoliciesVolumeName, dda.Spec.Agent.Security.Runtime.PoliciesDir),
	)
	}

[paulcacheux]

What this PR does is enough to fix the issue, if you feel that the volume definition would be even better I can include it in the second if

[codecov-commenter]

Codecov Report

Merging #522 (5af58de) into main (34a1618) will not change coverage.
The diff coverage is n/a.

@@           Coverage Diff           @@
##             main     #522   +/-   ##
=======================================
  Coverage   58.51%   58.51%           
=======================================
  Files           3        3           
  Lines         135      135           
=======================================
  Hits           79       79           
  Misses         43       43           
  Partials       13       13           

Flag	Coverage Δ
unittests	58.51% <ø> (ø)

Flags with carried forward coverage won't be shown. Click here to find out more.

---

Continue to review full report at Codecov.

Legend - Click here to learn more
Δ = absolute <relative> (impact), ø = not affected, ? = missing data
Powered by Codecov. Last update 34a1618...5af58de. Read the comment docs.

[CharlyF]

What this PR does is enough to fix the issue, if you feel that the volume definition would be even better I can include it in the second if

Just want to make sure we are covering all grounds.
Thanks for the contrib! 🚀