[CWS] Enable Activity Dump v2 in newer agents

[kovagsm]

What does this PR do?

Gates CWS Activity Dump v2 behind Agent >= 7.81.0; logs a warning when requested on an unverifiable/older Agent instead of enabling it.

Motivation

v2 has no guard against unbounded memory allocation on older Agents, so enabling it there can OOM. Fail closed when the version can't be confirmed.

Additional Notes

Default deployments stay off until images.AgentLatestVersion is bumped to >= 7.81.0 (currently 7.80.1). Unparseable tags (digest-pinned/custom) also fail closed by design.

Minimum Agent Versions

Are there minimum versions of the Datadog Agent and/or Cluster Agent required?

• Agent: v7.81.0
• Cluster Agent: N/A

Describe your test plan

Unit tests covers at/above/below min version, unparseable tag, and no-override cases.

Checklist

• PR has at least one valid label: bug, enhancement, refactoring, documentation, tooling, and/or dependencies
• PR has a milestone or the qa/skip-qa label
• All commits are signed (see: signing commits)

[datadog-prod-us1-6]

 

✨ Fix all issues with BitsAI

⚠️ Warnings

🚦 2 Pipeline jobs failed

pull request linter | Check Milestone     

pull request linter | build     

ℹ️ Info

🎯 Code Coverage (details)
• Patch Coverage: 100.00%
• Overall Coverage: 44.07% (+0.02%)

Useful? React with 👍 / 👎

_{This comment will be updated automatically if new data arrives.
🔗 Commit SHA: a58f146 | Docs | Datadog PR Page | Give us feedback!}

[chatgpt-codex-connector]

💡 Codex Review

Here are some automated review suggestions for this pull request.

Reviewed commit: a58f146074

ℹ️ About Codex in GitHub

Codex has been enabled to automatically review pull requests in this repo. Reviews are triggered when you

• Open a pull request for review
• Mark a draft as ready
• Comment "@codex review".

If Codex has suggestions, it will comment; otherwise it will react with 👍.

When you sign up for Codex through ChatGPT, Codex can also answer questions or update the PR, like "@codex address that feedback".

[chatgpt-codex-connector]

Emit Activity Dump v2 into the pod template

When a user sets features.cws.securityProfiles.v2: true with an Agent tag >= 7.81.0, this branch only sets f.activityDumpV2. That field is never consumed in ManageNodeAgent to add DD_RUNTIME_SECURITY_CONFIG_ACTIVITY_DUMP_V2 to the generated DaemonSet, so Activity Dump v2 remains disabled despite the supported opt-in.

Useful? React with 👍 / 👎.

[codecov-commenter]

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 43.81%. Comparing base (72bc0a0) to head (a58f146).

Additional details and impacted files

@@            Coverage Diff             @@
##             main    #3151      +/-   ##
==========================================
+ Coverage   43.79%   43.81%   +0.02%     
==========================================
  Files         375      375              
  Lines       30575    30587      +12     
==========================================
+ Hits        13390    13402      +12     
  Misses      16276    16276              
  Partials      909      909              

Flag	Coverage Δ
unittests	43.81% <100.00%> (+0.02%)	⬆️

Flags with carried forward coverage won't be shown. Click here to find out more.

Files with missing lines	Coverage Δ
api/datadoghq/v2alpha1/datadogagent_types.go	0.00% <ø> (ø)
...nal/controller/datadogagent/feature/cws/feature.go	76.99% <100.00%> (+1.37%)	⬆️

---

Continue to review full report in Codecov by Harness.

Legend - Click here to learn more
Δ = absolute <relative> (impact), ø = not affected, ? = missing data
Powered by Codecov. Last update 72bc0a0...a58f146. Read the comment docs.

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.