Specifying `--blocked-nets=""` does not clear the IP denylist for multihttp checks

[nadiamoe]

The value of --blocked-nets, which defaults to 10.0.0.0/8, eventually makes it verbatim (after validation) to the --blacklist-ip k6 flag: https://github.com/grafana/synthetic-monitoring-agent/blob/e6f47620c627339cf100d6eea50c286ec304660a/internal/k6runner/k6runner.go#L455

However, specifying an empty value will not clear the in-script default value we set for multihttp checks: https://github.com/grafana/synthetic-monitoring-agent/blob/e6f47620c627339cf100d6eea50c286ec304660a/internal/prober/multihttp/script.tmpl#L43

Fixing this proper will require refactoring the script generation code so it can get not only check settings, but also settings local to the probe. This work was started in #732, but still requires more effort.

Workaround

A workaround for this issue is to specify a non-empty, no-op CIDR that would filter no (real) addresses, e.g. --blocked-nets=0.0.0.0/32. This will override the default value for all checks, including multihttp.

[mem]

Adding "component: agent" for now. That's not exactly true.

[peterschretlen]

Related forum post: https://community.grafana.com/t/private-probe-and-checks-to-rfc1918/129343

I will tentatively schedule this for Cycle 25 (Nov-Dec 2024), for review during planning

[peterschretlen]

Related to https://github.com/grafana/synthetic-monitoring-agent/issues/901

[nadiamoe]

Proposal: simply remove the hardcoded value in the script. The default value for the flag should be enough.

[clementduveau]

Confusing that we state "IP networks to block in CIDR notation, disabled if empty" while empty is actually 10.0.0.0/8 by default.