Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

chore(asm): asm standalone env var will send apm.enabled=0 #9445

Merged
merged 5 commits into from
May 30, 2024
Merged

chore(asm): asm standalone env var will send apm.enabled=0 #9445

merged 5 commits into from
May 30, 2024

Conversation

gnufede
Copy link
Member

@gnufede gnufede commented May 30, 2024
edited by emmettbutler
Loading

ASM: This introduces an experimental env var DD_EXPERIMENTAL_APPSEC_STANDALONE_ENABLED that will send the tag apm.enabled as 0 if used together with DD_APPSEC_ENABLED=true

Checklist

  • Change(s) are motivated and described in the PR description
  • Testing strategy is described if automated tests are not included in the PR
  • Risks are described (performance impact, potential for breakage, maintainability)
  • Change is maintainable (easy to change, telemetry, documentation)
  • Library release note guidelines are followed or label changelog/no-changelog is set
  • Documentation is included (in-code, generated user docs, public corp docs)
  • Backport labels are set (if applicable)
  • If this PR changes the public interface, I've notified @DataDog/apm-tees.

Reviewer Checklist

  • Title is accurate
  • All changes are related to the pull request's stated goal
  • Description motivates each change
  • Avoids breaking API changes
  • Testing strategy adequately addresses listed risks
  • Change is maintainable (easy to change, telemetry, documentation)
  • Release note makes sense to a user of the library
  • Author has acknowledged and discussed the performance implications of this PR as reported in the benchmarks PR comment
  • Backport labels are set in a manner that is consistent with the release branch maintenance policy

@gnufede gnufede added changelog/no-changelog A changelog entry is not required for this PR. ASM Application Security Monitoring labels May 30, 2024
@gnufede gnufede requested review from a team as code owners May 30, 2024 12:07
@gnufede gnufede requested a review from emmettbutler May 30, 2024 12:07
@datadog-dd-trace-py-rkomorn
Copy link

datadog-dd-trace-py-rkomorn bot commented May 30, 2024
edited
Loading

Datadog Report

Branch report: gnufede/APPSEC-53002-apm-opt-out-metric
Commit report: 610c89f
Test service: dd-trace-py

✅ 0 Failed, 145093 Passed, 27704 Skipped, 6h 28m 45.13s Total duration (2h 26m 15.19s time saved)

@codecov-commenter
Copy link

Codecov Report

Attention: Patch coverage is 18.42105% with 31 lines in your changes are missing coverage. Please review.

Project coverage is 10.24%. Comparing base (110f4e4) to head (6f26f1b).
Report is 4 commits behind head on main.

Files Patch % Lines
tests/appsec/appsec/test_asm_standalone.py 0.00% 15 Missing ⚠️
tests/tracer/test_processors.py 0.00% 7 Missing ⚠️
ddtrace/_trace/processor/__init__.py 25.00% 3 Missing ⚠️
ddtrace/_trace/tracer.py 75.00% 2 Missing ⚠️
ddtrace/constants.py 0.00% 2 Missing ⚠️
ddtrace/settings/asm.py 0.00% 2 Missing ⚠️
Additional details and impacted files 
@@             Coverage Diff             @@
##             main    #9445       +/-   ##
===========================================
- Coverage   75.90%   10.24%   -65.67%     
===========================================
  Files        1301     1273       -28     
  Lines      123660   121826     -1834     
===========================================
- Hits        93861    12476    -81385     
- Misses      29799   109350    +79551

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

@gnufede gnufede enabled auto-merge (squash) May 30, 2024 13:54
@gnufede gnufede merged commit 82b3753 into main May 30, 2024
189 of 194 checks passed
@gnufede gnufede deleted the gnufede/APPSEC-53002-apm-opt-out-metric branch May 30, 2024 15:26
@gnufede gnufede mentioned this pull request May 31, 2024
Merged
17 tasks
brettlangdon pushed a commit that referenced this pull request Jun 1, 2024
@gnufede @brettlangdon
chore(asm): asm standalone env var will send apm.enabled=0 (#9445)
c6a80b1 
ASM: This introduces an experimental env var
`DD_EXPERIMENTAL_APPSEC_STANDALONE_ENABLED` that will send the tag
`apm.enabled` as 0 if used together with `DD_APPSEC_ENABLED=true`

## Checklist

- [x] Change(s) are motivated and described in the PR description
- [x] Testing strategy is described if automated tests are not included
in the PR
- [x] Risks are described (performance impact, potential for breakage,
maintainability)
- [x] Change is maintainable (easy to change, telemetry, documentation)
- [x] [Library release note
guidelines](https://ddtrace.readthedocs.io/en/stable/releasenotes.html)
are followed or label `changelog/no-changelog` is set
- [x] Documentation is included (in-code, generated user docs, [public
corp docs](https://github.com/DataDog/documentation/))
- [x] Backport labels are set (if
[applicable](https://ddtrace.readthedocs.io/en/latest/contributing.html#backporting))
- [x] If this PR changes the public interface, I've notified
`@DataDog/apm-tees`.

## Reviewer Checklist

- [x] Title is accurate
- [x] All changes are related to the pull request's stated goal
- [x] Description motivates each change
- [x] Avoids breaking
[API](https://ddtrace.readthedocs.io/en/stable/versioning.html#interfaces)
changes
- [x] Testing strategy adequately addresses listed risks
- [x] Change is maintainable (easy to change, telemetry, documentation)
- [x] Release note makes sense to a user of the library
- [x] Author has acknowledged and discussed the performance implications
of this PR as reported in the benchmarks PR comment
- [x] Backport labels are set in a manner that is consistent with the
[release branch maintenance
policy](https://ddtrace.readthedocs.io/en/latest/contributing.html#backporting)
gnufede added a commit that referenced this pull request Jun 4, 2024
@gnufede @Julio-Guerra
feat(asm): standalone asm (#9211)
0cef208 
## Description
This PR allows ASM customers to disable APM, and use only ASM features.
To have the full picture, see also #9444 and #9445.

## Details
It involves changes when opting out from APM with
`DD_EXPERIMENTAL_APPSEC_STANDALONE_ENABLED=true` and
`DD_APPSEC_ENABLED=true`:
- Doesn't disable Span Processors.
- Rate limiting of APM traces is reduced to minimal levels (1 trace per
minute).
- `Datadog-Client-Computed-Stats` header is sent to the agent so it
doesn't compute stats on its end, but they aren't computed on the
library side either.
- Disables metric reporting.


## Checklist

- [x] Change(s) are motivated and described in the PR description
- [x] Testing strategy is described if automated tests are not included
in the PR
- [x] Risks are described (performance impact, potential for breakage,
maintainability)
- [x] Change is maintainable (easy to change, telemetry, documentation)
- [x] [Library release note
guidelines](https://ddtrace.readthedocs.io/en/stable/releasenotes.html)
are followed or label `changelog/no-changelog` is set
- [x] Documentation is included (in-code, generated user docs, [public
corp docs](https://github.com/DataDog/documentation/))
- [x] Backport labels are set (if
[applicable](https://ddtrace.readthedocs.io/en/latest/contributing.html#backporting))
- [x] If this PR changes the public interface, I've notified
`@DataDog/apm-tees`.

## Reviewer Checklist

- [x] Title is accurate
- [x] All changes are related to the pull request's stated goal
- [x] Description motivates each change
- [x] Avoids breaking
[API](https://ddtrace.readthedocs.io/en/stable/versioning.html#interfaces)
changes
- [x] Testing strategy adequately addresses listed risks
- [x] Change is maintainable (easy to change, telemetry, documentation)
- [x] Release note makes sense to a user of the library
- [x] Author has acknowledged and discussed the performance implications
of this PR as reported in the benchmarks PR comment
- [x] Backport labels are set in a manner that is consistent with the
[release branch maintenance
policy](https://ddtrace.readthedocs.io/en/latest/contributing.html#backporting)

---------

Co-authored-by: Julio Guerra <julio.guerra@datadoghq.com>
This was referenced Jun 4, 2024
Closed
Merged
gnufede added a commit that referenced this pull request Jun 10, 2024
@gnufede
chore(asm): standalone asm propagation (#9482)
20e87ca 
## Description:
ASM: adds Standalone ASM distributed propagation changes as described in
"RFC: Standalone ASM billing V2".

For the full picture of this feature, see:
#9211 ,
#9444 and
#9445

See also System Tests related changes:
DataDog/system-tests#2522

## Details:
The main change is that if ASM Standalone is enabled, propagation of
distributed spans would reset (from upstream) unless they are part of a
distributed span where there are AppSec events (signaled through the
propagation tag _dd.p.appsec: 1).

It will also cut propagation downstream if there are no appsec events in
the current or upstream spans.

Notice that AppSec events trigger a force keep, and that takes
precedence over the received propagation in this PR.

Also notice that most tests start by creating a first span without an
appsec event. This is due to the fact that ASM Standalone needs to
maintain a minimum rate of 1 trace per minute regardless of upstream
propagation or appsec events present, so that way we are not affected by
that rate in the test.

## Checklist

- [x] Change(s) are motivated and described in the PR description
- [x] Testing strategy is described if automated tests are not included
in the PR
- [x] Risks are described (performance impact, potential for breakage,
maintainability)
- [x] Change is maintainable (easy to change, telemetry, documentation)
- [x] [Library release note
guidelines](https://ddtrace.readthedocs.io/en/stable/releasenotes.html)
are followed or label `changelog/no-changelog` is set
- [x] Documentation is included (in-code, generated user docs, [public
corp docs](https://github.com/DataDog/documentation/))
- [x] Backport labels are set (if
[applicable](https://ddtrace.readthedocs.io/en/latest/contributing.html#backporting))
- [x] If this PR changes the public interface, I've notified
`@DataDog/apm-tees`.

## Reviewer Checklist

- [x] Title is accurate
- [x] All changes are related to the pull request's stated goal
- [x] Description motivates each change
- [x] Avoids breaking
[API](https://ddtrace.readthedocs.io/en/stable/versioning.html#interfaces)
changes
- [x] Testing strategy adequately addresses listed risks
- [x] Change is maintainable (easy to change, telemetry, documentation)
- [x] Release note makes sense to a user of the library
- [x] Author has acknowledged and discussed the performance implications
of this PR as reported in the benchmarks PR comment
- [x] Backport labels are set in a manner that is consistent with the
[release branch maintenance
policy](https://ddtrace.readthedocs.io/en/latest/contributing.html#backporting)
This pull request was closed.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@emmettbutler emmettbutler emmettbutler approved these changes

@christophe-papazian christophe-papazian christophe-papazian approved these changes

Assignees
No one assigned
Labels
ASM Application Security Monitoring changelog/no-changelog A changelog entry is not required for this PR.
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@gnufede @codecov-commenter @emmettbutler @christophe-papazian