Skip to content

Commit

Permalink
Add automatic scrubbing for tracing
Browse files Browse the repository at this point in the history
  • Loading branch information
@albertvaka
Jamie van Brunschot authored and albertvaka committed Feb 19, 2020
1 parent ab8fa3f commit dea484e
Show file tree
Hide file tree
Showing 3 changed files with 80 additions and 1 deletion.
17 changes: 16 additions & 1 deletion manifests/init.pp
View file
Expand Up @@ -175,6 +175,9 @@
# $apm_analyzed_spans
# Hash defining the APM spans to analyze and their rates.
# Optional Hash. Default: undef.
# $apm_obfuscation
# Hash defining obfuscation rules for sensitive data.
# Optional Hash. Default: undef
# $process_enabled
# String to enable the process/container agent
# Boolean. Default: false
Expand Down Expand Up @@ -300,6 +303,7 @@
String $apm_env = 'none',
Boolean $apm_non_local_traffic = false,
Optional[Hash[String, Float[0, 1]]] $apm_analyzed_spans = undef,
Optional[Hash[String, Data]] $apm_obfuscation = undef,
Boolean $process_enabled = $datadog_agent::params::process_default_enabled,
Boolean $scrub_args = $datadog_agent::params::process_default_scrub_args,
Array $custom_sensitive_words = $datadog_agent::params::process_default_custom_words,
Expand Down Expand Up @@ -527,7 +531,7 @@
}
}

if ($apm_enabled == true) and ($apm_env != 'none') or $apm_analyzed_spans {
if ($apm_enabled == true) and (($apm_env != 'none') or $apm_analyzed_spans or $apm_obfuscation) {
concat::fragment{ 'datadog apm footer':
target => '/etc/dd-agent/datadog.conf',
content => template('datadog_agent/datadog_apm_footer.conf.erb'),
Expand Down Expand Up @@ -606,6 +610,16 @@
$apm_analyzed_span_config = {}
}

if $apm_obfuscation {
$apm_obfuscation_config = {
'apm_config' => {
'obfuscation' => $apm_obfuscation
}
}
} else {
$apm_obfuscation_config = {}
}

if $statsd_forward_host != '' {
if $_statsd_forward_port != '' {
$statsd_forward_config = {
Expand Down Expand Up @@ -634,6 +648,7 @@
$logs_base_config,
$agent_extra_options,
$apm_analyzed_span_config,
$apm_obfuscation_config,
$statsd_forward_config,
$host_config,
$additional_checksd_config)
Expand Down
56 changes: 56 additions & 0 deletions spec/classes/datadog_agent_spec.rb
View file
Expand Up @@ -1909,6 +1909,62 @@
)
}
end

context 'with apm_enabled set to true and apm_obfuscation specified' do
let(:params) do
{
apm_enabled: true,
apm_obfuscation: {
elasticsearch: {
enable: true,
keep_values: [
'user_id',
'category_id',
],
},
redis: {
enable: true,
},
memcached: {
enable: true,
},
http: {
remove_query_string: true,
remove_paths_with_digits: true,
},
mongodb: {
enable: true,
keep_values: [
'uid',
'cat_id',
],
},
},
}
end

it {
is_expected.to contain_file(config_yaml_file).with(
'content' => %r{^apm_config:\n},
)
}
it {
is_expected.to contain_file(config_yaml_file).with(
'content' => %r{^apm_config:\n\ \ enabled: true\n},
)
}
it {
is_expected.to contain_file(config_yaml_file).with(
'content' => %r{^\ \ obfuscation:\n},
)
}
it {
is_expected.to contain_file(config_yaml_file).with(
'content' => %r{elasticsearch},
)
}
end

context 'with extra_options and Process enabled' do
let(:params) do
{
Expand Down
8 changes: 8 additions & 0 deletions templates/datadog_apm_footer.conf.erb
View file
Expand Up @@ -9,3 +9,11 @@ env: <%= @apm_env %>
<%= span %>: <%= value %>
<% end %>
<% end -%>
<% if @apm_obfuscation -%>
[trace.obfuscation]
<% @apm_obfuscation.each do |service, data| -%>
<%= service %>:
<%= data %>
<% end %>
<% end -%>

0 comments on commit dea484e

Please sign in to comment.