-
Notifications
You must be signed in to change notification settings - Fork 375
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Move _dd.apm.enabled
tag in tracing root span
#4141
base: master
Are you sure you want to change the base?
Conversation
BenchmarksBenchmark execution time: 2024-12-03 14:24:02 Comparing candidate commit c28f69f in PR branch Found 1 performance improvements and 4 performance regressions! Performance is the same for 26 metrics, 2 unstable metrics. scenario:tracing - 1 span trace - no writer
scenario:tracing - 100 span trace - no writer
scenario:tracing - Propagation - Datadog
scenario:tracing - Propagation - Trace Context
scenario:tracing - Tracing.log_correlation
|
Codecov ReportAttention: Patch coverage is
Additional details and impacted files@@ Coverage Diff @@
## master #4141 +/- ##
==========================================
- Coverage 97.76% 97.75% -0.01%
==========================================
Files 1357 1355 -2
Lines 81950 81992 +42
Branches 4168 4173 +5
==========================================
+ Hits 80117 80150 +33
- Misses 1833 1842 +9 ☔ View full report in Codecov by Sentry. |
# We add this metric when ASM standalone is enabled to make sure we don't bill APM | ||
if Datadog.configuration.appsec.standalone.enabled | ||
request_span.set_metric(Tracing::Metadata::Ext::TAG_APM_ENABLED, 0) | ||
end |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
In #3965 @anmarchenko mentioned tracing gaining a dependency on appsec and that pattern appears to continue here. I my opinion it would be better for tracing to provide hooks that appsec will hook into to avoid tracing referencing appsec in code, but I am not developing either part of the library.
I do also find it hard to ascertain whether the code behaves correctly - this PR sets APM enabled to 0 from tracing, but it is not clear from the diff where/under what conditions APM enabled is set to 1 (or if that happens at all).
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Can you elaborate the reason about tagging a rack
span specifically?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
The env var name DD_EXPERIMENTAL_APPSEC_STANDALONE_ENABLED
is temporary, and what Standalone Appsec actually does is disabling tracing (or more precisely rate-limiting it at 1 trace per minute), and when 'Appsec' is activated along 'Standalone Appsec' (as Standalone Appsec does not in fact activate Appsec by itself), it force-keep traces that contains Appsec events.
There is a RFC currently being reviewed to find the final name for this env var, which will most likely be DD_TRACE_APM_ENABLED
. When it will be approved, I will also change the configuration from Datadog.configuration.appsec.standalone.enabled
to something like Datadog.configuration.tracing.apm.enabled
, which will make more sense and show that there is no dependency from appsec in tracing (but the other way will be true, which already is anyway)
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Can you elaborate the reason about tagging a rack span specifically?
For now, the only product other than tracing that uses traces is Appsec, and in Appsec we only instrument rack-based apps (Rails, Sinatra, Rack itself...)
But maybe we could tag somewhere else, like in http frameworks, now that we have moved this part in tracing. What do you think of adding that tag on the HTTP level ? Or should we stick to Rack, and maybe also add other frameworks like sidekiq ?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I understand this is experimental feature but similar concern with shotgun surgery and product coupling has been raised in the previous pull request code review, that signals the severity of design issue.
- It is hard to make sense of the convention and logic using
Datadog.configuration.tracing.apm.enabled
, which APM includes multiple products includingprofiling
. - I can see similar approach like
rack
, that AppSec contains the 3rd party patches that depends on TraceOperation. - Or maybe other kinds of dependency injection mechanism
Overall, the requirements (some kinds of hook systems, perhaps could be encompassed by @lloeki 's Instrumentation API ?) are not clear and I am afraid that if we are indifferent now could cast a long shadow in the future.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
does it make sense to find the root span here and not the rack span?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Yes, this is changed in e0c503a
Note that "non-billing" naming is temporary.
.github/workflows/system-tests.yml
Outdated
@@ -11,7 +11,7 @@ on: | |||
env: | |||
REGISTRY: ghcr.io | |||
REPO: ghcr.io/datadog/dd-trace-rb | |||
SYSTEM_TESTS_REF: main # This must always be set to `main` on dd-trace-rb's master branch | |||
SYSTEM_TESTS_REF: igor/standalone-sca # This must always be set to `main` on dd-trace-rb's master branch |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
reminder: please change this branch to master before merging
# We add this metric when ASM standalone is enabled to make sure we don't bill APM | ||
if Datadog.configuration.appsec.standalone.enabled | ||
request_span.set_metric(Tracing::Metadata::Ext::TAG_APM_ENABLED, 0) | ||
end |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
does it make sense to find the root span here and not the rack span?
As of 27th. of November, the scope of this PR has been changed to moving all "non-billing" mode code to Tracing part. |
_dd.apm.enabled
tag in tracing Rack middleware_dd.apm.enabled
tag in tracing root span
… non-billing mode
7ee5c9f
to
e6639a4
Compare
Datadog ReportBranch report: ✅ 0 Failed, 22066 Passed, 1461 Skipped, 6m 26.73s Total Time |
b98fbcb
to
2061cce
Compare
2061cce
to
e8acbf8
Compare
What does this PR do?
It moves the addition of
_dd.apm.enabled
tag to spans in tracing's Rack middleware instead of Appsec middleware.Motivation:
During the review of Standalone SCA system-tests, I found out that enabling 'Standalone Appsec Billing' (
DD_EXPERIMENTAL_APPSEC_STANDALONE_ENABLED=true
) and disabling 'Appsec Threats' (DD_APPSEC_ENABLED=false
) would make the tests fails as_dd.apm.enabled
is set in appsec Rack middleware.This is not correct as this tag is suppose to communicate to the Agent that we should not bill for APM traces, and Standalone Appsec Billing will still limit the number of traces to 1 per minute to keep services alive on the backend side even if Appsec Threats is not enabled, thus the traces must contain that tag.
Change log entry
None.
How to test the change?
Standalone SCA system-tests (./run.sh SCA_STANDALONE) should XPASS (or pass if force executed)