datadog-agent
datadog-agent copied to clipboard
DataDog
pkg/serverless/appsec/httpsec: add unsupported event span tag
What does this PR do?
Emit the span tag _dd.appsec.unsupported_event_type:1 when the lambda invocation event type is not supported.
Motivation
Be able to help support cases by distinguishing the following cases:
- ASM enabled and the event type is supported:
_dd.appsec.enabled:1 - ASM enabled and the event type is not supported:
_dd.appsec.unsupported_event_type:1
ASM has been often deployed on unsupported lambdas where it was impossible to tell if it was due to a bad setup or unsupported event types.
Additional Notes
Possible Drawbacks / Trade-offs
Describe how to test/QA your changes
Reviewer's Checklist
- [ ] If known, an appropriate milestone has been selected; otherwise the
Triagemilestone is set. - [ ] Use the
major_changelabel if your change either has a major impact on the code base, is impacting multiple teams or is changing important well-established internals of the Agent. This label will be use during QA to make sure each team pay extra attention to the changed behavior. For any customer facing change use a releasenote. - [ ] A release note has been added or the
changelog/no-changeloglabel has been applied. - [ ] Changed code has automated tests for its functionality.
- [ ] Adequate QA/testing plan information is provided. Except if the
qa/skip-qalabel, with required eitherqa/doneorqa/no-code-changelabels, are applied. - [ ] At least one
team/..label has been applied, indicating the team(s) that should QA this change. - [ ] If applicable, docs team has been notified or an issue has been opened on the documentation repo.
- [ ] If applicable, the
need-change/operatorandneed-change/helmlabels have been applied. - [ ] If applicable, the
k8s/<min-version>label, indicating the lowest Kubernetes version compatible with this feature. - [ ] If applicable, the config template has been updated.
Bloop Bleep... Dogbot Here
Regression Detector Results
Run ID: 6588606f-d248-4c56-a6e2-459a75a31105 Baseline: a451225c8aa273da52cd0674b5eda7e4b72ddc20 Comparison: ed614350efa747819d8c4ae93bb036dac406c9fd
Performance changes are noted in the perf column of each table:
- ✅ = significantly better comparison variant performance
- ❌ = significantly worse comparison variant performance
- ➖ = no significant change in performance
Experiments with missing or malformed data
- basic_py_check
Usually, this warning means that there is no usable optimization goal data for that experiment, which could be a result of misconfiguration.
No significant changes in experiment optimization goals
Confidence level: 90.00% Effect size tolerance: |Δ mean %| ≥ 5.00%
There were no significant changes in experiment optimization goals at this confidence level and effect size tolerance.
Experiments ignored for regressions
Regressions in experiments with settings containing erratic: true are ignored.
| perf | experiment | goal | Δ mean % | Δ mean % CI |
|---|---|---|---|---|
| ➖ | file_to_blackhole | % cpu utilization | +0.14 | [-6.38, +6.65] |
Fine details of change detection per experiment
| perf | experiment | goal | Δ mean % | Δ mean % CI |
|---|---|---|---|---|
| ➖ | tcp_syslog_to_blackhole | ingress throughput | +0.82 | [+0.77, +0.88] |
| ➖ | idle | memory utilization | +0.22 | [+0.19, +0.26] |
| ➖ | file_to_blackhole | % cpu utilization | +0.14 | [-6.38, +6.65] |
| ➖ | process_agent_standard_check_with_stats | memory utilization | +0.10 | [+0.07, +0.13] |
| ➖ | tcp_dd_logs_filter_exclude | ingress throughput | +0.00 | [-0.00, +0.00] |
| ➖ | trace_agent_msgpack | ingress throughput | +0.00 | [-0.01, +0.01] |
| ➖ | uds_dogstatsd_to_api | ingress throughput | -0.00 | [-0.00, +0.00] |
| ➖ | trace_agent_json | ingress throughput | -0.04 | [-0.07, -0.01] |
| ➖ | process_agent_real_time_mode | memory utilization | -0.14 | [-0.18, -0.10] |
| ➖ | process_agent_standard_check | memory utilization | -0.18 | [-0.21, -0.15] |
| ➖ | file_tree | memory utilization | -0.28 | [-0.35, -0.21] |
| ➖ | otel_to_otel_logs | ingress throughput | -0.82 | [-1.48, -0.17] |
| ➖ | uds_dogstatsd_to_api_cpu | % cpu utilization | -1.65 | [-3.08, -0.22] |
Explanation
A regression test is an A/B test of target performance in a repeatable rig, where "performance" is measured as "comparison variant minus baseline variant" for an optimization goal (e.g., ingress throughput). Due to intrinsic variability in measuring that goal, we can only estimate its mean value for each experiment; we report uncertainty in that value as a 90.00% confidence interval denoted "Δ mean % CI".
For each experiment, we decide whether a change in performance is a "regression" -- a change worth investigating further -- if all of the following criteria are true:
-
Its estimated |Δ mean %| ≥ 5.00%, indicating the change is big enough to merit a closer look.
-
Its 90.00% confidence interval "Δ mean % CI" does not contain zero, indicating that if our statistical model is accurate, there is at least a 90.00% chance there is a difference in performance between baseline and comparison variants.
-
Its configuration does not mark it "erratic".
![pr-commenter[bot] avatar](https://avatars.githubusercontent.com/u/365230?v=4 "Published by a pub.dev verified publisher"){kind=small}
Serverless Benchmark Results
BenchmarkStartEndInvocation comparison between a451225c8aa273da52cd0674b5eda7e4b72ddc20 and dc7b029eb231c09796658c38055805af3b574ba2.
tl;dr
-
Skim down the
vs basecolumn in each chart. If there is a~, then there was no statistically significant change to the benchmark. Otherwise, ensure the estimated percent change is either negative or very small. -
The last row of each chart is the
geomean. Ensure this percentage is either negative or very small.
What is this benchmarking?
The BenchmarkStartEndInvocation compares the amount of time it takes to call the start-invocation and end-invocation endpoints. For universal instrumentation languages (Dotnet, Golang, Java, Ruby), this represents the majority of the duration overhead added by our tracing layer.
The benchmark is run using a large variety of lambda request payloads. In the charts below, there is one row for each event payload type.
How do I interpret these charts?
The charts below comes from benchstat. They represent the statistical change in duration (sec/op), memory overhead (B/op), and allocations (allocs/op).
The benchstat docs explain how to interpret these charts.
Before the comparison table, we see common file-level configuration. If there are benchmarks with different configuration (for example, from different packages), benchstat will print separate tables for each configuration.
The table then compares the two input files for each benchmark. It shows the median and 95% confidence interval summaries for each benchmark before and after the change, and an A/B comparison under "vs base". ... The p-value measures how likely it is that any differences were due to random chance (i.e., noise). The "~" means benchstat did not detect a statistically significant difference between the two inputs. ...
Note that "statistically significant" is not the same as "large": with enough low-noise data, even very small changes can be distinguished from noise and considered statistically significant. It is, of course, generally easier to distinguish large changes from noise.
Finally, the last row of the table shows the geometric mean of each column, giving an overall picture of how the benchmarks changed. Proportional changes in the geomean reflect proportional changes in the benchmarks. For example, given n benchmarks, if sec/op for one of them increases by a factor of 2, then the sec/op geomean will increase by a factor of ⁿ√2.
Benchmark stats
goos: linux
goarch: amd64
pkg: github.com/DataDog/datadog-agent/pkg/serverless/daemon
cpu: AMD EPYC 7763 64-Core Processor
│ baseline/benchmark.log │ current/benchmark.log │
│ sec/op │ sec/op vs base │
api-gateway-appsec.json 86.10µ ± 7% 87.91µ ± 3% ~ (p=0.280 n=10)
api-gateway-kong-appsec.json 68.37µ ± 2% 70.65µ ± 2% +3.33% (p=0.000 n=10)
api-gateway-kong.json 66.36µ ± 3% 68.19µ ± 1% +2.76% (p=0.011 n=10)
api-gateway-non-proxy-async.json 106.6µ ± 1% 106.1µ ± 3% ~ (p=0.684 n=10)
api-gateway-non-proxy.json 105.3µ ± 1% 107.3µ ± 2% +1.89% (p=0.009 n=10)
api-gateway-websocket-connect.json 69.01µ ± 1% 70.80µ ± 1% +2.60% (p=0.001 n=10)
api-gateway-websocket-default.json 62.48µ ± 1% 62.85µ ± 1% ~ (p=0.218 n=10)
api-gateway-websocket-disconnect.json 61.63µ ± 1% 62.58µ ± 1% +1.54% (p=0.023 n=10)
api-gateway.json 113.5µ ± 1% 113.3µ ± 1% ~ (p=0.280 n=10)
application-load-balancer.json 62.09µ ± 1% 60.58µ ± 2% -2.43% (p=0.000 n=10)
cloudfront.json 47.00µ ± 2% 44.36µ ± 1% -5.62% (p=0.000 n=10)
cloudwatch-events.json 38.54µ ± 2% 36.37µ ± 4% -5.63% (p=0.000 n=10)
cloudwatch-logs.json 65.49µ ± 1% 64.26µ ± 3% ~ (p=0.143 n=10)
custom.json 30.13µ ± 2% 29.56µ ± 3% ~ (p=0.165 n=10)
dynamodb.json 92.71µ ± 1% 92.29µ ± 1% -0.45% (p=0.023 n=10)
empty.json 28.23µ ± 3% 27.73µ ± 2% ~ (p=0.190 n=10)
eventbridge-custom.json 41.71µ ± 2% 42.28µ ± 1% ~ (p=0.075 n=10)
http-api.json 72.75µ ± 2% 74.40µ ± 2% +2.28% (p=0.005 n=10)
kinesis-batch.json 71.38µ ± 2% 72.51µ ± 2% +1.58% (p=0.011 n=10)
kinesis.json 53.93µ ± 1% 54.64µ ± 2% +1.33% (p=0.029 n=10)
s3.json 58.72µ ± 1% 59.14µ ± 3% ~ (p=0.616 n=10)
sns-batch.json 89.57µ ± 1% 86.19µ ± 1% -3.78% (p=0.000 n=10)
sns.json 62.94µ ± 2% 62.31µ ± 1% ~ (p=0.075 n=10)
snssqs.json 104.7µ ± 1% 103.8µ ± 3% -0.88% (p=0.043 n=10)
snssqs_no_dd_context.json 100.03µ ± 1% 97.19µ ± 3% -2.84% (p=0.004 n=10)
sqs-aws-header.json 56.11µ ± 2% 54.52µ ± 1% -2.83% (p=0.002 n=10)
sqs-batch.json 95.32µ ± 1% 92.65µ ± 3% -2.80% (p=0.007 n=10)
sqs.json 70.06µ ± 2% 66.85µ ± 3% -4.57% (p=0.000 n=10)
sqs_no_dd_context.json 62.57µ ± 1% 60.21µ ± 3% -3.77% (p=0.001 n=10)
geomean 66.51µ 66.01µ -0.74%
│ baseline/benchmark.log │ current/benchmark.log │
│ B/op │ B/op vs base │
api-gateway-appsec.json 37.18Ki ± 0% 37.18Ki ± 0% ~ (p=0.839 n=10)
api-gateway-kong-appsec.json 26.78Ki ± 0% 26.78Ki ± 0% ~ (p=0.810 n=10)
api-gateway-kong.json 24.27Ki ± 0% 24.27Ki ± 0% ~ (p=0.564 n=10)
api-gateway-non-proxy-async.json 47.98Ki ± 0% 47.98Ki ± 0% ~ (p=0.781 n=10)
api-gateway-non-proxy.json 47.19Ki ± 0% 47.19Ki ± 0% ~ (p=0.753 n=10)
api-gateway-websocket-connect.json 25.39Ki ± 0% 25.39Ki ± 0% ~ (p=0.471 n=10)
api-gateway-websocket-default.json 21.29Ki ± 0% 21.29Ki ± 0% ~ (p=0.539 n=10)
api-gateway-websocket-disconnect.json 21.07Ki ± 0% 21.07Ki ± 0% ~ (p=0.927 n=10)
api-gateway.json 49.44Ki ± 0% 49.43Ki ± 0% ~ (p=0.306 n=10)
application-load-balancer.json 23.15Ki ± 0% 23.15Ki ± 0% ~ (p=0.897 n=10)
cloudfront.json 17.57Ki ± 0% 17.54Ki ± 0% -0.12% (p=0.000 n=10)
cloudwatch-events.json 11.63Ki ± 0% 11.63Ki ± 0% ~ (p=0.670 n=10)
cloudwatch-logs.json 53.27Ki ± 0% 53.27Ki ± 0% ~ (p=0.591 n=10)
custom.json 9.638Ki ± 0% 9.636Ki ± 0% ~ (p=0.868 n=10)
dynamodb.json 40.61Ki ± 0% 40.60Ki ± 0% ~ (p=0.725 n=10)
empty.json 9.193Ki ± 0% 9.189Ki ± 0% ~ (p=0.566 n=10)
eventbridge-custom.json 13.34Ki ± 0% 13.35Ki ± 0% ~ (p=0.271 n=10)
http-api.json 23.68Ki ± 0% 23.68Ki ± 0% ~ (p=0.541 n=10)
kinesis-batch.json 26.96Ki ± 0% 26.96Ki ± 0% ~ (p=0.869 n=10)
kinesis.json 17.72Ki ± 0% 17.72Ki ± 0% ~ (p=0.926 n=10)
s3.json 20.26Ki ± 0% 20.27Ki ± 0% ~ (p=0.271 n=10)
sns-batch.json 38.55Ki ± 0% 38.54Ki ± 0% ~ (p=0.184 n=10)
sns.json 23.87Ki ± 0% 23.88Ki ± 0% ~ (p=0.493 n=10)
snssqs.json 49.55Ki ± 0% 49.59Ki ± 0% ~ (p=0.078 n=10)
snssqs_no_dd_context.json 44.79Ki ± 0% 44.76Ki ± 0% ~ (p=0.315 n=10)
sqs-aws-header.json 18.81Ki ± 0% 18.76Ki ± 0% -0.29% (p=0.000 n=10)
sqs-batch.json 41.53Ki ± 0% 41.51Ki ± 0% ~ (p=0.684 n=10)
sqs.json 25.45Ki ± 0% 25.42Ki ± 0% ~ (p=0.447 n=10)
sqs_no_dd_context.json 20.55Ki ± 1% 20.60Ki ± 1% ~ (p=0.469 n=10)
geomean 25.63Ki 25.62Ki -0.01%
│ baseline/benchmark.log │ current/benchmark.log │
│ allocs/op │ allocs/op vs base │
api-gateway-appsec.json 628.5 ± 0% 628.5 ± 0% ~ (p=1.000 n=10)
api-gateway-kong-appsec.json 487.0 ± 0% 487.0 ± 0% ~ (p=1.000 n=10) ¹
api-gateway-kong.json 465.0 ± 0% 465.0 ± 0% ~ (p=1.000 n=10) ¹
api-gateway-non-proxy-async.json 724.0 ± 0% 724.0 ± 0% ~ (p=1.000 n=10)
api-gateway-non-proxy.json 715.0 ± 0% 715.0 ± 0% ~ (p=1.000 n=10)
api-gateway-websocket-connect.json 452.0 ± 0% 452.0 ± 0% ~ (p=1.000 n=10) ¹
api-gateway-websocket-default.json 378.0 ± 0% 378.0 ± 0% ~ (p=1.000 n=10) ¹
api-gateway-websocket-disconnect.json 368.0 ± 0% 368.0 ± 0% ~ (p=0.582 n=10)
api-gateway.json 789.0 ± 0% 789.0 ± 0% ~ (p=1.000 n=10)
application-load-balancer.json 351.0 ± 0% 351.0 ± 0% ~ (p=1.000 n=10)
cloudfront.json 282.0 ± 0% 282.0 ± 0% ~ (p=0.087 n=10)
cloudwatch-events.json 219.0 ± 0% 219.0 ± 0% ~ (p=1.000 n=10) ¹
cloudwatch-logs.json 214.0 ± 0% 214.0 ± 0% ~ (p=1.000 n=10)
custom.json 167.0 ± 0% 167.0 ± 0% ~ (p=1.000 n=10)
dynamodb.json 588.0 ± 0% 588.0 ± 0% ~ (p=0.628 n=10)
empty.json 158.0 ± 1% 158.0 ± 0% ~ (p=1.000 n=10)
eventbridge-custom.json 252.0 ± 0% 252.5 ± 0% ~ (p=1.000 n=10)
http-api.json 431.0 ± 0% 431.0 ± 0% ~ (p=1.000 n=10)
kinesis-batch.json 389.5 ± 0% 389.5 ± 0% ~ (p=1.000 n=10)
kinesis.json 283.5 ± 0% 283.5 ± 0% ~ (p=1.000 n=10)
s3.json 356.0 ± 0% 356.5 ± 0% ~ (p=0.650 n=10)
sns-batch.json 454.0 ± 0% 453.0 ± 0% ~ (p=0.127 n=10)
sns.json 321.5 ± 0% 322.0 ± 0% ~ (p=0.714 n=10)
snssqs.json 423.0 ± 0% 423.0 ± 0% ~ (p=0.367 n=10)
snssqs_no_dd_context.json 398.0 ± 0% 398.0 ± 0% ~ (p=0.570 n=10)
sqs-aws-header.json 273.0 ± 0% 272.0 ± 0% -0.37% (p=0.007 n=10)
sqs-batch.json 502.0 ± 0% 502.0 ± 0% ~ (p=0.723 n=10)
sqs.json 350.0 ± 1% 349.0 ± 1% ~ (p=0.463 n=10)
sqs_no_dd_context.json 322.0 ± 1% 323.0 ± 1% ~ (p=0.502 n=10)
geomean 374.5 374.5 -0.00%
¹ all samples are equal
![github-actions[bot] avatar](https://avatars.githubusercontent.com/in/15368?v=4 "Published by a pub.dev verified publisher"){kind=small}
:steam_locomotive: MergeQueue
Pull request added to the queue.
There are 2 builds ahead! (estimated merge in less than 28m)
Use /merge -c to cancel this operation!