datadog-agent
datadog-agent copied to clipboard
DataDog
feat(CI): wrap the calls to aws ssm get-parameter to prevent unable to locate credential issues
What does this PR do?
Add a wrapper around aws ssm get-parameter calls:
- enable a uniform way to call it with improved security about secret disclosure
- add a retry mechanism to prevent any issue regarding secret access
unable to locate credentials
Motivation
Improve CI stability
Additional Notes
Sorry in advance, this PR embeds file formatting. Only get the non secret parameters in windows context pending a real review on the ps1 script added.
Possible Drawbacks / Trade-offs
Describe how to test/QA your changes
Reviewer's Checklist
- [ ] If known, an appropriate milestone has been selected; otherwise the
Triagemilestone is set. - [ ] Use the
major_changelabel if your change either has a major impact on the code base, is impacting multiple teams or is changing important well-established internals of the Agent. This label will be use during QA to make sure each team pay extra attention to the changed behavior. For any customer facing change use a releasenote. - [ ] A release note has been added or the
changelog/no-changeloglabel has been applied. - [ ] Changed code has automated tests for its functionality.
- [ ] Adequate QA/testing plan information is provided. Except if the
qa/skip-qalabel, with required eitherqa/doneorqa/no-code-changelabels, are applied. - [ ] At least one
team/..label has been applied, indicating the team(s) that should QA this change. - [ ] If applicable, docs team has been notified or an issue has been opened on the documentation repo.
- [ ] If applicable, the
need-change/operatorandneed-change/helmlabels have been applied. - [ ] If applicable, the
k8s/<min-version>label, indicating the lowest Kubernetes version compatible with this feature. - [ ] If applicable, the config template has been updated.
Bloop Bleep... Dogbot Here
Regression Detector Results
Run ID: 0aa78b02-3042-4aa4-b546-45fb8f979161 Baseline: 164655360b216947085c7319286f7c72327626e8 Comparison: 078c1916e2ea92d01728c40a33056e9716c97d99 Total CPUs: 7
Performance changes are noted in the perf column of each table:
- ✅ = significantly better comparison variant performance
- ❌ = significantly worse comparison variant performance
- ➖ = no significant change in performance
Experiments with missing or malformed data
- basic_py_check
Usually, this warning means that there is no usable optimization goal data for that experiment, which could be a result of misconfiguration.
No significant changes in experiment optimization goals
Confidence level: 90.00% Effect size tolerance: |Δ mean %| ≥ 5.00%
There were no significant changes in experiment optimization goals at this confidence level and effect size tolerance.
Experiments ignored for regressions
Regressions in experiments with settings containing erratic: true are ignored.
| perf | experiment | goal | Δ mean % | Δ mean % CI |
|---|---|---|---|---|
| ➖ | file_to_blackhole | % cpu utilization | -0.42 | [-7.00, +6.15] |
Fine details of change detection per experiment
| perf | experiment | goal | Δ mean % | Δ mean % CI |
|---|---|---|---|---|
| ➖ | idle | memory utilization | +0.54 | [+0.50, +0.58] |
| ➖ | process_agent_real_time_mode | memory utilization | +0.11 | [+0.06, +0.15] |
| ➖ | process_agent_standard_check | memory utilization | +0.06 | [+0.01, +0.11] |
| ➖ | trace_agent_msgpack | ingress throughput | +0.01 | [-0.00, +0.02] |
| ➖ | tcp_dd_logs_filter_exclude | ingress throughput | +0.00 | [-0.00, +0.00] |
| ➖ | uds_dogstatsd_to_api | ingress throughput | +0.00 | [-0.00, +0.00] |
| ➖ | trace_agent_json | ingress throughput | -0.02 | [-0.07, +0.02] |
| ➖ | process_agent_standard_check_with_stats | memory utilization | -0.07 | [-0.11, -0.02] |
| ➖ | file_to_blackhole | % cpu utilization | -0.42 | [-7.00, +6.15] |
| ➖ | tcp_syslog_to_blackhole | ingress throughput | -0.44 | [-0.49, -0.38] |
| ➖ | file_tree | memory utilization | -0.53 | [-0.65, -0.41] |
| ➖ | otel_to_otel_logs | ingress throughput | -1.05 | [-1.70, -0.40] |
| ➖ | uds_dogstatsd_to_api_cpu | % cpu utilization | -4.18 | [-5.57, -2.79] |
Explanation
A regression test is an A/B test of target performance in a repeatable rig, where "performance" is measured as "comparison variant minus baseline variant" for an optimization goal (e.g., ingress throughput). Due to intrinsic variability in measuring that goal, we can only estimate its mean value for each experiment; we report uncertainty in that value as a 90.00% confidence interval denoted "Δ mean % CI".
For each experiment, we decide whether a change in performance is a "regression" -- a change worth investigating further -- if all of the following criteria are true:
-
Its estimated |Δ mean %| ≥ 5.00%, indicating the change is big enough to merit a closer look.
-
Its 90.00% confidence interval "Δ mean % CI" does not contain zero, indicating that if our statistical model is accurate, there is at least a 90.00% chance there is a difference in performance between baseline and comparison variants.
-
Its configuration does not mark it "erratic".
![pr-commenter[bot] avatar](https://avatars.githubusercontent.com/u/365230?v=4 "Published by a pub.dev verified publisher"){kind=small}
LGTM, not sure if the YAML reformat was required though.
No sorry I realized my IDE settings had reformatted when I had so much modified files so I let them changed. We might define the formatting settings in the repo I guess.
Serverless Benchmark Results
BenchmarkStartEndInvocation comparison between cf1df652313dc45d940366c84c049bd963dbf454 and 281dede10c6e8954fe2feec8bbf07538d35ffd9d.
tl;dr
-
Skim down the
vs basecolumn in each chart. If there is a~, then there was no statistically significant change to the benchmark. Otherwise, ensure the estimated percent change is either negative or very small. -
The last row of each chart is the
geomean. Ensure this percentage is either negative or very small.
What is this benchmarking?
The BenchmarkStartEndInvocation compares the amount of time it takes to call the start-invocation and end-invocation endpoints. For universal instrumentation languages (Dotnet, Golang, Java, Ruby), this represents the majority of the duration overhead added by our tracing layer.
The benchmark is run using a large variety of lambda request payloads. In the charts below, there is one row for each event payload type.
How do I interpret these charts?
The charts below comes from benchstat. They represent the statistical change in duration (sec/op), memory overhead (B/op), and allocations (allocs/op).
The benchstat docs explain how to interpret these charts.
Before the comparison table, we see common file-level configuration. If there are benchmarks with different configuration (for example, from different packages), benchstat will print separate tables for each configuration.
The table then compares the two input files for each benchmark. It shows the median and 95% confidence interval summaries for each benchmark before and after the change, and an A/B comparison under "vs base". ... The p-value measures how likely it is that any differences were due to random chance (i.e., noise). The "~" means benchstat did not detect a statistically significant difference between the two inputs. ...
Note that "statistically significant" is not the same as "large": with enough low-noise data, even very small changes can be distinguished from noise and considered statistically significant. It is, of course, generally easier to distinguish large changes from noise.
Finally, the last row of the table shows the geometric mean of each column, giving an overall picture of how the benchmarks changed. Proportional changes in the geomean reflect proportional changes in the benchmarks. For example, given n benchmarks, if sec/op for one of them increases by a factor of 2, then the sec/op geomean will increase by a factor of ⁿ√2.
Benchmark stats
goos: linux
goarch: amd64
pkg: github.com/DataDog/datadog-agent/pkg/serverless/daemon
cpu: AMD EPYC 7763 64-Core Processor
│ baseline/benchmark.log │ current/benchmark.log │
│ sec/op │ sec/op vs base │
api-gateway-appsec.json 86.62µ ± 2% 83.16µ ± 5% ~ (p=0.063 n=10)
api-gateway-kong-appsec.json 67.99µ ± 4% 64.30µ ± 1% -5.42% (p=0.000 n=10)
api-gateway-kong.json 65.65µ ± 1% 61.93µ ± 2% -5.66% (p=0.000 n=10)
api-gateway-non-proxy-async.json 105.1µ ± 3% 100.2µ ± 2% -4.74% (p=0.000 n=10)
api-gateway-non-proxy.json 106.2µ ± 2% 100.1µ ± 1% -5.76% (p=0.000 n=10)
api-gateway-websocket-connect.json 70.45µ ± 2% 65.79µ ± 1% -6.62% (p=0.000 n=10)
api-gateway-websocket-default.json 62.66µ ± 2% 58.71µ ± 1% -6.30% (p=0.000 n=10)
api-gateway-websocket-disconnect.json 62.21µ ± 1% 58.31µ ± 1% -6.28% (p=0.000 n=10)
api-gateway.json 115.8µ ± 1% 110.3µ ± 1% -4.73% (p=0.000 n=10)
application-load-balancer.json 63.07µ ± 2% 59.53µ ± 1% -5.61% (p=0.000 n=10)
cloudfront.json 47.65µ ± 2% 45.26µ ± 1% -5.00% (p=0.000 n=10)
cloudwatch-events.json 35.40µ ± 2% 35.52µ ± 2% ~ (p=0.631 n=10)
cloudwatch-logs.json 61.19µ ± 4% 61.28µ ± 1% ~ (p=0.796 n=10)
custom.json 28.31µ ± 2% 28.27µ ± 1% ~ (p=0.739 n=10)
dynamodb.json 92.86µ ± 2% 91.18µ ± 1% -1.81% (p=0.005 n=10)
empty.json 27.28µ ± 2% 27.00µ ± 2% ~ (p=0.739 n=10)
eventbridge-custom.json 39.95µ ± 1% 39.66µ ± 2% ~ (p=0.315 n=10)
http-api.json 70.98µ ± 2% 69.39µ ± 2% -2.23% (p=0.007 n=10)
kinesis-batch.json 70.25µ ± 2% 68.99µ ± 1% -1.80% (p=0.011 n=10)
kinesis.json 52.45µ ± 1% 51.91µ ± 2% ~ (p=0.089 n=10)
s3.json 57.92µ ± 3% 57.24µ ± 1% -1.16% (p=0.027 n=10)
sns-batch.json 88.38µ ± 1% 88.34µ ± 1% ~ (p=0.971 n=10)
sns.json 62.77µ ± 2% 62.30µ ± 2% ~ (p=0.315 n=10)
snssqs.json 104.0µ ± 2% 103.0µ ± 2% ~ (p=0.089 n=10)
snssqs_no_dd_context.json 95.91µ ± 2% 95.95µ ± 1% ~ (p=0.529 n=10)
sqs-aws-header.json 53.79µ ± 1% 53.12µ ± 2% ~ (p=0.075 n=10)
sqs-batch.json 93.63µ ± 2% 92.34µ ± 1% -1.38% (p=0.029 n=10)
sqs.json 67.62µ ± 1% 66.61µ ± 2% -1.50% (p=0.005 n=10)
sqs_no_dd_context.json 60.82µ ± 2% 59.84µ ± 2% -1.62% (p=0.030 n=10)
geomean 65.38µ 63.63µ -2.68%
│ baseline/benchmark.log │ current/benchmark.log │
│ B/op │ B/op vs base │
api-gateway-appsec.json 37.02Ki ± 0% 37.02Ki ± 0% ~ (p=0.782 n=10)
api-gateway-kong-appsec.json 26.62Ki ± 0% 26.62Ki ± 0% ~ (p=1.000 n=10)
api-gateway-kong.json 24.11Ki ± 0% 24.11Ki ± 0% ~ (p=0.926 n=10)
api-gateway-non-proxy-async.json 47.82Ki ± 0% 47.82Ki ± 0% ~ (p=0.810 n=10)
api-gateway-non-proxy.json 47.03Ki ± 0% 47.02Ki ± 0% ~ (p=0.402 n=10)
api-gateway-websocket-connect.json 25.23Ki ± 0% 25.22Ki ± 0% ~ (p=0.091 n=10)
api-gateway-websocket-default.json 21.13Ki ± 0% 21.13Ki ± 0% ~ (p=0.147 n=10)
api-gateway-websocket-disconnect.json 20.91Ki ± 0% 20.91Ki ± 0% ~ (p=0.403 n=10)
api-gateway.json 49.29Ki ± 0% 49.27Ki ± 0% -0.02% (p=0.037 n=10)
application-load-balancer.json 23.00Ki ± 0% 23.00Ki ± 0% -0.04% (p=0.012 n=10)
cloudfront.json 17.42Ki ± 0% 17.40Ki ± 0% -0.11% (p=0.004 n=10)
cloudwatch-events.json 11.48Ki ± 0% 11.46Ki ± 0% -0.14% (p=0.002 n=10)
cloudwatch-logs.json 53.10Ki ± 0% 53.11Ki ± 0% ~ (p=0.869 n=10)
custom.json 9.474Ki ± 0% 9.478Ki ± 0% ~ (p=0.159 n=10)
dynamodb.json 40.45Ki ± 0% 40.43Ki ± 0% ~ (p=0.066 n=10)
empty.json 9.035Ki ± 0% 9.037Ki ± 0% ~ (p=0.541 n=10)
eventbridge-custom.json 13.18Ki ± 0% 13.19Ki ± 0% ~ (p=0.516 n=10)
http-api.json 23.52Ki ± 0% 23.49Ki ± 0% ~ (p=0.362 n=10)
kinesis-batch.json 26.80Ki ± 0% 26.79Ki ± 0% ~ (p=0.182 n=10)
kinesis.json 17.58Ki ± 0% 17.59Ki ± 0% ~ (p=0.146 n=10)
s3.json 20.09Ki ± 0% 20.10Ki ± 0% ~ (p=0.753 n=10)
sns-batch.json 38.38Ki ± 0% 38.37Ki ± 0% ~ (p=0.516 n=10)
sns.json 23.75Ki ± 0% 23.72Ki ± 0% -0.15% (p=0.009 n=10)
snssqs.json 49.39Ki ± 0% 49.40Ki ± 0% ~ (p=0.617 n=10)
snssqs_no_dd_context.json 44.56Ki ± 0% 44.58Ki ± 0% ~ (p=0.515 n=10)
sqs-aws-header.json 18.60Ki ± 0% 18.62Ki ± 0% ~ (p=0.515 n=10)
sqs-batch.json 41.38Ki ± 0% 41.38Ki ± 0% ~ (p=0.927 n=10)
sqs.json 25.30Ki ± 0% 25.33Ki ± 0% ~ (p=0.404 n=10)
sqs_no_dd_context.json 20.40Ki ± 1% 20.48Ki ± 0% ~ (p=0.105 n=10)
geomean 25.45Ki 25.45Ki +0.00%
│ baseline/benchmark.log │ current/benchmark.log │
│ allocs/op │ allocs/op vs base │
api-gateway-appsec.json 628.0 ± 0% 628.0 ± 0% ~ (p=1.000 n=10)
api-gateway-kong-appsec.json 487.0 ± 0% 487.0 ± 0% ~ (p=1.000 n=10) ¹
api-gateway-kong.json 465.0 ± 0% 465.0 ± 0% ~ (p=1.000 n=10) ¹
api-gateway-non-proxy-async.json 724.0 ± 0% 724.0 ± 0% ~ (p=1.000 n=10)
api-gateway-non-proxy.json 715.0 ± 0% 715.0 ± 0% ~ (p=0.582 n=10)
api-gateway-websocket-connect.json 452.0 ± 0% 452.0 ± 0% ~ (p=1.000 n=10) ¹
api-gateway-websocket-default.json 378.0 ± 0% 378.0 ± 0% ~ (p=1.000 n=10) ¹
api-gateway-websocket-disconnect.json 368.0 ± 0% 368.0 ± 0% ~ (p=0.211 n=10)
api-gateway.json 789.0 ± 0% 789.0 ± 0% ~ (p=0.211 n=10)
application-load-balancer.json 352.0 ± 0% 351.0 ± 0% -0.28% (p=0.005 n=10)
cloudfront.json 283.0 ± 0% 282.0 ± 0% -0.35% (p=0.003 n=10)
cloudwatch-events.json 219.0 ± 0% 219.0 ± 0% ~ (p=1.000 n=10) ¹
cloudwatch-logs.json 214.0 ± 0% 214.0 ± 0% ~ (p=0.474 n=10)
custom.json 167.0 ± 0% 167.0 ± 0% ~ (p=1.000 n=10) ¹
dynamodb.json 588.0 ± 0% 587.0 ± 0% ~ (p=0.465 n=10)
empty.json 158.0 ± 0% 158.0 ± 0% ~ (p=1.000 n=10)
eventbridge-custom.json 252.5 ± 0% 252.5 ± 0% ~ (p=1.000 n=10)
http-api.json 431.0 ± 0% 431.0 ± 0% ~ (p=0.381 n=10)
kinesis-batch.json 389.0 ± 0% 389.0 ± 0% ~ (p=1.000 n=10)
kinesis.json 284.0 ± 0% 284.0 ± 0% ~ (p=0.087 n=10)
s3.json 356.0 ± 0% 356.0 ± 0% ~ (p=1.000 n=10)
sns-batch.json 453.0 ± 0% 453.0 ± 0% ~ (p=0.557 n=10)
sns.json 322.0 ± 0% 322.0 ± 1% 0.00% (p=0.033 n=10)
snssqs.json 423.0 ± 0% 423.0 ± 0% ~ (p=0.559 n=10)
snssqs_no_dd_context.json 397.0 ± 0% 398.0 ± 1% ~ (p=0.514 n=10)
sqs-aws-header.json 272.5 ± 1% 272.5 ± 0% ~ (p=0.984 n=10)
sqs-batch.json 502.0 ± 0% 502.0 ± 1% ~ (p=0.975 n=10)
sqs.json 349.5 ± 0% 350.0 ± 0% ~ (p=0.647 n=10)
sqs_no_dd_context.json 322.0 ± 1% 324.0 ± 0% ~ (p=0.108 n=10)
geomean 374.5 374.5 +0.01%
¹ all samples are equal
![github-actions[bot] avatar](https://avatars.githubusercontent.com/in/15368?v=4 "Published by a pub.dev verified publisher"){kind=small}
:steam_locomotive: MergeQueue
This merge request is not mergeable yet, because of pending checks/missing approvals. It will be added to the queue as soon as checks pass and/or get approvals.
Note: if you pushed new commits since the last approval, you may need additional approval.
You can remove it from the waiting list with /remove command.
Use /merge -c to cancel this operation!
:steam_locomotive: MergeQueue
Added to the queue.
There are 5 builds ahead of this PR! (estimated merge in less than 1h)
Use /merge -c to cancel this operation!