DataDog
[Bug]: Warning logs on environment read in latest version
Kong Version
3.6.1
Plugin Version
0.2.0-1
On which environment your Kong instance is running?
ECS
Plugin Configuration
_format_version: "3.0"
_info:
defaults: {}
select_tags:
- ddtrace
plugins:
- name: ddtrace
tags:
- ddtrace
config:
service_name: my-api-gateway
environment: production
static_tags:
- name: app
value: my-api-gateway
What happened?
Within this latest version, I'm getting several warning logs from the plugin about errors on reading the env configs from a vault:
2024/04/16 16:33:48 [warn] 1363#0: *2487 [kong] vault.lua:1255 could not retrieve value for reference {vault://env/DD_TRACE_PROPAGATION_STYLE_EXTRACT} (could not get value from external vault (no value found)), context: ngx.timer
I don't even have a vault configured within this Kong.
This is not impacting the availability of the Kong Gateway, but it's a very verbose log that's being triggered all the time.
Hey!
These warnings occur during the initialization phase or when a new configuration is received. The plugin attempts to resolve Datadog environment variable (DD_SERVICE, DD_ENV, etc).
The warning is generated by kong.vault. Unfortunately, there isn't much I can do about it, aside from possibly using os.getenv. However, I'd prefer kong vault caching mechanism instead of making N syscalls per environment variable to resolve.
I apologize for not having a more satisfactory solution for you. I'll continue to brainstorm and see if I can come up with a better approach.
@dmehala no problem.
Adding one more thing:
This plugin searches the values under the env prefix. based on the kong docs, it retrieves the values from the environment variables on the container, but it can be also set through the Vault API, but the API does not accept the env prefix, despite the docs using the envprefix.
So, if someone tries to set these variables in a new prefix(as I was trying to get rid of the warnings), this plugin does not support a custom path for it, so it won't work.
could the plugin be made to not be configurable by env var and defer that to the user to use env vars in their config / deck yaml file?
I dont know of any other plugin that makes direct calls to get_env(), it seems like this possibly isn't intended to be used by external code?
These warnings occur during the initialization phase or when a new configuration is received
Thanks for pointing to this. Just to add, its then every 1min after that as I believe kong is doing it own secret rotation
Should values set in the config file not take highest precedence? Currently the vault takes highest precedence, so will always log warnings for values supplied in config files: https://github.com/DataDog/kong-plugin-ddtrace/blob/6366ae919be7e356252df44d2d0164f9d1935882/kong/plugins/ddtrace/handler.lua#L202 Any reason why it's not:
local agent_host = conf.agent_host or get_env("DD_AGENT_HOST") or "localhost"
Edit - I re-read the docs and see that it's specified that environment variables take precedence.
I'd really appreciate reconsideration around how this is currently working. These logs are not ideal and forces those who don't want the noisy and misleading logs to set env vars, even if their preference is to use config values and/or defaults.
