-
Notifications
You must be signed in to change notification settings - Fork 443
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
appsec: Service Extension callout #2965
Conversation
a87535b
to
0044a8f
Compare
6c165d2
to
0607577
Compare
BenchmarksBenchmark execution time: 2024-12-23 14:29:20 Comparing candidate commit 1613818 in PR branch Found 0 performance improvements and 0 performance regressions! Performance is the same for 59 metrics, 0 unstable metrics. |
0607577
to
867a55b
Compare
34f396f
to
7d3e562
Compare
2eeb6b1
to
402f7d0
Compare
7d3e562
to
ca1de07
Compare
0614501
to
2b06ea5
Compare
1f2b791
to
9630788
Compare
0929de5
to
e3bb1e5
Compare
c7063d8
to
b0844b8
Compare
42d9365
to
673ec27
Compare
contrib/envoyproxy/go-control-plane/cmd/serviceextensions/main.go
Outdated
Show resolved
Hide resolved
contrib/envoyproxy/go-control-plane/cmd/serviceextensions/main.go
Outdated
Show resolved
Hide resolved
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Thanks for the changes, just a few extra comments.
Also please remember to run go mod tidy
in the project root and commit the changes 🙏
contrib/envoyproxy/go-control-plane/cmd/serviceextensions/main.go
Outdated
Show resolved
Hide resolved
contrib/envoyproxy/go-control-plane/cmd/serviceextensions/main.go
Outdated
Show resolved
Hide resolved
contrib/envoyproxy/go-control-plane/cmd/serviceextensions/main.go
Outdated
Show resolved
Hide resolved
}) | ||
|
||
if err := g.Wait(); err != nil { | ||
log.Error("service_extension: %v\n", err) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
You might want to os.Exit(1)
in this case to signal the process exit with an error.
However if you do this, please note any defer
you might have won't run. If you want to use os.Exit
and defer
, the best approach would be to move the logic from lines 81-95 to a separate function func startService(cfg serviceExtensionConfig) error
, and have these defer
's in there.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Thanks for the comment, I applied the changes in e3cc085 😄
(I also added a Flush to the logs before exiting.)
265488f
to
b02036e
Compare
Add Readme fix rebase update to register the service
ddtrace/tracer: initialize runtimeMetricsV2 with statsd "direct" client (#3006) Co-authored-by: Felix Geisendörfer <[email protected]> Co-authored-by: Nayef Ghattas <[email protected]> fix(.github/workflows): add tags-ignore to avoid running CI on pushing tags for contribs and other nested modules (#3005) Co-authored-by: Hannah Kim <[email protected]> contrib/envoyproxy: envoy external processing support (#2895) This PR adds a new gRPC Interceptor (StreamServerInterceptor) to support the interception of ext_proc v3 calls to gRPC server. When the interceptor is applied, all messages of the external processing protocol are instrumented without returning an handle to the original server code Co-authored-by: Eliott Bouhana <[email protected]> Co-authored-by: Flavien Darche <[email protected]> add go mod to workflows/apps (#3036) go.mod: module go.opentelemetry.io/collector/pdata@latest found (v1.21.0), but does not contain package go.opentelemetry.io/collector/pdata/internal/data/protogen/profiles/v1experimental (#3042) Signed-off-by: Eliott Bouhana <[email protected]> chore: update latest majors (#2993)
Applied comments appsec: stop storing span tags, directly call span.SetTag (#3044) Signed-off-by: Eliott Bouhana <[email protected]> ddtrace/tracer: Tracing as transport-only mode (APPSEC_STANDALONE) (#3033) Signed-off-by: Eliott Bouhana <[email protected]> fix: improving test logic for TestStreamSendsErrorCode to avoid flakiness (#3049) vuln: upgrade golang.org/x/{crypto,net} to non-vulnerable versions (#3050) contrib/miekg/dns: resolve flaky test in TestExchange* (#3045) ddtrace/tracer: report datadog.tracer.api.errors health metric (#3024) build(deps): bump google.golang.org/grpc from 1.64.0 to 1.64.1 (#3001) Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Rodrigo Argüello <[email protected]> ddtrace/tracer: Report datadog.tracer.queue.enqueued.traces as health metric (#3019) ddtrace/tracer: Tracing as transport-only mode (APPSEC_STANDALONE) (#3033) Signed-off-by: Eliott Bouhana <[email protected]> fix: improving test logic for TestStreamSendsErrorCode to avoid flakiness (#3049) vuln: upgrade golang.org/x/{crypto,net} to non-vulnerable versions (#3050) contrib/miekg/dns: resolve flaky test in TestExchange* (#3045) ddtrace/tracer: report datadog.tracer.api.errors health metric (#3024) build(deps): bump google.golang.org/grpc from 1.64.0 to 1.64.1 (#3001) Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Rodrigo Argüello <[email protected]> ddtrace/tracer: Report datadog.tracer.queue.enqueued.traces as health metric (#3019)
2fe8c9d
to
1613818
Compare
Motivation
This is the part 2 PR to support Envoy's External Processing. This part is creating a package to be used for the GCP Services Extensions product.
You can find all related document for this implementation in Confluence ASM - GCP Services Extensions.
You can find the part 1 of this PR.
What does this PR do?
This PR creates a new binary project that implements a gRPC server using the Envoy External Processor protocol of Envoy and an HTTP server for the health check. The gRPC server use the gRPC Interceptor (
StreamServerInterceptor
) implemented from the part 1.Release
The PR includes a new GitHub action to publish new docker images to the repo at each new release.
These images are push under the name
ghcr.io/datadog/dd-trace-go/service-extensions-callout
and exists with the following tags:v1.69.1
)You can find the package released in the GitHub repo registry.
Tests
System tests
System tests have been implemented on this PR. A new
external-processing
scenario with the docker image given to customers and envoy infrastructure has been added in thegolang
stage.APM and ASM test has been imported to be sure that all spans and tags are correctly set to validate the integrity of the created traces.
Macro Benchmarks
Benchmarks of the the whole extension is available on this benchmarking platform branch.
More information with dashboard can be found here.
Reviewer's Checklist
Unsure? Have a question? Request a review!