Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

tracer/option: Add envvar DD_CLIENT_HOSTNAME_ENABLED to config client hostname detection #1857

Merged
merged 7 commits into from
Apr 3, 2023
Merged

tracer/option: Add envvar DD_CLIENT_HOSTNAME_ENABLED to config client hostname detection #1857

merged 7 commits into from
Apr 3, 2023
+25 −7

Conversation

ajgajg1134
Copy link
Contributor

@ajgajg1134 ajgajg1134 commented Mar 31, 2023
edited
Loading

What does this PR do?

Adds env var "DD_CLIENT_HOSTNAME_ENABLED" which allows users to disable client hostname detection by setting this value to false (Note the value defaults to true)

Motivation

Some customers may need to disable this if they have aggressive security tooling that alerts on access to cloud metadata APIs.

Describe how to test/QA your changes

unit tests are good!

Reviewer's Checklist

  • Changed code has unit tests for its functionality.
  • If this interacts with the agent in a new way, a system test has been added.

Sorry, something went wrong.

@ajgajg1134
Add envvar DD_DISABLE_CLIENT_HOSTNAME to disable client hostname dete…

Verified

This commit was signed with the committer’s verified signature.
rarguelloF Rodrigo Argüello
SSH Key Fingerprint: Uw4yLxbLKJ+iRBd5hSL83+nkoJVYR8G4F6/Cl7CouHA
Verified
Learn about vigilant mode
66d932d 
…ction
@ajgajg1134
Dont constantly look up the env for each call

Verified

This commit was signed with the committer’s verified signature.
rarguelloF Rodrigo Argüello
SSH Key Fingerprint: Uw4yLxbLKJ+iRBd5hSL83+nkoJVYR8G4F6/Cl7CouHA
Verified
Learn about vigilant mode
d0e74d4
@ajgajg1134
Merge branch 'main' into andrew.glaude/AllowDisableClientHost

Verified

This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Verified
Learn about vigilant mode
d59c6ea
@pr-commenter
Copy link

pr-commenter bot commented Mar 31, 2023
edited
Loading

Benchmarks

Comparing candidate commit ea6420b in PR branch andrew.glaude/AllowDisableClientHost with baseline commit 78e9722 in branch main.

Found 0 performance improvements and 0 performance regressions! Performance is the same for 18 metrics, 0 unstable metrics.

@ajgajg1134 ajgajg1134 marked this pull request as ready for review March 31, 2023 19:20
@ajgajg1134 ajgajg1134 requested a review from a team as a code owner March 31, 2023 19:20
ahmed-mez
ahmed-mez reviewed Apr 3, 2023
View reviewed changes
Copy link
Contributor

@ahmed-mez ahmed-mez left a comment
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Any thoughts on using the option disableHostnameDetection that already exists here?
It's a bit confusing that the new env var DD_DISABLE_CLIENT_HOSTNAME doesn't directly control the boolean option disableHostnameDetection.
Most tracer config env vars are read in https://github.com/DataDog/dd-trace-go/blob/main/ddtrace/tracer/option.go and the config defaulting happens there, so by having the new env var read and applied there we keep the logic consolidated in one function newConfig which improves readability.
I understand that you might have added the env var check in hostname.Get() to cover the initial fill done in tracer.Start which was a nice catch but there are other options to handle it with the new suggestion

  • Move the initial fill to tracer/option.go, and only do it if config.disableHostnameDetection is false after defaulting.
  • The initial fill stays in tracer.Start but done via _ = t.hostname() instead of hostname.Get() to make sure config.disableHostnameDetection is checked.

Apart from that, I wanted to re-suggest a comment from the original PR about using enableHostnameDetection instead of disableHostnameDetection (also applies to the env var name) #1712 (comment) as I do believe it'd improve readability + less error prone, we'd get rid of double negatives like

dd-trace-go/ddtrace/tracer/tracer.go

Line 630 in 3ccf65d

if !t.config.disableHostnameDetection {
which actually caused of a bug that was caught in that same suggestion in the original PR.

@ajgajg1134
PR Comments, flip name for consistency do all config together

Verified

This commit was signed with the committer’s verified signature.
rarguelloF Rodrigo Argüello
SSH Key Fingerprint: Uw4yLxbLKJ+iRBd5hSL83+nkoJVYR8G4F6/Cl7CouHA
Verified
Learn about vigilant mode
a9eed59
@ajgajg1134 ajgajg1134 requested a review from a team April 3, 2023 13:26
@ajgajg1134 ajgajg1134 changed the title Add envvar DD_DISABLE_CLIENT_HOSTNAME to disable client hostname detection Add envvar DD_ENABLE_CLIENT_HOSTNAME to config client hostname detection Apr 3, 2023
@ajgajg1134 ajgajg1134 requested a review from ahmed-mez April 3, 2023 13:29
@ajgajg1134
Merge branch 'main' into andrew.glaude/AllowDisableClientHost

Verified

This commit was signed with the committer’s verified signature.
rarguelloF Rodrigo Argüello
SSH Key Fingerprint: Uw4yLxbLKJ+iRBd5hSL83+nkoJVYR8G4F6/Cl7CouHA
Verified
Learn about vigilant mode
182f092
ahmed-mez
ahmed-mez reviewed Apr 3, 2023
View reviewed changes
Copy link
Contributor

@ahmed-mez ahmed-mez left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Looks great, thanks! One final suggestion to add unit test. LGMT otherwise!

@ajgajg1134
Add unit tests for new options

Verified

This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Verified
Learn about vigilant mode
03315bf
@ajgajg1134 ajgajg1134 requested a review from ahmed-mez April 3, 2023 14:31
ahmed-mez
ahmed-mez previously approved these changes Apr 3, 2023
View reviewed changes
Copy link
Contributor

@ahmed-mez ahmed-mez left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

:shipit: 💯

@ajgajg1134
Update env name to better match other bool envs

Verified

This commit was signed with the committer’s verified signature.
rarguelloF Rodrigo Argüello
SSH Key Fingerprint: Uw4yLxbLKJ+iRBd5hSL83+nkoJVYR8G4F6/Cl7CouHA
Verified
Learn about vigilant mode
ea6420b
@ajgajg1134 ajgajg1134 changed the title Add envvar DD_ENABLE_CLIENT_HOSTNAME to config client hostname detection Add envvar DD_CLIENT_HOSTNAME_ENABLED to config client hostname detection Apr 3, 2023
@ajgajg1134 ajgajg1134 requested a review from ahmed-mez April 3, 2023 14:51
@ajgajg1134 ajgajg1134 changed the title Add envvar DD_CLIENT_HOSTNAME_ENABLED to config client hostname detection tracer/option: Add envvar DD_CLIENT_HOSTNAME_ENABLED to config client hostname detection Apr 3, 2023
@ajgajg1134 ajgajg1134 merged commit 4ab8cb8 into main Apr 3, 2023
@ajgajg1134 ajgajg1134 deleted the andrew.glaude/AllowDisableClientHost branch April 3, 2023 17:05
@ajgajg1134 ajgajg1134 mentioned this pull request Apr 3, 2023
Merged
2 tasks
eliottness pushed a commit that referenced this pull request Apr 5, 2023
@ajgajg1134 @eliottness
tracer/option: Add envvar DD_CLIENT_HOSTNAME_ENABLED to config client…

Verified

This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Verified
Learn about vigilant mode
d0970b2 
… hostname detection (#1857)

This allows users with aggressive security tools that alert on usage of cloud metadata APIs to disable this feature
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@ahmed-mez ahmed-mez

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
2 participants
@ajgajg1134 @ahmed-mez