datadog 2.16.0 → 2.18.0

data/lib/datadog/appsec/security_engine/engine.rb

@@ -0,0 +1,194 @@
+# frozen_string_literal: true
+
+module Datadog
+  module AppSec
+    module SecurityEngine
+      # SecurityEngine::Engine creates WAF builder and manages its configuration.
+      # It also rebuilds WAF handle from the WAF builder when configuration changes.
+      class Engine
+        DEFAULT_RULES_CONFIG_PATH = 'ASM_DD/default'
+        TELEMETRY_ACTIONS = %w[init update].freeze
+        DIAGNOSTICS_CONFIG_KEYS = %w[
+          rules
+          custom_rules
+          exclusions
+          actions
+          processors
+          scanners
+          rules_override
+          rules_data
+          exclusion_data
+        ].freeze
+
+        attr_reader :waf_addresses, :ruleset_version
+
+        def initialize(appsec_settings:, telemetry:)
+          @default_ruleset = appsec_settings.ruleset
+
+          # NOTE: replace appsec_settings argument with default_ruleset when removing these deprecated settings
+          @default_ip_denylist = appsec_settings.ip_denylist
+          @default_user_id_denylist = appsec_settings.user_id_denylist
+          @default_ip_passlist = appsec_settings.ip_passlist
+
+          @waf_builder = WAF::HandleBuilder.new(
+            obfuscator: {
+              key_regex: appsec_settings.obfuscator_key_regex,
+              value_regex: appsec_settings.obfuscator_value_regex
+            }
+          )
+
+          diagnostics = load_default_config(telemetry: telemetry)
+          report_configuration_diagnostics(diagnostics, action: 'init', telemetry: telemetry)
+
+          @waf_handle = @waf_builder.build_handle
+          @waf_addresses = @waf_handle.known_addresses
+        rescue WAF::Error => e
+          error_message = "AppSec security engine failed to initialize"
+
+          Datadog.logger.error("#{error_message}, error #{e.inspect}")
+          telemetry.report(e, description: error_message)
+
+          raise e
+        end
+
+        def finalize!
+          @waf_handle&.finalize!
+          @waf_builder&.finalize!
+
+          @waf_addresses = []
+          @ruleset_version = nil
+        end
+
+        def new_runner
+          SecurityEngine::Runner.new(@waf_handle.build_context)
+        end
+
+        def add_or_update_config(config, path:)
+          @is_ruleset_update = path.include?('ASM_DD')
+
+          # default config has to be removed when adding an ASM_DD config
+          remove_config_at_path(DEFAULT_RULES_CONFIG_PATH) if @is_ruleset_update
+
+          diagnostics = @waf_builder.add_or_update_config(config, path: path)
+          @ruleset_version = diagnostics['ruleset_version'] if diagnostics.key?('ruleset_version')
+          report_configuration_diagnostics(diagnostics, action: 'update', telemetry: AppSec.telemetry)
+
+          # we need to load default config if diagnostics contains top-level error for rules or processors
+          if @is_ruleset_update &&
+              (diagnostics.key?('error') ||
+              diagnostics.dig('rules', 'error') ||
+              diagnostics.dig('processors', 'errors'))
+            diagnostics = load_default_config(telemetry: AppSec.telemetry)
+            report_configuration_diagnostics(diagnostics, action: 'update', telemetry: AppSec.telemetry)
+          end
+
+          diagnostics
+        rescue WAF::Error => e
+          error_message = "libddwaf builder failed to add or update config at path: #{path}"
+
+          Datadog.logger.debug("#{error_message}, error: #{e.inspect}")
+          AppSec.telemetry.report(e, description: error_message)
+        end
+
+        def remove_config_at_path(path)
+          result = @waf_builder.remove_config_at_path(path)
+
+          if result && path != DEFAULT_RULES_CONFIG_PATH && path.include?('ASM_DD')
+            diagnostics = load_default_config(telemetry: AppSec.telemetry)
+            report_configuration_diagnostics(diagnostics, action: 'update', telemetry: AppSec.telemetry)
+          end
+
+          result
+        rescue WAF::Error => e
+          error_message = "libddwaf handle builder failed to remove config at path: #{path}"
+
+          Datadog.logger.error("#{error_message}, error: #{e.inspect}")
+          AppSec.telemetry.report(e, description: error_message)
+        end
+
+        def reconfigure!
+          old_waf_handle = @waf_handle
+
+          @waf_handle = @waf_builder.build_handle
+          @waf_addresses = @waf_handle.known_addresses
+
+          old_waf_handle&.finalize!
+        rescue WAF::Error => e
+          error_message = "AppSec security engine failed to reconfigure"
+
+          Datadog.logger.error("#{error_message}, error #{e.inspect}")
+          AppSec.telemetry.report(e, description: error_message)
+
+          if old_waf_handle
+            Datadog.logger.warn("Reverting to the previous configuration")
+
+            @waf_handle = old_waf_handle
+            @waf_addresses = old_waf_handle.known_addresses
+          end
+        end
+
+        private
+
+        def load_default_config(telemetry:)
+          config = AppSec::Processor::RuleLoader.load_rules(telemetry: telemetry, ruleset: @default_ruleset)
+
+          # deprecated - ip and user id denylists should be configured via RC
+          config['rules_data'] ||= AppSec::Processor::RuleLoader.load_data(
+            ip_denylist: @default_ip_denylist,
+            user_id_denylist: @default_user_id_denylist
+          )
+
+          # deprecated - ip passlist should be configured via RC
+          config['exclusions'] ||= AppSec::Processor::RuleLoader.load_exclusions(ip_passlist: @default_ip_passlist)
+
+          diagnostics = @waf_builder.add_or_update_config(config, path: DEFAULT_RULES_CONFIG_PATH)
+          @ruleset_version = diagnostics['ruleset_version']
+
+          diagnostics
+        end
+
+        def report_configuration_diagnostics(diagnostics, action:, telemetry:)
+          raise ArgumentError, 'action must be one of TELEMETRY_ACTIONS' unless TELEMETRY_ACTIONS.include?(action)
+
+          common_tags = {
+            waf_version: Datadog::AppSec::WAF::VERSION::BASE_STRING,
+            event_rules_version: diagnostics.fetch('ruleset_version', @ruleset_version).to_s,
+            action: action
+          }
+
+          if diagnostics['error']
+            telemetry.inc(
+              Ext::TELEMETRY_METRICS_NAMESPACE, 'waf.config_errors', 1,
+              tags: common_tags.merge(scope: 'top-level')
+            )
+
+            telemetry.error(diagnostics['error'])
+          end
+
+          diagnostics.each do |config_key, config_diagnostics|
+            next unless DIAGNOSTICS_CONFIG_KEYS.include?(config_key)
+            next if !config_diagnostics.key?('error') && config_diagnostics.fetch('errors', []).empty?
+
+            if config_diagnostics['error']
+              telemetry.error(config_diagnostics['error'])
+
+              telemetry.inc(
+                Ext::TELEMETRY_METRICS_NAMESPACE, 'waf.config_errors', 1,
+                tags: common_tags.merge(config_key: config_key, scope: 'top-level')
+              )
+            elsif config_diagnostics['errors']
+              config_diagnostics['errors'].each do |error, config_ids|
+                telemetry.error("#{error}: [#{config_ids.join(",")}]")
+              end
+
+              telemetry.inc(
+                Ext::TELEMETRY_METRICS_NAMESPACE, 'waf.config_errors', config_diagnostics['errors'].count,
+                tags: common_tags.merge(config_key: config_key, scope: 'item')
+              )
+            end
+          end
+        end
+      end
+    end
+  end
+end

data/lib/datadog/appsec/security_engine/runner.rb

@@ -9,10 +9,9 @@ module Datadog
       class Runner
         SUCCESSFUL_EXECUTION_CODES = [:ok, :match].freeze
 
-        def initialize(handle, telemetry:)
+        def initialize(waf_context)
           @mutex = Mutex.new
-          @context = WAF::Context.new(handle)
-          @telemetry = telemetry
+          @waf_context = waf_context
 
           @debug_tag = "libddwaf:#{WAF::VERSION::STRING} method:ddwaf_run"
         end
@@ -33,7 +32,7 @@ module Datadog
             v.nil? || v.empty?
           end
 
-          _code, result = try_run(persistent_data, ephemeral_data, timeout)
+          result = try_run(persistent_data, ephemeral_data, timeout)
           stop_ns = Core::Utils::Time.get_time(:nanosecond)
 
           report_execution(result)
@@ -55,19 +54,19 @@ module Datadog
           @mutex.unlock
         end
 
-        def finalize
-          @context.finalize
+        def finalize!
+          @waf_context.finalize!
         end
 
         private
 
         def try_run(persistent_data, ephemeral_data, timeout)
-          @context.run(persistent_data, ephemeral_data, timeout)
-        rescue WAF::LibDDWAF::Error => e
+          @waf_context.run(persistent_data, ephemeral_data, timeout)
+        rescue WAF::LibDDWAFError => e
           Datadog.logger.debug { "#{@debug_tag} execution error: #{e} backtrace: #{e.backtrace&.first(3)}" }
-          @telemetry.report(e, description: 'libddwaf-rb internal low-level error')
+          AppSec.telemetry.report(e, description: 'libddwaf-rb internal low-level error')
 
-          [:err_internal, WAF::Result.new(:err_internal, [], 0, false, [], [])]
+          WAF::Result.new(:err_internal, [], 0, false, [], [])
         end
 
         def report_execution(result)
@@ -79,7 +78,7 @@ module Datadog
             message = "#{@debug_tag} execution error: #{result.status.inspect}"
 
             Datadog.logger.debug { message }
-            @telemetry.error(message)
+            AppSec.telemetry.error(message)
           end
         end
       end

data/lib/datadog/appsec.rb

@@ -26,15 +26,12 @@ module Datadog
         components.appsec&.telemetry
       end
 
-      def processor
-        components.appsec&.processor
+      def security_engine
+        components.appsec&.security_engine
       end
 
-      def reconfigure(ruleset:, telemetry:)
-        appsec_component = components.appsec
-        return unless appsec_component
-
-        appsec_component.reconfigure(ruleset: ruleset, telemetry: telemetry)
+      def reconfigure!
+        components.appsec&.reconfigure!
       end
 
       def reconfigure_lock(&block)

data/lib/datadog/core/buffer/random.rb

@@ -40,7 +40,23 @@ module Datadog
           add_all!(underflow) unless underflow.nil?
 
           # Iteratively replace items, to ensure pseudo-random replacement.
-          overflow.each { |item| replace!(item) } unless overflow.nil?
+          overflow&.each { |item| replace!(item) }
+        end
+
+        def unshift(*items)
+          # TODO The existing concat implementation does not always append
+          # to the end of the buffer - if the buffer is full, a random
+          # item is deleted and the new item is added in the position of
+          # removed item.
+          # Therefore, if we want to preserve the item order, concat
+          # would also need to be changed to maintain order.
+          # With the existing implementation, the idea is to not move
+          # existing items around, which is what sets unshift apart from
+          # concat to begin with.
+          #
+          # Since this method currently delegates to +concat+, it does not
+          # have a matching definition in the thread-safe worker.
+          concat(items)
         end
 
         # Stored items are returned and the local buffer is reset.
@@ -78,7 +94,7 @@ module Datadog
           underflow = nil
           overflow = nil
 
-          overflow_size = @max_size > 0 ? (@items.length + items.length) - @max_size : 0
+          overflow_size = (@max_size > 0) ? (@items.length + items.length) - @max_size : 0
 
           if overflow_size > 0
             # Items will overflow

data/lib/datadog/core/configuration/agent_settings.rb

@@ -0,0 +1,52 @@
+# frozen_string_literal: true
+
+require_relative 'ext'
+
+module Datadog
+  module Core
+    module Configuration
+      # Immutable container for the resulting settings
+      class AgentSettings
+        # IPv6 regular expression from
+        # https://stackoverflow.com/questions/53497/regular-expression-that-matches-valid-ipv6-addresses
+        # Does not match IPv4 addresses.
+        IPV6_REGEXP = /\A(([0-9a-fA-F]{1,4}:){7,7}[0-9a-fA-F]{1,4}|([0-9a-fA-F]{1,4}:){1,7}:|([0-9a-fA-F]{1,4}:){1,6}:[0-9a-fA-F]{1,4}|([0-9a-fA-F]{1,4}:){1,5}(:[0-9a-fA-F]{1,4}){1,2}|([0-9a-fA-F]{1,4}:){1,4}(:[0-9a-fA-F]{1,4}){1,3}|([0-9a-fA-F]{1,4}:){1,3}(:[0-9a-fA-F]{1,4}){1,4}|([0-9a-fA-F]{1,4}:){1,2}(:[0-9a-fA-F]{1,4}){1,5}|[0-9a-fA-F]{1,4}:((:[0-9a-fA-F]{1,4}){1,6})|:((:[0-9a-fA-F]{1,4}){1,7}|:)|fe80:(:[0-9a-fA-F]{0,4}){0,4}%[0-9a-zA-Z]{1,}|::(ffff(:0{1,4}){0,1}:){0,1}((25[0-5]|(2[0-4]|1{0,1}[0-9]){0,1}[0-9])\.){3,3}(25[0-5]|(2[0-4]|1{0,1}[0-9]){0,1}[0-9])|([0-9a-fA-F]{1,4}:){1,4}:((25[0-5]|(2[0-4]|1{0,1}[0-9]){0,1}[0-9])\.){3,3}(25[0-5]|(2[0-4]|1{0,1}[0-9]){0,1}[0-9])\z)/.freeze # rubocop:disable Layout/LineLength
+
+        attr_reader :adapter, :ssl, :hostname, :port, :uds_path, :timeout_seconds
+
+        def initialize(adapter: nil, ssl: nil, hostname: nil, port: nil, uds_path: nil, timeout_seconds: nil)
+          @adapter = adapter
+          @ssl = ssl
+          @hostname = hostname
+          @port = port
+          @uds_path = uds_path
+          @timeout_seconds = timeout_seconds
+          freeze
+        end
+
+        def url
+          case adapter
+          when Datadog::Core::Configuration::Ext::Agent::HTTP::ADAPTER
+            hostname = self.hostname
+            hostname = "[#{hostname}]" if IPV6_REGEXP.match?(hostname)
+            "#{ssl ? "https" : "http"}://#{hostname}:#{port}/"
+          when Datadog::Core::Configuration::Ext::Agent::UnixSocket::ADAPTER
+            "unix://#{uds_path}"
+          else
+            raise ArgumentError, "Unexpected adapter: #{adapter}"
+          end
+        end
+
+        def ==(other)
+          self.class == other.class &&
+            adapter == other.adapter &&
+            ssl == other.ssl &&
+            hostname == other.hostname &&
+            port == other.port &&
+            uds_path == other.uds_path &&
+            timeout_seconds == other.timeout_seconds
+        end
+      end
+    end
+  end
+end

data/lib/datadog/core/configuration/agent_settings_resolver.rb

@@ -4,6 +4,7 @@ require 'uri'
 
 require_relative 'settings'
 require_relative 'ext'
+require_relative 'agent_settings'
 require_relative '../transport/ext'
 
 module Datadog
@@ -19,49 +20,6 @@ module Datadog
       # Whenever there is a conflict (different configurations are provided in different orders), it MUST warn the users
       # about it and pick a value based on the following priority: code > environment variable > defaults.
       class AgentSettingsResolver
-        # Immutable container for the resulting settings
-        class AgentSettings
-          attr_reader :adapter, :ssl, :hostname, :port, :uds_path, :timeout_seconds
-
-          def initialize(adapter: nil, ssl: nil, hostname: nil, port: nil, uds_path: nil, timeout_seconds: nil)
-            @adapter = adapter
-            @ssl = ssl
-            @hostname = hostname
-            @port = port
-            @uds_path = uds_path
-            @timeout_seconds = timeout_seconds
-            freeze
-          end
-
-          def url
-            case adapter
-            when Datadog::Core::Configuration::Ext::Agent::HTTP::ADAPTER
-              hostname = self.hostname
-              hostname = "[#{hostname}]" if hostname =~ IPV6_REGEXP
-              "#{ssl ? 'https' : 'http'}://#{hostname}:#{port}/"
-            when Datadog::Core::Configuration::Ext::Agent::UnixSocket::ADAPTER
-              "unix://#{uds_path}"
-            else
-              raise ArgumentError, "Unexpected adapter: #{adapter}"
-            end
-          end
-
-          def ==(other)
-            self.class == other.class &&
-              adapter == other.adapter &&
-              ssl == other.ssl &&
-              hostname == other.hostname &&
-              port == other.port &&
-              uds_path == other.uds_path &&
-              timeout_seconds == other.timeout_seconds
-          end
-        end
-
-        # IPv6 regular expression from
-        # https://stackoverflow.com/questions/53497/regular-expression-that-matches-valid-ipv6-addresses
-        # Does not match IPv4 addresses.
-        IPV6_REGEXP = /\A(([0-9a-fA-F]{1,4}:){7,7}[0-9a-fA-F]{1,4}|([0-9a-fA-F]{1,4}:){1,7}:|([0-9a-fA-F]{1,4}:){1,6}:[0-9a-fA-F]{1,4}|([0-9a-fA-F]{1,4}:){1,5}(:[0-9a-fA-F]{1,4}){1,2}|([0-9a-fA-F]{1,4}:){1,4}(:[0-9a-fA-F]{1,4}){1,3}|([0-9a-fA-F]{1,4}:){1,3}(:[0-9a-fA-F]{1,4}){1,4}|([0-9a-fA-F]{1,4}:){1,2}(:[0-9a-fA-F]{1,4}){1,5}|[0-9a-fA-F]{1,4}:((:[0-9a-fA-F]{1,4}){1,6})|:((:[0-9a-fA-F]{1,4}){1,7}|:)|fe80:(:[0-9a-fA-F]{0,4}){0,4}%[0-9a-zA-Z]{1,}|::(ffff(:0{1,4}){0,1}:){0,1}((25[0-5]|(2[0-4]|1{0,1}[0-9]){0,1}[0-9])\.){3,3}(25[0-5]|(2[0-4]|1{0,1}[0-9]){0,1}[0-9])|([0-9a-fA-F]{1,4}:){1,4}:((25[0-5]|(2[0-4]|1{0,1}[0-9]){0,1}[0-9])\.){3,3}(25[0-5]|(2[0-4]|1{0,1}[0-9]){0,1}[0-9])\z)/.freeze # rubocop:disable Layout/LineLength
-
         def self.call(settings, logger: Datadog.logger)
           new(settings, logger: logger).send(:call)
         end
@@ -158,7 +116,7 @@ module Datadog
               value: settings.agent.timeout_seconds,
             ),
             try_parsing_as_integer(
-              friendly_name: "#{Datadog::Core::Configuration::Ext::Agent::ENV_DEFAULT_TIMEOUT_SECONDS} "\
+              friendly_name: "#{Datadog::Core::Configuration::Ext::Agent::ENV_DEFAULT_TIMEOUT_SECONDS} " \
                 'environment variable',
               value: ENV[Datadog::Core::Configuration::Ext::Agent::ENV_DEFAULT_TIMEOUT_SECONDS],
             )
@@ -338,13 +296,13 @@ module Datadog
           log_warning(
             'Configuration mismatch: values differ between ' \
             "#{detected_configurations_in_priority_order
-              .map { |config| "#{config.friendly_name} (#{config.value.inspect})" }.join(' and ')}" \
+              .map { |config| "#{config.friendly_name} (#{config.value.inspect})" }.join(" and ")}" \
             ". Using #{detected_configurations_in_priority_order.first.value.inspect} and ignoring other configuration."
           )
         end
 
         def log_warning(message)
-          logger.warn(message) if logger
+          logger&.warn(message)
         end
 
         def http_scheme?(uri)

data/lib/datadog/core/configuration/components.rb

@@ -1,6 +1,7 @@
 # frozen_string_literal: true
 
 require_relative 'agent_settings_resolver'
+require_relative 'components_state'
 require_relative 'ext'
 require_relative '../diagnostics/environment_logger'
 require_relative '../diagnostics/health'
@@ -8,7 +9,6 @@ require_relative '../logger'
 require_relative '../runtime/metrics'
 require_relative '../telemetry/component'
 require_relative '../workers/runtime_metrics'
-
 require_relative '../remote/component'
 require_relative '../../tracing/component'
 require_relative '../../profiling/component'
@@ -16,7 +16,6 @@ require_relative '../../appsec/component'
 require_relative '../../di/component'
 require_relative '../../error_tracking/component'
 require_relative '../crashtracking/component'
-
 require_relative '../environment/agent_info'
 require_relative '../process_discovery'
 
@@ -30,7 +29,7 @@ module Datadog
 
           def build_health_metrics(settings, logger, telemetry)
             settings = settings.health_metrics
-            options = { enabled: settings.enabled }
+            options = {enabled: settings.enabled}
             options[:statsd] = settings.statsd unless settings.statsd.nil?
 
             Core::Diagnostics::Health::Metrics.new(telemetry: telemetry, logger: logger, **options)
@@ -44,7 +43,7 @@ module Datadog
           end
 
           def build_runtime_metrics(settings, logger, telemetry)
-            options = { enabled: settings.runtime_metrics.enabled }
+            options = {enabled: settings.runtime_metrics.enabled}
             options[:statsd] = settings.runtime_metrics.statsd unless settings.runtime_metrics.statsd.nil?
             options[:services] = [settings.service] unless settings.service.nil?
             options[:experimental_runtime_id_enabled] = settings.runtime_metrics.experimental_runtime_id_enabled
@@ -127,14 +126,15 @@ module Datadog
           @dynamic_instrumentation = Datadog::DI::Component.build(settings, agent_settings, @logger, telemetry: telemetry)
           @error_tracking = Datadog::ErrorTracking::Component.build(settings, @tracer, @logger)
           @environment_logger_extra[:dynamic_instrumentation_enabled] = !!@dynamic_instrumentation
-          # TODO: Re-enable this once we have updated libdatadog to 17.1
-          # @process_discovery_fd = Core::ProcessDiscovery.get_and_store_metadata(settings, @logger)
+          @process_discovery_fd = Core::ProcessDiscovery.get_and_store_metadata(settings, @logger)
 
           self.class.configure_tracing(settings)
         end
 
         # Starts up components
         def startup!(settings, old_state: nil)
+          telemetry.start(old_state&.telemetry_enabled?)
+
           if settings.profiling.enabled
             if profiler
               profiler.start
@@ -145,7 +145,7 @@ module Datadog
             end
           end
 
-          if settings.remote.enabled && old_state&.[](:remote_started)
+          if settings.remote.enabled && old_state&.remote_started?
             # The library was reconfigured and previously it already started
             # the remote component (i.e., it received at least one request
             # through the installed Rack middleware which started the remote).
@@ -163,20 +163,20 @@ module Datadog
         # and avoid tearing down parts still in use.
         def shutdown!(replacement = nil)
           # Shutdown remote configuration
-          remote.shutdown! if remote
+          remote&.shutdown!
 
           # Shutdown DI after remote, since remote config triggers DI operations.
           dynamic_instrumentation&.shutdown!
 
           # Decommission AppSec
-          appsec.shutdown! if appsec
+          appsec&.shutdown!
 
           # Shutdown the old tracer, unless it's still being used.
           # (e.g. a custom tracer instance passed in.)
-          tracer.shutdown! unless replacement && tracer == replacement.tracer
+          tracer.shutdown! unless replacement && tracer.equal?(replacement.tracer)
 
           # Shutdown old profiler
-          profiler.shutdown! unless profiler.nil?
+          profiler&.shutdown!
 
           # Shutdown workers
           runtime_metrics.stop(true, close_metrics: false)
@@ -194,24 +194,31 @@ module Datadog
             health_metrics.statsd
           ].compact.uniq
 
-          new_statsd =  if replacement
-                          [
-                            replacement.runtime_metrics.metrics.statsd,
-                            replacement.health_metrics.statsd
-                          ].compact.uniq
-                        else
-                          []
-                        end
+          new_statsd = if replacement
+            [
+              replacement.runtime_metrics.metrics.statsd,
+              replacement.health_metrics.statsd
+            ].compact.uniq
+          else
+            []
+          end
 
           unused_statsd = (old_statsd - (old_statsd & new_statsd))
           unused_statsd.each(&:close)
 
-          # enqueue closing event before stopping telemetry so it will be send out on shutdown
-          telemetry.emit_closing! unless replacement
-          telemetry.stop!
+          # enqueue closing event before stopping telemetry so it will be sent out on shutdown
+          telemetry.emit_closing! unless replacement&.telemetry&.enabled
+          telemetry.shutdown!
 
-          # TODO: Re-enable this once we have updated libdatadog to 17.1
-          # Core::ProcessDiscovery._native_close_tracer_memfd(@process_discovery_fd, @logger) if @process_discovery_fd
+          @process_discovery_fd&.shutdown!
+        end
+
+        # Returns the current state of various components.
+        def state
+          ComponentsState.new(
+            telemetry_enabled: telemetry.enabled,
+            remote_started: remote&.started?,
+          )
         end
       end
     end

data/lib/datadog/core/configuration/components_state.rb

@@ -0,0 +1,23 @@
+# frozen_string_literal: true
+
+module Datadog
+  module Core
+    module Configuration
+      # Stores the state of component tree when replacing the tree.
+      class ComponentsState
+        def initialize(telemetry_enabled:, remote_started:)
+          @telemetry_enabled = !!telemetry_enabled
+          @remote_started = !!remote_started
+        end
+
+        def telemetry_enabled?
+          @telemetry_enabled
+        end
+
+        def remote_started?
+          @remote_started
+        end
+      end
+    end
+  end
+end