ddtrace 1.11.1 → 1.12.1

data/lib/datadog/appsec/response.rb

@@ -36,30 +36,34 @@ module Datadog
           Response.new(
             status: 403,
             headers: { 'Content-Type' => content_type },
-            body: [Datadog::AppSec::Assets.blocked(format: FORMAT_MAP[content_type])]
+            body: [Datadog::AppSec::Assets.blocked(format: CONTENT_TYPE_TO_FORMAT[content_type])]
           )
         end
 
         private
 
-        FORMAT_MAP = {
-          'text/plain' => :text,
-          'text/html' => :html,
+        CONTENT_TYPE_TO_FORMAT = {
           'application/json' => :json,
+          'text/html' => :html,
+          'text/plain' => :text,
         }.freeze
 
-        DEFAULT_CONTENT_TYPE = 'text/plain'
+        DEFAULT_CONTENT_TYPE = 'application/json'
 
         def content_type(env)
           return DEFAULT_CONTENT_TYPE unless env.key?('HTTP_ACCEPT')
 
-          accepted = env['HTTP_ACCEPT'].split(',').map { |m| Utils::HTTP::MediaRange.new(m) }.sort!.reverse!
+          accept_types = env['HTTP_ACCEPT'].split(',').map(&:strip)
 
-          accepted.each_with_object(DEFAULT_CONTENT_TYPE) do |range, _default|
-            match = FORMAT_MAP.keys.find { |type| range === type }
+          accepted = accept_types.map { |m| Utils::HTTP::MediaRange.new(m) }.sort!.reverse!
 
-            return match if match
+          accepted.each do |range|
+            type_match = CONTENT_TYPE_TO_FORMAT.keys.find { |type| range === type }
+
+            return type_match if type_match
           end
+
+          DEFAULT_CONTENT_TYPE
         rescue Datadog::AppSec::Utils::HTTP::MediaRange::ParseError
           DEFAULT_CONTENT_TYPE
         end

data/lib/datadog/appsec/scope.rb

@@ -0,0 +1,61 @@
+# frozen_string_literal: true
+
+require_relative 'processor'
+
+module Datadog
+  module AppSec
+    # Capture context essential to consistently call processor and report via traces
+    class Scope
+      attr_reader :trace, :service_entry_span, :processor_context
+
+      def initialize(trace, service_entry_span, processor_context)
+        @trace = trace
+        @service_entry_span = service_entry_span
+        @processor_context = processor_context
+      end
+
+      def finalize
+        @processor_context.finalize
+      end
+
+      class << self
+        def activate_scope(trace, service_entry_span, processor)
+          raise ActiveScopeError, 'another scope is active, nested scopes are not supported' if active_scope
+
+          context = Datadog::AppSec::Processor::Context.new(processor)
+
+          self.active_scope = new(trace, service_entry_span, context)
+        end
+
+        def deactivate_scope
+          raise InactiveScopeError, 'no scope is active, nested scopes are not supported' unless active_scope
+
+          scope = active_scope
+
+          reset_active_scope
+
+          scope.finalize
+        end
+
+        def active_scope
+          Thread.current[:datadog_appsec_active_scope]
+        end
+
+        private
+
+        def active_scope=(scope)
+          raise ArgumentError, 'not a Datadog::AppSec::Scope' unless scope.instance_of?(Scope)
+
+          Thread.current[:datadog_appsec_active_scope] = scope
+        end
+
+        def reset_active_scope
+          Thread.current[:datadog_appsec_active_scope] = nil
+        end
+      end
+
+      class InactiveScopeError < StandardError; end
+      class ActiveScopeError < StandardError; end
+    end
+  end
+end

data/lib/datadog/appsec.rb

@@ -2,6 +2,8 @@
 
 require_relative 'appsec/configuration'
 require_relative 'appsec/extensions'
+require_relative 'appsec/scope'
+require_relative 'appsec/ext'
 
 module Datadog
   # Namespace for Datadog AppSec instrumentation
@@ -13,6 +15,10 @@ module Datadog
         Datadog.configuration.appsec.enabled
       end
 
+      def active_scope
+        Datadog::AppSec::Scope.active_scope
+      end
+
       def processor
         appsec_component = components.appsec
 

data/lib/datadog/ci/ext/environment.rb

@@ -19,6 +19,8 @@ module Datadog
         TAG_PROVIDER_NAME = 'ci.provider.name'
         TAG_STAGE_NAME = 'ci.stage.name'
         TAG_WORKSPACE_PATH = 'ci.workspace_path'
+        TAG_NODE_LABELS = 'ci.node.labels'
+        TAG_NODE_NAME = 'ci.node.name'
         TAG_CI_ENV_VARS = '_dd.ci.env_vars'
 
         PROVIDERS = [
@@ -33,7 +35,8 @@ module Datadog
           ['JENKINS_URL', :extract_jenkins],
           ['TEAMCITY_VERSION', :extract_teamcity],
           ['TRAVIS', :extract_travis],
-          ['BITRISE_BUILD_SLUG', :extract_bitrise]
+          ['BITRISE_BUILD_SLUG', :extract_bitrise],
+          ['CF_BUILD_ID', :extract_codefresh]
         ].freeze
 
         module_function
@@ -196,7 +199,7 @@ module Datadog
         end
 
         def extract_buildkite(env)
-          {
+          tags = {
             Core::Git::Ext::TAG_BRANCH => env['BUILDKITE_BRANCH'],
             Core::Git::Ext::TAG_COMMIT_SHA => env['BUILDKITE_COMMIT'],
             Core::Git::Ext::TAG_REPOSITORY_URL => env['BUILDKITE_REPO'],
@@ -211,11 +214,21 @@ module Datadog
             Core::Git::Ext::TAG_COMMIT_AUTHOR_NAME => env['BUILDKITE_BUILD_AUTHOR'],
             Core::Git::Ext::TAG_COMMIT_AUTHOR_EMAIL => env['BUILDKITE_BUILD_AUTHOR_EMAIL'],
             Core::Git::Ext::TAG_COMMIT_MESSAGE => env['BUILDKITE_MESSAGE'],
+            TAG_NODE_NAME => env['BUILDKITE_AGENT_ID'],
             TAG_CI_ENV_VARS => {
               'BUILDKITE_BUILD_ID' => env['BUILDKITE_BUILD_ID'],
               'BUILDKITE_JOB_ID' => env['BUILDKITE_JOB_ID']
             }.to_json
           }
+
+          extra_tags = env
+            .select { |key| key.start_with?('BUILDKITE_AGENT_META_DATA_') }
+            .map { |key, value| "#{key.to_s.sub('BUILDKITE_AGENT_META_DATA_', '').downcase}:#{value}" }
+            .sort_by(&:length)
+
+          tags[TAG_NODE_LABELS] = extra_tags.to_json unless extra_tags.empty?
+
+          tags
         end
 
         def extract_circle_ci(env)
@@ -274,7 +287,6 @@ module Datadog
         def extract_gitlab(env)
           commit_author_name, commit_author_email = extract_name_email(env['CI_COMMIT_AUTHOR'])
 
-          url = env['CI_PIPELINE_URL']
           {
             Core::Git::Ext::TAG_BRANCH => env['CI_COMMIT_REF_NAME'],
             Core::Git::Ext::TAG_COMMIT_SHA => env['CI_COMMIT_SHA'],
@@ -289,9 +301,11 @@ module Datadog
             TAG_PIPELINE_ID => env['CI_PIPELINE_ID'],
             TAG_PIPELINE_NAME => env['CI_PROJECT_PATH'],
             TAG_PIPELINE_NUMBER => env['CI_PIPELINE_IID'],
-            TAG_PIPELINE_URL => (url.gsub(%r{/-/pipelines/}, '/pipelines/') if url),
+            TAG_PIPELINE_URL => env['CI_PIPELINE_URL'],
             TAG_PROVIDER_NAME => 'gitlab',
             TAG_WORKSPACE_PATH => env['CI_PROJECT_DIR'],
+            TAG_NODE_LABELS => env['CI_RUNNER_TAGS'],
+            TAG_NODE_NAME => env['CI_RUNNER_ID'],
             Core::Git::Ext::TAG_COMMIT_MESSAGE => env['CI_COMMIT_MESSAGE'],
             TAG_CI_ENV_VARS => {
               'CI_PROJECT_URL' => env['CI_PROJECT_URL'],
@@ -308,6 +322,9 @@ module Datadog
             name = name.gsub("/#{normalize_ref(branch)}", '') if branch
             name = name.split('/').reject { |v| v.nil? || v.include?('=') }.join('/')
           end
+
+          node_labels = env['NODE_LABELS'].split.to_json unless env['NODE_LABELS'].nil?
+
           {
             Core::Git::Ext::TAG_BRANCH => branch,
             Core::Git::Ext::TAG_COMMIT_SHA => env['GIT_COMMIT'],
@@ -319,6 +336,8 @@ module Datadog
             TAG_PIPELINE_URL => env['BUILD_URL'],
             TAG_PROVIDER_NAME => 'jenkins',
             TAG_WORKSPACE_PATH => env['WORKSPACE'],
+            TAG_NODE_LABELS => node_labels,
+            TAG_NODE_NAME => env['NODE_NAME'],
             TAG_CI_ENV_VARS => {
               'DD_CUSTOM_TRACE_ID' => env['DD_CUSTOM_TRACE_ID']
             }.to_json
@@ -380,6 +399,23 @@ module Datadog
           }
         end
 
+        def extract_codefresh(env)
+          branch, tag = branch_or_tag(env['CF_BRANCH'])
+
+          {
+            TAG_PROVIDER_NAME => 'codefresh',
+            TAG_PIPELINE_ID => env['CF_BUILD_ID'],
+            TAG_PIPELINE_NAME => env['CF_PIPELINE_NAME'],
+            TAG_PIPELINE_URL => env['CF_BUILD_URL'],
+            TAG_JOB_NAME => env['CF_STEP_NAME'],
+            Core::Git::Ext::TAG_BRANCH => branch,
+            Core::Git::Ext::TAG_TAG => tag,
+            TAG_CI_ENV_VARS => {
+              'CF_BUILD_ID' => env['CF_BUILD_ID'],
+            }.to_json
+          }
+        end
+
         def extract_user_defined_git(env)
           {
             Core::Git::Ext::TAG_REPOSITORY_URL => env[Core::Git::Ext::ENV_REPOSITORY_URL],

data/lib/datadog/core/configuration/settings.rb

@@ -154,6 +154,9 @@ module Datadog
         # @default `DD_ENV` environment variable, otherwise `nil`
         # @return [String,nil]
         option :env do |o|
+          # DEV-2.0: Remove this conversion for symbol.
+          o.setter { |v| v.to_s if v }
+
           # NOTE: env also gets set as a side effect of tags. See the WORKAROUND note in #initialize for details.
           o.default { ENV.fetch(Core::Environment::Ext::ENV_ENVIRONMENT, nil) }
           o.lazy
@@ -202,12 +205,23 @@ module Datadog
 
           # @public_api
           settings :advanced do
+            # @deprecated This setting is ignored when CPU Profiling 2.0 is in use, and will be removed on dd-trace-rb 2.0.
+            #
             # This should never be reduced, as it can cause the resulting profiles to become biased.
             # The default should be enough for most services, allowing 16 threads to be sampled around 30 times
             # per second for a 60 second period.
-            #
-            # @deprecated This setting is ignored when CPU Profiling 2.0 is in use.
-            option :max_events, default: 32768
+            option :max_events do |o|
+              o.default 32768
+              o.on_set do |value|
+                if value != 32768
+                  Datadog.logger.warn(
+                    'The profiling.advanced.max_events setting has been deprecated for removal. It no longer does ' \
+                    'anything unless you the `force_enable_legacy_profiler` option is in use. ' \
+                    'Please remove it from your Datadog.configure block.'
+                  )
+                end
+              end
+            end
 
             # Controls the maximum number of frames for each thread sampled. Can be tuned to avoid omitted frames in the
             # produced profiles. Increasing this may increase the overhead of profiling.
@@ -250,28 +264,39 @@ module Datadog
               end
             end
 
-            # Forces enabling the new CPU Profiling 2.0 profiler (see ddtrace release notes for more details).
-            #
-            # Note that setting this to "false" (or not setting it) will not prevent the new profiler from
-            # being automatically used.
-            # This option will be deprecated for removal once the legacy profiler is removed.
+            # @deprecated No longer does anything, and will be removed on dd-trace-rb 2.0.
             #
-            # @default `DD_PROFILING_FORCE_ENABLE_NEW` environment variable, otherwise `false`
+            # This was used prior to the GA of the new CPU Profiling 2.0 profiler. Using CPU Profiling 2.0 is now the
+            # default and this doesn't do anything.
             option :force_enable_new_profiler do |o|
-              o.default { env_to_bool('DD_PROFILING_FORCE_ENABLE_NEW', false) }
-              o.lazy
+              o.on_set do
+                Datadog.logger.warn(
+                  'The profiling.advanced.force_enable_new_profiler setting has been deprecated for removal and no ' \
+                  'longer does anything. Please remove it from your Datadog.configure block.'
+                )
+              end
             end
 
-            # Forces enabling the *legacy* (non-CPU Profiling 2.0 profiler) even when it would otherwise NOT be enabled.
+            # @deprecated Will be removed for dd-trace-rb 2.0.
             #
-            # Temporarily added to ease migration to the new CPU Profiling 2.0 profiler, and will be removed soon.
+            # Forces enabling the *legacy* non-CPU Profiling 2.0 profiler.
             # Do not use unless instructed to by support.
-            # This option will be deprecated for removal once the legacy profiler is removed.
             #
             # @default `DD_PROFILING_FORCE_ENABLE_LEGACY` environment variable, otherwise `false`
             option :force_enable_legacy_profiler do |o|
               o.default { env_to_bool('DD_PROFILING_FORCE_ENABLE_LEGACY', false) }
               o.lazy
+              o.on_set do |value|
+                if value
+                  Datadog.logger.warn(
+                    'The profiling.advanced.force_enable_legacy_profiler setting has been deprecated for removal. ' \
+                    'Do not use unless instructed to by support. ' \
+                    'If you needed to use it due to incompatibilities with the CPU Profiling 2.0 profiler, consider ' \
+                    'using the profiling.advanced.no_signals_workaround_enabled setting instead. ' \
+                    'See <https://dtdg.co/ruby-profiler-troubleshooting> for details.'
+                  )
+                end
+              end
             end
 
             # Forces enabling of profiling of time/resources spent in Garbage Collection.
@@ -317,6 +342,30 @@ module Datadog
               o.default { env_to_bool('DD_PROFILING_SKIP_MYSQL2_CHECK', false) }
               o.lazy
             end
+
+            # The profiler gathers data by sending `SIGPROF` unix signals to Ruby application threads.
+            #
+            # Sending `SIGPROF` is a common profiling approach, and may cause system calls from native
+            # extensions/libraries to be interrupted with a system
+            # [EINTR error code.](https://man7.org/linux/man-pages/man7/signal.7.html#:~:text=Interruption%20of%20system%20calls%20and%20library%20functions%20by%20signal%20handlers)
+            # Rarely, native extensions or libraries called by them may have missing or incorrect error handling for the
+            # `EINTR` error code.
+            #
+            # The "no signals" workaround, when enabled, enables an alternative mode for the profiler where it does not
+            # send `SIGPROF` unix signals. The downside of this approach is that the profiler data will have lower
+            # quality.
+            #
+            # This workaround is automatically enabled when gems that are known to have issues handling
+            # `EINTR` error codes are detected. If you suspect you may be seeing an issue due to the profiler's use of
+            # signals, you can try manually enabling this mode as a fallback.
+            # Please also report these issues to us on <https://github.com/DataDog/dd-trace-rb/issues/new>, so we can
+            # work with the gem authors to fix them!
+            #
+            # @default `DD_PROFILING_NO_SIGNALS_WORKAROUND_ENABLED` environment variable as a boolean, otherwise `:auto`
+            option :no_signals_workaround_enabled do |o|
+              o.default { env_to_bool('DD_PROFILING_NO_SIGNALS_WORKAROUND_ENABLED', :auto) }
+              o.lazy
+            end
           end
 
           # @public_api
@@ -353,6 +402,9 @@ module Datadog
         # @default `DD_SERVICE` environment variable, otherwise the program name (e.g. `'ruby'`, `'rails'`, `'pry'`)
         # @return [String]
         option :service do |o|
+          # DEV-2.0: Remove this conversion for symbol.
+          o.setter { |v| v.to_s if v }
+
           # NOTE: service also gets set as a side effect of tags. See the WORKAROUND note in #initialize for details.
           o.default { ENV.fetch(Core::Environment::Ext::ENV_SERVICE, Core::Environment::Ext::FALLBACK_SERVICE_NAME) }
           o.lazy
@@ -497,6 +549,14 @@ module Datadog
             o.default { env_to_float(Core::Remote::Ext::ENV_POLL_INTERVAL_SECONDS, 5.0) }
             o.lazy
           end
+
+          # Declare service name to bind to remote configuration. Use when
+          # DD_SERVICE does not match the correct integration for which remote
+          # configuration applies.
+          #
+          # @default `nil`.
+          # @return [String,nil]
+          option :service
         end
 
         # TODO: Tracing should manage its own settings.

data/lib/datadog/core/configuration.rb

@@ -208,7 +208,11 @@ module Datadog
       # Used internally to ensure a clean environment between test runs.
       def reset!
         safely_synchronize do |write_components|
-          @components.shutdown! if components?
+          if components?
+            @components.shutdown!
+            @temp_logger = nil # Reset to ensure instance and log level are reset for next run
+          end
+
           write_components.call(nil)
           configuration.reset!
         end

data/lib/datadog/core/remote/client/capabilities.rb

@@ -23,7 +23,7 @@ module Datadog
           private
 
           def register(settings)
-            if settings.appsec.enabled
+            if settings.respond_to?(:appsec) && settings.appsec.enabled
               register_capabilities(Datadog::AppSec::Remote.capabilities)
               register_products(Datadog::AppSec::Remote.products)
               register_receivers(Datadog::AppSec::Remote.receivers)

data/lib/datadog/core/remote/client.rb

@@ -136,7 +136,7 @@ module Datadog
             runtime_id: Core::Environment::Identity.id,
             language: Core::Environment::Identity.lang,
             tracer_version: tracer_version_semver2,
-            service: Datadog.configuration.service,
+            service: service_name,
             env: Datadog.configuration.env,
             tags: client_tracer_tags,
           }
@@ -167,6 +167,10 @@ module Datadog
           }
         end
 
+        def service_name
+          Datadog.configuration.remote.service || Datadog.configuration.service
+        end
+
         def tracer_version_semver2
           @tracer_version_semver2 ||= Core::Environment::Identity.tracer_version_semver2
         end

data/lib/datadog/core/telemetry/collector.rb

@@ -56,7 +56,8 @@ module Datadog
         def dependencies
           Gem.loaded_specs.collect do |name, loaded_gem|
             Datadog::Core::Telemetry::V1::Dependency.new(
-              name: name, version: loaded_gem.version.to_s, hash: loaded_gem.hash.to_s
+              # `hash` should be used when `version` is not available
+              name: name, version: loaded_gem.version.to_s, hash: nil
             )
           end
         end

data/lib/datadog/core/telemetry/v1/dependency.rb

@@ -17,9 +17,10 @@ module Datadog
 
           # @param name [String] Module name
           # @param version [String] Version of resolved module
-          # @param hash [String] Dependency hash
+          # @param hash [String] Dependency hash, in case `version` is not available
           def initialize(name:, version: nil, hash: nil)
             raise ArgumentError, ERROR_NIL_NAME_MESSAGE if name.nil?
+            raise ArgumentError, 'if both :version and :hash exist, use :version only' if version && hash
 
             @hash = hash
             @name = name

data/lib/datadog/kit/appsec/events.rb

@@ -14,38 +14,68 @@ module Datadog
         #
         # This method is experimental and may change in the future.
         #
-        # @param trace [TraceOperation] Trace to attach data to.
+        # @param trace [TraceOperation] Trace to attach data to. Defaults to
+        #   active trace.
+        # @param span [SpanOperation] Span to attach data to. Defaults to
+        #   active span on trace. Note that this should be a service entry span.
+        #   When AppSec is enabled, the expected span and trace are automatically
+        #   used as defaults.
         # @param user [Hash<Symbol, String>] User information to pass to
         #   Datadog::Kit::Identity.set_user. Must contain at least :id as key.
         # @param others [Hash<String || Symbol, String>] Additional free-form
         #   event information to attach to the trace.
-        def self.track_login_success(trace, user:, **others)
-          track(LOGIN_SUCCESS_EVENT, trace, **others)
+        def self.track_login_success(trace = nil, span = nil, user:, **others)
+          if (appsec_scope = Datadog::AppSec.active_scope)
+            trace = appsec_scope.trace
+            span = appsec_scope.service_entry_span
+          end
+
+          trace ||= Datadog::Tracing.active_trace
+          span ||= trace.active_span || Datadog::Tracing.active_span
+
+          raise ArgumentError, "span #{span.span_id} does not belong to trace #{trace.id}" if trace.id != span.trace_id
+
+          track(LOGIN_SUCCESS_EVENT, trace, span, **others)
 
           user_options = user.dup
           user_id = user_options.delete(:id)
 
           raise ArgumentError, 'missing required key: :user => { :id }' if user_id.nil?
 
-          Kit::Identity.set_user(trace, id: user_id, **user_options)
+          Kit::Identity.set_user(trace, span, id: user_id, **user_options)
         end
 
         # Attach login failure event information to the trace
         #
         # This method is experimental and may change in the future.
         #
-        # @param trace [TraceOperation] Trace to attach data to.
+        # @param trace [TraceOperation] Trace to attach data to. Defaults to
+        #   active trace.
+        # @param span [SpanOperation] Span to attach data to. Defaults to
+        #   active span on trace. Note that this should be a service entry span.
+        #   When AppSec is enabled, the expected span and trace are automatically
+        #   used as defaults.
         # @param user_id [String] User id that attempted login
         # @param user_exists [bool] Whether the user id that did a login attempt exists.
         # @param others [Hash<String || Symbol, String>] Additional free-form
         #   event information to attach to the trace.
-        def self.track_login_failure(trace, user_id:, user_exists:, **others)
-          track(LOGIN_FAILURE_EVENT, trace, **others)
+        def self.track_login_failure(trace = nil, span = nil, user_id:, user_exists:, **others)
+          if (appsec_scope = Datadog::AppSec.active_scope)
+            trace = appsec_scope.trace
+            span = appsec_scope.service_entry_span
+          end
+
+          trace ||= Datadog::Tracing.active_trace
+          span ||= trace.active_span || Datadog::Tracing.active_span
+
+          raise ArgumentError, "span #{span.span_id} does not belong to trace #{trace.id}" if trace.id != span.trace_id
+
+          track(LOGIN_FAILURE_EVENT, trace, span, **others)
 
           raise ArgumentError, 'user_id cannot be nil' if user_id.nil?
 
-          trace.set_tag('appsec.events.users.login.failure.usr.id', user_id)
-          trace.set_tag('appsec.events.users.login.failure.usr.exists', user_exists)
+          span.set_tag('appsec.events.users.login.failure.usr.id', user_id)
+          span.set_tag('appsec.events.users.login.failure.usr.exists', user_exists)
         end
 
         # Attach custom event information to the trace
@@ -53,17 +83,32 @@ module Datadog
         # This method is experimental and may change in the future.
         #
         # @param event [String] Mandatory. Event code.
-        # @param trace [TraceOperation] Trace to attach data to.
+        # @param trace [TraceOperation] Trace to attach data to. Defaults to
+        #   active trace.
+        # @param span [SpanOperation] Span to attach data to. Defaults to
+        #   active span on trace. Note that this should be a service entry span.
+        #   When AppSec is enabled, the expected span and trace are automatically
+        #   used as defaults.
         # @param others [Hash<Symbol, String>] Additional free-form
         #   event information to attach to the trace. Key must not
         #   be :track.
-        def self.track(event, trace, **others)
-          trace.set_tag("appsec.events.#{event}.track", 'true')
+        def self.track(event, trace = nil, span = nil, **others)
+          if (appsec_scope = Datadog::AppSec.active_scope)
+            trace = appsec_scope.trace
+            span = appsec_scope.service_entry_span
+          end
+
+          trace ||= Datadog::Tracing.active_trace
+          span ||= trace.active_span || Datadog::Tracing.active_span
+
+          raise ArgumentError, "span #{span.span_id} does not belong to trace #{trace.id}" if trace.id != span.trace_id
+
+          span.set_tag("appsec.events.#{event}.track", 'true')
 
           others.each do |k, v|
             raise ArgumentError, 'key cannot be :track' if k.to_sym == :track
 
-            trace.set_tag("appsec.events.#{event}.#{k}", v) unless v.nil?
+            span.set_tag("appsec.events.#{event}.#{k}", v) unless v.nil?
           end
 
           trace.keep!

data/lib/datadog/kit/identity.rb

@@ -8,7 +8,12 @@ module Datadog
     module Identity
       # Attach user information to the trace
       #
-      # @param trace [TraceOperation] Trace to attach data to.
+      # @param trace [TraceOperation] Trace to attach data to. Defaults to
+      #   active trace.
+      # @param span [SpanOperation] Span to attach data to. Defaults to
+      #   active span on trace. Note that this should be a service entry span.
+      #   When AppSec is enabled, the expected span and trace are automatically
+      #   used as defaults.
       # @param id [String] Mandatory. Username or client id extracted
       #   from the access token or Authorization header in the inbound request
       #   from outside the system.
@@ -29,7 +34,10 @@ module Datadog
       #
       # rubocop:disable Metrics/CyclomaticComplexity
       # rubocop:disable Metrics/PerceivedComplexity
-      def self.set_user(trace, id:, email: nil, name: nil, session_id: nil, role: nil, scope: nil, **others)
+      # rubocop:disable Metrics/AbcSize
+      def self.set_user(
+        trace = nil, span = nil, id:, email: nil, name: nil, session_id: nil, role: nil, scope: nil, **others
+      )
         raise ArgumentError, 'missing required key: :id' if id.nil?
 
         # enforce types
@@ -45,24 +53,35 @@ module Datadog
           raise TypeError, "#{k.inspect} must be a String" unless v.nil? || v.is_a?(String)
         end
 
+        if (appsec_scope = Datadog::AppSec.active_scope)
+          trace = appsec_scope.trace
+          span = appsec_scope.service_entry_span
+        end
+
+        trace ||= Datadog::Tracing.active_trace
+        span ||= trace.active_span || Datadog::Tracing.active_span
+
+        raise ArgumentError, "span #{span.span_id} does not belong to trace #{trace.id}" if trace.id != span.trace_id
+
         # set tags once data is known consistent
 
-        trace.set_tag('usr.id', id)
-        trace.set_tag('usr.email', email)           unless email.nil?
-        trace.set_tag('usr.name', name)             unless name.nil?
-        trace.set_tag('usr.session_id', session_id) unless session_id.nil?
-        trace.set_tag('usr.role', role)             unless role.nil?
-        trace.set_tag('usr.scope', scope)           unless scope.nil?
+        span.set_tag('usr.id', id)
+        span.set_tag('usr.email', email)           unless email.nil?
+        span.set_tag('usr.name', name)             unless name.nil?
+        span.set_tag('usr.session_id', session_id) unless session_id.nil?
+        span.set_tag('usr.role', role)             unless role.nil?
+        span.set_tag('usr.scope', scope)           unless scope.nil?
 
         others.each do |k, v|
-          trace.set_tag("usr.#{k}", v) unless v.nil?
+          span.set_tag("usr.#{k}", v) unless v.nil?
         end
 
-        if Datadog.configuration.appsec.enabled
+        if appsec_scope
           user = ::Datadog::AppSec::Instrumentation::Gateway::User.new(id)
           ::Datadog::AppSec::Instrumentation.gateway.push('identity.set_user', user)
         end
       end
+      # rubocop:enable Metrics/AbcSize
       # rubocop:enable Metrics/PerceivedComplexity
       # rubocop:enable Metrics/CyclomaticComplexity
     end

data/lib/datadog/profiling/collectors/cpu_and_wall_time_worker.rb

@@ -20,6 +20,7 @@ module Datadog
           endpoint_collection_enabled:,
           gc_profiling_enabled:,
           allocation_counting_enabled:,
+          no_signals_workaround_enabled:,
           thread_context_collector: ThreadContext.new(
             recorder: recorder,
             max_frames: max_frames,
@@ -43,6 +44,7 @@ module Datadog
             gc_profiling_enabled,
             idle_sampling_helper,
             allocation_counting_enabled,
+            no_signals_workaround_enabled,
             dynamic_sampling_rate_enabled,
           )
           @worker_thread = nil