PyPI - datadog_lambda - Versions diffs - 6.111.0__tar.gz → 8.113.0__tar.gz - Mend

datadog_lambda 6.111.0tar.gz → 8.113.0tar.gz

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (32) hide show

{datadog_lambda-6.111.0 → datadog_lambda-8.113.0}/PKG-INFO RENAMED Viewed

@@ -1,6 +1,6 @@
 Metadata-Version: 2.1
 Name: datadog_lambda
-Version: 6.111.0
+Version: 8.113.0
 Summary: The Datadog AWS Lambda Library
 Home-page: https://github.com/DataDog/datadog-lambda-python
 License: Apache-2.0
@@ -19,7 +19,7 @@ Classifier: Programming Language :: Python :: 3.13
 Provides-Extra: dev
 Requires-Dist: botocore (>=1.34.0,<2.0.0) ; extra == "dev"
 Requires-Dist: datadog (>=0.51.0,<1.0.0)
-Requires-Dist: ddtrace (>=2.20.0,<4)
+Requires-Dist: ddtrace (>=3.11.0,<4)
 Requires-Dist: flake8 (>=5.0.4,<6.0.0) ; extra == "dev"
 Requires-Dist: pytest (>=8.0.0,<9.0.0) ; extra == "dev"
 Requires-Dist: pytest-benchmark (>=4.0,<5.0) ; extra == "dev"

{datadog_lambda-6.111.0 → datadog_lambda-8.113.0}/datadog_lambda/__init__.py RENAMED Viewed

@@ -17,3 +17,10 @@ from datadog_lambda.logger import initialize_logging  # noqa: E402
 initialize_logging(__name__)
+from datadog_lambda.patch import patch_all  # noqa: E402
+# Patch third-party libraries for tracing, must be done before importing any
+# handler code.
+patch_all()

datadog_lambda-8.113.0/datadog_lambda/asm.py ADDED Viewed

@@ -0,0 +1,240 @@
+import logging
+import urllib.parse
+from copy import deepcopy
+from typing import Any, Dict, List, Optional, Union
+from ddtrace.contrib.internal.trace_utils import _get_request_header_client_ip
+from ddtrace.internal import core
+from ddtrace.internal.utils import get_blocked
+from ddtrace.internal.utils import http as http_utils
+from ddtrace.trace import Span
+from datadog_lambda.trigger import (
+    EventSubtypes,
+    EventTypes,
+    _EventSource,
+    _http_event_types,
+)
+logger = logging.getLogger(__name__)
+def _to_single_value_headers(headers: Dict[str, List[str]]) -> Dict[str, str]:
+    """
+    Convert multi-value headers to single-value headers.
+    If a header has multiple values, join them with commas.
+    """
+    single_value_headers = {}
+    for key, values in headers.items():
+        single_value_headers[key] = ", ".join(values)
+    return single_value_headers
+def _merge_single_and_multi_value_headers(
+    single_value_headers: Dict[str, str],
+    multi_value_headers: Dict[str, List[str]],
+):
+    """
+    Merge single-value headers with multi-value headers.
+    If a header exists in both, we merge them removing duplicates
+    """
+    merged_headers = deepcopy(multi_value_headers)
+    for key, value in single_value_headers.items():
+        if key not in merged_headers:
+            merged_headers[key] = [value]
+        elif value not in merged_headers[key]:
+            merged_headers[key].append(value)
+    return _to_single_value_headers(merged_headers)
+def asm_set_context(event_source: _EventSource):
+    """Add asm specific items to the ExecutionContext.
+    This allows the AppSecSpanProcessor to know information about the event
+    at the moment the span is created and skip it when not relevant.
+    """
+    if event_source.event_type not in _http_event_types:
+        core.set_item("appsec_skip_next_lambda_event", True)
+def asm_start_request(
+    span: Span,
+    event: Dict[str, Any],
+    event_source: _EventSource,
+    trigger_tags: Dict[str, str],
+):
+    if event_source.event_type not in _http_event_types:
+        return
+    request_headers: Dict[str, str] = {}
+    peer_ip: Optional[str] = None
+    request_path_parameters: Optional[Dict[str, Any]] = None
+    route: Optional[str] = None
+    if event_source.event_type == EventTypes.ALB:
+        headers = event.get("headers")
+        multi_value_request_headers = event.get("multiValueHeaders")
+        if multi_value_request_headers:
+            request_headers = _to_single_value_headers(multi_value_request_headers)
+        else:
+            request_headers = headers or {}
+        raw_uri = event.get("path")
+        parsed_query = event.get("multiValueQueryStringParameters") or event.get(
+            "queryStringParameters"
+        )
+    elif event_source.event_type == EventTypes.LAMBDA_FUNCTION_URL:
+        request_headers = event.get("headers", {})
+        peer_ip = event.get("requestContext", {}).get("http", {}).get("sourceIp")
+        raw_uri = event.get("rawPath")
+        parsed_query = event.get("queryStringParameters")
+    elif event_source.event_type == EventTypes.API_GATEWAY:
+        request_context = event.get("requestContext", {})
+        request_path_parameters = event.get("pathParameters")
+        route = trigger_tags.get("http.route")
+        if event_source.subtype == EventSubtypes.API_GATEWAY:
+            request_headers = event.get("headers", {})
+            peer_ip = request_context.get("identity", {}).get("sourceIp")
+            raw_uri = event.get("path")
+            parsed_query = event.get("multiValueQueryStringParameters")
+        elif event_source.subtype == EventSubtypes.HTTP_API:
+            request_headers = event.get("headers", {})
+            peer_ip = request_context.get("http", {}).get("sourceIp")
+            raw_uri = event.get("rawPath")
+            parsed_query = event.get("queryStringParameters")
+        elif event_source.subtype == EventSubtypes.WEBSOCKET:
+            request_headers = _to_single_value_headers(
+                event.get("multiValueHeaders", {})
+            )
+            peer_ip = request_context.get("identity", {}).get("sourceIp")
+            raw_uri = event.get("path")
+            parsed_query = event.get("multiValueQueryStringParameters")
+        else:
+            return
+    else:
+        return
+    body = event.get("body")
+    is_base64_encoded = event.get("isBase64Encoded", False)
+    request_ip = _get_request_header_client_ip(request_headers, peer_ip, True)
+    if request_ip is not None:
+        span.set_tag_str("http.client_ip", request_ip)
+        span.set_tag_str("network.client.ip", request_ip)
+    # Encode the parsed query and append it to reconstruct the original raw URI expected by AppSec.
+    if parsed_query:
+        try:
+            encoded_query = urllib.parse.urlencode(parsed_query, doseq=True)
+            raw_uri += "?" + encoded_query  # type: ignore
+        except Exception:
+            pass
+    core.dispatch(
+        # The matching listener is registered in ddtrace.appsec._handlers
+        "aws_lambda.start_request",
+        (
+            span,
+            request_headers,
+            request_ip,
+            body,
+            is_base64_encoded,
+            raw_uri,
+            route,
+            trigger_tags.get("http.method"),
+            parsed_query,
+            request_path_parameters,
+        ),
+    )
+def asm_start_response(
+    span: Span,
+    status_code: str,
+    event_source: _EventSource,
+    response: Union[Dict[str, Any], str, None],
+):
+    if event_source.event_type not in _http_event_types:
+        return
+    if isinstance(response, dict) and (
+        "headers" in response or "multiValueHeaders" in response
+    ):
+        headers = response.get("headers", {})
+        multi_value_request_headers = response.get("multiValueHeaders")
+        if isinstance(multi_value_request_headers, dict) and isinstance(headers, dict):
+            response_headers = _merge_single_and_multi_value_headers(
+                headers, multi_value_request_headers
+            )
+        elif isinstance(headers, dict):
+            response_headers = headers
+        else:
+            response_headers = {
+                "content-type": "application/json",
+            }
+    else:
+        response_headers = {
+            "content-type": "application/json",
+        }
+    core.dispatch(
+        # The matching listener is registered in ddtrace.appsec._handlers
+        "aws_lambda.start_response",
+        (
+            span,
+            status_code,
+            response_headers,
+        ),
+    )
+    if isinstance(response, dict) and "statusCode" in response:
+        body = response.get("body")
+    else:
+        body = response
+    core.dispatch(
+        # The matching listener is registered in ddtrace.appsec._handlers
+        "aws_lambda.parse_body",
+        (body,),
+    )
+def get_asm_blocked_response(
+    event_source: _EventSource,
+) -> Optional[Dict[str, Any]]:
+    """Get the blocked response for the given event source."""
+    if event_source.event_type not in _http_event_types:
+        return None
+    blocked = get_blocked()
+    if not blocked:
+        return None
+    desired_type = blocked.get("type", "auto")
+    if desired_type == "none":
+        content_type = "text/plain; charset=utf-8"
+        content = ""
+    else:
+        content_type = blocked.get("content-type", "application/json")
+        content = http_utils._get_blocked_template(content_type)
+    response_headers = {
+        "content-type": content_type,
+    }
+    if "location" in blocked:
+        response_headers["location"] = blocked["location"]
+    return {
+        "statusCode": blocked.get("status_code", 403),
+        "headers": response_headers,
+        "body": content,
+        "isBase64Encoded": False,
+    }

{datadog_lambda-6.111.0 → datadog_lambda-8.113.0}/datadog_lambda/config.py RENAMED Viewed

@@ -95,6 +95,7 @@ class Config:
     data_streams_enabled = _get_env(
         "DD_DATA_STREAMS_ENABLED", "false", as_bool, depends_on_tracing=True
     )
+    appsec_enabled = _get_env("DD_APPSEC_ENABLED", "false", as_bool)
     is_gov_region = _get_env("AWS_REGION", "", lambda x: x.startswith("us-gov-"))

{datadog_lambda-6.111.0 → datadog_lambda-8.113.0}/datadog_lambda/tracing.py RENAMED Viewed

@@ -4,6 +4,7 @@
 # Copyright 2019 Datadog, Inc.
 import logging
 import os
+import re
 import traceback
 import ujson as json
 from datetime import datetime, timezone
@@ -67,6 +68,24 @@ HIGHER_64_BITS = "HIGHER_64_BITS"
 LOWER_64_BITS = "LOWER_64_BITS"
+def _dsm_set_checkpoint(context_json, event_type, arn):
+    if not config.data_streams_enabled:
+        return
+    if not arn:
+        return
+    try:
+        from ddtrace.data_streams import set_consume_checkpoint
+        carrier_get = lambda k: context_json and context_json.get(k)  # noqa: E731
+        set_consume_checkpoint(event_type, arn, carrier_get, manual_checkpoint=False)
+    except Exception as e:
+        logger.debug(
+            f"DSM:Failed to set consume checkpoint for {event_type} {arn}: {e}"
+        )
 def _convert_xray_trace_id(xray_trace_id):
     """
     Convert X-Ray trace id (hex)'s last 63 bits to a Datadog trace id (int).
@@ -202,7 +221,9 @@ def create_sns_event(message):
     }
-def extract_context_from_sqs_or_sns_event_or_context(event, lambda_context):
+def extract_context_from_sqs_or_sns_event_or_context(
+    event, lambda_context, event_source
+):
     """
     Extract Datadog trace context from an SQS event.
@@ -214,7 +235,10 @@ def extract_context_from_sqs_or_sns_event_or_context(event, lambda_context):
     Lambda Context.
     Falls back to lambda context if no trace data is found in the SQS message attributes.
+    Set a DSM checkpoint if DSM is enabled and the method for context propagation is supported.
     """
+    source_arn = ""
+    event_type = "sqs" if event_source.equals(EventTypes.SQS) else "sns"
     # EventBridge => SQS
     try:
@@ -226,6 +250,7 @@ def extract_context_from_sqs_or_sns_event_or_context(event, lambda_context):
     try:
         first_record = event.get("Records")[0]
+        source_arn = first_record.get("eventSourceARN", "")
         # logic to deal with SNS => SQS event
         if "body" in first_record:
@@ -241,6 +266,9 @@ def extract_context_from_sqs_or_sns_event_or_context(event, lambda_context):
         msg_attributes = first_record.get("messageAttributes")
         if msg_attributes is None:
             sns_record = first_record.get("Sns") or {}
+            # SNS->SQS event would extract SNS arn without this check
+            if event_source.equals(EventTypes.SNS):
+                source_arn = sns_record.get("TopicArn", "")
             msg_attributes = sns_record.get("MessageAttributes") or {}
         dd_payload = msg_attributes.get("_datadog")
         if dd_payload:
@@ -272,8 +300,9 @@ def extract_context_from_sqs_or_sns_event_or_context(event, lambda_context):
                         logger.debug(
                             "Failed to extract Step Functions context from SQS/SNS event."
                         )
-                return propagator.extract(dd_data)
+                context = propagator.extract(dd_data)
+                _dsm_set_checkpoint(dd_data, event_type, source_arn)
+                return context
         else:
             # Handle case where trace context is injected into attributes.AWSTraceHeader
             # example: Root=1-654321ab-000000001234567890abcdef;Parent=0123456789abcdef;Sampled=1
@@ -296,9 +325,13 @@ def extract_context_from_sqs_or_sns_event_or_context(event, lambda_context):
                             span_id=int(x_ray_context["parent_id"], 16),
                             sampling_priority=float(x_ray_context["sampled"]),
                         )
+        # Still want to set a DSM checkpoint even if DSM context not propagated
+        _dsm_set_checkpoint(None, event_type, source_arn)
         return extract_context_from_lambda_context(lambda_context)
     except Exception as e:
         logger.debug("The trace extractor returned with error %s", e)
+        # Still want to set a DSM checkpoint even if DSM context not propagated
+        _dsm_set_checkpoint(None, event_type, source_arn)
         return extract_context_from_lambda_context(lambda_context)
@@ -357,9 +390,12 @@ def extract_context_from_eventbridge_event(event, lambda_context):
 def extract_context_from_kinesis_event(event, lambda_context):
     """
     Extract datadog trace context from a Kinesis Stream's base64 encoded data string
+    Set a DSM checkpoint if DSM is enabled and the method for context propagation is supported.
     """
+    source_arn = ""
     try:
         record = get_first_record(event)
+        source_arn = record.get("eventSourceARN", "")
         kinesis = record.get("kinesis")
         if not kinesis:
             return extract_context_from_lambda_context(lambda_context)
@@ -373,10 +409,13 @@ def extract_context_from_kinesis_event(event, lambda_context):
             data_obj = json.loads(data_str)
             dd_ctx = data_obj.get("_datadog")
             if dd_ctx:
-                return propagator.extract(dd_ctx)
+                context = propagator.extract(dd_ctx)
+                _dsm_set_checkpoint(dd_ctx, "kinesis", source_arn)
+                return context
     except Exception as e:
         logger.debug("The trace extractor returned with error %s", e)
+    # Still want to set a DSM checkpoint even if DSM context not propagated
+    _dsm_set_checkpoint(None, "kinesis", source_arn)
     return extract_context_from_lambda_context(lambda_context)
@@ -594,7 +633,7 @@ def extract_dd_trace_context(
         )
     elif event_source.equals(EventTypes.SNS) or event_source.equals(EventTypes.SQS):
         context = extract_context_from_sqs_or_sns_event_or_context(
-            event, lambda_context
+            event, lambda_context, event_source
         )
     elif event_source.equals(EventTypes.EVENTBRIDGE):
         context = extract_context_from_eventbridge_event(event, lambda_context)
@@ -818,15 +857,31 @@ def create_service_mapping(val):
     return new_service_mapping
-def determine_service_name(service_mapping, specific_key, generic_key, default_value):
-    service_name = service_mapping.get(specific_key)
-    if service_name is None:
-        service_name = service_mapping.get(generic_key, default_value)
-    return service_name
+def determine_service_name(
+    service_mapping, specific_key, generic_key, extracted_key, fallback=None
+):
+    # Check for mapped service (specific key first, then generic key)
+    mapped_service = service_mapping.get(specific_key) or service_mapping.get(
+        generic_key
+    )
+    if mapped_service:
+        return mapped_service
+    # Check if AWS service representation is disabled
+    aws_service_representation = os.environ.get(
+        "DD_TRACE_AWS_SERVICE_REPRESENTATION_ENABLED", ""
+    ).lower()
+    if aws_service_representation in ("false", "0"):
+        return fallback
+    # Use extracted_key if it exists and is not empty, otherwise use fallback
+    return (
+        extracted_key.strip() if extracted_key and extracted_key.strip() else fallback
+    )
 # Initialization code
-service_mapping_str = os.getenv("DD_SERVICE_MAPPING", "")
+service_mapping_str = os.environ.get("DD_SERVICE_MAPPING", "")
 service_mapping = create_service_mapping(service_mapping_str)
 _dd_origin = {"_dd.origin": "lambda"}
@@ -859,7 +914,7 @@ def create_inferred_span_from_lambda_function_url_event(event, context):
     InferredSpanInfo.set_tags(tags, tag_source="self", synchronicity="sync")
     if span:
         span.set_tags(tags)
-        span.start_ns = int(request_time_epoch) * 1e6
+        span.start_ns = int(request_time_epoch * 1e6)
     return span
@@ -950,6 +1005,7 @@ def create_inferred_span_from_api_gateway_websocket_event(
         "http.url": http_url,
         "endpoint": endpoint,
         "resource_names": endpoint,
+        "span.kind": "server",
         "apiid": api_id,
         "apiname": api_id,
         "stage": request_context.get("stage"),
@@ -1008,6 +1064,7 @@ def create_inferred_span_from_api_gateway_event(
         "endpoint": path,
         "http.method": method,
         "resource_names": resource,
+        "span.kind": "server",
         "apiid": api_id,
         "apiname": api_id,
         "stage": request_context.get("stage"),
@@ -1112,12 +1169,13 @@ def create_inferred_span_from_sqs_event(event, context):
     event_source_arn = event_record.get("eventSourceARN")
     queue_name = event_source_arn.split(":")[-1]
     service_name = determine_service_name(
-        service_mapping, queue_name, "lambda_sqs", "sqs"
+        service_mapping, queue_name, "lambda_sqs", queue_name, "sqs"
     )
     attrs = event_record.get("attributes") or {}
     tags = {
         "operation_name": "aws.sqs",
         "resource_names": queue_name,
+        "span.kind": "server",
         "queuename": queue_name,
         "event_source_arn": event_source_arn,
         "receipt_handle": event_record.get("receiptHandle"),
@@ -1179,11 +1237,12 @@ def create_inferred_span_from_sns_event(event, context):
     topic_arn = sns_message.get("TopicArn")
     topic_name = topic_arn.split(":")[-1]
     service_name = determine_service_name(
-        service_mapping, topic_name, "lambda_sns", "sns"
+        service_mapping, topic_name, "lambda_sns", topic_name, "sns"
     )
     tags = {
         "operation_name": "aws.sns",
         "resource_names": topic_name,
+        "span.kind": "server",
         "topicname": topic_name,
         "topic_arn": topic_arn,
         "message_id": sns_message.get("MessageId"),
@@ -1214,15 +1273,16 @@ def create_inferred_span_from_kinesis_event(event, context):
     event_record = get_first_record(event)
     event_source_arn = event_record.get("eventSourceARN")
     event_id = event_record.get("eventID")
-    stream_name = event_source_arn.split(":")[-1]
+    stream_name = re.sub(r"^stream/", "", (event_source_arn or "").split(":")[-1])
     shard_id = event_id.split(":")[0]
     service_name = determine_service_name(
-        service_mapping, stream_name, "lambda_kinesis", "kinesis"
+        service_mapping, stream_name, "lambda_kinesis", stream_name, "kinesis"
     )
     kinesis = event_record.get("kinesis") or {}
     tags = {
         "operation_name": "aws.kinesis",
         "resource_names": stream_name,
+        "span.kind": "server",
         "streamname": stream_name,
         "shardid": shard_id,
         "event_source_arn": event_source_arn,
@@ -1249,12 +1309,13 @@ def create_inferred_span_from_dynamodb_event(event, context):
     event_source_arn = event_record.get("eventSourceARN")
     table_name = event_source_arn.split("/")[1]
     service_name = determine_service_name(
-        service_mapping, table_name, "lambda_dynamodb", "dynamodb"
+        service_mapping, table_name, "lambda_dynamodb", table_name, "dynamodb"
     )
     dynamodb_message = event_record.get("dynamodb") or {}
     tags = {
         "operation_name": "aws.dynamodb",
         "resource_names": table_name,
+        "span.kind": "server",
         "tablename": table_name,
         "event_source_arn": event_source_arn,
         "event_id": event_record.get("eventID"),
@@ -1283,11 +1344,12 @@ def create_inferred_span_from_s3_event(event, context):
     obj = s3.get("object") or {}
     bucket_name = bucket.get("name")
     service_name = determine_service_name(
-        service_mapping, bucket_name, "lambda_s3", "s3"
+        service_mapping, bucket_name, "lambda_s3", bucket_name, "s3"
     )
     tags = {
         "operation_name": "aws.s3",
         "resource_names": bucket_name,
+        "span.kind": "server",
         "event_name": event_record.get("eventName"),
         "bucketname": bucket_name,
         "bucket_arn": bucket.get("arn"),
@@ -1313,11 +1375,12 @@ def create_inferred_span_from_s3_event(event, context):
 def create_inferred_span_from_eventbridge_event(event, context):
     source = event.get("source")
     service_name = determine_service_name(
-        service_mapping, source, "lambda_eventbridge", "eventbridge"
+        service_mapping, source, "lambda_eventbridge", source, "eventbridge"
     )
     tags = {
         "operation_name": "aws.eventbridge",
         "resource_names": source,
+        "span.kind": "server",
         "detail_type": event.get("detail-type"),
     }
     InferredSpanInfo.set_tags(
@@ -1391,9 +1454,21 @@ def create_function_execution_span(
         tags["_dd.parent_source"] = trace_context_source
     tags.update(trigger_tags)
     tracer.set_tags(_dd_origin)
+    # Determine service name based on config and env var
+    if config.service:
+        service_name = config.service
+    else:
+        aws_service_representation = os.environ.get(
+            "DD_TRACE_AWS_SERVICE_REPRESENTATION_ENABLED", ""
+        ).lower()
+        if aws_service_representation in ("false", "0"):
+            service_name = "aws.lambda"
+        else:
+            service_name = function_name if function_name else "aws.lambda"
     span = tracer.trace(
         "aws.lambda",
-        service="aws.lambda",
+        service=service_name,
         resource=function_name,
         span_type="serverless",
     )

datadog_lambda-8.113.0/datadog_lambda/version.py ADDED Viewed

	@@ -0,0 +1 @@
1	+ __version__ = "8.113.0"

{datadog_lambda-6.111.0 → datadog_lambda-8.113.0}/datadog_lambda/wrapper.py RENAMED Viewed

@@ -9,7 +9,7 @@ import ujson as json
 from importlib import import_module
 from time import time_ns
-from datadog_lambda.dsm import set_dsm_context
+from ddtrace.internal._exceptions import BlockingException
 from datadog_lambda.extension import should_use_extension, flush_extension
 from datadog_lambda.cold_start import (
     set_cold_start,
@@ -25,7 +25,6 @@ from datadog_lambda.constants import (
     Headers,
 )
 from datadog_lambda.module_name import modify_module_name
-from datadog_lambda.patch import patch_all
 from datadog_lambda.span_pointers import calculate_span_pointers
 from datadog_lambda.tag_object import tag_object
 from datadog_lambda.tracing import (
@@ -47,6 +46,14 @@ from datadog_lambda.trigger import (
     extract_http_status_code_tag,
 )
+if config.appsec_enabled:
+    from datadog_lambda.asm import (
+        asm_set_context,
+        asm_start_response,
+        asm_start_request,
+        get_asm_blocked_response,
+    )
 if config.profiling_enabled:
     from ddtrace.profiling import profiler
@@ -121,6 +128,7 @@ class _LambdaDecorator(object):
             self.span = None
             self.inferred_span = None
             self.response = None
+            self.blocking_response = None
             if config.profiling_enabled:
                 self.prof = profiler.Profiler(env=config.env, service=config.service)
@@ -142,8 +150,6 @@ class _LambdaDecorator(object):
             os.environ[DD_REQUESTS_SERVICE_NAME] = os.environ.get(
                 DD_SERVICE, "aws.lambda"
             )
-            # Patch third-party libraries for tracing
-            patch_all()
             # Enable LLM Observability
             if config.llmobs_enabled:
@@ -162,19 +168,24 @@ class _LambdaDecorator(object):
         """Executes when the wrapped function gets called"""
         self._before(event, context)
         try:
+            if self.blocking_response:
+                return self.blocking_response
             self.response = self.func(event, context, **kwargs)
             return self.response
+        except BlockingException:
+            self.blocking_response = get_asm_blocked_response(self.event_source)
         except Exception:
-            if not should_use_extension:
-                from datadog_lambda.metric import submit_errors_metric
+            from datadog_lambda.metric import submit_errors_metric
-                submit_errors_metric(context)
+            submit_errors_metric(context)
             if self.span:
                 self.span.set_traceback()
             raise
         finally:
             self._after(event, context)
+            if self.blocking_response:
+                return self.blocking_response
     def _inject_authorizer_span_headers(self, request_id):
         reference_span = self.inferred_span if self.inferred_span else self.span
@@ -207,6 +218,7 @@ class _LambdaDecorator(object):
     def _before(self, event, context):
         try:
             self.response = None
+            self.blocking_response = None
             set_cold_start(init_timestamp_ns)
             if not should_use_extension:
@@ -240,8 +252,10 @@ class _LambdaDecorator(object):
                     self.inferred_span = create_inferred_span(
                         event, context, event_source, config.decode_authorizer_context
                     )
-                if config.data_streams_enabled:
-                    set_dsm_context(event, event_source)
+                if config.appsec_enabled:
+                    asm_set_context(event_source)
                 self.span = create_function_execution_span(
                     context=context,
                     function_name=config.function_name,
@@ -253,6 +267,9 @@ class _LambdaDecorator(object):
                     parent_span=self.inferred_span,
                     span_pointers=calculate_span_pointers(event_source, event),
                 )
+                if config.appsec_enabled:
+                    asm_start_request(self.span, event, event_source, self.trigger_tags)
+                    self.blocking_response = get_asm_blocked_response(self.event_source)
             else:
                 set_correlation_ids()
             if config.profiling_enabled and is_new_sandbox():
@@ -285,12 +302,25 @@ class _LambdaDecorator(object):
                 if status_code:
                     self.span.set_tag("http.status_code", status_code)
+                if config.appsec_enabled and not self.blocking_response:
+                    asm_start_response(
+                        self.span,
+                        status_code,
+                        self.event_source,
+                        response=self.response,
+                    )
+                    self.blocking_response = get_asm_blocked_response(self.event_source)
                 self.span.finish()
             if self.inferred_span:
                 if status_code:
                     self.inferred_span.set_tag("http.status_code", status_code)
+                if self.trigger_tags and (route := self.trigger_tags.get("http.route")):
+                    self.inferred_span.set_tag("http.route", route)
                 if config.service:
                     self.inferred_span.set_tag("peer.service", config.service)

{datadog_lambda-6.111.0 → datadog_lambda-8.113.0}/pyproject.toml RENAMED Viewed

@@ -1,6 +1,6 @@
 [tool.poetry]
 name = "datadog_lambda"
-version = "6.111.0"
+version = "8.113.0"
 description = "The Datadog AWS Lambda Library"
 authors = ["Datadog, Inc. <dev@datadoghq.com>"]
 license = "Apache-2.0"
@@ -28,7 +28,7 @@ classifiers = [
 python = ">=3.8.0,<4"
 datadog = ">=0.51.0,<1.0.0"
 wrapt = "^1.11.2"
-ddtrace = ">=2.20.0,<4"
+ddtrace = ">=3.11.0,<4"
 ujson = ">=5.9.0"
 botocore = { version = "^1.34.0", optional = true }
 requests = { version ="^2.22.0", optional = true }

datadog_lambda-6.111.0/datadog_lambda/dsm.py DELETED Viewed

@@ -1,38 +0,0 @@
-from datadog_lambda import logger
-from datadog_lambda.trigger import EventTypes
-def set_dsm_context(event, event_source):
-    if event_source.equals(EventTypes.SQS):
-        _dsm_set_sqs_context(event)
-def _dsm_set_sqs_context(event):
-    from datadog_lambda.wrapper import format_err_with_traceback
-    from ddtrace.internal.datastreams import data_streams_processor
-    from ddtrace.internal.datastreams.processor import DsmPathwayCodec
-    from ddtrace.internal.datastreams.botocore import (
-        get_datastreams_context,
-        calculate_sqs_payload_size,
-    )
-    records = event.get("Records")
-    if records is None:
-        return
-    processor = data_streams_processor()
-    for record in records:
-        try:
-            queue_arn = record.get("eventSourceARN", "")
-            contextjson = get_datastreams_context(record)
-            payload_size = calculate_sqs_payload_size(record)
-            ctx = DsmPathwayCodec.decode(contextjson, processor)
-            ctx.set_checkpoint(
-                ["direction:in", f"topic:{queue_arn}", "type:sqs"],
-                payload_size=payload_size,
-            )
-        except Exception as e:
-            logger.error(format_err_with_traceback(e))