Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[python] Enable more user event tests #3935

Merged
merged 8 commits into from
Jan 31, 2025
Merged

[python] Enable more user event tests #3935

merged 8 commits into from
Jan 31, 2025
+14 −3

Conversation

christophe-papazian
Copy link
Contributor

@christophe-papazian christophe-papazian commented Jan 30, 2025
edited
Loading

After DataDog/dd-trace-py#12069 will be merged, this PR enables more tests for ATO on Python.

Changes

  • enable user blocking and user tracking tests for python
  • disable auto tests for other weblogs than Django, as Django is the only one with automatic instrumentation possible.

ALSO FOR PYTHON:
use 3.x-staging for dev branch during transition before 3.0 major release.

Workflow

  1. ⚠️ Create your PR as draft ⚠️
  2. Work on you PR until the CI passes (if something not related to your task is failing, you can ignore it)
  3. Mark it as ready for review
    • Test logic is modified? -> Get a review from RFC owner. We're working on refining the codeowners file quickly.
    • Framework is modified, or non obvious usage of it -> get a review from R&P team

🚀 Once your PR is reviewed, you can merge it!

🛟 #apm-shared-testing 🛟

Reviewer checklist

  • If PR title starts with [<language>], double-check that only <language> is impacted by the change
  • No system-tests internal is modified. Otherwise, I have the approval from R&P team
  • CI is green, or failing jobs are not related to this change (and you are 100% sure about this statement)
  • A docker base image is modified?
    • the relevant build-XXX-image label is present
  • A scenario is added (or removed)?

@christophe-papazian christophe-papazian mentioned this pull request Jan 30, 2025
Merged
2 tasks
christophe-papazian added a commit to DataDog/dd-trace-py that referenced this pull request Jan 31, 2025
@christophe-papazian @Yun-Kim
@ncybul @nsrip-dd @wconti27
chore(asm): improve user blocking for django (auth middleware) (#12069)
92d8c5f 
This PR improve user blocking on Django by adding the possibility to
block a previously authentified user.

- Wrap AuthenticationMiddleware.process_request to check at the start of
a new request, if an authentified user was already found and run the WAF
on it. Ensure this patch is compatible with APM patches of middleware
- Ensure the new way of blocking requests does not interfere with the
old way on set_user, by allowing set_user blocking to be bypassed. We
want to be sure we call the WAF exactly once.
- Add support for "_dd.appsec.user.collection_mode" tag
- Those changes will be tested and tracked by several system tests:
-
`tests/appsec/test_automated_user_and_session_tracking.py::Test_Automated_User_Tracking`
-
`tests/appsec/test_automated_user_and_session_tracking.py::Test_Automated_User_Blocking::test_user_blocking_auto`

DataDog/system-tests#3935

APPSEC-56505

## Checklist
- [x] PR author has checked that all the criteria below are met
- The PR description includes an overview of the change
- The PR description articulates the motivation for the change
- The change includes tests OR the PR description describes a testing
strategy
- The PR description notes risks associated with the change, if any
- Newly-added code is easy to change
- The change follows the [library release note
guidelines](https://ddtrace.readthedocs.io/en/stable/releasenotes.html)
- The change includes or references documentation updates if necessary
- Backport labels are set (if
[applicable](https://ddtrace.readthedocs.io/en/latest/contributing.html#backporting))

## Reviewer Checklist
- [x] Reviewer has checked that all the criteria below are met 
- Title is accurate
- All changes are related to the pull request's stated goal
- Avoids breaking
[API](https://ddtrace.readthedocs.io/en/stable/versioning.html#interfaces)
changes
- Testing strategy adequately addresses listed risks
- Newly-added code is easy to change
- Release note makes sense to a user of the library
- If necessary, author has acknowledged and discussed the performance
implications of this PR as reported in the benchmarks PR comment
- Backport labels are set in a manner that is consistent with the
[release branch maintenance
policy](https://ddtrace.readthedocs.io/en/latest/contributing.html#backporting)

---------

Co-authored-by: Yun Kim <[email protected]>
Co-authored-by: Nicole Cybul <[email protected]>
Co-authored-by: Nick Ripley <[email protected]>
Co-authored-by: William Conti <[email protected]>
@christophe-papazian christophe-papazian marked this pull request as ready for review January 31, 2025 10:16
@christophe-papazian christophe-papazian requested review from a team as code owners January 31, 2025 10:16
@christophe-papazian christophe-papazian requested review from juanjux and quinna-h and removed request for a team January 31, 2025 10:16
@christophe-papazian christophe-papazian merged commit 9ce636f into main Jan 31, 2025
93 checks passed
@christophe-papazian christophe-papazian deleted the christophe-papazian/enable_user_blocking_for_python branch January 31, 2025 10:23
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@cbeauchesne cbeauchesne cbeauchesne approved these changes

@juanjux juanjux Awaiting requested review from juanjux juanjux is a code owner automatically assigned from DataDog/apm-python

@quinna-h quinna-h Awaiting requested review from quinna-h quinna-h is a code owner automatically assigned from DataDog/apm-python

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@christophe-papazian @cbeauchesne