Skip to content

Commit

Permalink
Add automatic scrubbing for tracing (DataDog#615)
Browse files Browse the repository at this point in the history 
Co-authored-by: Jamie van Brunschot <[email protected]>
  • Loading branch information
@albertvaka
albertvaka and Jamie van Brunschot authored Mar 24, 2020
1 parent a1115ea commit 4597c98
Show file tree
Hide file tree
Showing 2 changed files with 72 additions and 1 deletion.
17 changes: 16 additions & 1 deletion manifests/init.pp
View file
Original file line number Diff line number Diff line change
Expand Up @@ -180,6 +180,9 @@
# $apm_analyzed_spans
# Hash defining the APM spans to analyze and their rates.
# Optional Hash. Default: undef.
# $apm_obfuscation
# Hash defining obfuscation rules for sensitive data. (Agent 6 and 7 only).
# Optional Hash. Default: undef
# $process_enabled
# String to enable the process/container agent
# Boolean. Default: false
Expand Down Expand Up @@ -307,6 +310,7 @@
String $apm_env = 'none',
Boolean $apm_non_local_traffic = false,
Optional[Hash[String, Float[0, 1]]] $apm_analyzed_spans = undef,
Optional[Hash[String, Data]] $apm_obfuscation = undef,
Boolean $process_enabled = $datadog_agent::params::process_default_enabled,
Boolean $scrub_args = $datadog_agent::params::process_default_scrub_args,
Array $custom_sensitive_words = $datadog_agent::params::process_default_custom_words,
Expand Down Expand Up @@ -539,7 +543,7 @@
}
}

if ($apm_enabled == true) and ($apm_env != 'none') or $apm_analyzed_spans {
if ($apm_enabled == true) and (($apm_env != 'none') or $apm_analyzed_spans or $apm_obfuscation) {
concat::fragment{ 'datadog apm footer':
target => '/etc/dd-agent/datadog.conf',
content => template('datadog_agent/datadog_apm_footer.conf.erb'),
Expand Down Expand Up @@ -618,6 +622,16 @@
$apm_analyzed_span_config = {}
}

if $apm_obfuscation {
$apm_obfuscation_config = {
'apm_config' => {
'obfuscation' => $apm_obfuscation
}
}
} else {
$apm_obfuscation_config = {}
}

if $statsd_forward_host != '' {
if $_statsd_forward_port != '' {
$statsd_forward_config = {
Expand Down Expand Up @@ -646,6 +660,7 @@
$logs_base_config,
$agent_extra_options,
$apm_analyzed_span_config,
$apm_obfuscation_config,
$statsd_forward_config,
$host_config,
$additional_checksd_config)
Expand Down
56 changes: 56 additions & 0 deletions spec/classes/datadog_agent_spec.rb
View file
Original file line number Diff line number Diff line change
Expand Up @@ -1925,6 +1925,62 @@
)
}
end

context 'with apm_enabled set to true and apm_obfuscation specified' do
let(:params) do
{
apm_enabled: true,
apm_obfuscation: {
elasticsearch: {
enable: true,
keep_values: [
'user_id',
'category_id',
],
},
redis: {
enable: true,
},
memcached: {
enable: true,
},
http: {
remove_query_string: true,
remove_paths_with_digits: true,
},
mongodb: {
enable: true,
keep_values: [
'uid',
'cat_id',
],
},
},
}
end

it {
is_expected.to contain_file(config_yaml_file).with(
'content' => %r{^apm_config:\n},
)
}
it {
is_expected.to contain_file(config_yaml_file).with(
'content' => %r{^apm_config:\n\ \ enabled: true\n},
)
}
it {
is_expected.to contain_file(config_yaml_file).with(
'content' => %r{^\ \ obfuscation:\n},
)
}
it {
is_expected.to contain_file(config_yaml_file).with(
'content' => %r{elasticsearch},
)
}
end

context 'with extra_options and Process enabled' do
let(:params) do
{
Expand Down

0 comments on commit 4597c98

Please sign in to comment.