feat(datadog-aws): add per-service interceptor crates for SQS, SNS, and EventBridge#189
feat(datadog-aws): add per-service interceptor crates for SQS, SNS, and EventBridge#189Dogbu-cyber wants to merge 73 commits into
Conversation
|
@codex review |
There was a problem hiding this comment.
💡 Codex Review
Here are some automated review suggestions for this pull request.
Reviewed commit: 302fbb5267
ℹ️ About Codex in GitHub
Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you
- Open a pull request for review
- Mark a draft as ready
- Comment "@codex review".
If Codex has suggestions, it will comment; otherwise it will react with 👍.
Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".
ee01b82 to
612838b
Compare
141c5dd to
1184437
Compare
612838b to
4f7442a
Compare
3fa3937 to
80424aa
Compare
|
@codex review |
80424aa to
80fedd0
Compare
There was a problem hiding this comment.
💡 Codex Review
Here are some automated review suggestions for this pull request.
Reviewed commit: 80424aa3a6
ℹ️ About Codex in GitHub
Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you
- Open a pull request for review
- Mark a draft as ready
- Comment "@codex review".
If Codex has suggestions, it will comment; otherwise it will react with 👍.
Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".
| // EventBridge entries have a 1 MB detail size limit. | ||
| if new_detail.len() > ONE_MB { | ||
| continue; |
There was a problem hiding this comment.
Validate full PutEvents entry size before mutating Detail
The size guard only checks new_detail.len(), but EventBridge enforces the 1 MB limit on the entire PutEventsRequestEntry payload, not just the Detail field. If an entry is already near the limit because of Source, DetailType, Resources, etc., adding _datadog can push the total entry size over quota and make PutEvents fail, even though tracing is intended to be non-intrusive. This should use the documented entry-size calculation (or equivalent full-entry check) before writing the mutated detail.
Useful? React with 👍 / 👎.
There was a problem hiding this comment.
TL;DR This is a valid concern. I'm thinking about dropping this check because it's not correct or useful.
The limit is documented as a service-side contract. AWS’s current EventBridge API reference says PutEvents total entry size must be less than 1 MB, and the user guide says the whole request must stay under 1,048,576 bytes, with a single entry allowed to use that full budget if it is the only one. Invalid entries are reported back by the service through PutEventsResultEntry.ErrorCode / ErrorMessage, which is consistent with backend enforcement rather than SDK preflight. Sources: PutEvents API, PutEvents user guide, PutEventsResultEntry.
There was a problem hiding this comment.
I think we should keep the check for now, just to provide an upper limit. If the payload exceeds the limit for any reason, we can skip the injection path altogether, as such a request will be rejected by the backend anyway.
17f2c7a to
78a6876
Compare
80fedd0 to
18c7914
Compare
78a6876 to
bf4ea81
Compare
35b2e4f to
7d1fbbe
Compare
29211f0 to
d999596
Compare
7e64f6f to
f1e120e
Compare
| let new_detail = match rewrite_json_object_field(detail, DATADOG_ATTRIBUTE_KEY, &trace_ctx) | ||
| { | ||
| Ok(detail) => detail, | ||
| Err(_) => continue, |
There was a problem hiding this comment.
Would be nice to include a debug level log here, or somehow otherwise inform the user why injection failed.
| return; | ||
| }; | ||
| let Ok(dd_attr) = build_datadog_attribute(trace_headers) else { | ||
| return; |
There was a problem hiding this comment.
In all the cases where we return early, would be nice to have some debug level logging.
b9f8ecf to
f559889
Compare
Read `_datadog` from both string and binary SQS message attributes so SNS-propagated context can be extracted.
86a98be to
ae2e2b7
Compare
What does this PR do?
Adds trace context injection for the AWS SDK for Rust via three focused interceptor crates. Each crate pulls in only the AWS SDK dependency it needs -- users add only what they use.
Ref: #190
Crate architecture
Usage
Supported operations
SendMessage,SendMessageBatchReceiveMessage,DeleteMessage,DeleteMessageBatch_datadogMessageAttribute (String, JSON)Publish,PublishBatchGetTopicAttributes,ListSubscriptionsByTopic,Subscribe,CreateTopic, etc._datadogMessageAttribute (Binary) -- avoids subscription filter policy interferencePutEventsPutRule,PutTargets,DescribeRule, etc._datadogkey in eventdetailJSONEach interceptor also creates a client span (
sqs.request,sns.request,eventbridge.request) with standard Datadog tags:aws.service,aws.operation,aws.region,aws.partition,resource.name,operation.name, etc.Design notes
datadog-aws-coreexposes shared request span helpers and common attributes; each service crate owns its concrete AWS SDK interceptor implementation and uses those helpers for span lifecycle, service-specific tags, and trace-context injection._datadogattribute if presentmock_aws,init_test_tracer,sdk_config,span_attrs) lives indatadog-aws-core-test-utilsTrace Example