From 788815ba7d9299d4deba36f6d0a0592efd338502 Mon Sep 17 00:00:00 2001 From: Loic Nageleisen Date: Thu, 26 Jan 2023 12:00:56 +0100 Subject: [PATCH 1/2] Move events to AppSec specific namespace The general use case is as of yet unclear. This will be AppSec specific for now. --- lib/datadog/kit/appsec/events.rb | 80 ++++++++++++++++++++ lib/datadog/kit/events.rb | 78 ------------------- sig/datadog/kit/appsec/events.rbs | 16 ++++ sig/datadog/kit/events.rbs | 14 ---- spec/datadog/kit/{ => appsec}/events_spec.rb | 4 +- 5 files changed, 98 insertions(+), 94 deletions(-) create mode 100644 lib/datadog/kit/appsec/events.rb delete mode 100644 lib/datadog/kit/events.rb create mode 100644 sig/datadog/kit/appsec/events.rbs delete mode 100644 sig/datadog/kit/events.rbs rename spec/datadog/kit/{ => appsec}/events_spec.rb (97%) diff --git a/lib/datadog/kit/appsec/events.rb b/lib/datadog/kit/appsec/events.rb new file mode 100644 index 00000000000..102b94fbf1a --- /dev/null +++ b/lib/datadog/kit/appsec/events.rb @@ -0,0 +1,80 @@ +# typed: false +# frozen_string_literal: true + +require_relative '../identity' + +module Datadog + module Kit + module AppSec + # Tracking events + module Events + APPSEC_LOGIN_SUCCESS_EVENT = 'users.login.success' + APPSEC_LOGIN_FAILURE_EVENT = 'users.login.failure' + + # Attach login success event information to the trace + # + # This method is experimental and may change in the future. + # + # @param trace [TraceOperation] Trace to attach data to. + # @param user [Hash] User information to pass to + # Datadog::Kit::Identity.set_user. Must contain at least :id as key. + # @param others [Hash] Additional free-form + # event information to attach to the trace. + def self.track_login_success(trace, user:, **others) + track(:appsec, APPSEC_LOGIN_SUCCESS_EVENT, trace, **others) + + user_options = user.dup + user_id = user.delete(:id) + + raise ArgumentError, 'missing required key: :user => { :id }' if user_id.nil? + + Kit::Identity.set_user(trace, id: user_id, **user_options) + end + + # Attach login failure event information to the trace + # + # This method is experimental and may change in the future. + # + # @param trace [TraceOperation] Trace to attach data to. + # @param user_id [String] User id that attempted login + # @param user_exists [bool] Whether the user id that did a login attempt exists. + # @param others [Hash] Additional free-form + # event information to attach to the trace. + def self.track_login_failure(trace, user_id:, user_exists:, **others) + track(:appsec, APPSEC_LOGIN_FAILURE_EVENT, trace, **others) + + raise ArgumentError, 'user_id cannot be nil' if user_id.nil? + + trace.set_tag('appsec.events.users.login.failure.usr.id', user_id) + trace.set_tag('appsec.events.users.login.failure.usr.exists', user_exists) + end + + # Attach custom event information to the trace + # + # This method is experimental and may change in the future. + # + # @param namespace [Symbol] Mandatory. Event namespace. Only :appsec is supported. + # @param event [String] Mandatory. Event code. + # @param trace [TraceOperation] Trace to attach data to. + # @param others [Hash] Additional free-form + # event information to attach to the trace. Key must not + # be :track. + def self.track(namespace, event, trace, **others) + if namespace.to_sym != :appsec + raise ArgumentError, "namespace cannot be #{namespace.inspect}, only :appsec is allowed" + end + + trace.set_tag("#{namespace}.events.#{event}.track", 'true') + + others.each do |k, v| + raise ArgumentError, 'key cannot be :track' if k.to_sym == :track + + trace.set_tag("appsec.events.#{event}.#{k}", v) unless v.nil? + end + + trace.keep! + end + end + end + end +end diff --git a/lib/datadog/kit/events.rb b/lib/datadog/kit/events.rb deleted file mode 100644 index 92f854cb459..00000000000 --- a/lib/datadog/kit/events.rb +++ /dev/null @@ -1,78 +0,0 @@ -# typed: false -# frozen_string_literal: true - -require_relative 'identity' - -module Datadog - module Kit - # Tracking events - module Events - APPSEC_LOGIN_SUCCESS_EVENT = 'users.login.success' - APPSEC_LOGIN_FAILURE_EVENT = 'users.login.failure' - - # Attach login success event information to the trace - # - # This method is experimental and may change in the future. - # - # @param trace [TraceOperation] Trace to attach data to. - # @param user [Hash] User information to pass to - # Datadog::Kit::Identity.set_user. Must contain at least :id as key. - # @param others [Hash] Additional free-form - # event information to attach to the trace. - def self.track_login_success(trace, user:, **others) - track(:appsec, APPSEC_LOGIN_SUCCESS_EVENT, trace, **others) - - user_options = user.dup - user_id = user.delete(:id) - - raise ArgumentError, 'missing required key: :user => { :id }' if user_id.nil? - - Kit::Identity.set_user(trace, id: user_id, **user_options) - end - - # Attach login failure event information to the trace - # - # This method is experimental and may change in the future. - # - # @param trace [TraceOperation] Trace to attach data to. - # @param user_id [String] User id that attempted login - # @param user_exists [bool] Whether the user id that did a login attempt exists. - # @param others [Hash] Additional free-form - # event information to attach to the trace. - def self.track_login_failure(trace, user_id:, user_exists:, **others) - track(:appsec, APPSEC_LOGIN_FAILURE_EVENT, trace, **others) - - raise ArgumentError, 'user_id cannot be nil' if user_id.nil? - - trace.set_tag('appsec.events.users.login.failure.usr.id', user_id) - trace.set_tag('appsec.events.users.login.failure.usr.exists', user_exists) - end - - # Attach custom event information to the trace - # - # This method is experimental and may change in the future. - # - # @param namespace [Symbol] Mandatory. Event namespace. Only :appsec is supported. - # @param event [String] Mandatory. Event code. - # @param trace [TraceOperation] Trace to attach data to. - # @param others [Hash] Additional free-form - # event information to attach to the trace. Key must not - # be :track. - def self.track(namespace, event, trace, **others) - if namespace.to_sym != :appsec - raise ArgumentError, "namespace cannot be #{namespace.inspect}, only :appsec is allowed" - end - - trace.set_tag("#{namespace}.events.#{event}.track", 'true') - - others.each do |k, v| - raise ArgumentError, 'key cannot be :track' if k.to_sym == :track - - trace.set_tag("appsec.events.#{event}.#{k}", v) unless v.nil? - end - - trace.keep! - end - end - end -end diff --git a/sig/datadog/kit/appsec/events.rbs b/sig/datadog/kit/appsec/events.rbs new file mode 100644 index 00000000000..3dcaea9651c --- /dev/null +++ b/sig/datadog/kit/appsec/events.rbs @@ -0,0 +1,16 @@ +module Datadog + module Kit + module AppSec + module Events + APPSEC_LOGIN_SUCCESS_EVENT: ::String + APPSEC_LOGIN_FAILURE_EVENT: ::String + + def self.track_login_success: (Datadog::Tracing::TraceOperation trace, user: Hash[::Symbol, ::String | nil], **::Hash[::Symbol, ::String | nil] others) -> void + + def self.track_login_failure: (Datadog::Tracing::TraceOperation trace, user_id: ::String, user_exists: bool, **::Hash[::Symbol, ::String | nil] others) -> void + + def self.track: (::Symbol namespace, ::String | ::Symbol event, Datadog::Tracing::TraceOperation trace, **::Hash[::Symbol, ::String | nil] others) -> void + end + end + end +end diff --git a/sig/datadog/kit/events.rbs b/sig/datadog/kit/events.rbs deleted file mode 100644 index 77e1ffd39d7..00000000000 --- a/sig/datadog/kit/events.rbs +++ /dev/null @@ -1,14 +0,0 @@ -module Datadog - module Kit - module Events - APPSEC_LOGIN_SUCCESS_EVENT: ::String - APPSEC_LOGIN_FAILURE_EVENT: ::String - - def self.track_login_success: (Datadog::Tracing::TraceOperation trace, user: Hash[::Symbol, ::String | nil], **::Hash[::Symbol, ::String | nil] others) -> void - - def self.track_login_failure: (Datadog::Tracing::TraceOperation trace, user_id: ::String, user_exists: bool, **::Hash[::Symbol, ::String | nil] others) -> void - - def self.track: (::Symbol namespace, ::String | ::Symbol event, Datadog::Tracing::TraceOperation trace, **::Hash[::Symbol, ::String | nil] others) -> void - end - end -end diff --git a/spec/datadog/kit/events_spec.rb b/spec/datadog/kit/appsec/events_spec.rb similarity index 97% rename from spec/datadog/kit/events_spec.rb rename to spec/datadog/kit/appsec/events_spec.rb index ab254d536c2..6be58f2e63a 100644 --- a/spec/datadog/kit/events_spec.rb +++ b/spec/datadog/kit/appsec/events_spec.rb @@ -5,9 +5,9 @@ require 'time' require 'datadog/tracing/trace_operation' -require 'datadog/kit/events' +require 'datadog/kit/appsec/events' -RSpec.describe Datadog::Kit::Events do +RSpec.describe Datadog::Kit::AppSec::Events do subject(:trace_op) { Datadog::Tracing::TraceOperation.new } let(:trace) { trace_op.flush! } From a2ba5156a05462942e4aae7fc9c90d6139d9a8a2 Mon Sep 17 00:00:00 2001 From: Loic Nageleisen Date: Thu, 26 Jan 2023 12:04:18 +0100 Subject: [PATCH 2/2] Remove redundant references to AppSec This scoping is now hoisted to the namespace. --- lib/datadog/kit/appsec/events.rb | 17 ++++++----------- sig/datadog/kit/appsec/events.rbs | 6 +++--- spec/datadog/kit/appsec/events_spec.rb | 11 ++--------- 3 files changed, 11 insertions(+), 23 deletions(-) diff --git a/lib/datadog/kit/appsec/events.rb b/lib/datadog/kit/appsec/events.rb index 102b94fbf1a..da61d453d85 100644 --- a/lib/datadog/kit/appsec/events.rb +++ b/lib/datadog/kit/appsec/events.rb @@ -8,8 +8,8 @@ module Kit module AppSec # Tracking events module Events - APPSEC_LOGIN_SUCCESS_EVENT = 'users.login.success' - APPSEC_LOGIN_FAILURE_EVENT = 'users.login.failure' + LOGIN_SUCCESS_EVENT = 'users.login.success' + LOGIN_FAILURE_EVENT = 'users.login.failure' # Attach login success event information to the trace # @@ -21,7 +21,7 @@ module Events # @param others [Hash] Additional free-form # event information to attach to the trace. def self.track_login_success(trace, user:, **others) - track(:appsec, APPSEC_LOGIN_SUCCESS_EVENT, trace, **others) + track(LOGIN_SUCCESS_EVENT, trace, **others) user_options = user.dup user_id = user.delete(:id) @@ -41,7 +41,7 @@ def self.track_login_success(trace, user:, **others) # @param others [Hash] Additional free-form # event information to attach to the trace. def self.track_login_failure(trace, user_id:, user_exists:, **others) - track(:appsec, APPSEC_LOGIN_FAILURE_EVENT, trace, **others) + track(LOGIN_FAILURE_EVENT, trace, **others) raise ArgumentError, 'user_id cannot be nil' if user_id.nil? @@ -53,18 +53,13 @@ def self.track_login_failure(trace, user_id:, user_exists:, **others) # # This method is experimental and may change in the future. # - # @param namespace [Symbol] Mandatory. Event namespace. Only :appsec is supported. # @param event [String] Mandatory. Event code. # @param trace [TraceOperation] Trace to attach data to. # @param others [Hash] Additional free-form # event information to attach to the trace. Key must not # be :track. - def self.track(namespace, event, trace, **others) - if namespace.to_sym != :appsec - raise ArgumentError, "namespace cannot be #{namespace.inspect}, only :appsec is allowed" - end - - trace.set_tag("#{namespace}.events.#{event}.track", 'true') + def self.track(event, trace, **others) + trace.set_tag("appsec.events.#{event}.track", 'true') others.each do |k, v| raise ArgumentError, 'key cannot be :track' if k.to_sym == :track diff --git a/sig/datadog/kit/appsec/events.rbs b/sig/datadog/kit/appsec/events.rbs index 3dcaea9651c..f674d4f91ba 100644 --- a/sig/datadog/kit/appsec/events.rbs +++ b/sig/datadog/kit/appsec/events.rbs @@ -2,14 +2,14 @@ module Datadog module Kit module AppSec module Events - APPSEC_LOGIN_SUCCESS_EVENT: ::String - APPSEC_LOGIN_FAILURE_EVENT: ::String + LOGIN_SUCCESS_EVENT: ::String + LOGIN_FAILURE_EVENT: ::String def self.track_login_success: (Datadog::Tracing::TraceOperation trace, user: Hash[::Symbol, ::String | nil], **::Hash[::Symbol, ::String | nil] others) -> void def self.track_login_failure: (Datadog::Tracing::TraceOperation trace, user_id: ::String, user_exists: bool, **::Hash[::Symbol, ::String | nil] others) -> void - def self.track: (::Symbol namespace, ::String | ::Symbol event, Datadog::Tracing::TraceOperation trace, **::Hash[::Symbol, ::String | nil] others) -> void + def self.track: (::String | ::Symbol event, Datadog::Tracing::TraceOperation trace, **::Hash[::Symbol, ::String | nil] others) -> void end end end diff --git a/spec/datadog/kit/appsec/events_spec.rb b/spec/datadog/kit/appsec/events_spec.rb index 6be58f2e63a..234ec518c70 100644 --- a/spec/datadog/kit/appsec/events_spec.rb +++ b/spec/datadog/kit/appsec/events_spec.rb @@ -74,23 +74,16 @@ end describe '#track' do - it 'rejects unexpected namespaces' do - trace_op.measure('root') do - expect { described_class.track(:foo, 'bar', trace_op) }.to raise_error ArgumentError, /namespace cannot be/ - end - expect(meta).to_not include('foo.events.bar.track' => 'true') - end - it 'sets event tracking key on trace' do trace_op.measure('root') do - described_class.track(:appsec, 'foo', trace_op) + described_class.track('foo', trace_op) end expect(meta).to include('appsec.events.foo.track' => 'true') end it 'sets other keys on trace' do trace_op.measure('root') do - described_class.track(:appsec, 'foo', trace_op, bar: 'baz') + described_class.track('foo', trace_op, bar: 'baz') end expect(meta).to include('appsec.events.foo.bar' => 'baz') end