Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

breaking: Use sha256 to hash StepFunctions trace id and manually set _dd.p.tid #490

Merged
merged 12 commits into from
Jun 4, 2024
Merged

breaking: Use sha256 to hash StepFunctions trace id and manually set _dd.p.tid #490

merged 12 commits into from
Jun 4, 2024

Conversation

kimi-p
Copy link
Contributor

@kimi-p kimi-p commented May 23, 2024
edited
Loading

What does this PR do?

  • Use sha256 to hash StepFunctions trace context.
  • For 128 bits trace_id:
    • The 1st and 65th bits should be 0.
    • The 1st 64 bits will be converted to base-16 to _dd.p.tid tag.
    • The 2nd 64 bits will be put into trace_id in base-10
  • For parent_id (which is aws.stepfunctions.lambda span's span_id in this case):
    • The highest 64 bits will be converted to base-10.
    • The 1st bit should be 0.
  • The trace_id on the APM UI will now be in base-16 instead of base-10.
  • Related PR from the past that uses md5 to hash.

Motivation

To support 128 bits trace IDs and to avoid showing up in security vulnerability scans, we are upgrading the hashing method (md5) to sha256.

Testing Guidelines

Tested in staging. The example trace is from a Step Function that triggers two Lambdas. One using NodeJS; another using Python.

image

Additional Notes

Types of Changes

  • Bug fix
  • New feature
  • Breaking change
  • Misc (docs, refactoring, dependency upgrade, etc.)

Check all that apply

  • This PR's description is comprehensive
  • This PR contains breaking changes that are documented in the description
  • This PR introduces new APIs or parameters that are documented and unlikely to change in the foreseeable future
  • This PR impacts documentation, and it has been updated (or a ticket has been logged)
  • This PR's changes are covered by the automated tests
  • This PR collects user input/sensitive content into Datadog
  • This PR passes the integration tests (ask a Datadog member to run the tests)

@kimi-p kimi-p marked this pull request as ready for review May 23, 2024 17:19
@kimi-p kimi-p requested a review from a team as a code owner May 23, 2024 17:19
@kimi-p kimi-p changed the title Use Sha256 to hash StepFunctions trace context Use sha256 to hash StepFunctions trace id and set manually _dd.p.tid May 23, 2024
@kimi-p kimi-p changed the title Use sha256 to hash StepFunctions trace id and set manually _dd.p.tid Use sha256 to hash StepFunctions trace id and manually set _dd.p.tid May 23, 2024
nine5two7
nine5two7 approved these changes May 31, 2024
View reviewed changes
Copy link

@nine5two7 nine5two7 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

@kimi-p kimi-p merged commit 3f7c439 into main Jun 4, 2024
51 checks passed
@kimi-p kimi-p deleted the kimi/128bit-trace-id branch June 4, 2024 20:51
@duncanista duncanista mentioned this pull request Jun 5, 2024
Merged
11 tasks
@duncanista duncanista changed the title Use sha256 to hash StepFunctions trace id and manually set _dd.p.tid breaking: Use sha256 to hash StepFunctions trace id and manually set _dd.p.tid Jun 5, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@agocs agocs agocs approved these changes

@duncanista duncanista duncanista approved these changes

@nine5two7 nine5two7 nine5two7 approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@kimi-p @agocs @duncanista @nine5two7