V4.21.0 proposal

.github/workflows/plugins.yml

@@ -20,6 +20,132 @@ env:
 
 
 jobs:
+  aerospike-3:
+    runs-on: ubuntu-latest
+    container:
+      image: ubuntu:18.04
+    services:
+      aerospike:
+        image: aerospike:ce-5.3.0.16
+        ports:
+          - 3000:3000
+      testagent:
+        image: ghcr.io/datadog/dd-apm-test-agent/ddapm-test-agent:latest
+        env:
+          LOG_LEVEL: DEBUG
+          TRACE_LANGUAGE: javascript
+          DISABLED_CHECKS: trace_content_length
+          PORT: 9126
+        ports:
+          - 9126:9126
+    env:
+      PLUGINS: aerospike
+      SERVICES: aerospike
+      PACKAGE_VERSION_RANGE: '3.16.2 - 3.16.7'
+      DD_TEST_AGENT_URL: http://testagent:9126
+      AEROSPIKE_HOST_ADDRESS: aerospike
+    steps:
+      - uses: actions/checkout@v2
+      - uses: actions/setup-node@v3
+        with:
+          node-version: '14'
+      - id: pkg
+        run: |
+          content=`cat ./package.json | tr '\n' ' '`
+          echo "::set-output name=json::$content"
+      - id: extract
+        run: |
+          version="${{fromJson(steps.pkg.outputs.json).version}}"
+          majorVersion=$(echo "$version" | cut -d '.' -f 1)
+          echo "Major Version: $majorVersion"
+          echo "MAJOR_VERSION=$majorVersion" >> $GITHUB_ENV
+      - name: Check package version
+        if: env.MAJOR_VERSION == '3'
+        run: |
+          echo "Package version is 3. Proceeding with the next steps."
+      - name: Install dependencies
+        if: env.MAJOR_VERSION == '3'
+        run: |
+          apt-get update && \
+          apt-get install -y \
+            python3 python3-pip \
+            wget \
+            g++ libssl1.0.0 libssl-dev zlib1g-dev && \
+          npm install -g yarn
+      - if: env.MAJOR_VERSION == '3'
+        run: yarn install --ignore-engines
+      - if: env.MAJOR_VERSION == '3'
+        uses: ./.github/actions/node/14
+      - if: env.MAJOR_VERSION == '3'
+        run: yarn test:plugins:ci
+      - if: env.MAJOR_VERSION == '3'
+        uses: codecov/codecov-action@v2
+  aerospike-4:
+    runs-on: ubuntu-latest
+    services:
+      aerospike:
+        image: aerospike:ce-5.7.0.15
+        ports:
+          - "127.0.0.1:3000-3002:3000-3002"
+    env:
+      PLUGINS: aerospike
+      SERVICES: aerospike
+      PACKAGE_VERSION_RANGE: '4.0.0 - 5.4.0'
+    steps:
+      - uses: actions/checkout@v2
+      - uses: ./.github/actions/testagent/start
+      - uses: ./.github/actions/node/setup
+      - run: yarn install --ignore-engines
+      - uses: ./.github/actions/node/oldest
+      - run: yarn test:plugins:ci
+      - if: always()
+        uses: ./.github/actions/testagent/logs
+      - uses: codecov/codecov-action@v2
+  aerospike-5:
+    runs-on: ubuntu-latest
+    services:
+      aerospike:
+        image: aerospike:ce-6.4.0.3
+        ports:
+          - "127.0.0.1:3000-3002:3000-3002"
+    env:
+      PLUGINS: aerospike
+      SERVICES: aerospike
+      PACKAGE_VERSION_RANGE: '5.5.0 - 5.7.0'
+    steps:
+      - uses: actions/checkout@v2
+      - uses: ./.github/actions/testagent/start
+      - uses: ./.github/actions/node/setup
+      - id: pkg
+        run: |
+          content=`cat ./package.json | tr '\n' ' '`
+          echo "::set-output name=json::$content"
+      - id: extract
+        run: |
+          version="${{fromJson(steps.pkg.outputs.json).version}}"
+          majorVersion=$(echo "$version" | cut -d '.' -f 1)
+          echo "Major Version: $majorVersion"
+          echo "MAJOR_VERSION=$majorVersion" >> $GITHUB_ENV
+      - name: Check package version
+        if: env.MAJOR_VERSION != '3'
+        run: |
+          echo "Package version is not 3. Proceeding with the next steps."
+      - if: env.MAJOR_VERSION != '3'
+        run: yarn install --ignore-engines
+      - if: env.MAJOR_VERSION != '3'
+        uses: ./.github/actions/node/oldest
+      - if: env.MAJOR_VERSION != '3'
+        run: yarn test:plugins:ci
+      - if: env.MAJOR_VERSION != '3'
+        run: echo "PACKAGE_VERSION_RANGE=>=5.8.0" >> "$GITHUB_ENV"
+      - if: env.MAJOR_VERSION != '3'
+        uses: ./.github/actions/node/20 # currently the latest version of aerospike only supports node 20
+      - if: env.MAJOR_VERSION != '3'
+        run: yarn test:plugins:ci
+      - if: env.MAJOR_VERSION != '3'
+        uses: ./.github/actions/testagent/logs
+      - if: env.MAJOR_VERSION != '3'
+        uses: codecov/codecov-action@v2
   amqp10: # TODO: move rhea to its own job
     runs-on: ubuntu-latest
     services:
@@ -77,9 +203,9 @@ jobs:
     runs-on: ubuntu-latest
     services:
       localstack:
-        image: localstack/localstack:1.1.0
+        image: localstack/localstack:3.0.2
         env:
-          LOCALSTACK_SERVICES: dynamodb,kinesis,s3,sqs,sns,redshift,route53,logs,serverless
+          LOCALSTACK_SERVICES: dynamodb,kinesis,s3,sqs,sns,redshift,route53,logs,serverless,lambda
           EXTRA_CORS_ALLOWED_HEADERS: x-amz-request-id,x-amzn-requestid,x-amz-id-2
           EXTRA_CORS_EXPOSE_HEADERS: x-amz-request-id,x-amzn-requestid,x-amz-id-2
           AWS_DEFAULT_REGION: us-east-1
@@ -88,9 +214,26 @@ jobs:
           START_WEB: '0'
         ports:
           - 4566:4566
+      # we have two localstacks since upgrading localstack was causing lambda & S3 tests to fail
+      # To-Do: Debug localstack / lambda and localstack / S3
+      localstack-legacy:
+        image: localstack/localstack:1.1.0
+        ports:
+          - "127.0.0.1:4567:4567" # Edge
+        env:
+          LOCALSTACK_SERVICES: dynamodb,kinesis,s3,sqs,sns,redshift,route53,logs,serverless
+          EXTRA_CORS_ALLOWED_HEADERS: x-amz-request-id,x-amzn-requestid,x-amz-id-2
+          EXTRA_CORS_EXPOSE_HEADERS: x-amz-request-id,x-amzn-requestid,x-amz-id-2
+          AWS_DEFAULT_REGION: us-east-1
+          FORCE_NONINTERACTIVE: 'true'
+          LAMBDA_EXECUTOR: local
+          START_WEB: '0'
+          GATEWAY_LISTEN: 127.0.0.1:4567
+          EDGE_PORT: 4567
+          EDGE_PORT_HTTP: 4567
     env:
       PLUGINS: aws-sdk
-      SERVICES: localstack
+      SERVICES: localstack localstack-legacy
     steps:
       - uses: actions/checkout@v2
       - uses: ./.github/actions/testagent/start
@@ -291,8 +434,6 @@ jobs:
       - uses: ./.github/actions/testagent/start
       - uses: ./.github/actions/node/setup
       - run: yarn install
-      - uses: ./.github/actions/node/oldest
-      - run: yarn test:plugins:ci
       - uses: ./.github/actions/node/latest
       - run: yarn test:plugins:ci
       - if: always()
@@ -1041,8 +1182,6 @@ jobs:
       - uses: ./.github/actions/testagent/start
       - uses: ./.github/actions/node/setup
       - run: yarn install
-      - uses: ./.github/actions/node/oldest
-      - run: yarn test:plugins:ci
       - uses: ./.github/actions/node/latest
       - run: yarn test:plugins:ci
       - if: always()
@@ -1068,9 +1207,6 @@ jobs:
       - uses: ./.github/actions/testagent/start
       - uses: ./.github/actions/node/setup
       - run: yarn install
-      - uses: ./.github/actions/node/16
-      - run: yarn test:plugins:ci
-      - run: yarn test:plugins:upstream
       - uses: ./.github/actions/node/latest
       - run: yarn test:plugins:ci
       - run: yarn test:plugins:upstream

LICENSE-3rdparty.csv

@@ -30,6 +30,7 @@ require,opentracing,MIT,Copyright 2016 Resonance Labs Inc
 require,path-to-regexp,MIT,Copyright 2014 Blake Embrey
 require,pprof-format,MIT,Copyright 2022 Stephen Belanger
 require,protobufjs,BSD-3-Clause,Copyright 2016 Daniel Wirtz
+require,tlhunter-sorted-set,MIT,Copyright (c) 2023 Datadog Inc.
 require,retry,MIT,Copyright 2011 Tim Koschützki Felix Geisendörfer
 require,semver,ISC,Copyright Isaac Z. Schlueter and Contributors
 dev,@types/node,MIT,Copyright Authors

SECURITY.md

@@ -0,0 +1,17 @@
+# Security Policy
+
+This document outlines the security policy for the Datadog Node.js Tracer (aka `dd-trace-js`) and what to do if you discover a security vulnerability in the project.
+Most notably, please do not share the details in a public forum (such as in a discussion, issue, or pull request) but instead reach out to us with the details.
+This gives us an opportunity to release a fix for others to benefit from by the time details are made public.
+
+
+## Supported Versions
+
+We accept vulnerability submissions for any [currently maintained release lines](https://github.com/DataDog/dd-trace-js#version-release-lines-and-maintenance).
+
+
+## Reporting a Vulnerability
+
+If you discover a vulnerability in the Datadog Node.js Tracer (or any Datadog product for that matter) please submit details to the following email address:
+
+* [[email protected]](mailto:[email protected])

docker-compose.yml

@@ -1,5 +1,9 @@
 version: "2"
 services:
+  aerospike:
+    image: aerospike:ce-6.4.0.3
+    ports: 
+      - "127.0.0.1:3000-3002:3000-3002"
   couchbase:
     image: ghcr.io/datadog/couchbase-server-sandbox:latest
     ports:
@@ -83,31 +87,58 @@ services:
     ports:
       - "127.0.0.1:8081:8081"
   localstack:
-    # TODO: Figure out why SNS doesn't work in >=1.2
-    # https://github.com/localstack/localstack/issues/7479
-    image: localstack/localstack:1.1.0
+    image: localstack/localstack:3.0.2
     ports:
       - "127.0.0.1:4566:4566" # Edge
+    environment:
+      - LOCALSTACK_SERVICES=dynamodb,kinesis,s3,sqs,sns,redshift,route53,logs,serverless,lambda
+      - EXTRA_CORS_ALLOWED_HEADERS=x-amz-request-id,x-amzn-requestid,x-amz-id-2
+      - EXTRA_CORS_EXPOSE_HEADERS=x-amz-request-id,x-amzn-requestid,x-amz-id-2
+      - AWS_DEFAULT_REGION=us-east-1
+      - FORCE_NONINTERACTIVE=true
+      - START_WEB=0
+      - DEBUG=${DEBUG-}
+      - DOCKER_HOST=unix:///var/run/docker.sock
+    volumes:
+      - "/var/run/docker.sock:/var/run/docker.sock"
+  localstack-legacy:
+    # we have two localstacks since upgrading localstack was causing lambda & S3 tests to fail
+    # To-Do: Debug localstack / lambda and localstack / S3
+    image: localstack/localstack:1.1.0
+    ports:
+      - "127.0.0.1:4567:4567" # Edge
     environment:
       - LOCALSTACK_SERVICES=dynamodb,kinesis,s3,sqs,sns,redshift,route53,logs,serverless
       - EXTRA_CORS_ALLOWED_HEADERS=x-amz-request-id,x-amzn-requestid,x-amz-id-2
       - EXTRA_CORS_EXPOSE_HEADERS=x-amz-request-id,x-amzn-requestid,x-amz-id-2
       - AWS_DEFAULT_REGION=us-east-1
       - FORCE_NONINTERACTIVE=true
       - START_WEB=0
+      - GATEWAY_LISTEN=127.0.0.1:4567
+      - EDGE_PORT=4567
+      - EDGE_PORT_HTTP=4567
       - LAMBDA_EXECUTOR=local
   kafka:
-    image: debezium/kafka:1.7
+    platform: linux/arm64
+    image: wurstmeister/kafka:2.13-2.8.1
     ports:
       - "127.0.0.1:9092:9092"
       - "127.0.0.1:9093:9093"
     environment:
       - CLUSTER_ID=5Yr1SIgYQz-b-dgRabWx4g
       - NODE_ID=1
       - CREATE_TOPICS="test-topic:1:1"
+      - KAFKA_ZOOKEEPER_CONNECT=zookeeper:2181
       - KAFKA_CONTROLLER_QUORUM_VOTERS=1@kafka:9093
+      - KAFKA_LISTENERS=PLAINTEXT://0.0.0.0:9092
       - KAFKA_ADVERTISED_LISTENERS=PLAINTEXT://127.0.0.1:9092
       - KAFKA_GROUP_INITIAL_REBALANCE_DELAY_MS=0
+    depends_on:
+      - zookeeper
+  zookeeper:
+    image: wurstmeister/zookeeper
+    ports:
+      - "2181:2181"
   opensearch:
     image: opensearchproject/opensearch:2
     environment:

docs/test.ts

@@ -110,6 +110,10 @@ tracer.init({
     blockedTemplateJson: './blocked.json',
     eventTracking: {
       mode: 'safe'
+    },
+    apiSecurity: {
+      enabled: true,
+      requestSampling: 1.0
     }
   }
 });
@@ -288,6 +292,9 @@ tracer.use('http', {
 tracer.use('http', {
   client: httpClientOptions
 });
+tracer.use('http', {
+  enablePropagationWithAmazonHeaders: true
+});
 tracer.use('http2');
 tracer.use('http2', {
   server: http2ServerOptions

index.d.ts

@@ -578,6 +578,22 @@ export declare interface TracerOptions {
        * @default 'safe'
        */
       mode?: 'safe' | 'extended' | 'disabled'
+    },
+
+    /**
+     * Configuration for Api Security sampling
+     */
+    apiSecurity?: {
+      /** Whether to enable Api Security.
+       * @default false
+       */
+      enabled?: boolean,
+
+      /** Controls the request sampling rate (between 0 and 1) in which Api Security is triggered.
+       * The value will be coerced back if it's outside of the 0-1 range.
+       * @default 0.1
+       */
+      requestSampling?: number
     }
   };
 
@@ -927,6 +943,14 @@ declare namespace plugins {
      * @default code => code < 500
      */
     validateStatus?: (code: number) => boolean;
+
+    /**
+     * Enable injection of tracing headers into requests signed with AWS IAM headers.
+     * Disable this if you get AWS signature errors (HTTP 403).
+     *
+     * @default false
+     */
+    enablePropagationWithAmazonHeaders?: boolean;
   }
 
   /** @hidden */

integration-tests/ci-visibility-intake.js

@@ -10,7 +10,8 @@ const { FakeAgent } = require('./helpers')
 
 const DEFAULT_SETTINGS = {
   code_coverage: true,
-  tests_skipping: true
+  tests_skipping: true,
+  itr_enabled: true
 }
 
 const DEFAULT_SUITES_TO_SKIP = []