Store APIKey in FakeIntake per payload, add /debug/lastAPIKey #33899
Conversation
dustmop
added
changelog/no-changelog
qa/done
Static quality checks ✅Please find below the results from static quality gates Info
|
Uncompressed package size comparisonComparison with ancestor Diff per package
Decision✅ Passed |
|
[Fast Unit Tests Report] On pipeline 55746137 (CI Visibility). The following jobs did not run any unit tests: Jobs:
If you modified Go files and expected unit tests to run in these jobs, please double check the job logs. If you think tests should have been executed reach out to #agent-devx-help |
Test changes on VMUse this command from test-infra-definitions to manually test this PR changes on a VM: inv aws.create-vm --pipeline-id=55746137 --os-family=ubuntuNote: This applies to commit 876e191 |
dustmop
changed the title
dustmop
force-pushed
the
dustin.long/fake-intake-last-apikey
branch
from
a32a70a to
5e9c5c5
Compare
Regression DetectorRegression Detector ResultsMetrics dashboard Baseline: 44cdd73 Optimization Goals: ✅ No significant changes detected
|
| perf | experiment | goal | Δ mean % | Δ mean % CI | trials | links |
|---|---|---|---|---|---|---|
| ➖ | uds_dogstatsd_to_api_cpu | % cpu utilization | +1.91 | [+1.03, +2.78] | 1 | Logs |
| ➖ | file_to_blackhole_1000ms_latency_linear_load | egress throughput | +0.21 | [-0.26, +0.68] | 1 | Logs |
| ➖ | file_to_blackhole_500ms_latency | egress throughput | +0.10 | [-0.68, +0.87] | 1 | Logs |
| ➖ | file_to_blackhole_0ms_latency_http1 | egress throughput | +0.04 | [-0.79, +0.87] | 1 | Logs |
| ➖ | file_to_blackhole_0ms_latency_http2 | egress throughput | +0.02 | [-0.84, +0.88] | 1 | Logs |
| ➖ | file_to_blackhole_100ms_latency | egress throughput | +0.01 | [-0.69, +0.72] | 1 | Logs |
| ➖ | tcp_dd_logs_filter_exclude | ingress throughput | +0.00 | [-0.01, +0.02] | 1 | Logs |
| ➖ | uds_dogstatsd_to_api | ingress throughput | -0.00 | [-0.29, +0.28] | 1 | Logs |
| ➖ | file_tree | memory utilization | -0.01 | [-0.08, +0.06] | 1 | Logs |
| ➖ | file_to_blackhole_300ms_latency | egress throughput | -0.01 | [-0.65, +0.62] | 1 | Logs |
| ➖ | file_to_blackhole_0ms_latency | egress throughput | -0.03 | [-0.93, +0.87] | 1 | Logs |
| ➖ | quality_gate_logs | % cpu utilization | -0.12 | [-3.14, +2.91] | 1 | Logs |
| ➖ | quality_gate_idle_all_features | memory utilization | -0.24 | [-0.30, -0.17] | 1 | Logs bounds checks dashboard |
| ➖ | file_to_blackhole_1000ms_latency | egress throughput | -0.41 | [-1.17, +0.35] | 1 | Logs |
| ➖ | quality_gate_idle | memory utilization | -0.56 | [-0.60, -0.53] | 1 | Logs bounds checks dashboard |
| ➖ | tcp_syslog_to_blackhole | ingress throughput | -0.92 | [-0.98, -0.86] | 1 | Logs |
Bounds Checks: ✅ Passed
| perf | experiment | bounds_check_name | replicates_passed | links |
|---|---|---|---|---|
| ✅ | file_to_blackhole_0ms_latency | lost_bytes | 10/10 | |
| ✅ | file_to_blackhole_0ms_latency | memory_usage | 10/10 | |
| ✅ | file_to_blackhole_0ms_latency_http1 | lost_bytes | 10/10 | |
| ✅ | file_to_blackhole_0ms_latency_http1 | memory_usage | 10/10 | |
| ✅ | file_to_blackhole_0ms_latency_http2 | lost_bytes | 10/10 | |
| ✅ | file_to_blackhole_0ms_latency_http2 | memory_usage | 10/10 | |
| ✅ | file_to_blackhole_1000ms_latency | memory_usage | 10/10 | |
| ✅ | file_to_blackhole_1000ms_latency_linear_load | memory_usage | 10/10 | |
| ✅ | file_to_blackhole_100ms_latency | lost_bytes | 10/10 | |
| ✅ | file_to_blackhole_100ms_latency | memory_usage | 10/10 | |
| ✅ | file_to_blackhole_300ms_latency | lost_bytes | 10/10 | |
| ✅ | file_to_blackhole_300ms_latency | memory_usage | 10/10 | |
| ✅ | file_to_blackhole_500ms_latency | lost_bytes | 10/10 | |
| ✅ | file_to_blackhole_500ms_latency | memory_usage | 10/10 | |
| ✅ | quality_gate_idle | intake_connections | 10/10 | bounds checks dashboard |
| ✅ | quality_gate_idle | memory_usage | 10/10 | bounds checks dashboard |
| ✅ | quality_gate_idle_all_features | intake_connections | 10/10 | bounds checks dashboard |
| ✅ | quality_gate_idle_all_features | memory_usage | 10/10 | bounds checks dashboard |
| ✅ | quality_gate_logs | intake_connections | 10/10 | |
| ✅ | quality_gate_logs | lost_bytes | 10/10 | |
| ✅ | quality_gate_logs | memory_usage | 10/10 |
Explanation
Confidence level: 90.00%
Effect size tolerance: |Δ mean %| ≥ 5.00%
Performance changes are noted in the perf column of each table:
- ✅ = significantly better comparison variant performance
- ❌ = significantly worse comparison variant performance
- ➖ = no significant change in performance
A regression test is an A/B test of target performance in a repeatable rig, where "performance" is measured as "comparison variant minus baseline variant" for an optimization goal (e.g., ingress throughput). Due to intrinsic variability in measuring that goal, we can only estimate its mean value for each experiment; we report uncertainty in that value as a 90.00% confidence interval denoted "Δ mean % CI".
For each experiment, we decide whether a change in performance is a "regression" -- a change worth investigating further -- if all of the following criteria are true:
-
Its estimated |Δ mean %| ≥ 5.00%, indicating the change is big enough to merit a closer look.
-
Its 90.00% confidence interval "Δ mean % CI" does not contain zero, indicating that if our statistical model is accurate, there is at least a 90.00% chance there is a difference in performance between baseline and comparison variants.
-
Its configuration does not mark it "erratic".
CI Pass/Fail Decision
✅ Passed. All Quality Gates passed.
- quality_gate_idle_all_features, bounds check memory_usage: 10/10 replicas passed. Gate passed.
- quality_gate_idle_all_features, bounds check intake_connections: 10/10 replicas passed. Gate passed.
- quality_gate_logs, bounds check memory_usage: 10/10 replicas passed. Gate passed.
- quality_gate_logs, bounds check intake_connections: 10/10 replicas passed. Gate passed.
- quality_gate_logs, bounds check lost_bytes: 10/10 replicas passed. Gate passed.
- quality_gate_idle, bounds check intake_connections: 10/10 replicas passed. Gate passed.
- quality_gate_idle, bounds check memory_usage: 10/10 replicas passed. Gate passed.
| @@ -19,7 +20,8 @@ import ( | |||
| type inMemoryStore struct { | |||
| mutex sync.RWMutex | |||
|
|
|||
| rawPayloads map[string][]api.Payload | |||
| rawPayloads map[string][]api.Payload | |||
| recentAPIKey string | |||
There was a problem hiding this comment.
If I understand correctly you are only interested by the latest api key. Do we really need to store the API in the payload then?
I think that to achieve our goal we need either the APIKey in all the payload and we retrieve the API key for the latest received payload. Or we store the latest api key in the store struct directly. But I do not think we need to store twice the same information
There was a problem hiding this comment.
Yes, the current E2E test that I have a PR up for uses only the last api key. However we plan to support additional use cases that will require having more features. For example, some products have to support sending multiple payload types and each could have a different api key. Rotating them individually needs to be validated in the FakeIntake, so having support for retrieving all payloads and their associated keys is meant to support that use case.
There was a problem hiding this comment.
Was about to propose parsing the payload to check the API key attached to the latest payload. But since they are stored in different list depending on the route it would not be convenient.
That's fine to me then!
There was a problem hiding this comment.
Yes, that's exactly right. The recentAPIKey is mostly for convenience, but the alternative is much harder to do (as well as less performant).
| @@ -19,7 +20,8 @@ import ( | |||
| type inMemoryStore struct { | |||
| mutex sync.RWMutex | |||
|
|
|||
| rawPayloads map[string][]api.Payload | |||
| rawPayloads map[string][]api.Payload | |||
| recentAPIKey string | |||
There was a problem hiding this comment.
Was about to propose parsing the payload to check the API key attached to the latest payload. But since they are stored in different list depending on the route it would not be convenient.
That's fine to me then!
| @@ -37,12 +39,31 @@ func newInMemoryStore() *inMemoryStore { | |||
| } | |||
| } | |||
|
|
|||
| func (s *inMemoryStore) SetRecentAPIKey(key string) { | |||
There was a problem hiding this comment.
NIT: Can we use SetLastAPIKey instead so we have the same naming everywhere
There was a problem hiding this comment.
Sure thing, I'll make that change before merging.
|
/merge |
|
View all feedbacks in Devflow UI.
This merge request is not mergeable yet, because of pending checks/missing approvals. It will be added to the queue as soon as checks pass and/or get approvals.
The median merge time in
|
What does this PR do?
Stores APIKeys in the FakeIntake. Clients can use
client.GetLastAPIKeyto retrieve the most recently seen apiKey. Retrieving payloads using/fakeintake/payloads?endpoint=[endpoint]will also include the apiKey for each payload.Motivation
Test that apiKeys can be refreshed and that the fakeIntake will observe the change.
Describe how you validated your changes
An upcoming PR will include an e2e test that uses this functionality.
To manually test, run the fakeintake in one terminal:
Then run the agent, with the
DD_API_KEYenv var defined to have a valid api key:Then curl the fakeintake's debug endpoint to see the api key in use:
Possible Drawbacks / Trade-offs
Additional Notes