DataDog/dd-trace-py v2.2.0

2.2.0

on GitHub

New Features

• CI Visibility: adds ITR support for unittest

• CI Visibility: adds start/end line support for pytest test spans

• CI Visibility: adds start/end line source file data to unittest test spans

• aiohttp: This introduces basic tracing of streaming responses that stay open long after the on_prepare signal has been sent.

• CI Visibility: introduce pytest hooks for modifying the module, suite, and test naming logic

• CI Visibility: add support for AWS Codepipeline to CI env var gathering

• datastreams: this change adds message payload size metrics and aggregations for Kafka.

• structlog: Wraps get_logger function in order to add datadog injection processor regardless of configuration

• openai: This adds support for openai v1.

• Source Code: filters Git repo URLs from env vars and setuptools

• logbook: This introduces log correlation for the logbook library. Refer to logbook-docs <ddtrace.contrib.logbook> for more details.

• loguru: This introduces log correlation for the loguru library. Refer to loguru-docs <ddtrace.contrib.loguru> for more details.

• openai: This adds support for tagging function call arguments when using OpenAI's function calling feature.

• Adds ARM64 support for Single-Step instrumentation

• structlog: This introduces log correlation for the structlog library. Refer to structlog-docs <ddtrace.contrib.structlog> for more details.

• celery: Adds Python 3.11 and 3.12 support for the celery integration.

• CI Visibility: adds full test suite level visibility for unittest

• ASM: Add support for automatic user login events in Flask when using flask_login.

• tracer: This introduces collection of inferred service names. The agent version v7.46.0 contains a new field "extra_services" in the remote config client, that allows clients to list any additional services that are used within tracer spans. Knowing all service names used by a tracer instance help the UI give better feedback to the user.

• tracer: Adds support for DD_TRACE_METHODS. This feature enables the
  specification of custom methods to be instrumented by the tracer when using ddtrace-run. See the configuration documentation for more information: https://ddtrace.readthedocs.io/en/v2.1.0/configuration.html.

• openai: This introduces official tracing support for Azure OpenAI services, specifically for completions, chat completions, and embeddings using models deployed on Azure OpenAI endpoints.

• elasticsearch: This introduces tracing for Elasticsearch 8 and the async Elasticsearch client.

• Vulnerability Management for Code-level (IAST): Server-Side Request Forgery (SSRF) vulnerability detection, which will be displayed on your DataDog Vulnerability Explorer dashboard. See the Application Vulnerability Management documentation for more information about this feature.

• Vulnerability Management for Code-level (IAST): Weak randomness vulnerability detection.

• pymemcache: add DD_TRACE_MEMCACHED_COMMAND_ENABLED environment variable for configuring the collection of memcached commands. This feature is disabled by default.

• wsgi: This change introduces the keyword argument app_is_iterator to the DDWSGIMiddleware constructor. It's provided as a workaround for an issue where the Datadog WSGI middleware would fail to handle WSGI apps that are not their own iterators. This condition can arise when a Django app attempts to send its "request finished" signal, in which case it may cause connection leaks. Standard methods of distinguishing an iterable from its iterator, such as checking for the presence of iter and next dunder methods, don't work in this case for unknown reasons. Instead of adding brittle special-case detection logic to the middleware, this new argument allows users to indicate when this is the case.

Known Issues

• ASM: fix a body read problem on some corner case where passing empty content length makes wsgi.input.read() blocks.

Upgrade Notes

• The wrapt and psutil packages are vendored to help users avoid building these packages if wheels were not available for a given platform. This reverses a change released in v2.0.0.
• pymemcache: The memcached.query span tag will no longer be set by the integration. This command includes keys that can potentially contain sensitive information. If you require this span tag, you can retain the existing functionality by setting DD_TRACE_MEMCACHED_COMMAND_ENABLED=true. This span tag can be redacted using DD_APM_REPLACE_TAGS in your Agent configuration.

Bug Fixes

• Application Security Management (ASM): fix a body read error when Transfer-Encoding: chunked header is sent
• CI Visibility: fixes an issue where class-based test methods with the same name across classes would be considered duplicates, and cause one (or more) tests to be dropped from results, by adding --ddtrace-include-class-name as an optional flag (defaulting to false) to prepend the class name to the test name.
• CI Visibility: fixes a crash where the unittest integration would try to enable coverage when tests are run even if the Intelligent Test Runner is not enabled.
• data_streams: This fix resolves an issue where tracing would crash if a kafka client produced a message with no key or value.
• CI: fixes an issue which prevented the library from filtering user credentials for SSH Git repository URLs
• dynamic instrumentation: fix an issue that caused function probes on the same module to fail to instrument and be reported in the ERROR status in the UI if the module was not yet imported.
• Use a unique default service name across all the products provided by the library when one is not given via the configuration interface.
• sampling: This fix reverts a refactor which affected how the tracer handled the trace-agent's recommended trace sampling rates, leading to an unintended increase in traces sampled.
• tracing: Fixes a msgpack import error when DD_TRACE_API is set to v0.5
• fix(profiling): numeric type exception in memalloc When pushing allocation samples, an exception was being thrown due to a float being passed instead of an integer. We now cast the ceiled value to an integer.
• CI Visibility: fixes unittest data not being initialized properly
• CI Visibility: fixes an issue where just importing unittest enabled CIVisibility and potentially caused unexpected logs and API requests
• Vulnerability Management for Code-level (IAST): This fix addresses AST patching issues where custom functions or methods could be replaced by aspects with differing argument numbers, causing runtime errors as a result. Furthermore, it addresses a case during patching where the module is inadvertently passed as the first argument to the aspect.
• Vulnerability Management for Code-level (IAST): Fix potential string id collisions that could cause false positives with non tainted objects being marked as tainted.
• IAST: This fix resolves an issue where JSON encoder would throw an exception while encoding a tainted dict or list.
• Vulnerability Management for Code-level (IAST): This fix resolves an issue where SimpleJSON encoder would throw an exception while encoding a tainted dict or list.
• ASM: add support for psycopg2 adapt mechanism to LazyTaintList, preventing a ProgrammingError when using psycopg2 with IAST.
• tracing: This fix resolves an issue where unserializable tracer attributes caused crashes when DD_TRACE_DEBUG was set.
• This fix resolves an issue where confluent_kafka's SerializingProducer and DeserializingConsumer classes were incorrectly patched, causing crashes when these classes are in use with Datadog patching.
• langchain: This fix resolves an issue with tagging pydantic SecretStr type api keys.
• lib injection: Fix permissions error raised when non-root users copy single step instrumentation files.
• redis: The Datadog Agent removes command arguments from the resource name. However there are cases, like compressed keys, where this obfuscation cannot correctly remove command arguments. To safeguard that situation, the resource name set by the tracer will only be the command (e.g. SET) with no arguments. To retain the previous behavior and keep arguments in the span resource, with the potential risk of some command arguments not being fully obfuscated, set DD_REDIS_RESOURCE_ONLY_COMMAND=false.
• CI Visibility: fixes distributed tracing when using the CI Visibility integration
• dbm: this fixes an issue with attributing metrics to incorrect services when peer.service is enabled
• This fix resolves an issue where the library failed to install due to dependency conflicts caused by restrictive version specifiers on the psutil and Wrapt libraries.
• tracing: Encoding traces in the v05 format has a known issue for applications generating spans at a high frequency, causing approximately 1/10000000 spans to be misencoded. This change sets DD_TRACE_API_VERSION to v04 by default.
• DSM: fix off-by-one metric issue and error where statistics weren't calculated when the core API was used.
• tracing: Fix an issue with some integrations, such as OpenAI, that caused an exception on start-up when using gevent.
• dynamic instrumentation: fix an issue that caused the probe instrumentation error details from being reported for visualization in the UI.
• IAST: fix executed sink telemetry metric as it is not really linked to vulnerability report.
• CI Visibility: Fixes incorrect Git version extraction
• This fix eliminates some reference leaks and C-API usage in the _iast module.
• kafka: Fixes ValueError raised when Consumer.commit(offsets=...) is called.
• Resolves issues with the import machinery that might have caused the garbage collector to clean up weak references in an unexpected order.
• openai: This fix resolves an issue where chat completion requests with function calls led to failing to tag null message content fields in the chat completion response.
• profiling: Fixed an issue with data encoding where non-string objects might be interned on Python 3.11
• profiling: Load the protobuf module only if needed to avoid interfering with the module state for applications that also make use of it. The protobuf module is used in file and classic Python HTTP export. It is not needed for the libdatadog-based exporter.
• Fix an issue that could have caused some tracing integrations to create invalid references to objects in Python frames, ultimately causing profiling tools to potentially induce a segmentation fault.
• Fix an issue that could have caused some tracing integrations to leave the interpreter in an inconsistent state, resulting in the profiler incurring a segmentation fault.
• remote config: Add git metadata to configuration requests to ensure Source Code Integration (SCI) works as expected with services that require it.
• redis: Resolves UnboundLocalError raised when a traced redis command raises an exception.
• tracing: Increases the maximum payload size and buffer size from 8MB to 20MB. Also decreases the maximum number of spans in trace chunks when DD_TRACE_PARTIAL_FLUSH_ENABLED=True. This ensures large traces are correctly encoded and submitted. This should decrease the occurrence of "failed to send traces" error logs.
• graphql: Resolves AttributeError raised while parsing graphql Documents where AST Location is None.
• ASM: This fix resolves an issue where an f-string expression would not be formatted properly causing a segfault if IAST is enabled.
• langchain: This fix resolves an import error with patching langchain versions newer than 0.0.300 due to langchain dropping support for wrapping or importing directly from root.
• lib-injection: changes the log output to opt-in. Logging to stderr could interfere with applications. Logs can still be sent to stderr using DD_TRACE_DEBUG=1.
• lib-injection: Update package files to not be world-writable.
• Fix span_id conversion and potential invalid references in profiling exporter.
• This fix resolves an issue where type-checking would fail on valid application code due to a type hint on Span.set_tags that was too restrictive.
• dsm: This fix resolves an issue where including exit signal handling for message queues caused imports of ddtrace in a thread to fail.

Other Changes

• tags: Previously DD_TRACE_X_DATADOG_TAGS_MAX_LENGTH had a max limit setting of 512 characters. This change removes that limit but keeps the default at 512.

• remote config: change log levels of messages about agent down or request config to debug level.