datadog_lambda/constants.py

@@ -51,6 +51,3 @@ class Headers(object):
     # invocation and the main function invocation are IDENTICAL. Therefore we can use it to tell
     # whether current invocation is the actual original authorizing request or a cached request.
     Authorizing_Request_Id = "x-datadog-authorizing-requestid"
-
-    #  injected by the HTTPPropagator.inject but no use
-    TAGS_HEADER_TO_DELETE = "x-datadog-tags"

datadog_lambda/tracing.py

@@ -191,9 +191,9 @@ def extract_context_from_http_event_or_context(
                 # fail fast on any KeyError here
                 trace_id = injected_authorizer_data[TraceHeader.TRACE_ID]
                 parent_id = injected_authorizer_data[TraceHeader.PARENT_ID]
-                sampling_priority = injected_authorizer_data[
+                sampling_priority = injected_authorizer_data.get(
                     TraceHeader.SAMPLING_PRIORITY
-                ]
+                )
                 return trace_id, parent_id, sampling_priority
             except Exception as e:
                 logger.debug(
@@ -345,6 +345,20 @@ def extract_context_custom_extractor(extractor, event, lambda_context):
         return None, None, None
 
 
+def is_authorizer_response(response) -> bool:
+    try:
+        return (
+            response is not None
+            and response["principalId"]
+            and response["policyDocument"]
+        )
+    except KeyError:
+        pass
+    except Exception as e:
+        logger.debug("unknown error while checking is_authorizer_response %s", e)
+    return False
+
+
 def get_injected_authorizer_data(event, is_http_api) -> dict:
     try:
         authorizer_headers = event.get("requestContext", {}).get("authorizer")

datadog_lambda/wrapper.py

@@ -10,14 +10,14 @@
 from importlib import import_module
 import json
 from time import time_ns
-from ddtrace.propagation.http import HTTPPropagator
 
 from datadog_lambda.extension import should_use_extension, flush_extension
 from datadog_lambda.cold_start import set_cold_start, is_cold_start
 from datadog_lambda.constants import (
     TraceContextSource,
     XraySubsegment,
     Headers,
+    TraceHeader,
 )
 from datadog_lambda.metric import (
     flush_stats,
@@ -37,6 +37,7 @@
     create_function_execution_span,
     create_inferred_span,
     InferredSpanInfo,
+    is_authorizer_response,
 )
 from datadog_lambda.trigger import (
     extract_trigger_tags,
@@ -185,9 +186,14 @@ def _inject_authorizer_span_headers(self, request_id):
         )
         injected_headers = {}
         source_span = self.inferred_span if self.inferred_span else self.span
-        HTTPPropagator.inject(source_span.context, injected_headers)
-        # remove unused header
-        injected_headers.pop(Headers.TAGS_HEADER_TO_DELETE, None)
+        span_context = source_span.context
+        injected_headers[TraceHeader.TRACE_ID] = str(span_context.trace_id)
+        injected_headers[TraceHeader.PARENT_ID] = str(span_context.span_id)
+        sampling_priority = span_context.sampling_priority
+        if sampling_priority is not None:
+            injected_headers[TraceHeader.SAMPLING_PRIORITY] = str(
+                span_context.sampling_priority
+            )
         injected_headers[Headers.Parent_Span_Finish_Time] = finish_time_ns
         if request_id is not None:
             injected_headers[Headers.Authorizing_Request_Id] = request_id
@@ -275,12 +281,7 @@ def _after(self, event, context):
             if should_use_extension:
                 flush_extension()
 
-            if (
-                self.encode_authorizer_context
-                and self.response
-                and self.response.get("principalId")
-                and self.response.get("policyDocument")
-            ):
+            if self.encode_authorizer_context and is_authorizer_response(self.response):
                 self._inject_authorizer_span_headers(
                     event.get("requestContext", {}).get("requestId")
                 )

pyproject.toml

@@ -1,6 +1,6 @@
 [tool.poetry]
 name = "datadog_lambda"
-version = "4.64.0"
+version = "4.67.0"
 description = "The Datadog AWS Lambda Library"
 authors = ["Datadog, Inc. <dev@datadoghq.com>"]
 license = "Apache-2.0"
@@ -23,7 +23,7 @@ classifiers = [
 
 [tool.poetry.dependencies]
 python = ">=3.7.0,<4"
-datadog = "^0.41"
+datadog = ">=0.41.0,<1.0.0"
 wrapt = "^1.11.2"
 ddtrace = "^1.6.4"
 importlib_metadata = {version = "^1.0", python = "<3.8"}

scripts/run_integration_tests.sh

@@ -216,6 +216,7 @@ for handler_name in "${LAMBDA_HANDLERS[@]}"; do
                 sed -E "s/(\"duration\"\: )[0-9\.\-]+/\1\"XXXX\"/g" |
                 sed -E "s/(\"start\"\: )[0-9\.\-]+/\1\"XXXX\"/g" |
                 sed -E "s/(\"system\.pid\"\: )[0-9\.\-]+/\1\"XXXX\"/g" |
+                sed -E "s/(\"process_id\"\: )[0-9\.\-]+/\1XXXX/g" |
                 sed -E "s/(\"runtime-id\"\: \")[a-z0-9\.\-]+/\1XXXX/g" |
                 sed -E "s/([a-zA-Z0-9]+)(\.execute-api\.[a-z0-9\-]+\.amazonaws\.com)/XXXX\2/g" |
                 sed -E "s/(\"apiid\"\: \")[a-z0-9\.\-]+/\1XXXX/g" |
@@ -231,6 +232,7 @@ for handler_name in "${LAMBDA_HANDLERS[@]}"; do
                 sed -E "s/(\"partition_key\"\:\ \")[a-zA-Z0-9\-]+/\1XXXX/g" |
                 sed -E "s/(\"object_etag\"\:\ \")[a-zA-Z0-9\-]+/\1XXXX/g" |
                 sed -E "s/(\"dd_trace\"\: \")([0-9]+\.[0-9]+\.[0-9])/\1X.X.X/g" |
+                sed -E "s/(traceparent\:)([A-Za-z0-9\-]+)/\1XXX/g" |
                 # Parse out account ID in ARN
                 sed -E "s/([a-zA-Z0-9]+):([a-zA-Z0-9]+):([a-zA-Z0-9]+):([a-zA-Z0-9\-]+):([a-zA-Z0-9\-\:]+)/\1:\2:\3:\4:XXXX:\4/g" |
                 sed -E "/init complete at epoch/d" |
@@ -241,17 +243,19 @@ for handler_name in "${LAMBDA_HANDLERS[@]}"; do
             # If no snapshot file exists yet, we create one
             echo "Writing logs to $function_snapshot_path because no snapshot exists yet"
             echo "$logs" >$function_snapshot_path
-        elif [ -n "$UPDATE_SNAPSHOTS" ]; then
-            # If $UPDATE_SNAPSHOTS is set to true write the new logs over the current snapshot
-            echo "Overwriting log snapshot for $function_snapshot_path"
-            echo "$logs" >$function_snapshot_path
         else
             # Compare new logs to snapshots
-            diff_output=$(echo "$logs" | diff - $function_snapshot_path)
+            diff_output=$(echo "$logs" | sort | diff -w - <(sort $function_snapshot_path))
             if [ $? -eq 1 ]; then
-                echo "Failed: Mismatch found between new $function_name logs (first) and snapshot (second):"
-                echo "$diff_output"
-                mismatch_found=true
+                if [ -n "$UPDATE_SNAPSHOTS" ]; then
+                    # If $UPDATE_SNAPSHOTS is set to true write the new logs over the current snapshot
+                    echo "Overwriting log snapshot for $function_snapshot_path"
+                    echo "$logs" >$function_snapshot_path
+                else
+                    echo "Failed: Mismatch found between new $function_name logs (first) and snapshot (second):"
+                    echo "$diff_output"
+                    mismatch_found=true
+                fi
             else
                 echo "Ok: New logs for $function_name match snapshot"
             fi