【发布时间】:2023-02-21 06:50:35
【问题描述】:
如果我们在端点处理程序中执行 raise RuntimeError(password),密码将显示在 Datadog 跟踪中。我们如何告诉 Datadog 某些变量应该被编辑?
【问题讨论】:
【发布时间】:2023-02-21 06:50:35
【问题描述】:
首先,我们需要一个可以在端点处理程序中调用的函数,该函数接受一个字符串并将其添加到字符串列表中以针对该跟踪进行编辑:
import json
from ddtrace import tracer
def set_redacted_str(s: str):
root_span = tracer.current_root_span()
assert root_span is not None
tag_value = root_span.get_tag("redact")
if tag_value is None:
new_list = []
else:
new_list = json.loads(tag_value)
new_list.append(s)
root_span.set_tag_str("redact", json.dumps(new_list))
现在我们可以做
def endpoint_handler(password, ...):
set_redacted_str(password)
...
剩下的就是实际进行编辑。我们可以使用自定义的trace filter来做到这一点:
from ddtrace import Span
from ddtrace.filters import TraceFilter
class RedactionFilter(TraceFilter):
def process_trace(self, trace: list[Span]) -> list[Span]:
bad_strs = []
for span in trace:
if span.parent_id is None:
tag = span.get_tag("redact")
if tag is not None:
bad_strs = json.loads(tag)
break
for span in trace:
for k, v in list(span.get_tags().items()):
new_v = v
for bs in bad_strs:
new_v = new_v.replace(bs, "REDACTED")
span.set_tag_str(k, new_v)
return trace
【讨论】: