Skip to content

Special weblogs infra for go proxies#6464

Open
e-n-0 wants to merge 6 commits into
mainfrom
flavien.darche/special-weblogs-proxies
Open

Special weblogs infra for go proxies#6464
e-n-0 wants to merge 6 commits into
mainfrom
flavien.darche/special-weblogs-proxies

Conversation

@e-n-0

@e-n-0 e-n-0 commented Mar 10, 2026

Copy link
Copy Markdown
Member

Motivation

The Envoy and HAProxy proxy weblogs (Go security processor, via External Processing / Stream Processing Offload) previously required their own dedicated end-to-end scenarios (GO_PROXIES_DEFAULT, GO_PROXIES_APPSEC_BLOCKING). That duplicated scenario wiring, kept proxy test activation locked inside scenario-specific decorators, and made it impossible to exercise the proxies against the same scenarios already used for every other weblog.

This PR turns the proxies into first-class end-to-end weblogs so they run under the standard scenarios (e.g. APPSEC_BLOCKING, APPSEC_BLOCKING_FULL_DENYLIST) instead of bespoke ones, with test activation driven by manifests like every other weblog.

Changes

Weblog infrastructure refactorutils/_context/weblog_infrastructure.py (single module) → utils/_context/weblog_infrastructure/ package:

  • base.py — abstract WeblogInfra / EndToEndInfra interfaces + shared container type aliases
  • library_end_to_end.pyLibraryEndToEndInfra for standard tracer weblogs
  • go_proxies.pyGoProxiesEndToEndInfra for Envoy/HAProxy proxies + the PROXY_WEBLOGS registry
  • selector.pyEndToEndWeblogInfra picks the library vs proxy infra from the weblog variant (incl. replay-mode discovery)

Scenario model

  • Removed the dedicated GoProxiesScenario, the GO_PROXIES_DEFAULT / GO_PROXIES_APPSEC_BLOCKING scenarios, and the go_proxies scenario group.
  • Proxies now run under standard scenarios; utils/scripts/ci_orchestrators/workflow_data.py gates them via PROXY_WEBLOGS + PROXY_SUPPORTED_SCENARIOS.

Test activation — moved proxy-specific deactivations out of @scenarios.go_proxies_* decorators and into manifests/envoy.yml / manifests/haproxy.yml (manifest-first, per repo conventions).

Framework

  • EndToEndScenario.weblog_container now resolves to the library container (proxies have distinct HTTP vs library containers); added get_image_list aggregation.
  • ExternalProcessingContainer / StreamProcessingOffloadContainer gained trace_agent_port + warmup_request so they fit the standard e2e lifecycle.
  • DefaultScenario no longer sets DD_IAST_SECURITY_CONTROLS_CONFIGURATION when the mapped value is the TODO placeholder (also fixes previously setting the literal TODO for unsupported libraries).

Misc — removed the obsolete tests/external_processing/ suite and the Go proxies docs section; the CI workflow now passes --weblog ${{ inputs.weblog }} to every scenario run and drops the GO_PROXIES steps.

ℹ️ Rebased onto main (branch was 491 commits behind). Conflicts were resolved in the CI workflow and the envoy/haproxy manifests (union of main's newer entries + this PR's proxy activations). Two stale references that main had independently added to the now-removed go_proxies scenario/group were cleaned up (test_standard_tags.py decorator and libraries_and_scenarios_rules.yml).

Workflow

  1. ⚠️ Create your PR as draft ⚠️
  2. Work on you PR until the CI passes
  3. Mark it as ready for review
    • Test logic is modified? -> Get a review from RFC owner.
    • Framework is modified, or non obvious usage of it -> get a review from R&P team

🚀 Once your PR is reviewed and the CI green, you can merge it!

🛟 #apm-shared-testing 🛟

Reviewer checklist

  • Anything but tests/ or manifests/ is modified ? I have the approval from R&P teamframework + scenarios are modified, R&P review required
  • A docker base image is modified?
    • the relevant build-XXX-image label is present
  • A scenario is added, removed or renamed?
    • Get a review from R&P teamGO_PROXIES_DEFAULT / GO_PROXIES_APPSEC_BLOCKING removed

@github-actions

github-actions Bot commented Mar 10, 2026

Copy link
Copy Markdown
Contributor

CODEOWNERS have been resolved as:

utils/_context/weblog_infrastructure/__init__.py                        @DataDog/system-tests-core
utils/_context/weblog_infrastructure/base.py                            @DataDog/system-tests-core
utils/_context/weblog_infrastructure/go_proxies.py                      @DataDog/system-tests-core
utils/_context/weblog_infrastructure/library_end_to_end.py              @DataDog/system-tests-core
utils/_context/weblog_infrastructure/selector.py                        @DataDog/system-tests-core
.github/CODEOWNERS                                                      @DataDog/system-tests-core
.github/workflows/run-end-to-end.yml                                    @DataDog/system-tests-core
docs/README.md                                                          @DataDog/system-tests-core
docs/understand/scenarios/README.md                                     @DataDog/system-tests-core
manifests/envoy.yml                                                     @DataDog/system-tests-core
manifests/haproxy.yml                                                   @DataDog/system-tests-core
tests/appsec/test_alpha.py                                              @DataDog/asm-libraries @DataDog/system-tests-core
tests/appsec/test_blocking_addresses.py                                 @DataDog/asm-libraries @DataDog/system-tests-core
tests/appsec/test_ip_blocking_full_denylist.py                          @DataDog/asm-libraries @DataDog/system-tests-core
tests/appsec/test_reports.py                                            @DataDog/asm-libraries @DataDog/system-tests-core
tests/appsec/test_request_blocking.py                                   @DataDog/asm-libraries @DataDog/system-tests-core
tests/appsec/test_traces.py                                             @DataDog/asm-libraries @DataDog/system-tests-core
tests/appsec/test_versions.py                                           @DataDog/asm-libraries @DataDog/system-tests-core
tests/schemas/test_schemas.py                                           @DataDog/system-tests-core
tests/test_config_consistency.py                                        @DataDog/system-tests-core
tests/test_scrubbing.py                                                 @DataDog/system-tests-core
tests/test_semantic_conventions.py                                      @DataDog/system-tests-core
tests/test_standard_tags.py                                             @DataDog/system-tests-core
tests/test_the_test/scenarios.json                                      @DataDog/system-tests-core
tests/test_the_test/test_group_rules.py                                 @DataDog/system-tests-core
utils/_context/_scenarios/__init__.py                                   @DataDog/system-tests-core
utils/_context/_scenarios/core.py                                       @DataDog/system-tests-core
utils/_context/_scenarios/default.py                                    @DataDog/system-tests-core
utils/_context/_scenarios/endtoend.py                                   @DataDog/system-tests-core
utils/_context/containers.py                                            @DataDog/system-tests-core
utils/scripts/ci_orchestrators/workflow_data.py                         @DataDog/system-tests-core
utils/scripts/libraries_and_scenarios_rules.yml                         @DataDog/system-tests-core
tests/external_processing/README.md                                     @DataDog/system-tests-core
tests/external_processing/__init__.py                                   @DataDog/system-tests-core
tests/external_processing/test_apm.py                                   @DataDog/system-tests-core
utils/_context/_scenarios/go_proxies.py                                 @DataDog/system-tests-core
utils/_context/weblog_infrastructure.py                                 @DataDog/system-tests-core

@e-n-0 e-n-0 force-pushed the flavien.darche/special-weblogs-proxies branch 2 times, most recently from b57d6eb to 0f1cb39 Compare March 10, 2026 22:47
@datadog-datadog-prod-us1

datadog-datadog-prod-us1 Bot commented Mar 10, 2026

Copy link
Copy Markdown

Pipelines  Tests

Fix all issues with BitsAI

⚠️ Warnings

🚦 1 Pipeline job failed

DataDog/system-tests | Amazon_Linux_2_arm64.SIM: [test-app-php-alpine]   View in Datadog   GitLab

ℹ️ Info

No other issues found (see more)

🧪 All tests passed
❄️ No new flaky tests detected

Useful? React with 👍 / 👎

This comment will be updated automatically if new data arrives.
🔗 Commit SHA: b0b105d | Docs | Datadog PR Page | Give us feedback!

@e-n-0 e-n-0 force-pushed the flavien.darche/special-weblogs-proxies branch from 9ddbc8a to 7848092 Compare March 11, 2026 12:32
@eliottness eliottness force-pushed the flavien.darche/special-weblogs-proxies branch from 7848092 to 66da111 Compare June 19, 2026 12:28
@datadog-system-tests-org

Copy link
Copy Markdown

Pipelines

⚠️ Warnings

🚦 1 Pipeline job failed

Testing the test | System Tests (python, prod) / End-to-end #2 / django-py3.13 2   View in Datadog   GitHub Actions

This comment will be updated automatically if new data arrives.
🔗 Commit SHA: 66da111 | Docs | Give us feedback!

@eliottness eliottness force-pushed the flavien.darche/special-weblogs-proxies branch from 66da111 to b0b105d Compare June 19, 2026 13:44
@eliottness eliottness marked this pull request as ready for review June 19, 2026 14:54
@eliottness eliottness requested review from a team as code owners June 19, 2026 14:54

@chatgpt-codex-connector chatgpt-codex-connector Bot left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

💡 Codex Review

Here are some automated review suggestions for this pull request.

Reviewed commit: b0b105d16d

ℹ️ About Codex in GitHub

Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you

  • Open a pull request for review
  • Mark a draft as ready
  • Comment "@codex review".

If Codex has suggestions, it will comment; otherwise it will react with 👍.

Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".


# TODO: remove and update the envoy/haproxy manifests to fully supports all scenarios
PROXY_SUPPORTED_SCENARIOS = {
# "DEFAULT",

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

P2 Badge Include DEFAULT in proxy CI scenarios

When generating the end-to-end matrix for envoy or haproxy, _is_supported only allows scenarios listed in PROXY_SUPPORTED_SCENARIOS, so leaving DEFAULT commented out drops the coverage that used to run under GO_PROXIES_DEFAULT (for example the tests whose @scenarios.go_proxies_default decorators were moved to @scenarios.default and the new envoy/haproxy manifest entries for default tests). Please include DEFAULT here or keep an equivalent replacement scenario, otherwise the proxy jobs no longer exercise those tests in CI.

Useful? React with 👍 / 👎.

@cbeauchesne

Copy link
Copy Markdown
Collaborator

Hi,

I will take over this subject in #7179

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants