feat(trace): Trigger API Key refresh on 403#45674
feat(trace): Trigger API Key refresh on 403#45674gh-worker-dd-mergequeue-cf854d[bot] merged 8 commits intomainfrom
Conversation
The agent now supports API Key rotation. Instead of dropping payloads when a 403 is received from the backend, we will instead trigger an API Key (secrets) refresh, and mark the payload as retriable.
github-actions
bot
added
team/agent-apm
ichinaski
added
qa/done
Static quality checks✅ Please find below the results from static quality gates Successful checksInfo
15 successful checks with minimal change (< 2 KiB)
On-wire sizes (compressed)
|
| @@ -419,7 +431,8 @@ func (s *sender) do(req *http.Request) error { | |||
|
|
|||
| // isRetriable reports whether the give HTTP status code should be retried. | |||
| func isRetriable(code int) bool { | |||
| if code == http.StatusRequestTimeout || code == http.StatusTooManyRequests { | |||
| // TODO: Double check what response codes are expected from the backend when API Key is invalid | |||
| if code == http.StatusRequestTimeout || code == http.StatusTooManyRequests || code == http.StatusForbidden { | |||
There was a problem hiding this comment.
One concern I have here is what do we do when the Forbidden status code is legit / the API key has been rotated and the customer is not using RC / api key refresh? I suppose it's probably not a big deal since if the API key is bad then we're going to drop things anyways, but it does mean we'll retry requests more than we probably should? I'm wondering if there's a way we can gate these retries so that they only retry when we know we can try to get a new api key (And then only retry after we have a new api key?).
There was a problem hiding this comment.
This is a good question. I initially approached the issue from that angle, but quickly saw that keeping track of invalid keys and blocking the sender had it's own tradeoffs: more complex api key changes propagation, refactor goroutines to avoid race conditions when reading/writing the key... and the sender will still be unable to send other payloads if the api key is invalid. This concern you raise is also the reason I'm not 100% fond of the proposed solution 🤔
Regression DetectorRegression Detector ResultsMetrics dashboard Baseline: bc99348 Optimization Goals: ✅ No significant changes detected
|
| perf | experiment | goal | Δ mean % | Δ mean % CI | trials | links |
|---|---|---|---|---|---|---|
| ➖ | docker_containers_cpu | % cpu utilization | -2.22 | [-5.30, +0.86] | 1 | Logs |
Fine details of change detection per experiment
| perf | experiment | goal | Δ mean % | Δ mean % CI | trials | links |
|---|---|---|---|---|---|---|
| ➖ | otlp_ingest_logs | memory utilization | +0.60 | [+0.50, +0.70] | 1 | Logs |
| ➖ | tcp_syslog_to_blackhole | ingress throughput | +0.53 | [+0.43, +0.62] | 1 | Logs |
| ➖ | quality_gate_idle | memory utilization | +0.51 | [+0.46, +0.55] | 1 | Logs bounds checks dashboard |
| ➖ | quality_gate_idle_all_features | memory utilization | +0.42 | [+0.38, +0.46] | 1 | Logs bounds checks dashboard |
| ➖ | docker_containers_memory | memory utilization | +0.21 | [+0.13, +0.29] | 1 | Logs |
| ➖ | file_tree | memory utilization | +0.14 | [+0.09, +0.19] | 1 | Logs |
| ➖ | ddot_logs | memory utilization | +0.12 | [+0.06, +0.17] | 1 | Logs |
| ➖ | tcp_dd_logs_filter_exclude | ingress throughput | +0.01 | [-0.09, +0.10] | 1 | Logs |
| ➖ | file_to_blackhole_100ms_latency | egress throughput | -0.00 | [-0.05, +0.05] | 1 | Logs |
| ➖ | uds_dogstatsd_to_api_v3 | ingress throughput | -0.01 | [-0.13, +0.11] | 1 | Logs |
| ➖ | uds_dogstatsd_to_api | ingress throughput | -0.01 | [-0.14, +0.11] | 1 | Logs |
| ➖ | file_to_blackhole_0ms_latency | egress throughput | -0.05 | [-0.52, +0.43] | 1 | Logs |
| ➖ | file_to_blackhole_500ms_latency | egress throughput | -0.05 | [-0.43, +0.33] | 1 | Logs |
| ➖ | file_to_blackhole_1000ms_latency | egress throughput | -0.07 | [-0.49, +0.36] | 1 | Logs |
| ➖ | otlp_ingest_metrics | memory utilization | -0.09 | [-0.24, +0.06] | 1 | Logs |
| ➖ | ddot_metrics_sum_delta | memory utilization | -0.10 | [-0.31, +0.11] | 1 | Logs |
| ➖ | uds_dogstatsd_20mb_12k_contexts_20_senders | memory utilization | -0.24 | [-0.29, -0.19] | 1 | Logs |
| ➖ | ddot_metrics_sum_cumulativetodelta_exporter | memory utilization | -0.31 | [-0.55, -0.08] | 1 | Logs |
| ➖ | quality_gate_metrics_logs | memory utilization | -0.38 | [-0.59, -0.17] | 1 | Logs bounds checks dashboard |
| ➖ | ddot_metrics | memory utilization | -0.63 | [-0.85, -0.42] | 1 | Logs |
| ➖ | ddot_metrics_sum_cumulative | memory utilization | -0.64 | [-0.81, -0.48] | 1 | Logs |
| ➖ | quality_gate_logs | % cpu utilization | -1.51 | [-2.99, -0.02] | 1 | Logs bounds checks dashboard |
| ➖ | docker_containers_cpu | % cpu utilization | -2.22 | [-5.30, +0.86] | 1 | Logs |
Bounds Checks: ✅ Passed
| perf | experiment | bounds_check_name | replicates_passed | links |
|---|---|---|---|---|
| ✅ | docker_containers_cpu | simple_check_run | 10/10 | |
| ✅ | docker_containers_memory | memory_usage | 10/10 | |
| ✅ | docker_containers_memory | simple_check_run | 10/10 | |
| ✅ | file_to_blackhole_0ms_latency | lost_bytes | 10/10 | |
| ✅ | file_to_blackhole_0ms_latency | memory_usage | 10/10 | |
| ✅ | file_to_blackhole_1000ms_latency | lost_bytes | 10/10 | |
| ✅ | file_to_blackhole_1000ms_latency | memory_usage | 10/10 | |
| ✅ | file_to_blackhole_100ms_latency | lost_bytes | 10/10 | |
| ✅ | file_to_blackhole_100ms_latency | memory_usage | 10/10 | |
| ✅ | file_to_blackhole_500ms_latency | lost_bytes | 10/10 | |
| ✅ | file_to_blackhole_500ms_latency | memory_usage | 10/10 | |
| ✅ | quality_gate_idle | intake_connections | 10/10 | bounds checks dashboard |
| ✅ | quality_gate_idle | memory_usage | 10/10 | bounds checks dashboard |
| ✅ | quality_gate_idle_all_features | intake_connections | 10/10 | bounds checks dashboard |
| ✅ | quality_gate_idle_all_features | memory_usage | 10/10 | bounds checks dashboard |
| ✅ | quality_gate_logs | intake_connections | 10/10 | bounds checks dashboard |
| ✅ | quality_gate_logs | lost_bytes | 10/10 | bounds checks dashboard |
| ✅ | quality_gate_logs | memory_usage | 10/10 | bounds checks dashboard |
| ✅ | quality_gate_metrics_logs | cpu_usage | 10/10 | bounds checks dashboard |
| ✅ | quality_gate_metrics_logs | intake_connections | 10/10 | bounds checks dashboard |
| ✅ | quality_gate_metrics_logs | lost_bytes | 10/10 | bounds checks dashboard |
| ✅ | quality_gate_metrics_logs | memory_usage | 10/10 | bounds checks dashboard |
Explanation
Confidence level: 90.00%
Effect size tolerance: |Δ mean %| ≥ 5.00%
Performance changes are noted in the perf column of each table:
- ✅ = significantly better comparison variant performance
- ❌ = significantly worse comparison variant performance
- ➖ = no significant change in performance
A regression test is an A/B test of target performance in a repeatable rig, where "performance" is measured as "comparison variant minus baseline variant" for an optimization goal (e.g., ingress throughput). Due to intrinsic variability in measuring that goal, we can only estimate its mean value for each experiment; we report uncertainty in that value as a 90.00% confidence interval denoted "Δ mean % CI".
For each experiment, we decide whether a change in performance is a "regression" -- a change worth investigating further -- if all of the following criteria are true:
-
Its estimated |Δ mean %| ≥ 5.00%, indicating the change is big enough to merit a closer look.
-
Its 90.00% confidence interval "Δ mean % CI" does not contain zero, indicating that if our statistical model is accurate, there is at least a 90.00% chance there is a difference in performance between baseline and comparison variants.
-
Its configuration does not mark it "erratic".
CI Pass/Fail Decision
✅ Passed. All Quality Gates passed.
- quality_gate_idle_all_features, bounds check memory_usage: 10/10 replicas passed. Gate passed.
- quality_gate_idle_all_features, bounds check intake_connections: 10/10 replicas passed. Gate passed.
- quality_gate_logs, bounds check lost_bytes: 10/10 replicas passed. Gate passed.
- quality_gate_logs, bounds check memory_usage: 10/10 replicas passed. Gate passed.
- quality_gate_logs, bounds check intake_connections: 10/10 replicas passed. Gate passed.
- quality_gate_idle, bounds check intake_connections: 10/10 replicas passed. Gate passed.
- quality_gate_idle, bounds check memory_usage: 10/10 replicas passed. Gate passed.
- quality_gate_metrics_logs, bounds check lost_bytes: 10/10 replicas passed. Gate passed.
- quality_gate_metrics_logs, bounds check cpu_usage: 10/10 replicas passed. Gate passed.
- quality_gate_metrics_logs, bounds check intake_connections: 10/10 replicas passed. Gate passed.
- quality_gate_metrics_logs, bounds check memory_usage: 10/10 replicas passed. Gate passed.
Make API Key access safe for concurrent use. API Key can be read from worker goroutines, and updated from a different one.
Instead of relying on the secrets component throttling, we will issue a single refresh request when a 403 is received, and throttle these calls within the Trace Agent writer.
|
/merge |
|
View all feedbacks in Devflow UI.
The expected merge time in
|
gh-worker-dd-mergequeue-cf854d
bot
deleted the
ichinaski/api-key-refresh-retry-payloads
branch
3 participants
What does this PR do?
The agent now supports API Key rotation. Instead of dropping payloads when a 403 is received from the backend, we will instead trigger an API Key (secrets) refresh, and mark the payload as retriable.
This PR also refactors the API Key management within
pkg/trace/writer/sender.go, making reads and writes safe for concurrent use.Motivation
See above
Describe how you validated your changes
Added unit tests
Additional Notes