chore(asm): small apisec refactor (#9535)

move api security logic to asm config ## Checklist - [x] Change(s) are motivated and described in the PR description - [x] Testing strategy is described if automated tests are not included in the PR - [x] Risks are described (performance impact, potential for breakage, maintainability) - [x] Change is maintainable (easy to change, telemetry, documentation) - [x] [Library release note guidelines](https://ddtrace.readthedocs.io/en/stable/releasenotes.html) are followed or label `changelog/no-changelog` is set - [x] Documentation is included (in-code, generated user docs, [public corp docs](https://github.com/DataDog/documentation/)) - [x] Backport labels are set (if [applicable](https://ddtrace.readthedocs.io/en/latest/contributing.html#backporting)) - [x] If this PR changes the public interface, I've notified `@DataDog/apm-tees`. ## Reviewer Checklist - [ ] Title is accurate - [ ] All changes are related to the pull request's stated goal - [ ] Description motivates each change - [ ] Avoids breaking [API](https://ddtrace.readthedocs.io/en/stable/versioning.html#interfaces) changes - [ ] Testing strategy adequately addresses listed risks - [ ] Change is maintainable (easy to change, telemetry, documentation) - [ ] Release note makes sense to a user of the library - [ ] Author has acknowledged and discussed the performance implications of this PR as reported in the benchmarks PR comment - [ ] Backport labels are set in a manner that is consistent with the [release branch maintenance policy](https://ddtrace.readthedocs.io/en/latest/contributing.html#backporting)
DataDog · Jun 13, 2024 · c7931a7 · c7931a7
1 parent 9967778
commit c7931a7
Show file tree

Hide file tree

Showing 4 changed files with 6 additions and 10 deletions.
diff --git a/ddtrace/appsec/_api_security/api_manager.py b/ddtrace/appsec/_api_security/api_manager.py
@@ -113,9 +113,7 @@ def _should_collect_schema(self, env, priority: int) -> bool:
         return True
 
     def _schema_callback(self, env):
-        from ddtrace.appsec._utils import _appsec_apisec_features_is_active
-
-        if env.span is None or not _appsec_apisec_features_is_active():
+        if env.span is None or not asm_config._api_security_feature_active:
             return
         root = env.span._local_root or env.span
         if not root or any(meta_name in root._meta for _, meta_name, _ in self.COLLECTED):

diff --git a/ddtrace/appsec/_asm_request_context.py b/ddtrace/appsec/_asm_request_context.py
@@ -542,9 +542,7 @@ def _set_headers_and_response(response, headers, *_):
     if not asm_config._asm_enabled:
         return
 
-    from ddtrace.appsec._utils import _appsec_apisec_features_is_active
-
-    if _appsec_apisec_features_is_active():
+    if asm_config._api_security_feature_active:
         if headers:
             # start_response was not called yet, set the HTTP response headers earlier
             if isinstance(headers, dict):

diff --git a/ddtrace/appsec/_utils.py b/ddtrace/appsec/_utils.py
@@ -63,10 +63,6 @@ def access_body(bd):
         return req_body
 
 
-def _appsec_apisec_features_is_active() -> bool:
-    return asm_config._asm_libddwaf_available and asm_config._asm_enabled and asm_config._api_security_enabled
-
-
 def _safe_userid(user_id):
     try:
         _ = int(user_id)

diff --git a/ddtrace/settings/asm.py b/ddtrace/settings/asm.py
@@ -152,6 +152,10 @@ def reset(self):
         """For testing puposes, reset the configuration to its default values given current environment variables."""
         self.__init__()
 
+    @property
+    def _api_security_feature_active(self) -> bool:
+        return self._asm_libddwaf_available and self._asm_enabled and self._api_security_enabled
+
 
 config = ASMConfig()