ECI-393 Add Networking and Policy Sub-Modules #20
Conversation
sva91
changed the title
| First, install the required dependencies listed in the `requirements.txt` file. You can do this using `pip`: | ||
|
|
||
| ```sh | ||
| pip install -r requirements.txt |
There was a problem hiding this comment.
Not sure if this should be done as a part of this PR but IMO it is not clear to customers where they should run this. eg cloud shell? IMO the docs we currently have could use more hand-holding, for example how does one create a boilerplate python function.
There was a problem hiding this comment.
For the purpose of this project, this readme can be considered applicable only for developers who are making changes to the python function. That includes mostly the Datadog team, but if there are external contributors, they can benefit from these steps as well. These steps shouldn't be executed from within customer's OCI environment.
| DD_SOURCE = "oracle_cloud" # Adding a source name. | ||
| DD_SERVICE = "OCI Logs" # Adding a service name. | ||
| DD_TIMEOUT = 10 * 60 # Adding a timeout for the Datadog API call. | ||
| DD_BATCH_SIZE = 1000 # Adding a batch size for the Datadog API call. |
There was a problem hiding this comment.
Is there a max size that can be sent to DD logs endpoint? I see that this batch is 1000 logs but I'm curious if we might need to enforce a size in bytes that are sent via the API?
There was a problem hiding this comment.
I think the max size for the batch size is 1000, as enforced by Datadog. Since, logs are compressed before calling API, I think the byte limit shouldn't be a problem. Here are the limits: https://docs.datadoghq.com/api/latest/logs/#send-logs
There was a problem hiding this comment.
The byte limit of 5Mb is on uncompressed payload. Even if sent compressed, it is uncompressed on EvP intake and then evaluated for its size.
Ideally, we can control byte limit by ensuring not more than 5Mb sent through connector hub
| return os.environ.get("DD_COMPRESS", "true").lower() == "true" | ||
|
|
||
|
|
||
| def _compress_payload(payload: list[dict]): |
There was a problem hiding this comment.
might be good to have ther return type defined here so it's clear this can return two different types of data
| This function receives the logging json and invokes the Datadog endpoint | ||
| for ingesting logs. https://docs.cloud.oracle.com/en-us/iaas/Content/Logging/Reference/top_level_logging_format.htm#top_level_logging_format | ||
| If this Function is invoked with more than one log the function go over | ||
| each log and invokes the Datadog endpoint for ingesting one by one. |
There was a problem hiding this comment.
Are the logs ingested one by one? It looks like they are ingested in batches of 1000?
There was a problem hiding this comment.
Yes, they are ingested in batches of 1000. When the function gets invoked, and if there are more than 1000 logs to be transmitted to Datadog, one function invocation will break them into batches of 1000, and make multiple API calls to datadog.
* Add Function App Module * Add container registry login functionality * reviewers comments * add service user optionality * ECI-394 Add function module and complete container registry module. (#22) * build and push image * Add function module * uncomment accidental comments * remove unnecessary code * Update datadog-logs-oci-orm/modules/containerregistry/locals.tf
![datadog-datadog-prod-us1[bot]](https://avatars.githubusercontent.com/u/365230?s=60&v=4){kind=small}
…respective pipeline
ECI [OCI] include more log attributes and assign "DD_SOURCE" based on OCI service
* working draft commit * Logging Module * uncomment modules * simplify file removal * Rename Logging Module to ResourceDiscovery * reviewer comments ECI-395
This reverts commit 5c1cb3b.
ECI-453 [OCI] add redaction option for sensitive log fields
* prepare tuples for log forwarding * Testing Issues resolution * uncomment code * rename data variable * move log search outside compartment in logging module * update output * simplify resource creation * Sva91/eci 397 handle audit log configs (#32) * ECI-397 Add Audit Log Forwarding * Uncomment audit log name * reviewer comment * ECI-398 Add connectorhub module (#35) * ECI-398 Add connectorhub module * fix bugs * simplify audit log input * uncomment modules * Sva91/ECI-399 E2E logs private beta update stack (#36) * modify as per updated requirements * remove resource prefix from policy * fix bug * fix login issue * Reviewer comments ECI-399 * Reviewer comments * reviewer comments ECI-396
| variable "datadog_tags" { | ||
| type = string | ||
| default = "" | ||
| description = "The tags to be sent with the logs. The tags should be in the format key1:value1,key2:value2" |
There was a problem hiding this comment.
Are we checking if the tags are in correct format?
| @@ -1,3 +1,9 @@ | |||
| *.pyc | |||
| **/__pycache__/** | |||
| .idea/ | |||
| **/.terraform/** | |||
There was a problem hiding this comment.
Might be good to have this part merged now since it'll benefit anyone running terraform locally
| @@ -0,0 +1,15 @@ | |||
| #!/bin/bash | |||
|
|
|||
| output_file="oci_logging_services.json" | |||
There was a problem hiding this comment.
Thoughts on doing it through python where we have more flexibility like exception handling?
| DD_SOURCE = "oracle_cloud" # Adding a source name. | ||
| DD_SERVICE = "OCI Logs" # Adding a service name. | ||
| DD_TIMEOUT = 10 * 60 # Adding a timeout for the Datadog API call. | ||
| DD_BATCH_SIZE = 1000 # Adding a batch size for the Datadog API call. |
There was a problem hiding this comment.
The byte limit of 5Mb is on uncompressed payload. Even if sent compressed, it is uncompressed on EvP intake and then evaluated for its size.
Ideally, we can control byte limit by ensuring not more than 5Mb sent through connector hub
| echo "$response" > "$output_file" | ||
|
|
||
| # Output the response in a valid JSON map for Terraform's external data source | ||
| content=$(jq -c . < "$output_file") # Ensure the file's content is compact JSON |
There was a problem hiding this comment.
Can the sample output of this be documented?
Also, it'll be more readable to use python for better handling and for exception handling. If not immediately but as a follow-up
| while [ "$next_page" != "null" ]; do | ||
| if [ "$next_page" == "init" ]; then | ||
| # First query without next page token | ||
| response=$(oci search resource structured-search --query-text \ |
There was a problem hiding this comment.
There might be a trade-off between doing this search for single compartment or doing it for multiple compartments like:
(compartmentId = 'id1' || compartmentId = 'id2')
Can save on the API calls.
| log_group_ids_string = join(",", [for lg in local.flat_log_groups : lg.id]) | ||
| } | ||
|
|
||
| data "external" "logs_outside_compartment" { |
There was a problem hiding this comment.
It will be good to explain the steps being done here and in the underlying script. The reason to fetch log resources for other compartments.
| } | ||
|
|
||
| # Step 1: Fetch all compartments in the tenancy | ||
| data "oci_identity_compartments" "all_compartments" { |
There was a problem hiding this comment.
If this module runs for every logging compartment in a loop
in datadog-logs-oci-orm/main.tf, then is this step run every time? If yes, this can be minimized by running once
What
Why
Testing