Module: Datadog::Kit::Identity

Defined in:
lib/datadog/kit/identity.rb

Overview

Tracking identity via traces

Class Method Summary collapse

Class Method Details

.set_user(trace = nil, span = nil, id:, email: nil, name: nil, session_id: nil, role: nil, scope: nil, **others) ⇒ Object

Attach user information to the trace

rubocop:disable Metrics/CyclomaticComplexity rubocop:disable Metrics/PerceivedComplexity

Parameters:

  • trace (TraceOperation) (defaults to: nil)

    Trace to attach data to. Defaults to active trace.

  • span (SpanOperation) (defaults to: nil)

    Span to attach data to. Defaults to active span on trace. Note that this should be a service entry span. When AppSec is enabled, the expected span and trace are automatically used as defaults.

  • id (String)

    Mandatory. Username or client id extracted from the access token or Authorization header in the inbound request from outside the system.

  • email (String) (defaults to: nil)

    Email of the authenticated user associated to the trace.

  • name (String) (defaults to: nil)

    User-friendly name. To be displayed in the UI if set.

  • session_id (String) (defaults to: nil)

    Session ID of the authenticated user.

  • role (String) (defaults to: nil)

    Actual/assumed role the client is making the request under extracted from token or application security context.

  • scope (String) (defaults to: nil)

    Scopes or granted authorities the client currently possesses extracted from token or application security context. The value would come from the scope associated with an OAuth 2.0 Access Token or an attribute value in a SAML 2.0 Assertion.

  • others (Hash<Symbol, String>)

    Additional free-form user information to attach to the trace.

Raises:

  • (ArgumentError) 


38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
 
# File 'lib/datadog/kit/identity.rb', line 38

def set_user(
  trace = nil, span = nil, id:, email: nil, name: nil, session_id: nil, role: nil, scope: nil, **others
)
  raise ArgumentError, 'missing required key: :id' if id.nil?

  # enforce types

  raise TypeError, ':id must be a String'         unless id.is_a?(String)
  raise TypeError, ':email must be a String'      unless email.nil? || email.is_a?(String)
  raise TypeError, ':name must be a String'       unless name.nil? || name.is_a?(String)
  raise TypeError, ':session_id must be a String' unless session_id.nil? || session_id.is_a?(String)
  raise TypeError, ':role must be a String'       unless role.nil? || role.is_a?(String)
  raise TypeError, ':scope must be a String'      unless scope.nil? || scope.is_a?(String)

  others.each do |k, v|
    raise TypeError, "#{k.inspect} must be a String" unless v.nil? || v.is_a?(String)
  end

  set_trace_and_span_context('set_user', trace, span) do |_active_trace, active_span|
    # set tags once data is known consistent
    active_span.set_tag('usr.id', id)
    active_span.set_tag('usr.email', email)           unless email.nil?
    active_span.set_tag('usr.name', name)             unless name.nil?
    active_span.set_tag('usr.session_id', session_id) unless session_id.nil?
    active_span.set_tag('usr.role', role)             unless role.nil?
    active_span.set_tag('usr.scope', scope)           unless scope.nil?

    others.each do |k, v|
      active_span.set_tag("usr.#{k}", v) unless v.nil?
    end

    if Datadog::AppSec.active_scope
      user = ::Datadog::AppSec::Instrumentation::Gateway::User.new(id)
      ::Datadog::AppSec::Instrumentation.gateway.push('identity.set_user', user)
    end
  end
end