[APPSEC-10303] Replace AppSec rate limiter with core rate limiter

[Strech]

What does this PR do?

This allows us to be more precise in throttling of outgoing AppSec traces and removes additional custom logic for rate limiting.

Motivation:

We can re-use recently moved to core BucketLimiter. It will eliminate of logic implementation and improve rate limiting. Existing limiter is too aggressive (correct number is 10 traces per test run):

[15:19:31] AppSec/system-tests main
❯❯❯ while true; do docker logs -f system-tests-weblog -f 2>/dev/null | rg -o '_sampling_priority_v1\W:2' | wc -l; sleep 1; done
3
3
3
3
3
3
3

with this PR

[15:25:11] AppSec/system-tests appsec-10303-fix-rate-limiter
❯❯❯ while true; do docker logs -f system-tests-weblog -f 2>/dev/null | rg -o '_sampling_priority_v1\W:2' | wc -l; sleep 1; done
10
10
10
10
10
10
10

Additional Notes:

I've corrected some existing tests and add a bit of a new logic under tests (since we rate limiting per thread).

IMPORTANT Unfortunately, it's impossible to guarantee that we will receive exactly N amount of traces after limiting due to execution speed of the block inside the Datadog::AppSec::RateLimiter#limit. If it take a little longer the fractional part of the token will accumulate and give us an extra spare token to spend. Because of that tests were adjusted to allow this drift of a single token.

How to test the change?

Set the AppSec rate limiter on 1/TPS and shoot a bunch of requests (hopefully soon test generator will come in play)

[pr-commenter]

Benchmarks

Benchmark execution time: 2024-10-09 08:05:37

Comparing candidate commit cd06310 in PR branch appsec-10303-replace-rate-limiter-logic with baseline commit f0dd28e in branch master.

Found 0 performance improvements and 0 performance regressions! Performance is the same for 23 metrics, 2 unstable metrics.

[codecov-commenter]

Codecov Report

All modified and coverable lines are covered by tests ✅

Project coverage is 97.86%. Comparing base (f0dd28e) to head (cd06310).

Additional details and impacted files

@@           Coverage Diff           @@
##           master    #3975   +/-   ##
=======================================
  Coverage   97.86%   97.86%           
=======================================
  Files        1313     1314    +1     
  Lines       78485    78497   +12     
  Branches     3892     3889    -3     
=======================================
+ Hits        76807    76822   +15     
+ Misses       1678     1675    -3     

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

[Strech]

@ivoanjo I've adjusted the code to consider Thread locality instead of Fiber locality of the variable. Unfortunately, in 2.5.9 those functions lack a bit of behavior which is possible to find in 3.x version, like thread_variable? reacts different on nil value (in 2.5 it's considered as set and in 3.x it's considered as unset 🤣)

The test is also adjusted to be a white-box instead of the black-box.

If you have time, could you please take another look. Thanks 🙌🏼

[Strech]

I'm going to find a way to rework it, it brings flakiness 😞

[Strech]

Fixed with time freezing and emulating 1s processing time

[ivoanjo]

I had not yet given a pass on other files, so here's a smattering of comments on them >_>

Just a bunch of small stuff, nothing blocking 👍 LGTM otherwise

[ivoanjo]

Minor: This debug message seems like it can happen reasonably frequently. Do we need it around?

My (small) concern is that we don't currently have a fine-grained way of disabling some messages + sometimes to debug issues we need to ask customers to enable debug-level logging. Thus, having messages that are very noisy is somewhat annoying in that situation.

I do understand if you find this message quite important and want to keep it; I'm more explaining the trade-off we have here. (The better solution would be for our logging to not be as coarse-grained...)

[p-datadog]

Since there were types previously in the sig files changed by this PR, I would prefer to see at least those carried over to the new tree.

[p-datadog]

This line matches Singleton usage and I thought instance referred to the only global instance. I suggest another name for it (maybe local_instance if you don't have better ideas).

[Strech]

Agreed, still working on the name. I don't want to have bypass method limit and rather provide builder/access method to the configured instance.

[Strech]

I choose the thread_local name to reflect locality of the limiter to the client.

Datadog::AppSec::RateLimiter.thread_local.limit do
  record_via_span(span, *events)
end

[Strech]

@p-datadog @ivoanjo Thanks for the feedback 🙏🏼.

I've updated the sig files properly and also enable the Core::RateLimiter to be checked by Steep. I don't think it makes sense to move these changes in the separate PR because they definitely belongs here (as I'm updating the code)

I don't know what to do with debug message, but I get the point and definitely will try to come up with an idea, but maybe later.

If there is no objection, I would like to merge it and 🚢 it!

[ivoanjo]

No concerns from my side! 🙇