ddtrace/tracer: Tracing as transport-only mode (APPSEC_STANDALONE)

[eliottness]

What does this PR do?

This PR adds a new tracingAsTransport running mode for the tracer. This mode was created to disable APM biling but still allow customers to use other products that use APM as it's transport layer.

In short, what was done is:

• Add the (*config).tracingAsTransport boolean field
• Move the trace rate limit configuration value to the config struct for ease of use
• Allow other parts of dd-trace-go than the tracer to set propagating tags (_dd.p.*)
• When the env var DD_EXPERIMENTAL_APPSEC_STANDALONE_ENABLED, do these:
  • Add a global tag named _dd.apm.enabled=0
  • disable trace metrics and runtime metrics
  • disable agent side metrics with the Datadog-Client-Computed-Stats http header
  • Set rate limit to 1 trace par minute as kind of heartbeat to make sure the service still appears in the UI
  • Disable tracing propagation injection and extraction when the tag _dd.p.appsec=1 is not received upstream or set locally

All of this should make sure APM UI is disabled, but setting ManualKeep on certain traces will allow to bypass the rate limiter and will allow other products to still work when tracing-as-transport mode is enabled.

Motivation

This PR is the result of 1 approved RFC on ASM side and one draft RFC on APM side.

System-tests Run

https://github.com/DataDog/dd-trace-go/actions/runs/12397569796/job/34608280725

Reviewer's Checklist

• Changed code has unit tests for its functionality at or near 100% coverage.
• System-Tests covering this feature have been added and enabled with the va.b.c-dev version tag.
• There is a benchmark for any new code, or changes to existing code.
• If this interacts with the agent in a new way, a system test has been added.
• Add an appropriate team label so this PR gets put in the right place for the release notes.
• Non-trivial go.mod changes, e.g. adding new modules, are reviewed by @DataDog/dd-trace-go-guild.
• For internal contributors, a matching PR should be created to the v2-dev branch and reviewed by @DataDog/apm-go.

Unsure? Have a question? Request a review!

[pr-commenter]

Benchmarks

Benchmark execution time: 2024-12-19 11:16:26

Comparing candidate commit 1a458ca in PR branch eliottness/APPSEC-56100/standalone-asm with baseline commit d15e61a in branch main.

Found 1 performance improvements and 0 performance regressions! Performance is the same for 58 metrics, 0 unstable metrics.

scenario:BenchmarkSetTagMetric-24

• 🟩 execution_time [-8.430ns; -5.970ns] or [-6.727%; -4.764%]

[datadog-datadog-prod-us1]

Datadog Report

Branch report: eliottness/APPSEC-56100/standalone-asm
Commit report: 9f624a5
Test service: dd-trace-go

✅ 0 Failed, 2981 Passed, 24 Skipped, 2m 27.99s Total Time

[darccio]

LGTM

[darccio]

Nice.

[Julio-Guerra]

so meta indeed

[Julio-Guerra]

nice one

[Julio-Guerra]

what happens with the data in withCurrentBucket?
should we mute the emitter side of things too (this place being the receiver)?

[eliottness]

the emitter side of things is muted via the change done to canComputeStats()

[Julio-Guerra]

nit for the next PR to come but I suggest then to update t.stats methods to noop them when this is disabled

[Julio-Guerra]

so meta indeed

[RomainMuller]

❤️

[hannahkm]

@eliottness Could you backport this PR into the v2 branch? Thanks! 🙏🏼