[SVLS-7018] Support profiling in Azure Functions

[kathiehuang]

What does this PR do?

• Implements functionality in Azure Functions to handle proxy payloads - for now, specifically profile payloads
• Starts a background task that runs a proxy flusher
• Adds a profiling endpoint that receives profile proxy payloads and sends them through an mpsc channel where the proxy flusher receives it and forwards it to Datadog, handling retries and exponential backoffs
• Attaches additional Azure Function-specific tags to the profile
• Works in Python, Node.js, and Java, but the Java and .NET Continuous Profilers in serverless are not currently supported by the Profiling team
• Added datadog-fips to Cargo.toml to use its reqwest client builder method

Motivation

Profiling is not yet supported in Azure Functions.

Additional Notes

Tested across all hosting plans. This works for Python and Node.js.

• For Node.js, profiling only has prebuilt binaries for Linux arm64/x64, Alpine Linux x64, macOS arm64/x64, and Windows x64. The default for Azure Apps in Terraform is Windows x32, so we had to go to the Configuration tab in the Azure portal and change Platform to 64 Bit to get profiling to work.
  • This is documented in the Node.js profiler troubleshooting page
• This worked in Java as well in testing, but the Java Continuous Profiler in serverless is not currently supported by the Profiling team.
• The .NET Continuous Profiler in serverless is also not currently supported by the Profiling team - could not test because the .NET tracer shuts down the profiler if it detects it's in an Azure Function.

Describe how to test/QA your changes

To test this, follow the Serverless Compatibility Layer instructions to deploy function apps across runtimes and hosting plans with the built binary. Add DD_PROFILING_ENABLED=true in Azure app settings. Generate load on the function app and check Datadog to see profiles show up, and click into the profile > Runtime Info to see the added tags!

Profile tags:

Ticket for handling profile payloads: SVLS-7982

Ticket for adding tags to profiles: SVLS-7983

FRSLES-759

Follow up task: Talk with APM Serverless about changes in their tracer code that will need to be made. SVLS-7841

[kathiehuang]

@codex review

[chatgpt-codex-connector]

💡 Codex Review

Here are some automated review suggestions for this pull request.

ℹ️ About Codex in GitHub

Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you

• Open a pull request for review
• Mark a draft as ready
• Comment "@codex review".

If Codex has suggestions, it will comment; otherwise it will react with 👍.

Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".

[chatgpt-codex-connector]

Forward profiling query string to Datadog

The profiling proxy handler builds the outgoing request URL from the static profiling_intake endpoint and ignores parts.uri.query(). Profiling clients pass service, environment, and other metadata via the query string when posting to /profiling/v1/input; dropping these parameters means the flusher forwards payloads without required metadata, causing ingestion failures or misattribution. Append the incoming query parameters to ProxyRequest.target_url before sending to the proxy flusher.

Useful? React with 👍 / 👎.

[kathiehuang]

The lambda extension doesn't preserve query parameters: https://github.com/DataDog/datadog-lambda-extension/blob/main/bottlecap/src/traces/proxy_flusher.rs#L119

[kathiehuang]

@codex review

[chatgpt-codex-connector]

💡 Codex Review

Here are some automated review suggestions for this pull request.

ℹ️ About Codex in GitHub

Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you

• Open a pull request for review
• Mark a draft as ready
• Comment "@codex review".

If Codex has suggestions, it will comment; otherwise it will react with 👍.

Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".

[chatgpt-codex-connector]

Enforce profiling payload size before buffering

The new profiling proxy endpoint reads the entire request body into memory (body.collect().await) without validating the Content-Length. The trace and stats handlers call verify_request_content_length to reject payloads larger than Config::max_request_content_length before allocation, but the profiling handler omits this guard. A client can therefore POST an arbitrarily large profiling payload and the mini agent will buffer it in RAM before forwarding, allowing a single request to exhaust memory and crash the function. Consider applying the same content length check as the other endpoints before collecting the body.

Useful? React with 👍 / 👎.

[kathiehuang]

The lambda extension also doesn't validate the content-length, probably because profiling payloads are typically much larger and they're coming from the Datadog profiler

[duncanpharvey]

Looks good! Just a few minor comments.

Let's make sure to test this in all hosting plans and operating systems prior to releasing. I've seen issues in the past with TLS certificates. See DataDog/libdatadog#523

[kathiehuang]

@codex review

[chatgpt-codex-connector]

💡 Codex Review

Here are some automated review suggestions for this pull request.

ℹ️ About Codex in GitHub

Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you

• Open a pull request for review
• Mark a draft as ready
• Comment "@codex review".

If Codex has suggestions, it will comment; otherwise it will react with 👍.

Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".