Skip to content

fix: join redis and valkey pipeline commands with newlines for correct agent obfuscation#4593

Merged
gh-worker-dd-mergequeue-cf854d[bot] merged 3 commits into
mainfrom
rarguelloF/obfuscate-valkey-spans
Mar 26, 2026
Merged

fix: join redis and valkey pipeline commands with newlines for correct agent obfuscation#4593
gh-worker-dd-mergequeue-cf854d[bot] merged 3 commits into
mainfrom
rarguelloF/obfuscate-valkey-spans

Conversation

@rarguelloF

@rarguelloF rarguelloF commented Mar 25, 2026

Copy link
Copy Markdown
Contributor

What does this PR do?

  • Spans with type valkey are now passed through obfuscatedResource alongside redis, so client-side stats computed by the tracer are obfuscated consistently with what the agent applies later.
  • Pipeline and multi-command spans in the rueidis and valkey-go integrations were joining commands with spaces, which caused the Datadog agent's Redis obfuscation to treat subsequent commands as arguments of the first, collapsing e.g. SET GET SET into just SET.
  • Commands are now joined with \n, which is the delimiter the agent obfuscator expects to split pipeline commands individually, producing correct obfuscated resource names like SET GET SET ....

Motivation

Fix resource names / stats for the following integrations:

  • contrib/valkey-io/valkey-go: Obfuscation was enabled for type:valkey spans in the agent but not in dd-trace-go, so stats computed client-side used the raw resource name for valkey spans, while the agent obfuscated them — causing a mismatch between span resource names and their stats in the Datadog UI.
  • contrib/redis/rueidis: For rueidis pipeline spans, obfuscation was applied but space-joined commands collapsed to a single verb, losing the full pipeline context.

Reviewer's Checklist

  • Changed code has unit tests for its functionality at or near 100% coverage.
  • System-Tests covering this feature have been added and enabled with the va.b.c-dev version tag.
  • There is a benchmark for any new code, or changes to existing code.
  • If this interacts with the agent in a new way, a system test has been added.
  • New code is free of linting errors. You can check this by running make lint locally.
  • New code doesn't break existing tests. You can check this by running make test locally.
  • Add an appropriate team label so this PR gets put in the right place for the release notes.
  • All generated files are up to date. You can check this by running make generate locally.
  • Non-trivial go.mod changes, e.g. adding new modules, are reviewed by @DataDog/dd-trace-go-guild. Make sure all nested modules are up to date by running make fix-modules locally.

Unsure? Have a question? Request a review!

@rarguelloF
rarguelloF requested review from a team as code owners March 25, 2026 12:10
@github-actions github-actions Bot added the apm:ecosystem contrib/* related feature requests or bugs label Mar 25, 2026
@datadog-datadog-prod-us1

datadog-datadog-prod-us1 Bot commented Mar 25, 2026

Copy link
Copy Markdown

✅ Tests

🎉 All green!

❄️ No new flaky tests detected
🧪 All tests passed

🎯 Code Coverage (details)
Patch Coverage: 100.00%
Overall Coverage: 60.00% (+4.04%)

This comment will be updated automatically if new data arrives.
🔗 Commit SHA: 5a995ca | Docs | Datadog PR Page | Was this helpful? React with 👍/👎 or give us feedback!

@pr-commenter

pr-commenter Bot commented Mar 25, 2026

Copy link
Copy Markdown

Benchmarks

Benchmark execution time: 2026-03-25 13:39:03

Comparing candidate commit 5a995ca in PR branch rarguelloF/obfuscate-valkey-spans with baseline commit ef7877e in branch main.

Found 0 performance improvements and 0 performance regressions! Performance is the same for 216 metrics, 8 unstable metrics.

Explanation

This is an A/B test comparing a candidate commit's performance against that of a baseline commit. Performance changes are noted in the tables below as:

  • 🟩 = significantly better candidate vs. baseline
  • 🟥 = significantly worse candidate vs. baseline

We compute a confidence interval (CI) over the relative difference of means between metrics from the candidate and baseline commits, considering the baseline as the reference.

If the CI is entirely outside the configured SIGNIFICANT_IMPACT_THRESHOLD (or the deprecated UNCONFIDENCE_THRESHOLD), the change is considered significant.

Feel free to reach out to #apm-benchmarking-platform on Slack if you have any questions.

More details about the CI and significant changes

You can imagine this CI as a range of values that is likely to contain the true difference of means between the candidate and baseline commits.

CIs of the difference of means are often centered around 0%, because often changes are not that big:

---------------------------------(------|---^--------)-------------------------------->
                              -0.6%    0%  0.3%     +1.2%
                                 |          |        |
         lower bound of the CI --'          |        |
sample mean (center of the CI) -------------'        |
         upper bound of the CI ----------------------'

As described above, a change is considered significant if the CI is entirely outside the configured SIGNIFICANT_IMPACT_THRESHOLD (or the deprecated UNCONFIDENCE_THRESHOLD).

For instance, for an execution time metric, this confidence interval indicates a significantly worse performance:

----------------------------------------|---------|---(---------^---------)---------->
                                       0%        1%  1.3%      2.2%      3.1%
                                                  |   |         |         |
       significant impact threshold --------------'   |         |         |
                      lower bound of CI --------------'         |         |
       sample mean (center of the CI) --------------------------'         |
                      upper bound of CI ----------------------------------'

@rarguelloF rarguelloF changed the title fix(valkey,rueidis): join pipeline commands with newlines for correct agent obfuscation fix: join redis and valkey pipeline commands with newlines for correct agent obfuscation Mar 25, 2026

@ajgajg1134 ajgajg1134 left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Looks good from the trace-agent's perspective :)


span := spans[0]
assert.Equal(t, "SET GET SET GET SET", span.Tag(ext.ResourceName))
assert.Equal(t, "SET\nGET\nSET\nGET\nSET", span.Tag(ext.ResourceName))

Copy link
Copy Markdown
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Is this a breaking change for the backend? Or is it handled by it so resource name is virtually the same as before?

Copy link
Copy Markdown
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Yeah, good catch. This is technically breaking if anyone was relying on the buggy behavior. But since it’s fixing something unintended and aligning things with the expected behavior, we’re treating it as a bug fix. We can call it out in the release notes to make it clear.

@darccio darccio left a comment

Copy link
Copy Markdown
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Approving. Keep in mind to highlight this in the release notes.

@rarguelloF

Copy link
Copy Markdown
Contributor Author

/merge

@gh-worker-devflow-routing-ef8351

gh-worker-devflow-routing-ef8351 Bot commented Mar 26, 2026

Copy link
Copy Markdown

View all feedbacks in Devflow UI.

2026-03-26 11:30:36 UTC ℹ️ Start processing command /merge


2026-03-26 11:30:40 UTC ℹ️ MergeQueue: pull request added to the queue

The expected merge time in main is approximately 29m (p90).


2026-03-26 11:43:55 UTC ℹ️ MergeQueue: This merge request was merged

@gh-worker-dd-mergequeue-cf854d
gh-worker-dd-mergequeue-cf854d Bot merged commit c281e00 into main Mar 26, 2026
214 of 215 checks passed
@gh-worker-dd-mergequeue-cf854d
gh-worker-dd-mergequeue-cf854d Bot deleted the rarguelloF/obfuscate-valkey-spans branch March 26, 2026 11:43
@codecov

codecov Bot commented Mar 26, 2026

Copy link
Copy Markdown

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 60.78%. Comparing base (ef7877e) to head (5a995ca).
⚠️ Report is 6 commits behind head on main.

Additional details and impacted files
Files with missing lines Coverage Δ
ddtrace/tracer/span.go 86.50% <100.00%> (ø)

... and 399 files with indirect coverage changes

🚀 New features to boost your workflow:
  • ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
  • 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

apm:ecosystem contrib/* related feature requests or bugs mergequeue-status: done

Projects

None yet

Development

Successfully merging this pull request may close these issues.

4 participants