From 452480d1b3a496e74d594a6614acb88620f85548 Mon Sep 17 00:00:00 2001
From: Ee Durbin <ewdurbin@gmail.com>
Date: Thu, 7 Nov 2024 12:33:44 -0500
Subject: [PATCH] disable logging to datadog by default (#2653)

* disable logging to datadog by default

When the logging_datadog section was added in #2519, there was no logging condition applied leading to all requests being logged to datadog.

this adds a "False" condition so that logs are only emitted from the rate limiter

* rename response condition for clarity
---
 infra/cdn/main.tf | 15 +++++++++++----
 1 file changed, 11 insertions(+), 4 deletions(-)

diff --git a/infra/cdn/main.tf b/infra/cdn/main.tf
index 059fd8977..91cac411e 100644
--- a/infra/cdn/main.tf
+++ b/infra/cdn/main.tf
@@ -136,6 +136,12 @@ resource "fastly_service_vcl" "python_org" {
     statement = "req.http.host == \"python.org\""
     type      = "REQUEST"
   }
+  condition {
+    name      = "Always False"
+    priority  = 10
+    statement = "false"
+    type      = "RESPONSE"
+  }
 
   condition {
     name      = "Don't cache 404s for /static"
@@ -262,9 +268,10 @@ resource "fastly_service_vcl" "python_org" {
   }
 
   logging_datadog {
-    name   = "ratelimit-debug"
-    token  = var.datadog_key
-    region = "US"
+    name               = "ratelimit-debug"
+    token              = var.datadog_key
+    region             = "US"
+    response_condition = "Always False"
   }
 
   logging_s3 {
@@ -361,7 +368,7 @@ resource "fastly_service_vcl" "python_org" {
   dynamic "dictionary" {
     for_each = var.activate_ngwaf_service ? [1] : []
     content {
-      name = var.edge_security_dictionary
+      name          = var.edge_security_dictionary
       force_destroy = true
     }
   }