Create metric: appsec.waf.config_errors

dd-java-agent/appsec/src/main/java/com/datadog/appsec/gateway/AppSecRequestContext.java

@@ -124,6 +124,7 @@ public class AppSecRequestContext implements DataBundle, Closeable {
   private volatile boolean blocked;
   private volatile int wafTimeouts;
   private volatile int raspTimeouts;
+  private volatile int configErrors;
 
   // keep a reference to the last published usr.id
   private volatile String userId;
@@ -139,6 +140,9 @@ public class AppSecRequestContext implements DataBundle, Closeable {
   private static final AtomicIntegerFieldUpdater<AppSecRequestContext> RASP_TIMEOUTS_UPDATER =
       AtomicIntegerFieldUpdater.newUpdater(AppSecRequestContext.class, "raspTimeouts");
 
+  private static final AtomicIntegerFieldUpdater<AppSecRequestContext> CONFIG_ERRORS_UPDATER =
+      AtomicIntegerFieldUpdater.newUpdater(AppSecRequestContext.class, "configErrors");
+
   // to be called by the Event Dispatcher
   public void addAll(DataBundle newData) {
     for (Map.Entry<Address<?>, Object> entry : newData) {
@@ -188,6 +192,10 @@ public void increaseRaspTimeouts() {
     RASP_TIMEOUTS_UPDATER.incrementAndGet(this);
   }
 
+  public void increaseConfigErrors() {
+    CONFIG_ERRORS_UPDATER.incrementAndGet(this);
+  }
+
   public int getWafTimeouts() {
     return wafTimeouts;
   }
@@ -196,6 +204,10 @@ public int getRaspTimeouts() {
     return raspTimeouts;
   }
 
+  public int getConfigErrors() {
+    return configErrors;
+  }
+
   public Additive getOrCreateAdditive(PowerwafContext ctx, boolean createMetrics, boolean isRasp) {
 
     if (createMetrics) {

dd-java-agent/appsec/src/main/java/com/datadog/appsec/powerwaf/PowerWAFModule.java

@@ -215,6 +215,7 @@ private void applyConfig(Object config_, AppSecModuleConfigurer.Reconfiguration
       // ddwaf_init/update
       success = initializeNewWafCtx(reconf, config, curCtxAndAddresses);
     } catch (Exception e) {
+      WafMetricCollector.get().wafConfigError();
       throw new AppSecModuleActivationException("Could not initialize/update waf", e);
     } finally {
       if (curCtxAndAddresses == null) {

internal-api/src/main/java/datadog/trace/api/telemetry/WafMetricCollector.java

@@ -44,6 +44,7 @@ private WafMetricCollector() {
       new AtomicLongArray(LoginFramework.getNumValues() * LoginEvent.getNumValues());
   private static final AtomicLongArray missingUserIdQueue =
       new AtomicLongArray(LoginFramework.getNumValues());
+  private static final AtomicInteger wafConfigErrorCounter = new AtomicInteger();
 
   /** WAF version that will be initialized with wafInit and reused for all metrics. */
   private static String wafVersion = "";
@@ -80,6 +81,10 @@ public void wafRequest() {
     wafRequestCounter.increment();
   }
 
+  public void wafConfigError() {
+    wafConfigErrorCounter.incrementAndGet();
+  }
+
   public void wafRequestTriggered() {
     wafTriggeredRequestCounter.increment();
   }
@@ -239,6 +244,13 @@ public void prepareMetrics() {
         }
       }
     }
+
+    // WAF config errors
+    if (!rawMetricsQueue.offer(
+        new WafConfigError(
+            wafConfigErrorCounter.getAndSet(0),
+            WafMetricCollector.wafVersion,
+            WafMetricCollector.rulesVersion))) {}
   }
 
   public abstract static class WafMetric extends MetricCollector.Metric {
@@ -319,6 +331,16 @@ public WafRequestsRawMetric(
     }
   }
 
+  public static class WafConfigError extends WafMetric {
+    public WafConfigError(final long counter, final String wafVersion, final String rulesVersion) {
+      super(
+          "waf.config_errors",
+          counter,
+          "waf_version:" + wafVersion,
+          "event_rules_version:" + rulesVersion);
+    }
+  }
+
   public static class RaspRuleEval extends WafMetric {
     public RaspRuleEval(final long counter, final RuleType ruleType, final String wafVersion) {
       super(