From ad4d2ea8ce1e0c8b6006d5ad1478f31a47fc6814 Mon Sep 17 00:00:00 2001
From: Yury Lebedev <yury.lebedev@datadoghq.com>
Date: Wed, 5 Feb 2025 12:51:40 +0100
Subject: [PATCH 1/3] Fix remote config handling for AppSec

Before we were not setting `apply_state` to ACKNOWLEDGED on remote
config content.
---
 lib/datadog/appsec/remote.rb       |  3 +++
 spec/datadog/appsec/remote_spec.rb | 20 ++++++++++++++++++++
 2 files changed, 23 insertions(+)

diff --git a/lib/datadog/appsec/remote.rb b/lib/datadog/appsec/remote.rb
index 163ebac352b..fe6ace123c2 100644
--- a/lib/datadog/appsec/remote.rb
+++ b/lib/datadog/appsec/remote.rb
@@ -74,12 +74,15 @@ def receivers(telemetry)
               case content.path.product
               when 'ASM_DD'
                 rules << parsed_content
+                content.applied
               when 'ASM_DATA'
                 data << parsed_content['rules_data'] if parsed_content['rules_data']
+                content.applied
               when 'ASM'
                 overrides << parsed_content['rules_override'] if parsed_content['rules_override']
                 exclusions << parsed_content['exclusions'] if parsed_content['exclusions']
                 custom_rules << parsed_content['custom_rules'] if parsed_content['custom_rules']
+                content.applied
               end
             end
 
diff --git a/spec/datadog/appsec/remote_spec.rb b/spec/datadog/appsec/remote_spec.rb
index 4b1db36be98..cd93263682a 100644
--- a/spec/datadog/appsec/remote_spec.rb
+++ b/spec/datadog/appsec/remote_spec.rb
@@ -173,6 +173,12 @@
           receiver.call(repository, changes)
         end
 
+        it 'sets apply_state to ACKNOWLEDGED on content' do
+          receiver.call(repository, transaction)
+
+          expect(content.apply_state).to eq(Datadog::Core::Remote::Configuration::Content::ApplyState::ACKNOWLEDGED)
+        end
+
         context 'content product' do
           before do
             # Stub the reconfigure method, so we do not trigger background reconfiguration
@@ -290,6 +296,13 @@
 
           context 'ASM' do
             let(:path) { 'datadog/603646/ASM/whatevername/config' }
+            let(:data) { {} }
+
+            it 'sets apply_state to ACKNOWLEDGED on content' do
+              receiver.call(repository, transaction)
+
+              expect(content.apply_state).to eq(Datadog::Core::Remote::Configuration::Content::ApplyState::ACKNOWLEDGED)
+            end
 
             context 'overrides' do
               let(:data) do
@@ -405,6 +418,13 @@
 
           context 'ASM_DATA' do
             let(:path) { 'datadog/603646/ASM_DATA/whatevername/config' }
+            let(:data) { {} }
+
+            it 'sets apply_state to ACKNOWLEDGED on content' do
+              receiver.call(repository, transaction)
+
+              expect(content.apply_state).to eq(Datadog::Core::Remote::Configuration::Content::ApplyState::ACKNOWLEDGED)
+            end
 
             context 'with rules_data information' do
               let(:data) do

From 42e4f8286a29e2b3ec1e9a96222884336ac6d6c3 Mon Sep 17 00:00:00 2001
From: Yury Lebedev <yury.lebedev@datadoghq.com>
Date: Wed, 5 Feb 2025 12:55:37 +0100
Subject: [PATCH 2/3] Switch system tests to a temp branch

---
 .github/workflows/system-tests.yml | 5 ++---
 1 file changed, 2 insertions(+), 3 deletions(-)

diff --git a/.github/workflows/system-tests.yml b/.github/workflows/system-tests.yml
index c63993f8378..e88ab00e39c 100644
--- a/.github/workflows/system-tests.yml
+++ b/.github/workflows/system-tests.yml
@@ -24,9 +24,8 @@ on:
 env:
   REGISTRY: ghcr.io
   REPO: ghcr.io/datadog/dd-trace-rb
-  # Broken system-test: https://github.com/DataDog/system-tests/pull/3904
-  SYSTEM_TESTS_REF: 239c3eba6de0473817d3d88ebbc025c9d0c9574b
-  # SYSTEM_TESTS_REF: main # This must always be set to `main` on dd-trace-rb's master branch
+  # TODO: remove this change before merging to master
+  SYSTEM_TESTS_REF: enable-ip-blocking-for-ruby
 
 jobs:
   build-harness:

From d9bcea98ceca89e7382060d2988ea5a685fe28f1 Mon Sep 17 00:00:00 2001
From: Yury Lebedev <yury.lebedev@datadoghq.com>
Date: Wed, 5 Feb 2025 15:13:51 +0100
Subject: [PATCH 3/3] Move marking of remote config content as applied to the
 end

---
 lib/datadog/appsec/remote.rb | 7 ++++---
 1 file changed, 4 insertions(+), 3 deletions(-)

diff --git a/lib/datadog/appsec/remote.rb b/lib/datadog/appsec/remote.rb
index fe6ace123c2..d697a60c65a 100644
--- a/lib/datadog/appsec/remote.rb
+++ b/lib/datadog/appsec/remote.rb
@@ -74,15 +74,12 @@ def receivers(telemetry)
               case content.path.product
               when 'ASM_DD'
                 rules << parsed_content
-                content.applied
               when 'ASM_DATA'
                 data << parsed_content['rules_data'] if parsed_content['rules_data']
-                content.applied
               when 'ASM'
                 overrides << parsed_content['rules_override'] if parsed_content['rules_override']
                 exclusions << parsed_content['exclusions'] if parsed_content['exclusions']
                 custom_rules << parsed_content['custom_rules'] if parsed_content['custom_rules']
-                content.applied
               end
             end
 
@@ -107,6 +104,10 @@ def receivers(telemetry)
             )
 
             Datadog::AppSec.reconfigure(ruleset: ruleset, telemetry: telemetry)
+
+            repository.contents.each do |content|
+              content.applied if ASM_PRODUCTS.include?(content.path.product)
+            end
           end
 
           [receiver]