Skip to content

Commit c6fcb62

Browse files
apiarian-datadogapiarian-datadog
authored
feat: [SVLS-6242] bottlecap fips builds (#644)
Building bottlecap with fips mode. This is entirely focused on removing `ring` (and other non-FIPS-compliant dependencies from our `fips`-featured builds.)
1 parent ac8a7df commit c6fcb62

1 file changed

Lines changed: 36 additions & 60 deletions

File tree

mod.rs

Lines changed: 36 additions & 60 deletions
Original file line numberDiff line numberDiff line change
@@ -34,7 +34,7 @@ fn log_fallback_reason(reason: &str) {
3434
println!("{{\"DD_EXTENSION_FALLBACK_REASON\":\"{reason}\"}}");
3535
}
3636

37-
fn fallback(config: &EnvConfig, yaml_config: &YamlConfig, region: &str) -> Result<(), ConfigError> {
37+
fn fallback(config: &EnvConfig, yaml_config: &YamlConfig) -> Result<(), ConfigError> {
3838
// Customer explicitly opted out of the Next Gen extension
3939
let opted_out = match config.extension_version.as_deref() {
4040
Some("compatibility") => true,
@@ -97,17 +97,11 @@ fn fallback(config: &EnvConfig, yaml_config: &YamlConfig, region: &str) -> Resul
9797
return Err(ConfigError::UnsupportedField("otel".to_string()));
9898
}
9999

100-
// Govcloud Regions
101-
if region.starts_with("us-gov-") {
102-
log_fallback_reason("gov_region");
103-
return Err(ConfigError::UnsupportedField("gov_region".to_string()));
104-
}
105-
106100
Ok(())
107101
}
108102

109103
#[allow(clippy::module_name_repetitions)]
110-
pub fn get_config(config_directory: &Path, region: &str) -> Result<EnvConfig, ConfigError> {
104+
pub fn get_config(config_directory: &Path) -> Result<EnvConfig, ConfigError> {
111105
let path = config_directory.join("datadog.yaml");
112106

113107
// Get default config fields (and ENV specific ones)
@@ -129,7 +123,7 @@ pub fn get_config(config_directory: &Path, region: &str) -> Result<EnvConfig, Co
129123
}
130124
};
131125

132-
fallback(&config, &yaml_config, region)?;
126+
fallback(&config, &yaml_config)?;
133127

134128
// Set site if empty
135129
if config.site.is_empty() {
@@ -282,32 +276,19 @@ pub mod tests {
282276
use crate::config::processing_rule;
283277
use crate::config::trace_propagation_style::TracePropagationStyle;
284278

285-
const MOCK_REGION: &str = "us-east-1";
286-
287279
#[test]
288280
fn test_reject_on_opted_out() {
289281
figment::Jail::expect_with(|jail| {
290282
jail.clear_env();
291283
jail.set_env("DD_EXTENSION_VERSION", "compatibility");
292-
let config =
293-
get_config(Path::new(""), MOCK_REGION).expect_err("should reject unknown fields");
284+
let config = get_config(Path::new("")).expect_err("should reject unknown fields");
294285
assert_eq!(
295286
config,
296287
ConfigError::UnsupportedField("extension_version".to_string())
297288
);
298289
Ok(())
299290
});
300291
}
301-
#[test]
302-
fn test_reject_on_gov_region() {
303-
let mock_gov_region = "us-gov-east-1";
304-
let config =
305-
get_config(Path::new(""), mock_gov_region).expect_err("should reject unknown fields");
306-
assert_eq!(
307-
config,
308-
ConfigError::UnsupportedField("gov_region".to_string())
309-
);
310-
}
311292

312293
#[test]
313294
fn test_fallback_on_otel() {
@@ -318,8 +299,7 @@ pub mod tests {
318299
"localhost:4138",
319300
);
320301

321-
let config =
322-
get_config(Path::new(""), MOCK_REGION).expect_err("should reject unknown fields");
302+
let config = get_config(Path::new("")).expect_err("should reject unknown fields");
323303
assert_eq!(config, ConfigError::UnsupportedField("otel".to_string()));
324304
Ok(())
325305
});
@@ -340,8 +320,7 @@ pub mod tests {
340320
",
341321
)?;
342322

343-
let config =
344-
get_config(Path::new(""), MOCK_REGION).expect_err("should reject unknown fields");
323+
let config = get_config(Path::new("")).expect_err("should reject unknown fields");
345324
assert_eq!(config, ConfigError::UnsupportedField("otel".to_string()));
346325
Ok(())
347326
});
@@ -352,7 +331,7 @@ pub mod tests {
352331
figment::Jail::expect_with(|jail| {
353332
jail.clear_env();
354333

355-
let config = get_config(Path::new(""), MOCK_REGION).expect("should parse config");
334+
let config = get_config(Path::new("")).expect("should parse config");
356335
assert_eq!(
357336
config.logs_config_logs_dd_url,
358337
"https://http-intake.logs.datadoghq.com".to_string()
@@ -370,7 +349,7 @@ pub mod tests {
370349
"agent-http-intake-pci.logs.datadoghq.com:443",
371350
);
372351

373-
let config = get_config(Path::new(""), MOCK_REGION).expect("should parse config");
352+
let config = get_config(Path::new("")).expect("should parse config");
374353
assert_eq!(
375354
config.logs_config_logs_dd_url,
376355
"agent-http-intake-pci.logs.datadoghq.com:443".to_string()
@@ -388,7 +367,7 @@ pub mod tests {
388367
"https://trace-pci.agent.datadoghq.com",
389368
);
390369

391-
let config = get_config(Path::new(""), MOCK_REGION).expect("should parse config");
370+
let config = get_config(Path::new("")).expect("should parse config");
392371
assert_eq!(
393372
config.apm_config_apm_dd_url,
394373
"https://trace-pci.agent.datadoghq.com/api/v0.2/traces".to_string()
@@ -403,7 +382,7 @@ pub mod tests {
403382
jail.clear_env();
404383
jail.set_env("DD_DD_URL", "custom_proxy:3128");
405384

406-
let config = get_config(Path::new(""), MOCK_REGION).expect("should parse config");
385+
let config = get_config(Path::new("")).expect("should parse config");
407386
assert_eq!(config.dd_url, "custom_proxy:3128".to_string());
408387
Ok(())
409388
});
@@ -415,7 +394,7 @@ pub mod tests {
415394
jail.clear_env();
416395
jail.set_env("DD_URL", "custom_proxy:3128");
417396

418-
let config = get_config(Path::new(""), MOCK_REGION).expect("should parse config");
397+
let config = get_config(Path::new("")).expect("should parse config");
419398
assert_eq!(config.url, "custom_proxy:3128".to_string());
420399
Ok(())
421400
});
@@ -426,7 +405,7 @@ pub mod tests {
426405
figment::Jail::expect_with(|jail| {
427406
jail.clear_env();
428407

429-
let config = get_config(Path::new(""), MOCK_REGION).expect("should parse config");
408+
let config = get_config(Path::new("")).expect("should parse config");
430409
assert_eq!(config.dd_url, String::new());
431410
Ok(())
432411
});
@@ -438,8 +417,7 @@ pub mod tests {
438417
jail.clear_env();
439418
jail.set_env("DD_SERVERLESS_APPSEC_ENABLED", "true");
440419

441-
let config =
442-
get_config(Path::new(""), MOCK_REGION).expect_err("should reject unknown fields");
420+
let config = get_config(Path::new("")).expect_err("should reject unknown fields");
443421
assert_eq!(
444422
config,
445423
ConfigError::UnsupportedField("appsec_enabled".to_string())
@@ -459,7 +437,7 @@ pub mod tests {
459437
",
460438
)?;
461439
jail.set_env("DD_SITE", "datad0g.com");
462-
let config = get_config(Path::new(""), MOCK_REGION).expect("should parse config");
440+
let config = get_config(Path::new("")).expect("should parse config");
463441
assert_eq!(config.site, "datad0g.com");
464442
Ok(())
465443
});
@@ -474,7 +452,7 @@ pub mod tests {
474452
r"
475453
",
476454
)?;
477-
let config = get_config(Path::new(""), MOCK_REGION).expect("should parse config");
455+
let config = get_config(Path::new("")).expect("should parse config");
478456
assert_eq!(config.site, "datadoghq.com");
479457
Ok(())
480458
});
@@ -485,7 +463,7 @@ pub mod tests {
485463
figment::Jail::expect_with(|jail| {
486464
jail.clear_env();
487465
jail.set_env("DD_SITE", "datadoghq.eu");
488-
let config = get_config(Path::new(""), MOCK_REGION).expect("should parse config");
466+
let config = get_config(Path::new("")).expect("should parse config");
489467
assert_eq!(config.site, "datadoghq.eu");
490468
Ok(())
491469
});
@@ -496,7 +474,7 @@ pub mod tests {
496474
figment::Jail::expect_with(|jail| {
497475
jail.clear_env();
498476
jail.set_env("DD_LOG_LEVEL", "TRACE");
499-
let config = get_config(Path::new(""), MOCK_REGION).expect("should parse config");
477+
let config = get_config(Path::new("")).expect("should parse config");
500478
assert_eq!(config.log_level, LogLevel::Trace);
501479
Ok(())
502480
});
@@ -506,7 +484,7 @@ pub mod tests {
506484
fn test_parse_default() {
507485
figment::Jail::expect_with(|jail| {
508486
jail.clear_env();
509-
let config = get_config(Path::new(""), MOCK_REGION).expect("should parse config");
487+
let config = get_config(Path::new("")).expect("should parse config");
510488
assert_eq!(
511489
config,
512490
EnvConfig {
@@ -530,7 +508,7 @@ pub mod tests {
530508
figment::Jail::expect_with(|jail| {
531509
jail.clear_env();
532510
jail.set_env("DD_PROXY_HTTPS", "my-proxy:3128");
533-
let config = get_config(Path::new(""), MOCK_REGION).expect("should parse config");
511+
let config = get_config(Path::new("")).expect("should parse config");
534512
assert_eq!(config.https_proxy, Some("my-proxy:3128".to_string()));
535513
Ok(())
536514
});
@@ -546,7 +524,7 @@ pub mod tests {
546524
"NO_PROXY",
547525
"127.0.0.1,localhost,172.16.0.0/12,us-east-1.amazonaws.com,datadoghq.eu",
548526
);
549-
let config = get_config(Path::new(""), MOCK_REGION).expect("should parse noproxy");
527+
let config = get_config(Path::new("")).expect("should parse noproxy");
550528
assert_eq!(config.https_proxy, None);
551529
Ok(())
552530
});
@@ -564,8 +542,7 @@ pub mod tests {
564542
",
565543
)?;
566544

567-
let config =
568-
get_config(Path::new(""), MOCK_REGION).expect("should parse weird proxy config");
545+
let config = get_config(Path::new("")).expect("should parse weird proxy config");
569546
assert_eq!(config.https_proxy, Some("my-proxy:3128".to_string()));
570547
Ok(())
571548
});
@@ -585,8 +562,7 @@ pub mod tests {
585562
",
586563
)?;
587564

588-
let config =
589-
get_config(Path::new(""), MOCK_REGION).expect("should parse weird proxy config");
565+
let config = get_config(Path::new("")).expect("should parse weird proxy config");
590566
assert_eq!(config.https_proxy, None);
591567
// Assertion to ensure config.site runs before proxy
592568
// because we chenck that noproxy contains the site
@@ -600,7 +576,7 @@ pub mod tests {
600576
figment::Jail::expect_with(|jail| {
601577
jail.clear_env();
602578
jail.set_env("DD_SERVERLESS_FLUSH_STRATEGY", "end");
603-
let config = get_config(Path::new(""), MOCK_REGION).expect("should parse config");
579+
let config = get_config(Path::new("")).expect("should parse config");
604580
assert_eq!(config.serverless_flush_strategy, FlushStrategy::End);
605581
Ok(())
606582
});
@@ -611,7 +587,7 @@ pub mod tests {
611587
figment::Jail::expect_with(|jail| {
612588
jail.clear_env();
613589
jail.set_env("DD_SERVERLESS_FLUSH_STRATEGY", "periodically,100000");
614-
let config = get_config(Path::new(""), MOCK_REGION).expect("should parse config");
590+
let config = get_config(Path::new("")).expect("should parse config");
615591
assert_eq!(
616592
config.serverless_flush_strategy,
617593
FlushStrategy::Periodically(PeriodicStrategy { interval: 100_000 })
@@ -625,7 +601,7 @@ pub mod tests {
625601
figment::Jail::expect_with(|jail| {
626602
jail.clear_env();
627603
jail.set_env("DD_SERVERLESS_FLUSH_STRATEGY", "invalid_strategy");
628-
let config = get_config(Path::new(""), MOCK_REGION).expect("should parse config");
604+
let config = get_config(Path::new("")).expect("should parse config");
629605
assert_eq!(config.serverless_flush_strategy, FlushStrategy::Default);
630606
Ok(())
631607
});
@@ -639,7 +615,7 @@ pub mod tests {
639615
"DD_SERVERLESS_FLUSH_STRATEGY",
640616
"periodically,invalid_interval",
641617
);
642-
let config = get_config(Path::new(""), MOCK_REGION).expect("should parse config");
618+
let config = get_config(Path::new("")).expect("should parse config");
643619
assert_eq!(config.serverless_flush_strategy, FlushStrategy::Default);
644620
Ok(())
645621
});
@@ -652,7 +628,7 @@ pub mod tests {
652628
jail.set_env("DD_VERSION", "123");
653629
jail.set_env("DD_ENV", "123456890");
654630
jail.set_env("DD_SERVICE", "123456");
655-
let config = get_config(Path::new(""), MOCK_REGION).expect("should parse config");
631+
let config = get_config(Path::new("")).expect("should parse config");
656632
assert_eq!(config.version.expect("failed to parse DD_VERSION"), "123");
657633
assert_eq!(config.env.expect("failed to parse DD_ENV"), "123456890");
658634
assert_eq!(
@@ -682,7 +658,7 @@ pub mod tests {
682658
pattern: exclude-me-yaml
683659
",
684660
)?;
685-
let config = get_config(Path::new(""), MOCK_REGION).expect("should parse config");
661+
let config = get_config(Path::new("")).expect("should parse config");
686662
assert_eq!(
687663
config.logs_config_processing_rules,
688664
Some(vec![ProcessingRule {
@@ -711,7 +687,7 @@ pub mod tests {
711687
pattern: exclude
712688
",
713689
)?;
714-
let config = get_config(Path::new(""), MOCK_REGION).expect("should parse config");
690+
let config = get_config(Path::new("")).expect("should parse config");
715691
assert_eq!(
716692
config.logs_config_processing_rules,
717693
Some(vec![ProcessingRule {
@@ -740,7 +716,7 @@ pub mod tests {
740716
repl: 'REDACTED'
741717
",
742718
)?;
743-
let config = get_config(Path::new(""), MOCK_REGION).expect("should parse config");
719+
let config = get_config(Path::new("")).expect("should parse config");
744720
let rule = parse_rules_from_string(
745721
r#"[
746722
{"name": "*", "pattern": "foo", "repl": "REDACTED"}
@@ -771,7 +747,7 @@ pub mod tests {
771747
repl: 'REDACTED-YAML'
772748
",
773749
)?;
774-
let config = get_config(Path::new(""), MOCK_REGION).expect("should parse config");
750+
let config = get_config(Path::new("")).expect("should parse config");
775751
let rule = parse_rules_from_string(
776752
r#"[
777753
{"name": "*", "pattern": "foo", "repl": "REDACTED-ENV"}
@@ -798,7 +774,7 @@ pub mod tests {
798774
remove_paths_with_digits: true
799775
",
800776
)?;
801-
let config = get_config(Path::new(""), MOCK_REGION).expect("should parse config");
777+
let config = get_config(Path::new("")).expect("should parse config");
802778
assert!(config.apm_config_obfuscation_http_remove_query_string,);
803779
assert!(config.apm_config_obfuscation_http_remove_paths_with_digits,);
804780
Ok(())
@@ -813,7 +789,7 @@ pub mod tests {
813789
"datadog,tracecontext,b3,b3multi",
814790
);
815791
jail.set_env("DD_EXTENSION_VERSION", "next");
816-
let config = get_config(Path::new(""), MOCK_REGION).expect("should parse config");
792+
let config = get_config(Path::new("")).expect("should parse config");
817793

818794
let expected_styles = vec![
819795
TracePropagationStyle::Datadog,
@@ -832,7 +808,7 @@ pub mod tests {
832808
figment::Jail::expect_with(|jail| {
833809
jail.clear_env();
834810
jail.set_env("DD_TRACE_PROPAGATION_STYLE_EXTRACT", "datadog");
835-
let config = get_config(Path::new(""), MOCK_REGION).expect("should parse config");
811+
let config = get_config(Path::new("")).expect("should parse config");
836812

837813
assert_eq!(
838814
config.trace_propagation_style,
@@ -857,7 +833,7 @@ pub mod tests {
857833
"DD_APM_REPLACE_TAGS",
858834
r#"[{"name":"resource.name","pattern":"(.*)/(foo[:%].+)","repl":"$1/{foo}"}]"#,
859835
);
860-
let config = get_config(Path::new(""), MOCK_REGION);
836+
let config = get_config(Path::new(""));
861837
assert!(config.is_ok());
862838
Ok(())
863839
});
@@ -871,7 +847,7 @@ pub mod tests {
871847
jail.set_env("DD_ENHANCED_METRICS", "1");
872848
jail.set_env("DD_LOGS_CONFIG_USE_COMPRESSION", "TRUE");
873849
jail.set_env("DD_CAPTURE_LAMBDA_PAYLOAD", "0");
874-
let config = get_config(Path::new(""), MOCK_REGION).expect("should parse config");
850+
let config = get_config(Path::new("")).expect("should parse config");
875851
assert_eq!(config.serverless_logs_enabled, true);
876852
assert_eq!(config.enhanced_metrics, true);
877853
assert_eq!(config.logs_config_use_compression, true);

0 commit comments

Comments
 (0)