diff --git a/bottlecap/src/bin/bottlecap/main.rs b/bottlecap/src/bin/bottlecap/main.rs index 6b4df2851..2956d1233 100644 --- a/bottlecap/src/bin/bottlecap/main.rs +++ b/bottlecap/src/bin/bottlecap/main.rs @@ -211,7 +211,7 @@ fn load_configs() -> (AwsConfig, Arc) { sandbox_init_time: Instant::now(), }; let lambda_directory = env::var("LAMBDA_TASK_ROOT").unwrap_or_else(|_| "/var/task".to_string()); - let config = match config::get_config(Path::new(&lambda_directory)) { + let config = match config::get_config(Path::new(&lambda_directory), &aws_config.region) { Ok(config) => Arc::new(config), Err(_e) => { let err = Command::new("/opt/datadog-agent-go").exec(); diff --git a/bottlecap/src/config/mod.rs b/bottlecap/src/config/mod.rs index e46f059d7..c387d8d4a 100644 --- a/bottlecap/src/config/mod.rs +++ b/bottlecap/src/config/mod.rs @@ -166,7 +166,7 @@ fn log_fallback_reason(reason: &str) { println!("{{\"DD_EXTENSION_FALLBACK_REASON\":\"{reason}\"}}"); } -fn fallback(figment: &Figment, yaml_figment: &Figment) -> Result<(), ConfigError> { +fn fallback(figment: &Figment, yaml_figment: &Figment, region: &str) -> Result<(), ConfigError> { let (config, yaml_config): (FallbackConfig, FallbackYamlConfig) = match (figment.extract(), yaml_figment.extract()) { (Ok(env_config), Ok(yaml_config)) => (env_config, yaml_config), @@ -232,11 +232,17 @@ fn fallback(figment: &Figment, yaml_figment: &Figment) -> Result<(), ConfigError return Err(ConfigError::UnsupportedField("intake_urls".to_string())); } + // Govcloud Regions + if region.starts_with("us-gov-") { + log_fallback_reason("gov_region"); + return Err(ConfigError::UnsupportedField("gov_region".to_string())); + } + Ok(()) } #[allow(clippy::module_name_repetitions)] -pub fn get_config(config_directory: &Path) -> Result { +pub fn get_config(config_directory: &Path, region: &str) -> Result { let path = config_directory.join("datadog.yaml"); // Get default config fields (and ENV specific ones) @@ -249,7 +255,7 @@ pub fn get_config(config_directory: &Path) -> Result { // Get YAML nested fields let yaml_figment = Figment::from(Yaml::file(&path)); - fallback(&figment, &yaml_figment)?; + fallback(&figment, &yaml_figment, region)?; let (mut config, yaml_config): (Config, YamlConfig) = match (figment.extract(), yaml_figment.extract()) { @@ -354,12 +360,15 @@ pub mod tests { use crate::config::flush_strategy::PeriodicStrategy; use crate::config::processing_rule; + const MOCK_REGION: &str = "us-east-1"; + #[test] fn test_reject_on_opted_out() { figment::Jail::expect_with(|jail| { jail.clear_env(); jail.set_env("DD_EXTENSION_VERSION", "compatibility"); - let config = get_config(Path::new("")).expect_err("should reject unknown fields"); + let config = + get_config(Path::new(""), MOCK_REGION).expect_err("should reject unknown fields"); assert_eq!( config, ConfigError::UnsupportedField("extension_version".to_string()) @@ -367,6 +376,16 @@ pub mod tests { Ok(()) }); } + #[test] + fn test_reject_on_gov_region() { + let mock_gov_region = "us-gov-east-1"; + let config = + get_config(Path::new(""), mock_gov_region).expect_err("should reject unknown fields"); + assert_eq!( + config, + ConfigError::UnsupportedField("gov_region".to_string()) + ); + } #[test] fn test_fallback_on_otel() { @@ -377,7 +396,8 @@ pub mod tests { "localhost:4138", ); - let config = get_config(Path::new("")).expect_err("should reject unknown fields"); + let config = + get_config(Path::new(""), MOCK_REGION).expect_err("should reject unknown fields"); assert_eq!(config, ConfigError::UnsupportedField("otel".to_string())); Ok(()) }); @@ -398,7 +418,8 @@ pub mod tests { ", )?; - let config = get_config(Path::new("")).expect_err("should reject unknown fields"); + let config = + get_config(Path::new(""), MOCK_REGION).expect_err("should reject unknown fields"); assert_eq!(config, ConfigError::UnsupportedField("otel".to_string())); Ok(()) }); @@ -418,7 +439,8 @@ pub mod tests { ", )?; - let config = get_config(Path::new("")).expect_err("should reject unknown fields"); + let config = + get_config(Path::new(""), MOCK_REGION).expect_err("should reject unknown fields"); assert_eq!(config, ConfigError::UnsupportedField("otel".to_string())); Ok(()) }); @@ -430,7 +452,8 @@ pub mod tests { jail.clear_env(); jail.set_env("DD_APM_DD_URL", "some_url"); - let config = get_config(Path::new("")).expect_err("should reject unknown fields"); + let config = + get_config(Path::new(""), MOCK_REGION).expect_err("should reject unknown fields"); assert_eq!( config, ConfigError::UnsupportedField("intake_urls".to_string()) @@ -451,7 +474,8 @@ pub mod tests { ", )?; - let config = get_config(Path::new("")).expect_err("should reject unknown fields"); + let config = + get_config(Path::new(""), MOCK_REGION).expect_err("should reject unknown fields"); assert_eq!( config, ConfigError::UnsupportedField("intake_urls".to_string()) @@ -466,7 +490,8 @@ pub mod tests { jail.clear_env(); jail.set_env("DD_SERVERLESS_APPSEC_ENABLED", "true"); - let config = get_config(Path::new("")).expect_err("should reject unknown fields"); + let config = + get_config(Path::new(""), MOCK_REGION).expect_err("should reject unknown fields"); assert_eq!( config, ConfigError::UnsupportedField("appsec_enabled".to_string()) @@ -486,7 +511,7 @@ pub mod tests { ", )?; jail.set_env("DD_SITE", "datad0g.com"); - let config = get_config(Path::new("")).expect("should parse config"); + let config = get_config(Path::new(""), MOCK_REGION).expect("should parse config"); assert_eq!(config.site, "datad0g.com"); Ok(()) }); @@ -501,7 +526,7 @@ pub mod tests { r" ", )?; - let config = get_config(Path::new("")).expect("should parse config"); + let config = get_config(Path::new(""), MOCK_REGION).expect("should parse config"); assert_eq!(config.site, "datadoghq.com"); Ok(()) }); @@ -512,7 +537,7 @@ pub mod tests { figment::Jail::expect_with(|jail| { jail.clear_env(); jail.set_env("DD_SITE", "datadoghq.eu"); - let config = get_config(Path::new("")).expect("should parse config"); + let config = get_config(Path::new(""), MOCK_REGION).expect("should parse config"); assert_eq!(config.site, "datadoghq.eu"); Ok(()) }); @@ -523,7 +548,7 @@ pub mod tests { figment::Jail::expect_with(|jail| { jail.clear_env(); jail.set_env("DD_LOG_LEVEL", "TRACE"); - let config = get_config(Path::new("")).expect("should parse config"); + let config = get_config(Path::new(""), MOCK_REGION).expect("should parse config"); assert_eq!(config.log_level, LogLevel::Trace); Ok(()) }); @@ -533,7 +558,7 @@ pub mod tests { fn test_parse_default() { figment::Jail::expect_with(|jail| { jail.clear_env(); - let config = get_config(Path::new("")).expect("should parse config"); + let config = get_config(Path::new(""), MOCK_REGION).expect("should parse config"); assert_eq!( config, Config { @@ -554,7 +579,7 @@ pub mod tests { figment::Jail::expect_with(|jail| { jail.clear_env(); jail.set_env("DD_PROXY_HTTPS", "my-proxy:3128"); - let config = get_config(Path::new("")).expect("should parse config"); + let config = get_config(Path::new(""), MOCK_REGION).expect("should parse config"); assert_eq!(config.https_proxy, Some("my-proxy:3128".to_string())); Ok(()) }); @@ -570,7 +595,7 @@ pub mod tests { "NO_PROXY", "127.0.0.1,localhost,172.16.0.0/12,us-east-1.amazonaws.com,datadoghq.eu", ); - let config = get_config(Path::new("")).expect("should parse noproxy"); + let config = get_config(Path::new(""), MOCK_REGION).expect("should parse noproxy"); assert_eq!(config.https_proxy, None); Ok(()) }); @@ -588,7 +613,8 @@ pub mod tests { ", )?; - let config = get_config(Path::new("")).expect("should parse weird proxy config"); + let config = + get_config(Path::new(""), MOCK_REGION).expect("should parse weird proxy config"); assert_eq!(config.https_proxy, Some("my-proxy:3128".to_string())); Ok(()) }); @@ -608,7 +634,8 @@ pub mod tests { ", )?; - let config = get_config(Path::new("")).expect("should parse weird proxy config"); + let config = + get_config(Path::new(""), MOCK_REGION).expect("should parse weird proxy config"); assert_eq!(config.https_proxy, None); // Assertion to ensure config.site runs before proxy // because we chenck that noproxy contains the site @@ -622,7 +649,7 @@ pub mod tests { figment::Jail::expect_with(|jail| { jail.clear_env(); jail.set_env("DD_SERVERLESS_FLUSH_STRATEGY", "end"); - let config = get_config(Path::new("")).expect("should parse config"); + let config = get_config(Path::new(""), MOCK_REGION).expect("should parse config"); assert_eq!(config.serverless_flush_strategy, FlushStrategy::End); Ok(()) }); @@ -633,7 +660,7 @@ pub mod tests { figment::Jail::expect_with(|jail| { jail.clear_env(); jail.set_env("DD_SERVERLESS_FLUSH_STRATEGY", "periodically,100000"); - let config = get_config(Path::new("")).expect("should parse config"); + let config = get_config(Path::new(""), MOCK_REGION).expect("should parse config"); assert_eq!( config.serverless_flush_strategy, FlushStrategy::Periodically(PeriodicStrategy { interval: 100_000 }) @@ -647,7 +674,7 @@ pub mod tests { figment::Jail::expect_with(|jail| { jail.clear_env(); jail.set_env("DD_SERVERLESS_FLUSH_STRATEGY", "invalid_strategy"); - let config = get_config(Path::new("")).expect("should parse config"); + let config = get_config(Path::new(""), MOCK_REGION).expect("should parse config"); assert_eq!(config.serverless_flush_strategy, FlushStrategy::Default); Ok(()) }); @@ -661,7 +688,7 @@ pub mod tests { "DD_SERVERLESS_FLUSH_STRATEGY", "periodically,invalid_interval", ); - let config = get_config(Path::new("")).expect("should parse config"); + let config = get_config(Path::new(""), MOCK_REGION).expect("should parse config"); assert_eq!(config.serverless_flush_strategy, FlushStrategy::Default); Ok(()) }); @@ -672,7 +699,7 @@ pub mod tests { figment::Jail::expect_with(|jail| { jail.clear_env(); jail.set_env("DD_VERSION", "123"); - let config = get_config(Path::new("")).expect("should parse config"); + let config = get_config(Path::new(""), MOCK_REGION).expect("should parse config"); assert_eq!(config.version.expect("failed to parse DD_VERSION"), "123"); Ok(()) }); @@ -697,7 +724,7 @@ pub mod tests { pattern: exclude-me-yaml ", )?; - let config = get_config(Path::new("")).expect("should parse config"); + let config = get_config(Path::new(""), MOCK_REGION).expect("should parse config"); assert_eq!( config.logs_config_processing_rules, Some(vec![ProcessingRule { @@ -726,7 +753,7 @@ pub mod tests { pattern: exclude ", )?; - let config = get_config(Path::new("")).expect("should parse config"); + let config = get_config(Path::new(""), MOCK_REGION).expect("should parse config"); assert_eq!( config.logs_config_processing_rules, Some(vec![ProcessingRule { @@ -749,7 +776,7 @@ pub mod tests { "datadog,tracecontext,b3,b3multi", ); jail.set_env("DD_EXTENSION_VERSION", "next"); - let config = get_config(Path::new("")).expect("should parse config"); + let config = get_config(Path::new(""), MOCK_REGION).expect("should parse config"); let expected_styles = vec![ TracePropagationStyle::Datadog, @@ -768,7 +795,7 @@ pub mod tests { figment::Jail::expect_with(|jail| { jail.clear_env(); jail.set_env("DD_TRACE_PROPAGATION_STYLE_EXTRACT", "datadog"); - let config = get_config(Path::new("")).expect("should parse config"); + let config = get_config(Path::new(""), MOCK_REGION).expect("should parse config"); assert_eq!( config.trace_propagation_style, @@ -793,7 +820,7 @@ pub mod tests { "DD_APM_REPLACE_TAGS", r#"[{"name":"resource.name","pattern":"(.*)/(foo[:%].+)","repl":"$1/{foo}"}]"#, ); - let config = get_config(Path::new("")); + let config = get_config(Path::new(""), MOCK_REGION); assert!(config.is_ok()); Ok(()) });