Skip to content

feat: DD_LAMBDA_FIPS_MODE handling for metrics #199

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 2 commits into from
May 12, 2025
Merged

feat: DD_LAMBDA_FIPS_MODE handling for metrics #199

merged 2 commits into from
May 12, 2025

Conversation

apiarian-datadog
Copy link
Contributor

What does this PR do?

Correctly handles the DD_LAMBDA_FIPS_MODE control, same as we do in the python and js layers.

We no longer support direct Datadog API metric submission when DD_LAMBDA_FIPS_MODE is enabled. This setting is enabled by default in govcloud. Various mechanisms are provided to override this configuration value.

Please note that we did not previously actually send metrics with timestamps to the extension. Metrics with timestamps get turned into metrics with timestamp=now. This is still the behavior after this change.

Testing Guidelines

Added some unit tests. Will also deploy to self-monitoring.

Types of changes

  • Bug fix
  • New feature
  • Breaking change
  • Misc (docs, refactoring, dependency upgrade, etc.)

Checklist

  • This PR's description is comprehensive
  • This PR contains breaking changes that are documented in the description
  • This PR introduces new APIs or parameters that are documented and unlikely to change in the foreseeable future
  • This PR impacts documentation, and it has been updated (or a ticket has been logged)
  • This PR's changes are covered by the automated tests
  • This PR collects user input/sensitive content into Datadog

@apiarian-datadog apiarian-datadog requested a review from a team as a code owner May 9, 2025 19:51
@apiarian-datadog apiarian-datadog force-pushed the aleksandr.pasechnik/svls-6240-fipsish-metrics branch from a345715 to cf8b847 Compare May 9, 2025 19:55
joeyzhao2018
joeyzhao2018 approved these changes May 10, 2025
View reviewed changes
Copy link
Contributor

@joeyzhao2018 joeyzhao2018 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM. A nitpick for probably non-existing cases...

@apiarian-datadog
Copy link
Contributor Author

Tested this by running it in our self-monitoring system. We are correctly pick picking up the configuration and defaults.

@datadog-datadog-prod-us1
Copy link

Datadog Summary

✅ Code Quality    ✅ Code Security    ❌ Dependencies

Next Steps

Fix these dependency issues introduced by this PR:

Critical: stdlib 1.21

Unexpected behavior from Is methods for IPv4-mapped IPv6 addresses in net/netip

Critical: stdlib 1.23.0

Request smuggling due to acceptance of invalid chunked data in net/http

🟠 Medium: golang.org/x/net 0.23.0

golang.org/x/net vulnerable to Cross-site Scripting

🟠 Medium: golang.org/x/net 0.33.0

golang.org/x/net vulnerable to Cross-site Scripting

Was this helpful? Give us feedback!

@apiarian-datadog apiarian-datadog merged commit 58d230d into main May 12, 2025
8 checks passed
@apiarian-datadog apiarian-datadog deleted the aleksandr.pasechnik/svls-6240-fipsish-metrics branch May 12, 2025 19:25
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@joeyzhao2018 joeyzhao2018 joeyzhao2018 approved these changes

@hghotra hghotra hghotra approved these changes

@duncanista duncanista duncanista approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@apiarian-datadog @joeyzhao2018 @hghotra @duncanista