Skip to content

feat: Add a param isFIPSEnabled #598

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 4 commits into
base: yiming.luo/fips
Choose a base branch
from
Open

feat: Add a param isFIPSEnabled #598

wants to merge 4 commits into from
+126 −1

Conversation

lym953
Copy link
Contributor

@lym953 lym953 commented May 21, 2025
edited
Loading

What does this PR do?

Add a param isFIPSEnabled. If set, the extension layer used will be like:

arn:aws-us-gov:lambda:us-gov-west-1:002406178527:layer:Datadog-Extension-FIPS:78

instead of

arn:aws-us-gov:lambda:us-gov-west-1:002406178527:layer:Datadog-Extension:78

Motivation

Needed for FIPS support.

Testing Guidelines

Passed the added tests.

Additional Notes

Types of changes

  • Bug fix
  • New feature
  • Breaking change
  • Misc (docs, refactoring, dependency upgrade, etc.)

Check all that apply

  • This PR's description is comprehensive
  • This PR contains breaking changes that are documented in the description
  • This PR introduces new APIs or parameters that are documented and unlikely to change in the foreseeable future
  • This PR impacts documentation, and it has been updated (or a ticket has been logged)
  • This PR's changes are covered by the automated tests
  • This PR collects user input/sensitive content into Datadog

@lym953 lym953 requested review from a team as code owners May 21, 2025 21:09
@lym953 lym953 requested a review from clifordshelton May 21, 2025 21:09
buraizu
buraizu reviewed May 21, 2025
View reviewed changes
Copy link
Contributor

@buraizu buraizu left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Requesting some updates to the description

buraizu
buraizu reviewed May 21, 2025
View reviewed changes
README.md Outdated
@@ -66,6 +66,7 @@ To further configure your plugin, use the following custom parameters in your `s
| `enableStepFunctionsTracing` | Enable automatic subscription of the Datadog Forwarder to Step Function log groups and Step Functions tracing. If no Step Function log groups are configured, then they are automatically created. Requires setting `forwarderArn`. Defaults to `false`. |
| `propagateUpstreamTrace` | When set to `true`, downstream Stepfunction invocation traces merge with upstream Stepfunction invocations. Defaults to `false`. |
| `redirectHandlers` | Optionally disable handler redirection if set to `false`. This should only be set to `false` when APM is fully disabled. Defaults to `true`. |
| `enableFIPS` | When set to `true`, a FIPS-compliant lambda extension layer will be used. Only works if `addExtension` is `true` and `site` is `ddog-gov.com`. Defaults to `false`. |
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
| `enableFIPS` | When set to `true`, a FIPS-compliant lambda extension layer will be used. Only works if `addExtension` is `true` and `site` is `ddog-gov.com`. Defaults to `false`. |
| `enableFIPS` | When set to `true`, a FIPS-compliant Lambda extension layer is used. This only works if `addExtension` is `true`, and `site` is `ddog-gov.com`. Defaults to `false`. |

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Addressed!

@lym953 lym953 requested a review from buraizu May 27, 2025 14:29
datadog-datadog-prod-us1[bot]
datadog-datadog-prod-us1 bot reviewed May 27, 2025
View reviewed changes
src/env.ts Outdated

// When set to `true`, a FIPS-compliant lambda extension layer will be used.
// Only works if `addExtension` is `true` and `site` is `ddog-gov.com`.
enableFIPS?: boolean;
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Code Quality Violation

Prop name (enableFIPS) doesn't match rule (is|has) (...read more)

Enforces a consistent naming pattern for boolean props.

The pattern is: "^(is|has)[A-Z]([A-Za-z0-9]?)+" to enforce is and has prefixes.

View in Datadog  Leave us feedback  Documentation

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

➕ Boolean params should follow the patter of starting with is or has. So this should be isFipsEnabled or isFIPSEnabled

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

enableFIPS follows the naming of other parameters including enableXrayTracing, enableDDTracing, enableASM, enableDDLogs, enableSourceCodeIntegration, enableColdStartTracing, enableProfiling, enableStepFunctionsTracing. Do you think we should break this pattern?

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Yes, we should slowly move to the new pattern. This is a pattern that Datadog is starting to enforce across the company. We don't want to add more to Code Quality Violation

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Renamed

clifordshelton
clifordshelton reviewed May 28, 2025
View reviewed changes
README.md Outdated
@@ -66,6 +66,7 @@ To further configure your plugin, use the following custom parameters in your `s
| `enableStepFunctionsTracing` | Enable automatic subscription of the Datadog Forwarder to Step Function log groups and Step Functions tracing. If no Step Function log groups are configured, then they are automatically created. Requires setting `forwarderArn`. Defaults to `false`. |
| `propagateUpstreamTrace` | When set to `true`, downstream Stepfunction invocation traces merge with upstream Stepfunction invocations. Defaults to `false`. |
| `redirectHandlers` | Optionally disable handler redirection if set to `false`. This should only be set to `false` when APM is fully disabled. Defaults to `true`. |
| `enableFIPS` | When set to `true`, a FIPS-compliant Lambda extension layer is used. This only works if `addExtension` is `true`, and `site` is `ddog-gov.com`. Defaults to `false`. |
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

We should default this prop to true when we see that site is ddog-gov.com.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Addressed

@lym953 lym953 requested a review from clifordshelton May 29, 2025 18:07
@lym953 lym953 changed the title feat: Add a param enableFIPS feat: Add a param isFIPSEnabled May 29, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@datadog-datadog-prod-us1 datadog-datadog-prod-us1[bot] datadog-datadog-prod-us1[bot] left review comments

@buraizu buraizu buraizu approved these changes

@clifordshelton clifordshelton Awaiting requested review from clifordshelton

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@lym953 @clifordshelton @buraizu