-
Notifications
You must be signed in to change notification settings - Fork 1.2k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
SLS-3042: Respect DD_PROXY_HTTP/DD_PROXY_HTTPS for secrets manager and KMS clients #15574
Conversation
sess, err := session.NewSession(aws.NewConfig().WithHTTPClient(&http.Client{ | ||
Transport: datadogHttp.CreateHTTPTransport(), | ||
})) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Difficult to add tests, and CreateHTTPTransport
is already tested so I believe it would be redundant.
sess, err := session.NewSession(aws.NewConfig().WithHTTPClient(&http.Client{ | ||
Transport: datadogHttp.CreateHTTPTransport(), | ||
})) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Difficult to add tests, and CreateHTTPTransport
is already tested so I believe it would be redundant.
33ab2e2
to
f9380c6
Compare
@@ -183,14 +185,13 @@ func runAgent(stopCh chan struct{}) (serverlessDaemon *daemon.Daemon, err error) | |||
// execution to be stopped. TODO(remy): discuss with AWS if there is way | |||
// of reporting non-critical init errors. | |||
// serverless.ReportInitError(serverlessID, serverless.FatalNoAPIKey) | |||
log.Error("No API key configured, exiting") | |||
log.Error("No API key configured") |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I figured this makes more sense, as we never actually exit
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
maybe we should exit(1)
as there is no point of wasting cpu/memory?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
we need to keep the extension running or else a process exit will cause the customer's function to crash. We could in theory refactor to accomplish this but I think we can probably worry about this later
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
🚀
What does this PR do?
This PR makes the secrets manager and KMS decrypt functions in Serverless respect using DD_PROXY_HTTP(S) values. If those are set, it'll try to retrieve the secrets / the key via the proxy instead of a bare connection.
Motivation
Additional Notes
Possible Drawbacks / Trade-offs
Describe how to test/QA your changes
Reviewer's Checklist
Triage
milestone is set.major_change
label if your change either has a major impact on the code base, is impacting multiple teams or is changing important well-established internals of the Agent. This label will be use during QA to make sure each team pay extra attention to the changed behavior. For any customer facing change use a releasenote.changelog/no-changelog
label has been applied.qa/skip-qa
label is not applied.team/..
label has been applied, indicating the team(s) that should QA this change.need-change/operator
andneed-change/helm
labels have been applied.k8s/<min-version>
label, indicating the lowest Kubernetes version compatible with this feature.